{ pkgs, ... }:

{
  users.groups.automation = { };
  users.users.automation = {
    isSystemUser = true;
    createHome = false;
    group = "automation";
    shell = pkgs.automation-shell;
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJk5vjODKwMUnvQAM1cvBhOhyErdeZcdPMYdIjf9dNEG hass@tank.c8h4.io"
    ];
  };

  security.sudo.extraRules = [{
    users = [ "automation" ];
    commands = [{
      command = "/run/current-system/sw/bin/systemctl poweroff";
      options = [ "NOPASSWD" ];
    }];
  }];

  services.openssh.settings.AllowUsers = [ "automation" ];
}