{
  description = "Albatros";
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs";
    flake-utils.url = "github:numtide/flake-utils";
  };

  outputs = { self, nixpkgs, flake-utils }: 
  with flake-utils.lib; let
      archmap = {
        aarch64-linux = {
          GOOS = "linux";
          GOARCH = "arm64";
        };
        x86_64-linux = {
          GOOS = "linux";
          GOARCH = "amd64";
        };
        i686-linux = {
          GOOS = "linux";
          GOARCH = "386";
        };
        armv6l-linux = {
          GOOS = "linux";
          GOARCH = "arm";
        };
      };
  in eachSystem [ 
      # supported systems
      system.x86_64-linux 
      system.i686-linux
      system.armv6l-linux
      system.aarch64-linux
    ] (targetHost: let 

      # Should be configurable
      buildSystem = system.x86_64-linux;

      # generic config
      albaVersion = "0.9";

      # nix repository
      pkgs = import nixpkgs {
        system = buildSystem;
        # we don't use nixos cross environment as it is slow and not required
        #crossSystem = {
        #  config = targetHost;
        #};
        overlays = [ ]; # we dropped the overlay we had, keep it as "skeleton".
      };     

      # declare the go module of this package
      albatrosProject = (pkgs.buildGoModule rec {
        pname = "albatros-go-module";
        version = albaVersion;
        src = builtins.path {
          path = ./.;
          name = "albatros-source";
          filter = (path: type: type == "directory" || (builtins.match ".*\\.(go|sum|mod)" path) != null);
        };
        CGO_ENABLED = 0;
        vendorSha256 = "sha256-KYjXb882jWLFO6zilQXlrZorL9tw/+6njQNkB6E9Er4=";
        dontCheck=true;
        buildPhase = ''
          go build bin/ci.go
          go build -tags containers_image_docker_daemon_stub,containers_image_storage_stub,containers_image_openpgp bin/alba.go
        '';
        installPhase = ''
            mkdir -p $out
            cp alba ci $out/
        '';
        meta = with pkgs.lib; {
          description = "albatros is a collection of tools to build your software supply chain";
          homepage = "https://git.deuxfleurs.fr/Deuxfleurs/albatros";
          license = licenses.agpl3;
          platforms = platforms.linux;
        };
      }).overrideAttrs (old: old // (builtins.getAttr targetHost archmap));


      # get only a statically compiled ci
      ci = pkgs.stdenv.mkDerivation {
        pname = "albatros-ci";
        version = albaVersion;
        dontUnpack = true;
        dontBuild = true;
        installPhase = ''
          cp ${albatrosProject}/ci $out
        '';
      };

      # get only a statically compiled alba tool
      alba = pkgs.stdenv.mkDerivation {
        pname = "albatros-alba";
        version = albaVersion;
        dontUnpack = true;
        dontBuild = true;
        installPhase = ''
          cp ${albatrosProject}/alba $out
        '';
      };

      # logic to build docker containers
      container = pkgs.dockerTools.buildImage {
        name = "dxflrs/albatros-ci";
        architecture = (builtins.getAttr targetHost archmap).GOARCH;
        config = {
          Cmd = [ "${ci}" ];
          Env = [
            "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
          ];
        };
      };

    # Exposed content
    in {
      packages = {
        inherit ci alba container;
        default = ci;

        # ci/cd stuff, to be run with `nix run .#build-static` and so on
        build-static = pkgs.writeScriptBin "albatros-build-static" ''
          nix build --print-build-logs .#packages.x86_64-linux.ci  -o static/linux/amd64/ci
          nix build --print-build-logs .#packages.i686-linux.ci    -o static/linux/386/ci
          nix build --print-build-logs .#packages.aarch64-linux.ci -o static/linux/arm64/ci
          nix build --print-build-logs .#packages.armv6l-linux.ci  -o static/linux/arm/ci

          nix build --print-build-logs .#packages.x86_64-linux.alba  -o static/linux/amd64/alba
          nix build --print-build-logs .#packages.i686-linux.alba    -o static/linux/386/alba
          nix build --print-build-logs .#packages.aarch64-linux.alba -o static/linux/arm64/alba
          nix build --print-build-logs .#packages.armv6l-linux.alba  -o static/linux/arm/alba
          '';
        publish-static = pkgs.writeScriptBin "albatros-push-static" ''
            RTAG=''${TAG:-$COMMIT}
            echo "selected release tag is $RTAG"
            ${alba} static push -t albatros:$RTAG static/ 's3://download.deuxfleurs.org?endpoint=garage.deuxfleurs.fr&s3ForcePathStyle=true&region=garage' 1>&2
          '';
        build-container = pkgs.writeScriptBin "albatros-build-container" ''
            nix build --print-build-logs .#packages.x86_64-linux.container  -o docker/linux.amd64.tar.gz
            nix build --print-build-logs .#packages.armv6l-linux.container  -o docker/linux.arm.tar.gz
            nix build --print-build-logs .#packages.aarch64-linux.container -o docker/linux.arm64.tar.gz
            nix build --print-build-logs .#packages.i686-linux.container    -o docker/linux.386.tar.gz
          '';
        publish-garage = pkgs.writeScriptBin "albatros-publish-garage" ''
            RTAG=''${TAG:-$COMMIT}
            echo "selected release tag is $RTAG"
            ${alba} container push -t albatros:$RTAG docker/ 's3://registry.deuxfleurs.org?endpoint=garage.deuxfleurs.fr&s3ForcePathStyle=true&region=garage' 1>&2
          '';
        publish-docker-hub = pkgs.writeScriptBin "albatros-publish-dockerhub" ''
            RTAG=''${TAG:-$COMMIT}
            echo "selected release tag is $RTAG"
            ${alba} container push -t albatros:$RTAG docker/ "docker://docker.io/dxflrs/albatros:$RTAG" 1>&2
          '';
      };
    });
}