{ config, lib, pkgs, ... }:

let
  cfg = config.homelab.users.admin;

  owner = config.users.users.admin.name;
in {
  options.homelab.users.admin.enable = lib.mkEnableOption "user System Administrator";

  config = lib.mkIf cfg.enable {
    nix.settings.trusted-users = [
      config.users.users.admin.name
    ];

    sops.secrets."users/admin/authorized_keys" = {
      format = "yaml";
      sopsFile = ../../secrets/secrets.yaml;
      inherit owner;
    };

    users.users.admin = {
      description = "System Administrator";
      isNormalUser = true;
      extraGroups = [
        config.users.groups.wheel.name # Enable 'sudo' for the user.
      ];
      initialPassword = "ChangeMe";
      openssh.authorizedKeys.keyFiles = [
        /run/secrets/users/admin/authorized_keys
      ];
      packages = with pkgs; [
        curl
        git
        tmux
        vim
        wget
      ];
    };
  };
}