{ config, ... }:
let
  homeModules = config.flake.modules.homeManager;

  realName = "Jelle Spreeuwenberg";

  kiri = {
    name = "kiri";
    homeDirectory = "/home/kiri";
    gitEmail = "mail@jelles.net";
    vaultEmail = "mail@jelles.net";
    extraHomeImports = with homeModules; [ syncthing ];
  };

  ergon = {
    name = "ergon";
    homeDirectory = "/home/ergon";
    gitEmail = "jelle.spreeuwenberg@yookr.org";
    vaultEmail = "jelle.spreeuwenberg@yookr.org";
    extraHomeImports = with homeModules; [ nix ];
  };

  mkUser =
    account:
    {
      config,
      hostType ? "desktop",
      lib,
      pkgs,
      ...
    }:
    let
      username = account.name;
      isServer = hostType == "server";
    in
    {
      sops.secrets = lib.optionalAttrs (!isServer) {
        "hashed-password-${username}".neededForUsers = true;
      };

      programs.zsh.enable = true;

      users.users.${username} = {
        name = username;
        home = account.homeDirectory;
        isNormalUser = true;
        shell = pkgs.zsh;
        extraGroups = [
          "wheel"
          "networkmanager"
        ];
      }
      // lib.optionalAttrs (!isServer) {
        hashedPasswordFile = config.sops.secrets."hashed-password-${username}".path;
      };

      home-manager.users.${username} = {
        home = {
          inherit username;
          homeDirectory = account.homeDirectory;
          stateVersion = "24.05";
        };

        imports = [ homeModules.userBase ] ++ account.extraHomeImports;

        programs.git.settings.user = {
          name = realName;
          email = account.gitEmail;
        };

        programs.rbw.settings.email = account.vaultEmail;
      };
    };
in
{
  flake.modules.nixos.kiri = mkUser kiri;
  flake.modules.nixos.ergon = mkUser ergon;
}