Define hashedPasswordFile for all normal users

Hi there,
I’m trying to define hashedPasswordFile in one place for all users defined elsewhere so I can set it just once.

I’m doing this:

  users.users = lib.mkMerge (
    [ { root.hashedPasswordFile = "/persist/passwords/root"; } ] ++
    lib.forEach config.users.users (user:
      { "${user}".hashedPasswordFile = "/persist/passwords/${user}"; }
    )
  );

But it naturally complains about infinite recursion. So I thought a proper way of doing this would be to change the defaults of hashedPasswordFile option in the standard user-groups module. However it uses a submodule for every user and the option looks like this: users.users.<name>.hashedPasswordFile. How do I go about it?

tldr; How to change the defaults of users.users.<name>.hashedPasswordFile?

Multiple declarations of the same option should get merged.
Completely untested, though.
Also I don’t know how well this will play with root or system users overall - maybe add a check for isNormalUser?

{  
  options.users.users = mkOption {
    type = attrsOf (submodule (
      { name, ... }:
      {
        options.hashedPasswordFile = mkOption {
          default = "/persist/passwords/${name}";
        };
      }
    ));
  };
}

Thank you! You gave me the right direction.

Overriding an existing option didn’t work (even with lib.mkForce) so I ended up extending the config part that processes isNormalUser:

  options.users.users = lib.mkOption {
    type = lib.types.attrsOf (lib.types.submodule (
      { name , ... }:
      {
        config = lib.mkIf config.users.users.${name}.isNormalUser {
          hashedPasswordFile = "/persistent/passwords/${name}";
        };
      }
    ));
  };

EDIT: This does not include the root user as I don’t set a password for it for security reasons. However you can probably include it like this:

config = lib.mkIf config.users.users.${name}.isNormalUser || config.users.users.${name}.uid == 0 {