From 374f2f364a3a5de5438dd310f6cb50490eae6f1e Mon Sep 17 00:00:00 2001
From: sefidel <contact@sefidel.net>
Date: Mon, 6 Feb 2023 18:16:38 +0900
Subject: feat: use sops for secret management

---
 nixos/alpha/configuration.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'nixos/alpha/configuration.nix')

diff --git a/nixos/alpha/configuration.nix b/nixos/alpha/configuration.nix
index 67f56a2..d9dd00d 100644
--- a/nixos/alpha/configuration.nix
+++ b/nixos/alpha/configuration.nix
@@ -236,16 +236,20 @@
     ];
   };
 
+  sops.defaultSopsFile = ./secrets/secrets.yaml;
+  sops.secrets.root-password.neededForUsers = true;
+  sops.secrets.zach-password.neededForUsers = true;
+
   users.mutableUsers = false;
 
   fileSystems."/persist".neededForBoot = true;
 
   users.users = {
-    root.passwordFile = "/persist/passwords/root";
+    root.passwordFile = config.sops.secrets.root-password.path;
     zach = {
       isNormalUser = true;
       shell = pkgs.zsh;
-      passwordFile = "/persist/passwords/zach";
+      passwordFile = config.sops.secrets.zach-password.path;
 
       extraGroups = [
         "wheel"
-- 
cgit 1.4.1