feat(modules/secrets): set rafiq password from sops

modules/nixos/system/default.nix

@@ -10,7 +10,8 @@
 
   options.system = {
    hostname = lib.pantheon.mkStrOption;
-   mainUser = lib.pantheon.mkStrOption;
+   mainUser.name = lib.pantheon.mkStrOption;
+   mainUser.publicKey = lib.pantheon.mkStrOption;
    bootloader = lib.pantheon.mkStrOption;
   };
 

modules/nixos/system/users.nix

@@ -5,19 +5,17 @@
     users.mutableUsers = false;
     users.groups.users = {
 	gid = 100;
-      members = [ "${config.system.mainUser}" ];
+      members = [ "${config.system.mainUser.name}" ];
     };
-      users.users."${config.system.mainUser}" = {
+      users.users."${config.system.mainUser.name}" = {
       linger = true;
       uid = 1000;
         isNormalUser = true;
-        initialPassword = "1";
+	hashedPasswordFile = config.sops.secrets."${config.system.mainUser.name}/hashedPassword".path;
         extraGroups = [ "wheel" ];
-      openssh.authorizedKeys.keys = [
+      openssh.authorizedKeys.keys = [ config.system.mainUser.publicKey ];
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n"
-      ];
       };
-      services.getty.autologinUser = config.system.mainUser;
+      services.getty.autologinUser = config.system.mainUser.name;
     }
   ];
 }

systems/x86_64-linux/nemesis/default.nix

@@ -1,7 +1,8 @@
 { config, lib, pkgs, ... }:
 {
   system.hostname = "nemesis";
-  system.mainUser = "rafiq";
+  system.mainUser.name = "rafiq";
+  system.mainUser.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n";
   system.bootloader = "systemd-boot";
   hardware.drives.btrfs = {
     enable = true;