{
  description = "CrashOverBurn.com";
# TODO: cgit, ejabber signup
  inputs = {
    nixinate.url = "github:DarthPJB/nixinate";
    secrix.url = "github:platonic-systems/secrix";
    nixpkgs_unstable.url = "github:NixOS/nixpkgs?ref=nixos-unstable";
    nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-25.05";
    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
  };

  outputs = inputs@{ self, nixpkgs, secrix, nixinate, nixpkgs_unstable, simple-nixos-mailserver }:
    let
      inherit (inputs.secrix) secrix;
      pkgs = nixpkgs.legacyPackages.x86_64-linux;
      webroot = "${self}/webroot";
      fqdn = "crashoverburn.com";
      hashedPasswordFile = "${self}/password.file";
    in
    {
      formatter.x86_64-linux = pkgs.nixpkgs-fmt;
      apps.x86_64-linux = (inputs.nixinate.nixinate.x86_64-linux inputs.self).nixinate // ({ secrix = secrix self; });
      devShell.x86_64-linux =
        pkgs.mkShell {
          buildInputs = with pkgs; [ figlet tmux ];
          shellHook = ''
            # Session Name
            session="project-env-sh"

            # Check if the session exists, discarding output
            # We can check $? for the exit status (zero for success, non-zero for failure)
            tmux has-session -t $session 2>/dev/null

            if [ $? != 0 ]; then
                # Start New Session with our name
                tmux new-session -d -s $session

                # Name first Window and start zsh
                tmux rename-window -t 0 'Main'
                tmux send-keys -t 'Main' 'nix flake show' C-m
                tmux send-keys -t 'Main' 'clear' C-m

                # Create and setup pane for btop
                tmux split-window -h
                tmux rename-window 'btop'
                tmux send-keys -t 'btop' 'ssh -t commander@193.16.42.36 btop' C-m

                tmux select-pane -t 0

                # Create and setup pane for btop
                tmux split-window -v
                tmux rename-window 'ssh'
                tmux send-keys -t 'ssh' 'ssh commander@193.16.42.36' C-m

                tmux select-pane -t 0
            fi
            tmux attach-session -t $session'';
        };
      nixosConfigurations = {
        crash-over-burn-1 =
          nixpkgs.lib.nixosSystem {
            system = "x86_64-linux";
            modules = [
              simple-nixos-mailserver.nixosModule
              inputs.secrix.nixosModules.default
              ./openstack.nix
              ./users/commander.nix
              (import ./services/cgit.nix { fqdn = "code.${fqdn}"; })
              (import ./services/murmur.nix { fqdn = "mumble.${fqdn}"; })
              (import ./services/movim.nix { fqdn = "mumble.${fqdn}"; })
              (import ./services/website.nix { inherit webroot; })
              (import ./services/ejabberd.nix { inherit fqdn; })
              (import ./services/mailserver.nix { inherit hashedPasswordFile; })
              ./machines/overburn-1.nix
                {
                secrix.hostPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3ElH/WQjW3B2yUBFFPpF8IIHsYrHODwTid6YM2npiw root@web-crash-over-burn";
                secrix.defaultEncryptKeys = {
                    crash = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhzz/CAb74rLQkDF2weTCb0DICw1oyXNv6XmdLfEsT5 crash@crashoverburn.com" ];
                };
                imports = [
                    "${nixpkgs}/nixos/modules/virtualisation/openstack-config.nix"
                ];
                _module.args = 
                { 
                    inherit self inputs;
                    nixinate = {
                        host = "193.16.42.36";
                        sshUser = "commander";
                        substituteOnTarget = true;
                        hermetic = true;
                        buildOn = "local";
                    };
                };
                }
            ];
          };
      };
    };
}