move to declarative user management

This commit is contained in:
Charlotte 🦝 Delenk 2022-04-13 11:29:06 +01:00
parent 8a87df73cf
commit 0062a9ee53
Signed by: darkkirb
GPG key ID: AB2BD8DAF2E37122
7 changed files with 43 additions and 14 deletions

View file

@ -2,6 +2,7 @@
imports = [
./zfs.nix
./users/darkkirb.nix
./users/root.nix
./nix.nix
./sops.nix
./wireguard.nix
@ -52,4 +53,5 @@
enableSSHSupport = true;
pinentryFlavor = "curses";
};
users.mutableUsers = false;
}

View file

@ -1,4 +1,4 @@
{ ... }: {
{ config, ... }: {
users.users.darkkirb = {
createHome = true;
description = "Charlotte 🦝 Delenk";
@ -12,7 +12,11 @@
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDXQlfvRUm/z6eP1EjsajIbMibkq9n+ymlbBi7NFiOuaAAAABHNzaDo= ssh:"
];
passwordFile = config.sops.secrets."password/darkkirb".path;
};
sops.secrets."email/lotte@chir.rs" = { owner = "darkkirb"; };
sops.secrets."email/mdelenk@hs-mittweida.de" = { owner = "darkkirb"; };
sops.secrets."password/darkkirb" = {
neededForUsers = true;
};
}

View file

@ -6,6 +6,9 @@
home = "/home/miifox";
isNormalUser = true;
uid = 1001;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDIqSXWTE+zpq+DjgZbWI2i+9++SHCEorrfcNT7oDgeah1oGqg84X3f7hIov7FtNYExFj+kaYW7GOOOV9KwwB6W5adfORWvP6domwXdLutDOnkfAXCNAQBBXDRMrAHS9x089xdFJ0+FTVbB8a4QN9DG82uxGPSoMGwZfloYM0/SYahc5x3I2zpMi9PxJJzhrnmSXJx2gMYMkEoMZBxWdlXD/ge192ejMDQ/f4idW7humK9F6TG7j7u5pqUmN/WqZVg1f2mltjUFjRWn+gIDmEpgfqJ3LXQHu90vAWpXVYMsPqHc8A6+Y29YB9BuCflC4gSwKZqTHVp9oaMYJIBEw0xayK5TgsC0EliX7WQK7KacjGHhQPhP/igT+/wTC1I+gdyjOGloVVFOjWJLbpW+9C/Xp/Oy8zcH7YPj9vO8Sc5jZhuRxWgH7vUI9Nl+wjfcbKRx3ihS3HP7zenN9ATr0gO1Cj7yWKn0Mhr6an3hMDFbAA9ppiTr9JC4wvUIrurHiE= caroline the husky@Huskydev"
];
};
home-manager.users.miifox = import ../home-manager/miifox.nix;
systemd.slices."user-1001".sliceConfig = {
@ -23,11 +26,11 @@
sslCertificate = "/var/lib/acme/miifox.net/cert.pem";
sslCertificateKey = "/var/lib/acme/miifox.net/key.pem";
locations."/" =
let
miifox-website = pkgs.callPackage (import ../../packages/miifox.nix miifox-net) {};
in
{
root = "${miifox-website}";
};
let
miifox-website = pkgs.callPackage (import ../../packages/miifox.nix miifox-net) { };
in
{
root = "${miifox-website}";
};
};
}

11
config/users/root.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, ... }: {
users.users.root = {
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDXQlfvRUm/z6eP1EjsajIbMibkq9n+ymlbBi7NFiOuaAAAABHNzaDo= ssh:"
];
passwordFile = config.sops.secrets."password/root".path;
};
sops.secrets."password/root" = {
neededForUsers = true;
};
}

View file

@ -58,6 +58,9 @@ services:
email:
lotte@chir.rs: ENC[AES256_GCM,data:bkzYVXizG/inJ/MS57G2pEiUkA==,iv:jviAx1B83wPhc128msfSs7oYwRQH+j7PU0aAmNbwi88=,tag:ylYl5k9R5BdLGAXOXVeLZg==,type:str]
mdelenk@hs-mittweida.de: ENC[AES256_GCM,data:zFJjQcrBy9FdCLG8wyjPR84XnMpIS+hRnVro8oMyTqXbBLgbsqZxpD1f8DsYAfpQS1tFpfgHYfYBWw8EQWqXaQ==,iv:F5SDxQzgSuQIRfR6uZanfUPb66RuHsFEQqjpGmUVIsI=,tag:hS/HXYU/6StR7w7MCOlu4g==,type:str]
password:
root: ENC[AES256_GCM,data:AeImJlndPa/2QYVQeDkbgE8rpTg=,iv:Tuleh/WCwojDOwn1rWa0UlRDV1g8zx8bw03wGUw6QgI=,tag:iINfH4JnnryYAouEo7b6Ng==,type:str]
darkkirb: ENC[AES256_GCM,data:BeXNJl14lAeakJ8r0c/U5zZSBhs=,iv:svxv6ePnUBDIeA3Xe4YKZrWNOqBQjuNzqDDmEh+o5cM=,tag:e5bCoZrjG7hHF9lbgm0kFQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -73,8 +76,8 @@ sops:
N1lNTTRhSDFsczd4VjNudUU2NEt4MUEKdVJIJmaoGcwUHa0BGB45jqYnm9aPVZxP
dl1vkMx8EAiKhWKbBwQm5fFZcNh371rspGE7KOXmwNbNWef5bVfHpQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-03-12T12:41:15Z"
mac: ENC[AES256_GCM,data:NTpFb44rdj9vnKlGCECLpm4T8WX2fIKkpGCjdHlBaYbD2Mt5h6Mb4NKY3vmp/lYo8gb7m49V4RkC93ixL3/aBMKqcIPTJ8VAwr/76l7v5nDQwQgMtApk521b93dGzggYX0AYhqfcS4bTLcKa1G77Bgd+ITmZJO6W3aOUsh7fJZ4=,iv:Sa+xN8AvxZ0ned62pOVCD1cEuETtz1wtmC9KIw/ip4g=,tag:lxLEEWNCEYLqzQW8XqjGcw==,type:str]
lastmodified: "2022-04-13T10:22:01Z"
mac: ENC[AES256_GCM,data:H5vJtGy+rlElkQkhaKXxSfVjjICvmPxcLh+hsX1zb5mf+tPAOWUScePHuYMolfN6xcmlFdmpW3nq2B1m5ClPFfTWeYO7lcPP6Eotf1/NrGjRibEixabpQ7iswHBI8M4Zxv/vm45xdUJpOkJSTT3X/RRnDnyP3QflvNfn/u0AgXU=,iv:W33m2Uu8y5UH0cwDLd6B3NzKB66tlYLdQFjGPqyiwZ0=,tag:fSlhxS5/+KV3qJzmvCPIpA==,type:str]
pgp:
- created_at: "2022-02-02T17:50:42Z"
enc: |
@ -88,4 +91,4 @@ sops:
-----END PGP MESSAGE-----
fp: 46C6A7E14BC7812E86C2700737FE303AAC2D06CD
unencrypted_suffix: _unencrypted
version: 3.7.1
version: 3.7.2

View file

@ -17,6 +17,9 @@ security:
email:
lotte@chir.rs: ENC[AES256_GCM,data:02v6qsTC30thvqQ4yDpYhfyNVg==,iv:rdz3HHlAyyt1TR7iUXpokIlBC8VEdS0GLoCkItBc3HY=,tag:/aNoPNoMeVGCWRT3j+F+ew==,type:str]
mdelenk@hs-mittweida.de: ENC[AES256_GCM,data:rXwwhdX2STqJjO2UMqW9YeXc8JtJ2DXLptZvVN9552ldRgZU7OoNiPxbYg/Kr7ZOkl/8HIg0yFa1uQIbvQxuoQ==,iv:ThZzE7m05FS1NPH/mvWF/vflxC4pmZCMX12iOUzKQfQ=,tag:qK0+ZA8486YgaW/I7BrfPQ==,type:str]
password:
root: ENC[AES256_GCM,data:ExRLZx3OigbCioFskLAqs2VQE5U=,iv:ZFryI9HtgG0vm8wOdGX/B3Tp/oed1Xe7rbVaf21Yzyo=,tag:n34Dt+a1Cp/Ncv5R67eNOQ==,type:str]
darkkirb: ENC[AES256_GCM,data:HyDaR0WoG4OB4oYcCqN1HjPktF0=,iv:oO/+iRyJg+PPwRpnF1W03dZ1vBCBJDL5Pgga8kdQzsw=,tag:8i73gNJcV9GleE5aiKYIFA==,type:str]
sops:
kms: []
gcp_kms: []
@ -32,8 +35,8 @@ sops:
U0JxSTR3WEFvZjVoMjJsV3NYNVFpYTAKxCpvEDbEjh3sNR+2X7AsReYPxi9n3bpP
g+IVnv+EX9CkqBNbpAHiwqzekVXNqM7SxMmgSasZ4IGRK1Wcf5NU0w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-04-12T09:32:14Z"
mac: ENC[AES256_GCM,data:02+JEAKVHfmWS70uUAelgudH0/0v7w1fEpHjqYPOpj9wsDIHGrVY3P/2/d+ajxuD0iMWse6/9OUPRAKApBg9dfSSIGw6aum1HpqNr2HRURUTfYGpF5hiii+6Xnkah6c3Ye5XwVbCx9UWnN4/LUG2AVbq5qwTmN92r7s/dSGE1Qc=,iv:tv8kPbGKTwBufGCe95GWM0H3oDXCp+OU3d8ZsqAiprQ=,tag:ntClxY2aKzTXa1ebGWJbJg==,type:str]
lastmodified: "2022-04-13T10:22:59Z"
mac: ENC[AES256_GCM,data:62jku4oJwoiHxZozF0imCGeyGQvfWmcmyv/ZbQPB+bjFlOeM9g26wYj9aKGZYileGyja4TMJNV/0UKKLiiOgsf/dqDgwYcJPjtacGa25057PGbpV3dkGzOQOnwiFhRdCCov0cYp3SWZNSeQRG7OB1b7aRur8tgvU+ykh3vVsurA=,iv:ikF6iHkDl3IYDo8fj/LBrv2+4Aj4Oej0QjspV1bB/As=,tag:ghXjkBADsyNrXvKZGq1hgg==,type:str]
pgp:
- created_at: "2022-04-02T06:17:40Z"
enc: |

View file

@ -7,6 +7,9 @@ security:
email:
lotte@chir.rs: ENC[AES256_GCM,data:MywN+Etfri4TQQ8M01+RS4sLCA==,iv:s4hW8oGPs7PwdtiBlkuRmAJPjHjBonHWdNTrtA+aJLQ=,tag:3Xp2kHMgtRDmItpa+fJ0Fw==,type:str]
mdelenk@hs-mittweida.de: ENC[AES256_GCM,data:iLQwJoW4sRF35M3dEIxKrqsAsJND0wVlfue9uGfZgr+filTkmfNsnzamg7eBfacURuJrHmGDXCMcjuH15GwONA==,iv:5zAeYL2YS4J38TXl0t1mLDxjAPdf4IpGogEuzYd+xJM=,tag:FMKvuq69uZrv1nUI/2erYg==,type:str]
password:
root: ENC[AES256_GCM,data:UvSHXEqTT8giRh+wISFG+KWqrdU=,iv:Dskk6qk3BU6lSmFC1Xj9xlj7ntkNOc1n71sRyK3oRG0=,tag:3twupt185QnAOSXwVr2vhQ==,type:str]
darkkirb: ENC[AES256_GCM,data:CgTyVjgvXJCDDfAUsQznnLABUlA=,iv:eKgIlaC1V92nrV8/0dBQVfcvSz165AGhb222weLsfLU=,tag:mWlV8FohRDIaFgX9mmdXKg==,type:str]
sops:
kms: []
gcp_kms: []
@ -22,8 +25,8 @@ sops:
aHAxNitXREU0ZkZNUmorSFY2c3JPU0UK2rnyV/tDnn8nWYodDe7sgVdjfg14slBO
DV5oMPB91c5IZ0S1/Sv1oAUcri/dKHKDljxP7HU5yG5kxVeEzqx4Jw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-04-13T06:20:10Z"
mac: ENC[AES256_GCM,data:dBGn5AHOhr2E+cJIArFIl8qSmtXDzU/2g+05twszjVhvtc0Z+182LYshgm9jPbBY94n2b8V3W+T3OsBfpQo+SkIedqbe5xfG/eqN5ltHHb1Ypa5HeTdpdkYbtL39RicGOuQPsBuyZOga1+q+yYrburPIbuKFmq/mMxPI/qv/Lfw=,iv:mKXN0k3YgiayBe8GFwkrzF4gWPdOKHO7bFhVBsHDggc=,tag:HDb7P4e5eIvqzWbdrrhbgQ==,type:str]
lastmodified: "2022-04-13T10:22:30Z"
mac: ENC[AES256_GCM,data:63NspqeTxHEc746AArMHVoV48tj3hv5csv5OjaYE5DjChaZi2+VEMvzYZiASTUxRL1Gd9KBT4grPST8du9PcBYWg7r9tOs0tXVNcMxycGDGIePutIQpnG+AIq4FXnF4Muiwb88eCu+IpMDhBRvNXlW1/NiufCz5EXRCfbi/DYqc=,iv:FpCV4emMV1EyDyExTXdj4fc+X0ez0bh3A+GyZs9fQjk=,tag:94vn+jw4j2vZtLpc7HaD3w==,type:str]
pgp:
- created_at: "2022-04-13T06:20:10Z"
enc: |