use agenix

author: andromeda <andromeda@lenovo> 2025-12-30 17:45:01 +0100
committer: andromeda <andromeda@lenovo> 2025-12-30 17:45:01 +0100
commit: 0468cf2621e8ef812f774bbf2eed396b4c0d4602 (patch)
tree: b6657b5225c1dfc73a38dd29b258bccbba0467ec /machines/laptop
parent: e39747ae2e9f4032b234f1f8d9a399b240f66539 (diff)
2 files changed, 16 insertions, 3 deletions
diff --git a/machines/laptop/configuration.nix b/machines/laptop/configuration.nix
index 1b07935..58b019e 100644
--- a/machines/laptop/configuration.nix
+++ b/machines/laptop/configuration.nix
@@ -1,8 +1,13 @@
 {
+  config,
   lib,
   machine,
   ...
 }: {
+  age.secrets = {
+    secret0.file = ../../secrets/secret0.age;
+    secret1.file = ../../secrets/secret1.age;
+  };
   boot.loader = {
     efi.canTouchEfiVariables = true;
     systemd-boot.enable = true;
@@ -16,6 +21,7 @@
       "/var/lib/nixos"
       "/var/lib/systemd/coredump"
       "/etc/NetworkManager/system-connections"
+      "/etc/ssh"
     ];
     files = [
       "/etc/machine-id"
@@ -82,6 +88,7 @@
       ly.enable = true;
     };
     libinput.enable = true;
+    openssh.enable = true;
     printing.enable = true;
   };
   system.stateVersion = "26.05";
@@ -89,7 +96,7 @@
   users.users."andromeda" = {
     isNormalUser = true;
     description = "andromeda";
-    initialPassword = "password";
+    hashedPasswordFile = builtins.toString config.age.secrets.secret0.path;
     extraGroups = [
       "networkmanager"
       "wheel"
@@ -98,7 +105,7 @@
   users.users."mtgmonkey" = {
     isNormalUser = true;
     description = "mtgmonkey";
-    initialPassword = "password";
+    hashedPasswordFile = builtins.toString config.age.secrets.secret1.path;
     extraGroups = [
       "networkmanager"
       "wheel"
diff --git a/machines/laptop/hardware-configuration.nix b/machines/laptop/hardware-configuration.nix
index bde1c83..8ebef80 100644
--- a/machines/laptop/hardware-configuration.nix
+++ b/machines/laptop/hardware-configuration.nix
@@ -21,7 +21,7 @@
     #device = "none";
     #fsType = "tmpfs";
     #options = ["defaults" "size=60%" "mode=755"];
-    device = "/dev/disk/by-uuid/16c93673-4f0e-4010-a7f4-7ccffb20edb7";
+    device = "/dev/disk/by-uuid/5455cfb4-0efd-4f55-b496-d2cab3f419b7";
     fsType = "btrfs";
     options = ["subvol=root"];
   };
@@ -48,6 +48,12 @@
     done
 
     btrfs subvolume create /btrfs_tmp/root
+    mkdir /btrfs_tmp/root/nix
+    mkdir /btrfs_tmp/root/etc
+    mount ${config.fileSystems."/nix".device} /btrfs_tmp/root/nix
+    cp /btrfs_tmp/root/nix/persist/etc/ssh /btrfs_tmp/root/etc/ssh -r
+    umount /btrfs_tmp/root/nix
+    rm -r /btrfs_tmp/root/nix
     umount /btrfs_tmp
   '';
author	andromeda <andromeda@lenovo>	2025-12-30 17:45:01 +0100
committer	andromeda <andromeda@lenovo>	2025-12-30 17:45:01 +0100
commit	0468cf2621e8ef812f774bbf2eed396b4c0d4602 (patch)
tree	b6657b5225c1dfc73a38dd29b258bccbba0467ec /machines/laptop
parent	e39747ae2e9f4032b234f1f8d9a399b240f66539 (diff)