use git-encrypt for secrets

This commit is contained in:
steveej 2018-01-26 11:54:50 +01:00
parent 4cd08b3136
commit e6a497383d
6 changed files with 45 additions and 17 deletions

View file

@ -1,16 +1,14 @@
{ config
, pkgs
, ... }:
{ config, pkgs, ... }:
{
imports =
[
../common/user/root.nix
];
users.extraUsers.steveej = {
uid = 1000;
let
passwords = import ../common/passwords.crypt.nix;
mkUser = {uid, hashedPassword, ... } @ args: args // {
inherit uid hashedPassword;
isNormalUser = true;
home = "/home/steveej";
extraGroups = [
"docker"
"wheel"
"libvirtd"
"networkmanager"
@ -19,9 +17,28 @@
"input"
"audio"
"video"
"cdrom"
];
hashedPassword = "removed";
shell = pkgs.zsh;
};
in
{
users.mutableUsers = false;
users.defaultUserShell = pkgs.zsh;
users.extraUsers.root = {
hashedPassword = passwords.users.root;
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
};
users.extraUsers.steveej = mkUser {
uid = 1000;
hashedPassword = passwords.users.steveej;
};
users.extraUsers.steveej2 = mkUser {
uid = 1001;
hashedPassword = passwords.users.steveej2;
};
security.pam.enableU2F = true;