{ config, ... }:

{
  age.secrets = {
    root-password.file = ../../secrets/root-password.age;
    moritz-password.file = ../../secrets/moritz-password.age;
  };
  users.users = {
    root.hashedPasswordFile = config.age.secrets.root-password.path;
    moritz.hashedPasswordFile = config.age.secrets.moritz-password.path;
  };
  users.mutableUsers = false;
  environment.persistence."/persist" = {
    hideMounts = true;
    directories = [
      "/etc/NetworkManager/system-connections"
      "/var/db/dhcpcd/"
      "/var/lib/NetworkManager/"
      "/var/lib/bluetooth"
      "/var/lib/nixos"
      "/var/lib/systemd/coredump"
      "/var/log"
    ];
    files = [
      "/etc/machine-id"
      "/etc/nix/id_rsa"
      "/etc/ssh/ssh_host_ed25519_key"
      "/etc/ssh/ssh_host_ed25519_key.pub"
      "/etc/ssh/ssh_host_rsa_key"
      "/etc/ssh/ssh_host_rsa_key.pub"
    ];
    users.moritz = {
      directories = [
        ".SynologyDrive/data"
        ".SynologyDrive/log"
        ".cache/keepassxc"
        ".cache/nvim/luac"
        ".config/Nextcloud"
        ".config/keepassxc"
        ".local/share/direnv"
        ".local/share/zoxide"
        ".local/state/nvim"
        ".mozilla"
        "Documents"
        "Downloads"
        "Music"
        "Pictures"
        "Videos"
        { directory = ".gnupg"; mode = "0700"; }
        { directory = ".local/share/keyrings"; mode = "0700"; }
        { directory = ".ssh"; mode = "0700"; }
      ];
      files = [
        ".local/share/fish/fish_history"
        ".local/share/nix/trusted-settings.json"
        ".parallel/will-cite"
      ];
    };
    users.root = {
      home = "/root";
      directories = [
        { directory = ".gnupg"; mode = "0700"; }
        { directory = ".ssh"; mode = "0700"; }
      ];
      files = [
        ".local/share/nix/trusted-settings.json"
      ];
    };
  };
}