more separation

modules/users/nathan/nathan.nix

@@ -9,13 +9,16 @@
 
         config = {
 
-            sops.secrets."nathan/pass".neededForUsers = true;
+            sops.secrets."nathan/pass" = {
+                neededForUsers = true;
+                sopsFile = ./secrets.yaml;
+            };
 
             users.users.nathan = {
                 shell = pkgs.zsh;
                 name = lib.mkDefault "nathan";
                 isNormalUser = lib.mkDefault true;
-#hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile;
+                hashedPasswordFile = lib.mkDefault config.sops.secrets."nathan/pass".path;
                 extraGroups = [ "networkmanager" "docker" "libvirtd" "wheel" ];
                 openssh.authorizedKeys.keys = lib.mkMerge [
                     (useWith (homebox ++ iso) [