Update README.md with a note for Impermanence Users

[GameDungeon]

A note was added to the "Setting a user's password" part of the Read-me to help people avoid a serious pitfall. Warns Impermanence Users to link to they keyfile through there persist instead of the normal way.

[byronogis]

I think there is a stright way to solve it.
Just set attr program.openssh.hostKeys by self, make sure the each hostKeys path are storage in you persist path.
(This also can let ssh key static, not change after reboot because of data clear.)
And everything is ok, sops-nix will auto use it by default.

Like this:

{
  program.openssh.hostKeys = [
    {
        bits = 4096;
        path = "/persist/etc/ssh/ssh_host_rsa_key";
        type = "rsa";
      }
      {
        path = "/persist/etc/ssh/ssh_host_ed25519_key";
        type = "ed25519";
      }
  ];
}

[GameDungeon]

That might be a good additional thing to add, but it is essentially the same point except with ssh instead of key files. Moving the key files to the persist directory so they are available at boot time before impermanence has run.

If you are sure this works and think I should add it, I can do that. Maybe in a detail section so it doesn't take up much space.

[byronogis]

If you are sure this works

Yes, it is work. I build nixos and set user password with hashedPasswordFile with sops-nix.
That is my config

[Mic92]

@mergify queue

[mergify]

queue

🛑 The pull request has been removed from the queue default

The pull request #509 has been manually updated.

You can take a look at Queue: Embarked in merge queue check runs for more details.

In case of a failure due to a flaky test, you should first retrigger the CI.
Then, re-embark the pull request into the merge queue by posting the comment
@mergifyio refresh on the pull request.