diff --git a/hosts/by-name/servo/services/freshrss.nix b/hosts/by-name/servo/services/freshrss.nix
index 65b2efef..64306355 100644
--- a/hosts/by-name/servo/services/freshrss.nix
+++ b/hosts/by-name/servo/services/freshrss.nix
@@ -22,7 +22,7 @@
   services.freshrss.enable = true;
   services.freshrss.baseUrl = "https://rss.uninsane.org";
   services.freshrss.virtualHost = "rss.uninsane.org";
-  services.freshrss.passwordFile = config.sops.secrets.freshrss_passwd.path;
+  services.freshrss.hashedPasswordFile = config.sops.secrets.freshrss_passwd.path;
 
   systemd.services.freshrss-import-feeds =
   let
diff --git a/hosts/by-name/servo/services/wikipedia.nix b/hosts/by-name/servo/services/wikipedia.nix
index d68054c2..926330a4 100644
--- a/hosts/by-name/servo/services/wikipedia.nix
+++ b/hosts/by-name/servo/services/wikipedia.nix
@@ -12,7 +12,7 @@ lib.mkIf false
 
   services.mediawiki.enable = true;
   services.mediawiki.name = "Uninsane Wiki";
-  services.mediawiki.passwordFile = config.sops.secrets.mediawiki_pw.path;
+  services.mediawiki.hashedPasswordFile = config.sops.secrets.mediawiki_pw.path;
   services.mediawiki.extraConfig = ''
     # Disable anonymous editing
     $wgGroupPermissions['*']['edit'] = false;
diff --git a/hosts/common/users/colin.nix b/hosts/common/users/colin.nix
index d864749b..b883f10b 100644
--- a/hosts/common/users/colin.nix
+++ b/hosts/common/users/colin.nix
@@ -32,7 +32,7 @@
     # initial password is empty, in case anything goes wrong.
     # if `colin-passwd` (a password hash) is successfully found/decrypted, that becomes the password at boot.
     initialPassword = lib.mkDefault "";
-    passwordFile = lib.mkIf (config.sops.secrets ? "colin-passwd") config.sops.secrets.colin-passwd.path;
+    hashedPasswordFile = lib.mkIf (config.sops.secrets ? "colin-passwd") config.sops.secrets.colin-passwd.path;
 
     shell = pkgs.zsh;
 
diff --git a/secrets/desko/README.md b/secrets/desko/README.md
index 51e5fb3b..2ccad7e5 100644
--- a/secrets/desko/README.md
+++ b/secrets/desko/README.md
@@ -1,7 +1,7 @@
 - nix_serve_privkey.bin:
     - generate with `nix-store --generate-binary-cache-key desko cache-priv-key.pem cache-pub-key.pem`
 - colin-passwd.bin:
-    - see <https://search.nixos.org/options?channel=unstable&show=users.users.%3Cname%3E.passwordFile&from=0&size=50&sort=relevance&type=packages&query=users.users>
+    - see <https://search.nixos.org/options?channel=unstable&show=users.users.%3Cname%3E.hashedPasswordFile&from=0&size=50&sort=relevance&type=packages&query=users.users>
     - update by running `sudo passwd colin` and then taking the 2nd item from the colin: line in /etc/shadow
     - N.B.: you MUST do `sudo passwd colin` instead of just `passwd`, i guess because of immutable users or something
 - guest/authorized_keys.bin