{ config, lib, ... }:
let
  cfg = config.custom.users.vili;
in
{
  options.custom.users.vili.enable = lib.mkOption {
    type = lib.types.bool;
    default = false;
  };

  config = lib.mkIf cfg.enable {
    sops.secrets =
      lib.mkIf
        (builtins.elem config.networking.hostName [
          "helium"
          "lithium"
        ])
        {
          vili-password = {
            sopsFile = ../../secrets/${config.networking.hostName}/vili.yaml;
            neededForUsers = true;
          };
        };

    users.users.vili = {
      isNormalUser = true;
      home = "/home/vili";
      description = "Vili Sinervä";
      uid = 1000;
      extraGroups = [
        "wheel"
        "networkmanager"
        "audio"
      ];
      openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
      hashedPasswordFile =
        if builtins.hasAttr "vili-password" config.sops.secrets then
          config.sops.secrets.vili-password.path
        else
          null;
    };

    users.groups.vili.gid = 1000;
  };
}