use ragenix for passwords

This commit is contained in:
uku 2023-11-14 19:47:42 +01:00
parent 6324fa7c57
commit 7678345313
Signed by: uku
GPG key ID: 7D01D7B105E77166
7 changed files with 240 additions and 11 deletions

View file

@ -11,8 +11,6 @@
modules =
args.modules
++ [
./common.nix
./${name}
./${name}/hardware-configuration.nix
@ -24,11 +22,18 @@
mapNixOS = lib.mapAttrs (toSystem inputs.nixpkgs.lib.nixosSystem);
desktop = with inputs; [
./desktop.nix
lanzaboote.nixosModules.lanzaboote
home-manager.nixosModules.home-manager
nixos = with inputs; [
./common.nix
ragenix.nixosModules.default
];
desktop = with inputs;
[
./desktop.nix
lanzaboote.nixosModules.lanzaboote
home-manager.nixosModules.home-manager
]
++ nixos;
in {
flake.nixosConfigurations = mapNixOS {
fuji = {

View file

@ -1,7 +1,9 @@
{
lib,
pkgs,
config,
getchvim,
ragenix,
...
}: let
username = "leo";
@ -93,6 +95,17 @@ in {
security.rtkit.enable = true;
age = {
identityPaths = ["/home/leo/.ssh/id_ed25519"];
secrets = let
base = ../secrets/desktop;
in {
rootPassword.file = "${base}/rootPassword.age";
userPassword.file = "${base}/userPassword.age";
};
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
@ -131,6 +144,7 @@ in {
osu-lazer-bin
gnome.file-roller
getchvim.packages.${system}.default
ragenix.packages.${system}.default
];
services = {
@ -161,10 +175,15 @@ in {
security.pam.services.greetd.enableGnomeKeyring = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.${username} = {
isNormalUser = true;
shell = pkgs.fish;
extraGroups = ["networkmanager" "wheel" "video"];
users.users = {
${username} = {
isNormalUser = true;
shell = pkgs.fish;
extraGroups = ["networkmanager" "wheel" "video"];
hashedPasswordFile = config.age.secrets.userPassword.path;
};
root.hashedPasswordFile = config.age.secrets.rootPassword.path;
};
fonts.packages = with pkgs; [