support unhashed password files

mail-server/users.nix

@@ -90,8 +90,15 @@ in
   config = lib.mkIf enable {
     # assert that all accounts provide a password
     assertions = map (acct: {
-      assertion = acct.hashedPassword != null || acct.hashedPasswordFile != null;
-      message = "${acct.name} must provide either a hashed password or a password hash file";
+      assertion =
+        lib.length (
+          lib.filter (value: value != null) [
+            acct.hashedPassword
+            acct.hashedPasswordFile
+            acct.passwordFile
+          ]
+        ) == 1;
+      message = "Login account ${acct.name} must provide exactly one of password file, hashed password, or hashed password file";
     }) (lib.attrValues loginAccounts);
 
     # warn for accounts that specify both password and file