{ lib, lux, ... }:
{
  den.hosts.x86_64-linux.orion = {
    domain = "jelles.net";
  };

  den.aspects.orion = {
    includes = with lux.services._; [
      caddy
      openssh
      vaultwarden
      radicale
      actual
      gitea

      (
        { user, ... }:
        {
          nixos.users.users."${user.name}".linger = true;
        }
      )
    ];

    nixos =
      { pkgs, ... }:
      {
        environment.systemPackages = [
          pkgs.kitty
        ];

        networking = {
          firewall.enable = true;
          firewall.allowPing = false;
          nftables.enable = true;
        };

        # Use ssh authorization for sudo instead of password
        security.pam = {
          sshAgentAuth.enable = true;
          services.sudo.sshAgentAuth = true;
        };
      };
  };
}