Add: encrypted password for dunoz user

2025-10-30 08:19:01 +01:00 · 2025-10-30 08:19:01 +01:00 · 55c3398a43
commit 55c3398a43
parent 1151aaa3cb
3 changed files with 13 additions and 5 deletions
--- a/hosts/penduick/configuration.nix
+++ b/hosts/penduick/configuration.nix
@ -29,12 +29,17 @@ in {
    PasswordAuthentication = true;
  };

-  users.users.dunoz = {
+  age.identityPaths = [ "/etc/agenix/penduick.key" ];
+  age.secrets."dunoz-password-penduick".file = ../../secrets/dunoz-password-penduick.age;
+  users= {
+    mutableUsers = false ;
+    users.dunoz = {
      isNormalUser = true;
      extraGroups = [ "wheel" "networkmanager" ];
-    initialPassword = "temp";
+      hashedPasswordFile = config.age.secrets."dunoz-password-penduick".path;
      shell = pkgs.zsh;
    };
+  };

  home-manager = {
    useGlobalPkgs = true ;
@ -44,6 +49,7 @@ in {
  environment.systemPackages = with pkgs; [
    git htop wget curl
    neovim
+    age ssh-to-age
  ];


--- a/secrets/dunoz-password-penduick.age
+++ b/secrets/dunoz-password-penduick.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -1,8 +1,10 @@
 let
  serveur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPRVxB7usThGHf8cuSPE4sjdqSaPNlwWAZPEo1wUgHz6 root@terre-neuvas";
  admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxranFaz3jRfvYE2M6FvRUWjzviIWjWd1mucgKeuSK2 lomig@nixos";
+  penduick = "age1rnyey8shjxyaq43dzlnhtfkcm3ra4hy3ygh6c46w4xmr7fe9fe3s00nh2r";
 in
 {
  "goaccess-password.age".publicKeys = [ serveur admin ];
+  "dunoz-password-penduick.age".publicKeys = [ penduick ];
 }