From b74e44f59eff364eb5281f7389f84ae4e3b692fe Mon Sep 17 00:00:00 2001
From: Tim Keller <tjk@tjkeller.xyz>
Date: Thu, 17 Jul 2025 20:03:16 -0500
Subject: cleanup secrets into different files and optional set user password
 etc

---
 modules/root/normaluser.nix | 35 ++++++++++++++++++++---------------
 1 file changed, 20 insertions(+), 15 deletions(-)

(limited to 'modules/root/normaluser.nix')

diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix
index 3bb9adc..ec266c4 100644
--- a/modules/root/normaluser.nix
+++ b/modules/root/normaluser.nix
@@ -1,18 +1,23 @@
-{ config, userDetails, ... }: {
-	users.users.root = {
-		hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
+{ lib, config, userDetails, ... }: {
+	options = {
+		users.setPassword.enable = lib.mkEnableOption "set users password. requires hashed root password from sops";
 	};
-	users.users.${userDetails.username} = {
-		description = userDetails.fullname;
-		#home = userDetails.home;
-		isNormalUser = true;
-		hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
-		extraGroups = [
-			"i2c"
-			"libvirtd"
-			"nixbld"
-			"video"
-			"wheel"
-		];
+
+	config = {
+		users.users.root = lib.mkIf config.users.setPassword.enable {
+			hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
+		};
+		users.users.${userDetails.username} = {
+			description = userDetails.fullname;
+			isNormalUser = true;
+			hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path;
+			extraGroups = [
+				"i2c"
+				"libvirtd"
+				"nixbld"
+				"video"
+				"wheel"
+			];
+		};
 	};
 }
-- 
cgit v1.2.3