From 18e795abdcbb975994be55ebcb3d581f3db8640f Mon Sep 17 00:00:00 2001
From: Adrian G L <adrian@lauterer.it>
Date: Wed, 20 May 2026 15:31:30 +0200
Subject: [PATCH] feat: add initialdeploy hashed password to root

---
 base/default.nix       | 2 ++
 base/services/acme.nix | 1 -
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/base/default.nix b/base/default.nix
index 031f5d0..df3d5e9 100644
--- a/base/default.nix
+++ b/base/default.nix
@@ -84,6 +84,8 @@
 
   # users.mutableUsers = lib.mkDefault false;
 
+  users.users.root.initialHashedPassword = "$y$j9T$ahP6GAdttD17OMBo7Yqeh.$Ad7qBcFvTL7HrJ9uTtrQzksN3220Nj9t/CrP6DwgK34"; # generated using mkpasswd, see huttiheita root on vaultwarden
+
   users.groups."drift".name = "drift";
 
   # Trusted users on the nix builder machines
diff --git a/base/services/acme.nix b/base/services/acme.nix
index 37adb1c..c2d7f74 100644
--- a/base/services/acme.nix
+++ b/base/services/acme.nix
@@ -8,6 +8,5 @@
   # Let's not spam LetsEncrypt in `nixos-rebuild build-vm` mode:
   virtualisation.vmVariant = {
     security.acme.defaults.server = "https://127.0.0.1";
-    users.users.root.initialPassword = "root";
   };
 }