ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Disable mutable-users, fix passwords globally (#71)

Browse Source 
* updated passwd

* Disable mutable-users

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix password config

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* change secrets

---------

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
Co-authored-by: Richie Cahill <richie@tmmworkshop.com>
Co-authored-by: Dennis Wuitz <dennish@wuitz.de>
This commit is contained in:
Alice Huston 2024-02-03 17:24:45 -05:00 committed by GitHub
parent 66fb506e26
commit 4e6bdd2ff5
5 changed files with 97 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
flake.lock generated
View File

@ -152,18 +152,10 @@
"inputs": { "inputs": {
"blobs": "blobs", "blobs": "blobs",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"nixpkgs": [ "nixpkgs": "nixpkgs",
"nixpkgs" "nixpkgs-23_05": "nixpkgs-23_05",
], "nixpkgs-23_11": "nixpkgs-23_11",
"nixpkgs-23_05": [ "utils": "utils"
"nixpkgs"
],
"nixpkgs-23_11": [
"nixpkgs"
],
"utils": [
"flake-utils"
]
}, },
"locked": { "locked": {
"lastModified": 1706219574, "lastModified": 1706219574,
@ -273,16 +265,45 @@
"locked": { "locked": {
"lastModified": 1706732774, "lastModified": 1706732774,
"narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=", "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d", "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "id": "nixpkgs",
"ref": "nixos-unstable", "ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs-23_05": {
"locked": {
"lastModified": 1704290814,
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
"owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
"type": "github" "type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"type": "indirect"
}
},
"nixpkgs-23_11": {
"locked": {
"lastModified": 1706826059,
"narHash": "sha256-N69Oab+cbt3flLvYv8fYnEHlBsWwdKciNZHUbynVEOA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "25e3d4c0d3591c99929b1ec07883177f6ea70c9d",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.11",
"type": "indirect"
} }
}, },
"nixpkgs-fmt": { "nixpkgs-fmt": {
@ -327,6 +348,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1706732774,
"narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"c3d2-user-module": "c3d2-user-module", "c3d2-user-module": "c3d2-user-module",
@ -338,10 +375,10 @@
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nix-pre-commit": "nix-pre-commit", "nix-pre-commit": "nix-pre-commit",
"nixos-modules": "nixos-modules", "nixos-modules": "nixos-modules",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"nixpkgs-fmt": "nixpkgs-fmt", "nixpkgs-fmt": "nixpkgs-fmt",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"systems": "systems" "systems": "systems_2"
} }
}, },
"rust-analyzer-src": { "rust-analyzer-src": {
@ -398,6 +435,39 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

11
flake.nix
View File

@ -11,6 +11,7 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
systems.url = "github:nix-systems/default"; systems.url = "github:nix-systems/default";
mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
nix-index-database = { nix-index-database = {
url = "github:Mic92/nix-index-database"; url = "github:Mic92/nix-index-database";
@ -49,16 +50,6 @@
}; };
}; };
mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs = {
nixpkgs.follows = "nixpkgs";
nixpkgs-23_05.follows = "nixpkgs";
nixpkgs-23_11.follows = "nixpkgs";
utils.follows = "flake-utils";
};
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";

5
systems/configuration.nix
View File

@ -14,7 +14,10 @@
useUserPackages = true; useUserPackages = true;
}; };
users.defaultUserShell = pkgs.zsh; users = {
defaultUserShell = pkgs.zsh;
mutableUsers = false;
};
networking = { networking = {
firewall = { firewall = {

6
users/alice/secrets.yaml
View File

@ -1,5 +1,5 @@
alice: alice:
user-password: ENC[AES256_GCM,data:Mc4I/M0r8hA4w2JmVwAYUjc0V3F81YwljHjGrIsLDu8qpg8agRFSmmfwhv3dUDTpy12iaA8L9aFUqHjv+DANdTDu7UaHB9hyczqc927VrgdC2sgN8p3SYU9NxkmX4HxHS4FV1sQgtj8AntTbbI3qu7Yjn2TDXQ==,iv:/wIcTFCayBZWiPno4BwEo1o8rqM6FO0J+xUn8SmI6uQ=,tag:g6Ge+4YEcf1U7suewnOCDA==,type:str] user-password: ENC[AES256_GCM,data:ew2R77T02LYby9fclYYqYXQBgDtKf7miFYMeS70/hj30fFw580qRCPeVicILB5UTnZCIoPf24ZCr2DGJ3UBrk8cvYQ285i0FWD/OfLAqZ/Tosi36MJKv6Nob/Z/vAltHIVqBJA5UiAU58UohbBos1lfZMWGFsg==,iv:mpIf9n4MgbbjD2jFkVGAL/lGNh5VW81FIzvmb1x/H1I=,tag:MVZRrHxxyDwu2mbRQMz9VA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -33,8 +33,8 @@ sops:
THdwZG9QQ01mamYrclhHT2dQUXhIWTQK9fxQV7RDYij2aCdfgCufUToWgoais1KI THdwZG9QQ01mamYrclhHT2dQUXhIWTQK9fxQV7RDYij2aCdfgCufUToWgoais1KI
UQ7bPV0ZPhaBX4h2Q7kUk7FJwK5aGAsoBxf4KW4V78tSbz+XIyd3JQ== UQ7bPV0ZPhaBX4h2Q7kUk7FJwK5aGAsoBxf4KW4V78tSbz+XIyd3JQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-01T04:49:18Z" lastmodified: "2024-02-03T22:20:54Z"
mac: ENC[AES256_GCM,data:4TarduVMtlQWCcCY73i6xuZOAUZAVHuGVxy+Mpl5IPo+BPMTUYjMed4x/EbYSV/+j/NEvA3A5c9+MTHjDvO9ywCYjulgosSim5aNHacOpQ7rwwa7fLFyztmL2SG3ZSBdjH2H/5VXkPfpKpOmp6X/yRHxnEKa0WAJg9FKOht/P2E=,iv:iqFwMB6hid7hEq7HZ7jCYCAXoZjDypC6Qg7qqcJxfAc=,tag:A7AoIPm8IsjPgOOl4Burxg==,type:str] mac: ENC[AES256_GCM,data:X+j5RMl1RUlciT1fdLYGCzkD2AZmprmAsLhaC9Fy3zoeWlGJcC/m5g7kftPOUkha83NgOkWuaa4tjIMegQwK8snmY8R8Q6XNVuS6maYnynzFwzhGON7L33j7465onXsNqfQfa+I8AEaz69CynfbTq4L7WOLO6s8pvh1LDLi4ZvE=,iv:8uTaRrYxg6mVNIPm0Pg7S13nG2VOg/4IjVbbeilQOAg=,tag:lCrBGVRt3uYY5/fHDG2xVQ==,type:str]
pgp: pgp:
- created_at: "2023-12-29T19:22:00Z" - created_at: "2023-12-29T19:22:00Z"
enc: |- enc: |-

6
users/richie/secrets.yaml
View File

@ -1,5 +1,5 @@
richie: richie:
user-password: ENC[AES256_GCM,data:gcQaaFXQJSXgYR6L,iv:rO7hXTuiCDt4UWnnYfQrhSBMrhU359tyCjSGFde60BA=,tag:yfbD+BItaMkZQ4balezzLA==,type:str] user-password: ENC[AES256_GCM,data:l1WF7bwzEDKoDh3lv60H2A35ndPmTSsBQeso8YksZO4UstOjtSKFF5IZJYlE6Amonl9ZFUsQFtgVN+Rg2Yh/rmlI1TBL7CZDadlYIueQh8Si1Xr6qJJMBxqT/dV7G9tH24auUVdWc7tfoEYh6qZ+n9JR47H73A==,iv:d/Xe6qxaNSWo//gPES4h1XqWPGjALQ2316LPPZZyM68=,tag:2lJEc7UrpdmeAVfNXxy7Kw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -33,8 +33,8 @@ sops:
Q0U1OUtUM1N4MGQyZnAwd1l5alVOSUUK9xe9xmC4zFpy7sukTzdHsQQjc3eFphXD Q0U1OUtUM1N4MGQyZnAwd1l5alVOSUUK9xe9xmC4zFpy7sukTzdHsQQjc3eFphXD
2zx2PkAvHh5lN8k+ZRd9UvZG4olrIe9KwXfmIb+6i02HgVIhA94SWw== 2zx2PkAvHh5lN8k+ZRd9UvZG4olrIe9KwXfmIb+6i02HgVIhA94SWw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-29T19:13:11Z" lastmodified: "2024-02-03T22:08:10Z"
mac: ENC[AES256_GCM,data:47aPXQ6n7AvYuYpvhk7jWjeqQnjXsSShrcboiwLja5p+VIJsOUWYtNonq45Owtlo30eQE46wJK4IJLEl8AAdotYLrpqAb0d+ox4tZq/HgVRAqG7j7aLw846KpogTUeRHH577ieoWo82+70DT1+HIyO+qB44ZYuJ7TY3BUt0MX7Q=,iv:OxDzGBEr2xBiOvPl7iUK0mwsaqHrZ/pQVLdrdTSm9tM=,tag:/2vQLyL/WmR02kWO3GHGNA==,type:str] mac: ENC[AES256_GCM,data:KUhn+0srLHqmHVPYuJV8L5CClgSABxvknaZ7DZQU8goQ9CpM6LIdys+VdsbOYPAcO/lVSzgtjX3/umuDDsJbAEwTXoJZWITCVNYXJDNvYSDke5ZSrl/xq9UugJHyvzX9HOnKXkLsxNU+VrA9EBUfrTWoYnaz+NPes9com1efvqY=,iv:GV5eIFNJuQPJliSOOb2ebkjX99WHbOtSjl1kHrAnTyc=,tag:iuFqrBbQk4ruk733pxDgoA==,type:str]
pgp: pgp:
- created_at: "2023-12-29T19:12:08Z" - created_at: "2023-12-29T19:12:08Z"
enc: |- enc: |-