From 57c4fd3d35352fbf472822ef999adf034b6275b9 Mon Sep 17 00:00:00 2001
From: Kaare Hoff Skovgaard <kaare@kaareskovgaard.net>
Date: Sat, 19 Jul 2025 21:47:52 +0200
Subject: [PATCH] Begin adding support for setting unix password for users

---
 .../post/openbao/default.nix                       |  1 +
 .../post/openbao/unix-users.nix                    | 14 ++++++++++++++
 2 files changed, 15 insertions(+)
 create mode 100644 nix/systems/aarch64-linux/security.kaareskovgaard.net/post/openbao/unix-users.nix

diff --git a/nix/systems/aarch64-linux/security.kaareskovgaard.net/post/openbao/default.nix b/nix/systems/aarch64-linux/security.kaareskovgaard.net/post/openbao/default.nix
index bbeb301..5bbb726 100644
--- a/nix/systems/aarch64-linux/security.kaareskovgaard.net/post/openbao/default.nix
+++ b/nix/systems/aarch64-linux/security.kaareskovgaard.net/post/openbao/default.nix
@@ -4,6 +4,7 @@
     ./ssh-host.nix
     ./loki-mtls.nix
     ./prometheus-mtls.nix
+    ./unix-users.nix
   ];
   khscodes.infrastructure.vault-server-approle.path = "\${ vault_auth_backend.approle.path }";
   khscodes.infrastructure.provisioning.post.modules = [
diff --git a/nix/systems/aarch64-linux/security.kaareskovgaard.net/post/openbao/unix-users.nix b/nix/systems/aarch64-linux/security.kaareskovgaard.net/post/openbao/unix-users.nix
new file mode 100644
index 0000000..ce8fc54
--- /dev/null
+++ b/nix/systems/aarch64-linux/security.kaareskovgaard.net/post/openbao/unix-users.nix
@@ -0,0 +1,14 @@
+{
+  khscodes.infrastructure.provisioning.post.modules = [
+    {
+      khscodes.vault.mount.unix-users = {
+        type = "kv";
+        path = "unix-users";
+        options = {
+          version = "2";
+        };
+        description = "Secrets used for forgejo";
+      };
+    }
+  ];
+}