{
  lib,
  pkgs,
  ...
}: let
  create_users = host: {
    users.users."${host.username}" = {
      createHome = false;
      home = "/home/chroot/" + host.username;
      isNormalUser = false;
      isSystemUser = true;
      group = "sftp_users";
      openssh.authorizedKeys.keys = [host.key];
      shell = null;
    };
  };

  users = [
    {
      username = "git.cloonar.com";
      key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCkydX9KuRLbLcqYFn/giWZc0vPCx77oh7/9X4oPJtUkWROw1uyZh91iNCxSzV1AZay6rRM8FEwy7PPeAJ7bjsJgHRranqbxHk27H4YXOojw5H9lBozkhcMq7Z6Lz6OMoHdVhZnE525btVLKHWeGtCuoO0pbN5/BsyXEavlGZEaTQbCTjr5sk+f6mG8GqwtuC5yyEY6fGpSs1i72CiwxavLim7nB4vNlbZdWIhmV6MhyAyY5mgt57xJps/mXqXj+/eRqtS7U8KPtJq3uxwsE4cWInToP7TX9GPce1qz4U6+blNwYjt5LTGQs4/kw0IHnJk6IMh+R5kp5L6d6kBeuj0HjMA/Jxei4tD4fsSaHN6gTMSnh2ZwRDwm8Vsk3UJKAWP2heyQAX+axfxHAK4nDGnoFsX/dQV1pUoCD1MdpVS8oyGhDH1ton8oHw7Hsij8AxLgpoEIGa3fKVXaRKQx+YOnpUwoFuHrKh9XH8I7HhrAR6kQWuxaWjFWBgooqlF/iBM= root@git";
    }
    {
      username = "home-assistant.cloonar.com";
      key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnmAkeiyZo0KepL8LBUP91L2jEckc173JFa1x1WjOYwH+mXjaguZGO8yTIdxcq7GM8v/yK9v22MRkXUuPfoTOUKqQ8dlFLT2UJQPCdAG/I8vqS8b5lnhTrudklYLoF9X3TJ20bee/8ospRC5xGfUrDMPze4oSviatyMtKWkPLuj5pQGWl3WUj1lL2vwDvaZW+1CfJMnOADijDJAFtuqL0rXrN00KMif74DHH1hW1SvuW3hBpGkfhKUgtckhvdkv2n4le0yQJOB6lBGaHPB4Z/EQxydiwqcwml3RXjXMR8x+cupWybnJ8BB9BLEBDD5Qqrplr0bIExN22FyEwV1afoma1AqZg0HwJx4fise7Dvh6Dp9PSzx8RGwbTpGyZPwx/ZfaAgSOI5R69LrKGDWONcl4jrGykZWw4XbNJewujOMtDoxOoKYvqsCW2xv8sEGJlo0Q9QzdxgorOb3ND2QZ9OUwm+hMuwiOSECvhiMdqBo5t9qdjRuQTgr8qIBT607M6M= root@home-assistant";
    }
    {
      username = "web-01.cloonar.com";
      key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCl7cvUGMmtpVfJ3PB4Rco7V8z83nivst77SgBn+Z3cHgcDJDu9l3L4Q6rv9b6thmEX+Xf0ri6UwDI8UuJro4F9qpCXsTkHres3f/pDZokgfO7bvU2l7ujq6NnAx0qJWdB6oku36x3t2wBnvkDijXLtGPeQbd6c33hECEwA7QszvoBbGi0yFiGsqR5W7o0kiju/LMzCkExeaspFV6DBtEW0qZVMYx+lBIK5Hi/g3vBjbhFdWGz8T2AITcAnGI9n6f+dg3dlMPEHXnF9KRod1EVDnYMxbEp49i98m65F1xAFwOo35WSg48LlV1PK1VusboE3pHgE2VEFmW1J+PVQZ+z0JAaRBv/wSVN0YzuCLfLtUr10K1W23YbT1UVm7FusKpT1KElZ9adfbk6SXVhXnru40VcwqgYfw7naQJzT8aDI9Tnci+z4xCCxrdUF/psDBPD5sfjMPbjdPbt6Jnx1H9ZodiC/sQUtbn6MMbenMSf/AmuUC9xzpXlqCtPmN1dSC+8= root@web-01";
    }
    {
      username = "mail.cloonar.com";
      key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCfEuRazRv8zKWJSq+T3SssgOrkBFu6y/t6uoMNrD3P9WHowRDejo2rBsWFgPszhfgxLpWHiuSZFMG8z+07k5fVTdmbUwx0vXI1lmQ7AxB/CPwBef2Vpb7b8Rq6geejvP8X6UjQWP0rsCMtoX2SeBDTG8bDlyq1U3vYxVY4hery6a9Wu57OI5VbSIHhqQvExo7euz8V7ORsLyT8gi9x3r8gNaKJmvssB6QXXZ7U2sJaAUjhV/BmrZJD5qR9EwqwiMPJ2+SkZ0Vz6CFG6GLyB/ngXPEfclLKK7AzookJy7WepqojjFTzmOBMH903oR+MIpjDECKxgaFtW4xY0A/tj8ZDCBPtP8AKjediOASkAi7eUMPseQKDE0BNLSidC0hlQUe0aPaMeA8b1U86PblzpgF8ntkUPbxhO0AgHKq9fPN+f58f75fryNbhgPRRkeLet1q3hxguEMg2MIg/EqIw862YPWPtGRk0wJHwQU7jx+9BbjdptAVTJo/Cj9vM7mpZphE= root@mail";
    }
    {
      username = "nb-01.cloonar.com";
      key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7";
    }
  ];
in {
  imports = builtins.map create_users users;

  users.groups = {sftp_users = {};};

  services.openssh.extraConfig = ''
    Match Group sftp_users
      X11Forwarding no
      AllowTcpForwarding no
      ChrootDirectory %h
      ForceCommand internal-sftp
  '';
}