Skip to content

Commit

Permalink
Disable login password when generating mishy image
Browse files Browse the repository at this point in the history
  • Loading branch information
ritiek committed Oct 19, 2024
1 parent 30761db commit 1ab0f62
Show file tree
Hide file tree
Showing 6 changed files with 46 additions and 28 deletions.
4 changes: 3 additions & 1 deletion .sops.yaml
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
keys:
- &ritiek 66FF60997B04845FF4C0CB4FEB6FC9F9FC964257
- &paintball age1m8ge0r6qtghsj88yu8f77660u8z6m2p2uvhg4day4d2c86vtp3kqcf7p72
- &mishy age1m8ge0r6qtghsj88yu8f77660u8z6m2p2uvhg4day4d2c86vtp3kqcf7p72
- &clawsiecats age1ej66fdsu8q3dfdas85zfnw38az79e4tp0hw4sh5587kdzy0l45hsj8cqth
creation_rules:
- path_regex: machines/secrets\.yaml$
pgp: *ritiek
# - path_regex: generators/secrets\.yaml$
# pgp: *ritiek
- path_regex: machines/clawsiecats/secrets\.yaml$
# key_groups:
# - pgp:
Expand Down
10 changes: 8 additions & 2 deletions flake.nix
Original file line number Diff line number Diff line change
Expand Up @@ -217,14 +217,20 @@

mishy-install-iso = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = [ ./machines/mishy ];
modules = [
./machines/mishy
./generators/mishy.nix
];
specialArgs = { inherit inputs; };
format = "install-iso";
};

mishy-raw-efi = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = [ ./machines/mishy ];
modules = [
./machines/mishy
./generators/mishy.nix
];
specialArgs = { inherit inputs; };
format = "raw-efi";
};
Expand Down
9 changes: 9 additions & 0 deletions generators/mishy.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{ config, ... }:
{
# sops.secrets = {
# "mishy_ritiek_hashed_password" = {};
# };
#
# users.users.ritiek.hashedPasswordFile = config.sops.secrets."mishy_ritiek_hashed_password".path;
users.users.ritiek.password = "";
}
30 changes: 15 additions & 15 deletions machines/clawsiecats/secrets.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
jitsi.htpasswd: ENC[AES256_GCM,data:vwu2dWdtGzaubhJD2uw62RX05h5VwF4phdzkWD8WuIMMzzRnkhNvgyI0UPCoxowkwNhef4kaogOIOeh492MSUAyzXLsO855ItLGr+86/ork2Va8DX/kf8jyraUO5oFlH,iv:9DGAPHFIEJUHLKptoS1iKTjHiIQu0WpW1fI9UylnwCE=,tag:g6z3r/RNQolinHegok9CLg==,type:str]
tailscale.authkey: ENC[AES256_GCM,data:FmKffJsnb2TfrdGfHf7G8kSYZNACuqA2IwrrPpVRrnsL5dlrb459HuVuap/RX/BzZR9LlD5HXCjk2Ku5xg==,iv:eoHTIPOHYv6mM5j5xiXo/RYh8mg+mqrfJVu6PiI4Zpg=,tag:z0NK4S/5vPGwtgAaKDi6Ag==,type:str]
jitsi.htpasswd: ENC[AES256_GCM,data:hj2LrJPee2IYE6I/DehjrDgWJypQc6CA3NGUNCwlmH0eC+g586FfcFXMPvP0F6P5QqbPlkeMDqnI+CFUHmXUCKGPyafrITqw7aEU2v4XKc6ovM3hWqVZ8WLVCjEfmn+U,iv:9DGAPHFIEJUHLKptoS1iKTjHiIQu0WpW1fI9UylnwCE=,tag:JbD11ytX1sW1ZkV50z8F5A==,type:str]
tailscale.authkey: ENC[AES256_GCM,data:InmO+jNB8SDfX7bVxWmek3ktzZ8C+0oufGHW+i6GK/X34I/uQ1hjv+FD6fuzt4837sCxWXTFZf+osiHU4Q==,iv:eoHTIPOHYv6mM5j5xiXo/RYh8mg+mqrfJVu6PiI4Zpg=,tag:ZskIaivCV+ywMYYR13H+gA==,type:str]
sops:
shamir_threshold: 1
kms: []
Expand All @@ -10,25 +10,25 @@ sops:
- recipient: age1ej66fdsu8q3dfdas85zfnw38az79e4tp0hw4sh5587kdzy0l45hsj8cqth
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzVmwvZ2RaczV0VVVIWkZS
TDUrTmRxMkI1VWtjd2M0eCs1RE5SMExYNFNNCmkyVElHN0lsRURqK2ZmVGZTa0hE
VjZITDJvTEZwNHorNzdiSklvM2FNdmsKLS0tIGw3VWxROFBobkpLbjlWbkRXUDZF
MS9NWmV2UFJKSTRaSmxKaGg5c3k1dDAKCRQLsbTqlcG2K5ThCcntP4JSD8YDdV/l
0HMJDKoy0IFFp1vH65OSuVk+p9WPtZ2sxK2DGChlTpbSaYHygHlTmw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcnZKMWFWY1E3NU8xd1Qw
NmR6cVZ0M2FPMmcyRG9lT3hWRTVGWitET0RNCnpNaC82MVVXQTB2eE1HYXlPZVhx
YjA1ZHpxbE9neHdTY0lqc3l3UHIwZEEKLS0tIEFJamFVWjZXQ3FHdGFIZE54T05Q
R3RlcHRWTGlMQjlJb3UreFQ5WDJUN0EK04HF/OqsO/3znjbxRFu4quQoF44be0r2
OcLA225/FICras7SEjM2mOe63Ar6t/majHszGcM9DQNehmTB3fjipw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-13T10:57:56Z"
mac: ENC[AES256_GCM,data:axPEARVgvrXjKt4scQRl1hPbuQgItdMkCgER+nFVbXKT6FD14Tf7CgEsuBFHtB/CTzLZq3S/pviWFZbzvwEFupvdw31JoEjNG5mVBO1MdR+T8Hrmdf1L0RjEU9LYb3gHDSh1gFa4B2Ns9b1BxxCZ3Tqnaa6eqhhaJuEI2zHlsNI=,iv:LWjZ+512/Gos0GcaAI13NeGPWjyjVgxzFerRSv3j1yg=,tag:xH4VnBD5qgZs1axAmZEb0g==,type:str]
lastmodified: "2024-10-19T23:31:50Z"
mac: ENC[AES256_GCM,data:kpbMEYVLQwuy26NOjuHyaV9pZ89jqfRpd1I1gTod9wTyxZxqhcC1iWCbzOb7P7BdGvE0oK5t8RLRFX6UjzzDt1KQXCTk5i02qBvLGxXxuBfzxnSxkp6+rWM6+bDxi1IM9VAa8g9V+yJF0e80S2dv96M7fUsQVBHkIimFWQ6kmp0=,iv:fdwNwf0PZ7O5QsSefahzo3l1YERAbG/59wgZ73urllY=,tag:Ta1BcMkTd8lnDLqX08ZyDw==,type:str]
pgp:
- created_at: "2024-10-05T14:39:15Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DVVlTbrcXgz8SAQdAWSZbERYh5q0VyQpEncqW6vMmxZyoacBLeCORBbDOxiIw
gEhJfM5XHFcfUjomlLE6XyEf4707AroR3TMcCKZMvr76Dv44H8e4fxc+cLvABzeQ
1GgBCQIQR8Wo7reJKegUm91MZSvNlRPGs6dJYm4e0OacMsmQQk2zRLaA2SP4WVUA
CxhGtBv2dCkhoDnLrI1OcMEyNWOgvEAGjJFV5J2q8HQZKJKdUfvyWs3ZxbDqrVGA
4BEmRe7B7hGCxw==
=b5PK
hF4DVVlTbrcXgz8SAQdAZwOLSmqGJJlssTSUV6d+qX3eXv5n3aCmRTaTrpSWTT0w
nOAg7qgwb1ZwAccvEkrC5wq/GZL8UaCDJM1kKiTjCNN+E/21IKTZWd7OZkyzhYyR
1GYBCQIQLcZ+jxgwmk9f/NxCRmXsOOt+OyPHlvb7LaGPUT/Ggg2l4ySLKqLWKAzz
R/URLZIgf6gdTvIl8OvYGhajupEFKFwuZo1f6UhNuLHnpwPWBJggcweDakNLBVYw
dRzx3Ioo4mc=
=X17h
-----END PGP MESSAGE-----
fp: 66FF60997B04845FF4C0CB4FEB6FC9F9FC964257
unencrypted_suffix: _unencrypted
Expand Down
3 changes: 2 additions & 1 deletion machines/mishy/home/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,9 @@
# # Can't join voice channels on dorion discord client and it
# # seems to freeze randomly (wayland/gpu issues maybe)
# dorion
## # So having armcord as a fallback for now
## # So having legcord (armcord) as a fallback for now
armcord
# legcord
# discord

# osu-lazer-bin
Expand Down
18 changes: 9 additions & 9 deletions machines/secrets.yaml
Original file line number Diff line number Diff line change
@@ -1,23 +1,23 @@
clawsiecats_ssh_host_ed25519_key: ENC[AES256_GCM,data:DqXG3CIZqCOECOX01ruylcOe9eJNGCTqnBbKFlmfGww5WfamrqBIRW54IS9Vu5m9VSvfxmQGzAYAkQt5PIJd49TJPLSP3GErL7vpWnytmhbQDnglZ1pKhYe8LFvC8rUimBANyqa3gF/1HkekfljAp4sEQGQblAkz90GRw/6UyRtxTGuotQRb5oLH6ituTGrCc659cgPxpYgn1Dxqs0tUtm3zxOPoT4cQ+/t+/aMA6SbY2ZEgh/ThXnijazBPg4nBCDNzH8MKaQoRIr99B+9s9ZZ/Y4D8uDD7YVqI/QiylNbA47wP/siCJaZ6nvCX6QYykMy3d5YcpfBv+ebXs7QPRRP+zVSKuYJhxr0LnjCEOHyfrbO3k4vrG2ZFCOQgHfKSXq+iQX8DbXca6mpTp4ksNPmxEINvNftAFSZKr931uVDxPNSUYrUt8yubNHOtrsxKVEr/MJSqv/TXlAviTJHKvK9vwWz5D+ylaxGj5fZX4W00rlp2QY5ac7V2NPvFtTSoBdxXYVXFy47wXvjLK1LM,iv:kG5OAEvEuL+hQyOnjnw6mr7AlbsmdY5ADRBChLMYtLM=,tag:j3FMYDVekDcsnX5HBGP/yA==,type:str]
clawsiecats_ssh_host_ed25519_key: ENC[AES256_GCM,data:WqSt6m2V8Fl21fWvQEyP+v//Pp4zLRUBaxWeB2Qp6EAjbIH8RnqnaF19vwyNlUDYpFkGdzW4/1NzVLcOCWjxvEFBLouP5pf+pF1hPmCRlOrLbELJd3hafDaGyJ7Zyh/ZbVGlXVwqqY7M/FfCi3xKROT9YSeGRraOAjC1D5tbPjNXiB7JVhYzqn/WUIOAGUG432UTg+0s6dZBbEakaVtiNOINb92lQPHUwB52Q7Lpi5EMTdBF1INPRbbmGDMi+XK6lmoDXLShjNRPLlAoY5nJxdNzoTEWZt9qnFueJXFe2IFMCRPPkK8GZ+KffHxAWIwZ7UfyiluwwC1H9OAAVrDY3xZ0vVx4o9KWYiVkmQEahvo0scQnnvZb+mFYzhyUETlG7MZp04EV0lTsshWjnsYvSFaJ7Q5/E/2tRiqFkh18FtTaQgYpsHmqLcOka8R6LTfc2UKUPTL2+gvBrBxnuyC9FeQpu5OONAYPB5C/JtbY+Pt0tV4awj+1lqvto1mAVUSjLctqFouBICjmt02mJzS7,iv:kG5OAEvEuL+hQyOnjnw6mr7AlbsmdY5ADRBChLMYtLM=,tag:oTVsxDt8GMt+IyBP3au3FA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-10-05T15:12:06Z"
mac: ENC[AES256_GCM,data:OqM75pTQXGNSYivIm4vhpL8Qmk31gm0jqhtnmKndvfGxSVi74kQhOOSWhI28eZsAPFIXuUop9517pT11yE/anUxxTUjitKISvsnSE8bXfYsQF2JuSCSZx7G7GODnC+25iW/qEWuP6N3Kabf14fpGkMqEgADUmQxpV1izM92tkck=,iv:wjsUJHv/+inQgrvGwDPGA3hfrNq200LcHw5TcRm9jJA=,tag:Eqs3Uy2vx/i3VhncRgyo9A==,type:str]
lastmodified: "2024-10-19T23:32:08Z"
mac: ENC[AES256_GCM,data:kktkW4ZFYk5VIIan2iO82j+Le8DLdW67W/QKA9rU1cOd10vRfChJloCeUj/4lzhZFcaD65jmmnaRQzpBtFggFfygk8304rDeoQAm9hszUozUQKZ94ssgFwuCZ8bZy4jjozZqNZZGQo2g/7RSZiPpFW75z13P0l3pREmzNvfh8VI=,iv:QWDALNgLIPPqW6mo321S1mli02rjEeuyavx6LiJT81g=,tag:JUc10kd2VAqPsOS3st0ifg==,type:str]
pgp:
- created_at: "2024-10-05T15:04:45Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DVVlTbrcXgz8SAQdATnr7Z6QhhXms+GVjIjuYy5jW55rZZw5E0ErXMjnxZDww
jvzVqj7SN9LF4GWTMnTjsOzWgpV3Lh8ufGuJ9ieCz58JLpB0WsQ6f8OKTTqrNyHF
1GgBCQIQH09TnldHJWokoXrr7A5IOidB/4oOV899wix7dT8r8TghanDblOAEMS2T
lrRxqvnizkNGG11IGR3Wwye5WLkRPPtDrZ769t8RnRqaaSlhGJLPe/MxwC0koHQQ
BG6D2AgHgqYvLQ==
=aRPw
hF4DVVlTbrcXgz8SAQdARoplxHKAE3kAY/wMLPKbps7rzxGKK48Ae4sQzPOIbVQw
GWLh0qf0KpKu/rPUxNBzW73oVnhWn85hlsq55UJqK6Uhni/cz/H/2A58+SJ66g4O
1GYBCQIQ25njDtn7RzUqH0brYXfwlTYnCzDMrqyRSSbKBIH5b5sKPegRovh6DmxR
PVyIjy1Vs1BfUWoUhesyUarvDEtztDZFr9gTCW2XWg4j3R4ZktnRbz5X8B4+CDTz
dXlduZpJDI0=
=Ncxl
-----END PGP MESSAGE-----
fp: 66FF60997B04845FF4C0CB4FEB6FC9F9FC964257
unencrypted_suffix: _unencrypted
Expand Down

0 comments on commit 1ab0f62

Please sign in to comment.