this approach lets me persist the password. persisting /etc/shadow directly wasn't so feasible. populating /etc/shadow at activation time is something nix already does and is easy to plug into. so we store the passwd hash in this repo, but encrypt it to the destination machine's ssh pubkey to add enough entropy that it's not brute-forceable through the public git repo. |
||
---|---|---|
.. | ||
gui | ||
hardware | ||
services | ||
universal | ||
default.nix | ||
image.nix | ||
impermanence.nix | ||
nixcache.nix |