universe/host/system/users.nix

{
  lib,
  config,
  pkgs,
  ...
}: let
  cfg = config.universe;
in {
  users = {
    defaultUserShell = pkgs.fish;
    users.${cfg.system.username} = {
      isNormalUser = true;
      extraGroups =
        [
          "wheel"
          "input"
          "networkmanager"
          "video"
          "audio"
        ]
        ++ (
          if cfg.services.podman.enable
          then ["podman"]
          else []
        )
        ++ (
          if cfg.services.libvirtd.enable
          then ["kvm"]
          else []
        )
        ++ (
          if cfg.programs.android-tools.enable
          then ["adbusers"]
          else []
        );
      uid = 1000;
      subGidRanges =
        []
        ++ (
          if cfg.services.podman.enable
          then [
            {
              count = 65536;
              startGid = 100000;
            }
          ]
          else []
        );
      subUidRanges =
        []
        ++ (
          if cfg.services.podman.enable
          then [
            {
              count = 65536;
              startUid = 100000;
            }
          ]
          else []
        );
      useDefaultShell = true;
      openssh.authorizedKeys = {
        keys = cfg.services.openssh.authorizedKeys;
      };
      shell = pkgs.fish;
    };
    groups =
      {}
      // lib.genAttrs (
        []
        ++ (
          if cfg.programs.android-tools.enable
          then ["adbusers"]
          else []
        )
      ) (name: {});
  };
}