1  { inputs, lib, config, self, hostname, vars, modulespath, ... }: let
 2  
 3    cfg = config.modules.enroll;
 4  
 5  in {
 6    options.modules = {
 7      enroll = {
 8        enable = lib.mkEnableOption "Enable auto-enroll";
 9        d = lib.mkEnableOption "Is host enrolled?";
10      };
11      installer = {
12        enable = lib.mkEnableOption "Use installation mode";
13      };
14    };
15  
16    imports = [
17        inputs.agenix.nixosModules.default
18        inputs.lix-module.nixosModules.default
19        inputs.nix-topology.nixosModules.default
20        (self + "/hosts/${hostname}/configuration.nix")
21        (modulespath + /utils/enroll)
22        (modulespath + /networking)
23        (modulespath + /security)
24        (modulespath + /users)
25        (modulespath + /nix)
26        ./remote
27    ];
28  
29  
30    config = {
31      modules = {
32        # consider the device enrolled if it's hostname is in the inventory
33        enroll.d = builtins.hasAttr "${hostname}" inputs.inventory.outputs.hosts;
34  
35        networking = {
36          resolved.enable = true;
37        };
38      };
39      age = {
40        rekey = lib.mkIf cfg.d {
41          hostPubkey = lib.mkDefault inputs.inventory.hosts.${hostname}.hostkey;
42        };
43      };
44  
45      programs = {
46        git = {
47          config = {
48            core.sshCommand = "ssh -i /etc/ssh/ssh_host_ed25519_key";
49          };
50        };
51      };
52  
53      _module.args.nixinate = {
54        host = (lib.findFirst (x: x ? inet ) null(inputs.inventory.hosts.${hostname}.ip)).inet;
55        sshUser = "root";
56        buildOn = "local"; # valid args are "local" or "remote"
57        substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s"
58        hermetic = false;
59        flakeArgs = "?submodules=1";
60        flakePath = "/etc/nixos";
61      };
62    };
63  }