From d40c4898e8f28660b74b80160e20fb5908126adf Mon Sep 17 00:00:00 2001
From: Manuel Thalmann <m@nuth.ch>
Date: Thu, 2 May 2024 04:23:57 +0200
Subject: [PATCH] Set a default user password

---
 lib/configuration.nix    | 2 ++
 lib/modules/my-users.nix | 1 +
 secrets/global.yaml      | 6 +++---
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/configuration.nix b/lib/configuration.nix
index a0283c8..16bd335 100644
--- a/lib/configuration.nix
+++ b/lib/configuration.nix
@@ -36,6 +36,8 @@
           "/etc/ssh/ssh_host_ed25519_key"
         ];
       };
+
+      secrets.default_password.neededForUsers = true;
     };
 
     boot.loader = {
diff --git a/lib/modules/my-users.nix b/lib/modules/my-users.nix
index 555450e..512d2e3 100644
--- a/lib/modules/my-users.nix
+++ b/lib/modules/my-users.nix
@@ -47,6 +47,7 @@ in {
           shell = lib.mkIf
             (user.defaultShell != null)
             user.defaultShell;
+          hashedPasswordFile = config.sops.secrets.default_password.path;
           extraGroups = lib.mkIf user.sudoer [
             "wheel"
           ];
diff --git a/secrets/global.yaml b/secrets/global.yaml
index efe7df9..102dc3f 100644
--- a/secrets/global.yaml
+++ b/secrets/global.yaml
@@ -1,4 +1,4 @@
-default_password: ENC[AES256_GCM,data:Fu7oImuzV9R0cBIof4yxqkA=,iv:HLlmswAvTL9FCvtDjJF1GJs2V9a/sMdF3cQE5LRXARA=,tag:xooPA2X6fS9BzJQRxRg6lQ==,type:str]
+default_password: ENC[AES256_GCM,data:tltElaIpMnfOTy+6oBle42fBzX6fs9WO79/CKncPfY0dKktLaZmNxUdeSu1kLTNZxSozF7zWyoTKsYUAf8J6Cd6uTvQjLU3lyg==,iv:uWdZYsRWz4kjQuIaanMpQYqkzBTM6GcuDbrszqULv9w=,tag:QiqeNvngBYc/FiXOfU3/sg==,type:str]
 hello: ENC[AES256_GCM,data:DrqMebu1YfPvRFdk1BrRMpcuYUhLjdsN7kmde6RD1GAHU80TC63cXJKGZa2U0w==,iv:4jmc4VD4UpeQW8xHwlRvUay3hl+RtQDKDLqntJuJvko=,tag:unv5SvsNXqf/6upLGVvzCw==,type:str]
 example_key: ENC[AES256_GCM,data:0ipg3+BUAKVrCk2kaA==,iv:aELPXsWgX7rpQ8RenuKf7rMvizMNoGEVOv3rs+ONrdI=,tag:RhfPB41QTp4dgfIF9bd6hQ==,type:str]
 #ENC[AES256_GCM,data:IwXJ/UrwHromJcQUQU47VQ==,iv:IPxKuE7XNfiej6z3+nITv/K8rFJdWHxnzrkScB8jciA=,tag:aWbzQEky9UGrIZB3ygHE+w==,type:comment]
@@ -25,8 +25,8 @@ sops:
             dHVEbVh0a3diMXpuMlJLWEtLZ0dITFEKaVRCWGU/1w4zW+sYEkx/uqjlqVMoC6nY
             LRAU8FF9dDoyUwa6Tne6V83oyVf205c5tls2vPBIRh59cfiMeFq4qg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-01T23:19:51Z"
-    mac: ENC[AES256_GCM,data:G/XxH2TBx/ePmUXP0ww1rRCnJf28CfVCb/9INS4k0qPKXee8Y/ClE06tsnyzqeiGH1fjYAMZeR1yXDrc0tcVByNkH+WTzTfsRXEyjZeTV1dx3KtK3hmYWHxKEOurJw0F6sPs8Jnc+gINNMMOrCjqAPvH3Xl2RSEqp3ZQGX3RS54=,iv:sfmNmJ2a5tw7T2q3tcFWbKQm5R8fPAfxV9Vo1dTTApg=,tag:GYgQ6Y+FOrJAF3URiz2vuA==,type:str]
+    lastmodified: "2024-05-02T01:49:56Z"
+    mac: ENC[AES256_GCM,data:sxM9JzY8q2Rn64DvZAhKsXnSoq6gj7OQqNG0xktR548x/VHxBq5AmWyu8zWMvgQMjBlQF/kR27DSt4bSY3I3FIl+yQCFRD/lfMCXqNkND7eVGSOFJAEoEIayV8LHV+dgRtxzxZAdw1IYgFlpc2EKgvkulME5GCsupw7zdY+d2NI=,iv:4FBjS/AGoaQUj0h+6NLKNUIL3YSwAVL/0hGi8h2y0rc=,tag:VG/H3N86BHjspslPQXzq6Q==,type:str]
     pgp:
         - created_at: "2024-05-01T23:06:06Z"
           enc: |-