{
  lib,
  pkgs,
  ...
}: let
  create_users = host: {
    users.users."${host.username}" = {
      createHome = false;
      home = "/home/chroot/" + host.username;
      isNormalUser = false;
      isSystemUser = true;
      group = "sftp_users";
      openssh.authorizedKeys.keys = [host.key];
      shell = null;
    };
  };

  users = [
    {
      username = "notebook";
      key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7";
    }
  ];
in {
  imports = builtins.map create_users users;

  users.groups = {sftp_users = {};};

  services.openssh.extraConfig = ''
    Match Group sftp_users
      X11Forwarding no
      AllowTcpForwarding no
      ChrootDirectory %h
      ForceCommand internal-sftp
  '';
}