From 1217959d6d76cc862d879d5845e63c585898d84c Mon Sep 17 00:00:00 2001
From: Leyla Becker <git@jan-leila.com>
Date: Mon, 2 Sep 2024 20:51:30 -0500
Subject: [PATCH] added password for remote user

---
 README.md                | 21 ++++++++++++++++++---
 users/remote/default.nix |  3 +++
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 1cfbddf..31eec77 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,6 @@
+# Hosts
 
-Build Command:
-`sudo nixos-rebuild switch --flake .#hostname`
-
+## Host Map
 |   Hostname  |      Device Description    |   Primary User   |    Role   |
 | :---------: | :------------------------: | :--------------: | :-------: |
 |  `twilight` |      Desktop Computer      |      Leyla       |  Desktop  |
@@ -9,3 +8,19 @@ Build Command:
 |  `defiant`  |         NAS Server         |      Leyla       |  Service  |
 |  `emergent` |      Desktop Computer      |       Eve        |  Laptop   |
 | `threshold` |           Laptop           |       Eve        |  Desktop  |
+
+
+### Rebuild current machine to match target host:
+`sudo nixos-rebuild switch --flake .#hostname`
+
+### Rebuild current machine maintaining current target
+`./rebuild.sh`
+
+# New machine setup
+keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt
+
+updating passwords: `sops secrets/secrets.yaml`
+
+> how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU
+
+> look into this? https://technotim.live/posts/rotate-sops-encryption-keys/
diff --git a/users/remote/default.nix b/users/remote/default.nix
index 491bc51..6792b74 100644
--- a/users/remote/default.nix
+++ b/users/remote/default.nix
@@ -19,6 +19,9 @@ in
       (
         if cfg.isNormalUser then {
           # extraGroups = [ "wheel" ];
+
+          hashedPasswordFile = config.sops.secrets."passwords/remote".path;
+
           isNormalUser = true;
           openssh.authorizedKeys.keys = [];
         } else {