Auto generate sops entries for users.

config/users.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, fn, pkgs, ... }:
 
 with lib;
 
@@ -43,6 +43,10 @@ let
      };
    };
 in {
+  sops.secrets = (fn.sopsHelper
+    (user: "users/${user.name}/password")
+    config.machine.administrators
+    { neededForUsers = true; });
   users = {
     mutableUsers = false;
     users = listToAttrs (map administrators config.machine.administrators);

machines/Lilim/sops.nix

@@ -7,7 +7,5 @@
       keyFile = "/var/lib/sops-nix/key.txt";
       generateKey = true;
     };
-    # TODO: auto loop over users
-    secrets."users/derped/password".neededForUsers = true;
   };
 }