{ config, desktop, lib,  pkgs, ... }: 
let
  ifExists = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in {
  # Define a user account.
  imports = [  ]  ++ lib.optional (builtins.isString desktop) ./desktop.nix;

  users = {
    mutableUsers = false;
    users.albert = {
      isNormalUser = true;
      description = "Albert J. Copeland";
      # video is required for the "light" command to work
      extraGroups = [ "networkmanager" "wheel" ] 
        ++ ifExists [ "keys"      ]
        ++ ifExists [ "audio"     ]
        ++ ifExists [ "pipewire"  ]
        ++ ifExists [ "video"     ] 
        ++ ifExists [ "docker"    ]
        ++ ifExists [ "podman"    ]
        ++ ifExists [ "libvirtd"  ]
        ++ ifExists [ "syncthing" ];
      shell = pkgs.fish;
      # mkpasswd -m sha-512
      hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6";
      openssh.authorizedKeys.keyFiles = [ ../../../keys/ssh/keys.txt ];
    };
    groups.albert = {
      gid = 1000;
      name = "albert";
      members = [ "albert" ];
    };
  };

  # Used in home-manager's atuin config
  # Used here instead of home-manager because HM randomly needs to restart sops-nix and I can't 
  # find a way to do so
  sops.secrets."atuin_key" = {
    sopsFile = ../../../secrets/users/albert.yaml;
    owner = "albert";
  };

  sops.secrets."email_password" = {
    sopsFile = ../../../secrets/users/albert.yaml;
    owner = "albert"; 
  };

  # Make this user trusted
  nix.settings.trusted-users = [ "albert" ];
}