{ pkgs, inputs, config, lib, ... }:
let
  username = "admin";
  pubKeys = lib.filesystem.listFilesRecursive ../keys;
  hostname = config.networking.hostName;
  sopsHashedPasswordFile = config.sops.secrets."passwords/${username}".path;
  secretsDirectory = builtins.toString inputs.nix-secrets;
  secretsFile = "${secretsDirectory}/secrets.yaml";

in
{
  users.users.${username} = {
    isNormalUser = true;
    shell = pkgs.zsh;
    hashedPasswordFile = sopsHashedPasswordFile;
    openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);

    extraGroups = [
      "wheel"
    ];
  };

  environment.persistence."/persist" = {
    directories = [
      "/home/${username}"
    ];
  };

  sops.secrets = {
    "passwords/${username}" = {
      sopsFile = "${secretsFile}";
      neededForUsers = true;
    };
  };

  programs.zsh.enable = true;
  programs.fuse.userAllowOther = true;

  home-manager = {
    extraSpecialArgs = { inherit inputs; };
    users = {
      ${username} = import ../../../../home/${hostname}.nix;
    };
  };
}