{ config, lib, pkgs, ... }:
let
  aliases = import ../data/aliases.nix;
  enableBuilder = config.networking.hostName == "dragon";
in {
  users = {
    defaultUserShell = pkgs.zsh;
    users = {
      orbekk = {
        isNormalUser = true;
        home = "/home/orbekk";
        uid = 1000;
        description = "KJ";
        extraGroups = [
          "wheel"
          "networkmanager"
          "dialout"
          "uucp"
          "audio"
          "pulse"
          "plugdev"
          "lxd"
          "readonly"
          "input"
          "vboxusers"
          "video"
          "sound"
          "tty"
          "hledger"
          "nginx"
        ];
        openssh.authorizedKeys.keyFiles =
          [ ../data/yubikey_rsa.pub ../data/work-laptop-key.pub ];
      };
      annie = {
        isNormalUser = true;
        home = "/storage/annie";
        uid = 1001;
        description = "Annie Poon";
        extraGroups = [
          "readonly"
        ];
      };
      guest = {
        isNormalUser = true;
        home = "/home/guest";
        uid = 1500;
        description = "Guest";
        extraGroups = [ "networkmanager" "audio" "pulse" "input" ];
      };
      fcgi = {
        group = "fcgi";
        extraGroups = [ "readonly" ];
        uid = 500;
        isSystemUser = true;
      };
      systemhttpd = {
        name = "systemhttpd";
        group = "systemhttpd";
        createHome = true;
        uid = 502;
        home = "/var/lib/systemhttpd";
        isSystemUser = true;
      };
      linoquotes = {
        name = "linoquotes";
        group = "linoquotes";
        createHome = true;
        uid = 503;
        home = "/var/lib/linoquotes";
        isSystemUser = true;
      };
      minecraft = {
        name = "minecraft";
        extraGroups = [ "readonly" ];
        group = "minecraft";
        isSystemUser = true;
      };
      stats = {
        name = "stats";
        group = "stats";
        createHome = true;
        uid = 504;
        home = aliases.services.stats.home;
        isSystemUser = true;
      };
      terraria = {
        name = "terraria";
        group = "terraria";
        createHome = true;
        uid = 505;
        home = "/var/lib/terraria";
        isSystemUser = true;
      };
      readonly = {
        group = "readonly";
        createHome = false;
        uid = 506;
        useDefaultShell = true;
        home = "/storage";
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhRj4eYL01OAboBynL05+YRrYeglZoagbqkGzgX2uJq kagee"
        ];
	isSystemUser = true;
      };
      builder = lib.mkIf enableBuilder {
        isSystemUser = true;
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA2W9SkVc1xKo5QiYOgbCgZbPlFhZLrbG1lS7TUjiZwi root@firelink"
        ];
        useDefaultShell = true;
        group = "builder";
      };
      mpd = lib.mkIf config.services.mpd.enable {
        isSystemUser = true;
        group = "mpd";
        extraGroups = [ "readonly" ];
      };
      nginx = lib.mkIf config.services.nginx.enable {
        isSystemUser = true;
        extraGroups = [ "readonly" ];
      };
      hledger = lib.mkIf config.orbekk.hledger-web.enable {
        isSystemUser = true;
        home = "/var/lib/hledger-web";
        group = "hledger";
      };
    };
    extraGroups = {
      fcgi = {
        name = "fcgi";
        gid = 500;
      };
      plugdev = {
        name = "plugdev";
        gid = 501;
      };
      systemhttpd = {
        name = "systemhttpd";
        gid = 502;
      };
      linoquotes = {
        name = "linoquotes";
        gid = 503;
      };
      stats = {
        name = "stats";
        gid = 504;
      };
      terraria = {
        name = "terraria";
        gid = 505;
      };
      readonly = { gid = 506; };
      hledger = lib.mkIf config.orbekk.hledger-web.enable { };
      minecraft = { };
      builder = { };
    };
  };
}