feat(secret): add user_password

2026-03-07 20:28:08 +01:00 · 2026-03-07 17:14:20 +01:00
parent 46d1bfe57e
commit 8dac4d9426
3 changed files with 9 additions and 3 deletions
--- a/modules/nix-config/default.nix
+++ b/modules/nix-config/default.nix
@@ -2,6 +2,7 @@
  pkgs,
  currentSystemUser,
  currentSystemDe,
+  config,
  ...
 }:
 {
@@ -51,13 +52,14 @@
  users.users.${currentSystemUser} = {
    isNormalUser = true;
    description = "Patrick Canal";
+    shell = pkgs.fish;
+    hashedPasswordFile = config.sops.secrets.user_password.path;
    extraGroups = [
      "networkmanager"
      "wheel"
      "docker"
      "libvirtd"
    ];
-    shell = pkgs.fish;
  };

  nix.settings = {
--- a/modules/nix-config/security.nix
+++ b/modules/nix-config/security.nix
@@ -13,6 +13,9 @@
      "wifi_password" = {
        owner = currentSystemUser;
      };
+      "user_password" = {
+        neededForUsers = true;
+      };
    };
  };
 }
--- a/secrets/default.sops.yaml
+++ b/secrets/default.sops.yaml
@@ -1,4 +1,5 @@
 wifi_password: ENC[AES256_GCM,data:7plUlREKK8mNdWGhlTG5+3ICFqZq+hBp6aHz1mrLbOm9xZ5Uh2EF4RM4eXDXLw==,iv:nW8dyJHMuvKPJV9155DiAFynb+Q4hfxzyO8RYLKjgGg=,tag:c3hpltMYjtjah0ttnkQWiw==,type:str]
+user_password: ENC[AES256_GCM,data:oRb4aO3iby+cA5YU5cyCeyOeSzZqd58/WozcHrK00VSHG01OnUZqpWbBa6zIm43UqfoZUM7IScWQZcWPbVR6t4H/uErZbZi2dQ==,iv:UzoJS290MWP7E/A1todnmyiNV3C8f5lg5h1Tf81QSPA=,tag:rvGNdn2I2TxVX8xDpDe/Vw==,type:str]
 sops:
    age:
        - recipient: age18ujjw92tm6vpcpgqqky7dzg3yvzm9nytgzeptkfhtz5jhdskcdpsgmv0vs
@@ -19,7 +20,7 @@ sops:
            NDN3c1J1dVcvY21uOUYrVFZMVXZXUTQK8GFPONewI3mzyG9Eh8PSjGVETsslyHiy
            ud/QT1fJFbjZzbKHu2RsFNYukLuoEodQ5t9ccGfWCpSfgddNXjGtHg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-03-05T20:36:33Z"
-    mac: ENC[AES256_GCM,data:L1sYA4CxLJjHOEJpho0q8k4uNa6XazYBjzWsMmITYxZVlTcdxKdIrMC3v6Fpcwdh+cHGnwEGufZAIBmRUjkCmxRhbuTA5T660oZb3bCmYE/i8u3IIh7C9jNAv95n16F/2CL5BVNzQj4lNQj8UzuUrSd/mH2BRO01I29SWNwb6mQ=,iv:RZJsTPhXYv82k9661R80NOUAqGzFqv4YnVaK13vhAJ0=,tag:huf6cjSx46H4DnsWS8c7AQ==,type:str]
+    lastmodified: "2026-03-07T16:01:24Z"
+    mac: ENC[AES256_GCM,data:Ni5qtsBcjKj9R2g78rdzd7+4tBL20SsU6aD5YZII/jaxjFxwFeVzfXuJruLnq3bEUiZShzOBVCc7gUi/6DaaluhXfltwwywu0QjJkPxfpGtQ7gmmiSDQAItwmj+9bJ/BFjx6ViBI/Vi1hnSRsS/gr1K0QkAzCT0JRehWi2HwnE4=,iv:rHWCfNa2hR6kB7lGB/VhPlB7MexgSFyWl5xyteQC3sk=,tag:6vBjVUIJLKDkJ7hjbkQXKw==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.12.1