hashedPassword issues, can't sudo


I am attempting to set a 20.09 server up remotely.

The users I am trying to set up are:

  • Alice - normal user - can sudo - can ssh into
  • root - no direct ssh

This is my users.users.alice:

$ nixos-option -r users.users.alice
users.users.alice.createHome = true;
users.users.alice.cryptHomeLuks = null;
users.users.alice.description = "";
users.users.alice.extraGroups = [ "wheel" ];
users.users.alice.group = "users";
users.users.alice.hashedPassword = "$6$REDACTED_SALT$REDACTED_HASH";
users.users.alice.home = "/home/alice";
users.users.alice.initialHashedPassword = null;
users.users.alice.initialPassword = null;
users.users.alice.isNormalUser = true;
users.users.alice.isSystemUser = false;
users.users.alice.name = "alice";
users.users.alice.openssh.authorizedKeys.keyFiles = [ ];
users.users.alice.openssh.authorizedKeys.keys = [ "ssh-ed25519 REDACTED_HASH REDACTED_EMAIL" ];
users.users.alice.packages = [ ];
users.users.alice.password = null;
users.users.alice.passwordFile = null;
users.users.alice.shell = «derivation /nix/store/mh1a0inx5gik02p64s3cja8dy5zibqbc-bash-interactive-4.4-p23.drv»;
users.users.alice.subGidRanges = [ ];
users.users.alice.subUidRanges = [ ];
users.users.alice.uid = null;
users.users.alice.useDefaultShell = true;

SSH works fine.

AFAIK, adding alice to the wheel group makes her a sudoer, and when I do sudo ls from alice, I get a password prompt so I assume this is correctly set up.

Sadly, when I actually type the password in the sudo prompt, I get “wrong password”.

I generated the hash using mkpasswd -m sha512 [password]. I tried regenerating the hash using the same salt and it checks out.

What am I doing wrong?
Anyone has any advice to offer?
Do you spot any obvious error in my user configuration?

EDIT: just checked an su alice also gives me the same “wrong password” error.

Hmm, that is odd. I believe that’s the correct way of going about things. At least I made basically the same thing work in nixos-up here. I wonder if it has something to do with users.users.alice.isSystemUser = false;