{ config, lib, inputs, ... }: { options.sysconfig = { users = let userType = lib.types.submodule ({ username, ... }: { options = { username = lib.mkOption { type = lib.types.str; default = username; }; home-manager = { enable = lib.mkOption { type = lib.types.bool; default = false; }; extraModules = lib.mkOption { type = lib.types.listOf lib.types.raw; default = []; }; }; sshKeys = lib.mkOption { type = lib.types.listOf lib.types.str; default = []; }; hashedPasswordFile = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; }; extraGroups = lib.mkOption { type = lib.types.listOf lib.types.str; default = []; }; }; }); in lib.mkOption { type = lib.types.attrsOf userType; default = {}; }; }; config = { users.users = builtins.mapAttrs (name: user: { name = user.username; isNormalUser = true; hashedPasswordFile = lib.mkIf (user.hashedPasswordFile != null) user.hashedPasswordFile; extraGroups = user.extraGroups; openssh.authorizedKeys.keys = lib.mkIf config.sysconfig.services.openssh.enable config.sysconfig.users.${user.username}.sshKeys; }) config.sysconfig.users; home-manager = { backupFileExtension = "backup"; extraSpecialArgs = {inherit inputs;}; sharedModules = [ inputs.sops-nix.homeManagerModules.sops inputs.home-manager-config ]; users = (builtins.mapAttrs (name: user: (lib.mkMerge [ (inputs.${user.username} { config = config.home-manager.users.${user.username}; inherit lib; }) ] ++ user.home-manager.extraModules)) (builtins.removeAttrs config.sysconfig.users (builtins.partition (name: config.sysconfig.users.${name}.home-manager.enable == true) (builtins.attrNames config.sysconfig.users) ).wrong ) ); }; }; }