From a3961b0bde91ec05308dddfa7823f89e52edc796 Mon Sep 17 00:00:00 2001
From: Lillian-Violet <git@lillianviolet.dev>
Date: Wed, 21 Feb 2024 11:21:08 +0100
Subject: [PATCH] Set lillian's password declaratively on EDI

---
 nixos/hosts/EDI/configuration.nix | 9 +++++++++
 nixos/hosts/EDI/secrets/sops.yaml | 6 +++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/nixos/hosts/EDI/configuration.nix b/nixos/hosts/EDI/configuration.nix
index aa96251..58350d5 100644
--- a/nixos/hosts/EDI/configuration.nix
+++ b/nixos/hosts/EDI/configuration.nix
@@ -30,6 +30,15 @@
     ./hardware-configuration.nix
   ];
 
+  sops.defaultSopsFile = ./secrets/sops.yaml;
+  sops.age.keyFile = ../../../../../../var/secrets/keys.txt;
+
+  sops.secrets."lillian-password".neededForUsers = true;
+
+  users.users.lillian = {
+    hashedPasswordFile = config.sops.secrets."lillian-password".path;
+  };
+
   home-manager = {
     extraSpecialArgs = {inherit inputs outputs;};
     users = {
diff --git a/nixos/hosts/EDI/secrets/sops.yaml b/nixos/hosts/EDI/secrets/sops.yaml
index 8a2082f..195607f 100644
--- a/nixos/hosts/EDI/secrets/sops.yaml
+++ b/nixos/hosts/EDI/secrets/sops.yaml
@@ -1,4 +1,4 @@
-password: ENC[AES256_GCM,data:4EAU7m0RF3BWnIDdcRFkC+UcwcQ=,iv:s1gF8edUjatry3h/e5ZmBXLOEJO1iX8tiyuanzuJgJY=,tag:cicC8WzOnIhG8xIM09nrTw==,type:str]
+lillian-password: ENC[AES256_GCM,data:0mwqnvA+xrDD/m6uQtPbo9MpcFsOoqHE+Cg2gF6xZzNsqM3i/OmvAe7syp+mGBacZ3avoIHowLSWgXUkMcuFPeYa6XRkrX4LhA==,iv:f1kB54k6ZYWKlZ0Zowu8fOD0cf2WvNlX3GSpy1sUMdA=,tag:dsusc45E1BmYsNmiPzNccg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -14,8 +14,8 @@ sops:
             eUZ6b09pYlRVWFBuUm1Ua2l6Z0dacW8KeQdAVsxXsDiDMtFA2koSpDsw7Ib63vA0
             GE/ubWDwwRc7wMPFGuofIe6TaDSFgtVXza+yo+i4y51+BOpwqxlYYA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-11-04T09:24:15Z"
-    mac: ENC[AES256_GCM,data:SoNQ2F2hye6l4B29dLOycZYNqdpluRWgsIj0ZJ5aanExBKq8REHyoXU11X+ItZkrHkyNHyDf1cpQSwyL0AMJG6KXn0z//hKuMijOF3AQ5fXgIu4vmutvpvvIQ/7rBxATsFq43QjIWHsSOOfi1HYpBRlDwc/oTCG9G//NzR9MqOo=,iv:uhZuK1wGPUbhby++T2diyleLWvGbFE+1HCuw0y73eTQ=,tag:lkWn+nYkGP0L0HyVjjYhCA==,type:str]
+    lastmodified: "2024-02-21T10:15:11Z"
+    mac: ENC[AES256_GCM,data:AnQfufrAVvN2f2kr2KLM8toFj4BUxM1xvwH48DE1OcoenBlzQHu76R35cc9q0rJjOBWXYnZPLEHncE46XyXt56HPboH/blIEZwa9aL1pwDOV5UwbaqZTuSy7/Ylnn0ZoZtcD4gFnavWBT9iUgu3VjRso1i6eXm0Lc1mvwRbH63M=,iv:zJW4Bzm+IGzgxsFE7QP+E4RY5UoPWTUeo9RfoLpbSt8=,tag:E29Pnjtp0w05hdEQCmkj7A==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1