{
  config,
  pkgs,
  ...
}:
{
  imports = [
    ./home/user.nix
    ./home/root.nix
  ];
  sops.secrets."user/password" = {
    neededForUsers = true;
    sopsFile = ./secrets/home.yaml;
  };
  sops.secrets."root/password" = {
    neededForUsers = true;
    sopsFile = ./secrets/home.yaml;
  };
  users = {
    mutableUsers = true;

    users = {
      root = {
        homeMode = "700";
        hashedPasswordFile = config.sops.secrets."root/password".path;
      };
      microvm = {
        uid = 999;
        isSystemUser = true;
      };
      # agent = {
      #   uid = 1001;
      #   homeMode = "770";
      #   shell = pkgs.fish;
      #   isNormalUser = true;
      #   group = "agents";
      #   extraGroups = [ "user" ];
      # };
      user = {
        uid = 1000;
        homeMode = "700";
        home = "/home/user";
        shell = pkgs.fish;
        isNormalUser = true;
        group = "user";
        extraGroups = [
          "libvirt"
          "systemd-journal"
          "kvm"
          "agents"
        ];
        hashedPasswordFile = config.sops.secrets."user/password".path;
      };
    };
    groups = {
      user.gid = 1000;
      agents.gid = 777;
    };
  };
}