1 files changed, 16 insertions, 14 deletions

diff --git a/modules/userSecret.nix b/modules/userSecret.nix
index b47cc95..02502a2 100644
--- a/modules/userSecret.nix
+++ b/modules/userSecret.nix
@@ -1,24 +1,26 @@
 # "secret" consumer
 { config, lib, ... }:
+let
+  topConfig = config;
+in
 {
   options.users.users = lib.mkOption {
-    type = lib.types.attrsOf (lib.types.submodule {
+    type = lib.types.attrsOf (lib.types.submodule ({config, ...}: {
       options.passwordSecret = lib.mkOption {
-        type = lib.types.nullOr config.contracts.secret.consumer;
+        type = lib.types.nullOr topConfig.contracts.secret.consumer;
       };
-    });
-  };
-  config = {
-    # TODO other users than root
-    users.users.root.passwordFile =
-      lib.mkIf (config.users.users.root.passwordSecret != null)
-        config.users.users.root.passwordSecret.output.path;
+      config = {
+        hashedPasswordFile =
+          lib.mkIf (config.passwordSecret.provider != null)
+            config.passwordSecret.output.path;
 
-    users.users.root.passwordSecret.input =
-      lib.mkIf (config.users.users.root.passwordSecret != null) {
-        owner = "root";
-        group = "root";
-        mode = "0400";
+        passwordSecret.input =
+          lib.mkIf (config.passwordSecret.provider != null) {
+            owner = "root";
+            group = "root";
+            mode = "0400";
+          };
       };
+    }));
   };
 }