{
  config,
  lib,
  ...
}:
let
  inherit (lib.options) mkEnableOption mkOption;
  inherit (lib.types)
    attrsOf
    listOf
    submodule
    str
    package
    ;
  inherit (config.alqueva) users;
in
{
  options.alqueva.users = mkOption {
    type = attrsOf (submodule {
      options = {
        tmpfiles = mkOption {
          description = "tmpfiles";
          type = listOf str;
          default = [ ];
        };
        packages = mkOption {
          type = listOf package;
          default = [ ];
          description = "Packages installed to the the defined user.";
        };
        groups = mkOption {
          type = listOf str;
          default = [ ];
          description = "Groups to add the defined user to.";
        };
        shell = mkOption {
          type = package;
          default = config.programs.bash.package;
          description = "Shell the user wants to use.";
        };
        enable = (mkEnableOption "this user.") // {
          default = true;
        };
      };
    });
    description = "Users to have on the system.";
    default = { };
  };

  config =
    let
      enabledUsers = lib.filterAttrs (_: user: user.enable) users;
    in
    {
      users.users = builtins.mapAttrs (un: uc: {
        description = un;
        isNormalUser = true;
        extraGroups = uc.groups;
        inherit (uc) packages shell;
        initialPassword = "password";
      }) enabledUsers;

      systemd.user.tmpfiles.users = builtins.mapAttrs (_: uc: {
        rules = uc.tmpfiles;
      }) enabledUsers;
    };
}