Refactor default sops override config

lib/modules/custom-build-vm.nix

@@ -78,17 +78,10 @@ in {
     virtualisation =
       let
         extendVMConfig =
-          vmVariant: overrideSops: {
+          vmVariant: {
             # Prevent GRUB2 errors in `nixos-rebuild build-vm-with-bootloader`
             boot.loader.efi.efiSysMountPoint = lib.mkVMOverride "/boot";
 
-            # Override passwords backed by `sops-nix` as `nixos-rebuild build-vm-with-bootloader`
-            # does not seem to play along well with `sops-nix`
-            users.sopsPasswordOverride = lib.mkIf overrideSops {
-              enable = true;
-              password = "admin";
-            };
-
             virtualisation = {
               # Enable root permissions to get access to the `/etc/ssh` directory
               runAsRoot = lib.mkIf vmVariant.virtualisation.sharedHostKeys true;

lib/modules/custom-sops-nix.nix

@@ -32,7 +32,14 @@
     virtualisation =
       let
         extendVMConfig =
-          vmVariant: {
+          vmVariant: overrideSops: {
+            # Override passwords backed by `sops-nix` as `nixos-rebuild build-vm-with-bootloader`
+            # does not seem to play along well with `sops-nix`
+            users.sopsPasswordOverride = lib.mkIf overrideSops {
+              enable = lib.mkDefault true;
+              password = lib.mkDefault "admin";
+            };
+
             users.users =
               with { inherit (vmVariant.users) sopsPasswordOverride; };
               (lib.mkIf
@@ -67,8 +74,8 @@
           vmVariantWithBootLoader
         ;
       in {
-        vmVariant = extendVMConfig vmVariant;
-        vmVariantWithBootLoader = extendVMConfig vmVariantWithBootLoader;
+        vmVariant = extendVMConfig vmVariant false;
+        vmVariantWithBootLoader = extendVMConfig vmVariantWithBootLoader true;
       };
   };
 }