niri: add shortcut to float windows

replace more instances of rofi by wofi
passmenu: fix
2026-03-17 10:41:06 +01:00 · 2025-08-26 08:29:09 +02:00 · 2025-08-26 08:28:56 +02:00 · 2025-08-26 07:50:31 +02:00 · 2025-08-26 07:50:24 +02:00 · 2025-08-26 07:50:06 +02:00
97 changed files with 2801 additions and 1277 deletions
--- a/README.md
+++ b/README.md
@@ -1,7 +1,5 @@
 # niveum

-> I must Create a System, or be enslav'd by another Man's. —William Blake
-
 > [nĭvĕus](https://logeion.uchicago.edu/niveus), a, um, adj. [nix], _of_ or _from snow, snowy, snow-_ (poet.)
 >
 > 1. Lit.: aggeribus niveis informis, Verg. G. 3, 354: aqua, _cooled with snow_, Mart. 12, 17, 6; cf. id. 14, 104 and 117: mons, _covered with snow_, Cat. 64, 240.—
--- a/configs/0ad.nix
+++ b/configs/0ad.nix
@@ -1,8 +0,0 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = [ pkgs.zeroad ];
-  networking.firewall = {
-    allowedTCPPorts = [ 20595 ];
-    allowedUDPPorts = [ 20595 ];
-  };
-}
--- a/configs/aerc.nix
+++ b/configs/aerc.nix
@@ -8,14 +8,14 @@
  inherit (import ../lib/email.nix) defaults thunderbirdProfile;
 in {
  age.secrets = {
-    email-password-ical-ephemeris = {
-      file = ../secrets/email-password-ical-ephemeris.age;
+    email-password-cock = {
+      file = ../secrets/email-password-cock.age;
      owner = config.users.users.me.name;
      group = config.users.users.me.group;
      mode = "400";
    };
-    email-password-cock = {
-      file = ../secrets/email-password-cock.age;
+    email-password-letos = {
+      file = ../secrets/email-password-letos.age;
      owner = config.users.users.me.name;
      group = config.users.users.me.group;
      mode = "400";
@@ -92,17 +92,16 @@ in {
          smtp.port = 25;
          smtp.tls.useStartTls = true;
        };
-      ical-ephemeris =
+      letos =
        lib.recursiveUpdate defaults
-        rec {
-          userName = "ical.ephemeris@web.de";
-          realName = "Kieran from iCal Ephemeris";
-          address = userName;
-          passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-ical-ephemeris.path}";
-          imap.host = "imap.web.de";
+        {
+          userName = "slfletos";
+          address = "letos.sprachlit@hu-berlin.de";
+          passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-letos.path}";
+          imap.host = "mailbox.cms.hu-berlin.de";
          imap.port = 993;
-          smtp.host = "smtp.web.de";
-          smtp.port = 587;
+          smtp.host = "mailhost.cms.hu-berlin.de";
+          smtp.port = 25;
          smtp.tls.useStartTls = true;
        };
      posteo =
--- a/configs/bash.nix
+++ b/configs/bash.nix
@@ -5,6 +5,6 @@
    interactiveShellInit = ''
      set -o vi
    '';
-    completion.enable = true;
+    enableCompletion = true;
  };
 }
--- a/configs/bots/autorenkalender.nix
+++ b/configs/bots/autorenkalender.nix
@@ -1,9 +1,17 @@
 {
+  pkgs,
+  lib,
  config,
-  inputs,
  ...
 }: let
-  autorenkalender = inputs.autorenkalender.packages.x86_64-linux.default;
+  autorenkalender-package = pkgs.fetchFromGitHub {
+    owner = "kmein";
+    repo = "autorenkalender";
+    rev = "cf49a7b057301332d980eb47042a626add93db66";
+    sha256 = "1pa7sjg33vdnjianrqldv445jdzzv3mn231ljk1j58hs0cd505gs";
+  };
+  autorenkalender =
+    pkgs.python3Packages.callPackage autorenkalender-package {};
 in {
  niveum.bots.autorenkalender = {
    enable = true;
--- a/configs/bots/smyth.nix
+++ b/configs/bots/smyth.nix
@@ -20,31 +20,15 @@
    command = toString (pkgs.writers.writeDash "random-smyth" ''
      set -efu

-      good_curl() {
-        ${pkgs.curl}/bin/curl "$@" \
-          --compressed \
-          -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
-          -H 'Accept-Language: en-US,en;q=0.5' \
-          -H 'DNT: 1' \
-          -H 'Connection: keep-alive' \
-          -H 'Upgrade-Insecure-Requests: 1' \
-          -H 'Sec-Fetch-Dest: document' \
-          -H 'Sec-Fetch-Mode: navigate' \
-          -H 'Sec-Fetch-Site: cross-site' \
-          -H 'Priority: u=0, i' \
-          -H 'Pragma: no-cache' \
-          -H 'Cache-Control: no-cache'
-      }
-
      RANDOM_SECTION=$(
-        good_curl -sSL http://www.perseus.tufts.edu/hopper/xmltoc?doc=Perseus%3Atext%3A1999.04.0007%3Asmythp%3D1 \
+        ${pkgs.curl}/bin/curl -sSL http://www.perseus.tufts.edu/hopper/xmltoc?doc=Perseus%3Atext%3A1999.04.0007%3Asmythp%3D1 \
          | ${pkgs.gnugrep}/bin/grep -o 'ref="[^"]*"' \
          | ${pkgs.coreutils}/bin/shuf -n1 \
          | ${pkgs.gnused}/bin/sed 's/^ref="//;s/"$//'
      )

      url="http://www.perseus.tufts.edu/hopper/text?doc=$RANDOM_SECTION"
-      good_curl -sSL "$url"\
+      ${pkgs.curl}/bin/curl -sSL "$url"\
        | ${pkgs.htmlq}/bin/htmlq '#text_main' \
        | ${pkgs.gnused}/bin/sed 's/<\/\?hr>//g' \
        | ${pkgs.pandoc}/bin/pandoc -f html -t plain --wrap=none
--- a/configs/browser.nix
+++ b/configs/browser.nix
@@ -6,7 +6,7 @@
 }: {
  environment.systemPackages = [
    niveumPackages.cro
-    pkgs.tor-browser
+    pkgs.tor-browser-bundle-bin
    pkgs.firefox
    pkgs.brave
  ];
@@ -82,9 +82,5 @@
    };
  };

-  home-manager.users.me = {
-    stylix.targets.firefox.profileNames = ["default"];
-  };
-
  environment.variables.BROWSER = "firefox";
 }
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -3,6 +3,7 @@
  lib,
  config,
  niveumPackages,
+  unstablePackages,
  inputs,
  ...
 }:
@@ -23,9 +24,12 @@ in
        config = {
          allowUnfree = true;
          packageOverrides = pkgs: {
-            dmenu = pkgs.writers.writeDashBin "dmenu" ''exec ${pkgs.rofi}/bin/rofi -dmenu "$@"'';
+            dmenu = pkgs.writers.writeDashBin "dmenu" ''exec ${pkgs.wofi}/bin/wofi -dmenu "$@"'';
          };
          permittedInsecurePackages = [
+            "qtwebkit-5.212.0-alpha4"
+            "zotero-6.0.26"
+            "electron-25.9.0"
          ];
        };
      };
@@ -95,14 +99,14 @@ in
        {
          o = "${pkgs.xdg-utils}/bin/xdg-open";
          ns = "nix-shell --run zsh";
-          pbcopy = "${pkgs.xclip}/bin/xclip -selection clipboard -in";
-          pbpaste = "${pkgs.xclip}/bin/xclip -selection clipboard -out";
+          pbcopy = "${pkgs.wl-clipboard}/bin/wl-copy";
+          pbpaste = "${pkgs.wl-clipboard}/bin/wl-paste";
          tmux = "${pkgs.tmux}/bin/tmux -2";
          sxiv = swallow "${pkgs.nsxiv}/bin/nsxiv";
          zathura = swallow "${pkgs.zathura}/bin/zathura";
          im = "${pkgs.openssh}/bin/ssh weechat@makanek -t tmux attach-session -t IM";
          yt = "${pkgs.yt-dlp}/bin/yt-dlp --add-metadata -ic"; # Download video link
-          yta = "${pkgs.yt-dlp}/bin/yt-dlp --add-metadata --audio-format mp3 --audio-quality 0 -xic"; # Download with audio
+          yta = "${pkgs.yt-dlp}/bin/yt-dlp --add-metadata --audio-format opus --audio-quality 0 -xic"; # Download with audio
        };
    }
    {
@@ -135,6 +139,7 @@ in
        };
      };
    }
+    { programs.command-not-found.enable = true; }
    {
      programs.gnupg = {
        agent = {
@@ -210,13 +215,15 @@ in
    ./direnv.nix
    ./docker.nix
    ./dunst.nix
+    ./flix.nix
    ./fonts.nix
    ./fzf.nix
    ./git.nix
    ./hledger.nix
    ./htop.nix
-    ./uni.nix
+    ./fu-berlin.nix
    ./i3.nix
+    ./niri.nix
    ./i3status-rust.nix
    ./keyboard.nix
    ./mycelium.nix
@@ -230,8 +237,8 @@ in
    ./nix.nix
    ./newsboat.nix
    ./flameshot.nix
+    ./fritzbox.nix
    ./packages.nix
-    ./virtualization.nix
    ./picom.nix
    ./stardict.nix
    ./polkit.nix
@@ -256,6 +263,7 @@ in
      '';
    }
    ./tor.nix
+    ./stw-berlin.nix
    ./mastodon-bot.nix
    {
      fileSystems."${remoteDir}/fritz" = {
--- a/configs/flameshot.nix
+++ b/configs/flameshot.nix
@@ -5,6 +5,7 @@
 }: {
  home-manager.users.me = {
    services.flameshot = {
+      package = pkgs.flameshot.override { enableWlrSupport = true; };
      enable = true;
      settings.General = {
        autoCloseIdleDaemon = true;
@@ -15,7 +16,7 @@
        showHelp = false;
        squareMagnifier = true;
        uploadWithoutConfirmation = true;
-        # buttons = ''@Variant(\0\0\0\x7f\0\0\0\vQList<int>\0\0\0\0\x10\0\0\0\x2\0\0\0\x5\0\0\0\x13\0\0\0\xa\0\0\0\x1\0\0\0\xc\0\0\0\xd\0\0\0\x6\0\0\0\x8\0\0\0\0\0\0\0\xf\0\0\0\x4\0\0\0\xb\0\0\0\x3\0\0\0\x12\0\0\0\x9)'';
+        buttons = ''@Variant(\0\0\0\x7f\0\0\0\vQList<int>\0\0\0\0\x10\0\0\0\x2\0\0\0\x5\0\0\0\x13\0\0\0\xa\0\0\0\x1\0\0\0\xc\0\0\0\xd\0\0\0\x6\0\0\0\x8\0\0\0\0\0\0\0\xf\0\0\0\x4\0\0\0\xb\0\0\0\x3\0\0\0\x12\0\0\0\x9)'';
      };
    };
  };
--- a/configs/flix.nix
+++ b/configs/flix.nix
@@ -0,0 +1,98 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+  flixLocation = "/media/flix";
+  flixLocationNew = "/media/flix-new";
+  cacheLocation = "/var/cache/flix";
+  indexFilename = "index";
+  indexFilenameNew = "index-new";
+  flixUser = "flix";
+  flixGroup = "users";
+  inherit (import ../lib) tmpfilesConfig;
+in {
+  fileSystems.${flixLocation} = {
+    device = "prism.r:/export/download";
+    fsType = "nfs";
+    options = [
+      "noauto"
+      "noatime"
+      "nodiratime"
+      "x-systemd.automount"
+      "x-systemd.device-timeout=1"
+      "x-systemd.idle-timeout=1min"
+      "x-systemd.requires=tinc.retiolum.service"
+      "user"
+      "_netdev"
+    ];
+  };
+
+  fileSystems.${flixLocationNew} = {
+    device = "//yellow.r/public";
+    fsType = "cifs";
+    options = [
+      "guest"
+      "nofail"
+      "noauto"
+      "ro"
+      "x-systemd.automount"
+      "x-systemd.device-timeout=1"
+      "x-systemd.idle-timeout=1min"
+    ];
+  };
+
+  systemd.tmpfiles.rules = [
+    (tmpfilesConfig {
+      type = "d";
+      path = cacheLocation;
+      mode = "0750";
+      user = flixUser;
+      group = flixGroup;
+    })
+  ];
+
+  systemd.services.flix-index = {
+    description = "Flix indexing service";
+    wants = ["network-online.target"];
+    script = ''
+      cp ${flixLocation}/index ./${indexFilename}
+      cp ${flixLocationNew}/index ./${indexFilenameNew}
+    '';
+    startAt = "hourly";
+    serviceConfig = {
+      Type = "oneshot";
+      User = flixUser;
+      Group = flixGroup;
+      WorkingDirectory = cacheLocation;
+    };
+  };
+
+  users.extraUsers.${flixUser} = {
+    isSystemUser = true;
+    createHome = true;
+    home = cacheLocation;
+    group = flixGroup;
+  };
+
+  environment.systemPackages = [
+    (pkgs.writers.writeDashBin "mpv-simpsons" ''
+      set -efu
+      cd "${flixLocation}/download"
+      [ -f "${cacheLocation}/${indexFilename}" ] || exit 1
+
+      cat "${cacheLocation}/${indexFilename}" \
+        | ${pkgs.gnugrep}/bin/grep -i 'simpsons.*mkv' \
+        | shuf \
+        | ${pkgs.findutils}/bin/xargs -d '\n' ${pkgs.mpv}/bin/mpv
+    '')
+    (pkgs.writers.writeDashBin "flixmenu" ''
+      set -efu
+      (
+        ${pkgs.gnused}/bin/sed 's#^\.#${flixLocation}#' ${cacheLocation}/${indexFilename}
+        ${pkgs.gnused}/bin/sed 's#^\.#${flixLocationNew}#' ${cacheLocation}/${indexFilenameNew}
+      ) | ${pkgs.dmenu}/bin/dmenu -i -p flix -l 5 "$@" \
+        | ${pkgs.findutils}/bin/xargs -I '{}' ${pkgs.util-linux}/bin/setsid ${pkgs.xdg-utils}/bin/xdg-open '{}'
+    '')
+  ];
+}
--- a/configs/fonts.nix
+++ b/configs/fonts.nix
@@ -1,5 +1,6 @@
 {
  pkgs,
+  config,
  niveumPackages,
  ...
 }: let
@@ -102,12 +103,12 @@ in {
      lmodern
      merriweather
      ocr-a
-      montserrat
      roboto
      roboto-mono
      noto-fonts
      noto-fonts-cjk-sans
-      noto-fonts-color-emoji
+      noto-fonts-emoji
+      nerd-fonts.blex-mono
      roboto-slab
      scheherazade-new
      source-code-pro
@@ -115,15 +116,15 @@ in {
      source-serif-pro
      theano
      niveumPackages.tocharian-font
-      vista-fonts
+      vistafonts
      vollkorn
      zilla-slab
    ]; # google-fonts league-of-moveable-type
    fontconfig.defaultFonts = rec {
-      monospace = ["Noto Sans Mono"] ++ emoji;
-      serif = ["Noto Serif" "Noto Naskh Arabic" "Noto Serif Devanagari"];
-      sansSerif = ["Noto Sans Display" "Noto Naskh Arabic" "Noto Sans Hebrew" "Noto Sans Devanagari" "Noto Sans CJK JP" "Noto Sans Coptic" "Noto Sans Syriac Western"];
-      emoji = ["Noto Color Emoji"];
+      monospace = [config.stylix.fonts.monospace.name] ++ emoji;
+      serif = [config.stylix.fonts.serif.name "Scheherazade New" "Ezra SIL" "Antinoou" "Noto Serif Devanagari"];
+      sansSerif = [config.stylix.fonts.sansSerif.name "Noto Sans Display" "Noto Naskh Arabic" "Noto Sans Hebrew" "Noto Sans Devanagari" "Noto Sans CJK JP" "Noto Sans Coptic" "Noto Sans Syriac Western"];
+      emoji = [config.stylix.fonts.emoji.name];
    };
    # xelatex fails with woff files
    # ref https://tex.stackexchange.com/questions/392144/xelatex-and-fontspec-crash-trying-to-find-woff-file-for-some-fonts-but-not-other
--- a/configs/fritzbox.nix
+++ b/configs/fritzbox.nix
@@ -0,0 +1,19 @@
+{ config, ... }:
+{
+  networking.firewall.allowedUDPPorts = [ 51820 ];
+  networking.wg-quick.interfaces.aether = {
+    autostart = false;
+    dns = ["192.168.178.1" "fritz.box"];
+    listenPort = 51820;
+    privateKeyFile = config.age.secrets.wireguard-aether-key.path;
+    peers = [
+      {
+        allowedIPs = ["192.168.178.0/24" "0.0.0.0/0"];
+        endpoint = "lng5gx2rmssv8ge1.myfritz.net:58997";
+        persistentKeepalive = 25;
+        presharedKeyFile = config.age.secrets.wireguard-aether-psk.path;
+        publicKey = "8Rr7BueC0CGmycBQFS7YM7VF7Adkdc1ZcLFy8YXyOQk=";
+      }
+    ];
+  };
+}
--- a/configs/fu-berlin.nix
+++ b/configs/fu-berlin.nix
@@ -30,19 +30,7 @@ in {
      };
    };
    accounts.email.accounts = {
-      letos =
-        lib.recursiveUpdate defaults
-        {
-          userName = "slfletos";
-          address = "letos.sprachlit@hu-berlin.de";
-          passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-letos.path}";
-          imap.host = "mailbox.cms.hu-berlin.de";
-          imap.port = 993;
-          smtp.host = "mailhost.cms.hu-berlin.de";
-          smtp.port = 25;
-          smtp.tls.useStartTls = true;
-        };
-      fu =
+      fu-student =
        lib.recursiveUpdate defaults
        (lib.recursiveUpdate fu-defaults
          rec {
@@ -50,6 +38,21 @@ in {
            address = "kieran.meinhardt@fu-berlin.de";
            aliases = ["${userName}@fu-berlin.de"];
            passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-meinhak99.path}";
+            aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text);
+            signature = {
+              showSignature = "append";
+              text = ''
+                ${defaults.realName}
+                ${pronouns}
+
+                ---
+                Studentische Hilfskraft / ZODIAC
+                Freie Universität Berlin
+
+                Telefon: +49 30 838 58118
+                Arnimallee 10, Raum 106, 14195 Berlin
+              '';
+            };
            himalaya = {
              enable = true;
              settings.backend = "imap";
@@ -65,12 +68,6 @@ in {
      group = config.users.users.me.group;
      mode = "400";
    };
-    email-password-letos = {
-      file = ../secrets/email-password-letos.age;
-      owner = config.users.users.me.name;
-      group = config.users.users.me.group;
-      mode = "400";
-    };
    fu-sftp-key = {
      file = ../secrets/fu-sftp-key.age;
      owner = "root";
@@ -113,31 +110,24 @@ in {
        ];
      };
    };
-  in home-directory-mount "meinhak99";
+  in {
+    "${remoteDir}/fu/zodiac" = {
+      device = "//trove.storage.fu-berlin.de/GESCHKULT";
+      fsType = "cifs";
+      options =
+        fu-berlin-cifs-options
+        ++ [
+          "credentials=${config.age.secrets.cifs-credentials-zodiac.path}"
+        ];
+    };
+  } // home-directory-mount "meinhak99"
+    // home-directory-mount "xm7234fu";
+
+  age.secrets = {
+    cifs-credentials-zodiac.file = ../secrets/cifs-credentials-zodiac.age;
+  };

  environment.systemPackages = [
-    (pkgs.writers.writeDashBin "hu-vpn-split" ''
-      ${pkgs.openfortivpn}/bin/openfortivpn \
-        --password="$(cat "${config.age.secrets.email-password-letos.path}")" \
-        --config=${
-        pkgs.writeText "hu-berlin-split.config" ''
-          host = forti-ssl.vpn.hu-berlin.de
-          port = 443
-          username = slfletos@split_tunnel
-        ''
-      }
-    '')
-    (pkgs.writers.writeDashBin "hu-vpn-full" ''
-      ${pkgs.openfortivpn}/bin/openfortivpn \
-        --password="$(cat "${config.age.secrets.email-password-letos.path}")" \
-        --config=${
-        pkgs.writeText "hu-berlin-full.config" ''
-          host = forti-ssl.vpn.hu-berlin.de
-          port = 443
-          username = slfletos@tunnel_all
-        ''
-      }
-    '')
    (pkgs.writers.writeDashBin "fu-vpn" ''
      if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam
      then
@@ -148,4 +138,16 @@ in {
      fi
    '')
  ];
+
+  systemd.services.fu-vpn = {
+    enable = false;
+    wants = ["network-online.target"];
+    serviceConfig.LoadCredential = "password:${config.age.secrets.email-password-meinhak99.path}";
+    script = ''
+      if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam
+      then
+        cat "$CREDENTIALS_DIRECTORY/password" | ${pkgs.openconnect}/bin/openconnect vpn.fu-berlin.de --user ${username} --passwd-on-stdin
+      fi
+    '';
+  };
 }
--- a/configs/git.nix
+++ b/configs/git.nix
@@ -17,6 +17,7 @@ in {
    pkgs.gitstats
    pkgs.patch
    pkgs.patchutils
+    inputs.self.packages.${pkgs.system}.git-preview
  ];

  environment.shellAliases = {
@@ -28,7 +29,9 @@ in {
    programs.git = {
      enable = true;
      package = pkgs.gitFull;
-      settings.alias = {
+      userName = kieran.name;
+      userEmail = kieran.email;
+      aliases = {
        br = "branch";
        co = "checkout";
        ci = "commit";
@@ -42,12 +45,19 @@ in {
        graph = "log --graph --abbrev-commit --decorate --date=relative --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(bold yellow)%d%C(reset)' --all";
      };
      ignores = ignorePaths;
-      settings.user.name = kieran.name;
-      settings.user.email = kieran.email;
-      settings.pull.ff = "only";
-      settings.rebase.autoStash = true;
-      settings.merge.autoStash = true;
-      settings.push.autoSetupRemove = true;
+      extraConfig = {
+        pull.ff = "only";
+        rebase.autoStash = true;
+        merge.autoStash = true;
+        push.autoSetupRemote = true;
+
+        # # ref https://github.com/dandavison/delta
+        # core.pager = "${pkgs.delta}/bin/delta";
+        # interactive.diffFilter = "${pkgs.delta}/bin/delta --color-only";
+        # delta.navigate = true;
+        # merge.conflictStyle = "diff3";
+        # diff.colorMoved = "default";
+      };
    };
  };
 }
--- a/configs/i3.nix
+++ b/configs/i3.nix
@@ -94,7 +94,7 @@ in {
  services.xserver = {
    windowManager.i3 = {
      enable = true;
-      package = pkgs.i3;
+      package = pkgs.i3-gaps;
    };
  };

@@ -113,7 +113,6 @@ in {
    '';
  };

-
  home-manager.users.me = let
    modifier = "Mod4";
    infoWorkspace = "ℹ";
@@ -132,7 +131,7 @@ in {
      border = 1;
    };
    bars = [
-      (config.home-manager.users.me.stylix.targets.i3.exportedBarConfig
+      (config.home-manager.users.me.lib.stylix.i3.bar
        // rec {
          workspaceButtons = true;
          mode = "hide"; # "dock";
@@ -270,7 +269,32 @@ in {
        # XF86Launch1 (thinkvantage)
      };
  in {
-    stylix.targets.i3.enable = true;
+    wayland.windowManager.sway = {
+      enable = true;
+      config = {
+        menu = "rofi -modi run,ssh,window -show run";
+        inherit modifier modes gaps bars floating window colors keybindings;
+        input = {
+          "*" = {
+            xkb_layout = "de";
+            xkb_variant = "T3";
+          };
+        };
+        terminal = (defaultApplications pkgs).terminal;
+        up = "k";
+        down = "j";
+        left = "h";
+        right = "l";
+        seat = {
+          "*" = {
+            hide_cursor = "when-typing enable";
+          };
+        };
+        startup = [
+          {command = "echo hello";}
+        ];
+      };
+    };

    xsession.windowManager.i3 = {
      enable = true;
@@ -287,9 +311,19 @@ in {
        assign [class="dashboard"] ${infoWorkspace}
        exec ${dashboard}/bin/dashboard
      '';
-      config = {
-          inherit modifier gaps modes bars floating window colors;
-          keybindings = keybindings // {
+      config = lib.mkMerge [
+        {
+          inherit modifier gaps modes bars floating window colors keybindings;
+        }
+        {
+          keybindings = let
+            new-workspace = pkgs.writers.writeDash "new-workspace" ''
+              i3-msg workspace $(($(i3-msg -t get_workspaces | tr , '\n' | grep '"num":' | cut -d : -f 2 | sort -rn | head -1) + 1))
+            '';
+            move-to-new-workspace = pkgs.writers.writeDash "new-workspace" ''
+              i3-msg move container to workspace $(($(i3-msg -t get_workspaces | tr , '\n' | grep '"num":' | cut -d : -f 2 | sort -rn | head -1) + 1))
+            '';
+          in {
            "${modifier}+ß" = "exec ${niveumPackages.menu-calc}/bin/=";
            "${modifier}+F6" = "exec ${pkgs.xorg.xkill}/bin/xkill";
            "${modifier}+F9" = "exec ${pkgs.redshift}/bin/redshift -O 4000 -b 0.85";
@@ -300,7 +334,8 @@ in {
            # "${modifier}+x" = "exec ${new-workspace}";
            "XF86Display" = "exec ${niveumPackages.dmenu-randr}/bin/dmenu-randr";
          };
-      };
+        }
+      ];
    };
  };
 }
--- a/configs/keyboard.nix
+++ b/configs/keyboard.nix
@@ -2,129 +2,91 @@
  pkgs,
  lib,
  ...
-}:
-let
+}: let

  commaSep = builtins.concatStringsSep ",";
-  xkbOptions = [
-    "compose:caps"
-    "terminate:ctrl_alt_bksp"
-    "grp:ctrls_toggle"
-  ];
+  xkbOptions = ["compose:caps" "terminate:ctrl_alt_bksp" "grp:ctrls_toggle"];
  languages = {
-    deutsch = {
-      code = "de";
-      variant = "T3";
-    };
-    greek = {
-      code = "gr";
-      variant = "polytonic";
-    };
-    russian = {
-      code = "ru";
-      variant = "phonetic";
-    };
-    arabic = {
-      code = "ara";
-      variant = "buckwalter";
-    }; # ../lib/keyboards/arabic;
-    coptic = ../lib/keyboards/coptic;
+    arabic = { code = "ara"; variant = "buckwalter"; }; # ../lib/keyboards/arabic;
    avestan = ../lib/keyboards/avestan;
+    coptic = ../lib/keyboards/coptic;
+    deutsch = { code = "de"; variant = "T3"; };
+    farsi = { code = "ir"; variant = "qwerty"; };
    gothic = ../lib/keyboards/gothic;
-    farsi = {
-      code = "ir";
-      variant = "qwerty";
-    };
-    syriac = {
-      code = "sy";
-      variant = "syc_phonetic";
-    };
-    sanskrit = {
-      code = "in";
-      variant = "san-kagapa";
-    };
-    gujarati = {
-      code = "in";
-      variant = "guj-kagapa";
-    };
-    urdu = {
-      code = "in";
-      variant = "urd-phonetic";
-    };
-    hebrew = {
-      code = "il";
-      variant = "phonetic";
-    };
+    greek = { code = "gr"; variant = "polytonic"; };
+    gujarati = {code = "in"; variant = "guj-kagapa"; };
+    hebrew = {code = "il"; variant = "phonetic";};
+    russian = { code = "ru"; variant = "phonetic"; };
+    sanskrit = { code = "in"; variant = "san-kagapa"; };
+    syriac = { code = "sy"; variant = "syc_phonetic"; };
+    urdu = {code = "in"; variant = "urd-phonetic"; };
  };
  defaultLanguage = languages.deutsch;
-in
-{
+in {
  services.libinput.enable = true;

  # man 7 xkeyboard-config
  services.xserver = {
-    exportConfiguration = true; # link /usr/share/X11 properly
+    # exportConfiguration = true; # link /usr/share/X11 properly
    xkb.layout = defaultLanguage.code;
    # T3: https://upload.wikimedia.org/wikipedia/commons/a/a9/German-Keyboard-Layout-T3-Version1-large.png
    # buckwalter: http://www.qamus.org/transliteration.htm
    xkb.variant = defaultLanguage.variant;
    xkb.options = commaSep xkbOptions;
-    xkb.dir = pkgs.symlinkJoin {
-      name = "x-keyboard-directory";
-      paths = [
-        "${pkgs.xkeyboard_config}/etc/X11/xkb"
-        (pkgs.linkFarm "custom-x-keyboards" (
-          lib.mapAttrsToList (name: value: {
-            name = "symbols/${name}";
-            path = value;
-          }) (lib.filterAttrs (_: value: !(value ? "code")) languages)
-          ++ [
-            {
-              name = "symbols/ir";
-              path = ../lib/keyboards/farsi;
-            }
-          ]
-        ))
-      ];
+    xkb.extraLayouts = {
+      "coptic" = {
+        languages = ["cop"];
+        description = "Coptic";
+        symbolsFile = ../lib/keyboards/coptic;
+      };
+      "gothic" = {
+        languages = ["got"];
+        description = "Gothic";
+        symbolsFile = ../lib/keyboards/gothic;
+      };
+      "avestan" = {
+        languages = ["ave"];
+        description = "Avestan";
+        symbolsFile = ../lib/keyboards/avestan;
+      };
+      "farsi-good" = {
+        languages = ["fas"];
+        description = "Farsi, but good";
+        symbolsFile = ../lib/keyboards/farsi;
+      };
    };
  };

  environment.etc."x11-locale".source = toString pkgs.xorg.libX11 + "share/X11/locale";

-  home-manager.users.me = {
-    home.file =
-      lib.mapAttrs' (name: path: lib.nameValuePair ".xkb/symbols/${name}" { source = path; })
-        (lib.filterAttrs (_: value: !(value ? "code")) languages) // {
-          ".xkb/symbols/ir".source = ../lib/keyboards/farsi;
-        };
-  };
-
  console.keyMap = "de";

-  environment.systemPackages = lib.mapAttrsToList (
-    language: settings:
+  environment.systemPackages =
+    lib.mapAttrsToList
+    (language: settings:
    let
      code = if settings ? "code" then settings.code else language;
      variant = if settings ? "variant" then settings.variant else "";
    in
-    pkgs.writers.writeDashBin "kb-${language}" ''
-      if [ -z $SWAYSOCK ]; then
-        ${pkgs.xorg.setxkbmap}/bin/setxkbmap ${defaultLanguage.code},${code} ${defaultLanguage.variant},${variant} ${
-          toString (map (option: "-option ${option}") xkbOptions)
-        }
-      else
-        swaymsg -s $SWAYSOCK 'input * xkb_layout "${defaultLanguage.code},${code}"'
-        swaymsg -s $SWAYSOCK 'input * xkb_variant "${defaultLanguage.variant},${variant}"'
-        swaymsg -s $SWAYSOCK 'input * xkb_options "${lib.concatStringsSep "," xkbOptions}"'
-      fi
-    ''
-  ) languages;
+      pkgs.writers.writeDashBin "kb-${language}" ''
+        ${pkgs.xorg.setxkbmap}/bin/setxkbmap ${defaultLanguage.code},${code} ${defaultLanguage.variant},${variant} ${toString (map (option: "-option ${option}") xkbOptions)}
+      '')
+      languages ++
+    lib.mapAttrsToList
+    (language: settings:
+    let
+      code = if settings ? "code" then settings.code else language;
+      variant = if settings ? "variant" then settings.variant else "";
+    in
+      pkgs.writers.writeDashBin "kb-niri-${language}" ''
+        ${pkgs.gnused}/bin/sed -i 's/^\(\s*layout\) ".*"$/\1 "${defaultLanguage.code},${code}"/;s/^\(\s*variant\) ".*"$/\1 "${defaultLanguage.variant},${variant}"/' ~/.config/niri/config.kdl
+      '') languages;

  # improve held key rate
  services.xserver.displayManager.sessionCommands = "${pkgs.xorg.xset}/bin/xset r rate 300 50";

  systemd.user.services.gxkb = {
-    wantedBy = [ "graphical-session.target" ];
+    wantedBy = ["graphical-session.target"];
    serviceConfig = {
      SyslogIdentifier = "gxkb";
      ExecStart = "${pkgs.gxkb}/bin/gxkb";
--- a/configs/mpv.nix
+++ b/configs/mpv.nix
@@ -36,8 +36,8 @@ in {
        "Alt+j" = "add video-pan-y -0.05";
      };
      scripts = [
-        pkgs.mpvScripts.quality-menu
-        pkgs.mpvScripts.visualizer
+        # pkgs.mpvScripts.quality-menu
+        niveumPackages.mpv-visualizer
      ];
    };
  };
--- a/configs/neovim.nix
+++ b/configs/neovim.nix
@@ -37,8 +37,8 @@
  environment.systemPackages = [
    (pkgs.writers.writeDashBin "vim" ''neovim "$@"'')
    (niveumPackages.vim.override {
-      # stylixColors = config.lib.stylix.colors;
-      colorscheme = "base16-gruvbox-dark-medium";
+      stylixColors = config.lib.stylix.colors;
+      # colorscheme = "base16-gruvbox-light-medium";
    })

    # language servers
@@ -46,14 +46,13 @@
    pkgs.haskellPackages.haskell-language-server
    pkgs.texlab
    pkgs.nil
-    pkgs.gopls
    pkgs.nixfmt-rfc-style
    pkgs.rust-analyzer
    pkgs.nodePackages.typescript-language-server
    pkgs.lua-language-server
    pkgs.nodePackages.vscode-langservers-extracted
-    pkgs.lemminx # XML LSP
-    pkgs.jq-lsp
+    pkgs.lemminx
+    niveumPackages.jq-lsp
    pkgs.dhall-lsp-server
  ];
 }
--- a/configs/neovim.sync-conflict-20250130-092404-AJVBWR2.nix
+++ b/configs/neovim.sync-conflict-20250130-092404-AJVBWR2.nix
@@ -0,0 +1,46 @@
+{ pkgs, niveumPackages, config, ... }: {
+  environment.variables.EDITOR = pkgs.lib.mkForce "nvim";
+  environment.shellAliases.vi = "nvim";
+  environment.shellAliases.vim = "nvim";
+  environment.shellAliases.view = "nvim -R";
+
+  home-manager.users.me = {
+    editorconfig = {
+      enable = true;
+      settings = {
+        "*" = {
+          charset = "utf-8";
+          end_of_line = "lf";
+          trim_trailing_whitespace = true;
+          insert_final_newline = true;
+          indent_style = "space";
+          indent_size = 2;
+        };
+        "*.py" = { indent_size = 4; };
+        Makefile = { indent_style = "tab"; };
+        "*.md" = { trim_trailing_whitespace = false; };
+      };
+    };
+  };
+
+  environment.systemPackages = [
+    (pkgs.writers.writeDashBin "vim" ''neovim "$@"'')
+    (niveumPackages.vim.override {
+      stylixColors = config.lib.stylix.colors;
+      # colorscheme = "base16-gruvbox-dark-medium";
+    })
+
+    # language servers
+    pkgs.pyright
+    pkgs.haskellPackages.haskell-language-server
+    pkgs.texlab
+    pkgs.nil
+    pkgs.rust-analyzer
+    pkgs.nodePackages.typescript-language-server
+    pkgs.lua-language-server
+    pkgs.nodePackages.vscode-langservers-extracted
+    pkgs.lemminx
+    niveumPackages.jq-lsp
+    pkgs.dhall-lsp-server
+  ];
+}
--- a/configs/niri.nix
+++ b/configs/niri.nix
@@ -0,0 +1,445 @@
+{
+  pkgs,
+  config,
+  niveumPackages,
+  lib,
+  ...
+}:
+let
+  inherit (import ../lib) defaultApplications;
+  niriConfig =
+    let
+      klem = niveumPackages.klem.override {
+        config.dmenu = "${pkgs.dmenu}/bin/dmenu -i -p klem";
+        config.scripts = {
+          "p.r paste" = pkgs.writers.writeDash "p.r" ''
+            ${pkgs.curl}/bin/curl -fSs http://p.r --data-binary @- \
+            | ${pkgs.coreutils}/bin/tail --lines=1 \
+            | ${pkgs.gnused}/bin/sed 's/\\<r\\>/krebsco.de/'
+          '';
+          "envs.sh paste" = pkgs.writers.writeDash "envs-host" ''
+            ${pkgs.curl}/bin/curl -F "file=@-" https://envs.sh
+          '';
+          "envs.sh shorten" = pkgs.writers.writeDash "envs-shorten" ''
+            ${pkgs.curl}/bin/curl -F "shorten=$(${pkgs.coreutils}/bin/cat)" https://envs.sh
+          '';
+          "go.r shorten" = pkgs.writers.writeDash "go.r" ''
+            ${pkgs.curl}/bin/curl -fSs http://go.r -F "uri=$(${pkgs.coreutils}/bin/cat)"
+          '';
+          "4d2.org paste" = pkgs.writers.writeDash "4d2-paste" ''
+            ${pkgs.curl}/bin/curl -F "file=@-" https://depot.4d2.org/
+          '';
+          "0x0.st shorten" = pkgs.writers.writeDash "0x0.st" ''
+            ${pkgs.curl}/bin/curl -fSs https://0x0.st -F "shorten=$(${pkgs.coreutils}/bin/cat)"
+          '';
+          "rot13" = pkgs.writers.writeDash "rot13" ''
+            ${pkgs.coreutils}/bin/tr '[A-Za-z]' '[N-ZA-Mn-za-m]'
+          '';
+          "ipa" = pkgs.writers.writeDash "ipa" ''
+            ${niveumPackages.ipa}/bin/ipa
+          '';
+          "betacode" = pkgs.writers.writeDash "betacode" ''
+            ${niveumPackages.betacode}/bin/betacode
+          '';
+          "curl" = pkgs.writers.writeDash "curl" ''
+            ${pkgs.curl}/bin/curl -fSs "$(${pkgs.coreutils}/bin/cat)"
+          '';
+          ocr = pkgs.writers.writeDash "ocr" ''
+            ${pkgs.tesseract4}/bin/tesseract -l eng+deu - stdout
+          '';
+          emojai = pkgs.writers.writeDash "emojai" ''
+            ${pkgs.curl}/bin/curl https://www.emojai.app/api/generate -X POST -H 'Content-Type: application/json' --data-raw "$(${pkgs.jq}/bin/jq -sR '{emoji:.}')" | ${pkgs.jq}/bin/jq -r .result
+          '';
+          "gpt-3.5" = pkgs.writers.writeDash "gpt" ''
+            ${niveumPackages.gpt35}/bin/gpt
+          '';
+          gpt-4 = pkgs.writers.writeDash "gpt" ''
+            ${niveumPackages.gpt4}/bin/gpt
+          '';
+        };
+      };
+    in
+    ''
+      spawn-at-startup "${pkgs.ironbar}/bin/ironbar"
+      spawn-at-startup "${pkgs.xwayland-satellite}/bin/xwayland-satellite"
+
+      environment {
+        DISPLAY ":0"
+        ANKI_WAYLAND "1"
+      }
+
+      input {
+          warp-mouse-to-focus
+          focus-follows-mouse max-scroll-amount="0%"
+
+          keyboard {
+              repeat-rate 35
+              repeat-delay 350
+              track-layout "global"
+
+              xkb {
+                  layout "de"
+                  variant "T3"
+                  options "ctrl:nocaps,compose:caps,grp:ctrls_toggle"
+              }
+          }
+          touchpad {
+              click-method "clickfinger"
+              tap
+              dwt
+              dwtp
+          }
+      }
+
+      prefer-no-csd
+
+      hotkey-overlay {
+        skip-at-startup
+      }
+
+      layout {
+          gaps 5
+
+          default-column-width {
+            proportion 0.5
+          }
+
+          preset-column-widths {
+              proportion 0.33333
+              proportion 0.5
+              proportion 0.66667
+          }
+
+          focus-ring {
+              width 2
+          }
+
+          shadow {
+              // on
+              softness 30
+              spread 5
+              offset x=0 y=5
+              draw-behind-window true
+              color "#00000070"
+              // inactive-color "#00000054"
+          }
+
+          tab-indicator {
+              // off
+              hide-when-single-tab
+              place-within-column
+              gap 5
+              width 4
+              length total-proportion=1.0
+              position "right"
+              gaps-between-tabs 2
+              corner-radius 8
+              active-color "red"
+              inactive-color "gray"
+              urgent-color "blue"
+              // active-gradient from="#80c8ff" to="#bbddff" angle=45
+              // inactive-gradient from="#505050" to="#808080" angle=45 relative-to="workspace-view"
+              // urgent-gradient from="#800" to="#a33" angle=45
+          }
+
+          border {
+              off
+          }
+      }
+
+      animations {
+        // off
+        workspace-switch {
+            spring damping-ratio=1.0 stiffness=1000 epsilon=0.0001
+        }
+
+        window-open {
+            duration-ms 150
+            curve "ease-out-expo"
+        }
+
+        window-close {
+            duration-ms 150
+            curve "ease-out-quad"
+        }
+
+        horizontal-view-movement {
+            spring damping-ratio=1.0 stiffness=800 epsilon=0.0001
+        }
+
+        window-movement {
+            spring damping-ratio=1.0 stiffness=800 epsilon=0.0001
+        }
+
+        window-resize {
+            spring damping-ratio=1.0 stiffness=800 epsilon=0.0001
+        }
+
+        config-notification-open-close {
+            spring damping-ratio=0.6 stiffness=1000 epsilon=0.001
+        }
+
+        screenshot-ui-open {
+            duration-ms 200
+            curve "ease-out-quad"
+        }
+
+        overview-open-close {
+            spring damping-ratio=1.0 stiffness=800 epsilon=0.0001
+        }
+      }
+
+      window-rule {
+          geometry-corner-radius 0
+          clip-to-geometry true
+      }
+
+      window-rule {
+        match app-id="mpv"
+        open-floating true
+      }
+      window-rule {
+        match app-id="rofi"
+        open-floating true
+      }
+      window-rule {
+        match app-id=r#"firefox$"# title="^Picture-in-Picture$"
+        open-floating true
+        default-floating-position x=32 y=32 relative-to="bottom-left"
+      }
+
+      window-rule {
+          match is-window-cast-target=true
+
+          border {
+              on
+              width 3
+              active-color "#f38ba8"
+              inactive-color "#7d0d2d"
+          }
+      }
+
+      binds {
+          Mod+Shift+Slash { show-hotkey-overlay; }
+          Mod+Return { spawn "${(defaultApplications pkgs).terminal}"; }
+          Mod+D { spawn "${pkgs.wofi}/bin/wofi" "--show" "run"; }
+          Mod+Shift+D { spawn "${niveumPackages.notemenu}/bin/notemenu"; }
+          Mod+T { spawn "${(defaultApplications pkgs).fileManager}"; }
+          Mod+Y { spawn "${(defaultApplications pkgs).browser}"; }
+          Mod+P { spawn "${niveumPackages.passmenu}/bin/passmenu"; }
+          Mod+U { spawn "${niveumPackages.unicodmenu}/bin/unicodmenu"; }
+          Mod+Shift+Z { toggle-window-floating; }
+
+          Mod+B { spawn "${pkgs.ironbar}/bin/ironbar" "bar" "bar-1337" "toggle-visible"; }
+          Mod+F12 { spawn "${klem}/bin/klem"; }
+
+          Mod+Shift+Q { close-window; }
+
+          XF86AudioRaiseVolume  allow-when-locked=true { spawn "${pkgs.pamixer}/bin/pamixer -i 5"; }
+          XF86AudioLowerVolume  allow-when-locked=true { spawn "${pkgs.pamixer}/bin/pamixer -d 5"; }
+          XF86AudioMute         allow-when-locked=true { spawn "${pkgs.pamixer}/bin/pamixer -t"; }
+
+          XF86AudioPause allow-when-locked=true { spawn "${pkgs.playerctl}/bin/playerctl play-pause"; }
+          XF86AudioPlay allow-when-locked=true { spawn "${pkgs.playerctl}/bin/playerctl play-pause"; }
+          XF86AudioNext allow-when-locked=true { spawn "${pkgs.playerctl}/bin/playerctl next"; }
+          XF86AudioPrev allow-when-locked=true { spawn "${pkgs.playerctl}/bin/playerctl previous"; }
+          XF86AudioStop allow-when-locked=true { spawn "${pkgs.playerctl}/bin/playerctl stop"; }
+          Print { spawn "flameshot gui"; }
+          Mod+Shift+W { spawn "swaylock"; }
+
+          Mod+Comma  { consume-or-expel-window-left; }
+          Mod+Period { consume-or-expel-window-right; }
+          Mod+W { toggle-column-tabbed-display; }
+          Mod+A repeat=false { toggle-overview; }
+          Mod+F { maximize-column; }
+          Mod+C { center-column; }
+          Mod+Minus { set-column-width "-25%"; }
+          Mod+Plus { set-column-width "+25%"; }
+
+          Mod+Ctrl+0 { spawn "niri" "msg" "action" "switch-layout" "0"; }
+          Mod+Ctrl+1 { spawn "niri" "msg" "action" "switch-layout" "1"; }
+          Mod+Ctrl+2 { spawn "niri" "msg" "action" "switch-layout" "2"; }
+          Mod+Ctrl+3 { spawn "niri" "msg" "action" "switch-layout" "3"; }
+          Mod+Ctrl+4 { spawn "niri" "msg" "action" "switch-layout" "4"; }
+          Mod+Ctrl+5 { spawn "niri" "msg" "action" "switch-layout" "5"; }
+          Mod+Ctrl+6 { spawn "niri" "msg" "action" "switch-layout" "6"; }
+          Mod+Ctrl+7 { spawn "niri" "msg" "action" "switch-layout" "7"; }
+          Mod+Ctrl+8 { spawn "niri" "msg" "action" "switch-layout" "8"; }
+          Mod+Ctrl+9 { spawn "niri" "msg" "action" "switch-layout" "9"; }
+
+          Mod+H     { focus-column-or-monitor-left; }
+          Mod+J  { focus-window-or-workspace-down; }
+          Mod+K  { focus-window-or-workspace-up; }
+          Mod+L     { focus-column-or-monitor-right; }
+
+          Mod+Shift+H     { move-column-left-or-to-monitor-left; }
+          Mod+Shift+J  { move-window-down-or-to-workspace-down; }
+          Mod+Shift+K  { move-window-up-or-to-workspace-up; }
+          Mod+Shift+L     { move-column-right-or-to-monitor-right; }
+
+          Mod+Ctrl+H { focus-monitor-left; }
+          Mod+Ctrl+J { focus-monitor-down; }
+          Mod+Ctrl+K { focus-monitor-up; }
+          Mod+Ctrl+L { focus-monitor-right; }
+
+          Mod+Shift+Ctrl+H     { move-column-to-monitor-left; }
+          Mod+Shift+Ctrl+J     { move-column-to-workspace-down; }
+          Mod+Shift+Ctrl+K     { move-column-to-workspace-up; }
+          Mod+Shift+Ctrl+L     { move-column-to-monitor-right; }
+
+          Mod+Shift+Alt+Ctrl+H     { move-workspace-to-monitor-left; }
+          Mod+Shift+Alt+Ctrl+J     { move-workspace-down; }
+          Mod+Shift+Alt+Ctrl+K     { move-workspace-up; }
+          Mod+Shift+Alt+Ctrl+L     { move-workspace-to-monitor-right; }
+
+          Mod+1 { focus-workspace 1; }
+          Mod+2 { focus-workspace 2; }
+          Mod+3 { focus-workspace 3; }
+          Mod+4 { focus-workspace 4; }
+          Mod+5 { focus-workspace 5; }
+          Mod+6 { focus-workspace 6; }
+          Mod+7 { focus-workspace 7; }
+          Mod+8 { focus-workspace 8; }
+          Mod+9 { focus-workspace 9; }
+          Mod+0 { focus-workspace 10; }
+
+          Mod+Shift+1 { move-window-to-workspace "1"; }
+          Mod+Shift+2 { move-window-to-workspace "2"; }
+          Mod+Shift+3 { move-window-to-workspace "3"; }
+          Mod+Shift+4 { move-window-to-workspace "4"; }
+          Mod+Shift+5 { move-window-to-workspace "5"; }
+          Mod+Shift+6 { move-window-to-workspace "6"; }
+          Mod+Shift+7 { move-window-to-workspace "7"; }
+          Mod+Shift+8 { move-window-to-workspace "8"; }
+          Mod+Shift+9 { move-window-to-workspace "9"; }
+          Mod+Shift+0 { move-window-to-workspace "0"; }
+      }
+    '';
+in
+{
+  system.activationScripts.niriConfig = {
+    text = ''
+      cp ${pkgs.writeText "config.kdl" niriConfig} ${config.users.users.me.home}/.config/niri/config.kdl
+      chown ${config.users.users.me.name}:${config.users.users.me.group} ${config.users.users.me.home}/.config/niri/config.kdl
+    '';
+  };
+
+  programs.niri.enable = true;
+  services.displayManager.defaultSession = lib.mkForce "niri";
+  home-manager.users.me = {
+    xdg.configFile."ironbar/style.css".text = ''
+      * {
+        font-size: 8pt;
+        font-family: "Gentium Plus", "BlexMono Nerd Font";
+      }
+
+      box, menubar, button {
+        background-color: unset;
+        box-shadow: none;
+        background-image: none;
+      }
+
+      .clock, .upower, .volume {
+        font-weight: unset;
+      }
+
+      tooltip * {
+        font-family: "BlexMono Nerd Font";
+        font-size: 7pt;
+      }
+    '';
+    xdg.configFile."ironbar/config.json".source = (pkgs.formats.json { }).generate "ironbar.json" {
+      name = "bar-1337";
+      height = 12;
+      layer = "top";
+      position = "bottom";
+      start = [ ];
+      center = [
+        {
+          type = "tray";
+          icon_size = 8;
+        }
+        { type = "clipboard"; }
+        { type = "notifications"; }
+      ];
+      end = [
+        {
+          type = "upower";
+          icon_size = 8;
+          format = "{percentage}%";
+        }
+        {
+          type = "label";
+          tooltip = "{{df -h --output=size,used,avail,pcent,target}}";
+          label = "\t{{5000:df -h / --output=avail | tail +2}}";
+        }
+        {
+          type = "label";
+          tooltip = "{{free -Lh --si |  awk '{for(i=1;i<=NF;i++){printf \"%s%s\", $i, (i%2? OFS: ORS)} if(NF%2) printf ORS}'}}";
+          label = "󰍛\t{{500:free -h --si | awk 'NR==2{printf $3 \"\\n\"}'}}";
+        }
+        {
+          type = "label";
+          tooltip = "{{}}";
+          on_click_left = "pamixer -t";
+          on_scroll_up = "pamixer -i 1";
+          on_scroll_down = "pamixer -d 1";
+          label = "{{500:if $(pamixer --get-mute) = true; then echo ; else echo ; fi}}\t{{500:pamixer --get-volume}}%";
+        }
+        {
+          type = "label";
+          tooltip = "{{uptime}}";
+          label = "\t{{500:uptime | sed 's/.*load average: \\([^ ]*\\);.*/\\1/' | tr ' ' '\n'}}";
+        }
+        {
+          type = "label";
+          tooltip = "{{khal list today today -d astro-test-3 }}";
+          label = "";
+        }
+        {
+          type = "label";
+          tooltip = "{{curl wttr.in/?0 | ${pkgs.ansifilter}/bin/ansifilter}}";
+          label = "󰔏";
+        }
+        {
+          type = "label";
+          name = "cal";
+          tooltip = "{{cal}}";
+          label = "{{500:date +'<U+F017>\t%Y-%m-%d (%W %a) %H:%M'}}";
+        }
+      ];
+    };
+    programs.alacritty.enable = true; # Super+T in the default setting (terminal)
+    programs.swaylock.enable = true; # Super+Alt+L in the default setting (screen locker)
+    services.swaync = {
+      enable = true;
+      settings = {
+        notification-window-width = 300;
+        control-center-width = 300;
+        widgets = [
+          "volume"
+          "mpris"
+          "title"
+          "dnd"
+          "notifications"
+        ];
+        widget-config = {
+          title = {
+            text = "ⲡⲧⲏⲣϥ̄";
+            "clear-all-button" = true;
+            "button-text" = "ⲧⲁⲩⲟⲟⲩ";
+          };
+          dnd.text = "ⲙ̄ⲡⲣ̄ϣⲧⲣ̄ⲧⲱⲣⲧ̄";
+          label.text = "ⲧⲙⲏⲧⲉ";
+        };
+      };
+    };
+    services.swayidle.enable = true; # idle management daemon
+    home.packages = with pkgs; [
+      xdg-desktop-portal-gnome
+      swaybg
+    ];
+  };
+  services.gnome.gnome-keyring.enable = true; # secret service
+  security.pam.services.swaylock = { };
+}
--- a/configs/packages.nix
+++ b/configs/packages.nix
@@ -4,6 +4,7 @@
  lib,
  inputs,
  niveumPackages,
+  unstablePackages,
  ...
 }: let
  worldradio = pkgs.callPackage ../packages/worldradio.nix {};
@@ -62,15 +63,9 @@ in {
  };

  environment.systemPackages = with pkgs; [
-    (pkgs.writers.writeDashBin "amfora" ''
-      ${pkgs.st}/bin/st -e ${pkgs.amfora}/bin/amfora
-    '')
-    (pkgs.writers.writeDashBin "gpodder" ''
-      GPODDER_DOWNLOAD_DIR=${config.users.users.me.home}/mobile/audio/Text/podcasts exec ${pkgs.gpodder}/bin/gpodder "$@"
-    '')
    # INTERNET
    aria2
-    telegram-desktop
+    tdesktop
    whois
    dnsutils
    # FILE MANAGERS
@@ -99,10 +94,9 @@ in {
    # HARDWARE TOOLS
    gnome-disk-utility
    arandr # xrandr for noobs
-    wdisplays
    libnotify # for notify-send
-    xclip # clipboard CLI
-    dragon-drop # drag and drop
+    wl-clipboard # clipboard CLI
+    xdragon # drag and drop
    xorg.xkill # kill by clicking
    portfolio # personal finance overview
    audacity
@@ -120,23 +114,22 @@ in {
    zoom-us # video conferencing
    (pkgs.writers.writeDashBin "im" ''
      weechat_password=$(${pkgs.pass}/bin/pass weechat)
-      exec ${weechat}/bin/weechat -t -r '/mouse enable; /remote add makanek http://${externalNetwork.makanek}:8002 -password='"$weechat_password"'; /remote connect makanek'
+      exec ${unstablePackages.weechat}/bin/weechat -t -r '/mouse enable; /remote add makanek http://${externalNetwork.makanek}:8002 -password='"$weechat_password"'; /remote connect makanek'
    '')
    alejandra # nix formatter
    pdfgrep # search in pdf
    pdftk # pdf toolkit
    mupdf
-    poppler-utils # pdf toolkit
+    poppler_utils # pdf toolkit
    kdePackages.okular # the word is nucular
    xournalpp # for annotating pdfs
    pdfpc # presenter console for pdf slides
-    niveumPackages.hc # print files as qr codes
+    # niveumPackages.hc # print files as qr codes
    yt-dlp
    espeak
    rink # unit converter
    niveumPackages.auc
    niveumPackages.noise-waves
-    niveumPackages.stag
    niveumPackages.cheat-sh
    niveumPackages.polyglot
    niveumPackages.qrpaste
@@ -151,14 +144,18 @@ in {
    niveumPackages.pls
    niveumPackages.mpv-tv
    niveumPackages.mpv-iptv
+    # jellyfin-media-player
    niveumPackages.devanagari
    niveumPackages.betacode # ancient greek betacode to unicode converter
-    pkgs.jq-lsp
+    niveumPackages.meteo
+    niveumPackages.jq-lsp
    niveumPackages.swallow # window swallowing
    niveumPackages.literature-quote
    niveumPackages.booksplit
    niveumPackages.dmenu-randr
+    niveumPackages.dmenu-bluetooth
    niveumPackages.manual-sort
+    niveumPackages.dns-sledgehammer
    niveumPackages.wttr
    niveumPackages.unicodmenu
    niveumPackages.emailmenu
@@ -200,13 +197,20 @@ in {
      ${pkgs.openssh}/bin/ssh makanek "cd /var/lib/weechat/logs && grep --ignore-case --color=always --recursive $@" | ${pkgs.less}/bin/less --raw-control-chars
    '')

+    (pkgs.writers.writeDashBin "ncmpcpp-zaatar" ''MPD_HOST=${(import ../lib/local-network.nix).zaatar} exec ${pkgs.ncmpcpp}/bin/ncmpcpp "$@"'')
+    (pkgs.writers.writeDashBin "mpc-zaatar" ''MPD_HOST=${(import ../lib/local-network.nix).zaatar} exec ${pkgs.mpc_cli}/bin/mpc "$@"'')
+
    inputs.scripts.packages.x86_64-linux.alarm

    spotify
    ncspot
    playerctl

+    nix-index
+    niveumPackages.nix-index-update
+
    #krebs
+    niveumPackages.dic
    pkgs.nur.repos.mic92.ircsink

    (haskellPackages.ghcWithHoogle (hs: [
@@ -233,9 +237,10 @@ in {
    dhall

    html-tidy
+    nodePackages.csslint
+    nodePackages.jsonlint
    deno # better node.js
-    go
-    texlive.combined.scheme-full
+    # texlive.combined.scheme-full
    latexrun
    (aspellWithDicts (dict: [dict.de dict.en dict.en-computers]))
    # haskellPackages.pandoc-citeproc
--- a/configs/spacetime.nix
+++ b/configs/spacetime.nix
@@ -3,6 +3,5 @@
  location = {
    latitude = 52.517;
    longitude = 13.3872;
-    provider = "geoclue2";
  };
 }
--- a/configs/ssh.nix
+++ b/configs/ssh.nix
@@ -4,7 +4,6 @@
 in {
  users.users.me.openssh.authorizedKeys.keys = kieran.sshKeys;
  programs.ssh.startAgent = true;
-  services.gnome.gcr-ssh-agent.enable = false;

  home-manager.users.me = {
    # https://discourse.nixos.org/t/gnome-keyring-and-ssh-agent-without-gnome/11663
@@ -41,7 +40,6 @@ in {

  home-manager.users.me.programs.ssh = {
    enable = true;
-    enableDefaultConfig = false;
    matchBlocks = {
      "github.com" = {
        hostname = "ssh.github.com";
--- a/configs/stw-berlin.nix
+++ b/configs/stw-berlin.nix
@@ -0,0 +1,52 @@
+{
+  pkgs,
+  config,
+  ...
+}: {
+  age.secrets.stw-berlin-card-code.file = ../secrets/stw-berlin-card-code.age;
+
+  systemd.services.stw-berlin = {
+    enable = true;
+    wants = ["network-online.target"];
+    startAt = "weekly";
+    serviceConfig = {
+      User = config.users.users.me.name;
+      Group = config.users.users.me.group;
+      WorkingDirectory = "/home/kfm/cloud/nextcloud/Uni/Meta/Mensa";
+      LoadCredential = [
+        "password:${config.age.secrets.stw-berlin-card-code.path}"
+      ];
+    };
+    script = ''
+      KARTEN_ID=8071859
+      PASSWORT=$(cat "$CREDENTIALS_DIRECTORY"/password)
+
+      endpoint=https://ks.stw.berlin:4433/TL1/TLM/KASVC
+      authorization_header='Authorization: Basic S0FTVkM6ekt2NXlFMUxaVW12VzI5SQ=='
+
+      get_auth_token() {
+        ${pkgs.curl}/bin/curl -sSL "$endpoint/LOGIN?karteNr=$KARTEN_ID&format=JSON&datenformat=JSON" \
+          -X POST \
+          -H "$authorization_header" \
+          --data-raw '{"BenutzerID":"'$KARTEN_ID'","Passwort":"'$PASSWORT'"}' \
+          | ${pkgs.jq}/bin/jq -r '.[0].authToken|@uri'
+      }
+
+
+      get_transactions() {
+        ${pkgs.curl}/bin/curl -sSL "$endpoint/TRANS?format=JSON&authToken=$(get_auth_token)&karteNr=$KARTEN_ID&datumVon=12.02.2018&datumBis=$(date -d tomorrow +%d.%m.%Y)" \
+          -H "$authorization_header" \
+          | ${pkgs.jq}/bin/jq
+      }
+
+      get_items() {
+        ${pkgs.curl}/bin/curl -sSL "$endpoint/TRANSPOS?format=JSON&authToken=$(get_auth_token)&karteNr=$KARTEN_ID&datumVon=12.02.2018&datumBis=$(date -d tomorrow +%d.%m.%Y)" \
+          -H "$authorization_header" \
+          | ${pkgs.jq}/bin/jq
+      }
+
+      get_transactions > transactions-$(date -I).json
+      get_items > items-$(date -I).json
+    '';
+  };
+}
--- a/configs/stylix.nix
+++ b/configs/stylix.nix
@@ -18,7 +18,7 @@ in {
  stylix.enable = true;
  stylix.image = generatedWallpaper;

-  stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml";
+  stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/ayu-light.yaml";

  stylix.cursor = {
    name = "capitaine-cursors-white";
@@ -26,9 +26,6 @@ in {
    size = 12;
  };

-  home-manager.users.me = {
-    stylix.autoEnable = true;
-  };

  # environment.etc."stylix/wallpaper.png".source = generatedWallpaper;

@@ -55,22 +52,22 @@ in {

  stylix.fonts = {
    serif = {
-      package = pkgs.noto-fonts;
-      name = "Noto Serif";
+      package = pkgs.gentium;
+      name = "Gentium Plus";
    };

    sansSerif = {
-      package = pkgs.noto-fonts;
-      name = "Noto Sans";
+      package = pkgs.gentium;
+      name = "Gentium Plus";
    };

    monospace = {
-      package = pkgs.noto-fonts;
-      name = "Noto Sans Mono";
+      package = pkgs.nerd-fonts.blex-mono;
+      name = "BlexMono Nerd Font";
    };

    emoji = {
-      package = pkgs.noto-fonts-color-emoji;
+      package = pkgs.noto-fonts-emoji;
      name = "Noto Color Emoji";
    };

--- a/configs/tmux.nix
+++ b/configs/tmux.nix
@@ -13,7 +13,7 @@
    aggressiveResize = true;
    escapeTime = 50;
    historyLimit = 7000;
-    shortcut = "b";
+    shortcut = "a";
    extraConfig = ''
      set -g mouse on

@@ -37,6 +37,15 @@
      set -g status-left-length 32
      set -g status-right-length 150

+      set -g status-bg colour242
+
+      setw -g window-status-format "#[fg=colour12,bg=colour233] #I #[fg=white,bg=colour237] #W "
+      setw -g window-status-current-format "#[fg=colour12,bg=colour233] * #[fg=white,bg=colour237,bold] #W "
+
+      set -g status-left ""
+      set -g status-right "#[fg=colour255,bg=colour237,bold] #(hostname -I) #[default]#[fg=colour12,bg=colour233] %FT%R "
+      set -g status-justify left
+
      set -g status-position bottom
    '';
  };
--- a/configs/virtualization.nix
+++ b/configs/virtualization.nix
@@ -1,14 +0,0 @@
-{ pkgs, ... }:
-{
-  users.users.me.extraGroups = [ "libvirtd" ];
-  virtualisation.libvirtd.enable = true;
-
-  # Enable TPM support for VMs
-  virtualisation.libvirtd.qemu = {
-    # swtpm.enable = true;
-  };
-
-  environment.systemPackages = with pkgs; [
-    virt-manager
-  ];
-}
--- a/configs/wpa_supplicant.nix
+++ b/configs/wpa_supplicant.nix
@@ -1,9 +1,6 @@
-{ config, ... }:
 {
  networking.wireless = {
    enable = true;
-    secretsFile = config.age.secrets.wifi.path;
-    # networks.Aether.pskRaw = "e1b18af54036c5c9a747fe681c6a694636d60a5f8450f7dec0d76bc93e2ec85a";
-    networks.Schilfpalast.pskRaw = "ext:schilfpalast";
+    networks.Aether.pskRaw = "e1b18af54036c5c9a747fe681c6a694636d60a5f8450f7dec0d76bc93e2ec85a";
  };
 }
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@@ -2,25 +2,26 @@
  description = "niveum: packages, modules, systems";

  inputs = {
-    self.submodules = true;
-
    agenix.url = "github:ryantm/agenix";
-    autorenkalender.url = "github:kmein/autorenkalender";
+    # alew-web.url = "git+ssh://gitea@code.kmein.de:22022/kfm/alew-web.git?ref=refs/heads/master";
    coptic-dictionary.url = "github:kmein/coptic-dictionary";
-    home-manager.url = "github:nix-community/home-manager/release-25.11";
+    flake-utils.url = "github:numtide/flake-utils";
+    home-manager.url = "github:nix-community/home-manager/release-25.05";
    menstruation-backend.url = "github:kmein/menstruation.rs";
    menstruation-telegram.url = "github:kmein/menstruation-telegram";
-    nix-index-database.url = "github:nix-community/nix-index-database";
+    centerpiece.url = "github:friedow/centerpiece";
+    nix-on-droid.url = "github:t184256/nix-on-droid/release-23.05";
    nixinate.url = "github:matthewcroughan/nixinate";
    nixpkgs-old.url = "github:NixOS/nixpkgs/50fc86b75d2744e1ab3837ef74b53f103a9b55a0";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
    nur.url = "github:nix-community/NUR";
    recht.url = "github:kmein/recht";
    retiolum.url = "github:krebs/retiolum";
+    rust-overlay.url = "github:oxalica/rust-overlay";
    scripts.url = "github:kmein/scripts";
    stockholm.url = "github:krebs/stockholm";
-    stylix.url = "github:danth/stylix/release-25.11";
+    stylix.url = "github:danth/stylix/release-25.05";
    telebots.url = "github:kmein/telebots";
    tinc-graph.url = "github:kmein/tinc-graph";
    voidrice.url = "github:Lukesmithxyz/voidrice";
@@ -29,106 +30,115 @@

    agenix.inputs.home-manager.follows = "home-manager";
    agenix.inputs.nixpkgs.follows = "nixpkgs";
-    autorenkalender.inputs.nixpkgs.follows = "nixpkgs";
    coptic-dictionary.inputs.nixpkgs.follows = "nixpkgs";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+    # menstruation-backend.inputs.flake-utils.follows = "flake-utils";
+    # menstruation-backend.inputs.nixpkgs.follows = "nixpkgs";
+    # menstruation-backend.inputs.rust-overlay.follows = "rust-overlay";
+    menstruation-telegram.inputs.flake-utils.follows = "flake-utils";
    menstruation-telegram.inputs.menstruation-backend.follows = "menstruation-backend";
    menstruation-telegram.inputs.nixpkgs.follows = "nixpkgs-old";
-    nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
+    nix-on-droid.inputs.home-manager.follows = "home-manager";
+    nix-on-droid.inputs.nixpkgs.follows = "nixpkgs";
+    recht.inputs.flake-utils.follows = "flake-utils";
    recht.inputs.nixpkgs.follows = "nixpkgs";
+    rust-overlay.inputs.nixpkgs.follows = "nixpkgs";
+    scripts.inputs.flake-utils.follows = "flake-utils";
    scripts.inputs.nixpkgs.follows = "nixpkgs";
+    scripts.inputs.rust-overlay.follows = "rust-overlay";
+    stylix.inputs.home-manager.follows = "home-manager";
    stylix.inputs.nixpkgs.follows = "nixpkgs";
+    tinc-graph.inputs.flake-utils.follows = "flake-utils";
    tinc-graph.inputs.nixpkgs.follows = "nixpkgs";
+    tinc-graph.inputs.rust-overlay.follows = "rust-overlay";
    voidrice.flake = false;
+    wallpaper-generator.inputs.flake-utils.follows = "flake-utils";
    wallpapers.flake = false;
  };

-  outputs =
-    inputs@{
-      self,
-      nixpkgs,
-      nixpkgs-unstable,
-      nur,
-      home-manager,
-      agenix,
-      retiolum,
-      nixinate,
-      flake-utils,
-      nix-index-database,
-      stylix,
-      ...
-    }:
-    let
-      lib = nixpkgs.lib;
-      eachSupportedSystem = lib.genAttrs lib.systems.flakeExposed;
-    in
+  nixConfig = {
+    extra-substituters = [ "https://kmein.cachix.org" ];
+    extra-trusted-public-keys = [ "kmein.cachix.org-1:rsJ2b6++VQHJ1W6rGuDUYsK/qUkFA3bNpO6PyEyJ9Ls=" ];
+  };
+
+  outputs = inputs @ {
+    self,
+    nixpkgs,
+    nixpkgs-unstable,
+    nur,
+    home-manager,
+    agenix,
+    retiolum,
+    nixinate,
+    flake-utils,
+    nix-on-droid,
+    centerpiece,
+    stylix,
+    ...
+  }:
    {
      apps = {
-        x86_64-linux =
-          let
-            pkgs = nixpkgs.legacyPackages.x86_64-linux;
-            lib = nixpkgs.lib;
-          in
+        x86_64-darwin = let
+          pkgs = nixpkgs.legacyPackages.x86_64-darwin;
+        in {
+          deploy-maakaron = {
+            type = "app";
+            program = toString (pkgs.writers.writeDash "deploy-maakaron" ''
+              exec $(nix build .#homeConfigurations.maakaron.activationPackage --no-link --print-out-paths)/activate
+            '');
+          };
+        };
+        x86_64-linux = let
+          pkgs = nixpkgs.legacyPackages.x86_64-linux;
+          lib = nixpkgs.lib;
+        in
          nixinate.nixinate.x86_64-linux self
          // {
            mock-secrets = {
              type = "app";
-              program = toString (
-                pkgs.writers.writeDash "mock-secrets" ''
-                  ${pkgs.findutils}/bin/find secrets -not -path '*/.*' -type f  | ${pkgs.coreutils}/bin/sort > secrets.txt
-                ''
-              );
+              program = toString (pkgs.writers.writeDash "mock-secrets" ''
+                ${pkgs.findutils}/bin/find secrets -not -path '*/.*' -type f  | ${pkgs.coreutils}/bin/sort > secrets.txt
+              '');
            };
          }
          # the following error prevents remote building of ful: https://github.com/NixOS/nixpkgs/issues/177873
-          // builtins.listToAttrs (
-            map (
-              hostname:
-              let
-                targets = {
-                  ful = "root@ful";
-                  zaatar = "root@zaatar";
-                  makanek = "root@makanek";
-                  manakish = "root@manakish";
-                  tahina = "root@tahina";
-                  tabula = "root@tabula";
-                  kabsa = "root@kabsa";
-                  fatteh = "root@fatteh";
-                  kibbeh = "root@kibbeh";
-                };
-              in
-              lib.attrsets.nameValuePair "deploy-${hostname}" {
-                type = "app";
-                program = toString (
-                  pkgs.writers.writeDash "deploy-${hostname}" ''
-                    exec ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch \
-                      --max-jobs 2 \
-                      --log-format internal-json \
-                      --flake .#${hostname} \
-                      --target-host ${targets.${hostname}} 2>&1 \
-                      | ${pkgs.nix-output-monitor}/bin/nom --json
-                  ''
-                );
-              }
-            ) (builtins.attrNames self.nixosConfigurations)
-          )
+          // builtins.listToAttrs (map (hostname: let
+            externalNetwork = import ./lib/external-network.nix;
+            targets = {
+              ful = "root@ful";
+              zaatar = "root@zaatar";
+              makanek = "root@makanek";
+              manakish = "root@manakish";
+              tahina = "root@tahina";
+              tabula = "root@tabula";
+              kabsa = "root@kabsa";
+              fatteh = "root@fatteh";
+              kibbeh = "root@kibbeh";
+            };
+          in
+            lib.attrsets.nameValuePair "deploy-${hostname}" {
+              type = "app";
+              program = toString (pkgs.writers.writeDash "deploy-${hostname}" ''
+                exec ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch \
+                  --max-jobs 2 \
+                  --log-format internal-json \
+                  --flake .?submodules=1#${hostname} \
+                  --target-host ${targets.${hostname}} 2>&1 \
+                  | ${pkgs.nix-output-monitor}/bin/nom --json
+              '');
+            }) (builtins.attrNames self.nixosConfigurations))
          // {
            deploy-ful = {
              type = "app";
-              program = toString (
-                pkgs.writers.writeDash "deploy-ful" ''
-                  exec ${pkgs.nix}/bin/nix run .#nixinate.ful \
-                    --log-format internal-json 2>&1 \
-                    | ${pkgs.nix-output-monitor}/bin/nom --json
-                ''
-              );
+              program = toString (pkgs.writers.writeDash "deploy-ful" ''
+                exec ${pkgs.nix}/bin/nix run .?submodules=1#nixinate.ful \
+                  --log-format internal-json 2>&1 \
+                  | ${pkgs.nix-output-monitor}/bin/nom --json
+              '');
            };
          };
      };

-      # TODO overlay for packages
-      # TODO remove flake-utils dependency from my own repos
-
      nixosModules = {
        htgen = import modules/htgen.nix;
        moodle-dl = import modules/moodle-dl.nix;
@@ -138,13 +148,43 @@
        power-action = import modules/power-action.nix;
        system-dependent = import modules/system-dependent.nix;
        telegram-bot = import modules/telegram-bot.nix;
-        go-webring = import modules/go-webring.nix;
      };

      lib = {
        panoptikon = import lib/panoptikon.nix;
      };

+      nixOnDroidConfigurations = {
+        moto = nix-on-droid.lib.nixOnDroidConfiguration {
+          modules = [systems/moto/configuration.nix];
+          pkgs = import nixpkgs {
+            system = "aarch64-linux";
+            overlays = [nix-on-droid.overlays.default];
+          };
+          extraSpecialArgs = {
+            niveumPackages = inputs.self.packages.aarch64-linux;
+            niveumLib = inputs.self.lib;
+            inherit inputs;
+          };
+          home-manager-path = home-manager.outPath;
+        };
+      };
+
+      homeConfigurations = {
+        maakaron = let
+          system = "x86_64-darwin";
+          pkgs = nixpkgs.legacyPackages.${system};
+        in
+          home-manager.lib.homeManagerConfiguration {
+            inherit pkgs;
+            modules = [./systems/maakaron/home.nix];
+            extraSpecialArgs = {
+              inherit inputs;
+              niveumPackages = inputs.self.packages.${system};
+            };
+          };
+      };
+
      nixosConfigurations = let
        niveumSpecialArgs = system: {
          unstablePackages = import nixpkgs-unstable {
@@ -169,7 +209,6 @@
            agenix.nixosModules.default
            inputs.self.nixosModules.passport
            inputs.self.nixosModules.panoptikon
-            inputs.self.nixosModules.go-webring
            inputs.self.nixosModules.htgen
            inputs.stockholm.nixosModules.reaktor2
            retiolum.nixosModules.retiolum
@@ -202,7 +241,6 @@
            systems/kibbeh/configuration.nix
            agenix.nixosModules.default
            retiolum.nixosModules.retiolum
-            home-manager.nixosModules.home-manager
          ];
        };
        makanek = nixpkgs.lib.nixosSystem rec {
@@ -245,7 +283,6 @@
            agenix.nixosModules.default
            retiolum.nixosModules.retiolum
            home-manager.nixosModules.home-manager
-            nix-index-database.nixosModules.default
            nur.modules.nixos.default
            stylix.nixosModules.stylix
          ];
@@ -259,7 +296,6 @@
            retiolum.nixosModules.retiolum
            home-manager.nixosModules.home-manager
            nur.modules.nixos.default
-            nix-index-database.nixosModules.default
            stylix.nixosModules.stylix
          ];
        };
@@ -272,135 +308,144 @@
            retiolum.nixosModules.retiolum
            home-manager.nixosModules.home-manager
            nur.modules.nixos.default
-            nix-index-database.nixosModules.default
            stylix.nixosModules.stylix
          ];
        };
      };
-
-      packages = eachSupportedSystem (system: let
-        pkgs = import nixpkgs {
-          inherit system;
-          config.allowUnfree = true;
-          overlays = [
-            nur.overlays.default
-            (self: super: {
-              mpv = super.mpv.override {scripts = [super.mpvScripts.visualizer super.mpvScripts.mpris];};
-              dmenu = super.writers.writeDashBin "dmenu" ''exec ${pkgs.rofi}/bin/rofi -dmenu "$@"'';
-            })
-          ];
-        };
-        wrapScript = {
-          packages ? [],
-          name,
-          script,
-        }:
-          pkgs.writers.writeDashBin name ''PATH=$PATH:${nixpkgs.lib.makeBinPath (packages ++ [pkgs.findutils pkgs.coreutils pkgs.gnused pkgs.gnugrep])} ${script} "$@"'';
-      in {
-        # linguistics and ancient world
+    }
+    // flake-utils.lib.eachSystem [flake-utils.lib.system.x86_64-linux flake-utils.lib.system.x86_64-darwin flake-utils.lib.system.aarch64-linux] (system: let
+      pkgs = import nixpkgs {
+        inherit system;
+        overlays = [
+          nur.overlays.default
+          (self: super: {
+            mpv = super.mpv.override {scripts = [inputs.self.packages.${system}.mpv-visualizer super.mpvScripts.mpris];};
+            dmenu = super.writers.writeDashBin "dmenu" ''exec ${pkgs.wofi}/bin/wofi --dmenu "$@"'';
+          })
+        ];
+      };
+      unstablePackages = import nixpkgs-unstable {
+        inherit system;
+      };
+      wrapScript = {
+        packages ? [],
+        name,
+        script,
+      }:
+        pkgs.writers.writeDashBin name ''PATH=$PATH:${nixpkgs.lib.makeBinPath (packages ++ [pkgs.findutils pkgs.coreutils pkgs.gnused pkgs.gnugrep])} ${script} "$@"'';
+    in {
+      packages = rec {
        auc = pkgs.callPackage packages/auc.nix {};
        betacode = pkgs.callPackage packages/betacode.nix {};
-        brassica = pkgs.callPackage packages/brassica.nix {}; # TODO upstream
-        devanagari = pkgs.callPackage packages/devanagari {};
-        stardict-tools = pkgs.callPackage packages/stardict-tools.nix {};
-        heuretes = pkgs.callPackage packages/heuretes.nix {};
-        ipa = pkgs.writers.writePython3Bin "ipa" {flakeIgnore = ["E501"];} (builtins.readFile packages/ipa.py);
-        jsesh = pkgs.callPackage packages/jsesh.nix {}; # TODO upstream
-        kirciuoklis = pkgs.callPackage packages/kirciuoklis.nix {};
-        polyglot = pkgs.callPackage packages/polyglot.nix {};
-        tocharian-font = pkgs.callPackage packages/tocharian-font.nix {};
-        gfs-fonts = pkgs.callPackage packages/gfs-fonts.nix {};
-        closest = pkgs.callPackage packages/closest {};
-
-        # lit
-        random-zeno = pkgs.callPackage packages/random-zeno.nix {};
-        literature-quote = pkgs.callPackage packages/literature-quote.nix {};
-
-        # krebs
        brainmelter = pkgs.callPackage packages/brainmelter.nix {};
-        cyberlocker-tools = pkgs.callPackage packages/cyberlocker-tools.nix {};
-        htgen = pkgs.callPackage packages/htgen.nix {};
-        hc = pkgs.callPackage packages/hc.nix {};
-        kpaste = pkgs.callPackage packages/kpaste.nix {};
-        pls = pkgs.callPackage packages/pls.nix {};
-        untilport = pkgs.callPackage packages/untilport.nix {};
-        radio-news = pkgs.callPackage packages/radio-news.nix {};
-
-        # window manager
-        swallow = pkgs.callPackage packages/swallow.nix {};
-        devour = pkgs.callPackage packages/devour.nix {};
-
+        brassica = pkgs.callPackage packages/brassica.nix {};
        cheat-sh = pkgs.callPackage packages/cheat-sh.nix {};
-        vimPlugins-cheat-sh-vim = pkgs.callPackage packages/vimPlugins/cheat-sh.nix {}; # TODO upstream
+        closest = pkgs.callPackage packages/closest {};
        cro = pkgs.callPackage packages/cro.nix {};
+        cyberlocker-tools = pkgs.callPackage packages/cyberlocker-tools.nix {};
        default-gateway = pkgs.callPackage packages/default-gateway.nix {};
        depp = pkgs.callPackage packages/depp.nix {};
        dashboard = pkgs.callPackage packages/dashboard {};
+        devanagari = pkgs.callPackage packages/devanagari {};
+        devour = pkgs.callPackage packages/devour.nix {};
+        dic = pkgs.callPackage packages/dic.nix {};
+        dirmir = pkgs.callPackage packages/dirmir.nix {};
+        dmenu-bluetooth = pkgs.callPackage packages/dmenu-bluetooth.nix {};
+        dmenu-scrot = pkgs.callPackage packages/dmenu-scrot.nix {};
+        dns-sledgehammer = pkgs.callPackage packages/dns-sledgehammer.nix {};
        fkill = pkgs.callPackage packages/fkill.nix {};
        fzfmenu = pkgs.callPackage packages/fzfmenu.nix {};
+        genius = pkgs.callPackage packages/genius.nix {};
+        gfs-fonts = pkgs.callPackage packages/gfs-fonts.nix {};
+        git-preview = pkgs.callPackage packages/git-preview.nix {};
        gpt35 = pkgs.callPackage packages/gpt.nix {model = "gpt-3.5-turbo";};
        gpt4 = pkgs.callPackage packages/gpt.nix {model = "gpt-4";};
+        hc = pkgs.callPackage packages/hc.nix {};
+        jq-lsp = pkgs.callPackage packages/jq-lsp.nix {};
+        stardict-tools = pkgs.callPackage packages/stardict-tools.nix {};
+        heuretes = pkgs.callPackage packages/heuretes.nix {};
+        htgen = pkgs.callPackage packages/htgen.nix {};
        image-convert-favicon = pkgs.callPackage packages/image-convert-favicon.nix {};
        image-convert-tolino = pkgs.callPackage packages/image-convert-tolino.nix {};
+        infschmv = pkgs.callPackage packages/infschmv.nix {};
+        iolanguage = pkgs.callPackage packages/iolanguage.nix {};
+        ipa = pkgs.writers.writePython3Bin "ipa" {flakeIgnore = ["E501"];} (builtins.readFile packages/ipa.py);
+        ix = pkgs.callPackage packages/ix.nix {};
+        jsesh = pkgs.callPackage packages/jsesh.nix {};
        k-lock = pkgs.callPackage packages/k-lock.nix {};
+        kirciuoklis = pkgs.callPackage packages/kirciuoklis.nix {};
        klem = pkgs.callPackage packages/klem.nix {};
-        man-pandoc = pkgs.callPackage packages/man/pandoc.nix {}; # TODO upstream
+        kpaste = pkgs.callPackage packages/kpaste.nix {};
+        literature-quote = pkgs.callPackage packages/literature-quote.nix {};
+        mahlzeit = pkgs.haskellPackages.callPackage packages/mahlzeit.nix {};
+        man-pandoc = pkgs.callPackage packages/man/pandoc.nix {};
        man-pdf = pkgs.callPackage packages/man-pdf.nix {};
        mansplain = pkgs.callPackage packages/mansplain.nix {};
        manual-sort = pkgs.callPackage packages/manual-sort.nix {};
        menu-calc = pkgs.callPackage packages/menu-calc.nix {};
+        meteo = pkgs.callPackage packages/meteo.nix {};
        noise-waves = pkgs.callPackage packages/noise-waves.nix {};
        mpv-radio = pkgs.callPackage packages/mpv-radio.nix {di-fm-key-file = "/dev/null";};
        mpv-tuner = pkgs.callPackage packages/mpv-tuner.nix {di-fm-key-file = "/dev/null";};
        mpv-tv = pkgs.callPackage packages/mpv-tv.nix {};
        mpv-iptv = pkgs.callPackage packages/mpv-iptv.nix {};
+        mpv-visualizer = unstablePackages.mpvScripts.visualizer;
        new-mac = pkgs.callPackage packages/new-mac.nix {};
        nix-git = pkgs.callPackage packages/nix-git.nix {};
+        nix-index-update = pkgs.callPackage packages/nix-index-update.nix {inherit system;};
        notemenu = pkgs.callPackage packages/notemenu.nix {niveumPackages = self.packages.${system};};
-        opustags = pkgs.callPackage packages/opustags.nix {}; # TODO upstream
+        opustags = pkgs.callPackage packages/opustags.nix {};
+        pls = pkgs.callPackage packages/pls.nix {};
+        polyglot = pkgs.callPackage packages/polyglot.nix {};
        q = pkgs.callPackage packages/q.nix {};
        qrpaste = pkgs.callPackage packages/qrpaste.nix {};
-        go-webring = pkgs.callPackage packages/go-webring.nix {}; # TODO upstream
+        random-zeno = pkgs.callPackage packages/random-zeno.nix {};
        rfc = pkgs.callPackage packages/rfc.nix {};
        gimp = pkgs.callPackage packages/gimp.nix {};
        scanned = pkgs.callPackage packages/scanned.nix {};
-        text2pdf = pkgs.callPackage packages/text2pdf.nix {}; # TODO upstream
+        swallow = pkgs.callPackage packages/swallow.nix {};
+        text2pdf = pkgs.callPackage packages/text2pdf.nix {};
        timer = pkgs.callPackage packages/timer.nix {};
-        trans = pkgs.callPackage packages/trans.nix {}; # TODO upstream
+        tocharian-font = pkgs.callPackage packages/tocharian-font.nix {};
+        passmenu = pkgs.callPackage packages/passmenu.nix {};
+        trans = pkgs.callPackage packages/trans.nix {};
        ttspaste = pkgs.callPackage packages/ttspaste.nix {};
        unicodmenu = pkgs.callPackage packages/unicodmenu.nix {};
        emailmenu = pkgs.callPackage packages/emailmenu.nix {};
-        stag = pkgs.callPackage packages/stag.nix {}; # TODO upstream
+        untilport = pkgs.callPackage packages/untilport.nix {};
        vg = pkgs.callPackage packages/vg.nix {};
        vim = pkgs.callPackage packages/vim.nix {niveumPackages = self.packages.${system};};
        obsidian-vim = pkgs.callPackage packages/obsidian-vim.nix {};
-        vimPlugins-icalendar-vim = pkgs.callPackage packages/vimPlugins/icalendar-vim.nix {}; # TODO upstream
-        vimPlugins-jq-vim = pkgs.callPackage packages/vimPlugins/jq-vim.nix {}; # TODO upstream
-        vimPlugins-typst-vim = pkgs.callPackage packages/vimPlugins/typst-vim.nix {}; # TODO upstream
-        vimPlugins-mdwa-nvim = pkgs.callPackage packages/vimPlugins/mdwa-nvim.nix {}; # TODO upstream
-        vimPlugins-vim-ernest = pkgs.callPackage packages/vimPlugins/vim-ernest.nix {}; # TODO upstream
-        vimPlugins-vim-256noir = pkgs.callPackage packages/vimPlugins/vim-256noir.nix {}; # TODO upstream
-        vimPlugins-vim-colors-paramount = pkgs.callPackage packages/vimPlugins/vim-colors-paramount.nix {}; # TODO upstream
-        vimPlugins-vim-fetch = pkgs.callPackage packages/vimPlugins/vim-fetch.nix {}; # TODO upstream
-        vimPlugins-vim-fsharp = pkgs.callPackage packages/vimPlugins/vim-fsharp.nix {}; # TODO upstream
-        vimPlugins-vim-mail = pkgs.callPackage packages/vimPlugins/vim-mail.nix {}; # TODO upstream
-        vimPlugins-vim-reason-plus = pkgs.callPackage packages/vimPlugins/vim-reason-plus.nix {}; # TODO upstream
+        radio-news = pkgs.callPackage packages/radio-news.nix {};
+        vimPlugins-cheat-sh-vim = pkgs.callPackage packages/vimPlugins/cheat-sh.nix {};
+        vimPlugins-icalendar-vim = pkgs.callPackage packages/vimPlugins/icalendar-vim.nix {};
+        vimPlugins-jq-vim = pkgs.callPackage packages/vimPlugins/jq-vim.nix {};
+        vimPlugins-typst-vim = pkgs.callPackage packages/vimPlugins/typst-vim.nix {};
+        vimPlugins-vim-256noir = pkgs.callPackage packages/vimPlugins/vim-256noir.nix {};
+        vimPlugins-vim-colors-paramount = pkgs.callPackage packages/vimPlugins/vim-colors-paramount.nix {};
+        vimPlugins-vim-fetch = pkgs.callPackage packages/vimPlugins/vim-fetch.nix {};
+        vimPlugins-vim-fsharp = pkgs.callPackage packages/vimPlugins/vim-fsharp.nix {};
+        vimPlugins-vim-mail = pkgs.callPackage packages/vimPlugins/vim-mail.nix {};
+        vimPlugins-vim-reason-plus = pkgs.callPackage packages/vimPlugins/vim-reason-plus.nix {};
        vimv = pkgs.callPackage packages/vimv.nix {};
-        weechat-declarative = pkgs.callPackage packages/weechat-declarative.nix {}; # TODO upstream
-        weechatScripts-hotlist2extern = pkgs.callPackage packages/weechatScripts/hotlist2extern.nix {}; # TODO upstream
-        dmenu-randr = pkgs.callPackage packages/dmenu-randr.nix {};
-        wttr = pkgs.callPackage packages/wttr.nix {}; # TODO upstream
+        weechat-declarative = pkgs.callPackage packages/weechat-declarative.nix {};
+        weechatScripts-hotlist2extern = pkgs.callPackage packages/weechatScripts/hotlist2extern.nix {};
+        wttr = pkgs.callPackage packages/wttr.nix {};
+
+        itl = pkgs.callPackage packages/itl.nix {};
+        itools = pkgs.callPackage packages/itools.nix {itl = itl;};

        booksplit = wrapScript {
          script = inputs.voidrice.outPath + "/.local/bin/booksplit";
          name = "booksplit";
          packages = [pkgs.ffmpeg pkgs.glibc.bin];
        };
+        dmenu-randr = pkgs.callPackage packages/dmenu-randr.nix {};
        tag = wrapScript {
          script = inputs.voidrice.outPath + "/.local/bin/tag";
          name = "tag";
          packages = [pkgs.ffmpeg];
        };
-      });
-    };
+      };
+    });
 }
--- a/lib/local-network.nix
+++ b/lib/local-network.nix
@@ -1,4 +1,10 @@
 {
-  officejet = "192.168.0.251";
-  router = "192.168.0.1";
+  toum = "192.168.178.24";
+  zaatar = "192.168.178.21";
+  kabsa = "192.168.178.32";
+  android = "192.168.178.35";
+  manakish = "192.168.178.29";
+
+  officejet = "192.168.178.27";
+  fritzbox = "192.168.178.1";
 }
--- a/lib/streams.nix
+++ b/lib/streams.nix
@@ -2029,14 +2029,6 @@ in
      stream = "av://lavfi:anoisesrc=color=brown";
      station = "Brownian noise";
    }
-    {
-      stream = "https://st03.sslstream.dlf.de/dlf/03/high/aac/stream.aac";
-      station = "Deutschlandfunk Nova";
-    }
-    {
-      stream = "https://samaaisb107-itelservices.radioca.st/stream";
-      station = "Samaa FM 107.4 Pakistan";
-    }
  ]
  ++ map (name: {
    stream = "https://${name}.stream.publicradio.org/${name}.aac";
--- a/lib/style.css
+++ b/lib/style.css
@@ -0,0 +1,175 @@
+* {
+    font-size: 14px;
+    border-radius: 5px;
+}
+
+window#waybar {
+    /* `otf-font-awesome` is required to be installed for icons */
+    font-family: FontAwesome, monospace;
+    background-color: transparent;
+    border-bottom: 0px;
+    color: #ebdbb2;
+    transition-property: background-color;
+    transition-duration: .5s;
+}
+
+window#waybar.hidden {
+    opacity: 0.2;
+}
+
+window#waybar.empty #window {
+    background-color: transparent;
+}
+
+/*
+window#waybar.empty {
+    background-color: transparent;
+}
+window#waybar.solo {
+    background-color: #FFFFFF;
+}
+*/
+
+.modules-right {
+    margin: 10px 10px 0 0;
+}
+.modules-center {
+    margin: 10px 0 0 0;
+}
+.modules-left {
+    margin: 10px 0 0 10px;
+}
+
+button {
+    /* Use box-shadow instead of border so the text isn't offset */
+    /* box-shadow: inset 0 -3px transparent; */
+    border: none;
+}
+
+/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
+/*
+button:hover {
+    background: inherit;
+    box-shadow: inset 0 -3px #ebdbb2;
+} */
+
+#workspaces {
+    background-color: #282828;
+}
+
+#workspaces button {
+    padding: 0 5px;
+    background-color: transparent;
+    color: #ebdbb2;
+    border-radius: 0;
+}
+
+#workspaces button:first-child {
+    border-radius: 5px 0 0 5px;
+}
+
+#workspaces button:last-child {
+    border-radius: 0 5px 5px 0;
+}
+
+#workspaces button:hover {
+    color: #d79921;
+}
+
+#workspaces button.focused {
+    background-color: #665c54;
+    /* box-shadow: inset 0 -3px #ffffff; */
+}
+
+#workspaces button.urgent {
+    background-color: #b16286;
+}
+
+#idle_inhibitor,
+#cava,
+#scratchpad,
+#mode,
+#window,
+#clock,
+#battery,
+#backlight,
+#wireplumber,
+#tray,
+#mpris,
+#load {
+    padding: 0 10px;
+    background-color: #282828;
+    color: #ebdbb2;
+}
+
+#mode {
+    background-color: #689d6a;
+    color: #282828;
+    /* box-shadow: inset 0 -3px #ffffff; */
+}
+
+/* If workspaces is the leftmost module, omit left margin */
+.modules-left > widget:first-child > #workspaces {
+    margin-left: 0;
+}
+
+/* If workspaces is the rightmost module, omit right margin */
+.modules-right > widget:last-child > #workspaces {
+    margin-right: 0;
+}
+
+#cava {
+    padding: 0 5px;
+}
+
+#battery.charging, #battery.plugged {
+    background-color: #98971a;
+    color: #282828;
+}
+
+@keyframes blink {
+    to {
+        background-color: #282828;
+        color: #ebdbb2;
+    }
+}
+
+/* Using steps() instead of linear as a timing function to limit cpu usage */
+#battery.critical:not(.charging) {
+    background-color: #cc241d;
+    color: #ebdbb2;
+    animation-name: blink;
+    animation-duration: 0.5s;
+    animation-timing-function: steps(12);
+    animation-iteration-count: infinite;
+    animation-direction: alternate;
+}
+
+label:focus {
+    background-color: #000000;
+}
+
+#wireplumber.muted {
+    background-color: #458588;
+}
+
+#tray > .passive {
+    -gtk-icon-effect: dim;
+}
+
+#tray > .needs-attention {
+    -gtk-icon-effect: highlight;
+}
+
+#mpris.playing {
+    background-color: #d79921;
+    color: #282828;
+}
+
+#tray menu {
+    font-family: sans-serif;
+}
+
+#scratchpad.empty {
+    background: transparent;
+}
--- a/lib/vim/init.lua
+++ b/lib/vim/init.lua
@@ -91,7 +91,6 @@ local language_servers = {
  -- tsserver = {}, -- typescript-language-server
  cssls = {},
  elmls = {}, -- elm-language-server
-  gopls = {}, -- gopls
  denols = {}, -- deno built in
  bashls = {}, -- bash-language-server
  lua_ls = {
@@ -155,11 +154,10 @@ local language_servers = {
 }

 for server, settings in pairs(language_servers) do
-  vim.lsp.config(server, {
+  require('lspconfig')[server].setup{
    on_attach = on_attach,
    flags = lsp_flags,
    settings = settings,
    capabilities = capabilities
-  })
-  vim.lsp.enable(server)
+  }
 end
--- a/lib/vim/init.vim
+++ b/lib/vim/init.vim
@@ -102,7 +102,6 @@ augroup filetypes
  autocmd bufnewfile,bufread urls,config set filetype=conf
  autocmd bufnewfile,bufread *.elm packadd elm-vim | set filetype=elm shiftwidth=4
  autocmd bufnewfile,bufread *.md packadd vim-pandoc | packadd vim-pandoc-syntax | set filetype=pandoc
-  autocmd bufnewfile,bufread *.ex,*.exs packadd vim-elixir | set filetype=elixir
  autocmd filetype haskell packadd haskell-vim | set keywordprg=hoogle\ -i
  autocmd filetype javascript packadd vim-javascript
  autocmd filetype make setlocal noexpandtab
@@ -125,12 +124,3 @@ set complete+=kspell
 let g:pandoc#syntax#conceal#use = 0
 let g:pandoc#modules#disabled = []
 let g:pandoc#spell#default_langs = ['en', 'de']
-
-autocmd! User GoyoEnter Limelight
-autocmd! User GoyoLeave Limelight!
-
-
-" Disable Copilot by default
-let b:copilot_enabled = v:false
-" keymap to toggle it enabled
-nnoremap <leader>gc :let b:copilot_enabled = !b:copilot_enabled<CR>
--- a/modules/go-webring.nix
+++ b/modules/go-webring.nix
@@ -1,140 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-
-let
-  inherit (lib)
-    mkEnableOption
-    mkPackageOption
-    mkOption
-    types
-    literalExpression
-    mkIf
-    ;
-  cfg = config.services.go-webring;
-
-  defaultAddress = "127.0.0.1:2857";
-in
-
-{
-  options = {
-    services.go-webring = {
-      enable = mkEnableOption "go-webring";
-
-      package = mkPackageOption pkgs "go-webring" { };
-
-      contactInstructions = mkOption {
-        type = types.nullOr types.str;
-        default = null;
-        description = "Contact instructions for errors";
-        example = "contact the admin and let them know what's up";
-      };
-
-      host = mkOption {
-        type = types.str;
-        description = "Host this webring runs on, primarily used for validation";
-        example = "my-webri.ng";
-      };
-
-      homePageTemplate = mkOption {
-        type = types.str;
-        description = ''
-          This should be any HTML file with the string "{{ . }}" placed
-          wherever you want the table of members inserted. This table is
-          plain HTML so you can style it with CSS.
-        '';
-      };
-
-      listenAddress = mkOption {
-        type = types.str;
-        default = defaultAddress;
-        description = "Host and port go-webring will listen on";
-      };
-
-      members = mkOption {
-        type = types.listOf (
-          types.submodule {
-            options = {
-              username = mkOption {
-                type = types.str;
-                description = "Member's name";
-              };
-              site = mkOption {
-                type = types.str;
-                description = "Member's site URL";
-              };
-            };
-          }
-        );
-        description = "List of members in the webring";
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-    systemd.services.go-webring = {
-      description = "go-webring service";
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" ];
-      requires = [ "network.target" ];
-      serviceConfig = {
-        Type = "simple";
-        ExecStart = ''
-          ${lib.getExe cfg.package} \
-            ${lib.optionalString (cfg.contactInstructions != null) ("--contact " + lib.escapeShellArg cfg.contactInstructions)} \
-            --host ${cfg.host} \
-            --index ${pkgs.writeText "index.html" cfg.homePageTemplate} \
-            --listen ${cfg.listenAddress} \
-            --members ${
-              pkgs.writeText "list.txt" (
-                lib.concatMapStrings (member: member.username + " " + member.site + "\n") cfg.members
-              )
-            }
-        '';
-        User = "go-webring";
-        DynamicUser = true;
-        RuntimeDirectory = "go-webring";
-        WorkingDirectory = "/var/lib/go-webring";
-        StateDirectory = "go-webring";
-        RuntimeDirectoryMode = "0750";
-        Restart = "always";
-        RestartSec = 5;
-
-        # Hardening
-        CapabilityBoundingSet = [ "" ];
-        DeviceAllow = [ "" ];
-        LockPersonality = true;
-        MemoryDenyWriteExecute = true;
-        PrivateDevices = true;
-        PrivateUsers = true;
-        ProcSubset = "pid";
-        ProtectClock = true;
-        ProtectControlGroups = true;
-        ProtectHome = true;
-        ProtectHostname = true;
-        ProtectKernelLogs = true;
-        ProtectKernelModules = true;
-        ProtectKernelTunables = true;
-        ProtectProc = "invisible";
-        RestrictAddressFamilies = [
-          "AF_INET"
-          "AF_INET6"
-          "AF_UNIX"
-        ];
-        RestrictNamespaces = true;
-        RestrictRealtime = true;
-        RestrictSUIDSGID = true;
-        SystemCallArchitectures = "native";
-        SystemCallFilter = [
-          "@system-service"
-          "~@privileged"
-        ];
-        UMask = "0077";
-      };
-    };
-    environment.systemPackages = [ cfg.package ];
-  };
-}
--- a/modules/panoptikon.nix
+++ b/modules/panoptikon.nix
@@ -29,7 +29,7 @@
            default = "daily";
          };
          loadCredential = lib.mkOption {
-            type = lib.types.listOf lib.types.str;
+            type = lib.types.listOf lib.types.string;
            description = ''
              This can be used to pass secrets to the systemd service without adding them to the nix store.
            '';
--- a/packages/cheat-sh.nix
+++ b/packages/cheat-sh.nix
@@ -3,7 +3,7 @@
  writers,
  curl,
 }:
-writers.writeDashBin "cht.sh" ''
+writers.writeDashBin "so" ''
  IFS=+
  ${curl}/bin/curl -sSL http://cht.sh/"$*"
 ''
--- a/packages/dic.nix
+++ b/packages/dic.nix
@@ -0,0 +1,43 @@
+{
+  fetchgit,
+  lib,
+  stdenv,
+  coreutils,
+  curl,
+  gnugrep,
+  gnused,
+  util-linux,
+}:
+stdenv.mkDerivation {
+  name = "dic";
+
+  src = fetchgit {
+    url = https://cgit.ni.krebsco.de/dic;
+    rev = "refs/tags/v1.1.1";
+    sha256 = "1gbj967a5hj53fdkkxijqgwnl9hb8kskz0cmpjq7v65ffz3v6vag";
+  };
+
+  phases = [
+    "unpackPhase"
+    "installPhase"
+  ];
+
+  installPhase = let
+    path = lib.makeBinPath [
+      coreutils
+      curl
+      gnused
+      gnugrep
+      util-linux
+    ];
+  in ''
+    mkdir -p $out/bin
+
+    sed \
+      's,^main() {$,&\n  PATH=${path}; export PATH,' \
+      < ./dic \
+      > $out/bin/dic
+
+    chmod +x $out/bin/dic
+  '';
+}
--- a/packages/dirmir.nix
+++ b/packages/dirmir.nix
@@ -0,0 +1,24 @@
+{writers}:
+writers.writeDashBin "dirmir" ''
+  SOURCE="$1"
+  TARGET="$2"
+
+  if [ ! -d "$SOURCE" ] || [ $# -ne 2 ]; then
+    echo >/dev/stderr "Usage: dirmir SOURCE TARGET"
+    exit 1
+  fi
+
+  if [ -e "$TARGET" ]; then
+    echo >/dev/stderr "$TARGET" already exists. Please use a different name.
+    exit 1
+  fi
+
+  find "$SOURCE" | while read -r entry; do
+    if [ -d "$entry" ]; then
+      mkdir -p "$TARGET/$entry"
+    else
+      # create a file with the same permissions as $entry
+      install -m "$(stat -c %a "$entry")" /dev/null "$TARGET/$entry"
+    fi
+  done
+''
--- a/packages/dmenu-bluetooth.nix
+++ b/packages/dmenu-bluetooth.nix
@@ -0,0 +1,64 @@
+{
+  writers,
+  libnotify,
+  dmenu,
+  bluez5,
+  lib,
+}:
+writers.writeDashBin "dmenu-bluetooth" ''
+  # UI for connecting to bluetooth devices
+  set -efu
+  PATH=$PATH=${lib.makeBinPath [libnotify dmenu bluez5]}
+
+  bluetooth_notify() {
+    notify-send --app-name=" Bluetooth" "$@"
+  }
+
+  chose_device() {
+    # the output from `bluetoothctl {paired-,}devices` has a first column which always contains `Device` followed by a MAC address and the device name
+    cut -d ' ' -f2- | dmenu -i -l 5 -p "Bluetooth device"
+  }
+
+  bluetoothctl scan on &
+
+  case "$(printf "pair\nconnect\ndisconnect" | dmenu -i)" in
+    pair)
+      chosen="$(bluetoothctl devices | chose_device)"
+      chosen_name="$(echo "$chosen" | cut -d ' ' -f2-)"
+
+      bluetooth_notify "$chosen_name" "Pairing ..."
+
+      if bluetoothctl pair "$(echo "$chosen" | cut -d ' ' -f1)"; then
+        bluetooth_notify "✔ $chosen_name" "Paired with device."
+      else
+        test "$chosen" && bluetooth_notify "❌ $chosen_name" "Failed to pair with device."
+      fi
+    ;;
+
+    connect)
+      chosen="$(bluetoothctl paired-devices | chose_device)"
+      chosen_name="$(echo "$chosen" | cut -d ' ' -f2-)"
+
+      bluetooth_notify "$chosen_name" "Trying to connect ..."
+
+      if bluetoothctl connect "$(echo "$chosen" | cut -d ' ' -f1)"; then
+        bluetooth_notify "✔ $chosen_name" "Connected to device."
+      else # something was selected but it didn't work
+        test "$chosen" && bluetooth_notify "❌ $chosen_name" "Failed to connect to device."
+      fi
+    ;;
+
+    disconnect)
+      chosen="$(bluetoothctl paired-devices | chose_device)"
+      chosen_name="$(echo "$chosen" | cut -d ' ' -f2-)"
+
+      bluetooth_notify "$chosen_name" "Disconnecting ..."
+
+      if bluetoothctl disconnect "$(echo "$chosen" | cut -d ' ' -f1)"; then
+        bluetooth_notify "✔ $chosen_name" "Disconnected from device."
+      else # something was selected but it didn't work
+        test "$chosen" && bluetooth_notify "❌ $chosen_name" "Failed to disconnect from device."
+      fi
+    ;;
+  esac
+''
--- a/packages/dmenu-scrot.nix
+++ b/packages/dmenu-scrot.nix
@@ -0,0 +1,42 @@
+{
+  writers,
+  lib,
+  dmenu,
+  scrot,
+  libnotify,
+  xclip,
+  screenshotsDirectory ? "/tmp",
+}:
+writers.writeDashBin "dmenu-scrot" ''
+  # ref https://gitlab.com/dwt1/dotfiles/-/blob/master/.dmenu/dmenu-scrot.sh
+  PATH=$PATH:${lib.makeBinPath [dmenu scrot libnotify xclip]}
+
+  APP_NAME="📸 Scrot"
+  IMG_PATH="${screenshotsDirectory}"
+  TIME=3000 #Miliseconds notification should remain visible
+
+  cmd=$(printf "fullscreen\nsection\nupload_fullscreen\nupload_section\n" | dmenu -p 'Screenshot')
+
+  cd "$IMG_PATH" || exit
+  case ''${cmd%% *} in
+    fullscreen)
+      scrot -d 1 \
+        && notify-send -u low -t $TIME -a "$APP_NAME" 'Screenshot (full screen) saved.'
+      ;;
+
+    section)
+      scrot -s \
+        && notify-send -u low -t $TIME -a "$APP_NAME" 'Screenshot (section) saved.'
+      ;;
+
+    upload_fullscreen)
+      scrot -d 1 -e "kpaste < \$f" | tail --lines=1 | xclip -selection clipboard -in \
+        && notify-send -u low -t $TIME -a "$APP_NAME" "Screenshot (full screen) uploaded: $(xclip -selection clipboard -out)"
+      ;;
+
+    upload_section)
+      scrot -s -e "kpaste < \$f" | tail --lines=1 | xclip -selection clipboard -in \
+        &&  notify-send -u low -t $TIME -a "$APP_NAME" "Screenshot (section) uploaded: $(xclip -selection clipboard -out)"
+      ;;
+  esac
+''
--- a/packages/dns-sledgehammer.nix
+++ b/packages/dns-sledgehammer.nix
@@ -0,0 +1,7 @@
+{
+  writers,
+  coreutils,
+}:
+writers.writeDashBin "dns-sledgehammer" ''
+  ${coreutils}/bin/printf '%s\n' 'nameserver 1.1.1.1' 'options edns0' > /etc/resolv.conf
+''
--- a/packages/genius.nix
+++ b/packages/genius.nix
@@ -0,0 +1,28 @@
+{
+  writers,
+  curl,
+  coreutils,
+  gnused,
+  pandoc,
+}:
+writers.writeDashBin "genius" ''
+  ${coreutils}/bin/test "$#" -eq 2 || (
+    echo "usage: $0 <artist> <song>"
+    exit 1
+  )
+
+  normalize() {
+    ${coreutils}/bin/tr -d -c '0-9A-Za-z ' | ${coreutils}/bin/tr ' ' - | ${coreutils}/bin/tr '[:upper:]' '[:lower:]'
+  }
+
+  ARTIST=$(echo "$1" | normalize | ${gnused}/bin/sed 's/./\U&/')
+  TITLE=$(echo "$2" | normalize)
+  GENIUS_URL="https://genius.com/$ARTIST-$TITLE-lyrics"
+
+  ${curl}/bin/curl -s "$GENIUS_URL" \
+    | ${gnused}/bin/sed -ne '/class="lyrics"/,/<\/p>/p' \
+    | ${pandoc}/bin/pandoc -f html -s -t plain \
+    | ${gnused}/bin/sed 's/^_/\x1b[3m/g;s/_$/\x1b[0m/g;s/^\[/\n\x1b\[1m\[/g;s/\]$/\]\x1b[0m/g'
+
+  printf "\n%s\n" "$GENIUS_URL" >/dev/stderr
+''
--- a/packages/git-preview.nix
+++ b/packages/git-preview.nix
@@ -0,0 +1,23 @@
+{
+  coreutils,
+  git,
+  writers,
+}:
+writers.writeDashBin "git-preview" ''
+  set -efu
+  head_commit=$(${git}/bin/git log -1 --format=%H)
+  merge_commit=$1; shift
+  merge_message='Merge for git-preview'
+  preview_dir=$(${coreutils}/bin/mktemp --tmpdir -d git-preview.XXXXXXXX)
+  preview_name=$(${coreutils}/bin/basename "$preview_dir")
+  ${git}/bin/git worktree add --detach -f "$preview_dir" 2>/dev/null
+  ${git}/bin/git -C "$preview_dir" checkout -q "$head_commit"
+  ${git}/bin/git -C "$preview_dir" merge \
+      ''${GIT_PREVIEW_MERGE_STRATEGY+-s "$GIT_PREVIEW_MERGE_STRATEGY"} \
+      -m "$merge_message" \
+      -q \
+      "$merge_commit"
+  ${git}/bin/git -C "$preview_dir" diff "$head_commit.." "$@"
+  ${coreutils}/bin/rm -fR "$preview_dir"
+  ${coreutils}/bin/rm -R .git/worktrees/"$preview_name"
+''
--- a/packages/go-webring.nix
+++ b/packages/go-webring.nix
@@ -1,21 +0,0 @@
-{ buildGoModule, fetchgit, lib }:
-buildGoModule {
-  pname = "go-webring";
-  version = "2024-12-18";
-
-  src = fetchgit {
-    url = "https://git.sr.ht/~amolith/go-webring";
-    rev = "0b5b1bf21ff91119ea2dd042ee9fe94e9d1cd8d4";
-    hash = "sha256-az6vBOGiZmzfsMjYUacXMHhDeRDmVI/arCKCpHeTcns=";
-  };
-
-  vendorHash = "sha256-3PnXB8AfZtgmYEPJuh0fwvG38dtngoS/lxyx3H+rvFs=";
-
-  meta = {
-    mainProgram = "go-webring";
-    description = "Simple webring implementation";
-    homepage = "https://git.sr.ht/~amolith/go-webring";
-    license = lib.licenses.bsd2; # cc0 as well
-    maintainers = [ lib.maintainers.kmein ];
-  };
-}
--- a/packages/hc.nix
+++ b/packages/hc.nix
@@ -9,7 +9,7 @@
  gnugrep,
  qrencode,
  texlive,
-  util-linux,
+  utillinux,
  zbar,
 }:
 stdenv.mkDerivation rec {
@@ -38,7 +38,7 @@ stdenv.mkDerivation rec {
      gnugrep
      qrencode
      texlive.combined.scheme-full
-      util-linux
+      utillinux
      zbar
    ]}
  '';
--- a/packages/heuretes.nix
+++ b/packages/heuretes.nix
@@ -2,7 +2,6 @@
  writers,
  fetchurl,
  xan,
-  util-linux,
 }: let
  database = fetchurl {
    url = "http://c.krebsco.de/greek.csv";
@@ -10,5 +9,5 @@
  };
 in
  writers.writeDashBin "heuretes" ''
-    ${xan}/bin/xan search -s simple "$*" ${database} | ${util-linux}/bin/column -s, -t
+    ${xan}/bin/xan search -s simple "^$*$" ${database} | ${xan}/bin/xan table
  ''
--- a/packages/infschmv.nix
+++ b/packages/infschmv.nix
@@ -0,0 +1,13 @@
+{
+  writers,
+  pup,
+  curl,
+  pandoc,
+  man,
+}:
+writers.writeDashBin "InfSchMV" ''
+  ${curl}/bin/curl -sSL https://www.berlin.de/corona/massnahmen/verordnung/ \
+    | ${pup}/bin/pup .textile \
+    | ${pandoc}/bin/pandoc -f html -t man -s \
+    | ${man}/bin/man -l -
+''
--- a/packages/iolanguage.nix
+++ b/packages/iolanguage.nix
@@ -0,0 +1,29 @@
+{
+  lib,
+  stdenv,
+  cmake,
+  python3,
+  fetchFromGitHub,
+}:
+stdenv.mkDerivation rec {
+  version = "2017.09.06";
+  name = "iolanguage-${version}";
+  src = fetchFromGitHub {
+    owner = "IoLanguage";
+    repo = "io";
+    rev = "${version}";
+    sha256 = "07rg1zrz6i6ghp11cm14w7bbaaa1s8sb0y5i7gr2sds0ijlpq223";
+    fetchSubmodules = true;
+  };
+  buildInputs = [cmake python3];
+  preBuild = "mkdir -p build && cd build";
+  buildPhase = ''
+    cmake -DCMAKE_INSTALL_PREFIX=$out/ ..
+    make all
+  '';
+  meta = with lib; {
+    homepage = "https://iolanguage.org/";
+    description = "Io programming language. Inspired by Self, Smalltalk and LISP.";
+    license = licenses.bsd3;
+  };
+}
--- a/packages/ix.nix
+++ b/packages/ix.nix
@@ -0,0 +1,16 @@
+{
+  stdenv,
+  fetchurl,
+}:
+stdenv.mkDerivation {
+  name = "ix";
+  src = fetchurl {
+    url = "https://ix.io/client";
+    sha256 = "0xc2s4s1aq143zz8lgkq5k25dpf049dw253qxiav5k7d7qvzzy57";
+  };
+  phases = ["installPhase"];
+  installPhase = ''
+    mkdir -p $out/bin
+    install $src $out/bin/ix
+  '';
+}
--- a/packages/jq-lsp.nix
+++ b/packages/jq-lsp.nix
@@ -0,0 +1,16 @@
+{
+  buildGoModule,
+  fetchFromGitHub,
+  lib,
+}:
+buildGoModule {
+  name = "jq-lsp";
+  version = "unstable-2023-09-08";
+  src = fetchFromGitHub {
+    owner = "wader";
+    repo = "jq-lsp";
+    rev = "85edf1adbe5e6c91b37c67b6a4bf85eda1e49f2f";
+    hash = "sha256-ItLKRSbGZ8UqFEHCoh96KwhSpuKZ3l+2ZXnBkHEZL0M=";
+  };
+  vendorHash = "sha256-ppQ81uERHBgOr/bm/CoDSWcK+IqHwvcL6RFi0DgoLuw=";
+}
--- a/packages/klem.nix
+++ b/packages/klem.nix
@@ -42,14 +42,14 @@ in
  pkgs.writers.writeDashBin "klem" ''
    set -efu

-    ${pkgs.xclip}/bin/xclip -selection ${cfg.selection} -out \
+    ${pkgs.wl-clipboard}/bin/wl-paste \
      | case $(echo "${
      lib.concatStringsSep "\n" (lib.attrNames cfg.scripts)
    }" | ${cfg.dmenu}) in
        ${lib.concatStringsSep "\n" (lib.mapAttrsToList scriptCase cfg.scripts)}
        *) ${pkgs.coreutils}/bin/cat ;;
      esac \
-      | ${pkgs.xclip}/bin/xclip -selection ${cfg.selection} -in
+      | ${pkgs.wl-clipboard}/bin/wl-copy

    ${pkgs.libnotify}/bin/notify-send --app-name="klem" "Result copied to clipboard."
  ''
--- a/packages/mahlzeit.nix
+++ b/packages/mahlzeit.nix
@@ -0,0 +1,63 @@
+{
+  lib,
+  fetchFromGitHub,
+  mkDerivation,
+  ansi-terminal,
+  base,
+  directory,
+  doctest,
+  filepath,
+  megaparsec,
+  optparse-applicative,
+  prettyprinter,
+  process,
+  raw-strings-qq,
+  stdenv,
+  tasty,
+  tasty-hunit,
+  text,
+  yaml,
+}:
+mkDerivation {
+  pname = "mahlzeit";
+  version = "0.1.0";
+  src = fetchFromGitHub {
+    owner = "kmein";
+    repo = "mahlzeit";
+    rev = "954c0fb3f45815999bc65d003794af6a850b069c";
+    sha256 = "046yrr40hjmxkjmwzcvmwb39fxx2v2i6hgdxrjfiwilzvhikarrg";
+  };
+  isLibrary = true;
+  isExecutable = true;
+  libraryHaskellDepends = [
+    ansi-terminal
+    base
+    directory
+    filepath
+    megaparsec
+    prettyprinter
+    text
+    yaml
+  ];
+  executableHaskellDepends = [
+    ansi-terminal
+    base
+    directory
+    filepath
+    optparse-applicative
+    process
+    text
+    yaml
+  ];
+  testHaskellDepends = [
+    base
+    doctest
+    megaparsec
+    raw-strings-qq
+    tasty
+    tasty-hunit
+  ];
+  homepage = "https://github.com/kmein/mahlzeit";
+  description = "Recipe toolkit";
+  license = lib.licenses.mit;
+}
--- a/packages/meteo.nix
+++ b/packages/meteo.nix
@@ -0,0 +1,89 @@
+{
+  writers,
+  lib,
+  jq,
+  curl,
+  xdotool,
+  nsxiv,
+  gnused,
+  defaultStation ? 103840,
+}:
+writers.writeDashBin "meteo" ''
+    # usage: meteo --list
+    # usage: meteo --update
+    # usage: meteo STATION
+    set -efu
+
+    PATH=$PATH:${lib.makeBinPath [jq curl xdotool nsxiv gnused]}
+
+    # TODO XDG
+    CONFIG_DIR=$HOME/.config/wetter
+    STATIONS_FILE=$CONFIG_DIR/stations.json
+
+    case ''${1-} in
+      --list)
+        sed -n 's/^\s*\(--[^)]\+\))$/\1/p' "$0"
+        jq -r -n \
+        --slurpfile stations_file "$STATIONS_FILE" \
+        '
+          $stations_file[0] as $known_stations |
+
+          $known_stations | keys[]
+        '
+        exit
+      ;;
+      --update)
+        mkdir -p "$(dirname "$STATIONS_FILE")"
+        exec >"$STATIONS_FILE"
+
+        curl -fsSL http://wetterstationen.meteomedia.de/ |
+        jq -Rrs '
+          def decodeHTML:
+            gsub("&auml;";"ä") |
+            gsub("&ouml;";"ö") |
+            gsub("&uuml;";"ü") |
+            gsub("&Auml;";"Ä") |
+            gsub("&Ouml;";"Ö") |
+            gsub("&Uuml;";"Ü") |
+            gsub("&szlig;";"ß")
+            ;
+          [
+            match(".*<option value=\"/\\?map=Deutschland&station=(?<station>[0-9]+)\">(?<name>[^<]+)</option>";"g")
+            .captures |
+            map({"\(.name)":(.string)}) |
+            add |
+            {"\(.name|decodeHTML)":(.station|tonumber)}
+          ] |
+          add
+        '
+        exit
+      ;;
+    esac
+
+  # set -x
+
+    station=''${1-${toString defaultStation}}
+    station=$(jq -e -n \
+    --arg station "$station" \
+    --slurpfile stations_file "$STATIONS_FILE" \
+    '
+      $stations_file[0] as $known_stations |
+
+      $station |
+      if test("^[0-9]+$") then
+        tonumber
+      else
+        $known_stations[.]
+      end
+    ')
+    cache="/tmp/''${LOGNAME}_wetter_$station.png"
+    curl -sSL \
+        "http://wetterstationen.meteomedia.de/messnetz/vorhersagegrafik/$station.png" \
+        -o "$cache"
+
+    if window_id=$(xdotool search --name "^nsxiv - $cache$"); then
+      xdotool key --window "$window_id" r
+    else
+      nsxiv "$cache" &
+    fi
+''
--- a/packages/nix-index-update.nix
+++ b/packages/nix-index-update.nix
@@ -0,0 +1,13 @@
+{
+  writers,
+  wget,
+  system,
+}:
+writers.writeDashBin "nix-index-update" ''
+  filename="index-${system}"
+  mkdir -p ~/.cache/nix-index
+  cd ~/.cache/nix-index
+  # -N will only download a new version if there is an update.
+  ${wget}/bin/wget -q -N https://github.com/Mic92/nix-index-database/releases/latest/download/$filename
+  ln -f $filename files
+''
--- a/packages/notemenu.nix
+++ b/packages/notemenu.nix
@@ -1,7 +1,7 @@
 {
  writers,
  lib,
-  rofi,
+  wofi,
  findutils,
  coreutils,
  noteDirectory ? "~/state/obsidian",
@@ -11,7 +11,7 @@
 writers.writeDashBin "notemenu" ''
  set -efu
  PATH=$PATH:${
-    lib.makeBinPath [rofi findutils coreutils]
+    lib.makeBinPath [wofi findutils coreutils]
  }

  cd ${noteDirectory}
@@ -21,7 +21,7 @@ writers.writeDashBin "notemenu" ''
    echo $(date -I -d yesterday).md
  ''}
    find . -not -path '*/.*' -type f -printf "%T@ %p\n" | sort --reverse --numeric-sort | cut --delimiter=" " --fields=2-
-  } | rofi -dmenu -i -p 'notes')
+  } | wofi -dmenu -i -p 'notes')
  if test "$note_file"
  then
    alacritty --working-directory ${noteDirectory} -e ${niveumPackages.obsidian-vim}/bin/nvim "$note_file"
--- a/packages/obsidian-vim.nix
+++ b/packages/obsidian-vim.nix
@@ -22,7 +22,7 @@ neovim.override {
        \ 'path': '${obsidiantVaultDirectory}',
        \ 'syntax': 'markdown',
        \ 'ext': '.md',
-        \ 'diary_rel_path': '.',
+        \ 'diary_rel_path' '.',
        \}]

      let NERDTreeSortOrder = ['[[-timestamp]]']
@@ -35,6 +35,7 @@ neovim.override {
      vimPlugins.nerdtree
      vimPlugins.fzf-vim
      vimPlugins.fzfWrapper
+      vimPlugins.vim-fugitive
    ];
  };
 }
--- a/packages/passmenu.nix
+++ b/packages/passmenu.nix
@@ -0,0 +1,18 @@
+{ writers, wofi, pass, fd, libnotify, ... }:
+writers.writeBashBin "passmenu" ''
+  shopt -s nullglob globstar
+
+  IFS=$'\n'
+
+  prefix=$(readlink -f ''${PASSWORD_STORE_DIR-~/.password-store})
+  password_files=( $( ${fd}/bin/fd -L ".gpg\$" "$prefix" ) )
+  password_files=( "''${password_files[@]#"$prefix"/}" )
+  password_files=( "''${password_files[@]%.gpg}" )
+
+  password=$( printf '%s\n' "''${password_files[@]}" | ${wofi}/bin/wofi -i -k /dev/null -d menu -- "$@" )
+
+  [[ -n $password ]] || exit
+
+  OUT=$(${pass}/bin/pass show --clip "$password")
+  ${libnotify}/bin/notify-send -t 5000 "$(echo "$OUT" | grep '^login:' | sed 's/^login: //')"
+''
--- a/packages/pls.nix
+++ b/packages/pls.nix
@@ -1,7 +1,6 @@
 {
  lib,
  writers,
-  yt-dlp,
  miller,
  gnused,
  curl,
@@ -96,10 +95,6 @@
    "ich kann damit leben"
    "es ist was es ist"
  ];
-
-  download = writers.writeDash "download" ''
-    ${yt-dlp}/bin/yt-dlp --add-metadata --audio-format mp3 --audio-quality 0 -xic "$@"
-  '';
 in
  writers.writeDashBin "pls" ''
    case "$1" in
--- a/packages/qrpaste.nix
+++ b/packages/qrpaste.nix
@@ -2,7 +2,7 @@
  writers,
  mktemp,
  qrencode,
-  xclip,
+  wl-clipboard,
  nsxiv,
 }:
 writers.writeDashBin "qrpaste" ''
@@ -11,6 +11,6 @@ writers.writeDashBin "qrpaste" ''
  clean() {
    rm "$file"
  }
-  ${qrencode}/bin/qrencode "$(${xclip}/bin/xclip -selection clipboard -out)" -o "$file"
+  ${qrencode}/bin/qrencode "$(${wl-clipboard}/bin/wl-paste)" -o "$file"
  ${nsxiv}/bin/nsxiv "$file"
 ''
--- a/packages/rfc.nix
+++ b/packages/rfc.nix
@@ -1,8 +1,10 @@
 {
  writers,
  curl,
+  pup,
  gawk,
  gnused,
+  gnugrep,
  less,
  fzf,
 }:
--- a/packages/scanned.nix
+++ b/packages/scanned.nix
@@ -2,12 +2,8 @@
 {
  writers,
  imagemagick,
-  ghostscript,
-  lib
 }:
 writers.writeDashBin "scanned" ''
-  export PATH=${lib.makeBinPath [ imagemagick ghostscript ]}:$PATH
-
  [ $# -eq 1 -a -f "$1" -a -r "$1" ] || exit 1

  ${imagemagick}/bin/convert \
--- a/packages/stag.nix
+++ b/packages/stag.nix
@@ -1,45 +0,0 @@
-{
-  lib,
-  stdenv,
-  fetchFromGitHub,
-  ncurses,
-  taglib,
-  zlib,
-}:
-stdenv.mkDerivation rec {
-  pname = "stag";
-  version = "1.0";
-
-  src = fetchFromGitHub {
-    owner = "smabie";
-    repo = "stag";
-    rev = "v${version}";
-    hash = "sha256-IWb6ZbPlFfEvZogPh8nMqXatrg206BTV2DYg7BMm7R4=";
-  };
-
-  buildInputs = [
-    ncurses
-    taglib
-    zlib
-  ];
-
-  buildPhase = ''
-    make all
-  '';
-
-  installPhase = ''
-    mkdir -p $out/bin
-    cp stag $out/bin/
-
-    mkdir -p $out/man/man1
-    mv stag.1 $out/man/man1/
-  '';
-  meta = {
-    description = "public domain utf8 curses based audio file tagger";
-    homepage = "https://github.com/smabie/stag";
-    license = lib.licenses.publicDomain;
-    maintainers = [ lib.maintainers.kmein ];
-    platforms = lib.platforms.unix;
-    source = src;
-  };
-}
--- a/packages/ttspaste.nix
+++ b/packages/ttspaste.nix
@@ -1,10 +1,10 @@
 {
  writers,
-  xclip,
+  wl-clipboard,
  espeak,
 }:
 writers.writeDashBin "ttspaste" ''
-  ${xclip}/bin/xclip -selection clipboard -out | ${espeak}/bin/espeak
+  ${wl-clipboard}/bin/paste | ${espeak}/bin/espeak
 ''
 # curl, mpv,
 # ${curl}/bin/curl -G http://tts.r/api/tts --data-urlencode 'text@-' | ${mpv}/bin/mpv -
--- a/packages/unicodmenu.nix
+++ b/packages/unicodmenu.nix
@@ -8,7 +8,7 @@
  dmenu,
  gnused,
  libnotify,
-  xclip,
+  wl-clipboard,
  xdotool,
  gawk,
  fetchFromGitHub,
@@ -90,7 +90,7 @@ in
  writers.writeDashBin "unicodmenu" ''
    history_file=$HOME/.cache/unicodmenu
    touch "$history_file"
-    PATH=${lib.makeBinPath [coreutils dmenu gawk gnused libnotify xclip xdotool]}
+    PATH=${lib.makeBinPath [coreutils dmenu gawk gnused libnotify wl-clipboard xdotool]}

    all_characters() {
      tac "$history_file"
@@ -101,7 +101,7 @@ in

    [ "$chosen" != "" ] || exit

-    echo "$chosen" | tr -d '\n' | xclip -selection clipboard
+    echo "$chosen" | tr -d '\n' | wl-copy

    if [ -n "$1" ]; then
      xdotool key Shift+Insert
--- a/packages/vim.nix
+++ b/packages/vim.nix
@@ -40,13 +40,6 @@

        editorconfig-vim

-        copilot-vim
-
-        goyo
-        limelight-vim
-        niveumPackages.vimPlugins-mdwa-nvim
-        niveumPackages.vimPlugins-vim-ernest
-
        fzf-vim
        fzfWrapper
        supertab
@@ -81,7 +74,6 @@
        dhall-vim
        elm-vim
        emmet-vim
-        vim-elixir
        haskell-vim
        niveumPackages.vimPlugins-icalendar-vim
        niveumPackages.vimPlugins-jq-vim
--- a/packages/vimPlugins/cheat-sh.nix
+++ b/packages/vimPlugins/cheat-sh.nix
@@ -1,7 +1,7 @@
 {
  vimUtils,
  fetchFromGitHub,
-}: (vimUtils.buildVimPlugin {
+}: (vimUtils.buildVimPluginFrom2Nix {
  pname = "cheat.sh-vim";
  version = "826219d1";
  src = fetchFromGitHub {
--- a/packages/vimPlugins/icalendar-vim.nix
+++ b/packages/vimPlugins/icalendar-vim.nix
@@ -1,7 +1,7 @@
 {
  vimUtils,
  fetchFromGitHub,
-}: (vimUtils.buildVimPlugin {
+}: (vimUtils.buildVimPluginFrom2Nix {
  pname = "icalendar.vim";
  version = "542fff45";
  src = fetchFromGitHub {
--- a/packages/vimPlugins/jq-vim.nix
+++ b/packages/vimPlugins/jq-vim.nix
@@ -2,7 +2,7 @@
  vimUtils,
  fetchFromGitHub,
 }:
-vimUtils.buildVimPlugin {
+vimUtils.buildVimPluginFrom2Nix {
  pname = "jq.vim";
  version = "5baf8ed1";
  src = fetchFromGitHub {
--- a/packages/vimPlugins/mdwa-nvim.nix
+++ b/packages/vimPlugins/mdwa-nvim.nix
@@ -1,13 +0,0 @@
-{
-  vimUtils,
-  fetchFromGitHub,
-}: (vimUtils.buildVimPlugin {
-  pname = "mdwa.nvim";
-  version = "9f37270";
-  src = fetchFromGitHub {
-    owner = "tihawk";
-    repo = "mdwa.nvim";
-    rev = "9f3727037e0d85fd0930334b91b9687a5a880192";
-    hash = "sha256-h2jy2E+pN2Ma/5n9Eq2oXr9xHma2OxxVvx9EJ+bIYxA=";
-  };
-})
--- a/packages/vimPlugins/typst-vim.nix
+++ b/packages/vimPlugins/typst-vim.nix
@@ -2,7 +2,7 @@
  vimUtils,
  fetchFromGitHub,
 }:
-vimUtils.buildVimPlugin {
+vimUtils.buildVimPluginFrom2Nix {
  pname = "typst.vim";
  version = "2882f21";
  src = fetchFromGitHub {
--- a/packages/vimPlugins/vim-256noir.nix
+++ b/packages/vimPlugins/vim-256noir.nix
@@ -2,7 +2,7 @@
  vimUtils,
  fetchFromGitHub,
 }:
-vimUtils.buildVimPlugin {
+vimUtils.buildVimPluginFrom2Nix {
  pname = "vim-256noir";
  version = "e8668a18";
  src = fetchFromGitHub {
--- a/packages/vimPlugins/vim-colors-paramount.nix
+++ b/packages/vimPlugins/vim-colors-paramount.nix
@@ -2,7 +2,7 @@
  vimUtils,
  fetchFromGitHub,
 }:
-vimUtils.buildVimPlugin {
+vimUtils.buildVimPluginFrom2Nix rec {
  pname = "vim-colors-paramount";
  version = "a5601d36";
  src = fetchFromGitHub {
--- a/packages/vimPlugins/vim-ernest.nix
+++ b/packages/vimPlugins/vim-ernest.nix
@@ -1,14 +0,0 @@
-{
-  vimUtils,
-  fetchFromGitHub,
-  lib,
-}: (vimUtils.buildVimPlugin {
-  pname = "vim-ernest";
-  version = "4b99bc3";
-  src = fetchFromGitHub {
-    owner = "lgalke";
-    repo = "vim-ernest";
-    rev = "4b99bc3fe3deb7bb958ad2f64cad93569eeb50d7";
-    hash = "sha256-AUuRnnZU39XUerBxNelEqVyDAalRm3VGNUQb15fjXjM=";
-  };
-})
--- a/packages/vimPlugins/vim-fetch.nix
+++ b/packages/vimPlugins/vim-fetch.nix
@@ -1,7 +1,7 @@
 {
  vimUtils,
  fetchFromGitHub,
-}: (vimUtils.buildVimPlugin {
+}: (vimUtils.buildVimPluginFrom2Nix rec {
  pname = "vim-fetch";
  version = "76c08586";
  src = fetchFromGitHub {
--- a/packages/vimPlugins/vim-fsharp.nix
+++ b/packages/vimPlugins/vim-fsharp.nix
@@ -2,7 +2,7 @@
  vimUtils,
  fetchFromGitHub,
 }:
-vimUtils.buildVimPlugin {
+vimUtils.buildVimPluginFrom2Nix {
  pname = "vim-fsharp";
  version = "627db7d7";
  src = fetchFromGitHub {
--- a/packages/vimPlugins/vim-mail.nix
+++ b/packages/vimPlugins/vim-mail.nix
@@ -2,7 +2,7 @@
  vimUtils,
  fetchFromGitHub,
 }:
-vimUtils.buildVimPlugin {
+vimUtils.buildVimPluginFrom2Nix {
  pname = "vim-mail";
  version = "acdbb5bd";
  src = fetchFromGitHub {
--- a/packages/vimPlugins/vim-reason-plus.nix
+++ b/packages/vimPlugins/vim-reason-plus.nix
@@ -1,7 +1,7 @@
 {
  vimUtils,
  fetchFromGitHub,
-}: (vimUtils.buildVimPlugin {
+}: (vimUtils.buildVimPluginFrom2Nix {
  pname = "vim-reason-plus";
  version = "c11a2940";
  src = fetchFromGitHub {
--- a/packages/weechat-declarative.nix
+++ b/packages/weechat-declarative.nix
@@ -1,6 +1,7 @@
 {
  pkgs,
  lib,
+  unstablePackages,
  ...
 } @ args: let
  # config cannot be declared in the input attribute set because that would
@@ -136,7 +137,7 @@
    ))
  );

-  weechatPkg = pkgs.weechat.override {
+  weechat = unstablePackages.weechat.override {
    configure = _: {
      init = "/exec -oc cat ${setFile}";

@@ -162,14 +163,14 @@
        cfg.files
      )
    }
-    exec ${weechatPkg}/bin/weechat "$@"
+    exec ${weechat}/bin/weechat "$@"
  '';
 in
  pkgs.symlinkJoin {
    name = "weechat-configured";
    paths = [
      wrapper
-      weechatPkg
+      unstablePackages.weechat
    ];
    postBuild = ''
      ln -s ${setFile} $out/weechat.set
--- a/2
+++ b/2
--- a/secrets.txt
+++ b/secrets.txt
@@ -1,11 +1,8 @@
 secrets/alertmanager-token-reporters.age
-secrets/brevo-key.age
 secrets/cifs-credentials-zodiac.age
-secrets/copecart-ipn.age
 secrets/di-fm-key.age
 secrets/email-password-cock.age
 secrets/email-password-fysi.age
-secrets/email-password-ical-ephemeris.age
 secrets/email-password-letos.age
 secrets/email-password-meinhak99.age
 secrets/email-password-posteo.age
@@ -79,7 +76,6 @@ secrets/telegram-token-proverb.age
 secrets/telegram-token-reverse.age
 secrets/telegram-token-streaming-link.age
 secrets/weechat-sec.conf.age
-secrets/wifi.age
 secrets/zaatar-moodle-dl-basicAuth.age
 secrets/zaatar-moodle-dl-tokens.json.age
 secrets/zaatar-retiolum-privateKey-ed25519.age
--- a/systems/fatteh/configuration.nix
+++ b/systems/fatteh/configuration.nix
@@ -9,7 +9,6 @@ in {
    ./hardware-configuration.nix
    ../../configs/networkmanager.nix
    ../../configs/default.nix
-    ../../configs/0ad.nix
    # ../../configs/gnome.nix
  ];

@@ -41,6 +40,8 @@ in {
    wireguard-aether-psk.file = ../../secrets/fatteh-wireguard-aether-psk.age;
  };

+  networking.wg-quick.interfaces.aether.address = ["192.168.178.202/24"];
+
  networking.hostName = "fatteh";
  networking.retiolum = retiolumAddresses.fatteh;

--- a/systems/ful/configuration.nix
+++ b/systems/ful/configuration.nix
@@ -12,9 +12,8 @@ in {
    ./radio.nix
    ./panoptikon.nix
    ./hledger.nix
-    ./go-webring.nix
-    ./gemini.nix
    ./wallabag.nix
+    ./alew.nix
    ../../configs/monitoring.nix
    ../../configs/mycelium.nix
    ../../configs/tor.nix
@@ -70,6 +69,65 @@ in {
    ];
  };

+
+  users.users.servant = {
+    isSystemUser = true;
+    group = "servant";
+  };
+  users.groups.servant = {};
+  systemd.services.servant = {
+    enable = true;
+    environment.PORT = toString 18987;
+    environment.VIRTUAL_HOST = "https://openapiaiapi.kmein.de";
+    serviceConfig.ExecStart = pkgs.writers.writeHaskell "server" {
+      libraries = with pkgs.haskellPackages; [
+        servant
+        servant-server
+        servant-openapi3
+        servant-swagger-ui
+        servant-client
+        aeson
+        text
+        warp
+        uuid
+        lens
+      ];
+      ghcArgs = ["-O3" "-threaded"];
+    } ./servant-openapi.hs;
+    serviceConfig.User = "servant";
+    serviceConfig.Group = "servant";
+  };
+
+  services.htgen.openapi-conversion = {
+    port = 18988;
+    script = ''. ${pkgs.writers.writeDash "openapi-conversion" ''
+      case "$Method $Request_URI" in
+        "GET /openapi-3.1.json")
+          schema=$(mktemp -d)
+          trap 'rm -rf $schema' EXIT
+          ${pkgs.wget}/bin/wget http://127.0.0.1:${toString 18987}/openapi.json -O "$schema"/openapi.json
+          cat  "$schema"/openapi.json >&2
+          PATH=${lib.makeBinPath [pkgs.bashInteractive pkgs.nodejs]} ${pkgs.nodejs}/bin/npx --yes openapi-format "$schema"/openapi.json --convertTo "3.1" -o "$schema"/openapi-new.json
+          printf 'HTTP/1.1 200 OK\r\n'
+          printf 'Content-Type: %s\r\n' "$(${pkgs.file}/bin/file -ib "$schema"/openapi-new.json)"
+          printf 'Server: %s\r\n' "$Server"
+          printf 'Connection: close\r\n'
+          printf 'Content-Length: %d\r\n' $(${pkgs.coreutils}/bin/wc -c < "$schema"/openapi-new.json)
+          printf '\r\n'
+          cat "$schema"/openapi-new.json
+          exit
+        ;;
+      esac
+    ''}'';
+  };
+
+  services.nginx.virtualHosts."openapiaiapi.kmein.de" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/openapi-3.1.json".proxyPass = "http://127.0.0.1:${toString 18988}";
+    locations."/".proxyPass = "http://127.0.0.1:${toString 18987}";
+  };
+
  networking = {
    firewall.allowedTCPPorts = [80 443];
    hostName = "ful";
--- a/systems/ful/gemini.nix
+++ b/systems/ful/gemini.nix
@@ -1,15 +0,0 @@
-{ config, ... }:
-{
-  networking.firewall.allowedTCPPorts = [ 1965 ];
-  services.agate = {
-    enable = true;
-    addresses = [ "0.0.0.0:1965" ];
-    hostnames = [ "kmein.de" ];
-    language = "de";
-  };
-
-  services.restic.backups.niveum.paths = [
-    config.services.agate.contentDir
-    config.services.agate.certificatesDir
-  ];
-}
--- a/systems/ful/go-webring.nix
+++ b/systems/ful/go-webring.nix
@@ -1,39 +0,0 @@
-{ config, niveumPackages ,... }:
-let
-  port = 2857;
-in
-{
-  services.go-webring = {
-    enable = true;
-    host = "dichtungsring.kmein.de";
-    listenAddress = "127.0.0.1:${toString port}";
-    package = niveumPackages.go-webring;
-    members = [
-      { username = "meteora"; site = "meteora.xn--kiern-0qa.de"; }
-      { username = "huldra"; site = "huldras-halbtraum.com"; }
-    ];
-    homePageTemplate = ''
-      <!DOCTYPE html>
-      <html lang="de">
-      <head>
-        <meta charset="UTF-8">
-        <meta name="viewport" content="width=device-width, initial-scale=1.0">
-        <title>Dichtungsring</title>
-      </head>
-      <body>
-        <h1>Willkommen beim Dichtungs-Ring</h1>
-        <p>Ein <a href="https://de.wikipedia.org/wiki/Webring">Webring</a> für die Dichtung.</p>
-        <section id="members">
-        <table><tbody>{{ . }}</tbody></table>
-        </section>
-      </body>
-      </html>
-    '';
-  };
-
-  services.nginx.virtualHosts."dichtungsring.kmein.de" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/".proxyPass = "http://${config.services.go-webring.listenAddress}";
-  };
-}
--- a/systems/ful/matomo.nix
+++ b/systems/ful/matomo.nix
@@ -21,7 +21,7 @@ in {
    nginx = {
      serverName = "matomo.kmein.de";
    };
-    package = pkgs.matomo;
+    package = pkgs.matomo_5;
  };

  services.mysql = {
--- a/systems/ful/servant-openapi.hs
+++ b/systems/ful/servant-openapi.hs
@@ -0,0 +1,119 @@
+
+{-# LANGUAGE DataKinds #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE TypeOperators #-}
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE OverloadedStrings #-}
+
+module Main where
+
+import Data.Aeson (ToJSON, FromJSON)
+import GHC.Generics (Generic)
+import Data.String (IsString(..))
+import Network.Wai (Application)
+import Network.Wai.Handler.Warp (run)
+import Servant
+import Servant.Client (HasClient (..))
+import Servant.OpenApi (HasOpenApi(..), toOpenApi)
+import qualified Data.Version as Version
+import Servant.Swagger.UI (SwaggerSchemaUI, swaggerSchemaUIServer)
+import Data.OpenApi (ToSchema, servers, license, info, description, version, title)
+import qualified Data.OpenApi as OpenApi
+import Control.Concurrent.MVar (MVar, newMVar, modifyMVar, readMVar)
+import System.Environment (getEnv)
+import Control.Monad.IO.Class (liftIO)
+import Control.Lens
+import qualified Data.Text as T
+import GHC.Generics
+import GHC.TypeLits
+import Data.UUID (UUID)
+import Data.UUID.V4 (nextRandom)
+import qualified Data.UUID as UUID
+
+-- Define a simple data type
+data User = User
+  { userId :: UUID
+  , name   :: String
+  , age    :: Int
+  } deriving (Generic, Show)
+
+instance ToJSON User
+instance FromJSON User
+instance ToSchema User
+
+-- Define the API type
+type API = "users" :> OperationId "getUsers" :> Get '[JSON] [User]
+      :<|> "users" :> OperationId "insertUser" :> ReqBody '[JSON] User :> Post '[JSON] User
+      :<|> "users" :> OperationId "updateUser" :> Capture "id" UUID :> ReqBody '[JSON] User :> Put '[JSON] User
+      :<|> "users" :> OperationId "deleteUser" :> Capture "id" UUID :> Delete '[JSON] NoContent
+
+-- Define the API with Swagger endpoints
+type APIWithSwagger = API
+      :<|> SwaggerSchemaUI "swagger-ui" "openapi.json"
+
+
+data OperationId (name :: Symbol)
+
+instance HasServer subApi ctx => HasServer (OperationId name :> subApi) ctx where
+  type ServerT (OperationId name :> subApi) m = ServerT subApi m
+  route _ = route (Proxy @subApi)
+  hoistServerWithContext _ = hoistServerWithContext (Proxy @subApi)
+
+instance (HasOpenApi subApi, KnownSymbol name) => HasOpenApi (OperationId name :> subApi) where
+  toOpenApi _ = toOpenApi (Proxy @subApi) & OpenApi.allOperations . OpenApi.operationId ?~ apiName
+    where
+      apiName = T.pack $ symbolVal (Proxy @name)
+
+instance HasClient m api => HasClient m (OperationId name :> api) where
+  type Client m (OperationId name :> api) = Client m api
+  clientWithRoute pm Proxy = clientWithRoute pm (Proxy :: Proxy api)
+  hoistClientMonad pm _ = hoistClientMonad pm (Proxy :: Proxy api)
+
+-- Handlers for the API
+getUsers :: MVar [User] -> Handler [User]
+getUsers usersVar = liftIO $ readMVar usersVar
+
+addUser :: MVar [User] -> User -> Handler User
+addUser usersVar newUser = liftIO $ do
+    newId <- nextRandom
+    let userWithId = newUser { userId = newId }
+    modifyMVar usersVar $ \users -> return (userWithId : users, userWithId)
+
+updateUser :: MVar [User] -> UUID -> User -> Handler User
+updateUser usersVar uid updatedUser = liftIO $ do
+    modifyMVar usersVar $ \users ->
+        let newUsers = map (\user -> if userId user == uid then updatedUser { userId = uid } else user) users
+        in return (newUsers, updatedUser { userId = uid })
+
+deleteUser :: MVar [User] -> UUID -> Handler NoContent
+deleteUser usersVar uid = liftIO $ do
+    modifyMVar usersVar $ \users ->
+        let newUsers = filter (\user -> userId user /= uid) users
+        in return (newUsers, NoContent)
+
+-- Implement the server
+server :: OpenApi.Server -> MVar [User] -> Server APIWithSwagger
+server virtualHost usersVar = (getUsers usersVar
+              :<|> addUser usersVar
+              :<|> updateUser usersVar
+              :<|> deleteUser usersVar)
+              :<|> swaggerSchemaUIServer (toOpenApi (Proxy :: Proxy API)
+                  & info.title        .~ "OpenAPI AI API"
+                  & info.version      .~ "1.0"
+                  & info.description  ?~ "This is an API for AI with OpenAPI"
+                  & info.license      ?~ "MIT"
+                  & servers           .~ [virtualHost])
+
+-- Create the application
+app :: OpenApi.Server -> MVar [User] -> Application
+app virtualHost usersVar = serve (Proxy :: Proxy APIWithSwagger) (server virtualHost usersVar)
+
+-- Main entry point
+main :: IO ()
+main = do
+    initialUsers <- mapM (\(name, age) -> nextRandom >>= \uid -> return (User uid name age)) [("Alice", 30), ("Bob", 25)]
+    usersVar <- newMVar initialUsers
+    virtualHost <- getEnv "VIRTUAL_HOST"
+    port <- read <$> getEnv "PORT"  -- Assuming PORT is a number
+    run port (app (fromString virtualHost) usersVar)
+
--- a/systems/kabsa/configuration.nix
+++ b/systems/kabsa/configuration.nix
@@ -1,11 +1,16 @@
 {
  config,
+  niveumPackages,
  pkgs,
  lib,
+  inputs,
  ...
-}: let
+}:
+let
+  # TODO wrap obsidian: obsidian --no-sandbox --ozone-platform=wayland --ozone-platform-hint=auto --enable-features=UseOzonePlatform,WaylandWindowDecorations %U
  inherit (import ../../lib) retiolumAddresses;
-in {
+in
+{
  imports = [
    ../kibbeh/hardware-configuration.nix
    ../../configs/tlp.nix
@@ -45,11 +50,13 @@ in {
    wireguard-aether-psk.file = ../../secrets/kabsa-wireguard-aether-psk.age;
  };

-  environment.systemPackages = [pkgs.zeroad];
+  networking.wg-quick.interfaces.aether.address = [ "192.168.178.203/24" ];
+
+  environment.systemPackages = [ pkgs.zeroad ];

  networking = {
    hostName = "kabsa";
-    wireless.interfaces = ["wlp3s0"];
+    wireless.interfaces = [ "wlp3s0" ];
    retiolum = retiolumAddresses.kabsa;
  };

--- a/systems/kibbeh/configuration.nix
+++ b/systems/kibbeh/configuration.nix
@@ -14,6 +14,7 @@
    ../../configs/sound.nix
    ../../configs/printing.nix
    ../../configs/nix.nix
+    ../../configs/flix.nix
    ../../configs/fonts.nix
    ../../configs/mycelium.nix
    ../../configs/retiolum.nix
@@ -79,6 +80,7 @@
      niveumPackages.mpv-tv
      telegram-desktop
      (niveumPackages.mpv-radio.override { di-fm-key-file = config.age.secrets.di-fm-key.path; })
+      niveumPackages.meteo
      spotify
    ];
  };
--- a/systems/maakaron/home.nix
+++ b/systems/maakaron/home.nix
@@ -0,0 +1,103 @@
+{
+  config,
+  pkgs,
+  lib,
+  inputs,
+  niveumPackages,
+  ...
+}: let
+  system = "x86_64-darwin";
+
+  nextcloud = "${config.home.homeDirectory}/Nextcloud/ZODIAC";
+
+  hora = pkgs.callPackage ../../packages/hora.nix {
+    timeLedger = "${nextcloud}/hora.timeclock";
+  };
+
+  adminEssentials = import ../../configs/admin-essentials.nix {
+    inherit pkgs niveumPackages lib system;
+  };
+
+  stardict = import ../../configs/stardict.nix {
+    inherit pkgs lib inputs;
+  };
+
+  git = import ../../configs/git.nix {
+    inherit pkgs lib inputs system;
+  };
+in {
+  home.packages =
+    [
+      hora
+      niveumPackages.vim
+      pkgs.ghc
+      pkgs.python3
+    ]
+    ++ adminEssentials.environment.systemPackages
+    ++ git.environment.systemPackages;
+  #++ stardict.environment.systemPackages;
+
+  home.shellAliases =
+    adminEssentials.environment.shellAliases
+    // git.environment.shellAliases;
+
+  programs.git = git.home-manager.users.me.programs.git;
+
+  programs.zsh = let
+    promptColours = {
+      success = "green";
+      failure = "red";
+    };
+  in {
+    autocd = true;
+    defaultKeymap = "viins";
+    enableAutosuggestions = true;
+    enableCompletion = true;
+    enable = true;
+    historySubstringSearch.enable = true;
+    syntaxHighlighting.enable = true;
+    syntaxHighlighting.highlighters = ["main" "brackets" "pattern" "line"];
+    initExtra = ''
+      # ref https://gist.github.com/meeech/0b97a86f235d10bc4e2a1116eec38e7e
+      if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ];
+      then
+        . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
+      fi
+
+      precmd () {
+        if [[ -n $IN_NIX_SHELL ]]; then
+          PROMPT='%B%~%b %(?.%F{${promptColours.success}}.%F{${promptColours.failure}})λ%f '
+        else
+          PROMPT='%B%~%b %(?.%F{${promptColours.success}}.%F{${promptColours.failure}})%#%f '
+        fi
+        print -Pn "\e]2;%n@%M:%~\a" # title bar prompt
+      }
+      zle-keymap-select zle-line-init () {
+        case $KEYMAP in
+          vicmd) print -n '\e]12;green\a';;
+          viins|main) print -n '\e]12;gray\a';;
+        esac
+      }
+      zle -N zle-line-init
+      zle -N zle-keymap-select
+    '';
+  };
+
+  home.sessionVariables.EDITOR = "${niveumPackages.vim}/bin/nvim";
+  home.file."Local Applications".source = pkgs.symlinkJoin {
+    name = "local-applications";
+    paths = [pkgs.anki-bin pkgs.dbeaver pkgs.vscode pkgs.stellarium];
+  };
+  home.stateVersion = "23.11";
+  home.username = "xm7234fu";
+  home.homeDirectory = "/Users/${config.home.username}";
+  nixpkgs.config.allowUnfree = true;
+  nix.package = pkgs.nixVersions.stable;
+  nix.extraOptions = "experimental-features = nix-command flakes";
+}
+
+/*
+hora register -p weekly --depth 1 --empty
+
+
+*/
--- a/systems/makanek/configuration.nix
+++ b/systems/makanek/configuration.nix
@@ -13,7 +13,7 @@ in {
    ./menstruation.nix
    ./moinbot.nix
    ./monitoring
-    # ./names.nix
+    ./names.nix
    ./nextcloud.nix
    ../../configs/mycelium.nix
    ./radio-news.nix
@@ -48,7 +48,7 @@ in {
      config.services.grafana.dataDir
      config.services.gitea.stateDir
      config.services.weechat.root
-      config.services.nginx.virtualHosts."www.kmein.de".locations."/".root
+      config.services.nginx.virtualHosts."www.kmein.de".root
      "/var/lib/weechat"
      "/var/lib/codimd"
    ];
@@ -121,22 +121,7 @@ in {
  services.nginx.virtualHosts."www.kmein.de" = {
    addSSL = true;
    enableACME = true;
-    locations."/" = {
-      root = "/var/www/kmein.de";
-      extraConfig = ''
-          add_header 'Access-Control-Allow-Origin' '*';
-          add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-          add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
-
-          # Handle preflight requests
-          if ($request_method = 'OPTIONS') {
-              add_header 'Access-Control-Allow-Origin' '*';
-              add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-              add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
-              return 204; # No Content
-          }
-      '';
-    };
+    root = "/var/www/kmein.de";
  };

  environment.systemPackages = [
--- a/systems/makanek/monitoring/default.nix
+++ b/systems/makanek/monitoring/default.nix
@@ -3,13 +3,11 @@
  config,
  pkgs,
  ...
-}:
-let
+}: let
  lokiConfig = import ./loki.nix;
  blackboxConfig = import ./blackbox.nix;
  inherit (import ../../../lib) restic;
-in
-{
+in {
  services.grafana = {
    enable = true;
    settings = {
@@ -82,150 +80,143 @@ in
    }
  ];

-  services.prometheus.rules =
-    let
-      diskFreeThreshold = 10;
-    in
-    [
-      (builtins.toJSON {
-        groups = [
-          {
-            name = "niveum";
-            rules = [
-              {
-                alert = "HostSystemdServiceCrashed";
-                expr = ''(node_systemd_unit_state{state="failed"} == 1) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}'';
-                annotations = {
-                  description = "{{$labels.name}} failed on {{$labels.instance}}";
-                };
-              }
-              {
-                alert = "RootPartitionFull";
-                for = "10m";
-                expr = ''(node_filesystem_free_bytes{mountpoint="/"} * 100) / node_filesystem_size_bytes{mountpoint="/"} < ${toString diskFreeThreshold}'';
-                annotations = {
-                  description = ''{{ $labels.instance }} running out of space: {{ $value | printf "%.2f" }}% < ${toString diskFreeThreshold}%'';
-                };
-              }
-              {
-                alert = "RootPartitionFullWeek";
-                for = "1h";
-                expr =
-                  ''node_filesystem_free_bytes{mountpoint="/"} ''
-                  + ''and predict_linear(node_filesystem_free_bytes{mountpoint="/"}[2d], 7*24*3600) <= 0'';
-                annotations = {
-                  description = "{{$labels.instance}} running out of space in 7 days";
-                };
-              }
-              {
-                alert = "HighLoad";
-                expr = ''node_load15 / on(job) count(node_cpu_seconds_total{mode="system"}) by (job) >= 1.0'';
-                for = "10m";
-                annotations = {
-                  description = "{{$labels.instance}} running on high load: {{$value}}";
-                };
-              }
-              {
-                alert = "HostUnusualNetworkThroughputIn";
-                expr = ''(rate(node_network_receive_bytes_total[2m])) / 1024 / 1024 > 100'';
-                for = "5m";
-                annotations.description = "Host unusual network throughput in (instance {{ $labels.instance }})";
-              }
-              {
-                alert = "HostUnusualNetworkThroughputOut";
-                expr = ''(rate(node_network_transmit_bytes_total[2m])) / 1024 / 1024 > 100'';
-                for = "5m";
-                annotations.description = "Host unusual network throughput out (instance {{ $labels.instance }})";
-              }
-              {
-                alert = "HostUnusualDiskReadRate";
-                expr = ''(rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50'';
-                for = "5m";
-                annotations.description = "Host unusual disk read rate (instance {{ $labels.instance }})";
-              }
-              {
-                alert = "HostUnusualDiskWriteRate";
-                expr = ''(rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50'';
-                for = "2m";
-                annotations.description = "Host unusual disk write rate (instance {{ $labels.instance }})";
-              }
-              {
-                alert = "HostOutOfInodes";
-                expr = ''node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'';
-                for = "2m";
-                annotations.description = "Host out of inodes (instance {{ $labels.instance }})";
-              }
-              {
-                alert = "HostInodesWillFillIn24Hours";
-                expr = ''node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and predict_linear(node_filesystem_files_free{fstype!="msdosfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly{fstype!="msdosfs"} == 0'';
-                for = "2m";
-                annotations.description = "Host inodes will fill in 24 hours (instance {{ $labels.instance }})";
-              }
-              {
-                alert = "HighRAM";
-                expr = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.1";
-                for = "1h";
-                annotations.description = "{{$labels.instance}} using lots of RAM";
-              }
-              {
-                alert = "UptimeMonster";
-                expr = "time() - node_boot_time_seconds > 2592000";
-                annotations.description = "uptime monster {{$labels.instance}} up for more than 30 days";
-              }
-              {
-                alert = "HostDown";
-                expr = ''up == 0'';
-                for = "5m";
-                annotations = {
-                  description = "{{ $labels.instance }} seeming down since 5 minutes";
-                };
-              }
-              {
-                alert = "Reboot";
-                expr = "time() - node_boot_time_seconds < 300";
-                annotations.description = "{{$labels.instance}} rebooted";
-              }
-              {
-                alert = "Mastodon";
-                expr = ''probe_success{instance="https://social.krebsco.de"} == 0'';
-                for = "5m";
-                annotations.description = "Mastodon instance {{$labels.instance}} is down";
-              }
-              {
-                alert = "ProbeFailed";
-                expr = "probe_success == 0";
-                for = "5m";
-                annotations.description = "HTTP probe failed for {{$labels.instance}}";
-              }
-              {
-                alert = "SlowProbe";
-                expr = "avg_over_time(probe_http_duration_seconds[1m]) > 1";
-                for = "5m";
-                annotations.description = "HTTP probe slow for {{$labels.instance}}";
-              }
-              {
-                alert = "HttpStatusCode";
-                expr = "probe_http_status_code != 0 AND (probe_http_status_code <= 199 OR probe_http_status_code >= 400)";
-                for = "5m";
-                annotations.description = "status code {{$value}} for {{$labels.instance}}";
-              }
-              {
-                alert = "SslExpirySoon";
-                expr = "probe_ssl_earliest_cert_expiry - time() < 86400 * 30";
-                for = "5m";
-                annotations.description = "SSL certificate for {{$labels.instance}} expires in 30 days";
-              }
-              {
-                alert = "SslExpiry";
-                expr = "probe_ssl_earliest_cert_expiry - time()  <= 0";
-                for = "5m";
-                annotations.description = "SSL certificate for {{$labels.instance}} has expired";
-              }
-            ];
-          }
-        ];
-      })
-    ];
+  services.prometheus.rules = let
+    diskFreeThreshold = 10;
+  in [
+    (builtins.toJSON {
+      groups = [
+        {
+          name = "niveum";
+          rules = [
+            {
+              alert = "HostSystemdServiceCrashed";
+              expr = ''(node_systemd_unit_state{state="failed"} == 1) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}'';
+              annotations = {
+                description = "{{$labels.name}} failed on {{$labels.instance}}";
+              };
+            }
+            {
+              alert = "RootPartitionFull";
+              for = "10m";
+              expr = ''(node_filesystem_free_bytes{mountpoint="/"} * 100) / node_filesystem_size_bytes{mountpoint="/"} < ${toString diskFreeThreshold}'';
+              annotations = {
+                description = ''{{ $labels.instance }} running out of space: {{ $value | printf "%.2f" }}% < ${toString diskFreeThreshold}%'';
+              };
+            }
+            {
+              alert = "RootPartitionFullWeek";
+              for = "1h";
+              expr =
+                ''node_filesystem_free_bytes{mountpoint="/"} ''
+                + ''and predict_linear(node_filesystem_free_bytes{mountpoint="/"}[2d], 7*24*3600) <= 0'';
+              annotations = {
+                description = "{{$labels.instance}} running out of space in 7 days";
+              };
+            }
+            {
+              alert = "HighLoad";
+              expr = ''node_load15 / on(job) count(node_cpu_seconds_total{mode="system"}) by (job) >= 1.0'';
+              for = "10m";
+              annotations = {
+                description = "{{$labels.instance}} running on high load: {{$value}}";
+              };
+            }
+            {
+              alert = "HostUnusualNetworkThroughputIn";
+              expr = ''(rate(node_network_receive_bytes_total[2m])) / 1024 / 1024 > 100'';
+              for = "5m";
+              annotations.description = "Host unusual network throughput in (instance {{ $labels.instance }})";
+            }
+            {
+              alert = "HostUnusualNetworkThroughputOut";
+              expr = ''(rate(node_network_transmit_bytes_total[2m])) / 1024 / 1024 > 100'';
+              for = "5m";
+              annotations.description = "Host unusual network throughput out (instance {{ $labels.instance }})";
+            }
+            {
+              alert = "HostUnusualDiskReadRate";
+              expr = ''(rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50'';
+              for = "5m";
+              annotations.description = "Host unusual disk read rate (instance {{ $labels.instance }})";
+            }
+            {
+              alert = "HostUnusualDiskWriteRate";
+              expr = ''(rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50'';
+              for = "2m";
+              annotations.description = "Host unusual disk write rate (instance {{ $labels.instance }})";
+            }
+            {
+              alert = "HostOutOfInodes";
+              expr = ''node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'';
+              for = "2m";
+              annotations.description = "Host out of inodes (instance {{ $labels.instance }})";
+            }
+            {
+              alert = "HostInodesWillFillIn24Hours";
+              expr = ''node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and predict_linear(node_filesystem_files_free{fstype!="msdosfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly{fstype!="msdosfs"} == 0'';
+              for = "2m";
+              annotations.description = "Host inodes will fill in 24 hours (instance {{ $labels.instance }})";
+            }
+            {
+              alert = "HighRAM";
+              expr = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.1";
+              for = "1h";
+              annotations.description = "{{$labels.instance}} using lots of RAM";
+            }
+            {
+              alert = "UptimeMonster";
+              expr = "time() - node_boot_time_seconds > 2592000";
+              annotations.description = "uptime monster {{$labels.instance}} up for more than 30 days";
+            }
+            {
+              alert = "HostDown";
+              expr = ''up == 0'';
+              for = "5m";
+              annotations = {
+                description = "{{ $labels.instance }} seeming down since 5 minutes";
+              };
+            }
+            {
+              alert = "Reboot";
+              expr = "time() - node_boot_time_seconds < 300";
+              annotations.description = "{{$labels.instance}} rebooted";
+            }
+            {
+              alert = "ProbeFailed";
+              expr = "probe_success == 0";
+              for = "5m";
+              annotations.description = "HTTP probe failed for {{$labels.instance}}";
+            }
+            {
+              alert = "SlowProbe";
+              expr = "avg_over_time(probe_http_duration_seconds[1m]) > 1";
+              for = "5m";
+              annotations.description = "HTTP probe slow for {{$labels.instance}}";
+            }
+            {
+              alert = "HttpStatusCode";
+              expr = "probe_http_status_code != 0 AND (probe_http_status_code <= 199 OR probe_http_status_code >= 400)";
+              for = "5m";
+              annotations.description = "status code {{$value}} for {{$labels.instance}}";
+            }
+            {
+              alert = "SslExpirySoon";
+              expr = "probe_ssl_earliest_cert_expiry - time() < 86400 * 30";
+              for = "5m";
+              annotations.description = "SSL certificate for {{$labels.instance}} expires in 30 days";
+            }
+            {
+              alert = "SslExpiry";
+              expr = "probe_ssl_earliest_cert_expiry - time()  <= 0";
+              for = "5m";
+              annotations.description = "SSL certificate for {{$labels.instance}} has expired";
+            }
+          ];
+        }
+      ];
+    })
+  ];
+

  # ref https://github.com/Mic92/dotfiles/blob/f44bac5dd6970ed3fbb4feb906917331ec3c2be5/machines/eva/modules/prometheus/default.nix
  systemd.services.matrix-hook = {
@@ -255,33 +246,6 @@ in
    };
  };

-  systemd.services.matrix-hook-lassulus = {
-    description = "Matrix Hook";
-    after = [ "network.target" ];
-    wantedBy = [ "multi-user.target" ];
-    environment = {
-      HTTP_ADDRESS = "[::1]";
-      HTTP_PORT = "9089";
-      MX_HOMESERVER = "https://matrix.4d2.org";
-      MX_ID = "@lakai:4d2.org";
-      MX_ROOMID = "!MJAGqBAOKZGMywzwkI:lassul.us";
-      MX_MSG_TEMPLATE = "${pkgs.matrix-hook}/message.html.tmpl";
-    };
-    serviceConfig = {
-      EnvironmentFile = [
-        # format: MX_TOKEN=<token>
-        config.age.secrets.matrix-token-lakai-env.path
-      ];
-      Type = "simple";
-      ExecStart = "${pkgs.matrix-hook}/bin/matrix-hook";
-      Restart = "always";
-      RestartSec = "10";
-      DynamicUser = true;
-      User = "matrix-hook";
-      Group = "matrix-hook";
-    };
-  };
-
  age.secrets = {
    matrix-token-lakai-env.file = ../../../secrets/matrix-token-lakai-env.age;
  };
@@ -296,23 +260,8 @@ in
        group_wait = "30s";
        repeat_interval = "24h";
        receiver = "matrix";
-        routes = [
-          {
-            receiver = "lassulus";
-            matchers = [ "alertname = \"Mastodon\"" ];
-          }
-        ];
      };
      receivers = [
-        {
-          name = "lassulus";
-          webhook_configs = [
-            {
-              url = "http://localhost:9089/alert";
-              max_alerts = 5;
-            }
-          ];
-        }
        {
          name = "matrix";
          webhook_configs = [
@@ -357,21 +306,13 @@ in
    {
      scheme = "http";
      path_prefix = "/";
-      static_configs = [
-        { targets = [ "localhost:${toString config.services.prometheus.alertmanager.port}" ]; }
-      ];
+      static_configs = [{targets = ["localhost:${toString config.services.prometheus.alertmanager.port}"];}];
    }
  ];

  # otherwise bearer_token_file will fail
  services.prometheus.checkConfig = "syntax-only";

-  services.prometheus.extraFlags = [
-    "--storage.tsdb.retention.time=7d"
-    "--storage.tsdb.retention.size=2GB"
-    "--storage.tsdb.wal-compression"
-  ];
-
  services.prometheus.scrapeConfigs = [
    {
      job_name = "makanek";
@@ -387,14 +328,14 @@ in
      scrape_interval = "5m";
      job_name = "blackbox";
      metrics_path = "/probe";
-      params.module = [ "http_2xx" ];
+      params.module = ["http_2xx"];
      relabel_configs = [
        {
-          source_labels = [ "__address__" ];
+          source_labels = ["__address__"];
          target_label = "__param_target";
        }
        {
-          source_labels = [ "__param_target" ];
+          source_labels = ["__param_target"];
          target_label = "instance";
        }
        {
@@ -452,7 +393,7 @@ in
      scrape_interval = "60s";
      metrics_path = "/api/prometheus";
      scheme = "http";
-      static_configs = [ { targets = [ "zaatar.r:8123" ]; } ];
+      static_configs = [{targets = ["zaatar.r:8123"];}];
      bearer_token_file = config.age.secrets.home-assistant-token.path;
    }
    {
@@ -469,7 +410,7 @@ in

  services.prometheus.exporters.blackbox = {
    enable = true;
-    configFile = (pkgs.formats.yaml { }).generate "blackbox.yaml" blackboxConfig;
+    configFile = (pkgs.formats.yaml {}).generate "blackbox.yaml" blackboxConfig;
  };

  networking.firewall.allowedTCPPorts = [
@@ -478,6 +419,6 @@ in

  services.loki = {
    enable = true;
-    configFile = (pkgs.formats.yaml { }).generate "loki.yaml" lokiConfig;
+    configFile = (pkgs.formats.yaml {}).generate "loki.yaml" lokiConfig;
  };
 }
--- a/systems/makanek/weechat.nix
+++ b/systems/makanek/weechat.nix
@@ -1,11 +1,15 @@
 {
  lib,
  pkgs,
+  config,
+  unstablePackages,
  ...
 }: let
  inherit (import ../../lib) kieran;
  weechatHome = "/var/lib/weechat";
-  weechat-declarative = pkgs.callPackage ../../packages/weechat-declarative.nix {};
+  weechat-declarative = pkgs.callPackage ../../packages/weechat-declarative.nix {
+    inherit unstablePackages;
+  };
 in {
  systemd.services.weechat = let
    tmux = pkgs.writers.writeDash "tmux" ''
--- a/systems/manakish/configuration.nix
+++ b/systems/manakish/configuration.nix
@@ -36,6 +36,8 @@ in {
    wireguard-aether-psk.file = ../../secrets/manakish-wireguard-aether-psk.age;
  };

+  networking.wg-quick.interfaces.aether.address = ["192.168.178.204/24"];
+
  niveum = {
    batteryName = "BAT0";
    wirelessInterface = "wlp3s0";
--- a/systems/moto/configuration.nix
+++ b/systems/moto/configuration.nix
@@ -0,0 +1,71 @@
+{
+  pkgs,
+  niveumPackages,
+  inputs,
+  ...
+}: let
+  sshPort = 8022;
+in {
+  environment.packages = with pkgs; [
+    nil
+    bzip2
+    coreutils
+    curl
+    diffutils
+    findutils
+    git
+    gnugrep
+    gnupg
+    gnused
+    gnutar
+    gzip
+    hostname
+    iproute2
+    man
+    openssh
+    procps
+    tzdata
+    unzip
+    utillinux
+    vim
+    which
+    xz
+    zip
+    hledger
+    hledger-ui
+    niveumPackages.vim
+    gitAndTools.gh
+    ripgrep
+    (pkgs.writers.writeDashBin "start-ssh" ''
+      ${pkgs.openssh}/bin/sshd -f ${pkgs.writeText "sshd_config" ''
+        HostKey /data/data/com.termux.nix/files/home/.ssh/ssh_host_rsa_key
+        Port ${toString sshPort}
+      ''}
+    '')
+  ];
+
+  nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"];
+
+  home-manager = {
+    useGlobalPkgs = true;
+    backupFileExtension = "hm-bak";
+    config = {pkgs, ...}: {
+      home.stateVersion = "23.05";
+      programs.tmux.enable = true;
+    };
+  };
+
+  environment.sessionVariables = {
+    LEDGER_FILE = "/data/data/com.termux.nix/files/home/src/ledger/privat.journal";
+  };
+
+  user.shell = "${pkgs.fish}/bin/fish";
+
+  environment.etcBackupExtension = ".bak";
+
+  system.stateVersion = "23.05";
+
+  nix.extraOptions = ''
+    experimental-features = nix-command flakes
+  '';
+}
--- a/systems/zaatar/configuration.nix
+++ b/systems/zaatar/configuration.nix
@@ -28,9 +28,6 @@ in {
  services.pipewire.systemWide = true;

  age.secrets = {
-    wifi = {
-      file = ../../secrets/wifi.age;
-    };
    retiolum-rsa = {
      file = ../../secrets/zaatar-retiolum-privateKey-rsa.age;
      mode = "400";
Author	SHA1	Message	Date
Kierán Meinhardt	b274a59a50	niri: add shortcut to float windows	2025-08-26 08:29:09 +02:00
Kierán Meinhardt	b4de03bb3c	replace more instances of rofi by wofi	2025-08-26 08:28:56 +02:00
Kierán Meinhardt	b0062abbfe	passmenu: fix	2025-08-26 07:50:31 +02:00
Kierán Meinhardt	0e9a046c5f	obsidian-vim: add fugitive	2025-08-26 07:50:24 +02:00
Kierán Meinhardt	72ab319e65	niri: set window rules	2025-08-26 07:50:06 +02:00
Kierán Meinhardt	f08e43067b	configure niri	2025-08-26 07:19:54 +02:00
Kierán Meinhardt	d0ac0af7c3	use wl-clipboard	2025-08-26 07:19:17 +02:00
Kierán Meinhardt	5febabb7fa	use wofi	2025-07-11 11:37:23 +02:00
Kierán Meinhardt	44d29f90e9	working niri config	2025-07-10 06:51:51 +02:00
Kierán Meinhardt	1aaf0fe5ae	configure wayland for kabsa	2025-07-09 09:23:41 +02:00