{
  description = "vrnp";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
    flake-utils.url = "github:numtide/flake-utils";
    gitignore = {
      url = "github:hercules-ci/gitignore.nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, nixpkgs, flake-utils, gitignore }: flake-utils.lib.eachDefaultSystem (system:
    let
      pkgs = import nixpkgs { inherit system; };

      vrnp-static = pkgs.buildGoModule {
        pname = "vrnp";
        version = "0.0.10";
        vendorHash = null;

        # For building the package, we use only the files not ignored by Git as inputs.
        # Also, flake.nix and flake.lock are not included to avoid annoying rebuilds when
        # working on them.
        src = pkgs.lib.cleanSourceWith {
          src = gitignore.lib.gitignoreSource ./.;
          filter = path: type: builtins.baseNameOf path != "flake.nix" && builtins.baseNameOf path != "flake.lock";
        };

        # Avoid linking against libc
        CGO_ENABLED = 0;
      };
    in {
      devShell = pkgs.mkShell {
        packages = [
          pkgs.go
          (pkgs.python3.withPackages (ps: with ps; [ pillow ]))
        ];
      };
      packages = {
        default = vrnp-static;
        image-meta = pkgs.runCommand "image-meta" {} ''
          mkdir -p $out
          echo -n ${vrnp-static.version} > $out/version
          echo -n git.pbrinkmeier.de/paul/vrnp:${vrnp-static.version} > $out/name
        '';
        image = pkgs.dockerTools.buildImage {
          name = "git.pbrinkmeier.de/paul/vrnp";
          tag = vrnp-static.version;
          copyToRoot = pkgs.buildEnv {
            name = "vrnp-root";
            paths = [ vrnp-static pkgs.cacert ];
            pathsToLink = [ "/bin" "/etc" ];
          };
          config.Cmd = [ "${vrnp-static}/bin/vrnp" ];
        };
      };
    }
  );
}