{
  self,
  inputs,
  providers,
  lib,
  config,
  ...
}:

let
  inherit (lib) attrValues mkOption;

in
{
  options = {
    procolixVm = {
      name = mkOption { };
      host = mkOption { };
    };
  };

  config = {
    type = providers.local.exec;

    ssh = {
      host = config.procolixVm.host;
      opts = "";
      hostPublicKey = self.keys.systems.${config.procolixVm.name};
    };

    nixpkgs = inputs.nixpkgs;

    nixos.module = {
      imports = [
        ./nixosConfiguration

        self.nixosModules.ageSecrets
      ];

      ## Necessary to filter Age secrets.
      fediversity.hostPublicKey = self.keys.systems.${config.procolixVm.name};

      ## FIXME: Remove direct root authentication once the NixOps4 NixOS
      ## provider supports users with password-less sudo.
      users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors;
    };
  };
}