From 1a24fba066c227d1a686216bafbee6a7b365c92b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vili=20Sinerv=C3=A4?= <vili.m.sinerva@gmail.com>
Date: Sat, 21 Jun 2025 17:09:24 +0300
Subject: [PATCH] Make user password a per-machine configuration

---
 secrets/helium/vili.yaml | 25 +++++++++++++++++++++++++
 shared/users/vili.nix    |  2 +-
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 secrets/helium/vili.yaml

diff --git a/secrets/helium/vili.yaml b/secrets/helium/vili.yaml
new file mode 100644
index 0000000..ef098b6
--- /dev/null
+++ b/secrets/helium/vili.yaml
@@ -0,0 +1,25 @@
+vili-password: ENC[AES256_GCM,data:zV3ayPzVXwYxnCR/JyX6EepNhZ+ck7F4s60z+nFs/2r4Q8lypt4EoXP4jcV2+PsYWShxDQzLZlJNh6GiyRQZQQ75KSsyzSkQJg==,iv:y4QYPoy1auBK1Izi6PtlqX8/C2utgNT6cBXKYfpxIpQ=,tag:J2tTE3R8KX3azUvTVXr6yA==,type:str]
+sops:
+    age:
+        - recipient: age1pvkuvcc38pke3euzsjzpgp6s6v3jykug2e69rplytdy7gxntm5jsraxhvp
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnaUJ4Wm1rckR4RHJKNUVi
+            Y2lkSlZxWWRNYytrWkVHWDNONjRJNUUvRmtvCmRHMzZmMVYxcDRGbVJOejlJZnZY
+            T1E0Z1ZOeHR1bWRwZ1dZU3ZXa2NpNGcKLS0tIC9tcURHbm5JemdJakZsYjhjd2R2
+            cCtsQkQzdi9QSTlYUVkzb1EyRmNLWG8KKAAwJg4N/1jnbkM77AOPJjRgG5H9qSL2
+            YAPWt/BWd+sO8VJRU7Hp6Vk0dQPYBPBshx143tb/POkoNJoHSivyfw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1xp02dggk2e6csvxg2q5nfts4tjhd05vthrcvvk2l67m3tgs3vugqshg24q
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCbEE1bFErWDk0NXh5dWVi
+            ZVNydzhzWVlzZzRrakNWZmFsTUNQOHpLeUNrCjJHb2Y5RXJzdFVuZFhRQ1dCZmxS
+            VGlWTUQ1QmIwVWlLZjFQR1A4MDc5NjAKLS0tIFRvUmdDdHhEZjc1YWV1d3JYVjhS
+            dVlOZllqYTJOQ29EUXRxYzNHdXNSTDgK1bGw6zXjTzgFeItGkumoAGtgNaNrbzQA
+            tRs6TJToPrS7GBat3dkc/HzfDEZBd3eWyfM4lfFDONJz5OxE6m4Z+A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-06-21T14:08:15Z"
+    mac: ENC[AES256_GCM,data:0xgu93R+LuGEBbdf7C+LC9/+zE+S8ZN1b3lghGGHi6jQpl9796wAl26QUE0Qpa8VlLWyIr27v5WbtbqsD8FDmqcgJmzEUxnJwslQdTp/F0CDI2FRhr5emeCgjmT7XGm3elVU2h1xES+2sIQJLeKciOGGQBMNCrURuxnOILq3+sI=,iv:kYuhRAcSj4QKF7hMSZ+MM8TE503vZ4BnMWnQth7VnXA=,tag:oX1yFl38oXbxZxnf27yCbg==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2
diff --git a/shared/users/vili.nix b/shared/users/vili.nix
index bfb5629..ef8f179 100644
--- a/shared/users/vili.nix
+++ b/shared/users/vili.nix
@@ -1,7 +1,7 @@
 { config, ... }:
 {
   sops.secrets.vili-password = {
-    sopsFile = ../../secrets/users/vili.yaml;
+    sopsFile = ../../secrets/${config.networking.hostName}/vili.yaml;
     neededForUsers = true;
   };