{

  description = "StuRa HTWD NixOS Configurations";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
    authentik = {
      url = "github:nix-community/authentik-nix";
    };
    mailserver = {
      url = "git+https://gitlab.com/simple-nixos-mailserver/nixos-mailserver?ref=nixos-25.11";
    };
    sops = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs =
    {
      self,
      nixpkgs,
      authentik,
      mailserver,
      disko,
      sops,
    }:
    let
      sshkeys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmYHNdtPmQqvNINEWJgqEojrye+wQKr0S0VwlGv7xUa goeranh@node7"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFSwdCtJZNZzrVa6m4I3OBZHGgWYhEBCBdnCR5rSJimz ocxe@nix"
      ];
    in
    rec {
      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
      packages.x86_64-linux =
        builtins.foldl'
          (
            result: name:
            result
            // {
              # run nixos-rebuild switch on the target system
              # the config will be built locally and copied over
              "${name}-update" = nixpkgs.legacyPackages.x86_64-linux.writeShellScriptBin "update" ''
                nixos-rebuild switch --flake .#${name} --target-host root@${(builtins.head (nixosConfigurations.${name}.config.networking.interfaces.${builtins.head (builtins.attrNames nixosConfigurations.${name}.config.networking.interfaces)}.ipv4.addresses)).address}
              '';
            }
          )
          { }
          (
            # filter all nixos configs containing installer
            builtins.filter (item: !nixpkgs.lib.hasInfix "-" item) (builtins.attrNames nixosConfigurations)
          )
        // (
          let
            iso-config = nixpkgs.lib.nixosSystem {
              system = "x86_64-linux";
              modules = [
                "${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix"
                {
                  users.users.administration = {
                    password = "test";
                    isNormalUser = true;
                  };
                  users.users.root.openssh.authorizedKeys.keys = sshkeys;
                  networking.interfaces.ens18.ipv4.addresses = [
                    {
                      address = "141.56.51.98";
                      prefixLength = 24;
                    }
                  ];
                  services.getty.autologinUser = "root";
                  services.openssh.enable = true;
                  system.stateVersion = "25.11";
                  networking.dhcpcd.enable = nixpkgs.lib.mkForce false;
                  networking.defaultGateway.address = "141.56.51.254";
                  networking.nameservers = [ "141.56.1.1" ];
                }
              ];
            };
          in
          {
            installer-iso = iso-config.config.system.build.isoImage;
            installer-vm = iso-config.config.system.build.vm;
          }
        );

      nixosConfigurations = builtins.foldl' (
        result: input:
        result
        // {
          "${input}" = nixpkgs.lib.nixosSystem {
            system = "x86_64-linux";
            modules =
              let
                modulesPath = "${nixpkgs}";
              in
              [
                ./hosts/${input}
                ./default.nix
                disko.nixosModules.disko
                authentik.nixosModules.default
                mailserver.nixosModules.mailserver
                {
                  _module.args = { inherit self modulesPath; };
                }
              ];
          };
        }
      ) { } (builtins.attrNames (builtins.readDir ./hosts));
    };

}