Declaring a NixOS user with no password?

What exactly happens when a user entry in configuration.nix has no password specified? I added an ssh key, so am able to log in as them, but specified no password or passwordHash. It doesn’t seem to be an empty password, or the root password. Does it have no valid password? I didn’t know that was possible.

  users.users.me = {
    uid = 1000;
    isNormalUser = true;
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = [ "<redacted>" ];
  };
1 Like

(and, is there a place I could have gone to learn this kind of thing for myself in the future?)

Ah, I found the answer with man configuration.nix:

users.users.<name?>.hashedPassword
           Specifies the hashed password for the user. The options hashedPassword, password and passwordFile controls what password is set for the
           user.  hashedPassword overrides both password and passwordFile.  password overrides passwordFile. ***If none of these three options are
           set, no password is assigned to the user, and the user will not be able to do password logins.*** If the option users.mutableUsers is
           true, the password defined in one of the three options will only be set when the user is created for the first time. After that, you
           are free to change the password with the ordinary user management commands. If users.mutableUsers is false, you cannot change user
           passwords, they will always be set according to the password options.

           To generate hashed password install mkpasswd package and run mkpasswd -m sha-512.

           Type: null or string

           Default: null

           Declared by:
               <nixpkgs/nixos/modules/config/users-groups.nix>
4 Likes

Cool, thanks for posting this. I logged in as root after installing nixos then used mkpasswd for my normal user.