{ inputs, config, ... }: let nixosModules = config.flake.modules.nixos; homeModules = config.flake.modules.homeManager; metaLib = config.meta.lib; in { flake.modules.nixos.orion-admin = { config, lib, pkgs, ... }: let terminalPackage = metaLib.resolvePackagePath { inherit pkgs; path = config.meta.host.users.kiri.terminalPackagePath; }; in { assertions = [ { assertion = terminalPackage != null; message = "Unknown terminal package `${lib.showAttrPath config.meta.host.users.kiri.terminalPackagePath}` for user `kiri`."; } { assertion = terminalPackage != null && lib.elem "terminfo" terminalPackage.outputs; message = "Terminal package `${lib.showAttrPath config.meta.host.users.kiri.terminalPackagePath}` must provide a `terminfo` output for `orion`."; } ]; users.users.kiri = { linger = true; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAU2LydkXRTtNFY7oyX8JQURwXLVhB71DeK8XzrXeFX1 openpgp:0xA490D93A" ]; }; environment.systemPackages = [ ] ++ lib.optional (terminalPackage != null && lib.elem "terminfo" terminalPackage.outputs) ( lib.getOutput "terminfo" terminalPackage ); }; flake.modules.nixos.orion = metaLib.mkHost { name = "orion"; users = { inherit (metaLib.users) kiri; }; imports = [ nixosModules.host-base nixosModules.sops-host-ssh-key nixosModules.openssh nixosModules.caddy nixosModules.server-firewall nixosModules.ssh-agent-auth nixosModules.orion-admin nixosModules.vaultwarden nixosModules.radicale nixosModules.actual nixosModules.gitea (metaLib.mkHostUser { account = metaLib.users.kiri; needsPassword = false; homeImports = [ homeModules.shell homeModules.git homeModules.syncthing ]; }) ./_hardware.nix ./_disk.nix ]; }; }