{
  description = "ops-jrz1 NixOS server configuration with Matrix platform";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";

    sops-nix = {
      url = "github:Mic92/sops-nix/c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3";  # Pin to June 2024 version compatible with nixpkgs 24.05
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, ... }@inputs: {
    nixosConfigurations = {
      # Production configuration (for actual VPS deployment)
      ops-jrz1 = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = {
          pkgs-unstable = import nixpkgs-unstable {
            system = "x86_64-linux";
            config = {
              allowUnfree = true;
              permittedInsecurePackages = [
                "olm-3.2.16"  # Required by mautrix bridges
              ];
            };
          };
        };
        modules = [
          ./configuration.nix
          ./hosts/ops-jrz1.nix
          sops-nix.nixosModules.sops
        ];
      };

      # VM testing configuration (for local validation before deployment)
      ops-jrz1-vm = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = {
          pkgs-unstable = import nixpkgs-unstable {
            system = "x86_64-linux";
            config = {
              allowUnfree = true;
              permittedInsecurePackages = [
                "olm-3.2.16"  # Required by mautrix bridges (VM testing only)
              ];
            };
          };
        };
        modules = [
          ./configuration.nix
          ./hosts/ops-jrz1-vm.nix
          # Note: No sops-nix for VM testing
        ];
      };
    };
  };
}