{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, nixpkgs, disko, agenix, ... }:
  let
    # Shared module list for both nixosConfigurations and colmena
    hostModules = name: system: [
      { nixpkgs.hostPlatform = system; }
      disko.nixosModules.disko
      agenix.nixosModules.default
      ./modules/common.nix
      ./hosts/${name}
    ];

    mkHost = name: system: nixpkgs.lib.nixosSystem {
      modules = hostModules name system;
    };

    hosts = {
      telefonmann = { system = "x86_64-linux"; targetHost = "telefonmann"; };
      kameramann  = { system = "x86_64-linux"; targetHost = "kameramann"; };
      amtmann     = { system = "x86_64-linux"; targetHost = "amtmann"; };
    };

    systems = nixpkgs.lib.unique (nixpkgs.lib.mapAttrsToList (_: cfg: cfg.system) hosts);
  in {
    # nixosConfigurations is used by nixos-anywhere for initial install
    nixosConfigurations = nixpkgs.lib.mapAttrs
      (name: cfg: mkHost name cfg.system)
      hosts;

    devShells = nixpkgs.lib.genAttrs systems (system:
      let pkgs = import nixpkgs { inherit system; }; in {
        default = pkgs.mkShell {
          packages = [
            pkgs.colmena
            pkgs.nixfmt
            agenix.packages.${system}.default
          ];
        };
      });

    # colmena hive for ongoing deployments
    colmena = {
      meta = {
        nixpkgs = import nixpkgs { system = (nixpkgs.lib.head systems); };
      };
    } // nixpkgs.lib.mapAttrs (name: cfg: {
      deployment = {
        targetHost = cfg.targetHost;
        targetUser = "root";
      };
      imports = hostModules name cfg.system;
    }) hosts;
  };
}