{ ... }:

let
  key = f: builtins.readFile (./keys/. + ("/" + f));
in
{
  users = {
    users = {
      # bots
      deploy = {
        isNormalUser = true;
        home = "/home/deploy";
        openssh.authorizedKeys.keys = [ (key "deploy.pub") ];
        extraGroups = [ "wheel" ];
      };

      # humans
      root.openssh.authorizedKeys.keys = [ (key "ben.pub") ];
      ben = {
        isNormalUser = true;
        home = "/home/ben";
        openssh.authorizedKeys.keys = [ (key "ben.pub") ];
        extraGroups = [ "wheel" "networkmanager" "docker" ];
      };
      nick = {
        isNormalUser = true;
        home = "/home/nick";
        openssh.authorizedKeys.keys = [ (key "nick.pub") ];
        extraGroups = [ "docker" ];
      };
    };
  };
}