{ lib, config, pkgs, ... }:

let 
  cfg = config.main-user;
in
{
  options.main-user = {
    enable = lib.mkEnableOption "enable main-user module";
    userName = lib.mkOption {
      default = "submin";
      description = ''
        username
      '';
    };
  };

  config = lib.mkIf cfg.enable {
    users.users.${cfg.userName} = {
      isNormalUser = true;
      initialPassword = "B@dC0d3MangFIX|T";
      description = lib.mkDefault "Just a normal admin";
      # groups: wheel => sudo access, dialout => serial access
      extraGroups = [ "wheel" "networkmanager" "docker" ];
      packages = with pkgs; [
        #kdePackages.kate # ... why did I add this?
        mkcert
        thunderbird # email client
        keepassxc # passwords!
        macchina # like *fetch - display basics
        z-lua # jump around directories (be careful with same-named ones!)
        logseq # REQUIRES TEMPORARY INSECURE ELECTRON
        signal-desktop # messaging
        ddev # local docker dev awesome
        vscodium # vs code editor, but free
        yubikey-manager-qt # yubi key mgmgt - more needed
        #pavucontrol # pulse audio vol control
        # go to 2.17 when no more servers w/python issues (elizabeth)
        ansible_2_16 # deployment/automation
        #python311Full # troubleshooting ansible things.
        #python311Packages.ansible
        # php added for ansible composer build temporarily
        # switch to an ansible build environment instead.
        php81
        php81Packages.composer
        php81Extensions.zip
        php81Extensions.xml
        php81Extensions.dom
        php81Extensions.bz2
        #php81Extensions.yaml
        php81Extensions.zlib
        php81Extensions.zstd
        php81Extensions.intl
        php81Extensions.curl
        php81Extensions.posix
      ];
      shell = pkgs.zsh;
    };
  };
}