{
  description = "pbsds' system/home flake";

  inputs = {
    nixpkgs.url      = "github:NixOS/nixpkgs/nixos-23.05";
    unstable.url     = "github:NixOS/nixpkgs/nixos-unstable";
    #nur.url          = "github:nix-community/NUR";
    home-manager.url = "github:nix-community/home-manager/release-23.05";
    #home-manager.url = "github:nix-community/home-manager";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
    nixos-hardware.url = "github:NixOS/nixos-hardware";

    #TODO:
    #sops-nix.url = "github:Mic92/sops-nix";
    #sops-nix.inputs.nixpkgs.follows = "nixpkgs";
    #matrix-next.url = "github:dali99/nixos-matrix-modules"; # see https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/flake.nix

    # TODO: somehow make these private repos optional (a lazy fetch would be nice)
    pbsds-papers.url = "git+ssh://git@github.com/pbsds/papers.git";

    # temporary stuff i want to use
    # TODO: can i fetch a subset of files of these?
    pr-polaris14.url   = "github:pbsds/nixpkgs/polaris-14";
    pr-remote-exec.url = "github:pbsds/nixpkgs/remote-exec-init";
  };

  outputs = {
    self,
    nixpkgs,
    unstable,
    nixos-hardware,
    nur,
    home-manager,
    ...
  } @ inputs:
  let
    nixlib = nixpkgs.lib;
    systems = [
      "x86_64-linux"
      "aarch64-linux"
      #"riscv64-linux"
    ];
    forAllSystems = f: nixlib.genAttrs systems (system: f system);
    overlays = nixlib.mapAttrsToList (name: val: val) self.overlays;

    # TODO: move unstable and nur here?
    tmpConfig = {
      disabledModules = [ "services/misc/polaris.nix" ];
      imports = [ "${inputs.pr-polaris14}/nixos/modules/services/misc/polaris.nix" ];
      nixpkgs.overlays = [(final: prev: { # TODO: nixpkgs.config.packageOverrides ?
        remote-exec = prev.python3Packages.callPackage "${inputs.pr-remote-exec}/pkgs/tools/misc/remote-exec" { };
        polaris     = prev.callPackage "${inputs.pr-polaris14}/pkgs/servers/polaris" { };
        polaris-web = prev.callPackage "${inputs.pr-polaris14}/pkgs/servers/polaris/web.nix" { };
      })];
    };
    mkConfig = hostname: system: modules: nixlib.nixosSystem {
      inherit system;
      specialArgs = { inherit inputs; };
      modules = modules ++ [ ./base.nix "${self}/hosts/${hostname}" tmpConfig ({
        networking.hostName = hostname;
        networking.domain   = "pbsds.net";
        networking.search = [ "pbsds.net" ];
        nixpkgs.overlays = [ # TODO: consider nixpkgs.config.packageOverrides
          #(final: prev: self.packages.${system})
          (final: prev: {
            unstable = unstable.legacyPackages.${final.system};
            #unstable = import unstable { inherit system; };
            #nur      = import nur { inherit (prev) pkgs; nurpkgs = prev.pkgs; };
            ##nur      = import nur { inherit (prev) pkgs; nurpkgs = import nixpkgs { inherit final.system: }; }; # TODO: nurpkgs?
          })
        ];
        # This makes commandline tools like 'nix run nixpkgs#hello'
        # and 'nix-shell -p hello' use the same channel as system was built with
        nix.registry.nixpkgs.flake  = inputs.nixpkgs;
        nix.registry.unstable.flake = inputs.unstable;
        nix.nixPath = [
          "nixpkgs=${inputs.nixpkgs}"
          "unstable=${inputs.unstable}" # TODO: needed?
        ];
      })];
    };
  in {

    inherit inputs;

    overlays.remote-exec = (final: prev: {
      remote-exec = prev.python3Packages.callPackage ( inputs.pr-remote-exec + "/pkgs/tools/misc/remote-exec" ) {};
    });

    packages = forAllSystems(system:
      let pkgs = nixpkgs.legacyPackages.${system}; in {
        inherit (self.overlays.remote-exec null pkgs) remote-exec;
    });

    nixosConfigurations = let nm = nixos-hardware.nixosModules; in {
      # TODO: move nixos-hardware imports to the nixos configs?
      noximilien = mkConfig "noximilien" "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel ]);
      bolle      = mkConfig "bolle"      "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel ]);
      nord       = mkConfig "nord"       "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel-cpu-only common-gpu-amd ]);
    };

    homeConfigurations = forAllSystems (system: let
      mkHome = modules: home-manager.lib.homeManagerConfiguration {
        pkgs = nixpkgs.legacyPackages.${system};
        inherit modules;
      };
    in {
      pbsds       = mkHome [ ./users/pbsds/home ];
      pbsds-gnome = mkHome [ ./users/pbsds/home/gnome.nix ];
    });

    devShells = forAllSystems (system: let
      pkgs = nixpkgs.legacyPackages.${system};
      remote-exec = pkgs.remote-exec or (self.overlays.remote-exec pkgs pkgs).remote-exec;
      nixos-rebuild-nom = pkgs.writeScriptBin "nixos-rebuild" ''
        exec ${pkgs.nixos-rebuild}/bin/nixos-rebuild "$@" |& ${pkgs.nix-output-monitor}/bin/nom
      '';
      mkShell = packages: pkgs.mkShell { inherit packages; };
    in {
      remoteenv = mkShell [
          nixos-rebuild-nom
      ];
      envrc = mkShell [
          nixos-rebuild-nom
          pkgs.home-manager
          pkgs.nix-output-monitor
      ];
      encrc-remote = mkShell [
          remote-exec
          pkgs.yq
      ];
    });

  };
}