Initial deploy password to root #135

Open

adriangl wants to merge 1 commits from hashed-initial-deploy-root-password into main

pull from: hashed-initial-deploy-root-password

merge into: Drift:main

Drift:main

Drift:drumknotty

Drift:radicle

Drift:bekkalokk-mediawiki-matrix-notifs

Drift:temmie-userweb-import-all-the-users

Drift:the-heccin-quotes

Drift:temmie-userweb-apache-log-processor

Drift:setup-openvpn-tunnel

Drift:bicep-garage-test-deployment

Drift:nettsiden-postgresql

Drift:dagali-heimdal-openldap-sasl-stack

Drift:gitea-robots-txt

Drift:bicep-revival

Drift:fmt

Drift:errorpages

Drift:PVVtheme2026

Drift:skrot-new-thing

Drift:loginpage

Drift:gitea-vaskepersonalet

Drift:create-flake-input-exporter

Drift:nom

Drift:pvvvvv

Drift:gitea-show-license-in-list-view

Drift:openwebui

Drift:openstack-image-builder

Drift:elysium

Drift:deploy-doorbell

Drift:misc-gitea-fixes

Drift:spotifyd

Drift:remote

Drift:setup-bikkje-login

Drift:ozai-prod

Drift:ozai

Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud

Drift:misc1

Drift:add-simple-saml-theme

Drift:misc-extra-gitea-setup

Drift:setup-kerberos

Drift:setup-home-areas

Drift:shark-kanidm

Conversation 2 Commits 1 Files Changed 2

+2 -1

adriangl commented 2026-05-20 15:33:59 +02:00

Owner

Copy Link

Copy Source

Added a "huttiheita root" password to vault-warden. This adds the hash as initial password for root, so we have a common initial password and avoid having the problem with no password set in a lot of install contexts.

Possible problems: removed the initial password without hashed for root from acme service config something might break, and we should possibly undo that.

We may forget to set the new password and have a slightly more exposed password on the machine.

Added a "huttiheita root" password to vault-warden. This adds the hash as initial password for root, so we have a common initial password and avoid having the problem with no password set in a lot of install contexts. Possible problems: removed the initial password without hashed for root from acme service config something might break, and we should possibly undo that. We may forget to set the new password and have a slightly more exposed password on the machine.

adriangl added 1 commit 2026-05-20 15:34:00 +02:00

feat: add initialdeploy hashed password to root 18e795abdc

oysteikt approved these changes 2026-05-25 04:43:40 +02:00

felixalb approved these changes 2026-05-25 19:21:24 +02:00

Some checks are pending

Hide all checks

Eval nix flake / evals (push) Successful in 4m39s

Details

Eval nix flake / evals (pull_request) Successful in 4m34s

Details

This pull request can be merged automatically.

This branch is out-of-date with the base branch

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin hashed-initial-deploy-root-password:hashed-initial-deploy-root-password

git checkout hashed-initial-deploy-root-password

Sign in to join this conversation.

Reviewers

No Reviewers

oysteikt

felixalb

Labels

Clear labels

art

The issue needs someone to be creative

backup

big

No, not bug, **big** - this is gonna take a while

blocked

This issue/PR depends on one or more other issues/PRs

bug

Something is not working, and it's not the shield hero

comprehensive first issue

Do this as your first issue, and learn a lot of things

crash report

Report an oopsie

disputed

kranglefanter

documentation

Documentation changes required

duplicate

This issue or pull request already exists

enhancement

New feature

good first issue

Get your hands dirty with a new project here

logging

networking

TTM4100

nixos

Requires changes to our nixos setup

question

More information is needed

salt

Requires changes to our salt setup

security

Skommel

servers n' hardware

Regards hardware, servers or VMs

simple first issue

Done in nix no time

wontfix

This won't be fixed

No Label

Milestone

No items

No Milestone

Assignees

Clear assignees

adriangl (Adrian Gunnar Lauterer) albertba (Albert Bayazidi) alfhj (Alf Helge Jakobsen) amalieem (Amalie Erdal Mansaker) bjornoka (Bjornar Orjansen Kaarevik) chrisfjo (Christian Fredrik Johnsen) chrivi (Christoffer Viken) danio (Daniel Lovbrotte Olsen) davidk (David Kaasen) dungby (Dung-Bai Yen) eirikwit (Eirik Witterso) felixalb (Felix Albrigtsen) frero (Fredrik Robertsen) jonmro (Jon Martinus Rodtang) jovre (Jo Vassbotn Remvik) karolds (Karoline Dyve Samuelsen) knuta (Knut Auvor Grythe) krisleri (Kristoffer Longva Eriksen) larshhan (Lars Halvor Hansen) olived (Oliver Didriksen-Kolstad) oysteikt (Oystein Kristoffer Tveit) pederbs (Peder Bergebakken Sundt) root (rot) torsteno (Torstein Nordgård-Hansen) vegardbm (Vegard Bieker Matthey) yorinad (Yorin Anne De Jong)

No Assignees

3 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Drift/pvv-nixos-config#135