alqueva/hosts/shared/users.nix

{
  config,
  lib,
  ...
}: let
  inherit (lib) types mkOption;
  createTmpfilesEntries = entries: builtins.attrValues (builtins.mapAttrs (dest: path: "L+ %h/${dest} - - - - ${path}") entries);
  cfg = config.alqueva.users;
in {
  options.alqueva.users = mkOption {
    description = "Users to have on the system.";
    default = {};
    type = types.attrsOf (types.submodule {
      options = {
        tmpfiles = mkOption {
          description = "tmpfiles";
          type = types.attrsOf types.path;
          default = {};
        };
        packages = mkOption {
          type = types.listOf types.package;
          default = [];
          description = "Packages installed to the the defined user.";
        };
        groups = mkOption {
          type = types.listOf types.str;
          default = [];
          description = "Groups to add the defined user to.";
        };
        shell = mkOption {
          type = types.package;
          default = config.programs.bash.package;
          description = "Shell the user wants to use.";
        };
      };
    });
  };

  config = {
    users.users =
      builtins.mapAttrs (user: ucfg: {
        description = user;
        isNormalUser = true;
        extraGroups = ucfg.groups;
        inherit (ucfg) packages shell;
        initialPassword = "password";
      })
      cfg;

    systemd.user.tmpfiles.users =
      builtins.mapAttrs (_: ucfg: {
        rules = createTmpfilesEntries ucfg.tmpfiles;
      })
      cfg;
  };
}