From e062b2741ff294e1f3e88fe7253c1a8482f4b249 Mon Sep 17 00:00:00 2001
From: Mel <einebeere@gmail.com>
Date: Mon, 30 Dec 2024 16:46:40 +0100
Subject: Move user passwords and keys out for easier reuse

Signed-off-by: Mel <einebeere@gmail.com>
---
 configuration/configuration.nix |  5 +++--
 configuration/credentials.nix   | 14 ++++++++++++++
 configuration/secrets/keys.nix  | 10 +++-------
 3 files changed, 20 insertions(+), 9 deletions(-)
 create mode 100644 configuration/credentials.nix

(limited to 'configuration')

diff --git a/configuration/configuration.nix b/configuration/configuration.nix
index 3ddcca1..5f7d8bd 100644
--- a/configuration/configuration.nix
+++ b/configuration/configuration.nix
@@ -2,6 +2,7 @@
   config,
   lib,
   pkgs,
+  credentials,
   ...
 }:
 
@@ -26,13 +27,13 @@
     mel = {
       isNormalUser = true;
       extraGroups = [ "wheel" ];
-      hashedPassword = "$y$j9T$ieEl5QNLNw/WwPlo8ltbW0$gFxLCTnPgalTvyEbElxrhSH49wrAOUAdjdVjw1NLtsC";
+      hashedPassword = credentials.mel.password;
     };
 
     philip = {
       isNormalUser = true;
       extraGroups = [ "wheel" ];
-      hashedPassword = "$y$j9T$05voM5wlmF6HSrvOJ4Jtn1$fhAq/k2W6NYydFcwK/LiKGrRz/1NLM7MRUAGNrzy2e/";
+      hashedPassword = credentials.philip.password;
     };
   };
 
diff --git a/configuration/credentials.nix b/configuration/credentials.nix
new file mode 100644
index 0000000..d38c795
--- /dev/null
+++ b/configuration/credentials.nix
@@ -0,0 +1,14 @@
+{
+  mel = {
+    password = "$y$j9T$ieEl5QNLNw/WwPlo8ltbW0$gFxLCTnPgalTvyEbElxrhSH49wrAOUAdjdVjw1NLtsC";
+    keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDujTul5wWyGnidLnNuJDRze0Up29l2cDpyKdmvW2Ls"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEK96G1n31aJsZOrux3BKM0ztzi/SFAVHn0MsGkPDdqY"
+    ];
+  };
+
+  philip = {
+    password = "$y$j9T$05voM5wlmF6HSrvOJ4Jtn1$fhAq/k2W6NYydFcwK/LiKGrRz/1NLM7MRUAGNrzy2e/";
+    keys = [ ];
+  };
+}
diff --git a/configuration/secrets/keys.nix b/configuration/secrets/keys.nix
index 6f3a57d..218e880 100644
--- a/configuration/secrets/keys.nix
+++ b/configuration/secrets/keys.nix
@@ -1,4 +1,6 @@
 let
+  credentials = import ../credentials.nix;
+
   # machines and their host key that are included in this configuration,
   # in this case, just one.
   machines = {
@@ -6,13 +8,7 @@ let
   };
 
   # users that can sign secrets, with all of their keys.
-  admins = {
-    mel = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDujTul5wWyGnidLnNuJDRze0Up29l2cDpyKdmvW2Ls"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEK96G1n31aJsZOrux3BKM0ztzi/SFAVHn0MsGkPDdqY"
-    ];
-    philip = [ ];
-  };
+  admins = builtins.mapAttrs (n: u: u.keys) credentials;
 in
 {
   inherit machines admins;
-- 
cgit 1.4.1