commit c0d0a665e1562322e75375c642025dd1c98fd71a · aylac.top/nixcfg-own-knot

+3 -3

flake.lock

···

       1032
        
           "secrets": {

     

       1033
        
             "flake": false,

     

       1034
        
             "locked": {

     

       1035
       -
               "lastModified": 1756518813,

     

       1036
       -
               "narHash": "sha256-tuhglLbJSQzfWeOYYMnbx4XhwFQp8cF1GdtmznPiKTQ=",

     

       1037
        
               "owner": "ayla6",

     

       1038
        
               "repo": "secrets",

     

       1039
       -
               "rev": "646cbc68c306569c502e78a31be22e6c2919b5ae",

     

       1040
        
               "type": "github"

     

       1041
        
             },

     

       1042
        
             "original": {

···

       1032
        
           "secrets": {

     

       1033
        
             "flake": false,

     

       1034
        
             "locked": {

     

       1035
       +
               "lastModified": 1756878317,

     

       1036
       +
               "narHash": "sha256-pEVF9/ZjyENenEUUqrKGO3qNngqRP1EaLf7mOS/4ol4=",

     

       1037
        
               "owner": "ayla6",

     

       1038
        
               "repo": "secrets",

     

       1039
       +
               "rev": "9cf93253fccc51a8a22c8fe944d80a50a24d7404",

     

       1040
        
               "type": "github"

     

       1041
        
             },

     

       1042
        
             "original": {

+1 -1

hosts/morgana/default.nix

···

       68
        
         myUsers = {

     

       69
        
           ayla = {

     

       70
        
             enable = true;

     

       71
       -
             password = "REDACTED";

     

       72
        
           };

     

       73
        
         };

     

       74

···

       68
        
         myUsers = {

     

       69
        
           ayla = {

     

       70
        
             enable = true;

     

       71
       +
             passwordFile = config.age.secrets.aylaPassword.path;

     

       72
        
           };

     

       73
        
         };

     

       74

+1

hosts/morgana/secrets.nix

···

       1
        
       {self, ...}: {

     

       2
        
         age.secrets = {

     

       0
        
       
     

       3
        
           tailscaleAuthKey.file = "${self.inputs.secrets}/tailscale/auth.age";

     

       4
        
           syncthingCert.file = "${self.inputs.secrets}/ayla/syncthing/morgana/cert.age";

     

       5
        
           syncthingKey.file = "${self.inputs.secrets}/ayla/syncthing/morgana/key.age";

···

       1
        
       {self, ...}: {

     

       2
        
         age.secrets = {

     

       3
       +
           aylaPassword.file = "${self.inputs.secrets}/ayla/passwordHash.age";

     

       4
        
           tailscaleAuthKey.file = "${self.inputs.secrets}/tailscale/auth.age";

     

       5
        
           syncthingCert.file = "${self.inputs.secrets}/ayla/syncthing/morgana/cert.age";

     

       6
        
           syncthingKey.file = "${self.inputs.secrets}/ayla/syncthing/morgana/key.age";

+1 -1

hosts/nanpi/default.nix

···

       84
        
         myUsers = {

     

       85
        
           ayla = {

     

       86
        
             enable = true;

     

       87
       -
             password = "REDACTED";

     

       88
        
           };

     

       89
        
         };

     

       90

···

       84
        
         myUsers = {

     

       85
        
           ayla = {

     

       86
        
             enable = true;

     

       87
       +
             passwordFile = config.age.secrets.aylaPassword.path;

     

       88
        
           };

     

       89
        
         };

     

       90

+1

hosts/nanpi/secrets.nix

···

       1
        
       {self, ...}: {

     

       2
        
         age.secrets = {

     

       0
        
       
     

       3
        
           pds.file = "${self.inputs.secrets}/pds.age";

     

       4
        
           resticPassword.file = "${self.inputs.secrets}/restic-passwd.age";

     

       5
        
           rclone.file = "${self.inputs.secrets}/rclone.age";

···

       1
        
       {self, ...}: {

     

       2
        
         age.secrets = {

     

       3
       +
           aylaPassword.file = "${self.inputs.secrets}/ayla/passwordHash.age";

     

       4
        
           pds.file = "${self.inputs.secrets}/pds.age";

     

       5
        
           resticPassword.file = "${self.inputs.secrets}/restic-passwd.age";

     

       6
        
           rclone.file = "${self.inputs.secrets}/rclone.age";

+1 -1

modules/users/ayla/default.nix

···

       10
        
             description = "Ayla";

     

       11
        
             isNormalUser = true;

     

       12
        
             extraGroups = config.myUsers.defaultGroups;

     

       13
       -
             hashedPassword = config.myUsers.ayla.password;

     

       14
        
       

     

       15
        
             openssh.authorizedKeys.keyFiles =

     

       16
        
               lib.map (file: "${self.inputs.secrets}/publicKeys/${file}")

···

       10
        
             description = "Ayla";

     

       11
        
             isNormalUser = true;

     

       12
        
             extraGroups = config.myUsers.defaultGroups;

     

       13
       +
             hashedPasswordFile = config.myUsers.ayla.passwordFile;

     

       14
        
       

     

       15
        
             openssh.authorizedKeys.keyFiles =

     

       16
        
               lib.map (file: "${self.inputs.secrets}/publicKeys/${file}")

+6

modules/users/options.nix

···

       8
        
               description = "Hashed password for ${user}.";

     

       9
        
               type = lib.types.nullOr lib.types.str;

     

       10
        
             };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       11
        
           };

     

       12
        
         in {

     

       13
        
           defaultGroups = lib.mkOption {

···

       8
        
               description = "Hashed password for ${user}.";

     

       9
        
               type = lib.types.nullOr lib.types.str;

     

       10
        
             };

     

       11
       +
       

     

       12
       +
             passwordFile = lib.mkOption {

     

       13
       +
               default = null;

     

       14
       +
               description = "Hashed password file for ${user}.";

     

       15
       +
               type = lib.types.nullOr lib.types.path;

     

       16
       +
             };

     

       17
        
           };

     

       18
        
         in {

     

       19
        
           defaultGroups = lib.mkOption {