From 3f8ab35a1955a9b8300d0ba6eec76c5d5f885c93 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Fri, 12 Apr 2024 13:37:33 +0200
Subject: [PATCH] rework root-password module

---
 clanModules/root-password.nix | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/clanModules/root-password.nix b/clanModules/root-password.nix
index e5800192..487d8310 100644
--- a/clanModules/root-password.nix
+++ b/clanModules/root-password.nix
@@ -1,11 +1,12 @@
 { pkgs, config, ... }:
 {
   users.mutableUsers = false;
-  users.extraUsers.root.hashedPasswordFile = "/run/secrets-for-users/passwordHash";
-  sops.secrets."${config.clanCore.machineName}-passwordHash".neededForUsers = true;
-  clanCore.facts.services.password = {
+  users.users.root.hashedPasswordFile =
+    config.clanCore.facts.services.root-password.secret.password-hash.path;
+  sops.secrets."${config.clanCore.machineName}-password-hash".neededForUsers = true;
+  clanCore.facts.services.root-password = {
     secret.password = { };
-    secret.passwordHash = { };
+    secret.password-hash = { };
     generator.path = with pkgs; [
       coreutils
       xkcdpass
@@ -13,7 +14,7 @@
     ];
     generator.script = ''
       xkcdpass --numwords 3 --delimiter - --count 1 > $secrets/password
-      cat $secrets/password | mkpasswd -s -m sha-512 > $secrets/passwordHash
+      cat $secrets/password | mkpasswd -s -m sha-512 > $secrets/password-hash
     '';
   };
 }