From ece9705f67f4e40021fa14812281646ee3be9068 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= <hello@benjaminbaedorf.eu>
Date: Tue, 10 Oct 2023 11:56:36 +0200
Subject: [PATCH] feat: update passwords

---
 hosts/droppie/configuration.nix | 2 +-
 hosts/pie/configuration.nix     | 2 +-
 modules/core/networking.nix     | 6 ++----
 secrets/secrets.nix             | 1 -
 users/b12f/default.nix          | 5 +----
 users/root/default.nix          | 3 +--
 users/yule/default.nix          | 9 +--------
 7 files changed, 7 insertions(+), 21 deletions(-)

diff --git a/hosts/droppie/configuration.nix b/hosts/droppie/configuration.nix
index a5174a9..20ba04d 100644
--- a/hosts/droppie/configuration.nix
+++ b/hosts/droppie/configuration.nix
@@ -21,7 +21,7 @@ in {
 
   networking.hostName = "droppie";
 
-  services.openssh.enable = true;
+  services.openssh.openFirewall = true;
 
   pub-solar.core.disk-encryption-active = false;
 
diff --git a/hosts/pie/configuration.nix b/hosts/pie/configuration.nix
index 7a75bfd..441aa96 100644
--- a/hosts/pie/configuration.nix
+++ b/hosts/pie/configuration.nix
@@ -36,7 +36,7 @@ in {
 
   pub-solar.core.disk-encryption-active = false;
 
-  services.openssh.enable = true;
+  services.openssh.openFirewall = true;
 
   security.sudo.extraRules = [
     {
diff --git a/modules/core/networking.nix b/modules/core/networking.nix
index 815839a..026266b 100644
--- a/modules/core/networking.nix
+++ b/modules/core/networking.nix
@@ -19,12 +19,10 @@
 
   # For rage encryption, all hosts need a ssh key pair
   services.openssh = {
-    enable = lib.mkDefault false;
+    enable = true;
     allowSFTP = lib.mkDefault false;
 
-    # If you don't want the host to have SSH actually opened up to the net,
-    # set `services.openssh.openFirewall` to false in your config.
-    openFirewall = true;
+    openFirewall = lib.mkDefault false;
 
     settings.PasswordAuthentication = lib.mkDefault false;
     settings.KbdInteractiveAuthentication = false;
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index b6b55f3..3bb8088 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,5 +1,4 @@
 let
-  # set ssh public keys here for your system and user
   bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== hello@benjaminbaedorf.com";
 
   biolimo-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZzg8pfVtFonx/IvO2MKG5uVF/sMJAOt1Ifm9Vds2eA root@biolimo";
diff --git a/users/b12f/default.nix b/users/b12f/default.nix
index b870c74..bbd0a59 100644
--- a/users/b12f/default.nix
+++ b/users/b12f/default.nix
@@ -20,13 +20,10 @@ in {
     };
 
     pub-solar = {
-      # These are your personal settings
-      # The only required settings are `name` and `password`,
-      # The rest is used for programs like git
       user = {
         name = "b12f";
         description = "b12f";
-        password = "$6$LO2YoaHwuRQhUoSz$iHw9avM887eJg9cIty2nmG4Ibkol3YpviEhYpivVQP31VrnihFz/6LyugxD7X4VmXx9nxvcYIZnN90rlGxwjT.";
+        password = "$y$j9T$GR.fND1YY6/2deXcEMHx1.$QBuvjIxPkDtFXrkes0T582L6jF7gfHhseFts64qC8xB";
         fullName = "Benjamin Bädorf";
         email = "hello@benjaminbaedorf.eu";
         gpgKeyId = "4406E80E13CD656C";
diff --git a/users/root/default.nix b/users/root/default.nix
index c9f1ef7..fc783cb 100644
--- a/users/root/default.nix
+++ b/users/root/default.nix
@@ -1,5 +1,4 @@
 {...}:
-# recommend using `hashedPassword`
 {
-  users.users.root.password = "";
+  users.users.root.hashedPassword = "$y$j9T$HihsChALx5fotahvDVhdC/$iQCGUr35quGDDEFg0SGjDBxWzU/kokgOVDX.weRvL80";
 }
diff --git a/users/yule/default.nix b/users/yule/default.nix
index b63a6ce..0d74523 100644
--- a/users/yule/default.nix
+++ b/users/yule/default.nix
@@ -14,22 +14,15 @@ in {
       user = {
         name = "yule";
         description = "b12f";
-        password = "$y$j9T$x1nyqcXw/1iYKo3054cdB1$0TOuyE5t5ZV6z9Gzl9zIrmZGADBxupnwcUMTcMtMa73";
+        password = "$y$j9T$kqzIDj4zB609HA4Tzxm010$JQ/pBMFVJbYurk5icGfIINQou85.8HSqafDirGoxMl3";
         fullName = "Benjamin Bädorf";
         email = "hello@benjaminbaedorf.eu";
         gpgKeyId = "4406E80E13CD656C";
         publicKeys = [
-          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmiF8ndGhnx2YAWbPDq14fftAwcJ0xnjJIVTotI12OO4SPX/SwH5Yp8C8Kf002qN9FbFmaONzq3s8TYpej13JubhfsQywNuFKZuZvJeHzmOwxsANW86RVrWT0WZmYx9a/a1TF9rPQpibDVt60wX8yLdExaJc5F1SvIIuyz1kxYpz36wItfR6hcwoLGh1emFCmfCpebJmp3hsrMDTTtTW/YNhyeSZW74ckyvZyjCYtRCJ8uF0ZmOSKRdillv4Ztg8MsUubGn+vaMl6V6x/QuDuehEPoM/3wBx9o22nf+QVbk7S1PC8EdT/K5vskn4/pfR7mDCyQOq1hB4w4Oyn0dsfX pi@ssrtc"
-
           "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHx4A8rLYmFgTOp1fDGbbONN8SOT0l5wWrUSYFUcVzMPTyfdT23ZVIdVD5yZCySgi/7PSh5mVmyLIZVIXlNrZJg= @b12f Yubi Main"
           "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= @b12f Yubi Backup"
 
-          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a @teutat3s"
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135 @hensoko"
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
-
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKa5elEXgBc2luVBOHVWZisJgt0epFQOercPi0tZzPU root@cloud.pub.solar"
-          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCelYBqrnyU1AI2p9urIrbVxRwnH81qDWF16BXU8sqMY47htvGji8FAnCBxCnd/9r5aOsOem4lKNoPQmzGFkZQZFn7xdxVO9uzcgIEFDWKK8dQ9MzmuB2W7JXMNjCs0zktkVu5hWpYiFGhN3QEMkqKoB+fJPBQ7d6J1488Yu3Zd3odyt8x1UMWfU7ObZIOCIzJIR0F23jACkh5Q1xWJXI7rUcycCZen4aWE6uYVTE7w94ARpTHHs6NlsQwUz3+aXKaWIoFLoXHumNO3mgrs/XzMgc96pS5HrbiauwL0GS5SRkskxMPbGr93mWeTEVsDd7Q6pszTzNeVM+0O9V/iVUfwyQ6L2OVUa+fYcGiCIjSJ7DzpPW7dx/bWDTtEyPb0amf1hvof9Q0R1LLHuYUPlxSy9ySp4aHM3++u4B10PKQnebvafkXAn98lgQolFiiuAn5dekGcHiFj1vQu2NP+E+LnQFDhPa61YQD2GVvAzR5Uh/2tZLIvXEoqDMZvKY9n02SsTGBeSweGd8kgT9WVkhQ3c2zAkfkGqPiJwYpaFVd8s/z+vLp+ViCgPY401sNNPQ81AoERY7BrcIRFG1Ed29jMVuzySDKpRGOYo/9H/RiHigIqAyUs2D0VOTYPbmCUZa17iZuPHhc6VLX/ar9optIBbV5EsXfDWhoy+fIXlQ+pw== root@nougat"
         ];
       };
     };