{ pkgs, keys, inputs, system, ... }:
let
  extraGroups = [
    "audio"
    "adbusers"
    "disk"
    "docker"
    "networkmanager"
    "openrazer"
    "plugdev"
    "syncthing"
    "systemd-journal"
    "video"
  ];
  extraGroupsWithWheel = extraGroups ++ ["wheel"];
  userDefaults = {
    group = "users";
    isNormalUser = true;
    createHome = true;
    shell = pkgs.zsh;
  };
in
{
  security.sudo.wheelNeedsPassword = false;
  users.users = with keys; {
    syncthing = {
      extraGroups = [ "syncthing" "wheel" ];
      home = "/var/lib/syncthing";
      createHome = true;
      openssh.authorizedKeys.keys = [giteaSecret] ++ kanivanKeys;
    };
    ivanm = userDefaults // {
      extraGroups = extraGroupsWithWheel;
      name = "ivanm";
      openssh.authorizedKeys.keys = kanivanKeys;
    };
    imalison = userDefaults // {
      extraGroups = extraGroupsWithWheel;
      name = "imalison";
      openssh.authorizedKeys.keys = kanivanKeys;
    };
    kat = userDefaults // {
      extraGroups = extraGroupsWithWheel;
      name = "kat";
      openssh.authorizedKeys.keys = kanivanKeys;
    };
    dean = userDefaults // {
      extraGroups = extraGroupsWithWheel;
      name = "dean";
      openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys;
    };
    will = userDefaults // {
      extraGroups = extraGroupsWithWheel;
      name = "will";
      openssh.authorizedKeys.keys = kanivanKeys ++ willKeys;
    };
    alex = userDefaults // {
      extraGroups = extraGroupsWithWheel;
      name = "alex";
      openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys;
    };
    loewy = userDefaults // {
      inherit extraGroups;
      name = "loewy";
      openssh.authorizedKeys.keys = kanivanKeys ++ loewyKeys;
    };
    mike = userDefaults // {
      inherit extraGroups;
      name = "mike";
      openssh.authorizedKeys.keys = kanivanKeys ++ mikeKeys;
    };
    andy = userDefaults // {
      inherit extraGroups;
      name = "andy";
      openssh.authorizedKeys.keys = kanivanKeys ++ andyKeys;
    };
    micah = userDefaults // {
      inherit extraGroups;
      name = "micah";
      openssh.authorizedKeys.keys = kanivanKeys ++ micahKeys;
    };
    unprivileged = userDefaults // {
      extraGroups = ["syncthing"];
      name = "unprivileged";
      openssh.authorizedKeys.keys = [giteaSecret] ++ kanivanKeys;
    };
    ben = userDefaults // {
      inherit extraGroups;
      name = "ben";
      openssh.authorizedKeys.keys = benKeys ++ kanivanKeys;
    };
    railbird = userDefaults // {
      inherit extraGroups;
      name = "railbird";
      openssh.authorizedKeys.keys = inputs.railbird-secrets.keys.railbirdFullstackDevKeys;
    };
    interview = userDefaults // {
      inherit extraGroups;
      name = "interview";
      openssh.authorizedKeys.keys = interviewKeys ++ inputs.railbird-secrets.keys.railbirdFullstackDevKeys;
    };
  };

  nix.sshServe = {
    enable = true;
    keys = keys.allKeys;
  };
}