{ config, ...}: let 
    host = config.networking.hostName;
  in {
  users.mutableUsers = false;
  users.users = {
    lilith = {
      isNormalUser = true;
      uid = 1000;
      extraGroups = [ "wheel" "networkmanager" ];
      hashedPasswordFile = config.sops.secrets."user/password".path;
    };
  };

  sops.secrets = {
    "user/password" = {
      sopsFile = ../hosts/${host}/secrets/default.yaml;
      neededForUsers = true;
    };
    "user/ssh/private" = {
      sopsFile = ../hosts/${host}/secrets/default.yaml;
      path = "/home/lilith/.ssh/id_ed25519";
      owner = "lilith";
    };
    "user/ssh/public" = {
      sopsFile = ../hosts/${host}/secrets/default.yaml;
      path = "/home/lilith/.ssh/id_ed25519.pub";
      owner = "lilith";
    };
  };
}