{
  description = "bokhylle";

  inputs.nixpkgs.url                             = "github:nixos/nixpkgs/nixos-unstable";
  inputs.grzegorz.url                            = "github:Programvareverkstedet/grzegorz";
  inputs.grzegorz.inputs.nixpkgs.follows         = "nixpkgs";
  inputs.grzegorz-clients.url                    = "github:Programvareverkstedet/grzegorz-clients";
  inputs.grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";

  outputs = {
    self,
    nixpkgs,
    grzegorz,
    grzegorz-clients,
    ...
    }@inputs:
  {
    inherit inputs;

    nixosConfigurations.brzeczyszczykiewicz = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
        grzegorz.nixosModules.grzegorz-kiosk
        grzegorz-clients.nixosModules.grzegorz-webui
        ./hardware-configuration.nix
        ({ config, ... }: {
          system.stateVersion = "23.05";

          boot.loader.grub.enable = true;
          boot.loader.grub.device = "/dev/sda";
          boot.loader.grub.useOSProber = true;

          networking.hostName = "brzeczyszczykiewicz";
          networking.domain   = "pvv.ntnu.no";
          networking.search = [ "pvv.ntnu.no" ];

          services.openssh.enable = true;
          services.openssh.settings.PermitRootLogin = "yes";

          services.xserver.layout = "no";
          services.xserver.xkbVariant = "";
          console.keyMap = "no";

          services.pipewire.enable = true;
          services.pipewire.alsa.enable = true;
          services.pipewire.alsa.support32Bit = true;
          services.pipewire.pulse.enable = true;

          users.users.pvv = {
            isNormalUser = true;
            description = "pvv";
            extraGroups = [ "networkmanager" "wheel" ];
            #packages = [ ];
          };

          services.grzegorz.enable     = true;
          services.grzegorz.listenAddr = "::1";
          services.grzegorz.listenPort = 31337;

          services.grzegorz-webui.enable     = true;
          services.grzegorz-webui.listenAddr = "::1";
          services.grzegorz-webui.apiBase    = "http://[::1]:${builtins.toString config.services.grzegorz-webui.listenPort}";
          #services.grzegorz-webui.apiBase    = "https://brzeczyszczykiewicz.pvv.ntnu.no/api";

          security.acme.acceptTerms    = true;
          security.acme.defaults.email = "pederbs@pvv.ntnu.no";

          services.nginx.enable = true;
          networking.firewall.allowedTCPPorts = [ 80 443 ];

          services.nginx.virtualHosts."brzeczyszczykiewicz.pvv.ntnu.no" = {
            forceSSL = false;
            enableACME = false;
            serverAliases = [
              "brzeczyszczykiewicz.pvv.org"
              "bokhylle.pvv.ntnu.no"
              "bokhylle.pvv.org"
            ];
            extraConfig = ''
              allow 129.241.210.128/25;
              allow 2001:700:300:1900::/64;
              deny all;
            '';
            locations."/" = {
              proxyPass = "http://localhost:${builtins.toString config.services.grzegorz-webui.listenPort}";
              proxyWebsockets = true;
            };
          };

        })
      ];
    };
  };
}