ctucx.git: nixfiles

ctucx' nixfiles

commit 7d910c8d5fce79bb4223dac9838f6e1ec6aabe57
parent c71d1208a813a0e60e0390ffc267a80eadd9db42
Author: Leah (ctucx) <git@ctu.cx>
Date: Mon, 18 Nov 2024 08:51:23 +0100

configurations/linux: add user `katja`

7 files changed, 39 insertions(+), 2 deletions(-)
M
configurations/linux/default.nix
|
14
++++++++++++--
M
machines/briefkasten/default.nix
|
1
+
M
machines/coladose/default.nix
|
1
+
M
machines/trabbi/default.nix
|
1
+
M
machines/wanderduene/default.nix
|
1
+
A
secrets/passwords/katja.age
|
22
++++++++++++++++++++++
M
secrets/secrets.nix
|
1
+
diff --git a/configurations/linux/default.nix b/configurations/linux/default.nix
@@ -86,7 +86,8 @@
     acme.defaults.email = "letsencrypt@ctu.cx";
   };
 
-  age.secrets.leah-systempassword.file = ../../secrets/passwords/leah.age;
+  age.secrets.leah-systempassword.file  = ../../secrets/passwords/leah.age;
+  age.secrets.katja-systempassword.file = ../../secrets/passwords/katja.age;
 
   users.mutableUsers = false;
   users.users = {

@@ -108,9 +109,18 @@
       ];
     };
 
+    katja = {
+      isNormalUser                  = true;
+      hashedPasswordFile            = config.age.secrets.katja-systempassword.path;
+      extraGroups                   = [ "wheel" ]; # Enable ‘sudo’ for the user.
+      openssh.authorizedKeys.keys   = [
+        #yubikey gpg
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:6445161"
+      ];
+    };
   };
 
-  home-manager.users.leah = {
+  home-manager.users.katja = {
     home = {
       language = {
         "base"     = "en_US.UTF-8";

diff --git a/machines/briefkasten/default.nix b/machines/briefkasten/default.nix
@@ -134,5 +134,6 @@
 
   system.stateVersion = "22.11"; # Did you read the comment?
   home-manager.users.leah.home.stateVersion = "22.11";
+  home-manager.users.katja.home.stateVersion = "22.11";
 
 }

diff --git a/machines/coladose/default.nix b/machines/coladose/default.nix
@@ -39,6 +39,7 @@
 
   system.stateVersion = "23.11";
   home-manager.users.leah.home.stateVersion = "23.11";
+  home-manager.users.katja.home.stateVersion = "23.11";
 
 }
 

diff --git a/machines/trabbi/default.nix b/machines/trabbi/default.nix
@@ -98,6 +98,7 @@
 
   system.stateVersion = "23.11";
   home-manager.users.leah.home.stateVersion = "23.11";
+  home-manager.users.katja.home.stateVersion = "23.11";
 
 }
 

diff --git a/machines/wanderduene/default.nix b/machines/wanderduene/default.nix
@@ -158,6 +158,7 @@
 
   system.stateVersion = "23.05";
   home-manager.users.leah.home.stateVersion = "23.05";
+  home-manager.users.katja.home.stateVersion = "23.05";
 
 }
 

diff --git a/secrets/passwords/katja.age b/secrets/passwords/katja.age
@@ -0,0 +1,22 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxNG5CZmYrWjRCOTkwcmx2
+aDNzR0F0TDFrUzl5ZzlXZ2ZBOHpnZXRybGc4CnVSYWQxTDdDYklHajVLc3BmTWFC
+S3pSYzI3Z25DUGpEczhkNXNucndndzgKLT4gc3NoLWVkMjU1MTkgcThvY3pnIDlI
+S2xFR3k3V29pTjFPUkdlNkU4bTdXS0htNDlPNHR2eEQvaFdnZmN4MzgKRlVucEdt
+RE5GQ3dxSVJPb0hITXJPWU9hYzd1cEZQUU10ZmRpQVpaaUJlSQotPiBzc2gtZWQy
+NTUxOSBPSlFWRFEgSzVJK3pNd3ErZU8xa0lPL3N6ajM5Zk5EQXBmZFJzcTNLZGFv
+dHJjTHpHYwpwanY3alFDMk9YKzVzaCtSY2ZiQXVydFNpYW5YZTFqbE12MTJIakxO
+WXdFCi0+IHNzaC1lZDI1NTE5IFpjeGI2ZyBBSmlwRUxHQW5IekJ6TFh4S3hZaUpS
+MzZKRGxyUEZ6bnRMZ3lGWnlvbGhBCkVDV256WGRNbEZPYkVtL0t1c01TaUE3bkE4
+VE1aNVNQL0l2NGl5Q0l4STAKLT4gc3NoLWVkMjU1MTkgNGhLQ013IEU1TVBoejFy
+M012ZTVxQXB5ZXI4VXlreVAxMzZnL3FvWCtMbmhZR1hlRzgKTnk5elFjR055Mlk0
+cXpSaDVkU1JaVUJHUGwxcTNXbmJzdDl0bURRZlh3QQotPiBzc2gtZWQyNTUxOSBR
+Q0NuMUEgaHcwOVROMlB5MkI1cXFMa3d4V0FHUkZ4WEh3aHZmVWxrdFgxa1VTWTN3
+NAprMHRtRkJlRUZTS2hlY3RKSzBnRGZ1d3Jqem41Y2ZyVmRYcDV2cllDV3pzCi0+
+IEUtZ3JlYXNlIF8gcykgX2UyZiBcJkoKYkEySytCWmVrdHEzbjBNRXMwUEpMZC9v
+dGhTLzI4cjd2YVQxZ0tsYnFFUzVqQmtxdm0ydmRNaEpyUQotLS0gMVBwRWgvSFBL
+cUhmM2xKb3hQUTBMRElCaFY0N2FCMmJqUXNkeFNNeEcwZwouDyLgHRAwYkPpz2oP
+Orn21EjzDN3slLtFlQcoh/0L7sWSy+aZr4L1LqJ4ZHaydsWh8KLmEyYXINal6K49
+qoVDI58DGLjRy58NDdfkyoceYm5InCtFmEVp1zB+SOPmcpTzYE6Ff3fLMB8viVp+
+AfLkwF2PJleyNdAobtFyRHB4dQFE6or5QNlmUA8=
+-----END AGE ENCRYPTED FILE-----

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
@@ -14,6 +14,7 @@ let
 in {
   "passwords/leah-at-f2k1-de.age".publicKeys                        = [ main-key trabbi wanderduene wanderduene-old briefkasten ];
   "passwords/leah.age".publicKeys                                   = [ main-key trabbi wanderduene wanderduene-old briefkasten coladose ];
+  "passwords/katja.age".publicKeys                                  = [ main-key trabbi wanderduene wanderduene-old briefkasten coladose ];
 
   "restic-server/briefkasten.age".publicKeys                        = [ main-key trabbi briefkasten ];
   "restic-server/wanderduene.age".publicKeys                        = [ main-key trabbi briefkasten ];