{ lib, pkgs, ... }:

let
	agentcmd = "${ (pkgs.callPackage ./checkmk-agent/default.nix { }) }/bin/check_mk_agent.sshwrapper";
in
{
  users.users.mon = {
	  isNormalUser = true;
		extraGroups = [ "wheel" ];
		openssh.authorizedKeys.keys = [
			''restrict,command="${ agentcmd }" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGHkivi9Ye/Uj4ZQxrEfarSaz0iLF/XXhY/crNsLoDMu checkmk''
    ];
	};
	security.sudo.extraRules = [ {
		users = [ "mon" ];
		commands = [ {
			command = agentcmd;
			options = [ "NOPASSWD" ];
			} ];
		}
	];
}