{
  inputs = {
    flake-utils.url = "github:numtide/flake-utils";
    naersk.url = "github:nix-community/naersk";

    mozpkgs = {
      url = "github:mozilla/nixpkgs-mozilla";
      flake = false;
    };
  };

  outputs = { self, nixpkgs, flake-utils, naersk, mozpkgs }:
    flake-utils.lib.eachDefaultSystem (
      system: let
        pkgs = nixpkgs.legacyPackages."${system}";

        mozilla = pkgs.callPackage (mozpkgs + "/package-set.nix") {};
        rust = (mozilla.rustChannelOf {
          date = "2022-04-30";
          channel = "nightly";
          sha256= "pKjVkFhROJV0+JZKx2n4Fn9fJFuGX8pZW3LjUAN+Jx0=";
        }).rust;

        naersk-lib = naersk.lib."${system}".override {
          cargo = rust;
          rustc = rust;
        };
      in
        rec {
          # `nix build`
          deps = with pkgs; [
            pkg-config
            openssl
            gcc
            glibc
          ];
          packages.glitch-ng = naersk-lib.buildPackage {
            pname = "glitch-ng";
            root = ./.;
            buildInputs = deps;
            nativeBuildInputs = deps;
          };
          defaultPackage = packages.glitch-ng;

          # `nix run`
          apps.glitch-ng = flake-utils.lib.mkApp {
            drv = packages.glitch-ng;
          };
          defaultApp = apps.glitch-ng;

          nixosModules.glitch = { config, lib, ... }: {
            options = {
              services.glitch-ng.enable = lib.mkEnableOption "enable glitch NG";
              services.glitch-ng.environment-file-location = lib.mkOption {
                type = lib.types.path;
                default = "/var/lib/glitch-ng/.env";
                description = "The location of the environment file";
              };
            };

            config = lib.mkIf config.services.glitch-ng.enable {
              users.groups.glitch-ng = {
                members = [ "glitch-ng"
                "${config.services.postgresql.superUser}" ];
              };
              users.users.glitch-ng = {
                createHome = true;
                isSystemUser = true;
                home = "/var/lib/glitch-ng";
                group = "glitch-ng";
              };

              systemd.services.glitch-ng = {
                wantedBy = [ "multi-user.target" ];
                after = [ "glitch-ng-init.service" ];
                requires = [ "glitch-ng-init.service" ];
                serviceConfig = {
                  User = "glitch-ng";
                  Group = "glitch-ng";
                  Restart = "always";
                  WorkingDirectory = "/var/lib/glitch-ng";
                  ExecStart = "${defaultPackage}/bin/glitch-ng";
                  EnvironmentFile = "${config.services.glitch-ng.environment-file-location}";
                };
              };

              systemd.services.glitch-ng-init = {
                wantedBy = [ "multi-user.target" ];
                requires =  [ "postgresql.service" ];
                after =  [ "postgresql.service" ];
                description = "Initialize for glitch-ng";

                script = with pkgs; ''
                  if ! [ -e /var/lib/postgresql/.glitch-inited ]; then
                    ${config.services.postgresql.package}/bin/createuser glitch-ng
                    ${config.services.postgresql.package}/bin/createdb -O glitch-ng glitch
                    touch /var/lib/postgresql/.glitch-inited
                  fi
                '';
                serviceConfig = {
                  Type = "oneshot";
                  User = "${config.services.postgresql.superUser}";
                  Group = "glitch-ng";
                };
              };

              services.postgresql.enable = true;

            };
          };

          # `nix develop`
          devShell = pkgs.mkShell {
            nativeBuildInputs = with pkgs; [ rust ] ++ deps;
          };
        }
    );
}