{config, pkgs, lib, ... }: {

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users = {

    mutableUsers = false;
    users.defin = {
      isNormalUser = true;
			description = "Devin Finlinson";
      extraGroups = [ "wheel" "builders" "video" "input" "docker" "dialout" "wireshark" "networkmanager" "libvirtd" "adbusers" ]; # (wheel) Enable ‘sudo’ for the user.
			shell = pkgs.nushell;
      hashedPassword = "$y$j9T$YtRkFL3JLAB/zfyr89aFp.$of1IUt84c2i26l6GQWHO2qX0dNiPDZgVGpaNPVyAs24";

			openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQqjxtw6iZbw5boN5rz+wH9A+0OyEP3YJoEgwdkF/Bp defin@khad"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxVpBnkWiukuHNt81K2gRNVjOdz9lFiaw0fhZ4CcB3R gitlab"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBrDUymBW+rosSI68sxDKLMfH7cOPPLG5K+CuA6aYcsp defin@bosco"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDatxD3mSPG8/72Ka0uuGpGHrwh6N718ZCLCOkOLwmM defin@doretta"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXrt3+N4+ahtXZCUn11evQsVGsGgAohGwafC29/a4fk defin@Radahn"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaMYXO9ghATyUPzyE7aD/XVVmK9UAexueoGEYAqPT4L defin@kebab"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpuV1zp/wtG840C9aJC0BJqSbfpAoncRGbHX/HvhEYU defin@picast"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAB4QbGvZ0YX5Clw02R1ffDfdWl1xL4dLUdcgIxHeHm0 defin@betsy"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUIumSjqtj2fhYJvrFOgJGgQ2oEJBbG9ARzunKDX9mH defin@fairphone5"
        "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCCNKc3MpAm0FkMy9KG2U+Qq5nk/WN/qvVbxUZzEjsFzELEJ/iDF8YQ6K8gyBDe85QQk/AhKBLdzd5ZZPdM5GP8= defin@fairphone5"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5CATqAUsBWLTIaqtdAS/EO3L/04NwKEmnv7D68vO+a defin@biski"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILuW75N5K0/83bOgsB/yymgIHoQgaaAJjW9MMDG9s/2p defin@picast2"
        # keys for remote build
      ];
    };
  };

  # nix.settings.trusted-users = [ "@builders" ];
  security.pam = {
    sshAgentAuth.enable = true;
    # services.sudo.sshAgentAuth = true;
  };
  # I can't think of a better spot to put this rn.
  services.openssh = {
    ports = [ 22 2200 ]; # needed because isp blocks ssh over 22
    settings.PasswordAuthentication = false;
  };
}