diff options
| author | sefidel <contact@sefidel.net> | 2023-02-06 18:16:38 +0900 |
|---|---|---|
| committer | sefidel <contact@sefidel.net> | 2023-02-06 18:26:16 +0900 |
| commit | 374f2f364a3a5de5438dd310f6cb50490eae6f1e (patch) | |
| tree | c4a2f0dd33b61285606d894cc61353331c71f009 /nixos/alpha/configuration.nix | |
| parent | 9d2566b5958943643d138186ebc57def41f68e51 (diff) | |
| download | nixrc-374f2f364a3a5de5438dd310f6cb50490eae6f1e.tar.gz nixrc-374f2f364a3a5de5438dd310f6cb50490eae6f1e.zip | |
feat: use sops for secret management
Diffstat (limited to 'nixos/alpha/configuration.nix')
| -rw-r--r-- | nixos/alpha/configuration.nix | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/nixos/alpha/configuration.nix b/nixos/alpha/configuration.nix index 67f56a2..d9dd00d 100644 --- a/nixos/alpha/configuration.nix +++ b/nixos/alpha/configuration.nix @@ -236,16 +236,20 @@ ]; }; + sops.defaultSopsFile = ./secrets/secrets.yaml; + sops.secrets.root-password.neededForUsers = true; + sops.secrets.zach-password.neededForUsers = true; + users.mutableUsers = false; fileSystems."/persist".neededForBoot = true; users.users = { - root.passwordFile = "/persist/passwords/root"; + root.passwordFile = config.sops.secrets.root-password.path; zach = { isNormalUser = true; shell = pkgs.zsh; - passwordFile = "/persist/passwords/zach"; + passwordFile = config.sops.secrets.zach-password.path; extraGroups = [ "wheel" |