{ self
, nixpkgs-unstable
, nixpkgs
, sops-nix
, inputs
, nixos-hardware
, home-manager
, ...
}:

rec {
  nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem;
  nixosSystemUnstable = nixpkgs-unstable.lib.makeOverridable nixpkgs-unstable.lib.nixosSystem;

  baseModules = [
    # make flake inputs accessiable in NixOS
    { _module.args.inputs = inputs; }
    {
      imports = [
        ({ pkgs, ... }: {
          nix = {
            extraOptions = ''
              experimental-features = nix-command flakes
            '';

            settings = {
              substituters = [
                "https://cache.dynamicdiscord.de"
                "https://cache.nixos.org/"
              ];
              trusted-public-keys = [
                "cache.dynamicdiscord.de:DKueZicqi2NhJJXz9MYgUbiyobMs10fTyHCgAUibRP4="
              ];
              trusted-users = [ "root" "@wheel" ];
            };
          };
        })

        sops-nix.nixosModules.sops
      ];
    }
  ];
  defaultModules = baseModules;

  makeMicroVM = hostName: ipv4Addr: macAddr: modules: [
    inputs.microvm.nixosModules.microvm
    {
      microvm = {
        hypervisor = "cloud-hypervisor";
        mem = 2560;
        shares = [
          {
            source = "/nix/store";
            mountPoint = "/nix/.ro-store";
            tag = "store";
            proto = "virtiofs";
            socket = "store.socket";
          }
          {
            source = "/var/lib/microvms/${hostName}/etc";
            mountPoint = "/etc";
            tag = "etc";
            proto = "virtiofs";
            socket = "etc.socket";
          }
          {
            source = "/var/lib/microvms/${hostName}/var";
            mountPoint = "/var";
            tag = "var";
            proto = "virtiofs";
            socket = "var.socket";
          }
        ];

        interfaces = [
          {
            type = "tap";
            id = "vm-${hostName}";
            mac = "${macAddr}";
          }
        ];
      };

      systemd.network.enable = true;
      
      systemd.network.networks."20-lan" = {
        matchConfig.Type = "ether";
        networkConfig = {
          Address = [ "${ipv4Addr}/24" ];
          Gateway = "10.0.0.1";
          DNS = ["1.1.1.1"];
          DHCP = "no";
        };
      };
    }
  ] ++ defaultModules ++ modules;

  inputsMod = inputs // { malobeo = self; };

  buildHost = hosts: (builtins.mapAttrs (host: settings: nixosSystem {
    system = if (settings.type == "rpi") then "aarch64-linux" else "x86_64-linux";
    specialArgs.inputs = inputsMod;
    modules = (if (settings.type != "microvm") then
      defaultModules ++ [ ../${host}/configuration.nix ]
      else
      makeMicroVM "${host}" "${settings.network.address}" "${settings.network.mac}" [
        ./${host}/configuration.nix
      ]);
  }) hosts);
}