modules: system: users: make it configurable

Notably, make use of my global 'username' option.

modules/system/users.nix

@@ -1,36 +1,49 @@
 # User setup
 { config, lib, pkgs, ... }:
 let
-  my = config.my;
+  secrets = config.my.secrets;
+  cfg = config.my.system.users;
   groupExists = grp: builtins.hasAttr grp config.users.groups;
   groupsIfExist = builtins.filter groupExists;
 in
 {
-  users.mutableUsers = false; # I want it to be declarative.
+  options.my.system.users = with lib; {
+    enable = my.mkDisableOption "user configuration";
+  };
 
-  # Define user accounts and passwords.
+  config = lib.mkIf cfg.enable {
-  users.users.root.hashedPassword = my.secrets.users.root.hashedPassword;
+    users = {
-  users.users.ambroisie = {
+      mutableUsers = false; # I want it to be declarative.
-    hashedPassword = my.secrets.users.ambroisie.hashedPassword;
+
-    description = "Bruno BELANYI";
+      users = {
-    isNormalUser = true;
+        root = {
-    shell = pkgs.zsh;
+          inherit (secrets.users.root) hashedPassword;
-    extraGroups = groupsIfExist [
+        };
-      "audio" # sound control
+
-      "media" # access to media files
+        ${config.my.username} = {
-      "networkmanager" # wireless configuration
+          inherit (secrets.users.${config.my.username}) hashedPassword;
-      "plugdev" # usage of ZSA keyboard tools
+          description = "Bruno BELANYI";
-      "video" # screen control
+          isNormalUser = true;
-      "wheel" # `sudo` for the user.
+          shell = pkgs.zsh;
-    ];
+          extraGroups = groupsIfExist [
-    openssh.authorizedKeys.keys = with builtins;
+            "audio" # sound control
-      let
+            "media" # access to media files
-        keyDir = ./ssh;
+            "networkmanager" # wireless configuration
-        contents = readDir keyDir;
+            "plugdev" # usage of ZSA keyboard tools
-        names = attrNames contents;
+            "video" # screen control
-        files = filter (name: contents.${name} == "regular") names;
+            "wheel" # `sudo` for the user.
-        keys = map (basename: readFile (keyDir + "/${basename}")) files;
+          ];
-      in
+          openssh.authorizedKeys.keys = with builtins;
-      keys;
+            let
+              keyDir = ./ssh;
+              contents = readDir keyDir;
+              names = attrNames contents;
+              files = filter (name: contents.${name} == "regular") names;
+              keys = map (basename: readFile (keyDir + "/${basename}")) files;
+            in
+            keys;
+        };
+      };
+    };
   };
 }