From 4a0c10b897ba8aa6c5235a8bbbcae9b13969451a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 23 Sep 2021 21:28:29 +0200
Subject: [PATCH 1/5] modules: system: users: use 'ambroisie' password

Do not rely on `my.user.name` which could be changed to a value not
available in the secrets.
---
 modules/system/users.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/system/users.nix b/modules/system/users.nix
index 3897ad7..65c0ed5 100644
--- a/modules/system/users.nix
+++ b/modules/system/users.nix
@@ -21,7 +21,7 @@ in
         };
 
         ${config.my.user.name} = {
-          inherit (secrets.users.${config.my.user.name}) hashedPassword;
+          inherit (secrets.users.ambroisie) hashedPassword;
           description = "Bruno BELANYI";
           isNormalUser = true;
           shell = pkgs.zsh;

From bd1a2000feb724f56e84f11c929847dbf80c1591 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 23 Sep 2021 21:30:19 +0200
Subject: [PATCH 2/5] modules: system: users: use 'initialHashedPassword'

This is the better option to use in case I want to have a stateless
system.
---
 modules/system/users.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/system/users.nix b/modules/system/users.nix
index 65c0ed5..32b46ca 100644
--- a/modules/system/users.nix
+++ b/modules/system/users.nix
@@ -17,11 +17,11 @@ in
 
       users = {
         root = {
-          inherit (secrets.users.root) hashedPassword;
+          initialHashedPassword = secrets.users.root.hashedPassword;
         };
 
         ${config.my.user.name} = {
-          inherit (secrets.users.ambroisie) hashedPassword;
+          initialHashedPassword = secrets.users.ambroisie.hashedPassword;
           description = "Bruno BELANYI";
           isNormalUser = true;
           shell = pkgs.zsh;

From 3fa14ebe71e8384b90794688bbefc680644ca1e2 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 23 Sep 2021 21:55:17 +0200
Subject: [PATCH 3/5] lib: attrs: add 'recursiveMerge'

---
 lib/attrs.nix | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/lib/attrs.nix b/lib/attrs.nix
index 84b63c7..75114b2 100644
--- a/lib/attrs.nix
+++ b/lib/attrs.nix
@@ -1,6 +1,13 @@
 { lib, ... }:
 let
-  inherit (lib) filterAttrs listToAttrs mapAttrs' nameValuePair;
+  inherit (lib)
+    filterAttrs
+    foldl
+    listToAttrs
+    mapAttrs'
+    nameValuePair
+    recursiveUpdate
+    ;
 in
 {
   # Filter a generated set of attrs using a predicate function.
@@ -19,6 +26,13 @@ in
   #   attrs
   genAttrs' = values: f: listToAttrs (map f values);
 
+  # Merge a list of attrs recursively, later values override previous ones.
+  #
+  # recursiveMerge ::
+  #   [ attrs ]
+  #   attrs
+  recursiveMerge = foldl recursiveUpdate { };
+
   # Rename each of the attributes in an attribute set using the mapping function
   #
   # renameAttrs ::

From c93a9e5a98578ecb6298a5c4cb1704a98b7dadbd Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 23 Sep 2021 21:57:47 +0200
Subject: [PATCH 4/5] home: wm: i3: use 'recursiveMerge'

---
 home/wm/i3.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/home/wm/i3.nix b/home/wm/i3.nix
index 14ec64e..f8080ad 100644
--- a/home/wm/i3.nix
+++ b/home/wm/i3.nix
@@ -154,7 +154,7 @@ in
         };
 
         # I don't care for i3's default values, I specify them all explicitly
-        keybindings = builtins.foldl' (lhs: rhs: lhs // rhs) { } [
+        keybindings = lib.my.recursiveMerge [
           {
             # The basics
             "${modifier}+Return" = "exec ${terminal}";
@@ -298,7 +298,7 @@ in
               in
               lib.my.genAttrs' oneToNine createWorkspaceBinding;
           in
-          builtins.foldl' (lhs: rhs: lhs // rhs) { } [
+          lib.my.recursiveMerge [
             (createWorkspaceBindings modifier "workspace number")
             (createWorkspaceBindings "${modifier}+Shift" "move container to workspace number")
             {

From 2d26b36e31ee449e0f01fdc2b3d41101f838bc22 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 23 Sep 2021 22:11:14 +0200
Subject: [PATCH 5/5] modules: services: nginx: use 'recursiveMerge'

---
 modules/services/nginx.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix
index e7ab566..a68c8b9 100644
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@@ -173,7 +173,7 @@ in
           domain = config.networking.domain;
           mkVHost = ({ subdomain, ... } @ args: lib.nameValuePair
             "${subdomain}.${domain}"
-            (builtins.foldl' lib.recursiveUpdate { } [
+            (lib.my.recursiveMerge [
               # Base configuration
               {
                 forceSSL = true;