From 801551afc30cf99144459fe56bbeebeda0688bb7 Mon Sep 17 00:00:00 2001 From: Chris Toph Date: Wed, 23 Apr 2025 19:10:08 -0400 Subject: [PATCH] Refactor user authentication to use hashed passwords across all configurations --- hosts/nixos/cloud/default.nix | 2 +- hosts/nixos/komodo/default.nix | 2 +- hosts/nixos/lxc/default.nix | 2 +- hosts/nixos/nix/default.nix | 2 +- hosts/nixos/proxy/default.nix | 2 +- hosts/nixos/rune/default.nix | 2 +- hosts/nixos/vm/default.nix | 2 +- hosts/users/default.nix | 4 ++-- hosts/users/minimal/default.nix | 2 +- modules/common/host-spec.nix | 2 +- modules/common/secret-spec.nix | 2 +- 11 files changed, 12 insertions(+), 12 deletions(-) diff --git a/hosts/nixos/cloud/default.nix b/hosts/nixos/cloud/default.nix index d15dff5..a8bc76f 100644 --- a/hosts/nixos/cloud/default.nix +++ b/hosts/nixos/cloud/default.nix @@ -41,7 +41,7 @@ in hostSpec = { hostName = "cloud"; username = username; - password = user.password; + hashedPassword = user.hashedPassword; email = user.email; handle = user.handle; userFullName = user.fullName; diff --git a/hosts/nixos/komodo/default.nix b/hosts/nixos/komodo/default.nix index a407a85..681c9fe 100644 --- a/hosts/nixos/komodo/default.nix +++ b/hosts/nixos/komodo/default.nix @@ -42,7 +42,7 @@ in hostSpec = { hostName = "komodo"; username = username; - password = user.password; + hashedPassword = user.hashedPassword; email = user.email; handle = user.handle; userFullName = user.fullName; diff --git a/hosts/nixos/lxc/default.nix b/hosts/nixos/lxc/default.nix index b7dadd2..671011f 100644 --- a/hosts/nixos/lxc/default.nix +++ b/hosts/nixos/lxc/default.nix @@ -36,7 +36,7 @@ in hostSpec = { hostName = "lxc"; username = username; - password = user.password; + hashedPassword = user.hashedPassword; email = user.email; handle = user.handle; userFullName = user.fullName; diff --git a/hosts/nixos/nix/default.nix b/hosts/nixos/nix/default.nix index 430aa67..984d2bf 100644 --- a/hosts/nixos/nix/default.nix +++ b/hosts/nixos/nix/default.nix @@ -38,7 +38,7 @@ in hostSpec = { hostName = "nix"; username = username; - password = user.password; + hashedPassword = user.hashedPassword; email = user.email; handle = user.handle; userFullName = user.fullName; diff --git a/hosts/nixos/proxy/default.nix b/hosts/nixos/proxy/default.nix index 28b0354..42e831a 100644 --- a/hosts/nixos/proxy/default.nix +++ b/hosts/nixos/proxy/default.nix @@ -41,7 +41,7 @@ in hostSpec = { hostName = "proxy"; username = username; - password = user.password; + hashedPassword = user.hashedPassword; email = user.email; handle = user.handle; userFullName = user.fullName; diff --git a/hosts/nixos/rune/default.nix b/hosts/nixos/rune/default.nix index cc00496..2026afb 100644 --- a/hosts/nixos/rune/default.nix +++ b/hosts/nixos/rune/default.nix @@ -54,7 +54,7 @@ in hostSpec = { hostName = "rune"; username = username; - password = user.password; + hashedPassword = user.hashedPassword; email = user.email; handle = user.handle; userFullName = user.fullName; diff --git a/hosts/nixos/vm/default.nix b/hosts/nixos/vm/default.nix index 524cc47..e2dcd0f 100644 --- a/hosts/nixos/vm/default.nix +++ b/hosts/nixos/vm/default.nix @@ -46,7 +46,7 @@ in hostSpec = { hostName = "vm"; username = username; - password = user.password; + hashedPassword = user.hashedPassword; email = user.email; handle = user.handle; userFullName = user.fullName; diff --git a/hosts/users/default.nix b/hosts/users/default.nix index c3ec31d..4b7cd8f 100644 --- a/hosts/users/default.nix +++ b/hosts/users/default.nix @@ -25,7 +25,7 @@ in createHome = true; description = "Admin"; homeMode = "750"; - password = hostSpec.password; + hashedPassword = hostSpec.hashedPassword; uid = 1000; group = "ryot"; extraGroups = lib.flatten [ @@ -51,7 +51,7 @@ in # root's ssh key are mainly used for remote deployment, borg, and some other specific ops users.users.root = { shell = pkgs.bash; - password = lib.mkForce hostSpec.password; + hashedPassword = lib.mkForce hostSpec.hashedPassword; openssh.authorizedKeys.keys = config.users.users.${hostSpec.username}.openssh.authorizedKeys.keys; # root's ssh keys are mainly used for remote deployment. }; } diff --git a/hosts/users/minimal/default.nix b/hosts/users/minimal/default.nix index d2b71df..ee6b010 100644 --- a/hosts/users/minimal/default.nix +++ b/hosts/users/minimal/default.nix @@ -14,7 +14,7 @@ in # Set a temp password for use by minimal builds like installer and iso users.users.${hostSpec.username} = { isNormalUser = true; - password = hostSpec.password; + hashedPassword = hostSpec.hashedPassword; group = "ryot"; extraGroups = [ "wheel" diff --git a/modules/common/host-spec.nix b/modules/common/host-spec.nix index 2fdacb2..48f9c6b 100644 --- a/modules/common/host-spec.nix +++ b/modules/common/host-spec.nix @@ -17,7 +17,7 @@ description = "The username for the host's user"; }; - password = lib.mkOption { + hashedPassword = lib.mkOption { type = lib.types.str; description = "Hashed password for the host's user"; }; diff --git a/modules/common/secret-spec.nix b/modules/common/secret-spec.nix index 63a5d02..02dca79 100644 --- a/modules/common/secret-spec.nix +++ b/modules/common/secret-spec.nix @@ -68,7 +68,7 @@ in type = lib.types.attrsOf ( lib.types.submodule { options = { - password = lib.mkOption { + hashedPassword = lib.mkOption { type = lib.types.str; description = "Hashed password for the user"; # nix-shell -p whois --run 'mkpasswd --method=sha-512 --rounds=656000' };