{ lib, config, ... }: let types = lib.types; in { options.maid.masters.nero = { enable = lib.mkEnableOption "Nero user"; groups = lib.mkOption { type = types.listOf types.str; default = [ "wheel" "docker" "networkmanager" ]; }; uid = lib.mkOption { type = types.int; default = 1337; }; authorizedKeys = lib.mkOption { type = types.listOf types.str; default = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaWnT7mpLERhm3zIWglNy094a7F7d7cpEImLZYwwWoS nero@lil-maid" ]; }; }; config = lib.mkIf config.maid.masters.nero.enable ( let nero = config.maid.masters.nero; in { sops.secrets."users/nero/password".neededForUsers = true; users.users.nero = { isNormalUser = true; uid = nero.uid; openssh.authorizedKeys.keys = nero.authorizedKeys; hashedPasswordFile = config.sops.secrets."users/nero/password".path; }; } ); }