{ config, lib, ... }:
let
  cfg = config.kropcloud.admin;
in
{
  options.kropcloud.admin = {
    user = lib.mkOption {
      type = lib.types.str;
      default = "krop";
      description = "Name of the admin user to be created.";
    };
    sshKeys = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = [ ];
      description = "List of SSH public keys to authorize for the admin user.";
    };
  };

  config = {

    age.secrets.mypassword.file = ../../secrets/mypassword.age;

    # Define the admin user
    users.users.${cfg.user} = {
      passwordFile = config.age.secrets.mypassword.path;
      isNormalUser = true;
      extraGroups = [ "wheel" ];
      openssh.authorizedKeys.keys = cfg.sshKeys;
    };
  };
}