toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor user authentication to use hashed passwords across all configurations

Browse source
This commit is contained in:
Chris Toph 2025-04-23 19:10:08 -04:00
parent ad2b8951e6
commit 801551afc3
11 changed files with 12 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hosts/nixos/cloud/default.nix
View file

@ -41,7 +41,7 @@ in
hostSpec = {
hostName = "cloud";
username = username;
password = user.password;
hashedPassword = user.hashedPassword;
email = user.email;
handle = user.handle;
userFullName = user.fullName;

2
hosts/nixos/komodo/default.nix
View file

@ -42,7 +42,7 @@ in
hostSpec = {
hostName = "komodo";
username = username;
password = user.password;
hashedPassword = user.hashedPassword;
email = user.email;
handle = user.handle;
userFullName = user.fullName;

2
hosts/nixos/lxc/default.nix
View file

@ -36,7 +36,7 @@ in
hostSpec = {
hostName = "lxc";
username = username;
password = user.password;
hashedPassword = user.hashedPassword;
email = user.email;
handle = user.handle;
userFullName = user.fullName;

2
hosts/nixos/nix/default.nix
View file

@ -38,7 +38,7 @@ in
hostSpec = {
hostName = "nix";
username = username;
password = user.password;
hashedPassword = user.hashedPassword;
email = user.email;
handle = user.handle;
userFullName = user.fullName;

2
hosts/nixos/proxy/default.nix
View file

@ -41,7 +41,7 @@ in
hostSpec = {
hostName = "proxy";
username = username;
password = user.password;
hashedPassword = user.hashedPassword;
email = user.email;
handle = user.handle;
userFullName = user.fullName;

2
hosts/nixos/rune/default.nix
View file

@ -54,7 +54,7 @@ in
hostSpec = {
hostName = "rune";
username = username;
password = user.password;
hashedPassword = user.hashedPassword;
email = user.email;
handle = user.handle;
userFullName = user.fullName;

2
hosts/nixos/vm/default.nix
View file

@ -46,7 +46,7 @@ in
hostSpec = {
hostName = "vm";
username = username;
password = user.password;
hashedPassword = user.hashedPassword;
email = user.email;
handle = user.handle;
userFullName = user.fullName;

4
hosts/users/default.nix
View file

@ -25,7 +25,7 @@ in
createHome = true;
description = "Admin";
homeMode = "750";
password = hostSpec.password;
hashedPassword = hostSpec.hashedPassword;
uid = 1000;
group = "ryot";
extraGroups = lib.flatten [
@ -51,7 +51,7 @@ in
# root's ssh key are mainly used for remote deployment, borg, and some other specific ops
users.users.root = {
shell = pkgs.bash;
password = lib.mkForce hostSpec.password;
hashedPassword = lib.mkForce hostSpec.hashedPassword;
openssh.authorizedKeys.keys = config.users.users.${hostSpec.username}.openssh.authorizedKeys.keys; # root's ssh keys are mainly used for remote deployment.
};
}

2
hosts/users/minimal/default.nix
View file

@ -14,7 +14,7 @@ in
# Set a temp password for use by minimal builds like installer and iso
users.users.${hostSpec.username} = {
isNormalUser = true;
password = hostSpec.password;
hashedPassword = hostSpec.hashedPassword;
group = "ryot";
extraGroups = [
"wheel"

2
modules/common/host-spec.nix
View file

@ -17,7 +17,7 @@
description = "The username for the host's user";
};
password = lib.mkOption {
hashedPassword = lib.mkOption {
type = lib.types.str;
description = "Hashed password for the host's user";
};

2
modules/common/secret-spec.nix
View file

@ -68,7 +68,7 @@ in
type = lib.types.attrsOf (
lib.types.submodule {
options = {
password = lib.mkOption {
hashedPassword = lib.mkOption {
type = lib.types.str;
description = "Hashed password for the user"; # nix-shell -p whois --run 'mkpasswd --method=sha-512 --rounds=656000'
};