nixos/systemd/initrd: Fix emergencyAccess to work with null.

Implementation is now compatible with the option's .type already defined.

This allows us to pass `config.users.users.<user>.hashedPassword` even if this is null (the default).

Before:
true  => access
false => no access
hash  => access via password
null  => eval error

After:
true  => access
false => no access
hash  => access via password
null  => no access

nixos/modules/system/boot/systemd/initrd.nix

@@ -226,8 +226,8 @@ in {
     emergencyAccess = mkOption {
       type = with types; oneOf [ bool (nullOr (passwdEntry str)) ];
       description = ''
-        Set to true for unauthenticated emergency access, and false for
+        Set to true for unauthenticated emergency access, and false or
-        no emergency access.
+        null for no emergency access.
 
         Can also be set to a hashed super user password to allow
         authenticated access to the emergency mode.
@@ -429,7 +429,12 @@ in {
         # We can use either ! or * to lock the root account in the
         # console, but some software like OpenSSH won't even allow you
         # to log in with an SSH key if you use ! so we use * instead
-        "/etc/shadow".text = "root:${if isBool cfg.emergencyAccess then optionalString (!cfg.emergencyAccess) "*" else cfg.emergencyAccess}:::::::";
+        "/etc/shadow".text = let
+          ea = cfg.emergencyAccess;
+          access = ea != null && !(isBool ea && !ea);
+          passwd = if isString ea then ea else "";
+        in
+          "root:${if access then passwd else "*"}:::::::";
 
         "/bin".source = "${initrdBinEnv}/bin";
         "/sbin".source = "${initrdBinEnv}/bin";