{
  config,
  lib,
  pkgs,
  ...
}: let
  cfg = config.vhack.users;

  mkUser = {
    name,
    password,
    uid,
    sshKey,
  }: {
    inherit name;
    value = {
      inherit name uid;
      isNormalUser = true;
      home = "/home/${name}";
      hashedPassword = password;
      extraGroups = [
        "wheel"
      ];
      openssh.authorizedKeys.keys = [
        sshKey
      ];
    };
  };

  extraUsers = lib.listToAttrs (builtins.map mkUser [
    {
      name = "soispha";
      password = "$y$jFT$3.8XmUyukZvpExMUxDZkI.$IVrJgm8ysNDF/0vDD2kF6w73ozXgr1LMVRNN4Bq7pv1";
      sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz cardno:000F_18F83532";
      uid = 1000;
    }
    {
      name = "sils";
      password = "$y$jFT$KpFnahVCE9JbE.5P3us8o.$ZzSxCusWqe3sL7b6DLgOXNNUf114tiiptM6T8lDxtKC";
      sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe4o1PM6VasT3KZNl5NYvgkkBrPOg36dqsywd10FztS openpgp:0x21D20D6A";
      uid = 1001;
    }
  ]);
in {
  options.vhack.users = {
    enable = lib.mkEnableOption "user setup";
  };

  config = lib.mkIf cfg.enable {
    users = {
      mutableUsers = false;
      defaultUserShell = pkgs.bashInteractive;

      users =
        {
          root = {
            hashedPassword = lib.mkForce null; # to lock root
            openssh.authorizedKeys.keys = lib.mkForce [];
          };
        }
        // extraUsers;

      # TODO(@bpeetz): Is this still relevant?
      #                If it is, it should be moved to a separate module. <2024-12-24>
      #     nixremote = {
      #       name = "nixremote";
      #       isNormalUser = true;
      #       createHome = true;
      #       home = "/home/nixremote";
      #       uid = 1003;
      #       group = "nixremote";
      #       openssh.authorizedKeys.keys = [
      #         "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCbSWqFzb+WTq2JVoRGoTkCkP7AM3bNY91bsUBeoQQc8gKAWuqCrpAOmr2Q2QMaTTGEOM0CsWfWLs3ZYtynHmc7wIFc4T/sUloV+dB9oSCmOk5ePxtj8+gpPK35Ja+ug5zmXsaI4s+n9mEbuuEjn33MxDYCUzAI+aWvWe68u/j+FM3u9c3Ta009rotajjSZ/cmIltgNLsG1rnAZRpwmLVg5UL4cb9um54o/NLYFd2KAekQFVbwUQDzzqriZhWmzkfhnznBMDblf9R1xvZ18Lqv3JF21shdaR43NW1wtuntBvAdsVYK2VUEbj+3MxTkK0aQ/E9SHMtH8MRE4oxU74TeTWfIhuSZk9/wekzSNMkHP3ReFC6B9xCMYa+ZqaTaGSWLQi78AQDeM2F9rAfp3hQzyRa7T7qKlgbae/hEb07xZglqmG7eml9vPSt4AHv5Y176Q95NiiWduGoLQOmjvSBMU9/KEGrGKyLfGH1Wa2EOfPxKKcvcHW0Xi9PlPiuP0nYk= root@thinklappi"
      #       ];
      #     };
      #   };
      #   groups.nixremote = {
      #     gid = 1004;
      #   };
    };
  };
}