kevin/dotfiles
1
0
Fork 0
mirror of https://github.com/Unkn0wnCat/dotfiles.git synced 2025-06-07 02:31:37 +02:00
Code Issues Projects Releases Wiki Activity

Add password as secret

Browse source
This commit is contained in:
Kevin Kandlbinder 2023-02-27 14:16:18 +00:00
parent dabdd3a7c2
commit b7685fe749
3 changed files with 44 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
nixos/.sops.yaml
View file

@ -7,3 +7,8 @@ creation_rules:
- age: - age:
- *admin_kevin - *admin_kevin
- *target_kevin-tp - *target_kevin-tp
- path_regex: shared/secrets/[^/]+\.yaml$
key_groups:
- age:
- *admin_kevin
- *target_kevin-tp

9
nixos/modules/users.nix
View file

@ -1,10 +1,19 @@
{ {
imports = [ ./ssh.nix ]; imports = [ ./ssh.nix ];
sops.secrets.password_kevin = {
neededForUsers = true;
sopsFile = ../shared/secrets/passwords.yaml;
};
users.mutableUsers = false;
users.users.kevin = { users.users.kevin = {
isNormalUser = true; isNormalUser = true;
description = "Kevin Kandlbinder"; description = "Kevin Kandlbinder";
extraGroups = [ "wheel" "docker" "dialout" "networkmanager" "floppy" "audio" "lp" "cdrom" "tape" "video" "render" ]; extraGroups = [ "wheel" "docker" "dialout" "networkmanager" "floppy" "audio" "lp" "cdrom" "tape" "video" "render" ];
passwordFile = config.sops.secrets.password-kevin.path;
}; };
kevin.ssh.authorized.kevin.users = ["kevin" "root"]; kevin.ssh.authorized.kevin.users = ["kevin" "root"];

30
nixos/shared/secrets/passwords.yaml Normal file
View file

@ -0,0 +1,30 @@
password_kevin: ENC[AES256_GCM,data:I1v/s/sCqEDdh2tivcxJouWw1X0aXmVVbk5/3cEaJZ1HlOnKhe4mFJgMq4a1foBI6hHhAudjnuwJJwdNFjLnyYb/TOzoTtyXjLKNC3A4kgU+Nl1fDg1B3zFuR4YjcIo5/GV1LuCzJrbZPA==,iv:PcZJOuAY0drEZZSfNca8g4h29PSPAdO91DbxPLHdOek=,tag:QGoO4GqIxADHQsGShvEvdQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Y2FJS2JOUU42ek8wQThu
VWtHRWNMcXB0dFpmTFJ2b1NiTjdkU3l3OHhVCm5hR1VHQURndEJGT1BiTUZFM1hH
dGdIcnV5L3pPOHhnZzFmZVM3OGp2dFEKLS0tIEM4L0x1aGxOV2dpUTdCYlFCOWhi
MExVTG12bFNXRHdXVThJZ1V2YlIrUlkKrhokMJmFimyuzg1vi/fiiP8XjtKGtxf8
5Usgxglk4o0ElsDryOfFdLJ6YJY78I3dyHzuXWhjbs8toTks/sGSkQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKb2JBc2RRV3Fwa3RJb3Mx
WTlob3plakJBWEJGamNYYUpiclRmd2JySkdnCm9kNGZMQm53cSttNUhhV2xRenJR
OGV5RFV4M25MV0lPQ3BrTmxtQVVlV2MKLS0tIGFDelg2T2JCME9VS2lkYVE1d1lX
d3FDUFBaLzB4OWRQZkdTaFhJZUZiMGMK1CikqlTxoc2H6nXdWZJUhAy54S8I7yiw
8CzEU3K4s01Hnoj3vhQtXtxIqd2kIqilLlo6QVdb9cbFeMTsUOMqaw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-27T14:15:06Z"
mac: ENC[AES256_GCM,data:ROjkbNrmEn0Hj6KeDW2S8gZ47FherNpy7Lta493QWonfAvFEPdY2nJOa3sVs3maTVzDzmFGqJCLGAO/iyeQqjcdCWtQ/lDqz0MZkzXPLViCRzJrDqp3qBk8pflm8drfsVD+mdYDQ5Alg8ffg/S1F+o+jyKzd94no6pI/m6DJNOI=,iv:9XEMpQ4eO70C1CHrqzbmS8CJvRZtG1WEVd3gfv6DKT0=,tag:ewOuZv/EYXdr2iTaFx8Mag==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3