{ withSystem, self, inputs, ... }:
let
  username = "john";
  hostname = "omen";
in
{
  flake.modules.homeManager."${hostname}" = { config, pkgs, lib, ... }:
  let
    selfPkgs = inputs.self.packages.${pkgs.stdenv.hostPlatform.system};
    flakeDir = "${config.xdg.configHome}/home-manager";
  in
  {
    imports = with inputs.self.modules.homeManager; [
      rebuild
      john
      # mtls
      # restic
      docker
      desktop
      step-client
      # mysops
      # myPackage
      # myStepClient
    ];
    # TODO: make this more restrictive, rather than allowing all unfree packages
    nixpkgs.config.allowUnfree = true;
    nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];

    targets.genericLinux.enable = true;

    home.username = "${username}";
    home.homeDirectory = "/home/${username}";
    home.packages = with pkgs; [
      selfPkgs.jsl-zsh
      selfPkgs.my-neovim
      selfPkgs.ssh-certs
      # selfPkgs.step-bootstrap
      # selfPkgs.wg-platform
      # self'.packages.myWrappedPackage
      # (inputs.self.wrappers.test-push.apply {
      #   inherit pkgs flakeDir;
      #   host = testHost;
      #   target = testTarget;
      # }).wrapper
    ];

    homeManagerFlakeDir = flakeDir;
    docker.enable = true;

    ssh = {
      certificates.enable = true;
      knownHosts = [
        "fded:fb16:653e:25da:be24:11ff:fea0:753f ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9ZqiWPrCwHjxFCiu0lT4rlQs7KyMapxKJQQ5PJP1eh"
      ];
      matchSets = {
        certs = true;
        appdaemon = true;
        homelab = true;
        dev = true;
        tailscale = true;
      };
    };
  };

  flake.homeConfigurations."john@omen" = withSystem "x86_64-linux" (ctx@{ system, inputs', ... }:
    inputs.home-manager.lib.homeManagerConfiguration {
      pkgs = inputs'.nixpkgs.legacyPackages;
      modules = [ inputs.self.modules.homeManager."${hostname}" ]; # Uses the module defined above
  });
}