{ lib, config, ... }:
let
  types = lib.types;
in
{
  options.maid.masters.nero = {
    enable = lib.mkEnableOption "Nero user";
    hashedPasswordFile = lib.mkOption {
      type = types.str;
    };
    groups = lib.mkOption {
      type = types.listOf types.str;
      default = [ "wheel" "docker" "networkmanager" ];
    };
    uid = lib.mkOption {
      type = types.int;
      default = 1337;
    };
    authorizedKeys = lib.mkOption {
      type = types.listOf lib.str;
      default = [];
    };
  };

  config = lib.mkIf config.maid.masters.nero.enable (
    let
      nero = config.maid.masters.nero;
    in
    {
      users.users.nero = {
        isNormalUser = true;
        uid = nero.uid;
        openssh.authorizedKeys.keys = nero.authorizedKeys;

        hashedPasswordFile = nero.hashedPasswordFile;
      };
    }
  );
}