From 102c93593af02273a5d7c2c618e9dea1a3cee747 Mon Sep 17 00:00:00 2001
From: Seth Flynn <getchoo@tuta.io>
Date: Thu, 13 Feb 2025 20:21:26 -0500
Subject: nixos/server: don't give system user password

---
 modules/nixos/traits/secrets.nix | 18 ++----------------
 1 file changed, 2 insertions(+), 16 deletions(-)

(limited to 'modules/nixos')

diff --git a/modules/nixos/traits/secrets.nix b/modules/nixos/traits/secrets.nix
index 9216633..0423183 100644
--- a/modules/nixos/traits/secrets.nix
+++ b/modules/nixos/traits/secrets.nix
@@ -2,21 +2,17 @@
   config,
   lib,
   inputs,
-  secretsDir,
   ...
 }:
+
 let
   cfg = config.traits.secrets;
 in
+
 {
   options.traits.secrets = {
     enable = lib.mkEnableOption "secrets management";
 
-    hostUser = lib.mkEnableOption "manager secrets for host user (see `profiles.server.hostUser`)" // {
-      default = config.profiles.server.hostUser;
-      defaultText = "config.profiles.server.hostUser";
-    };
-
     secretsDir = lib.mkOption {
       type = lib.types.path;
       default = inputs.self + "/secrets/${config.networking.hostName}";
@@ -38,16 +34,6 @@ in
           identityPaths = [ "/etc/age/key" ];
         };
       }
-
-      (lib.mkIf (config.profiles.server.enable && cfg.hostUser) {
-        age.secrets = {
-          userPassword.file = secretsDir + "/userPassword.age";
-        };
-
-        users.users.${config.networking.hostName} = {
-          hashedPasswordFile = config.age.secrets.userPassword.path;
-        };
-      })
     ]
   );
 }
-- 
cgit v1.2.3