RFE: Root password

[danbst]

generate random password for root as initial configuration

Some cloud providers allow web console login (Hetzner Cloud, for example).
You can then login and fix network issues (if any).

This change generates a password for root, so it is 1 step easier to do.

(this includes #39)

[elitak]

Make this a non-default option activated by a flag or variable. Having the root password in plaintext in world-readable /etc/nixos is unsafe. Use echo $randpwd | mkpasswd -sm sha-512 and the hashedPassword option, instead. That way, the plaintext password is gone once the system is rebooted.

Also, why does pipefail need to be turned off for the generation?

[danbst]

Make this a non-default option activated by a flag or variable.

Ok, makes sense to create a special --debug parameter, which will add this password automatically and pause before reboot.

I also wonder which other cloud providers (except Hetzner Cloud) can do web console login to server. If none, then this feature is too specialized (inapplicable in general).

[danbst]

Also, why does pipefail need to be turned off for the generation?

Not sure. I think this is because head causes Broken pipe (breaks pipe in the middle of operation). I've seen that once in the wild (NixOS/nixpkgs#56958 (comment))

[elitak]

I prefer the || true idiom, since it takes 2 fewer lines. I also suggest making the option --generate-root-password or something more suggestive than --debug.