{ lib, config, ... }:

with lib;

let
  baseDN = concatMapStringsSep ","
    (part: "dc=${part}")
    (splitString "." config.networking.domain);
in
{
  users.mutableUsers = false;

  users.users."root" = {
    hashedPassword = "$y$j9T$tz8ojZ2gVOQ5AUp6GMhoj.$mAeE0eTGGsKNGddC7ebk/zFr5IMDyIpOpMP/6o.GI6D";

    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2nkarN0+uSuP5sGwDCb9KRu+FCjO/+da4VypGanPUZ fooker@k-2so"
    ];
  };

  users.ldap = {
    enable = true;

    server = "ldap://manager.${config.networking.domain}/";
    base = baseDN;

    daemon.enable = true;
  };

  users.users."fooker" = {
    isNormalUser = true;
    group = "cluster";
    password = "asdasd123";
  };
}