{
  config,
  lib,
  ...
}: let
  inherit (lib) types mkOption;
  createTmpfilesEntries = entries: builtins.attrValues (builtins.mapAttrs (dest: path: "L+ %h/${dest} - - - - ${path}") entries);
  users = config.alqueva.users;
in {
  options.alqueva.users = mkOption {
    type = types.attrsOf (types.submodule {
      options = {
        tmpfiles = mkOption {
          description = "tmpfiles";
          type = types.attrsOf types.path;
          default = {};
        };
        packages = mkOption {
          type = types.listOf types.package;
          default = [];
          description = "Packages installed to the the defined user.";
        };
        groups = mkOption {
          type = types.listOf types.str;
          default = [];
          description = "Groups to add the defined user to.";
        };
        shell = mkOption {
          type = types.package;
          default = config.programs.bash.package;
          description = "Shell the user wants to use.";
        };
        enable = (lib.mkEnableOption "this user.") // {default = true;};
      };
    });
    description = "Users to have on the system.";
    default = {};
  };

  config = let
    enabledUsers = lib.filterAttrs (_: user: user.enable == true) users;
  in {
    users.users =
      builtins.mapAttrs (un: uc: {
        description = un;
        isNormalUser = true;
        extraGroups = uc.groups;
        inherit (uc) packages shell;
        initialPassword = "password";
      })
      enabledUsers;

    systemd.user.tmpfiles.users =
      builtins.mapAttrs (_: uc: {
        rules = createTmpfilesEntries uc.tmpfiles;
      })
      enabledUsers;
  };
}