{ config, lib, pkgs, ... }: with lib; let administrators = user: { name = user.name; value = { isNormalUser = true; name = user.name; uid = user.id; home = builtins.toPath "/home/${user.name}"; createHome = true; description = "Administrative user ${user.name}."; group = user.name; extraGroups = [ "audio" "wheel" "network" ] ++ (if config.services.xserver.enable then [ "input" ] else []) ++ (if config.services.printing.enable then [ "cups" "lp" ] else []) ++ (if config.virtualisation.docker.enable then [ "docker"] else []); shell = "${pkgs.zsh}/bin/zsh"; passwordFile = "${config.machine.secretPath}/${user.name}"; openssh.authorizedKeys.keyFiles = if config.services.openssh.enable then [ "${config.machine.secretPath}/${user.name}.pub" ] else []; }; }; mkusergroup = user: { name = user.name; value = { name = user.name; gid = user.id; members = [ user.name ]; }; }; in { users = { mutableUsers = false; users = listToAttrs (map administrators config.machine.administrators); groups = listToAttrs (map mkusergroup config.machine.administrators); }; }