{ config, ... }:
let
  host = config.networking.hostName;
in
{
  users.mutableUsers = false;
  users.users = {
    lilith = {
      isNormalUser = true;
      uid = 1000;
      extraGroups = [
        "wheel"
        "networkmanager"
      ];
      hashedPasswordFile = config.sops.secrets."user/password".path;
    };

    remotebuilder = {
      isSystemUser = true;
      group = "users";
      extraGroups = [ ];
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7RJ1q5TczmSDge2U2lXrZVtRzOM/D+Bodwrc6h3EjA"
      ];
    };
  };

  sops.secrets = {
    "user/password" = {
      sopsFile = ../../hosts/${host}/secrets/default.yaml;
      neededForUsers = true;
    };
    "user/ssh/private" = {
      sopsFile = ../../hosts/${host}/secrets/default.yaml;
      path = "/home/lilith/.ssh/id_ed25519";
      owner = "lilith";
    };
    "user/ssh/public" = {
      sopsFile = ../../hosts/${host}/secrets/default.yaml;
      path = "/home/lilith/.ssh/id_ed25519.pub";
      owner = "lilith";
    };
    "ssh/nixremote/private" = {
      sopsFile = ../../secrets/default.yaml;
      path = "/root/.ssh/nixremote";
      owner = "root";
    };
  };
}