2 files changed, 38 insertions, 19 deletions
diff --git a/modules/by-name/us/users/module.nix b/modules/by-name/us/users/module.nix
index d458b3dc..555e61f9 100644
--- a/modules/by-name/us/users/module.nix
+++ b/modules/by-name/us/users/module.nix
@@ -17,6 +17,7 @@
 in {
   options.soispha.users = {
     enable = lib.mkEnableOption "user set-up for soispha";
+
     hashedPassword = lib.mkOption {
       type = lib.types.str;
       example = lib.literalExpression "$y$jFT$ONrCqZIJKB7engmfA4orD/$0GO58/wV5wrYWj0cyONhyujZPjFmbT0XKtx2AvXLG0B";
@@ -40,19 +41,42 @@ in {
     users = {
       mutableUsers = false;
 
-      users.soispha = {
-        isNormalUser = true;
-        home = "/home/soispha";
-        createHome = true;
-        shell = pkgs.zsh;
-        initialHashedPassword = cfg.hashedPassword;
-        extraGroups = cfg.groups ++ lib.optional cfg.enableDeprecatedPlugdev "plugdev";
+      users = {
+        soispha = {
+          isNormalUser = true;
+          home = "/home/soispha";
+          createHome = true;
+          shell = pkgs.zsh;
+          initialHashedPassword = cfg.hashedPassword;
+          extraGroups = cfg.groups ++ lib.optional cfg.enableDeprecatedPlugdev "plugdev";
+
+          uid = 1000;
+          openssh.authorizedKeys.keys = [
+            # TODO: This should be parameterized. <2024-05-16>
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz"
+          ];
+        };
+
+        root = {
+          hashedPassword = lib.mkForce null; # to lock root
+          openssh.authorizedKeys.keys = lib.mkForce [];
+        };
+      };
+    };
+
+    home-manager.users = {
+      soispha.home = {
+        username = "soispha";
+        homeDirectory = config.users.users.soispha.home;
+        stateVersion = "23.05";
+        enableNixpkgsReleaseCheck = true;
+      };
 
-        uid = 1000;
-        openssh.authorizedKeys.keys = [
-          # TODO: This should be parameterized. <2024-05-16>
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz"
-        ];
+      root.home = {
+        username = "root";
+        homeDirectory = config.users.users.root.home;
+        stateVersion = "23.05";
+        enableNixpkgsReleaseCheck = true;
       };
     };
   };
diff --git a/modules/home.legacy/default.nix b/modules/home.legacy/default.nix
index 91f65534..fed2ecf6 100644
--- a/modules/home.legacy/default.nix
+++ b/modules/home.legacy/default.nix
@@ -11,10 +11,10 @@
   nixVim,
   nix-index-database,
   arkenfox-nixos,
+  config,
   ...
 }: let
-  username = "soispha";
-  homeDirectory = "/home/${username}";
+  inherit (config.home) homeDirectory;
 
   # xdg
   configHome = "${homeDirectory}/.config";
@@ -37,11 +37,6 @@ in {
   # I don't know what this does, but I've seen it a lot online, so it should be good, right?
   programs.home-manager.enable = true;
 
-  home = {
-    inherit username homeDirectory;
-    stateVersion = "23.05";
-    enableNixpkgsReleaseCheck = true;
-  };
   xdg = {
     enable = true;
     inherit configHome dataHome stateHome cacheHome; #binHome; # TODO: add binHome, when the standard is extended