From 55c3398a43ad95d85c5672b732306b0839d35e32 Mon Sep 17 00:00:00 2001
From: DuN0z <dun0z@porzh.me>
Date: Thu, 30 Oct 2025 08:19:01 +0100
Subject: [PATCH] Add: encrypted password for dunoz user

---
 hosts/penduick/configuration.nix    |  16 +++++++++++-----
 secrets/dunoz-password-penduick.age | Bin 0 -> 308 bytes
 secrets/secrets.nix                 |   2 ++
 3 files changed, 13 insertions(+), 5 deletions(-)
 create mode 100644 secrets/dunoz-password-penduick.age

diff --git a/hosts/penduick/configuration.nix b/hosts/penduick/configuration.nix
index 21862f2..865887b 100644
--- a/hosts/penduick/configuration.nix
+++ b/hosts/penduick/configuration.nix
@@ -29,11 +29,16 @@ in {
     PasswordAuthentication = true;
   };
 
-  users.users.dunoz = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" "networkmanager" ];
-    initialPassword = "temp";
-    shell = pkgs.zsh;
+  age.identityPaths = [ "/etc/agenix/penduick.key" ];
+  age.secrets."dunoz-password-penduick".file = ../../secrets/dunoz-password-penduick.age;
+  users= {
+    mutableUsers = false ;
+    users.dunoz = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" "networkmanager" ];
+      hashedPasswordFile = config.age.secrets."dunoz-password-penduick".path;
+      shell = pkgs.zsh;
+    };
   };
 
   home-manager = {
@@ -44,6 +49,7 @@ in {
   environment.systemPackages = with pkgs; [
     git htop wget curl
     neovim
+    age ssh-to-age
   ];
 
 
diff --git a/secrets/dunoz-password-penduick.age b/secrets/dunoz-password-penduick.age
new file mode 100644
index 0000000000000000000000000000000000000000..cf0ffeda54be93ca37818fba39f655c142142ab0
GIT binary patch
literal 308
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR2FFfuhYv{Wz%O35=#PqIjJEvhm%cQtT}
zFibRa^~yCY^R0}kaxN;(@wP~GH1`NJ%I4B{HV!kZEc5g%tV+!aD021iD9Mg23N5Zm
zFAJ+MNsFp1&T~vF3w6#aF6PqJ)m6w3%1?7LO)*G{$}$a04@+}QGw=%aaZPne4>2~+
zDD+7+w=nlGwFtH_bmTg~mwxQnI-MWya(dZY9xmC(B%XeAT552Q5`$%t>H53Qk@nFq
z4eC#r^*cRUa{Pqu!kT!FGj|#`YA#&DuyfAoU20b>qT){mIa`(L+Lgpu&z57KYx#Sl
z$8(!Aa>1?vZ~8rU2Kju;@UOWdd#x@qc7x3Gyu0%Rn$A{FPxRvyaEq6?<5FeRJfCO6
J1J%!-t^m{wcMJdk

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 6f16f6f..24d20cf 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,8 +1,10 @@
 let
   serveur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPRVxB7usThGHf8cuSPE4sjdqSaPNlwWAZPEo1wUgHz6 root@terre-neuvas";
   admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxranFaz3jRfvYE2M6FvRUWjzviIWjWd1mucgKeuSK2 lomig@nixos";
+  penduick = "age1rnyey8shjxyaq43dzlnhtfkcm3ra4hy3ygh6c46w4xmr7fe9fe3s00nh2r";
 in
 {
   "goaccess-password.age".publicKeys = [ serveur admin ];
+  "dunoz-password-penduick.age".publicKeys = [ penduick ];
 }