{

  # "git+file:///<full-path>" for fixing an input
  inputs = {

    clan-core.inputs.flake-parts.follows = "flake-parts";
    clan-core.inputs.nixpkgs.follows = "nixpkgs";
    clan-core.url = "git+https://git.clan.lol/clan/clan-core?rev=1bd3af310ea074d0ea9de6233376476c6ca9149a"; # last time clan was using facts instead of vars
    clan-fact-generators.inputs.clan-core.follows = "clan-core";
    clan-fact-generators.url = "github:mrvandalo/clan-fact-generators";
    flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
    flake-parts.url = "github:hercules-ci/flake-parts";
    healthchecks.inputs.nixpkgs.follows = "nixpkgs";
    healthchecks.url = "github:mrvandalo/nixos-healthchecks";
    #healthchecks.url = "git+file:///home/palo/dev/nixos/healthcheck";
    home-manager-utils.inputs.home-manager.follows = "home-manager";
    home-manager-utils.url = "github:mrvandalo/home-manager-utils";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
    home-manager.url = "github:nix-community/home-manager";
    landingpage.url = "github:mrVanDalo/landingpage";
    nix-topology.inputs.nixpkgs.follows = "nixpkgs";
    nix-topology.url = "github:oddlama/nix-topology";
    nixos-anywhere.url = "github:nix-community/nixos-anywhere";
    nixos-hardware.url = "github:nixos/nixos-hardware";
    nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
    nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11";
    nixpkgs-legacy_2405.url = "github:nixos/nixpkgs/nixos-24.05";
    nixpkgs-legacy_2411.url = "github:nixos/nixpkgs/nixos-24.11";
    nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
    permown.inputs.nixpkgs.follows = "nixpkgs";
    permown.url = "github:mrVanDalo/module.permown";
    polygon-art.url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
    private-parts.inputs.nixpkgs.follows = "nixpkgs"; # only private input
    private-parts.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git?ref=main";
    #private-parts.url = "git+file:///home/palo/dev/nixos/nixos-private-parts";
    retiolum.url = "github:Mic92/retiolum";
    share-http.inputs.nixpkgs.follows = "nixpkgs"; # only private input
    share-http.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/share-host.git?ref=main";
    srvos.url = "github:nix-community/srvos";
    stylix.inputs.home-manager.follows = "home-manager";
    stylix.inputs.nixpkgs.follows = "nixpkgs";
    stylix.url = "github:danth/stylix";
    taskwarrior.inputs.nixpkgs.follows = "nixpkgs";
    taskwarrior.url = "github:mrvandalo/taskwarrior-flake";
    #taskwarrior.url = "git+file:///home/palo/dev/nixos/taskwarrior-flake";
    telemetry.inputs.nixpkgs.follows = "nixpkgs";
    telemetry.url = "github:mrvandalo/nixos-telemetry";
    #telemetry.url = "git+file:///home/palo/dev/nixos/nixos-telemetry";
    treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
    treefmt-nix.url = "github:numtide/treefmt-nix";

    # smoke test framwork to trigger tests (enable if I  want to use it for real)
    #smoke = {
    #  url = github:SamirTalwar/smoke;
    #  inputs.nixpkgs.follows = "nixpkgs";
    #};

  };

  outputs =
    inputs@{
      clan-core,
      clan-fact-generators,
      flake-parts,
      healthchecks,
      home-manager,
      home-manager-utils,
      landingpage,
      nix-topology,
      nixos-anywhere,
      nixos-hardware,
      nixpkgs,
      nixpkgs-legacy_2211,
      nixpkgs-legacy_2311,
      nixpkgs-legacy_2405,
      nixpkgs-legacy_2411,
      nixpkgs-unstable-small,
      permown,
      polygon-art,
      private-parts,
      retiolum,
      self,
      share-http,
      srvos,
      stylix,
      taskwarrior,
      telemetry,
      treefmt-nix,
    }:

    let
      inherit (nixpkgs) lib;

      meta = rec {
        system = "x86_64-linux";
        pkgs =
          let
            allowUnfree = true;
            permittedInsecurePackages = [
              "electron-24.8.6" # for bitwarden
              "python-2.7.18.6"
              "python-2.7.18.7"
              "python-2.7.18.8"
              "electron-27.3.11" # for logseq
              "electron-28.3.3" # for logseq
              "aspnetcore-runtime-wrapped-6.0.36" # for jellyfin
              "aspnetcore-runtime-6.0.36" # for jellyfin
              "dotnet-sdk-wrapped-6.0.428" # for jellyfin
              "dotnet-sdk-6.0.428" # for jellyfin
            ];
          in
          import nixpkgs {
            inherit system;
            config = {
              inherit allowUnfree permittedInsecurePackages;
            };
            overlays = [
              (_self: _super: {
                unstable-small = import nixpkgs-unstable-small {
                  inherit system;
                  config = {
                    inherit allowUnfree permittedInsecurePackages;
                  };
                };
                legacy_2211 = import nixpkgs-legacy_2211 {
                  inherit system;
                  config = {
                    inherit allowUnfree permittedInsecurePackages;
                  };
                };
                legacy_2311 = import nixpkgs-legacy_2311 {
                  inherit system;
                  config = {
                    inherit allowUnfree permittedInsecurePackages;
                  };
                };
                legacy_2405 = import nixpkgs-legacy_2405 {
                  inherit system;
                  config = {
                    inherit allowUnfree permittedInsecurePackages;
                  };
                };
                polygon-art = polygon-art.packages.${system};
                landingpage = landingpage.packages.${system}.plain;
                share-via-http = share-http.packages.${system}.default;
                inherit (taskwarrior.packages.${system})
                  bugwarrior
                  tasksh
                  taskwarrior-hooks
                  ;
                inherit (self.packages.${system})
                  otpmenu
                  nsxiv
                  ;
              })
            ];
          };
        specialArgs = {
          inherit inputs;
          assets = ./assets;
          factsGenerator = clan-fact-generators.lib { inherit pkgs; };
          clanLib = import ./lib/clanlib.nix {
            inherit (pkgs) lib;
            machineDir = ./machines;
          };
          # https://git.clan.lol/clan/clan-core/issues/1575 < here is how I could do this generic
          zerotierInterface = "ztbn67ogn2";
          components = ./components;
          features = ./features;
        };
      };

      clanSetup =
        {
          name,
          host,
          modules,
        }:
        {

          clan.core.networking.targetHost = lib.mkDefault "root@${host}";
          nixpkgs.pkgs = meta.pkgs;
          nixpkgs.hostPlatform = meta.system;
          clan.core.facts.secretStore = "password-store";
          clan.core.vars.settings.secretStore = "password-store";

          imports =
            modules
            ++ defaultModules
            ++ [
              ./machines/${name}/configuration.nix
              nix-topology.nixosModules.default
            ];
        };

      zerotierControllerModule = {
        clan.core.networking.zerotier.controller = {
          enable = true;
          public = false;
        };
      };

      zerotierModules =
        { pkgs, ... }:
        {
          imports = [

            # this magically adds all my machines in the zero tier network
            # and makes the controller accept them.
            # will automatic look into `/machines/<name>/facts/zerotier-ip
            inputs.clan-core.clanModules.zerotier-static-peers

            # Statically configure the host names of machines based on their respective zerotier-ip.
            inputs.clan-core.clanModules.static-hosts

            # generate ssh host keys with facts
            inputs.clan-core.clanModules.sshd

            # manual configs
            {
              clan.static-hosts.topLevelDomain = "bear";
              components.network.zerotier.enable = true;
              environment.systemPackages = [
                clan-core.packages.${pkgs.system}.clan-cli
                (pkgs.writers.writeBashBin "zerotier-script-nodeid" ''
                  sudo ${pkgs.zerotierone}/bin/zerotier-cli info | cut -d " " -f 3
                '')
              ];
            }
          ];
        };

      defaultAuthorizedKeys =
        { config, pkgs, ... }:
        {
          users.users.root.openssh.authorizedKeys.keyFiles = [
            # yubikey key
            ./assets/mrvandalo_rsa.pub
            # backup key
            "${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
            "${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
            "${config.clan.core.clanDir}/machines/chungus/facts/ssh.paperless-ngx.id_ed25519.pub"
          ];
          environment.systemPackages = [ pkgs.borgbackup ];
        };

      defaultModules = [
        # make flake inputs accessiable in NixOS
        {
          _module.args.self = self;
          _module.args.inputs = self.inputs;
        }
        {
          # disable emergency mode everywhere, although it might be needed on laptops
          boot.initrd.systemd.emergencyAccess = false;
          boot.initrd.systemd.suppressedUnits = [
            "emergency.service"
            "emergency.target"
          ];
          systemd.enableEmergencyMode = false;
        }
        # configure nix
        (
          {
            pkgs,
            lib,
            clanLib,
            ...
          }:
          {
            nix.settings.substituters = [ "http://cache.orbi.wg0" ];
            nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ];
            nix.settings.experimental-features = [
              "nix-command"
              "flakes"
            ];
            nix.settings.max-jobs = 1;
            # no channesl needed this way
            nix.nixPath = [ "nixpkgs=${pkgs.path}" ];

            # documentation
            # =============
            documentation.nixos.enable = true;
            #documentation.nixos.includeAllModules = true; # fixme : not working (see down there)
            documentation.nixos.options.warningsAreErrors = false; # todo make this true again
            documentation.nixos.extraModules = [
              ./components
              ./features
              #./modules
              clan-core.nixosModules.clanCore
              telemetry.nixosModules.telemetry
              {
                clan.core.clanDir = ./.; # fixes issues with clanCore https://git.clan.lol/clan/clan-core/issues/1979
              }
              # inputs.stylix.nixosModules.stylix # fixme: not working
              permown.nixosModules.permown
              home-manager.nixosModules.home-manager
              # retiolum.nixosModules.retiolum # fixme: not working
            ];

            boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
            boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
            boot.loader.grub.configurationLimit = lib.mkDefault 10;
          }
        )
        # My Structure
        ./components
        ./features
        ./modules # todo : spread this across features and components
        #./system/all # todo : spread this across features and components
        (
          { lib, pkgs, ... }:
          {

            telemetry.netdata.enable = false;

            # "fixes" https://github.com/NixOS/nixpkgs/issues/356708
            #services.opentelemetry-collector.package = lib.mkForce pkgs.legacy_2405.opentelemetry-collector-contrib;

            services.opentelemetry-collector.package = lib.mkForce (
              pkgs.opentelemetry-collector-contrib.overrideAttrs (old: rec {
                version = "0.110.0";
                src = pkgs.fetchFromGitHub {
                  owner = "open-telemetry";
                  repo = "opentelemetry-collector-contrib";
                  rev = "v${version}";
                  hash = "sha256-bDtP7EFKus0NJpLccbD+HlzEusc+KAbKWmS/KGthtwY=";
                };
                vendorHash = "sha256-pDDEqtXu167b+J1+k7rC1BE5/ehxzG0ZAkhxqmJpHsg=";
              })
            );

          }
        )

        # some modules I always use
        telemetry.nixosModules.telemetry
        permown.nixosModules.permown
        # some default things I always want
        (
          { pkgs, ... }:
          {
            boot.tmp.useTmpfs = lib.mkDefault true;
          }
        )
      ];

      stylixModules =
        {
          pkgs,
          config,
          lib,
          ...
        }:
        {
          imports = [ stylix.nixosModules.stylix ];
          stylix.enable = true;
          stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
          stylix.image = ./assets/wallpaper.png;

          home-manager.sharedModules = [
            {
              # no need for hyperland
              # https://github.com/danth/stylix/issues/543
              stylix.targets.hyprpaper.enable = lib.mkForce false;
              stylix.targets.hyprland.enable = lib.mkForce false;
            }
          ];
          stylix.fonts = {
            serif = {
              package = pkgs.nerd-fonts.ubuntu;
              name = "Ubuntu";
            };
            sansSerif = {
              package = pkgs.nerd-fonts.ubuntu;
              name = "Ubuntu";
            };
            monospace = {
              package = pkgs.nerd-fonts.jetbrains-mono;
              name = "JetBrains Mono";
            };
            emoji = config.stylix.fonts.monospace;
            #            emoji = {
            #              package = pkgs.noto-fonts-emoji;
            #              name = "Noto Color Emoji";
            #            };
            sizes.popups = 15;
          };
        };

      homeManagerModules =
        { pkgs, config, ... }:
        {
          imports = [
            home-manager.nixosModules.home-manager
          ];
          home-manager.extraSpecialArgs = {
            assets = ./assets;
          };
          home-manager.useGlobalPkgs = true;
          home-manager.useUserPackages = true;
          home-manager.backupFileExtension = "backup";
          home-manager.sharedModules = [
            home-manager-utils.hmModule
            taskwarrior.hmModules.bugwarrior
          ];
        };

    in

    flake-parts.lib.mkFlake { inherit inputs; } (
      {
        self,
        self',
        pkgs,
        ...
      }:
      {
        systems = [ "x86_64-linux" ];
        imports = [
          clan-core.flakeModules.default
          healthchecks.flakeModule
          ./nix/formatter.nix
          ./nix/packages
          ./nix/topology
        ];

        # Define your clan
        clan = {
          # Clan wide settings.
          meta.name = "gummybears"; # Ensure to choose a unique name.
          specialArgs = meta.specialArgs;

          machines = {

            cherry = clanSetup {
              name = "cherry";
              host = "cherry.bear";
              modules = [
                healthchecks.nixosModules.default
                zerotierModules
                nixos-hardware.nixosModules.framework-13th-gen-intel
                retiolum.nixosModules.retiolum
                private-parts.nixosModules.cherry
                homeManagerModules
                stylixModules
                { home-manager.users.mainUser.gui.enable = true; }
                {
                  home-manager.users.mainUser = import ./homes/palo;
                  home-manager.users.root = import ./homes/root;
                }
                {
                  clan.core.machineDescription = "Laptop";
                }
                (
                  { config, ... }:
                  {
                    # keys only to access cherry
                    users.users.root.openssh.authorizedKeys.keyFiles = [
                      "${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.cherry.id_ed25519.pub"
                    ];
                  }
                )
              ];
            };

            chungus = clanSetup {
              name = "chungus";
              host = "chungus.bear";
              modules = [
                healthchecks.nixosModules.default
                zerotierModules
                zerotierControllerModule
                homeManagerModules
                stylixModules
                retiolum.nixosModules.retiolum
                private-parts.nixosModules.chungus
                {
                  home-manager.users.mainUser = import ./homes/palo;
                  home-manager.users.root = import ./homes/root;
                }
                {
                  clan.core.machineDescription = "Home Server";
                }
                (
                  { config, ... }:
                  {
                    # keys only to access chungus
                    users.users.root.openssh.authorizedKeys.keyFiles = [
                      "${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.chungus.id_ed25519.pub"
                    ];
                  }
                )
              ];
            };

            orbi = clanSetup {
              name = "orbi";
              host = "orbi.bear";
              #host = "95.216.66.212";
              modules = [
                defaultAuthorizedKeys
                healthchecks.nixosModules.default
                homeManagerModules
                stylixModules
                zerotierModules
                srvos.nixosModules.hardware-hetzner-online-intel
                #srvos.nixosModules.server
                #srvos.nixosModules.mixins-terminfo
                {
                  home-manager.users.mainUser = import ./homes/palo;
                  home-manager.users.root = import ./homes/root;
                }
                {
                  clan.core.machineDescription = "Internet Server";
                }
              ];
            };

            probe = clanSetup {
              name = "probe";
              #host = "167.235.205.150";
              host = "95.217.18.54";
              modules = [
                defaultAuthorizedKeys
                homeManagerModules
                stylixModules
                srvos.nixosModules.hardware-hetzner-cloud
                srvos.nixosModules.server
                srvos.nixosModules.mixins-terminfo
                #inputs.clan-core.clanModules.sshd
                {
                  home-manager.users.mainUser = import ./homes/palo;
                  home-manager.users.root = import ./homes/root;
                }
                {
                  clan.core.machineDescription = "Dummy Internet Server";
                }
              ];
            };

            usbstick = clanSetup {
              name = "usbstick";
              #host = "usbstick.bear";
              host = "10.100.0.100";
              modules = [
                defaultAuthorizedKeys
                homeManagerModules
                stylixModules
                zerotierModules
                { home-manager.users.mainUser.gui.enable = true; }
                {
                  home-manager.users.mainUser = import ./homes/palo;
                  home-manager.users.root = import ./homes/root;
                }
                {
                  clan.core.machineDescription = "USB-Stick for Backup";
                }
              ];
            };

          };

        };

      }
    );

}