feat(nix): add sops for secrets

2025-10-29 22:36:06 -07:00 · 2025-10-29 22:36:06 -07:00 · d04ba5d01a
commit d04ba5d01a
parent 89232a7cd1
5 changed files with 75 additions and 3 deletions
--- a/users/stitchynyan/default.nix
+++ b/users/stitchynyan/default.nix
@ -54,11 +54,16 @@
    xserver.enable = true;
  };

+  sops.secrets."password-hash/stitchynyan" = {
+    neededForUsers = true;
+    sopsFile = ../../secrets/stitchynyan/secrets.yaml;
+  };
+
  users.users.stitchynyan = {
    description = "Personal user";
    extraGroups = [ "audio" "dialout" "docker" "kvm" "libvirtd" "networkmanager" "plugdev" "wireshark" "wheel" ];
    home = "/home/stitchynyan";
-    initialHashedPassword = "$y$j9T$rvySCWHYE4AO4A9J0Vf20.$x5hpBNsOWovQFtNfFUIt17OAH5MJFwFBGjxbaEIagJ3";
+    hashedPasswordFile = config.sops.secrets."password-hash/stitchynyan".path;
    isNormalUser = true;
    shell = pkgs.zsh;
  };