{ pkgs, ... }:

{
  users = {
    users.deploy = {
      description = "deploys static websites from forgejo";
      shell = "/run/current-system/sw/bin/nologin";
      isSystemUser = true;
      group = "deploy";
      packages = [
        pkgs.rsync
      ];
      openssh.authorizedKeys.keys = [
        "command='rsync --server --daemon . /srv/http/',restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUVX7gs6mqubYsJhi65gvWq4rvA2CtZJFneVRKQHIBs root@www.berlin.ccc.de"
        "command='rsync --server --daemon . /srv/http/www/',restrict ssh-ed25519 AAAAB3NzaC1yc2EAAAADAQABAAABAQCy... git.berlin.ccc.de/cccb/www"
        "command='rsync --server --daemon . /srv/http/www-staging/',restrict ssh-ed25519 AAAAB3NzaC1yc2EAAAADAQABAAABAQCy... git.berlin.ccc.de/cccb/www"
      ];
      #extraGroups = ["nginx"];
    };
    groups.deploy = {};
  };
}