upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-07 05:27:13 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

feat: set up declarative password with sops

Browse source
This commit is contained in:
Nick 2025-11-05 21:13:54 -06:00
parent 672c9bb7c0
commit 05ea17564f
3 changed files with 18 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
profiles/user0/default.nix
View file

@ -14,12 +14,20 @@ let
hostname = config.networking.hostName;
in
{
sops.secrets = {
"passwords/user0" = {
neededForUsers = true;
};
};
users = {
users.${user0} = {
description = name;
name = user0;
isNormalUser = true;
shell = pkgs.nushell;
hashedPasswordFile = config.sops.secrets."passwords/user0".path;
extraGroups = [
"adbusers"
"caddy"

6
secrets/secrets.yaml
View file

@ -48,6 +48,8 @@ firefly-iii-pass: ENC[AES256_GCM,data:gy7CuAy2PqKyr/+fHjHuKosj7Mi2cfOop4bLew0vZt
firefly-iii-data: ENC[AES256_GCM,data:EY/CNiSrnmUjotIshk4KqJ2P7IMpiXYyBr7NeYcI69k=,iv:bocGJHNLMAfHFjs3/6wwxwYqq0qar/uNrwppK+MQjBg=,tag:2H5TD6bd9PUgN7BWkwNuzA==,type:str]
firefly-iii-smtp: ENC[AES256_GCM,data:suCsPpd5acpasLLJPcgf9gUQlz4geqm/fNlw5b1+zMo=,iv:63o2Jtrn1T+CSeB9YZ9Zr0873zxgAdBDklwdNuC2bT4=,tag:L4smPSDq/FHMQzS39ege1Q==,type:str]
roundcube-pass: ENC[AES256_GCM,data:vLvNVgiOQKIIoBhFD2if4Ct/1qugwe6i9OG8rB4sv4o=,iv:iJJlzgIocPe3ty67C39MF09FkU+p7hqd+GLnE0PBJAA=,tag:kzPVQP55YwMeYHrrsHFHJQ==,type:str]
passwords:
user0: ENC[AES256_GCM,data:q+yH7s5pUmMZcX2HmcwxtdXQJHUK1bQXhGoog1cRMIFtk+KkLWygzBm74xKzqWI4f1cf9uHeNZniiZX8LnkdC6e6Purl7qyjJBw=,iv:5MTvFZoELBrZxIto8vJUJPo8Kd0rjjnCAYUt2tEngxA=,tag:u2kCFjM7v2KYLGL9h5ff/Q==,type:str]
sops:
age:
- recipient: age19dpncsdphdt2tmknjs99eghk527pvdrw0m29qjn2z2gg3et5tdtqycqhl0
@ -59,7 +61,7 @@ sops:
bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-04T20:22:31Z"
mac: ENC[AES256_GCM,data:mL+7OjHRuSpGFaBAyNA1VP5GtwaL97uGVZo6eMduPNSy2bAkE6PhFwzVKLUikKCjOdYut1xF9aVRa0Sj1CiOTHoJdRlzpF02XSeTGJ/uxYFap29F7PruGzv24Xy7zfHQQYDO/ypBUSDgS8yO73zjjqBqlIT5NQD9X1M0TDT/QUk=,iv:g8JAT9B+irTZiH7e7hlp6x+gjlDUztlSe7FUPKcJ2Fg=,tag:OSQlvguKpQmG1r90fDWemA==,type:str]
lastmodified: "2025-11-06T02:54:32Z"
mac: ENC[AES256_GCM,data:WHBK6LzbBy8h4qjYcem0P871ltIEmaOWHjO+d9+E2aPg57BsgcpEWqMEpPmOoyujiRDu4p/eWMM5yHIBLkwuFJfQMCQ1Iwtl2Ei47Yf9DABjOfR2VslTq+Khpb13xaewxYEsNF15HJGi/bAxK9YWuwGa1ruNlmRH6rmF7OabqqE=,iv:Rv7QZKBkqBtlDkUDuDVzN79Wzc1nocbTLgTmXg8BTzU=,tag:qaIa0R8z9wLmrcYkoeW+Yg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

7
systems/ceres/config/filesystem.nix
View file

@ -8,6 +8,7 @@ let
inherit (flake.config.people) user0;
rootDevice = "/dev/disk/by-uuid/df9868a4-2dd1-40d5-9f5f-c56ceac62216";
bootDevice = "/dev/disk/by-uuid/DF19-AD99";
in
{
fileSystems = {
@ -37,7 +38,7 @@ in
};
"/boot" = {
device = "/dev/disk/by-uuid/DF19-AD99";
device = bootDevice;
fsType = "vfat";
options = [
"fmask=0077"
@ -49,6 +50,10 @@ in
device = "/dev/disk/by-label/storage";
fsType = "ext4";
};
"/etc/ssh" = {
neededForBoot = true;
};
};
boot.initrd.postResumeCommands = lib.mkAfter ''
mkdir /btrfs_tmp