tdpeuter/bos55-nix-config-cicd
1
Fork 0
forked from Bos55/nix-config
Code Pull requests 1 Releases Packages Activity Actions

feat(security): implement metadata redaction and sops-nix migration
Some checks are pending
Build / Determining hosts to build (push) Waiting to run
Details
Build / build (Development) (push) Blocked by required conditions
Details
Build / build (Testing) (push) Blocked by required conditions
Details

Browse source 
Migrated authorized SSH keys and personal metadata (emails, tokens) to sops-nix to prevent infrastructure fingerprinting. Introduced centralized secrets module with placeholder fallbacks.
This commit is contained in:
Tibo De Peuter 2026-03-17 18:25:37 +01:00
parent 8fb651fd60
commit 3e37c44157
Signed by: tdpeuter
GPG key ID: 38297DE43F75FFE2
11 changed files with 64 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

4
users/admin/default.nix
View file

@ -26,7 +26,9 @@ in {
config.users.groups.wheel.name # Enable 'sudo' for the user.
];
initialPassword = "ChangeMe";
openssh.authorizedKeys.keys = cfg.authorizedKeys;
openssh.authorizedKeys.keyFiles = [
config.sops.secrets.user_keys_admin.path
];
packages = with pkgs; [
curl
git