From 4fe4f4d5a2a7f596f392c98f2e43c1073af56a19 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patrick=20Gro=C3=9Fmann?= <patrickdgro@gmail.com>
Date: Fri, 2 Jun 2023 14:53:17 +0900
Subject: [PATCH] fix: switched passwd encryption method to prevent user logout
 if agenix fails

---
 secrets/patrick.passwd.age |  12 ------------
 secrets/root.passwd.age    |  12 ------------
 secrets/secrets.nix.age    | Bin 0 -> 783 bytes
 users/patrick/default.nix  |   3 +--
 users/root/default.nix     |   3 +--
 5 files changed, 2 insertions(+), 28 deletions(-)
 delete mode 100644 secrets/patrick.passwd.age
 delete mode 100644 secrets/root.passwd.age
 create mode 100644 secrets/secrets.nix.age

diff --git a/secrets/patrick.passwd.age b/secrets/patrick.passwd.age
deleted file mode 100644
index fb811c8..0000000
--- a/secrets/patrick.passwd.age
+++ /dev/null
@@ -1,12 +0,0 @@
-age-encryption.org/v1
--> X25519 Ub9kushFyUiGgqBg6EELrG3RqaMyuIl5TclGS4og5jw
-qTidQ54jNLQ8ge4q6gnB61yg59fxf20RE/5j0kc/LeU
--> piv-p256 XTQkUA A+pbwPwiymxHhE6uLkaUi0KzPt/1zkY5iTXLAeVeoLPZ
-x+nX9T7RJgeShnFbGOeYUp5DsDcYIlfQQF+1YNMAvrY
--> piv-p256 ZFgiIw A5aXsAs/josvuRxRl9RUyRpOIECEsu0DPYO4FO2rqguv
-Wvh4Fwl5gcsbp8OCUkXoqFGYW+O+lG1g1E3s4zGQmmY
--> kG['(-grease
-pwvfbNEpRgk5flUMrx/8rIefRNbC+8pntHmoJD0CUM8rU7rX53OGyXiwrO42yEeO
-lzXqzf9KJjok3Iv1TBhmehWoNbyPanX/hFR0xgtSIWfkcYptqw
---- B5u7pwgmQOm6dmLtv9yiVRe35to0xqw0nTLyXWzmym4
-XL1�{�6O�C�p�E�H�<�G�P�W�S¿��i\�9-�x��Z�%su��N9�~3��L��'��v[���I��4��&�b��֋���W�%��3k�H�P��
\ No newline at end of file
diff --git a/secrets/root.passwd.age b/secrets/root.passwd.age
deleted file mode 100644
index dbe4825..0000000
--- a/secrets/root.passwd.age
+++ /dev/null
@@ -1,12 +0,0 @@
-age-encryption.org/v1
--> X25519 b/8FJSZrQnmmZAa3pd5+S6ny85tDC26v9Mmv4uo3xEI
-aObTeesKru9H65F1EXO//7cwxqZ3xRmWN4WPAK33y0A
--> piv-p256 XTQkUA ArgnRrNbgtg95zsDDvIA6rRUDodnPHJIEwRYGXmwx4XW
-jqM/jcOLVKallUn7eHXDO9zyWqHNSrZau+qNV8l+Wx8
--> piv-p256 ZFgiIw Ajvy6fO4GytAvZCS38h2wjKghK/XRaPu97QuL07bdiYz
-2HBGTQtIiktiAujhGfsM3nPu3hiRkJJKLHF3XxW6yCI
--> ikUP2{-grease kS(OEf]-
-qyzIhVtJfVroeCQhEnB290ffq1GNZQwVzL+7aU2lqStVhXdP5Y1sCJoo8YlHjt7c
-lZu5rKe2cosKjVZcORyzv4A
---- sYEWTZSkZ9a3zdQs9BDej9+wdvFUJbkSjUGWfWFOm7A
-�ӫ"�G�Uv��DG�0��y�q��N��E�^/�ٻu�%��q2ad��X΍��+�
�����<��$
z���J^��Le;]Fu
�4��^�����W�axhWX
^	�
\ No newline at end of file
diff --git a/secrets/secrets.nix.age b/secrets/secrets.nix.age
new file mode 100644
index 0000000000000000000000000000000000000000..efb4f7022e86f1dfd4d5dd77fa141fc5f6e3ec0c
GIT binary patch
literal 783
zcmZwA`)ky8008i+RN=b)pj8l&EfjxH>h<n&{ieCKtK_^~noIAMyX0~yTJDj{J#u+o
zlIFw*DohxNAYzN`hoOQ>tzD;uDt1m0X~7?Spa@cw6|ox|EA_zyW%%P@pMT(!69u;*
z7j#E$R1~>O(M6BtbGiE=4hFy%fIu^p3Z|lb-G(g?NSH`1Xh==aBd|^!k#JP06ZuXh
z3o{kQrCSCp5HK>3%f^6Acx!dtFf^2wQGY%|6v8FC(Ou7Am>R}D4{F77t1v(yE}g6~
z7=%el1fxTa8L35M2^z8DkxVI;mI#6FtXD`UWn?XH2ygNTj=8dg$>5~YV9|yV;DJtB
zeys+xLM*{1(|E$+2Vou*S+AK+{^#PuVuiFJ43&GTTu+&*am8wZ6s@qAbD9BB3uXyz
zw^+l9A%P(2Qg<_5b_KDd2QXeu;)1H5FZjSnCc?>eJC@LSyrdZUtdjvK8jhFI|Gi9A
z3ZfK=Qm9-hMuoB+9b_sXUl!x4g^UD&5z8kujTP%<!o`IEr)DUppxJ|wXvCw^12ol*
z;CL!Q<#cLbw`2|m$SiI6na|gDkSb}r+@dbz3<08{y?x(Sp`lnr6Lz`G&OBC4DK59$
z4Iv()617<g6%EysvO<Lb>kmn~5@}=@A0p+LfLPLUxn#o@UBfqKf6j}e$mq?j!q*Qc
zhaNxiZCU@){x~;qZ~Xg-CvR@Ht)FOYxUzF<2eGi{?ukQ7p9FXlHP*7fBf9_4%;NU7
z^TTfo>|5mU57pMC_Nyy@Swi1!_^kJz<=1OgZTzl#l4_6b8(MjUo?d9_pE{jh*YV2f
zpV}}(E_{5azmd1KeRz4P%8VAL(Q}VZUH|Yq`|H!q7n0cy@YNUnzn$FMe*TwPVWRK(
zm$!OaXD5!vyUrhDuN;5=X?l^LYjNN5{5^JH{9Y^m{vi3&AJ;CA+>iX3`{qQjuv%}c
mcHL=TC(rAX7o+AgcxSH|8g4nZ{Git!`_UY}wsho$a^_!h?kAN1

literal 0
HcmV?d00001

diff --git a/users/patrick/default.nix b/users/patrick/default.nix
index 34a9844..27469e9 100644
--- a/users/patrick/default.nix
+++ b/users/patrick/default.nix
@@ -9,7 +9,6 @@
   imports = [
     ../../hosts/common/graphical/hyprland.nix
   ];
-  rekey.secrets.patrick.file = ../../secrets/patrick.passwd.age;
 
   users.users.patrick = {
     shell = pkgs.zsh;
@@ -18,7 +17,7 @@
     createHome = true;
     extraGroups = ["wheel" "audio" "video" "input"];
     group = "patrick";
-    passwordFile = config.rekey.secrets.patrick.path;
+    hashedPassword = config.secrets.secrets.global.users.patrick.passwordHash;
   };
   users.groups.patrick.gid = config.users.users.patrick.uid;
 
diff --git a/users/root/default.nix b/users/root/default.nix
index d4b36dc..2edc95e 100644
--- a/users/root/default.nix
+++ b/users/root/default.nix
@@ -4,14 +4,13 @@
   impermanence,
   ...
 }: {
-  rekey.secrets.root.file = ../../secrets/root.passwd.age;
   users.users.root = {
     shell = pkgs.zsh;
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxD4GOrwrBTG4/qQhm5hoSB2CP7W9g1LPWP11oLGOjQ"
     ];
-    passwordFile = config.rekey.secrets.root.path;
+    hashedPassword = config.secrets.secrets.global.users.root.passwordHash;
   };
   home-manager.users.root = {
     imports = [