{
  description = "C3D2 NixOS configurations";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/release-20.09";
    secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";
  };

  outputs = { self, nixpkgs, secrets, nixos-hardware }:
    let
      forAllSystems = f:
        nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]
        (system: f system);

      hostRegistry = import ./host-registry.nix;
    in {

      inherit (nixpkgs) legacyPackages;

      packages = forAllSystems (system:
        let
          pkgs = self.legacyPackages.${system};
          mkDeploy =
            # Generate a small script for copying this flake to the
            # remote machine and bulding and switching there.
            # Can be run with nix run c3d2#deploy-…
            name: host:
            let target = "root@${host}";
            in pkgs.writeScriptBin "${name}-nixos-rebuild" ''
              #!${pkgs.runtimeShell}
              set -ev
              nix-copy-closure --to ${target} ${self}
              exec ssh -t ${target} nixos-rebuild --flake ${self}#${name} $@
            '';
          mkWake = name:
            pkgs.writeScriptBin "${name}-wake" ''
              #!${pkgs.runtimeShell}
              exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts.${name}.ether}
            '';
          # TODO: check if the ethernet address is reachable and if not,
          # execute wol on a machine in HQ.
        in {
          dhcp-nixos-rebuild = mkDeploy "dhcp" hostRegistry.hosts.dhcp.ip4;

          glotzbert-nixos-rebuild = mkDeploy "glotzbert" "glotzbert.hq.c3d2.de";
          glotzbert-wake = mkWake "glotzbert";

          pulsebert-nixos-rebuild = mkDeploy "pulsebert" "pulsebert.hq.c3d2.de";
          pulsebert-wake = mkWake "pulsebert";
        });

      nixosConfigurations = let
        nixosSystem' =
          # Our custom NixOS builder
          { ... }@args:
          nixpkgs.lib.nixosSystem (args // {
            extraArgs = { inherit hostRegistry; };
            extraModules = [
              self.nixosModules.c3d2
              ({ pkgs, ... }: {
                nix = {
                  package = pkgs.nixFlakes;
                  extraOptions = "experimental-features = nix-command flakes";
                };
              })
            ];
          });
      in {

        dhcp = nixosSystem' {
          modules = [
            ./hosts/containers/dhcp
            secrets.nixosModules.admins
            secrets.nixosModules.dhcp
          ];
          system = "x86_64-linux";
        };

        glotzbert = nixosSystem' {
          modules = [
            ./hosts/glotzbert
            nixos-hardware.nixosModules.common-cpu-intel
            nixos-hardware.nixosModules.common-pc-ssd
          ];
          system = "x86_64-linux";
        };

        pulsebert = nixosSystem' {
          modules = [ ./hosts/pulsebert ];
          system = "aarch64-linux";
        };

      };

      nixosModules.c3d2 = import ./lib;

    };
}