Obsolete security.initialPassword

You can now set users.extraUsers.root.initialHashedPassword instead.

nixos/modules/config/users-groups.nix

@@ -426,24 +426,12 @@ in {
       options = [ groupOpts ];
     };
 
+    # FIXME: obsolete - will remove.
     security.initialRootPassword = mkOption {
       type = types.str;
       default = "!";
       example = "";
-      description = ''
-        The (hashed) password for the root account set on initial
-        installation. The empty string denotes that root can login
-        locally without a password (but not via remote services such
-        as SSH, or indirectly via <command>su</command> or
-        <command>sudo</command>). The string <literal>!</literal>
-        prevents root from logging in using a password.
-        Note that setting this option sets
-        <literal>users.extraUsers.root.hashedPassword</literal>.
-        Also, if <literal>users.mutableUsers</literal> is false
-        you cannot change the root password manually, so in that case
-        the name of this option is a bit misleading, since it will define
-        the root password beyond the user initialisation phase.
-      '';
+      visible = false;
     };
 
   };
@@ -461,7 +449,7 @@ in {
         shell = mkDefault cfg.defaultUserShell;
         group = "root";
         extraGroups = [ "grsecurity" ];
-        hashedPassword = mkDefault config.security.initialRootPassword;
+        initialHashedPassword = mkDefault config.security.initialRootPassword;
       };
       nobody = {
         uid = ids.uids.nobody;

nixos/modules/installer/cd-dvd/installation-cd-base.nix

@@ -49,5 +49,5 @@ with lib;
   boot.supportedFilesystems = [ "zfs" "btrfs" ];
 
   # Allow the user to log in as root without a password.
-  security.initialRootPassword = "";
+  users.extraUsers.root.initialHashedPassword = "";
 }

nixos/modules/testing/test-instrumentation.nix

@@ -98,7 +98,7 @@ let kernel = config.boot.kernelPackages.kernel; in
     networking.usePredictableInterfaceNames = false;
 
     # Make it easy to log in as root when running the test interactively.
-    security.initialRootPassword = mkDefault "";
+    users.extraUsers.root.initialHashedPassword = mkDefault "";
 
   };
 

nixos/modules/virtualisation/amazon-image.nix

@@ -191,10 +191,5 @@ in
     environment.systemPackages = [ pkgs.cryptsetup ];
 
     boot.initrd.supportedFilesystems = [ "unionfs-fuse" ];
-
-    # Prevent logging in as root without a password.  This doesn't really matter,
-    # since the only PAM services that allow logging in with a null
-    # password are local ones that are inaccessible on EC2 machines.
-    security.initialRootPassword = mkDefault "!";
   };
 }

nixos/modules/virtualisation/docker-image.nix

@@ -38,8 +38,8 @@ in {
     '';
 
 
-  # docker image config
-  require = [
+  # Docker image config.
+  imports = [
     ../installer/cd-dvd/channel.nix
     ../profiles/minimal.nix
     ../profiles/clone-config.nix
@@ -47,16 +47,16 @@ in {
 
   boot.isContainer = true;
 
-  # Iptables do not work in docker
+  # Iptables do not work in Docker.
   networking.firewall.enable = false;
 
   services.openssh.enable = true;
 
-  # Socket activated ssh presents problem in docker
+  # Socket activated ssh presents problem in Docker.
   services.openssh.startWhenNeeded = false;
 
-  # Allow the user to login as root without password
-  security.initialRootPassword = "";
+  # Allow the user to login as root without password.
+  users.extraUsers.root.initialHashedPassword = mkDefault "";
 
   # Some more help text.
   services.mingetty.helpLine =