{
  description = "NixOS configurations development environment";

  inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
  inputs.nixpkgs-stable-release.url = "github:NixOS/nixpkgs/release-25.11";
  inputs.nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
  inputs.disko.url = "github:nix-community/disko/v1.12.0";
  inputs.disko.inputs.nixpkgs.follows = "nixpkgs-stable";
  inputs.sops-nix.url = "github:Mic92/sops-nix";
  inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs-stable";
  inputs.nixos-anywhere.url = "github:nix-community/nixos-anywhere/1.13.0";
  inputs.nixos-anywhere.inputs.nixpkgs.follows = "nixpkgs-stable";
  inputs.home-manager.url = "github:nix-community/home-manager/release-25.11";
  inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs-stable";
  inputs.lanzaboote.url = "github:nix-community/lanzaboote/v1.0.0";
  inputs.lanzaboote.inputs.nixpkgs.follows = "nixpkgs-stable";
  inputs.determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*";
  inputs.deploy-rs.url = "github:serokell/deploy-rs";
  inputs.deploy-rs.inputs.nixpkgs.follows = "nixpkgs-stable";
  inputs.attic.url = "github:zhaofengli/attic";
  inputs.attic.inputs.nixpkgs.follows = "nixpkgs-stable";

  outputs = { self, nixpkgs-stable, nixos-anywhere, lanzaboote, deploy-rs, ... }@inputs:
    let
      nixpkgs = nixpkgs-stable;
      nixpkgsFor = system: import nixpkgs { inherit system; };
      systems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
      forAllSystems = nixpkgs.lib.genAttrs systems;
    in
    {
      nixosConfigurations.labsrv01 = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = { inherit inputs; };
        modules = [
          ./machines/labsrv01
        ];
      };

      deploy.nodes.labsrv01 = {
        hostname = "labsrv01";
        magicRollback = false;
        profiles.system = {
          sshUser = "kjtsanaktsidis";
          interactiveSudo = true;
          user = "root";
          path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.labsrv01;
        };
      };

      packages = forAllSystems (system:
        let
          pkgs = nixpkgs.legacyPackages.${system};
          ruby = pkgs.ruby.withPackages (ps: [
            pkgs.rubyPackages.tty-command
          ]);
        in
        {
          nixos-update = pkgs.writeShellApplication {
            name = "nixos-update";
            runtimeInputs = [
              pkgs.sops
              pkgs.nixos-anywhere
              pkgs.nixos-rebuild-ng
            ];
            text = ''
              exec "${ruby}/bin/ruby" "${./nixos-update.rb}" "$@"
            '';
          };
        }
      );

      devShells = forAllSystems (system:
        let
          pkgs = nixpkgs.legacyPackages.${system};
        in
        {
          default = pkgs.mkShell {
            buildInputs = [
              nixos-anywhere.packages.${system}.default
              pkgs.sops
              pkgs.ruby
              pkgs.age
              pkgs.mkpasswd
              inputs.deploy-rs.packages.${system}.default
              self.packages.${system}.nixos-update
            ];
          };
        }
      );

      formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);


      apps = forAllSystems (system: {
        nixos-update = {
          type = "app";
          program = "${self.packages.${system}.nixos-update}/bin/nixos-update";
        };
      });
    };
}