{ config, lib, pkgs, ... }:
let
  groupExists = grp: builtins.hasAttr grp config.users.groups;
  groupsIfExist = builtins.filter groupExists;
  sshPub = builtins.fromTOML (builtins.readFile ../../../configs/ssh-pubkeys.toml);
in
{

  users.groups.fcuny = { gid = 1000; };
  users.users.fcuny = {
    isNormalUser = true;
    uid = 1000;
    group = "fcuny";
    home = "/home/fcuny";
    shell = pkgs.zsh;
    extraGroups = groupsIfExist [
      "docker"
      "users"
      "nas" # in order to access to files downloaded by transmission
      "wheel" # `sudo` for the user.
      "cdrom" # in order to read from the bluray
    ];
    hashedPassword =
      "$6$i.z1brxtb44JAEco$fDD2Izl.zRR9vBCB2VBKPScChGw38EEl7QEiBTJ/EwgP3oSL0X3ZHq0PJ.RtqzBsWTPUjl4F3MKOBMhnaAPr6.";
    openssh.authorizedKeys.keys = with sshPub; [
      aptos
      work
      ykey-backup
      ykey-keyring
      ykey-laptop
    ];
  };

  users.users.root = {
    hashedPassword = null;
    openssh.authorizedKeys.keys =
      config.users.users.fcuny.openssh.authorizedKeys.keys;
  };
}