{
  description = "Kubernetes deployments";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    flutils.url = "github:numtide/flake-utils";

    nixhelm = {
      url = "github:farcaller/nixhelm";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    blog-pim = {
      # HACK: pinning this to a specific revision, as my automation is broken.
      url = "git+https://git.kun.is/home/blog-pim?rev=7296f7f5bf5f089a5137036dcbd8058cf3e4a9e5";
      inputs = {
        nixpkgs.follows = "nixpkgs";
        flutils.follows = "flutils";
      };
    };

    kubenix = {
      url = "github:pizzapim/kubenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    dns = {
      url = "github:kirelagin/dns.nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    servers = {
      # url = "git+https://git.kun.is/home/nixos-servers";
      type = "path";
      path = "/home/pim/git/nixos-servers";
    };
  };

  outputs = inputs@{ self, servers, flutils, nixpkgs, kubenix, ... }: flutils.lib.eachDefaultSystem
    (system:
      let
        pkgs = nixpkgs.legacyPackages.${system};
        deployScript = (pkgs.writeScriptBin "applyset-deploy.sh" (builtins.readFile ./applyset-deploy.sh)).overrideAttrs (old: {
          buildCommand = "${old.buildCommand}\npatchShebangs $out";
        });

        machines = servers.machines.${system};

        mkKubernetes = name: module: namespace: (kubenix.evalModules.${system} {
          specialArgs = {
            inherit namespace system machines;
            inherit (servers) globals;
            inherit (inputs) nixhelm blog-pim dns;
          };

          module = { kubenix, ... }:
            {
              imports = [
                kubenix.modules.k8s
                kubenix.modules.helm
                ./modules
                module
              ];

              config = {
                kubenix.project = name;
                kubernetes.namespace = namespace;
              };
            };
        }).config.kubernetes;

        mkManifest = name: { module, namespace }: {
          name = "${name}-manifest";
          value = (mkKubernetes name module namespace).result;
        };

        mkDeployApp = name: { module, namespace }:
          let
            kubernetes = mkKubernetes name module namespace;
            kubeconfig = kubernetes.kubeconfig or "";
            result = kubernetes.result or "";

            wrappedDeployScript = pkgs.symlinkJoin
              {
                name = "applyset-deploy.sh";
                paths = [ deployScript pkgs.vals pkgs.kubectl ];
                buildInputs = [ pkgs.makeWrapper ];
                passthru.manifest = result;
                meta.mainProgram = "applyset-deploy.sh";

                postBuild = ''
                  wrapProgram $out/bin/applyset-deploy.sh \
                    --suffix PATH : "$out/bin" \
                    --run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \
                    --set MANIFEST '${result}' \
                    --set APPLYSET 'applyset-${name}' \
                    --set NAMESPACE '${namespace}'
                '';
              };
          in
          {
            name = "${name}-deploy";
            value = wrappedDeployScript;
          };

        deployments = import ./deployments.nix;
      in
      {
        packages = pkgs.lib.mergeAttrs (pkgs.lib.mapAttrs' mkDeployApp deployments) (pkgs.lib.mapAttrs' mkManifest deployments);
      });
}