flowy: add a user password
This commit is contained in:
@@ -20,7 +20,7 @@
|
||||
sane.programs.itgmania.enableFor.user.colin = true;
|
||||
sane.programs.sway.enableFor.user.colin = true;
|
||||
|
||||
# sops.secrets.colin-passwd.neededForUsers = true;
|
||||
sops.secrets.colin-passwd.neededForUsers = true;
|
||||
|
||||
# sane.services.rsync-net.enable = true;
|
||||
}
|
||||
|
@@ -36,6 +36,10 @@
|
||||
|
||||
# initial password is empty, in case anything goes wrong.
|
||||
# if `colin-passwd` (a password hash) is successfully found/decrypted, that becomes the password at boot.
|
||||
# N.B.: the linux password, here, is used for screen lockers;
|
||||
# the login password is dictated by gocryptfs credentials;
|
||||
# both are necessary for a well-functioning system.
|
||||
# (in the future, pam-mount *could* be used to unify those passwords)
|
||||
initialPassword = lib.mkDefault "";
|
||||
hashedPasswordFile = lib.mkIf (config.sops.secrets ? "colin-passwd") config.sops.secrets.colin-passwd.path;
|
||||
|
||||
|
2
secrets/flowy/README.md
Normal file
2
secrets/flowy/README.md
Normal file
@@ -0,0 +1,2 @@
|
||||
- colin-passwd.bin:
|
||||
- generate with `mkpasswd -m sha512crypt`, or `mkpasswd --rounds=2000000 --method=sha512crypt`
|
27
secrets/flowy/colin-passwd.bin
Normal file
27
secrets/flowy/colin-passwd.bin
Normal file
@@ -0,0 +1,27 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:fBOYowPRuwsnF6m6qdYW4bpnI85qmp6y1l8VFJCr0LYHQSzQQxAjNklvX6AJEBIfEmqObUFT7J19L0JMs6PfWzDdwP16aJdetytMIgRQx27Sd74aKYj4WuTqHHtzPzSQvcwHv65IUOvd+9aYLS42xgmUZWU55v9Msd4=,iv:3gHGtx8DZIT07gUV95UWerKnUnOW2n+oLvvp+poy4QI=,tag:kSvCCDMuE4Yv3jPqZ3YoGA==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqQThkQkJoRy8rQlZHUUFE\nMzRhZjI3aUVuczYzT1l3OG9CNE85blJMSG40Ckdxc0c1OGs5dkJVUzRFeEVibXdu\nbXdyT1A3MXRUeDQ5QkJ4VmwzZ2lOODAKLS0tIGZpUjZhamczQWxOSnBRSC9XYTN6\nRWNqM0pUN0d3MXBlQ3V0U0h4S0dHSzAK3HSX9vIx1sQ3TqHopKzd6IIKX5HDmNJh\nlatXqFoXrS2sn7YXuhtQcyXEBi7RMlw+aUySanohrUE6M0iCpCeYNQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1nw3z25gn6l8gxneqw43tp8d2354c83d9sn3r0dqy5tapakdwhyvse0j2cc",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3b1hpeDk0V1pKYWtEMUlR\nSEZOVU56eWVCWWZkYmNnYUZROEQ2eHZkTGo0CnZRMTFyWnZ1azg4ck1mczZvb08r\nejVkV0VVaGlsVEE0VS81a3RUdFdvZW8KLS0tIHpBQW42SWNtTzlqaEJpejZYc0o3\na1RRU1BVVmxJR1RyR285OFpXSlVEb2MKFAzhUc7cm9M6/+3+t50MwRMfViqhRYcC\ns7F8Z08AnLfTlKtLYEYUNf+rFQcMwIRH9iNgiOWwQd7JWjFyCW6bcg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBibXZEdDVJMXl4b0NvWEZ1\nTGU3dnlidm5Fb1hnU0NDQ3BrVU03MUxhQndjCnhIamFVdnVNVGhmTlFjYXlSSnNW\nRVgzRXIwMnpSUFEwdEt6eWJqdjJZbncKLS0tIDZ1TkJqU1JqTWVRbGphMnZRM1du\nQ1p0MzJjcnNST1ZTc2gydHpFTGFtblEK2Qt748R94CVIedp3kwbm9TlJlyh0F8f1\noKxAyfhtRQh/iA3SQ6nHlatPDMt4arRtGV6SiDdkcq3pH/4+xg31mQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1azm6carlm6tdjup37u5dr40585vjujajev70u4glwd9sv7swa99sk6mswx",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUXVjaVd2RnJVSmdmaUEx\nYmgxdFdiWTlPMXFvODRGdUdNY3hNZGhJYkZrCkZOQUMrUERDcWJZa3ZuZ2R3M2Jw\ncFFONEdXWGt5T3JHeVlyaFVHbkJGK00KLS0tIGdNdm14SmhVQy9LQWZ3c2dKd2Ri\neWRqN1oyVVJlL01JOXNJQ1p5N0dRc2sK77CJaC8Utp9QTa2KTyOWFCSpcrIFbQzO\nXwr3rCrnVwlK7+dTTul4Xz0AahS/Wi9UFGHT9kztAzKC5vgguLD7vQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-06-02T15:41:00Z",
|
||||
"mac": "ENC[AES256_GCM,data:vLKwPPEOwXmwgseY1s4TfdsP87CtIiE3kHx5c+xMQsqZqpPi9Eas1wqyw4sQeMM5PQ9DCvxJFi8VpyYZOF0ySxSs4Xf0ifGubTKTKeYdVKUsQyJp26XUV+rrpU7jxItMKMDZ5HB69swviUPLs8EuRff0C1JAw04+dKRX5uKXBN4=,iv:dDuDK54AMrQf1k7kVDNT8NXLTkdIPFd83eXM5DW5wF0=,tag:q/tIvs/xNyhPe949yr0zsA==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.2"
|
||||
}
|
||||
}
|
Reference in New Issue
Block a user