nix/hosts/jupiter/users/storm/default.nix

{ config, lib, ... }:
let
  # FIXME: https://github.com/NixOS/nixpkgs/issues/24570
  # FIXME: https://github.com/NixOS/nixpkgs/issues/305643
  user = "storm";
  home = "/home/storm";
in
{
  imports = [
    (import ../../../common/configs/user { inherit user home; })

    (import ../../../common/configs/user/console/home-manager { inherit user home; })
    (import ../../../common/configs/user/console/neovim { inherit user home; })
    (import ../../../common/configs/user/console/podman { inherit user home; })
    (import ../../../common/configs/user/console/sops { inherit user home; })
    (import ../../../common/configs/user/console/tmux { inherit user home; })
    (import ../../../common/configs/user/console/zsh { inherit user home; })

    (import ./configs/console/podman { inherit user home; })
  ];

  # mkpasswd -s
  sops.secrets."${user}-password" = {
    sopsFile = ../../../../secrets/personal/secrets.yaml;
    key = "password";
    neededForUsers = true;
  };

  users = {
    users.${user} = {
      inherit home;
      isSystemUser = true;
      createHome = true;
      description = "Container Runner";
      hashedPasswordFile = config.sops.secrets."${user}-password".path;
      extraGroups = [
        "wheel"
        "storage"
      ];
      linger = true;
      uid = lib.strings.toInt (builtins.readFile ./uid);
      group = user;
      autoSubUidGidRange = true;
      useDefaultShell = true;
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com"
      ];
    };

    groups.${user}.gid = lib.strings.toInt (builtins.readFile ./uid);
  };

  home-manager.users.${user}.home = {
    username = user;
    homeDirectory = home;
  };

  systemd.tmpfiles.rules = [
    "d /mnt/storage/private/${user} 0700 ${user} ${config.users.users.${user}.group}"
  ];
}