{
  config,
  lib,
  machine,
  ...
}: let
  machines = import ./machines.nix;
in {
  users.users =
    builtins.mapAttrs
    (name: value: lib.mkIf (builtins.elem name machine.users) value)
    {
      "andromeda" = {
        isNormalUser = true;
        description = "andromeda";
        hashedPasswordFile = builtins.toString config.age.secrets.andromeda-pw.path;
        extraGroups = [
          "networkmanager"
          "wheel"
        ];
      };
      "mtgmonkey" = {
        isNormalUser = true;
        description = "mtgmonkey";
        hashedPasswordFile = builtins.toString config.age.secrets.mtgmonkey-pw.path;
        extraGroups = [
          (lib.mkIf
            (machine == machines.lenovo)
            "networkmanager")
          "wheel"
        ];
        openssh.authorizedKeys.keys = [
          (lib.mkIf
            (machine == machines."109-199-104-83")
            config.pub-keys.ssh.andromeda)
        ];
      };
    };
  environment.persistence."/persist".users = lib.mkIf config.environment.persistence."/persist".enable (
    builtins.mapAttrs
    (name: value: lib.mkIf (builtins.elem name machine.users) value)
    {
      "andromeda" = {
        directories = [
          ".backups"
          ".local/share/Anki2"
          ".local/share/chat.fluffy.fluffychat"
          ".local/share.zoxide"
          ".ssh"
          "conf"
          "Downloads"
          "pp"
        ];
        files = [
          ".bash_history"
          ".brush_history"
        ];
      };
    }
  );
}