nixos/server: don't give system user password

2 files changed, 2 insertions, 16 deletions

diff --git a/modules/nixos/traits/secrets.nix b/modules/nixos/traits/secrets.nix
index 9216633..0423183 100644
--- a/modules/nixos/traits/secrets.nix
+++ b/modules/nixos/traits/secrets.nix
@@ -2,21 +2,17 @@
   config,
   lib,
   inputs,
-  secretsDir,
   ...
 }:
+
 let
   cfg = config.traits.secrets;
 in
+
 {
   options.traits.secrets = {
     enable = lib.mkEnableOption "secrets management";
 
-    hostUser = lib.mkEnableOption "manager secrets for host user (see `profiles.server.hostUser`)" // {
-      default = config.profiles.server.hostUser;
-      defaultText = "config.profiles.server.hostUser";
-    };
-
     secretsDir = lib.mkOption {
       type = lib.types.path;
       default = inputs.self + "/secrets/${config.networking.hostName}";
@@ -38,16 +34,6 @@ in
           identityPaths = [ "/etc/age/key" ];
         };
       }
-
-      (lib.mkIf (config.profiles.server.enable && cfg.hostUser) {
-        age.secrets = {
-          userPassword.file = secretsDir + "/userPassword.age";
-        };
-
-        users.users.${config.networking.hostName} = {
-          hashedPasswordFile = config.age.secrets.userPassword.path;
-        };
-      })
     ]
   );
 }
diff --git a/secrets/atlas/userPassword.age b/secrets/atlas/userPassword.age
deleted file mode 100644
index 35b1526..0000000
--- a/secrets/atlas/userPassword.age
+++ /dev/null