2configs/secrets/user-passwords.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14

{ config, ... }:
{
  sops.defaultSopsFile = ../../secrets/common.yaml;
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

  sops.secrets = {
    "passwd/makefu".neededForUsers = true;
    "passwd/root".neededForUsers = true;
  };
  users.users = {
    makefu.passwordFile = config.sops.secrets."passwd/makefu".path;
    root.passwordFile = config.sops.secrets."passwd/root".path;
  };
}