From 4606d9b1595e42ffd9b75b9e69667708c70b1d68 Mon Sep 17 00:00:00 2001 From: Haru02w Date: Sat, 20 Jan 2024 20:29:06 -0300 Subject: [PATCH] Add info about hash passwords --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index a2feb81..6088434 100644 --- a/README.md +++ b/README.md @@ -574,6 +574,12 @@ To work around this issue, it's possible to set `neededForUsers = true` in a sec This will cause the secret to be decrypted to `/run/secrets-for-users` instead of `/run/secrets` before NixOS creates users. As users are not created yet, it's not possible to set an owner for these secrets. +The password must be stored as a hash for this to work, which can be created with the command `mkpasswd` +```console +$ echo "password" | mkpasswd -s +$y$j9T$WFoiErKnEnMcGq0ruQK4K.$4nJAY3LBeBsZBTYSkdTOejKU6KlDmhnfUV3Ll1K/1b. +``` + ```nix { config, ... }: { sops.secrets.my-password.neededForUsers = true;