From 766aa146df9b7a554f5175a9c089f8e0016754a8 Mon Sep 17 00:00:00 2001
From: Katherina Walshe-Grey <git@qenya.tel>
Date: Thu, 29 Aug 2024 18:27:43 +0100
Subject: [PATCH] users: change to immutable users

---
 common/users/default.nix              |   4 +++-
 hosts/tohru/configuration.nix         |   2 ++
 secrets.nix                           |   1 +
 secrets/user-password-tohru-qenya.age | Bin 0 -> 396 bytes
 4 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 secrets/user-password-tohru-qenya.age

diff --git a/common/users/default.nix b/common/users/default.nix
index 620c824..9e58dba 100644
--- a/common/users/default.nix
+++ b/common/users/default.nix
@@ -4,4 +4,6 @@
     ./randomcat.nix
     ./richard.nix
   ];
-}
\ No newline at end of file
+
+  users.mutableUsers = false;
+}
diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix
index ff3a1a5..f248b63 100644
--- a/hosts/tohru/configuration.nix
+++ b/hosts/tohru/configuration.nix
@@ -43,6 +43,8 @@
   sound.enable = true;
   hardware.pulseaudio.enable = true;
 
+  age.secrets.user-password-tohru-qenya.file = ../../secrets/user-password-tohru-qenya.age;
+  users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-tohru-qenya.path;
   users.users.qenya.extraGroups = [
     "wheel" # sudo
     "networkmanager" # UI wifi configuration
diff --git a/secrets.nix b/secrets.nix
index e6dd703..1eadd47 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -4,6 +4,7 @@ let
   commonKeys = keys.users.qenya;
 
   secrets = with keys; {
+    user-password-tohru-qenya = [ machines.tohru ];
     wireguard-peer-orm = [ machines.orm ];
     wireguard-peer-tohru = [ machines.tohru ];
     wireguard-peer-yevaud = [ machines.yevaud ];
diff --git a/secrets/user-password-tohru-qenya.age b/secrets/user-password-tohru-qenya.age
new file mode 100644
index 0000000000000000000000000000000000000000..7075ed4f5de7f1dac436ddd5aaf22f9e8f5cc756
GIT binary patch
literal 396
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTyjH(LHNms}-vNTOh
zvkVFMFZZ%c%n!<T%_=hUF-b`^bkfeLNOB7*u`CU(3itC1%IC@sN=wR(%1$))OU)>&
zs0xWN(+=>-vGj5`^vgCbv-B|abu4uE_Rvn&cSX0&(!jver(D6O$Rf(EtRTrV-^tq~
z!_=$NxzwW4JUk`Ku(HswC?%^T-QUx>Dmhi#*q1A@INa4QJtI}yG`rX*%qT59BuhWn
zJ*gl$$k5e4McXahGbAWHsW>>$CzMN9S6891Ft^Odr^Le~ILIhHHL5JFz|b+$$i+Q4
zF~Td-BrQ8UAhOUiAjiqHESan21=r^*vnMi`7U>v!GQ9tGphPZB>~{Q?aF=;O(-zwv
zdSx#Ed8K#;x00H~H>acF#y8hI+}-&1-8I4cf*-%LI7~M={yS0h75Dy_YS#I>8{W4^
f{LZahzvaWt?l&%lf%2k<a!MkTbJf@`%~t{dUe=J;

literal 0
HcmV?d00001