{
  inputs = {
    utils.url = "github:numtide/flake-utils";
    naersk.url = "github:nmattia/naersk";
    mozillapkgs.url = "github:mozilla/nixpkgs-mozilla";
    mozillapkgs.flake = false;
  };

  outputs = { self, nixpkgs, utils, naersk, mozillapkgs }:
    utils.lib.eachDefaultSystem (system: let
      pkgs = nixpkgs.legacyPackages."${system}";
      mozilla = pkgs.callPackage (mozillapkgs + "/package-set.nix") {};
      rust = (mozilla.rustChannelOf {
        channel = "stable";
        date = "2021-10-04";
        sha256 = "0swglfa63i14fpgg98agx4b5sz0nckn6phacfy3k6imknsiv8mrg";
      }).rust;

      # Override the version used in naersk
      naersk-lib = naersk.lib."${system}".override {
        cargo = rust;
        rustc = rust;
      };
    in rec {
      # `nix build`
      packages.heliwatch = naersk-lib.buildPackage {
        pname = "heliwatch";
        root = ./.;
        src = ./heliwatch;
        nativeBuildInputs = with pkgs; [ pkg-config ];
        buildInputs = with pkgs; [ openssl ];
      };
      defaultPackage = packages.heliwatch;

      # `nix run`
      apps.heliwatch = utils.lib.mkApp {
        drv = packages.heliwatch;
      };
      defaultApp = apps.heliwatch;

      # `nix develop`
      devShell = pkgs.mkShell {
        nativeBuildInputs = with defaultPackage;
          nativeBuildInputs ++ buildInputs;
      };
    }) // {
      nixosModule = { config, lib, pkgs, ... }: {
        options.services.heliwatch = with lib; {
          enable = mkEnableOption "Enable Heliwatch MUC bot";
          jid = mkOption {
            type = types.str;
          };
          password = mkOption {
            type = types.str;
          };
          muc = mkOption {
            type = types.str;
            description = "Full Jabber-Id in the form of room@service/nickname";
          };
          user = mkOption {
            type = types.str;
            default = "heliwatch";
          };
          group = mkOption {
            type = types.str;
            default = "heliwatch";
          };
        };

        config =
          let
            cfg = config.services.heliwatch;
          in
            lib.mkIf cfg.enable {
              users = {
                users.${cfg.user} = {
                  isSystemUser = true;
                  home = "/home/heliwatch";
                  createHome = true;
                  group = cfg.group;
                };
                groups.${cfg.group} = {};
              };

              systemd.services.heliwatch = {
                wantedBy = [ "multi-user.target" ];
                after = [ "network.target" ];
                path = with pkgs; [ bash curl ];
                script = ''
                  ${./fetch_data.sh}
                  exec ${self.packages.${pkgs.system}.heliwatch}/bin/heliwatch ${lib.escapeShellArgs (with cfg; [ jid password muc ])}
                '';
                serviceConfig = {
                  Type = "simple";
                  User = cfg.user;
                  Group = cfg.group;
                  WorkingDirectory = config.users.users.${cfg.user}.home;
                  ReadWritePaths = config.users.users.${cfg.user}.home;
                  ProtectSystem = "full";
                  Restart = "always";
                  RestartSec = "60s";
                };
              };
            };
      };
    };
}