{
  inputs,
  lib,
  ...
}:

let
  inherit (builtins) readDir;
  inherit (lib)
    attrNames
    mkOption
    evalModules
    filterAttrs
    ;
  inherit (lib.attrsets) genAttrs;
  sources = import ../../npins;

  ## Given a machine's name, make a resource module,
  ## except for its missing provider. (Depending on the use of that resource, we
  ## will provide a different one.)
  makeResourceModule =
    { vmName }:
    {
      imports = [
        ./common/resource.nix
        ./machines/${vmName}
      ];
      fediversityVm.name = vmName;
    };

  ## Given a list of machine names, make a deployment with those machines'
  ## configurations as resources.
  makeDeployment =
    vmNames:
    { providers, ... }:
    {
      providers.local = inputs.nixops4.modules.nixops4Provider.local;
      resources = genAttrs vmNames (vmName: {
        type = providers.local.exec;
        imports = [
          inputs.nixops4-nixos.modules.nixops4Resource.nixos
          (makeResourceModule {
            inherit vmName;
          })
        ];
      });
    };
  makeDeployment' = vmName: makeDeployment [ vmName ];

  nixops4ResourceNixosMockOptions = {
    ## NOTE: We allow the use of a few options from
    ## `nixops4-nixos.modules.nixops4Resource.nixos` such that we can
    ## reuse modules that make use of them.
    ##
    ## REVIEW: We can probably do much better and cleaner. On the other hand,
    ## this is only needed to expose NixOS configurations for provisioning
    ## purposes, and eventually all of this should be handled by NixOps4.
    options = {
      nixos.module = mkOption { }; # NOTE: not just `nixos` otherwise merging will go wrong
      nixpkgs = mkOption { };
      ssh = mkOption { };
    };
  };

  makeResourceConfig =
    vm:
    (evalModules {
      modules = [
        nixops4ResourceNixosMockOptions
        (makeResourceModule vm)
      ];
    }).config;

  ## Given a VM name, make a NixOS configuration for this machine.
  makeConfiguration =
    vmName:
    let
      inherit (sources) nixpkgs;
    in
    import "${nixpkgs}/nixos" {
      modules = [
        (makeResourceConfig { inherit vmName; }).nixos.module
      ];
    };

  makeVmOptions = vmName: {
    inherit ((makeResourceConfig { inherit vmName; }).fediversityVm)
      proxmox
      vmId
      description

      sockets
      cores
      memory
      diskSize

      hostPublicKey
      unsafeHostPrivateKey
      ;
  };

  listSubdirectories = path: attrNames (filterAttrs (_: type: type == "directory") (readDir path));

  machines = listSubdirectories ./machines;

in
{
  ## - Each machine gets a NixOS configuration.
  ## - Each machine gets a VM options entry.
  ## - Each machine gets a deployment.
  ## - We add a “default” deployment with all infra machines.
  nixops4Deployments = genAttrs machines makeDeployment' // {
    default = makeDeployment machines;
  };
  flake.nixosConfigurations = genAttrs machines makeConfiguration;
  flake.vmOptions = genAttrs machines makeVmOptions;
}