{
  inputs = {
    flake-parts.url = "github:hercules-ci/flake-parts";
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
  };

  outputs = inputs@{ flake-parts, ... }:
    flake-parts.lib.mkFlake { inherit inputs; } {
      systems = [ "x86_64-linux" ];
      perSystem = { config, self', inputs', pkgs, system, ... }:
      let
        image-tag = "ataraxiadev/docker-divestos:latest";
        secrets-env = "./secrets.env";
        # cmd-line-options = "";
        git-email = "ataraxiadev@ataraxiadev.com";
        git-name = "AtaraxiaDev";
      in rec {
        packages = {
          image-build = pkgs.writeShellScriptBin "image-build" ''
            docker build --force-rm --tag ${image-tag} .
          '';
          image-run = pkgs.writeShellScriptBin "image-run" ''
            docker run -it --rm --name docker-divestos \
              --ipc=host  --device /dev/fuse --cap-add SYS_ADMIN \
              -e GIT_USER_NAME=${git-name} -e GIT_USER_EMAIL=${git-email} \
              -e DOS_REMOVE_AFTER=false -v $(pwd)/android:/android \
              --env-file ${secrets-env} ${image-tag} "$@"
          '';
          # --security-opt seccomp=unconfined
          default = packages.image-run;
        };
        devShells.default = pkgs.mkShell {
          name = "divestos-terminal";
          packages = with packages; [ image-build image-run ];
        };
      };
    };
}