{ config
, pkgs
, ... }:

let 
  passwords = import ../common/passwords.crypt.nix;
  mkUser = {uid, hashedPassword, ... } @ args: args // {
    inherit uid hashedPassword;
    isNormalUser = true;
    extraGroups = [
      "docker"
      "wheel"
      "libvirtd"
      "networkmanager"
      "vboxusers"
      "users"
      "input"
      "audio"
      "video"
      "cdrom"
    ];
  };

in
{
  users.mutableUsers = false;
  users.defaultUserShell = pkgs.zsh;

  users.extraUsers.root = {
    hashedPassword = passwords.users.root;
    openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
  };

  users.extraUsers.steveej = mkUser {
    uid = 1000;
    hashedPassword = passwords.users.steveej;
  };

  users.extraUsers.steveej2 = mkUser {
    uid = 1001;
    hashedPassword = passwords.users.steveej2;
  };

  security.pam.enableU2F = true;
  security.pam.services.steveej.u2fAuth = true;
}