fix: correctly forward user class using fixedTo

[HeitorAugustoLN]

Makes it possible to use the user class in includes, for example:

{ lib, ... }:
{
  _heitor.user =
    let
      username = "heitor";
    in
    {
      user.description = "Heitor Augusto";
      nixos.sops.secrets."${username}/password".neededForUsers = true;

      includes = [
        (
          { host, ... }:
          lib.optionalAttrs (host.class == "nixos") {
            user =
              { osConfig, ... }:
              {
                extraGroups = [
                  "networkmanager"
                  "wheel"
                ];

                hashedPasswordFile = osConfig.sops.secrets."${username}/password".path;
              };
          }
        )
      ];
    };
}

In current main, it fails:

[nixos@nixos:~/infra]$ nix flake check
warning: Git tree '/home/nixos/infra' is dirty
warning: ignoring untrusted substituter 'https://heitor.cachix.org', you are not a trusted user.
Run `man nix.conf` for more information on the `substituters` configuration option.
warning: ignoring the client-specified setting 'trusted-public-keys', because it is a restricted setting and you are not a trusted user
error:
       … while checking flake output 'nixosConfigurations'

       … while checking the NixOS configuration 'nixosConfigurations.axolotl'

       … while calling the 'head' builtin
         at /nix/store/xaknai40sz4yyy5658prwrwmfycj4xvm-source/lib/attrsets.nix:1712:13:
         1711|           if length values == 1 || pred here (elemAt values 1) (head values) then
         1712|             head values
             |             ^
         1713|           else

       … while evaluating the option `system.build.toplevel':

       … while evaluating definitions from `/nix/store/xaknai40sz4yyy5658prwrwmfycj4xvm-source/nixos/modules/system/activation/top-level.nix':

       (stack trace truncated; use '--show-trace' to show the full, detailed trace)

       error:
       Failed assertions:
       - Neither the root account nor any wheel user has a password or SSH authorized key.
       You must set one to prevent being locked out of your system.
       If you really want to be locked out of your system, set users.allowNoPasswordLogin = true;
       However you are most probably better off by setting users.mutableUsers = true; and
       manually running passwd root to set the root password.

[vic]

Hey @HeitorAugustoLN, do we need a little test for this ?

[HeitorAugustoLN]

Hey @HeitorAugustoLN, do we need a little test for this ?

Yes, added a parametric includes test for every builtin custom class to make sure all of them works. Also rebased and removed merge commit

[vic]

awesome, thanks