From 0468cf2621e8ef812f774bbf2eed396b4c0d4602 Mon Sep 17 00:00:00 2001
From: andromeda <andromeda@lenovo>
Date: Tue, 30 Dec 2025 17:45:01 +0100
Subject: use agenix

---
 secrets/secrets.nix | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 secrets/secrets.nix

(limited to 'secrets/secrets.nix')

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..43b72b3
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,7 @@
+let
+  andromeda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo";
+  lenovo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHG4eqsLTq2os2mxfwhys3BpVnowcJrqt2CbRFzN2pJb root@lenovo";
+in {
+  "secret0.age".publicKeys = [andromeda lenovo];
+  "secret1.age".publicKeys = [andromeda lenovo];
+}
-- 
cgit v1.3


From 9e402fdfa3f967e6b7497507f6d8eefbad6a71a9 Mon Sep 17 00:00:00 2001
From: andromeda <andromeda@lenovo>
Date: Tue, 30 Dec 2025 19:45:43 +0100
Subject: add server user password

---
 machines/173-249-5-230/configuration.nix | 4 ++--
 secrets/secret2.age                      | 7 +++++++
 secrets/secrets.nix                      | 1 +
 3 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 secrets/secret2.age

(limited to 'secrets/secrets.nix')

diff --git a/machines/173-249-5-230/configuration.nix b/machines/173-249-5-230/configuration.nix
index 853a5db..570d428 100644
--- a/machines/173-249-5-230/configuration.nix
+++ b/machines/173-249-5-230/configuration.nix
@@ -3,7 +3,7 @@
   machine,
   ...
 }: {
-  age.secrets.secret1.file = ../../secrets/secret1.age;
+  age.secrets.secret2.file = ../../secrets/secret2.age;
   boot.tmp.cleanOnBoot = true;
   boot.loader.grub.devices = ["nodev"];
   environment.persistence."/nix/persist" = {
@@ -71,7 +71,7 @@
   users.users."mtgmonkey" = {
     isNormalUser = true;
     description = "mtgmonkey";
-    passwordFile = builtins.toString config.age.secrets.secret1.path;
+    hashedPasswordFile = builtins.toString config.age.secrets.secret2.path;
     extraGroups = ["wheel"];
     openssh.authorizedKeys.keys = machine.pub-keys.ssh;
   };
diff --git a/secrets/secret2.age b/secrets/secret2.age
new file mode 100644
index 0000000..de8612d
--- /dev/null
+++ b/secrets/secret2.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 mT2fyg DSrFJv1cg7XUWGT8H60d+IdbQJKIGVc0FznYD3ScHxY
+x75LtCRBWRH+Y541dDKE2vLk9kOZNxbFI68cDvaeJ4c
+-> ssh-ed25519 UHxfvA 2jLPahOP6AKIn66RM4vUWAl4eUhNgZblKB2z/Wa6ghw
+IPFBVfk+c1lO43jc58TmdUM9+pOBad8M7v5lxpNJLOE
+--- Bv3SJdghwzga9GD5Fz1/62gelkFqjjgRxoiv4S7x1Nc
+[œÅ½D´ö„ç€ÆYb²Æ‡ûŒÊ™î‚žôi¼K_”7‰×Þzqh˜ûé,Oý½cw§Ÿç(­õÏ2^\[À0ÿ-Až8™ º©=n'°Zæ£½•®ÿRªNì1JZoý²lõ…Þ
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 43b72b3..5b14f22 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -4,4 +4,5 @@ let
 in {
   "secret0.age".publicKeys = [andromeda lenovo];
   "secret1.age".publicKeys = [andromeda lenovo];
+  "secret2.age".publicKeys = [andromeda lenovo];
 }
-- 
cgit v1.3