diff options
| author | Mathias Magnusson <mathias@magnusson.space> | 2025-10-19 13:30:52 +0200 |
|---|---|---|
| committer | Mathias Magnusson <mathias@magnusson.space> | 2025-10-19 15:36:49 +0200 |
| commit | 3ccc68f167184a093c79cab4ff8e25b37206a20c (patch) | |
| tree | 8795385637e4831b00bea46018c037c7b0a5147f /configuration.nix | |
| parent | af7f731f5bac7dacc1083156913a9823887113db (diff) | |
| download | oden-3ccc68f167184a093c79cab4ff8e25b37206a20c.tar.gz | |
Add agenix
Diffstat (limited to 'configuration.nix')
| -rw-r--r-- | configuration.nix | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/configuration.nix b/configuration.nix index 78a98a1..8416a4d 100644 --- a/configuration.nix +++ b/configuration.nix @@ -31,13 +31,14 @@ isNormalUser = true; extraGroups = [ "wheel" "wireshark" ]; shell = pkgs.fish; - hashedPassword = "REDACTED"; + hashedPasswordFile = config.age.secrets."password-hash.txt".path; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPC69ml72mqbn7L3QkpsCJuWdrKFYFNd0MaS5xERbuSF" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEdUe7mxGdV/Q37RKndPzDHisFb7q/xm+L97jcGluSDOA8MGt/+wTxpyGxfyEqaMvwV2bakaMVHTB3711dDu5kE=" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLZ6OVyjTvWx9gvS+/DvkQW5VvLBbykq/0AV5mYDLADDtIOaDVscQ3lGOcUsga1ODNSl14MSV63bE8VtHfG1HOc=" ]; }; + age.secrets."password-hash.txt".file = ./secrets/password-hash.txt.age; programs.fish.enable = true; @@ -46,8 +47,12 @@ curl git (ffmpeg.override { withVpl = true; }) + (inputs.agenix.packages.${pkgs.system}.agenix) + age-plugin-yubikey ]; + age.identityPaths = [ "/nix/persist/etc/ssh/ssh_host_ed25519_key" ]; + services.openssh.enable = true; services.openssh.settings = { PasswordAuthentication = false; |