{ inputs, ... }:
let
  username = "john";
  hostname = "test-nix";
in
{
  flake.modules.nixos."${hostname}" = { pkgs, lib, ...}: {
    networking.hostName = "${hostname}";
    services.openssh = {
      enable = true;
      # require public key authentication for better security
      settings.PasswordAuthentication = false;
      settings.KbdInteractiveAuthentication = false;
    };

    imports = with inputs.sops-nix.nixosModules; [
      sops
    ];

    sops.defaultSopsFile = ../../keys/secrets.yaml;
    sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
    # sops.age.keyFile = "/var/lib/sops-nix/key.txt";
    sops.secrets."test-nix/ssh_host_key" = {
      owner = "john";
      path = "/home/john/.ssh/host_key";
    };
  };

  flake.nixosConfigurations."${hostname}" = inputs.nixpkgs.lib.nixosSystem {
    modules = with inputs.self.modules; [
      nixos."${hostname}"
      nixos.lxc
      inputs.home-manager.nixosModules.home-manager
      nixos."${username}"
      nixos.zsh
      nixos.docker
      nixos.step-client
      {
        home-manager.users."${username}" = {
          imports = with inputs.self.modules.homeManager; [
            sops
          ];
          shell.program = "zsh";
          docker.enable = true;
          ssh.matchSets = {
            certs = true;
            homelab = true;
          };
        };
      }
    ];
  };
}