{ config, lib, pkgs, ... }:

with lib;

let
  administrators = user: {
    name = user.name;
    value = {
      isNormalUser = true;
      name = user.name;
      uid  = user.id;
      home = builtins.toPath "/home/${user.name}";
      createHome = true;
      description = "Administrative user ${user.name}.";
      group = user.name;
      extraGroups = [ "audio" "wheel" "network" ]
        ++ (optional config.services.xserver.enable "input")
        ++ (optionals config.services.printing.enable [ "cups" "lp" ])
        ++ (optional config.virtualisation.docker.enable "docker");
      shell = "${pkgs.zsh}/bin/zsh";
      passwordFile = "${config.machine.secretPath}/${user.name}";
      openssh.authorizedKeys.keyFiles = optional config.services.openssh.enable "${config.machine.secretPath}/${user.name}.pub";
    };
  };

   mkusergroup = user: {
     name = user.name;
     value = {
       name = user.name;
       gid = user.id;
       members = [ user.name ];
     };
   };

in {
  users = {
    mutableUsers = false;
    users = listToAttrs (map administrators config.machine.administrators);
    groups = listToAttrs (map mkusergroup config.machine.administrators);
  };
}