{ config, ... }: {
  sops.secrets = {
    jawz-password.neededForUsers = true;
    "private_keys/age".path = "/home/jawz/.ssh/ed25519_age";
    "public_keys/age".path = "/home/jawz/.ssh/ed25519_age.pub";
    # "private_keys/server".path = "/home/jawz/.ssh/ed25519_server";
    # "public_keys/server".path = "/home/jawz/.ssh/ed25519_server.pub";
    # "private_keys/miniserver".path = "/home/jawz/.ssh/ed25519_miniserver";
    # "public_keys/miniserver".path = "/home/jawz/.ssh/ed25519_miniserver.pub";
    # "public_keys/galaxy" = { };
    # "public_keys/deacero" = { };
  };
  users.users.jawz = {
    isNormalUser = true;
    hashedPasswordFile = config.sops.secrets.jawz-password.path;
    extraGroups = [
      "wheel"
      "networkmanager"
      "scanner"
      "lp"
      "piracy"
      "kavita"
      "video"
      "docker"
      "libvirt"
      "rslsync"
    ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacerocdreyes@100CDREYES"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkpeIV9G26W2/e9PsjBx3sNwPGoicJ807ExRGh4KjhW jawz@server"
      (builtins.readFile ./secrets/ssh/ed25519_workstation.pub)
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILgKVjMLYdE0u+96Y2RjTh5Pf8f4n0h3oMUG6728YGHw jawz@miniserver"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBEblxSDhWPEo33crSjooeUg4W02ruENxHLmmBqCuIo jawz@galaxy"
    ];
  };
}