{ lux, ... }:
let
  lingerForUsers = {
    user.linger = true;
  };
in
{
  den.aspects.orion = {
    provides.to-users = lingerForUsers;

    includes = with lux.services._; [
      caddy
      openssh
      vaultwarden
      radicale
      actual
      gitea
    ];

    nixos =
      { pkgs, ... }:
      {
        environment.systemPackages = [
          pkgs.kitty
        ];

        networking = {
          firewall.enable = true;
          firewall.allowPing = false;
          nftables.enable = true;
        };

        # Use ssh authorization for sudo instead of password
        security.pam = {
          sshAgentAuth.enable = true;
          services.sudo.sshAgentAuth = true;
        };
      };
  };
}