{
  description = "computer systems infrastructure";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";

    flake-parts.url = "github:hercules-ci/flake-parts";

    sops-nix.url = "github:Mic92/sops-nix";
    sops-nix.inputs.nixpkgs.follows = "nixpkgs";

    disko.url = "github:nix-community/disko";
    disko.inputs.nixpkgs.follows = "nixpkgs";

    deploy-rs.url = "github:serokell/deploy-rs";
    deploy-rs.inputs.nixpkgs.follows = "nixpkgs";

    impermanence.url = "github:nix-community/impermanence";

    breeze.url = "git+https://git.min.rip/min/breeze.git";
    breeze.inputs.nixpkgs.follows = "nixpkgs";

    sim-breeze.url = "git+ssh://git@git.min.rip/min/sim-breeze.git";
    sim-breeze.inputs.nixpkgs.follows = "nixpkgs";
  };

  outputs = inputs @ {self, ...}:
    inputs.flake-parts.lib.mkFlake {inherit inputs;} {
      flake = let
        hosts = import ./nixos/hosts {inherit inputs;};
      in {
        inherit (hosts) nixosConfigurations deploy;
      };

      systems = ["x86_64-linux"];

      perSystem = {
        system,
        pkgs,
        inputs',
        ...
      }: {
        devShells.default = pkgs.mkShell {
          packages = with pkgs; [
            sops
            ssh-to-age
            openssl
            nebula
            # not included: age, age-plugin-yubikey, pcscd

            wireguard-tools

            deploy-rs
            nixos-anywhere

            yamllint

            nil
            alejandra
            statix
            deadnix
          ];
        };
      };
    };
}