{
  description = "Definition of the Informis NixOps network.";

  inputs = {
    nixpkgs.url = "nixpkgs/nixos-21.05";

    fudo-secrets.url = "path:/state/secrets";

    fudo-nixos = {
      url = "git+ssh://fudo_git@git.fudo.org:2222/fudo-nix/nixos-config.git";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    fudo-entities = {
      url = "git+ssh://fudo_git@git.fudo.org:2222/fudo-nix/entities.git";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, nixpkgs, fudo-nixos, fudo-entities, fudo-secrets, ... }:
    with nixpkgs.lib; {
      nixopsConfigurations.default = let
        domain = "informis.land";

        deployment-hosts = filterAttrs
          (hostname: hostOpts:
            hostOpts.domain == domain &&
            hostOpts.nixos-system)
          fudo-entities.entities.hosts;

        network-config = {
          inherit nixpkgs;
          network = {
            description = "Seattle NixOps network";
            enableRollback = true;
          };
        };

        uber-secrets = config.fudo.secrets.files.host-filesystem-keys;

        host-configs = (mapAttrs (hostname: hostOpts:
          fudo-nixos.nixopsHostConfigurations.${hostname})
          deployment-hosts);

        host-uber-secrets = (mapAttrs (hostname: hostOpts:
          if (hasAttr hostname uber-secrets) then
            mapAttrs (secret: secret-file: {
              keyFile = secret-file;
              user = "root";
              permissions = "0400";
            }) uber-secrets.${hostname}
          else {}));
      in network-config // host-configs // host-uber-secrets;
    };
}