{
  inputs = {
    flake-parts.url = "github:hercules-ci/flake-parts";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
    gtrackmap = {
      url = "github:gtrackmap/gtrackmap";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    lanzaboote.url = "github:nix-community/lanzaboote";
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
    home-manager = {
      url = "github:nix-community/home-manager/release-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    ketchup = {
      url = "github:repomaa/ketchup";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    workout-sync = {
      url = "sourcehut:~repomaa/workout-sync";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    hastebin = {
      url = "sourcehut:~repomaa/hastebin";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    ksoloti-pr.url = "github:repomaa/nixpkgs/pkg/ksoloti";
    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    dnote = {
      url = "github:dnote/dnote";
      flake = false;
    };
    colmena = {
      url = "github:zhaofengli/colmena";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    syntax-renderer = {
      url = "sourcehut:~repomaa/syntax-renderer";
      flake = false;
    };
    turny = {
      url = "sourcehut:~repomaa/turny";
      inputs.flake-parts.follows = "flake-parts";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    tonearm = {
      url = "https://codeberg.org/dergs/Tonearm/archive/v1.0.0.tar.gz";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    voidauth = {
      url = "github:repomaa/voidauth/feat/nix-packaging";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
      inputs.flake-parts.follows = "flake-parts";
    };
    voxtype = {
      url = "github:peteonrails/voxtype";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
    };
  };
  outputs =
    {
      flake-parts,
      agenix,
      nixpkgs,
      self,
      colmena,
      ...
    }@inputs:
    flake-parts.lib.mkFlake { inherit inputs; } (
      { withSystem, ... }:
      let
        ssh.publicKeys = {
          yubikey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4=";
          builder = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuQaA6JKCOfsfUBI5tzoiYe3tdpLdPfVzeyByx/149C";
        };
        specialArgs = { inherit inputs ssh self; };

      in
      {
        systems = [
          "x86_64-linux"
          "x86_64-darwin"
          "aarch64-linux"
          "aarch64-darwin"
        ];
        perSystem =
          { pkgs, system, ... }:
          {
            devShells.default = pkgs.mkShell {
              packages = with pkgs; [
                agenix.packages.${system}.default
                colmena.packages.${system}.colmena
                colmena.packages.${system}.manual
                (writeShellScriptBin "build" ''
                  colmena build --keep-result "$@"
                '')
                (writeShellScriptBin "apply" ''
                  colmena apply --keep-result "$@"
                '')
                (writeShellScriptBin "apply-local" ''
                  nh os switch .
                '')
              ];
            };
          };
        flake = {
          nixosConfigurations =
            let
              mkConfiguration =
                name:
                nixpkgs.lib.nixosSystem {
                  inherit specialArgs;
                  modules = [
                    ./modules
                    ./hosts/${name}
                  ];
                };
            in
            {
              radish = mkConfiguration "radish";
              freun-dev = mkConfiguration "freun-dev";
              apu = mkConfiguration "apu";
              turny = mkConfiguration "turny";
            };

          images.turny = self.nixosConfigurations.turny.config.system.build.sdImage;

          dockerImages =
            nixpkgs.lib.genAttrs
              [
                "x86_64-linux"
                "aarch64-linux"
              ]
              (
                system:
                withSystem system (
                  { pkgs, ... }:
                  {
                    node =
                      let
                        setupDirs = pkgs.runCommand "setup-dirs" { } ''
                          mkdir -p $out/tmp $out/root $out/var/tmp
                          chmod 1777 $out/tmp $out/var/tmp
                        '';
                      in
                      pkgs.dockerTools.buildLayeredImage {
                        name = "node";
                        tag = "latest";
                        contents = with pkgs; [
                          nodejs
                          nix
                          busybox
                          bash
                          skopeo
                          cacert
                          git
                          setupDirs
                          (writeTextFile {
                            name = "etc-nix-nix-conf";
                            destination = "/etc/nix/nix.conf";
                            text = ''
                              build-users-group =
                              experimental-features = nix-command flakes
                            '';
                          })
                        ];
                        config = {
                          Env = [
                            "SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt"
                            "NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-bundle.crt"
                            "HOME=/root"
                          ];
                        };
                      };
                  }
                )
              );
          colmenaHive = colmena.lib.makeHive self.outputs.colmena;

          colmena =
            let
              deploymentOptions = {
                freun-dev = {
                  targetHost = "freun.dev";
                  buildOnTarget = true;
                };
                radish = {
                  allowLocalDeployment = true;
                  targetHost = null;
                };
                turny = {
                  targetHost = "10.10.1.233";
                };
              };
            in
            {
              meta = {
                inherit specialArgs;

                nixpkgs = import nixpkgs {
                  system = "x86_64-linux";
                  overlays = [ ];
                };
              };
            }
            // builtins.mapAttrs (name: config: {
              imports = config._module.args.modules;
              deployment = if builtins.hasAttr name deploymentOptions then deploymentOptions.${name} else { };
            }) self.nixosConfigurations;
        };
      }
    );
}