{ username, ... }: 

{
  nix.settings.trusted-users = [username];

  users.groups = {
    "${username}" = {};
    docker = {};
    wireshark = {};
  };
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users."${username}" = {
    # the hashed password with salt is generated by run `mkpasswd`.
    hashedPassword = "$y$j9T$YQu5vhlnogjDFDWp9QkPh0$Eu85OiwllqvLg5fzRVMLVHNO7InA3ro8grTJJIepyH1";
    home = "/home/${username}";
    isNormalUser = true;
    description = username;
    extraGroups = [
      username
      "users"
      "networkmanager"
      "wheel"
      "docker"
      "wireshark"
      "adbusers"
      "libvirtd"
    ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDiipi59EnVbi6bK1bGrcbfEM263wgdNfbrt6VBC1rHx ryan@ai-idols"
    ];
  };

  # DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure`
  security.sudo.extraRules = [
    {
      users = [username];
      commands = [
        {
          command = "/run/current-system/sw/bin/nix-store";
          options = ["NOPASSWD"];
        }
        {
          command = "/run/current-system/sw/bin/nix-copy-closure";
          options = ["NOPASSWD"];
        }
      ];
    }
  ];
}