diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..6c24a32 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.crypt.* filter=git-crypt diff=git-crypt diff --git a/nixos-configuration/common/passwords.crypt.nix b/nixos-configuration/common/passwords.crypt.nix new file mode 100644 index 0000000..de66808 Binary files /dev/null and b/nixos-configuration/common/passwords.crypt.nix differ diff --git a/nixos-configuration/common/user/root.nix b/nixos-configuration/common/user/root.nix index b05133a..f8d03de 100644 --- a/nixos-configuration/common/user/root.nix +++ b/nixos-configuration/common/user/root.nix @@ -3,11 +3,14 @@ # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, ... }: +let + passwords = import ../passwords.crypt.nix; +in { users.mutableUsers = false; users.extraUsers.root = { - hashedPassword = "removed"; + hashedPassword = passwords.users.root; openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"]; }; } diff --git a/nixos-configuration/steveej-laptop/user.nix b/nixos-configuration/steveej-laptop/user.nix index 5b58864..9cab86b 100644 --- a/nixos-configuration/steveej-laptop/user.nix +++ b/nixos-configuration/steveej-laptop/user.nix @@ -1,16 +1,14 @@ +{ config +, pkgs +, ... }: -{ config, pkgs, ... }: -{ - imports = - [ - ../common/user/root.nix - ]; - - users.extraUsers.steveej = { - uid = 1000; +let + passwords = import ../common/passwords.crypt.nix; + mkUser = {uid, hashedPassword, ... } @ args: args // { + inherit uid hashedPassword; isNormalUser = true; - home = "/home/steveej"; extraGroups = [ + "docker" "wheel" "libvirtd" "networkmanager" @@ -19,9 +17,28 @@ "input" "audio" "video" + "cdrom" ]; - hashedPassword = "removed"; - shell = pkgs.zsh; + }; + +in +{ + users.mutableUsers = false; + users.defaultUserShell = pkgs.zsh; + + users.extraUsers.root = { + hashedPassword = passwords.users.root; + openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"]; + }; + + users.extraUsers.steveej = mkUser { + uid = 1000; + hashedPassword = passwords.users.steveej; + }; + + users.extraUsers.steveej2 = mkUser { + uid = 1001; + hashedPassword = passwords.users.steveej2; }; security.pam.enableU2F = true; diff --git a/nixos-configuration/steveej-laptop2/configuration.nix b/nixos-configuration/steveej-laptop2/configuration.nix index 8f56965..281d497 100644 --- a/nixos-configuration/steveej-laptop2/configuration.nix +++ b/nixos-configuration/steveej-laptop2/configuration.nix @@ -4,6 +4,10 @@ { config, pkgs, ... }: +let + passwords = import ../common/passwords.crypt.nix; + +in { nixpkgs.config.allowUnfree = true; @@ -121,7 +125,7 @@ users.mutableUsers = false; users.extraUsers.root = { - hashedPassword = "removed"; + hashedPassword = passwords.users.root; openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"]; }; users.extraUsers.steveej = { @@ -129,7 +133,7 @@ isNormalUser = true; home = "/home/steveej"; extraGroups = [ "wheel" "libvirtd" "networkmanager" "vboxusers" ]; - hashedPassword = "removed"; + hashedPassword = passwords.users.steveej; }; services.gpm.enable = true; diff --git a/nixos-configuration/steveej-utilitepro/configuration.nix b/nixos-configuration/steveej-utilitepro/configuration.nix index 07da317..721d3c6 100644 --- a/nixos-configuration/steveej-utilitepro/configuration.nix +++ b/nixos-configuration/steveej-utilitepro/configuration.nix @@ -4,6 +4,9 @@ { config, pkgs, ... }: +let + passwords = import ../common/passwords.crypt.nix; +in { # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "16.03"; @@ -259,7 +262,7 @@ users.mutableUsers = false; users.extraUsers.root = { - hashedPassword = "removed"; + hashedPassword = passwords.users.root; openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"]; }; users.extraUsers.steveej = { @@ -267,7 +270,7 @@ isNormalUser = true; home = "/home/steveej"; extraGroups = [ "wheel" "libvirtd" ]; - hashedPassword = "removed"; + hashedPassword = passwords.users.steveej; openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"]; };