From ef1ee6c1c904d9fa4af7ac36f0c4d6909d3cce2b Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Sun, 21 Jul 2024 21:18:43 +0000
Subject: [PATCH] moby: document secrets

---
 secrets/desko/README.md | 10 ++++------
 secrets/moby/README.md  |  2 ++
 2 files changed, 6 insertions(+), 6 deletions(-)
 create mode 100644 secrets/moby/README.md

diff --git a/secrets/desko/README.md b/secrets/desko/README.md
index 97cb924dd..3cfb0422c 100644
--- a/secrets/desko/README.md
+++ b/secrets/desko/README.md
@@ -1,9 +1,7 @@
 - nix_signing_key.bin:
-    - generate with `nix-store --generate-binary-cache-key desko cache-priv-key.pem cache-pub-key.pem`
-    - used when deploying packages to a remote machine
+  - generate with `nix-store --generate-binary-cache-key desko cache-priv-key.pem cache-pub-key.pem`
+  - used when deploying packages to a remote machine
 - colin-passwd.bin:
-    - see <https://search.nixos.org/options?channel=unstable&show=users.users.%3Cname%3E.hashedPasswordFile&from=0&size=50&sort=relevance&type=packages&query=users.users>
-    - update by running `sudo passwd colin` and then taking the 2nd item from the colin: line in /etc/shadow
-    - N.B.: you MUST do `sudo passwd colin` instead of just `passwd`, i guess because of immutable users or something
+  - generate with `mkpasswd -m sha512crypt`, or `mkpasswd --rounds=2000000 --method=sha512crypt`
 - guest/authorized_keys.bin
-    - who's allowed to login to the guest account
+  - who's allowed to login to the guest account
diff --git a/secrets/moby/README.md b/secrets/moby/README.md
new file mode 100644
index 000000000..3cc0d79d2
--- /dev/null
+++ b/secrets/moby/README.md
@@ -0,0 +1,2 @@
+- colin-passwd.bin:
+  - generate with `mkpasswd -m sha512crypt`, or `mkpasswd --rounds=200000 --method=sha512crypt`