Specifies the initial password for the user, i.e. the password assigned if the user does not already exist. If users.mutableUsers is true, the password can be changed subsequently using the passwd command. Otherwise, it's equivalent to setting the password option. The same caveat applies: the password specified here is world-readable in the Nix store, so it should only be used for guest accounts or passwords that will be changed promptly.
The initialHashedPassword, hashedPassword, initialPassword, password and hashedPasswordFile options all control what password is set for the user.
In a system where is false, typically only one of hashedPassword, password, or hashedPasswordFile will be set.
In a system where is true, typically only one of initialPassword, initialHashedPassword, or hashedPasswordFile will be set.
If the option users.mutableUsers is true, the password defined in one of the above password options will only be set when the user is created for the first time. After that, you are free to change the password with the ordinary user management commands. If users.mutableUsers is false, you cannot change user passwords, they will always be set according to the password options.
If none of the password options are set, then no password is assigned to the user, and the user will not be able to do password-based logins.
If multiple of these password options are set at the same time then a specific order of precedence is followed, which can lead to surprising results. The order of precedence differs depending on whether the users.mutableUsers option is set.
If the option users.mutableUsers is false, then the order of precedence is as shown below, where values on the left are overridden by values on the right: initialHashedPassword -> hashedPassword -> initialPassword -> password -> hashedPasswordFile
If the option users.mutableUsers is true, then the order of precedence is as shown below, where values on the left are overridden by values on the right: initialHashedPassword -> initialPassword -> hashedPassword -> password -> hashedPasswordFile.