{
  description = "Derivation lit";

  nixConfig = {
    extra-substituters = [
      "https://cache.elnafo.ru"
      "https://bonfire.cachix.org"
    ];
    extra-trusted-public-keys = [
      "cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="
      "bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="
    ];
  };

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
  };

  outputs = {
    self,
    nixpkgs,
    ...
  } @ inputs: let
    lib = inputs.nixpkgs.lib;
    forAllSystems = nixpkgs.lib.genAttrs ["x86_64-linux"];
    nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;});
    pkgs = nixpkgs.legacyPackages.x86_64-linux;

    systemConfig = {
      modules = with inputs; [
        ({
          modulesPath,
          config,
          ...
        }: {
          imports = [
            (modulesPath + "/profiles/qemu-guest.nix")
            (modulesPath + "/virtualisation/qemu-vm.nix")
          ];

          system.stateVersion = "25.05";

          services.openssh = {
            enable = true;
            startWhenNeeded = true;
            settings.PasswordAuthentication = false;
            settings.KbdInteractiveAuthentication = false;
            settings.X11Forwarding = true;
          };

          environment.systemPackages = [pkgs.networkmanagerapplet];

          boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
          boot.initrd.kernelModules = [];
          boot.kernelModules = ["kvm-amd"];
          boot.extraModulePackages = [];

          boot.kernelParams = [
            "console=tty1"
            "console=ttyS0,115200"
          ];
          boot.loader.grub.enable = lib.mkForce true;
          boot.loader.grub.device = "/dev/vda";

          fileSystems."/" = {
            device = "/dev/vda1";
            fsType = "ext4";
          };

          networking = {
            networkmanager = {
              enable = true;
              enableStrongSwan = true;
              packages = with pkgs; [
                networkmanager-l2tp
              ];
            };
            hostName = "nixos";
            extraHosts = ''192.168.130.211 gitlab'';
          };
          networking.firewall.enable = false;

          boot.tmp.cleanOnBoot = true;
          nix.settings.auto-optimise-store = true;

          services.journald.extraConfig = ''
            SystemMaxUse=100M
            MaxFileSec=7day
          '';

          services.resolved = {
            enable = true;
            dnssec = "false";
          };

          users.users.l-nafaryus = {
            isNormalUser = true;
            shell = pkgs.fish;
            openssh.authorizedKeys.keys = [
              "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1YGp8AI48hJUSQBZpuKLpbj2+3Q09vq64NxFr0N1MS"
            ];
          };
          programs.fish.enable = true;

          users.users.root.openssh.authorizedKeys.keys =
            config.users.users.l-nafaryus.openssh.authorizedKeys.keys;

          virtualisation.qemu.options = [
            "-net user,hostfwd=tcp::10022-:22"
            "-nographic"
          ];
        })
      ];
    };
  in {
    nixosConfigurations = {
      nixtt = lib.nixosSystem (systemConfig // {system = "x86_64-linux";});
    };

    devShells = {
      x86_64-linux.default = pkgs.mkShellNoCC {
        buildInputs = [
          pkgs.qemu
          pkgs.nixos-generators
        ];
      };
    };

    packages.x86_64-linux.nixtt = pkgs.writeScriptBin "run-nixtt" ''
      #!${pkgs.runtimeShell}

      ${self.nixosConfigurations.nixtt.config.system.build.vm}/bin/run-nixos-vm

    '';
  };
}