remove specialArgs niveum and niveumLib, add overlay

2026-03-16 10:11:08 +01:00 · 2025-12-25 14:00:03 +01:00
parent c490c81a32
commit 82b7ffd39f
59 changed files with 535 additions and 616 deletions
--- a/systems/fatteh/configuration.nix
+++ b/systems/fatteh/configuration.nix
@@ -2,9 +2,7 @@
  config,
  pkgs,
  ...
-}: let
-  inherit (import ../../lib) retiolumAddresses;
-in {
+}: {
  imports = [
    ./hardware-configuration.nix
    ../../configs/networkmanager.nix
@@ -42,7 +40,7 @@ in {
  };

  networking.hostName = "fatteh";
-  networking.retiolum = retiolumAddresses.fatteh;
+  networking.retiolum = pkgs.lib.niveum.retiolumAddresses.fatteh;

  system.stateVersion = "23.11";
 }
--- a/systems/ful/configuration.nix
+++ b/systems/ful/configuration.nix
@@ -3,9 +3,7 @@
  pkgs,
  lib,
  ...
-}: let
-  inherit (import ../../lib) kieran retiolumAddresses restic;
-in {
+}: {
  imports = [
    ./hardware-configuration.nix
    ./matomo.nix
@@ -60,7 +58,7 @@ in {

  services.restic.backups.niveum = {
    initialize = true;
-    inherit (restic) repository;
+    repository = pkgs.lib.niveum.restic.repository;
    timerConfig = {
      OnCalendar = "daily";
      RandomizedDelaySec = "1h";
@@ -75,7 +73,7 @@ in {
    firewall.allowedTCPPorts = [80 443];
    hostName = "ful";
    interfaces.enp0s3.useDHCP = true;
-    retiolum = retiolumAddresses.ful;
+    retiolum = pkgs.lib.niveum.retiolumAddresses.ful;
    useDHCP = false;
  };

@@ -92,7 +90,7 @@ in {

  security.acme = {
    acceptTerms = true;
-    defaults.email = kieran.email;
+    defaults.email = pkgs.lib.niveum.kieran.email;
  };

  users.users.root.hashedPasswordFile = config.age.secrets.root.path;
--- a/systems/ful/go-webring.nix
+++ b/systems/ful/go-webring.nix
@@ -1,4 +1,4 @@
-{ config, niveumPackages ,... }:
+{ config, pkgs, ... }:
 let
  port = 2857;
 in
@@ -7,7 +7,7 @@ in
    enable = true;
    host = "dichtungsring.kmein.de";
    listenAddress = "127.0.0.1:${toString port}";
-    package = niveumPackages.go-webring;
+    package = pkgs.go-webring;
    members = [
      { username = "meteora"; site = "meteora.xn--kiern-0qa.de"; }
      { username = "huldra"; site = "huldras-halbtraum.com"; }
--- a/systems/ful/matomo.nix
+++ b/systems/ful/matomo.nix
@@ -1,6 +1,4 @@
-{pkgs, ...}: let
-  inherit (import ../../lib) kieran;
-in {
+{pkgs, lib, ...}: {
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
@@ -12,7 +10,7 @@ in {

  security.acme = {
    acceptTerms = true;
-    defaults.email = kieran.email;
+    defaults.email = pkgs.lib.niveum.kieran.email;
  };

  services.matomo = {
--- a/systems/ful/panoptikon.nix
+++ b/systems/ful/panoptikon.nix
@@ -2,13 +2,9 @@
  config,
  pkgs,
  lib,
-  niveumLib,
-  niveumPackages,
  ...
 }: let
-  panoptikon = niveumLib.panoptikon {inherit pkgs lib niveumPackages config;};
-
-  irc-xxx = panoptikon.kpaste-irc {
+  irc-xxx = lib.panoptikon.kpaste-irc {
    target = lib.escapeShellArg "#xxx";
    retiolumLink = true;
  };
@@ -41,7 +37,7 @@
        | ${pkgs.jq}/bin/jq -e .ok
    '';

-  irc-kmein = panoptikon.kpaste-irc {
+  irc-kmein = lib.panoptikon.kpaste-irc {
    messagePrefix = "$PANOPTIKON_WATCHER: ";
    target = "kmein";
    nick = "panoptikon-kmein";
@@ -60,7 +56,7 @@ in {
    enable = true;
    watchers = {
      "github-meta" = {
-        script = panoptikon.urlJSON {
+        script = lib.panoptikon.urlJSON {
          jqScript = ''
            {
              ssh_key_fingerprints: .ssh_key_fingerprints,
@@ -71,79 +67,79 @@ in {
        reporters = [irc-xxx];
      };
      lammla = {
-        script = panoptikon.url "http://lammla.info/index.php?reihe=30";
+        script = lib.panoptikon.url "http://lammla.info/index.php?reihe=30";
        reporters = [matrix-kmein];
      };
      kratylos = {
-        script = panoptikon.url "https://kratylos.reichert-online.org/current_issue/KRATYLOS";
+        script = lib.panoptikon.url "https://kratylos.reichert-online.org/current_issue/KRATYLOS";
        reporters = [matrix-kmein];
      };
      kobudo-tesshinkan = {
-        script = panoptikon.url "https://kobudo-tesshinkan.eu/index.php/de/termine-berichte/lehrgaenge/";
+        script = lib.panoptikon.url "https://kobudo-tesshinkan.eu/index.php/de/termine-berichte/lehrgaenge/";
        reporters = [telegram-kmein matrix-kmein];
      };
      zeno-free = {
-        script = panoptikon.urlSelector ".zenoCOMain" "http://www.zeno.org/Lesesaal/M/E-Books";
+        script = lib.panoptikon.urlSelector ".zenoCOMain" "http://www.zeno.org/Lesesaal/M/E-Books";
        reporters = [matrix-kmein];
      };
      carolinawelslau = {
-        script = panoptikon.urlSelector "#main" "https://carolinawelslau.de/";
+        script = lib.panoptikon.urlSelector "#main" "https://carolinawelslau.de/";
        reporters = [matrix-kmein];
      };
      humboldt-preis = {
-        script = panoptikon.urlSelector "#content-core" "https://www.hu-berlin.de/de/ueberblick/menschen/ehrungen/humboldtpreis";
+        script = lib.panoptikon.urlSelector "#content-core" "https://www.hu-berlin.de/de/ueberblick/menschen/ehrungen/humboldtpreis";
        reporters = [matrix-kmein];
      };
      lisalittmann = {
-        script = panoptikon.urlSelector "#site-content" "https://lisalittmann.de/";
+        script = lib.panoptikon.urlSelector "#site-content" "https://lisalittmann.de/";
        reporters = [matrix-kmein];
      };
      lisalittmann-archive = {
-        script = panoptikon.urlSelector "#site-content" "https://lisalittmann.de/archive/";
+        script = lib.panoptikon.urlSelector "#site-content" "https://lisalittmann.de/archive/";
        reporters = [matrix-kmein];
      };
      lisalittmann-projects = {
-        script = panoptikon.urlSelector "#site-content" "https://lisalittmann.de/projects/";
+        script = lib.panoptikon.urlSelector "#site-content" "https://lisalittmann.de/projects/";
        reporters = [matrix-kmein];
      };
      tatort = {
-        script = panoptikon.urlSelector ".linklist" "https://www.daserste.de/unterhaltung/krimi/tatort/sendung/index.html";
+        script = lib.panoptikon.urlSelector ".linklist" "https://www.daserste.de/unterhaltung/krimi/tatort/sendung/index.html";
        reporters = [matrix-kmein];
      };
      warpgrid-idiomarium = {
-        script = panoptikon.urlSelector "#site-content" "https://warpgrid.de/idiomarium/";
+        script = lib.panoptikon.urlSelector "#site-content" "https://warpgrid.de/idiomarium/";
        reporters = [matrix-kmein];
      };
      warpgrid-futurism = {
-        script = panoptikon.urlSelector "#site-content" "https://warpgrid.de/futurism/";
+        script = lib.panoptikon.urlSelector "#site-content" "https://warpgrid.de/futurism/";
        reporters = [matrix-kmein];
      };
      warpgrid-imagiary = {
-        script = panoptikon.urlSelector "#site-content" "https://warpgrid.de/imagiary/";
+        script = lib.panoptikon.urlSelector "#site-content" "https://warpgrid.de/imagiary/";
        reporters = [matrix-kmein];
      };
      warpgrid-alchemy = {
-        script = panoptikon.urlSelector "#site-content" "https://warpgrid.de/alchemy/";
+        script = lib.panoptikon.urlSelector "#site-content" "https://warpgrid.de/alchemy/";
        reporters = [matrix-kmein];
      };
      indogermanische-forschungen = {
-        script = panoptikon.urlSelector "#latestIssue" "https://www.degruyter.com/journal/key/INDO/html";
+        script = lib.panoptikon.urlSelector "#latestIssue" "https://www.degruyter.com/journal/key/INDO/html";
        reporters = [matrix-kmein];
      };
      ig-neuigkeiten = {
-        script = panoptikon.urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/aktuelles/neuigkeiten.html";
+        script = lib.panoptikon.urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/aktuelles/neuigkeiten.html";
        reporters = [matrix-kmein];
      };
      ig-tagungen = {
-        script = panoptikon.urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/tagungen/tagungen-der-ig.html";
+        script = lib.panoptikon.urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/tagungen/tagungen-der-ig.html";
        reporters = [matrix-kmein];
      };
      fu-distant = {
-        script = panoptikon.urlSelector "#current_events" "https://www.geschkult.fu-berlin.de/en/e/ma-distant/Termine/index.html";
+        script = lib.panoptikon.urlSelector "#current_events" "https://www.geschkult.fu-berlin.de/en/e/ma-distant/Termine/index.html";
        reporters = [matrix-kmein];
      };
      fu-aegyptologie = {
-        script = panoptikon.urlSelector "#current_events" "https://www.geschkult.fu-berlin.de/e/aegyptologie/termine/index.html";
+        script = lib.panoptikon.urlSelector "#current_events" "https://www.geschkult.fu-berlin.de/e/aegyptologie/termine/index.html";
        reporters = [matrix-kmein];
      };
    };
--- a/systems/ful/radio.nix
+++ b/systems/ful/radio.nix
@@ -1,11 +1,9 @@
 {
-  lib,
  pkgs,
  config,
-  niveumPackages,
+  lib,
  ...
 }: let
-  inherit (import ../../lib) tmpfilesConfig;
  liquidsoapDirectory = "/var/cache/liquidsoap";
  icecastPassword = "hackme";
  refresh-qasaid = pkgs.writers.writeDashBin "refresh-qasaid" ''
@@ -23,7 +21,7 @@
            poem: .[0].["#text"],
            author: .[1].["#text"]
          })
-      ' | ${niveumPackages.cyberlocker-tools}/bin/cput qasaid.json
+      ' | ${pkgs.cyberlocker-tools}/bin/cput qasaid.json
  '';
  qasida-poem = pkgs.writers.writeDash "qasida.sh" ''
    set -efu
@@ -136,7 +134,7 @@ in {
  environment.systemPackages = [refresh-qasaid];

  systemd.tmpfiles.rules = [
-    (tmpfilesConfig {
+    (pkgs.lib.niveum.tmpfilesConfig {
      type = "d";
      path = liquidsoapDirectory;
      mode = "0750";
--- a/systems/kabsa/configuration.nix
+++ b/systems/kabsa/configuration.nix
@@ -3,9 +3,7 @@
  pkgs,
  lib,
  ...
-}: let
-  inherit (import ../../lib) retiolumAddresses;
-in {
+}: {
  imports = [
    ../kibbeh/hardware-configuration.nix
    ../../configs/tlp.nix
@@ -50,7 +48,7 @@ in {
  networking = {
    hostName = "kabsa";
    wireless.interfaces = ["wlp3s0"];
-    retiolum = retiolumAddresses.kabsa;
+    retiolum = pkgs.lib.niveum.retiolumAddresses.kabsa;
  };

  system.stateVersion = "23.11";
--- a/systems/kibbeh/configuration.nix
+++ b/systems/kibbeh/configuration.nix
@@ -1,7 +1,6 @@
 {
  config,
  pkgs,
-  niveumPackages,
  ...
 }:

@@ -76,9 +75,9 @@
      libreoffice
      xournalpp
      jellyfin-media-player
-      niveumPackages.mpv-tv
+      mpv-tv
      telegram-desktop
-      (niveumPackages.mpv-radio.override { di-fm-key-file = config.age.secrets.di-fm-key.path; })
+      (mpv-radio.override { di-fm-key-file = config.age.secrets.di-fm-key.path; })
      spotify
    ];
  };
@@ -88,7 +87,7 @@
    git
    vim
    tmux
-    (niveumPackages.vim.override { colorscheme = "base16-gruvbox-dark-medium"; })
+    (vim-kmein.override { colorscheme = "base16-gruvbox-dark-medium"; })
  ];

  system.stateVersion = "23.11";
--- a/systems/makanek/configuration.nix
+++ b/systems/makanek/configuration.nix
@@ -3,9 +3,7 @@
  config,
  pkgs,
  ...
-}: let
-  inherit (import ../../lib) kieran retiolumAddresses restic;
-in {
+}: {
  imports = [
    ./gitea.nix
    ./hardware-configuration.nix
@@ -36,7 +34,7 @@ in {

  services.restic.backups.niveum = {
    initialize = true;
-    inherit (restic) repository;
+    repository = pkgs.lib.niveum.restic.repository;
    timerConfig = {
      OnCalendar = "daily";
      RandomizedDelaySec = "1h";
@@ -82,7 +80,7 @@ in {
    firewall.allowedTCPPorts = [80 443];
    hostName = "makanek";
    interfaces.ens3.useDHCP = true;
-    retiolum = retiolumAddresses.makanek;
+    retiolum = pkgs.lib.niveum.retiolumAddresses.makanek;
    useDHCP = false;
  };

@@ -115,7 +113,7 @@ in {

  security.acme = {
    acceptTerms = true;
-    defaults.email = kieran.email;
+    defaults.email = pkgs.lib.niveum.kieran.email;
  };

  services.nginx.virtualHosts."www.kmein.de" = {
--- a/systems/makanek/gitea.nix
+++ b/systems/makanek/gitea.nix
@@ -1,6 +1,5 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 let
-  inherit (import ../../lib) sshPort;
  domain = "code.kmein.de";
 in {
  services.anubis = {
@@ -27,7 +26,7 @@ in {
    settings = {
      server.ROOT_URL = "https://${domain}";
      server.DOMAIN = domain;
-      server.SSH_PORT = sshPort;
+      server.SSH_PORT = pkgs.lib.niveum.sshPort;
      service.DISABLE_REGISTRATION = true;
    };
  };
--- a/systems/makanek/hedgedoc.nix
+++ b/systems/makanek/hedgedoc.nix
@@ -1,12 +1,12 @@
 {
  config,
  pkgs,
+  lib,
  ...
 }: let
  backupLocation = "/var/lib/codimd-backup";
  stateLocation = "/var/lib/codimd/state.sqlite";
  domain = "pad.kmein.de";
-  inherit (import ../../lib) tmpfilesConfig;
 in {
  services.nginx.virtualHosts.${domain} = {
    enableACME = true;
@@ -56,7 +56,7 @@ in {
  ];

  systemd.tmpfiles.rules = [
-    (tmpfilesConfig {
+    (pkgs.lib.niveum.tmpfilesConfig {
      user = "codimd";
      group = "codimd";
      mode = "0755";
--- a/systems/makanek/monitoring/default.nix
+++ b/systems/makanek/monitoring/default.nix
@@ -7,7 +7,6 @@
 let
  lokiConfig = import ./loki.nix;
  blackboxConfig = import ./blackbox.nix;
-  inherit (import ../../../lib) restic;
 in
 {
  services.grafana = {
@@ -426,7 +425,7 @@ in
        {
          targets = [
            "zaatar.r:${toString config.services.prometheus.exporters.node.port}"
-            "zaatar.r:${toString restic.port}"
+            "zaatar.r:${toString pkgs.lib.niveum.restic.port}"
          ];
        }
      ];
--- a/systems/makanek/radio-news.nix
+++ b/systems/makanek/radio-news.nix
@@ -2,7 +2,6 @@
  config,
  pkgs,
  lib,
-  niveumPackages,
  ...
 }: let
  inherit (import ../../lib) serveHtml;
@@ -25,7 +24,7 @@ in {
    script = ''
      PATH=$PATH:${lib.makeBinPath [pkgs.gnused pkgs.curl pkgs.jq]}

-      GEMINI_API_KEY="$(cat "$CREDENTIALS_DIRECTORY/gemini-api-key")" ${niveumPackages.radio-news}/bin/radio-news | jq --arg from "$(date -u -Is | sed 's/+00:00/Z/')" --arg to "$(date -u -Is -d 'now + 30 minutes' | sed 's/+00:00/Z/')" '
+      GEMINI_API_KEY="$(cat "$CREDENTIALS_DIRECTORY/gemini-api-key")" ${pkgs.radio-news}/bin/radio-news | jq --arg from "$(date -u -Is | sed 's/+00:00/Z/')" --arg to "$(date -u -Is -d 'now + 30 minutes' | sed 's/+00:00/Z/')" '
      {
        from: $from,
        to: $to,
--- a/systems/makanek/weechat.nix
+++ b/systems/makanek/weechat.nix
@@ -3,9 +3,7 @@
  pkgs,
  ...
 }: let
-  inherit (import ../../lib) kieran;
  weechatHome = "/var/lib/weechat";
-  weechat-declarative = pkgs.callPackage ../../packages/weechat-declarative.nix {};
 in {
  systemd.services.weechat = let
    tmux = pkgs.writers.writeDash "tmux" ''
@@ -26,7 +24,7 @@ in {
        ''
      } "$@"
    '';
-    weechat = weechat-declarative.override {
+    weechat = pkgs.weechat-declarative.override {
      config = {
        scripts = [
          pkgs.weechatScripts.weechat-autosort
@@ -52,7 +50,7 @@ in {
              msg_part = "tschö mit ö";
              msg_quit = "ciao kakao";
              msg_kick = "warum machst du diese?";
-              realname = lib.head (lib.strings.split " " kieran.name);
+              realname = lib.head (lib.strings.split " " pkgs.lib.niveum.kieran.name);
            };
            server = {
              hackint = {
--- a/systems/makanek/weechat.sync-conflict-20250130-092406-AJVBWR2.nix
+++ b/systems/makanek/weechat.sync-conflict-20250130-092406-AJVBWR2.nix
@@ -1,6 +1,5 @@
 { lib, pkgs, config, unstablePackages, ... }:
 let
-  inherit (import ../../lib) kieran;
  weechatHome = "/var/lib/weechat";
  weechat-declarative =
    pkgs.callPackage ../../packages/weechat-declarative.nix {
@@ -54,7 +53,7 @@ in {
              msg_part = "tschö mit ö";
              msg_quit = "ciao kakao";
              msg_kick = "warum machst du diese?";
-              realname = lib.head (lib.strings.split " " kieran.name);
+              realname = lib.head (lib.strings.split " " pkgs.lib.niveum.kieran.name);
            };
            server = {
              hackint = {
@@ -185,7 +184,7 @@ in {
  users.groups.weechat = { };
  users.extraUsers.weechat = {
    useDefaultShell = true;
-    openssh.authorizedKeys.keys = kieran.sshKeys ++ [
+    openssh.authorizedKeys.keys = pkgs.lib.niveum.kieran.sshKeys ++ [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC+KVDmYYH7mA8v81e9O3swXm3ZVYY9t4HP65ud61uXy weechat_android@kibbeh"
    ];
    createHome = true;
--- a/systems/manakish/configuration.nix
+++ b/systems/manakish/configuration.nix
@@ -3,9 +3,7 @@
  pkgs,
  lib,
  ...
-}: let
-  inherit (import ../../lib) retiolumAddresses;
-in {
+}: {
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
@@ -50,7 +48,7 @@ in {
      wwp0s20u4i6.useDHCP = true;
    };
    wireless.interfaces = ["wlp3s0"];
-    retiolum = retiolumAddresses.manakish;
+    retiolum = pkgs.lib.niveum.retiolumAddresses.manakish;
    hostName = "manakish";
  };

--- a/systems/tabula/configuration.nix
+++ b/systems/tabula/configuration.nix
@@ -1,10 +1,9 @@
 {
  config,
+  lib,
  pkgs,
  ...
-}: let
-  inherit (import ../../lib) retiolumAddresses;
-in {
+}: {
  imports = [
    ./hardware-configuration.nix
    ../../configs/spacetime.nix
@@ -67,7 +66,7 @@ in {
      enp0s4.useDHCP = true;
      wlp2s0.useDHCP = true;
    };
-    retiolum = retiolumAddresses.tabula;
+    retiolum = pkgs.lib.niveum.retiolumAddresses.tabula;
    hostName = "tabula";
  };

--- a/systems/tahina/configuration.nix
+++ b/systems/tahina/configuration.nix
@@ -1,10 +1,9 @@
 {
  config,
+  lib,
  pkgs,
  ...
-}: let
-  inherit (import ../../lib) retiolumAddresses;
-in {
+}: {
  imports = [
    ./hardware-configuration.nix
    ../../configs/spacetime.nix
@@ -75,7 +74,7 @@ in {
      enp0s25.useDHCP = true;
      wlo1.useDHCP = true;
    };
-    retiolum = retiolumAddresses.tahina;
+    retiolum = pkgs.lib.niveum.retiolumAddresses.tahina;
    hostName = "tahina";
  };

--- a/systems/zaatar/backup.nix
+++ b/systems/zaatar/backup.nix
@@ -4,9 +4,6 @@
  lib,
  ...
 }: let
-  niveumLib = import ../../lib;
-  inherit (niveumLib) retiolumAddresses restic;
-  firewall = niveumLib.firewall lib;
  dataDir = "/backup/restic";
 in {
  services.restic.server = {
@@ -15,7 +12,7 @@ in {
    inherit dataDir;
    prometheus = true;
    extraFlags = ["--no-auth"]; # auth is done via firewall
-    listenAddress = toString restic.port;
+    listenAddress = toString pkgs.lib.niveum.restic.port;
  };

  environment.systemPackages = [
@@ -30,32 +27,32 @@ in {
  };

  networking.firewall = let
-    dport = restic.port;
+    dport = pkgs.lib.niveum.restic.port;
    protocol = "tcp";
    rules = [
-      (firewall.accept {
+      (pkgs.lib.niveum.firewall.accept {
        inherit dport protocol;
-        source = retiolumAddresses.kabsa.ipv4;
+        source = pkgs.lib.niveum.retiolumAddresses.kabsa.ipv4;
      })
-      (firewall.accept {
+      (pkgs.lib.niveum.firewall.accept {
        inherit dport protocol;
-        source = retiolumAddresses.manakish.ipv4;
+        source = pkgs.lib.niveum.retiolumAddresses.manakish.ipv4;
      })
-      (firewall.accept {
+      (pkgs.lib.niveum.firewall.accept {
        inherit dport protocol;
-        source = retiolumAddresses.makanek.ipv4;
+        source = pkgs.lib.niveum.retiolumAddresses.makanek.ipv4;
      })
-      (firewall.accept {
+      (pkgs.lib.niveum.firewall.accept {
        inherit dport protocol;
-        source = retiolumAddresses.fatteh.ipv4;
+        source = pkgs.lib.niveum.retiolumAddresses.fatteh.ipv4;
      })
-      (firewall.accept {
+      (pkgs.lib.niveum.firewall.accept {
        inherit dport protocol;
-        source = retiolumAddresses.ful.ipv4;
+        source = pkgs.lib.niveum.retiolumAddresses.ful.ipv4;
      })
    ];
  in {
-    extraCommands = firewall.addRules rules;
-    extraStopCommands = firewall.removeRules rules;
+    extraCommands = pkgs.lib.niveum.firewall.addRules rules;
+    extraStopCommands = pkgs.lib.niveum.firewall.removeRules rules;
  };
 }
--- a/systems/zaatar/configuration.nix
+++ b/systems/zaatar/configuration.nix
@@ -3,9 +3,8 @@
  pkgs,
  lib,
  ...
-}: let
-  inherit (import ../../lib) retiolumAddresses restic;
-in {
+}:
+{
  imports = [
    ./backup.nix
    ./gaslight.nix
@@ -51,7 +50,7 @@ in {

  services.restic.backups.niveum = {
    initialize = true;
-    inherit (restic) repository;
+    repository = pkgs.lib.niveum.restic.repository;
    timerConfig = {
      OnCalendar = "daily";
      RandomizedDelaySec = "1h";
@@ -70,24 +69,26 @@ in {

  services.illum.enable = true;

-  environment.systemPackages = let
-    worldradio = pkgs.callPackage ../../packages/worldradio.nix {};
-  in [
-    (pkgs.writers.writeDashBin "mpv" ''${pkgs.mpv}/bin/mpv --no-video "$@"'')
-    (pkgs.writers.writeDashBin "worldradio" ''
-      shuf ${worldradio} | ${pkgs.findutils}/bin/xargs ${pkgs.mpv}/bin/mpv --no-video
-    '')
-    pkgs.git
-    pkgs.vim
-    pkgs.htop
-    pkgs.ncmpcpp
-    pkgs.python3 # for sshuttle
-  ];
+  environment.systemPackages =
+    let
+      worldradio = pkgs.callPackage ../../packages/worldradio.nix { };
+    in
+    [
+      (pkgs.writers.writeDashBin "mpv" ''${pkgs.mpv}/bin/mpv --no-video "$@"'')
+      (pkgs.writers.writeDashBin "worldradio" ''
+        shuf ${worldradio} | ${pkgs.findutils}/bin/xargs ${pkgs.mpv}/bin/mpv --no-video
+      '')
+      pkgs.git
+      pkgs.vim
+      pkgs.htop
+      pkgs.ncmpcpp
+      pkgs.python3 # for sshuttle
+    ];

  networking = {
    hostName = "zaatar";
-    wireless.interfaces = ["wlp2s0"];
-    retiolum = retiolumAddresses.zaatar;
+    wireless.interfaces = [ "wlp2s0" ];
+    retiolum = pkgs.lib.niveum.retiolumAddresses.zaatar;
  };

  system.stateVersion = "23.11";
--- a/systems/zaatar/home-assistant.nix
+++ b/systems/zaatar/home-assistant.nix
@@ -1,6 +1,5 @@
 {config, pkgs, lib, ...}: let
  port = 8123;
-  inherit (import ../../lib) restic;
  volumeName = "home-assistant";
  streams = import ../../lib/streams.nix {
    di-fm-key = "%DI_FM_KEY%"; # TODO lib.strings.fileContents <secrets/di.fm/key>;
@@ -17,7 +16,7 @@ in {

  services.restic.backups.niveum = {
    initialize = true;
-    inherit (restic) repository;
+    repository = pkgs.lib.niveum.restic.repository;
    timerConfig = {
      OnCalendar = "daily";
      RandomizedDelaySec = "1h";
--- a/systems/zaatar/moodle-dl-meinhark.nix
+++ b/systems/zaatar/moodle-dl-meinhark.nix
@@ -141,7 +141,7 @@ in {
  services.nfs.server = {
    enable = true;
    exports = let
-      machines = with (import ../../lib).retiolumAddresses; [kabsa manakish];
+      machines = with pkgs.lib.niveum.retiolumAddresses; [kabsa manakish];
    in ''
      /export        ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(fsid=0)") machines}
      /export/moodle ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(insecure,rw)") machines}
--- a/systems/zaatar/mpd.nix
+++ b/systems/zaatar/mpd.nix
@@ -4,9 +4,6 @@
  lib,
  ...
 }: let
-  firewall = (import ../../lib).firewall lib;
-  inherit (import ../../lib) tmpfilesConfig;
-
  mukkeMountPoint = "/mnt/mukke";
  fritzboxMountPoint = "/mnt/fritz";

@@ -57,7 +54,7 @@ in {
  };

  systemd.tmpfiles.rules = [
-    (tmpfilesConfig {
+    (pkgs.lib.niveum.tmpfilesConfig {
      type = "L+";
      mode = "0644";
      user = "mpd";
@@ -65,7 +62,7 @@ in {
      path = "${config.services.mpd.musicDirectory}/mukke";
      argument = mukkeMountPoint;
    })
-    (tmpfilesConfig {
+    (pkgs.lib.niveum.tmpfilesConfig {
      type = "L+";
      mode = "0644";
      user = "mpd";
@@ -81,19 +78,19 @@ in {
    dport = config.services.mpd.network.port;
    protocol = "tcp";
    rules = [
-      (firewall.accept {
+      (pkgs.lib.niveum.firewall.accept {
        inherit dport protocol;
        source = "192.168.0.0/16";
      })
-      (firewall.accept {
+      (pkgs.lib.niveum.firewall.accept {
        inherit dport protocol;
        source = "127.0.0.0/8";
      })
    ];
  in {
    allowedTCPPorts = [80];
-    extraCommands = firewall.addRules rules;
-    extraStopCommands = firewall.removeRules rules;
+    extraCommands = pkgs.lib.niveum.firewall.addRules rules;
+    extraStopCommands = pkgs.lib.niveum.firewall.removeRules rules;
  };

  systemd.services.mpd-playlists = {