Merge pull request 'Allow shared user password' (#4921) from TilmanBaumann/clan-core:main into main

Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4921
Reviewed-by: pinpox <clan@pablo.tools>

clanServices/users/README.md

@@ -17,6 +17,20 @@
       };
     };
 
+    # Deploy user Carol on all machines. Prompt only once and use the
+    # same password on all machines. (`share = true`)
+    user-carol = {
+      module = {
+        name = "users";
+        input = "clan";
+      };
+      roles.default.tags.all = { };
+      roles.default.settings = {
+        user = "carol";
+        share = true;
+      };
+    };
+
     # Deploy user bob only on his laptop. Prompt for a password.
     user-bob = {
       module = {

clanServices/users/default.nix

@@ -59,6 +59,17 @@
               - "input" - Allows the user to access input devices.
             '';
           };
+          share = lib.mkOption {
+            type = lib.types.bool;
+            default = false;
+            example = true;
+            description = ''
+              Weather the user should have the same password on all machines.
+
+              By default, you will be prompted for a new password for every host.
+              Unless `generate` is set to `true`.
+            '';
+          };
         };
       };
 
@@ -82,7 +93,6 @@
             };
 
             clan.core.vars.generators."user-password-${settings.user}" = {
-
               files.user-password-hash.neededFor = "users";
               files.user-password-hash.restartUnits = lib.optional (config.services.userborn.enable) "userborn.service";
               files.user-password.deploy = false;
@@ -107,6 +117,8 @@
                 pkgs.mkpasswd
               ];
 
+              share = settings.share;
+
               script =
                 (
                   if settings.prompt then