From 3216b8571373b368a0ce809e2976fad8bffd0b90 Mon Sep 17 00:00:00 2001
From: Klemens Nanni <klemens@posteo.de>
Date: Mon, 26 Oct 2020 03:22:17 +0100
Subject: [PATCH] nixos/system-path: Add mkpasswd(1)

Generating password hashes, e.g. when adding new users to the system
configuration, should work out-of-the-box and offline.
---
 nixos/doc/manual/configuration/user-mgmt.xml | 2 +-
 nixos/modules/config/system-path.nix         | 1 +
 nixos/modules/config/users-groups.nix        | 3 +--
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/nixos/doc/manual/configuration/user-mgmt.xml b/nixos/doc/manual/configuration/user-mgmt.xml
index cbec83814c9a..e83e7b75ef54 100644
--- a/nixos/doc/manual/configuration/user-mgmt.xml
+++ b/nixos/doc/manual/configuration/user-mgmt.xml
@@ -38,7 +38,7 @@
   assigned by setting the user's
   <link linkend="opt-users.users._name_.hashedPassword">hashedPassword</link>
   option. A hashed password can be generated using <command>mkpasswd -m
-  sha-512</command> after installing the <literal>mkpasswd</literal> package.
+  sha-512</command>.
  </para>
  <para>
   A user ID (uid) is assigned automatically. You can also specify a uid
diff --git a/nixos/modules/config/system-path.nix b/nixos/modules/config/system-path.nix
index c46937f80081..c65fa1a684f8 100644
--- a/nixos/modules/config/system-path.nix
+++ b/nixos/modules/config/system-path.nix
@@ -33,6 +33,7 @@ let
       pkgs.ncurses
       pkgs.netcat
       config.programs.ssh.package
+      pkgs.mkpasswd
       pkgs.procps
       pkgs.su
       pkgs.time
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix
index 5264d5b56fa5..72285fe631da 100644
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@@ -35,8 +35,7 @@ let
   '';
 
   hashedPasswordDescription = ''
-    To generate a hashed password install the <literal>mkpasswd</literal>
-    package and run <literal>mkpasswd -m sha-512</literal>.
+    To generate a hashed password run <literal>mkpasswd -m sha-512</literal>.
 
     If set to an empty string (<literal>""</literal>), this user will
     be able to log in without being asked for a password (but not via remote