{ config, lib, pkgs, ... }:

let
  cfg = config.homelab.users.admin;
in {
  options.homelab.users.admin = {
    enable = lib.mkEnableOption "user System Administrator";
    authorizedKeys = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = [
        # HomeLab > NixOS > admin > ssh
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGWIOOEqTy8cWKpENVbzD4p7bsQgQb/Dgpzk8i0dZ00T"
      ];
    };
  };

  config = lib.mkIf cfg.enable {
    nix.settings.trusted-users = [
      config.users.users.gh0st.name
    ];

    users.users.gh0st = {
      description = "System Administrator";
      isNormalUser = true;
      extraGroups = [
        config.users.groups.wheel.name # Enable 'sudo' for the user.
      ];
      initialPassword = "ChangeMe";
      openssh.authorizedKeys.keys = cfg.authorizedKeys;
      packages = with pkgs; [
        curl
        git
        tmux
        vim
        wget
      ];
    };
  };
}