{ inputs, ... }:
let
  username = "john";
  hostname = "janus";
in
{
  flake.modules.homeManager.janus-ca = { config, ... }: {
    home.file.".step/config/defaults.json".text = builtins.toJSON {
      "ca-url" = "https://janus.john-stream.com/";
      fingerprint = "2036c44f7b5901566ff7611ea6c927291ecc6d2dd00779c0eead70ec77fa10d6";
      root = "${config.home.homeDirectory}/.step/certs/root_ca.crt";
    };
    home.file.".step/certs/root_ca.crt".source = ./root_ca.crt;
  };

  flake.nixosConfigurations."${hostname}" = inputs.nixpkgs.lib.nixosSystem {
    modules = with inputs.self.modules; [
      nixos.lxc
      nixos.mysops
      nixos.step-ssh-host
      inputs.home-manager.nixosModules.home-manager
      nixos."${username}"
      nixos.zsh
      nixos.docker
      nixos.login-text
      nixos.mtls
      {
        networking.hostName = hostname;
        step-ssh-host = {
          hostname = hostname;
        };
        mtls = {
          enable = true;
          subject = hostname;
          san = [
            "${hostname}.john-stream.com"
            "192.168.1.244"
          ];
        };

        home-manager.users."${username}" = {
          imports = with inputs.self.modules.homeManager; [
            sops
            step-ssh-user
            janus-ca
          ];
          
          shell.program = "zsh";
          docker.enable = true;
          # step-ssh-user = {
          #   enable = true;
          #   principals = [ "${hostname}" ];
          # };
          ssh.matchSets = {
            certs = true;
            homelab = true;
          };
        };
      }
    ];
  };
}