diff --git a/features/remote-base.nix b/features/remote-base.nix new file mode 100644 index 0000000..4a59f95 --- /dev/null +++ b/features/remote-base.nix @@ -0,0 +1,12 @@ +{ + nixos = + { config, user, ... }: + { + sops.secrets.user-password = { + sopsFile = ../secrets/common.yaml; + neededForUsers = true; + }; + + users.users.${user}.hashedPasswordFile = config.sops.secrets.user-password.path; + }; +} diff --git a/flake/hosts.nix b/flake/hosts.nix index aca1f2d..6a7b249 100644 --- a/flake/hosts.nix +++ b/flake/hosts.nix @@ -82,6 +82,7 @@ in "localisation" "shell" "tailscale" + "remote-base" ]; }; diff --git a/hosts/floo/configuration.nix b/hosts/floo/configuration.nix index e40f8d1..dde1d29 100644 --- a/hosts/floo/configuration.nix +++ b/hosts/floo/configuration.nix @@ -26,8 +26,6 @@ }; }; - users.users.matej.hashedPassword = "$6$59Z5NIkOYZ3eSElX$FehMGGXQlC040G8eoO42JQDScb7hI04NbdVMAkKYKqVOLTO/.MJxfk8fHypQHrCdtAs67N1bnU2s5H/3zLWhC1"; - localisation = { timeZone = "Europe/Ljubljana"; defaultLocale = "en_US.UTF-8"; diff --git a/secrets/common.yaml b/secrets/common.yaml new file mode 100644 index 0000000..4ba007e --- /dev/null +++ b/secrets/common.yaml @@ -0,0 +1,46 @@ +user-password: ENC[AES256_GCM,data:c7y3RZSikVS32w7RTY5nBSWxDWbwNI5FhLIEoXcru5lpCUu3YqKjHNm8eMI7oeAg1VQIW/1axv0LPHM+bb7wn7SSHy49EvGyda4AU8hdVnsO9gNBul9WQy9Q6RM1PR5vW+IbX1HBFPTTOQ==,iv:oNsDzDugNq2E1CJ89BCXZ/ieCGV+evOwsOuKlKsotBg=,tag:jU8g9fIgexw2bm3E+ow3wA==,type:str] +sops: + age: + - recipient: age1frwe9fpt9vh969aqnggvq8pfypp6hl98guwfmgttucp7gr55r42sqy2t65 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVzB0YkFIM3Y3KzVQMHZE + K3gzd2M3K0tKa2E3YmJKVVlSeG5hUkY0dnlFCkQrbDV6N0pMaWF3NHorTXRLdnAw + NEgydG9SMllSdnR4Vm1qSkR1Y2dKNVEKLS0tIE5TbllNTjQrWkFMQmIrODBWWjVF + ZmlCSzJvZ1p4eTR3OHNlcktaOE12T3MKUkhzkVqQ5P2+jD4BBHN/dFmoeK9oyAy/ + 9qO7miin10kHTGAOBWXybkt8jXdbY8+gvqjAIYqE/u0ESUW0z+UvKA== + -----END AGE ENCRYPTED FILE----- + - recipient: age19qj2aaryx869cvcqp77gs9x5hcv4dqjxunkmyre78upsxda6ss7s5vquz4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaXNCMEh1NUNsS2VacDI1 + NFVsK1B6cjE0Y2gwbFA3NGN6aGdoSnBNcVM4Cnhzamx5bFY3UlV0VGRqdk1jN3A5 + K3RFV2dGTi85cTZialB2THBuTEg5a2cKLS0tIFBWWW1waFdCWEFFNUhQa25nSDFE + VnhJa1lhakxVQ3RWZi94K0IvUnN3QmsK/3FYCP5Py3G8NYsCAsKuHx2u4w5O/xBE + +PJD9Zan7CDurKVkGz/7QoCgD6OPQ7h+Mw1Px2iVKZ9RsfxCU7CF6g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hksdq2lc89thnpth49sw44f0pmkp950plrhhnttj4petvnfy04tsydz6fl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1QXRBdWNod3RvUmV5SUt2 + TnVWbjVpODBwaHF5SDlqTFNqdFlKRlFvWEdRCnowbW1DSEViSXNoMlpQQ0tDZjhH + QVcwZytEYUhYZkw1R2N6QUk2Y3NkbGMKLS0tIDYwSU9SQzJEcm5abGR3TUtUTEpw + eVltZlM1c2d0OVZMWnRRL29ZWGZqRTAKujJHoH+wAB9NtzTF0i4nMIv6dHUXQ4mN + HJXXEAGRb7hAYRm2hn8ABtoqs61qvIqiOATcHSnE/NucOrQ68CidQA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-03-29T23:11:10Z" + mac: ENC[AES256_GCM,data:XY5wElDn+YD4UHSIGd9Ru8ob39gJVE8VE5gqJJkmzF/xERXp7re/d/6RXxoYDgYS0qUnn8c2VFzJxCvakmV/lPLA8YulFk/ZDysEVn+U3CbfTIkjXcJzewJNz0N+hQKeVaCzPfWeB5oaGtB8bjxOg+GYz2TmSvEAT+kO1U/4Klg=,iv:QOlZ4O+eqvOS9/guc+RmWgVDgPzskb4WIlzyT/14MVM=,tag:ziJE9Yytlr680EpSnBGmdQ==,type:str] + pgp: + - created_at: "2026-03-29T23:09:25Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DPaEEpDtHdk8SAQdAeOAy5jmbFTr4UInI64Dwvb8hMTULgVAhqPPLZFOGTl4w + h0B0BzvOW52J67eWcvctbM1PFCmKX17JspnW/x1tEORFB9A9mR91DrgiMuLHVv5g + 0l4BhWxhsMqsKkeCaNYLz7NfIG5FlolLJbZABKdRZs6xX6pAzkWxj3cLWkc4iuRF + rE8W2lGN5Yd+luFn7Uxjc8TbQ/dbQ2y5ln0lmxFhFc1+Ka8aQ7S6liNvEvKvK2t8 + =gtNK + -----END PGP MESSAGE----- + fp: AF349EECC849D87B790E88FF6318FFB7DB374B7D + unencrypted_suffix: _unencrypted + version: 3.12.1