{
  description = "jana's server infrastructure";
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs";
    colmena.url = "github:zhaofengli/colmena";
    flake-utils.url = "github:numtide/flake-utils";
    sops-nix.url = "github:Mic92/sops-nix";
    vpn-confinement.url = "github:Maroka-chan/VPN-Confinement";
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    firefox-addons = {
      url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    # websites

    homepage.url = "github:jdonszelmann/homepage";
    totpal.url = "github:jdonszelmann/totpal";
    harmonica.url = "git+ssh://git@github.com/jdonszelmann/harmonica-tabs";
    mapf.url = "git+ssh://git@github.com/jdonszelmann/mapf-server";
    reviewqueue.url = "github:jdonszelmann/review-queue";
    compiler-construction-2021.url = "git+ssh://forgejo@git.donsz.nl/jana/eelco-visser-compiler-construction.git";
    mifg.url = "git+ssh://forgejo@git.donsz.nl/jana/money.is.fckn.gay.git";

    secrets.url = "git+ssh://forgejo@git.donsz.nl/jana/server-secrets.git";

    nixvim = {
      url = "github:nix-community/nixvim";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    t.url = "github:jdonszelmann/t-rs";
    dumpasm.url = "github:jdonszelmann/dumpasm";

    kitty-search = {
      url = "github:trygveaa/kitty-kitten-search";
      flake = false;
    };

    jujutsu = {
      url = "github:martinvonz/jj";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    p1n3appl3 = {
      url = "github:p1n3appl3/config";
      inputs.rahul-config.follows = "rahul-config";
    };
    rahul-config.url = "github:jdonszelmann/nix-config";

    niri-unstable.url = "github:YaLTeR/niri";
    niri = {
      url = "github:sodiboo/niri-flake";
      inputs.niri-unstable.follows = "niri-unstable";
    };
    matugen = {
      url = "github:/InioX/matugen/main";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    noctalia = {
      url = "github:noctalia-dev/noctalia-shell";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    pipethon.url = "git+ssh://forgejo@git.donsz.nl/jana/pipethon.git";
    firefox-sidebar-css = {
      url = "github:drannex/FirefoxSidebar";
      flake = false;
    };
    raw-data.url = "git+ssh://forgejo@git.donsz.nl/jana/raw-data.git";
  };
  outputs =
    {
      self,
      nixpkgs,
      colmena,
      flake-utils,
      sops-nix,
      vpn-confinement,
      home-manager,
      mapf,
      nixvim,
      t,
      dumpasm,
      jujutsu,
      pipethon,
      niri,
      niri-unstable,
      matugen,
      noctalia,
      firefox-addons,
      raw-data,
      ...
    }@inputs:
    let
      pkgsForSystem =
        system:
        import nixpkgs {
          inherit system;
          config.allowUnfree = true;
          overlays = [
            (_: _: {
              custom = {
                t = t.packages.${system}.default;
                inherit (dumpasm.packages.${system}) dumpasm;
                inherit (jujutsu.packages.${system}) jujutsu;
                pipethon = pipethon.packages.${system}.python;
                niri = niri-unstable.packages.${system}.niri;
                raw-data = raw-data.packages.${system}.default;
              };
              p1n3appl3 = inputs.p1n3appl3.packages.${system};
            })
          ];
        };
    in
    {
      colmenaHive = colmena.lib.makeHive self.outputs.colmena;

      colmena = {
        meta =
          let
            system = "x86_64-linux";
          in
          {
            nixpkgs = pkgsForSystem system;

            specialArgs.flakes = inputs;
            specialArgs.inputs = inputs;
            specialArgs.secrets = inputs.secrets.packages.${system}.secrets;
          };

        fili = {
          deployment = {
            targetHost = "donsz.nl";
            targetPort = 22;
            replaceUnknownProfiles = false;
            tags = [ "server" ];
            # buildOnTarget = true;
            targetUser = "jana";
          };

          imports = [
            ./fili/configuration.nix
            ./users/users.nix
            ./default-machine-config.nix
            sops-nix.nixosModules.sops
            vpn-confinement.nixosModules.default
          ];
        };

        kili = {
          deployment = {
            allowLocalDeployment = true;
            targetHost = null;
            replaceUnknownProfiles = false;
            tags = [ "laptop" ];
            # buildOnTarget = true;
            targetUser = "jana";
          };
          imports = [
            home-manager.nixosModules.home-manager
            ./kili/configuration.nix
            ./users/users.nix
          ];
        };
      };
    }
    // flake-utils.lib.eachDefaultSystem (
      system:
      let
        pkgs = pkgsForSystem system;
      in
      {
        devShells.default = pkgs.mkShell {
          buildInputs = with pkgs; [
            lix
            colmena.packages.${system}.colmena
            (pkgs.writeShellScriptBin "apply" ''
              colmena apply --no-substitute
            '')
            (pkgs.writeShellScriptBin "apply-local" ''
              colmena apply-local --sudo
            '')
          ];
          shellHook = "exec $NIX_BUILD_SHELL";
        };

        formatter = pkgs.nixfmt-rfc-style;
      }
    );

  nixConfig = {
    extra-substituters = [ "https://jana.cachix.org" ];
    extra-trusted-public-keys = [
      "jana.cachix.org-1:LN0lzHx7QH1RBoDn3+psi4HOEAXW3EqRa/u0ncQ1XBE="
    ];
  };
}