From b12aac6421ad012729cc86d7f770b94206fa9290 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sat, 26 Jul 2025 21:32:35 +0200
Subject: [PATCH 01/46] feat(ninurta): remove hydra

---
 nixos/ninurta/configuration.nix | 29 -----------------------------
 1 file changed, 29 deletions(-)

diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix
index 39bdca7..47c0103 100644
--- a/nixos/ninurta/configuration.nix
+++ b/nixos/ninurta/configuration.nix
@@ -14,7 +14,6 @@ let
   uwuPrivKey = "pruflas-wg0-key";
   wgHydraPrivKey = "pruflas-wg-hydra-key";
   uwuPresharedKey = "pruflas-wg0-preshared-key";
-  hydraGitHubAuth = "hydra-github-authorization";
   initrdSshKey = "/etc/ssh/ssh_initrd_ed25519_key";
   softServePort = 23231;
 in
@@ -154,34 +153,6 @@ in
     mode = "400";
   };
 
-  age.secrets.${hydraGitHubAuth} = {
-    file = "${secretsPath}/${hydraGitHubAuth}.age";
-    mode = "440";
-    owner = "hydra-www";
-    group = "hydra";
-  };
-
-  services.hydra = {
-    enable = false;
-    package = pkgs.hydra;
-    hydraURL = "https://hydra.dadada.li";
-    notificationSender = "hydra@localhost";
-    buildMachinesFiles = [ ];
-    useSubstitutes = true;
-    port = 3000;
-    listenHost = "10.3.3.3";
-    extraConfig = ''
-      Include ${config.age.secrets."${hydraGitHubAuth}".path}
-
-      <githubstatus>
-        jobs = nix-config:main.*
-        inputs = nix-config
-        excludeBuildFromContext = 1
-        useShortContext = 1
-      </githubstatus>
-    '';
-  };
-
   nix.buildMachines = [
     {
       hostName = "localhost";

From 618a4b3a7331b0c6704bb8f154c96c9c309d49cd Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 27 Jul 2025 00:21:39 +0200
Subject: [PATCH 02/46] fix(stolas): suspend from disk and wifi suspend

---
 nixos/stolas/default.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix
index 696f55f..016d986 100644
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@@ -23,7 +23,12 @@
       pkiBundle = "/var/lib/sbctl";
     };
     kernelModules = [ "kvm-amd" ];
-    extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
+    # Hopefully fixes suspend issues with wifi card
+    kernelPackages = pkgs.linuxPackages_latest;
+    kernelParams = [
+      "resume=UUID=81dfbfa5-d578-479c-b11c-3ee5abd6848a"
+    ];
+    extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ];
     # Lanzaboote currently replaces the systemd-boot module.
     # This setting is usually set to true in configuration.nix
     # generated at installation time. So we force it to false
@@ -205,7 +210,6 @@
           "wireshark"
           "paperless"
         ];
-        shell = "/run/current-system/sw/bin/zsh";
       };
     };
   };

From 0909933ba9b1f113224f1979e1b5565bbccc1b97 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 27 Jul 2025 00:22:20 +0200
Subject: [PATCH 03/46] chore(stolas): cleanup config

---
 nixos/stolas/default.nix | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix
index 016d986..4bc3756 100644
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@@ -27,6 +27,7 @@
     kernelPackages = pkgs.linuxPackages_latest;
     kernelParams = [
       "resume=UUID=81dfbfa5-d578-479c-b11c-3ee5abd6848a"
+      "resume_offset=533760"
     ];
     extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ];
     # Lanzaboote currently replaces the systemd-boot module.
@@ -70,10 +71,6 @@
   powerManagement = {
     enable = true;
     cpuFreqGovernor = "schedutil";
-    # TODO: Limit charge of battery, does this work without kernel patches from hardware.frameworkenableKmod?
-    powerUpCommands = ''
-      echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold
-    '';
   };
 
   networking = {
@@ -214,15 +211,6 @@
     };
   };
 
-  # TODO
-  # age.secrets = {
-  #   paperless = {
-  #     file = "${config.dadada.secrets.path}/paperless.age";
-  #     mode = "700";
-  #     owner = "paperless";
-  #   };
-  # };
-
   # Create compressing swap space in RAM
   zramSwap.enable = true;
 }

From 03c6c141ee8a9ad848b97483ca242a9bc801dc78 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 27 Jul 2025 00:55:31 +0200
Subject: [PATCH 04/46] feat(stolas): replace zram with zswap

---
 nixos/stolas/default.nix | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix
index 4bc3756..08756ee 100644
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@@ -26,8 +26,8 @@
     # Hopefully fixes suspend issues with wifi card
     kernelPackages = pkgs.linuxPackages_latest;
     kernelParams = [
-      "resume=UUID=81dfbfa5-d578-479c-b11c-3ee5abd6848a"
       "resume_offset=533760"
+      "zswap.enabled=1"
     ];
     extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ];
     # Lanzaboote currently replaces the systemd-boot module.
@@ -210,7 +210,4 @@
       };
     };
   };
-
-  # Create compressing swap space in RAM
-  zramSwap.enable = true;
 }

From 9ec068865291b811f4ff25685a03f021bdce4162 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 27 Jul 2025 01:00:17 +0200
Subject: [PATCH 05/46] chore(stolas): remove unused option for combined sleep
 target

---
 nixos/stolas/default.nix | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix
index 08756ee..9c3ed83 100644
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@@ -176,10 +176,6 @@
     "dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false;
   };
 
-  systemd.sleep.extraConfig = ''
-    HibernateDelaySec=1h
-  '';
-
   systemd.tmpfiles.rules = [
     "v /var/.snapshots 0755 root root - -"
     "v /var/paperless/.snapshots 0755 root root - -"

From 712cca59093ec0c103e2573560b141a4dec94923 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 27 Jul 2025 01:23:13 +0200
Subject: [PATCH 06/46] feat(stolas): use larger swapfile

---
 nixos/stolas/default.nix | 3 ++-
 nixos/stolas/disks.nix   | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix
index 9c3ed83..9ae2d23 100644
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@@ -26,7 +26,8 @@
     # Hopefully fixes suspend issues with wifi card
     kernelPackages = pkgs.linuxPackages_latest;
     kernelParams = [
-      "resume_offset=533760"
+      "resume=UUID=81dfbfa5-d578-479c-b11c-3ee5abd6848a"
+      "resume_offset=79859524"
       "zswap.enabled=1"
     ];
     extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ];
diff --git a/nixos/stolas/disks.nix b/nixos/stolas/disks.nix
index 01cf635..eff5680 100644
--- a/nixos/stolas/disks.nix
+++ b/nixos/stolas/disks.nix
@@ -86,7 +86,7 @@
                     };
                     "/swap" = {
                       mountpoint = "/.swapvol";
-                      swap.swapfile.size = "64G";
+                      swap.swapfile.size = "128G";
                     };
                   };
                 };

From 578d4526e5e7c2221bd544e337fa30b8692e4a79 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 27 Jul 2025 15:13:36 +0200
Subject: [PATCH 07/46] chore: clean up nixos configurations

Consolidate nixpkgs instances into once for all x86 systems
---
 flake.lock                       |  17 ---
 flake.nix                        |   1 -
 home/nixpkgs-config.nix          |   7 --
 home/pkgs.nix                    |   1 -
 hydra-jobs.nix                   |   4 -
 nixos/configurations.nix         | 175 +++++++++++++------------------
 nixos/gorgon/configuration.nix   |   5 +-
 nixos/modules/nixpkgs.nix        |   3 -
 nixos/modules/profiles/cloud.nix |   4 +
 nixos/modules/profiles/home.nix  |   7 ++
 nixos/stolas/default.nix         |   7 +-
 outputs.nix                      |  21 ++--
 overlays.nix                     |   1 -
 13 files changed, 92 insertions(+), 161 deletions(-)
 delete mode 100644 home/nixpkgs-config.nix
 delete mode 100644 hydra-jobs.nix
 delete mode 100644 nixos/modules/nixpkgs.nix
 create mode 100644 nixos/modules/profiles/home.nix
 delete mode 100644 overlays.nix

diff --git a/flake.lock b/flake.lock
index 8c964f5..3d0d3f2 100644
--- a/flake.lock
+++ b/flake.lock
@@ -325,22 +325,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-small": {
-      "locked": {
-        "lastModified": 1753505055,
-        "narHash": "sha256-jQKnNATDGDeuIeUf7r0yHnmirfYkYPHeF0N2Lv8rjPE=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "7be0239edbf0783ff959f94f9728db414be73002",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable-small",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixpkgs-stable": {
       "locked": {
         "lastModified": 1730741070,
@@ -397,7 +381,6 @@
         "nixos-generators": "nixos-generators",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
-        "nixpkgs-small": "nixpkgs-small",
         "systems": "systems_2",
         "treefmt-nix": "treefmt-nix"
       }
diff --git a/flake.nix b/flake.nix
index 73686ce..151f1b5 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,7 +2,6 @@
   description = "dadada's nix flake";
 
   inputs = {
-    nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
     disko = {
       url = "github:nix-community/disko";
diff --git a/home/nixpkgs-config.nix b/home/nixpkgs-config.nix
deleted file mode 100644
index 6a29a63..0000000
--- a/home/nixpkgs-config.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ pkgs }:
-{
-  allowUnfree = true;
-  allowUnfreePredicate = pkg: true;
-  allowBroken = false;
-  android_sdk.accept_license = true;
-}
diff --git a/home/pkgs.nix b/home/pkgs.nix
index 7a707e1..e980614 100644
--- a/home/pkgs.nix
+++ b/home/pkgs.nix
@@ -125,7 +125,6 @@ with pkgs;
   spotify
   sqlite
   sshfs-fuse
-  steam
   taplo
   tcpdump
   tdesktop
diff --git a/hydra-jobs.nix b/hydra-jobs.nix
deleted file mode 100644
index 3369943..0000000
--- a/hydra-jobs.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{ self, nixpkgs, ... }:
-(nixpkgs.lib.mapAttrs' (
-  name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel
-) self.nixosConfigurations)
diff --git a/nixos/configurations.nix b/nixos/configurations.nix
index 95b894e..220e4d0 100644
--- a/nixos/configurations.nix
+++ b/nixos/configurations.nix
@@ -8,127 +8,92 @@
   nixos-hardware,
   nixos-generators,
   nixpkgs,
-  nixpkgs-small,
   ...
 }@inputs:
 let
-  nixosSystem =
+  # create a new instance allowing some unfree packages
+  nixpkgsx86 = import nixpkgs {
+    system = "x86_64-linux";
+    config.allowUnfreePredicate =
+      pkg:
+      builtins.elem (nixpkgs.lib.getName pkg) [
+        "aspell-dict-en-science"
+        "brgenml1lpr"
+        "saleae-logic-2"
+        "spotify"
+      ];
+  };
+  nixosSystem = nixpkgs.lib.nixosSystem;
+  baseModule =
+    { lib, ... }:
     {
-      nixpkgs,
-      system ? "x86_64-linux",
-      extraModules ? [ ],
-    }:
-    nixpkgs.lib.nixosSystem {
-      inherit system;
-
-      modules = [
-        {
-          nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
-        }
+      _module.args.inputs = inputs;
+      imports = [
+        inputs.agenix.nixosModules.age
+        inputs.disko.nixosModules.disko
+        inputs.home-manager.nixosModules.home-manager
+        (
+          { pkgs, ... }:
+          {
+            dadada.homepage.package = homepage;
+            dadada.pkgs = inputs.self.packages.${pkgs.system};
+            dadada.inputs = inputs // {
+              dadada = inputs.self;
+            };
+          }
+        )
+        inputs.lanzaboote.nixosModules.lanzaboote
       ]
-      ++ (nixpkgs.lib.attrValues self.nixosModules)
-      ++ [ agenix.nixosModules.age ]
-      ++ extraModules;
+      ++ (lib.attrValues inputs.self.nixosModules);
     };
+  homeModule = ./modules/profiles/home.nix;
 in
 {
-  stolas =
-    let
-      system = "x86_64-linux";
-    in
-    nixosSystem {
-      inherit nixpkgs system;
+  stolas = nixosSystem {
+    modules = [
+      { nixpkgs.pkgs = nixpkgsx86; }
+      baseModule
+      nixos-hardware.nixosModules.framework-amd-ai-300-series
+      homeModule
+      ./stolas
+    ];
+  };
 
-      extraModules = [
-        lanzaboote.nixosModules.lanzaboote
-        disko.nixosModules.disko
-        {
-          nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
-          dadada.pkgs = self.packages.${system};
-          dadada.inputs = inputs // {
-            dadada = self;
-          };
-        }
-        nixos-hardware.nixosModules.framework-amd-ai-300-series
-        home-manager.nixosModules.home-manager
-        (
-          { pkgs, ... }:
-          {
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
-            home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [
-              { dadada.home.helix.package = pkgs.helix; }
-            ];
-            home-manager.users.dadada = import ../home;
-          }
-        )
-        ./stolas
-      ];
-    };
-
-  gorgon =
-    let
-      system = "x86_64-linux";
-    in
-    nixosSystem {
-      inherit nixpkgs system;
-
-      extraModules = [
-        {
-          nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
-          dadada.pkgs = self.packages.${system};
-          dadada.inputs = inputs // {
-            dadada = self;
-          };
-        }
-        nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1
-        home-manager.nixosModules.home-manager
-        (
-          { pkgs, ... }:
-          {
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
-            home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [
-              { dadada.home.helix.package = pkgs.helix; }
-              { manual.manpages.enable = false; }
-            ];
-            home-manager.users.dadada = import ../home;
-          }
-        )
-        ./gorgon/configuration.nix
-      ];
-    };
+  gorgon = nixosSystem {
+    modules = [
+      { nixpkgs.pkgs = nixpkgsx86; }
+      baseModule
+      nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1
+      homeModule
+      ./gorgon/configuration.nix
+    ];
+  };
 
   surgat = nixosSystem {
-    nixpkgs = nixpkgs-small;
-    system = "x86_64-linux";
-    extraModules = [
-      {
-        dadada.homepage.package = homepage;
-      }
-      ./modules/profiles/server.nix
+    modules = [
+      { nixpkgs.pkgs = nixpkgsx86; }
+      baseModule
       ./surgat/configuration.nix
     ];
   };
 
   agares = nixosSystem {
-    nixpkgs = nixpkgs-small;
-    extraModules = [
+    modules = [
+      { nixpkgs.pkgs = nixpkgsx86; }
+      baseModule
       ./agares/configuration.nix
     ];
   };
 
-  installer =
-    let
-      nixpkgs = nixpkgs-small;
-    in
-    nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      modules = [
-        nixos-generators.nixosModules.install-iso
-        self.nixosModules.admin
+  installer = nixosSystem {
+    modules = [
+      nixos-generators.nixosModules.install-iso
+      inputs.self.nixosModules.admin
+      (
+        { lib, ... }:
         {
-          isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso";
+          nixpkgs.pkgs = nixpkgs.legacyPackages."x86_64-linux";
+          isoImage.isoName = lib.mkForce "dadada-nixos-installer.iso";
           networking.tempAddresses = "disabled";
           dadada.admin.enable = true;
           documentation.enable = true;
@@ -139,12 +104,14 @@ in
             keyMap = "us";
           };
         }
-      ];
-    };
+      )
+    ];
+  };
 
   ninurta = nixosSystem {
-    nixpkgs = nixpkgs-small;
-    extraModules = [
+    modules = [
+      { nixpkgs.pkgs = nixpkgsx86; }
+      baseModule
       ./ninurta/configuration.nix
     ];
   };
diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix
index 16f8130..cb99b2a 100644
--- a/nixos/gorgon/configuration.nix
+++ b/nixos/gorgon/configuration.nix
@@ -52,8 +52,6 @@ in
   age.secrets."${config.networking.hostName}-backup-passphrase-gs".file =
     "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age";
 
-  nixpkgs.config.android_sdk.accept_license = true;
-
   programs.ssh.startAgent = true;
 
   nix.extraOptions = ''
@@ -85,7 +83,7 @@ in
   networking.hostName = "gorgon";
 
   dadada = {
-    steam.enable = true;
+    steam.enable = false;
     yubikey.enable = true;
   };
 
@@ -154,7 +152,6 @@ in
   #];
 
   environment.systemPackages = with pkgs; [
-    android-studio
     ghostscript
     smartmontools
 
diff --git a/nixos/modules/nixpkgs.nix b/nixos/modules/nixpkgs.nix
deleted file mode 100644
index 2c5849f..0000000
--- a/nixos/modules/nixpkgs.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  nixpkgs.config.allowUnfreePredicate = pkg: true;
-}
diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix
index de57714..1ddbb1e 100644
--- a/nixos/modules/profiles/cloud.nix
+++ b/nixos/modules/profiles/cloud.nix
@@ -4,6 +4,10 @@ let
   initrdHostKey = "${config.networking.hostName}-ssh_host_ed25519_key";
 in
 {
+  imports = [
+    ./server.nix
+  ];
+
   boot.initrd.availableKernelModules = [ "virtio-pci" ];
 
   boot.kernelParams = [
diff --git a/nixos/modules/profiles/home.nix b/nixos/modules/profiles/home.nix
new file mode 100644
index 0000000..a695e8b
--- /dev/null
+++ b/nixos/modules/profiles/home.nix
@@ -0,0 +1,7 @@
+{ pkgs, inputs, ... }:
+{
+  home-manager.useGlobalPkgs = true;
+  home-manager.useUserPackages = true;
+  home-manager.sharedModules = pkgs.lib.attrValues inputs.self.hmModules;
+  home-manager.users.dadada = inputs.self.hmConfigurations.dadada;
+}
diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix
index 9ae2d23..1c5cc9b 100644
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@@ -12,11 +12,6 @@
     ./paperless.nix
   ];
 
-  nixpkgs = {
-    hostPlatform = "x86_64-linux";
-    config.allowUnfree = true;
-  };
-
   boot = {
     lanzaboote = {
       enable = true;
@@ -58,7 +53,7 @@
     # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features
     bluetooth.enable = true;
     cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-    enableAllFirmware = true;
+    enableRedistributableFirmware = true;
     framework.laptop13.audioEnhancement.enable = true;
     graphics = {
       enable = true;
diff --git a/outputs.nix b/outputs.nix
index c860d3c..08e8ad0 100644
--- a/outputs.nix
+++ b/outputs.nix
@@ -1,4 +1,3 @@
-# Adapted from Mic92/dotfiles
 {
   self,
   flake-utils,
@@ -11,7 +10,7 @@
 (flake-utils.lib.eachDefaultSystem (
   system:
   let
-    pkgs = import nixpkgs { inherit system; };
+    pkgs = nixpkgs.legacyPackages.${system};
     treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
   in
   {
@@ -31,20 +30,16 @@
     formatter = treefmtEval.config.build.wrapper;
 
     packages = import ./pkgs { inherit pkgs; } // {
-      installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage;
+      installer-iso = inputs.self.nixosConfigurations.installer.config.system.build.isoImage;
     };
   }
 ))
 // {
-  hmModules = import ./home/modules.nix { lib = nixpkgs.lib; };
-
-  nixosConfigurations = import ./nixos/configurations.nix inputs;
-
-  nixosModules = import ./nixos/modules { lib = nixpkgs.lib; };
-
-  overlays = import ./overlays.nix;
-
-  hydraJobs = import ./hydra-jobs.nix inputs;
-
   checks = import ./checks.nix inputs;
+  hmModules = import ./home/modules.nix { lib = nixpkgs.lib; };
+  hmConfigurations = {
+    dadada = import ./home;
+  };
+  nixosConfigurations = import ./nixos/configurations.nix inputs;
+  nixosModules = import ./nixos/modules { lib = nixpkgs.lib; };
 }
diff --git a/overlays.nix b/overlays.nix
deleted file mode 100644
index ffcd441..0000000
--- a/overlays.nix
+++ /dev/null
@@ -1 +0,0 @@
-{ }

From 730a4b80b5f33571f79a82fc3a4d06390e9908a8 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 27 Jul 2025 17:14:11 +0200
Subject: [PATCH 08/46] feat(agares): remove unused host

---
 nixos/agares/configuration.nix | 108 -----------
 nixos/agares/ddns.nix          |  13 --
 nixos/agares/dns.nix           |  81 ---------
 nixos/agares/firewall.nix      |  13 --
 nixos/agares/network.nix       | 323 ---------------------------------
 nixos/agares/ntp.nix           |  12 --
 nixos/agares/ppp.nix           |  68 -------
 nixos/agares/rules.nft         | 136 --------------
 nixos/configurations.nix       |   8 -
 secrets/secrets.nix            |  10 -
 10 files changed, 772 deletions(-)
 delete mode 100644 nixos/agares/configuration.nix
 delete mode 100644 nixos/agares/ddns.nix
 delete mode 100644 nixos/agares/dns.nix
 delete mode 100644 nixos/agares/firewall.nix
 delete mode 100644 nixos/agares/network.nix
 delete mode 100644 nixos/agares/ntp.nix
 delete mode 100644 nixos/agares/ppp.nix
 delete mode 100644 nixos/agares/rules.nft

diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix
deleted file mode 100644
index ba00c29..0000000
--- a/nixos/agares/configuration.nix
+++ /dev/null
@@ -1,108 +0,0 @@
-{
-  config,
-  modulesPath,
-  pkgs,
-  ...
-}:
-{
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-    ./ddns.nix
-    ./dns.nix
-    ./firewall.nix
-    ../modules/profiles/server.nix
-    ./network.nix
-    ./ntp.nix
-    ./ppp.nix
-  ];
-
-  fileSystems."/" = {
-    device = "/dev/sda1";
-    fsType = "btrfs";
-    options = [ "subvol=root" ];
-  };
-
-  #fileSystems."/nix/store" = {
-  #  device = "/dev/sda1";
-  #  fsType = "btrfs";
-  #  options = [ "subvol=/root/nix" "noatime" ];
-  #};
-
-  fileSystems."/swap" = {
-    device = "/dev/sda1";
-    fsType = "btrfs";
-    options = [
-      "subvol=/root/swap"
-      "noatime"
-    ];
-  };
-
-  #swapDevices = [{
-  #  device = "/swap/swapfile";
-  #  size = 32 * 1024; # 32 GByte
-  #}];
-
-  hardware.cpu.amd.updateMicrocode = config.hardware.enableRedistributableFirmware;
-
-  dadada = {
-    admin.enable = true;
-  };
-
-  services.smartd.enable = true;
-
-  networking.hostName = "agares";
-  networking.domain = "bs.dadada.li";
-
-  boot.initrd.availableKernelModules = [
-    "xhci_pci"
-    "ahci"
-    "ehci_pci"
-    "usb_storage"
-    "sd_mod"
-    "sdhci_pci"
-  ];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
-
-  # Use the GRUB 2 boot loader.
-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/sda";
-  boot.loader.grub.extraConfig = "
-    serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
-    terminal_input serial
-    terminal_output serial
-  ";
-
-  boot.kernelParams = [
-    "console=ttyS0,115200"
-    "amd_iommu=on"
-    "iommu=pt"
-  ];
-
-  boot.kernelModules = [
-    "kvm-amd"
-    "vfio"
-    "vfio_iommu_type1"
-    "vfio_pci"
-    "vfio_virqfd"
-  ];
-
-  environment.systemPackages = with pkgs; [
-    curl
-    flashrom
-    dmidecode
-    tcpdump
-  ];
-
-  services.munin-node = {
-    enable = true;
-    extraConfig = ''
-      host_name ${config.networking.hostName}
-      cidr_allow 10.3.3.3/32
-    '';
-  };
-
-  # Running router VM. They have to be restarted in the right order, so network comes up cleanly. Not ideal.
-  system.autoUpgrade.allowReboot = false;
-
-  system.stateVersion = "23.05";
-}
diff --git a/nixos/agares/ddns.nix b/nixos/agares/ddns.nix
deleted file mode 100644
index 9a5948f..0000000
--- a/nixos/agares/ddns.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, ... }:
-{
-  dadada.ddns = {
-    domains = [ "vpn.dadada.li" ];
-    credentialsPath = config.age.secrets."ddns-credentials".path;
-    interface = "ppp0";
-  };
-
-  age.secrets."ddns-credentials" = {
-    file = "${config.dadada.secrets.path}/ddns-credentials.age";
-    mode = "400";
-  };
-}
diff --git a/nixos/agares/dns.nix b/nixos/agares/dns.nix
deleted file mode 100644
index fe2843f..0000000
--- a/nixos/agares/dns.nix
+++ /dev/null
@@ -1,81 +0,0 @@
-{ ... }:
-{
-  services.unbound = {
-    enable = true;
-    localControlSocketPath = "/run/unbound/unbound.ctl";
-    settings = {
-      server = {
-        access-control = [
-          "127.0.0.0/8 allow"
-          "127.0.0.1/32 allow_snoop"
-          "192.168.96.0/19 allow"
-          "192.168.1.0/24 allow"
-          "172.16.128.0/24 allow"
-          "::1/128 allow_snoop"
-          "fd42:9c3b:f96d::/48 allow"
-        ];
-        interface = [
-          "127.0.0.1"
-          "192.168.1.1"
-          "192.168.100.1"
-          "192.168.101.1"
-          "192.168.102.1"
-          "192.168.103.1"
-          "192.168.120.1"
-          "::1"
-          "fd42:9c3b:f96d:100::1"
-          "fd42:9c3b:f96d:101::1"
-          "fd42:9c3b:f96d:102::1"
-          "fd42:9c3b:f96d:103::1"
-          "fd42:9c3b:f96d:120::1"
-        ];
-        prefer-ip6 = true;
-        prefetch = true;
-        prefetch-key = true;
-        serve-expired = false;
-        aggressive-nsec = true;
-        hide-identity = true;
-        hide-version = true;
-        use-caps-for-id = true;
-        val-permissive-mode = true;
-        local-data = [
-          "\"agares.bs.dadada.li. 10800 IN A 192.168.101.1\""
-          "\"danjal.bs.dadada.li. 10800 IN A 192.168.100.108\""
-          "\"legion.bs.dadada.li. 10800 IN A 192.168.100.107\""
-          "\"ninurta.bs.dadada.li. 10800 IN A 192.168.101.184\""
-          "\"agares.bs.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101::1\""
-          "\"ninurta.bs.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe\""
-          "\"backup1.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe\""
-        ];
-        local-zone = [
-          "\"168.192.in-addr.arpa.\" nodefault"
-          "\"d.f.ip6.arpa.\" nodefault"
-        ];
-      };
-      forward-zone = [
-        {
-          name = ".";
-          forward-tls-upstream = "yes";
-          forward-addr = [
-            "2620:fe::fe@853#dns.quad9.net"
-            "2620:fe::9@853#dns.quad9.net"
-            "9.9.9.9@853#dns.quad9.net"
-            "149.112.112.112@853#dns.quad9.net"
-          ];
-        }
-      ];
-      stub-zone =
-        let
-          stubZone = name: addrs: {
-            name = "${name}";
-            stub-addr = addrs;
-          };
-        in
-        [
-          #(stubZone "li.dadada.bs" ["192.168.128.220" "2a01:4f8:c010:a710::1"])
-          #(stubZone "d.6.9.f.b.3.c.9.2.4.d.f.ip6.arpa" ["192.168.101.220" "2a01:4f8:c010:a710::1"])
-          #(stubZone "168.192.in-addr.arpa" ["192.168.128.220" "2a01:4f8:c010:a710::1"])
-        ];
-    };
-  };
-}
diff --git a/nixos/agares/firewall.nix b/nixos/agares/firewall.nix
deleted file mode 100644
index 569259f..0000000
--- a/nixos/agares/firewall.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ ... }:
-{
-  networking = {
-    useDHCP = false;
-    nat.enable = false;
-    firewall.enable = false;
-    nftables = {
-      enable = true;
-      checkRuleset = true;
-      ruleset = builtins.readFile ./rules.nft;
-    };
-  };
-}
diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix
deleted file mode 100644
index 6d86d22..0000000
--- a/nixos/agares/network.nix
+++ /dev/null
@@ -1,323 +0,0 @@
-{ config, lib, ... }:
-let
-  ulaPrefix = "fd42:9c3b:f96d"; # fd42:9c3b:f96d::/48
-  ipv4Prefix = "192.168"; # 192.168.96.0/19
-  domain = "bs.dadada.li";
-in
-{
-  networking.useDHCP = false;
-  systemd.network = {
-    enable = true;
-    links = {
-      "10-persistent" = {
-        matchConfig.OriginalName = [
-          "enp1s0"
-          "enp2s0"
-        ]; # takes search domains from the [Network]
-        linkConfig.MACAddressPolicy = "persistent";
-      };
-    };
-    netdevs = {
-      # QoS concentrator
-      "ifb4ppp0" = {
-        netdevConfig = {
-          Kind = "ifb";
-          Name = "ifb4ppp0";
-        };
-      };
-      "20-lan" = {
-        netdevConfig = {
-          Kind = "vlan";
-          Name = "lan.10";
-        };
-        vlanConfig = {
-          Id = 10;
-        };
-      };
-      "20-freifunk" = {
-        netdevConfig = {
-          Kind = "vlan";
-          Name = "ff.11";
-        };
-        vlanConfig = {
-          Id = 11;
-        };
-      };
-      "20-roadw" = {
-        netdevConfig = {
-          Kind = "wireguard";
-          Name = "roadw";
-        };
-        wireguardConfig = {
-          PrivateKeyFile = config.age.secrets."wg-privkey-vpn-dadada-li".path;
-          ListenPort = 51234;
-        };
-        wireguardPeers = [
-          {
-            wireguardPeerConfig =
-              let
-                peerAddresses = i: [
-                  "${ipv4Prefix}.120.${i}/32"
-                  "${ulaPrefix}:120::${i}/128"
-                ];
-              in
-              {
-                PublicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU=";
-                AllowedIPs = peerAddresses "3";
-              };
-          }
-        ];
-      };
-      "20-wg0" = {
-        netdevConfig = {
-          Kind = "wireguard";
-          Name = "wg0";
-        };
-        wireguardConfig = {
-          PrivateKeyFile = config.age.secrets."wg-privkey-wg0".path;
-          ListenPort = 51235;
-        };
-        wireguardPeers = lib.singleton {
-          wireguardPeerConfig = {
-            PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE=";
-            AllowedIPs = [
-              "10.3.3.3/32"
-              "fd42:9c3b:f96d:121::3/128"
-              "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128"
-            ];
-          };
-        };
-      };
-    };
-    networks =
-      let
-        subnet = name: subnetId: {
-          matchConfig.Name = name;
-          addresses = [
-            { addressConfig.Address = "${ipv4Prefix}.${subnetId}.1/24"; }
-            { addressConfig.Address = "${ulaPrefix}:${subnetId}::1/64"; }
-          ];
-          dhcpPrefixDelegationConfig = {
-            SubnetId = "auto";
-          };
-          ipv6Prefixes = [
-            {
-              ipv6PrefixConfig.Prefix = "${ulaPrefix}:${subnetId}::/64";
-            }
-          ];
-          dhcpServerConfig = {
-            DNS = "_server_address";
-            NTP = "_server_address";
-            EmitDNS = true;
-            EmitNTP = true;
-            EmitRouter = true;
-            PoolOffset = 100;
-            PoolSize = 100;
-          };
-          ipv6SendRAConfig = {
-            EmitDNS = true;
-            DNS = "_link_local";
-            EmitDomains = true; # takes search domains from the [Network]
-          };
-          linkConfig = {
-            RequiredForOnline = false;
-          };
-          networkConfig = {
-            Domains = domain;
-            EmitLLDP = "yes";
-            IPv6SendRA = true;
-            IPv6AcceptRA = false;
-            DHCPPrefixDelegation = true;
-            DHCPServer = true;
-          };
-          extraConfig = ''
-            [CAKE]
-            OverheadBytes = 38
-            Bandwidth = 1G
-            RTT = lan
-          '';
-        };
-      in
-      {
-        "10-mgmt" = lib.mkMerge [
-          (subnet "enp1s0" "100")
-          {
-            networkConfig.VLAN = [
-              "lan.10"
-              "ff.11"
-            ];
-            dhcpServerStaticLeases = [
-              {
-                # legion
-                dhcpServerStaticLeaseConfig = {
-                  Address = "192.168.100.107";
-                  MACAddress = "80:CC:9C:95:4A:60";
-                };
-              }
-              {
-                # danyal
-                dhcpServerStaticLeaseConfig = {
-                  Address = "192.168.100.108";
-                  MACAddress = "c8:9e:43:a3:3d:7f";
-                };
-              }
-            ];
-          }
-        ];
-        "30-wg0" = {
-          matchConfig.Name = "wg0";
-          address = [
-            "10.3.3.2/32"
-            "fd42:9c3b:f96d:121::2/128"
-          ];
-          DHCP = "no";
-          networkConfig.IPv6AcceptRA = false;
-          linkConfig.RequiredForOnline = false;
-          routes = [
-            {
-              routeConfig = {
-                Destination = "10.3.3.1/24";
-              };
-            }
-            {
-              routeConfig = {
-                Destination = "fd42:9c3b:f96d:121::1/64";
-              };
-            }
-          ];
-        };
-        "30-lan" = subnet "lan.10" "101" // {
-          dhcpServerStaticLeases = [
-            {
-              # ninurta
-              dhcpServerStaticLeaseConfig = {
-                Address = "192.168.101.184";
-                MACAddress = "48:21:0B:3E:9C:FE";
-              };
-            }
-            {
-              # crocell
-              dhcpServerStaticLeaseConfig = {
-                Address = "192.168.101.122";
-                MACAddress = "9C:C9:EB:4F:3F:0E";
-              };
-            }
-            {
-              # gorgon
-              dhcpServerStaticLeaseConfig = {
-                Address = "192.168.101.205";
-                MACAddress = "8C:C6:81:6A:39:2F";
-              };
-            }
-          ];
-        };
-
-        "30-ff" = subnet "ff.11" "102";
-
-        "30-ifb4ppp0" = {
-          name = "ifb4ppp0";
-          extraConfig = ''
-            [CAKE]
-            OverheadBytes = 65
-            Bandwidth = 100M
-            FlowIsolationMode = triple
-            RTT = internet
-          '';
-          linkConfig = {
-            RequiredForOnline = false;
-          };
-        };
-
-        "30-ppp0" = {
-          name = "ppp*";
-          linkConfig = {
-            RequiredForOnline = "routable";
-          };
-          networkConfig = {
-            KeepConfiguration = "static";
-            DefaultRouteOnDevice = true;
-            LinkLocalAddressing = "ipv6";
-            DHCP = "ipv6";
-          };
-          extraConfig = ''
-            [CAKE]
-            OverheadBytes = 65
-            Bandwidth = 40M
-            FlowIsolationMode = triple
-            NAT=true
-            RTT = internet
-
-            [DHCPv6]
-            PrefixDelegationHint= ::/56
-            UseAddress = false
-            UseDelegatedPrefix = true
-            WithoutRA = solicit
-
-            [DHCPPrefixDelegation]
-            UplinkInterface=:self
-          '';
-          ipv6SendRAConfig = {
-            # Let networkd know that we would very much like to use DHCPv6
-            # to obtain the "managed" information. Not sure why they can't
-            # just take that from the upstream RAs.
-            Managed = true;
-          };
-        };
-        # Talk to modem for management
-        "enp2s0" = {
-          name = "enp2s0";
-          linkConfig = {
-            RequiredForOnline = false;
-          };
-          networkConfig = {
-            Address = "192.168.1.254/24";
-            EmitLLDP = "yes";
-          };
-        };
-        "10-roadw" = {
-          matchConfig.Name = "roadw";
-          addresses = [
-            { addressConfig.Address = "${ipv4Prefix}.120.1/24"; }
-            { addressConfig.Address = "${ulaPrefix}:120::1/64"; }
-          ];
-          DHCP = "no";
-          networkConfig.IPv6AcceptRA = false;
-          linkConfig.RequiredForOnline = false;
-          routes = [
-            {
-              routeConfig = {
-                Destination = "${ipv4Prefix}.120.1/24";
-              };
-            }
-            {
-              routeConfig = {
-                Destination = "${ulaPrefix}::120:1/64";
-              };
-            }
-          ];
-        };
-      };
-  };
-
-  age.secrets."wg-privkey-vpn-dadada-li" = {
-    file = "${config.dadada.secrets.path}/wg-privkey-vpn-dadada-li.age";
-    owner = "systemd-network";
-  };
-
-  age.secrets."wg-privkey-wg0" = {
-    file = "${config.dadada.secrets.path}/agares-wg0-key.age";
-    owner = "systemd-network";
-  };
-
-  boot.kernel.sysctl = {
-    # Enable forwarding for interface
-    "net.ipv4.conf.all.forwarding" = "1";
-    "net.ipv6.conf.all.forwarding" = "1";
-    "net.ipv6.conf.all.accept_ra" = "0";
-    "net.ipv6.conf.all.autoconf" = "0";
-    # Set via systemd-networkd
-    #"net.ipv6.conf.${intf}.use_tempaddr" = "0";
-  };
-
-  powerManagement.cpuFreqGovernor = lib.mkDefault "schedutil";
-}
diff --git a/nixos/agares/ntp.nix b/nixos/agares/ntp.nix
deleted file mode 100644
index c3ec49b..0000000
--- a/nixos/agares/ntp.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ ... }:
-{
-  services.chrony = {
-    enable = true;
-    extraConfig = ''
-      allow 192.168.1
-      allow 192.168.100
-      allow 192.168.101
-      allow 192.168.102
-    '';
-  };
-}
diff --git a/nixos/agares/ppp.nix b/nixos/agares/ppp.nix
deleted file mode 100644
index ffa5bc4..0000000
--- a/nixos/agares/ppp.nix
+++ /dev/null
@@ -1,68 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-let
-  secretsPath = config.dadada.secrets.path;
-in
-{
-  # PPPoE
-  services.pppd = {
-    enable = true;
-    peers = {
-      telekom = {
-        enable = true;
-        autostart = true;
-        config = ''
-          debug
-
-          plugin pppoe.so enp2s0
-
-          noauth
-          hide-password
-          call telekom-secret
-
-          linkname ppp0
-
-          persist
-          maxfail 0
-          holdoff 5
-
-          noipdefault
-          defaultroute
-
-          lcp-echo-interval 15
-          lcp-echo-failure 3
-        '';
-      };
-    };
-  };
-
-  age.secrets."etc-ppp-telekom-secret" = {
-    file = "${secretsPath}/etc-ppp-telekom-secret.age";
-    owner = "root";
-    mode = "700";
-    path = "/etc/ppp/peers/telekom-secret";
-  };
-
-  age.secrets."etc-ppp-pap-secrets" = {
-    # format: client server passphrase
-    file = "${secretsPath}/etc-ppp-chap-secrets.age";
-    owner = "root";
-    mode = "700";
-    path = "/etc/ppp/pap-secrets";
-  };
-
-  # Hook for QoS via Intermediate Functional Block
-  environment.etc."ppp/ip-up" = {
-    mode = "755";
-    text = with lib; ''
-      #!/usr/bin/env sh
-      ${getBin pkgs.iproute2}/bin/tc qdisc del dev $1 ingress
-      ${getBin pkgs.iproute2}/bin/tc qdisc add dev $1 handle ffff: ingress
-      ${getBin pkgs.iproute2}/bin/tc filter add dev $1 parent ffff: matchall action mirred egress redirect dev ifb4ppp0
-    '';
-  };
-}
diff --git a/nixos/agares/rules.nft b/nixos/agares/rules.nft
deleted file mode 100644
index 4b41bea..0000000
--- a/nixos/agares/rules.nft
+++ /dev/null
@@ -1,136 +0,0 @@
-flush ruleset
-
-define IF_MGMT = "enp1s0"
-define IF_FF = "ff.11"
-define IF_LAN = "lan.10"
-define IF_WAN = "ppp0"
-
-# Modem uses this for internet uplink via our WAN
-define IF_MODEM = "enp2s0"
-
-define IF_ROADW = "roadw"
-
-table inet filter {
-  # Will give "no such file or directory if hardware does not support flow offloading"
-  # flowtable f {
-  #   hook ingress priority 0; devices = { enp1s0, enp2s0 }; flags offload;
-  # }
-
-  chain input_local {
-    ip6 saddr != ::1/128 log prefix "Dropped IPv6 nonlocalhost packet on loopback:" drop
-    accept comment "Accept traffic to loopback interface"
-  }
-
-  chain input_icmp_untrusted {
-    # Allow ICMP echo
-    ip protocol icmp icmp type { echo-request } limit rate 1000/second burst 5 packets accept comment "Accept echo request"
-
-    # Allow some ICMPv6
-    icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, echo-request, echo-reply, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-done, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, mld2-listener-report } limit rate 1000/second burst 5 packets accept comment "Allow some ICMPv6"
-  }
-
-  chain input_modem {
-    jump input_icmp_untrusted
-  }
-
-  chain input_wan {
-    # DHCPv6 client
-    meta nfproto ipv6 udp sport 547 accept comment "Allow DHCPv6 client"
-
-    jump input_icmp_untrusted
-
-    udp dport 51234 accept comment "Wireguard roadwarriors"
-  }
-
-  chain input_lan {
-    counter accept comment "Accept all traffic from LAN"
-  }
-
-  chain input_mgmt {
-    counter accept comment "Accept all traffic from MGMT"
-  }
-
-  chain input_roadw {
-    counter accept comment "Accept all traffic from roadwarriors"
-  }
-
-  chain input_ff {
-    jump input_icmp_untrusted
-
-    # DHCP
-    meta nfproto ipv6 udp dport 547 accept comment "Allow DHCPv6 client"
-
-    # Allow DNS and DHCP from Freifunk
-    udp dport { 53, 67 } accept comment "Allow DNS and DHCP from Freifunk"
-  }
-
-  chain input_wg0 {
-    tcp dport 4949 accept comment "Munin node"
-  }
-
-  chain input {
-    type filter hook input priority filter; policy drop;
-
-    ct state {established, related} counter accept comment "Accept packets from established and related connections"
-    ct state invalid counter drop comment "Early drop of invalid packets"
-
-    iifname vmap { lo : accept, $IF_WAN : jump input_wan, $IF_LAN : jump input_lan, $IF_FF : jump input_ff, $IF_ROADW : jump input_roadw, $IF_MODEM : jump input_modem, $IF_MGMT : jump input_mgmt, wg0 : jump input_wg0 }
-  }
-
-# Only works if hardware flow offloading is available
-#  chain offload {
-#    type filter hook forward priority -100; policy accept;
-#    ip protocol tcp flow add @f
-#    counter packets 0 bytes 0
-#  }
-
-  chain forward {
-    type filter hook forward priority filter; policy drop;
-
-    # Accept connections tracked by destination NAT
-    ct status dnat counter accept comment "Accept connections tracked by DNAT"
-
-    # TCP options
-    tcp flags syn tcp option maxseg size set rt mtu comment "Remove TCP maximum segment size and set a size based on route information"
-
-    # ICMPv6
-    icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, echo-request, echo-reply, parameter-problem } limit rate 5/second counter accept comment "Forward up to five ICMP messages of allowed types per second"
-    meta l4proto ipv6-icmp accept comment "Forward ICMP in IPv6"
-
-    # mgmt <-> *
-    iifname { $IF_LAN, $IF_ROADW } oifname $IF_MGMT counter reject comment "Reject traffic from LAN and roadwarrior to MGMT"
-    iifname $IF_MGMT oifname { $IF_LAN, $IF_ROADW } counter reject comment "Reject traffic from MGMT to LAN and roadwarrior"
-    # drop (instead of reject) everything else to MGMT
-
-    # LAN, ROADW -> * (except mgmt)
-    iifname { $IF_LAN, $IF_ROADW } counter accept comment "Allow all traffic forwarding from LAN and roadwarrior to all interfaces, except to mgmt"
-
-    # FF -> WAN
-    iifname { $IF_FF } oifname $IF_WAN counter accept comment "Allow all traffic forwarding from Freifunk and services to WAN"
-
-    # { WAN } -> { FF, LAN, RW }
-    iifname { $IF_WAN } oifname { $IF_FF, $IF_LAN, $IF_ROADW } ct state established,related counter accept comment "Allow established back from WAN"
-  }
-
-  chain output {
-    type filter hook output priority 100; policy accept;
-  }
-}
-
-table ip nat {
-  chain prerouting {
-    type nat hook prerouting priority dstnat; policy accept;
-  }
-
-  chain postrouting {
-    type nat hook postrouting priority srcnat; policy accept;
-    ip saddr { 192.168.96.0/19 } oifname { $IF_WAN } masquerade comment "Masquerade traffic from LANs"
-  }
-}
-
-table arp filter {
-  chain input {
-    type filter hook input priority filter; policy drop;
-    iifname { $IF_MGMT, $IF_LAN, $IF_FF, $IF_MODEM } limit rate 1/second burst 2 packets accept comment "Limit number of ARP messages from LAN, FF, MGMT, modem"
-  }
-}
diff --git a/nixos/configurations.nix b/nixos/configurations.nix
index 220e4d0..877c6a9 100644
--- a/nixos/configurations.nix
+++ b/nixos/configurations.nix
@@ -77,14 +77,6 @@ in
     ];
   };
 
-  agares = nixosSystem {
-    modules = [
-      { nixpkgs.pkgs = nixpkgsx86; }
-      baseModule
-      ./agares/configuration.nix
-    ];
-  };
-
   installer = nixosSystem {
     modules = [
       nixos-generators.nixosModules.install-iso
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index f449646..50dd263 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,7 +1,6 @@
 let
   dadada = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+bBJptw2H35vMPV7Mfj9oaepR7cHCQH8ZsvL8qnj+r dadada (nix-config-secrets) <dadada@dadada.li>";
   systems = {
-    agares = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPcbuLtU9/VhFy5VAp/ZI0T+gr7kExG73hmjjvno10gP root@nixos";
     gorgon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCcwG8BkqjZJ1bPdFbLYfXeBgaI10+gyVs1r1aNJ49H root@gorgon";
     ifrit = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEYO4L5EvKRtVUB6YHtHN7R980fwH9kKVt0V3kj6rORS root@nixos";
     ninurta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8TDCzjVVO7A4k6rp+srMj0HHc5gmUOlskTBOvhMkEc root@nixos";
@@ -63,24 +62,16 @@ in
     dadada
   ];
   "ddns-credentials.age".publicKeys = [
-    systems.agares
     systems.ninurta
     dadada
   ];
   "etc-ppp-chap-secrets.age".publicKeys = [
-    systems.agares
     dadada
   ];
   "etc-ppp-telekom-secret.age".publicKeys = [
-    systems.agares
     dadada
   ];
   "wg-privkey-vpn-dadada-li.age".publicKeys = [
-    systems.agares
-    dadada
-  ];
-  "agares-wg0-key.age".publicKeys = [
-    systems.agares
     dadada
   ];
 }
@@ -89,5 +80,4 @@ in
 // backupSecrets "ifrit"
 // backupSecrets "pruflas"
 // backupSecrets "surgat"
-// backupSecrets "agares"
 // backupSecrets "stolas"

From 67b04a636c2ae470712eda3ce53171837eddb0e3 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 27 Jul 2025 17:16:00 +0200
Subject: [PATCH 09/46] fix(checks): formating

---
 checks.nix   | 20 --------------------
 devshell.nix |  1 -
 outputs.nix  |  5 ++++-
 3 files changed, 4 insertions(+), 22 deletions(-)
 delete mode 100644 checks.nix

diff --git a/checks.nix b/checks.nix
deleted file mode 100644
index 9505c35..0000000
--- a/checks.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  self,
-  flake-utils,
-  nixpkgs,
-  ...
-}:
-(flake-utils.lib.eachDefaultSystem (
-  system:
-  let
-    pkgs = nixpkgs.legacyPackages.${system};
-    formatter = self.formatter.${system};
-  in
-  {
-    checks = {
-      format = pkgs.runCommand "check-format" {
-        buildInputs = [ formatter ];
-      } "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out";
-    };
-  }
-)).checks
diff --git a/devshell.nix b/devshell.nix
index 1fbad07..3931494 100644
--- a/devshell.nix
+++ b/devshell.nix
@@ -6,7 +6,6 @@
 
   packages = with pkgs; [
     agenix
-    nixpkgs-fmt
     nixos-rebuild
   ];
 
diff --git a/outputs.nix b/outputs.nix
index 08e8ad0..ef7a742 100644
--- a/outputs.nix
+++ b/outputs.nix
@@ -27,6 +27,10 @@
       in
       import ./devshell.nix { inherit pkgs extraModules; };
 
+    checks = {
+      formatting = treefmtEval.config.build.check self;
+    };
+
     formatter = treefmtEval.config.build.wrapper;
 
     packages = import ./pkgs { inherit pkgs; } // {
@@ -35,7 +39,6 @@
   }
 ))
 // {
-  checks = import ./checks.nix inputs;
   hmModules = import ./home/modules.nix { lib = nixpkgs.lib; };
   hmConfigurations = {
     dadada = import ./home;

From 02bcc3ede9be81405963319b6eb2f134a8235c04 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 27 Jul 2025 17:19:13 +0200
Subject: [PATCH 10/46] fix: deprecations

---
 nixos/gorgon/configuration.nix  |  2 +-
 nixos/modules/steam.nix         |  5 +--
 nixos/modules/yubikey.nix       |  2 +-
 nixos/ninurta/configuration.nix | 68 +++++++++++++--------------------
 nixos/surgat/configuration.nix  | 34 ++++++-----------
 5 files changed, 42 insertions(+), 69 deletions(-)

diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix
index cb99b2a..69e7588 100644
--- a/nixos/gorgon/configuration.nix
+++ b/nixos/gorgon/configuration.nix
@@ -261,7 +261,7 @@ in
   xdg.portal.wlr.enable = false;
   hardware.bluetooth.enable = true;
 
-  hardware.opengl = {
+  hardware.graphics = {
     enable = true;
     extraPackages = with pkgs; [
       vaapiVdpau
diff --git a/nixos/modules/steam.nix b/nixos/modules/steam.nix
index b6b0846..e14add3 100644
--- a/nixos/modules/steam.nix
+++ b/nixos/modules/steam.nix
@@ -15,11 +15,8 @@ in
     };
   };
   config = mkIf cfg.enable {
-    nixpkgs.config.allowUnfree = true;
-
-    hardware.opengl = {
+    hardware.graphics = {
       enable = true;
-      driSupport32Bit = true;
       extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
     };
 
diff --git a/nixos/modules/yubikey.nix b/nixos/modules/yubikey.nix
index 4be4492..47699e1 100644
--- a/nixos/modules/yubikey.nix
+++ b/nixos/modules/yubikey.nix
@@ -34,7 +34,7 @@ in
       };
       u2f = {
         control = "sufficient";
-        cue = true;
+        settings.cue = true;
       };
     };
 
diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix
index 47c0103..d4a7bb9 100644
--- a/nixos/ninurta/configuration.nix
+++ b/nixos/ninurta/configuration.nix
@@ -270,14 +270,10 @@ in
         linkConfig.RequiredForOnline = false;
         routes = [
           {
-            routeConfig = {
-              Destination = "10.3.3.1/24";
-            };
+            Destination = "10.3.3.1/24";
           }
           {
-            routeConfig = {
-              Destination = "fd42:9c3b:f96d:121::1/64";
-            };
+            Destination = "fd42:9c3b:f96d:121::1/64";
           }
         ];
       };
@@ -294,14 +290,10 @@ in
         linkConfig.RequiredForOnline = false;
         routes = [
           {
-            routeConfig = {
-              Destination = "10.11.0.0/22";
-            };
+            Destination = "10.11.0.0/22";
           }
           {
-            routeConfig = {
-              Destination = "fc00:1337:dead:beef::10.11.0.0/118";
-            };
+            Destination = "fc00:1337:dead:beef::10.11.0.0/118";
           }
         ];
       };
@@ -341,25 +333,21 @@ in
         };
         wireguardPeers = [
           {
-            wireguardPeerConfig = {
-              PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY=";
-              AllowedIPs = [
-                "10.3.3.1/32"
-                "fd42:9c3b:f96d:121::1/128"
-              ];
-              PersistentKeepalive = 25;
-              Endpoint = "surgat.dadada.li:51235";
-            };
+            PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY=";
+            AllowedIPs = [
+              "10.3.3.1/32"
+              "fd42:9c3b:f96d:121::1/128"
+            ];
+            PersistentKeepalive = 25;
+            Endpoint = "surgat.dadada.li:51235";
           }
           {
-            wireguardPeerConfig = {
-              PublicKey = "INfv++4R+Kd2jdh/3CooM70ZeeoN6aeU6mo+T4C8gWU=";
-              AllowedIPs = [
-                "10.3.3.2/32"
-                "fd42:9c3b:f96d:121::2/128"
-              ];
-              Endpoint = "192.168.101.1:51235";
-            };
+            PublicKey = "INfv++4R+Kd2jdh/3CooM70ZeeoN6aeU6mo+T4C8gWU=";
+            AllowedIPs = [
+              "10.3.3.2/32"
+              "fd42:9c3b:f96d:121::2/128"
+            ];
+            Endpoint = "192.168.101.1:51235";
           }
         ];
       };
@@ -373,17 +361,15 @@ in
         };
         wireguardPeers = [
           {
-            wireguardPeerConfig = {
-              PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8=";
-              AllowedIPs = [
-                "10.11.0.0/22"
-                "fc00:1337:dead:beef::10.11.0.0/118"
-                "192.168.178.0/23"
-              ];
-              PersistentKeepalive = 25;
-              PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path;
-              Endpoint = "53c70r.de:51820";
-            };
+            PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8=";
+            AllowedIPs = [
+              "10.11.0.0/22"
+              "fc00:1337:dead:beef::10.11.0.0/118"
+              "192.168.178.0/23"
+            ];
+            PersistentKeepalive = 25;
+            PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path;
+            Endpoint = "53c70r.de:51820";
           }
         ];
       };
@@ -443,7 +429,7 @@ in
     })
   ];
 
-  hardware.pulseaudio.enable = false;
+  services.pulseaudio.enable = false;
 
   environment.systemPackages = with pkgs; [
     smartmontools
diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix
index 5cd9596..5ddef7f 100644
--- a/nixos/surgat/configuration.nix
+++ b/nixos/surgat/configuration.nix
@@ -74,12 +74,10 @@ in
           "2a01:4f8:c17:1d70::/64"
         ];
         routes = [
-          { routeConfig.Gateway = "fe80::1"; }
+          { Gateway = "fe80::1"; }
           {
-            routeConfig = {
-              Gateway = "172.31.1.1";
-              GatewayOnLink = true;
-            };
+            Gateway = "172.31.1.1";
+            GatewayOnLink = true;
           }
         ];
         linkConfig.RequiredForOnline = "routable";
@@ -95,19 +93,13 @@ in
         linkConfig.RequiredForOnline = "no";
         routes = [
           {
-            routeConfig = {
-              Destination = "10.3.3.3/24";
-            };
+            Destination = "10.3.3.3/24";
           }
           {
-            routeConfig = {
-              Destination = "fd42:9c3b:f96d:121::/64";
-            };
+            Destination = "fd42:9c3b:f96d:121::/64";
           }
           {
-            routeConfig = {
-              Destination = "fd42:9c3b:f96d:101::/64";
-            };
+            Destination = "fd42:9c3b:f96d:101::/64";
           }
         ];
       };
@@ -124,14 +116,12 @@ in
         };
         wireguardPeers = [
           {
-            wireguardPeerConfig = {
-              PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE=";
-              AllowedIPs = [
-                "10.3.3.3/32"
-                "fd42:9c3b:f96d:121::3/128"
-                "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128"
-              ];
-            };
+            PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE=";
+            AllowedIPs = [
+              "10.3.3.3/32"
+              "fd42:9c3b:f96d:121::3/128"
+              "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128"
+            ];
           }
         ];
       };

From d149303ed24f5baa8684fb8c94efb5da67ce3017 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sat, 2 Aug 2025 16:51:53 +0200
Subject: [PATCH 11/46] feat(home): add halloy

---
 home/default.nix |  1 +
 home/halloy.toml | 10 ++++++++++
 home/pkgs.nix    |  1 +
 3 files changed, 12 insertions(+)
 create mode 100644 home/halloy.toml

diff --git a/home/default.nix b/home/default.nix
index a21362c..94f6ce6 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -119,6 +119,7 @@ in
   '';
 
   home.file.".jjconfig.toml".source = ./jjconfig.toml;
+  home.file.".config/halloy/config.toml".source = ./halloy.toml;
 
   systemd.user.timers."backup-keepassxc" = {
     Unit.Description = "Backup password DB";
diff --git a/home/halloy.toml b/home/halloy.toml
new file mode 100644
index 0000000..81a82bb
--- /dev/null
+++ b/home/halloy.toml
@@ -0,0 +1,10 @@
+# Halloy config.
+#
+# For a complete list of available options,
+# please visit https://halloy.squidowl.org/configuration/index.html
+
+[servers.liberachat]
+nickname = "dadada"
+server = "irc.libera.chat"
+channels = ["#stratum0"]
+sasl.external.cert = "/home/dadada/.config/halloy/libera.pem"
diff --git a/home/pkgs.nix b/home/pkgs.nix
index e980614..ed9f516 100644
--- a/home/pkgs.nix
+++ b/home/pkgs.nix
@@ -46,6 +46,7 @@ with pkgs;
   grim
   gron # make json grepable
   h # Manage git repos
+  halloy
   hexyl # hex viewer
   htop
   httpie

From cef93c482bc8829da9957b09567b8e025e31b822 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sat, 2 Aug 2025 21:11:25 +0200
Subject: [PATCH 12/46] feat(stolas): add steam

---
 nixos/configurations.nix | 2 ++
 nixos/modules/steam.nix  | 4 ++--
 nixos/stolas/default.nix | 1 +
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/nixos/configurations.nix b/nixos/configurations.nix
index 877c6a9..248c4c4 100644
--- a/nixos/configurations.nix
+++ b/nixos/configurations.nix
@@ -21,6 +21,8 @@ let
         "brgenml1lpr"
         "saleae-logic-2"
         "spotify"
+        "steam"
+        "steam-unwrapped"
       ];
   };
   nixosSystem = nixpkgs.lib.nixosSystem;
diff --git a/nixos/modules/steam.nix b/nixos/modules/steam.nix
index e14add3..2d2963f 100644
--- a/nixos/modules/steam.nix
+++ b/nixos/modules/steam.nix
@@ -15,11 +15,11 @@ in
     };
   };
   config = mkIf cfg.enable {
+    programs.steam.enable = true;
     hardware.graphics = {
       enable = true;
       extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
     };
-
-    hardware.pulseaudio.support32Bit = true;
+    services.pulseaudio.support32Bit = true;
   };
 }
diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix
index 1c5cc9b..28819f1 100644
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@@ -94,6 +94,7 @@
       enable = true;
       repo = "u355513-sub5@u355513-sub5.your-storagebox.de:/home/backup";
     };
+    steam.enable = true;
   };
 
   programs = {

From a901e37b738e6471bb3a0bbd64d6d9f45b2a224b Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sat, 2 Aug 2025 22:02:56 +0200
Subject: [PATCH 13/46] feat(surgat): add soju bouncer

---
 home/default.nix               |  2 +-
 home/halloy.toml               | 10 --------
 nixos/modules/element.nix      |  2 +-
 nixos/modules/gitea.nix        |  2 +-
 nixos/modules/homepage.nix     |  2 +-
 nixos/modules/miniflux.nix     |  2 +-
 nixos/modules/share.nix        |  2 +-
 nixos/modules/weechat.nix      |  4 +--
 nixos/surgat/configuration.nix | 47 +++++++++++++++++++++++++++++++++-
 9 files changed, 54 insertions(+), 19 deletions(-)
 delete mode 100644 home/halloy.toml

diff --git a/home/default.nix b/home/default.nix
index 94f6ce6..3b2efc6 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -119,7 +119,7 @@ in
   '';
 
   home.file.".jjconfig.toml".source = ./jjconfig.toml;
-  home.file.".config/halloy/config.toml".source = ./halloy.toml;
+  #home.file.".config/halloy/config.toml".source = ./halloy.toml;
 
   systemd.user.timers."backup-keepassxc" = {
     Unit.Description = "Backup password DB";
diff --git a/home/halloy.toml b/home/halloy.toml
deleted file mode 100644
index 81a82bb..0000000
--- a/home/halloy.toml
+++ /dev/null
@@ -1,10 +0,0 @@
-# Halloy config.
-#
-# For a complete list of available options,
-# please visit https://halloy.squidowl.org/configuration/index.html
-
-[servers.liberachat]
-nickname = "dadada"
-server = "irc.libera.chat"
-channels = ["#stratum0"]
-sasl.external.cert = "/home/dadada/.config/halloy/libera.pem"
diff --git a/nixos/modules/element.nix b/nixos/modules/element.nix
index 2fcefec..63bf02c 100644
--- a/nixos/modules/element.nix
+++ b/nixos/modules/element.nix
@@ -13,7 +13,7 @@ in
   };
   config = lib.mkIf cfg.enable {
     services.nginx.virtualHosts."element.${config.networking.domain}" = {
-      enableACME = true;
+      useACMEHost = "dadada.li";
       forceSSL = true;
       serverAliases = [
         "element.${config.networking.domain}"
diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix
index 783bf6f..fe03ff3 100644
--- a/nixos/modules/gitea.nix
+++ b/nixos/modules/gitea.nix
@@ -82,7 +82,7 @@ in
     };
 
     services.nginx.virtualHosts."git.${config.networking.domain}" = {
-      enableACME = true;
+      useACMEHost = "dadada.li";
       forceSSL = true;
 
       locations."/".extraConfig = ''
diff --git a/nixos/modules/homepage.nix b/nixos/modules/homepage.nix
index 193e71e..2d9a337 100644
--- a/nixos/modules/homepage.nix
+++ b/nixos/modules/homepage.nix
@@ -19,7 +19,7 @@ with lib;
     services.nginx.enable = true;
 
     services.nginx.virtualHosts."dadada.li" = {
-      enableACME = true;
+      useACMEHost = "dadada.li";
       forceSSL = true;
       root = "${cfg.package}";
     };
diff --git a/nixos/modules/miniflux.nix b/nixos/modules/miniflux.nix
index 6898f34..685c355 100644
--- a/nixos/modules/miniflux.nix
+++ b/nixos/modules/miniflux.nix
@@ -21,7 +21,7 @@ in
     };
 
     services.nginx.virtualHosts.${domain} = {
-      enableACME = true;
+      useACMEHost = "dadada.li";
       forceSSL = true;
 
       locations."/".extraConfig = ''
diff --git a/nixos/modules/share.nix b/nixos/modules/share.nix
index 7c7410b..c7dcedc 100644
--- a/nixos/modules/share.nix
+++ b/nixos/modules/share.nix
@@ -16,7 +16,7 @@ in
     services.nginx.enable = true;
 
     services.nginx.virtualHosts."share.dadada.li" = {
-      enableACME = true;
+      useACMEHost = "dadada.li";
       forceSSL = true;
 
       root = "/var/lib/share";
diff --git a/nixos/modules/weechat.nix b/nixos/modules/weechat.nix
index 6ff0106..2353651 100644
--- a/nixos/modules/weechat.nix
+++ b/nixos/modules/weechat.nix
@@ -21,7 +21,7 @@ in
     services.nginx.enable = true;
 
     services.nginx.virtualHosts."webchat.dadada.li" = {
-      enableACME = true;
+      useACMEHost = "dadada.li";
       forceSSL = true;
 
       root = pkgs.glowing-bear;
@@ -36,7 +36,7 @@ in
       };
     };
     services.nginx.virtualHosts."weechat.dadada.li" = {
-      enableACME = true;
+      useACMEHost = "dadada.li";
       forceSSL = true;
 
       root = "${pkgs.nginx}/html";
diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix
index 5ddef7f..0faf5ce 100644
--- a/nixos/surgat/configuration.nix
+++ b/nixos/surgat/configuration.nix
@@ -27,7 +27,7 @@ in
   };
 
   services.nginx.virtualHosts."hydra.${config.networking.domain}" = {
-    enableACME = true;
+    useACMEHost = "dadada.li";
     forceSSL = true;
 
     root = "${pkgs.nginx}/html";
@@ -135,6 +135,7 @@ in
       22 # SSH
       80
       443 # HTTPS
+      1667
     ];
     allowedUDPPorts = [
       51234 # Wireguard
@@ -173,5 +174,49 @@ in
     '';
   };
 
+  services.soju = {
+    enable = true;
+    listen = [ "unix:///run/soju/irc.sock" ];
+    acceptProxyIP = [ "localhost" ];
+  };
+
+  # For owning the socket the right group
+  systemd.services.soju.serviceConfig.Group = "nginx";
+
+  services.nginx.streamConfig = ''
+    server {
+      listen 1667 ssl;
+      proxy_pass unix:/run/soju/irc.sock;
+      proxy_protocol on;
+      proxy_connect_timeout 1s;
+      ssl_certificate /var/lib/acme/dadada.li/fullchain.pem;
+      ssl_certificate_key /var/lib/acme/dadada.li/key.pem;
+      ssl_trusted_certificate /var/lib/acme/dadada.li/chain.pem;
+    }
+  '';
+
+  services.nginx.virtualHosts."soju.dadada.li" = {
+    useACMEHost = "dadada.li";
+    forceSSL = true;
+  };
+
+  users.groups.acme.members = [
+    "nginx"
+  ];
+
+  security.acme.certs = {
+    "dadada.li" = {
+      webroot = "/var/lib/acme/acme-challenge";
+      extraDomainNames = [
+        "element.dadada.li"
+        "hydra.dadada.li"
+        "git.dadada.li"
+        "miniflux.dadada.li"
+        "share.dadada.li"
+        "soju.dadada.li"
+      ];
+    };
+  };
+
   system.stateVersion = "23.05";
 }

From 9dd4acfaeb6d9bc6cd8c927921738d5a426ebb70 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 3 Aug 2025 14:01:39 +0200
Subject: [PATCH 14/46] fix: update backup exclude path for element

---
 nixos/modules/backup.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix
index 095fd35..0ece03f 100644
--- a/nixos/modules/backup.nix
+++ b/nixos/modules/backup.nix
@@ -11,7 +11,7 @@ let
     "/dev"
     "/efi"
     "/home/*/.cache"
-    "/home/*/.config/Riot/Cache"
+    "/home/*/.config/Element"
     "/home/iserv"
     "/lost+found"
     "/mnt"

From 39ef40648c8a01d479bd8458ba8a2225c32c75ec Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 3 Aug 2025 14:01:58 +0200
Subject: [PATCH 15/46] fix: update backup1 URL

---
 nixos/modules/profiles/base.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix
index 0976788..5e6eb69 100644
--- a/nixos/modules/profiles/base.nix
+++ b/nixos/modules/profiles/base.nix
@@ -56,7 +56,7 @@ in
   networking.networkmanager.dns = mkDefault "systemd-resolved";
 
   networking.hosts = {
-    "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe" = [ "backup1.dadada.li" ];
+    "fd42:9c3b:f96d:101:9c17:3dff:fee5:cd5f" = [ "backup1.dadada.li" ];
   };
 
   services.resolved = {

From 751fc153d292e044c1268e75246648aeca126877 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Mon, 4 Aug 2025 20:07:34 +0200
Subject: [PATCH 16/46] chore(flake): update

---
 flake.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/flake.lock b/flake.lock
index 3d0d3f2..979009a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -12,11 +12,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1750173260,
-        "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
+        "lastModified": 1754323089,
+        "narHash": "sha256-qpmyMBMyksBbyXkc9kSIkY2zIuPRixQZDorec216FfM=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
+        "rev": "6d194f7522b9ed8aadb0856f1316f6d660ceb42a",
         "type": "github"
       },
       "original": {
@@ -204,11 +204,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753470191,
-        "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=",
+        "lastModified": 1754263839,
+        "narHash": "sha256-ck7lILfCNuunsLvExPI4Pw9OOCJksxXwozum24W8b+8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6",
+        "rev": "1d7abbd5454db97e0af51416f4960b3fb64a4773",
         "type": "github"
       },
       "original": {
@@ -295,11 +295,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1753122741,
-        "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=",
+        "lastModified": 1754316476,
+        "narHash": "sha256-Ry1gd1BQrNVJJfT11cpVP0FY8XFMx4DJV2IDp01CH9w=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22",
+        "rev": "9368056b73efb46eb14fd4667b99e0f81b805f28",
         "type": "github"
       },
       "original": {
@@ -311,11 +311,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1753429684,
-        "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=",
+        "lastModified": 1754214453,
+        "narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d",
+        "rev": "5b09dc45f24cf32316283e62aec81ffee3c3e376",
         "type": "github"
       },
       "original": {
@@ -443,11 +443,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753439394,
-        "narHash": "sha256-Bv9h1AJegLI8uAhiJ1sZ4XAndYxhgf38tMgCQwiEpmc=",
+        "lastModified": 1754061284,
+        "narHash": "sha256-ONcNxdSiPyJ9qavMPJYAXDNBzYobHRxw0WbT38lKbwU=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "2673921c03d6e75fdf4aa93e025772608d1482cf",
+        "rev": "58bd4da459f0a39e506847109a2a5cfceb837796",
         "type": "github"
       },
       "original": {

From 25c7b6bf0dac0e2228b94b158170f82b3d072859 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sat, 9 Aug 2025 22:23:32 +0200
Subject: [PATCH 17/46] feat: add repo-rs

---
 flake.lock               | 19 +++++++++++++++++++
 flake.nix                |  4 ++++
 home/modules/zsh.nix     |  2 +-
 home/pkgs.nix            |  1 -
 nixos/stolas/default.nix |  1 +
 outputs.nix              |  2 +-
 pkgs/default.nix         |  3 ++-
 7 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/flake.lock b/flake.lock
index 979009a..c94b5b5 100644
--- a/flake.lock
+++ b/flake.lock
@@ -368,6 +368,24 @@
         "type": "github"
       }
     },
+    "repo-rs": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1754770324,
+        "narHash": "sha256-IfCO6+Wt4mRRMf3NMg5N3ewEX/vgtuARtk/lZcIfUpU=",
+        "rev": "430d988f31b2deb010d445c5beeca71bbae66d60",
+        "type": "tarball",
+        "url": "https://git.dadada.li/api/v1/repos/dadada/repo-rs/archive/430d988f31b2deb010d445c5beeca71bbae66d60.tar.gz?rev=430d988f31b2deb010d445c5beeca71bbae66d60"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://git.dadada.li/dadada/repo-rs/archive/main.tar.gz"
+      }
+    },
     "root": {
       "inputs": {
         "agenix": "agenix",
@@ -381,6 +399,7 @@
         "nixos-generators": "nixos-generators",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
+        "repo-rs": "repo-rs",
         "systems": "systems_2",
         "treefmt-nix": "treefmt-nix"
       }
diff --git a/flake.nix b/flake.nix
index 151f1b5..671ba3a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -24,6 +24,10 @@
       url = "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz";
       flake = false;
     };
+    repo-rs = {
+      url = "https://git.dadada.li/dadada/repo-rs/archive/main.tar.gz";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     agenix = {
       url = "github:ryantm/agenix";
       inputs.nixpkgs.follows = "nixpkgs";
diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix
index 7a0cd6c..b6d307b 100644
--- a/home/modules/zsh.nix
+++ b/home/modules/zsh.nix
@@ -38,7 +38,7 @@ in
         source ${pkgs.zsh-git-prompt}/share/zsh-git-prompt/zshrc.sh
         source ${pkgs.fzf}/share/fzf/key-bindings.zsh
         source ${pkgs.fzf}/share/fzf/completion.zsh
-        eval "$(${pkgs.h}/bin/h --setup ~/src)"
+        eval "$(repo setup --root ~/src)"
 
         bindkey -e '^n' autosuggest-accept
 
diff --git a/home/pkgs.nix b/home/pkgs.nix
index ed9f516..3b554bd 100644
--- a/home/pkgs.nix
+++ b/home/pkgs.nix
@@ -45,7 +45,6 @@ with pkgs;
   graphviz
   grim
   gron # make json grepable
-  h # Manage git repos
   halloy
   hexyl # hex viewer
   htop
diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix
index 28819f1..606f4f8 100644
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@@ -47,6 +47,7 @@
   environment.systemPackages = [
     # For debugging and troubleshooting Secure Boot.
     pkgs.sbctl
+    config.dadada.pkgs.repo-rs
   ];
 
   hardware = {
diff --git a/outputs.nix b/outputs.nix
index ef7a742..45773d9 100644
--- a/outputs.nix
+++ b/outputs.nix
@@ -33,7 +33,7 @@
 
     formatter = treefmtEval.config.build.wrapper;
 
-    packages = import ./pkgs { inherit pkgs; } // {
+    packages = import ./pkgs { inherit pkgs inputs; } // {
       installer-iso = inputs.self.nixosConfigurations.installer.config.system.build.isoImage;
     };
   }
diff --git a/pkgs/default.nix b/pkgs/default.nix
index 9f52a8a..c2f54db 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1,4 +1,5 @@
-{ pkgs }:
+{ pkgs, inputs }:
 {
   citizen-cups = pkgs.callPackage ./citizen-cups.nix { };
+  repo-rs = pkgs.callPackage inputs.repo-rs { };
 }

From 4d15b563b1bcd9ddec6671e7601f23276b2d31c6 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 10 Aug 2025 00:34:20 +0200
Subject: [PATCH 18/46] chore: update repo-rs

---
 flake.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/flake.lock b/flake.lock
index c94b5b5..9338d0f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -375,11 +375,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754770324,
-        "narHash": "sha256-IfCO6+Wt4mRRMf3NMg5N3ewEX/vgtuARtk/lZcIfUpU=",
-        "rev": "430d988f31b2deb010d445c5beeca71bbae66d60",
+        "lastModified": 1754778656,
+        "narHash": "sha256-wEw9UBa0TBUMsX9wO9jiB3Q4gYIeiI4AKshMPyGSr6g=",
+        "rev": "9628bf9b71b090bb30b7e00e87d63ce90597df58",
         "type": "tarball",
-        "url": "https://git.dadada.li/api/v1/repos/dadada/repo-rs/archive/430d988f31b2deb010d445c5beeca71bbae66d60.tar.gz?rev=430d988f31b2deb010d445c5beeca71bbae66d60"
+        "url": "https://git.dadada.li/api/v1/repos/dadada/repo-rs/archive/9628bf9b71b090bb30b7e00e87d63ce90597df58.tar.gz?rev=9628bf9b71b090bb30b7e00e87d63ce90597df58"
       },
       "original": {
         "type": "tarball",

From 5d1b4ba06ef1e86eebdc22e7a090afc299e022b2 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sat, 16 Aug 2025 14:57:09 +0200
Subject: [PATCH 19/46] chore(flake): update

---
 flake.lock | 44 ++++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/flake.lock b/flake.lock
index 9338d0f..db962b6 100644
--- a/flake.lock
+++ b/flake.lock
@@ -12,11 +12,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1754323089,
-        "narHash": "sha256-qpmyMBMyksBbyXkc9kSIkY2zIuPRixQZDorec216FfM=",
+        "lastModified": 1754433428,
+        "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "6d194f7522b9ed8aadb0856f1316f6d660ceb42a",
+        "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",
         "type": "github"
       },
       "original": {
@@ -89,11 +89,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753140376,
-        "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=",
+        "lastModified": 1754971456,
+        "narHash": "sha256-p04ZnIBGzerSyiY2dNGmookCldhldWAu03y0s3P8CB0=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c",
+        "rev": "8246829f2e675a46919718f9a64b71afe3bfb22d",
         "type": "github"
       },
       "original": {
@@ -204,11 +204,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754263839,
-        "narHash": "sha256-ck7lILfCNuunsLvExPI4Pw9OOCJksxXwozum24W8b+8=",
+        "lastModified": 1755313937,
+        "narHash": "sha256-pQb7bNcolxYGRiylUCrTddiF+qW2wsUiM9+eRIDUrVU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "1d7abbd5454db97e0af51416f4960b3fb64a4773",
+        "rev": "2a749f4790a14f7168be67cdf6e548ef1c944e10",
         "type": "github"
       },
       "original": {
@@ -295,11 +295,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1754316476,
-        "narHash": "sha256-Ry1gd1BQrNVJJfT11cpVP0FY8XFMx4DJV2IDp01CH9w=",
+        "lastModified": 1755330281,
+        "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "9368056b73efb46eb14fd4667b99e0f81b805f28",
+        "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0",
         "type": "github"
       },
       "original": {
@@ -311,11 +311,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1754214453,
-        "narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=",
+        "lastModified": 1755186698,
+        "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5b09dc45f24cf32316283e62aec81ffee3c3e376",
+        "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
         "type": "github"
       },
       "original": {
@@ -375,11 +375,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754778656,
-        "narHash": "sha256-wEw9UBa0TBUMsX9wO9jiB3Q4gYIeiI4AKshMPyGSr6g=",
-        "rev": "9628bf9b71b090bb30b7e00e87d63ce90597df58",
+        "lastModified": 1754854818,
+        "narHash": "sha256-7nrEFcEyjYn5MagXQtX/IbiQFP8f9nbIuLF6ozTTB8w=",
+        "rev": "d83955f001ecbeeb2dc30cd9fe8d4fe640740f67",
         "type": "tarball",
-        "url": "https://git.dadada.li/api/v1/repos/dadada/repo-rs/archive/9628bf9b71b090bb30b7e00e87d63ce90597df58.tar.gz?rev=9628bf9b71b090bb30b7e00e87d63ce90597df58"
+        "url": "https://git.dadada.li/api/v1/repos/dadada/repo-rs/archive/d83955f001ecbeeb2dc30cd9fe8d4fe640740f67.tar.gz?rev=d83955f001ecbeeb2dc30cd9fe8d4fe640740f67"
       },
       "original": {
         "type": "tarball",
@@ -462,11 +462,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754061284,
-        "narHash": "sha256-ONcNxdSiPyJ9qavMPJYAXDNBzYobHRxw0WbT38lKbwU=",
+        "lastModified": 1754847726,
+        "narHash": "sha256-2vX8QjO5lRsDbNYvN9hVHXLU6oMl+V/PsmIiJREG4rE=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "58bd4da459f0a39e506847109a2a5cfceb837796",
+        "rev": "7d81f6fb2e19bf84f1c65135d1060d829fae2408",
         "type": "github"
       },
       "original": {

From 506ac8c3486ba2c62b1c57441ae2ee6dd3f9e8f7 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 24 Aug 2025 12:51:48 +0200
Subject: [PATCH 20/46] chore(flake): update

---
 flake.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/flake.lock b/flake.lock
index db962b6..665ddc4 100644
--- a/flake.lock
+++ b/flake.lock
@@ -89,11 +89,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754971456,
-        "narHash": "sha256-p04ZnIBGzerSyiY2dNGmookCldhldWAu03y0s3P8CB0=",
+        "lastModified": 1755519972,
+        "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "8246829f2e675a46919718f9a64b71afe3bfb22d",
+        "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d",
         "type": "github"
       },
       "original": {
@@ -204,11 +204,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755313937,
-        "narHash": "sha256-pQb7bNcolxYGRiylUCrTddiF+qW2wsUiM9+eRIDUrVU=",
+        "lastModified": 1756022458,
+        "narHash": "sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2a749f4790a14f7168be67cdf6e548ef1c944e10",
+        "rev": "9e3a33c0bcbc25619e540b9dfea372282f8a9740",
         "type": "github"
       },
       "original": {
@@ -311,11 +311,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1755186698,
-        "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
+        "lastModified": 1755615617,
+        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
+        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
         "type": "github"
       },
       "original": {
@@ -462,11 +462,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754847726,
-        "narHash": "sha256-2vX8QjO5lRsDbNYvN9hVHXLU6oMl+V/PsmIiJREG4rE=",
+        "lastModified": 1755934250,
+        "narHash": "sha256-CsDojnMgYsfshQw3t4zjRUkmMmUdZGthl16bXVWgRYU=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "7d81f6fb2e19bf84f1c65135d1060d829fae2408",
+        "rev": "74e1a52d5bd9430312f8d1b8b0354c92c17453e5",
         "type": "github"
       },
       "original": {

From d17aa1a1a62f43ea9689c2e13a7b61f2ecd376c2 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 24 Aug 2025 14:59:23 +0200
Subject: [PATCH 21/46] chore(flake): update repo-rs

---
 flake.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/flake.lock b/flake.lock
index 665ddc4..9da3646 100644
--- a/flake.lock
+++ b/flake.lock
@@ -375,11 +375,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754854818,
-        "narHash": "sha256-7nrEFcEyjYn5MagXQtX/IbiQFP8f9nbIuLF6ozTTB8w=",
-        "rev": "d83955f001ecbeeb2dc30cd9fe8d4fe640740f67",
+        "lastModified": 1756040152,
+        "narHash": "sha256-iwguQ0fWDE3CbjWdNS+F56Cdi5rzqy8+I+8yIy/GP0M=",
+        "rev": "f7259f044122555a9d0c01ad0ec96f4798ddbd7e",
         "type": "tarball",
-        "url": "https://git.dadada.li/api/v1/repos/dadada/repo-rs/archive/d83955f001ecbeeb2dc30cd9fe8d4fe640740f67.tar.gz?rev=d83955f001ecbeeb2dc30cd9fe8d4fe640740f67"
+        "url": "https://git.dadada.li/api/v1/repos/dadada/repo-rs/archive/f7259f044122555a9d0c01ad0ec96f4798ddbd7e.tar.gz?rev=f7259f044122555a9d0c01ad0ec96f4798ddbd7e"
       },
       "original": {
         "type": "tarball",

From f2d1d7365ec55320ee2985906d2cb6e7fcbc2830 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 24 Aug 2025 15:02:29 +0200
Subject: [PATCH 22/46] chore(flake): update

---
 flake.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/flake.lock b/flake.lock
index 9da3646..0c38568 100644
--- a/flake.lock
+++ b/flake.lock
@@ -375,11 +375,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756040152,
-        "narHash": "sha256-iwguQ0fWDE3CbjWdNS+F56Cdi5rzqy8+I+8yIy/GP0M=",
-        "rev": "f7259f044122555a9d0c01ad0ec96f4798ddbd7e",
+        "lastModified": 1756040506,
+        "narHash": "sha256-jH0uNN4pqHmIssXwWsIWlgfwdDILw4iFWRB0JUmuD/A=",
+        "rev": "2f5b2e0d9ecf96621971a2c13d998ceba6ea7096",
         "type": "tarball",
-        "url": "https://git.dadada.li/api/v1/repos/dadada/repo-rs/archive/f7259f044122555a9d0c01ad0ec96f4798ddbd7e.tar.gz?rev=f7259f044122555a9d0c01ad0ec96f4798ddbd7e"
+        "url": "https://git.dadada.li/api/v1/repos/dadada/repo-rs/archive/2f5b2e0d9ecf96621971a2c13d998ceba6ea7096.tar.gz?rev=2f5b2e0d9ecf96621971a2c13d998ceba6ea7096"
       },
       "original": {
         "type": "tarball",

From b239651efed4cb0c3ef2dba245d8a2f422ee78e6 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sat, 30 Aug 2025 14:15:07 +0200
Subject: [PATCH 23/46] feat(home): add window decorations to foot terminal

---
 home/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/home/default.nix b/home/default.nix
index 3b2efc6..ef17f7c 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -164,7 +164,7 @@ in
         dpi-aware = false;
       };
       mouse.hide-when-typing = true;
-      csd.preferred = "none";
+      csd.preferred = "server";
       cursor.color = "fdf6e3 586e75";
       bell = {
         urgent = true;

From 28509425a891a9b28ff98d6f171b44561dd53453 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sat, 30 Aug 2025 14:16:18 +0200
Subject: [PATCH 24/46] chore(flake): update

---
 flake.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/flake.lock b/flake.lock
index 0c38568..6dd8573 100644
--- a/flake.lock
+++ b/flake.lock
@@ -89,11 +89,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755519972,
-        "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=",
+        "lastModified": 1756115622,
+        "narHash": "sha256-iv8xVtmLMNLWFcDM/HcAPLRGONyTRpzL9NS09RnryRM=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d",
+        "rev": "bafad29f89e83b2d861b493aa23034ea16595560",
         "type": "github"
       },
       "original": {
@@ -204,11 +204,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756022458,
-        "narHash": "sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc=",
+        "lastModified": 1756496801,
+        "narHash": "sha256-IYIsnPy+cJxe8RbDHBrCtfJY0ry2bG2H7WvMcewiGS8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "9e3a33c0bcbc25619e540b9dfea372282f8a9740",
+        "rev": "77a71380c38fb2a440b4b5881bbc839f6230e1cb",
         "type": "github"
       },
       "original": {
@@ -295,11 +295,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1755330281,
-        "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=",
+        "lastModified": 1756245047,
+        "narHash": "sha256-9bHzrVbjAudbO8q4vYFBWlEkDam31fsz0J7GB8k4AsI=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0",
+        "rev": "a65b650d6981e23edd1afa1f01eb942f19cdcbb7",
         "type": "github"
       },
       "original": {
@@ -311,11 +311,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1755615617,
-        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
+        "lastModified": 1756386758,
+        "narHash": "sha256-1wxxznpW2CKvI9VdniaUnTT2Os6rdRJcRUf65ZK9OtE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
+        "rev": "dfb2f12e899db4876308eba6d93455ab7da304cd",
         "type": "github"
       },
       "original": {

From 12ce5376c84f7697b9bbf564bff6a28a169ca250 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sat, 30 Aug 2025 14:34:43 +0200
Subject: [PATCH 25/46] fix(home): remove zeal as it depends on qt5webengine
 which is marked insecure

---
 home/pkgs.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/home/pkgs.nix b/home/pkgs.nix
index 3b554bd..98a6a9e 100644
--- a/home/pkgs.nix
+++ b/home/pkgs.nix
@@ -144,8 +144,6 @@ with pkgs;
   unixtools.xxd
   xxh # portable shells
   yt-dlp
-  # zotero Marked as insecure
-  zeal
   zk
   zsh
 ]

From 23c65cab4c89ff6b1251ccce7fec18c794a543c9 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sat, 30 Aug 2025 14:38:22 +0200
Subject: [PATCH 26/46] fix(home): remove git-branchless since it fails to
 build

---
 home/modules/git.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/home/modules/git.nix b/home/modules/git.nix
index 92c4c12..53fcb6e 100644
--- a/home/modules/git.nix
+++ b/home/modules/git.nix
@@ -96,7 +96,6 @@ in
 
     home.packages = with pkgs; [
       delta
-      git-branchless
       git-lfs
       gitAndTools.hub
       gitAndTools.lab

From 1f5a5ae43abc2c21e6f2d37cdf1a98a3391cc0ce Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sat, 30 Aug 2025 14:40:03 +0200
Subject: [PATCH 27/46] fix(home): remove anki since it fails to build

---
 home/pkgs.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/home/pkgs.nix b/home/pkgs.nix
index 98a6a9e..2bfc240 100644
--- a/home/pkgs.nix
+++ b/home/pkgs.nix
@@ -1,7 +1,7 @@
 { pkgs }:
 with pkgs;
 [
-  anki
+  # anki
   aqbanking
   aria2
   aspell

From 2a4ffdf9a597712472175a4fb58570cca75fbcea Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sat, 6 Sep 2025 16:01:00 +0200
Subject: [PATCH 28/46] feat(home): add obsidian

---
 home/pkgs.nix            | 1 +
 nixos/configurations.nix | 1 +
 2 files changed, 2 insertions(+)

diff --git a/home/pkgs.nix b/home/pkgs.nix
index 2bfc240..dd0767c 100644
--- a/home/pkgs.nix
+++ b/home/pkgs.nix
@@ -92,6 +92,7 @@ with pkgs;
   nodePackages.prettier
   map-cmd
   obs-studio
+  obsidian
   offlineimap
   openscad
   openssl
diff --git a/nixos/configurations.nix b/nixos/configurations.nix
index 248c4c4..f583b9f 100644
--- a/nixos/configurations.nix
+++ b/nixos/configurations.nix
@@ -19,6 +19,7 @@ let
       builtins.elem (nixpkgs.lib.getName pkg) [
         "aspell-dict-en-science"
         "brgenml1lpr"
+        "obsidian"
         "saleae-logic-2"
         "spotify"
         "steam"

From 0ec34b24a0fcac75918c0549557c492dbd172d46 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 7 Sep 2025 15:35:56 +0200
Subject: [PATCH 29/46] feat(stolas): add tool for talking to EC

---
 nixos/stolas/default.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix
index 606f4f8..5ff063a 100644
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@@ -45,9 +45,11 @@
   };
 
   environment.systemPackages = [
+    config.dadada.pkgs.repo-rs
     # For debugging and troubleshooting Secure Boot.
     pkgs.sbctl
-    config.dadada.pkgs.repo-rs
+    # Framework embedded controller interface
+    pkgs.fw-ectool
   ];
 
   hardware = {

From ca8707f1162dd508e63803e388d8834b493e31ee Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Tue, 7 Oct 2025 20:28:01 +0200
Subject: [PATCH 30/46] chore: update nixpkgs

---
 flake.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/flake.lock b/flake.lock
index 6dd8573..60f3602 100644
--- a/flake.lock
+++ b/flake.lock
@@ -89,11 +89,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756115622,
-        "narHash": "sha256-iv8xVtmLMNLWFcDM/HcAPLRGONyTRpzL9NS09RnryRM=",
+        "lastModified": 1758287904,
+        "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "bafad29f89e83b2d861b493aa23034ea16595560",
+        "rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
         "type": "github"
       },
       "original": {
@@ -204,11 +204,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756496801,
-        "narHash": "sha256-IYIsnPy+cJxe8RbDHBrCtfJY0ry2bG2H7WvMcewiGS8=",
+        "lastModified": 1759853171,
+        "narHash": "sha256-uqbhyXtqMbYIiMqVqUhNdSuh9AEEkiasoK3mIPIVRhk=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "77a71380c38fb2a440b4b5881bbc839f6230e1cb",
+        "rev": "1a09eb84fa9e33748432a5253102d01251f72d6d",
         "type": "github"
       },
       "original": {
@@ -295,11 +295,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1756245047,
-        "narHash": "sha256-9bHzrVbjAudbO8q4vYFBWlEkDam31fsz0J7GB8k4AsI=",
+        "lastModified": 1759582739,
+        "narHash": "sha256-spZegilADH0q5OngM86u6NmXxduCNv5eX9vCiUPhOYc=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "a65b650d6981e23edd1afa1f01eb942f19cdcbb7",
+        "rev": "3441b5242af7577230a78ffb03542add264179ab",
         "type": "github"
       },
       "original": {
@@ -311,11 +311,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1756386758,
-        "narHash": "sha256-1wxxznpW2CKvI9VdniaUnTT2Os6rdRJcRUf65ZK9OtE=",
+        "lastModified": 1759733170,
+        "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "dfb2f12e899db4876308eba6d93455ab7da304cd",
+        "rev": "8913c168d1c56dc49a7718685968f38752171c3b",
         "type": "github"
       },
       "original": {
@@ -462,11 +462,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755934250,
-        "narHash": "sha256-CsDojnMgYsfshQw3t4zjRUkmMmUdZGthl16bXVWgRYU=",
+        "lastModified": 1758728421,
+        "narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "74e1a52d5bd9430312f8d1b8b0354c92c17453e5",
+        "rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1",
         "type": "github"
       },
       "original": {

From 483552d217e6937c6c05c5138c31fa9c37b770a3 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Tue, 7 Oct 2025 20:51:17 +0200
Subject: [PATCH 31/46] fix: disable use user nixpkgs

---
 nixos/modules/profiles/home.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/nixos/modules/profiles/home.nix b/nixos/modules/profiles/home.nix
index a695e8b..97911df 100644
--- a/nixos/modules/profiles/home.nix
+++ b/nixos/modules/profiles/home.nix
@@ -1,7 +1,6 @@
 { pkgs, inputs, ... }:
 {
   home-manager.useGlobalPkgs = true;
-  home-manager.useUserPackages = true;
   home-manager.sharedModules = pkgs.lib.attrValues inputs.self.hmModules;
   home-manager.users.dadada = inputs.self.hmConfigurations.dadada;
 }

From c69c54d0f9e5f9525c10e3064e8bced9393e4621 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Tue, 7 Oct 2025 21:13:15 +0200
Subject: [PATCH 32/46] fix: remove home.nix from gitignore

---
 .gitignore | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 01c6686..646051f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,4 @@
 private/
-home.nix
 *.swp
 result
 *.zip

From 1bf32e017788b9aadf0fc60a3c9907be559cb1af Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Tue, 7 Oct 2025 22:17:00 +0200
Subject: [PATCH 33/46] fix: remove syncthing module and zsh-git-prompt

https://github.com/NixOS/nixpkgs/pull/437745
---
 home/default.nix           |  3 +--
 home/modules/syncthing.nix | 21 ---------------------
 home/modules/zsh.nix       |  2 --
 3 files changed, 1 insertion(+), 25 deletions(-)
 delete mode 100644 home/modules/syncthing.nix

diff --git a/home/default.nix b/home/default.nix
index ef17f7c..242a5fe 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -12,7 +12,6 @@ let
     "gpg"
     #"gtk"
     #"keyring"
-    "syncthing"
     "tmux"
     "xdg"
     "zsh"
@@ -433,7 +432,7 @@ in
     }
   '';
 
-  #services.poweralertd.enable = true;
+  services.syncthing.enable = true;
 
   # Let Home Manager install and manage itself.
   programs.home-manager.enable = true;
diff --git a/home/modules/syncthing.nix b/home/modules/syncthing.nix
deleted file mode 100644
index 8095904..0000000
--- a/home/modules/syncthing.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-with lib;
-let
-  cfg = config.dadada.home.syncthing;
-in
-{
-  options.dadada.home.syncthing = {
-    enable = mkEnableOption "Enable Syncthing config";
-  };
-  config = mkIf cfg.enable {
-    services.syncthing = {
-      enable = true;
-      tray = false;
-    };
-  };
-}
diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix
index b6d307b..1c90be9 100644
--- a/home/modules/zsh.nix
+++ b/home/modules/zsh.nix
@@ -35,7 +35,6 @@ in
       plugins = [
       ];
       initContent = ''
-        source ${pkgs.zsh-git-prompt}/share/zsh-git-prompt/zshrc.sh
         source ${pkgs.fzf}/share/fzf/key-bindings.zsh
         source ${pkgs.fzf}/share/fzf/completion.zsh
         eval "$(repo setup --root ~/src)"
@@ -76,7 +75,6 @@ in
     home.packages = with pkgs; [
       fzf
       eza
-      zsh-git-prompt
       tmux
     ];
   };

From f1ee732c7ce4d03936e7aceab84d3ac1c9afacb8 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Tue, 7 Oct 2025 22:23:46 +0200
Subject: [PATCH 34/46] fix: temporarily remove broken packages

---
 home/pkgs.nix            | 6 ++++--
 nixos/stolas/default.nix | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/home/pkgs.nix b/home/pkgs.nix
index dd0767c..5e67ea0 100644
--- a/home/pkgs.nix
+++ b/home/pkgs.nix
@@ -69,7 +69,8 @@ with pkgs;
   krita
   ldns
   liboping # oping, ping multiple hosts at once
-  libreoffice
+  # FIXME: broken in nixpkgs
+  #libreoffice
   libvirt
   lsof
   lynis
@@ -122,7 +123,8 @@ with pkgs;
   skim # fzf in Rust
   slurp
   socat
-  solvespace
+  # FIXME: broken in nixpkgs
+  #solvespace
   spotify
   sqlite
   sshfs-fuse
diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix
index 5ff063a..d86a8ff 100644
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@@ -49,7 +49,8 @@
     # For debugging and troubleshooting Secure Boot.
     pkgs.sbctl
     # Framework embedded controller interface
-    pkgs.fw-ectool
+    # FIXME: build broken in nixpkgs
+    #pkgs.fw-ectool
   ];
 
   hardware = {
@@ -62,7 +63,8 @@
       enable = true;
       extraPackages = with pkgs; [
         vaapiVdpau
-        libvdpau-va-gl
+        # FIXME: broken in nixpkgs
+        # libvdpau-va-gl
       ];
     };
   };

From c420675aba20165116fe116607dc4b45a85f85ea Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Tue, 7 Oct 2025 22:42:07 +0200
Subject: [PATCH 35/46] fix: remove leftover rprompt

---
 home/modules/zsh.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix
index 1c90be9..734d560 100644
--- a/home/modules/zsh.nix
+++ b/home/modules/zsh.nix
@@ -44,7 +44,6 @@ in
         preexec() { echo -n -e "\033]0;$1\007" }
 
         PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"╰─> "
-        RPROMPT='$(git_super_status)'
       '';
       profileExtra = '''';
       shellAliases = {

From 737a5cb2686c77518a67eaada4feedc3858c94d2 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Fri, 10 Oct 2025 21:31:53 +0200
Subject: [PATCH 36/46] chore(flake): update

---
 flake.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/flake.lock b/flake.lock
index 60f3602..54d4919 100644
--- a/flake.lock
+++ b/flake.lock
@@ -204,11 +204,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759853171,
-        "narHash": "sha256-uqbhyXtqMbYIiMqVqUhNdSuh9AEEkiasoK3mIPIVRhk=",
+        "lastModified": 1760103600,
+        "narHash": "sha256-R4cltQFceN3POiPhBu7aTKsrwqTiwo6zjzmitrHD80E=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "1a09eb84fa9e33748432a5253102d01251f72d6d",
+        "rev": "bcccb01d0a353c028cc8cb3254cac7ebae32929e",
         "type": "github"
       },
       "original": {
@@ -295,11 +295,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1759582739,
-        "narHash": "sha256-spZegilADH0q5OngM86u6NmXxduCNv5eX9vCiUPhOYc=",
+        "lastModified": 1760106635,
+        "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "3441b5242af7577230a78ffb03542add264179ab",
+        "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903",
         "type": "github"
       },
       "original": {
@@ -311,11 +311,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1759733170,
-        "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=",
+        "lastModified": 1760038930,
+        "narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8913c168d1c56dc49a7718685968f38752171c3b",
+        "rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3",
         "type": "github"
       },
       "original": {
@@ -462,11 +462,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1758728421,
-        "narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=",
+        "lastModified": 1760120816,
+        "narHash": "sha256-gq9rdocpmRZCwLS5vsHozwB6b5nrOBDNc2kkEaTXHfg=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1",
+        "rev": "761ae7aff00907b607125b2f57338b74177697ed",
         "type": "github"
       },
       "original": {

From 14289eee5c5365a56661e3be344f0b871d73649f Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Fri, 10 Oct 2025 21:32:08 +0200
Subject: [PATCH 37/46] Revert "fix: temporarily remove broken packages"

This reverts commit f1ee732c7ce4d03936e7aceab84d3ac1c9afacb8.
---
 home/pkgs.nix            | 6 ++----
 nixos/stolas/default.nix | 6 ++----
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/home/pkgs.nix b/home/pkgs.nix
index 5e67ea0..dd0767c 100644
--- a/home/pkgs.nix
+++ b/home/pkgs.nix
@@ -69,8 +69,7 @@ with pkgs;
   krita
   ldns
   liboping # oping, ping multiple hosts at once
-  # FIXME: broken in nixpkgs
-  #libreoffice
+  libreoffice
   libvirt
   lsof
   lynis
@@ -123,8 +122,7 @@ with pkgs;
   skim # fzf in Rust
   slurp
   socat
-  # FIXME: broken in nixpkgs
-  #solvespace
+  solvespace
   spotify
   sqlite
   sshfs-fuse
diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix
index d86a8ff..5ff063a 100644
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@@ -49,8 +49,7 @@
     # For debugging and troubleshooting Secure Boot.
     pkgs.sbctl
     # Framework embedded controller interface
-    # FIXME: build broken in nixpkgs
-    #pkgs.fw-ectool
+    pkgs.fw-ectool
   ];
 
   hardware = {
@@ -63,8 +62,7 @@
       enable = true;
       extraPackages = with pkgs; [
         vaapiVdpau
-        # FIXME: broken in nixpkgs
-        # libvdpau-va-gl
+        libvdpau-va-gl
       ];
     };
   };

From 5ec7575655d06b868e05b29923857339d7222eda Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Fri, 10 Oct 2025 21:52:05 +0200
Subject: [PATCH 38/46] feat(home): remove unused programs

---
 home/pkgs.nix | 66 ---------------------------------------------------
 1 file changed, 66 deletions(-)

diff --git a/home/pkgs.nix b/home/pkgs.nix
index dd0767c..71c9472 100644
--- a/home/pkgs.nix
+++ b/home/pkgs.nix
@@ -1,150 +1,84 @@
 { pkgs }:
 with pkgs;
 [
-  # anki
-  aqbanking
-  aria2
-  aspell
-  aspellDicts.de
-  aspellDicts.en
-  aspellDicts.en-computers
-  aspellDicts.en-science
   bash
   bat # cat with syntax highlighting and git integration
   binutils
   bluez-tools
-  btop # htop
-  choose # alternative to cut and awk with more readable syntax
   chromium
-  colordiff
-  darcs
   delta # feature-rich diff viewer
   dig
   direnv
-  duf # disk usage
-  dune3d
-  dyff # diff tool for YAML
   element-desktop
-  evince
-  evolution
   ffmpeg
   file
-  fuzzel
-  fx # themable json viewer
-  fzf
   fzf
   gdb
   gh
-  ghidra-bin
   gimp
-  glow
   glow # render markdown
   gnumake
   gnupg
-  gping # ping with graphs
-  graphviz
-  grim
-  gron # make json grepable
   halloy
   hexyl # hex viewer
-  htop
   httpie
-  hub
   hyperfine # A command-line benchmarking tool.
-  icdiff
-  imagemagick
   inkscape
   inotify-tools
   ioping # ping but for block devices
   iproute2
   iputils # tracepath
   irssi
-  jameica
-  jc # convert output to json
-  josm
   jq
-  kanshi
   keepassxc
-  kubetail
   krita
   ldns
-  liboping # oping, ping multiple hosts at once
   libreoffice
   libvirt
   lsof
-  lynis
   man-pages
-  mblaze
-  mkpasswd
   mpv
   mtr
   mumble
   nix-output-monitor
-  ncurses
-  newsflash
   nixd
   nixfmt-rfc-style
   nfs-utils
-  niv
-  nix-index
   nmap
-  nmon
-  nodePackages.prettier
   map-cmd
   obs-studio
   obsidian
-  offlineimap
   openscad
   openssl
-  p7zip
   pandoc # document converter and templater
   pass
   pavucontrol
   picocom
-  playerctl
-  procs # ps in rust
   prusa-slicer
   pv
-  pwgen
   (python3.withPackages (pkgs: [
     pkgs.pandas
     pkgs.requests
   ]))
   ranger
-  reptyr
-  ripgrep
   ripgrep
   saleae-logic-2
-  sd # search and displace like sed but with better syntax
   sieveshell
   signal-desktop
-  silver-searcher
-  skim # fzf in Rust
-  slurp
   socat
-  solvespace
-  spotify
   sqlite
-  sshfs-fuse
   taplo
   tcpdump
-  tdesktop
   thunderbird
   tmux
-  ttyd
   unzip
   usbutils
-  vegur
   virt-manager
-  viu # view images from the terminal
-  vscodium
   whois
   wireshark
   xdg-utils
   xmlstarlet
   unixtools.xxd
-  xxh # portable shells
   yt-dlp
-  zk
   zsh
 ]

From 532612a5a60201cf873930ff2c63eb9fddaa0e17 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Fri, 10 Oct 2025 22:57:02 +0200
Subject: [PATCH 39/46] chore(home): cleanup modules

---
 home/dconf.nix                                | 209 ----------
 home/default.nix                              | 361 ++----------------
 home/git.nix                                  |  99 +++++
 home/{modules => }/helix/config/config.toml   |   0
 .../{modules => }/helix/config/languages.toml |   0
 home/{modules => }/helix/default.nix          |   3 +-
 home/jjconfig.toml                            |   8 -
 home/modules.nix                              |  13 -
 home/modules/alacritty/colors.toml            |  28 --
 home/modules/alacritty/default.nix            |  49 ---
 home/modules/colors.nix                       |  44 ---
 home/modules/direnv.nix                       |  22 --
 home/modules/git.nix                          | 106 -----
 home/modules/gpg.nix                          |  34 --
 home/modules/gtk.nix                          |  20 -
 home/modules/keyring.nix                      |  20 -
 home/modules/session.nix                      |  27 --
 home/modules/ssh.nix                          |  19 -
 home/modules/tmux.nix                         |  34 --
 home/modules/xdg.nix                          |  55 ---
 home/modules/zsh.nix                          |  80 ----
 home/status                                   | 138 -------
 home/tmux.nix                                 |  23 ++
 home/xdg.nix                                  |  47 +++
 home/zsh.nix                                  |  69 ++++
 nixos/modules/profiles/home.nix               |   1 -
 outputs.nix                                   |   1 -
 27 files changed, 272 insertions(+), 1238 deletions(-)
 delete mode 100644 home/dconf.nix
 create mode 100644 home/git.nix
 rename home/{modules => }/helix/config/config.toml (100%)
 rename home/{modules => }/helix/config/languages.toml (100%)
 rename home/{modules => }/helix/default.nix (81%)
 delete mode 100644 home/jjconfig.toml
 delete mode 100644 home/modules.nix
 delete mode 100644 home/modules/alacritty/colors.toml
 delete mode 100644 home/modules/alacritty/default.nix
 delete mode 100644 home/modules/colors.nix
 delete mode 100644 home/modules/direnv.nix
 delete mode 100644 home/modules/git.nix
 delete mode 100644 home/modules/gpg.nix
 delete mode 100644 home/modules/gtk.nix
 delete mode 100644 home/modules/keyring.nix
 delete mode 100644 home/modules/session.nix
 delete mode 100644 home/modules/ssh.nix
 delete mode 100644 home/modules/tmux.nix
 delete mode 100644 home/modules/xdg.nix
 delete mode 100644 home/modules/zsh.nix
 delete mode 100755 home/status
 create mode 100644 home/tmux.nix
 create mode 100644 home/xdg.nix
 create mode 100644 home/zsh.nix

diff --git a/home/dconf.nix b/home/dconf.nix
deleted file mode 100644
index 5238c97..0000000
--- a/home/dconf.nix
+++ /dev/null
@@ -1,209 +0,0 @@
-{ lib, pkgs, ... }:
-with lib.hm.gvariant;
-{
-  home.packages = [
-    pkgs.adwaita-icon-theme
-    pkgs.adwaita-qt
-  ];
-
-  dconf.settings = with lib.hm.gvariant; {
-    "org/gnome/shell" = {
-      favorite-apps = [
-        "alacritty.desktop"
-        "element.desktop"
-        "evolution.desktop"
-        "firefox.desktop"
-        "spotify.desktop"
-      ];
-    };
-
-    "org/gnome/shell" = {
-      disable-user-extensions = false;
-      enabled-extensions = [
-        "system-monitor@gnome-shell-extensions.gcampax.github.com"
-        "switcher@landau.fi"
-      ];
-    };
-
-    "org/gnome/desktop/calendar" = {
-      show-weekdate = true;
-    };
-
-    "org/gnome/desktop/input-sources" = {
-      current = mkUint32 0;
-      per-window = false;
-      show-all-sources = true;
-      sources = [
-        (mkTuple [
-          "xkb"
-          "eu"
-        ])
-        (mkTuple [
-          "xkb"
-          "de"
-        ])
-      ];
-      xkb-options = [
-        "lv3:ralt_switch"
-        "caps:escape"
-      ];
-    };
-
-    "org/gnome/desktop/interface" = {
-      clock-show-date = true;
-      clock-show-seconds = false;
-      clock-show-weekday = true;
-      cursor-theme = "Adwaita";
-      enable-animations = true;
-      enable-hot-corners = false;
-      font-antialiasing = "grayscale";
-      font-hinting = "slight";
-      font-name = "Cantarell 10";
-      gtk-enable-primary-paste = false;
-      gtk-key-theme = "Emacs";
-      gtk-theme = "Adwaita";
-      color-scheme = "prefer-light";
-      icon-theme = "Adwaita";
-      locate-pointer = false;
-      monospace-font-name = "JetBrains Mono 10";
-      show-battery-percentage = false;
-      #text-scaling-factor = 1.0;
-      toolkit-accessibility = false;
-    };
-
-    "org/gnome/desktop/peripherals/keyboard" = {
-      numlock-state = false;
-    };
-
-    "org/gnome/desktop/peripherals/mouse" = {
-      accel-profile = "default";
-      natural-scroll = true;
-    };
-
-    "org/gnome/desktop/peripherals/touchpad" = {
-      send-events = "enabled";
-      tap-to-click = true;
-      two-finger-scrolling-enabled = true;
-    };
-
-    "org/gnome/desktop/privacy" = {
-      disable-microphone = false;
-      old-files-age = mkUint32 30;
-      recent-files-max-age = -1;
-      report-technical-problems = false;
-    };
-
-    "org/gnome/desktop/screensaver" = {
-      color-shading-type = "solid";
-      lock-delay = mkUint32 30;
-      lock-enabled = true;
-    };
-
-    "org/gnome/desktop/session" = {
-      idle-delay = mkUint32 0;
-    };
-
-    "org/gnome/desktop/sound" = {
-      event-sounds = false;
-      theme-name = "__custom";
-    };
-
-    "org/gnome/evince/default" = {
-      continuous = true;
-      dual-page = false;
-      dual-page-odd-left = false;
-      enable-spellchecking = true;
-      fullscreen = false;
-      inverted-colors = false;
-      show-sidebar = false;
-      sidebar-page = "links";
-      sidebar-size = 132;
-      sizing-mode = "free";
-    };
-
-    "org/gnome/evolution/calendar" = {
-      editor-show-timezone = true;
-      use-24hour-format = true;
-      week-start-day-name = "monday";
-      work-day-friday = true;
-      work-day-monday = true;
-      work-day-saturday = false;
-      work-day-sunday = false;
-      work-day-thursday = true;
-      work-day-tuesday = true;
-      work-day-wednesday = true;
-    };
-
-    "org/gnome/evolution/mail" = {
-      browser-close-on-reply-policy = "always";
-      composer-attribution-language = "de_DE";
-      composer-reply-start-bottom = false;
-      composer-signature-in-new-only = true;
-      composer-spell-languages = [
-        "de"
-        "en_US"
-      ];
-      composer-top-signature = false;
-      composer-unicode-smileys = false;
-      composer-visually-wrap-long-lines = true;
-      composer-wrap-quoted-text-in-replies = false;
-      forward-style = 0;
-      forward-style-name = "attached";
-      headers-collapsed = false;
-      image-loading-policy = "never";
-      junk-check-custom-header = true;
-      junk-check-incoming = true;
-      junk-empty-on-exit-days = 0;
-      junk-lookup-addressbook = false;
-      notify-remote-content = true;
-      prompt-check-if-default-mailer = false;
-      prompt-on-composer-mode-switch = true;
-      prompt-on-empty-subject = true;
-      prompt-on-expunge = true;
-      prompt-on-mark-all-read = false;
-      prompt-on-mark-as-junk = true;
-      prompt-on-reply-close-browser = "always";
-      prompt-on-unwanted-html = true;
-      reply-style = 0;
-      reply-style-name = "quoted";
-      search-gravatar-for-photo = false;
-    };
-
-    "org/gnome/evolution/plugin/prefer-plain" = {
-      mode = "only_plain";
-      show-suppressed = true;
-    };
-
-    "org/gnome/gnome-screenshot" = {
-      border-effect = "none";
-      delay = 0;
-      include-border = true;
-      include-pointer = false;
-      last-save-directory = "file:///home/dadada/lib/pictures/Screenshots";
-    };
-
-    "org/gnome/mutter" = {
-      attach-modal-dialogs = true;
-      center-new-windows = true;
-      dynamic-workspaces = true;
-      edge-tiling = true;
-      experimental-features = [ ];
-      focus-change-on-pointer-rest = true;
-      overlay-key = "Super_L";
-      workspaces-only-on-primary = true;
-    };
-
-    "org/gnome/settings-daemon/plugins/power" = {
-      idle-dim = true;
-      power-button-action = "interactive";
-      power-saver-profile-on-low-battery = true;
-      sleep-inactive-ac-type = "blank";
-      sleep-inactive-battery-timeout = 600;
-      sleep-inactive-battery-type = "suspend";
-    };
-
-    "org/gnome/system/location" = {
-      enabled = false;
-    };
-  };
-}
diff --git a/home/default.nix b/home/default.nix
index 242a5fe..b70d7e2 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -1,22 +1,8 @@
 {
   pkgs,
-  lib,
   ...
 }:
 let
-  useFeatures = [
-    "alacritty"
-    #"emacs"
-    "direnv"
-    "git"
-    "gpg"
-    #"gtk"
-    #"keyring"
-    "tmux"
-    "xdg"
-    "zsh"
-    "helix"
-  ];
   colors = {
     background = "fdf6e3";
     foreground = "657b83";
@@ -40,29 +26,39 @@ let
 in
 {
   imports = [
-    ./dconf.nix
+    ./git.nix
+    ./helix
+    ./tmux.nix
+    ./xdg.nix
+    ./zsh.nix
   ];
 
   home.stateVersion = "20.09";
 
-  programs.gpg.settings.default-key = "99658A3EB5CD7C13";
+  home.sessionVariables = {
+    EDITOR = "hx";
+    PAGER = "less";
+  };
 
-  dadada.home =
-    lib.attrsets.genAttrs useFeatures (useFeatures: {
-      enable = true;
-    })
-    // {
-      session = {
-        enable = true;
-        sessionVars = {
-          EDITOR = "hx";
-          PAGER = "less";
-          MAILDIR = "\$HOME/.var/mail";
-          MBLAZE = "\$HOME/.config/mblaze";
-          NOTMUCH_CONFIG = "\$HOME/.config/notmuch/config";
-        };
-      };
+  programs.gpg = {
+    enable = true;
+    settings = {
+      default-key = "99658A3EB5CD7C13";
+      fixed-list-mode = true;
+      keyid-format = "0xlong";
+      verify-options = "show-uid-validity";
+      list-options = "show-uid-validity";
+      cert-digest-algo = "SHA256";
+      use-agent = true;
+      keyserver = "hkps://keys.openpgp.org";
     };
+  };
+
+  services.gpg-agent = {
+    enable = true;
+    defaultCacheTtl = 1800;
+    enableSshSupport = false;
+  };
 
   # Languagetool server for web extension
   systemd.user.services."languagetool-http-server" = {
@@ -83,43 +79,6 @@ in
     };
   };
 
-  programs.offlineimap.enable = false;
-  xdg.configFile."offlineimap/config".text = ''
-    [general]
-    accounts = tu-bs,mailbox
-
-    [Account tu-bs]
-    localrepository = tu-bs-local
-    remoterepository = tu-bs-remote
-
-    [Repository tu-bs-local]
-    type = Maildir
-    localfolders = ~/lib/backup/y0067212@tu-bs.de
-
-    [Repository tu-bs-remote]
-    type = IMAP
-    remotehost = mail.tu-braunschweig.de
-    remoteuser = y0067212
-    sslcacertfile = /etc/ssl/certs/ca-certificates.crt
-
-    [Account mailbox]
-    localrepository = mailbox-local
-    remoterepository = mailbox-remote
-
-    [Repository mailbox-local]
-    type = Maildir
-    localfolders = ~/lib/backup/mailbox.org
-
-    [Repository mailbox-remote]
-    type = IMAP
-    remotehost = imap.mailbox.org
-    remoteuser = dadada@dadada.li
-    sslcacertfile = /etc/ssl/certs/ca-certificates.crt
-  '';
-
-  home.file.".jjconfig.toml".source = ./jjconfig.toml;
-  #home.file.".config/halloy/config.toml".source = ./halloy.toml;
-
   systemd.user.timers."backup-keepassxc" = {
     Unit.Description = "Backup password DB";
     Timer = {
@@ -172,268 +131,14 @@ in
     };
   };
 
-  home.file.".config/sway/config".text = with colors; ''
-    # Read `man 5 sway` for a complete reference.
-
-    ### Variables
-    #
-    # Logo key. Use Mod1 for Alt.
-    set $mod Mod4
-    # Home row direction keys, like vim
-    set $left h
-    set $down j
-    set $up k
-    set $right l
-    # Your preferred terminal emulator
-    set $term foot
-    # Your preferred application launcher
-    # Note: pass the final command to swaymsg so that the resulting window can be opened
-    # on the original workspace that the command was run on.
-    set $menu fuzzel
-    set $wallpaper "~/lib/pictures/wallpaper.jpg"
-
-    ### Idle configuration
-    #
-    # Example configuration:
-    #
-    exec swayidle -w \
-             timeout 300 'swaylock -f -i $wallpaper -s fill' \
-             timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \
-             before-sleep 'swaylock -f -i $wallpaper -s fill'
-    #
-    # This will lock your screen after 300 seconds of inactivity, then turn off
-    # your displays after another 300 seconds, and turn your screens back on when
-    # resumed. It will also lock your screen before your computer goes to sleep.
-
-    input * {
-      xkb_layout eu
-      xkb_model pc105+inet
-      xkb_options caps:escape
-        drag_lock enabled
-        drag enabled
-        dwt enabled
-        tap enabled
-        tap_button_map lrm
-        natural_scroll enabled
-    }
-
-    ### Key bindings
-    #
-    # Basics:
-    #
-    # Start a terminal
-    bindsym $mod+Return exec $term
-
-    # Kill focused window
-    bindsym $mod+Shift+q kill
-
-    # Start your launcher
-    bindsym $mod+d exec $menu
-
-    # Drag floating windows by holding down $mod and left mouse button.
-    # Resize them with right mouse button + $mod.
-    # Despite the name, also works for non-floating windows.
-    # Change normal to inverse to use left mouse button for resizing and right
-    # mouse button for dragging.
-    floating_modifier $mod normal
-
-    # Lock the screen
-    bindsym XF86Sleep exec 'swaylock -f -c ${background}'
-    bindsym $mod+End exec 'swaylock -f -c ${background}'
-
-    # Reload the configuration file
-    bindsym $mod+Shift+c reload
-
-    # Exit sway (logs you out of your Wayland session)
-    bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit'
-
-    # Brightness
-    bindsym --locked XF86MonBrightnessDown exec light -U 10
-    bindsym --locked XF86MonBrightnessUp exec light -A 10
-
-    # Volume
-    bindsym --locked XF86AudioRaiseVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ +1%'
-    bindsym --locked XF86AudioLowerVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ -1%'
-    bindsym --locked XF86AudioMute exec 'pactl set-sink-mute @DEFAULT_SINK@ toggle'
-
-    #
-    # Moving around:
-    #
-    # Move your focus around
-    bindsym $mod+$left focus left
-    bindsym $mod+$down focus down
-    bindsym $mod+$up focus up
-    bindsym $mod+$right focus right
-    # Or use $mod+[up|down|left|right]
-    bindsym $mod+Left focus left
-    bindsym $mod+Down focus down
-    bindsym $mod+Up focus up
-    bindsym $mod+Right focus right
-
-    # Move the focused window with the same, but add Shift
-    bindsym $mod+Shift+$left move left
-    bindsym $mod+Shift+$down move down
-    bindsym $mod+Shift+$up move up
-    bindsym $mod+Shift+$right move right
-    # Ditto, with arrow keys
-    bindsym $mod+Shift+Left move left
-    bindsym $mod+Shift+Down move down
-    bindsym $mod+Shift+Up move up
-    bindsym $mod+Shift+Right move right
-
-    #
-    # Workspaces:
-    #
-    # Switch to workspace
-    bindsym $mod+1 workspace number 1
-    bindsym $mod+2 workspace number 2
-    bindsym $mod+3 workspace number 3
-    bindsym $mod+4 workspace number 4
-    bindsym $mod+5 workspace number 5
-    bindsym $mod+6 workspace number 6
-    bindsym $mod+7 workspace number 7
-    bindsym $mod+8 workspace number 8
-    bindsym $mod+9 workspace number 9
-    bindsym $mod+0 workspace number 10
-    # Move focused container to workspace
-    bindsym $mod+Shift+1 move container to workspace number 1
-    bindsym $mod+Shift+2 move container to workspace number 2
-    bindsym $mod+Shift+3 move container to workspace number 3
-    bindsym $mod+Shift+4 move container to workspace number 4
-    bindsym $mod+Shift+5 move container to workspace number 5
-    bindsym $mod+Shift+6 move container to workspace number 6
-    bindsym $mod+Shift+7 move container to workspace number 7
-    bindsym $mod+Shift+8 move container to workspace number 8
-    bindsym $mod+Shift+9 move container to workspace number 9
-    bindsym $mod+Shift+0 move container to workspace number 10
-    # Note: workspaces can have any name you want, not just numbers.
-    # We just use 1-10 as the default.
-
-    #
-    # Layout stuff:
-    #
-    # You can "split" the current object of your focus with
-    # $mod+b or $mod+v, for horizontal and vertical splits
-    # respectively.
-    bindsym $mod+b splith
-    bindsym $mod+v splitv
-
-    # Switch the current container between different layout styles
-    bindsym $mod+s layout stacking
-    bindsym $mod+w layout tabbed
-    bindsym $mod+e layout toggle split
-
-    # Make the current focus fullscreen
-    bindsym $mod+f fullscreen
-
-    # Toggle the current focus between tiling and floating mode
-    bindsym $mod+Shift+space floating toggle
-
-    # Swap focus between the tiling area and the floating area
-    bindsym $mod+space focus mode_toggle
-
-    # Move focus to the parent container
-    bindsym $mod+a focus parent
-
-    #
-    # Font
-    #
-    font "pango:Jetbrains Mono 8"
-
-    #
-    # Scratchpad:
-    #
-    # Sway has a "scratchpad", which is a bag of holding for windows.
-    # You can send windows there and get them back later.
-
-    # Move the currently focused window to the scratchpad
-    bindsym $mod+Shift+minus move scratchpad
-
-    # Show the next scratchpad window or hide the focused scratchpad window.
-    # If there are multiple scratchpad windows, this command cycles through them.
-    bindsym $mod+minus scratchpad show
-
-    #
-    # Resizing containers:
-    #
-    mode "resize" {
-        # left will shrink the containers width
-        # right will grow the containers width
-        # up will shrink the containers height
-        # down will grow the containers height
-        bindsym $left resize shrink width 10px
-        bindsym $down resize grow height 10px
-        bindsym $up resize shrink height 10px
-        bindsym $right resize grow width 10px
-
-        # Ditto, with arrow keys
-        bindsym Left resize shrink width 10px
-        bindsym Down resize grow height 10px
-        bindsym Up resize shrink height 10px
-        bindsym Right resize grow width 10px
-
-        # Return to default mode
-        bindsym Return mode "default"
-        bindsym Escape mode "default"
-    }
-    bindsym $mod+r mode "resize"
-
-    #
-    # Status Bar:
-    #
-    # Read `man 5 sway-bar` for more information about this section.
-    bar {
-        position bottom
-
-        # When the status_command prints a new line to stdout, swaybar updates.
-        # The default just shows the current date and time.
-        status_command ~/.config/sway/status
-
-        colors {
-            statusline ${foreground}
-            background ${background}
-            inactive_workspace ${background}ee ${background}ee ${foreground}ee
-        }
-    }
-
-    # Gaps between multiple tiling windows
-    gaps inner 10
-    smart_gaps on
-
-    bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3
-
-    # class                 border         backgr.        text           indicator      child_border
-    client.focused          #${bright6}    #${foreground} #${background} #${bright5}    #${regular4}
-    client.focused_inactive #${regular0}   #${regular0}   #${foreground} #${bright5}    #${regular0}
-    client.unfocused        #${regular0}   #${background} #${bright2}    #${bright5}    #${regular0}
-    client.urgent           #${bright1}    #${bright0}    #${regular4}   #${background} #${bright0}
-    client.placeholder      #${background} #${bright2}    #${foreground} #${background} #${bright2}
-
-    client.background       #${foreground}
-
-    include /etc/sway/config.d/*
-
-    exec sleep 5; systemctl --user restart kanshi.service
-    exec sleep 5; swaymsg output '*' bg $wallpaper fill
-  '';
-  home.file.".config/sway/status".source = ./status;
-  home.file.".config/kanshi/config".text = ''
-    profile Laptop {
-      output eDP-1 enable
-    }
-
-    profile Docked {
-      output eDP-1 disable
-      output "LG Electronics LG HDR 4K 0x000354D1" {
-        enable
-        scale 1.4
-        position 0,0
-      }
-    }
-  '';
-
   services.syncthing.enable = true;
 
+  programs.direnv = {
+    enable = true;
+    enableZshIntegration = true;
+    nix-direnv.enable = true;
+  };
+
   # Let Home Manager install and manage itself.
   programs.home-manager.enable = true;
 
diff --git a/home/git.nix b/home/git.nix
new file mode 100644
index 0000000..c7006b6
--- /dev/null
+++ b/home/git.nix
@@ -0,0 +1,99 @@
+{
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
+let
+  allowedSigners = pkgs.writeTextFile {
+    name = "allowed-signers";
+    text = ''
+      dadada@dadada.li sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada <dadada@dadada.li>
+      dadada@dadada.li ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon
+    '';
+  };
+in
+{
+  programs.git = {
+    enable = true;
+    extraConfig = {
+      commit = {
+        gpgSign = true;
+        verbose = true;
+      };
+      gpg = {
+        format = "ssh";
+        ssh.allowedSignersFile = "${allowedSigners}";
+        ssh.program = "ssh-keygen";
+      };
+      tag.gpgSign = true;
+      user = {
+        email = "dadada@dadada.li";
+        name = "Tim Schubert";
+        signingKey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon";
+      };
+      core = {
+        whitespace = {
+          tab-in-indent = true;
+          tabwidth = 4;
+        };
+        alias = { };
+        pager = "delta";
+      };
+      column.ui = "never";
+      checkout.defaultRemote = "origin";
+      delta = {
+        navigate = true; # use n and N to move between diff sections
+        side-by-side = false;
+        line-numbers = true;
+        light = true;
+      };
+      diff = {
+        renames = "copies";
+        algorithm = "histogram";
+        colorMoved = "default";
+      };
+      interactive.diffFilter = "delta --color-only";
+      merge = {
+        conflictstyle = "zdiff3";
+        keepbackup = false;
+        tool = "meld";
+      };
+      status = {
+        short = true;
+        branch = true;
+        showUntrackedFiled = "all";
+      };
+      log.date = "iso8601-local";
+      fetch.prune = true;
+      pull = {
+        prune = true;
+        ff = "only";
+        rebase = "interactive";
+      };
+      push = {
+        default = "current";
+        autoSetupRemote = true;
+      };
+      rebase = {
+        abbreviateCommands = true;
+        # Automatically force-update any branches that point to commits that are being rebased.
+        updateRefs = true;
+      };
+      rerere.enabled = true;
+      transfer.fsckobjects = true;
+      fetch.fsckobjects = true;
+      receive.fsckObjects = true;
+      branch.sort = "-committerdate";
+    };
+  };
+
+  home.packages = with pkgs; [
+    delta
+    git-lfs
+    gitAndTools.hub
+    gitAndTools.lab
+    gitAndTools.git-absorb
+    meld
+  ];
+}
diff --git a/home/modules/helix/config/config.toml b/home/helix/config/config.toml
similarity index 100%
rename from home/modules/helix/config/config.toml
rename to home/helix/config/config.toml
diff --git a/home/modules/helix/config/languages.toml b/home/helix/config/languages.toml
similarity index 100%
rename from home/modules/helix/config/languages.toml
rename to home/helix/config/languages.toml
diff --git a/home/modules/helix/default.nix b/home/helix/default.nix
similarity index 81%
rename from home/modules/helix/default.nix
rename to home/helix/default.nix
index 7717423..7061527 100644
--- a/home/modules/helix/default.nix
+++ b/home/helix/default.nix
@@ -9,7 +9,6 @@ let
 in
 {
   options.dadada.home.helix = {
-    enable = lib.mkEnableOption "Enable helix editor";
     package = lib.mkOption {
       type = lib.types.package;
       description = "Helix editor package to use";
@@ -17,7 +16,7 @@ in
     };
   };
 
-  config = lib.mkIf cfg.enable {
+  config = {
     home.file.".config/helix".source = ./config;
     home.packages = [
       cfg.package
diff --git a/home/jjconfig.toml b/home/jjconfig.toml
deleted file mode 100644
index 43fbcbd..0000000
--- a/home/jjconfig.toml
+++ /dev/null
@@ -1,8 +0,0 @@
-[user]
-name = "Tim Schubert"
-email = "dadada@dadada.li"
-
-[ui]
-diff-editor = ["scm-diff-editor", "--dir-diff", "$left", "$right"]
-diff-instructions = false
-merge-editor = ["meld"]
diff --git a/home/modules.nix b/home/modules.nix
deleted file mode 100644
index 0a6c961..0000000
--- a/home/modules.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ lib, ... }:
-with lib;
-let
-  modules' =
-    dir:
-    filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory")) (builtins.readDir dir);
-  modules =
-    dir:
-    mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) (
-      modules' dir
-    );
-in
-(modules ./modules)
diff --git a/home/modules/alacritty/colors.toml b/home/modules/alacritty/colors.toml
deleted file mode 100644
index 3f7eb25..0000000
--- a/home/modules/alacritty/colors.toml
+++ /dev/null
@@ -1,28 +0,0 @@
-# Colors (Solarized Light)
-
-# Default colors
-[colors.primary]
-background = '#fdf6e3'
-foreground = '#586e75'
-
-# Normal colors
-[colors.normal]
-black   = '#073642'
-red     = '#dc322f'
-green   = '#859900'
-yellow  = '#b58900'
-blue    = '#268bd2'
-magenta = '#d33682'
-cyan    = '#2aa198'
-white   = '#eee8d5'
-
-# Bright colors
-[colors.bright]
-black   = '#002b36'
-red     = '#cb4b16'
-green   = '#586e75'
-yellow  = '#657b83'
-blue    = '#839496'
-magenta = '#6c71c4'
-cyan    = '#93a1a1'
-white   = '#fdf6e3'
diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix
deleted file mode 100644
index da9f503..0000000
--- a/home/modules/alacritty/default.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-with lib;
-let
-  cfg = config.dadada.home.alacritty;
-in
-{
-  options.dadada.home.alacritty = {
-    enable = mkEnableOption "Enable alacritty config";
-  };
-  config = mkIf cfg.enable {
-    home.packages = [
-      pkgs.jetbrains-mono
-    ];
-    programs.alacritty = {
-      enable = true;
-      settings = {
-        env.TERM = "xterm-256color";
-        scrolling.history = 0;
-        font = {
-          size = 9;
-          normal = {
-            family = "Jetbrains Mono";
-            style = "Regular";
-          };
-          bold = {
-            family = "Jetbrains Mono";
-            style = "Bold";
-          };
-          italic = {
-            family = "Jetbrains Mono";
-            style = "Italic";
-          };
-          bold_italic = {
-            family = "Jetbrains Mono";
-            style = "Bold Italic";
-          };
-        };
-        shell.program = "tmux";
-        window.decorations = "none";
-        colors = (lib.trivial.importTOML ./colors.toml).colors;
-      };
-    };
-  };
-}
diff --git a/home/modules/colors.nix b/home/modules/colors.nix
deleted file mode 100644
index a4dc5c7..0000000
--- a/home/modules/colors.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}:
-with lib;
-{
-  options.dadada.home.colors = mkOption {
-    type = types.attrs;
-    description = "Color scheme";
-  };
-
-  config = {
-    dadada.home.colors = {
-      foreground = "#a3a3a3";
-      foregroundBold = "#e8e8e8";
-      cursor = "#e8e8e8";
-      cursorForeground = "#1f2022";
-      background = "#292b2e";
-      color0 = "#1f2022";
-      color8 = "#585858";
-      color7 = "#a3a3a3";
-      color15 = "#f8f8f8";
-      color1 = "#f2241f";
-      color9 = "#f2241f";
-      color2 = "#67b11d";
-      color10 = "#67b11d";
-      color3 = "#b1951d";
-      color11 = "#b1951d";
-      color4 = "#4f97d7";
-      color12 = "#4f97d7";
-      color5 = "#a31db1";
-      color13 = "#a31db1";
-      color6 = "#2d9574";
-      color14 = "#2d9574";
-      color16 = "#ffa500";
-      color17 = "#b03060";
-      color18 = "#282828";
-      color19 = "#444155";
-      color20 = "#b8b8b8";
-      color21 = "#e8e8e8";
-    };
-  };
-}
diff --git a/home/modules/direnv.nix b/home/modules/direnv.nix
deleted file mode 100644
index 27a0907..0000000
--- a/home/modules/direnv.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-with lib;
-let
-  cfg = config.dadada.home.direnv;
-in
-{
-  options.dadada.home.direnv = {
-    enable = mkEnableOption "Enable direnv config";
-  };
-  config = mkIf cfg.enable {
-    programs.direnv = {
-      enable = true;
-      enableZshIntegration = true;
-      nix-direnv.enable = true;
-    };
-  };
-}
diff --git a/home/modules/git.nix b/home/modules/git.nix
deleted file mode 100644
index 53fcb6e..0000000
--- a/home/modules/git.nix
+++ /dev/null
@@ -1,106 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-with lib;
-let
-  cfg = config.dadada.home.git;
-  allowedSigners = pkgs.writeTextFile {
-    name = "allowed-signers";
-    text = ''
-      dadada@dadada.li sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada <dadada@dadada.li>
-      dadada@dadada.li ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon
-    '';
-  };
-in
-{
-  options.dadada.home.git = {
-    enable = mkEnableOption "Enable git config";
-  };
-  config = mkIf cfg.enable {
-    programs.git = {
-      enable = true;
-      extraConfig = {
-        commit = {
-          gpgSign = true;
-          verbose = true;
-        };
-        gpg = {
-          format = "ssh";
-          ssh.allowedSignersFile = "${allowedSigners}";
-          ssh.program = "ssh-keygen";
-        };
-        tag.gpgSign = true;
-        user = {
-          email = "dadada@dadada.li";
-          name = "Tim Schubert";
-          signingKey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon";
-        };
-        core = {
-          whitespace = {
-            tab-in-indent = true;
-            tabwidth = 4;
-          };
-          alias = { };
-          pager = "delta";
-        };
-        column.ui = "never";
-        checkout.defaultRemote = "origin";
-        delta = {
-          navigate = true; # use n and N to move between diff sections
-          side-by-side = false;
-          line-numbers = true;
-          light = true;
-        };
-        diff = {
-          renames = "copies";
-          algorithm = "histogram";
-          colorMoved = "default";
-        };
-        interactive.diffFilter = "delta --color-only";
-        merge = {
-          conflictstyle = "zdiff3";
-          keepbackup = false;
-          tool = "meld";
-        };
-        status = {
-          short = true;
-          branch = true;
-          showUntrackedFiled = "all";
-        };
-        log.date = "iso8601-local";
-        fetch.prune = true;
-        pull = {
-          prune = true;
-          ff = "only";
-          rebase = "interactive";
-        };
-        push = {
-          default = "current";
-          autoSetupRemote = true;
-        };
-        rebase = {
-          abbreviateCommands = true;
-          # Automatically force-update any branches that point to commits that are being rebased.
-          updateRefs = true;
-        };
-        rerere.enabled = true;
-        transfer.fsckobjects = true;
-        fetch.fsckobjects = true;
-        receive.fsckObjects = true;
-        branch.sort = "-committerdate";
-      };
-    };
-
-    home.packages = with pkgs; [
-      delta
-      git-lfs
-      gitAndTools.hub
-      gitAndTools.lab
-      gitAndTools.git-absorb
-      meld
-    ];
-  };
-}
diff --git a/home/modules/gpg.nix b/home/modules/gpg.nix
deleted file mode 100644
index baa17dd..0000000
--- a/home/modules/gpg.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}:
-with lib;
-let
-  cfg = config.dadada.home.gpg;
-in
-{
-  options.dadada.home.gpg = {
-    enable = mkEnableOption "Enable GnuPG config";
-  };
-  config = mkIf cfg.enable {
-    programs.gpg = {
-      enable = true;
-      settings = {
-        fixed-list-mode = true;
-        keyid-format = "0xlong";
-        verify-options = "show-uid-validity";
-        list-options = "show-uid-validity";
-        cert-digest-algo = "SHA256";
-        use-agent = true;
-        keyserver = "hkps://keys.openpgp.org";
-      };
-    };
-
-    services.gpg-agent = {
-      enable = true;
-      defaultCacheTtl = 1800;
-      enableSshSupport = false;
-    };
-  };
-}
diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix
deleted file mode 100644
index 5dcd2e6..0000000
--- a/home/modules/gtk.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-with lib;
-let
-  cfg = config.dadada.home.gtk;
-in
-{
-  options.dadada.home.gtk = {
-    enable = mkEnableOption "Enable GTK config";
-  };
-  config = mkIf cfg.enable {
-    gtk = {
-      enable = true;
-    };
-  };
-}
diff --git a/home/modules/keyring.nix b/home/modules/keyring.nix
deleted file mode 100644
index 48b8b54..0000000
--- a/home/modules/keyring.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}:
-with lib;
-let
-  cfg = config.dadada.home.keyring;
-in
-{
-  options.dadada.home.keyring = {
-    enable = mkEnableOption "Enable keyring config";
-  };
-  config = mkIf cfg.enable {
-    services.gnome-keyring = {
-      enable = false;
-      components = [ "secrets" ];
-    };
-  };
-}
diff --git a/home/modules/session.nix b/home/modules/session.nix
deleted file mode 100644
index ba5c941..0000000
--- a/home/modules/session.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}:
-with lib;
-let
-  cfg = config.dadada.home.session;
-in
-{
-  options.dadada.home.session = {
-    enable = mkEnableOption "Enable session variable management";
-    sessionVars = mkOption {
-      description = "Session variables";
-      type = types.attrs;
-      default = { };
-      example = ''
-        EDITOR = "hx";
-        PAGER = "less";
-      '';
-    };
-  };
-  config = mkIf cfg.enable {
-    home.sessionVariables = cfg.sessionVars;
-    systemd.user.sessionVariables = cfg.sessionVars;
-  };
-}
diff --git a/home/modules/ssh.nix b/home/modules/ssh.nix
deleted file mode 100644
index b8aab54..0000000
--- a/home/modules/ssh.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}:
-with lib;
-let
-  cfg = config.dadada.home.ssh;
-in
-{
-  options.dadada.home.ssh = {
-    enable = mkEnableOption "Enable SSH config";
-  };
-  config = mkIf cfg.enable {
-    programs.ssh = {
-      enable = true;
-    };
-  };
-}
diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix
deleted file mode 100644
index 063b8f2..0000000
--- a/home/modules/tmux.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}:
-with lib;
-let
-  cfg = config.dadada.home.tmux;
-in
-{
-  options.dadada.home.tmux = {
-    enable = mkEnableOption "Enable tmux config";
-  };
-  config = mkIf cfg.enable {
-    programs.tmux = {
-      enable = true;
-      terminal = "tmux-256color";
-      extraConfig = ''
-        setw -g mode-keys vi
-        set -g mouse on
-        set -g set-clipboard external
-        set -g set-titles on
-        set -g status on
-        set -ga terminal-overrides ',*256col*:Tc'
-        set-option -g status-interval 5
-        set-option -g automatic-rename on
-        set-option -g automatic-rename-format '#{b:pane_current_path}'
-        bind '"' split-window -c "#{pane_current_path}"
-        bind % split-window -h -c "#{pane_current_path}"
-        bind c new-window -c "#{pane_current_path}"
-      '';
-    };
-  };
-}
diff --git a/home/modules/xdg.nix b/home/modules/xdg.nix
deleted file mode 100644
index 02cadaf..0000000
--- a/home/modules/xdg.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-with lib;
-let
-  apps = {
-    "x-scheme-handler/mailto" = "evolution.desktop";
-    "message/rfc822" = "evolution.desktop";
-    "x-scheme-handler/http" = "firefox.desktop";
-    "x-scheme-handler/https" = "firefox.desktop";
-    "x-scheme-handler/ftp" = "firefox.desktop";
-    "x-scheme-handler/chrome" = "firefox.desktop";
-    "text/html" = "firefox.desktop";
-    "application/x-extension-htm" = "firefox.desktop";
-    "application/x-extension-html" = "firefox.desktop";
-    "application/x-extension-shtml" = "firefox.desktop";
-    "application/xhtml+xml" = "firefox.desktop";
-    "application/x-extension-xhtml" = "firefox.desktop";
-    "application/x-extension-xht" = "firefox.desktop";
-    "application/pdf" = "evince.desktop";
-  };
-  cfg = config.dadada.home.xdg;
-in
-{
-  options.dadada.home.xdg = {
-    enable = mkEnableOption "Enable XDG config";
-  };
-  config = mkIf cfg.enable {
-    xdg = {
-      enable = true;
-      configHome = "${config.home.homeDirectory}/.config";
-      mimeApps = {
-        enable = false;
-        associations.added = apps;
-        defaultApplications = apps;
-      };
-      userDirs = {
-        desktop = "\$HOME/.desktop";
-        download = "\$HOME/tmp";
-        music = "\$HOME/lib/music";
-        videos = "\$HOME/lib/videos";
-        pictures = "\$HOME/lib/pictures";
-        documents = "\$HOME/lib";
-      };
-    };
-    home.packages = with pkgs; [
-      evince
-      firefox
-      xdg-utils
-    ];
-  };
-}
diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix
deleted file mode 100644
index 734d560..0000000
--- a/home/modules/zsh.nix
+++ /dev/null
@@ -1,80 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-with lib;
-let
-  cfg = config.dadada.home.zsh;
-in
-{
-  options.dadada.home.zsh = {
-    enable = mkEnableOption "Enable ZSH config";
-  };
-  config = mkIf cfg.enable {
-    programs.fzf.enableZshIntegration = true;
-    programs.zsh = {
-      enable = true;
-      enableCompletion = true;
-      enableVteIntegration = true;
-      autosuggestion.enable = true;
-      autocd = true;
-      sessionVariables = {
-        EDITOR = "hx";
-      };
-      history = {
-        extended = true;
-        ignoreDups = true;
-        ignoreSpace = true;
-        save = 100000;
-        # FIXME https://github.com/junegunn/fzf/issues/4061
-        #share = true;
-        share = false;
-      };
-      plugins = [
-      ];
-      initContent = ''
-        source ${pkgs.fzf}/share/fzf/key-bindings.zsh
-        source ${pkgs.fzf}/share/fzf/completion.zsh
-        eval "$(repo setup --root ~/src)"
-
-        bindkey -e '^n' autosuggest-accept
-
-        preexec() { echo -n -e "\033]0;$1\007" }
-
-        PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"╰─> "
-      '';
-      profileExtra = '''';
-      shellAliases = {
-        ga = "git add";
-        gc = "git commit";
-        gd = "git diff";
-        gdw = "git diff --color-words";
-        gf = "git fetch";
-        gl = "git log";
-        gpu = "git push";
-        gpul = "git pull";
-        grb = "git rebase";
-        gre = "git reflog";
-        gs = "git status";
-        gsh = "git show";
-        gst = "git status";
-        gsta = "git stash";
-        gstap = "git stash apply";
-        exa = "eza";
-        ls = "exa";
-        la = "exa -a";
-        ll = "exa -la --no-filesize --changed --time-style=long-iso --git  --octal-permissions --no-permissions --no-user --ignore-glob=\".git\"";
-        mv = "mv -i";
-        cp = "cp -i";
-      };
-    };
-
-    home.packages = with pkgs; [
-      fzf
-      eza
-      tmux
-    ];
-  };
-}
diff --git a/home/status b/home/status
deleted file mode 100755
index e24816b..0000000
--- a/home/status
+++ /dev/null
@@ -1,138 +0,0 @@
-#!/usr/bin/env python3
-
-import json
-import sys
-import time
-import requests
-import logging
-import subprocess
-
-from datetime import datetime
-
-logger = logging.getLogger(__name__)
-
-
-class Status:
-    def status(self):
-        return None
-
-
-class Cat(Status):
-    index = 0
-
-    def status(self):
-        cat_width = 200
-        index = self.index
-        catwalk = "🐈🏳️‍🌈" + " " * index
-        self.index = (index + 1) % cat_width
-
-        return {"full_text": catwalk}
-
-
-class Space(Status):
-    backoff = 0
-    c_status = None
-
-    def status(self):
-        backoff = self.backoff
-        if self.backoff == 0:
-            self.update()
-
-        return {"full_text": self.c_status}
-
-    def update(self):
-        spacestatus_url = "https://status.stratum0.org/status.json"
-        resp = requests.get(url=spacestatus_url)
-        self.backoff = (self.backoff + 1) % 120
-        data = resp.json()
-        if data["isOpen"]:
-            since = datetime.strptime(data["since"], "%Y-%m-%dT%H:%M:%S.%f").strftime("%A at %H:%M")
-            spacestatus = f"Space is open since {since}"
-        else:
-            spacestatus = "Space is closed"
-        self.c_status = spacestatus
-
-
-class Battery(Status):
-    capacity_file = open('/sys/class/power_supply/BAT0/capacity', 'r')
-    status_file = open('/sys/class/power_supply/BAT0/status', 'r')
-
-    def status(self):
-        self.status_file.seek(0)
-        status = self.status_file.read().rstrip()
-
-        self.capacity_file.seek(0)
-        capacity = self.capacity_file.read().rstrip()
-
-        battery = f"{status} {capacity}%"
-
-        return {"full_text": battery}
-
-
-class Time(Status):
-    def status(self):
-        now = datetime.now()
-        match now.isocalendar().week % 10:
-            case 1:
-                th = "st"
-            case 2:
-                th = "nd"
-            case 3:
-                th = "rd"
-            case _:
-                th = "th"
-        return {"full_text": now.strftime(f"%V{th} %A %H:%M") }
-
-
-class FailedUnits(Status):
-    def status(self):
-        proc = subprocess.run(["systemctl", "list-units", "--failed"], capture_output = True)
-        stdout = proc.stdout.decode('utf-8')
-        failed = 0
-        for line in stdout:
-            if 'failed' in line:
-                failed += 1
-        if failed == 0:
-            return {"full_text": f"No failed units"}
-        else:
-            return {"full_text": f"There are {failed} failed units", "color": "#ff0000"}
-
-
-def print_header():
-    header = {
-        "version": 1,
-        "click_events": False,
-    }
-    print(json.dumps(header))
-    print("[")
-
-
-def run(interval, widgets):
-    print_header()
-
-    while True:
-        body = []
-
-        for widget in widgets:
-            try:
-                status = widget.status()
-            except Exception as e:
-                logger.error(e)
-            if status:
-                body += status,
-
-        print(json.dumps(body), ",", flush=True)
-
-        ts = interval - (time.time() % interval)
-        time.sleep(ts)
-
-
-if __name__ == "__main__":
-    logging.basicConfig(level=logging.INFO)
-
-    # Interval in seconds
-    interval = 1.0
-
-    widgets = [Cat(), FailedUnits(), Space(), Battery(), Time()]
-
-    run(interval, widgets)
diff --git a/home/tmux.nix b/home/tmux.nix
new file mode 100644
index 0000000..ca8e38c
--- /dev/null
+++ b/home/tmux.nix
@@ -0,0 +1,23 @@
+{
+  ...
+}:
+{
+  programs.tmux = {
+    enable = true;
+    terminal = "tmux-256color";
+    extraConfig = ''
+      setw -g mode-keys vi
+      set -g mouse on
+      set -g set-clipboard external
+      set -g set-titles on
+      set -g status on
+      set -ga terminal-overrides ',*256col*:Tc'
+      set-option -g status-interval 5
+      set-option -g automatic-rename on
+      set-option -g automatic-rename-format '#{b:pane_current_path}'
+      bind '"' split-window -c "#{pane_current_path}"
+      bind % split-window -h -c "#{pane_current_path}"
+      bind c new-window -c "#{pane_current_path}"
+    '';
+  };
+}
diff --git a/home/xdg.nix b/home/xdg.nix
new file mode 100644
index 0000000..67b2b40
--- /dev/null
+++ b/home/xdg.nix
@@ -0,0 +1,47 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+let
+  apps = {
+    "x-scheme-handler/mailto" = "thunderbird.desktop";
+    "message/rfc822" = "thunderbird.desktop";
+    "x-scheme-handler/http" = "firefox.desktop";
+    "x-scheme-handler/https" = "firefox.desktop";
+    "x-scheme-handler/ftp" = "firefox.desktop";
+    "x-scheme-handler/chrome" = "firefox.desktop";
+    "text/html" = "firefox.desktop";
+    "application/x-extension-htm" = "firefox.desktop";
+    "application/x-extension-html" = "firefox.desktop";
+    "application/x-extension-shtml" = "firefox.desktop";
+    "application/xhtml+xml" = "firefox.desktop";
+    "application/x-extension-xhtml" = "firefox.desktop";
+    "application/x-extension-xht" = "firefox.desktop";
+    "application/pdf" = "okular.desktop";
+  };
+in
+{
+  xdg = {
+    enable = true;
+    configHome = "${config.home.homeDirectory}/.config";
+    mimeApps = {
+      enable = false;
+      associations.added = apps;
+      defaultApplications = apps;
+    };
+    userDirs = {
+      desktop = "\$HOME/.desktop";
+      download = "\$HOME/tmp";
+      music = "\$HOME/lib/music";
+      videos = "\$HOME/lib/videos";
+      pictures = "\$HOME/lib/pictures";
+      documents = "\$HOME/lib";
+    };
+  };
+  home.packages = with pkgs; [
+    evince
+    firefox
+    xdg-utils
+  ];
+}
diff --git a/home/zsh.nix b/home/zsh.nix
new file mode 100644
index 0000000..daa65c7
--- /dev/null
+++ b/home/zsh.nix
@@ -0,0 +1,69 @@
+{
+  pkgs,
+  ...
+}:
+{
+  programs.fzf.enableZshIntegration = true;
+  programs.zsh = {
+    enable = true;
+    enableCompletion = true;
+    enableVteIntegration = true;
+    autosuggestion.enable = true;
+    autocd = true;
+    sessionVariables = {
+      EDITOR = "hx";
+    };
+    history = {
+      extended = true;
+      ignoreDups = true;
+      ignoreSpace = true;
+      save = 100000;
+      # FIXME https://github.com/junegunn/fzf/issues/4061
+      #share = true;
+      share = false;
+    };
+    plugins = [
+    ];
+    initContent = ''
+      source ${pkgs.fzf}/share/fzf/key-bindings.zsh
+      source ${pkgs.fzf}/share/fzf/completion.zsh
+      eval "$(repo setup --root ~/src)"
+
+      bindkey -e '^n' autosuggest-accept
+
+      preexec() { echo -n -e "\033]0;$1\007" }
+
+      PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"╰─> "
+    '';
+    profileExtra = '''';
+    shellAliases = {
+      ga = "git add";
+      gc = "git commit";
+      gd = "git diff";
+      gdw = "git diff --color-words";
+      gf = "git fetch";
+      gl = "git log";
+      gpu = "git push";
+      gpul = "git pull";
+      grb = "git rebase";
+      gre = "git reflog";
+      gs = "git status";
+      gsh = "git show";
+      gst = "git status";
+      gsta = "git stash";
+      gstap = "git stash apply";
+      exa = "eza";
+      ls = "exa";
+      la = "exa -a";
+      ll = "exa -la --no-filesize --changed --time-style=long-iso --git  --octal-permissions --no-permissions --no-user --ignore-glob=\".git\"";
+      mv = "mv -i";
+      cp = "cp -i";
+    };
+  };
+
+  home.packages = with pkgs; [
+    fzf
+    eza
+    tmux
+  ];
+}
diff --git a/nixos/modules/profiles/home.nix b/nixos/modules/profiles/home.nix
index 97911df..2276025 100644
--- a/nixos/modules/profiles/home.nix
+++ b/nixos/modules/profiles/home.nix
@@ -1,6 +1,5 @@
 { pkgs, inputs, ... }:
 {
   home-manager.useGlobalPkgs = true;
-  home-manager.sharedModules = pkgs.lib.attrValues inputs.self.hmModules;
   home-manager.users.dadada = inputs.self.hmConfigurations.dadada;
 }
diff --git a/outputs.nix b/outputs.nix
index 45773d9..7b5b029 100644
--- a/outputs.nix
+++ b/outputs.nix
@@ -39,7 +39,6 @@
   }
 ))
 // {
-  hmModules = import ./home/modules.nix { lib = nixpkgs.lib; };
   hmConfigurations = {
     dadada = import ./home;
   };

From 0c69d4373fbbf795c67aa6f8c4dfb5a9e26430fc Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Fri, 10 Oct 2025 23:07:40 +0200
Subject: [PATCH 40/46] fix: readd jetbrains mono

---
 home/default.nix | 2 +-
 home/pkgs.nix    | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/home/default.nix b/home/default.nix
index b70d7e2..46e10b4 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -119,7 +119,7 @@ in
       main = {
         shell = "tmux";
         font = "Jetbrains Mono:size=8";
-        dpi-aware = false;
+        dpi-aware = true;
       };
       mouse.hide-when-typing = true;
       csd.preferred = "server";
diff --git a/home/pkgs.nix b/home/pkgs.nix
index 71c9472..9bb42dc 100644
--- a/home/pkgs.nix
+++ b/home/pkgs.nix
@@ -29,6 +29,7 @@ with pkgs;
   iproute2
   iputils # tracepath
   irssi
+  jetbrains-mono
   jq
   keepassxc
   krita

From de5d7ae0b485ab7029c57c2a1a96c46c44662417 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 12 Oct 2025 15:23:15 +0200
Subject: [PATCH 41/46] chore(flake): update and re-add fixed libvdpau-va-gl

---
 flake.lock              | 6 +++---
 nixos/modules/steam.nix | 5 ++++-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/flake.lock b/flake.lock
index 54d4919..30cfa7c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -204,11 +204,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1760103600,
-        "narHash": "sha256-R4cltQFceN3POiPhBu7aTKsrwqTiwo6zjzmitrHD80E=",
+        "lastModified": 1760239230,
+        "narHash": "sha256-eqSP/BAbQwNTlQ/6yuK0yILzZAPNNj91gp6oIfVtu/E=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "bcccb01d0a353c028cc8cb3254cac7ebae32929e",
+        "rev": "c4aaddeaecc09554c92518fd904e3e84b497ed09",
         "type": "github"
       },
       "original": {
diff --git a/nixos/modules/steam.nix b/nixos/modules/steam.nix
index 2d2963f..7204d6f 100644
--- a/nixos/modules/steam.nix
+++ b/nixos/modules/steam.nix
@@ -18,7 +18,10 @@ in
     programs.steam.enable = true;
     hardware.graphics = {
       enable = true;
-      extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
+      extraPackages32 = with pkgs.pkgsi686Linux; [
+        libva
+        libvdpau-va-gl
+      ];
     };
     services.pulseaudio.support32Bit = true;
   };

From 37260a6ba732e4f3ae1ae32ca6a3cc62a58b3f1a Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Tue, 14 Oct 2025 22:35:06 +0200
Subject: [PATCH 42/46] fix: max-jobs = auto

---
 nixos/stolas/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix
index 5ff063a..0d0dc81 100644
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@@ -86,7 +86,7 @@
   };
 
   nix = {
-    settings.max-jobs = lib.mkDefault 16;
+    settings.max-jobs = "auto";
   };
 
   dadada = {

From 38f51f5391bdae4fec8b9c4c9761c0ce85ba70ca Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Fri, 31 Oct 2025 14:18:38 +0100
Subject: [PATCH 43/46] feat: switch to solarized dark

---
 home/default.nix              | 30 ++++++++++++++++++++++++++----
 home/git.nix                  |  2 +-
 home/helix/config/config.toml |  2 +-
 home/pkgs.nix                 |  1 -
 nixos/stolas/default.nix      | 23 +++++++++++++++++++++++
 5 files changed, 51 insertions(+), 7 deletions(-)

diff --git a/home/default.nix b/home/default.nix
index 46e10b4..c886594 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -3,7 +3,7 @@
   ...
 }:
 let
-  colors = {
+  colors_light = {
     background = "fdf6e3";
     foreground = "657b83";
     regular0 = "eee8d5"; # background darker
@@ -23,6 +23,29 @@ let
     bright6 = "586e75"; # pretty dark grey
     bright7 = "002b36"; # dark navy blue
   };
+  colors_dark = {
+    cursor = "002b36 93a1a1";
+    background = "002b36";
+    foreground = "839496";
+    regular0 = "073642";
+    regular1 = "dc322f";
+    regular2 = "859900";
+    regular3 = "b58900";
+    regular4 = "268bd2";
+    regular5 = "d33682";
+    regular6 = "2aa198";
+    regular7 = "eee8d5";
+    bright0 = "002b36";
+    bright1 = "cb4b16";
+    bright2 = "586e75";
+    bright3 = "657b83";
+    bright4 = "839496";
+    bright5 = "6c71c4";
+    bright6 = "93a1a1";
+    bright7 = "fdf6e3";
+    selection-foreground = "93a1a1";
+    selection-background = "073642";
+  };
 in
 {
   imports = [
@@ -115,11 +138,10 @@ in
     enable = true;
     server.enable = false;
     settings = {
-      inherit colors;
+      colors = colors_dark;
       main = {
         shell = "tmux";
-        font = "Jetbrains Mono:size=8";
-        dpi-aware = true;
+        dpi-aware = false;
       };
       mouse.hide-when-typing = true;
       csd.preferred = "server";
diff --git a/home/git.nix b/home/git.nix
index c7006b6..3bed5cb 100644
--- a/home/git.nix
+++ b/home/git.nix
@@ -46,7 +46,7 @@ in
         navigate = true; # use n and N to move between diff sections
         side-by-side = false;
         line-numbers = true;
-        light = true;
+        light = false;
       };
       diff = {
         renames = "copies";
diff --git a/home/helix/config/config.toml b/home/helix/config/config.toml
index 41cf786..9f37e3f 100644
--- a/home/helix/config/config.toml
+++ b/home/helix/config/config.toml
@@ -1,4 +1,4 @@
-theme = "solarized_light"
+theme = "solarized_dark"
 
 [editor]
 line-number = "relative"
diff --git a/home/pkgs.nix b/home/pkgs.nix
index 9bb42dc..71c9472 100644
--- a/home/pkgs.nix
+++ b/home/pkgs.nix
@@ -29,7 +29,6 @@ with pkgs;
   iproute2
   iputils # tracepath
   irssi
-  jetbrains-mono
   jq
   keepassxc
   krita
diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix
index 0d0dc81..37726c5 100644
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@@ -52,6 +52,29 @@
     pkgs.fw-ectool
   ];
 
+  fonts = {
+    enableDefaultPackages = true;
+    packages = with pkgs; [
+      fira
+      fira-code
+      fira-code-symbols
+      fira-mono
+      font-awesome
+      uw-ttyp0
+    ];
+    fontconfig = {
+      enable = true;
+      allowBitmaps = true;
+      antialias = true;
+      useEmbeddedBitmaps = true;
+      defaultFonts.monospace = [
+        "Ttyp0"
+        "Siji"
+        "Symbola"
+      ];
+    };
+  };
+
   hardware = {
     # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features
     bluetooth.enable = true;

From 4b0d350ffe0cd2b00c0b075a435355702d570db0 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Fri, 31 Oct 2025 14:18:53 +0100
Subject: [PATCH 44/46] chore: update flakes

---
 flake.lock               | 36 ++++++++++++++++++------------------
 nixos/stolas/default.nix |  2 +-
 2 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/flake.lock b/flake.lock
index 30cfa7c..2a9352a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -12,11 +12,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1754433428,
-        "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",
+        "lastModified": 1761656077,
+        "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",
+        "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5",
         "type": "github"
       },
       "original": {
@@ -89,11 +89,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1758287904,
-        "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
+        "lastModified": 1761899396,
+        "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
+        "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998",
         "type": "github"
       },
       "original": {
@@ -204,11 +204,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1760239230,
-        "narHash": "sha256-eqSP/BAbQwNTlQ/6yuK0yILzZAPNNj91gp6oIfVtu/E=",
+        "lastModified": 1761878381,
+        "narHash": "sha256-lCRaipHgszaFZ1Cs8fdGJguVycCisBAf2HEFgip5+xU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "c4aaddeaecc09554c92518fd904e3e84b497ed09",
+        "rev": "4ac96eb21c101a3e5b77ba105febc5641a8959aa",
         "type": "github"
       },
       "original": {
@@ -295,11 +295,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1760106635,
-        "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=",
+        "lastModified": 1761827175,
+        "narHash": "sha256-XdPVSYyIBK4/ruoqujaQmmSGg3J2/EenexV9IEXhr6o=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903",
+        "rev": "43ffe9ac82567512abb83187cb673de1091bdfa8",
         "type": "github"
       },
       "original": {
@@ -311,11 +311,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1760038930,
-        "narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=",
+        "lastModified": 1761672384,
+        "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3",
+        "rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c",
         "type": "github"
       },
       "original": {
@@ -462,11 +462,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1760120816,
-        "narHash": "sha256-gq9rdocpmRZCwLS5vsHozwB6b5nrOBDNc2kkEaTXHfg=",
+        "lastModified": 1761311587,
+        "narHash": "sha256-Msq86cR5SjozQGCnC6H8C+0cD4rnx91BPltZ9KK613Y=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "761ae7aff00907b607125b2f57338b74177697ed",
+        "rev": "2eddae033e4e74bf581c2d1dfa101f9033dbd2dc",
         "type": "github"
       },
       "original": {
diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix
index 37726c5..985583d 100644
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@@ -84,7 +84,7 @@
     graphics = {
       enable = true;
       extraPackages = with pkgs; [
-        vaapiVdpau
+        libva-vdpau-driver
         libvdpau-va-gl
       ];
     };

From 66ff2999db00bac505df6b0753104b880aaa96a2 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sat, 8 Nov 2025 22:51:02 +0100
Subject: [PATCH 45/46] fix: things

---
 flake.lock               | 54 +++++++++++++++++++++-------------------
 flake.nix                |  9 ++++++-
 home/git.nix             |  3 ---
 nixos/stolas/default.nix |  2 +-
 4 files changed, 37 insertions(+), 31 deletions(-)

diff --git a/flake.lock b/flake.lock
index 2a9352a..5f2e12c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -12,11 +12,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1761656077,
-        "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=",
+        "lastModified": 1762618334,
+        "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5",
+        "rev": "fcdea223397448d35d9b31f798479227e80183f6",
         "type": "github"
       },
       "original": {
@@ -69,11 +69,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1741473158,
-        "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
+        "lastModified": 1762521437,
+        "narHash": "sha256-RXN+lcx4DEn3ZS+LqEJSUu/HH+dwGvy0syN7hTo/Chg=",
         "owner": "numtide",
         "repo": "devshell",
-        "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
+        "rev": "07bacc9531f5f4df6657c0a02a806443685f384a",
         "type": "github"
       },
       "original": {
@@ -89,11 +89,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1761899396,
-        "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=",
+        "lastModified": 1762276996,
+        "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998",
+        "rev": "af087d076d3860760b3323f6b583f4d828c1ac17",
         "type": "github"
       },
       "original": {
@@ -204,11 +204,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1761878381,
-        "narHash": "sha256-lCRaipHgszaFZ1Cs8fdGJguVycCisBAf2HEFgip5+xU=",
+        "lastModified": 1762463325,
+        "narHash": "sha256-33YUsWpPyeBZEWrKQ2a1gkRZ7i0XCC/2MYpU6BVeQSU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "4ac96eb21c101a3e5b77ba105febc5641a8959aa",
+        "rev": "0562fef070a1027325dd4ea10813d64d2c967b39",
         "type": "github"
       },
       "original": {
@@ -240,7 +240,9 @@
           "nixpkgs"
         ],
         "pre-commit-hooks-nix": "pre-commit-hooks-nix",
-        "rust-overlay": "rust-overlay"
+        "rust-overlay": [
+          "rust-overlay"
+        ]
       },
       "locked": {
         "lastModified": 1737639419,
@@ -295,11 +297,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1761827175,
-        "narHash": "sha256-XdPVSYyIBK4/ruoqujaQmmSGg3J2/EenexV9IEXhr6o=",
+        "lastModified": 1762463231,
+        "narHash": "sha256-hv1mG5j5PTbnWbtHHomzTus77pIxsc4x8VrMjc7+/YE=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "43ffe9ac82567512abb83187cb673de1091bdfa8",
+        "rev": "52113c4f5cfd1e823001310e56d9c8d0699a6226",
         "type": "github"
       },
       "original": {
@@ -311,11 +313,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1761672384,
-        "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=",
+        "lastModified": 1762363567,
+        "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c",
+        "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4",
         "type": "github"
       },
       "original": {
@@ -400,6 +402,7 @@
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "repo-rs": "repo-rs",
+        "rust-overlay": "rust-overlay",
         "systems": "systems_2",
         "treefmt-nix": "treefmt-nix"
       }
@@ -407,16 +410,15 @@
     "rust-overlay": {
       "inputs": {
         "nixpkgs": [
-          "lanzaboote",
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1731897198,
-        "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
+        "lastModified": 1762569282,
+        "narHash": "sha256-vINZAJpXQTZd5cfh06Rcw7hesH7sGSvi+Tn+HUieJn8=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
+        "rev": "a35a6144b976f70827c2fe2f5c89d16d8f9179d8",
         "type": "github"
       },
       "original": {
@@ -462,11 +464,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1761311587,
-        "narHash": "sha256-Msq86cR5SjozQGCnC6H8C+0cD4rnx91BPltZ9KK613Y=",
+        "lastModified": 1762410071,
+        "narHash": "sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g+mjR/p5TEg=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "2eddae033e4e74bf581c2d1dfa101f9033dbd2dc",
+        "rev": "97a30861b13c3731a84e09405414398fbf3e109f",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 671ba3a..5ae56ad 100644
--- a/flake.nix
+++ b/flake.nix
@@ -17,7 +17,10 @@
     };
     lanzaboote = {
       url = "github:nix-community/lanzaboote/v0.4.2";
-      inputs.nixpkgs.follows = "nixpkgs";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        rust-overlay.follows = "rust-overlay";
+        };
     };
     nixos-hardware.url = "github:NixOS/nixos-hardware/master";
     homepage = {
@@ -50,6 +53,10 @@
       url = "github:numtide/treefmt-nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    rust-overlay = {
+      url = "github:oxalica/rust-overlay";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = { ... }@args: import ./outputs.nix args;
diff --git a/home/git.nix b/home/git.nix
index 3bed5cb..9fdb15b 100644
--- a/home/git.nix
+++ b/home/git.nix
@@ -91,9 +91,6 @@ in
   home.packages = with pkgs; [
     delta
     git-lfs
-    gitAndTools.hub
-    gitAndTools.lab
-    gitAndTools.git-absorb
     meld
   ];
 }
diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix
index 985583d..7b486f0 100644
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@@ -127,7 +127,7 @@
     adb.enable = true;
     firefox = {
       enable = true;
-      package = pkgs.firefox-wayland;
+      package = pkgs.firefox;
     };
     gnupg.agent.enable = true;
     ssh.startAgent = true;

From 864701cac02c945ea88c13a356f2131ff28f8638 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sun, 9 Nov 2025 14:55:16 +0100
Subject: [PATCH 46/46] chore: update dependencies

---
 flake.lock | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/flake.lock b/flake.lock
index 5f2e12c..94a8a44 100644
--- a/flake.lock
+++ b/flake.lock
@@ -204,11 +204,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1762463325,
-        "narHash": "sha256-33YUsWpPyeBZEWrKQ2a1gkRZ7i0XCC/2MYpU6BVeQSU=",
+        "lastModified": 1762661401,
+        "narHash": "sha256-SVmijc8t23UMwru5f/9X1Ak5bSwvYkm0OQ5SxR7hOB0=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "0562fef070a1027325dd4ea10813d64d2c967b39",
+        "rev": "c053d701d64f0727f62e0269c7940da5805bc9bc",
         "type": "github"
       },
       "original": {
@@ -220,11 +220,11 @@
     "homepage": {
       "flake": false,
       "locked": {
-        "lastModified": 1727338449,
-        "narHash": "sha256-VwOGtT1WB+isk0z/D/Be05GgeaTFfsXTGt7aScCAfec=",
-        "rev": "60398d3d728a0057b4cad49879ef637c06b28371",
+        "lastModified": 1762696280,
+        "narHash": "sha256-ncxcwvRNbN/WaZzi1NjV5fgtqfw/wypRtM/y1ZoJKNg=",
+        "rev": "d75353b55e10775649954d789d432be61ff663bf",
         "type": "tarball",
-        "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/60398d3d728a0057b4cad49879ef637c06b28371.tar.gz?rev=60398d3d728a0057b4cad49879ef637c06b28371"
+        "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/d75353b55e10775649954d789d432be61ff663bf.tar.gz?rev=d75353b55e10775649954d789d432be61ff663bf"
       },
       "original": {
         "type": "tarball",
@@ -313,11 +313,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1762363567,
-        "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=",
+        "lastModified": 1762596750,
+        "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4",
+        "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e",
         "type": "github"
       },
       "original": {
@@ -414,11 +414,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1762569282,
-        "narHash": "sha256-vINZAJpXQTZd5cfh06Rcw7hesH7sGSvi+Tn+HUieJn8=",
+        "lastModified": 1762655942,
+        "narHash": "sha256-hOM12KcQNQALrhB9w6KJmV5hPpm3GA763HRe9o7JUiI=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "a35a6144b976f70827c2fe2f5c89d16d8f9179d8",
+        "rev": "6ac961b02d4235572692241e333d0470637f5492",
         "type": "github"
       },
       "original": {