system: only set initialPassword if mutable users

hosts/nullbox/impermanence.nix

@@ -107,7 +107,6 @@ in {
 
     users.mutableUsers = false;
     users.users.nullbite.hashedPasswordFile = "/persist/passfile/nullbite";
-    users.users.nullbite.initialPassword = null;
     users.users.root.hashedPasswordFile = "/persist/passfile/root";
   };
 }

system/common/me.nix

@@ -16,8 +16,12 @@ in
       packages = with pkgs; [
         keychain
       ];
-      initialPassword = lib.mkDefault "changeme";
       shell = pkgs.zsh;
+
+      # this should only be configured if mutableUsers is enabled, otherwise it
+      # behaves the same as `password` and takes precedence over
+      # `hashedPasswordFile`, which is undesirable.
+      initialPassword = lib.mkIf config.users.mutableUsers (lib.mkDefault "changeme");
     };
 
     users.groups.nullbite.gid = 1000;