alyssum/samba: use proper credentials

2026-06-17 18:16:21 +10:00 · 2026-06-17 18:16:21 +10:00 · 4f8249b780
commit 4f8249b780
parent d1a8e7222f
4 changed files with 21 additions and 2 deletions
--- a/hosts/alyssum/samba.nix
+++ b/hosts/alyssum/samba.nix
@ -1,6 +1,9 @@
 { config, ... }: {
  networking.firewall.allowPing = true;
  age.secrets.passwd_smbcilly.file = ../../secrets/passwd_smbcilly.age;
  age.secrets.passwd_smbkujira.file = ../../secrets/passwd_smbkujira.age;
  users.users.cilly = {
    hashedPasswordFile = config.age.secrets.passwd.path;
    isNormalUser = true;
@ -11,9 +14,9 @@
  };
  system.activationScripts = {
    init_smbpasswd.text = ''
-      /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd.path})\n" | /run/current-system/sw/bin/smbpasswd -sa cilly
+      /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbcilly.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbcilly.path})\n" | /run/current-system/sw/bin/smbpasswd -sa cilly
-      /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_kujira.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_kujira.path})\n" | /run/current-system/sw/bin/smbpasswd -sa kujira
+      /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbkujira.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbkujira.path})\n" | /run/current-system/sw/bin/smbpasswd -sa kujira
    '';
  };
--- a/secrets.nix
+++ b/secrets.nix
@ -8,6 +8,8 @@ let
  rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15";
 in {
  "secrets/passwd.age".publicKeys = [ anemone blossom rin ];
  "secrets/passwd_smbcilly.age".publicKeys = [ alyssum rin ];
  "secrets/passwd_smbkujira.age".publicKeys = [ alyssum rin ];
  "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ];
  "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ];
--- a/secrets/passwd_smbcilly.age
+++ b/secrets/passwd_smbcilly.age
@ -0,0 +1,7 @@
 age-encryption.org/v1
 -> ssh-ed25519 kOMSPw CQaXT9/nw3NGD2/H/ctSQGXIoacgjfKQ24wkpEieLSQ
 i4xEXgWGQ7xgQyaDQQIeDuiCLjA6Le23qSnv8C1cbcI
 -> ssh-ed25519 U9FXlg GL4dCSCku/FA6ipb9XI1AxO4lhm2r/1lRAeqaGrB32o
 +pPgqwnoPi3wJLobTimVMj0rng+XRapRG6jTYFXSsDM
 --- eVgn3ON19pqq+L832bqlbkHUQXdaTI+LfSL4bYfEdew
 Æ*Œl\ÈWç!J7E/´»îò"f@%\ìüÏ[¨òj8fÓ¶›ž
--- a/secrets/passwd_smbkujira.age
+++ b/secrets/passwd_smbkujira.age
@ -0,0 +1,7 @@
 age-encryption.org/v1
 -> ssh-ed25519 kOMSPw Kn+LPMoyOrVwI/nrGgnxgVA3D+tVY9Tccg/Yx/jL+E8
 IfWiSBh7KgNvgcHlcDzfdcB9nxm1zy12Ae7AGm39fdE
 -> ssh-ed25519 U9FXlg 6eIIGEIYDo02FBsgBnwbuOeR8t4xB6jSmLfIL73UCDg
 QOc0ddunQQcVEVD20DKKpn3wZWUSveFJSUTBnv+xnNk
 --- MjN2i0FNzbUpBGUDNgWGXrRsYl2gtsQX+JlzZV/fYdw
 TÎ <ç‘R#d<>Ä†ÌŽlLkáN¦½º8´cÃ_N¬)±ŠT