{
  description = "Gortium infra flake";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
    agenix = {
      url = "github:ryantm/agenix";
      inputs.darwin.follows = "";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    lix = {
      url = "git+https://git.lix.systems/lix-project/lix?ref=main";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    self.submodules = true;
  };

  outputs = { self, nixpkgs, agenix, lix, ... }@inputs:
    let
      system = "x86_64-linux";
      keys = import ./lib/keys.nix;
      paths = {
        flake = "/home/gortium/infra";
        identities = [
          "/home/gortium/.ssh/gortium_ssh_key"
          "/etc/ssh/ssh_host_ed25519_key"
          "/root/.age/bootstrap.key" ];
      };
      overlays = [ agenix.overlays.default ];
      pkgs = import nixpkgs {
        inherit system overlays;
        config.allowUnfree = true;
        config.permittedInsecurePackages = [
          "openclaw-2026.3.12"
        ];
      };

      devShell = import ./shells/nix_dev.nix {
        inherit pkgs system agenix;
      };
    in
      {
        nixosConfigurations = {
          lazyworkhorse = nixpkgs.lib.nixosSystem {
            specialArgs = { inherit system self keys paths inputs; };
            modules = [
              {
                nixpkgs.overlays = overlays;
                nixpkgs.config.allowUnfree = true;
                nixpkgs.config.rocmSupport = true;
                nixpkgs.config.permittedInsecurePackages = [
                  "openclaw-2026.3.12"
                ];
                nix.package = lix.packages.${system}.default;
              }
              agenix.nixosModules.default
              ./hosts/lazyworkhorse/configuration.nix
              ./hosts/lazyworkhorse/hardware-configuration.nix
              ./modules/nixos/filesystem/hoardingcow-mount.nix
              ./modules/nixos/services/docker_manager.nix
              ./modules/nixos/services/open_code_server.nix
              ./modules/nixos/services/ollama_init_custom_models.nix
              ./modules/nixos/services/openclaw_node.nix
              ./modules/nixos/services/staging-vm.nix
              ./modules/nixos/security/ai-worker-restricted.nix
              ./users/gortium.nix
              ./users/ai-worker.nix
            ];
          };

          cyt-pi = nixpkgs.lib.nixosSystem {
            specialArgs = { inherit self keys paths inputs; };
            modules = [
              {
                nixpkgs.overlays = overlays;
                nixpkgs.config.allowUnfree = true;
                nixpkgs.hostPlatform = "aarch64-linux";
                nix.package = lix.packages."aarch64-linux".default;
              }
              ./hosts/cyt-pi/configuration.nix
              ./hosts/cyt-pi/hardware-configuration.nix
            ];
          };
        };
        devShells.${system}.default = devShell;
      };
}