{ lib, config, userDetails, ... }: {
	options = {
		users.setPassword.enable = lib.mkEnableOption "set users password. requires hashed root password from sops";
	};

	config = {
		users.users.root = lib.mkIf config.users.setPassword.enable {
			hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
		};
		users.users.${userDetails.username} = {
			description = userDetails.fullname;
			isNormalUser = true;
			hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path;
			extraGroups = [
				"i2c"
				"libvirtd"
				"nixbld"
				"video"
				"wheel"
			];
		};
	};
}