{ config, lib, pkgs, ... }: let secrets = config.my.secrets; in { users.mutableUsers = false; users.users.root = { passwordFile = config.age.secrets."users/root-hashed-password".path; }; users.users.alarsyo = { passwordFile = config.age.secrets."users/alarsyo-hashed-password".path; isNormalUser = true; extraGroups = [ "media" "networkmanager" "video" # for `light` permissions "docker" "wheel" # Enable ‘sudo’ for the user. ]; shell = pkgs.fish; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMbf1C55Hgprm4Y7iNHae2UhZbLa6SNeurDTOyq2tr1G alarsyo@yubikey" ]; }; }