{
  description = "Matrix server for CCCB";
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
    #flake-utils.url = "github:numtide/flake-utils";
    agenix = {
      url = "github:ryantm/agenix";
      inputs = {
        nixpkgs.follows = "nixpkgs";
      };
    };
  };
  outputs =
    {
      self,
      nixpkgs,
      #flake-utils,
      agenix,
    }:
    #flake-utils.lib.eachDefaultSystem (
    #  system:
    let
      pkgs = import nixpkgs { inherit system; };
      system = "x86_64-linux";
    in
    {
      formatter.${system} = pkgs.nixfmt-tree;
      apps.${system}.connect = {
        type = "app";
        program = "${pkgs.writeShellScript "connect.sh" ''
          ${pkgs.openssh}/bin/ssh root@matrix.berlin.ccc.de -L 3000:[::1]:3000 -L 9090:[::1]:9090 -N
        ''}";
      };
      devShells.${system}.default = pkgs.mkShell {
        packages = [
          (agenix.packages.${system}.default)
          pkgs.age
        ];
      };
      nixosConfigurations."matrix" = nixpkgs.lib.nixosSystem {
        #system = "x86_64-linux";
        #pkgs = import nixpkgs { inherit system; };
        inherit system;
        modules = [
          agenix.nixosModules.default
          { environment.systemPackages = [ (agenix.packages.${system}.default) ]; }
          {
            age.secrets = {
              pushover_app_token = {
                file = ./secrets/pushover_app_token.age;
                mode = "440";
                owner = "root";
                group = "root";
              };
              pushover_user_key = {
                file = ./secrets/pushover_user_key.age;
                mode = "440";
                owner = "root";
                group = "root";
              };
              matrix_registration_shared_secret = {
                file = ./secrets/matrix_registration_shared_secret.age;
                mode = "440";
                owner = "matrix-synapse";
                group = "matrix-synapse";
              };
              matrix_signing_key = {
                file = ./secrets/matrix_signing_key.age;
                mode = "440";
                owner = "matrix-synapse";
                group = "matrix-synapse";
              };
              draupnir_access_token = {
                file = ./secrets/draupnir_access_token.age;
                mode = "440";
                owner = "draupnir";
                group = "draupnir";
              };              
              grafana_secret_key = {
                file = ./secrets/grafana_secret_key.age;
                mode = "440";
                owner = "grafana";
                group = "grafana";
              };
              grafana_admin_password = {
                file = ./secrets/grafana_admin_password.age;
                mode = "440";
                owner = "grafana";
                group = "grafana";
              };
            };
          }
          ./configuration.nix

          ./services/nginx.nix
          ./services/postgres.nix

          ./services/synapse.nix
          ./services/draupnir.nix

          ./services/prometheus.nix
          ./services/grafana.nix
        ];
      };
    };
  #);
}