From bd6055cae5a12da5af0370ffeeeccbc4c3485960 Mon Sep 17 00:00:00 2001
From: tux <t@tux.rs>
Date: Sun, 10 May 2026 04:54:10 +0530
Subject: [PATCH] feat(users): configure user password based on sops secret

---
 modules/nixos/core/users.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/core/users.nix b/modules/nixos/core/users.nix
index d718467..92719d7 100644
--- a/modules/nixos/core/users.nix
+++ b/modules/nixos/core/users.nix
@@ -8,6 +8,9 @@
       userEmail,
       ...
     }:
+    let
+      hasPasswordSecret = lib.hasAttrByPath [ "sops" "secrets" "tux-password" ] config;
+    in
     {
       programs.zsh.enable = true;
 
@@ -31,7 +34,8 @@
         mutableUsers = false;
         defaultUserShell = pkgs.zsh;
         users.${userName} = {
-          hashedPasswordFile = config.sops.secrets.tux-password.path;
+          hashedPasswordFile = lib.mkIf hasPasswordSecret config.sops.secrets.tux-password.path;
+          initialPassword = lib.mkIf (!hasPasswordSecret) userName;
           isNormalUser = true;
           extraGroups = [
             "networkmanager"