added password for remote user

2024-09-02 20:51:30 -05:00 · 2024-09-02 20:51:30 -05:00 · 6393af9620
commit 6393af9620
parent 0389206ec1
3 changed files with 25 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -1,7 +1,6 @@
 # Hosts
-Build Command:
+## Host Map
 `sudo nixos-rebuild switch --flake .#hostname`
 |   Hostname  |      Device Description    |   Primary User   |    Role   |
 | :---------: | :------------------------: | :--------------: | :-------: |
 |  `twilight` |      Desktop Computer      |      Leyla       |  Desktop  |
@ -9,3 +8,19 @@ Build Command:
 |  `defiant`  |         NAS Server         |      Leyla       |  Service  |
 |  `emergent` |      Desktop Computer      |       Eve        |  Laptop   |
 | `threshold` |           Laptop           |       Eve        |  Desktop  |
 ### Rebuild current machine to match target host:
 `sudo nixos-rebuild switch --flake .#hostname`
 ### Rebuild current machine maintaining current target
 `./rebuild.sh`
 # New machine setup
 keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt
 updating passwords: `sops secrets/secrets.yaml`
 > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU
 > look into this? https://technotim.live/posts/rotate-sops-encryption-keys/
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@ -2,6 +2,7 @@ passwords:
    leyla: ENC[AES256_GCM,data:c69e5uF40ACxVI0zXizydaqMVk6MXVJ13HwptHKeYIJ9H6bCgZRK0HCoTYw366mIpe7zt2V/OVdNr6hdzGfLa90/iOAMaCGqgw==,iv:esVvjfJm3RvO8RdXPvrnT/+At7VFl9Vt6077I5Ks89Q=,tag:fHfIFBRVH3y/V16rHYsT2g==,type:str]
    ester: ENC[AES256_GCM,data:Cz3oXNOVz35Uino3HLUNcao4YbG1QwmZn6ulWafGpa6Z3U+X+92f+PpHNx6L+q9ToIDabx0vNGs0Pfsrs4y9k/nmhWB1i66PzA==,iv:pY3aVbxmILYXHG06+XJWM6nHA8FbmsNBssh5LXplCOM=,tag:D09d2Bv4SAO7v4JeHVM+tw==,type:str]
    eve: ENC[AES256_GCM,data:XvJjFNIujwk9ttYLTbAE+PEMUpWzLXrJeJJ0aEqWBwx+gjOwX4XVg0J/B75ByJxflh9RSwB0oAGfC+6coAHoMTXPyym52zAYBw==,iv:lVbZ8uC6IKn3Bew0LHmwl47nFfBuNqslltNBiv6cx7I=,tag:lgE0N6JKDcOPqynwtXJKzQ==,type:str]
    remote: ENC[AES256_GCM,data:J/Ew48IO1UGCLl038t87AV0fdxHklfEKhmmsAhd4jPbyK88i/GjljF7mSJnlav9L+7GbxbGRjsFXkL753M7hF/n1hcVDAYpGhA==,iv:7PIgHRHXorkrOmjaWaWhu+Evu4SsNFSCk3euPdlGK20=,tag:tQ57gIselHNKlmQ1ySsAAQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -17,8 +18,8 @@ sops:
            VFBiZm5ZK2kwZjJPd3dCai9QUlpLaFEKFuwGgcdleN69voM5mpsa4J/ulmzZo7q+
            Q7KHOOidDH9C4xKjztYMuJSyviOYiIgILhljMXbNlmZnRs867gmmbw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-04-03T01:27:28Z"
+    lastmodified: "2024-09-03T01:50:34Z"
-    mac: ENC[AES256_GCM,data:ExP2Q8judGmQ5QFdZjmkNuMXlI9XJLeKaFn15Y4YuA2r+qLYYegN/IR1VeDrDO+XfWJJS7qednRnb9gErqUQgwX06AhMFDGUHHgB2lFdr/X0KBNt9EcrQ+S4Zh9zh8aTZesvnLaorz5QqF1Mt4FRz8mFYQIJ3DCWXV0cHrmmvcA=,iv:QBMc5E9SXP7aMCYFF/JnhM3bAuBA6mY4cENOW8SSaW0=,tag:ftg5Q8rS0NfUSogXXKEePA==,type:str]
+    mac: ENC[AES256_GCM,data:il1m33cFCKnL1x2QQWKfvRX7/zea+15PH8KZrAW89EizJowgefR0rpaMgO+I9CyWuIoAV77JrF9echiAvkv+eteJjkkzyG9Qo/gejC0afQAeMLGpJLEk8carxlmhJXZUrqTW3VnIY4cl0CGBinTzGqMJ2WtAQLccoQR7tDP0jBk=,iv:bdDqVdXdqXB32kjUhN8OBz9+4DwrhYAw8eWsxJNGRJ4=,tag:9T+2oBvxW0ssZV4inyvY3Q==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.0
--- a/users/remote/default.nix
+++ b/users/remote/default.nix
@ -19,6 +19,9 @@ in
      (
        if cfg.isNormalUser then {
          # extraGroups = [ "wheel" ];
          hashedPasswordFile = config.sops.secrets."passwords/remote".path;
          isNormalUser = true;
          openssh.authorizedKeys.keys = [];
        } else {