Make secret path configurable (mainly for container support).

'/secret/hostName' is still required.

config/users.nix

@@ -18,8 +18,8 @@ let
         ++ (if config.services.printing.enable then [ "cups" "lp" ] else [])
         ++ (if config.virtualisation.docker.enable then [ "docker"] else []);
       shell = "${pkgs.zsh}/bin/zsh";
-      passwordFile = "/secret/${user.name}";
-      openssh.authorizedKeys.keyFiles = if config.services.openssh.enable then [ "/secret/${user.name}.pub" ] else [];
+      passwordFile = "${config.machine.secretPath}/${user.name}";
+      openssh.authorizedKeys.keyFiles = if config.services.openssh.enable then [ "${config.machine.secretPath}/${user.name}.pub" ] else [];
     };
   };