Refactor user authentication to use hashed passwords across all configurations

hosts/nixos/cloud/default.nix

@@ -41,7 +41,7 @@ in
   hostSpec = {
     hostName = "cloud";
     username = username;
-    password = user.password;
+    hashedPassword = user.hashedPassword;
     email = user.email;
     handle = user.handle;
     userFullName = user.fullName;

hosts/nixos/komodo/default.nix

@@ -42,7 +42,7 @@ in
   hostSpec = {
     hostName = "komodo";
     username = username;
-    password = user.password;
+    hashedPassword = user.hashedPassword;
     email = user.email;
     handle = user.handle;
     userFullName = user.fullName;

hosts/nixos/lxc/default.nix

@@ -36,7 +36,7 @@ in
   hostSpec = {
     hostName = "lxc";
     username = username;
-    password = user.password;
+    hashedPassword = user.hashedPassword;
     email = user.email;
     handle = user.handle;
     userFullName = user.fullName;

hosts/nixos/nix/default.nix

@@ -38,7 +38,7 @@ in
   hostSpec = {
     hostName = "nix";
     username = username;
-    password = user.password;
+    hashedPassword = user.hashedPassword;
     email = user.email;
     handle = user.handle;
     userFullName = user.fullName;

hosts/nixos/proxy/default.nix

@@ -41,7 +41,7 @@ in
   hostSpec = {
     hostName = "proxy";
     username = username;
-    password = user.password;
+    hashedPassword = user.hashedPassword;
     email = user.email;
     handle = user.handle;
     userFullName = user.fullName;

hosts/nixos/rune/default.nix

@@ -54,7 +54,7 @@ in
   hostSpec = {
     hostName = "rune";
     username = username;
-    password = user.password;
+    hashedPassword = user.hashedPassword;
     email = user.email;
     handle = user.handle;
     userFullName = user.fullName;

hosts/nixos/vm/default.nix

@@ -46,7 +46,7 @@ in
   hostSpec = {
     hostName = "vm";
     username = username;
-    password = user.password;
+    hashedPassword = user.hashedPassword;
     email = user.email;
     handle = user.handle;
     userFullName = user.fullName;

hosts/users/default.nix

@@ -25,7 +25,7 @@ in
     createHome = true;
     description = "Admin";
     homeMode = "750";
-    password = hostSpec.password;
+    hashedPassword = hostSpec.hashedPassword;
     uid = 1000;
     group = "ryot";
     extraGroups = lib.flatten [
@@ -51,7 +51,7 @@ in
   # root's ssh key are mainly used for remote deployment, borg, and some other specific ops
   users.users.root = {
     shell = pkgs.bash;
-    password = lib.mkForce hostSpec.password;
+    hashedPassword = lib.mkForce hostSpec.hashedPassword;
     openssh.authorizedKeys.keys = config.users.users.${hostSpec.username}.openssh.authorizedKeys.keys; # root's ssh keys are mainly used for remote deployment.
   };
 }

hosts/users/minimal/default.nix

@@ -14,7 +14,7 @@ in
   # Set a temp password for use by minimal builds like installer and iso
   users.users.${hostSpec.username} = {
     isNormalUser = true;
-    password = hostSpec.password;
+    hashedPassword = hostSpec.hashedPassword;
     group = "ryot";
     extraGroups = [
       "wheel"

modules/common/host-spec.nix

@@ -17,7 +17,7 @@
       description = "The username for the host's user";
     };
 
-    password = lib.mkOption {
+    hashedPassword = lib.mkOption {
       type = lib.types.str;
       description = "Hashed password for the host's user";
     };

modules/common/secret-spec.nix

@@ -68,7 +68,7 @@ in
       type = lib.types.attrsOf (
         lib.types.submodule {
           options = {
-            password = lib.mkOption {
+            hashedPassword = lib.mkOption {
               type = lib.types.str;
               description = "Hashed password for the user"; # nix-shell -p whois --run 'mkpasswd --method=sha-512 --rounds=656000'
             };