{
  description = "c8h4.io NixOS configuration";

  inputs = {
    nixpkgs = {
      type = "github";
      owner = "NixOS";
      repo = "nixpkgs";
      ref = "refs/heads/nixos-unstable";
      rev = "43bd0ae390a1351d8c6eea85d8243e884987f200"; # 30-04-2024
    };
    home-manager = {
      type = "github";
      owner = "nix-community";
      repo = "home-manager";
      ref = "refs/heads/master";
      rev = "2b87a11125f988a9f67ee63eeaa3682bc841d9b5"; # 06-05-2024
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixos-hardware = {
      type = "github";
      owner = "NixOS";
      repo = "nixos-hardware";
      ref = "refs/heads/master";
      rev = "68d680c1b7c0e67a9b2144d6776583ee83664ef4"; # 30-04-2024
    };
    nixpkgs-sourcehut = {
      type = "github";
      owner = "christoph-heiss";
      repo = "nixpkgs";
      ref = "refs/heads/sourcehut-fix";
      rev = "6729c6c653f17a5f9f1dcf5439d3e98652406042";
    };
    simple-nixos-mailserver = {
      type = "gitlab";
      owner = "simple-nixos-mailserver";
      repo = "nixos-mailserver";
      ref = "refs/heads/master";
      rev = "c63f6e7b053c18325194ff0e274dba44e8d2271e"; # 21-07-2023
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixgl = {
      type = "github";
      owner = "guibou";
      repo = "nixGL";
      ref = "refs/heads/main";
      rev = "d709a8abcde5b01db76ca794280745a43c8662be"; # 19-03-2024
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.flake-utils.follows = "flake-utils";
    };
    flake-utils.url = "github:numtide/flake-utils";
    treefmt-nix = {
      url = "github:numtide/treefmt-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixinate = {
      url = "github:MatthewCroughan/nixinate";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    sops-nix = {
      type = "github";
      owner = "Mic92";
      repo = "sops-nix";
      ref = "refs/heads/master";
      rev = "09f1bc8ba3277c0f052f7887ec92721501541938"; # 21-04-2024
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.nixpkgs-stable.follows = "nixpkgs";
    };
  };

  outputs = { self, nixpkgs, home-manager, nixos-hardware, nixpkgs-sourcehut
    , simple-nixos-mailserver, nixgl, flake-utils, treefmt-nix, nixinate
    , sops-nix }:
    flake-utils.lib.eachSystem [ "x86_64-linux" "aarch64-linux" ] (system:
      let
        pkgs = import nixpkgs { inherit system; };
        inherit (pkgs) lib;

        treefmt = treefmt-nix.lib.evalModule pkgs {
          projectRootFile = "flake.nix";
          programs = {
            deadnix.enable = true;
            nixfmt.enable = true;
            prettier.enable = true;
            shellcheck.enable = true;
            statix.enable = true;
            stylua.enable = true;
          };
        };

        mkHomeManagerFlake = name:
          pkgs.writeShellScript "hm-flake-${name}" ''
            set -x
            ${pkgs.home-manager}/bin/home-manager switch --flake .#${name} -b bak
          '';

      in {
        apps = (nixinate.nixinate.${system} self).nixinate // {
          maui = {
            type = "app";
            program = "${mkHomeManagerFlake "maui"}";
          };
        };

        checks = {
          formatting = treefmt.config.build.check self;
        } // (import ./pkgs { } pkgs)
          // (import ./pkgs/vim-plugins.nix { } pkgs);

        formatter = treefmt.config.build.wrapper;

        devShells.default = pkgs.mkShell {
          inputsFrom = [ treefmt.config.build.devShell ];
          nativeBuildInputs = with pkgs; [ age nix-tree sops ];
        };

        packages = (import ./pkgs) null pkgs;
      }) // (let
        overlays = [
          (import ./pkgs)
          (self: super: {
            vimPlugins = super.vimPlugins
              // (import ./pkgs/vim-plugins.nix self super);
            inherit (import nixpkgs-sourcehut { inherit (super) system; })
              sourcehut;
          })
        ];
        machines = {
          back = { };
          fort = { };
          tank.extraModules = [{
            disabledModules = [ "services/misc/sourcehut" ];
            imports =
              [ "${nixpkgs-sourcehut}/nixos/modules/services/misc/sourcehut" ];
          }];
          trek.extraModules =
            [ nixos-hardware.nixosModules.framework-12th-gen-intel ];
          zero = { };
        };
        mkSystem = name:
          { extraModules ? [ ], system ? "x86_64-linux" }:
          nixpkgs.lib.nixosSystem {
            inherit system;
            modules = [
              sops-nix.nixosModules.sops
              simple-nixos-mailserver.nixosModules.mailserver
              { nixpkgs = { inherit overlays; }; }
              home-manager.nixosModules.home-manager
              # who doesn't love a bit of composability
              ({ config, ... }: {
                _module.args = {
                  inherit (config.sops) secrets;
                  my = import ./secrets/my.nix;
                  nixinate = {
                    host = name;
                    sshUser = "christoph";
                    buildOn = "local";
                    substituteOnTarget = true;
                  };
                };

                imports = [ (./machines + "/${name}.nix") ];
                networking.hostName = name;
                sops.age = {
                  sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
                  keyFile = "/var/lib/sops-nix/key.txt";
                  generateKey = true;
                };
              })
            ] ++ (builtins.attrValues self.nixosModules) ++ extraModules;
          };
      in {
        homeConfigurations.maui = home-manager.lib.homeManagerConfiguration {
          pkgs = import nixpkgs {
            system = "x86_64-linux";
            overlays = overlays ++ [ nixgl.overlay ];
          };

          modules = [ ./machines/maui.nix ];
        };

        nixosConfigurations = builtins.mapAttrs mkSystem machines;
        nixosModules = import ./modules;
      });
}