{
  pkgs,
  lib,
  config,
  inputs,
  ...
}: let
  cfg = config.users.custom.malte;
in {
  options.users.custom.malte = with lib; {
    enable = mkEnableOption "user 'malte' on this machine";
  };

  config = lib.mkIf cfg.enable {
    users.users.malte = {
      description = "Malte Tammena";
      hashedPassword = "$6$zqEC2iJJ98Ne$lRERO30msyjJm7oJCqRD/xj3NIm4De37gD.VUzfg7aceosE/6S6eNAaruIakgUtSC970MHRPoNlCEy1RoFuyh.";
      isNormalUser = true;
      extraGroups = [
        "wheel"
        "networkmanager"
        "video"
        "render"
        "lp"
        "kvm"
        "libvirtd"
        "podman"
        "corectrl"
        "scanner"
        "audio"
        "input"
        config.users.groups.adbusers.name
        config.users.groups.keys.name
      ];
      # Yes, use the best, please
      shell = pkgs.fish;
      # Allow my yubikey everywhere
      openssh.authorizedKeys.keyFiles = [../secrets/pub/yubikey.pub];
    };
    users.groups.adbusers = {};

    home-manager.users.malte.imports = [../users/malte/default.nix inputs.hyprland.homeManagerModules.default];
    programs.fish.enable = true;

    services.udev.packages = [
      pkgs.android-udev-rules
    ];

    networking.networkmanager.plugins = [
      pkgs.networkmanager-openconnect
    ];

    programs.dconf.enable = true;
    environment.sessionVariables = {
      GSETTINGS_SCHEMA_DIR = let
        schemaPath = pkg: "${pkg}/share/gsettings-schemas/${pkg.name}/glib-2.0/schemas";
      in [
        (schemaPath pkgs.gsettings-desktop-schemas)
        (schemaPath pkgs.gtk3)
      ];
    };

    # TODO: Remove after switching occupation
    services.clamav.daemon.enable = true;
    services.clamav.updater.enable = true;
    environment.systemPackages = [inputs.self.packages.x86_64-linux.api pkgs.adwaita-icon-theme pkgs.gtk3];

    services.flatpak.enable = true;

    # TODO: Remove/Move
    services.mysql = {
      enable = true;
      package = pkgs.mariadb;
      ensureDatabases = ["notenbuch" "gnomen"];
      ensureUsers = [
        {
          name = "malte";
          ensurePermissions = {
            "*.*" = "ALL PRIVILEGES";
          };
        }
      ];
    };

    hardware.keyboard.qmk.enable = true;

    programs.noisetorch.enable = true;

    services.avahi = {
      enable = true;
      nssmdns4 = true;
      publish.enable = true;
      publish.workstation = true;
    };

    services.blueman.enable = true;

    sops.secrets = let
      sopsFile = ../secrets/users/malte/secrets.yaml;
      owner = "malte";
      mode = "0400";
    in {
      restic-backup-malte = {
        inherit sopsFile owner mode;
        key = "restic-backup";
      };
      openai-aichat-api-key = {
        inherit sopsFile owner mode;
      };
      nix-conf-secrets = {
        inherit sopsFile owner mode;
      };
      pw-mail-pm = {
        inherit sopsFile owner mode;
      };
      pw-mail-uni = {
        inherit sopsFile owner mode;
      };
      pw-mail-gmx = {
        inherit sopsFile owner mode;
      };
      pw-mail-schulverwalter = {
        inherit sopsFile owner mode;
      };
    };
  };
}