{
  lib,
  config,
  pkgs,
  ...
}:
let
  cfg = config.my.utils.serverNodeUsers;
  sshKeys = import ../../ssh-keys.nix;
in
{
  options.my.utils.serverNodeUsers = {
    enable = lib.mkEnableOption "Set users for server hosts";
  };

  config = lib.mkIf cfg.enable {
    users = {

      # If set to false, the contents of the user and group files will simply
      # be replaced on system activation.
      # This also holds for the user passwords.
      # All changed passwords will be reset according
      # to the `users.users` configuration on activation.
      mutableUsers = false;

      users.root = {
        hashedPassword = "!";
        openssh.authorizedKeys.keys = sshKeys.infra-core;
      };

      users.pazpi = {
        isNormalUser = true;
        hashedPassword = "$y$j9T$oWLCV1hnGPyOGabMfAS3p1$/iwouRZGwQXcv6IHnLuT3I9.pmeXNpcHxq.b8xfitr1";
        shell = pkgs.bash;
        extraGroups = [ "wheel" ];
        openssh.authorizedKeys.keys = sshKeys.infra-core;
      };

    };
  };

}