remove specialArgs niveum and niveumLib, add overlay

2026-03-16 10:11:08 +01:00 · 2025-12-25 14:00:03 +01:00
parent c490c81a32
commit 82b7ffd39f
59 changed files with 535 additions and 616 deletions
--- a/configs/admin-essentials.nix
+++ b/configs/admin-essentials.nix
@@ -1,6 +1,5 @@
 {
  pkgs,
-  niveumPackages,
  lib,
  ...
 }: let
@@ -37,12 +36,12 @@ in {
      pkgs.bc # calculator
      pkgs.pari # gp -- better calculator
      pkgs.ts
-      niveumPackages.vimv
-      niveumPackages.vg
-      niveumPackages.fkill
-      niveumPackages.cyberlocker-tools
-      niveumPackages.untilport
-      niveumPackages.kpaste
+      pkgs.vimv
+      pkgs.vg
+      pkgs.fkill
+      pkgs.cyberlocker-tools
+      pkgs.untilport
+      pkgs.kpaste
      # HARDWARE
      pkgs.pciutils # for lspci
    ]
--- a/configs/aerc.nix
+++ b/configs/aerc.nix
@@ -2,12 +2,8 @@
  pkgs,
  config,
  lib,
-  niveumPackages,
  ...
 }:
-let
-  inherit (import ../lib/email.nix) defaults thunderbirdProfile;
-in
 {
  age.secrets = {
    email-password-ical-ephemeris = {
@@ -45,7 +41,7 @@ in
      extraConfig = {
        database.path = config.home-manager.users.me.accounts.email.maildirBasePath;
        new.tags = "";
-        user.name = defaults.realName;
+        user.name = pkgs.lib.niveum.email.defaults.realName;
        user.primary_email = config.home-manager.users.me.accounts.email.accounts.posteo.address;
      };
    };
@@ -87,7 +83,7 @@ in
          mailhost = "mail.cock.li";
          address = "2210@cock.li";
        in
-        lib.recursiveUpdate defaults {
+        lib.recursiveUpdate pkgs.lib.niveum.email.defaults {
          address = address;
          userName = address;
          passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-cock.path}";
@@ -102,7 +98,7 @@ in
        let
          address = "ical.ephemeris@web.de";
        in
-        lib.recursiveUpdate defaults {
+        lib.recursiveUpdate pkgs.lib.niveum.email.defaults {
          userName = address;
          realName = "Kieran from iCal Ephemeris";
          address = address;
@@ -118,7 +114,7 @@ in
          mailhost = "posteo.de";
          address = "kieran.meinhardt@posteo.net";
        in
-        lib.recursiveUpdate defaults {
+        lib.recursiveUpdate pkgs.lib.niveum.email.defaults {
          address = address;
          aliases = [ "kmein@posteo.de" ];
          userName = address;
@@ -144,7 +140,7 @@ in
      enable = true;
      settings = {
      };
-      profiles.${thunderbirdProfile} = {
+      profiles.${pkgs.lib.niveum.email.thunderbirdProfile} = {
        isDefault = true;
        settings = {
          "mail.default_send_format" = 1;
@@ -215,7 +211,7 @@ in
          "*" = ":filter -x Flagged<Enter>";
        };
        view = {
-          tr = ":pipe ${niveumPackages.trans}/bin/trans -show-original n -b -no-autocorrect<Enter>"; # https://man.sr.ht/~rjarry/aerc/integrations/translator.md
+          tr = ":pipe ${pkgs.trans}/bin/trans -show-original n -b -no-autocorrect<Enter>"; # https://man.sr.ht/~rjarry/aerc/integrations/translator.md
          "/" = ":toggle-key-passthrough <Enter> /";
          q = ":close<Enter>";
          O = ":open<Enter>";
--- a/configs/backup.nix
+++ b/configs/backup.nix
@@ -1,13 +1,13 @@
 {
  pkgs,
  config,
+  lib,
  ...
-}: let
-  inherit (import ../lib) restic;
-in {
+}:
+{
  services.restic.backups.niveum = {
    initialize = true;
-    inherit (restic) repository;
+    repository = pkgs.lib.niveum.restic.repository;
    timerConfig = {
      OnCalendar = "8:00";
      RandomizedDelaySec = "1h";
@@ -38,7 +38,7 @@ in {

  environment.systemPackages = [
    (pkgs.writers.writeDashBin "restic-niveum" ''
-      ${pkgs.restic}/bin/restic -r ${restic.repository} -p ${config.age.secrets.restic.path} "$@"
+      ${pkgs.restic}/bin/restic -r ${pkgs.lib.niveum.restic.repository} -p ${config.age.secrets.restic.path} "$@"
    '')
    (pkgs.writers.writeDashBin "restic-mount" ''
      mountdir=$(mktemp -d)
@@ -46,7 +46,7 @@ in {
      clean() {
        rm -r "$mountdir"
      }
-      ${pkgs.restic}/bin/restic -r ${restic.repository} -p ${config.age.secrets.restic.path} mount "$mountdir"
+      ${pkgs.restic}/bin/restic -r ${pkgs.lib.niveum.restic.repository} -p ${config.age.secrets.restic.path} mount "$mountdir"
    '')
  ];
 }
--- a/configs/bots/default.nix
+++ b/configs/bots/default.nix
@@ -8,7 +8,6 @@
  telebots = inputs.telebots.defaultPackage.x86_64-linux;
  reverseDirectory = "/run/telegram-reverse";
  proverbDirectory = "/run/telegram-proverb";
-  inherit (import ../../lib) tmpfilesConfig;
 in {
  imports = [
    ./logotheca.nix
@@ -27,7 +26,7 @@ in {
  };

  systemd.tmpfiles.rules = map (path:
-    tmpfilesConfig {
+    pkgs.lib.niveum.tmpfilesConfig {
      type = "d";
      mode = "0750";
      age = "1h";
--- a/configs/bots/logotheca.nix
+++ b/configs/bots/logotheca.nix
@@ -1,8 +1,6 @@
 {
  pkgs,
  config,
-  lib,
-  niveumPackages,
  ...
 }: {
  niveum.bots.logotheca = {
@@ -22,7 +20,7 @@
        "!zlwCuPiCNMSxDviFzA:4d2.org"
      ];
    };
-    command = "${niveumPackages.literature-quote}/bin/literature-quote";
+    command = "${pkgs.literature-quote}/bin/literature-quote";
  };

  age.secrets = {
--- a/configs/bots/nietzsche.nix
+++ b/configs/bots/nietzsche.nix
@@ -1,7 +1,6 @@
 {
  config,
  pkgs,
-  niveumPackages,
  ...
 }: {
  niveum.bots.nietzsche = {
@@ -16,9 +15,9 @@
      set -efu
      random_number=$(( ($RANDOM % 10) + 1 ))
      if [ "$random_number" -eq 1 ]; then
-        ${niveumPackages.random-zeno}/bin/random-zeno "/Literatur/M/Nietzsche,+Friedrich"
+        ${pkgs.random-zeno}/bin/random-zeno "/Literatur/M/Nietzsche,+Friedrich"
      else
-        ${niveumPackages.random-zeno}/bin/random-zeno "/Philosophie/M/Nietzsche,+Friedrich"
+        ${pkgs.random-zeno}/bin/random-zeno "/Philosophie/M/Nietzsche,+Friedrich"
      fi
    '');
  };
--- a/configs/bots/tlg-wotd.nix
+++ b/configs/bots/tlg-wotd.nix
@@ -1,9 +1,6 @@
 {
  pkgs,
-  lib,
  config,
-  niveumPackages,
-  unstablePackages,
  ...
 }: let
  mastodonEndpoint = "https://social.krebsco.de";
--- a/configs/browser.nix
+++ b/configs/browser.nix
@@ -1,11 +1,10 @@
 {
  config,
  pkgs,
-  niveumPackages,
  ...
 }: {
  environment.systemPackages = [
-    niveumPackages.cro
+    pkgs.cro
    pkgs.tor-browser
    pkgs.firefox
    pkgs.brave
--- a/configs/cloud.nix
+++ b/configs/cloud.nix
@@ -3,9 +3,7 @@
  lib,
  pkgs,
  ...
-}: let
-  inherit (import ../lib) tmpfilesConfig;
-in {
+}: {
  systemd.user.services.systemd-tmpfiles-clean = {
    enable = true;
    wantedBy = [ "default.target" ];
@@ -16,7 +14,7 @@ in {
    };
  };

-  systemd.user.tmpfiles.users.me.rules = map tmpfilesConfig [
+  systemd.user.tmpfiles.users.me.rules = map pkgs.lib.niveum.tmpfilesConfig [
    {
      type = "d";
      mode = "0755";
@@ -29,7 +27,7 @@ in {
      age = "7d";
      path = "${config.users.users.me.home}/cloud/nextcloud/tmp";
    }
-  ] ++ map (path: tmpfilesConfig {
+  ] ++ map (path: pkgs.lib.niveum.tmpfilesConfig {
      type = "L+";
      user = config.users.users.me.name;
      group = config.users.users.me.group;
@@ -121,7 +119,7 @@ in {
    cert = config.age.secrets.syncthing-cert.path;
    key = config.age.secrets.syncthing-key.path;
    settings = {
-      inherit ((import ../lib).syncthing) devices;
+      devices = pkgs.lib.niveum.syncthingIds;
      folders = {
        "${config.users.users.me.home}/sync" = {
          devices = ["kabsa" "manakish" "fatteh"];
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -2,14 +2,11 @@
  pkgs,
  lib,
  config,
-  niveumPackages,
  inputs,
  ...
 }:
 let
  inherit (lib.strings) makeBinPath;
-  inherit (import ../lib) localAddresses kieran remoteDir;
-  defaultApplications = (import ../lib).defaultApplications { inherit pkgs; };
 in
 {
  imports = [
@@ -68,7 +65,7 @@ in

      users.users.me = {
        name = "kfm";
-        description = kieran.name;
+        description = pkgs.lib.niveum.kieran.name;
        hashedPasswordFile = config.age.secrets.kfm-password.path;
        isNormalUser = true;
        uid = 1000;
@@ -90,7 +87,7 @@ in
      environment.interactiveShellInit = "export PATH=$PATH";
      environment.shellAliases =
        let
-          swallow = command: "${niveumPackages.swallow}/bin/swallow ${command}";
+          swallow = command: "${pkgs.swallow}/bin/swallow ${command}";
        in
        {
          o = "${pkgs.xdg-utils}/bin/xdg-open";
@@ -169,7 +166,7 @@ in
      networking.hosts = lib.mapAttrs' (name: address: {
        name = address;
        value = [ "${name}.local" ];
-      }) localAddresses;
+      }) pkgs.lib.niveum.localAddresses;
    }
    {
      home-manager.users.me.home.stateVersion = "22.05";
@@ -190,7 +187,7 @@ in
        dconf.enable = true;
        dconf.settings = {
          # Change the default terminal for Nemo
-          "org/cinnamon/desktop/applications/terminal".exec = defaultApplications.terminal;
+          "org/cinnamon/desktop/applications/terminal".exec = pkgs.lib.niveum.defaultApplications.terminal;
        };
      };
    }
--- a/configs/dunst.nix
+++ b/configs/dunst.nix
@@ -1,9 +1,8 @@
 {
-  config,
+  lib,
  pkgs,
  ...
 }: let
-  inherit (import ../lib) defaultApplications theme;
  sgr = code: string: ''\u001b[${code}m${string}\u001b[0m'';
 in {
  environment.systemPackages = [
@@ -18,7 +17,7 @@ in {

  home-manager.users.me.services.dunst = {
    enable = true;
-    iconTheme = (theme pkgs).icon;
+    iconTheme = pkgs.lib.niveum.theme.icon;
    settings = {
      global = {
        transparency = 10;
@@ -44,7 +43,7 @@ in {
        sticky_history = true;
        history_length = 20;
        dmenu = "${pkgs.rofi}/bin/rofi -display-run dunst -show run";
-        browser = (defaultApplications pkgs).browser;
+        browser = pkgs.lib.niveum.defaultApplications.browser;
        verbosity = "mesg";
        corner_radius = 0;
        mouse_left_click = "do_action";
--- a/configs/fonts.nix
+++ b/configs/fonts.nix
@@ -1,6 +1,5 @@
 {
  pkgs,
-  niveumPackages,
  ...
 }: let
  zip-font = name: arguments: let
@@ -93,7 +92,6 @@ in {
      font-awesome
      galatia-sil
      gentium
-      # niveumPackages.gfs-fonts
      gyre-fonts
      ibm-plex
      jetbrains-mono
@@ -114,7 +112,7 @@ in {
      source-sans-pro
      source-serif-pro
      theano
-      niveumPackages.tocharian-font
+      tocharian-font
      vista-fonts
      vollkorn
      zilla-slab
--- a/configs/git.nix
+++ b/configs/git.nix
@@ -1,10 +1,9 @@
 {
  pkgs,
-  inputs,
+  lib,
  ...
-}: let
-  inherit (import ../lib) kieran ignorePaths;
-in {
+}:
+{
  environment.systemPackages = [
    pkgs.mr
    pkgs.gitFull
@@ -41,9 +40,9 @@ in {
        logs = "log --pretty=oneline";
        graph = "log --graph --abbrev-commit --decorate --date=relative --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(bold yellow)%d%C(reset)' --all";
      };
-      ignores = ignorePaths;
-      settings.user.name = kieran.name;
-      settings.user.email = kieran.email;
+      ignores = pkgs.lib.niveum.ignorePaths;
+      settings.user.name = pkgs.lib.niveum.kieran.name;
+      settings.user.email = pkgs.lib.niveum.kieran.email;
      settings.pull.ff = "only";
      settings.rebase.autoStash = true;
      settings.merge.autoStash = true;
--- a/configs/i3.nix
+++ b/configs/i3.nix
@@ -2,13 +2,11 @@
  config,
  pkgs,
  lib,
-  niveumPackages,
  ...
 }: let
-  inherit (import ../lib) defaultApplications;
-  klem = niveumPackages.klem.override {
-    config.dmenu = "${pkgs.dmenu}/bin/dmenu -i -p klem";
-    config.scripts = {
+  klem = pkgs.klem.override {
+    options.dmenu = "${pkgs.dmenu}/bin/dmenu -i -p klem";
+    options.scripts = {
      "p.r paste" = pkgs.writers.writeDash "p.r" ''
        ${pkgs.curl}/bin/curl -fSs http://p.r --data-binary @- \
          | ${pkgs.coreutils}/bin/tail --lines=1 \
@@ -37,10 +35,10 @@
        ${pkgs.coreutils}/bin/tr '[A-Za-z]' '[N-ZA-Mn-za-m]'
      '';
      "ipa" = pkgs.writers.writeDash "ipa" ''
-        ${niveumPackages.ipa}/bin/ipa
+        ${pkgs.ipa}/bin/ipa
      '';
      "betacode" = pkgs.writers.writeDash "betacode" ''
-        ${niveumPackages.betacode}/bin/betacode
+        ${pkgs.betacode}/bin/betacode
      '';
      "curl" = pkgs.writers.writeDash "curl" ''
        ${pkgs.curl}/bin/curl -fSs "$(${pkgs.coreutils}/bin/cat)"
@@ -51,12 +49,6 @@
      emojai = pkgs.writers.writeDash "emojai" ''
        ${pkgs.curl}/bin/curl https://www.emojai.app/api/generate -X POST -H 'Content-Type: application/json' --data-raw "$(${pkgs.jq}/bin/jq -sR '{emoji:.}')" | ${pkgs.jq}/bin/jq -r .result
      '';
-      "gpt-3.5" = pkgs.writers.writeDash "gpt" ''
-        ${niveumPackages.gpt35}/bin/gpt
-      '';
-      gpt-4 = pkgs.writers.writeDash "gpt" ''
-        ${niveumPackages.gpt4}/bin/gpt
-      '';
    };
  };
 in {
@@ -224,15 +216,15 @@ in {
        "${modifier}+w" = "layout tabbed";
        "${modifier}+q" = "exec ${config.services.clipmenu.package}/bin/clipmenu";

-        "${modifier}+Return" = "exec ${(defaultApplications pkgs).terminal}";
-        "${modifier}+t" = "exec ${(defaultApplications pkgs).fileManager}";
-        "${modifier}+y" = "exec ${(defaultApplications pkgs).browser}";
+        "${modifier}+Return" = "exec ${pkgs.lib.niveum.defaultApplications.terminal}";
+        "${modifier}+t" = "exec ${pkgs.lib.niveum.defaultApplications.fileManager}";
+        "${modifier}+y" = "exec ${pkgs.lib.niveum.defaultApplications.browser}";

        "${modifier}+d" = "exec ${pkgs.writers.writeDash "run" ''exec rofi -modi run,ssh,window -show run''}";
-        "${modifier}+Shift+d" = "exec ${niveumPackages.notemenu}/bin/notemenu";
+        "${modifier}+Shift+d" = "exec ${pkgs.notemenu}/bin/notemenu";
        "${modifier}+p" = "exec rofi-pass";
        "${modifier}+Shift+p" = "exec rofi-pass --insert";
-        "${modifier}+u" = "exec ${niveumPackages.unicodmenu}/bin/unicodmenu";
+        "${modifier}+u" = "exec ${pkgs.unicodmenu}/bin/unicodmenu";
        "${modifier}+Shift+u" = "exec ${pkgs.writers.writeDash "last-unicode" ''${pkgs.xdotool}/bin/xdotool type --delay 1000 "$(${pkgs.gawk}/bin/awk 'END{print $1}' ~/.cache/unicodmenu)"''}";

        "${modifier}+F7" = "exec ${pkgs.writers.writeDash "showkeys-toggle" ''
@@ -252,7 +244,6 @@ in {
        "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next";
        "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous";
        "XF86AudioStop" = "exec ${pkgs.playerctl}/bin/playerctl stop";
-        "XF86ScreenSaver" = "exec ${niveumPackages.k-lock}/bin/k-lock";

        # key names detected with xorg.xev:
        # XF86WakeUp (fn twice)
@@ -288,7 +279,6 @@ in {
      config = {
          inherit modifier gaps modes bars floating window colors;
          keybindings = keybindings // {
-            "${modifier}+ß" = "exec ${niveumPackages.menu-calc}/bin/=";
            "${modifier}+F6" = "exec ${pkgs.xorg.xkill}/bin/xkill";
            "${modifier}+F9" = "exec ${pkgs.redshift}/bin/redshift -O 4000 -b 0.85";
            "${modifier}+F10" = "exec ${pkgs.redshift}/bin/redshift -x";
@@ -296,7 +286,7 @@ in {
            "Print" = "exec flameshot gui";
            # "${modifier}+Shift+x" = "exec ${move-to-new-workspace}";
            # "${modifier}+x" = "exec ${new-workspace}";
-            "XF86Display" = "exec ${niveumPackages.dmenu-randr}/bin/dmenu-randr";
+            "XF86Display" = "exec ${pkgs.dmenu-randr}/bin/dmenu-randr";
          };
      };
    };
--- a/configs/mpv.nix
+++ b/configs/mpv.nix
@@ -2,10 +2,9 @@
  pkgs,
  lib,
  config,
-  niveumPackages,
  ...
 }: let
-  swallow = command: "${niveumPackages.swallow}/bin/swallow ${command}";
+  swallow = command: "${pkgs.swallow}/bin/swallow ${command}";
 in {
  environment.shellAliases.smpv = swallow "mpv";

--- a/configs/mycelium.nix
+++ b/configs/mycelium.nix
@@ -1,7 +1,4 @@
-{ lib, ... }:
-let
-  myceliumAddresses = import ../lib/mycelium-network.nix;
-in
+{ lib, pkgs, ... }:
 {
  services.mycelium = {
    enable = true;
@@ -11,5 +8,5 @@ in
  networking.hosts = lib.mapAttrs' (name: address: {
    name = address;
    value = [ "${name}.m" ];
-  }) myceliumAddresses;
+  }) pkgs.lib.niveum.myceliumAddresses;
 }
--- a/configs/neovim.nix
+++ b/configs/neovim.nix
@@ -1,6 +1,5 @@
 {
  pkgs,
-  niveumPackages,
  config,
  ...
 }: {
@@ -36,7 +35,7 @@

  environment.systemPackages = [
    (pkgs.writers.writeDashBin "vim" ''neovim "$@"'')
-    (niveumPackages.vim.override {
+    (pkgs.vim-kmein.override {
      # stylixColors = config.lib.stylix.colors;
      colorscheme = "base16-gruvbox-dark-medium";
    })
--- a/configs/packages.nix
+++ b/configs/packages.nix
@@ -3,13 +3,10 @@
  pkgs,
  lib,
  inputs,
-  niveumPackages,
  ...
 }: let
  worldradio = pkgs.callPackage ../packages/worldradio.nix {};

-  externalNetwork = import ../lib/external-network.nix;
-
  zoteroStyle = {
    name,
    sha256,
@@ -109,7 +106,7 @@ in {
    calibre
    electrum
    inkscape
-    niveumPackages.gimp
+    gimp
    gthumb
    astrolog
    obsidian
@@ -120,7 +117,7 @@ in {
    zoom-us # video conferencing
    (pkgs.writers.writeDashBin "im" ''
      weechat_password=$(${pkgs.pass}/bin/pass weechat)
-      exec ${weechat}/bin/weechat -t -r '/mouse enable; /remote add makanek http://${externalNetwork.makanek}:8002 -password='"$weechat_password"'; /remote connect makanek'
+      exec ${weechat}/bin/weechat -t -r '/mouse enable; /remote add makanek http://${pkgs.lib.niveum.systems.makanek.externalIp}:8002 -password='"$weechat_password"'; /remote connect makanek'
    '')
    alejandra # nix formatter
    pdfgrep # search in pdf
@@ -130,60 +127,59 @@ in {
    kdePackages.okular # the word is nucular
    xournalpp # for annotating pdfs
    pdfpc # presenter console for pdf slides
-    niveumPackages.hc # print files as qr codes
+    hc # print files as qr codes
    yt-dlp
    espeak
    rink # unit converter
-    niveumPackages.auc
-    niveumPackages.noise-waves
-    niveumPackages.stag
-    niveumPackages.cheat-sh
-    niveumPackages.polyglot
-    niveumPackages.qrpaste
-    niveumPackages.ttspaste
-    niveumPackages.new-mac # get a new mac address
-    niveumPackages.scanned
-    niveumPackages.default-gateway
-    niveumPackages.kirciuoklis
-    niveumPackages.image-convert-favicon
-    niveumPackages.heuretes
-    niveumPackages.ipa # XSAMPA to IPA converter
-    niveumPackages.pls
-    niveumPackages.mpv-tv
-    niveumPackages.mpv-iptv
-    niveumPackages.devanagari
-    niveumPackages.betacode # ancient greek betacode to unicode converter
-    pkgs.jq-lsp
-    niveumPackages.swallow # window swallowing
-    niveumPackages.literature-quote
-    niveumPackages.booksplit
-    niveumPackages.dmenu-randr
-    niveumPackages.manual-sort
-    niveumPackages.wttr
-    niveumPackages.unicodmenu
-    niveumPackages.emailmenu
-    niveumPackages.closest
-    niveumPackages.trans
-    (niveumPackages.mpv-radio.override {
+    auc
+    noise-waves
+    stag
+    cheat-sh
+    polyglot
+    qrpaste
+    ttspaste
+    new-mac # get a new mac address
+    scanned
+    default-gateway
+    kirciuoklis
+    image-convert-favicon
+    heuretes
+    ipa # XSAMPA to IPA converter
+    pls
+    mpv-tv
+    mpv-iptv
+    devanagari
+    betacode # ancient greek betacode to unicode converter
+    jq-lsp
+    swallow # window swallowing
+    literature-quote
+    booksplit
+    dmenu-randr
+    manual-sort
+    wttr
+    unicodmenu
+    emailmenu
+    closest
+    trans
+    (mpv-radio.override {
      di-fm-key-file = config.age.secrets.di-fm-key.path;
    })
-    (niveumPackages.mpv-radio.override {
+    (mpv-radio.override {
      di-fm-key-file = config.age.secrets.di-fm-key.path;
      executableName = "cro-radio";
-      mpvCommand = "${niveumPackages.cro}/bin/cro";
+      mpvCommand = "${cro}/bin/cro";
    })
-    (niveumPackages.mpv-tuner.override {
+    (mpv-tuner.override {
      di-fm-key-file = config.age.secrets.di-fm-key.path;
    })
    # kmein.slide
    termdown
-    niveumPackages.image-convert-tolino
-    niveumPackages.rfc
-    niveumPackages.tag
-    niveumPackages.timer
-    niveumPackages.menu-calc
+    image-convert-tolino
+    rfc
+    tag
+    timer
    nix-prefetch-git
-    niveumPackages.nix-git
+    nix-git
    nixfmt-rfc-style
    par
    qrencode
@@ -239,7 +235,7 @@ in {
    latexrun
    (aspellWithDicts (dict: [dict.de dict.en dict.en-computers]))
    # haskellPackages.pandoc-citeproc
-    niveumPackages.text2pdf
+    text2pdf
    lowdown
    glow # markdown to term
    libreoffice
@@ -247,7 +243,7 @@ in {
    dia
    pandoc
    librsvg # pandoc depends on this to include SVG in documents
-    # niveumPackages.man-pandoc
+    # man-pandoc
    typst
    # proselint
    asciidoctor
--- a/configs/printing.nix
+++ b/configs/printing.nix
@@ -1,5 +1,4 @@
-{pkgs, ...}: let
-  inherit (import ../lib) localAddresses;
+{pkgs, lib, ...}: let
  hp-driver = pkgs.hplip;
 in {
  services.printing = {
@@ -18,7 +17,7 @@ in {
    {
      name = "OfficeJet";
      location = "Zimmer";
-      deviceUri = "https://${localAddresses.officejet}";
+      deviceUri = "https://${pkgs.lib.niveum.localAddresses.officejet}";
      model = "drv:///hp/hpcups.drv/hp-officejet_4650_series.ppd";
      ppdOptions = {
        Duplex = "DuplexNoTumble"; # DuplexNoTumble DuplexTumble None
--- a/configs/ssh.nix
+++ b/configs/ssh.nix
@@ -1,8 +1,6 @@
-{pkgs, ...}: let
-  inherit (import ../lib) sshPort kieran;
-  externalNetwork = import ../lib/external-network.nix;
-in {
-  users.users.me.openssh.authorizedKeys.keys = kieran.sshKeys;
+{ pkgs, lib, ... }:
+{
+  users.users.me.openssh.authorizedKeys.keys = pkgs.lib.niveum.kieran.sshKeys;
  programs.ssh.startAgent = true;
  services.gnome.gcr-ssh-agent.enable = false;

@@ -25,42 +23,42 @@ in {
      zaatar = {
        hostname = "zaatar.r";
        user = "root";
-        port = sshPort;
+        port = pkgs.lib.niveum.sshPort;
      };
      makanek = {
-        hostname = externalNetwork.makanek;
+        hostname = pkgs.lib.niveum.externalNetwork.makanek;
        user = "root";
-        port = sshPort;
+        port = pkgs.lib.niveum.sshPort;
      };
      ful = {
-        hostname = externalNetwork.ful;
+        hostname = pkgs.lib.niveum.externalNetwork.ful;
        user = "root";
-        port = sshPort;
+        port = pkgs.lib.niveum.sshPort;
      };
      tahina = {
        hostname = "tahina.r";
        user = "root";
-        port = sshPort;
+        port = pkgs.lib.niveum.sshPort;
      };
      tabula = {
        hostname = "tabula.r";
        user = "root";
-        port = sshPort;
+        port = pkgs.lib.niveum.sshPort;
      };
      manakish = {
        hostname = "manakish.r";
        user = "kfm";
-        port = sshPort;
+        port = pkgs.lib.niveum.sshPort;
      };
      kabsa = {
        hostname = "kabsa.r";
        user = "kfm";
-        port = sshPort;
+        port = pkgs.lib.niveum.sshPort;
      };
      fatteh = {
        hostname = "fatteh.r";
        user = "kfm";
-        port = sshPort;
+        port = pkgs.lib.niveum.sshPort;
      };
    };
  };
--- a/configs/sshd.nix
+++ b/configs/sshd.nix
@@ -1,23 +1,21 @@
 {
  config,
-  lib,
  pkgs,
  ...
-}: let
-  inherit (import ../lib) sshPort kieran;
-in {
+}:
+{
  users.motd = "Welcome to ${config.networking.hostName}!";

  services.openssh = {
    enable = true;
-    ports = [sshPort];
+    ports = [ pkgs.lib.niveum.sshPort ];
    settings = {
      PasswordAuthentication = false;
      X11Forwarding = true;
    };
  };

-  users.users.root.openssh.authorizedKeys.keys = kieran.sshKeys ++ [
+  users.users.root.openssh.authorizedKeys.keys = pkgs.lib.niveum.kieran.sshKeys ++ [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPoiRIn1dBUtpApcUyGbZKN+m5KBSgKIDQjdnQ8vU0xU kfm@kibbeh" # travel laptop
  ];
 }
--- a/configs/uni.nix
+++ b/configs/uni.nix
@@ -5,8 +5,6 @@
  ...
 }: let
  username = "meinhak99";
-  inherit (import ../lib/email.nix) defaults pronouns;
-  inherit (import ../lib) remoteDir;
  fu-defaults = let mailhost = "mail.zedat.fu-berlin.de"; in {
    imap.host = mailhost;
    imap.port = 993;
@@ -31,7 +29,7 @@ in {
    };
    accounts.email.accounts = {
      letos =
-        lib.recursiveUpdate defaults
+        lib.recursiveUpdate pkgs.lib.niveum.email.defaults
        {
          userName = "slfletos";
          address = "letos.sprachlit@hu-berlin.de";
@@ -43,7 +41,7 @@ in {
          smtp.tls.useStartTls = true;
        };
      fu =
-        lib.recursiveUpdate defaults
+        lib.recursiveUpdate pkgs.lib.niveum.email.defaults
        (lib.recursiveUpdate fu-defaults
          (let userName = "meinhak99"; in {
            userName = userName;
@@ -100,7 +98,7 @@ in {
    firstCharacter = lib.strings.substring 0 1;

    home-directory-mount = user: {
-      "${remoteDir}/fu/${user}/home" = {
+      "${pkgs.lib.niveum.remoteDir}/fu/${user}/home" = {
        device = "${user}@login.zedat.fu-berlin.de:/home/${firstCharacter user}/${user}";
        fsType = "sshfs";
        options = [
--- a/flake.nix
+++ b/flake.nix
@@ -53,6 +53,7 @@
      agenix,
      retiolum,
      nixinate,
+      coptic-dictionary,
      menstruation-backend,
      menstruation-telegram,
      scripts,
@@ -79,8 +80,7 @@
            lib = nixpkgs.lib;
          in
          lib.mergeAttrsList [
-            nixinate.nixinate.x86_64-linux
-            self
+            (nixinate.nixinate.x86_64-linux self)
            {
              mock-secrets = {
                type = "app";
@@ -152,9 +152,144 @@
      };

      lib = {
-        panoptikon = import lib/panoptikon.nix;
      };

+      overlays.default = final: prev: {
+        # wrapped from upstream
+        wrapScript =
+          {
+            packages ? [ ],
+            name,
+            script,
+          }:
+          prev.writers.writeDashBin name ''PATH=$PATH:${
+            nixpkgs.lib.makeBinPath (
+              packages
+              ++ [
+                final.findutils
+                final.coreutils
+                final.gnused
+                final.gnugrep
+              ]
+            )
+          } ${script} "$@"'';
+        tag = final.wrapScript {
+          script = voidrice.outPath + "/.local/bin/tag";
+          name = "tag";
+          packages = [ final.ffmpeg ];
+        };
+        booksplit = final.wrapScript {
+          script = voidrice.outPath + "/.local/bin/booksplit";
+          name = "booksplit";
+          packages = [
+            final.ffmpeg
+            final.glibc.bin
+          ];
+        };
+        auc = prev.callPackage packages/auc.nix { };
+        cheat-sh = prev.callPackage packages/cheat-sh.nix { };
+        brassica = prev.callPackage packages/brassica.nix { }; # TODO upstream
+        text2pdf = prev.callPackage packages/text2pdf.nix { }; # TODO upstream
+        wttr = prev.callPackage packages/wttr.nix { }; # TODO upstream
+        jsesh = prev.callPackage packages/jsesh.nix { }; # TODO upstream
+        opustags = prev.callPackage packages/opustags.nix { }; # TODO upstream
+        trans = prev.callPackage packages/trans.nix { }; # TODO upstream
+        go-webring = prev.callPackage packages/go-webring.nix { }; # TODO upstream
+        stag = prev.callPackage packages/stag.nix { }; # TODO upstream
+        mpv = prev.mpv.override {
+          scripts = [
+            final.mpvScripts.visualizer
+            final.mpvScripts.mpris
+          ];
+        };
+        cro = prev.callPackage packages/cro.nix { };
+        dmenu = prev.writers.writeDashBin "dmenu" ''exec ${final.rofi}/bin/rofi -dmenu "$@"'';
+        weechatScripts = prev.weechatScripts // {
+          hotlist2extern = prev.callPackage packages/weechatScripts/hotlist2extern.nix { }; # TODO upstream
+        };
+        vimPlugins = prev.vimPlugins // {
+          cheat-sh = prev.callPackage packages/vimPlugins/cheat-sh.nix { };
+          icalendar-vim = prev.callPackage packages/vimPlugins/icalendar-vim.nix { }; # TODO upstream
+          jq-vim = prev.callPackage packages/vimPlugins/jq-vim.nix { }; # TODO upstream
+          typst-vim = prev.callPackage packages/vimPlugins/typst-vim.nix { }; # TODO upstream
+          mdwa-nvim = prev.callPackage packages/vimPlugins/mdwa-nvim.nix { }; # TODO upstream
+          vim-ernest = prev.callPackage packages/vimPlugins/vim-ernest.nix { }; # TODO upstream
+          vim-256noir = prev.callPackage packages/vimPlugins/vim-256noir.nix { }; # TODO upstream
+          vim-colors-paramount =
+            prev.callPackage packages/vimPlugins/vim-colors-paramount.nix { }; # TODO upstream
+          vim-fetch = prev.callPackage packages/vimPlugins/vim-fetch.nix { }; # TODO upstream
+          vim-fsharp = prev.callPackage packages/vimPlugins/vim-fsharp.nix { }; # TODO upstream
+          vim-mail = prev.callPackage packages/vimPlugins/vim-mail.nix { }; # TODO upstream
+          vim-reason-plus = prev.callPackage packages/vimPlugins/vim-reason-plus.nix { }; # TODO upstream
+        };
+
+        # krebs
+        brainmelter = prev.callPackage packages/brainmelter.nix { };
+        cyberlocker-tools = prev.callPackage packages/cyberlocker-tools.nix { };
+        hc = prev.callPackage packages/hc.nix { };
+        pls = prev.callPackage packages/pls.nix { };
+        radio-news = prev.callPackage packages/radio-news.nix { };
+        untilport = prev.callPackage packages/untilport.nix { };
+        weechat-declarative = prev.callPackage packages/weechat-declarative {};
+
+        # my packages
+        betacode = prev.callPackage packages/betacode.nix { };
+        closest = prev.callPackage packages/closest { };
+        default-gateway = prev.callPackage packages/default-gateway.nix { };
+        depp = prev.callPackage packages/depp.nix { };
+        devanagari = prev.callPackage packages/devanagari { };
+        devour = prev.callPackage packages/devour.nix { };
+        dmenu-randr = prev.callPackage packages/dmenu-randr.nix { };
+        emailmenu = prev.callPackage packages/emailmenu.nix { };
+        fkill = prev.callPackage packages/fkill.nix { };
+        fzfmenu = prev.callPackage packages/fzfmenu.nix { };
+        gfs-fonts = prev.callPackage packages/gfs-fonts.nix { };
+        heuretes = prev.callPackage packages/heuretes.nix { };
+        image-convert-favicon = prev.callPackage packages/image-convert-favicon.nix { };
+        image-convert-tolino = prev.callPackage packages/image-convert-tolino.nix { };
+        ipa = prev.writers.writePython3Bin "ipa" { flakeIgnore = [ "E501" ]; } packages/ipa.py;
+        kirciuoklis = prev.callPackage packages/kirciuoklis.nix { };
+        kpaste = prev.callPackage packages/kpaste.nix { };
+        literature-quote = prev.callPackage packages/literature-quote.nix { };
+        man-pdf = prev.callPackage packages/man-pdf.nix { };
+        mansplain = prev.callPackage packages/mansplain.nix { };
+        manual-sort = prev.callPackage packages/manual-sort.nix { };
+        mpv-iptv = prev.callPackage packages/mpv-iptv.nix { };
+        mpv-radio = prev.callPackage packages/mpv-radio.nix { di-fm-key-file = "/dev/null"; };
+        mpv-tuner = prev.callPackage packages/mpv-tuner.nix { di-fm-key-file = "/dev/null"; };
+        mpv-tv = prev.callPackage packages/mpv-tv.nix { };
+        new-mac = prev.callPackage packages/new-mac.nix { };
+        nix-git = prev.callPackage packages/nix-git.nix { };
+        noise-waves = prev.callPackage packages/noise-waves.nix { };
+        notemenu = prev.callPackage packages/notemenu.nix { };
+        obsidian-vim = prev.callPackage packages/obsidian-vim.nix { };
+        polyglot = prev.callPackage packages/polyglot.nix { };
+        q = prev.callPackage packages/q.nix { };
+        qrpaste = prev.callPackage packages/qrpaste.nix { };
+        random-zeno = prev.callPackage packages/random-zeno.nix { };
+        scanned = prev.callPackage packages/scanned.nix { };
+        stardict-tools = prev.callPackage packages/stardict-tools.nix { };
+        swallow = prev.callPackage packages/swallow.nix { };
+        tocharian-font = prev.callPackage packages/tocharian-font.nix { };
+        ttspaste = prev.callPackage packages/ttspaste.nix { };
+        unicodmenu = prev.callPackage packages/unicodmenu.nix { };
+        vg = prev.callPackage packages/vg.nix { };
+        vim-kmein = prev.callPackage packages/vim.nix {};
+        vimv = prev.callPackage packages/vimv.nix { };
+        klem = prev.callPackage packages/klem.nix { };
+
+        lib = lib // {
+          niveum = import lib/default.nix {
+            inherit lib;
+            pkgs = final;
+          };
+          panoptikon = import lib/panoptikon.nix {
+            inherit lib;
+            pkgs = final;
+          };
+        };
+    };
+
      nixosConfigurations =
        let
          niveumSpecialArgs = system: {
@@ -168,9 +303,6 @@
                  "zoom"
                ];
            };
-
-            niveumPackages = self.packages.${system};
-            niveumLib = self.lib;
            inputs = {
              inherit
                tinc-graph
@@ -179,6 +311,7 @@
                menstruation-telegram
                menstruation-backend
                scripts
+                coptic-dictionary
                agenix
                recht
                autorenkalender
@@ -293,6 +426,7 @@
            system = "x86_64-linux";
            specialArgs = niveumSpecialArgs system;
            modules = [
+              { nixpkgs.overlays = [ self.overlays.default ]; }
              systems/fatteh/configuration.nix
              agenix.nixosModules.default
              retiolum.nixosModules.retiolum
@@ -312,145 +446,12 @@
            config.allowUnfree = true;
            overlays = [
              nur.overlays.default
-              (self: super: {
-                mpv = super.mpv.override {
-                  scripts = [
-                    super.mpvScripts.visualizer
-                    super.mpvScripts.mpris
-                  ];
-                };
-                dmenu = super.writers.writeDashBin "dmenu" ''exec ${pkgs.rofi}/bin/rofi -dmenu "$@"'';
-              })
+              self.overlays.default
            ];
          };
-          wrapScript =
-            {
-              packages ? [ ],
-              name,
-              script,
-            }:
-            pkgs.writers.writeDashBin name ''PATH=$PATH:${
-              nixpkgs.lib.makeBinPath (
-                packages
-                ++ [
-                  pkgs.findutils
-                  pkgs.coreutils
-                  pkgs.gnused
-                  pkgs.gnugrep
-                ]
-              )
-            } ${script} "$@"'';
        in
        {
-          # linguistics and ancient world
-          auc = pkgs.callPackage packages/auc.nix { };
-          betacode = pkgs.callPackage packages/betacode.nix { };
-          brassica = pkgs.callPackage packages/brassica.nix { }; # TODO upstream
-          devanagari = pkgs.callPackage packages/devanagari { };
-          stardict-tools = pkgs.callPackage packages/stardict-tools.nix { };
-          heuretes = pkgs.callPackage packages/heuretes.nix { };
-          ipa = pkgs.writers.writePython3Bin "ipa" { flakeIgnore = [ "E501" ]; } (
-            builtins.readFile packages/ipa.py
-          );
-          jsesh = pkgs.callPackage packages/jsesh.nix { }; # TODO upstream
-          kirciuoklis = pkgs.callPackage packages/kirciuoklis.nix { };
-          polyglot = pkgs.callPackage packages/polyglot.nix { };
-          tocharian-font = pkgs.callPackage packages/tocharian-font.nix { };
-          gfs-fonts = pkgs.callPackage packages/gfs-fonts.nix { };
-          closest = pkgs.callPackage packages/closest { };
-
-          # lit
-          random-zeno = pkgs.callPackage packages/random-zeno.nix { };
-          literature-quote = pkgs.callPackage packages/literature-quote.nix { };
-
-          # krebs
-          brainmelter = pkgs.callPackage packages/brainmelter.nix { };
-          cyberlocker-tools = pkgs.callPackage packages/cyberlocker-tools.nix { };
-          hc = pkgs.callPackage packages/hc.nix { };
-          kpaste = pkgs.callPackage packages/kpaste.nix { };
-          pls = pkgs.callPackage packages/pls.nix { };
-          untilport = pkgs.callPackage packages/untilport.nix { };
-          radio-news = pkgs.callPackage packages/radio-news.nix { };
-
-          # window manager
-          swallow = pkgs.callPackage packages/swallow.nix { };
-          devour = pkgs.callPackage packages/devour.nix { };
-
-          cheat-sh = pkgs.callPackage packages/cheat-sh.nix { };
-          vimPlugins-cheat-sh-vim = pkgs.callPackage packages/vimPlugins/cheat-sh.nix { }; # TODO upstream
-          cro = pkgs.callPackage packages/cro.nix { };
-          default-gateway = pkgs.callPackage packages/default-gateway.nix { };
-          depp = pkgs.callPackage packages/depp.nix { };
-          fkill = pkgs.callPackage packages/fkill.nix { };
-          fzfmenu = pkgs.callPackage packages/fzfmenu.nix { };
-          gpt35 = pkgs.callPackage packages/gpt.nix { model = "gpt-3.5-turbo"; };
-          gpt4 = pkgs.callPackage packages/gpt.nix { model = "gpt-4"; };
-          image-convert-favicon = pkgs.callPackage packages/image-convert-favicon.nix { };
-          image-convert-tolino = pkgs.callPackage packages/image-convert-tolino.nix { };
-          k-lock = pkgs.callPackage packages/k-lock.nix { };
-          klem = pkgs.callPackage packages/klem.nix { };
-          man-pandoc = pkgs.callPackage packages/man/pandoc.nix { }; # TODO upstream
-          man-pdf = pkgs.callPackage packages/man-pdf.nix { };
-          mansplain = pkgs.callPackage packages/mansplain.nix { };
-          manual-sort = pkgs.callPackage packages/manual-sort.nix { };
-          menu-calc = pkgs.callPackage packages/menu-calc.nix { };
-          noise-waves = pkgs.callPackage packages/noise-waves.nix { };
-          mpv-radio = pkgs.callPackage packages/mpv-radio.nix { di-fm-key-file = "/dev/null"; };
-          mpv-tuner = pkgs.callPackage packages/mpv-tuner.nix { di-fm-key-file = "/dev/null"; };
-          mpv-tv = pkgs.callPackage packages/mpv-tv.nix { };
-          mpv-iptv = pkgs.callPackage packages/mpv-iptv.nix { };
-          new-mac = pkgs.callPackage packages/new-mac.nix { };
-          nix-git = pkgs.callPackage packages/nix-git.nix { };
-          notemenu = pkgs.callPackage packages/notemenu.nix { niveumPackages = self.packages.${system}; };
-          opustags = pkgs.callPackage packages/opustags.nix { }; # TODO upstream
-          q = pkgs.callPackage packages/q.nix { };
-          qrpaste = pkgs.callPackage packages/qrpaste.nix { };
-          go-webring = pkgs.callPackage packages/go-webring.nix { }; # TODO upstream
-          rfc = pkgs.callPackage packages/rfc.nix { };
-          gimp = pkgs.callPackage packages/gimp.nix { };
-          scanned = pkgs.callPackage packages/scanned.nix { };
-          text2pdf = pkgs.callPackage packages/text2pdf.nix { }; # TODO upstream
-          timer = pkgs.callPackage packages/timer.nix { };
-          trans = pkgs.callPackage packages/trans.nix { }; # TODO upstream
-          ttspaste = pkgs.callPackage packages/ttspaste.nix { };
-          unicodmenu = pkgs.callPackage packages/unicodmenu.nix { };
-          emailmenu = pkgs.callPackage packages/emailmenu.nix { };
-          stag = pkgs.callPackage packages/stag.nix { }; # TODO upstream
-          vg = pkgs.callPackage packages/vg.nix { };
-          vim = pkgs.callPackage packages/vim.nix { niveumPackages = self.packages.${system}; };
-          obsidian-vim = pkgs.callPackage packages/obsidian-vim.nix { };
-          vimPlugins-icalendar-vim = pkgs.callPackage packages/vimPlugins/icalendar-vim.nix { }; # TODO upstream
-          vimPlugins-jq-vim = pkgs.callPackage packages/vimPlugins/jq-vim.nix { }; # TODO upstream
-          vimPlugins-typst-vim = pkgs.callPackage packages/vimPlugins/typst-vim.nix { }; # TODO upstream
-          vimPlugins-mdwa-nvim = pkgs.callPackage packages/vimPlugins/mdwa-nvim.nix { }; # TODO upstream
-          vimPlugins-vim-ernest = pkgs.callPackage packages/vimPlugins/vim-ernest.nix { }; # TODO upstream
-          vimPlugins-vim-256noir = pkgs.callPackage packages/vimPlugins/vim-256noir.nix { }; # TODO upstream
-          vimPlugins-vim-colors-paramount =
-            pkgs.callPackage packages/vimPlugins/vim-colors-paramount.nix
-              { }; # TODO upstream
-          vimPlugins-vim-fetch = pkgs.callPackage packages/vimPlugins/vim-fetch.nix { }; # TODO upstream
-          vimPlugins-vim-fsharp = pkgs.callPackage packages/vimPlugins/vim-fsharp.nix { }; # TODO upstream
-          vimPlugins-vim-mail = pkgs.callPackage packages/vimPlugins/vim-mail.nix { }; # TODO upstream
-          vimPlugins-vim-reason-plus = pkgs.callPackage packages/vimPlugins/vim-reason-plus.nix { }; # TODO upstream
-          vimv = pkgs.callPackage packages/vimv.nix { };
-          weechat-declarative = pkgs.callPackage packages/weechat-declarative.nix { }; # TODO upstream
-          weechatScripts-hotlist2extern = pkgs.callPackage packages/weechatScripts/hotlist2extern.nix { }; # TODO upstream
-          dmenu-randr = pkgs.callPackage packages/dmenu-randr.nix { };
-          wttr = pkgs.callPackage packages/wttr.nix { }; # TODO upstream
-
-          booksplit = wrapScript {
-            script = voidrice.outPath + "/.local/bin/booksplit";
-            name = "booksplit";
-            packages = [
-              pkgs.ffmpeg
-              pkgs.glibc.bin
-            ];
-          };
-          tag = wrapScript {
-            script = voidrice.outPath + "/.local/bin/tag";
-            name = "tag";
-            packages = [ pkgs.ffmpeg ];
-          };
+          inherit (pkgs) auc swallow cheat-sh hc kpaste noise-waves trans stag qrpaste new-mac scanned default-gateway kirciuoklis tocharian-font image-convert-favicon image-convert-tolino heuretes mpv-tv mpv-iptv devanagari literature-quote booksplit manual-sort wttr emailmenu closest mpv-radio mpv-tuner cro nix-git text2pdf betacode brassica ipa polyglot jsesh gfs-fonts vim-kmein vimv brainmelter cyberlocker-tools pls untilport radio-news vg ttspaste depp fkill fzfmenu unicodmenu dmenu-randr notemenu man-pdf mansplain opustags q timer rfc gimp obsidian-vim devour go-webring random-zeno stardict-tools weechat-declarative klem;
        }
      );
    };
--- a/lib/default-applications.nix
+++ b/lib/default-applications.nix
@@ -1,5 +0,0 @@
-pkgs: {
-  terminal = "alacritty";
-  browser = "${pkgs.firefox}/bin/firefox";
-  fileManager = "${pkgs.pcmanfm}/bin/pcmanfm";
-}
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -1,27 +1,40 @@
+{ lib, pkgs }:
+let
+  systems = import ./systems.nix;
+in
 {
-  tmpfilesConfig = {
-    type,
-    path,
-    mode ? "-",
-    user ? "-",
-    group ? "-",
-    age ? "-",
-    argument ? "-",
-  }: "${type} '${path}' ${mode} ${user} ${group} ${age} ${argument}";
+  tmpfilesConfig =
+    {
+      type,
+      path,
+      mode ? "-",
+      user ? "-",
+      group ? "-",
+      age ? "-",
+      argument ? "-",
+    }:
+    "${type} '${path}' ${mode} ${user} ${group} ${age} ${argument}";

-  restic = let host = "zaatar.r"; port = 3571; in {
-    inherit host port;
-    repository = "rest:http://${host}:${toString port}/";
-  };
+  restic =
+    let
+      host = "zaatar.r";
+      port = 3571;
+    in
+    {
+      inherit host port;
+      repository = "rest:http://${host}:${toString port}/";
+    };

  remoteDir = "/home/kfm/remote";

-  firewall = lib: {
-    accept = {
-      source,
-      protocol,
-      dport,
-    }: "nixos-fw -s ${lib.escapeShellArg source} -p ${lib.escapeShellArg protocol} --dport ${lib.escapeShellArg (toString dport)} -j nixos-fw-accept";
+  firewall = {
+    accept =
+      {
+        source,
+        protocol,
+        dport,
+      }:
+      "nixos-fw -s ${lib.escapeShellArg source} -p ${lib.escapeShellArg protocol} --dport ${lib.escapeShellArg (toString dport)} -j nixos-fw-accept";
    addRules = lib.concatMapStringsSep "\n" (rule: "iptables -A ${rule}");
    removeRules = lib.concatMapStringsSep "\n" (rule: "iptables -D ${rule} || true");
  };
@@ -41,7 +54,7 @@

  sshPort = 22022;

-  theme = pkgs: {
+  theme = {
    gtk = {
      name = "Adwaita-dark";
      package = pkgs.gnome-themes-extra;
@@ -56,32 +69,43 @@
    };
  };

-  defaultApplications = import ./default-applications.nix;
+  defaultApplications = {
+    terminal = "alacritty";
+    browser = "${pkgs.firefox}/bin/firefox";
+    fileManager = "${pkgs.pcmanfm}/bin/pcmanfm";
+  };

-  retiolumAddresses = import ./retiolum-network.nix;
+  retiolumAddresses = lib.mapAttrs (_: v: { inherit (v.retiolum) ipv4 ipv6; }) (
+    lib.filterAttrs (_: v: v ? "retiolum") systems
+  );
+  externalNetwork = lib.mapAttrs (_: v: v.externalIp) (
+    lib.filterAttrs (_: v: v ? "externalIp") systems
+  );
+  localAddresses = lib.mapAttrs (_: v: v.internalIp) (
+    lib.filterAttrs (_: v: v ? "internalIp") systems
+  );
+  myceliumAddresses = lib.mapAttrs (_: v: v.mycelium.ipv6) (
+    lib.filterAttrs (_: v: v ? "mycelium") systems
+  );
+  syncthingIds = lib.mapAttrs (_: v: { id = v.syncthingId; }) (
+    lib.filterAttrs (_: v: v ? "syncthingId") systems
+  );

-  localAddresses = import ./local-network.nix;
+  email = import ./email.nix;

-  email-sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKz33wHtPuIfgXEb0+hybxFGV9ZuPsDTLUZo/+hlcdA";
+  systems = systems;

  kieran = {
    github = "kmein";
    email = "kmein@posteo.de";
    name = "Kierán Meinhardt";
    sshKeys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyTnGhFq0Q+vghNhrqNrAyY+CsN7nNz8bPfiwIwNpjk" # kabsa
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiQEc8rTr7C7xVLYV7tQ99BDDBLrJsy5hslxtCEatkB" # manakish
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByreBjBEMJKjgpKLd5XZHIUUwIhNafVqN6OUOQpJa3y" # fatteh
+      systems.fatteh.sshKey
+      systems.manakish.sshKey
+      systems.kabsa.sshKey
    ];
  };

-  syncthing.devices = {
-    kabsa.id = "R6DEBD7-G5RYDKN-VFA3HPO-WX4DNVI-373F7OQ-AW5MZTT-3L4BDVW-Y6ROEAF";
-    kibbeh.id = "HLQSG3D-WSKLA6S-MEYQ3EU-GDBGABE-PY53RQ6-SWQAP2I-Z5MVBVX-MYPJXAM";
-    manakish.id = "AJVBWR2-VFFAGZF-7ZF5JAX-T63GMOG-NZ446WK-MC5E6WK-6X6Q2HE-QQA2JQ3";
-    fatteh.id = "GSOGYT3-2GBHZXT-MNCTDIY-3BJIR4V-OHVOOMJ-ICVLKXR-U4C7RFB-HJOK3AC";
-  };
-
  ignorePaths = [
    "*~"
    ".stack-work/"
--- a/lib/external-network.nix
+++ b/lib/external-network.nix
@@ -1,4 +0,0 @@
-{
-  ful = "130.61.217.114";
-  makanek = "88.99.83.173";
-}
--- a/lib/local-network.nix
+++ b/lib/local-network.nix
@@ -1,4 +0,0 @@
-{
-  officejet = "192.168.0.251";
-  router = "192.168.0.1";
-}
--- a/lib/mycelium-network.nix
+++ b/lib/mycelium-network.nix
@@ -1,8 +0,0 @@
-{
-  zaatar = "5c5:49e0:7793:f017:59e1:1715:9e0e:3fc8";
-  fatteh = "463:a0d4:daa3:aa8d:a9b1:744a:46a5:7a80";
-  ful = "5bf:d60e:bebf:5163:f495:8787:880c:6d41";
-  kabsa = "432:e30:d5d8:9311:e34b:6587:96ee:3fcb";
-  makanek = "43f:ad4f:fa67:d9f7:8a56:713c:7418:164b";
-  manakish = "512:d3bd:3cd9:fcc8:ae34:81fa:385f:8c21";
-}
--- a/lib/panoptikon.nix
+++ b/lib/panoptikon.nix
@@ -1,7 +1,6 @@
 {
  pkgs,
  lib,
-  niveumPackages,
  ...
 }: {
  # watcher scripts
@@ -30,7 +29,7 @@
    nick ? ''"$PANOPTIKON_WATCHER"-watcher'',
  }:
    pkgs.writers.writeDash "kpaste-irc-reporter" ''
-      KPASTE_CONTENT_TYPE=text/plain ${niveumPackages.kpaste}/bin/kpaste \
+      KPASTE_CONTENT_TYPE=text/plain ${pkgs.kpaste}/bin/kpaste \
        | ${pkgs.gnused}/bin/sed -n "${
        if retiolumLink
        then "2"
--- a/lib/retiolum-network.nix
+++ b/lib/retiolum-network.nix
@@ -1,39 +0,0 @@
-{
-  kabsa = {
-    ipv4 = "10.243.2.4";
-    ipv6 = "42:0:3c46:861f:a118:8e9a:82c9:3d";
-  };
-
-  ful = {
-    ipv4 = "10.243.2.107";
-    ipv6 = "42:0:3c46:2c8b:a564:1213:9fb4:1bc4";
-  };
-
-  zaatar = {
-    ipv4 = "10.243.2.34";
-    ipv6 = "42:0:3c46:156e:10b6:3bd6:6e82:b2cd";
-  };
-
-  makanek = {
-    ipv4 = "10.243.2.84";
-    ipv6 = "42:0:3c46:f7a9:1f0a:1b2b:822a:6050";
-  };
-
-  fatteh = {
-    ipv6 = "42:0:3c46:aa73:82b0:14d7:7bf8:bf2";
-    ipv4 = "10.243.2.77";
-  };
-
-  manakish = {
-    ipv4 = "10.243.2.85";
-    ipv6 = "42:0:3c46:ac99:ae36:cb8:c551:ba27";
-  };
-  tabula = {
-    ipv4 = "10.243.2.78";
-    ipv6 = "";
-  };
-  tahina = {
-    ipv4 = "10.243.2.74";
-    ipv6 = "42:0:3c46:2923:1c90:872:edd6:306";
-  };
-}
--- a/lib/systems.nix
+++ b/lib/systems.nix
@@ -0,0 +1,73 @@
+{
+  kabsa = {
+    sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyTnGhFq0Q+vghNhrqNrAyY+CsN7nNz8bPfiwIwNpjk";
+    syncthingId = "R6DEBD7-G5RYDKN-VFA3HPO-WX4DNVI-373F7OQ-AW5MZTT-3L4BDVW-Y6ROEAF";
+    retiolum = {
+      ipv4 = "10.243.2.4";
+      ipv6 = "42:0:3c46:861f:a118:8e9a:82c9:3d";
+    };
+    mycelium.ipv6 = "432:e30:d5d8:9311:e34b:6587:96ee:3fcb";
+  };
+  manakish = {
+    sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiQEc8rTr7C7xVLYV7tQ99BDDBLrJsy5hslxtCEatkB";
+    syncthingId = "AJVBWR2-VFFAGZF-7ZF5JAX-T63GMOG-NZ446WK-MC5E6WK-6X6Q2HE-QQA2JQ3";
+    retiolum = {
+      ipv4 = "10.243.2.85";
+      ipv6 = "42:0:3c46:ac99:ae36:cb8:c551:ba27";
+    };
+    mycelium.ipv6 = "512:d3bd:3cd9:fcc8:ae34:81fa:385f:8c21";
+  };
+  fatteh = {
+    sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByreBjBEMJKjgpKLd5XZHIUUwIhNafVqN6OUOQpJa3y";
+    syncthingId = "GSOGYT3-2GBHZXT-MNCTDIY-3BJIR4V-OHVOOMJ-ICVLKXR-U4C7RFB-HJOK3AC";
+    retiolum = {
+      ipv6 = "42:0:3c46:aa73:82b0:14d7:7bf8:bf2";
+      ipv4 = "10.243.2.77";
+    };
+    mycelium.ipv6 = "463:a0d4:daa3:aa8d:a9b1:744a:46a5:7a80";
+  };
+  kibbeh = {
+    syncthingId = "HLQSG3D-WSKLA6S-MEYQ3EU-GDBGABE-PY53RQ6-SWQAP2I-Z5MVBVX-MYPJXAM";
+  };
+  ful = {
+    externalIp = "130.61.217.114";
+    retiolum = {
+      ipv4 = "10.243.2.107";
+      ipv6 = "42:0:3c46:2c8b:a564:1213:9fb4:1bc4";
+    };
+    mycelium.ipv6 = "5bf:d60e:bebf:5163:f495:8787:880c:6d41";
+  };
+  zaatar = {
+    retiolum = {
+      ipv4 = "10.243.2.34";
+      ipv6 = "42:0:3c46:156e:10b6:3bd6:6e82:b2cd";
+    };
+    mycelium.ipv6 = "5c5:49e0:7793:f017:59e1:1715:9e0e:3fc8";
+  };
+  makanek = {
+    externalIp = "88.99.83.173";
+    retiolum = {
+      ipv4 = "10.243.2.84";
+      ipv6 = "42:0:3c46:f7a9:1f0a:1b2b:822a:6050";
+    };
+    mycelium.ipv6 = "43f:ad4f:fa67:d9f7:8a56:713c:7418:164b";
+  };
+  officejet = {
+    internalIp = "192.168.0.251";
+  };
+  router = {
+    internalIp = "192.168.0.1";
+  };
+  tabula = {
+    retiolum = {
+      ipv4 = "10.243.2.78";
+      ipv6 = "";
+    };
+  };
+  tahina = {
+    retiolum = {
+      ipv4 = "10.243.2.74";
+      ipv6 = "42:0:3c46:2923:1c90:872:edd6:306";
+    };
+  };
+}
--- a/packages/klem.nix
+++ b/packages/klem.nix
@@ -1,32 +1,36 @@
 # klem < klemm < klemmbrett ~ clipboard
 {
-  pkgs,
  lib,
+  dmenu,
+  curl,
+  gnused,
+  coreutils,
+  xclip,
+  libnotify,
+  writers,
+  options ? { },
  ...
-} @ args: let
-  cfg = eval.config;
-
+}: let
  eval = lib.evalModules {
    modules = [
      {
-        _file = toString ./klem.nix;
-        imports = [(args.config or {})];
+        imports = [options];
        options = {
          selection = lib.mkOption {
            default = "clipboard";
            type = lib.types.enum ["primary" "secondary" "clipboard"];
          };
          dmenu = lib.mkOption {
-            default = "${pkgs.dmenu}/bin/dmenu -i -p klem";
+            default = "${dmenu}/bin/dmenu -i -p klem";
            type = lib.types.path;
          };
          scripts = lib.mkOption {
            default = {
-              pastebin = "${pkgs.curl}/bin/curl -fSs -F 'f:1=<-' ix.io";
+              pastebin = "${curl}/bin/curl -fSs -F 'f:1=<-' ix.io";
              shorten = ''
-                ${pkgs.curl}/bin/curl -fSs -F "shorten=$(${pkgs.coreutils}/bin/cat)" https://0x0.st
+                ${curl}/bin/curl -fSs -F "shorten=$(${coreutils}/bin/cat)" https://0x0.st
              '';
-              "replace p.r" = "${pkgs.gnused}/bin/sed 's/\\<r\\>/krebsco.de/'";
+              "replace p.r" = "${gnused}/bin/sed 's/\\<r\\>/krebsco.de/'";
            };
            type = lib.types.attrs;
          };
@@ -35,21 +39,21 @@
    ];
  };

-  scriptCase = option: script: ''
-    '${option}') ${toString script} ;;
-  '';
+  cfg = eval.config;
 in
-  pkgs.writers.writeDashBin "klem" ''
+  writers.writeDashBin "klem" ''
    set -efu

-    ${pkgs.xclip}/bin/xclip -selection ${cfg.selection} -out \
+    ${xclip}/bin/xclip -selection ${cfg.selection} -out \
      | case $(echo "${
      lib.concatStringsSep "\n" (lib.attrNames cfg.scripts)
    }" | ${cfg.dmenu}) in
-        ${lib.concatStringsSep "\n" (lib.mapAttrsToList scriptCase cfg.scripts)}
-        *) ${pkgs.coreutils}/bin/cat ;;
+        ${lib.concatStringsSep "\n" (lib.mapAttrsToList (option: script: ''
+          '${option}') ${toString script} ;;
+        '') cfg.scripts)}
+        *) ${coreutils}/bin/cat ;;
      esac \
-      | ${pkgs.xclip}/bin/xclip -selection ${cfg.selection} -in
+      | ${xclip}/bin/xclip -selection ${cfg.selection} -in

-    ${pkgs.libnotify}/bin/notify-send --app-name="klem" "Result copied to clipboard."
+    ${libnotify}/bin/notify-send --app-name="klem" "Result copied to clipboard."
  ''
--- a/packages/man/pandoc.nix
+++ b/packages/man/pandoc.nix
@@ -1,19 +0,0 @@
-{
-  stdenv,
-  pandoc,
-  lib,
-  fetchgit,
-}:
-stdenv.mkDerivation {
-  name = "pandoc-doc";
-  version = pandoc.version;
-  src = fetchgit {
-    url = "https://github.com/jgm/pandoc";
-    rev = pandoc.version;
-    hash = "sha256-4VDfRUr6TyF4oZsCve9t6FlEN0AqzYdlYXRny+SAcsY=";
-  };
-  buildPhase = ''
-    mkdir -p $out/man/man1
-    ${pandoc}/bin/pandoc -V section=1 --standalone --write=man $src/MANUAL.txt -o $out/man/man1/pandoc.1
-  '';
-}
--- a/packages/menu-calc.nix
+++ b/packages/menu-calc.nix
@@ -1,21 +0,0 @@
-{
-  writers,
-  gnused,
-  pari,
-  dmenu,
-  xclip,
-}:
-writers.writeDashBin "=" ''
-  # https://github.com/onespaceman/menu-calc
-
-  answer=$(echo "$@" | ${pari}/bin/gp -q | ${gnused}/bin/sed '/\./ s/\.\{0,1\}0\{1,\}$//')
-
-  action=$(printf "copy\nclear" | ${dmenu}/bin/dmenu -p "= $answer")
-
-  case $action in
-    "clear") $0 ;;
-    "copy") printf %s "$answer" | ${xclip}/bin/xclip -selection clipboard;;
-    "") ;;
-    *) $0 "$answer $action" ;;
-  esac
-''
--- a/packages/notemenu.nix
+++ b/packages/notemenu.nix
@@ -6,7 +6,7 @@
  coreutils,
  noteDirectory ? "~/state/obsidian",
  currentDates ? false,
-  niveumPackages,
+  obsidian-vim
 }:
 writers.writeDashBin "notemenu" ''
  set -efu
@@ -24,6 +24,6 @@ writers.writeDashBin "notemenu" ''
  } | rofi -dmenu -i -p 'notes')
  if test "$note_file"
  then
-    alacritty --working-directory ${noteDirectory} -e ${niveumPackages.obsidian-vim}/bin/nvim "$note_file"
+    alacritty --working-directory ${noteDirectory} -e ${obsidian-vim}/bin/nvim "$note_file"
  fi
 ''
--- a/packages/vim.nix
+++ b/packages/vim.nix
@@ -3,7 +3,6 @@
  vimPlugins,
  fetchFromGitHub,
  vimUtils,
-  niveumPackages,
  writeText,
  stylixColors ? null,
  colorscheme ? null,
@@ -44,8 +43,8 @@

        goyo
        limelight-vim
-        niveumPackages.vimPlugins-mdwa-nvim
-        niveumPackages.vimPlugins-vim-ernest
+        vimPlugins.mdwa-nvim
+        vimPlugins.vim-ernest

        fzf-vim
        fzfWrapper
@@ -53,20 +52,20 @@
        undotree
        tabular
        # vimwiki
-        niveumPackages.vimPlugins-vim-colors-paramount
+        vimPlugins.vim-colors-paramount
        nvim-lspconfig
        vim-commentary
        vim-css-color
        vim-eunuch
-        niveumPackages.vimPlugins-vim-fetch
+        vimPlugins.vim-fetch
        vim-fugitive
        vim-gitgutter
        vim-repeat
        vim-sensible
        vim-surround
-        (vimUtils.buildVimPlugin {
+        (let version = "1.1.0"; pname = "vim-dim"; in vimUtils.buildVimPlugin {
          pname = "vim-dim";
-          version = "1.1.0";
+          version = version;
          src = fetchFromGitHub {
            owner = "jeffkreeftmeijer";
            repo = pname;
@@ -82,8 +81,8 @@
        emmet-vim
        vim-elixir
        haskell-vim
-        niveumPackages.vimPlugins-icalendar-vim
-        niveumPackages.vimPlugins-jq-vim
+        vimPlugins.icalendar-vim
+        vimPlugins.jq-vim
        rust-vim
        typescript-vim
        vim-javascript
@@ -92,8 +91,8 @@
        vimtex
        vim-pandoc
        vim-pandoc-syntax
-        niveumPackages.vimPlugins-vim-256noir
-        niveumPackages.vimPlugins-typst-vim
+        vimPlugins.vim-256noir
+        vimPlugins.typst-vim
      ];
    };
  };
--- a/systems/fatteh/configuration.nix
+++ b/systems/fatteh/configuration.nix
@@ -2,9 +2,7 @@
  config,
  pkgs,
  ...
-}: let
-  inherit (import ../../lib) retiolumAddresses;
-in {
+}: {
  imports = [
    ./hardware-configuration.nix
    ../../configs/networkmanager.nix
@@ -42,7 +40,7 @@ in {
  };

  networking.hostName = "fatteh";
-  networking.retiolum = retiolumAddresses.fatteh;
+  networking.retiolum = pkgs.lib.niveum.retiolumAddresses.fatteh;

  system.stateVersion = "23.11";
 }
--- a/systems/ful/configuration.nix
+++ b/systems/ful/configuration.nix
@@ -3,9 +3,7 @@
  pkgs,
  lib,
  ...
-}: let
-  inherit (import ../../lib) kieran retiolumAddresses restic;
-in {
+}: {
  imports = [
    ./hardware-configuration.nix
    ./matomo.nix
@@ -60,7 +58,7 @@ in {

  services.restic.backups.niveum = {
    initialize = true;
-    inherit (restic) repository;
+    repository = pkgs.lib.niveum.restic.repository;
    timerConfig = {
      OnCalendar = "daily";
      RandomizedDelaySec = "1h";
@@ -75,7 +73,7 @@ in {
    firewall.allowedTCPPorts = [80 443];
    hostName = "ful";
    interfaces.enp0s3.useDHCP = true;
-    retiolum = retiolumAddresses.ful;
+    retiolum = pkgs.lib.niveum.retiolumAddresses.ful;
    useDHCP = false;
  };

@@ -92,7 +90,7 @@ in {

  security.acme = {
    acceptTerms = true;
-    defaults.email = kieran.email;
+    defaults.email = pkgs.lib.niveum.kieran.email;
  };

  users.users.root.hashedPasswordFile = config.age.secrets.root.path;
--- a/systems/ful/go-webring.nix
+++ b/systems/ful/go-webring.nix
@@ -1,4 +1,4 @@
-{ config, niveumPackages ,... }:
+{ config, pkgs, ... }:
 let
  port = 2857;
 in
@@ -7,7 +7,7 @@ in
    enable = true;
    host = "dichtungsring.kmein.de";
    listenAddress = "127.0.0.1:${toString port}";
-    package = niveumPackages.go-webring;
+    package = pkgs.go-webring;
    members = [
      { username = "meteora"; site = "meteora.xn--kiern-0qa.de"; }
      { username = "huldra"; site = "huldras-halbtraum.com"; }
--- a/systems/ful/matomo.nix
+++ b/systems/ful/matomo.nix
@@ -1,6 +1,4 @@
-{pkgs, ...}: let
-  inherit (import ../../lib) kieran;
-in {
+{pkgs, lib, ...}: {
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
@@ -12,7 +10,7 @@ in {

  security.acme = {
    acceptTerms = true;
-    defaults.email = kieran.email;
+    defaults.email = pkgs.lib.niveum.kieran.email;
  };

  services.matomo = {
--- a/systems/ful/panoptikon.nix
+++ b/systems/ful/panoptikon.nix
@@ -2,13 +2,9 @@
  config,
  pkgs,
  lib,
-  niveumLib,
-  niveumPackages,
  ...
 }: let
-  panoptikon = niveumLib.panoptikon {inherit pkgs lib niveumPackages config;};
-
-  irc-xxx = panoptikon.kpaste-irc {
+  irc-xxx = lib.panoptikon.kpaste-irc {
    target = lib.escapeShellArg "#xxx";
    retiolumLink = true;
  };
@@ -41,7 +37,7 @@
        | ${pkgs.jq}/bin/jq -e .ok
    '';

-  irc-kmein = panoptikon.kpaste-irc {
+  irc-kmein = lib.panoptikon.kpaste-irc {
    messagePrefix = "$PANOPTIKON_WATCHER: ";
    target = "kmein";
    nick = "panoptikon-kmein";
@@ -60,7 +56,7 @@ in {
    enable = true;
    watchers = {
      "github-meta" = {
-        script = panoptikon.urlJSON {
+        script = lib.panoptikon.urlJSON {
          jqScript = ''
            {
              ssh_key_fingerprints: .ssh_key_fingerprints,
@@ -71,79 +67,79 @@ in {
        reporters = [irc-xxx];
      };
      lammla = {
-        script = panoptikon.url "http://lammla.info/index.php?reihe=30";
+        script = lib.panoptikon.url "http://lammla.info/index.php?reihe=30";
        reporters = [matrix-kmein];
      };
      kratylos = {
-        script = panoptikon.url "https://kratylos.reichert-online.org/current_issue/KRATYLOS";
+        script = lib.panoptikon.url "https://kratylos.reichert-online.org/current_issue/KRATYLOS";
        reporters = [matrix-kmein];
      };
      kobudo-tesshinkan = {
-        script = panoptikon.url "https://kobudo-tesshinkan.eu/index.php/de/termine-berichte/lehrgaenge/";
+        script = lib.panoptikon.url "https://kobudo-tesshinkan.eu/index.php/de/termine-berichte/lehrgaenge/";
        reporters = [telegram-kmein matrix-kmein];
      };
      zeno-free = {
-        script = panoptikon.urlSelector ".zenoCOMain" "http://www.zeno.org/Lesesaal/M/E-Books";
+        script = lib.panoptikon.urlSelector ".zenoCOMain" "http://www.zeno.org/Lesesaal/M/E-Books";
        reporters = [matrix-kmein];
      };
      carolinawelslau = {
-        script = panoptikon.urlSelector "#main" "https://carolinawelslau.de/";
+        script = lib.panoptikon.urlSelector "#main" "https://carolinawelslau.de/";
        reporters = [matrix-kmein];
      };
      humboldt-preis = {
-        script = panoptikon.urlSelector "#content-core" "https://www.hu-berlin.de/de/ueberblick/menschen/ehrungen/humboldtpreis";
+        script = lib.panoptikon.urlSelector "#content-core" "https://www.hu-berlin.de/de/ueberblick/menschen/ehrungen/humboldtpreis";
        reporters = [matrix-kmein];
      };
      lisalittmann = {
-        script = panoptikon.urlSelector "#site-content" "https://lisalittmann.de/";
+        script = lib.panoptikon.urlSelector "#site-content" "https://lisalittmann.de/";
        reporters = [matrix-kmein];
      };
      lisalittmann-archive = {
-        script = panoptikon.urlSelector "#site-content" "https://lisalittmann.de/archive/";
+        script = lib.panoptikon.urlSelector "#site-content" "https://lisalittmann.de/archive/";
        reporters = [matrix-kmein];
      };
      lisalittmann-projects = {
-        script = panoptikon.urlSelector "#site-content" "https://lisalittmann.de/projects/";
+        script = lib.panoptikon.urlSelector "#site-content" "https://lisalittmann.de/projects/";
        reporters = [matrix-kmein];
      };
      tatort = {
-        script = panoptikon.urlSelector ".linklist" "https://www.daserste.de/unterhaltung/krimi/tatort/sendung/index.html";
+        script = lib.panoptikon.urlSelector ".linklist" "https://www.daserste.de/unterhaltung/krimi/tatort/sendung/index.html";
        reporters = [matrix-kmein];
      };
      warpgrid-idiomarium = {
-        script = panoptikon.urlSelector "#site-content" "https://warpgrid.de/idiomarium/";
+        script = lib.panoptikon.urlSelector "#site-content" "https://warpgrid.de/idiomarium/";
        reporters = [matrix-kmein];
      };
      warpgrid-futurism = {
-        script = panoptikon.urlSelector "#site-content" "https://warpgrid.de/futurism/";
+        script = lib.panoptikon.urlSelector "#site-content" "https://warpgrid.de/futurism/";
        reporters = [matrix-kmein];
      };
      warpgrid-imagiary = {
-        script = panoptikon.urlSelector "#site-content" "https://warpgrid.de/imagiary/";
+        script = lib.panoptikon.urlSelector "#site-content" "https://warpgrid.de/imagiary/";
        reporters = [matrix-kmein];
      };
      warpgrid-alchemy = {
-        script = panoptikon.urlSelector "#site-content" "https://warpgrid.de/alchemy/";
+        script = lib.panoptikon.urlSelector "#site-content" "https://warpgrid.de/alchemy/";
        reporters = [matrix-kmein];
      };
      indogermanische-forschungen = {
-        script = panoptikon.urlSelector "#latestIssue" "https://www.degruyter.com/journal/key/INDO/html";
+        script = lib.panoptikon.urlSelector "#latestIssue" "https://www.degruyter.com/journal/key/INDO/html";
        reporters = [matrix-kmein];
      };
      ig-neuigkeiten = {
-        script = panoptikon.urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/aktuelles/neuigkeiten.html";
+        script = lib.panoptikon.urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/aktuelles/neuigkeiten.html";
        reporters = [matrix-kmein];
      };
      ig-tagungen = {
-        script = panoptikon.urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/tagungen/tagungen-der-ig.html";
+        script = lib.panoptikon.urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/tagungen/tagungen-der-ig.html";
        reporters = [matrix-kmein];
      };
      fu-distant = {
-        script = panoptikon.urlSelector "#current_events" "https://www.geschkult.fu-berlin.de/en/e/ma-distant/Termine/index.html";
+        script = lib.panoptikon.urlSelector "#current_events" "https://www.geschkult.fu-berlin.de/en/e/ma-distant/Termine/index.html";
        reporters = [matrix-kmein];
      };
      fu-aegyptologie = {
-        script = panoptikon.urlSelector "#current_events" "https://www.geschkult.fu-berlin.de/e/aegyptologie/termine/index.html";
+        script = lib.panoptikon.urlSelector "#current_events" "https://www.geschkult.fu-berlin.de/e/aegyptologie/termine/index.html";
        reporters = [matrix-kmein];
      };
    };
--- a/systems/ful/radio.nix
+++ b/systems/ful/radio.nix
@@ -1,11 +1,9 @@
 {
-  lib,
  pkgs,
  config,
-  niveumPackages,
+  lib,
  ...
 }: let
-  inherit (import ../../lib) tmpfilesConfig;
  liquidsoapDirectory = "/var/cache/liquidsoap";
  icecastPassword = "hackme";
  refresh-qasaid = pkgs.writers.writeDashBin "refresh-qasaid" ''
@@ -23,7 +21,7 @@
            poem: .[0].["#text"],
            author: .[1].["#text"]
          })
-      ' | ${niveumPackages.cyberlocker-tools}/bin/cput qasaid.json
+      ' | ${pkgs.cyberlocker-tools}/bin/cput qasaid.json
  '';
  qasida-poem = pkgs.writers.writeDash "qasida.sh" ''
    set -efu
@@ -136,7 +134,7 @@ in {
  environment.systemPackages = [refresh-qasaid];

  systemd.tmpfiles.rules = [
-    (tmpfilesConfig {
+    (pkgs.lib.niveum.tmpfilesConfig {
      type = "d";
      path = liquidsoapDirectory;
      mode = "0750";
--- a/systems/kabsa/configuration.nix
+++ b/systems/kabsa/configuration.nix
@@ -3,9 +3,7 @@
  pkgs,
  lib,
  ...
-}: let
-  inherit (import ../../lib) retiolumAddresses;
-in {
+}: {
  imports = [
    ../kibbeh/hardware-configuration.nix
    ../../configs/tlp.nix
@@ -50,7 +48,7 @@ in {
  networking = {
    hostName = "kabsa";
    wireless.interfaces = ["wlp3s0"];
-    retiolum = retiolumAddresses.kabsa;
+    retiolum = pkgs.lib.niveum.retiolumAddresses.kabsa;
  };

  system.stateVersion = "23.11";
--- a/systems/kibbeh/configuration.nix
+++ b/systems/kibbeh/configuration.nix
@@ -1,7 +1,6 @@
 {
  config,
  pkgs,
-  niveumPackages,
  ...
 }:

@@ -76,9 +75,9 @@
      libreoffice
      xournalpp
      jellyfin-media-player
-      niveumPackages.mpv-tv
+      mpv-tv
      telegram-desktop
-      (niveumPackages.mpv-radio.override { di-fm-key-file = config.age.secrets.di-fm-key.path; })
+      (mpv-radio.override { di-fm-key-file = config.age.secrets.di-fm-key.path; })
      spotify
    ];
  };
@@ -88,7 +87,7 @@
    git
    vim
    tmux
-    (niveumPackages.vim.override { colorscheme = "base16-gruvbox-dark-medium"; })
+    (vim-kmein.override { colorscheme = "base16-gruvbox-dark-medium"; })
  ];

  system.stateVersion = "23.11";
--- a/systems/makanek/configuration.nix
+++ b/systems/makanek/configuration.nix
@@ -3,9 +3,7 @@
  config,
  pkgs,
  ...
-}: let
-  inherit (import ../../lib) kieran retiolumAddresses restic;
-in {
+}: {
  imports = [
    ./gitea.nix
    ./hardware-configuration.nix
@@ -36,7 +34,7 @@ in {

  services.restic.backups.niveum = {
    initialize = true;
-    inherit (restic) repository;
+    repository = pkgs.lib.niveum.restic.repository;
    timerConfig = {
      OnCalendar = "daily";
      RandomizedDelaySec = "1h";
@@ -82,7 +80,7 @@ in {
    firewall.allowedTCPPorts = [80 443];
    hostName = "makanek";
    interfaces.ens3.useDHCP = true;
-    retiolum = retiolumAddresses.makanek;
+    retiolum = pkgs.lib.niveum.retiolumAddresses.makanek;
    useDHCP = false;
  };

@@ -115,7 +113,7 @@ in {

  security.acme = {
    acceptTerms = true;
-    defaults.email = kieran.email;
+    defaults.email = pkgs.lib.niveum.kieran.email;
  };

  services.nginx.virtualHosts."www.kmein.de" = {
--- a/systems/makanek/gitea.nix
+++ b/systems/makanek/gitea.nix
@@ -1,6 +1,5 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 let
-  inherit (import ../../lib) sshPort;
  domain = "code.kmein.de";
 in {
  services.anubis = {
@@ -27,7 +26,7 @@ in {
    settings = {
      server.ROOT_URL = "https://${domain}";
      server.DOMAIN = domain;
-      server.SSH_PORT = sshPort;
+      server.SSH_PORT = pkgs.lib.niveum.sshPort;
      service.DISABLE_REGISTRATION = true;
    };
  };
--- a/systems/makanek/hedgedoc.nix
+++ b/systems/makanek/hedgedoc.nix
@@ -1,12 +1,12 @@
 {
  config,
  pkgs,
+  lib,
  ...
 }: let
  backupLocation = "/var/lib/codimd-backup";
  stateLocation = "/var/lib/codimd/state.sqlite";
  domain = "pad.kmein.de";
-  inherit (import ../../lib) tmpfilesConfig;
 in {
  services.nginx.virtualHosts.${domain} = {
    enableACME = true;
@@ -56,7 +56,7 @@ in {
  ];

  systemd.tmpfiles.rules = [
-    (tmpfilesConfig {
+    (pkgs.lib.niveum.tmpfilesConfig {
      user = "codimd";
      group = "codimd";
      mode = "0755";
--- a/systems/makanek/monitoring/default.nix
+++ b/systems/makanek/monitoring/default.nix
@@ -7,7 +7,6 @@
 let
  lokiConfig = import ./loki.nix;
  blackboxConfig = import ./blackbox.nix;
-  inherit (import ../../../lib) restic;
 in
 {
  services.grafana = {
@@ -426,7 +425,7 @@ in
        {
          targets = [
            "zaatar.r:${toString config.services.prometheus.exporters.node.port}"
-            "zaatar.r:${toString restic.port}"
+            "zaatar.r:${toString pkgs.lib.niveum.restic.port}"
          ];
        }
      ];
--- a/systems/makanek/radio-news.nix
+++ b/systems/makanek/radio-news.nix
@@ -2,7 +2,6 @@
  config,
  pkgs,
  lib,
-  niveumPackages,
  ...
 }: let
  inherit (import ../../lib) serveHtml;
@@ -25,7 +24,7 @@ in {
    script = ''
      PATH=$PATH:${lib.makeBinPath [pkgs.gnused pkgs.curl pkgs.jq]}

-      GEMINI_API_KEY="$(cat "$CREDENTIALS_DIRECTORY/gemini-api-key")" ${niveumPackages.radio-news}/bin/radio-news | jq --arg from "$(date -u -Is | sed 's/+00:00/Z/')" --arg to "$(date -u -Is -d 'now + 30 minutes' | sed 's/+00:00/Z/')" '
+      GEMINI_API_KEY="$(cat "$CREDENTIALS_DIRECTORY/gemini-api-key")" ${pkgs.radio-news}/bin/radio-news | jq --arg from "$(date -u -Is | sed 's/+00:00/Z/')" --arg to "$(date -u -Is -d 'now + 30 minutes' | sed 's/+00:00/Z/')" '
      {
        from: $from,
        to: $to,
--- a/systems/makanek/weechat.nix
+++ b/systems/makanek/weechat.nix
@@ -3,9 +3,7 @@
  pkgs,
  ...
 }: let
-  inherit (import ../../lib) kieran;
  weechatHome = "/var/lib/weechat";
-  weechat-declarative = pkgs.callPackage ../../packages/weechat-declarative.nix {};
 in {
  systemd.services.weechat = let
    tmux = pkgs.writers.writeDash "tmux" ''
@@ -26,7 +24,7 @@ in {
        ''
      } "$@"
    '';
-    weechat = weechat-declarative.override {
+    weechat = pkgs.weechat-declarative.override {
      config = {
        scripts = [
          pkgs.weechatScripts.weechat-autosort
@@ -52,7 +50,7 @@ in {
              msg_part = "tschö mit ö";
              msg_quit = "ciao kakao";
              msg_kick = "warum machst du diese?";
-              realname = lib.head (lib.strings.split " " kieran.name);
+              realname = lib.head (lib.strings.split " " pkgs.lib.niveum.kieran.name);
            };
            server = {
              hackint = {
--- a/systems/makanek/weechat.sync-conflict-20250130-092406-AJVBWR2.nix
+++ b/systems/makanek/weechat.sync-conflict-20250130-092406-AJVBWR2.nix
@@ -1,6 +1,5 @@
 { lib, pkgs, config, unstablePackages, ... }:
 let
-  inherit (import ../../lib) kieran;
  weechatHome = "/var/lib/weechat";
  weechat-declarative =
    pkgs.callPackage ../../packages/weechat-declarative.nix {
@@ -54,7 +53,7 @@ in {
              msg_part = "tschö mit ö";
              msg_quit = "ciao kakao";
              msg_kick = "warum machst du diese?";
-              realname = lib.head (lib.strings.split " " kieran.name);
+              realname = lib.head (lib.strings.split " " pkgs.lib.niveum.kieran.name);
            };
            server = {
              hackint = {
@@ -185,7 +184,7 @@ in {
  users.groups.weechat = { };
  users.extraUsers.weechat = {
    useDefaultShell = true;
-    openssh.authorizedKeys.keys = kieran.sshKeys ++ [
+    openssh.authorizedKeys.keys = pkgs.lib.niveum.kieran.sshKeys ++ [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC+KVDmYYH7mA8v81e9O3swXm3ZVYY9t4HP65ud61uXy weechat_android@kibbeh"
    ];
    createHome = true;
--- a/systems/manakish/configuration.nix
+++ b/systems/manakish/configuration.nix
@@ -3,9 +3,7 @@
  pkgs,
  lib,
  ...
-}: let
-  inherit (import ../../lib) retiolumAddresses;
-in {
+}: {
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
@@ -50,7 +48,7 @@ in {
      wwp0s20u4i6.useDHCP = true;
    };
    wireless.interfaces = ["wlp3s0"];
-    retiolum = retiolumAddresses.manakish;
+    retiolum = pkgs.lib.niveum.retiolumAddresses.manakish;
    hostName = "manakish";
  };

--- a/systems/tabula/configuration.nix
+++ b/systems/tabula/configuration.nix
@@ -1,10 +1,9 @@
 {
  config,
+  lib,
  pkgs,
  ...
-}: let
-  inherit (import ../../lib) retiolumAddresses;
-in {
+}: {
  imports = [
    ./hardware-configuration.nix
    ../../configs/spacetime.nix
@@ -67,7 +66,7 @@ in {
      enp0s4.useDHCP = true;
      wlp2s0.useDHCP = true;
    };
-    retiolum = retiolumAddresses.tabula;
+    retiolum = pkgs.lib.niveum.retiolumAddresses.tabula;
    hostName = "tabula";
  };

--- a/systems/tahina/configuration.nix
+++ b/systems/tahina/configuration.nix
@@ -1,10 +1,9 @@
 {
  config,
+  lib,
  pkgs,
  ...
-}: let
-  inherit (import ../../lib) retiolumAddresses;
-in {
+}: {
  imports = [
    ./hardware-configuration.nix
    ../../configs/spacetime.nix
@@ -75,7 +74,7 @@ in {
      enp0s25.useDHCP = true;
      wlo1.useDHCP = true;
    };
-    retiolum = retiolumAddresses.tahina;
+    retiolum = pkgs.lib.niveum.retiolumAddresses.tahina;
    hostName = "tahina";
  };

--- a/systems/zaatar/backup.nix
+++ b/systems/zaatar/backup.nix
@@ -4,9 +4,6 @@
  lib,
  ...
 }: let
-  niveumLib = import ../../lib;
-  inherit (niveumLib) retiolumAddresses restic;
-  firewall = niveumLib.firewall lib;
  dataDir = "/backup/restic";
 in {
  services.restic.server = {
@@ -15,7 +12,7 @@ in {
    inherit dataDir;
    prometheus = true;
    extraFlags = ["--no-auth"]; # auth is done via firewall
-    listenAddress = toString restic.port;
+    listenAddress = toString pkgs.lib.niveum.restic.port;
  };

  environment.systemPackages = [
@@ -30,32 +27,32 @@ in {
  };

  networking.firewall = let
-    dport = restic.port;
+    dport = pkgs.lib.niveum.restic.port;
    protocol = "tcp";
    rules = [
-      (firewall.accept {
+      (pkgs.lib.niveum.firewall.accept {
        inherit dport protocol;
-        source = retiolumAddresses.kabsa.ipv4;
+        source = pkgs.lib.niveum.retiolumAddresses.kabsa.ipv4;
      })
-      (firewall.accept {
+      (pkgs.lib.niveum.firewall.accept {
        inherit dport protocol;
-        source = retiolumAddresses.manakish.ipv4;
+        source = pkgs.lib.niveum.retiolumAddresses.manakish.ipv4;
      })
-      (firewall.accept {
+      (pkgs.lib.niveum.firewall.accept {
        inherit dport protocol;
-        source = retiolumAddresses.makanek.ipv4;
+        source = pkgs.lib.niveum.retiolumAddresses.makanek.ipv4;
      })
-      (firewall.accept {
+      (pkgs.lib.niveum.firewall.accept {
        inherit dport protocol;
-        source = retiolumAddresses.fatteh.ipv4;
+        source = pkgs.lib.niveum.retiolumAddresses.fatteh.ipv4;
      })
-      (firewall.accept {
+      (pkgs.lib.niveum.firewall.accept {
        inherit dport protocol;
-        source = retiolumAddresses.ful.ipv4;
+        source = pkgs.lib.niveum.retiolumAddresses.ful.ipv4;
      })
    ];
  in {
-    extraCommands = firewall.addRules rules;
-    extraStopCommands = firewall.removeRules rules;
+    extraCommands = pkgs.lib.niveum.firewall.addRules rules;
+    extraStopCommands = pkgs.lib.niveum.firewall.removeRules rules;
  };
 }
--- a/systems/zaatar/configuration.nix
+++ b/systems/zaatar/configuration.nix
@@ -3,9 +3,8 @@
  pkgs,
  lib,
  ...
-}: let
-  inherit (import ../../lib) retiolumAddresses restic;
-in {
+}:
+{
  imports = [
    ./backup.nix
    ./gaslight.nix
@@ -51,7 +50,7 @@ in {

  services.restic.backups.niveum = {
    initialize = true;
-    inherit (restic) repository;
+    repository = pkgs.lib.niveum.restic.repository;
    timerConfig = {
      OnCalendar = "daily";
      RandomizedDelaySec = "1h";
@@ -70,24 +69,26 @@ in {

  services.illum.enable = true;

-  environment.systemPackages = let
-    worldradio = pkgs.callPackage ../../packages/worldradio.nix {};
-  in [
-    (pkgs.writers.writeDashBin "mpv" ''${pkgs.mpv}/bin/mpv --no-video "$@"'')
-    (pkgs.writers.writeDashBin "worldradio" ''
-      shuf ${worldradio} | ${pkgs.findutils}/bin/xargs ${pkgs.mpv}/bin/mpv --no-video
-    '')
-    pkgs.git
-    pkgs.vim
-    pkgs.htop
-    pkgs.ncmpcpp
-    pkgs.python3 # for sshuttle
-  ];
+  environment.systemPackages =
+    let
+      worldradio = pkgs.callPackage ../../packages/worldradio.nix { };
+    in
+    [
+      (pkgs.writers.writeDashBin "mpv" ''${pkgs.mpv}/bin/mpv --no-video "$@"'')
+      (pkgs.writers.writeDashBin "worldradio" ''
+        shuf ${worldradio} | ${pkgs.findutils}/bin/xargs ${pkgs.mpv}/bin/mpv --no-video
+      '')
+      pkgs.git
+      pkgs.vim
+      pkgs.htop
+      pkgs.ncmpcpp
+      pkgs.python3 # for sshuttle
+    ];

  networking = {
    hostName = "zaatar";
-    wireless.interfaces = ["wlp2s0"];
-    retiolum = retiolumAddresses.zaatar;
+    wireless.interfaces = [ "wlp2s0" ];
+    retiolum = pkgs.lib.niveum.retiolumAddresses.zaatar;
  };

  system.stateVersion = "23.11";
--- a/systems/zaatar/home-assistant.nix
+++ b/systems/zaatar/home-assistant.nix
@@ -1,6 +1,5 @@
 {config, pkgs, lib, ...}: let
  port = 8123;
-  inherit (import ../../lib) restic;
  volumeName = "home-assistant";
  streams = import ../../lib/streams.nix {
    di-fm-key = "%DI_FM_KEY%"; # TODO lib.strings.fileContents <secrets/di.fm/key>;
@@ -17,7 +16,7 @@ in {

  services.restic.backups.niveum = {
    initialize = true;
-    inherit (restic) repository;
+    repository = pkgs.lib.niveum.restic.repository;
    timerConfig = {
      OnCalendar = "daily";
      RandomizedDelaySec = "1h";
--- a/systems/zaatar/moodle-dl-meinhark.nix
+++ b/systems/zaatar/moodle-dl-meinhark.nix
@@ -141,7 +141,7 @@ in {
  services.nfs.server = {
    enable = true;
    exports = let
-      machines = with (import ../../lib).retiolumAddresses; [kabsa manakish];
+      machines = with pkgs.lib.niveum.retiolumAddresses; [kabsa manakish];
    in ''
      /export        ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(fsid=0)") machines}
      /export/moodle ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(insecure,rw)") machines}
--- a/systems/zaatar/mpd.nix
+++ b/systems/zaatar/mpd.nix
@@ -4,9 +4,6 @@
  lib,
  ...
 }: let
-  firewall = (import ../../lib).firewall lib;
-  inherit (import ../../lib) tmpfilesConfig;
-
  mukkeMountPoint = "/mnt/mukke";
  fritzboxMountPoint = "/mnt/fritz";

@@ -57,7 +54,7 @@ in {
  };

  systemd.tmpfiles.rules = [
-    (tmpfilesConfig {
+    (pkgs.lib.niveum.tmpfilesConfig {
      type = "L+";
      mode = "0644";
      user = "mpd";
@@ -65,7 +62,7 @@ in {
      path = "${config.services.mpd.musicDirectory}/mukke";
      argument = mukkeMountPoint;
    })
-    (tmpfilesConfig {
+    (pkgs.lib.niveum.tmpfilesConfig {
      type = "L+";
      mode = "0644";
      user = "mpd";
@@ -81,19 +78,19 @@ in {
    dport = config.services.mpd.network.port;
    protocol = "tcp";
    rules = [
-      (firewall.accept {
+      (pkgs.lib.niveum.firewall.accept {
        inherit dport protocol;
        source = "192.168.0.0/16";
      })
-      (firewall.accept {
+      (pkgs.lib.niveum.firewall.accept {
        inherit dport protocol;
        source = "127.0.0.0/8";
      })
    ];
  in {
    allowedTCPPorts = [80];
-    extraCommands = firewall.addRules rules;
-    extraStopCommands = firewall.removeRules rules;
+    extraCommands = pkgs.lib.niveum.firewall.addRules rules;
+    extraStopCommands = pkgs.lib.niveum.firewall.removeRules rules;
  };

  systemd.services.mpd-playlists = {