{
  description = "NixOS system configuration";

  inputs = {
    nixpkgs.url = "nixpkgs/nixos-24.05";
    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
    # nixpkgs-master.url = "nixpkgs";
    agenix.url = "github:ryantm/agenix";
    deploy-rs.url = "github:serokell/deploy-rs";
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    home-manager = {
      url = "github:nix-community/home-manager/release-24.05";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    firefox-gnome-theme = {
      url = "github:rafaelmardojai/firefox-gnome-theme";
      flake = false;
    };
    gitea-github-theme = {
      url = "git+ssh://git@git.vimium.com/jordan/gitea-github-theme.git?ref=main";
      flake = false;
    };
    kvlibadwaita = {
      url = "github:GabePoel/KvLibadwaita";
      flake = false;
    };
    nixos-hardware.url = "github:NixOS/nixos-hardware";
    nixos-mailserver = {
      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixvim = {
      url = "github:nix-community/nixvim/nixos-24.05";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    plasma-manager = {
      url = "github:nix-community/plasma-manager";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.home-manager.follows = "home-manager";
    };
    raspberry-pi-nix = {
      url = "github:nix-community/raspberry-pi-nix";
    };
    secrets = {
      url = "git+ssh://git@git.vimium.com/jordan/nix-secrets.git";
      flake = false;
    };
    thunderbird-gnome-theme = {
      url = "github:rafaelmardojai/thunderbird-gnome-theme";
      flake = false;
    };
  };

  outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, agenix, deploy-rs, disko, home-manager, nixos-hardware, nixos-mailserver, ... }:
    let
      inherit (nixpkgs) lib;
      forEachSystem = lib.genAttrs [
        "x86_64-linux"
        "aarch64-linux"
      ];
      mkPkgsForSystem = system: inputs.nixpkgs;
      customPkgs = forEachSystem (system:
        lib.packagesFromDirectoryRecursive {
          callPackage = nixpkgs.legacyPackages.${system}.callPackage;
          directory = ./pkgs;
        });
      overlays = [
        agenix.overlays.default
        (import ./overlays/gnome.nix)
        (import ./overlays/libcamera.nix)
        (
          final: prev: {
            unstable = import inputs.nixpkgs-unstable { system = final.system; };
          }
        )
      ];
      commonModules = [
        agenix.nixosModules.age
        disko.nixosModules.disko
        nixos-mailserver.nixosModule
        home-manager.nixosModule
        ./modules
      ];
      mkNixosSystem = { system, name, extraModules ? [] }:
        let
          nixpkgs = mkPkgsForSystem system;
          lib = (import nixpkgs { inherit overlays system; }).lib;
        in
        inputs.nixpkgs.lib.nixosSystem {
          inherit lib system;
          specialArgs = { modulesPath = toString (nixpkgs + "/nixos/modules"); inherit inputs; };
          baseModules = import (nixpkgs + "/nixos/modules/module-list.nix");
          modules = commonModules ++ [
            ({ config, ... }:
              {
                nixpkgs.pkgs = import nixpkgs {
                  inherit overlays system;
                  config.allowUnfree = true;
                  config.nvidia.acceptLicense = true;
                };
                networking.hostName = name;
              })
            ./hosts/${name}
          ] ++ extraModules;
        };
    in
    {
      legacyPackages = forEachSystem (system:
        lib.packagesFromDirectoryRecursive {
          callPackage = nixpkgs.legacyPackages.${system}.callPackage;
          directory = ./pkgs;
        });

      nixosConfigurations = {
        atlas = mkNixosSystem { system = "x86_64-linux"; name = "atlas"; };
        eos = mkNixosSystem { system = "x86_64-linux"; name = "eos"; };
        helios = mkNixosSystem { system = "x86_64-linux"; name = "helios"; };
        hypnos = mkNixosSystem { system = "x86_64-linux"; name = "hypnos"; };
        library = mkNixosSystem { system = "x86_64-linux"; name = "library"; };
        mail = mkNixosSystem { system = "x86_64-linux"; name = "mail"; };
        odyssey = mkNixosSystem { system = "x86_64-linux"; name = "odyssey"; };
        pi = mkNixosSystem { system = "aarch64-linux"; name = "pi"; extraModules = [ nixos-hardware.nixosModules.raspberry-pi-4 ]; };
        skycam = mkNixosSystem { system = "aarch64-linux"; name = "skycam"; extraModules = [ inputs.raspberry-pi-nix.nixosModules.raspberry-pi ]; };
        vps1 = mkNixosSystem { system = "x86_64-linux"; name = "vps1"; };
      };

      devShells.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.mkShell {
        buildInputs = [
          deploy-rs.packages.x86_64-linux.deploy-rs
        ];
      };

      deploy = {
        magicRollback = true;
        autoRollback = true;
        sshUser = "root";
        nodes = {
          mail = {
            hostname = "mail.mesh.vimium.net";

            profiles.system = {
              user = "root";
              path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mail;
            };
          };
          vps1 = {
            hostname = "vps1.mesh.vimium.net";

            profiles.system = {
              user = "root";
              path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.vps1;
            };
          };
          pi = {
            hostname = "10.0.1.191";

            profiles.system = {
              user = "root";
              path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pi;
            };
          };
          skycam = {
            hostname = "10.0.1.146";

            profiles.system = {
              user = "root";
              path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.skycam;
            };
          };
        };
      };

      checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
    };
}