{
  # Source of inspiration:
  # - https://github.com/BonusPlay/sysconf/blob/master/flake.nix (agenix)
  # - https://github.com/NixOS/infra/blob/master/build/flake.nix (agenix)
  # - https://johns.codes/blog/organizing-system-configs-with-nixos (caddy)
  # - https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager
  # - https://forum.proxmox.com/threads/tutorial-unprivileged-lxcs-mount-cifs-shares.101795/ (Samba share)

  description = "Pazpi's systems";

  inputs = {

    # NixOS related inputs
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";

    nixos-hardware.url = "github:NixOS/nixos-hardware/master";

    lix-module = {
      url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.2-1.tar.gz";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    colmena = {
      url = "github:zhaofengli/colmena";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    home-manager = {
      url = "github:nix-community/home-manager/release-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    authentik-nix = {
      url = "github:nix-community/authentik-nix";

      # Waiting for PR https://github.com/nix-community/authentik-nix/pull/86
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.authentik-src.url = "github:goauthentik/authentik/version-2025.10";
    };
  };

  outputs =
    {
      self,
      nixpkgs,
      nixpkgs-unstable,
      nixos-hardware,
      lix-module,
      authentik-nix,
      agenix,
      colmena,
      home-manager,
      ...
    }@inputs:
    let
      system = "x86_64-linux";
      pkgs = import nixpkgs { inherit system; };
      lib = nixpkgs.lib;
      hosts = import hosts/deployments.nix { inherit inputs; };
    in
    {

      # used with: `nix fmt`
      formatter.${system} = pkgs.nixfmt-tree;

      nixosConfigurations = (import ./hosts inputs);

      colmenaHive = colmena.lib.makeHive self.outputs.colmena;
      colmena = hosts;

      devShells.${system} = {
        default = pkgs.mkShell {
          buildInputs = with pkgs; [
            lazygit
            agenix.packages.${system}.agenix
            colmena.packages.${system}.colmena
          ];
        };

        # Shell for testing Forgejo Actions locally
        # Usage: nix develop .#ci-test
        ci-test = pkgs.mkShell {
          buildInputs = with pkgs; [
            # Forgejo runner for exec command
            forgejo-runner

            # Packages matching forgejo-runner.nix hostPackages
            bash
            coreutils
            curl
            gawk
            git
            gnused
            jq
            nix
            nodejs
            wget

            # Additional packages from systemPackages
            colmena.packages.${system}.colmena
          ];

          shellHook = ''
            # Wrapper that runs on host by default (matching your runner config)
            ci() {
              forgejo-runner exec -i "-self-hosted" "$@"
            }

            echo "🔧 Forgejo Actions test environment"
            echo ""
            echo "Usage: ci [options]"
            echo ""
            echo "Examples:"
            echo "  ci --list -W .forgejo/workflows/                        # List jobs"
            echo "  ci -W .forgejo/workflows/auto-update.yaml -j check-updates      # Run job"
            echo "  ci -W .forgejo/workflows/auto-update.yaml -j check-updates -n   # Dry run"
            echo "  ci -W .forgejo/workflows/auto-update.yaml -j check-updates -d   # Debug"
            echo ""
          '';
        };
      };

    };

}