{ pkgs, config, lib, ...}: with lib; let cfg = config.eboskma.users.builder; authorizedKeys = builtins.map (key: (builtins.readFile (./keys/${key}))) (builtins.attrNames (builtins.readDir ./keys)); in { options.eboskma.users.builder = { enable = mkEnableOption "builder"; }; config = mkIf (cfg.enable) { users.users.builder = { isSystemUser = true; group = "builder"; useDefaultShell = true; home = "/var/lib/builder"; createHome = true; openssh.authorizedKeys.keys = authorizedKeys; }; users.groups.builder = {}; nix.settings.trusted-users = [ "builder" ]; }; }