feat: change passwords and hide new hashes

2025-10-11 07:10:39 +02:00 · 2023-05-22 23:53:45 +02:00 · 2023-05-22 23:53:45 +02:00 · f65b217a92
commit f65b217a92
parent aaa1d88d46
5 changed files with 13 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -12,6 +12,7 @@ This is my personal nix config.
    - `hardware/` configuration for various hardware components
    - `<something>.nix` commonly required configuration for `<something>`
  - `<hostname>/` configuration for `<hostname>`
    - `[microvms/]` configuration for microvms. This is optional even for existing microvms, since they can also be defined in-place.
    - `secrets/` Local secrets for this host. Still theoretically accessible by other hosts, but owned by this one.
      - `local.nix.age` Repository-wide local secrets. Decrypted on import via `builtins.extraBuiltins.rageImportEncrypted`.
      - `[host.pub]` This host's public key. Used for agenix rekeying if it exists.
@ -102,10 +103,10 @@ all commands using these extra parameters, or permanently add the following the
 2. Run all commands with `--option plugin-files "$NIX_PLUGINS"/lib/nix/plugins --option extra-builtins-file ./nix/extra-builtins.nix`
   or permantently
-	```ini
+  ```ini
-	plugin-files = <copy path from $NIX_PLUGINS>/lib/nix/plugins
+  plugin-files = <copy path from $NIX_PLUGINS>/lib/nix/plugins
-	extra-builtins-file = /path/to/nix-config/nix/extra-builtins.nix
+  extra-builtins-file = /path/to/nix-config/nix/extra-builtins.nix
-	```
+  ```
 ## Misc
--- a/hosts/common/core/issue.nix
+++ b/hosts/common/core/issue.nix
@ -1,4 +1,5 @@
 let
  # IP addresses: ${"${interface} \e{halfbright}\4{${interface}}\e{reset} \e{halfbright}\6{${interface}}\e{reset}"}
  issue_text = ''
    \d  \t
    This is \e{cyan}\n\e{reset} [\e{lightblue}\l\e{reset}] (\s \m \r)
--- a/secrets/global.nix.age
+++ b/secrets/global.nix.age
--- a/users/myuser/default.nix
+++ b/users/myuser/default.nix
@ -5,12 +5,12 @@
  stateVersion,
  ...
 }: let
-  inherit (config.repo.secrets.global) myuser;
+  myuser = config.repo.secrets.global.myuser.name;
 in {
  users.groups.${myuser}.gid = config.users.users.${myuser}.uid;
  users.users.${myuser} = {
    uid = 1000;
-    hashedPassword = "$6$YogAnKRz8qW2Gz.I$chgMKKrpPAfV0WuGN6ChOgUJistpCzFsHOT6mhHyj07mwI1kSfDJvnMB13frMvkpv2aGpXHVH.yxk5fYHeeET/";
+    inherit (config.repo.secrets.global.myuser) hashedPassword;
    createHome = true;
    group = myuser;
    extraGroups =
--- a/users/root/default.nix
+++ b/users/root/default.nix
@ -6,7 +6,7 @@
  ...
 }: {
  users.users.root = {
-    hashedPassword = "$6$EBo/CaxB.dQoq2W8$lo2b5vKgJlLPdGGhEqa08q3Irf1Zd1PcFBCwJOrG8lqjwbABkn1DEhrMh1P3ezwnww2HusUBuZGDSMa4nvSQg1";
+    inherit (config.repo.secrets.global.root) hashedPassword;
    openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5Uq+CDy5Pmt3If5M6d8K/Q7HArU6sZ7sgoj3T521Wm"];
    shell = pkgs.zsh;
  };
@ -20,6 +20,10 @@
      inherit stateVersion;
      inherit (config.users.users.root) uid;
      username = config.users.users.root.name;
      packages = with pkgs; [
        wireguard-tools
      ];
    };
  };
 }