{
  self,
  inputs,
  providers,
  lib,
  config,
  ...
}:

let
  inherit (lib) attrValues mkOption;

in
{
  options = {
    procolixVm.name = mkOption { };
  };

  config =
    let
      vmConfig = import (./. + "/${config.procolixVm.name}");
    in
    {
      type = providers.local.exec;

      ssh = {
        host = vmConfig.procolix.vm.ip4;
        opts = "";
        hostPublicKey = self.keys.systems.${config.procolixVm.name};
      };

      nixpkgs = inputs.nixpkgs;

      nixos.module = {
        imports = [
          ## NOTE: We import an attrset as a NixOS module, for convenience, so
          ## as to be able to use it in NixOps4 and to grab information from it
          ## (eg. the IP) without evaluating the whole configuration first.
          vmConfig

          ./common

          self.nixosModules.ageSecrets
        ];

        ## Necessary to filter Age secrets.
        fediversity.hostPublicKey = self.keys.systems.${config.procolixVm.name};

        ## FIXME: Remove direct root authentication once the NixOps4 NixOS
        ## provider supports users with password-less sudo.
        users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors;
      };
    };
}