cleanup secrets into different files and optional set user password etc

1 files changed, 20 insertions, 15 deletions

diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix
index 3bb9adc..ec266c4 100644
--- a/modules/root/normaluser.nix
+++ b/modules/root/normaluser.nix
@@ -1,18 +1,23 @@
-{ config, userDetails, ... }: {
-	users.users.root = {
-		hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
+{ lib, config, userDetails, ... }: {
+	options = {
+		users.setPassword.enable = lib.mkEnableOption "set users password. requires hashed root password from sops";
 	};
-	users.users.${userDetails.username} = {
-		description = userDetails.fullname;
-		#home = userDetails.home;
-		isNormalUser = true;
-		hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
-		extraGroups = [
-			"i2c"
-			"libvirtd"
-			"nixbld"
-			"video"
-			"wheel"
-		];
+
+	config = {
+		users.users.root = lib.mkIf config.users.setPassword.enable {
+			hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
+		};
+		users.users.${userDetails.username} = {
+			description = userDetails.fullname;
+			isNormalUser = true;
+			hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path;
+			extraGroups = [
+				"i2c"
+				"libvirtd"
+				"nixbld"
+				"video"
+				"wheel"
+			];
+		};
 	};
 }