diff --git a/hosts/common/default.nix b/hosts/common/default.nix
index 83541d9a..56fba0f9 100644
--- a/hosts/common/default.nix
+++ b/hosts/common/default.nix
@@ -16,7 +16,6 @@
     ./secrets.nix
     ./ssh.nix
     ./users
-    ./warnings.nix
   ];
 
   sane.nixcache.enable-trusted-keys = true;
diff --git a/hosts/common/users/colin.nix b/hosts/common/users/colin.nix
index b0789c1c..ca143256 100644
--- a/hosts/common/users/colin.nix
+++ b/hosts/common/users/colin.nix
@@ -51,6 +51,12 @@
     };
   };
 
+  # i explicitly set both `initialPassword` and `hashedPasswordFile`, so ignore the warning against this.
+  # see: <https://github.com/NixOS/nixpkgs/pull/287506>
+  sane.silencedWarnings = [
+    "The user 'colin' has multiple of the options\n`hashedPassword`, `password`, `hashedPasswordFile`, `initialPassword`\n& `initialHashedPassword` set to a non-null value.\nThe options silently discard others by the order of precedence\ngiven above which can lead to surprising results. To resolve this warning,\nset at most one of the options above to a non-`null` value.\n"
+  ];
+
   environment.etc."/security/capability.conf".text = ''
     # The pam_cap.so module accepts the following arguments:
     #
diff --git a/hosts/common/warnings.nix b/hosts/common/warnings.nix
deleted file mode 100644
index 4a40be0a..00000000
--- a/hosts/common/warnings.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ lib, ... }:
-let
-  ignored = [
-    "The user 'colin' has multiple of the options\n`hashedPassword`, `password`, `hashedPasswordFile`, `initialPassword`\n& `initialHashedPassword` set to a non-null value.\nThe options silently discard others by the order of precedence\ngiven above which can lead to surprising results. To resolve this warning,\nset at most one of the options above to a non-`null` value.\n"
-  ];
-in
-{
-  options = {
-    warnings = lib.mkOption {
-      apply = builtins.filter (w: !(builtins.elem w ignored));
-    };
-  };
-}
diff --git a/modules/default.nix b/modules/default.nix
index 9653a127..378f6405 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -16,6 +16,7 @@
     ./ssh.nix
     ./users.nix
     ./vpn.nix
+    ./warnings.nix
     ./wowlan.nix
   ];
 
diff --git a/modules/warnings.nix b/modules/warnings.nix
new file mode 100644
index 00000000..f0baf1fd
--- /dev/null
+++ b/modules/warnings.nix
@@ -0,0 +1,15 @@
+{ config, lib, ... }:
+{
+  options = with lib; {
+    sane.silencedWarnings = mkOption {
+      type = types.listOf types.string;
+      default = [];
+      description = ''
+        list of `config.warnings` values you want to ignore, verbatim.
+      '';
+    };
+    warnings = mkOption {
+      apply = builtins.filter (w: !(builtins.elem w config.sane.silencedWarnings));
+    };
+  };
+}