{ config, lib, pkgs, inputs, ... }: {

    options.sysconfig = with lib; {
        users = let 

            userType = types.submodule ({ name, ... }: {
                options = with lib; {
                    username = mkOption {
                        type = with types; passwdEntry str;
                        default = name;
                    };

                    home-manager = {
                        enable = mkOption {
                            type = with types; bool;
                            default = false;
                        };

                        standalone = mkOption {
                            type = with types; bool;
                            default = false;
                            description = "is this home-manager standalone?";
                        };

                        extraModules = mkOption {
                            type = with types; listOf raw;
                            default = [];
                        };
                    };

                    sshKeys = mkOption {
                        type = with types; listOf str;
                        default = [];
                    };

                    uid = mkOption {
                        type = with types; nullOr int;
                        default = null;
                    };

                    hashedPasswordFile = mkOption {
                        type = with types; nullOr str;
                        default = null;
                    };

                    extraGroups = mkOption {
                        type = with types; listOf str;
                        default = [];
                    };

                    shell = mkOption {
                        type = with types; package;
                        default = pkgs.shadow;
                    };
                };
            });

        in lib.mkOption {
            type = lib.types.attrsOf userType;
            default = {};
        };
    };


    config = {
        users.users = builtins.mapAttrs (name: user: {
            name = user.username;
            isNormalUser = true;
            uid = user.uid;
            hashedPasswordFile = lib.mkIf (user.hashedPasswordFile != null) user.hashedPasswordFile;
            shell = user.shell;
            extraGroups = user.extraGroups;
            openssh.authorizedKeys.keys = lib.mkIf config.sysconfig.services.openssh.enable user.sshKeys;
            packages =  with pkgs; lib.mkIf (user.home-manager.enable && user.home-manager.standalone) [ home-manager ];
        }) config.sysconfig.users;
  
        programs.fuse.userAllowOther = true;

        home-manager = {
            backupFileExtension = "backup";
            extraSpecialArgs = { inherit inputs; };
            sharedModules = [ 
                inputs.sops-nix.homeManagerModules.sops 
                inputs.home-manager-config
            ];
            users = (builtins.mapAttrs 
                (name: user: (lib.mkMerge [
                    {
                        homeconfig = {
                            host = config.sysconfig.host;
                            username = user.username;
                            graphical = config.sysconfig.graphical;
                        };
                    }
                ] ++ (if inputs ? ${user.username} then [ (inputs.${user.username} { config = config.home-manager.users.${user.username}; }) ] else []) 
                  ++ user.home-manager.extraModules))
                (builtins.removeAttrs 
                    config.sysconfig.users 
                    (builtins.partition 
                        (name: (config.sysconfig.users.${name}.home-manager.enable && !config.sysconfig.users.${name}.home-manager.standalone))
                        (builtins.attrNames config.sysconfig.users)
                    ).wrong
                )
            );
        };
    };
}