christoph/flake-nixinator
1
Fork 0
Code Activity

System: Apply user password from sops

Browse Source
This commit is contained in:
Christoph Urlacher
2025-07-09 18:41:39 +02:00
parent 4d9628a6ea
commit d94e646c5e
1 changed files with 10 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
system/default.nix
View File

@ -96,6 +96,10 @@ with mylib.networking; {
sops-nix.secrets.${username} = [ sops-nix.secrets.${username} = [
"docker-password" "docker-password"
]; ];
sops-nix.bootSecrets.${username} = [
"user-password"
];
}; };
# Enable flakes # Enable flakes
@ -105,7 +109,7 @@ with mylib.networking; {
experimental-features = nix-command flakes experimental-features = nix-command flakes
''; '';
settings.trusted-users = ["root" "christoph"]; settings.trusted-users = ["root" "${username}"];
# Auto garbage-collect and optimize store # Auto garbage-collect and optimize store
# gc.automatic = true; # NOTE: Disabled for "nh clean" # gc.automatic = true; # NOTE: Disabled for "nh clean"
@ -144,7 +148,7 @@ with mylib.networking; {
sudo.enable = true; sudo.enable = true;
sudo.extraRules = [ sudo.extraRules = [
{ {
users = ["christoph"]; users = ["${username}"];
commands = [ commands = [
# We allow running flatpak without password # We allow running flatpak without password
# so flatpaks can be installed from the hm config # so flatpaks can be installed from the hm config
@ -199,9 +203,10 @@ with mylib.networking; {
# Configure console keymap # Configure console keymap
console.keyMap = "us-acentos"; console.keyMap = "us-acentos";
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Password is set from sops-nix secrets automatically.
users.users.christoph = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
hashedPasswordFile = config.sops.secrets.user-password.path;
description = "Christoph"; description = "Christoph";
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"
@ -224,14 +229,6 @@ with mylib.networking; {
# packages = with pkgs; []; # packages = with pkgs; [];
}; };
# Generate a list of installed system packages in /etc/current-system-packages
environment.etc."current-system-packages".text = let
packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
formatted = builtins.concatStringsSep "\n" sortedUnique;
in
formatted;
# We want these packages to be available even when no user profile is active # We want these packages to be available even when no user profile is active
# Empty since we basically only need git + editor which is enabled below # Empty since we basically only need git + editor which is enabled below
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -285,7 +282,7 @@ with mylib.networking; {
enable = true; enable = true;
clean.enable = true; clean.enable = true;
clean.extraArgs = "--keep 3"; clean.extraArgs = "--keep 3";
flake = "/home/christoph/NixFlake"; flake = "/home/${username}/NixFlake";
}; };
ssh.startAgent = true; # Use gnupg ssh.startAgent = true; # Use gnupg