{
  inputs = {
    fenix = {
      url = "github:nix-community/fenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixpkgs.url = "nixpkgs/nixos-unstable";
  };
  outputs = { nixpkgs, fenix, ... }:
    let
      systems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
      foreachSystem = nixpkgs.lib.genAttrs systems;
    in
    rec {
      packages = foreachSystem (system:
        let
          pkgs = import nixpkgs { inherit system; };
          rustPlatform = pkgs.makeRustPlatform {
            cargo = fenix.packages."${pkgs.stdenv.system}".complete.toolchain;
            rustc = fenix.packages."${pkgs.stdenv.system}".complete.toolchain;
          };
          buildTools = with pkgs; [ pkg-config ];
          libraries = with pkgs; [ libseccomp ];
        in
        rec {
          x2t-sandbox = rustPlatform.buildRustPackage rec {
            pname = "x2t-sandbox";
            version = "1.0.0";

            nativeBuildInputs = buildTools;
            buildInputs = libraries;

            src = ./.;

            cargoLock = {
              lockFile = ./Cargo.lock;
            };


            meta = with nixpkgs.lib; {
              description = "seccomp sandbox with rules defined at build stage";
              homepage = "https://gitea.jianguoyun.net.cn/guochao/x2t-sandbox";
              license = licenses.unlicense;
              maintainers = [ ];
            };
          };

          default = x2t-sandbox;
        });
      devShells = foreachSystem
        (system:
          let
            pkgs = import nixpkgs { inherit system; };
            developmentTools = with pkgs; [
              cargo-expand
            ];
          in
          with pkgs; rec {
            default = packages."${system}".default.overrideAttrs (prevAttrs: {
              nativeBuildInputs = prevAttrs.nativeBuildInputs ++ (with fenix.packages."${system}".complete; [ rust-analyzer rust-src ]) ++ developmentTools;
            });
          });
    };
}