{ lib, config, userDetails, ... }: {
	options = {
		users.setPassword.enable = lib.mkEnableOption "set users password. requires hashed root password from sops";
	};

	config = {
		# Load hashed root password secret
		sops.secrets.hashed-root-password = lib.mkIf config.users.setPassword.enable {
			sopsFile = ./resources/secrets/hashed-root-password.yaml;
			neededForUsers = true;
		};

		# Set hashed password file if the setPassword option is enabled
		users.users.root.hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path;

		# Setup normal user
		users.users.${userDetails.username} = {
			home = userDetails.home;
			description = userDetails.fullname;
			isNormalUser = true;
			extraGroups = [
				"i2c"
				"libvirtd"
				"nixbld"
				"video"
				"wheel"
			];
			hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path;
		};
	};
}