{
  inputs = {
    utils.url = "github:numtide/flake-utils";
    nixpkgs.url = "github:NixOS/nixpkgs/master";
    nix-filter.url = "github:numtide/nix-filter";
  };

  outputs = {
    self,
    nixpkgs,
    utils,
    nix-filter,
  }:
    utils.lib.eachDefaultSystem
    (system: let
      pkgs = import nixpkgs {
        inherit system;
      };

      filter = nix-filter.lib;

      nodejs = pkgs.nodejs_20;

      src = filter {
        root = ./.;
        include = [
          ./package.json
          ./package-lock.json
        ];
      };

      packageLock = builtins.fromJSON(builtins.readFile (src + "/package-lock.json"));

      deps = builtins.attrValues (removeAttrs packageLock.packages [ "" ]);
      depTarballs = map (p: pkgs.fetchurl { url = p.resolved; hash = p.integrity; }) deps;
      nodeTarball = pkgs.fetchurl {
        url = "https://nodejs.org/download/release/v20.11.1/node-v20.11.1-headers.tar.gz";
        hash = "sha256-CqQskbRB6UX/Q706g3dZxYtDbeV9zQM9AuXLzS+6H4c=";
      };
      tarballsFile = pkgs.writeTextFile {
        name = "tarballs";
        text = (builtins.concatStringsSep "\n" depTarballs) + "\n";
      };

      tempestdev_modules = pkgs.stdenv.mkDerivation {
        inherit src;

        name = "tempestdevnode_modules";

        nativeBuildInputs = [ 
          nodejs
          pkgs.nodePackages.node-gyp
          pkgs.vips 
          pkgs.pkg-config
          pkgs.python3
        ];

        buildPhase = ''
          export HOME=$PWD/.home
          export npm_config_cache=$PWD/.npm
          NODE_VERSION=$(${nodejs}/bin/node -v)

          echo "Caching Node headers"
          ${pkgs.nodePackages.node-gyp}/bin/node-gyp install $NODE_VERSION --tarball=${nodeTarball}

          echo "Caching NPM dependencies"
          while read package
          do
            npm cache add "$package"
          done <${tarballsFile}

          ${nodejs}/bin/npm --offline ci --no-registry
        '';

        installPhase = ''
          mkdir $out
          sed --in-place 's|/usr/bin/env node|${nodejs}/bin/node|' ./node_modules/next/dist/bin/next
          mv node_modules $out/node_modules
        '';
      };
    in {
      packages = {

        default = pkgs.stdenv.mkDerivation {
          name = "tempest.dev";

          src = filter {
            root = ./.;
            exclude = [
              ./.next
              ./node_modules
            ];
          };

          nativeBuildInputs = [ nodejs ];

          configurePhase = ''
            ln -sf ${tempestdev_modules}/node_modules node_modules
            export HOME=$TMP
          '';

          buildPhase = ''
            npm run build
          '';

          installPhase = ''
            mv out $out
          '';
        };
      };
    }) // {
      nixosModule = {config, lib, pkgs, ...}:
        with lib;
        let cfg = config.ashe.services."tempest.dev";
            pkg = self.packages.${pkgs.system}.default;


        in {
          options.ashe.services."tempest.dev" = {
            enable = mkEnableOption "Enables the tempest.dev HTTP service";

            domain = mkOption rec {
              type = types.str;
              default = "tempest.dev";
              example = default;
              description = "The domain name for tempest.dev";
            };
          };

          config = mkIf cfg.enable {
            services.nginx.virtualHosts.${cfg.domain} = {
              locations."/" = {
                root = "${pkg}";
              };
              locations."/.well-known/" = {
                extraConfig = ''
                  alias ${pkg}/.well-known/;
                  add_header Content-Type text/plain;
                '';
              };
              forceSSL = true;
              enableACME = true;
            };
          };
        };
    };
}