{
  description = "NixOS system configuration";

  inputs = {
    nixpkgs.url = "nixpkgs/nixos-24.05";
    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
    # nixpkgs-master.url = "nixpkgs";
    agenix.url = "github:ryantm/agenix";
    deploy-rs.url = "github:serokell/deploy-rs";
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    home-manager = {
      url = "github:nix-community/home-manager/release-24.05";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    firefox-gnome-theme = {
      url = "github:rafaelmardojai/firefox-gnome-theme";
      flake = false;
    };
    gitea-github-theme = {
      url = "git+ssh://git@git.vimium.com/jordan/gitea-github-theme.git?ref=main";
      flake = false;
    };
    kvlibadwaita = {
      url = "github:GabePoel/KvLibadwaita";
      flake = false;
    };
    nixos-hardware.url = "github:NixOS/nixos-hardware";
    nixos-mailserver = {
      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixvim = {
      url = "github:nix-community/nixvim/nixos-24.05";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    plasma-manager = {
      url = "github:nix-community/plasma-manager";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.home-manager.follows = "home-manager";
    };
    secrets = {
      url = "git+ssh://git@git.vimium.com/jordan/nix-secrets.git";
      flake = false;
    };
    thunderbird-gnome-theme = {
      url = "github:rafaelmardojai/thunderbird-gnome-theme";
      flake = false;
    };
  };

  outputs = inputs @ { self, nixpkgs, ... }:
    let
      inherit (nixpkgs) lib;

      domain = "mesh.vimium.net";
      forEverySystem = lib.getAttrs lib.systems.flakeExposed;
      forEachSystem = lib.genAttrs [
        "x86_64-linux"
        "aarch64-linux"
      ];
      mkDeployNode = hostName: {
        hostname = "${hostName}.${domain}";

        profiles.system = {
          user = "root";
          path = inputs.deploy-rs.lib.${self.nixosConfigurations.${hostName}.config.system.build.toplevel.system}.activate.nixos self.nixosConfigurations.${hostName};
        };
      };
    in
    {
      overlays = lib.packagesFromDirectoryRecursive {
        callPackage = path: overrides: import path;
        directory = ./overlays;
      };

      legacyPackages = forEachSystem (system:
        lib.packagesFromDirectoryRecursive {
          callPackage = nixpkgs.legacyPackages.${system}.callPackage;
          directory = ./pkgs;
        });

      nixosConfigurations = lib.pipe ./hosts [
        builtins.readDir
        (lib.filterAttrs (name: value: value == "directory"))
        (lib.mapAttrs (name: value:
          lib.nixosSystem {
            specialArgs = { inherit self; };

            modules = [
              {
                networking = {
                  inherit domain;
                  hostName = name;
                };
              }
              ./hosts/${name}
            ];
          }))
      ];

      devShells.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.mkShell {
        buildInputs = [
          inputs.agenix.packages.x86_64-linux.agenix
          inputs.deploy-rs.packages.x86_64-linux.deploy-rs
        ];
      };

      deploy = {
        magicRollback = true;
        autoRollback = true;
        sshUser = "root";
        nodes = lib.genAttrs [ "mail" "pi" "skycam" "vps1" ] mkDeployNode;
      };

      checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
    };
}