system: Add option to specify hashedPassword

It may be useful to add hashedPasswordFile in the future, although from
my testing it was possible to rebuild a VM that used a cached derivation
with the old password.

Ideally your main form of authentication is through LUKS encryption or
SSH keys anyway, and this password should solely be used for sudo
purposes.

modules/system.nix

@@ -1,10 +1,10 @@
 { nix-config, pkgs, lib, config, ... }:
 
 let
-  inherit (lib) mkOption mkEnableOption;
-  inherit (lib.types) str listOf;
+  inherit (lib) mkOption mkEnableOption mkIf;
+  inherit (lib.types) nullOr str listOf;
   inherit (pkgs.nixVersions) nix_2_19;
-  inherit (cfg) username iHaveLotsOfRam;
+  inherit (cfg) username iHaveLotsOfRam hashedPassword;
   inherit (builtins) attrValues;
 
   cfg = config.modules.system;
@@ -20,6 +20,11 @@ in
       default = "user";
     };
 
+    hashedPassword = mkOption {
+      type = nullOr str;
+      default = null;
+    };
+
     timeZone = mkOption {
       type = str;
       default = "America/New_York";
@@ -98,9 +103,11 @@ in
       mutableUsers = false;
 
       users.${username} = {
+        inherit hashedPassword;
+
         isNormalUser = true;
         uid = 1000;
-        password = username;
+        password = mkIf (hashedPassword == null) username;
         extraGroups = [ "wheel" "networkmanager" ];
       };
     };