{self, ...} @ inputs: let
  nixpkgs = inputs.nixpkgs-unstable;
  lib = nixpkgs.lib;

  hosts = import ./hosts inputs;
in
  {
    nixosConfigurations = hosts.nixosConfigurations;
    #darwinConfigurations = hosts.darswinConfigurations;

    deploy.nodes = import ./deployNodes.nix {
      nixosConfigurations = self.nixosConfigurations;
      deploy-rs = inputs.deploy-rs;
    };
  }
  // (inputs.flake-utils.lib.eachDefaultSystem (system: let
    pkgs = import nixpkgs {
      inherit system;
      overlays = [
        (import ./overlay)
      ];
    };

    secretsLib = import ./modules/nixos/secrets-lib/lib.nix {
      inherit (nixpkgs) lib;
      inherit pkgs;
    };

    secretsInitScriptForSystem = system_name: let
      systemConfig = self.nixosConfigurations.${system_name}.config;
      systemSecretsConfig = systemConfig.services.secrets;
    in
      secretsLib.mkSecretsInitScript systemSecretsConfig "${system_name}";

    secretsInitScriptForSystemContainer = system_name: container_name: let
      systemConfig = self.nixosConfigurations.${system_name}.config;
      containerConfig = systemConfig.containers.${container_name}.config;
      containerSecretsConfig = containerConfig.services.secrets;
    in
      secretsLib.mkSecretsInitScript containerSecretsConfig "${system_name}-${container_name}";

    secretsInitAppForSystem = system_name: packages: let
      name = "secrets-init-${system_name}";
      package = packages."${name}";
    in {
      type = "app";
      program = "${package}/bin/${name}";
    };

    secretsInitAppForSystemContainer = system_name: container_name: packages: let
      name = "secrets-init-${system_name}-${container_name}";
      package = packages."${name}";
    in {
      type = "app";
      program = "${package}/bin/${name}";
    };
  in {
    devShell = pkgs.mkShell {
      VAULT_API_ADDR = "https://vault.owo.monster";
      packages =
        (with pkgs; [
          git
          nano
          bat
          exa
          vault-bin
        ])
        ++ (with self.packages."${system}"; [
          mk-enc-usb
          mk-normal-enc-ssd
        ]);
    };

    apps = let
      packages = self.packages."${system}";
    in {
      mk-enc-usb = {
        type = "app";
        program = "${packages.mk-enc-usb}/bin/mk-enc-usb";
      };
      mk-normal-enc-ssd = {
        type = "app";
        program = "${packages.mk-normal-enc-ssd}/bin/mk-normal-enc-ssd";
      };
      mk-dual-enc-ssd = {
        type = "app";
        program = "${packages.mk-dual-enc-ssd}/bin/mk-dual-enc-ssd";
      };
      secrets-init-lappy-t495 = secretsInitAppForSystem "lappy-t495" packages;
      secrets-init-vault = secretsInitAppForSystem "vault" packages;
      secrets-init-hetzner-vm = secretsInitAppForSystem "hetzner-vm" packages;
      secrets-init-hetzner-vm-storage = secretsInitAppForSystemContainer "hetzner-vm" "storage" packages;
    };

    packages = {
      inherit (pkgs) comic-code comic-sans;
      inherit (pkgs) mk-enc-usb mk-normal-enc-ssd mk-dual-enc-ssd;
      inherit (pkgs) gotosocial;
      secrets-init-lappy-t495 = secretsInitScriptForSystem "lappy-t495";

      secrets-init-vault = secretsInitScriptForSystem "vault";
      secrets-init-hetzner-vm = secretsInitScriptForSystem "hetzner-vm";
      secrets-init-hetzner-vm-storage = secretsInitScriptForSystemContainer "hetzner-vm" "storage";
    };
  }))