nixos-servers/system/root-user.nix at a46fbdaa705c897f4224e63bb64c0f803826ce60 - nixos-servers - git.t-juice.club

torjus/nixos-servers

Files

Torjus Håkestad 0700033c0a

secrets: migrate all hosts from sops to OpenBao vault

Replace sops-nix secrets with OpenBao vault secrets across all hosts.
Hardcode root password hash, add extractKey option to vault-secrets
module, update Terraform with secrets/policies for all hosts, and
create AppRole provisioning playbook.

Hosts migrated: ha1, monitoring01, ns1, ns2, http-proxy, nix-cache01
Wave 1 hosts (nats1, jelly01, pgdb1) get AppRole policies only.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-05 18:43:09 +01:00

13 lines

352 B

Nix

Raw Blame History

 { pkgs, config, ... }:
 {
   programs.zsh.enable = true;
   users.users.root = {
     shell = pkgs.zsh;
     hashedPassword = "$y$j9T$N09APWqKc4//z9BoGyzSb0$3dMUzojSmo3/10nbIfShd6/IpaYoKdI21bfbWER3jl8";
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwfb2jpKrBnCw28aevnH8HbE5YbcMXpdaVv2KmueDu6 torjus@gunter"
     ];
   };
 }