From 19f0808084826a8a46492fcd8fe34833b9ed9a81 Mon Sep 17 00:00:00 2001
From: ene <ene@sils.li>
Date: Sat, 21 Jan 2023 07:59:44 +0100
Subject: Feat: Save passwords in hashed form directly

Saving hashed passwords should be relatively safe, as long as the hashing
algorithm isn't flawed. Considering, that we use yescrypt with higher
than average parameters ('jFT' instead of 'j9T'), we should be safe for
now.
---
 users.nix | 31 +++++++++++++------------------
 1 file changed, 13 insertions(+), 18 deletions(-)

(limited to 'users.nix')

diff --git a/users.nix b/users.nix
index dcf06e8..ac8cf5d 100644
--- a/users.nix
+++ b/users.nix
@@ -1,28 +1,23 @@
-{
-  cfg,
-  lib,
-  pkgs,
-  list,
-  ...
-}: {
+{pkgs, ...}: {
   users.mutableUsers = false;
   users.defaultUserShell = pkgs.zsh;
 
-  # Persisting user passwords
-  fileSystems."/srv".neededForBoot = true;
-
   users.users = {
     root = {
-      passwordFile = "/srv/users/root/password";
       #uid = 0;
-      #hashedPassword = null; # to lock root
+      #initialHashedPassword = null; # to lock root
+      # Backup, if something happens. TODO remove this later
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha"
+      ];
     };
 
     sils = {
       name = "sils";
       isNormalUser = true;
-      home = "/srv/users/sils/home";
-      passwordFile = "/srv/users/sils/password";
+      home = "/srv/home/sils";
+      initialHashedPassword = null; # TODO CHANGE
       uid = 1000;
       extraGroups = [
         "wheel"
@@ -35,8 +30,8 @@
     soispha = {
       name = "soispha";
       isNormalUser = true;
-      home = "/srv/users/soispha/home";
-      passwordFile = "/srv/users/soispha/password";
+      home = "/srv/home/soispha";
+      initialHashedPassword = "$y$jFT$3.8XmUyukZvpExMUxDZkI.$IVrJgm8ysNDF/0vDD2kF6w73ozXgr1LMVRNN4Bq7pv1";
       uid = 1001;
       extraGroups = [
         "wheel"
@@ -49,8 +44,8 @@
     nightingale = {
       name = "nightingale";
       isNormalUser = true;
-      home = "/srv/users/nightingale/home";
-      passwordFile = "/srv/users/nightingale/password";
+      home = "/srv/home/nightingale";
+      initialHashedPassword = null; # TODO CHANGE
       uid = 1002;
       extraGroups = [
         "wheel"
-- 
cgit 1.4.1