Set the sudo password separately than the login password on NixOS

I would like to setup my system to use a different password for sudo than for login.

I’ve found out how to do this for non-NixOS systems here, but I’d like to be able to do this on my NixOS device.

rootpw isn’t an effective solution here, as that allows logging into root directly via a different tty, unless there is a way to cut away the other ttys…

For context (to narrow down what would be helpful) this is for the purpose of parental control. The child should not be able to login without parental permission (withholding the login password), but once logged-in, they should be allowed to perform system administration (sudo).

I’m still a beginner at NixOS, so I don’t know how to translate this into my declarative configuration.

Any help would be appreciated, thanks!