{
  config,
  lib,
  myData,
  pkgs,
  ...
}:
{
  options.mj.services.borgstor = with lib.types; {
    enable = lib.mkEnableOption "Enable borg storage user";
    dataDir = lib.mkOption { type = path; };
    sshKeys = lib.mkOption { type = listOf str; };
  };

  config =
    with config.mj.services.borgstor;
    lib.mkIf enable {
      users.users.borgstor = {
        description = "Borg Storage";
        home = dataDir;
        shell = "/bin/sh";
        group = "borgstor";
        isSystemUser = true;
        createHome = true;
        uid = myData.uidgid.borgstor;
        openssh.authorizedKeys.keys = map (
          k: ''command="${pkgs.borgbackup}/bin/borg serve --restrict-to-path ${dataDir}",restrict ${k}''
        ) sshKeys;
      };

      users.groups.borgstor.gid = myData.uidgid.borgstor;
    };
}