{config, pkgs, lib, ... }: {

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users = {

    mutableUsers = false;
    users.defin = {
      isNormalUser = true;
			description = "Devin Finlinson";
      extraGroups = [ "wheel" "builders" "video" "input" "docker" "dialout" "wireshark" "networkmanager" "libvirtd" "adbusers" ]; # (wheel) Enable ‘sudo’ for the user.
			shell = pkgs.nushell;
      hashedPassword = "$y$j9T$YtRkFL3JLAB/zfyr89aFp.$of1IUt84c2i26l6GQWHO2qX0dNiPDZgVGpaNPVyAs24";

			openssh.authorizedKeys.keys = [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmzvB5AfjjioiGywizWdBVsarvOSw4YGhgxhk8w34rZA4DghCXme8ILbkk4x4k+VTC6dPVKkvjPY1nn+qx1BtySSSj30Oez7iIqmMH2DvsQMa4zBPe6W4CUo76HrkqR4+rghto8fYZFCo6JhScUr48TvpGIEqsWRQxIGXvFpAazmu1OlsycWatruYwJby5wg2ZIEL9Ci0OHdwGfU1OTexY1Bl03s5Qr6dodvdwSc0ft6Qtv/ijy7iC3ySB2NhirUfDOtS8ysV3yhyxlcXgdI1vksZ6GIoB7TsfdcnpCMcOPSGvQLnAY4+5IDQElkC2igSBSiuUbqDbzNSRw+ctHsoqKAyjAob51XphVJh7CcgBkFufSTJLsOBhyyZSrEBlNB7AHJrFQSnoYYlFjILx4gfcqBxDMOSFL1CiarOq3oZ+udaX06uhIjVXzZhkggqxrCRRwOtPd6eKbuK+2oa0h93QtKQQhrwXCpbVRBe5V3u3i4I7xFFMpYJ3Kcteiua1qxKhF9RNP4zJPDzYyxfiDOWEbMxnyEwFENvVgkdPIaFSEtjvzmdEfWRJ9RBlS5H/7hr48Q1berhT8dMoB55xNiQhD2GTqWX81kzjSHzeeakXTzwmgJUhfbMP7E3ndSaeY0MW6U8MYF0f1ZfaL0jFMWo1G8bv2ptayMpykHdTWSXfpQ== defin@gpg"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKm9srflwzQ4CECjDj8Il1aRcnt2rFc4w6mSSMOYds3F defin@allseries"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQqjxtw6iZbw5boN5rz+wH9A+0OyEP3YJoEgwdkF/Bp defin@khad"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxVpBnkWiukuHNt81K2gRNVjOdz9lFiaw0fhZ4CcB3R gitlab"
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD44/CafgJ4GbSwx1ZUQUTnHEi7SKltggN4k9I6ghiSUv8znYdzxa5nDZIF38DkNPG4YqBY2LX+i5XVfvc68P8hgiwCFISEa5orQhTusRAPxyrI8QC75Ez7so/WnRMCckIj/7JprLzo/v3NBieC1OoXiFUxoUhHwVll2siBhHYItzF6IkytKb0G5ZK3V0B6fetw3TY9pMEE1Tcr4VapFDj9neVJxYh1rKR8zjU24uSOWtW/+d4cZIfzVj2ZUS92IO/lwjtzeZwzr3TEkejSaQYZR/WF1oFUs2ZO4bwBn7cvgqHhXbkIKkLjDU8EdwdaOOyWJyZje5Hw96BSQSHuu214l4/lna1iQJpMzr5qESQ7hJqlUupkEiKbCmL0rjJobE84loENq41TBi8292Ve1jV8DWgQVo90rJ/SCcAJvIWQTYDkdEz2y+5NwhwS2T8Ew9h6vs2iN+pcL9PJxFaYcbiHnBj49Gh4J6ARyZtPMvCeI4n7CuJ8K2qjQV36Tt81krs= defin@doretta"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBrDUymBW+rosSI68sxDKLMfH7cOPPLG5K+CuA6aYcsp defin@bosco"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDatxD3mSPG8/72Ka0uuGpGHrwh6N718ZCLCOkOLwmM defin@doretta"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXrt3+N4+ahtXZCUn11evQsVGsGgAohGwafC29/a4fk defin@Radahn"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkGcmYIYCe6GHsZZvnXqsedF0wn+AhGSr+RPJtUO/kl defin@khad"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaMYXO9ghATyUPzyE7aD/XVVmK9UAexueoGEYAqPT4L defin@kebab"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpuV1zp/wtG840C9aJC0BJqSbfpAoncRGbHX/HvhEYU defin@picast"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAB4QbGvZ0YX5Clw02R1ffDfdWl1xL4dLUdcgIxHeHm0 defin@betsy"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUIumSjqtj2fhYJvrFOgJGgQ2oEJBbG9ARzunKDX9mH defin@fairphone5"
        "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCCNKc3MpAm0FkMy9KG2U+Qq5nk/WN/qvVbxUZzEjsFzELEJ/iDF8YQ6K8gyBDe85QQk/AhKBLdzd5ZZPdM5GP8= defin@fairphone5"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5CATqAUsBWLTIaqtdAS/EO3L/04NwKEmnv7D68vO+a defin@biski"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILuW75N5K0/83bOgsB/yymgIHoQgaaAJjW9MMDG9s/2p defin@picast2"
        # keys for remote build
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLx3RgUgbE7THS7hRZypyudEKffj0ppwQfQuxIpPf8H root@zenbook"
      ];
    };
  };

  # nix.settings.trusted-users = [ "@builders" ];
  security.pam = {
    sshAgentAuth.enable = true;
    # services.sudo.sshAgentAuth = true;
  };
  # I can't think of a better spot to put this rn.
  services.openssh = {
    ports = [ 22 2200 ]; # needed because isp blocks ssh over 22
    settings.PasswordAuthentication = false;
  };
}