configure Password via Colmena
This commit is contained in:
parent
05a89fe0f2
commit
13a9c9f13e
GPG key ID:
223391B52FAD4463
4 changed files with 62 additions and 4 deletions
|
|
@ -4,11 +4,13 @@ keys:
|
||||||
|
|
||||||
# Servers
|
# Servers
|
||||||
- &wireguard age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e
|
- &wireguard age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e
|
||||||
|
- &mcserver age1v98yggaarelrp7z8rljzpf3gm70up4q8460trejmptdpv7gjucrqssjz9h
|
||||||
|
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets\/all\/*
|
- path_regex: secrets\/all\/*
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp: [*clara]
|
- pgp: [*clara]
|
||||||
|
age: [*wireguard, *mcserver]
|
||||||
- path_regex: secrets\/wireguard\/*
|
- path_regex: secrets\/wireguard\/*
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp: [*clara]
|
- pgp: [*clara]
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,18 @@
|
||||||
{ modulesPath, pkgs, lib, inputs, ... }: {
|
{ modulesPath, pkgs, lib, inputs, config, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
(modulesPath + "/virtualisation/proxmox-lxc.nix")
|
(modulesPath + "/virtualisation/proxmox-lxc.nix")
|
||||||
inputs.sops-nix.nixosModules.sops
|
inputs.sops-nix.nixosModules.sops
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# set up secret key
|
||||||
|
sops = {
|
||||||
|
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
defaultSopsFile = ../secrets/all/secrets.yaml;
|
||||||
|
secrets.initial_password_clara = {
|
||||||
|
neededForUsers = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
# we want at least a possibility to download stuff, monitor activity and sudo
|
# we want at least a possibility to download stuff, monitor activity and sudo
|
||||||
|
|
@ -25,7 +34,7 @@
|
||||||
# default user with sudo
|
# default user with sudo
|
||||||
users.users.clara = {
|
users.users.clara = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
initialPassword = "123456";
|
hashedPasswordFile = config.sops.secrets.initial_password_clara.path;
|
||||||
extraGroups = [ "sudo" "wheel" ];
|
extraGroups = [ "sudo" "wheel" ];
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -9,8 +9,9 @@ in {
|
||||||
# set up secret key
|
# set up secret key
|
||||||
sops = {
|
sops = {
|
||||||
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
defaultSopsFile = ../../secrets/wireguard/secrets.yaml;
|
secrets.wg_private_key = {
|
||||||
secrets.wg_private_key = { };
|
sopsFile = ../../secrets/wireguard/secrets.yaml;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
|
|
|
||||||
46
secrets/all/secrets.yaml
Normal file
46
secrets/all/secrets.yaml
Normal file
|
|
@ -0,0 +1,46 @@
|
||||||
|
initial_password_clara: ENC[AES256_GCM,data:9qq2u05PsDWBOSAKY/DslqyXxTpuy4OyRD8zJ2EmbvBFnafVuEVgn/U8QXkXIGrMWqXiDhee9hdKuai4VcQRxGkJFAC7HgteLw==,iv:WSgs0m60C7sSezKFFRq7O/LDWKl2zf4OMT3mEx+eX2Y=,tag:LAxjKNND3Ah0qMNKzmTfmQ==,type:str]
|
||||||
|
sops:
|
||||||
|
age:
|
||||||
|
- recipient: age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvSHg4SmxHTGFVbm82VDFY
|
||||||
|
TG0ybDRWc1FRR3VLL1A1dk5jcWJzSmFRbFVZCk5lK2NjOTd5UGovVFZPNmwzZld0
|
||||||
|
cEIzTXRBbE5TRUxWbk5NZFZZbkwvazgKLS0tIFN6aHpTZlM4N1Z0dkFZWVBERHEw
|
||||||
|
bjhTUXlFYS92aFpyc2E5NVF3T3JJZ0EK/212uZn6pEmHyIAxef/RZF2XeYbQk0W+
|
||||||
|
PDdnOxO4hizczMjxkI7soMQJm+rn8E+yvv1RqXPCn2iMoZ6XMs7lxw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1v98yggaarelrp7z8rljzpf3gm70up4q8460trejmptdpv7gjucrqssjz9h
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySkhJeTdyV0UzbEphV28x
|
||||||
|
aGRWNHAwalN5dEhuTy9NZUIyVGtFOHNpeFNnCm1rZTdrSHcwWGdwVU91WTVwUlIr
|
||||||
|
Z2JWSmtSVGp5akY4a0orWWt4ZkptNGcKLS0tIE9YSzVHS05HbjM0VUI3aGNyVDlo
|
||||||
|
MEc3TmdYd3dUTThIcG5nZmRWQ2RRVzAKWI/c5xcj0bNLUmYFIMuY+gOtmPCpd3Be
|
||||||
|
5tFaJ+Dv6q4sT4OS4YxDUyVqoXXrPh3ZBjgVxuiXDSMq884BpJXx/Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2025-04-15T16:44:33Z"
|
||||||
|
mac: ENC[AES256_GCM,data:T8IyZVfFNwapxymfsdaZoyeGq4cmk4otIuCfbZiRqF6NTJgRw3aIDmNmsT7ZMiyEzCrtpKue92HBA/yLdV+bkZqM+yBWKYM9Wu04nMhJgt5AmpXt0KfS9ISJlsLxuNMZBgSIxoMfndKakz+MW+wGomN7Of8UwQnNNqxH08O3Bh0=,iv:Vj+nlKh/lNxpJdI7WEYENqz4jVbtBErtRs3hutc4DZg=,tag:HRvnPQMyZS/cioj9b1IICw==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2025-04-15T16:29:51Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzwtBoBqH5ZOARAAkltkqMBtbtRrttiKUfZVRy/JxzND/LeAVtbB+NsHrIA0
|
||||||
|
CRW4MizreJgAGiuRgkUMWq5QhYbADIrH4UpUJQb0fCfsc0rYcsY40rY1XsGokL/e
|
||||||
|
ABipOkXTt78oMzp7LsAsG+jf2WI+n/BJUmjvvEeyS6x0Z7xXYQ7iYx6ZJYg5W265
|
||||||
|
fW6nxqH3L98GYDlGZ9TQUe2WfGZGtzthVtSx0fTr3z9QC8xsSMsyhLwwOsXjskOJ
|
||||||
|
S6JTAaHyqKGqkECBcV0jGVGH639CHj2QAjJyPjqCmyD9SD2H7oYXVHqsGIUwWyDC
|
||||||
|
p+Ya1YEEdt6twaAb9nw2i53+5fv5Cpok3auk27U8M/S/KOxtH5jbZuUFToHTqMDh
|
||||||
|
P7fXEi4AjuiQF2DuiDL5/4HiUcvKiT86MgdJDwpIbdHqdUrGrT8WYvlApYXBg1EH
|
||||||
|
adN4brPX0BJ/mWFvQl8eGGHnohxuQo9cf7UzWlxAb3jo+pAZHkjAxy8WpCbmdDKQ
|
||||||
|
+2lPXbyXQ0zu0tOdAtUjOVXCOrkPWro+bABw9Q27/Y+apkO4dW2ssGGm/qrm6l6X
|
||||||
|
qzAlzqrG98A66OuuKfaAy99qZflZ1oz+lpeCMaHG5AaLt0XZbE3XPUA/qHOD7WzT
|
||||||
|
1MWvtisUUg3StCkHSbiOv6JZ9Ta2Ng2mlfdCqs7iHCNU05Fgtuj0BVgW/UxFqDTS
|
||||||
|
XgEeus2+EyHN5NVZWPD2zuAM3QJFQ/fpFRx3msP2cr7kueOa6e2Lt+EzkgMsEHm5
|
||||||
|
5OhzLsM+pCWIuZc7+fgGU64BKtFneBMO74TE4fgX204/lEFT3fuQfXFDv4TbK2s=
|
||||||
|
=etKI
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 58EF8D71114EF548DEE3320DE6F04916B6EEBD83
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.10.1
|
||||||
Loading…
Add table
Add a link
Reference in a new issue