{
  description = "b12f hosts";

  inputs = {
    # Track channels with commits tested and built by hydra
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
    nixpkgs-master.url = "github:nixos/nixpkgs/master";

    nixd.url = "github:nix-community/nixd/main";

    flake-compat.url = "github:edolstra/flake-compat";
    flake-compat.flake = false;

    home-manager.url = "github:nix-community/home-manager/release-23.11";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";

    flake-parts.url = "github:hercules-ci/flake-parts";
    nixos-flake.url = "github:srid/nixos-flake";

    deploy-rs.url = "github:serokell/deploy-rs";
    deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
    deploy-rs.inputs.flake-compat.follows = "flake-compat";

    authelia-438.url = "github:nicomem/nixpkgs/authelia-4.38";

    agenix.url = "github:ryantm/agenix";
    agenix.inputs.nixpkgs.follows = "nixpkgs";

    nixos-hardware.url = "github:nixos/nixos-hardware";

    impermanence.url = "github:nix-community/impermanence";

    mobile-nixos.url = "github:nixos/mobile-nixos";
    mobile-nixos.flake = false;

    musnix.url = "github:musnix/musnix";

    adblock-unbound.url = "github:MayNiklas/nixos-adblock-unbound";
    adblock-unbound.inputs.nixpkgs.follows = "nixpkgs";

    openstreetmap.url = "github:b12f/nixos-openstreetmap/flake-nixosmodule";
    openstreetmap.inputs.nixpkgs.follows = "nixpkgs";

    deno2nix.url = "github:SnO2WMaN/deno2nix";

    invoiceplane-template.url = "git+ssh://gitea@git.pub.solar/b12f/invoiceplane-templates";
    invoiceplane-template.inputs.nixpkgs.follows = "nixpkgs";
  };

  outputs = inputs@{ self, ... }:
    inputs.flake-parts.lib.mkFlake { inherit inputs; } {
      systems = [
        "x86_64-linux"
        "aarch64-linux"
      ];

      imports = [
        inputs.nixos-flake.flakeModule
        ./public-keys.nix
        ./lib
        ./modules
        ./hosts
        ./users
        ./overlays
      ];

      perSystem = args@{ system, pkgs, lib, config, ... }: {
        _module.args = {
          inherit inputs;
          pkgs = import inputs.nixpkgs {
            inherit system;
            overlays = with inputs; [
              agenix.overlays.default
              nixd.overlays.default
              invoiceplane-template.overlays.default
            ];
          };
        };

        devShells.default = pkgs.mkShell {
          packages = with pkgs; [
            nix
            agenix
            age-plugin-yubikey
            cachix

            nixos-generators
            nvfetcher

            editorconfig-checker
            nodePackages.prettier
            shellcheck
            shfmt
            treefmt
            nixpkgs-fmt

            deploy-rs

            opentofu
            terraform-backend-git

            deno
          ];

          shellHook = ''
            export TF_BACKEND_GIT_GIT_REPOSITORY=gitea@git.pub.solar:b12f/terraform-state.git
            export TF_BACKEND_GIT_GIT_REF=main
            export TF_BACKEND_GIT_GIT_STATE=b12f.json
            export TF_BACKEND_HTTP_ENCRYPTION_PROVIDER=sops
            export TF_BACKEND_HTTP_SOPS_PGP_FP=FC623BBCBD2604D5CC9D90BAE77B0AAAF0D9B76B
            export HOSTINGDE_AUTH_TOKEN=$(secret-tool lookup hosting-de terraform-auth-token)
          '';
        };
      };

      flake = {
        deploy.nodes = self.lib.deploy.mkDeployNodes self.nixosConfigurations {
          chocolatebar = {
            sshUser = "b12f";
          };

          biolimo = {
            sshUser = "b12f";
          };

          stroopwafel = {
            sshUser = "b12f";
          };

          droppie = {
            hostname = "droppie.b12f.io";
            sshUser = "yule";
          };

          pie = {
            hostname = "pie.b12f.io";
            sshUser = "yule";
          };

          frikandel = {
            hostname = "frikandel.b12f.io";
            sshUser = "yule";
          };

          maoam = {
            sshUser = "b12f";
          };
        };
      };
    };
}