{
  description = "Bagel cooking infrastructure";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
    terranix.url = "github:terranix/terranix";

    agenix.url = "github:ryantm/agenix";
    agenix.inputs.nixpkgs.follows = "nixpkgs";

    colmena.url = "github:zhaofengli/colmena";
    colmena.inputs.nixpkgs.follows = "nixpkgs";

    hydra.url = "git+https://git.lix.systems/lix-project/hydra.git";
    hydra.inputs.nixpkgs.follows = "nixpkgs";

    lix.follows = "hydra/nix";
  };

  outputs = { self, nixpkgs, terranix, ... } @ inputs:
  let
    system = "x86_64-linux";
    pkgs = import nixpkgs {
      localSystem = system;
      overlays = [
        inputs.hydra.overlays.default
        inputs.lix.overlays.default
      ];
    };
    lib = pkgs.lib;
    terraform = pkgs.opentofu;
    terraformCfg = terranix.lib.terranixConfiguration {
      inherit system;
      modules = [
        ./terraform
        {
          bagel.gandi.enable = true;
          bagel.hydra.enable = true;
        }
      ];
    };
  in
  {
    apps.${system} = {
      tf = {
        type = "app";
        program = toString (pkgs.writers.writeBash "tf" ''
            set -eo pipefail
            ln -snf ${terraformCfg} config.tf.json
            exec ${lib.getExe terraform} "$@"
          '');
      };

      default = self.apps.${system}.tf;
    };

    devShells.${system}.default = pkgs.mkShell {
      packages = [
        inputs.agenix.packages.${system}.agenix
        inputs.colmena.packages.${system}.colmena

        pkgs.opentofu
      ];
    };

    colmena = {
      meta.nixpkgs = import nixpkgs {
        localSystem = system;
        overlays = [
          inputs.hydra.overlays.default
          inputs.lix.overlays.default
        ];
      };
      meta.specialArgs.inputs = inputs;

      bagel-box = {
        imports = [
          inputs.agenix.nixosModules.default
          inputs.hydra.nixosModules.hydra

          ./services
          ./common
          ./hosts/bagel-box
        ];
      };

      meta01 = {
        imports = [
          inputs.agenix.nixosModules.default
          inputs.hydra.nixosModules.hydra

          ./services
          ./common
          ./hosts/meta01.nixpkgs.lahfa.xyz
        ];
      };

      gerrit01 = {
        imports = [
          inputs.agenix.nixosModules.default
          inputs.hydra.nixosModules.hydra

          ./services
          ./common
          ./hosts/cl.forkos.org
        ];
      };

      fodwatch = {
        imports = [
          inputs.agenix.nixosModules.default
          inputs.hydra.nixosModules.hydra

          ./services
          ./common
          ./hosts/fodwatch.forkos.org
        ];
      };
    };
  };
}