diff options
| author | ene <ene@sils.li> | 2023-01-21 07:59:44 +0100 |
|---|---|---|
| committer | ene <ene@sils.li> | 2023-01-21 07:59:44 +0100 |
| commit | 19f0808084826a8a46492fcd8fe34833b9ed9a81 (patch) | |
| tree | 17a4c4e50bee2039f42c0cd2e23bc58fdffcfbe9 /users.nix | |
| parent | Fix: Resolve merge conflicts (diff) | |
| download | nixos-server-19f0808084826a8a46492fcd8fe34833b9ed9a81.tar.gz nixos-server-19f0808084826a8a46492fcd8fe34833b9ed9a81.zip | |
Feat: Save passwords in hashed form directly
Saving hashed passwords should be relatively safe, as long as the hashing
algorithm isn't flawed. Considering, that we use yescrypt with higher
than average parameters ('jFT' instead of 'j9T'), we should be safe for
now.
Diffstat (limited to 'users.nix')
| -rw-r--r-- | users.nix | 31 |
1 files changed, 13 insertions, 18 deletions
diff --git a/users.nix b/users.nix index dcf06e8..ac8cf5d 100644 --- a/users.nix +++ b/users.nix @@ -1,28 +1,23 @@ -{ - cfg, - lib, - pkgs, - list, - ... -}: { +{pkgs, ...}: { users.mutableUsers = false; users.defaultUserShell = pkgs.zsh; - # Persisting user passwords - fileSystems."/srv".neededForBoot = true; - users.users = { root = { - passwordFile = "/srv/users/root/password"; #uid = 0; - #hashedPassword = null; # to lock root + #initialHashedPassword = null; # to lock root + # Backup, if something happens. TODO remove this later + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha" + ]; }; sils = { name = "sils"; isNormalUser = true; - home = "/srv/users/sils/home"; - passwordFile = "/srv/users/sils/password"; + home = "/srv/home/sils"; + initialHashedPassword = null; # TODO CHANGE uid = 1000; extraGroups = [ "wheel" @@ -35,8 +30,8 @@ soispha = { name = "soispha"; isNormalUser = true; - home = "/srv/users/soispha/home"; - passwordFile = "/srv/users/soispha/password"; + home = "/srv/home/soispha"; + initialHashedPassword = "$y$jFT$3.8XmUyukZvpExMUxDZkI.$IVrJgm8ysNDF/0vDD2kF6w73ozXgr1LMVRNN4Bq7pv1"; uid = 1001; extraGroups = [ "wheel" @@ -49,8 +44,8 @@ nightingale = { name = "nightingale"; isNormalUser = true; - home = "/srv/users/nightingale/home"; - passwordFile = "/srv/users/nightingale/password"; + home = "/srv/home/nightingale"; + initialHashedPassword = null; # TODO CHANGE uid = 1002; extraGroups = [ "wheel" |