{
  config,
  pkgs,
  lib,
  ...
}:
with lib;
with types;
let

  cfg = config.components.mainUser;

  # todo : use optionalList
  dockerGroup = if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];

  # todo : use optionalList
  vboxGroup = if (config.virtualisation.virtualbox.host.enable) then [ "vboxusers" ] else [ ];

in
{

  options.components.mainUser = {

    enable = mkEnableOption "enable mainUser for a system";

    userName = mkOption {
      type = str;
      default = "palo";
      description = ''
        name of the main user
      '';
    };

    uid = mkOption {
      type = int;
      default = 1337;
      description = ''
        uid of main user
      '';
    };

    extraGroups = mkOption {
      default = [ ];
      type = listOf str;
      description = ''
        list of groups the main user should also be in
      '';
    };

    authorizedKeyFiles = mkOption {
      default = [ ];
      type = listOf str;
      description = ''
        list of keys allowed to login as this user
      '';
    };

  };

  config = mkIf cfg.enable {

    users = {

      mutableUsers = lib.mkDefault true;

      defaultUserShell = pkgs.zsh;

      groups.mainUser.name = cfg.userName;

      users.mainUser = {
        isNormalUser = true;
        name = cfg.userName;
        uid = cfg.uid;
        home = "/home/${cfg.userName}";
        initialPassword = cfg.userName;
        extraGroups =
          [
            "wheel"
            "networkmanager"
            "transmission"
            "wireshark"
            "audio"
            "pipewire"
            "input"
            "dialout"
          ]
          ++ dockerGroup
          ++ vboxGroup
          ++ cfg.extraGroups;
        openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
        group = config.users.groups.mainUser.name;
      };

    };

  };
}