{ config, lib, pkgs, ... }:
with builtins;
let
  userModules = let
    userDir = readDir ./.;
    filter = name: kind: name != "default.nix" && kind != "directory";
  in lib.filterAttrs filter userDir;

  import' = name:
    lib.mkIf config.c3d2.users."${name}"
    (import (./. + "/${name}.nix") { inherit config lib pkgs; });

  userNames = let f = replaceStrings [ ".nix" ] [ "" ];
  in map f (attrNames userModules);

in {
  options.c3d2.users = let
    f = name: {
      inherit name;
      value = lib.mkOption {
        type = lib.types.bool;
        default = false;
      };
    };
  in listToAttrs (map f userNames);

  options.c3d2.allUsersCanSshRoot = lib.mkOption {
    type = lib.types.bool;
    default = true;
    description = ''
      Let all people in `lib/users/` login as root for deployment via SSH.
    '';
  };

  config = lib.mkMerge ([ {
    users.users.root = lib.mkIf config.c3d2.allUsersCanSshRoot {
      openssh = lib.mkMerge (map (name:
        let
          userConf = (import' name).content.users.users."${name}";
        in lib.optionalAttrs (userConf ? openssh) userConf.openssh
      ) userNames);
    };
  } ] ++ map import' userNames);
}