{ lib, pkgs, config, ... }:
let
  types = lib.types;
  masters = config.maid.masters;
  hm = config.maid.hm;

  mkUser = name: {
    enable = lib.mkEnableOption name;
    override = lib.mkOption {
      type = types.attrs;
      default = {};
    };
  };
in
{
  options.maid.masters = {
    nero = mkUser "nero";
  };

  config = lib.mkIf masters.nero.enable {
    sops.secrets."users/nero/passwordHash" = {
      neededForUsers = true;
      sopsFile = ../../secrets/users.yaml;
    };

    users.users.nero = {
      isNormalUser = true;
      uid = 1000;
      hashedPasswordFile = config.sops.secrets."users/nero/passwordHash".path;
      extraGroups = [ "networkmanager" "docker" "wheel" "adbuser" ];

      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaWnT7mpLERhm3zIWglNy094a7F7d7cpEImLZYwwWoS nero@lil-maid"
      ];
    } // masters.nero.override;
  };
}