rework secrets

modules/common.nix

@@ -10,6 +10,8 @@
     identityPaths = ["/etc/ssh/ssh_host_ed25519_key"];
 
     secrets = {
+      rootPassword.file = ../secrets/${config.networking.hostName}/rootPassword.age;
+      userPassword.file = ../secrets/userPassword.age;
       tailscaleKey.file = ../secrets/tailscaleKey.age;
     };
   };
@@ -104,6 +106,8 @@
 
   time.timeZone = "Europe/Paris";
 
+  users.users.root.hashedPasswordFile = config.age.secrets.rootPassword.path;
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave