{
  description = "xyno doin nixos";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
    nixpkgs-master.url = "github:nixos/nixpkgs?ref=master";
    mobile-nixos.url = "github:mobile-nixos/mobile-nixos";
    mobile-nixos.flake = false;
    home-manager.url = "github:nix-community/home-manager";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
    sops-nix.url = "github:Mic92/sops-nix";
    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
    impermanence.url = "github:nix-community/impermanence";

    # software
    lanzaboote = {
      url = "github:nix-community/lanzaboote/v0.4.2";

      # Optional but recommended to limit the size of your system closure.
      inputs.nixpkgs.follows = "nixpkgs";
    };

    zen-browser.url = "github:0xc000022070/zen-browser-flake";
    zen-browser.inputs.nixpkgs.follows = "nixpkgs-master";
    kmonad = {
      url = "git+https://github.com/jokesper/kmonad?dir=nix&ref=feat-tap-overlap";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    niri.url = "github:YaLTeR/niri";
    niri.inputs.nixpkgs.follows = "nixpkgs-master";
    xwayland-satellite.url = "github:Supreeeme/xwayland-satellite";
    xwayland-satellite.inputs.nixpkgs.follows = "nixpkgs-master";
    nheko.url = "github:Nheko-Reborn/nheko";
    nheko.flake = false;
    mtxclient.url = "github:Nheko-Reborn/mtxclient";
    mtxclient.flake = false;
    nix-ci.url = "git+https://git.xyno.systems/xyno/nix-ci";
    nix-ci.inputs.nixpkgs.follows = "nixpkgs";
      
    nix-index-database.url = "github:nix-community/nix-index-database";
    nix-index-database.inputs.nixpkgs.follows = "nixpkgs";

    # helix
    helix.url = "github:helix-editor/helix";
    # helix.url = "github:sofusa/helix-pull-diagnostics";
    helix.inputs.nixpkgs.follows = "nixpkgs-master";
    # csharp-language-server.url = "github:sofusa/csharp-language-server";
    # csharp-language-server.inputs.nixpkgs.follows = "nixpkgs-master";

    # authentik

    authentik.url = "github:nix-community/authentik-nix";
    authentik.inputs.nixpkgs.follows = "nixpkgs";
    terranix.url = "github:terranix/terranix";
    terranix.inputs.nixpkgs.follows = "nixpkgs";

  };

  outputs =
    inputs@{
      self,
      nixpkgs,
      nixpkgs-master,
      ...
    }:
    let
      lib = nixpkgs.lib.extend (
        s: super: {
          xyno = import ./lib {
            inherit inputs nixpkgs self;
            lib = s;
          };
        }
      );
      overlays = [
        self.overlays.default
        inputs.nix-ci.overlays.default
        (final: prev: {
          inherit (final.unstable.lixPackageSets.latest)
            nixpkgs-review
            nix-direnv
            nix-eval-jobs
            nix-fast-build
            colmena
            ;
        })
      ];
      genPkgs =
        system:
        import nixpkgs {
          inherit system overlays;
          config.allowUnfree = true;
        };
      modules = [
        inputs.kmonad.nixosModules.default
        inputs.home-manager.nixosModules.default
        inputs.lanzaboote.nixosModules.lanzaboote
        inputs.sops-nix.nixosModules.sops
        inputs.impermanence.nixosModules.impermanence
        inputs.authentik.nixosModules.default
        inputs.nix-index-database.nixosModules.nix-index
      ]
      ++ (import ./modules/module-list.nix);
    in
    {
      overlays.default =
        final: prev:
        (
          {
            unstable = import nixpkgs-master {
              system = prev.system;
              config.allowUnfree = true;
            };
          }
          // (import ./overlays inputs final prev)
        );

      nixosConfigurations = lib.xyno.loadInstances ./instances (modules);
      devShells."x86_64-linux".default =
        let
          pkgs = genPkgs "x86_64-linux";
        in
        pkgs.mkShell {
          packages = [
            pkgs.nixfmt-rfc-style
            pkgs.nil
            pkgs.sops
            (pkgs.runCommand "nix-config-bin" { } ''
              mkdir -p $out/bin
              cp ${./bin}/* $out/bin
            '')
          ];
          SOPS_CONFIG = (pkgs.callPackage ./sops.nix { instanceConfigs = lib.xyno.getDirs ./instances; });

        };
      hydraJobs.systems = lib.foldl' lib.recursiveUpdate { } [
        (builtins.mapAttrs (
          host: config:
          lib.foldl' lib.recursiveUpdate { } ([
            {
              inherit (config.config.system.build) toplevel;
              kernel = config.config.boot.kernelPackages.kernel;
            }
          ])
        ) self.nixosConfigurations)
      ];
      hydraJobs.fods = {
        caddy = self.nixosConfigurations.ds9.config.services.caddy.package;
      };

      packages."x86_64-linux" =
        let
          pkgs = genPkgs "x86_64-linux";
        in
        {
          nix = pkgs.unstable.lixPackageSets.latest.lix;
          inherit (pkgs) nix-fast-build attic-client jq nix-ci;
        };
      checks."x86_64-linux"."nixos" =
        let
          pkgs = genPkgs "x86_64-linux";
        in
        pkgs.testers.runNixOSTest {
          imports = (import ./modules/test-list.nix);
          node.specialArgs = { inherit inputs; };
          extraBaseModules.imports = modules;
          extraBaseModules.services.openssh.enable = true;
          node.pkgsReadOnly = false;
        };
    };
}