cleanup secrets

1 files changed, 11 insertions, 3 deletions

diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix
index ec266c4..50e9236 100644
--- a/modules/root/normaluser.nix
+++ b/modules/root/normaluser.nix
@@ -4,13 +4,20 @@
 	};
 
 	config = {
-		users.users.root = lib.mkIf config.users.setPassword.enable {
-			hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
+		# Load hashed root password secret
+		sops.secrets.hashed-root-password = lib.mkIf config.users.setPassword.enable {
+			sopsFile = ./resources/secrets/hashed-root-password.yaml;
+			neededForUsers = true;
 		};
+
+		# Set hashed password file if the setPassword option is enabled
+		users.users.root.hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path;
+
+		# Setup normal user
 		users.users.${userDetails.username} = {
+			home = userDetails.home;
 			description = userDetails.fullname;
 			isNormalUser = true;
-			hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path;
 			extraGroups = [
 				"i2c"
 				"libvirtd"
@@ -18,6 +25,7 @@
 				"video"
 				"wheel"
 			];
+			hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path;
 		};
 	};
 }