Add initialPassword management to ageni

This commit is contained in:
Théo Barnouin 2024-10-24 14:27:12 +02:00
parent a45482532d
commit d1994caee9
4 changed files with 12 additions and 3 deletions

Binary file not shown.

View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 OWkVXw Kp9otTIwi3SuVG43UebS2B+bvp6uy81KIIPIeJSW8iE
xXX6N1WrkxNLOC4ClZo9XzUZOdFK6210trH2GS5+N0E
-> ssh-ed25519 MTO1pg 70GcDYGKyG0w0s1ehWvcid1JKNRY3vRPeQhnEfHDWBI
Fcq3ZR6iA0J4CUBuQeVIyRoGMu88bd9oBrwGCJKicBE
-> ssh-ed25519 wnEUpw m7HRrztgLMS90k3cwzqBkMKfbji0Ub8atDwTGJNeq0c
rEPjFTG+hEPHNoLOyhmcY4QMJ4DYIIhBR10GVZqcIuo
--- eXz18+bRHesrblBjD/aqwFkAXUhEL741swR1csHpoXU
Ô|}pÁ#¢ç®,\m:(·¸ª# ëHH¡aÃÒ¸ß_~ª7 ž(5EgÈÏOQY[»r U;e

View file

@ -9,8 +9,7 @@ let
systems = [ forgejo grafana ];
in
{
"forgejo-runner-token.age".publicKeys = [ tbarnouin forgejo ];
"../services/forgejo-runner/secrets/forgejo-runner-token.age".publicKeys = [ tbarnouin forgejo ];
"initialPassword.age".publicKeys = users ++ systems;
"../services/grafana/secrets/grafana-db.age".publicKeys = [ tbarnouin grafana ];
"../services/grafana/secrets/kuma-token.age".publicKeys = [ tbarnouin grafana ];
}

View file

@ -28,6 +28,7 @@
options = "--delete-older-than 7d";
};
age.secrets.initialPassword.file = ./secrets/initialPassword.age;
security.sudo.wheelNeedsPassword = false;
users = {
users.tbarnouin = {
@ -38,7 +39,7 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICf1B0nxNMvPWSR9pStdtx2x6Iw+JUeCCt1CKWoD8dsr"
];
initialPassword = "test";
initialPassword = config.age.initialPassword.path;
};
users.root = {
openssh.authorizedKeys.keys = [