Common: set toast password

2025-12-19 12:14:24 +01:00 · 2025-12-19 12:14:24 +01:00 · 6365f7b4f3
commit 6365f7b4f3
parent 27babd819c
2 changed files with 9 additions and 4 deletions
--- a/flake.lock
+++ b/flake.lock
@ -524,11 +524,11 @@
    "secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1765212399,
-        "narHash": "sha256-QEjuaK17HddWr0ZBRhsg3nt4QhSxQZ1i9YO2ctV045c=",
+        "lastModified": 1766142512,
+        "narHash": "sha256-h/vlxWqgEGbnrTWAFW+TCTJSQ1mAlkWyMM3HyHeqpF4=",
        "ref": "refs/heads/main",
-        "rev": "43c8697580bb389aea565459802c3b9827aa2d3d",
-        "revCount": 38,
+        "rev": "b87ab22fedeb4187669f1e546f18fb7d781721ba",
+        "revCount": 40,
        "type": "git",
        "url": "ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets"
      },
--- a/roles/common/configuration.nix
+++ b/roles/common/configuration.nix
@ -94,6 +94,7 @@
    isNormalUser = true;
    description = "Toast";
    extraGroups = ["wheel"];
+    hashedPasswordFile = config.sops.secrets.toast.path;
  };

  # Set up time zone.
@ -162,6 +163,10 @@
  sops = {
    age.sshKeyPaths = ["/persist/id_host"];
    defaultSopsFile = "${flakeSelf.inputs.secrets}/${config.networking.hostName}.yaml";
+    secrets.toast = {
+      sopsFile = "${flakeSelf.inputs.secrets}/passwd.yaml";
+      neededForUsers = true;
+    };
  };

  catppuccin.grub.enable = true;