From d1994caee92798270ddc63ff82953e3a4f032eb4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= <theo.barnouin@protonmail.com>
Date: Thu, 24 Oct 2024 14:27:12 +0200
Subject: [PATCH] Add initialPassword management to ageni

---
 secrets/forgejo-runner-token.age   | Bin 363 -> 0 bytes
 secrets/initialPassword.age        |   9 +++++++++
 secrets/secrets.nix                |   3 +--
 services/minimalConfig/default.nix |   3 ++-
 4 files changed, 12 insertions(+), 3 deletions(-)
 delete mode 100644 secrets/forgejo-runner-token.age
 create mode 100644 secrets/initialPassword.age
diff --git a/secrets/forgejo-runner-token.age b/secrets/forgejo-runner-token.age
deleted file mode 100644
index 451b4edbdfae01a7bb805d5730dfb5beebe3912e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 363
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUl56=#ZC|58y%1_D6
zO36qHwD33ZFEcf94v+N6s>n_>39~fKx70UuG%+bO)Ak4qjN~e{^!D_u3`=qh(a$x=
zEhx+_NiFjW_Al@<GD>tUDyt}R^vd&1aW&4-4n?=kH^kqtAYGx@%_Y&#EX_Q<z%;|s
z+cDJ8-9OJKz$4c$rKqIXHOo9IEHFabwIVUpshBIG(y7G9%iFljEIm9pB0SBjAR|TF
z*TgZ(uPo0bwZhFZ(a<R^ywt?VDV<AKS688|!rv&_qo}|oEXcsuKd;ijB*i@0B(O3v
z!y_cyEWOkyy(F|;J1f&T)R)UwX!R4NCELEu?nu43gdtb*)9>JQ3l6;%Tdtor&m}f9
wO7?M6>e2OmmqPOjKCTK3YM4DetLM?jZojttOFLix?{`j{ZnpMri{6(r04IKgBLDyZ

diff --git a/secrets/initialPassword.age b/secrets/initialPassword.age
new file mode 100644
index 0000000..beb356e
--- /dev/null
+++ b/secrets/initialPassword.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 OWkVXw Kp9otTIwi3SuVG43UebS2B+bvp6uy81KIIPIeJSW8iE
+xXX6N1WrkxNLOC4ClZo9XzUZOdFK6210trH2GS5+N0E
+-> ssh-ed25519 MTO1pg 70GcDYGKyG0w0s1ehWvcid1JKNRY3vRPeQhnEfHDWBI
+Fcq3ZR6iA0J4CUBuQeVIyRoGMu88bd9oBrwGCJKicBE
+-> ssh-ed25519 wnEUpw m7HRrztgLMS90k3cwzqBkMKfbji0Ub8atDwTGJNeq0c
+rEPjFTG+hEPHNoLOyhmcY4QMJ4DYIIhBR10GVZqcIuo
+--- eXz18+bRHesrblBjD/aqwFkAXUhEL741swR1csHpoXU
+Ô|}pÁ#¢ç®,\‚m:(·¸ª#ëHH¡aÃÒ¸ß_~ª7 ž(5EgÈÏOQY[»r U;e
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 6e0d22d..356f51e 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -9,8 +9,7 @@ let
   systems   = [ forgejo grafana ];
 in
 {
-  "forgejo-runner-token.age".publicKeys = [ tbarnouin forgejo ];
-  "../services/forgejo-runner/secrets/forgejo-runner-token.age".publicKeys = [ tbarnouin forgejo ];
+  "initialPassword.age".publicKeys = users ++ systems;
   "../services/grafana/secrets/grafana-db.age".publicKeys = [ tbarnouin grafana ];
   "../services/grafana/secrets/kuma-token.age".publicKeys = [ tbarnouin grafana ];
 }
diff --git a/services/minimalConfig/default.nix b/services/minimalConfig/default.nix
index 6f7f638..e62bfea 100644
--- a/services/minimalConfig/default.nix
+++ b/services/minimalConfig/default.nix
@@ -28,6 +28,7 @@
     options = "--delete-older-than 7d";
   };
 
+  age.secrets.initialPassword.file  = ./secrets/initialPassword.age;
   security.sudo.wheelNeedsPassword = false;
   users = {
     users.tbarnouin = {
@@ -38,7 +39,7 @@
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos"
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICf1B0nxNMvPWSR9pStdtx2x6Iw+JUeCCt1CKWoD8dsr"
       ];
-      initialPassword = "test";
+      initialPassword = config.age.initialPassword.path;
     };
     users.root = {
       openssh.authorizedKeys.keys = [
