diff options
| author | Mel <einebeere@gmail.com> | 2024-12-30 16:46:40 +0100 |
|---|---|---|
| committer | Mel <einebeere@gmail.com> | 2024-12-30 16:50:08 +0100 |
| commit | e062b2741ff294e1f3e88fe7253c1a8482f4b249 (patch) | |
| tree | d9af95a192f32c90be35297ef86141985b17e342 | |
| parent | a416a9fb83def3bc00c04d57ef9d2284c2c1df4e (diff) | |
| download | specimen-e062b2741ff294e1f3e88fe7253c1a8482f4b249.tar.zst specimen-e062b2741ff294e1f3e88fe7253c1a8482f4b249.zip | |
Move user passwords and keys out for easier reuse
Signed-off-by: Mel <einebeere@gmail.com>
| -rw-r--r-- | configuration/configuration.nix | 5 | ||||
| -rw-r--r-- | configuration/credentials.nix | 14 | ||||
| -rw-r--r-- | configuration/secrets/keys.nix | 10 | ||||
| -rw-r--r-- | flake.nix | 1 |
4 files changed, 21 insertions, 9 deletions
diff --git a/configuration/configuration.nix b/configuration/configuration.nix index 3ddcca1..5f7d8bd 100644 --- a/configuration/configuration.nix +++ b/configuration/configuration.nix @@ -2,6 +2,7 @@ config, lib, pkgs, + credentials, ... }: @@ -26,13 +27,13 @@ mel = { isNormalUser = true; extraGroups = [ "wheel" ]; - hashedPassword = "$y$j9T$ieEl5QNLNw/WwPlo8ltbW0$gFxLCTnPgalTvyEbElxrhSH49wrAOUAdjdVjw1NLtsC"; + hashedPassword = credentials.mel.password; }; philip = { isNormalUser = true; extraGroups = [ "wheel" ]; - hashedPassword = "$y$j9T$05voM5wlmF6HSrvOJ4Jtn1$fhAq/k2W6NYydFcwK/LiKGrRz/1NLM7MRUAGNrzy2e/"; + hashedPassword = credentials.philip.password; }; }; diff --git a/configuration/credentials.nix b/configuration/credentials.nix new file mode 100644 index 0000000..d38c795 --- /dev/null +++ b/configuration/credentials.nix @@ -0,0 +1,14 @@ +{ + mel = { + password = "$y$j9T$ieEl5QNLNw/WwPlo8ltbW0$gFxLCTnPgalTvyEbElxrhSH49wrAOUAdjdVjw1NLtsC"; + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDujTul5wWyGnidLnNuJDRze0Up29l2cDpyKdmvW2Ls" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEK96G1n31aJsZOrux3BKM0ztzi/SFAVHn0MsGkPDdqY" + ]; + }; + + philip = { + password = "$y$j9T$05voM5wlmF6HSrvOJ4Jtn1$fhAq/k2W6NYydFcwK/LiKGrRz/1NLM7MRUAGNrzy2e/"; + keys = [ ]; + }; +} diff --git a/configuration/secrets/keys.nix b/configuration/secrets/keys.nix index 6f3a57d..218e880 100644 --- a/configuration/secrets/keys.nix +++ b/configuration/secrets/keys.nix @@ -1,4 +1,6 @@ let + credentials = import ../credentials.nix; + # machines and their host key that are included in this configuration, # in this case, just one. machines = { @@ -6,13 +8,7 @@ let }; # users that can sign secrets, with all of their keys. - admins = { - mel = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDujTul5wWyGnidLnNuJDRze0Up29l2cDpyKdmvW2Ls" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEK96G1n31aJsZOrux3BKM0ztzi/SFAVHn0MsGkPDdqY" - ]; - philip = [ ]; - }; + admins = builtins.mapAttrs (n: u: u.keys) credentials; in { inherit machines admins; diff --git a/flake.nix b/flake.nix index bfeb7ea..51a43fd 100644 --- a/flake.nix +++ b/flake.nix @@ -79,6 +79,7 @@ system = defaultSystem; specialArgs = { inherit pkgs; + credentials = import ./configuration/credentials.nix; } // inputs; modules = [ ./configuration/configuration.nix |