{
  description = "CCCB services";
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
    #flake-utils.url = "github:numtide/flake-utils";
    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs =
    {
      self,
      nixpkgs,
      #flake-utils,
      agenix,
    }:
    #flake-utils.lib.eachDefaultSystem (
    #  system:
    let
      pkgs = import nixpkgs { inherit system; };
      system = "x86_64-linux";
    in
    {
      formatter.${system} = pkgs.nixfmt-tree;
      apps.nixos-diff = {
        type = "app";
        program = "${pkgs.writeShellScript "nixos-diff.sh" ''
          ${pkgs.git}/bin/git pull --ff-only
          ${pkgs.nixos-rebuild}/bin/nixos-rebuild build --log-format internal-json -v |& ${pkgs.nix-output-monitor}/bin/nom --json
          ${pkgs.nvd}/bin/nvd diff /run/current-system ./result
        ''}";
      };
      devShells.${system}.default = pkgs.mkShell {
        packages = [
          (agenix.packages.${system}.default)
          pkgs.age
        ];
      };
      nixosConfigurations."matrix" = nixpkgs.lib.nixosSystem {
        #system = "x86_64-linux";
        #pkgs = import nixpkgs { inherit system; };
        inherit system;
        modules = [
          agenix.nixosModules.default
          { environment.systemPackages = [ (agenix.packages.${system}.default) ]; }
          {
            age.secrets = {
              pushover_app_token = {
                file = ./secrets/pushover_app_token.age;
                mode = "440";
                owner = "root";
                group = "root";
              };
              pushover_user_key = {
                file = ./secrets/pushover_user_key.age;
                mode = "440";
                owner = "root";
                group = "root";
              };
              matrix_registration_shared_secret = {
                file = ./secrets/matrix_registration_shared_secret.age;
                mode = "440";
                owner = "matrix-synapse";
                group = "matrix-synapse";
              };
              matrix_signing_key = {
                file = ./secrets/matrix_signing_key.age;
                mode = "440";
                owner = "matrix-synapse";
                group = "matrix-synapse";
              };
              draupnir_access_token = {
                file = ./secrets/draupnir_access_token.age;
                mode = "440";
                owner = "root";
                group = "root";
              };
              grafana_secret_key = {
                file = ./secrets/grafana_secret_key.age;
                mode = "440";
                owner = "grafana";
                group = "grafana";
              };
              grafana_admin_password = {
                file = ./secrets/grafana_admin_password.age;
                mode = "440";
                owner = "grafana";
                group = "grafana";
              };
            };
          }
          ./hosts/matrix
        ];
      };
      nixosConfigurations."hedgedoc" = nixpkgs.lib.nixosSystem {
        #system = "x86_64-linux";
        #pkgs = import nixpkgs { inherit system; };
        inherit system;
        modules = [
          agenix.nixosModules.default
          { environment.systemPackages = [ (agenix.packages.${system}.default) ]; }
          ./hosts/hedgedoc
        ];
      };
      nixosConfigurations."sql" = nixpkgs.lib.nixosSystem {
        #system = "x86_64-linux";
        #pkgs = import nixpkgs { inherit system; };
        inherit system;
        modules = [
          agenix.nixosModules.default
          { environment.systemPackages = [ (agenix.packages.${system}.default) ]; }
          ./hosts/sql
        ];
      };
    };
  #);
}