{
  self,
  config,
  ...
}: {
  config = {
    facter.reportPath = ./facter.json;
    system.stateVersion = "23.05";
    users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;

    sops = {
      age.keyFile = "/root/.config/sops/age/keys.txt";
      defaultSopsFile = "${self}/secrets/lewis/nixos.yaml";
    };

    deployment = {
      targetHost = "lewis";
      targetUser = "root";
      tags = ["server" "kubernetes"];
    };

    pim = {
      sops-nix.usersWithSopsKeys = ["root"];
      # TODO: this should be dynamically set using Colmena tags
      k3s.serverAddr = "https://jefke.dmz:6443";
      data-sharing.enable = true;
      backups.enable = true;
    };
  };
}