niveum-ssh: install

.bin/mp3player-write

@@ -0,0 +1,114 @@
+#!/usr/bin/env bash
+
+# Usage:
+# ./mp3_transfer.sh -s 1.3 /mnt/mp3player file1.m4a file2.m4a ...
+
+set -e
+
+# Default speed
+SPEED=1.0
+
+# Parse options
+while getopts ":s:" opt; do
+  case $opt in
+    s)
+      SPEED=$OPTARG
+      ;;
+    \?)
+      echo "Invalid option: -$OPTARG" >&2
+      exit 1
+      ;;
+    :)
+      echo "Option -$OPTARG requires a value." >&2
+      exit 1
+      ;;
+  esac
+done
+
+# Shift past the options
+shift $((OPTIND -1))
+
+# Check arguments
+if [ "$#" -lt 2 ]; then
+  echo "Usage: $0 [-s speed] MOUNT_POINT FILE1 [FILE2 ...]"
+  exit 1
+fi
+
+MOUNT_POINT=$1
+shift
+FILES=("$@")
+
+# Check mount point exists
+if [ ! -d "$MOUNT_POINT" ]; then
+  echo "Error: Mount point '$MOUNT_POINT' does not exist."
+  exit 1
+fi
+
+# Estimate required space
+TOTAL_SIZE=0
+for f in "${FILES[@]}"; do
+  if [ ! -f "$f" ]; then
+    echo "Warning: File '$f' does not exist, skipping."
+    continue
+  fi
+  # Get file size in bytes
+  FILE_SIZE=$(stat --printf="%s" "$f")
+  # Estimate mp3 output size: roughly 1/2 of original m4a (adjust if needed)
+  TOTAL_SIZE=$((TOTAL_SIZE + FILE_SIZE / 2))
+done
+
+# Get available space in bytes
+AVAILABLE=$(df --output=avail "$MOUNT_POINT" | tail -n 1)
+AVAILABLE=$((AVAILABLE * 1024))  # df reports in KB
+
+if [ "$TOTAL_SIZE" -gt "$AVAILABLE" ]; then
+  echo "Error: Not enough space on device. Required: $TOTAL_SIZE bytes, Available: $AVAILABLE bytes"
+  exit 1
+fi
+
+echo "Enough space available. Starting conversion..."
+
+sanitize_filename() {
+  local name="$1"
+  # Remove path, keep only base name
+  name=$(basename "$name" .m4a)
+  # Replace spaces and special chars with underscore
+  name=$(echo "$name" | tr ' ' '_' | tr -cd '[:alnum:]_-')
+  # Truncate to max 50 chars
+  echo "${name:0:50}"
+}
+
+# Convert and copy files
+for f in "${FILES[@]}"; do
+  if [ ! -f "$f" ]; then
+    continue
+  fi
+
+  # Determine the next prefix
+  existing_prefixes=$(ls "$MOUNT_POINT" | grep -E '^[0-9].*\.mp3$' | sed -E 's/^([0-9]).*/\1/' | sort -n | uniq)
+  for i in {0..9}; do
+    if ! echo "$existing_prefixes" | grep -q "^$i$"; then
+      PREFIX=$i
+      break
+    fi
+  done
+
+  echo "Using prefix: $PREFIX"
+
+  BASENAME=$(sanitize_filename "$f")
+  OUT_PATTERN="$MOUNT_POINT/${PREFIX}%02d_${BASENAME}.mp3"
+
+  echo "Converting '$f' to '$OUT_PATTERN' at speed $SPEED..."
+
+  ffmpeg -i "$f" \
+    -filter:a "atempo=$SPEED" -ar 44100 -ac 2 -c:a libmp3lame -b:a 128k \
+    -f segment -segment_time 300 \
+    "$OUT_PATTERN"
+
+  # Update prefix for next file
+  # Count how many segments were created
+  SEG_COUNT=$(ls "$MOUNT_POINT" | grep -E "^${PREFIX}[0-9]{2}_" | wc -l)
+  PREFIX=$((PREFIX + SEG_COUNT))
+done
+
+echo "All files processed successfully."

.bin/toposort.nix

@@ -1,50 +1,81 @@
 let
   lib = import <nixpkgs/lib>;
-in rec {
+in
+rec {
   inherit lib;
 
   input = [
     {
-      x = ["pool" "zfs"];
-      y = ["mdadm" "raid1"];
+      x = [
+        "pool"
+        "zfs"
+      ];
+      y = [
+        "mdadm"
+        "raid1"
+      ];
     }
     {
-      x = ["pool" "zfs"];
-      y = ["disk" "sda"];
+      x = [
+        "pool"
+        "zfs"
+      ];
+      y = [
+        "disk"
+        "sda"
+      ];
     }
     {
-      x = ["mdadm" "raid1"];
-      y = ["disk" "sdb"];
+      x = [
+        "mdadm"
+        "raid1"
+      ];
+      y = [
+        "disk"
+        "sdb"
+      ];
     }
     {
-      x = ["mdadm" "raid1"];
-      y = ["disk" "sdc"];
+      x = [
+        "mdadm"
+        "raid1"
+      ];
+      y = [
+        "disk"
+        "sdc"
+      ];
     }
   ];
 
-  outNodes = node: graph:
-    lib.unique
-    (builtins.map (e: e.y)
-      (builtins.filter (v: v.x == node) graph));
+  outNodes = node: graph: lib.unique (builtins.map (e: e.y) (builtins.filter (v: v.x == node) graph));
 
-  vertices = graph:
-    lib.unique
-    (builtins.map (x: x.y) graph ++ builtins.map (x: x.x) graph);
+  vertices = graph: lib.unique (builtins.map (x: x.y) graph ++ builtins.map (x: x.x) graph);
 
   deleteVertex = node: graph: (builtins.filter (v: v.x != node && v.y != node) graph);
 
-  findSink = graph:
-    lib.findFirst
-    (v: outNodes v graph == [])
-    (lib.trace graph (builtins.abort "No sink found"))
-    (vertices graph);
+  findSink =
+    graph:
+    lib.findFirst (v: outNodes v graph == [ ]) (lib.trace graph (builtins.abort "No sink found")) (
+      vertices graph
+    );
 
-  topSort = graph:
-    if graph == []
-    then []
-    else if builtins.length graph == 1
-    then let only = builtins.head graph; in [only.y only.x]
-    else let sink = findSink graph; in [sink] ++ topSort (deleteVertex sink graph);
+  topSort =
+    graph:
+    if graph == [ ] then
+      [ ]
+    else if builtins.length graph == 1 then
+      let
+        only = builtins.head graph;
+      in
+      [
+        only.y
+        only.x
+      ]
+    else
+      let
+        sink = findSink graph;
+      in
+      [ sink ] ++ topSort (deleteVertex sink graph);
 
   output = topSort input;
 }

.github/workflows/flake.yml

@@ -2,7 +2,7 @@ name: Update flake.lock
 on:
   workflow_dispatch: # allows manual triggering
   schedule:
-    - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00
+    - cron: "0 0 * * 0" # runs weekly on Sunday at 00:00
 
 jobs:
   lockfile:

.github/workflows/niveum.yml

@@ -7,33 +7,33 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        system: [makanek,manakish,kabsa,zaatar,ful,fatteh]
+        system: [makanek, manakish, kabsa, zaatar, ful, fatteh]
     steps:
-    - uses: actions/checkout@v3
-    - name: Install QEMU (ARM)
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y qemu-user-static
-      if: ${{ matrix.system == 'ful' }}
-    - name: Install Nix (ARM)
-      uses: cachix/install-nix-action@v16
-      if: ${{ matrix.system == 'ful' }}
-      with:
-        extra_nix_config: |
-          system = aarch64-linux
-    - name: Install Nix (x86_64)
-      uses: cachix/install-nix-action@v16
-      if: ${{ matrix.system != 'ful' }}
-    - name: nixos-rebuild dry-build
-      run: |
-        # remove secrets: ref https://stackoverflow.com/questions/1260748/how-do-i-remove-a-submodule/36593218
-        git submodule deinit -f secrets
-        rm -rf .git/modules/secrets
-        git rm -f secrets
+      - uses: actions/checkout@v3
+      - name: Install QEMU (ARM)
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y qemu-user-static
+        if: ${{ matrix.system == 'ful' }}
+      - name: Install Nix (ARM)
+        uses: cachix/install-nix-action@v16
+        if: ${{ matrix.system == 'ful' }}
+        with:
+          extra_nix_config: |
+            system = aarch64-linux
+      - name: Install Nix (x86_64)
+        uses: cachix/install-nix-action@v16
+        if: ${{ matrix.system != 'ful' }}
+      - name: nixos-rebuild dry-build
+        run: |
+          # remove secrets: ref https://stackoverflow.com/questions/1260748/how-do-i-remove-a-submodule/36593218
+          git submodule deinit -f secrets
+          rm -rf .git/modules/secrets
+          git rm -f secrets
 
-        # recreate secrets
-        mkdir secrets
-        cat secrets.txt | while read -r path; do touch $path; done
-        git add secrets
+          # recreate secrets
+          mkdir secrets
+          cat secrets.txt | while read -r path; do touch $path; done
+          git add secrets
 
-        nix run nixpkgs#nixos-rebuild -- dry-build  --flake $GITHUB_WORKSPACE#${{matrix.system}}
+          nix run nixpkgs#nixos-rebuild -- dry-build  --flake $GITHUB_WORKSPACE#${{matrix.system}}

README.md

@@ -5,10 +5,14 @@
 > [nĭvĕus](https://logeion.uchicago.edu/niveus), a, um, adj. [nix], _of_ or _from snow, snowy, snow-_ (poet.)
 >
 > 1. Lit.: aggeribus niveis informis, Verg. G. 3, 354: aqua, _cooled with snow_, Mart. 12, 17, 6; cf. id. 14, 104 and 117: mons, _covered with snow_, Cat. 64, 240.—
->
 > 2. Transf., _snow-white, snowy_ (mostly poet.): a similitudine sic: Corpore niveum candorem, aspectu igneum ardorem assequebatur, Auct. Her. 4, 33, 44: lacerti, Verg. A. 8, 387: lac, id. E. 2, 20: hanc si capite niveae agnae exorari judicas, Sen. Q. N. 2, 36: Briseis niveo colore, Hor. C. 2, 4, 3: vestis, Ov. M. 10, 432: candidior nivei folio, Galatea, ligustri, id. ib. 13, 789: dens, id. H. 18, 18: quā notam duxit niveus videri, Hor. C. 4, 2, 59: panis, Juv. 5, 70: flumen, _clear, pellucid_, Sen. Hippol. 504: undae, Mart. 7, 32, 11: tribuni, _clothed in white togas_, Calp. Ecl. 7, 29; so, Quirites, Juv. 10, 45.
 
 ## Pressestimmen
+
 > das ist ja pure poesie —[riotbib](https://github.com/riotbib/)
 
 > Deine Configs sind wunderschön <3 —[flxai](https://github.com/flxai/)
+
+## To do
+
+🦗

configs/admin-essentials.nix

@@ -1,91 +1,98 @@
 {
   pkgs,
-  niveumPackages,
   lib,
   ...
-}: let
+}:
+let
   darwin = lib.strings.hasSuffix "-darwin" pkgs.stdenv.hostPlatform.system;
-in {
-  environment.systemPackages =
-    [
-      pkgs.htop
-      pkgs.w3m
-      pkgs.wget
-      # ARCHIVE TOOLS
-      pkgs.unzip
-      pkgs.unrar
-      pkgs.p7zip
-      pkgs.sshuttle
-      pkgs.zip
-      # MONITORS
-      pkgs.iftop # interface bandwidth monitor
-      pkgs.lsof # list open files
-      # SHELL
-      pkgs.sqlite
-      pkgs.fd # better find
-      pkgs.tree
-      pkgs.parallel # for parallel, since moreutils shadows task spooler
-      pkgs.ripgrep # better grep
-      pkgs.rlwrap
-      pkgs.progress # display progress bars for pipes
-      pkgs.file # determine file type
-      pkgs.gdu # ncurses disk usage (ncdu is broken)
-      pkgs.rmlint # remove duplicate files
-      pkgs.jq # json toolkit
-      pkgs.jless # less(1) for json
-      pkgs.fq # toolkit for yaml, xml and binaries
-      pkgs.bc # calculator
-      pkgs.pari # gp -- better calculator
-      pkgs.ts
-      niveumPackages.vimv
-      niveumPackages.vg
-      niveumPackages.fkill
-      niveumPackages.cyberlocker-tools
-      niveumPackages.untilport
-      niveumPackages.kpaste
-      # HARDWARE
-      pkgs.pciutils # for lspci
-    ]
-    ++ lib.optionals (!darwin) [
-      pkgs.usbutils # for lsusb
-      pkgs.lshw # for lshw
-      pkgs.iotop # I/O load monitor
-      pkgs.psmisc # for killall, pstree
-    ];
+in
+{
+  environment.systemPackages = [
+    pkgs.htop
+    pkgs.w3m
+    pkgs.wget
+    # ARCHIVE TOOLS
+    pkgs.unzip
+    pkgs.unrar
+    pkgs.p7zip
+    pkgs.sshuttle
+    pkgs.zip
+    # MONITORS
+    pkgs.iftop # interface bandwidth monitor
+    pkgs.lsof # list open files
+    # SHELL
+    pkgs.sqlite
+    pkgs.fd # better find
+    pkgs.tree
+    pkgs.parallel # for parallel, since moreutils shadows task spooler
+    pkgs.ripgrep # better grep
+    pkgs.rlwrap
+    pkgs.progress # display progress bars for pipes
+    pkgs.file # determine file type
+    pkgs.gdu # ncurses disk usage (ncdu is broken)
+    pkgs.rmlint # remove duplicate files
+    pkgs.jq # json toolkit
+    pkgs.jless # less(1) for json
+    pkgs.fq # toolkit for yaml, xml and binaries
+    pkgs.bc # calculator
+    pkgs.pari # gp -- better calculator
+    pkgs.ts
+    pkgs.vimv
+    pkgs.vg
+    pkgs.fkill
+    pkgs.cyberlocker-tools
+    pkgs.untilport
+    pkgs.kpaste
+    # HARDWARE
+    pkgs.pciutils # for lspci
+  ]
+  ++ lib.optionals (!darwin) [
+    pkgs.usbutils # for lsusb
+    pkgs.lshw # for lshw
+    pkgs.iotop # I/O load monitor
+    pkgs.psmisc # for killall, pstree
+  ];
 
-
-    security.wrappers = {
-      pmount = {
-        setuid = true;
-        owner = "root";
-        group = "root";
-        source = "${pkgs.pmount}/bin/pmount";
-      };
-      pumount = {
-        setuid = true;
-        owner = "root";
-        group = "root";
-        source = "${pkgs.pmount}/bin/pumount";
-      };
+  security.wrappers = {
+    pmount = {
+      setuid = true;
+      owner = "root";
+      group = "root";
+      source = "${pkgs.pmount}/bin/pmount";
     };
+    pumount = {
+      setuid = true;
+      owner = "root";
+      group = "root";
+      source = "${pkgs.pmount}/bin/pumount";
+    };
+  };
 
-  environment.shellAliases = let
-    take = pkgs.writers.writeDash "take" ''
-      mkdir "$1" && cd "$1"
-    '';
-    cdt = pkgs.writers.writeDash "cdt" ''
-      cd "$(mktemp -d)"
-      pwd
-    '';
-    wcd = pkgs.writers.writeDash "wcd" ''
-      cd "$(readlink "$(${pkgs.which}/bin/which --skip-alias "$1")" | xargs dirname)/.."
-    '';
-    where = pkgs.writers.writeDash "where" ''
-      readlink "$(${pkgs.which}/bin/which --skip-alias "$1")" | xargs dirname
-    '';
-  in
+  environment.interactiveShellInit = ''
+    # Use XDG_RUNTIME_DIR for temporary files if available
+    if [ -d "$XDG_RUNTIME_DIR" ]; then
+      export TMPDIR="$XDG_RUNTIME_DIR"
+    fi
+  '';
+
+  environment.shellAliases =
+    let
+      take = pkgs.writers.writeDash "take" ''
+        mkdir "$1" && cd "$1"
+      '';
+      cdt = pkgs.writers.writeDash "cdt" ''
+        cd $(mktemp -p "$XDG_RUNTIME_DIR" -d "cdt-XXXXXX")
+        pwd
+      '';
+      wcd = pkgs.writers.writeDash "wcd" ''
+        cd "$(readlink "$(${pkgs.which}/bin/which --skip-alias "$1")" | xargs dirname)/.."
+      '';
+      where = pkgs.writers.writeDash "where" ''
+        readlink "$(${pkgs.which}/bin/which --skip-alias "$1")" | xargs dirname
+      '';
+    in
     {
-      nixi = "nix repl '<nixpkgs>'";
+      nixi = "nix repl nixpkgs";
       take = "source ${take}";
       wcd = "source ${wcd}";
       where = "source ${where}";
@@ -104,16 +111,17 @@ in {
       la = "${pkgs.coreutils}/bin/ls --color=auto --time-style=long-iso --almost-all -l";
     }
     // (
-      if darwin
-      then {}
-      else {
-        "ß" = "${pkgs.util-linux}/bin/setsid";
-        ip = "${pkgs.iproute2}/bin/ip -c";
-        # systemd
-        s = "${pkgs.systemd}/bin/systemctl";
-        us = "${pkgs.systemd}/bin/systemctl --user";
-        j = "${pkgs.systemd}/bin/journalctl";
-        uj = "${pkgs.systemd}/bin/journalctl --user";
-      }
+      if darwin then
+        { }
+      else
+        {
+          "ß" = "${pkgs.util-linux}/bin/setsid";
+          ip = "${pkgs.iproute2}/bin/ip -c";
+          # systemd
+          s = "${pkgs.systemd}/bin/systemctl";
+          us = "${pkgs.systemd}/bin/systemctl --user";
+          j = "${pkgs.systemd}/bin/journalctl";
+          uj = "${pkgs.systemd}/bin/journalctl --user";
+        }
     );
 }

configs/aerc.nix

@@ -2,11 +2,9 @@
   pkgs,
   config,
   lib,
-  niveumPackages,
   ...
-}: let
-  inherit (import ../lib/email.nix) defaults thunderbirdProfile;
-in {
+}:
+{
   age.secrets = {
     email-password-ical-ephemeris = {
       file = ../secrets/email-password-ical-ephemeris.age;
@@ -43,14 +41,15 @@ in {
       extraConfig = {
         database.path = config.home-manager.users.me.accounts.email.maildirBasePath;
         new.tags = "";
-        user.name = defaults.realName;
+        user.name = pkgs.lib.niveum.email.defaults.realName;
         user.primary_email = config.home-manager.users.me.accounts.email.accounts.posteo.address;
       };
     };
 
     programs.mbsync = {
       enable = true;
-      extraConfig = lib.concatStringsSep "\n\n" (lib.mapAttrsToList (name: account: ''
+      extraConfig = lib.concatStringsSep "\n\n" (
+        lib.mapAttrsToList (name: account: ''
           IMAPAccount ${name}
           CertificateFile /etc/ssl/certs/ca-certificates.crt
           Host ${account.imap.host}
@@ -74,30 +73,35 @@ in {
           Patterns *
           Remove None
           SyncState *
-        '')
-        config.home-manager.users.me.accounts.email.accounts);
+        '') config.home-manager.users.me.accounts.email.accounts
+      );
     };
 
     accounts.email.accounts = {
       cock =
-        lib.recursiveUpdate defaults
-        rec {
+        let
+          mailhost = "mail.cock.li";
           address = "2210@cock.li";
+        in
+        lib.recursiveUpdate pkgs.lib.niveum.email.defaults {
+          address = address;
           userName = address;
           passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-cock.path}";
           realName = "2210";
-          imap.host = "mail.cock.li";
+          imap.host = mailhost;
           imap.port = 993;
-          smtp.host = imap.host;
+          smtp.host = mailhost;
           smtp.port = 25;
           smtp.tls.useStartTls = true;
         };
       ical-ephemeris =
-        lib.recursiveUpdate defaults
-        rec {
-          userName = "ical.ephemeris@web.de";
+        let
+          address = "ical.ephemeris@web.de";
+        in
+        lib.recursiveUpdate pkgs.lib.niveum.email.defaults {
+          userName = address;
           realName = "Kieran from iCal Ephemeris";
-          address = userName;
+          address = address;
           passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-ical-ephemeris.path}";
           imap.host = "imap.web.de";
           imap.port = 993;
@@ -106,15 +110,18 @@ in {
           smtp.tls.useStartTls = true;
         };
       posteo =
-        lib.recursiveUpdate defaults
-        rec {
+        let
+          mailhost = "posteo.de";
           address = "kieran.meinhardt@posteo.net";
-          aliases = ["kmein@posteo.de"];
+        in
+        lib.recursiveUpdate pkgs.lib.niveum.email.defaults {
+          address = address;
+          aliases = [ "kmein@posteo.de" ];
           userName = address;
-          imap.host = "posteo.de";
+          imap.host = mailhost;
           imap.port = 993;
           imap.tls.enable = true;
-          smtp.host = imap.host;
+          smtp.host = mailhost;
           smtp.port = 465;
           smtp.tls.enable = true;
           primary = true;
@@ -133,7 +140,7 @@ in {
       enable = true;
       settings = {
       };
-      profiles.${thunderbirdProfile} = {
+      profiles.${pkgs.lib.niveum.email.thunderbirdProfile} = {
         isDefault = true;
         settings = {
           "mail.default_send_format" = 1;
@@ -141,10 +148,8 @@ in {
           "msgcompose.text_color" = config.lib.stylix.colors.withHashtag.base00;
           "msgcompose.background_color" = config.lib.stylix.colors.withHashtag.base05;
         };
-        userChrome = ''
-        '';
-        userContent = ''
-        '';
+        userChrome = '''';
+        userContent = '''';
         withExternalGnupg = false;
       };
     };
@@ -206,7 +211,7 @@ in {
           "*" = ":filter -x Flagged<Enter>";
         };
         view = {
-          tr = ":pipe ${niveumPackages.trans}/bin/trans -show-original n -b -no-autocorrect<Enter>"; # https://man.sr.ht/~rjarry/aerc/integrations/translator.md
+          tr = ":pipe ${pkgs.trans}/bin/trans -show-original n -b -no-autocorrect<Enter>"; # https://man.sr.ht/~rjarry/aerc/integrations/translator.md
           "/" = ":toggle-key-passthrough <Enter> /";
           q = ":close<Enter>";
           O = ":open<Enter>";
@@ -279,7 +284,9 @@ in {
         ui.spinner = ". , .";
         general.unsafe-accounts-conf = true;
         general.pgp-provider = "gpg";
-        viewer = {pager = "${pkgs.less}/bin/less -R";};
+        viewer = {
+          pager = "${pkgs.less}/bin/less -R";
+        };
         compose = {
           # address-book-cmd = "khard email --remove-first-line --parsable '%s'";
           no-attachment-warning = "(attach|attached|attachments?|anbei|Anhang|angehängt|beigefügt)";
@@ -296,24 +303,26 @@ in {
           "message/rfc822" = "${pkgs.aerc}/libexec/aerc/filters/colorize";
           "application/x-sh" = "${pkgs.bat}/bin/bat -fP -l sh";
         };
-        openers = let
-          as-pdf = pkgs.writers.writeDash "as-pdf" ''
-            d=$(mktemp -d)
-            trap clean EXIT
-            clean() {
-              rm -rf "$d"
-            }
-            ${pkgs.libreoffice}/bin/libreoffice --headless --convert-to pdf "$1" --outdir "$d"
-            ${pkgs.zathura}/bin/zathura "$d"/*.pdf
-          '';
-        in {
-          "image/*" = "${pkgs.nsxiv}/bin/nsxiv";
-          "application/pdf" = "${pkgs.zathura}/bin/zathura";
-          "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = toString as-pdf;
-          "application/vnd.oasis.opendocument.text" = toString as-pdf;
-          "video/*" = "${pkgs.mpv}/bin/mpv";
-          "audio/*" = "${pkgs.mpv}/bin/mpv";
-        };
+        openers =
+          let
+            as-pdf = pkgs.writers.writeDash "as-pdf" ''
+              d=$(mktemp -p "$XDG_RUNTIME_DIR" -d)
+              trap clean EXIT
+              clean() {
+                rm -rf "$d"
+              }
+              ${pkgs.libreoffice}/bin/libreoffice --headless --convert-to pdf "$1" --outdir "$d"
+              ${pkgs.zathura}/bin/zathura "$d"/*.pdf
+            '';
+          in
+          {
+            "image/*" = "${pkgs.nsxiv}/bin/nsxiv";
+            "application/pdf" = "${pkgs.zathura}/bin/zathura";
+            "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = toString as-pdf;
+            "application/vnd.oasis.opendocument.text" = toString as-pdf;
+            "video/*" = "${pkgs.mpv}/bin/mpv";
+            "audio/*" = "${pkgs.mpv}/bin/mpv";
+          };
       };
 
       templates = {

configs/alacritty.nix

@@ -2,8 +2,10 @@
   pkgs,
   lib,
   ...
-}: let
-in {
+}:
+let
+in
+{
   environment.variables.TERMINAL = "alacritty";
 
   home-manager.users.me = {

configs/android.nix

@@ -1,5 +1,5 @@
 {
   programs.adb.enable = true;
 
-  users.users.me.extraGroups = ["adbusers"];
+  users.users.me.extraGroups = [ "adbusers" ];
 }

configs/backup.nix

@@ -1,13 +1,13 @@
 {
   pkgs,
   config,
+  lib,
   ...
-}: let
-  inherit (import ../lib) restic;
-in {
+}:
+{
   services.restic.backups.niveum = {
     initialize = true;
-    inherit (restic) repository;
+    repository = pkgs.lib.niveum.restic.repository;
     timerConfig = {
       OnCalendar = "8:00";
       RandomizedDelaySec = "1h";
@@ -38,15 +38,15 @@ in {
 
   environment.systemPackages = [
     (pkgs.writers.writeDashBin "restic-niveum" ''
-      ${pkgs.restic}/bin/restic -r ${restic.repository} -p ${config.age.secrets.restic.path} "$@"
+      ${pkgs.restic}/bin/restic -r ${pkgs.lib.niveum.restic.repository} -p ${config.age.secrets.restic.path} "$@"
     '')
     (pkgs.writers.writeDashBin "restic-mount" ''
-      mountdir=$(mktemp -d)
+      mountdir=$(mktemp -p "$XDG_RUNTIME_DIR" -d "restic-mount-XXXXXXX")
       trap clean EXIT
       clean() {
         rm -r "$mountdir"
       }
-      ${pkgs.restic}/bin/restic -r ${restic.repository} -p ${config.age.secrets.restic.path} mount "$mountdir"
+      ${pkgs.restic}/bin/restic -r ${pkgs.lib.niveum.restic.repository} -p ${config.age.secrets.restic.path} mount "$mountdir"
     '')
   ];
 }

configs/bash.nix

@@ -1,7 +1,7 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.bash = {
-    promptInit = ''
-      PS1="$(${pkgs.ncurses}/bin/tput bold)\w \$([[ \$? == 0 ]] && echo \"\[\033[1;32m\]\" || echo \"\[\033[1;31m\]\")\$$(${pkgs.ncurses}/bin/tput sgr0) "'';
+    promptInit = ''PS1="$(${pkgs.ncurses}/bin/tput bold)\w \$([[ \$? == 0 ]] && echo \"\[\033[1;32m\]\" || echo \"\[\033[1;31m\]\")\$$(${pkgs.ncurses}/bin/tput sgr0) "'';
     interactiveShellInit = ''
       set -o vi
     '';

configs/bluetooth.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   hardware.bluetooth = {
     enable = true;
     settings.general = {

configs/bots/autorenkalender.nix

@@ -1,20 +1,19 @@
 {
   config,
-  inputs,
+  pkgs,
   ...
-}: let
-  autorenkalender = inputs.autorenkalender.packages.x86_64-linux.default;
-in {
+}:
+{
   niveum.bots.autorenkalender = {
     enable = true;
     time = "07:00";
     telegram = {
       enable = true;
       tokenFile = config.age.secrets.telegram-token-kmein.path;
-      chatIds = ["@autorenkalender"];
+      chatIds = [ "@autorenkalender" ];
       parseMode = "Markdown";
     };
-    command = "${autorenkalender}/bin/autorenkalender";
+    command = "${pkgs.autorenkalender}/bin/autorenkalender";
   };
 
   niveum.passport.services = [

configs/bots/celan.nix

@@ -3,64 +3,69 @@
   lib,
   config,
   ...
-}: {
+}:
+{
   niveum.bots.celan = {
     enable = true;
     time = "08:00";
     telegram = {
       enable = true;
       tokenFile = config.age.secrets.telegram-token-kmein.path;
-      chatIds = ["@PaulCelan"];
+      chatIds = [ "@PaulCelan" ];
     };
     mastodon = {
       enable = true;
       tokenFile = config.age.secrets.mastodon-token-celan.path;
       language = "de";
     };
-    command = toString (pkgs.writers.writePython3 "random-celan.py" { libraries = [pkgs.python3Packages.lxml]; } ''
-      from lxml import etree
-      import random
+    command = toString (
+      pkgs.writers.writePython3 "random-celan.py" { libraries = [ pkgs.python3Packages.lxml ]; } ''
+        from lxml import etree
+        import random
 
 
-      def xml_text(elements):
-          return "".join("".join(t.itertext()) for t in elements).strip()
+        def xml_text(elements):
+            return "".join("".join(t.itertext()) for t in elements).strip()
 
 
-      tree = etree.parse('${pkgs.fetchurl {
-        url = "http://c.krebsco.de/celan.tei.xml";
-        hash = "sha256-HgNmJYfhuwyfm+FcNtnnYWpJpIIU1ElHLeLiIFjF9mE=";
-      }}')
-      root = tree.getroot()
+        tree = etree.parse('${
+          pkgs.fetchurl {
+            url = "http://c.krebsco.de/celan.tei.xml";
+            hash = "sha256-HgNmJYfhuwyfm+FcNtnnYWpJpIIU1ElHLeLiIFjF9mE=";
+          }
+        }')
+        root = tree.getroot()
 
-      tei = {"tei": "http://www.tei-c.org/ns/1.0"}
+        tei = {"tei": "http://www.tei-c.org/ns/1.0"}
 
-      poems = root.xpath(".//tei:lg[@type='poem']", namespaces=tei)
+        poems = root.xpath(".//tei:lg[@type='poem']", namespaces=tei)
 
-      poem = random.choice(poems)
+        poem = random.choice(poems)
 
-      for stanza in poem.xpath("./tei:lg[@type='stanza']", namespaces=tei):
-          for line in stanza.xpath('./tei:l', namespaces=tei):
-              if line.text:
-                  print(line.text.strip())
-          print()
+        for stanza in poem.xpath("./tei:lg[@type='stanza']", namespaces=tei):
+            for line in stanza.xpath('./tei:l', namespaces=tei):
+                if line.text:
+                    print(line.text.strip())
+            print()
 
-      current_element = poem
-      while current_element is not None:
-          if current_element.tag == "{http://www.tei-c.org/ns/1.0}text":
-              text_element = current_element
+        current_element = poem
+        while current_element is not None:
+            if current_element.tag == "{http://www.tei-c.org/ns/1.0}text":
+                text_element = current_element
 
-              title = xml_text(text_element.xpath("./tei:front/tei:docTitle",
-                               namespaces=tei))
-              print(f"Aus: #{title.replace(" ", "_")}", end=" ")
+                title = xml_text(text_element.xpath("./tei:front/tei:docTitle",
+                                 namespaces=tei))
+                print(f"Aus: #{title.replace(" ", "_")}", end=" ")
 
-              if date := xml_text(text_element.xpath("./tei:front/tei:docDate",
-                                  namespaces=tei)):
-                  print(f"({date})")
-              break
-          current_element = current_element.getparent()
+                if date := xml_text(text_element.xpath("./tei:front/tei:docDate",
+                                    namespaces=tei)):
+                    print(f"({date})")
+                break
+            current_element = current_element.getparent()
 
-      print("\n\n#PaulCelan #Celan #Lyrik #poetry")
-    '');
+        print("\n\n#PaulCelan #Celan #Lyrik #poetry")
+      ''
+    );
   };
 
   age.secrets = {

configs/bots/default.nix

@@ -1,15 +1,13 @@
 {
   config,
   pkgs,
-  lib,
-  inputs,
   ...
-}: let
-  telebots = inputs.telebots.defaultPackage.x86_64-linux;
+}:
+let
   reverseDirectory = "/run/telegram-reverse";
   proverbDirectory = "/run/telegram-proverb";
-  inherit (import ../../lib) tmpfilesConfig;
-in {
+in
+{
   imports = [
     ./logotheca.nix
     ./transits.nix
@@ -26,13 +24,21 @@ in {
     telegram-token-kmein.file = ../../secrets/telegram-token-kmein.age;
   };
 
-  systemd.tmpfiles.rules = map (path:
-    tmpfilesConfig {
-      type = "d";
-      mode = "0750";
-      age = "1h";
-      inherit path;
-    }) [reverseDirectory proverbDirectory];
+  systemd.tmpfiles.rules =
+    map
+      (
+        path:
+        pkgs.lib.niveum.tmpfilesConfig {
+          type = "d";
+          mode = "0750";
+          age = "1h";
+          inherit path;
+        }
+      )
+      [
+        reverseDirectory
+        proverbDirectory
+      ];
 
   niveum.passport.services = [
     {
@@ -60,12 +66,12 @@ in {
   };
 
   systemd.services.telegram-reverse = {
-    wantedBy = ["multi-user.target"];
+    wantedBy = [ "multi-user.target" ];
     description = "Telegram reverse bot";
-    path = [pkgs.ffmpeg];
+    path = [ pkgs.ffmpeg ];
     enable = true;
     script = ''
-      TELEGRAM_BOT_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")" ${telebots}/bin/telegram-reverse
+      TELEGRAM_BOT_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")" ${pkgs.telebots}/bin/telegram-reverse
     '';
     serviceConfig.Restart = "always";
     serviceConfig.WorkingDirectory = reverseDirectory;
@@ -73,33 +79,33 @@ in {
   };
 
   systemd.services.telegram-streaming-link = {
-    wantedBy = ["multi-user.target"];
+    wantedBy = [ "multi-user.target" ];
     description = "Telegram bot converting YouTube Music <-> Spotify";
     enable = true;
     script = ''
-      TELEGRAM_BOT_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")" ${telebots}/bin/telegram-streaming-link
+      TELEGRAM_BOT_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")" ${pkgs.telebots}/bin/telegram-streaming-link
     '';
     serviceConfig.Restart = "always";
     serviceConfig.LoadCredential = "token:${config.age.secrets.telegram-token-streaming-link.path}";
   };
 
   systemd.services.telegram-betacode = {
-    wantedBy = ["multi-user.target"];
+    wantedBy = [ "multi-user.target" ];
     description = "Telegram beta code bot";
     enable = true;
     script = ''
-      TELEGRAM_BOT_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")" ${telebots}/bin/telegram-betacode
+      TELEGRAM_BOT_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")" ${pkgs.telebots}/bin/telegram-betacode
     '';
     serviceConfig.Restart = "always";
     serviceConfig.LoadCredential = "token:${config.age.secrets.telegram-token-betacode.path}";
   };
 
   systemd.services.telegram-proverb = {
-    wantedBy = ["multi-user.target"];
+    wantedBy = [ "multi-user.target" ];
     description = "Telegram proverb bot";
     enable = true;
     script = ''
-      TELEGRAM_BOT_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")" ${telebots}/bin/telegram-proverb
+      TELEGRAM_BOT_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")" ${pkgs.telebots}/bin/telegram-proverb
     '';
     serviceConfig.Restart = "always";
     serviceConfig.WorkingDirectory = proverbDirectory;

configs/bots/hesychius.nix

@@ -1,12 +1,9 @@
 {
   pkgs,
   config,
-  inputs,
-  lib,
   ...
-}: let
-  hesychius = inputs.scripts.outPath + "/hesychius/hesychius.txt";
-in {
+}:
+{
   niveum.bots.hesychius = {
     enable = true;
     time = "08:00";
@@ -18,9 +15,9 @@ in {
     telegram = {
       enable = true;
       tokenFile = config.age.secrets.telegram-token-kmein.path;
-      chatIds = ["@HesychiosAlexandreus"];
+      chatIds = [ "@HesychiosAlexandreus" ];
     };
-    command = "${pkgs.coreutils}/bin/shuf -n1 ${hesychius}";
+    command = "${pkgs.coreutils}/bin/shuf -n1 ${pkgs.hesychius}";
   };
 
   systemd.timers.bot-hesychius.timerConfig.RandomizedDelaySec = "10h";

configs/bots/logotheca.nix

@@ -1,17 +1,16 @@
 {
   pkgs,
   config,
-  lib,
-  niveumPackages,
   ...
-}: {
+}:
+{
   niveum.bots.logotheca = {
     enable = true;
     time = "08/6:00";
     telegram = {
       enable = true;
       tokenFile = config.age.secrets.telegram-token-kmein.path;
-      chatIds = ["-1001760262519"];
+      chatIds = [ "-1001760262519" ];
       parseMode = "Markdown";
     };
     matrix = {
@@ -22,7 +21,7 @@
         "!zlwCuPiCNMSxDviFzA:4d2.org"
       ];
     };
-    command = "${niveumPackages.literature-quote}/bin/literature-quote";
+    command = "${pkgs.literature-quote}/bin/literature-quote";
   };
 
   age.secrets = {

configs/bots/nachtischsatan.nix

@@ -3,31 +3,36 @@
   config,
   lib,
   ...
-}: let
-  nachtischsatan-bot = {tokenFile}:
-    pkgs.writers.writePython3 "nachtischsatan-bot" {
-      libraries = [pkgs.python3Packages.python-telegram-bot];
-    } ''
-      from telegram.ext import Application, ContextTypes, MessageHandler, filters
-      from telegram import Update
-      import random
-      import time
+}:
+let
+  nachtischsatan-bot =
+    { tokenFile }:
+    pkgs.writers.writePython3 "nachtischsatan-bot"
+      {
+        libraries = [ pkgs.python3Packages.python-telegram-bot ];
+      }
+      ''
+        from telegram.ext import Application, ContextTypes, MessageHandler, filters
+        from telegram import Update
+        import random
+        import time
 
 
-      async def flubber(update: Update, context: ContextTypes.DEFAULT_TYPE):
-          time.sleep(random.randrange(4000) / 1000)
-          await update.message.reply_text("*flubberflubber*")
+        async def flubber(update: Update, context: ContextTypes.DEFAULT_TYPE):
+            time.sleep(random.randrange(4000) / 1000)
+            await update.message.reply_text("*flubberflubber*")
 
 
-      with open('${tokenFile}', 'r') as tokenFile:
-          token = tokenFile.read().strip()
-          application = Application.builder().token(token).build()
-          application.add_handler(MessageHandler(filters.ALL, flubber))
-          application.run_polling()
-    '';
-in {
+        with open('${tokenFile}', 'r') as tokenFile:
+            token = tokenFile.read().strip()
+            application = Application.builder().token(token).build()
+            application.add_handler(MessageHandler(filters.ALL, flubber))
+            application.run_polling()
+      '';
+in
+{
   systemd.services.telegram-nachtischsatan = {
-    wantedBy = ["multi-user.target"];
+    wantedBy = [ "multi-user.target" ];
     description = "*flubberflubber*";
     enable = true;
     script = toString (nachtischsatan-bot {

configs/bots/nietzsche.nix

@@ -1,9 +1,9 @@
 {
   config,
   pkgs,
-  niveumPackages,
   ...
-}: {
+}:
+{
   niveum.bots.nietzsche = {
     enable = true;
     time = "08:00";
@@ -12,15 +12,17 @@
       tokenFile = config.age.secrets.mastodon-token-nietzsche.path;
       language = "de";
     };
-    command = toString (pkgs.writers.writeBash "random-nietzsche" ''
-      set -efu
-      random_number=$(( ($RANDOM % 10) + 1 ))
-      if [ "$random_number" -eq 1 ]; then
-        ${niveumPackages.random-zeno}/bin/random-zeno "/Literatur/M/Nietzsche,+Friedrich"
-      else
-        ${niveumPackages.random-zeno}/bin/random-zeno "/Philosophie/M/Nietzsche,+Friedrich"
-      fi
-    '');
+    command = toString (
+      pkgs.writers.writeBash "random-nietzsche" ''
+        set -efu
+        random_number=$(( ($RANDOM % 10) + 1 ))
+        if [ "$random_number" -eq 1 ]; then
+          ${pkgs.random-zeno}/bin/random-zeno "/Literatur/M/Nietzsche,+Friedrich"
+        else
+          ${pkgs.random-zeno}/bin/random-zeno "/Philosophie/M/Nietzsche,+Friedrich"
+        fi
+      ''
+    );
   };
 
   systemd.timers.bot-nietzsche.timerConfig.RandomizedDelaySec = "10h";

configs/bots/smyth.nix

@@ -3,7 +3,8 @@
   pkgs,
   lib,
   ...
-}: {
+}:
+{
   niveum.bots.smyth = {
     enable = true;
     time = "08:00";
@@ -15,42 +16,44 @@
     telegram = {
       enable = true;
       tokenFile = config.age.secrets.telegram-token-kmein.path;
-      chatIds = ["@HerbertWeirSmyth"];
+      chatIds = [ "@HerbertWeirSmyth" ];
     };
-    command = toString (pkgs.writers.writeDash "random-smyth" ''
-      set -efu
+    command = toString (
+      pkgs.writers.writeDash "random-smyth" ''
+        set -efu
 
-      good_curl() {
-        ${pkgs.curl}/bin/curl "$@" \
-          --compressed \
-          -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
-          -H 'Accept-Language: en-US,en;q=0.5' \
-          -H 'DNT: 1' \
-          -H 'Connection: keep-alive' \
-          -H 'Upgrade-Insecure-Requests: 1' \
-          -H 'Sec-Fetch-Dest: document' \
-          -H 'Sec-Fetch-Mode: navigate' \
-          -H 'Sec-Fetch-Site: cross-site' \
-          -H 'Priority: u=0, i' \
-          -H 'Pragma: no-cache' \
-          -H 'Cache-Control: no-cache'
-      }
+        good_curl() {
+          ${pkgs.curl}/bin/curl "$@" \
+            --compressed \
+            -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
+            -H 'Accept-Language: en-US,en;q=0.5' \
+            -H 'DNT: 1' \
+            -H 'Connection: keep-alive' \
+            -H 'Upgrade-Insecure-Requests: 1' \
+            -H 'Sec-Fetch-Dest: document' \
+            -H 'Sec-Fetch-Mode: navigate' \
+            -H 'Sec-Fetch-Site: cross-site' \
+            -H 'Priority: u=0, i' \
+            -H 'Pragma: no-cache' \
+            -H 'Cache-Control: no-cache'
+        }
 
-      RANDOM_SECTION=$(
-        good_curl -sSL http://www.perseus.tufts.edu/hopper/xmltoc?doc=Perseus%3Atext%3A1999.04.0007%3Asmythp%3D1 \
-          | ${pkgs.gnugrep}/bin/grep -o 'ref="[^"]*"' \
-          | ${pkgs.coreutils}/bin/shuf -n1 \
-          | ${pkgs.gnused}/bin/sed 's/^ref="//;s/"$//'
-      )
+        RANDOM_SECTION=$(
+          good_curl -sSL http://www.perseus.tufts.edu/hopper/xmltoc?doc=Perseus%3Atext%3A1999.04.0007%3Asmythp%3D1 \
+            | ${pkgs.gnugrep}/bin/grep -o 'ref="[^"]*"' \
+            | ${pkgs.coreutils}/bin/shuf -n1 \
+            | ${pkgs.gnused}/bin/sed 's/^ref="//;s/"$//'
+        )
 
-      url="http://www.perseus.tufts.edu/hopper/text?doc=$RANDOM_SECTION"
-      good_curl -sSL "$url"\
-        | ${pkgs.htmlq}/bin/htmlq '#text_main' \
-        | ${pkgs.gnused}/bin/sed 's/<\/\?hr>//g' \
-        | ${pkgs.pandoc}/bin/pandoc -f html -t plain --wrap=none
+        url="http://www.perseus.tufts.edu/hopper/text?doc=$RANDOM_SECTION"
+        good_curl -sSL "$url"\
+          | ${pkgs.htmlq}/bin/htmlq '#text_main' \
+          | ${pkgs.gnused}/bin/sed 's/<\/\?hr>//g' \
+          | ${pkgs.pandoc}/bin/pandoc -f html -t plain --wrap=none
 
-      printf '\n%s\n\n#AncientGreek' "$url"
-    '');
+        printf '\n%s\n\n#AncientGreek' "$url"
+      ''
+    );
   };
 
   systemd.timers.bot-smyth.timerConfig.RandomizedDelaySec = "10h";

configs/bots/tlg-wotd.nix

@@ -1,142 +1,154 @@
 {
   pkgs,
-  lib,
   config,
-  niveumPackages,
-  unstablePackages,
   ...
-}: let
+}:
+let
   mastodonEndpoint = "https://social.krebsco.de";
-in {
+in
+{
   systemd.services.bot-tlg-wotd = {
     # TODO reenable
     # once https://github.com/NixOS/nixpkgs/pull/462893 is in stable NixOS
     enable = true;
-    wants = ["network-online.target"];
+    wants = [ "network-online.target" ];
     startAt = "9:30";
-    path = [ pkgs.jq pkgs.curl pkgs.recode pkgs.deno pkgs.imagemagick pkgs.gawk pkgs.gnugrep pkgs.coreutils ];
+    path = [
+      pkgs.jq
+      pkgs.curl
+      pkgs.recode
+      pkgs.deno
+      pkgs.imagemagick
+      pkgs.gawk
+      pkgs.gnugrep
+      pkgs.coreutils
+    ];
     environment = {
       NPM_CONFIG_CACHE = "/tmp";
       CLTK_DATA = "/tmp";
     };
     script = ''
-      set -efux
+        set -efux
 
-      chat_id=@tlgwotd
+        chat_id=@tlgwotd
 
-      export TELEGRAM_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/telegram-token")"
-      export MASTODON_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/mastodon-token")"
+        export TELEGRAM_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/telegram-token")"
+        export MASTODON_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/mastodon-token")"
 
-      json_data=$(curl -sSL http://stephanus.tlg.uci.edu/Iris/Wotd | recode html..utf8)
+        json_data=$(curl -sSL http://stephanus.tlg.uci.edu/Iris/Wotd | recode html..utf8)
 
-      word=$(echo "$json_data" | jq -r '.word')
-      compact_word=$(echo "$word" | sed 's/,.*$//')
-      definition=$(echo "$json_data" | jq -r '.definition | sub("<.*>"; "") | rtrimstr(" ")')
-      first_occurrence=$(echo "$json_data" | jq -r '.firstOccurrence')
-      total_occurrences=$(echo "$json_data" | jq -r '.totalOccurrences')
-      telegram_caption="*$word* ‘$definition’
+        word=$(echo "$json_data" | jq -r '.word')
+        compact_word=$(echo "$word" | sed 's/,.*$//')
+        definition=$(echo "$json_data" | jq -r '.definition | sub("<.*>"; "") | rtrimstr(" ")')
+        first_occurrence=$(echo "$json_data" | jq -r '.firstOccurrence')
+        total_occurrences=$(echo "$json_data" | jq -r '.totalOccurrences')
+        telegram_caption="*$word* ‘$definition’
 
-    First occurrence (century): $first_occurrence
-    Number of occurrences (in all Ancient Greek texts): $total_occurrences"
-      mastodon_caption="$word ‘$definition’
+      First occurrence (century): $first_occurrence
+      Number of occurrences (in all Ancient Greek texts): $total_occurrences"
+        mastodon_caption="$word ‘$definition’
 
-    First occurrence (century): $first_occurrence
-    Number of occurrences (in all Ancient Greek texts): $total_occurrences"
+      First occurrence (century): $first_occurrence
+      Number of occurrences (in all Ancient Greek texts): $total_occurrences"
 
-      #ancientgreek #classics #wotd #wordoftheday
+        #ancientgreek #classics #wotd #wordoftheday
 
-      transliteration=$(${pkgs.writers.writePython3 "translit.py" {
-        libraries = py: [ py.cltk ];
-      } ''
-        import sys
-        from cltk.phonology.grc.transcription import Transcriber
+        transliteration=$(${
+          pkgs.writers.writePython3 "translit.py"
+            {
+              libraries = py: [ py.cltk ];
+            }
+            ''
+              import sys
+              from cltk.phonology.grc.transcription import Transcriber
 
-        probert = Transcriber("Attic", "Probert")
-        text = " ".join(sys.argv[1:])
-        ipa = probert.transcribe(text)
+              probert = Transcriber("Attic", "Probert")
+              text = " ".join(sys.argv[1:])
+              ipa = probert.transcribe(text)
 
-        print(ipa)
-      ''} "$compact_word")
+              print(ipa)
+            ''
+        } "$compact_word")
 
 
-      photo_path=/tmp/output.png
+        photo_path=/tmp/output.png
 
-      hex_to_rgb() {
-          hex="$1"
-          r=$(printf "%d" "0x$(echo "$hex" | cut -c2-3)")
-          g=$(printf "%d" "0x$(echo "$hex" | cut -c4-5)")
-          b=$(printf "%d" "0x$(echo "$hex" | cut -c6-7)")
-          echo "$r $g $b"
-      }
+        hex_to_rgb() {
+            hex="$1"
+            r=$(printf "%d" "0x$(echo "$hex" | cut -c2-3)")
+            g=$(printf "%d" "0x$(echo "$hex" | cut -c4-5)")
+            b=$(printf "%d" "0x$(echo "$hex" | cut -c6-7)")
+            echo "$r $g $b"
+        }
 
-      calculate_luminance() {
-          r="$1"
-          g="$2"
-          b="$3"
+        calculate_luminance() {
+            r="$1"
+            g="$2"
+            b="$3"
 
-          r_l=$(echo "$r" | awk '{print ($1 / 255 <= 0.03928) ? $1 / 255 / 12.92 : (($1 / 255 + 0.055) / 1.055)^2.4}')
-          g_l=$(echo "$g" | awk '{print ($1 / 255 <= 0.03928) ? $1 / 255 / 12.92 : (($1 / 255 + 0.055) / 1.055)^2.4}')
-          b_l=$(echo "$b" | awk '{print ($1 / 255 <= 0.03928) ? $1 / 255 / 12.92 : (($1 / 255 + 0.055) / 1.055)^2.4}')
+            r_l=$(echo "$r" | awk '{print ($1 / 255 <= 0.03928) ? $1 / 255 / 12.92 : (($1 / 255 + 0.055) / 1.055)^2.4}')
+            g_l=$(echo "$g" | awk '{print ($1 / 255 <= 0.03928) ? $1 / 255 / 12.92 : (($1 / 255 + 0.055) / 1.055)^2.4}')
+            b_l=$(echo "$b" | awk '{print ($1 / 255 <= 0.03928) ? $1 / 255 / 12.92 : (($1 / 255 + 0.055) / 1.055)^2.4}')
 
-          echo "$r_l $g_l $b_l" | awk '{print 0.2126*$1 + 0.7152*$2 + 0.0722*$3}'
-      }
+            echo "$r_l $g_l $b_l" | awk '{print 0.2126*$1 + 0.7152*$2 + 0.0722*$3}'
+        }
 
 
-      hex_color="#$(echo "$compact_word" | md5sum | cut -c 1-6)"
-      if echo "$hex_color" | grep -qE '^#[0-9A-Fa-f]{6}$'; then
-          set -- $(hex_to_rgb "$hex_color")
-          r="$1"
-          g="$2"
-          b="$3"
-      fi
+        hex_color="#$(echo "$compact_word" | md5sum | cut -c 1-6)"
+        if echo "$hex_color" | grep -qE '^#[0-9A-Fa-f]{6}$'; then
+            set -- $(hex_to_rgb "$hex_color")
+            r="$1"
+            g="$2"
+            b="$3"
+        fi
 
-      luminance=$(calculate_luminance "$r" "$g" "$b")
+        luminance=$(calculate_luminance "$r" "$g" "$b")
 
-      threshold="0.1"
-      echo "$r $g $b"
-      if [ "$(echo "$luminance" | awk -v threshold="$threshold" '{print ($1 > threshold)}')" -eq 1 ]; then
-          color1="black"
-          color2="#333"
-      else
-          color1="white"
-          color2=lightgrey
-      fi
+        threshold="0.1"
+        echo "$r $g $b"
+        if [ "$(echo "$luminance" | awk -v threshold="$threshold" '{print ($1 > threshold)}')" -eq 1 ]; then
+            color1="black"
+            color2="#333"
+        else
+            color1="white"
+            color2=lightgrey
+        fi
 
-      magick -size 1400x846 \
-          xc:"$hex_color" \
-          -font "${pkgs.gentium}/share/fonts/truetype/GentiumBookPlus-Bold.ttf" \
-          -fill "$color1" \
-          -pointsize 150 -gravity west \
-          -annotate +100-160 "$compact_word" \
-          -font "${pkgs.gentium}/share/fonts/truetype/GentiumBookPlus-Regular.ttf" \
-          -fill "$color2" \
-          -pointsize 60 -gravity west \
-          -annotate +100+00 "$transliteration" \
-          -fill "$color1" \
-          -annotate +100+120 "‘$definition’" \
-          -fill "$color2" \
-          -pointsize 40 -gravity southwest \
-          -annotate +100+60 "attested $total_occurrences times" \
-          -pointsize 40 -gravity southeast \
-          -annotate +100+60 "$(date -I)" \
-          "$photo_path"
+        magick -size 1400x846 \
+            xc:"$hex_color" \
+            -font "${pkgs.gentium}/share/fonts/truetype/GentiumBookPlus-Bold.ttf" \
+            -fill "$color1" \
+            -pointsize 150 -gravity west \
+            -annotate +100-160 "$compact_word" \
+            -font "${pkgs.gentium}/share/fonts/truetype/GentiumBookPlus-Regular.ttf" \
+            -fill "$color2" \
+            -pointsize 60 -gravity west \
+            -annotate +100+00 "$transliteration" \
+            -fill "$color1" \
+            -annotate +100+120 "‘$definition’" \
+            -fill "$color2" \
+            -pointsize 40 -gravity southwest \
+            -annotate +100+60 "attested $total_occurrences times" \
+            -pointsize 40 -gravity southeast \
+            -annotate +100+60 "$(date -I)" \
+            "$photo_path"
 
-      curl -X POST "https://api.telegram.org/bot$TELEGRAM_TOKEN/sendPhoto" \
-           -F "chat_id=\"$chat_id\"" \
-           -F "photo=@$photo_path" \
-           -F parse_mode=Markdown \
-           -F caption="$telegram_caption"
+        curl -X POST "https://api.telegram.org/bot$TELEGRAM_TOKEN/sendPhoto" \
+             -F "chat_id=\"$chat_id\"" \
+             -F "photo=@$photo_path" \
+             -F parse_mode=Markdown \
+             -F caption="$telegram_caption"
 
-      mastodon_upload_response=$(curl -X POST "${mastodonEndpoint}/api/v2/media" \
-          -H "Authorization: Bearer $MASTODON_TOKEN" \
-          -F "file=@$photo_path" \
-          -F "description=$word ‘$definition’")
-      mastodon_image_id=$(echo $mastodon_upload_response | jq -r .id)
-      curl -X POST "${mastodonEndpoint}/api/v1/statuses" \
-          -H "Authorization: Bearer $MASTODON_TOKEN" \
-          -d "status=$mastodon_caption" \
-          -d "visibility=public" \
-          -d "media_ids[]=$mastodon_image_id"
+        mastodon_upload_response=$(curl -X POST "${mastodonEndpoint}/api/v2/media" \
+            -H "Authorization: Bearer $MASTODON_TOKEN" \
+            -F "file=@$photo_path" \
+            -F "description=$word ‘$definition’")
+        mastodon_image_id=$(echo $mastodon_upload_response | jq -r .id)
+        curl -X POST "${mastodonEndpoint}/api/v1/statuses" \
+            -H "Authorization: Bearer $MASTODON_TOKEN" \
+            -d "status=$mastodon_caption" \
+            -d "visibility=public" \
+            -d "media_ids[]=$mastodon_image_id"
     '';
     serviceConfig = {
       Type = "oneshot";

configs/bots/transits.nix

@@ -3,7 +3,8 @@
   pkgs,
   lib,
   ...
-}: let
+}:
+let
   toSymbols = pkgs.writers.writeDash "to-symbols" ''
     ${pkgs.gnused}/bin/sed '
       s/\bTri\b/△/;
@@ -40,7 +41,8 @@
       s/^\s*//
     '
   '';
-in {
+in
+{
   niveum.bots.transits = {
     enable = true;
     time = "*:0/1";
@@ -51,19 +53,21 @@ in {
     telegram = {
       enable = true;
       tokenFile = config.age.secrets.telegram-token-kmein.path;
-      chatIds = ["-1001796440545"];
+      chatIds = [ "-1001796440545" ];
     };
-    command = toString (pkgs.writers.writeDash "common-transits" ''
-      set -efu
+    command = toString (
+      pkgs.writers.writeDash "common-transits" ''
+        set -efu
 
-      now=$(${pkgs.coreutils}/bin/date +%_H:%M | ${pkgs.gnused}/bin/sed 's/^\s*//')
-      date=$(${pkgs.coreutils}/bin/date +'%m %d %Y')
-      (
-        cd ${pkgs.astrolog}/bin
-        # ./astrolog -Yt -Yd -q 10 22 1999 6:32 -zN Kassel -td $date -R Uranus Neptune Pluto "North Node"
-        ./astrolog -qd $date -zN Berlin -Yt -Yd -d -R Uranus Neptune Pluto "North Node" -A 2
-      ) | ${toSymbols} | ${pkgs.coreutils}/bin/sort -n | ${pkgs.gnugrep}/bin/grep "^$now" || :
-    '');
+        now=$(${pkgs.coreutils}/bin/date +%_H:%M | ${pkgs.gnused}/bin/sed 's/^\s*//')
+        date=$(${pkgs.coreutils}/bin/date +'%m %d %Y')
+        (
+          cd ${pkgs.astrolog}/bin
+          # ./astrolog -Yt -Yd -q 10 22 1999 6:32 -zN Kassel -td $date -R Uranus Neptune Pluto "North Node"
+          ./astrolog -qd $date -zN Berlin -Yt -Yd -d -R Uranus Neptune Pluto "North Node" -A 2
+        ) | ${toSymbols} | ${pkgs.coreutils}/bin/sort -n | ${pkgs.gnugrep}/bin/grep "^$now" || :
+      ''
+    );
   };
 
   age.secrets = {

configs/browser.nix

@@ -1,11 +1,11 @@
 {
   config,
   pkgs,
-  niveumPackages,
   ...
-}: {
+}:
+{
   environment.systemPackages = [
-    niveumPackages.cro
+    pkgs.cro
     pkgs.tor-browser
     pkgs.firefox
     pkgs.brave
@@ -14,76 +14,78 @@
   home-manager.users.me = {
     programs.firefox = {
       enable = true;
-      profiles = let
-        defaultSettings = {
-          "beacon.enabled" = false;
-          "browser.bookmarks.showMobileBookmarks" = true;
-          "browser.newtab.preload" = false;
-          "browser.search.isUS" = false;
-          "browser.search.region" = "DE";
-          "browser.send_pings" = false;
-          "browser.shell.checkDefaultBrowser" = false;
-          "browser.startup.homepage" = "chrome://browser/content/blanktab.html";
-          "browser.uidensity" = 1;
-          "browser.urlbar.placeholderName" = "Search";
-          "datareporting.healthreport.service.enabled" = false;
-          "datareporting.healthreport.uploadEnabled" = false;
-          "datareporting.policy.dataSubmissionEnabled" = false;
-          "datareporting.sessions.current.clean" = true;
-          "distribution.searchplugins.defaultLocale" = "de-DE";
-          "general.smoothScroll" = true;
-          "identity.fxaccounts.account.device.name" = config.networking.hostName;
-          "network.cookie.cookieBehavior" = 1;
-          "privacy.donottrackheader.enabled" = true;
-          "privacy.trackingprotection.enabled" = true;
-          "privacy.trackingprotection.pbmode.enabled" = true;
-          "privacy.trackingprotection.socialtracking.enabled" = true;
-          "services.sync.declinedEngines" = "passwords";
-          "services.sync.engine.passwords" = false;
-          "signon.autofillForms" = false;
-          "signon.rememberSignons" = false;
-          "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
-          "toolkit.telemetry.archive.enabled" = false;
-          "toolkit.telemetry.bhrPing.enabled" = false;
-          "toolkit.telemetry.cachedClientID" = "";
-          "toolkit.telemetry.enabled" = false;
-          "toolkit.telemetry.firstShutdownPing.enabled" = false;
-          "toolkit.telemetry.hybridContent.enabled" = false;
-          "toolkit.telemetry.newProfilePing.enabled" = false;
-          "toolkit.telemetry.prompted" = 2;
-          "toolkit.telemetry.rejected" = true;
-          "toolkit.telemetry.server" = "";
-          "toolkit.telemetry.shutdownPingSender.enabled" = false;
-          "toolkit.telemetry.unified" = false;
-          "toolkit.telemetry.unifiedIsOptIn" = false;
-          "toolkit.telemetry.updatePing.enabled" = false;
-          "ui.prefersReducedMotion" = 1;
+      profiles =
+        let
+          defaultSettings = {
+            "beacon.enabled" = false;
+            "browser.bookmarks.showMobileBookmarks" = true;
+            "browser.newtab.preload" = false;
+            "browser.search.isUS" = false;
+            "browser.search.region" = "DE";
+            "browser.send_pings" = false;
+            "browser.shell.checkDefaultBrowser" = false;
+            "browser.startup.homepage" = "chrome://browser/content/blanktab.html";
+            "browser.uidensity" = 1;
+            "browser.urlbar.placeholderName" = "Search";
+            "datareporting.healthreport.service.enabled" = false;
+            "datareporting.healthreport.uploadEnabled" = false;
+            "datareporting.policy.dataSubmissionEnabled" = false;
+            "datareporting.sessions.current.clean" = true;
+            "distribution.searchplugins.defaultLocale" = "de-DE";
+            "general.smoothScroll" = true;
+            "identity.fxaccounts.account.device.name" = config.networking.hostName;
+            "network.cookie.cookieBehavior" = 1;
+            "privacy.donottrackheader.enabled" = true;
+            "privacy.trackingprotection.enabled" = true;
+            "privacy.trackingprotection.pbmode.enabled" = true;
+            "privacy.trackingprotection.socialtracking.enabled" = true;
+            "services.sync.declinedEngines" = "passwords";
+            "services.sync.engine.passwords" = false;
+            "signon.autofillForms" = false;
+            "signon.rememberSignons" = false;
+            "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
+            "toolkit.telemetry.archive.enabled" = false;
+            "toolkit.telemetry.bhrPing.enabled" = false;
+            "toolkit.telemetry.cachedClientID" = "";
+            "toolkit.telemetry.enabled" = false;
+            "toolkit.telemetry.firstShutdownPing.enabled" = false;
+            "toolkit.telemetry.hybridContent.enabled" = false;
+            "toolkit.telemetry.newProfilePing.enabled" = false;
+            "toolkit.telemetry.prompted" = 2;
+            "toolkit.telemetry.rejected" = true;
+            "toolkit.telemetry.server" = "";
+            "toolkit.telemetry.shutdownPingSender.enabled" = false;
+            "toolkit.telemetry.unified" = false;
+            "toolkit.telemetry.unifiedIsOptIn" = false;
+            "toolkit.telemetry.updatePing.enabled" = false;
+            "ui.prefersReducedMotion" = 1;
+          };
+        in
+        {
+          default = {
+            id = 0;
+            isDefault = true;
+            settings = defaultSettings;
+            # extensions = with pkgs.nur.repos.rycee.firefox-addons; [
+            #   ublock-origin
+            #   darkreader
+            #   sponsorblock
+            #   consent-o-matic
+            #   i-dont-care-about-cookies
+            #   # auto-tab-discard TODO what is this
+            # ];
+            userChrome = ''
+              #TabsToolbar {
+                visibility: collapse !important;
+              }
+            '';
+          };
         };
-      in {
-        default = {
-          id = 0;
-          isDefault = true;
-          settings = defaultSettings;
-          # extensions = with pkgs.nur.repos.rycee.firefox-addons; [
-          #   ublock-origin
-          #   darkreader
-          #   sponsorblock
-          #   consent-o-matic
-          #   i-dont-care-about-cookies
-          #   # auto-tab-discard TODO what is this
-          # ];
-          userChrome = ''
-            #TabsToolbar {
-              visibility: collapse !important;
-            }
-          '';
-        };
-      };
     };
   };
 
   home-manager.users.me = {
-    stylix.targets.firefox.profileNames = ["default"];
+    stylix.targets.firefox.profileNames = [ "default" ];
   };
 
   environment.variables.BROWSER = "firefox";

configs/ccc.nix

@@ -1,28 +1,38 @@
-{pkgs, ...}:
-# https://paste.sr.ht/~erictapen/11716989e489b600f237041b6d657fdf0ee17b34
-let
-  certificate = pkgs.stdenv.mkDerivation rec {
-    name = "dst-root-ca-x3.pem";
-    src = builtins.toFile "${name}.sed" ''
-      1,/DST Root CA X3/d
-      1,/-----END CERTIFICATE-----/p
-    '';
-    nativeBuildInputs = with pkgs; [cacert gnused];
-    phases = "installPhase";
-    installPhase = ''
-      ${pkgs.gnused}/bin/sed -n -f $src ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt > $out
-    '';
-  };
-in {
-  networking.wireless.networks."36C3" = {
-    auth = ''
-      key_mgmt=WPA-EAP
-      eap=TTLS
-      identity="kmein"
-      password=" "
-      ca_cert="${certificate}"
-      altsubject_match="DNS:radius.c3noc.net"
-      phase2="auth=PAP"
-    '';
+{ pkgs, ... }:
+{
+  networking.networkmanager.ensureProfiles.profiles = {
+    "39C3" = {
+      connection = {
+        id = "39C3";
+        type = "wifi";
+      };
+      wifi = {
+        mode = "infrastructure";
+        ssid = "39C3";
+      };
+      wifi-security = {
+        auth-alg = "open";
+        key-mgmt = "wpa-eap";
+      };
+      "802-1x" = {
+        anonymous-identity = "39C3";
+        eap = "ttls;";
+        identity = "39C3";
+        password = "39C3";
+        phase2-auth = "pap";
+        altsubject-matches = "DNS:radius.c3noc.net";
+        ca-cert = "${builtins.fetchurl {
+          url = "https://letsencrypt.org/certs/isrgrootx1.pem";
+          sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92";
+        }}";
+      };
+      ipv4 = {
+        method = "auto";
+      };
+      ipv6 = {
+        addr-gen-mode = "default";
+        method = "auto";
+      };
+    };
   };
 }

configs/clipboard.nix

@@ -2,6 +2,7 @@
   config,
   pkgs,
   ...
-}: {
+}:
+{
   services.clipmenu.enable = true;
 }

configs/cloud.nix

@@ -3,9 +3,8 @@
   lib,
   pkgs,
   ...
-}: let
-  inherit (import ../lib) tmpfilesConfig;
-in {
+}:
+{
   systemd.user.services.systemd-tmpfiles-clean = {
     enable = true;
     wantedBy = [ "default.target" ];
@@ -16,27 +15,40 @@ in {
     };
   };
 
-  systemd.user.tmpfiles.users.me.rules = map tmpfilesConfig [
-    {
-      type = "d";
-      mode = "0755";
-      age = "7d";
-      path = "${config.users.users.me.home}/sync/Downloads";
-    }
-    {
-      type = "d";
-      mode = "0755";
-      age = "7d";
-      path = "${config.users.users.me.home}/cloud/nextcloud/tmp";
-    }
-  ] ++ map (path: tmpfilesConfig {
-      type = "L+";
-      user = config.users.users.me.name;
-      group = config.users.users.me.group;
-      mode = "0755";
-      argument = "${config.users.users.me.home}/sync/${path}";
-      path = "${config.users.users.me.home}/${path}";
-  }) [".ssh" ".gnupg" ".pki" ".local/share/aerc"];
+  systemd.user.tmpfiles.users.me.rules =
+    map pkgs.lib.niveum.tmpfilesConfig [
+      {
+        type = "d";
+        mode = "0755";
+        age = "7d";
+        path = "${config.users.users.me.home}/sync/Downloads";
+      }
+      {
+        type = "d";
+        mode = "0755";
+        age = "7d";
+        path = "${config.users.users.me.home}/cloud/nextcloud/tmp";
+      }
+    ]
+    ++
+      map
+        (
+          path:
+          pkgs.lib.niveum.tmpfilesConfig {
+            type = "L+";
+            user = config.users.users.me.name;
+            group = config.users.users.me.group;
+            mode = "0755";
+            argument = "${config.users.users.me.home}/sync/${path}";
+            path = "${config.users.users.me.home}/${path}";
+          }
+        )
+        [
+          ".ssh"
+          ".gnupg"
+          ".pki"
+          ".local/share/aerc"
+        ];
 
   services.gnome.gnome-keyring.enable = true;
   security.pam.services.lightdm.enableGnomeKeyring = true;
@@ -50,20 +62,22 @@ in {
 
   systemd.user.services.nextcloud-syncer = {
     enable = false;
-    wants = ["network-online.target"];
-    wantedBy = ["default.target"];
+    wants = [ "network-online.target" ];
+    wantedBy = [ "default.target" ];
     startAt = "*:00/10";
-    script = let
-      kieran = {
-        user = "kieran";
-        passwordFile = config.age.secrets.nextcloud-password-kieran.path;
-        endpoint = "https://cloud.kmein.de";
-        target = "${config.users.users.me.home}/notes";
-      };
-    in ''
-      mkdir -p ${lib.escapeShellArg kieran.target}
-      ${pkgs.nextcloud-client}/bin/nextcloudcmd --non-interactive --user ${kieran.user} --password "$(cat ${kieran.passwordFile})" --path /Notes ${lib.escapeShellArg kieran.target} ${kieran.endpoint}
-    '';
+    script =
+      let
+        kieran = {
+          user = "kieran";
+          passwordFile = config.age.secrets.nextcloud-password-kieran.path;
+          endpoint = "https://cloud.kmein.de";
+          target = "${config.users.users.me.home}/notes";
+        };
+      in
+      ''
+        mkdir -p ${lib.escapeShellArg kieran.target}
+        ${pkgs.nextcloud-client}/bin/nextcloudcmd --non-interactive --user ${kieran.user} --password "$(cat ${kieran.passwordFile})" --path /Notes ${lib.escapeShellArg kieran.target} ${kieran.endpoint}
+      '';
     serviceConfig = {
       Type = "oneshot";
       Restart = "on-failure";
@@ -79,19 +93,22 @@ in {
       } | ${pkgs.fzf}/bin/fzf)"
       exec ${pkgs.zathura}/bin/zathura "$book"
     '')
-    (let
-      kieran = {
-        user = "kieran.meinhardt@gmail.com";
-        passwordFile = config.age.secrets.mega-password.path;
-      };
-      megatools = command: ''${pkgs.megatools}/bin/megatools ${command} --username ${lib.escapeShellArg kieran.user} --password "$(cat ${kieran.passwordFile})"'';
-    in
+    (
+      let
+        kieran = {
+          user = "kieran.meinhardt@gmail.com";
+          passwordFile = config.age.secrets.mega-password.path;
+        };
+        megatools =
+          command:
+          ''${pkgs.megatools}/bin/megatools ${command} --username ${lib.escapeShellArg kieran.user} --password "$(cat ${kieran.passwordFile})"'';
+      in
       pkgs.writers.writeDashBin "book-mega" ''
         set -efu
         selection="$(${megatools "ls"} | ${pkgs.fzf}/bin/fzf)"
         test -n "$selection" || exit 1
 
-        tmpdir="$(mktemp -d)"
+        tmpdir="$(mktemp -p "$XDG_RUNTIME_DIR" -d)"
         trap clean EXIT
         clean() {
           rm -rf "$tmpdir"
@@ -102,7 +119,8 @@ in {
           ${megatools "get"} "$selection"
           exec ${pkgs.zathura}/bin/zathura "$(basename "$selection")"
         )
-      '')
+      ''
+    )
   ];
 
   age.secrets.mega-password = {
@@ -121,16 +139,25 @@ in {
     cert = config.age.secrets.syncthing-cert.path;
     key = config.age.secrets.syncthing-key.path;
     settings = {
-      inherit ((import ../lib).syncthing) devices;
+      devices = pkgs.lib.niveum.syncthingIds;
       folders = {
         "${config.users.users.me.home}/sync" = {
-          devices = ["kabsa" "manakish" "fatteh"];
+          devices = [
+            "kabsa"
+            "manakish"
+            "fatteh"
+          ];
           label = "sync";
           versioning.type = "trashcan";
           versioning.params.cleanoutDays = 100;
         };
         "${config.users.users.me.home}/mobile" = {
-          devices = ["kabsa" "manakish" "fatteh" "kibbeh"];
+          devices = [
+            "kabsa"
+            "manakish"
+            "fatteh"
+            "kibbeh"
+          ];
           id = "mobile";
           label = "mobile";
           versioning.type = "trashcan";

configs/default.nix

@@ -2,19 +2,13 @@
   pkgs,
   lib,
   config,
-  niveumPackages,
-  inputs,
   ...
 }:
 let
   inherit (lib.strings) makeBinPath;
-  inherit (import ../lib) localAddresses kieran remoteDir;
-  defaultApplications = (import ../lib).defaultApplications { inherit pkgs; };
 in
 {
   imports = [
-    inputs.self.nixosModules.system-dependent
-    inputs.self.nixosModules.power-action
     {
       boot.supportedFilesystems = [ "ntfs" ];
     }
@@ -68,7 +62,7 @@ in
 
       users.users.me = {
         name = "kfm";
-        description = kieran.name;
+        description = pkgs.lib.niveum.kieran.name;
         hashedPasswordFile = config.age.secrets.kfm-password.path;
         isNormalUser = true;
         uid = 1000;
@@ -90,7 +84,7 @@ in
       environment.interactiveShellInit = "export PATH=$PATH";
       environment.shellAliases =
         let
-          swallow = command: "${niveumPackages.swallow}/bin/swallow ${command}";
+          swallow = command: "${pkgs.swallow}/bin/swallow ${command}";
         in
         {
           o = "${pkgs.xdg-utils}/bin/xdg-open";
@@ -140,10 +134,14 @@ in
         agent = {
           enable = true;
           pinentryPackage = pkgs.pinentry-qt;
-          settings = rec {
-            default-cache-ttl = 2 * 60 * 60;
-            max-cache-ttl = 4 * default-cache-ttl;
-          };
+          settings =
+            let
+              defaultCacheTtl = 2 * 60 * 60;
+            in
+            {
+              default-cache-ttl = defaultCacheTtl;
+              max-cache-ttl = 4 * defaultCacheTtl;
+            };
         };
       };
 
@@ -161,7 +159,7 @@ in
     }
     {
       services.getty = {
-        greetingLine = lib.mkForce "";
+        greetingLine = lib.mkForce "As-salamu alaykum wa rahmatullahi wa barakatuh!";
         helpLine = lib.mkForce "";
       };
     }
@@ -169,7 +167,7 @@ in
       networking.hosts = lib.mapAttrs' (name: address: {
         name = address;
         value = [ "${name}.local" ];
-      }) localAddresses;
+      }) pkgs.lib.niveum.localAddresses;
     }
     {
       home-manager.users.me.home.stateVersion = "22.05";
@@ -190,19 +188,17 @@ in
         dconf.enable = true;
         dconf.settings = {
           # Change the default terminal for Nemo
-          "org/cinnamon/desktop/applications/terminal".exec = defaultApplications.terminal;
+          "org/cinnamon/desktop/applications/terminal".exec = lib.getExe pkgs.niveum-terminal;
         };
       };
     }
     ./android.nix
-    ./admin-essentials.nix
     ./stylix.nix
     ./alacritty.nix
     ./backup.nix
     ./bash.nix
     ./bluetooth.nix
     ./aerc.nix
-    ./ccc.nix
     ./khal.nix
     ./browser.nix
     ./clipboard.nix
@@ -218,36 +214,28 @@ in
     ./uni.nix
     ./i3.nix
     ./i3status-rust.nix
-    ./keyboard.nix
-    ./mycelium.nix
+    ./keyboard
     ./kdeconnect.nix
-    { home-manager.users.me.home.file.".XCompose".source = ../lib/keyboards/XCompose; }
     { services.upower.enable = true; }
     ./lb.nix
     ./mpv.nix
     ./mime.nix
     ./neovim.nix
-    ./nix.nix
     ./newsboat.nix
     ./flameshot.nix
     ./packages.nix
     ./virtualization.nix
-    ./picom.nix
     ./stardict.nix
     ./polkit.nix
     ./printing.nix
     ./redshift.nix
-    ./retiolum.nix
     ./rofi.nix
-    ./spacetime.nix
     ./ssh.nix
-    ./sshd.nix
     ./sound.nix
     ./sudo.nix
     ./tmux.nix
     ./unclutter.nix
     ./vscode.nix
-    ./watson.nix
     ./wallpaper.nix
     ./zsh.nix
     {
@@ -255,39 +243,22 @@ in
         # nothing to see here
       '';
     }
-    ./tor.nix
-    ./mastodon-bot.nix
-    {
-      fileSystems."${remoteDir}/fritz" = {
-        device = "//192.168.178.1/FRITZ.NAS/Backup";
-        fsType = "cifs";
-        options = [
-          "username=ftpuser"
-          "password=ftppassword"
-          "noauto"
-          "nounix"
-          "rw"
-          # "noserverino" # ref https://askubuntu.com/a/1265165
-          "uid=${toString config.users.users.me.uid}"
-          "gid=${toString config.users.groups.users.gid}"
-          "x-systemd.automount"
-          "x-systemd.device-timeout=1"
-          "x-systemd.idle-timeout=1min"
-        ];
-      };
-    }
     {
       home-manager.users.me = {
-        xdg.userDirs = rec {
-          enable = true;
-          documents = "${config.users.users.me.home}/cloud/nextcloud/Documents";
-          desktop = "/tmp";
-          download = "${config.users.users.me.home}/sync/Downloads";
-          music = "${config.users.users.me.home}/mobile/audio";
-          pictures = "${config.users.users.me.home}/cloud/nextcloud/Bilder";
-          publicShare = "${config.users.users.me.home}/cloud/nextcloud/tmp";
-          videos = pictures;
-        };
+        xdg.userDirs =
+          let
+            pictures = "${config.users.users.me.home}/cloud/nextcloud/Bilder";
+          in
+          {
+            enable = true;
+            documents = "${config.users.users.me.home}/cloud/nextcloud/Documents";
+            desktop = "/tmp";
+            download = "${config.users.users.me.home}/sync/Downloads";
+            music = "${config.users.users.me.home}/mobile/audio";
+            publicShare = "${config.users.users.me.home}/cloud/nextcloud/tmp";
+            videos = pictures;
+            pictures = pictures;
+          };
       };
     }
   ];

configs/direnv.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: let
+{ pkgs, ... }:
+let
   nixify = pkgs.writers.writeDashBin "nixify" ''
     set -efuC
 
@@ -16,8 +17,12 @@
       ''${EDITOR:-vim} shell.nix
     fi
   '';
-in {
-  environment.systemPackages = [pkgs.direnv nixify];
+in
+{
+  environment.systemPackages = [
+    pkgs.direnv
+    nixify
+  ];
 
   home-manager.users.me.programs.direnv = {
     enable = true;

configs/distrobump.nix

@@ -1,15 +0,0 @@
-{
-  lib,
-  config,
-  pkgs,
-  ...
-}: {
-  imports = [
-    (import <stockholm/makefu/3modules/bump-distrowatch.nix> {
-      inherit lib config;
-      pkgs = pkgs // {writeDash = pkgs.writers.writeDash;};
-    })
-  ];
-
-  makefu.distrobump.enable = false;
-}

configs/docker.nix

@@ -2,7 +2,8 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   virtualisation.docker = {
     enable = true;
     # for ICE wifi, ref https://gist.github.com/sunsided/7840e89ff4e11b64a2d7503fafa0290c
@@ -11,6 +12,9 @@
       "--fixed-cidr=172.39.1.0/25"
     ];
   };
-  users.users.me.extraGroups = ["docker"];
-  environment.systemPackages = [pkgs.docker pkgs.docker-compose];
+  users.users.me.extraGroups = [ "docker" ];
+  environment.systemPackages = [
+    pkgs.docker
+    pkgs.docker-compose
+  ];
 }

configs/dunst.nix

@@ -1,11 +1,12 @@
 {
-  config,
+  lib,
   pkgs,
   ...
-}: let
-  inherit (import ../lib) defaultApplications theme;
+}:
+let
   sgr = code: string: ''\u001b[${code}m${string}\u001b[0m'';
-in {
+in
+{
   environment.systemPackages = [
     (pkgs.writers.writeDashBin "notifications" ''
       ${pkgs.dunst}/bin/dunstctl history \
@@ -18,7 +19,7 @@ in {
 
   home-manager.users.me.services.dunst = {
     enable = true;
-    iconTheme = (theme pkgs).icon;
+    iconTheme = pkgs.lib.niveum.theme.icon;
     settings = {
       global = {
         transparency = 10;
@@ -44,7 +45,7 @@ in {
         sticky_history = true;
         history_length = 20;
         dmenu = "${pkgs.rofi}/bin/rofi -display-run dunst -show run";
-        browser = (defaultApplications pkgs).browser;
+        browser = lib.getExe pkgs.niveum-browser;
         verbosity = "mesg";
         corner_radius = 0;
         mouse_left_click = "do_action";

configs/flameshot.nix

@@ -2,7 +2,8 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   home-manager.users.me = {
     services.flameshot = {
       enable = true;

configs/fonts.nix

@@ -1,21 +1,25 @@
 {
   pkgs,
-  niveumPackages,
   ...
-}: let
-  zip-font = name: arguments: let
-    directory = pkgs.fetchzip arguments;
-  in
-    pkgs.runCommand name {} ''
+}:
+let
+  zip-font =
+    name: arguments:
+    let
+      directory = pkgs.fetchzip arguments;
+    in
+    pkgs.runCommand name { } ''
       mkdir -p $out/share/fonts/{truetype,opentype,woff}
       ${pkgs.findutils}/bin/find ${directory} -name '*.ttf' -exec install '{}' $out/share/fonts/truetype \;
       ${pkgs.findutils}/bin/find ${directory} -name '*.otf' -exec install '{}' $out/share/fonts/opentype \;
       ${pkgs.findutils}/bin/find ${directory} -name '*.woff' -exec install '{}' $out/share/fonts/woff \;
     '';
-  simple-ttf = name: arguments: let
-    file = pkgs.fetchurl arguments;
-  in
-    pkgs.runCommand name {} ''
+  simple-ttf =
+    name: arguments:
+    let
+      file = pkgs.fetchurl arguments;
+    in
+    pkgs.runCommand name { } ''
       mkdir -p $out/share/fonts/truetype
       install ${file} $out/share/fonts/truetype
     '';
@@ -58,7 +62,8 @@
     url = "https://github.com/microsoft/font-tools/raw/1092cb23520967830001a0807eb21d6a44dda522/EgyptianOpenType/font/eot.ttf";
     sha256 = "1n294vhcx90270pnsw1dbk6izd61fjvbnjrh4hcf98ff3s540x0c";
   };
-in {
+in
+{
   fonts = {
     enableDefaultPackages = true;
     fontDir.enable = true;
@@ -93,7 +98,6 @@ in {
       font-awesome
       galatia-sil
       gentium
-      # niveumPackages.gfs-fonts
       gyre-fonts
       ibm-plex
       jetbrains-mono
@@ -114,17 +118,33 @@ in {
       source-sans-pro
       source-serif-pro
       theano
-      niveumPackages.tocharian-font
+      tocharian-font
       vista-fonts
       vollkorn
       zilla-slab
     ]; # google-fonts league-of-moveable-type
-    fontconfig.defaultFonts = rec {
-      monospace = ["Noto Sans Mono"] ++ emoji;
-      serif = ["Noto Serif" "Noto Naskh Arabic" "Noto Serif Devanagari"];
-      sansSerif = ["Noto Sans Display" "Noto Naskh Arabic" "Noto Sans Hebrew" "Noto Sans Devanagari" "Noto Sans CJK JP" "Noto Sans Coptic" "Noto Sans Syriac Western"];
-      emoji = ["Noto Color Emoji"];
-    };
+    fontconfig.defaultFonts =
+      let
+        emoji = [ "Noto Color Emoji" ];
+      in
+      {
+        monospace = [ "Noto Sans Mono" ] ++ emoji;
+        serif = [
+          "Noto Serif"
+          "Noto Naskh Arabic"
+          "Noto Serif Devanagari"
+        ];
+        sansSerif = [
+          "Noto Sans Display"
+          "Noto Naskh Arabic"
+          "Noto Sans Hebrew"
+          "Noto Sans Devanagari"
+          "Noto Sans CJK JP"
+          "Noto Sans Coptic"
+          "Noto Sans Syriac Western"
+        ];
+        inherit emoji;
+      };
     # xelatex fails with woff files
     # ref https://tex.stackexchange.com/questions/392144/xelatex-and-fontspec-crash-trying-to-find-woff-file-for-some-fonts-but-not-other
     fontconfig.localConf = ''

configs/fysi.nix

@@ -1,55 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  inherit (import ../lib/email.nix) defaults;
-  sshIdentity = name: "${config.users.users.me.home}/.ssh/${name}";
-in {
-  age.secrets = {
-    email-password-fysi = {
-      file = ../secrets/email-password-fysi.age;
-      owner = config.users.users.me.name;
-      group = config.users.users.me.group;
-      mode = "400";
-    };
-  };
-
-  home-manager.users.me = {
-    accounts.email.accounts = {
-      fysi =
-        lib.recursiveUpdate defaults
-        rec {
-          address = "kieran@fysi.tech";
-          userName = address;
-          passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-fysi.path}";
-          flavor = "fastmail.com";
-        };
-    };
-
-    programs.ssh.matchBlocks = rec {
-      "nextcloud.fysi.dev" = {
-        hostname = "116.203.82.203";
-        user = "root";
-      };
-      "lingua.miaengiadina.ch" = {
-        hostname = "135.181.85.233";
-        user = "root";
-      };
-      "cms-dev.woc2023.app".identityFile = sshIdentity "fysiweb";
-      "cms-master.woc2023.app".identityFile = sshIdentity "fysiweb";
-      "fysi-dev1" = {
-        hostname = "94.130.229.139";
-        user = "root";
-        identityFile = sshIdentity "fysiweb";
-      };
-      ${fysi-dev1.hostname} = fysi-dev1;
-      "fysi-shared0" = {
-        hostname = "49.12.205.235";
-        user = "root";
-        identityFile = sshIdentity "fysiweb";
-      };
-    };
-  };
-}

configs/fzf.nix

@@ -1,22 +1,27 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.fzf = {
     fuzzyCompletion = true;
     keybindings = true;
   };
 
   home-manager.users.me = {
-    programs.fzf = rec {
-      enable = true;
-      defaultCommand = "${pkgs.fd}/bin/fd --type f --strip-cwd-prefix --follow --no-ignore-vcs --exclude .git";
-      defaultOptions = ["--height=40%"];
-      changeDirWidgetCommand = "${pkgs.fd}/bin/fd --type d";
-      changeDirWidgetOptions = [
-        "--preview='${pkgs.tree}/bin/tree -L 1 {}'"
-        "--bind=space:toggle-preview"
-        "--preview-window=hidden"
-      ];
-      fileWidgetCommand = defaultCommand;
-      fileWidgetOptions = ["--preview='head -$LINES {}'"];
-    };
+    programs.fzf =
+      let
+        defaultCommand = "${pkgs.fd}/bin/fd --type f --strip-cwd-prefix --follow --no-ignore-vcs --exclude .git";
+      in
+      {
+        enable = true;
+        defaultCommand = defaultCommand;
+        defaultOptions = [ "--height=40%" ];
+        changeDirWidgetCommand = "${pkgs.fd}/bin/fd --type d";
+        changeDirWidgetOptions = [
+          "--preview='${pkgs.tree}/bin/tree -L 1 {}'"
+          "--bind=space:toggle-preview"
+          "--preview-window=hidden"
+        ];
+        fileWidgetCommand = defaultCommand;
+        fileWidgetOptions = [ "--preview='head -$LINES {}'" ];
+      };
   };
 }

configs/gaming.nix

@@ -4,6 +4,16 @@
     pkgs.zeroad
     pkgs.mari0
     pkgs.luanti # fka minetest
+    # pkgs.openarena
+    # pkgs.teeworlds
+    pkgs.nethack
+    # pkgs.freeciv
+    # pkgs.lincity-ng
+    # pkgs.superTuxKart
+
+    pkgs.morris
+    pkgs.gnome-chess
+    pkgs.gnuchess
   ];
   networking.firewall = {
     # for 0ad multiplayer

configs/git.nix

@@ -1,10 +1,9 @@
 {
   pkgs,
-  inputs,
+  lib,
   ...
-}: let
-  inherit (import ../lib) kieran ignorePaths;
-in {
+}:
+{
   environment.systemPackages = [
     pkgs.mr
     pkgs.gitFull
@@ -41,9 +40,9 @@ in {
         logs = "log --pretty=oneline";
         graph = "log --graph --abbrev-commit --decorate --date=relative --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(bold yellow)%d%C(reset)' --all";
       };
-      ignores = ignorePaths;
-      settings.user.name = kieran.name;
-      settings.user.email = kieran.email;
+      ignores = pkgs.lib.niveum.ignorePaths;
+      settings.user.name = pkgs.lib.niveum.kieran.name;
+      settings.user.email = pkgs.lib.niveum.kieran.email;
       settings.pull.ff = "only";
       settings.rebase.autoStash = true;
       settings.merge.autoStash = true;

configs/hledger.nix

@@ -1,26 +1,30 @@
 {
   pkgs,
   ...
-}: let
+}:
+let
   ledgerDirectory = "/home/kfm/sync/src/ledger";
   hora = pkgs.callPackage ../packages/hora.nix { timeLedger = "${ledgerDirectory}/time.timeclock"; };
-in {
-  environment.systemPackages = let
-    git = "${pkgs.git}/bin/git -C ${ledgerDirectory}";
-  in [
-    hora
-    pkgs.hledger
-    (pkgs.writers.writeDashBin "hledger-git" ''
-      if [ "$1" = entry ]; then
-        ${pkgs.hledger}/bin/hledger balance -V > "${ledgerDirectory}/balance.txt"
-        ${git} add balance.txt
-        ${git} commit --all --message="$(date -Im)"
-      else
-        ${git} $*
-      fi
-    '')
-    (pkgs.writers.writeDashBin "hledger-edit" ''
-      $EDITOR ${ledgerDirectory}/current.journal
-    '')
-  ];
+in
+{
+  environment.systemPackages =
+    let
+      git = "${pkgs.git}/bin/git -C ${ledgerDirectory}";
+    in
+    [
+      hora
+      pkgs.hledger
+      (pkgs.writers.writeDashBin "hledger-git" ''
+        if [ "$1" = entry ]; then
+          ${pkgs.hledger}/bin/hledger balance -V > "${ledgerDirectory}/balance.txt"
+          ${git} add balance.txt
+          ${git} commit --all --message="$(date -Im)"
+        else
+          ${git} $*
+        fi
+      '')
+      (pkgs.writers.writeDashBin "hledger-edit" ''
+        $EDITOR ${ledgerDirectory}/current.journal
+      '')
+    ];
 }

configs/htop.nix

@@ -22,8 +22,18 @@
         sort_key = "PERCENT_CPU";
         tree_view = false;
         update_process_names = false;
-        right_meters = ["Uptime" "Tasks" "LoadAverage" "Battery"];
-        left_meters = ["LeftCPUs2" "RightCPUs2" "Memory" "Swap"];
+        right_meters = [
+          "Uptime"
+          "Tasks"
+          "LoadAverage"
+          "Battery"
+        ];
+        left_meters = [
+          "LeftCPUs2"
+          "RightCPUs2"
+          "Memory"
+          "Swap"
+        ];
       };
     };
   };

configs/i3.nix

@@ -2,18 +2,12 @@
   config,
   pkgs,
   lib,
-  niveumPackages,
   ...
-}: let
-  dashboard = pkgs.writers.writeDashBin "dashboard" ''
-    ${pkgs.alacritty}/bin/alacritty --option font.size=4 --class dashboard --command ${pkgs.writers.writeDash "dashboard-inner" ''
-      exec ${pkgs.procps}/bin/watch -c -n 10 ${niveumPackages.q}/bin/q
-    ''}
-  '';
-  inherit (import ../lib) defaultApplications;
-  klem = niveumPackages.klem.override {
-    config.dmenu = "${pkgs.dmenu}/bin/dmenu -i -p klem";
-    config.scripts = {
+}:
+let
+  klem = pkgs.klem.override {
+    options.dmenu = "${pkgs.dmenu}/bin/dmenu -i -p klem";
+    options.scripts = {
       "p.r paste" = pkgs.writers.writeDash "p.r" ''
         ${pkgs.curl}/bin/curl -fSs http://p.r --data-binary @- \
           | ${pkgs.coreutils}/bin/tail --lines=1 \
@@ -42,10 +36,10 @@
         ${pkgs.coreutils}/bin/tr '[A-Za-z]' '[N-ZA-Mn-za-m]'
       '';
       "ipa" = pkgs.writers.writeDash "ipa" ''
-        ${niveumPackages.ipa}/bin/ipa
+        ${pkgs.ipa}/bin/ipa
       '';
       "betacode" = pkgs.writers.writeDash "betacode" ''
-        ${niveumPackages.betacode}/bin/betacode
+        ${pkgs.betacode}/bin/betacode
       '';
       "curl" = pkgs.writers.writeDash "curl" ''
         ${pkgs.curl}/bin/curl -fSs "$(${pkgs.coreutils}/bin/cat)"
@@ -56,15 +50,10 @@
       emojai = pkgs.writers.writeDash "emojai" ''
         ${pkgs.curl}/bin/curl https://www.emojai.app/api/generate -X POST -H 'Content-Type: application/json' --data-raw "$(${pkgs.jq}/bin/jq -sR '{emoji:.}')" | ${pkgs.jq}/bin/jq -r .result
       '';
-      "gpt-3.5" = pkgs.writers.writeDash "gpt" ''
-        ${niveumPackages.gpt35}/bin/gpt
-      '';
-      gpt-4 = pkgs.writers.writeDash "gpt" ''
-        ${niveumPackages.gpt4}/bin/gpt
-      '';
     };
   };
-in {
+in
+{
   age.secrets = {
     github-token-i3status-rust = {
       file = ../secrets/github-token-i3status-rust.age;
@@ -86,9 +75,14 @@ in {
     };
   };
 
-  programs.slock.enable = true;
-
-  environment.systemPackages = [dashboard];
+  environment.systemPackages = [
+    pkgs.xsecurelock
+  ];
+  environment.sessionVariables = {
+    XSECURELOCK_NO_COMPOSITE = "1";
+    XSECURELOCK_BACKGROUND_COLOR = "navy";
+    XSECURELOCK_PASSWORD_PROMPT = "time_hex";
+  };
 
   services.displayManager.defaultSession = "none+i3";
   services.xserver = {
@@ -113,184 +107,216 @@ in {
     '';
   };
 
-
-  home-manager.users.me = let
-    modifier = "Mod4";
-    infoWorkspace = "ℹ";
-    messageWorkspace = "✉";
-    modes.resize = {
-      "Escape" = ''mode "default"'';
-      "Return" = ''mode "default"'';
-      "h" = "resize shrink width 10 px or 5 ppt";
-      "j" = "resize grow height 10 px or 5 ppt";
-      "k" = "resize shrink height 10 px or 5 ppt";
-      "l" = "resize grow width 10 px or 5 ppt";
-    };
-    gaps.inner = 4;
-    floating = {
-      titlebar = false;
-      border = 1;
-    };
-    bars = [
-      (config.home-manager.users.me.stylix.targets.i3.exportedBarConfig
-        // rec {
-          workspaceButtons = true;
-          mode = "hide"; # "dock";
+  home-manager.users.me =
+    let
+      modifier = "Mod4";
+      infoWorkspace = "ℹ";
+      messageWorkspace = "✉";
+      modes.resize = {
+        "Escape" = ''mode "default"'';
+        "Return" = ''mode "default"'';
+        "h" = "resize shrink width 10 px or 5 ppt";
+        "j" = "resize grow height 10 px or 5 ppt";
+        "k" = "resize shrink height 10 px or 5 ppt";
+        "l" = "resize grow width 10 px or 5 ppt";
+      };
+      gaps.inner = 4;
+      floating = {
+        titlebar = false;
+        border = 1;
+      };
+      bars =
+        let
           position = "bottom";
-          statusCommand = toString (pkgs.writers.writeDash "i3status-rust" ''
-            export I3RS_GITHUB_TOKEN="$(cat ${config.age.secrets.github-token-i3status-rust.path})"
-            export OPENWEATHERMAP_API_KEY="$(cat ${config.age.secrets.openweathermap-api-key.path})"
-            exec ${config.home-manager.users.me.programs.i3status-rust.package}/bin/i3status-rs ${config.home-manager.users.me.home.homeDirectory}/.config/i3status-rust/config-${position}.toml
-          '');
-          fonts = {
-            names = ["${config.stylix.fonts.sansSerif.name}" "FontAwesome 6 Free"];
-            size = config.stylix.fonts.sizes.desktop * 0.8;
+        in
+        [
+          (lib.recursiveUpdate config.home-manager.users.me.stylix.targets.i3.exportedBarConfig {
+            workspaceButtons = true;
+            mode = "hide"; # "dock";
+            inherit position;
+            statusCommand = toString (
+              pkgs.writers.writeDash "i3status-rust" ''
+                export I3RS_GITHUB_TOKEN="$(cat ${config.age.secrets.github-token-i3status-rust.path})"
+                export OPENWEATHERMAP_API_KEY="$(cat ${config.age.secrets.openweathermap-api-key.path})"
+                exec ${config.home-manager.users.me.programs.i3status-rust.package}/bin/i3status-rs ${config.home-manager.users.me.home.homeDirectory}/.config/i3status-rust/config-${position}.toml
+              ''
+            );
+            fonts = {
+              names = [
+                "${config.stylix.fonts.sansSerif.name}"
+                "FontAwesome 6 Free"
+              ];
+              size = config.stylix.fonts.sizes.desktop * 0.8;
+            };
+          })
+        ];
+      window = {
+        titlebar = false;
+        border = 2;
+        hideEdgeBorders = "smart";
+        commands = [
+          {
+            criteria = {
+              class = "floating";
+            };
+            command = "floating enable";
+          }
+          {
+            criteria = {
+              class = "fzfmenu";
+            };
+            command = "floating enable";
+          }
+          {
+            criteria = {
+              class = ".*";
+            };
+            command = "border pixel 2";
+          }
+          {
+            criteria = {
+              class = "mpv";
+            };
+            command = lib.strings.concatStringsSep ", " [
+              "floating enable"
+              "sticky enable"
+              "fullscreen disable"
+              "resize set 640 480"
+              "move position mouse"
+            ];
+          }
+        ];
+      };
+      colors =
+        let
+          background = config.lib.stylix.colors.withHashtag.base00;
+        in
+        {
+          unfocused = {
+            border = lib.mkForce background;
+            childBorder = lib.mkForce background;
           };
-        })
-    ];
-    window = {
-      titlebar = false;
-      border = 2;
-      hideEdgeBorders = "smart";
-      commands = [
-        {
-          criteria = {class = "floating";};
-          command = "floating enable";
-        }
-        {
-          criteria = {class = "fzfmenu";};
-          command = "floating enable";
-        }
-        {
-          criteria = {class = ".*";};
-          command = "border pixel 2";
-        }
-        {
-          criteria = {class = "mpv";};
-          command = lib.strings.concatStringsSep ", " [
-            "floating enable"
-            "sticky enable"
-            "fullscreen disable"
-            "resize set 640 480"
-            "move position mouse"
-          ];
-        }
-      ];
-    };
-    colors = let
-      background = config.lib.stylix.colors.withHashtag.base00;
-    in {
-      unfocused = {
-        border = lib.mkForce background;
-        childBorder = lib.mkForce background;
-      };
-    };
-    keybindings =
-      lib.listToAttrs (map (x: lib.nameValuePair "${modifier}+Shift+${toString x}" "move container to workspace ${toString x}") (lib.range 1 9))
-      // lib.listToAttrs (map (x: lib.nameValuePair "${modifier}+${toString x}" "workspace ${toString x}") (lib.range 1 9))
-      // {
-        "${modifier}+i" = "workspace ${infoWorkspace}";
-        "${modifier}+m" = "workspace ${messageWorkspace}";
+        };
+      keybindings =
+        lib.listToAttrs (
+          map (
+            x: lib.nameValuePair "${modifier}+Shift+${toString x}" "move container to workspace ${toString x}"
+          ) (lib.range 1 9)
+        )
+        // lib.listToAttrs (
+          map (x: lib.nameValuePair "${modifier}+${toString x}" "workspace ${toString x}") (lib.range 1 9)
+        )
+        // {
+          "${modifier}+i" = "workspace ${infoWorkspace}";
+          "${modifier}+m" = "workspace ${messageWorkspace}";
 
-        "${modifier}+Shift+h" = "move left 25 px";
-        "${modifier}+Shift+j" = "move down 25 px";
-        "${modifier}+Shift+k" = "move up 25 px";
-        "${modifier}+Shift+l" = "move right 25 px";
-        "${modifier}+h" = "focus left";
-        "${modifier}+j" = "focus down";
-        "${modifier}+k" = "focus up";
-        "${modifier}+l" = "focus right";
+          "${modifier}+Shift+h" = "move left 25 px";
+          "${modifier}+Shift+j" = "move down 25 px";
+          "${modifier}+Shift+k" = "move up 25 px";
+          "${modifier}+Shift+l" = "move right 25 px";
+          "${modifier}+h" = "focus left";
+          "${modifier}+j" = "focus down";
+          "${modifier}+k" = "focus up";
+          "${modifier}+l" = "focus right";
 
-        # "${modifier}+Shift+b" = "move container to workspace prev";
-        # "${modifier}+Shift+n" = "move container to workspace next";
-        # "${modifier}+b" = "workspace prev";
-        # "${modifier}+n" = "workspace next";
+          # "${modifier}+Shift+b" = "move container to workspace prev";
+          # "${modifier}+Shift+n" = "move container to workspace next";
+          # "${modifier}+b" = "workspace prev";
+          # "${modifier}+n" = "workspace next";
 
-        "${modifier}+Shift+c" = "reload";
-        "${modifier}+Shift+q" = "kill";
-        "${modifier}+Shift+r" = "restart";
+          "${modifier}+Shift+c" = "reload";
+          "${modifier}+Shift+q" = "kill";
+          "${modifier}+Shift+r" = "restart";
 
-        "${modifier}+z" = "sticky toggle";
-        "${modifier}+Shift+z" = "floating toggle";
+          "${modifier}+z" = "sticky toggle";
+          "${modifier}+Shift+z" = "floating toggle";
 
-        "${modifier}+Shift+s" = "move scratchpad";
-        "${modifier}+s" = ''[class="^(?i)(?!obsidian).*"] scratchpad show'';
-        "${modifier}+o" = ''[class="obsidian"] scratchpad show'';
+          "${modifier}+Shift+s" = "move scratchpad";
+          "${modifier}+s" = ''[class="^(?i)(?!obsidian).*"] scratchpad show'';
+          "${modifier}+o" = ''[class="obsidian"] scratchpad show'';
 
-        "${modifier}+c" = "split h";
-        "${modifier}+e" = "layout toggle split";
-        "${modifier}+f" = "fullscreen toggle";
-        "${modifier}+r" = "mode resize";
-        "${modifier}+v" = "split v";
-        "${modifier}+w" = "layout tabbed";
-        "${modifier}+q" = "exec ${config.services.clipmenu.package}/bin/clipmenu";
+          "${modifier}+c" = "split h";
+          "${modifier}+e" = "layout toggle split";
+          "${modifier}+f" = "fullscreen toggle";
+          "${modifier}+r" = "mode resize";
+          "${modifier}+v" = "split v";
+          "${modifier}+w" = "layout tabbed";
+          "${modifier}+q" = "exec ${config.services.clipmenu.package}/bin/clipmenu";
 
-        "${modifier}+Return" = "exec ${(defaultApplications pkgs).terminal}";
-        "${modifier}+t" = "exec ${(defaultApplications pkgs).fileManager}";
-        "${modifier}+y" = "exec ${(defaultApplications pkgs).browser}";
+          "${modifier}+Return" = "exec ${lib.getExe pkgs.niveum-terminal}";
+          "${modifier}+t" = "exec ${lib.getExe pkgs.niveum-filemanager}";
+          "${modifier}+y" = "exec ${lib.getExe pkgs.niveum-browser}";
 
-        "${modifier}+d" = "exec ${pkgs.writers.writeDash "run" ''exec rofi -modi run,ssh,window -show run''}";
-        "${modifier}+Shift+d" = "exec ${niveumPackages.notemenu}/bin/notemenu";
-        "${modifier}+p" = "exec rofi-pass";
-        "${modifier}+Shift+p" = "exec rofi-pass --insert";
-        "${modifier}+u" = "exec ${niveumPackages.unicodmenu}/bin/unicodmenu";
-        "${modifier}+Shift+u" = "exec ${pkgs.writers.writeDash "last-unicode" ''${pkgs.xdotool}/bin/xdotool type --delay 1000 "$(${pkgs.gawk}/bin/awk 'END{print $1}' ~/.cache/unicodmenu)"''}";
+          "${modifier}+d" =
+            "exec ${pkgs.writers.writeDash "run" ''exec rofi -modi run,ssh,window -show run''}";
+          "${modifier}+Shift+d" = "exec ${pkgs.notemenu}/bin/notemenu";
+          "${modifier}+p" = "exec rofi-pass";
+          "${modifier}+Shift+p" = "exec rofi-pass --insert";
+          "${modifier}+u" = "exec ${pkgs.unicodmenu}/bin/unicodmenu";
+          "${modifier}+Shift+u" =
+            "exec ${pkgs.writers.writeDash "last-unicode" ''${pkgs.xdotool}/bin/xdotool type --delay 1000 "$(${pkgs.gawk}/bin/awk 'END{print $1}' ~/.cache/unicodmenu)"''}";
 
-        "${modifier}+F7" = "exec ${pkgs.writers.writeDash "showkeys-toggle" ''
-          if ${pkgs.procps}/bin/pgrep screenkey; then
-            exec ${pkgs.procps}/bin/pkill screenkey
-          else
-            exec ${pkgs.screenkey}/bin/screenkey
-          fi
-        ''}";
-        "${modifier}+F12" = "exec ${klem}/bin/klem";
-        "XF86AudioLowerVolume" = "exec ${pkgs.pamixer}/bin/pamixer -d 5";
-        "XF86AudioMute" = "exec ${pkgs.pamixer}/bin/pamixer -t";
-        "XF86AudioRaiseVolume" = "exec ${pkgs.pamixer}/bin/pamixer -i 5";
-        "XF86Calculator" = "exec ${pkgs.st}/bin/st -c floating -e ${pkgs.bc}/bin/bc";
-        "XF86AudioPause" = "exec ${pkgs.playerctl}/bin/playerctl play-pause";
-        "XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause";
-        "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next";
-        "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous";
-        "XF86AudioStop" = "exec ${pkgs.playerctl}/bin/playerctl stop";
-        "XF86ScreenSaver" = "exec ${niveumPackages.k-lock}/bin/k-lock";
+          "${modifier}+F7" = "exec ${pkgs.writers.writeDash "showkeys-toggle" ''
+            if ${pkgs.procps}/bin/pgrep screenkey; then
+              exec ${pkgs.procps}/bin/pkill screenkey
+            else
+              exec ${pkgs.screenkey}/bin/screenkey
+            fi
+          ''}";
+          "${modifier}+F12" = "exec ${klem}/bin/klem";
+          "XF86AudioLowerVolume" = "exec ${pkgs.pamixer}/bin/pamixer -d 5";
+          "XF86AudioMute" = "exec ${pkgs.pamixer}/bin/pamixer -t";
+          "XF86AudioRaiseVolume" = "exec ${pkgs.pamixer}/bin/pamixer -i 5";
+          "XF86Calculator" = "exec ${pkgs.st}/bin/st -c floating -e ${pkgs.bc}/bin/bc";
+          "XF86AudioPause" = "exec ${pkgs.playerctl}/bin/playerctl play-pause";
+          "XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause";
+          "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next";
+          "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous";
+          "XF86AudioStop" = "exec ${pkgs.playerctl}/bin/playerctl stop";
 
-        # key names detected with xorg.xev:
-        # XF86WakeUp (fn twice)
-        # XF86Battery (fn f3)
-        # XF86Sleep (fn f4) - actually suspends
-        # XF86WLAN
-        # XF86WebCam (fn f6)
-        # XF86TouchpadToggle (fn f8)
-        # XF86Suspend (fn f12) - actually suspends to disk
-        # Num_Lock (fn Roll) - numlocks
-        # XF86Audio{Prev,Next,Mute,Play,Stop}
-        # XF86Forward
-        # XF86Back
-        # XF86Launch1 (thinkvantage)
-      };
-  in {
-    stylix.targets.i3.enable = true;
+          # key names detected with xorg.xev:
+          # XF86WakeUp (fn twice)
+          # XF86Battery (fn f3)
+          # XF86Sleep (fn f4) - actually suspends
+          # XF86WLAN
+          # XF86WebCam (fn f6)
+          # XF86TouchpadToggle (fn f8)
+          # XF86Suspend (fn f12) - actually suspends to disk
+          # Num_Lock (fn Roll) - numlocks
+          # XF86Audio{Prev,Next,Mute,Play,Stop}
+          # XF86Forward
+          # XF86Back
+          # XF86Launch1 (thinkvantage)
+        };
+    in
+    {
+      stylix.targets.i3.enable = true;
 
-    xsession.windowManager.i3 = {
-      enable = true;
-      extraConfig = ''
-        bindsym --release ${modifier}+Shift+w exec /run/wrappers/bin/slock
+      xsession.windowManager.i3 = {
+        enable = true;
+        extraConfig = ''
+          bindsym --release ${modifier}+Shift+w exec xsecurelock
 
-        exec "${pkgs.obsidian}/bin/obsidian"
-        for_window [class="obsidian"] , move scratchpad
+          exec "${pkgs.obsidian}/bin/obsidian"
+          for_window [class="obsidian"] , move scratchpad
 
-        assign [class="message"] ${messageWorkspace}
-        exec "${pkgs.writers.writeDash "irc" "exec ${pkgs.alacritty}/bin/alacritty --class message -e ssh weechat@makanek -t tmux attach-session -t IM"}"
-        exec "${pkgs.writers.writeDash "email" "exec ${pkgs.alacritty}/bin/alacritty --class message -e aerc"}"
+          assign [class="message"] ${messageWorkspace}
+          exec "${pkgs.writers.writeDash "irc" "exec ${pkgs.alacritty}/bin/alacritty --class message -e ssh weechat@makanek -t tmux attach-session -t IM"}"
+          exec "${pkgs.writers.writeDash "email" "exec ${pkgs.alacritty}/bin/alacritty --class message -e aerc"}"
 
-        assign [class="dashboard"] ${infoWorkspace}
-        exec ${dashboard}/bin/dashboard
-      '';
-      config = {
-          inherit modifier gaps modes bars floating window colors;
+          exec --no-startup-id ${pkgs.xss-lock}/bin/xss-lock -- xsecurelock
+        '';
+        config = {
+          inherit
+            modifier
+            gaps
+            modes
+            bars
+            floating
+            window
+            colors
+            ;
           keybindings = keybindings // {
-            "${modifier}+ß" = "exec ${niveumPackages.menu-calc}/bin/=";
             "${modifier}+F6" = "exec ${pkgs.xorg.xkill}/bin/xkill";
             "${modifier}+F9" = "exec ${pkgs.redshift}/bin/redshift -O 4000 -b 0.85";
             "${modifier}+F10" = "exec ${pkgs.redshift}/bin/redshift -x";
@@ -298,9 +324,9 @@ in {
             "Print" = "exec flameshot gui";
             # "${modifier}+Shift+x" = "exec ${move-to-new-workspace}";
             # "${modifier}+x" = "exec ${new-workspace}";
-            "XF86Display" = "exec ${niveumPackages.dmenu-randr}/bin/dmenu-randr";
+            "XF86Display" = "exec ${pkgs.dmenu-randr}/bin/dmenu-randr";
           };
+        };
       };
     };
-  };
 }

configs/i3status-rust.nix

@@ -2,7 +2,8 @@
   pkgs,
   config,
   ...
-}: {
+}:
+{
   age.secrets = {
     miniflux-api-token = {
       file = ../secrets/miniflux-api-token.age;
@@ -18,22 +19,24 @@
       bars.bottom = {
         icons = "awesome6";
         settings = {
-          theme.overrides = let
-            colours = config.lib.stylix.colors.withHashtag;
-          in {
-            idle_bg = colours.base00;
-            idle_fg = colours.base05;
-            good_bg = colours.base00;
-            good_fg = colours.base0B;
-            warning_bg = colours.base00;
-            warning_fg = colours.base0A;
-            critical_bg = colours.base00;
-            critical_fg = colours.base09;
-            info_bg = colours.base00;
-            info_fg = colours.base04;
-            separator_bg = colours.base00;
-            separator = " ";
-          };
+          theme.overrides =
+            let
+              colours = config.lib.stylix.colors.withHashtag;
+            in
+            {
+              idle_bg = colours.base00;
+              idle_fg = colours.base05;
+              good_bg = colours.base00;
+              good_fg = colours.base0B;
+              warning_bg = colours.base00;
+              warning_fg = colours.base0A;
+              critical_bg = colours.base00;
+              critical_fg = colours.base09;
+              info_bg = colours.base00;
+              info_fg = colours.base04;
+              separator_bg = colours.base00;
+              separator = " ";
+            };
         };
         blocks = [
           {
@@ -70,7 +73,7 @@
             block = "memory";
             format = "$icon $mem_used.eng(prefix:G)";
           }
-          {block = "load";}
+          { block = "load"; }
           {
             block = "time";
             format = "$icon $timestamp.datetime(f:'%Y-%m-%d (%W %a) %H:%M', l:de_DE)";

configs/keyboard/default.nix

@@ -1,4 +1,5 @@
 {
+  config,
   pkgs,
   lib,
   ...
@@ -27,10 +28,10 @@ let
     arabic = {
       code = "ara";
       variant = "buckwalter";
-    }; # ../lib/keyboards/arabic;
-    coptic = ../lib/keyboards/coptic;
-    avestan = ../lib/keyboards/avestan;
-    gothic = ../lib/keyboards/gothic;
+    };
+    coptic = ./coptic;
+    avestan = ./avestan;
+    gothic = ./gothic;
     farsi = {
       code = "ir";
       variant = "qwerty";
@@ -63,40 +64,42 @@ in
 
   # man 7 xkeyboard-config
   services.xserver = {
-    exportConfiguration = true; # link /usr/share/X11 properly
+    exportConfiguration = lib.mkForce true; # link /usr/share/X11 properly
     xkb.layout = defaultLanguage.code;
     # T3: https://upload.wikimedia.org/wikipedia/commons/a/a9/German-Keyboard-Layout-T3-Version1-large.png
     # buckwalter: http://www.qamus.org/transliteration.htm
     xkb.variant = defaultLanguage.variant;
     xkb.options = commaSep xkbOptions;
-    xkb.dir = pkgs.symlinkJoin {
-      name = "x-keyboard-directory";
-      paths = [
-        "${pkgs.xkeyboard_config}/etc/X11/xkb"
-        (pkgs.linkFarm "custom-x-keyboards" (
-          lib.mapAttrsToList (name: value: {
-            name = "symbols/${name}";
-            path = value;
-          }) (lib.filterAttrs (_: value: !(value ? "code")) languages)
-          ++ [
-            {
-              name = "symbols/ir";
-              path = ../lib/keyboards/farsi;
-            }
-          ]
-        ))
-      ];
+    xkb.extraLayouts = {
+      coptic = {
+        languages = [ "cop" ];
+        description = "Coptic is the latest stage of the Egyptian language and was used by Egyptian Christians. The Coptic script is based on the Greek alphabet with some letters borrowed from Demotic Egyptian.";
+        symbolsFile = ./coptic;
+      };
+      avestan = {
+        languages = [ "ave" ];
+        description = "Avestan is an ancient Iranian language known primarily from its use in the sacred texts of Zoroastrianism, the Avesta. It is an Indo-Iranian language that was spoken in ancient Persia.";
+        symbolsFile = ./avestan;
+      };
+      gothic = {
+        languages = [ "got" ];
+        description = "Gothic is an extinct East Germanic language that was spoken by the Goths. It is known primarily from the Codex Argenteus, a 6th-century manuscript containing a translation of the Bible into Gothic.";
+        symbolsFile = ./gothic;
+      };
+      farsi = {
+        languages = [ "fas" ];
+        description = "Farsi, also known as Persian, is an Indo-Iranian language spoken primarily in Iran, Afghanistan (where it is known as Dari), and Tajikistan (where it is called Tajik). It has a rich literary tradition and is written in a modified Arabic script.";
+        symbolsFile = ./farsi;
+      };
     };
   };
 
   environment.etc."x11-locale".source = toString pkgs.xorg.libX11 + "share/X11/locale";
 
   home-manager.users.me = {
-    home.file =
-      lib.mapAttrs' (name: path: lib.nameValuePair ".xkb/symbols/${name}" { source = path; })
-        (lib.filterAttrs (_: value: !(value ? "code")) languages) // {
-          ".xkb/symbols/ir".source = ../lib/keyboards/farsi;
-        };
+    home.file = {
+      ".XCompose".source = ./XCompose;
+    };
   };
 
   console.keyMap = "de";
@@ -118,7 +121,7 @@ in
         swaymsg -s $SWAYSOCK 'input * xkb_options "${lib.concatStringsSep "," xkbOptions}"'
       fi
     ''
-  ) languages;
+  ) (languages // config.services.xserver.xkb.extraLayouts);
 
   # improve held key rate
   services.xserver.displayManager.sessionCommands = "${pkgs.xorg.xset}/bin/xset r rate 300 50";

configs/khal.nix

@@ -3,19 +3,16 @@
   pkgs,
   lib,
   ...
-}: let
+}:
+let
   davHome = "~/.local/share/dav";
   kmeinCloud = {
     davEndpoint = "https://cloud.kmein.de/remote.php/dav";
     username = "kieran";
     passwordFile = config.age.secrets.nextcloud-password-kieran.path;
   };
-  fysiCloud = {
-    davEndpoint = "https://nextcloud.fysi.dev/remote.php/dav";
-    username = "kmein";
-    passwordFile = config.age.secrets.nextcloud-password-fysi.path;
-  };
-in {
+in
+{
   age.secrets = {
     nextcloud-password-kieran = {
       file = ../secrets/nextcloud-password-kieran.age;
@@ -50,8 +47,8 @@ in {
 
   systemd.user.services.vdirsyncer = {
     enable = true;
-    wants = ["network-online.target"];
-    wantedBy = ["default.target"];
+    wants = [ "network-online.target" ];
+    wantedBy = [ "default.target" ];
     startAt = "*:00/10";
     script = ''
       ${pkgs.vdirsyncer}/bin/vdirsyncer sync && ${pkgs.khal}/bin/khal printcalendars # https://lostpackets.de/khal/configure.html#syncing

configs/lb.nix

@@ -2,10 +2,11 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   systemd.services.lb-subscription = {
     enable = true;
-    wants = ["network-online.target"];
+    wants = [ "network-online.target" ];
     startAt = "weekly";
     serviceConfig = {
       user = "kfm";

configs/mastodon-bot.nix

@@ -1,19 +0,0 @@
-{pkgs, ...}: {
-  systemd.services.imaginary-illuminations = {
-    enable = false;
-    wants = ["network-online.target"];
-    serviceConfig = {
-      User = "kfm";
-      Group = "users";
-      WorkingDirectory = "/home/kfm/cloud/Seafile/Documents/Media/imaginary-illuminations";
-      Restart = "on-failure";
-      RestartSec = "15s";
-    };
-    startAt = "7:00";
-    script = ''
-      ${pkgs.deno}/bin/deno run -A post.ts
-    '';
-  };
-
-  systemd.timers.imaginary-illuminations.timerConfig.RandomizedDelaySec = "14h";
-}

configs/monitoring.nix

@@ -2,7 +2,8 @@
   config,
   pkgs,
   ...
-}: {
+}:
+{
   services.nginx.virtualHosts.default = {
     locations."= /stub_status".extraConfig = "stub_status;";
   };
@@ -41,12 +42,12 @@
 
   systemd.services.promtail = {
     description = "Promtail service for Loki";
-    wantedBy = ["multi-user.target"];
+    wantedBy = [ "multi-user.target" ];
 
     serviceConfig = {
       ExecStart = ''
         ${pkgs.grafana-loki}/bin/promtail --config.file ${
-          (pkgs.formats.yaml {}).generate "promtail.yaml" {
+          (pkgs.formats.yaml { }).generate "promtail.yaml" {
             server = {
               http_listen_port = 28183;
               grpc_listen_port = 0;
@@ -55,9 +56,7 @@
             clients = [
               {
                 url = "http://${
-                  if config.networking.hostName == "makanek"
-                  then "127.0.0.1"
-                  else "makanek.r"
+                  if config.networking.hostName == "makanek" then "127.0.0.1" else "makanek.r"
                 }:3100/loki/api/v1/push";
               }
             ];
@@ -71,7 +70,7 @@
                 };
                 relabel_configs = [
                   {
-                    source_labels = ["__journal__systemd_unit"];
+                    source_labels = [ "__journal__systemd_unit" ];
                     target_label = "unit";
                   }
                 ];

configs/mpv.nix

@@ -2,11 +2,12 @@
   pkgs,
   lib,
   config,
-  niveumPackages,
   ...
-}: let
-  swallow = command: "${niveumPackages.swallow}/bin/swallow ${command}";
-in {
+}:
+let
+  swallow = command: "${pkgs.swallow}/bin/swallow ${command}";
+in
+{
   environment.shellAliases.smpv = swallow "mpv";
 
   nixpkgs.overlays = [
@@ -20,7 +21,11 @@ in {
       enable = true;
       config = {
         ytdl-format = "bestvideo[height<=?720][fps<=?30][vcodec!=?vp9]+bestaudio/best";
-        ytdl-raw-options = lib.concatStringsSep "," [''sub-lang="de,en"'' "write-sub=" "write-auto-sub="];
+        ytdl-raw-options = lib.concatStringsSep "," [
+          ''sub-lang="de,en"''
+          "write-sub="
+          "write-auto-sub="
+        ];
         screenshot-template = "%F-%wH%wM%wS-%#04n";
         script-opts = "ytdl_hook-ytdl_path=${pkgs.yt-dlp}/bin/yt-dlp";
         ao = "pulse"; # no pipewire for me :(

configs/mycelium.nix

@@ -1,7 +1,4 @@
-{ lib, ... }:
-let
-  myceliumAddresses = import ../lib/mycelium-network.nix;
-in
+{ lib, pkgs, ... }:
 {
   services.mycelium = {
     enable = true;
@@ -11,5 +8,5 @@ in
   networking.hosts = lib.mapAttrs' (name: address: {
     name = address;
     value = [ "${name}.m" ];
-  }) myceliumAddresses;
+  }) pkgs.lib.niveum.myceliumAddresses;
 }

configs/neovim.nix

@@ -1,10 +1,19 @@
 {
   pkgs,
-  niveumPackages,
+  lib,
   config,
   ...
-}: {
-  environment.variables.EDITOR = pkgs.lib.mkForce "nvim";
+}:
+let
+  vim-kmein = (
+    pkgs.vim-kmein.override {
+      # stylixColors = config.lib.stylix.colors;
+      colorscheme = "base16-gruvbox-dark-medium";
+    }
+  );
+in
+{
+  environment.variables.EDITOR = lib.getExe vim-kmein;
   environment.shellAliases.vi = "nvim";
   environment.shellAliases.vim = "nvim";
   environment.shellAliases.view = "nvim -R";
@@ -35,11 +44,8 @@
   };
 
   environment.systemPackages = [
-    (pkgs.writers.writeDashBin "vim" ''neovim "$@"'')
-    (niveumPackages.vim.override {
-      # stylixColors = config.lib.stylix.colors;
-      colorscheme = "base16-gruvbox-dark-medium";
-    })
+    pkgs.vim-typewriter
+    vim-kmein
 
     # language servers
     pkgs.pyright

configs/networkmanager.nix

@@ -1,7 +1,8 @@
 {
   pkgs,
   ...
-}: {
+}:
+{
   programs.nm-applet.enable = true;
 
   networking.networkmanager = {
@@ -12,10 +13,10 @@
     ];
     wifi.macAddress = "random";
     ethernet.macAddress = "random";
-    unmanaged = ["docker*"];
+    unmanaged = [ "docker*" ];
   };
 
-  users.users.me.extraGroups = ["networkmanager"];
+  users.users.me.extraGroups = [ "networkmanager" ];
 
   environment.systemPackages = [
     pkgs.speedtest-cli

configs/newsboat.nix

@@ -2,7 +2,8 @@
   pkgs,
   config,
   ...
-}: {
+}:
+{
   environment.systemPackages = [
     (pkgs.writers.writeDashBin "miniflux-watch-later" ''
       miniflux_api_token=$(cat ${config.age.secrets.miniflux-api-token.path})

configs/nix.nix

@@ -1,14 +1,13 @@
 {
   pkgs,
-  inputs,
   ...
-}: {
+}:
+{
   nixpkgs = {
     config.allowUnfree = true;
   };
   nix = {
     package = pkgs.nixVersions.stable;
     extraOptions = "experimental-features = nix-command flakes";
-    nixPath = ["nixpkgs=${inputs.nixpkgs}"];
   };
 }

configs/openweathermap.nix

@@ -2,21 +2,23 @@
   pkgs,
   lib,
   ...
-}: let
+}:
+let
   openweathermap-repo = pkgs.fetchFromGitHub {
     owner = "ip1981";
     repo = "openweathermap";
     rev = "9cfef7b14ac5af7109449b54b1cb352b4c76167a";
     sha256 = "0sm43wicvw2fy7nq65s8vch6jjb5bszqr4ilnhibayamj4jcpw53";
   };
-  openweathermap = pkgs.haskellPackages.callCabal2nix "openweathermap" openweathermap-repo {};
+  openweathermap = pkgs.haskellPackages.callCabal2nix "openweathermap" openweathermap-repo { };
   openweathermap-key = lib.strings.fileContents <secrets/openweathermap.key>;
-in {
+in
+{
   nixpkgs.config.packageOverrides = pkgs: {
     weather = pkgs.writers.writeDashBin "weather" ''
       ${openweathermap}/bin/openweathermap --api-key ${openweathermap-key} "$@"
     '';
   };
 
-  environment.systemPackages = [pkgs.weather];
+  environment.systemPackages = [ pkgs.weather ];
 }

configs/packages.nix

@@ -1,25 +1,23 @@
 {
   config,
   pkgs,
-  lib,
-  inputs,
-  niveumPackages,
   ...
-}: let
-  worldradio = pkgs.callPackage ../packages/worldradio.nix {};
+}:
+let
+  worldradio = pkgs.callPackage ../packages/worldradio.nix { };
 
-  externalNetwork = import ../lib/external-network.nix;
-
-  zoteroStyle = {
-    name,
-    sha256,
-  }: {
-    name = "${name}.csl";
-    path = pkgs.fetchurl {
-      url = "https://www.zotero.org/styles/${name}";
-      inherit sha256;
+  zoteroStyle =
+    {
+      name,
+      sha256,
+    }:
+    {
+      name = "${name}.csl";
+      path = pkgs.fetchurl {
+        url = "https://www.zotero.org/styles/${name}";
+        inherit sha256;
+      };
     };
-  };
   cslDirectory = pkgs.linkFarm "citation-styles" [
     (zoteroStyle {
       name = "chicago-author-date-de";
@@ -35,7 +33,8 @@
     })
   ];
 
-  astrolog = pkgs.astrolog.overrideAttrs (old:
+  astrolog = pkgs.astrolog.overrideAttrs (
+    old:
     old
     // {
       installPhase = ''
@@ -54,8 +53,10 @@
           /^:I /s/80/120/ # wider text output
         ' $out/astrolog/astrolog.as
       '';
-    });
-in {
+    }
+  );
+in
+{
   home-manager.users.me.home.file = {
     ".csl".source = cslDirectory;
     ".local/share/pandoc/csl".source = cslDirectory; # as of pandoc 2.11, it includes citeproc
@@ -109,7 +110,7 @@ in {
     calibre
     electrum
     inkscape
-    niveumPackages.gimp
+    gimp
     gthumb
     astrolog
     obsidian
@@ -120,7 +121,7 @@ in {
     zoom-us # video conferencing
     (pkgs.writers.writeDashBin "im" ''
       weechat_password=$(${pkgs.pass}/bin/pass weechat)
-      exec ${weechat}/bin/weechat -t -r '/mouse enable; /remote add makanek http://${externalNetwork.makanek}:8002 -password='"$weechat_password"'; /remote connect makanek'
+      exec ${weechat}/bin/weechat -t -r '/mouse enable; /remote add makanek http://${pkgs.lib.niveum.machines.makanek.externalIp}:8002 -password='"$weechat_password"'; /remote connect makanek'
     '')
     alejandra # nix formatter
     pdfgrep # search in pdf
@@ -130,80 +131,77 @@ in {
     kdePackages.okular # the word is nucular
     xournalpp # for annotating pdfs
     pdfpc # presenter console for pdf slides
-    niveumPackages.hc # print files as qr codes
+    hc # print files as qr codes
     yt-dlp
     espeak
     rink # unit converter
-    niveumPackages.auc
-    niveumPackages.noise-waves
-    niveumPackages.stag
-    niveumPackages.cheat-sh
-    niveumPackages.polyglot
-    niveumPackages.qrpaste
-    niveumPackages.ttspaste
-    niveumPackages.new-mac # get a new mac address
-    niveumPackages.scanned
-    niveumPackages.default-gateway
-    niveumPackages.kirciuoklis
-    niveumPackages.image-convert-favicon
-    niveumPackages.heuretes
-    niveumPackages.ipa # XSAMPA to IPA converter
-    niveumPackages.pls
-    niveumPackages.mpv-tv
-    niveumPackages.mpv-iptv
-    niveumPackages.devanagari
-    niveumPackages.betacode # ancient greek betacode to unicode converter
-    pkgs.jq-lsp
-    niveumPackages.swallow # window swallowing
-    niveumPackages.literature-quote
-    niveumPackages.booksplit
-    niveumPackages.dmenu-randr
-    niveumPackages.manual-sort
-    niveumPackages.wttr
-    niveumPackages.unicodmenu
-    niveumPackages.emailmenu
-    niveumPackages.closest
-    niveumPackages.trans
-    (niveumPackages.mpv-radio.override {
+    auc
+    noise-waves
+    stag
+    cheat-sh
+    polyglot
+    qrpaste
+    ttspaste
+    new-mac # get a new mac address
+    scanned
+    default-gateway
+    kirciuoklis
+    image-convert-favicon
+    heuretes
+    ipa # XSAMPA to IPA converter
+    pls
+    mpv-tv
+    mpv-iptv
+    devanagari
+    betacode # ancient greek betacode to unicode converter
+    jq-lsp
+    swallow # window swallowing
+    literature-quote
+    booksplit
+    dmenu-randr
+    manual-sort
+    wttr
+    unicodmenu
+    emailmenu
+    closest
+    trans
+    (mpv-radio.override {
       di-fm-key-file = config.age.secrets.di-fm-key.path;
     })
-    (niveumPackages.mpv-radio.override {
+    (mpv-radio.override {
       di-fm-key-file = config.age.secrets.di-fm-key.path;
       executableName = "cro-radio";
-      mpvCommand = "${niveumPackages.cro}/bin/cro";
+      mpvCommand = "${cro}/bin/cro";
     })
-    (niveumPackages.mpv-tuner.override {
+    (mpv-tuner.override {
       di-fm-key-file = config.age.secrets.di-fm-key.path;
     })
     # kmein.slide
     termdown
-    niveumPackages.image-convert-tolino
-    niveumPackages.rfc
-    niveumPackages.tag
-    niveumPackages.timer
-    niveumPackages.menu-calc
+    image-convert-tolino
+    rfc
+    tag
+    timer
     nix-prefetch-git
-    niveumPackages.nix-git
+    nix-git
     nixfmt-rfc-style
     par
     qrencode
 
-    # inputs.menstruation-backend.defaultPackage.x86_64-linux
-    inputs.agenix.packages.x86_64-linux.default
-    inputs.recht.defaultPackage.x86_64-linux
+    pkgs.agenix
+    pkgs.alarm
 
     (pkgs.writers.writeDashBin "worldradio" ''
       shuf ${worldradio} | ${pkgs.findutils}/bin/xargs ${pkgs.mpv}/bin/mpv --no-video
     '')
 
     (pkgs.writers.writeDashBin "chats" ''
-      ${pkgs.openssh}/bin/ssh makanek "cd /var/lib/weechat/logs && grep --ignore-case --color=always --recursive $@" | ${pkgs.less}/bin/less --raw-control-chars
+      ${pkgs.openssh}/bin/ssh -p ${toString pkgs.lib.niveum.machines.makanek.sshPort} ${pkgs.lib.niveum.machines.makanek.externalIp} "cd /var/lib/weechat/logs && grep --ignore-case --color=always --recursive $@" | ${pkgs.less}/bin/less --raw-control-chars
     '')
 
-    inputs.scripts.packages.x86_64-linux.alarm
+    niveum-ssh
 
     spotify
-    ncspot
     playerctl
 
     #krebs
@@ -237,9 +235,13 @@ in {
     go
     texlive.combined.scheme-full
     latexrun
-    (aspellWithDicts (dict: [dict.de dict.en dict.en-computers]))
+    (aspellWithDicts (dict: [
+      dict.de
+      dict.en
+      dict.en-computers
+    ]))
     # haskellPackages.pandoc-citeproc
-    niveumPackages.text2pdf
+    text2pdf
     lowdown
     glow # markdown to term
     libreoffice
@@ -247,7 +249,7 @@ in {
     dia
     pandoc
     librsvg # pandoc depends on this to include SVG in documents
-    # niveumPackages.man-pandoc
+    # man-pandoc
     typst
     # proselint
     asciidoctor

configs/picom.nix

@@ -1,25 +0,0 @@
-{
-  services.picom = {
-    enable = true;
-    # activeOpacity = 1;
-    fade = true;
-    fadeDelta = 1;
-    # inactiveOpacity = 0.9;
-    # shadow = true;
-    # menuOpacity = 0.9;
-    # shadowOpacity = 0.3;
-    fadeExclude = [
-      "class_g = 'slock'" # don't want a transparent lock screen!
-      "name *?= 'slock'"
-      "focused = 1"
-    ];
-    opacityRules = [
-      # opacity-rule overrides both inactive and active opacity
-
-      # video in browser tabs
-      # substring /regex match of title bar text
-      "99:name *?= 'Youtube'"
-      "99:WM_CLASS@:s *= 'mpv$'"
-    ];
-  };
-}

configs/polkit.nix

@@ -1,6 +1,8 @@
-{config, ...}: let
+{ config, ... }:
+let
   user = config.users.users.me.name;
-in {
+in
+{
   security.polkit.extraConfig = ''
     polkit.addRule(function(action, subject) {
       if (subject.user == "${user}" && action.id == "org.freedesktop.systemd1.manage-units") {

configs/power-action.nix

@@ -2,9 +2,11 @@
   pkgs,
   config,
   ...
-}: let
+}:
+let
   suspend = pkgs.writers.writeDash "suspend" "${pkgs.systemd}/bin/systemctl suspend";
-in {
+in
+{
   services.power-action = {
     enable = true;
     plans.suspend = {

configs/printing.nix

@@ -1,10 +1,11 @@
-{pkgs, ...}: let
-  inherit (import ../lib) localAddresses;
+{ pkgs, lib, ... }:
+let
   hp-driver = pkgs.hplip;
-in {
+in
+{
   services.printing = {
     enable = true;
-    drivers = [hp-driver];
+    drivers = [ hp-driver ];
   };
 
   environment.systemPackages = [
@@ -18,7 +19,7 @@ in {
     {
       name = "OfficeJet";
       location = "Zimmer";
-      deviceUri = "https://${localAddresses.officejet}";
+      deviceUri = "https://${pkgs.lib.niveum.localAddresses.officejet}";
       model = "drv:///hp/hpcups.drv/hp-officejet_4650_series.ppd";
       ppdOptions = {
         Duplex = "DuplexNoTumble"; # DuplexNoTumble DuplexTumble None
@@ -31,7 +32,6 @@ in {
   ];
 }
 /*
-HP/hp-officejet_4650_series.ppd.gz
-drv:///hp/hpcups.drv/hp-officejet_4650_series.ppd
+  HP/hp-officejet_4650_series.ppd.gz
+  drv:///hp/hpcups.drv/hp-officejet_4650_series.ppd
 */
-

configs/redshift.nix

@@ -1 +1 @@
-{services.redshift.enable = false;}
+{ services.redshift.enable = true; }

configs/retiolum.nix

@@ -2,8 +2,11 @@
   config,
   pkgs,
   ...
-}: {
-  networking.hosts = {"42:0:ca48:f98f:63d7:31ce:922b:245d" = ["go"];};
+}:
+{
+  networking.hosts = {
+    "42:0:ca48:f98f:63d7:31ce:922b:245d" = [ "go" ];
+  };
 
   services.tinc.networks.retiolum = {
     rsaPrivateKeyFile = config.age.secrets.retiolum-rsa.path;

configs/rofi.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   home-manager.users.me.programs.rofi = {
     enable = true;
     pass = {
@@ -13,6 +14,6 @@
         help_color="#FF0000"
       ''; # help_color set by https://github.com/mrossinek/dotfiles/commit/13fc5f24caa78c8f20547bf473266879507f13bf
     };
-    plugins = [pkgs.rofi-calc];
+    plugins = [ pkgs.rofi-calc ];
   };
 }

configs/sound.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   services.pipewire = {
     enable = true;
     alsa = {
@@ -9,7 +10,7 @@
     jack.enable = true;
   };
 
-  systemd.user.services.pipewire-pulse.path = [pkgs.pulseaudio];
+  systemd.user.services.pipewire-pulse.path = [ pkgs.pulseaudio ];
 
   services.avahi = {
     enable = true;

configs/ssh.nix

@@ -1,8 +1,6 @@
-{pkgs, ...}: let
-  inherit (import ../lib) sshPort kieran;
-  externalNetwork = import ../lib/external-network.nix;
-in {
-  users.users.me.openssh.authorizedKeys.keys = kieran.sshKeys;
+{ pkgs, lib, ... }:
+{
+  users.users.me.openssh.authorizedKeys.keys = pkgs.lib.niveum.kieran.sshKeys;
   programs.ssh.startAgent = true;
   services.gnome.gcr-ssh-agent.enable = false;
 
@@ -12,33 +10,8 @@ in {
       eval $(${pkgs.gnome3.gnome-keyring}/bin/gnome-keyring-daemon --daemonize --components=ssh,secrets)
       export SSH_AUTH_SOCK
     '';
-    # services.gpg-agent = rec {
-    #   enable = false;
-    #   enableSshSupport = true;
-    #   defaultCacheTtlSsh = 2 * 60 * 60;
-    #   maxCacheTtlSsh = 4 * defaultCacheTtlSsh;
-    #   sshKeys = [
-    #     "568047C91DE03A23883E340F15A9C24D313E847C"
-    #     "BB3EE102DB8CD45540A78A6B18B511B67061F6B4" # kfm@manakish ed25519
-    #     "3F8986755818B5762A096BE212777EAAC441DD9D" # fysiweb rsa
-    #     "0E4ABD229432486CC432639BB0986B2CDE365105" # agenix ed25519
-    #     "A1E8D32CBFCDBD2DE798E2298D795CCFD785AE06" # kfm@kabsa ed25519
-    #   ];
-    # };
   };
 
-  # environment.extraInit = ''
-  # if [[ -z "$SSH_AUTH_SOCK" ]]; then
-  #   export SSH_AUTH_SOCK="$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)"
-  # fi
-  # '';
-
-  # environment.interactiveShellInit = ''
-  # GPG_TTY="$(tty)"
-  # export GPG_TTY
-  # ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye > /dev/null
-  # '';
-
   home-manager.users.me.programs.ssh = {
     enable = true;
     enableDefaultConfig = false;
@@ -50,43 +23,44 @@ in {
       zaatar = {
         hostname = "zaatar.r";
         user = "root";
-        port = sshPort;
+        port = pkgs.lib.niveum.sshPort;
       };
       makanek = {
-        hostname = externalNetwork.makanek;
+        hostname = pkgs.lib.niveum.externalNetwork.makanek;
         user = "root";
-        port = sshPort;
+        port = pkgs.lib.niveum.sshPort;
       };
       ful = {
-        hostname = externalNetwork.ful;
+        hostname = pkgs.lib.niveum.externalNetwork.ful;
         user = "root";
-        port = sshPort;
+        port = pkgs.lib.niveum.sshPort;
       };
       tahina = {
         hostname = "tahina.r";
         user = "root";
-        port = sshPort;
+        port = pkgs.lib.niveum.sshPort;
       };
       tabula = {
         hostname = "tabula.r";
         user = "root";
-        port = sshPort;
+        port = pkgs.lib.niveum.sshPort;
       };
       manakish = {
         hostname = "manakish.r";
         user = "kfm";
-        port = sshPort;
+        port = pkgs.lib.niveum.sshPort;
       };
       kabsa = {
         hostname = "kabsa.r";
         user = "kfm";
-        port = sshPort;
+        port = pkgs.lib.niveum.sshPort;
       };
       fatteh = {
         hostname = "fatteh.r";
         user = "kfm";
-        port = sshPort;
+        port = pkgs.lib.niveum.sshPort;
       };
+      "*.onion".proxyCommand = "nc -xlocalhost:9050 %h %p";
     };
   };
 }

configs/sshd.nix

@@ -1,23 +1,21 @@
 {
   config,
-  lib,
   pkgs,
   ...
-}: let
-  inherit (import ../lib) sshPort kieran;
-in {
+}:
+{
   users.motd = "Welcome to ${config.networking.hostName}!";
 
   services.openssh = {
     enable = true;
-    ports = [sshPort];
+    ports = [ pkgs.lib.niveum.machines.${config.networking.hostName}.sshPort ];
     settings = {
       PasswordAuthentication = false;
       X11Forwarding = true;
     };
   };
 
-  users.users.root.openssh.authorizedKeys.keys = kieran.sshKeys ++ [
+  users.users.root.openssh.authorizedKeys.keys = pkgs.lib.niveum.kieran.sshKeys ++ [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPoiRIn1dBUtpApcUyGbZKN+m5KBSgKIDQjdnQ8vU0xU kfm@kibbeh" # travel laptop
   ];
 }

configs/stardict.nix

@@ -1,9 +1,9 @@
 {
   pkgs,
   lib,
-  inputs,
   ...
-}: let
+}:
+let
   locker = x: "https://c.krebsco.de/${x}";
   dictionaries = {
     lojban = {
@@ -105,40 +105,42 @@
         sha256 = "0cx086zvb86bmz7i8vnsch4cj4fb0cp165g4hig4982zakj6f2jd";
       };
     };
-    sanskrit = let
-      repo = "https://github.com/indic-dict/stardict-sanskrit/raw/4ebd2d3db5820f7cbe3a649c3d5aa8f83d19b29f";
-    in {
-      BoehtlingkRoth = pkgs.fetchzip {
-        url = "${repo}/sa-head/german-entries/tars/Bohtlingk-and-Roth-Grosses-Petersburger-Worterbuch__2021-10-05_14-23-18Z__19MB.tar.gz";
-        sha256 = "13414a8rgd7hd5ffar6nl68nk3ys60wjkgb7m11hp0ahaasmf6ly";
-        stripRoot = false;
+    sanskrit =
+      let
+        repo = "https://github.com/indic-dict/stardict-sanskrit/raw/4ebd2d3db5820f7cbe3a649c3d5aa8f83d19b29f";
+      in
+      {
+        BoehtlingkRoth = pkgs.fetchzip {
+          url = "${repo}/sa-head/german-entries/tars/Bohtlingk-and-Roth-Grosses-Petersburger-Worterbuch__2021-10-05_14-23-18Z__19MB.tar.gz";
+          sha256 = "13414a8rgd7hd5ffar6nl68nk3ys60wjkgb7m11hp0ahaasmf6ly";
+          stripRoot = false;
+        };
+        BoehtlingkRothKurz = pkgs.fetchzip {
+          url = "${repo}/sa-head/german-entries/tars/Bohtlingk-Sanskrit-Worterbuch-in-kurzerer-Fassung__2021-10-05_14-23-18Z__10MB.tar.gz";
+          sha256 = "15yx31yrk40k9nn6kaysp4pprzj8dpd13dj3wafklc3izm8lr2wq";
+          stripRoot = false;
+        };
+        MonierWilliams = pkgs.fetchzip {
+          url = "https://github.com/indic-dict/stardict-sanskrit/raw/4ebd2d3db5820f7cbe3a649c3d5aa8f83d19b29f/sa-head/en-entries/tars/mw-cologne__2021-10-06_00-16-23Z__16MB.tar.gz";
+          sha256 = "0p99ybxwxmmd94hf035hvm2hhnfy84av7qq79xf28bh2rbx6s9ng";
+          stripRoot = false;
+        };
+        MonierWilliamsEnglish = pkgs.fetchzip {
+          url = "${repo}/en-head/tars/mw-english-sanskrit__2021-10-05_14-23-18Z__3MB.tar.gz";
+          sha256 = "09a61hhii4b1m2fkrlh4rm2xnlgwrllh84iypbc6wyj00w9jkl3x";
+          stripRoot = false;
+        };
+        Borooah = pkgs.fetchzip {
+          url = "${repo}/en-head/tars/borooah__2021-10-05_14-23-18Z__2MB.tar.gz";
+          sha256 = "0qmmfbynqgv125v48383i51ky9yi69zibhh7vwk95gyar2yrprn2";
+          stripRoot = false;
+        };
+        ApteEnglish = pkgs.fetchzip {
+          url = "${repo}/en-head/tars/apte-english-sanskrit-cologne__2021-10-06_00-12-51Z__1MB.tar.gz";
+          sha256 = "064ysm24ydc534ca689y5i2flnra8jkmh8zn0gsb6n8hdsb0d1lq";
+          stripRoot = false;
+        };
       };
-      BoehtlingkRothKurz = pkgs.fetchzip {
-        url = "${repo}/sa-head/german-entries/tars/Bohtlingk-Sanskrit-Worterbuch-in-kurzerer-Fassung__2021-10-05_14-23-18Z__10MB.tar.gz";
-        sha256 = "15yx31yrk40k9nn6kaysp4pprzj8dpd13dj3wafklc3izm8lr2wq";
-        stripRoot = false;
-      };
-      MonierWilliams = pkgs.fetchzip {
-        url = "https://github.com/indic-dict/stardict-sanskrit/raw/4ebd2d3db5820f7cbe3a649c3d5aa8f83d19b29f/sa-head/en-entries/tars/mw-cologne__2021-10-06_00-16-23Z__16MB.tar.gz";
-        sha256 = "0p99ybxwxmmd94hf035hvm2hhnfy84av7qq79xf28bh2rbx6s9ng";
-        stripRoot = false;
-      };
-      MonierWilliamsEnglish = pkgs.fetchzip {
-        url = "${repo}/en-head/tars/mw-english-sanskrit__2021-10-05_14-23-18Z__3MB.tar.gz";
-        sha256 = "09a61hhii4b1m2fkrlh4rm2xnlgwrllh84iypbc6wyj00w9jkl3x";
-        stripRoot = false;
-      };
-      Borooah = pkgs.fetchzip {
-        url = "${repo}/en-head/tars/borooah__2021-10-05_14-23-18Z__2MB.tar.gz";
-        sha256 = "0qmmfbynqgv125v48383i51ky9yi69zibhh7vwk95gyar2yrprn2";
-        stripRoot = false;
-      };
-      ApteEnglish = pkgs.fetchzip {
-        url = "${repo}/en-head/tars/apte-english-sanskrit-cologne__2021-10-06_00-12-51Z__1MB.tar.gz";
-        sha256 = "064ysm24ydc534ca689y5i2flnra8jkmh8zn0gsb6n8hdsb0d1lq";
-        stripRoot = false;
-      };
-    };
     oed = {
       OED1 = pkgs.fetchzip {
         url = locker "stardict-Oxford_English_Dictionary_2nd_Ed._P1-2.4.2.tar.bz2";
@@ -150,7 +152,7 @@
       };
     };
     coptic = {
-      dictionary = inputs.coptic-dictionary.packages.x86_64-linux.coptic-stardict;
+      dictionary = pkgs.coptic-stardict;
       Crum = pkgs.fetchzip {
         url = locker "stardict-Coptic-English_all_dialects-2.4.2.tar.bz2";
         sha256 = "1fi281mb9yzv40wjsdapi8fzpa7x2yscz582lv2qnss9g8zzzzr9";
@@ -178,9 +180,11 @@
     };
   };
 
-  makeStardictDataDir = dicts: pkgs.linkFarm "dictionaries" (lib.mapAttrsToList (name: path: {inherit name path;}) dicts);
+  makeStardictDataDir =
+    dicts: pkgs.linkFarm "dictionaries" (lib.mapAttrsToList (name: path: { inherit name path; }) dicts);
 
-  makeStardict = name: dicts:
+  makeStardict =
+    name: dicts:
     pkgs.writers.writeDashBin name ''
       set -efu
       export SDCV_PAGER=${toString sdcvPager}
@@ -188,7 +192,13 @@
     '';
 
   sdcvPager = pkgs.writers.writeDash "sdcvPager" ''
-    export PATH=${lib.makeBinPath [pkgs.gnused pkgs.ncurses pkgs.less]}
+    export PATH=${
+      lib.makeBinPath [
+        pkgs.gnused
+        pkgs.ncurses
+        pkgs.less
+      ]
+    }
     sed "
       s!<sup>1</sup>!¹!gI
       s!<sup>2</sup>!²!gI
@@ -291,7 +301,8 @@
       s!</\?p[^>]*>!!gI
     " | less -FR
   '';
-in {
+in
+{
   # environment.etc.stardict.source = toString (makeStardictDataDir ({
   #     Crum = pkgs.fetchzip {
   #       url = "http://download.huzheng.org/misc/stardict-Coptic-English_all_dialects-2.4.2.tar.bz2";
@@ -325,64 +336,63 @@ in {
   ];
 }
 /*
-https://github.com/latin-dict/Georges1910/releases/download/v1.0/Georges1910-stardict.zip
-https://github.com/nikita-moor/latin-dictionary/releases/download/2020-02-14/LiddellScott1940-stardict.zip
-http://download.huzheng.org/bigdict/stardict-Cambridge_Dictionary_of_American_Idioms-2.4.2.tar.bz2
-http://download.huzheng.org/bigdict/stardict-Concise_Oxford_Thesaurus_2nd_Ed-2.4.2.tar.bz2
-http://download.huzheng.org/bigdict/stardict-Urban_Dictionary_P1-2.4.2.tar.bz2
-http://download.huzheng.org/bigdict/stardict-Urban_Dictionary_P2-2.4.2.tar.bz2
+  https://github.com/latin-dict/Georges1910/releases/download/v1.0/Georges1910-stardict.zip
+  https://github.com/nikita-moor/latin-dictionary/releases/download/2020-02-14/LiddellScott1940-stardict.zip
+  http://download.huzheng.org/bigdict/stardict-Cambridge_Dictionary_of_American_Idioms-2.4.2.tar.bz2
+  http://download.huzheng.org/bigdict/stardict-Concise_Oxford_Thesaurus_2nd_Ed-2.4.2.tar.bz2
+  http://download.huzheng.org/bigdict/stardict-Urban_Dictionary_P1-2.4.2.tar.bz2
+  http://download.huzheng.org/bigdict/stardict-Urban_Dictionary_P2-2.4.2.tar.bz2
 
-Duden_Rechtschreibung = pkgs.fetchzip {
-  url = "http://download.huzheng.org/babylon/german/stardict-Duden_Rechtschreibung-2.4.2.tar.bz2";
-  sha256 = "0xiprb45s88w62rn8rlbjrsagbiliay9hszsiy20glwabf6zsfji";
-};
-Duden = pkgs.fetchzip {
-  url = "http://download.huzheng.org/de/stardict-duden-2.4.2.tar.bz2";
-  sha256 = "049i4ynfqqxykv1nlkyks94mvn14s22qdax5gg7hx1ks5y4xw64j";
-};
-FreeOnlineDictionaryOfComputing = pkgs.fetchzip {
-  url = "http://download.huzheng.org/dict.org/stardict-dictd_www.dict.org_foldoc-2.4.2.tar.bz2";
-  sha256 = "1lw2i8dzxpx929cpgvv0x366dnh4drr10wzqmrhcd0kvwglqawgm";
-};
-Cappeller = pkgs.fetchzip {
-  url = "${repo}/sa-head/german-entries/tars/capeller-sanskrit-german__2021-10-05_14-23-18Z__1MB.tar.gz";
-  sha256 = "0jwrj2aih2lrcjg0lqm8jrvq9vsas9s8j4c9ggbg2n0jyz03kci3";
-  stripRoot = false;
-};
-Yates = pkgs.fetchzip {
-  url = "https://github.com/indic-dict/stardict-sanskrit/raw/4ebd2d3db5820f7cbe3a649c3d5aa8f83d19b29f/sa-head/en-entries/tars/yates__2021-10-05_14-23-18Z__2MB.tar.gz";
-  sha256 = "1k7gbalysf48pwa06zfykrqhdk466g35xy64b30k4z8bybgdn8z2";
-  stripRoot = false;
-};
-Wilson = pkgs.fetchzip {
-  url = "https://github.com/indic-dict/stardict-sanskrit/raw/4ebd2d3db5820f7cbe3a649c3d5aa8f83d19b29f/sa-head/en-entries/tars/wilson__2021-10-05_14-23-18Z__3MB.tar.gz";
-  sha256 = "0r5z1xif56zlw9r2jp3fvwmcjv4f2fhd9r17j30nah9awx2m1isg";
-  stripRoot = false;
-};
-SpokenSanskrit = pkgs.fetchzip {
-  url = "https://github.com/indic-dict/stardict-sanskrit/raw/4ebd2d3db5820f7cbe3a649c3d5aa8f83d19b29f/sa-head/en-entries/tars/spokensanskrit__2019-01-12_05-13-52Z__12MB.tar.gz";
-  sha256 = "0x8j657mawvdcyd1knzvf33yp15z77d661n3h6g9hcj7wn9s5xyk";
-  stripRoot = false;
-};
-Grassmann = pkgs.fetchzip {
-  url = "${repo}/sa-head/german-entries/tars/grassman-sanskrit-german__2021-10-05_14-23-18Z__2MB.tar.gz";
-  sha256 = "0jalsykaxkl6wzrky72lz8g3jdz26lmjpyibbfaf7a5vvnr55k02";
-  stripRoot = false;
-};
-Benfey = pkgs.fetchzip {
-  url = "https://github.com/indic-dict/stardict-sanskrit/raw/4ebd2d3db5820f7cbe3a649c3d5aa8f83d19b29f/sa-head/en-entries/tars/benfey__2021-10-05_14-23-18Z__2MB.tar.gz";
-  sha256 = "0lj3hgphqgnihn482g9kgjwbvdrcd38vc29v1fi36srn08qdhvcb";
-  stripRoot = false;
-};
-ApteSa = pkgs.fetchzip {
-  url = "${repo}/sa-head/en-entries/tars/apte-sa__2021-12-18_13-20-56Z__6MB.tar.gz";
-  sha256 = "0cq1dd02d1pvmjnibbs2cscifjnk2z0nqccf5yzzilxkzsrarh32";
-  stripRoot = false;
-};
-MacDonell = pkgs.fetchzip {
-  url = "https://github.com/indic-dict/stardict-sanskrit/raw/4ebd2d3db5820f7cbe3a649c3d5aa8f83d19b29f/sa-head/en-entries/tars/macdonell__2021-10-05_14-23-18Z__2MB.tar.gz";
-  sha256 = "1yzmj0393mxvjv4n2lnvd2c722v2bmxxiyq7pscdwni3bxip3h8s";
-  stripRoot = false;
-};
+  Duden_Rechtschreibung = pkgs.fetchzip {
+    url = "http://download.huzheng.org/babylon/german/stardict-Duden_Rechtschreibung-2.4.2.tar.bz2";
+    sha256 = "0xiprb45s88w62rn8rlbjrsagbiliay9hszsiy20glwabf6zsfji";
+  };
+  Duden = pkgs.fetchzip {
+    url = "http://download.huzheng.org/de/stardict-duden-2.4.2.tar.bz2";
+    sha256 = "049i4ynfqqxykv1nlkyks94mvn14s22qdax5gg7hx1ks5y4xw64j";
+  };
+  FreeOnlineDictionaryOfComputing = pkgs.fetchzip {
+    url = "http://download.huzheng.org/dict.org/stardict-dictd_www.dict.org_foldoc-2.4.2.tar.bz2";
+    sha256 = "1lw2i8dzxpx929cpgvv0x366dnh4drr10wzqmrhcd0kvwglqawgm";
+  };
+  Cappeller = pkgs.fetchzip {
+    url = "${repo}/sa-head/german-entries/tars/capeller-sanskrit-german__2021-10-05_14-23-18Z__1MB.tar.gz";
+    sha256 = "0jwrj2aih2lrcjg0lqm8jrvq9vsas9s8j4c9ggbg2n0jyz03kci3";
+    stripRoot = false;
+  };
+  Yates = pkgs.fetchzip {
+    url = "https://github.com/indic-dict/stardict-sanskrit/raw/4ebd2d3db5820f7cbe3a649c3d5aa8f83d19b29f/sa-head/en-entries/tars/yates__2021-10-05_14-23-18Z__2MB.tar.gz";
+    sha256 = "1k7gbalysf48pwa06zfykrqhdk466g35xy64b30k4z8bybgdn8z2";
+    stripRoot = false;
+  };
+  Wilson = pkgs.fetchzip {
+    url = "https://github.com/indic-dict/stardict-sanskrit/raw/4ebd2d3db5820f7cbe3a649c3d5aa8f83d19b29f/sa-head/en-entries/tars/wilson__2021-10-05_14-23-18Z__3MB.tar.gz";
+    sha256 = "0r5z1xif56zlw9r2jp3fvwmcjv4f2fhd9r17j30nah9awx2m1isg";
+    stripRoot = false;
+  };
+  SpokenSanskrit = pkgs.fetchzip {
+    url = "https://github.com/indic-dict/stardict-sanskrit/raw/4ebd2d3db5820f7cbe3a649c3d5aa8f83d19b29f/sa-head/en-entries/tars/spokensanskrit__2019-01-12_05-13-52Z__12MB.tar.gz";
+    sha256 = "0x8j657mawvdcyd1knzvf33yp15z77d661n3h6g9hcj7wn9s5xyk";
+    stripRoot = false;
+  };
+  Grassmann = pkgs.fetchzip {
+    url = "${repo}/sa-head/german-entries/tars/grassman-sanskrit-german__2021-10-05_14-23-18Z__2MB.tar.gz";
+    sha256 = "0jalsykaxkl6wzrky72lz8g3jdz26lmjpyibbfaf7a5vvnr55k02";
+    stripRoot = false;
+  };
+  Benfey = pkgs.fetchzip {
+    url = "https://github.com/indic-dict/stardict-sanskrit/raw/4ebd2d3db5820f7cbe3a649c3d5aa8f83d19b29f/sa-head/en-entries/tars/benfey__2021-10-05_14-23-18Z__2MB.tar.gz";
+    sha256 = "0lj3hgphqgnihn482g9kgjwbvdrcd38vc29v1fi36srn08qdhvcb";
+    stripRoot = false;
+  };
+  ApteSa = pkgs.fetchzip {
+    url = "${repo}/sa-head/en-entries/tars/apte-sa__2021-12-18_13-20-56Z__6MB.tar.gz";
+    sha256 = "0cq1dd02d1pvmjnibbs2cscifjnk2z0nqccf5yzzilxkzsrarh32";
+    stripRoot = false;
+  };
+  MacDonell = pkgs.fetchzip {
+    url = "https://github.com/indic-dict/stardict-sanskrit/raw/4ebd2d3db5820f7cbe3a649c3d5aa8f83d19b29f/sa-head/en-entries/tars/macdonell__2021-10-05_14-23-18Z__2MB.tar.gz";
+    sha256 = "1yzmj0393mxvjv4n2lnvd2c722v2bmxxiyq7pscdwni3bxip3h8s";
+    stripRoot = false;
+  };
 */
-

configs/stylix.nix

@@ -2,19 +2,19 @@
   pkgs,
   config,
   lib,
-  inputs,
   ...
-}: let
-  generatedWallpaper = pkgs.runCommand "wallpaper.png" {} ''
-    ${inputs.wallpaper-generator.packages.x86_64-linux.wp-gen}/bin/wallpaper-generator lines \
+}:
+let
+  generatedWallpaper = pkgs.runCommand "wallpaper.png" { } ''
+    ${pkgs.wp-gen}/bin/wallpaper-generator lines \
       --output $out \
-      ${lib.concatMapStringsSep " "
-      (n: "--base0${lib.toHexString n}=${config.lib.stylix.colors.withHashtag."base0${lib.toHexString n}"}")
-      (lib.range 0 15)}
+      ${lib.concatMapStringsSep " " (
+        n: "--base0${lib.toHexString n}=${config.lib.stylix.colors.withHashtag."base0${lib.toHexString n}"}"
+      ) (lib.range 0 15)}
   '';
-in {
+in
+{
   # https://danth.github.io/stylix/tricks.html
-  # stylix.image = inputs.wallpapers.outPath + "/meteora/rodrigo-soares-250630.jpg";
   stylix.enable = true;
   stylix.image = generatedWallpaper;
 

configs/sudo.nix

@@ -6,5 +6,5 @@
     '';
   };
 
-  users.users.me.extraGroups = ["wheel"];
+  users.users.me.extraGroups = [ "wheel" ];
 }

configs/tlp.nix

@@ -2,13 +2,20 @@
   config,
   pkgs,
   ...
-}: {
+}:
+{
   boot.extraModulePackages = with config.boot.kernelPackages; [
     tp_smapi
     acpi_call
   ];
-  boot.kernelModules = ["tp_smapi" "acpi_call"];
-  environment.systemPackages = [pkgs.tpacpi-bat pkgs.powertop];
+  boot.kernelModules = [
+    "tp_smapi"
+    "acpi_call"
+  ];
+  environment.systemPackages = [
+    pkgs.tpacpi-bat
+    pkgs.powertop
+  ];
 
   services.tlp = {
     enable = true;

configs/tmux.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   environment.systemPackages = [
     pkgs.tmuxp
     pkgs.reptyr # move programs over to a tmux session

configs/tor.nix

@@ -1,5 +1,23 @@
-{pkgs, ...}: {
+{ config, lib, pkgs, ... }:
+let
+  sshPort = pkgs.lib.niveum.machines.${config.networking.hostName}.sshPort;
+in
+{
   services.tor.enable = true;
   services.tor.client.enable = true;
-  environment.systemPackages = [pkgs.tor pkgs.torsocks];
+  environment.systemPackages = [
+    pkgs.tor
+    pkgs.torsocks
+  ];
+
+  services.tor.relay.onionServices = {
+    "ssh" = {
+      version = 3;
+      map = [{
+        port = sshPort;
+        target.port = sshPort;
+        target.addr = "127.0.0.1";
+      }];
+    };
+  };
 }

configs/uni.nix

@@ -3,22 +3,26 @@
   pkgs,
   lib,
   ...
-}: let
+}:
+let
   username = "meinhak99";
-  inherit (import ../lib/email.nix) defaults pronouns;
-  inherit (import ../lib) remoteDir;
-  fu-defaults = rec {
-    imap.host = "mail.zedat.fu-berlin.de";
-    imap.port = 993;
-    imap.tls.enable = true;
-    smtp.host = imap.host;
-    smtp.port = 465;
-    smtp.tls.enable = true;
-    folders.drafts = "Entwürfe";
-    folders.sent = "Gesendet";
-    folders.trash = "Papierkorb";
-  };
-in {
+  fu-defaults =
+    let
+      mailhost = "mail.zedat.fu-berlin.de";
+    in
+    {
+      imap.host = mailhost;
+      imap.port = 993;
+      imap.tls.enable = true;
+      smtp.host = mailhost;
+      smtp.port = 465;
+      smtp.tls.enable = true;
+      folders.drafts = "Entwürfe";
+      folders.sent = "Gesendet";
+      folders.trash = "Papierkorb";
+    };
+in
+{
   home-manager.users.me = {
     programs.ssh = {
       matchBlocks = {
@@ -30,31 +34,33 @@ in {
       };
     };
     accounts.email.accounts = {
-      letos =
-        lib.recursiveUpdate defaults
-        {
-          userName = "slfletos";
-          address = "letos.sprachlit@hu-berlin.de";
-          passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-letos.path}";
-          imap.host = "mailbox.cms.hu-berlin.de";
-          imap.port = 993;
-          smtp.host = "mailhost.cms.hu-berlin.de";
-          smtp.port = 25;
-          smtp.tls.useStartTls = true;
-        };
-      fu =
-        lib.recursiveUpdate defaults
-        (lib.recursiveUpdate fu-defaults
-          rec {
+      letos = lib.recursiveUpdate pkgs.lib.niveum.email.defaults {
+        userName = "slfletos";
+        address = "letos.sprachlit@hu-berlin.de";
+        passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-letos.path}";
+        imap.host = "mailbox.cms.hu-berlin.de";
+        imap.port = 993;
+        smtp.host = "mailhost.cms.hu-berlin.de";
+        smtp.port = 25;
+        smtp.tls.useStartTls = true;
+      };
+      fu = lib.recursiveUpdate pkgs.lib.niveum.email.defaults (
+        lib.recursiveUpdate fu-defaults (
+          let
             userName = "meinhak99";
+          in
+          {
+            userName = userName;
             address = "kieran.meinhardt@fu-berlin.de";
-            aliases = ["${userName}@fu-berlin.de"];
+            aliases = [ "${userName}@fu-berlin.de" ];
             passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-meinhak99.path}";
             himalaya = {
               enable = true;
               settings.backend = "imap";
             };
-          });
+          }
+        )
+      );
     };
   };
 
@@ -84,59 +90,57 @@ in {
   system.fsPackages = [ pkgs.sshfs ];
 
   # https://www.zedat.fu-berlin.de/tip4u_157.pdf
-  fileSystems = let
-    fu-berlin-cifs-options = [
-      "uid=${toString config.users.users.me.uid}"
-      "gid=${toString config.users.groups.users.gid}"
-      "rw"
-      "nounix"
-      "domain=fu-berlin"
-      "noauto"
-      "x-systemd.automount"
-      "x-systemd.device-timeout=1"
-      "x-systemd.idle-timeout=1min"
-    ];
+  fileSystems =
+    let
+      fu-berlin-cifs-options = [
+        "uid=${toString config.users.users.me.uid}"
+        "gid=${toString config.users.groups.users.gid}"
+        "rw"
+        "nounix"
+        "domain=fu-berlin"
+        "noauto"
+        "x-systemd.automount"
+        "x-systemd.device-timeout=1"
+        "x-systemd.idle-timeout=1min"
+      ];
 
-    firstCharacter = lib.strings.substring 0 1;
+      firstCharacter = lib.strings.substring 0 1;
 
-    home-directory-mount = user: {
-      "${remoteDir}/fu/${user}/home" = {
-        device = "${user}@login.zedat.fu-berlin.de:/home/${firstCharacter user}/${user}";
-        fsType = "sshfs";
-        options = [
-          "allow_other"
-          "_netdev"
-          "x-systemd.automount"
-          "reconnect"
-          "ServerAliveInterval=15"
-          "IdentityFile=${config.age.secrets.fu-sftp-key.path}"
-        ];
+      home-directory-mount = user: {
+        "${pkgs.lib.niveum.remoteDir}/fu/${user}/home" = {
+          device = "${user}@login.zedat.fu-berlin.de:/home/${firstCharacter user}/${user}";
+          fsType = "sshfs";
+          options = [
+            "allow_other"
+            "_netdev"
+            "x-systemd.automount"
+            "reconnect"
+            "ServerAliveInterval=15"
+            "IdentityFile=${config.age.secrets.fu-sftp-key.path}"
+          ];
+        };
       };
-    };
-  in home-directory-mount "meinhak99";
+    in
+    home-directory-mount "meinhak99";
 
   environment.systemPackages = [
     (pkgs.writers.writeDashBin "hu-vpn-split" ''
       ${pkgs.openfortivpn}/bin/openfortivpn \
         --password="$(cat "${config.age.secrets.email-password-letos.path}")" \
-        --config=${
-        pkgs.writeText "hu-berlin-split.config" ''
+        --config=${pkgs.writeText "hu-berlin-split.config" ''
           host = forti-ssl.vpn.hu-berlin.de
           port = 443
           username = slfletos@split_tunnel
-        ''
-      }
+        ''}
     '')
     (pkgs.writers.writeDashBin "hu-vpn-full" ''
       ${pkgs.openfortivpn}/bin/openfortivpn \
         --password="$(cat "${config.age.secrets.email-password-letos.path}")" \
-        --config=${
-        pkgs.writeText "hu-berlin-full.config" ''
+        --config=${pkgs.writeText "hu-berlin-full.config" ''
           host = forti-ssl.vpn.hu-berlin.de
           port = 443
           username = slfletos@tunnel_all
-        ''
-      }
+        ''}
     '')
     (pkgs.writers.writeDashBin "fu-vpn" ''
       if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam

configs/vscode.nix

@@ -1 +1,4 @@
-{pkgs, ...}: {environment.systemPackages = [pkgs.vscode];}
+{ pkgs, ... }:
+{
+  environment.systemPackages = [ pkgs.vscode ];
+}

configs/wallpaper.nix

@@ -2,14 +2,16 @@
   pkgs,
   lib,
   ...
-}: let
+}:
+let
   # url = "http://wallpaper.r/realwallpaper-krebs-stars-berlin.png";
   url = "http://wallpaper.r/realwallpaper-krebs.png";
   stateDir = "~/.cache/wallpaper";
-in {
+in
+{
   systemd.user.services.wallpaper = {
-    wantedBy = ["graphical-session.target"];
-    after = ["network.target"];
+    wantedBy = [ "graphical-session.target" ];
+    after = [ "network.target" ];
     script = ''
       set -euf
 

configs/watson.nix

@@ -1,9 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
-  environment.systemPackages = [pkgs.watson];
-
-  environment.variables.WATSON_DIR = "${config.users.users.me.home}/cloud/Seafile/Documents/watson";
-}

configs/zsh.nix

@@ -2,104 +2,97 @@
   config,
   pkgs,
   ...
-}: let
+}:
+let
   promptColours.success = "cyan";
   promptColours.failure = "red";
-in {
-  environment.systemPackages = [pkgs.atuin];
-  environment.variables.ATUIN_CONFIG_DIR = toString (pkgs.writeTextDir "/config.toml" ''
-    auto_sync = true
-    update_check = false
-    sync_address = "http://zaatar.r:8888"
-    sync_frequency = 0
-    style = "compact"
-  '');
+in
+{
+  programs.zsh =
+    let
+      zsh-completions = pkgs.fetchFromGitHub {
+        owner = "zsh-users";
+        repo = "zsh-completions";
+        rev = "cf565254e26bb7ce03f51889e9a29953b955b1fb";
+        sha256 = "1yf4rz99acdsiy0y1v3bm65xvs2m0sl92ysz0rnnrlbd5amn283l";
+      };
+    in
+    {
+      enable = true;
+      enableCompletion = true;
+      autosuggestions.enable = true;
+      syntaxHighlighting.enable = true;
+      syntaxHighlighting.highlighters = [
+        "main"
+        "brackets"
+        "pattern"
+        "line"
+      ];
+      interactiveShellInit = ''
+        setopt INTERACTIVE_COMMENTS CORRECT
+        setopt MULTIOS
+        setopt AUTO_NAME_DIRS
+        setopt AUTOCD CDABLE_VARS
+        setopt HIST_IGNORE_ALL_DUPS
+        setopt VI
+        setopt AUTO_MENU
+        setopt COMPLETE_IN_WORD
+        setopt ALWAYS_TO_END
+        unsetopt NOMATCH
+        unsetopt MENU_COMPLETE
 
-  programs.zsh = let
-    zsh-completions = pkgs.fetchFromGitHub {
-      owner = "zsh-users";
-      repo = "zsh-completions";
-      rev = "cf565254e26bb7ce03f51889e9a29953b955b1fb";
-      sha256 = "1yf4rz99acdsiy0y1v3bm65xvs2m0sl92ysz0rnnrlbd5amn283l";
+        zstyle ':completion:*:*:*:*:*' menu select
+        zstyle ':completion:*' matcher-list 'm:{a-zA-Z-_}={A-Za-z_-}' 'r:|=*' 'l:|=* r:|=*'
+        zstyle ':completion:*' special-dirs true
+        zstyle ':completion:*' list-colors \'\'
+        zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#) ([0-9a-z-]#)*=01;34=0=01'
+        zstyle ':completion:*:*:*:*:processes' command "ps -u $USER -o pid,user,comm -w -w"
+        zstyle ':completion:*:cd:*' tag-order local-directories directory-stack path-directories
+
+        export KEYTIMEOUT=1
+
+        hash -d nixos=/etc/nixos niveum=${config.users.users.me.home}/sync/src/niveum
+
+        autoload -U zmv run-help edit-command-line
+
+        fpath=(${zsh-completions}/src $fpath)
+      '';
+      promptInit = ''
+        autoload -Uz vcs_info
+        zstyle ':vcs_info:*' enable git
+        zstyle ':vcs_info:*' check-for-changes true
+        zstyle ':vcs_info:*' stagedstr '%F{green}+%f'
+        zstyle ':vcs_info:*' unstagedstr '%F{red}~%f'
+        zstyle ':vcs_info:*' use-prompt-escapes true
+        zstyle ':vcs_info:*' formats "%c%u%F{cyan}%b%f"
+        zstyle ':vcs_info:*' actionformats "(%a) %c%u%F{cyan}%b%f"
+
+        precmd () {
+          vcs_info
+          if [ -n "$SSH_CLIENT" ] || [ -n "$SSH_TTY" ] || [ -n "$SSH_CONNECTION" ]; then
+            RPROMPT="$(hostname)"
+          else
+            RPROMPT="$vcs_info_msg_0_"
+          fi
+          if [[ -n $IN_NIX_SHELL ]]; then
+            PROMPT='%B%~%b %(?.%F{${promptColours.success}}.%F{${promptColours.failure}})λ%f '
+          else
+            PROMPT='%B%~%b %(?.%F{${promptColours.success}}.%F{${promptColours.failure}})%#%f '
+          fi
+          print -Pn "\e]2;%n@%M:%~\a" # title bar prompt
+        }
+
+        zle-keymap-select zle-line-init () {
+          case $KEYMAP in
+            vicmd) print -n '\e]12;green\a';;
+            viins|main) print -n '\e]12;gray\a';;
+          esac
+        }
+
+        zle -N zle-line-init
+        zle -N zle-keymap-select
+        zle -N edit-command-line
+        bindkey -M vicmd v edit-command-line
+      '';
     };
-  in {
-    enable = true;
-    enableCompletion = true;
-    autosuggestions.enable = true;
-    syntaxHighlighting.enable = true;
-    syntaxHighlighting.highlighters = ["main" "brackets" "pattern" "line"];
-    interactiveShellInit = ''
-      setopt INTERACTIVE_COMMENTS CORRECT
-      setopt MULTIOS
-      setopt AUTO_NAME_DIRS
-      setopt AUTOCD CDABLE_VARS
-      setopt HIST_IGNORE_ALL_DUPS
-      setopt VI
-      setopt AUTO_MENU
-      setopt COMPLETE_IN_WORD
-      setopt ALWAYS_TO_END
-      unsetopt NOMATCH
-      unsetopt MENU_COMPLETE
-
-      zstyle ':completion:*:*:*:*:*' menu select
-      zstyle ':completion:*' matcher-list 'm:{a-zA-Z-_}={A-Za-z_-}' 'r:|=*' 'l:|=* r:|=*'
-      zstyle ':completion:*' special-dirs true
-      zstyle ':completion:*' list-colors \'\'
-      zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#) ([0-9a-z-]#)*=01;34=0=01'
-      zstyle ':completion:*:*:*:*:processes' command "ps -u $USER -o pid,user,comm -w -w"
-      zstyle ':completion:*:cd:*' tag-order local-directories directory-stack path-directories
-
-      export KEYTIMEOUT=1
-
-      hash -d nixos=/etc/nixos niveum=${config.users.users.me.home}/sync/src/niveum
-
-      autoload -U zmv run-help edit-command-line
-
-      fpath=(${zsh-completions}/src $fpath)
-    '';
-    promptInit = ''
-      autoload -Uz vcs_info
-      zstyle ':vcs_info:*' enable git
-      zstyle ':vcs_info:*' check-for-changes true
-      zstyle ':vcs_info:*' stagedstr '%F{green}+%f'
-      zstyle ':vcs_info:*' unstagedstr '%F{red}~%f'
-      zstyle ':vcs_info:*' use-prompt-escapes true
-      zstyle ':vcs_info:*' formats "%c%u%F{cyan}%b%f"
-      zstyle ':vcs_info:*' actionformats "(%a) %c%u%F{cyan}%b%f"
-
-      # atuin distributed shell history
-      export ATUIN_NOBIND="true" # disable all keybdinings of atuin
-      eval "$(atuin init zsh)"
-      bindkey '^r' _atuin_search_widget # bind ctrl+r to atuin
-      # use zsh only session history
-      fc -p
-
-      precmd () {
-        vcs_info
-        if [ -n "$SSH_CLIENT" ] || [ -n "$SSH_TTY" ] || [ -n "$SSH_CONNECTION" ]; then
-          RPROMPT="$(hostname)"
-        else
-          RPROMPT="$vcs_info_msg_0_"
-        fi
-        if [[ -n $IN_NIX_SHELL ]]; then
-          PROMPT='%B%~%b %(?.%F{${promptColours.success}}.%F{${promptColours.failure}})λ%f '
-        else
-          PROMPT='%B%~%b %(?.%F{${promptColours.success}}.%F{${promptColours.failure}})%#%f '
-        fi
-        print -Pn "\e]2;%n@%M:%~\a" # title bar prompt
-      }
-
-      zle-keymap-select zle-line-init () {
-        case $KEYMAP in
-          vicmd) print -n '\e]12;green\a';;
-          viins|main) print -n '\e]12;gray\a';;
-        esac
-      }
-
-      zle -N zle-line-init
-      zle -N zle-keymap-select
-      zle -N edit-command-line
-      bindkey -M vicmd v edit-command-line
-    '';
-  };
 }

flake.lock

@@ -455,25 +455,23 @@
       }
     },
     "flake-utils_3": {
-      "inputs": {
-        "systems": "systems_3"
-      },
       "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
         "type": "github"
       },
       "original": {
-        "id": "flake-utils",
-        "type": "indirect"
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
       }
     },
     "flake-utils_4": {
       "inputs": {
-        "systems": "systems_5"
+        "systems": "systems_4"
       },
       "locked": {
         "lastModified": 1731533236,
@@ -902,24 +900,6 @@
         "type": "github"
       }
     },
-    "nixinate_2": {
-      "inputs": {
-        "nixpkgs": "nixpkgs_6"
-      },
-      "locked": {
-        "lastModified": 1742737607,
-        "narHash": "sha256-rXR5zT+/ivE5JTi6m5tCvqN4obQPIT0mgmrBHkdjwEs=",
-        "owner": "matthewcroughan",
-        "repo": "nixinate",
-        "rev": "617b9bb5297147e35cbb24c93e2f30129f31bb9d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "matthewcroughan",
-        "repo": "nixinate",
-        "type": "github"
-      }
-    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1693636127,
@@ -1017,22 +997,6 @@
       }
     },
     "nixpkgs_10": {
-      "locked": {
-        "lastModified": 1760878510,
-        "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_11": {
       "locked": {
         "lastModified": 1659446231,
         "narHash": "sha256-hekabNdTdgR/iLsgce5TGWmfIDZ86qjPhxDg/8TlzhE=",
@@ -1048,7 +1012,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_12": {
+    "nixpkgs_11": {
       "locked": {
         "lastModified": 1744536153,
         "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
@@ -1064,6 +1028,22 @@
         "type": "github"
       }
     },
+    "nixpkgs_12": {
+      "locked": {
+        "lastModified": 1761236834,
+        "narHash": "sha256-+pthv6hrL5VLW2UqPdISGuLiUZ6SnAXdd2DdUE+fV2Q=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "d5faa84122bc0a1fd5d378492efce4e289f8eac1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs_13": {
       "locked": {
         "lastModified": 1615532953,
@@ -1139,22 +1119,6 @@
       }
     },
     "nixpkgs_6": {
-      "locked": {
-        "lastModified": 1653060744,
-        "narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "dfd82985c273aac6eced03625f454b334daae2e8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_7": {
       "locked": {
         "lastModified": 1764983851,
         "narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=",
@@ -1170,7 +1134,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_8": {
+    "nixpkgs_7": {
       "locked": {
         "lastModified": 1765186076,
         "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=",
@@ -1186,13 +1150,13 @@
         "type": "github"
       }
     },
-    "nixpkgs_9": {
+    "nixpkgs_8": {
       "locked": {
-        "lastModified": 1744536153,
-        "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
+        "lastModified": 1665296151,
+        "narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11",
+        "rev": "14ccaaedd95a488dd7ae142757884d8e125b3363",
         "type": "github"
       },
       "original": {
@@ -1202,6 +1166,22 @@
         "type": "github"
       }
     },
+    "nixpkgs_9": {
+      "locked": {
+        "lastModified": 1760878510,
+        "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nmd": {
       "flake": false,
       "locked": {
@@ -1268,7 +1248,7 @@
     "nur_2": {
       "inputs": {
         "flake-parts": "flake-parts",
-        "nixpkgs": "nixpkgs_8"
+        "nixpkgs": "nixpkgs_7"
       },
       "locked": {
         "lastModified": 1765367248,
@@ -1393,13 +1373,11 @@
         "agenix": "agenix",
         "autorenkalender": "autorenkalender",
         "coptic-dictionary": "coptic-dictionary",
-        "flake-utils": "flake-utils_3",
         "home-manager": "home-manager_2",
         "menstruation-backend": "menstruation-backend_2",
         "menstruation-telegram": "menstruation-telegram_2",
         "nix-index-database": "nix-index-database",
-        "nixinate": "nixinate_2",
-        "nixpkgs": "nixpkgs_7",
+        "nixpkgs": "nixpkgs_6",
         "nixpkgs-old": "nixpkgs-old_2",
         "nixpkgs-unstable": "nixpkgs-unstable_2",
         "nur": "nur_2",
@@ -1410,6 +1388,7 @@
         "stylix": "stylix_2",
         "telebots": "telebots_2",
         "tinc-graph": "tinc-graph_2",
+        "treefmt-nix": "treefmt-nix_2",
         "voidrice": "voidrice_2",
         "wallpaper-generator": "wallpaper-generator_2",
         "wallpapers": "wallpapers_2"
@@ -1461,14 +1440,15 @@
     },
     "rust-overlay_2": {
       "inputs": {
-        "nixpkgs": "nixpkgs_9"
+        "flake-utils": "flake-utils_3",
+        "nixpkgs": "nixpkgs_8"
       },
       "locked": {
-        "lastModified": 1765593578,
-        "narHash": "sha256-qbl874bCIy9+OLImdfBfZ9ITUDDjjTAB04Dk4PlZFV0=",
+        "lastModified": 1677119371,
+        "narHash": "sha256-L0Da4eKzDZrsy8ysOS1lhgDjAgEqGvYGf/lXaRd5/YQ=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "348b94ed9ddffccdf1a65582a2dcff0a4a3eeeb4",
+        "rev": "c67c79ea25664d66e74ae91a6fa0d6c65d12d3a7",
         "type": "github"
       },
       "original": {
@@ -1479,7 +1459,7 @@
     },
     "rust-overlay_3": {
       "inputs": {
-        "nixpkgs": "nixpkgs_12"
+        "nixpkgs": "nixpkgs_11"
       },
       "locked": {
         "lastModified": 1765593578,
@@ -1535,11 +1515,11 @@
         "rust-overlay": "rust-overlay_2"
       },
       "locked": {
-        "lastModified": 1765657698,
-        "narHash": "sha256-Ic5lcBZQKw9kOU6BUl3w+r1zCj9hveHyaHsOAYB7Yhg=",
+        "lastModified": 1766957585,
+        "narHash": "sha256-nDybJRbEgvFI291/WX6cYiQ1eG2Owz87Lc0ALVcb2nI=",
         "owner": "kmein",
         "repo": "scripts",
-        "rev": "aeea5b4cdaf39169ab469a7c31269c8360b9c403",
+        "rev": "047016aff810844e1f62ce3fc80a97fe0f6754fc",
         "type": "github"
       },
       "original": {
@@ -1552,7 +1532,7 @@
       "inputs": {
         "buildbot-nix": "buildbot-nix",
         "nix-writers": "nix-writers",
-        "nixpkgs": "nixpkgs_10"
+        "nixpkgs": "nixpkgs_9"
       },
       "locked": {
         "lastModified": 1763891069,
@@ -1611,7 +1591,7 @@
           "nixpkgs"
         ],
         "nur": "nur_3",
-        "systems": "systems_4",
+        "systems": "systems_3",
         "tinted-foot": "tinted-foot",
         "tinted-kitty": "tinted-kitty",
         "tinted-schemes": "tinted-schemes",
@@ -1693,21 +1673,6 @@
         "type": "github"
       }
     },
-    "systems_5": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
     "telebots": {
       "inputs": {
         "flake-utils": "flake-utils_2",
@@ -1729,7 +1694,7 @@
     },
     "telebots_2": {
       "inputs": {
-        "nixpkgs": "nixpkgs_11"
+        "nixpkgs": "nixpkgs_10"
       },
       "locked": {
         "lastModified": 1765657917,
@@ -1901,6 +1866,24 @@
         "type": "github"
       }
     },
+    "treefmt-nix_2": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_12"
+      },
+      "locked": {
+        "lastModified": 1766000401,
+        "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    },
     "voidrice": {
       "flake": false,
       "locked": {

flake.nix

@@ -11,7 +11,6 @@
     menstruation-backend.url = "github:kmein/menstruation.rs";
     menstruation-telegram.url = "github:kmein/menstruation-telegram";
     nix-index-database.url = "github:nix-community/nix-index-database";
-    nixinate.url = "github:matthewcroughan/nixinate";
     nixpkgs-old.url = "github:NixOS/nixpkgs/50fc86b75d2744e1ab3837ef74b53f103a9b55a0";
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
@@ -23,6 +22,7 @@
     stylix.url = "github:danth/stylix/release-25.11";
     telebots.url = "github:kmein/telebots";
     tinc-graph.url = "github:kmein/tinc-graph";
+    treefmt-nix.url = "github:numtide/treefmt-nix";
     voidrice.url = "github:Lukesmithxyz/voidrice";
     wallpaper-generator.url = "github:pinpox/wallpaper-generator/v1.1";
     wallpapers.url = "github:kmein/wallpapers";
@@ -44,7 +44,7 @@
   };
 
   outputs =
-    inputs@{
+    {
       self,
       nixpkgs,
       nixpkgs-unstable,
@@ -52,86 +52,112 @@
       home-manager,
       agenix,
       retiolum,
-      nixinate,
-      flake-utils,
+      coptic-dictionary,
+      menstruation-backend,
+      menstruation-telegram,
+      scripts,
+      tinc-graph,
+      recht,
+      treefmt-nix,
+      autorenkalender,
+      wallpaper-generator,
+      telebots,
+      stockholm,
       nix-index-database,
       stylix,
+      voidrice,
       ...
     }:
     let
       lib = nixpkgs.lib;
       eachSupportedSystem = lib.genAttrs lib.systems.flakeExposed;
+      treefmtEval = eachSupportedSystem (
+        system:
+        treefmt-nix.lib.evalModule nixpkgs.legacyPackages.${system} (
+          { pkgs, ... }:
+          {
+            projectRootFile = "flake.nix";
+            programs.nixfmt.enable = true;
+            programs.ormolu.enable = true;
+            programs.black.enable = true;
+            programs.prettier.enable = true;
+            programs.stylua.enable = true;
+          }
+        )
+      );
     in
     {
-      apps = {
-        x86_64-linux =
-          let
-            pkgs = nixpkgs.legacyPackages.x86_64-linux;
-            lib = nixpkgs.lib;
-          in
-          nixinate.nixinate.x86_64-linux self
-          // {
-            mock-secrets = {
-              type = "app";
-              program = toString (
-                pkgs.writers.writeDash "mock-secrets" ''
-                  ${pkgs.findutils}/bin/find secrets -not -path '*/.*' -type f  | ${pkgs.coreutils}/bin/sort > secrets.txt
-                ''
-              );
-            };
-          }
-          # the following error prevents remote building of ful: https://github.com/NixOS/nixpkgs/issues/177873
-          // builtins.listToAttrs (
-            map (
-              hostname:
-              let
-                targets = {
-                  ful = "root@ful";
-                  zaatar = "root@zaatar";
-                  makanek = "root@makanek";
-                  manakish = "root@manakish";
-                  tahina = "root@tahina";
-                  tabula = "root@tabula";
-                  kabsa = "root@kabsa";
-                  fatteh = "root@fatteh";
-                  kibbeh = "root@kibbeh";
+      apps =
+        let
+          localSystem = "x86_64-linux";
+        in
+        {
+          ${localSystem} =
+            let
+              pkgs = import nixpkgs {
+                system = localSystem;
+                overlays = [ self.overlays.default ];
+              };
+              lib = nixpkgs.lib;
+            in
+            lib.mergeAttrsList [
+              {
+                mock-secrets = {
+                  type = "app";
+                  program = toString (
+                    pkgs.writers.writeDash "mock-secrets" ''
+                      ${pkgs.findutils}/bin/find secrets -not -path '*/.*' -type f  | ${pkgs.coreutils}/bin/sort > secrets.txt
+                    ''
+                  );
                 };
-              in
-              lib.attrsets.nameValuePair "deploy-${hostname}" {
-                type = "app";
-                program = toString (
-                  pkgs.writers.writeDash "deploy-${hostname}" ''
-                    exec ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch \
-                      --max-jobs 2 \
-                      --log-format internal-json \
-                      --flake .#${hostname} \
-                      --target-host ${targets.${hostname}} 2>&1 \
-                      | ${pkgs.nix-output-monitor}/bin/nom --json
-                  ''
-                );
               }
-            ) (builtins.attrNames self.nixosConfigurations)
-          )
-          // {
-            deploy-ful = {
-              type = "app";
-              program = toString (
-                pkgs.writers.writeDash "deploy-ful" ''
-                  exec ${pkgs.nix}/bin/nix run .#nixinate.ful \
-                    --log-format internal-json 2>&1 \
-                    | ${pkgs.nix-output-monitor}/bin/nom --json
-                ''
-              );
-            };
-          };
-      };
+              (builtins.listToAttrs (
+                map (
+                  hostname:
+                  let
+                    machines = import lib/machines.nix;
+                    deployScript = pkgs.writers.writeBash "deploy-${hostname}" ''
+                      reachable=$(${pkgs.try-connect.${hostname}}/bin/try-connect)
+
+                      if [ -z "$reachable" ]; then
+                        exit 1
+                      fi
+
+                      target="root@$reachable"
+                      echo "Deploying to ${hostname} via $target"
+
+                      # Set SSH options based on address type
+                      if [[ "$reachable" == *.onion ]]; then
+                        export NIX_SSHOPTS="-p ${
+                          toString machines.${hostname}.sshPort
+                        } -o ProxyCommand='${pkgs.netcat}/bin/nc -x localhost:9050 %h %p' -o ControlPath=none"
+                      else
+                        export NIX_SSHOPTS="-p ${toString machines.${hostname}.sshPort}"
+                      fi
+
+                      ${pkgs.nixos-rebuild-ng}/bin/nixos-rebuild-ng switch \
+                        --max-jobs 2 \
+                        --log-format internal-json \
+                        --flake .#${hostname} \
+                        --target-host "$target" \
+                        ${lib.optionalString (localSystem != machines.${hostname}.system) "--build-host $target"} \
+                        |& ${pkgs.nix-output-monitor}/bin/nom --json
+                    '';
+                  in
+                  lib.attrsets.nameValuePair "deploy-${hostname}" {
+                    type = "app";
+                    program = toString deployScript;
+                  }
+                ) (builtins.attrNames self.nixosConfigurations)
+              ))
+            ];
+        };
 
       # TODO overlay for packages
       # TODO remove flake-utils dependency from my own repos
 
       nixosModules = {
         moodle-dl = import modules/moodle-dl.nix;
-        networkmanager-declarative = import modules/networkmanager-declarative.nix;
         passport = import modules/passport.nix;
         panoptikon = import modules/panoptikon.nix;
         power-action = import modules/power-action.nix;
@@ -141,262 +167,384 @@
       };
 
       lib = {
-        panoptikon = import lib/panoptikon.nix;
       };
 
-      nixosConfigurations = let
-        niveumSpecialArgs = system: {
-          unstablePackages = import nixpkgs-unstable {
-            inherit system;
-            config.allowUnfreePredicate = pkg:
-              builtins.elem (nixpkgs-unstable.lib.getName pkg) [
-                "obsidian"
-                "zoom"
-              ];
-          };
+      overlays.default = final: prev: {
+        niveum-terminal = prev.alacritty;
+        niveum-browser = prev.firefox;
+        niveum-filemanager = prev.pcmanfm;
 
-          niveumPackages = inputs.self.packages.${system};
-          niveumLib = inputs.self.lib;
-          inherit inputs;
+        # wrapped from upstream
+        wrapScript =
+          {
+            packages ? [ ],
+            name,
+            script,
+          }:
+          prev.writers.writeDashBin name ''PATH=$PATH:${
+            nixpkgs.lib.makeBinPath (
+              packages
+              ++ [
+                final.findutils
+                final.coreutils
+                final.gnused
+                final.gnugrep
+              ]
+            )
+          } ${script} "$@"'';
+        tag = final.wrapScript {
+          script = voidrice.outPath + "/.local/bin/tag";
+          name = "tag";
+          packages = [ final.ffmpeg ];
         };
-      in {
-        ful = nixpkgs.lib.nixosSystem rec {
-          system = "aarch64-linux";
-          specialArgs = niveumSpecialArgs system;
-          modules = [
-            systems/ful/configuration.nix
+        booksplit = final.wrapScript {
+          script = voidrice.outPath + "/.local/bin/booksplit";
+          name = "booksplit";
+          packages = [
+            final.ffmpeg
+            final.glibc.bin
+          ];
+        };
+        auc = prev.callPackage packages/auc.nix { };
+        cheat-sh = prev.callPackage packages/cheat-sh.nix { };
+        brassica = prev.callPackage packages/brassica.nix { }; # TODO upstream
+        text2pdf = prev.callPackage packages/text2pdf.nix { }; # TODO upstream
+        wttr = prev.callPackage packages/wttr.nix { }; # TODO upstream
+        jsesh = prev.callPackage packages/jsesh.nix { }; # TODO upstream
+        opustags = prev.callPackage packages/opustags.nix { }; # TODO upstream
+        trans = prev.callPackage packages/trans.nix { }; # TODO upstream
+        go-webring = prev.callPackage packages/go-webring.nix { }; # TODO upstream
+        stag = prev.callPackage packages/stag.nix { }; # TODO upstream
+        mpv = prev.mpv.override {
+          scripts = [
+            final.mpvScripts.visualizer
+            final.mpvScripts.mpris
+          ];
+        };
+        morris = prev.callPackage packages/morris.nix { };
+        cro = prev.callPackage packages/cro.nix { };
+        dmenu = prev.writers.writeDashBin "dmenu" ''exec ${final.rofi}/bin/rofi -dmenu "$@"'';
+        weechatScripts = prev.weechatScripts // {
+          hotlist2extern = prev.callPackage packages/weechatScripts/hotlist2extern.nix { }; # TODO upstream
+        };
+        vimPlugins = prev.vimPlugins // {
+          cheat-sh = prev.callPackage packages/vimPlugins/cheat-sh.nix { };
+          icalendar-vim = prev.callPackage packages/vimPlugins/icalendar-vim.nix { }; # TODO upstream
+          jq-vim = prev.callPackage packages/vimPlugins/jq-vim.nix { }; # TODO upstream
+          typst-vim = prev.callPackage packages/vimPlugins/typst-vim.nix { }; # TODO upstream
+          mdwa-nvim = prev.callPackage packages/vimPlugins/mdwa-nvim.nix { }; # TODO upstream
+          vim-ernest = prev.callPackage packages/vimPlugins/vim-ernest.nix { }; # TODO upstream
+          vim-256noir = prev.callPackage packages/vimPlugins/vim-256noir.nix { }; # TODO upstream
+          vim-colors-paramount = prev.callPackage packages/vimPlugins/vim-colors-paramount.nix { }; # TODO upstream
+          vim-fetch = prev.callPackage packages/vimPlugins/vim-fetch.nix { }; # TODO upstream
+          vim-fsharp = prev.callPackage packages/vimPlugins/vim-fsharp.nix { }; # TODO upstream
+          vim-mail = prev.callPackage packages/vimPlugins/vim-mail.nix { }; # TODO upstream
+          vim-reason-plus = prev.callPackage packages/vimPlugins/vim-reason-plus.nix { }; # TODO upstream
+        };
+
+        # packaged from inputs
+        agenix = agenix.packages.${prev.stdenv.hostPlatform.system}.default;
+        pun-sort-api = scripts.packages.${prev.stdenv.hostPlatform.system}.pun-sort-api;
+        alarm = scripts.packages.${prev.stdenv.hostPlatform.system}.alarm;
+        menstruation-telegram =
+          menstruation-telegram.packages.${prev.stdenv.hostPlatform.system}.menstruation-telegram;
+        menstruation-backend =
+          menstruation-backend.packages.${prev.stdenv.hostPlatform.system}.menstruation-backend;
+        telebots = telebots.packages.${prev.stdenv.hostPlatform.system}.telebots;
+        hesychius = scripts.packages.${prev.stdenv.hostPlatform.system}.hesychius;
+        autorenkalender = autorenkalender.packages.${prev.stdenv.hostPlatform.system}.default;
+        coptic-stardict = coptic-dictionary.packages.${prev.stdenv.hostPlatform.system}.coptic-stardict;
+        onomap = scripts.packages.${prev.stdenv.hostPlatform.system}.onomap;
+        tinc-graph = tinc-graph.packages.${prev.stdenv.hostPlatform.system}.tinc-graph;
+        wp-gen = wallpaper-generator.packages.${prev.stdenv.hostPlatform.system}.wp-gen;
+
+        # krebs
+        brainmelter = prev.callPackage packages/brainmelter.nix { };
+        cyberlocker-tools = prev.callPackage packages/cyberlocker-tools.nix { };
+        hc = prev.callPackage packages/hc.nix { };
+        pls = prev.callPackage packages/pls.nix { };
+        radio-news = prev.callPackage packages/radio-news { };
+        untilport = prev.callPackage packages/untilport.nix { };
+        weechat-declarative = prev.callPackage packages/weechat-declarative.nix { };
+
+        # my packages
+        betacode = prev.callPackage packages/betacode.nix { };
+        closest = prev.callPackage packages/closest { };
+        default-gateway = prev.callPackage packages/default-gateway.nix { };
+        depp = prev.callPackage packages/depp.nix { };
+        devanagari = prev.callPackage packages/devanagari { };
+        radioStreams = prev.callPackage packages/streams { };
+        devour = prev.callPackage packages/devour.nix { };
+        dmenu-randr = prev.callPackage packages/dmenu-randr.nix { };
+        emailmenu = prev.callPackage packages/emailmenu.nix { };
+        fkill = prev.callPackage packages/fkill.nix { };
+        fzfmenu = prev.callPackage packages/fzfmenu.nix { };
+        gfs-fonts = prev.callPackage packages/gfs-fonts.nix { };
+        heuretes = prev.callPackage packages/heuretes.nix { };
+        image-convert-favicon = prev.callPackage packages/image-convert-favicon.nix { };
+        image-convert-tolino = prev.callPackage packages/image-convert-tolino.nix { };
+        ipa = prev.writers.writePython3Bin "ipa" { flakeIgnore = [ "E501" ]; } packages/ipa.py;
+        kirciuoklis = prev.callPackage packages/kirciuoklis.nix { };
+        kpaste = prev.callPackage packages/kpaste.nix { };
+        literature-quote = prev.callPackage packages/literature-quote.nix { };
+        man-pdf = prev.callPackage packages/man-pdf.nix { };
+        mansplain = prev.callPackage packages/mansplain.nix { };
+        manual-sort = prev.callPackage packages/manual-sort.nix { };
+        mpv-iptv = prev.callPackage packages/mpv-iptv.nix { };
+        mpv-radio = prev.callPackage packages/mpv-radio.nix { di-fm-key-file = "/dev/null"; };
+        mpv-tuner = prev.callPackage packages/mpv-tuner.nix { di-fm-key-file = "/dev/null"; };
+        mpv-tv = prev.callPackage packages/mpv-tv.nix { };
+        new-mac = prev.callPackage packages/new-mac.nix { };
+        nix-git = prev.callPackage packages/nix-git.nix { };
+        noise-waves = prev.callPackage packages/noise-waves.nix { };
+        notemenu = prev.callPackage packages/notemenu.nix { };
+        obsidian-vim = prev.callPackage packages/obsidian-vim.nix { };
+        vim-typewriter = prev.callPackage packages/vim-typewriter.nix { };
+        polyglot = prev.callPackage packages/polyglot.nix { };
+        q = prev.callPackage packages/q.nix { };
+        qrpaste = prev.callPackage packages/qrpaste.nix { };
+        random-zeno = prev.callPackage packages/random-zeno.nix { };
+        scanned = prev.callPackage packages/scanned.nix { };
+        stardict-tools = prev.callPackage packages/stardict-tools.nix { };
+        swallow = prev.callPackage packages/swallow.nix { };
+        tocharian-font = prev.callPackage packages/tocharian-font.nix { };
+        ttspaste = prev.callPackage packages/ttspaste.nix { };
+        niveum-ssh = prev.callPackage packages/niveum-ssh.nix { };
+        try-connect = prev.callPackage packages/try-connect.nix {};
+        unicodmenu = prev.callPackage packages/unicodmenu.nix { };
+        vg = prev.callPackage packages/vg.nix { };
+        vim-kmein = prev.callPackage packages/vim-kmein { };
+        vimv = prev.callPackage packages/vimv.nix { };
+        klem = prev.callPackage packages/klem.nix { };
+
+        lib = lib // {
+          niveum = import lib/default.nix {
+            inherit lib;
+            pkgs = final;
+          };
+          panoptikon = import lib/panoptikon.nix {
+            inherit lib;
+            pkgs = final;
+          };
+        };
+      };
+
+      nixosConfigurations =
+        let
+          profiles.default = [
+            { nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; }
+            { nixpkgs.overlays = [ self.overlays.default ]; }
             agenix.nixosModules.default
-            inputs.self.nixosModules.passport
-            inputs.self.nixosModules.panoptikon
-            inputs.self.nixosModules.go-webring
-            inputs.stockholm.nixosModules.reaktor2
             retiolum.nixosModules.retiolum
+            configs/mycelium.nix
+            configs/tor.nix
+            configs/retiolum.nix
+            configs/spacetime.nix
+            configs/nix.nix
+            configs/sshd.nix
+            configs/admin-essentials.nix
+          ];
+          profiles.desktop = [
+            home-manager.nixosModules.home-manager
+            nix-index-database.nixosModules.default
             nur.modules.nixos.default
-            { nixpkgs.overlays = [ inputs.stockholm.overlays.default ]; }
+            stylix.nixosModules.stylix
+            self.nixosModules.system-dependent
+            self.nixosModules.power-action
+          ];
+          profiles.server = [
+            configs/save-space.nix
+            configs/monitoring.nix
+            self.nixosModules.passport
             {
-              _module.args.nixinate = {
-                host = "ful";
-                sshUser = "root";
-                buildOn = "remote";
-                substituteOnTarget = true;
-                hermetic = false;
+              system.autoUpgrade = {
+                enable = true;
+                flake = self.outPath;
+                flags = [
+                  "--print-build-logs"
+                ];
+                dates = "02:00";
+                randomizedDelaySec = "45min";
               };
             }
           ];
+        in
+        {
+          ful = nixpkgs.lib.nixosSystem {
+            system = "aarch64-linux";
+            modules =
+              profiles.default
+              ++ profiles.server
+              ++ [
+                systems/ful/configuration.nix
+                self.nixosModules.panoptikon
+                self.nixosModules.go-webring
+                stockholm.nixosModules.reaktor2
+                nur.modules.nixos.default
+                { nixpkgs.overlays = [ stockholm.overlays.default ]; }
+              ];
+          };
+          zaatar = nixpkgs.lib.nixosSystem {
+            system = "x86_64-linux";
+            modules =
+              profiles.default
+              ++ profiles.server
+              ++ [
+                systems/zaatar/configuration.nix
+              ];
+          };
+          kibbeh = nixpkgs.lib.nixosSystem {
+            system = "x86_64-linux";
+            modules =
+              profiles.default
+              ++ profiles.desktop
+              ++ [
+                systems/kibbeh/configuration.nix
+              ];
+          };
+          makanek = nixpkgs.lib.nixosSystem {
+            system = "x86_64-linux";
+            modules =
+              profiles.default
+              ++ profiles.server
+              ++ [
+                systems/makanek/configuration.nix
+                self.nixosModules.telegram-bot
+                nur.modules.nixos.default
+              ];
+          };
+          tahina = nixpkgs.lib.nixosSystem {
+            system = "x86_64-linux";
+            modules = profiles.default ++ [
+              systems/tahina/configuration.nix
+            ];
+          };
+          tabula = nixpkgs.lib.nixosSystem {
+            system = "x86_64-linux";
+            modules = profiles.default ++ [
+              systems/tabula/configuration.nix
+            ];
+          };
+          manakish = nixpkgs.lib.nixosSystem {
+            system = "x86_64-linux";
+            modules =
+              profiles.default
+              ++ profiles.desktop
+              ++ [
+                systems/manakish/configuration.nix
+              ];
+          };
+          kabsa = nixpkgs.lib.nixosSystem {
+            system = "x86_64-linux";
+            modules =
+              profiles.default
+              ++ profiles.desktop
+              ++ [
+                systems/kabsa/configuration.nix
+              ];
+          };
+          fatteh = nixpkgs.lib.nixosSystem {
+            system = "x86_64-linux";
+            modules =
+              profiles.default
+              ++ profiles.desktop
+              ++ [
+                systems/fatteh/configuration.nix
+              ];
+          };
         };
-        zaatar = nixpkgs.lib.nixosSystem rec {
-          system = "x86_64-linux";
-          specialArgs = niveumSpecialArgs system;
-          modules = [
-            systems/zaatar/configuration.nix
-            agenix.nixosModules.default
-            retiolum.nixosModules.retiolum
-          ];
-        };
-        kibbeh = nixpkgs.lib.nixosSystem rec {
-          system = "x86_64-linux";
-          specialArgs = niveumSpecialArgs system;
-          modules = [
-            systems/kibbeh/configuration.nix
-            agenix.nixosModules.default
-            retiolum.nixosModules.retiolum
-            home-manager.nixosModules.home-manager
-          ];
-        };
-        makanek = nixpkgs.lib.nixosSystem rec {
-          system = "x86_64-linux";
-          # for using inputs in other config files
-          specialArgs = niveumSpecialArgs system;
-          modules = [
-            systems/makanek/configuration.nix
-            inputs.self.nixosModules.telegram-bot
-            inputs.self.nixosModules.passport
-            agenix.nixosModules.default
-            retiolum.nixosModules.retiolum
-            nur.modules.nixos.default
-          ];
-        };
-        tahina = nixpkgs.lib.nixosSystem rec {
-          system = "x86_64-linux";
-          specialArgs = niveumSpecialArgs system;
-          modules = [
-            systems/tahina/configuration.nix
-            agenix.nixosModules.default
-            retiolum.nixosModules.retiolum
-          ];
-        };
-        tabula = nixpkgs.lib.nixosSystem rec {
-          system = "x86_64-linux";
-          specialArgs = niveumSpecialArgs system;
-          modules = [
-            systems/tabula/configuration.nix
-            agenix.nixosModules.default
-            retiolum.nixosModules.retiolum
-          ];
-        };
-        manakish = nixpkgs.lib.nixosSystem rec {
-          system = "x86_64-linux";
-          specialArgs = niveumSpecialArgs system;
-          modules = [
-            systems/manakish/configuration.nix
-            agenix.nixosModules.default
-            retiolum.nixosModules.retiolum
-            home-manager.nixosModules.home-manager
-            nix-index-database.nixosModules.default
-            nur.modules.nixos.default
-            stylix.nixosModules.stylix
-          ];
-        };
-        kabsa = nixpkgs.lib.nixosSystem rec {
-          system = "x86_64-linux";
-          specialArgs = niveumSpecialArgs system;
-          modules = [
-            systems/kabsa/configuration.nix
-            agenix.nixosModules.default
-            retiolum.nixosModules.retiolum
-            home-manager.nixosModules.home-manager
-            nur.modules.nixos.default
-            nix-index-database.nixosModules.default
-            stylix.nixosModules.stylix
-          ];
-        };
-        fatteh = nixpkgs.lib.nixosSystem rec {
-          system = "x86_64-linux";
-          specialArgs = niveumSpecialArgs system;
-          modules = [
-            systems/fatteh/configuration.nix
-            agenix.nixosModules.default
-            retiolum.nixosModules.retiolum
-            home-manager.nixosModules.home-manager
-            nur.modules.nixos.default
-            nix-index-database.nixosModules.default
-            stylix.nixosModules.stylix
-          ];
-        };
-      };
 
-      packages = eachSupportedSystem (system: let
-        pkgs = import nixpkgs {
-          inherit system;
-          config.allowUnfree = true;
-          overlays = [
-            nur.overlays.default
-            (self: super: {
-              mpv = super.mpv.override {scripts = [super.mpvScripts.visualizer super.mpvScripts.mpris];};
-              dmenu = super.writers.writeDashBin "dmenu" ''exec ${pkgs.rofi}/bin/rofi -dmenu "$@"'';
-            })
-          ];
-        };
-        wrapScript = {
-          packages ? [],
-          name,
-          script,
-        }:
-          pkgs.writers.writeDashBin name ''PATH=$PATH:${nixpkgs.lib.makeBinPath (packages ++ [pkgs.findutils pkgs.coreutils pkgs.gnused pkgs.gnugrep])} ${script} "$@"'';
-      in {
-        # linguistics and ancient world
-        auc = pkgs.callPackage packages/auc.nix {};
-        betacode = pkgs.callPackage packages/betacode.nix {};
-        brassica = pkgs.callPackage packages/brassica.nix {}; # TODO upstream
-        devanagari = pkgs.callPackage packages/devanagari {};
-        stardict-tools = pkgs.callPackage packages/stardict-tools.nix {};
-        heuretes = pkgs.callPackage packages/heuretes.nix {};
-        ipa = pkgs.writers.writePython3Bin "ipa" {flakeIgnore = ["E501"];} (builtins.readFile packages/ipa.py);
-        jsesh = pkgs.callPackage packages/jsesh.nix {}; # TODO upstream
-        kirciuoklis = pkgs.callPackage packages/kirciuoklis.nix {};
-        polyglot = pkgs.callPackage packages/polyglot.nix {};
-        tocharian-font = pkgs.callPackage packages/tocharian-font.nix {};
-        gfs-fonts = pkgs.callPackage packages/gfs-fonts.nix {};
-        closest = pkgs.callPackage packages/closest {};
-
-        # lit
-        random-zeno = pkgs.callPackage packages/random-zeno.nix {};
-        literature-quote = pkgs.callPackage packages/literature-quote.nix {};
-
-        # krebs
-        brainmelter = pkgs.callPackage packages/brainmelter.nix {};
-        cyberlocker-tools = pkgs.callPackage packages/cyberlocker-tools.nix {};
-        hc = pkgs.callPackage packages/hc.nix {};
-        kpaste = pkgs.callPackage packages/kpaste.nix {};
-        pls = pkgs.callPackage packages/pls.nix {};
-        untilport = pkgs.callPackage packages/untilport.nix {};
-        radio-news = pkgs.callPackage packages/radio-news.nix {};
-
-        # window manager
-        swallow = pkgs.callPackage packages/swallow.nix {};
-        devour = pkgs.callPackage packages/devour.nix {};
-
-        cheat-sh = pkgs.callPackage packages/cheat-sh.nix {};
-        vimPlugins-cheat-sh-vim = pkgs.callPackage packages/vimPlugins/cheat-sh.nix {}; # TODO upstream
-        cro = pkgs.callPackage packages/cro.nix {};
-        default-gateway = pkgs.callPackage packages/default-gateway.nix {};
-        depp = pkgs.callPackage packages/depp.nix {};
-        dashboard = pkgs.callPackage packages/dashboard {};
-        fkill = pkgs.callPackage packages/fkill.nix {};
-        fzfmenu = pkgs.callPackage packages/fzfmenu.nix {};
-        gpt35 = pkgs.callPackage packages/gpt.nix {model = "gpt-3.5-turbo";};
-        gpt4 = pkgs.callPackage packages/gpt.nix {model = "gpt-4";};
-        image-convert-favicon = pkgs.callPackage packages/image-convert-favicon.nix {};
-        image-convert-tolino = pkgs.callPackage packages/image-convert-tolino.nix {};
-        k-lock = pkgs.callPackage packages/k-lock.nix {};
-        klem = pkgs.callPackage packages/klem.nix {};
-        man-pandoc = pkgs.callPackage packages/man/pandoc.nix {}; # TODO upstream
-        man-pdf = pkgs.callPackage packages/man-pdf.nix {};
-        mansplain = pkgs.callPackage packages/mansplain.nix {};
-        manual-sort = pkgs.callPackage packages/manual-sort.nix {};
-        menu-calc = pkgs.callPackage packages/menu-calc.nix {};
-        noise-waves = pkgs.callPackage packages/noise-waves.nix {};
-        mpv-radio = pkgs.callPackage packages/mpv-radio.nix {di-fm-key-file = "/dev/null";};
-        mpv-tuner = pkgs.callPackage packages/mpv-tuner.nix {di-fm-key-file = "/dev/null";};
-        mpv-tv = pkgs.callPackage packages/mpv-tv.nix {};
-        mpv-iptv = pkgs.callPackage packages/mpv-iptv.nix {};
-        new-mac = pkgs.callPackage packages/new-mac.nix {};
-        nix-git = pkgs.callPackage packages/nix-git.nix {};
-        notemenu = pkgs.callPackage packages/notemenu.nix {niveumPackages = self.packages.${system};};
-        opustags = pkgs.callPackage packages/opustags.nix {}; # TODO upstream
-        q = pkgs.callPackage packages/q.nix {};
-        qrpaste = pkgs.callPackage packages/qrpaste.nix {};
-        go-webring = pkgs.callPackage packages/go-webring.nix {}; # TODO upstream
-        rfc = pkgs.callPackage packages/rfc.nix {};
-        gimp = pkgs.callPackage packages/gimp.nix {};
-        scanned = pkgs.callPackage packages/scanned.nix {};
-        text2pdf = pkgs.callPackage packages/text2pdf.nix {}; # TODO upstream
-        timer = pkgs.callPackage packages/timer.nix {};
-        trans = pkgs.callPackage packages/trans.nix {}; # TODO upstream
-        ttspaste = pkgs.callPackage packages/ttspaste.nix {};
-        unicodmenu = pkgs.callPackage packages/unicodmenu.nix {};
-        emailmenu = pkgs.callPackage packages/emailmenu.nix {};
-        stag = pkgs.callPackage packages/stag.nix {}; # TODO upstream
-        vg = pkgs.callPackage packages/vg.nix {};
-        vim = pkgs.callPackage packages/vim.nix {niveumPackages = self.packages.${system};};
-        obsidian-vim = pkgs.callPackage packages/obsidian-vim.nix {};
-        vimPlugins-icalendar-vim = pkgs.callPackage packages/vimPlugins/icalendar-vim.nix {}; # TODO upstream
-        vimPlugins-jq-vim = pkgs.callPackage packages/vimPlugins/jq-vim.nix {}; # TODO upstream
-        vimPlugins-typst-vim = pkgs.callPackage packages/vimPlugins/typst-vim.nix {}; # TODO upstream
-        vimPlugins-mdwa-nvim = pkgs.callPackage packages/vimPlugins/mdwa-nvim.nix {}; # TODO upstream
-        vimPlugins-vim-ernest = pkgs.callPackage packages/vimPlugins/vim-ernest.nix {}; # TODO upstream
-        vimPlugins-vim-256noir = pkgs.callPackage packages/vimPlugins/vim-256noir.nix {}; # TODO upstream
-        vimPlugins-vim-colors-paramount = pkgs.callPackage packages/vimPlugins/vim-colors-paramount.nix {}; # TODO upstream
-        vimPlugins-vim-fetch = pkgs.callPackage packages/vimPlugins/vim-fetch.nix {}; # TODO upstream
-        vimPlugins-vim-fsharp = pkgs.callPackage packages/vimPlugins/vim-fsharp.nix {}; # TODO upstream
-        vimPlugins-vim-mail = pkgs.callPackage packages/vimPlugins/vim-mail.nix {}; # TODO upstream
-        vimPlugins-vim-reason-plus = pkgs.callPackage packages/vimPlugins/vim-reason-plus.nix {}; # TODO upstream
-        vimv = pkgs.callPackage packages/vimv.nix {};
-        weechat-declarative = pkgs.callPackage packages/weechat-declarative.nix {}; # TODO upstream
-        weechatScripts-hotlist2extern = pkgs.callPackage packages/weechatScripts/hotlist2extern.nix {}; # TODO upstream
-        dmenu-randr = pkgs.callPackage packages/dmenu-randr.nix {};
-        wttr = pkgs.callPackage packages/wttr.nix {}; # TODO upstream
-
-        booksplit = wrapScript {
-          script = inputs.voidrice.outPath + "/.local/bin/booksplit";
-          name = "booksplit";
-          packages = [pkgs.ffmpeg pkgs.glibc.bin];
-        };
-        tag = wrapScript {
-          script = inputs.voidrice.outPath + "/.local/bin/tag";
-          name = "tag";
-          packages = [pkgs.ffmpeg];
-        };
+      formatter = eachSupportedSystem (system: treefmtEval.${system}.config.build.wrapper);
+      checks = eachSupportedSystem (system: {
+        formatting = treefmtEval.${system}.config.build.check self;
       });
+
+      packages = eachSupportedSystem (
+        system:
+        let
+          pkgs = import nixpkgs {
+            inherit system;
+            config.allowUnfree = true;
+            overlays = [
+              nur.overlays.default
+              self.overlays.default
+            ];
+          };
+        in
+        {
+          inherit (pkgs)
+            auc
+            betacode
+            booksplit
+            brainmelter
+            brassica
+            cheat-sh
+            closest
+            cro
+            cyberlocker-tools
+            default-gateway
+            depp
+            devanagari
+            devour
+            dmenu-randr
+            emailmenu
+            fkill
+            fzfmenu
+            gfs-fonts
+            gimp
+            go-webring
+            hc
+            heuretes
+            image-convert-favicon
+            image-convert-tolino
+            ipa
+            jsesh
+            kirciuoklis
+            klem
+            kpaste
+            literature-quote
+            man-pdf
+            mansplain
+            manual-sort
+            morris
+            mpv-iptv
+            mpv-radio
+            mpv-tuner
+            mpv-tv
+            new-mac
+            niveum-ssh
+            nix-git
+            noise-waves
+            notemenu
+            obsidian-vim
+            opustags
+            pls
+            polyglot
+            q
+            qrpaste
+            radio-news
+            random-zeno
+            rfc
+            scanned
+            stag
+            stardict-tools
+            swallow
+            text2pdf
+            timer
+            tocharian-font
+            trans
+            try-connect
+            ttspaste
+            unicodmenu
+            untilport
+            vg
+            vim-kmein
+            vim-typewriter
+            vimv
+            weechat-declarative
+            wttr
+            ;
+        }
+      );
     };
 }

lib/default-applications.nix

@@ -1,5 +0,0 @@
-pkgs: rec {
-  terminal = "alacritty";
-  browser = "${pkgs.firefox}/bin/firefox";
-  fileManager = "${pkgs.pcmanfm}/bin/pcmanfm";
-}

lib/default.nix

@@ -1,28 +1,40 @@
+{ lib, pkgs }:
+let
+  machines = import ./machines.nix;
+in
 {
-  tmpfilesConfig = {
-    type,
-    path,
-    mode ? "-",
-    user ? "-",
-    group ? "-",
-    age ? "-",
-    argument ? "-",
-  }: "${type} '${path}' ${mode} ${user} ${group} ${age} ${argument}";
+  tmpfilesConfig =
+    {
+      type,
+      path,
+      mode ? "-",
+      user ? "-",
+      group ? "-",
+      age ? "-",
+      argument ? "-",
+    }:
+    "${type} '${path}' ${mode} ${user} ${group} ${age} ${argument}";
 
-  restic = rec {
-    port = 3571;
-    host = "zaatar.r";
-    repository = "rest:http://${host}:${toString port}/";
-  };
+  restic =
+    let
+      host = "zaatar.r";
+      port = 3571;
+    in
+    {
+      inherit host port;
+      repository = "rest:http://${host}:${toString port}/";
+    };
 
   remoteDir = "/home/kfm/remote";
 
-  firewall = lib: {
-    accept = {
-      source,
-      protocol,
-      dport,
-    }: "nixos-fw -s ${lib.escapeShellArg source} -p ${lib.escapeShellArg protocol} --dport ${lib.escapeShellArg (toString dport)} -j nixos-fw-accept";
+  firewall = {
+    accept =
+      {
+        source,
+        protocol,
+        dport,
+      }:
+      "nixos-fw -s ${lib.escapeShellArg source} -p ${lib.escapeShellArg protocol} --dport ${lib.escapeShellArg (toString dport)} -j nixos-fw-accept";
     addRules = lib.concatMapStringsSep "\n" (rule: "iptables -A ${rule}");
     removeRules = lib.concatMapStringsSep "\n" (rule: "iptables -D ${rule} || true");
   };
@@ -42,7 +54,7 @@
 
   sshPort = 22022;
 
-  theme = pkgs: {
+  theme = {
     gtk = {
       name = "Adwaita-dark";
       package = pkgs.gnome-themes-extra;
@@ -57,30 +69,64 @@
     };
   };
 
-  defaultApplications = import ./default-applications.nix;
+  retiolumAddresses = lib.mapAttrs (_: v: { inherit (v.retiolum) ipv4 ipv6; }) (
+    lib.filterAttrs (_: v: v ? "retiolum") machines
+  );
+  externalNetwork = lib.mapAttrs (_: v: v.externalIp) (
+    lib.filterAttrs (_: v: v ? "externalIp") machines
+  );
+  localAddresses = lib.mapAttrs (_: v: v.internalIp) (
+    lib.filterAttrs (_: v: v ? "internalIp") machines
+  );
+  myceliumAddresses = lib.mapAttrs (_: v: v.mycelium.ipv6) (
+    lib.filterAttrs (_: v: v ? "mycelium") machines
+  );
+  torAddresses = lib.mapAttrs (_: v: v.torAddress) (
+    lib.filterAttrs (_: v: v ? "torAddress") machines
+  );
+  syncthingIds = lib.mapAttrs (_: v: { id = v.syncthingId; }) (
+    lib.filterAttrs (_: v: v ? "syncthingId") machines
+  );
 
-  retiolumAddresses = import ./retiolum-network.nix;
+  email =
+    let
+      thunderbirdProfile = "donnervogel";
+    in
+    {
+      inherit thunderbirdProfile;
+      defaults = {
+        thunderbird = {
+          enable = true;
+          profiles = [ thunderbirdProfile ];
+        };
+        aerc.enable = true;
+        realName = "Kierán Meinhardt";
+        folders.inbox = "INBOX";
+      };
+    };
 
-  localAddresses = import ./local-network.nix;
-
-  email-sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKz33wHtPuIfgXEb0+hybxFGV9ZuPsDTLUZo/+hlcdA";
+  machines = machines;
 
   kieran = {
     github = "kmein";
     email = "kmein@posteo.de";
     name = "Kierán Meinhardt";
-    sshKeys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyTnGhFq0Q+vghNhrqNrAyY+CsN7nNz8bPfiwIwNpjk" # kabsa
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiQEc8rTr7C7xVLYV7tQ99BDDBLrJsy5hslxtCEatkB" # manakish
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByreBjBEMJKjgpKLd5XZHIUUwIhNafVqN6OUOQpJa3y" # fatteh
+    pronouns = builtins.concatStringsSep "/" [
+      "er"
+      "he"
+      "is"
+      "οὗτος"
+      "هو"
+      "ⲛ̄ⲧⲟϥ"
+      "он"
+      "han"
+      "सः"
+    ];
+    sshKeys = [
+      machines.fatteh.sshKey
+      machines.manakish.sshKey
+      machines.kabsa.sshKey
     ];
-  };
-
-  syncthing.devices = {
-    kabsa.id = "R6DEBD7-G5RYDKN-VFA3HPO-WX4DNVI-373F7OQ-AW5MZTT-3L4BDVW-Y6ROEAF";
-    kibbeh.id = "HLQSG3D-WSKLA6S-MEYQ3EU-GDBGABE-PY53RQ6-SWQAP2I-Z5MVBVX-MYPJXAM";
-    manakish.id = "AJVBWR2-VFFAGZF-7ZF5JAX-T63GMOG-NZ446WK-MC5E6WK-6X6Q2HE-QQA2JQ3";
-    fatteh.id = "GSOGYT3-2GBHZXT-MNCTDIY-3BJIR4V-OHVOOMJ-ICVLKXR-U4C7RFB-HJOK3AC";
   };
 
   ignorePaths = [

lib/email.nix

@@ -1,23 +0,0 @@
-rec {
-  thunderbirdProfile = "donnervogel";
-  pronouns = builtins.concatStringsSep "/" [
-    "er"
-    "he"
-    "is"
-    "οὗτος"
-    "هو"
-    "ⲛ̄ⲧⲟϥ"
-    "он"
-    "han"
-    "सः"
-  ];
-  defaults = {
-    thunderbird = {
-      enable = true;
-      profiles = [thunderbirdProfile];
-    };
-    aerc.enable = true;
-    realName = "Kierán Meinhardt";
-    folders.inbox = "INBOX";
-  };
-}

lib/external-network.nix

@@ -1,4 +0,0 @@
-{
-  ful = "130.61.217.114";
-  makanek = "88.99.83.173";
-}

lib/goldendict-config.nix

@@ -1,182 +0,0 @@
-{
-  pkgs,
-  path,
-}: ''
-  <config>
-   <paths>
-    <path recursive="1">${path}</path>
-   </paths>
-   <sounddirs/>
-   <dictionaryOrder name="" id="0">
-    <mutedDictionaries/>
-   </dictionaryOrder>
-   <inactiveDictionaries name="" id="0">
-    <mutedDictionaries/>
-   </inactiveDictionaries>
-   <groups nextId="1"/>
-   <hunspell dictionariesPath=""/>
-   <transliteration>
-    <enableRussianTransliteration>0</enableRussianTransliteration>
-    <enableGermanTransliteration>0</enableGermanTransliteration>
-    <enableGreekTransliteration>0</enableGreekTransliteration>
-    <enableBelarusianTransliteration>0</enableBelarusianTransliteration>
-    <chinese>
-     <enable>0</enable>
-     <enableSCToTWConversion>1</enableSCToTWConversion>
-     <enableSCToHKConversion>1</enableSCToHKConversion>
-     <enableTCToSCConversion>1</enableTCToSCConversion>
-    </chinese>
-    <romaji>
-     <enable>0</enable>
-     <enableHepburn>1</enableHepburn>
-     <enableNihonShiki>0</enableNihonShiki>
-     <enableKunreiShiki>0</enableKunreiShiki>
-     <enableHiragana>1</enableHiragana>
-     <enableKatakana>1</enableKatakana>
-    </romaji>
-   </transliteration>
-   <forvo>
-    <enable>0</enable>
-    <apiKey></apiKey>
-    <languageCodes></languageCodes>
-   </forvo>
-   <mediawikis>
-    <mediawiki enabled="0" name="English Wikipedia" icon="" id="ae6f89aac7151829681b85f035d54e48" url="https://en.wikipedia.org/w"/>
-    <mediawiki enabled="0" name="English Wiktionary" icon="" id="affcf9678e7bfe701c9b071f97eccba3" url="https://en.wiktionary.org/w"/>
-    <mediawiki enabled="0" name="German Wikipedia" icon="" id="a8a66331a1242ca2aeb0b4aed361c41d" url="https://de.wikipedia.org/w"/>
-    <mediawiki enabled="0" name="German Wiktionary" icon="" id="21c64bca5ec10ba17ff19f3066bc962a" url="https://de.wiktionary.org/w"/>
-   </mediawikis>
-   <websites>
-    <website enabled="0" name="Google En-En (Oxford)" icon="" id="b88cb2898e634c6638df618528284c2d" url="https://www.google.com/search?q=define:%GDWORD%&amp;hl=en" inside_iframe="1"/>
-    <website enabled="0" name="Urban Dictionary" icon="" id="f376365a0de651fd7505e7e5e683aa45" url="https://www.urbandictionary.com/define.php?term=%GDWORD%" inside_iframe="1"/>
-    <website enabled="0" name="Multitran (En)" icon="" id="324ca0306187df7511b26d3847f4b07c" url="https://multitran.ru/c/m.exe?CL=1&amp;l1=1&amp;s=%GD1251%" inside_iframe="1"/>
-    <website enabled="0" name="Lingvo (En-Ru)" icon="" id="924db471b105299c82892067c0f10787" url="http://lingvopro.abbyyonline.com/en/Search/en-ru/%GDWORD%" inside_iframe="1"/>
-    <website enabled="0" name="Michaelis (Pt-En)" icon="" id="087a6d65615fb047f4c80eef0a9465db" url="http://michaelis.uol.com.br/moderno/ingles/index.php?lingua=portugues-ingles&amp;palavra=%GDISO1%" inside_iframe="1"/>
-   </websites>
-   <dictservers/>
-   <programs>
-    <program enabled="0" name="Espeak" icon="" id="2cf8b3a60f27e1ac812de0b57c148340" commandLine="${pkgs.espeak}/bin/espeak %GDWORD%" type="0"/>
-    <program enabled="0" name="Manpages" icon="" id="4f898f7582596cea518c6b0bfdceb8b3" commandLine="${pkgs.man_db}/bin/man -a --html=/bin/cat %GDWORD%" type="2"/>
-   </programs>
-   <voiceEngines/>
-   <mutedDictionaries/>
-   <popupMutedDictionaries>
-    <mutedDictionary>ae6f89aac7151829681b85f035d54e48</mutedDictionary>
-   </popupMutedDictionaries>
-   <preferences>
-    <interfaceLanguage></interfaceLanguage>
-    <helpLanguage></helpLanguage>
-    <displayStyle>modern</displayStyle>
-    <newTabsOpenAfterCurrentOne>0</newTabsOpenAfterCurrentOne>
-    <newTabsOpenInBackground>1</newTabsOpenInBackground>
-    <hideSingleTab>0</hideSingleTab>
-    <mruTabOrder>0</mruTabOrder>
-    <hideMenubar>0</hideMenubar>
-    <enableTrayIcon>1</enableTrayIcon>
-    <startToTray>1</startToTray>
-    <closeToTray>1</closeToTray>
-    <autoStart>0</autoStart>
-    <doubleClickTranslates>1</doubleClickTranslates>
-    <selectWordBySingleClick>0</selectWordBySingleClick>
-    <escKeyHidesMainWindow>0</escKeyHidesMainWindow>
-    <zoomFactor>1</zoomFactor>
-    <helpZoomFactor>1</helpZoomFactor>
-    <wordsZoomLevel>0</wordsZoomLevel>
-    <enableMainWindowHotkey>1</enableMainWindowHotkey>
-    <mainWindowHotkey>Ctrl+F11, Ctrl+F11</mainWindowHotkey>
-    <enableClipboardHotkey>1</enableClipboardHotkey>
-    <clipboardHotkey>Ctrl+C, Ctrl+C</clipboardHotkey>
-    <enableScanPopup>1</enableScanPopup>
-    <startWithScanPopupOn>0</startWithScanPopupOn>
-    <enableScanPopupModifiers>0</enableScanPopupModifiers>
-    <scanPopupModifiers>0</scanPopupModifiers>
-    <scanPopupAltMode>0</scanPopupAltMode>
-    <scanPopupAltModeSecs>3</scanPopupAltModeSecs>
-    <ignoreOwnClipboardChanges>0</ignoreOwnClipboardChanges>
-    <scanToMainWindow>0</scanToMainWindow>
-    <ignoreDiacritics>0</ignoreDiacritics>
-    <showScanFlag>0</showScanFlag>
-    <scanPopupUseUIAutomation>1</scanPopupUseUIAutomation>
-    <scanPopupUseIAccessibleEx>1</scanPopupUseIAccessibleEx>
-    <scanPopupUseGDMessage>1</scanPopupUseGDMessage>
-    <scanPopupUnpinnedWindowFlags>0</scanPopupUnpinnedWindowFlags>
-    <scanPopupUnpinnedBypassWMHint>0</scanPopupUnpinnedBypassWMHint>
-    <pronounceOnLoadMain>0</pronounceOnLoadMain>
-    <pronounceOnLoadPopup>0</pronounceOnLoadPopup>
-    <useInternalPlayer>1</useInternalPlayer>
-    <internalPlayerBackend>FFmpeg+libao</internalPlayerBackend>
-    <audioPlaybackProgram>mplayer</audioPlaybackProgram>
-    <alwaysOnTop>1</alwaysOnTop>
-    <searchInDock>1</searchInDock>
-    <historyStoreInterval>0</historyStoreInterval>
-    <favoritesStoreInterval>0</favoritesStoreInterval>
-    <confirmFavoritesDeletion>1</confirmFavoritesDeletion>
-    <proxyserver enabled="0" useSystemProxy="0">
-     <type>0</type>
-     <host></host>
-     <port>3128</port>
-     <user></user>
-     <password></password>
-     <systemProxyUser></systemProxyUser>
-     <systemProxyPassword></systemProxyPassword>
-    </proxyserver>
-    <disallowContentFromOtherSites>0</disallowContentFromOtherSites>
-    <enableWebPlugins>0</enableWebPlugins>
-    <hideGoldenDictHeader>0</hideGoldenDictHeader>
-    <maxNetworkCacheSize>50</maxNetworkCacheSize>
-    <clearNetworkCacheOnExit>1</clearNetworkCacheOnExit>
-    <maxStringsInHistory>500</maxStringsInHistory>
-    <storeHistory>1</storeHistory>
-    <alwaysExpandOptionalParts>0</alwaysExpandOptionalParts>
-    <addonStyle></addonStyle>
-    <collapseBigArticles>0</collapseBigArticles>
-    <articleSizeLimit>2000</articleSizeLimit>
-    <limitInputPhraseLength>0</limitInputPhraseLength>
-    <inputPhraseLengthLimit>1000</inputPhraseLengthLimit>
-    <maxDictionaryRefsInContextMenu>20</maxDictionaryRefsInContextMenu>
-    <trackClipboardChanges>0</trackClipboardChanges>
-    <synonymSearchEnabled>1</synonymSearchEnabled>
-    <fullTextSearch>
-     <searchMode>0</searchMode>
-     <matchCase>0</matchCase>
-     <maxArticlesPerDictionary>100</maxArticlesPerDictionary>
-     <maxDistanceBetweenWords>2</maxDistanceBetweenWords>
-     <useMaxArticlesPerDictionary>0</useMaxArticlesPerDictionary>
-     <useMaxDistanceBetweenWords>1</useMaxDistanceBetweenWords>
-     <dialogGeometry></dialogGeometry>
-     <disabledTypes></disabledTypes>
-     <enabled>1</enabled>
-     <ignoreWordsOrder>0</ignoreWordsOrder>
-     <ignoreDiacritics>0</ignoreDiacritics>
-     <maxDictionarySize>0</maxDictionarySize>
-    </fullTextSearch>
-   </preferences>
-   <lastMainGroupId>0</lastMainGroupId>
-   <lastPopupGroupId>0</lastPopupGroupId>
-   <popupWindowState>AAAA/wAAAAH9AAAAAAAAAg0AAAGTAAAABAAAAAQAAAAIAAAACPwAAAABAAAAAQAAAAEAAAAaAGQAaQBjAHQAaQBvAG4AYQByAHkAQgBhAHIDAAAAAP////8AAAAAAAAAAA==</popupWindowState>
-   <popupWindowGeometry>AdnQywADAAAAAAC6AAABEgAAAuYAAAKkAAAAugAAARIAAALmAAACpAAAAAAAAAAABVYAAAC6AAABEgAAAuYAAAKk</popupWindowGeometry>
-   <pinPopupWindow>0</pinPopupWindow>
-   <popupWindowAlwaysOnTop>0</popupWindowAlwaysOnTop>
-   <mainWindowState>AAAA/wAAAAH9AAAAAgAAAAAAAADMAAAC0PwCAAAAAfsAAAAUAHMAZQBhAHIAYwBoAFAAYQBuAGUBAAAAFAAAAtAAAAB9AP///wAAAAEAAADMAAAC0PwCAAAAA/sAAAASAGQAaQBjAHQAcwBQAGEAbgBlAQAAABQAAAFvAAAAYQD////7AAAAGgBmAGEAdgBvAHIAaQB0AGUAcwBQAGEAbgBlAAAAABQAAALQAAAAYQD////7AAAAFgBoAGkAcwB0AG8AcgB5AFAAYQBuAGUBAAABhAAAAWAAAABhAP///wAAA7QAAALQAAAABAAAAAQAAAAIAAAACPwAAAABAAAAAgAAAAIAAAAUAG4AYQB2AFQAbwBvAGwAYgBhAHIAAAAAAP////8AAAAAAAAAAAAAABoAZABpAGMAdABpAG8AbgBhAHIAeQBCAGEAcgAAAAAA/////wAAAAAAAAAA</mainWindowState>
-   <mainWindowGeometry>AdnQywADAAAAAAAEAAAAGAAABVEAAAL7AAAABAAAABgAAAVRAAAC+wAAAAAAAAAABVYAAAAEAAAAGAAABVEAAAL7</mainWindowGeometry>
-   <helpWindowGeometry>AdnQywADAAAAAAF3AAAAgwAAA9AAAAJGAAABeAAAAIQAAAPPAAACRQAAAAAAAAAABVYAAAF4AAAAhAAAA88AAAJF</helpWindowGeometry>
-   <helpSplitterState>AAAA/wAAAAEAAAACAAABBAAABAAB/////wEAAAABAA==</helpSplitterState>
-   <dictInfoGeometry>AdnQywADAAAAAAF1AAAAmgAAA84AAAIrAAABdgAAAJsAAAPNAAACKgAAAAAAAAAABVYAAAF2AAAAmwAAA80AAAIq</dictInfoGeometry>
-   <inspectorGeometry></inspectorGeometry>
-   <timeForNewReleaseCheck></timeForNewReleaseCheck>
-   <skippedRelease></skippedRelease>
-   <showingDictBarNames>1</showingDictBarNames>
-   <usingSmallIconsInToolbars>1</usingSmallIconsInToolbars>
-   <editDictionaryCommandLine></editDictionaryCommandLine>
-   <maxPictureWidth>0</maxPictureWidth>
-   <maxHeadwordSize>256</maxHeadwordSize>
-   <maxHeadwordsToExpand>0</maxHeadwordsToExpand>
-   <headwordsDialog>
-    <searchMode>0</searchMode>
-    <matchCase>0</matchCase>
-    <autoApply>0</autoApply>
-    <headwordsExportPath></headwordsExportPath>
-    <headwordsDialogGeometry></headwordsDialogGeometry>
-   </headwordsDialog>
-  </config>
-''

lib/home.nix

@@ -1,2 +0,0 @@
-# https://github.com/hercules-ci/gitignore.nix/pull/58/files
-path: ~/. + path

lib/keyboards/arabic

@@ -1,23 +0,0 @@
-// Arabic keyboard using Buckwalter transliteration
-// http://www.qamus.org/transliteration.htm
-// Martin Vidner
-// stolen from https://gitlab.freedesktop.org/xkeyboard-config/xkeyboard-config/-/blob/2505a3ec2605ea7303bc6de68acf96578f0fd424/symbols/ara#L179
-
-// TODO 06CC ARABIC LETTER FARSI YEH
-
-default partial alphanumeric_keys
-xkb_symbols "buckwalter" {
-  include "ara(buckwalter)"
-  name[Group1] = "Arabic (Buckwalter + Persian)";
-
-  key <AE09> {[ 0x1000669, parenleft ] };
-  key <AE10> {[ 0x1000660, parenright ] };
-  key <AD10> {[ Arabic_tehmarbuta, 0x100067E ] }; // پ
-  key <AD11> {[ 0x100200C, 0x1000671 ] }; // alif wasla, ZWNJ
-  key <AD12> {[ 0x10006C0, Arabic_hamzaonyeh ] }; // ۀ
-  key <AC05> {[ Arabic_ghain, 0x10006AF ] }; // گ
-  key <AC07> {[ Arabic_jeem, 0x1000686 ] }; // چ
-  key <AB03> {[ 0x10006A9, 0x1000698 ] }; // ک ژ
-  key <AB04> {[ Arabic_theh, 0x10006A4 ] }; // ڤ
-  key <AB09> {[ period, Arabic_hamzaonalef ] };
-};

lib/local-network.nix

@@ -1,4 +0,0 @@
-{
-  officejet = "192.168.0.251";
-  router = "192.168.0.1";
-}

lib/machines.nix

@@ -0,0 +1,96 @@
+let
+  sshPort = 22022;
+in
+{
+  kabsa = {
+    sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyTnGhFq0Q+vghNhrqNrAyY+CsN7nNz8bPfiwIwNpjk";
+    syncthingId = "R6DEBD7-G5RYDKN-VFA3HPO-WX4DNVI-373F7OQ-AW5MZTT-3L4BDVW-Y6ROEAF";
+    retiolum = {
+      ipv4 = "10.243.2.4";
+      ipv6 = "42:0:3c46:861f:a118:8e9a:82c9:3d";
+    };
+    mycelium.ipv6 = "432:e30:d5d8:9311:e34b:6587:96ee:3fcb";
+    inherit sshPort;
+    system = "x86_64-linux";
+  };
+  manakish = {
+    sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiQEc8rTr7C7xVLYV7tQ99BDDBLrJsy5hslxtCEatkB";
+    syncthingId = "AJVBWR2-VFFAGZF-7ZF5JAX-T63GMOG-NZ446WK-MC5E6WK-6X6Q2HE-QQA2JQ3";
+    retiolum = {
+      ipv4 = "10.243.2.85";
+      ipv6 = "42:0:3c46:ac99:ae36:cb8:c551:ba27";
+    };
+    mycelium.ipv6 = "512:d3bd:3cd9:fcc8:ae34:81fa:385f:8c21";
+    inherit sshPort;
+    system = "x86_64-linux";
+  };
+  fatteh = {
+    sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByreBjBEMJKjgpKLd5XZHIUUwIhNafVqN6OUOQpJa3y";
+    syncthingId = "GSOGYT3-2GBHZXT-MNCTDIY-3BJIR4V-OHVOOMJ-ICVLKXR-U4C7RFB-HJOK3AC";
+    retiolum = {
+      ipv6 = "42:0:3c46:aa73:82b0:14d7:7bf8:bf2";
+      ipv4 = "10.243.2.77";
+    };
+    torAddress = "uoe7poyeliuaudf4x5nrwvs3t55ldcdpfqfyeqsadbs77ttjx7upquyd.onion";
+    mycelium.ipv6 = "463:a0d4:daa3:aa8d:a9b1:744a:46a5:7a80";
+    inherit sshPort;
+    system = "x86_64-linux";
+  };
+  kibbeh = {
+    syncthingId = "HLQSG3D-WSKLA6S-MEYQ3EU-GDBGABE-PY53RQ6-SWQAP2I-Z5MVBVX-MYPJXAM";
+  };
+  ful = {
+    externalIp = "130.61.217.114";
+    retiolum = {
+      ipv4 = "10.243.2.107";
+      ipv6 = "42:0:3c46:2c8b:a564:1213:9fb4:1bc4";
+    };
+    mycelium.ipv6 = "5bf:d60e:bebf:5163:f495:8787:880c:6d41";
+    torAddress = "ll3k2akcpwuo562hlbr452yvzhi6kmpjzcnjgw6z4nege2yftspgjjad.onion";
+    inherit sshPort;
+    system = "aarch64-linux";
+  };
+  zaatar = {
+    retiolum = {
+      ipv4 = "10.243.2.34";
+      ipv6 = "42:0:3c46:156e:10b6:3bd6:6e82:b2cd";
+    };
+    mycelium.ipv6 = "5c5:49e0:7793:f017:59e1:1715:9e0e:3fc8";
+    torAddress = "hurgxlejplh7lj2hyaj4gk2fuearibst6axdxl2ekfohiivyiab3gkad.onion";
+    inherit sshPort;
+    system = "x86_64-linux";
+  };
+  makanek = {
+    externalIp = "88.99.83.173";
+    retiolum = {
+      ipv4 = "10.243.2.84";
+      ipv6 = "42:0:3c46:f7a9:1f0a:1b2b:822a:6050";
+    };
+    mycelium.ipv6 = "43f:ad4f:fa67:d9f7:8a56:713c:7418:164b";
+    torAddress = "gnaoacvkhovpllpiwi4a4mbnx4awpdcufwtsj365tiweybdeec7thuyd.onion";
+    inherit sshPort;
+    system = "x86_64-linux";
+  };
+  officejet = {
+    internalIp = "192.168.0.251";
+  };
+  router = {
+    internalIp = "192.168.0.1";
+  };
+  tabula = {
+    retiolum = {
+      ipv4 = "10.243.2.78";
+      ipv6 = "";
+    };
+    inherit sshPort;
+    system = "x86_64-linux";
+  };
+  tahina = {
+    retiolum = {
+      ipv4 = "10.243.2.74";
+      ipv6 = "42:0:3c46:2923:1c90:872:edd6:306";
+    };
+    inherit sshPort;
+    system = "x86_64-linux";
+  };
+}

lib/mycelium-network.nix

@@ -1,8 +0,0 @@
-{
-  zaatar = "5c5:49e0:7793:f017:59e1:1715:9e0e:3fc8";
-  fatteh = "463:a0d4:daa3:aa8d:a9b1:744a:46a5:7a80";
-  ful = "5bf:d60e:bebf:5163:f495:8787:880c:6d41";
-  kabsa = "432:e30:d5d8:9311:e34b:6587:96ee:3fcb";
-  makanek = "43f:ad4f:fa67:d9f7:8a56:713c:7418:164b";
-  manakish = "512:d3bd:3cd9:fcc8:ae34:81fa:385f:8c21";
-}

lib/panoptikon.nix

@@ -1,41 +1,44 @@
 {
   pkgs,
   lib,
-  niveumPackages,
   ...
-}: {
+}:
+{
   # watcher scripts
-  url = address:
+  url =
+    address:
     pkgs.writers.writeDash "watch-url" ''
       ${pkgs.curl}/bin/curl -sSL ${lib.escapeShellArg address} \
         | ${pkgs.python3Packages.html2text}/bin/html2text --decode-errors=ignore
     '';
-  urlSelector = selector: address:
+  urlSelector =
+    selector: address:
     pkgs.writers.writeDash "watch-url-selector" ''
       ${pkgs.curl}/bin/curl -sSL ${lib.escapeShellArg address} \
         | ${pkgs.htmlq}/bin/htmlq ${lib.escapeShellArg selector} \
         | ${pkgs.python3Packages.html2text}/bin/html2text
     '';
-  urlJSON = {jqScript ? "."}: address:
+  urlJSON =
+    {
+      jqScript ? ".",
+    }:
+    address:
     pkgs.writers.writeDash "watch-url-json" ''
       ${pkgs.curl}/bin/curl -sSL ${lib.escapeShellArg address} | ${pkgs.jq}/bin/jq -f ${pkgs.writeText "script.jq" jqScript}
     '';
 
   # reporter scripts
-  kpaste-irc = {
-    target,
-    retiolumLink ? false,
-    server ? "irc.r",
-    messagePrefix ? "change detected: ",
-    nick ? ''"$PANOPTIKON_WATCHER"-watcher'',
-  }:
+  kpaste-irc =
+    {
+      target,
+      retiolumLink ? false,
+      server ? "irc.r",
+      messagePrefix ? "change detected: ",
+      nick ? ''"$PANOPTIKON_WATCHER"-watcher'',
+    }:
     pkgs.writers.writeDash "kpaste-irc-reporter" ''
-      KPASTE_CONTENT_TYPE=text/plain ${niveumPackages.kpaste}/bin/kpaste \
-        | ${pkgs.gnused}/bin/sed -n "${
-        if retiolumLink
-        then "2"
-        else "3"
-      }s/^/${messagePrefix}/p" \
+      KPASTE_CONTENT_TYPE=text/plain ${pkgs.kpaste}/bin/kpaste \
+        | ${pkgs.gnused}/bin/sed -n "${if retiolumLink then "2" else "3"}s/^/${messagePrefix}/p" \
         | ${pkgs.nur.repos.mic92.ircsink}/bin/ircsink \
           --nick ${nick} \
           --server ${server} \

lib/retiolum-network.nix

@@ -1,39 +0,0 @@
-{
-  kabsa = {
-    ipv4 = "10.243.2.4";
-    ipv6 = "42:0:3c46:861f:a118:8e9a:82c9:3d";
-  };
-
-  ful = {
-    ipv4 = "10.243.2.107";
-    ipv6 = "42:0:3c46:2c8b:a564:1213:9fb4:1bc4";
-  };
-
-  zaatar = {
-    ipv4 = "10.243.2.34";
-    ipv6 = "42:0:3c46:156e:10b6:3bd6:6e82:b2cd";
-  };
-
-  makanek = {
-    ipv4 = "10.243.2.84";
-    ipv6 = "42:0:3c46:f7a9:1f0a:1b2b:822a:6050";
-  };
-
-  fatteh = {
-    ipv6 = "42:0:3c46:aa73:82b0:14d7:7bf8:bf2";
-    ipv4 = "10.243.2.77";
-  };
-
-  manakish = {
-    ipv4 = "10.243.2.85";
-    ipv6 = "42:0:3c46:ac99:ae36:cb8:c551:ba27";
-  };
-  tabula = {
-    ipv4 = "10.243.2.78";
-    ipv6 = "";
-  };
-  tahina = {
-    ipv4 = "10.243.2.74";
-    ipv6 = "42:0:3c46:2923:1c90:872:edd6:306";
-  };
-}

modules/go-webring.nix

@@ -84,7 +84,11 @@ in
         Type = "simple";
         ExecStart = ''
           ${lib.getExe cfg.package} \
-            ${lib.optionalString (cfg.contactInstructions != null) ("--contact " + lib.escapeShellArg cfg.contactInstructions)} \
+            ${
+              lib.optionalString (cfg.contactInstructions != null) (
+                "--contact " + lib.escapeShellArg cfg.contactInstructions
+              )
+            } \
             --host ${cfg.host} \
             --index ${pkgs.writeText "index.html" cfg.homePageTemplate} \
             --listen ${cfg.listenAddress} \

modules/moodle-dl.nix

@@ -4,18 +4,20 @@
   pkgs,
   ...
 }:
-with lib; let
+with lib;
+let
   cfg = config.services.moodle-dl;
-  json = pkgs.formats.json {};
+  json = pkgs.formats.json { };
   moodle-dl-json = json.generate "moodle-dl.json" cfg.settings;
   stateDirectoryDefault = "/var/lib/moodle-dl";
-in {
+in
+{
   options = {
     services.moodle-dl = {
       enable = mkEnableOption "moodle-dl, a Moodle downloader";
 
       settings = mkOption {
-        default = {};
+        default = { };
         type = json.type;
         description = ''
           Configuration for moodle-dl. For a full example, see
@@ -69,11 +71,11 @@ in {
       group = "moodle-dl";
     };
 
-    users.groups.moodle-dl = {};
+    users.groups.moodle-dl = { };
 
     systemd.services.moodle-dl = {
       description = "A Moodle downloader that downloads course content";
-      wants = ["network-online.target"];
+      wants = [ "network-online.target" ];
       serviceConfig = mkMerge [
         {
           Type = "oneshot";
@@ -83,11 +85,11 @@ in {
           ExecStart = "${cfg.package}/bin/moodle-dl ${lib.optionalString cfg.notifyOnly "--without-downloading-files"}";
           ExecStartPre = pkgs.writers.writeDash "moodle-dl-config" "${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${toString moodle-dl-json} ${toString cfg.tokensFile} > ${cfg.directory}/config.json";
         }
-        (mkIf (cfg.directory == stateDirectoryDefault) {StateDirectory = "moodle-dl";})
+        (mkIf (cfg.directory == stateDirectoryDefault) { StateDirectory = "moodle-dl"; })
       ];
       inherit (cfg) startAt;
     };
   };
 
-  meta.maintainers = [maintainers.kmein];
+  meta.maintainers = [ maintainers.kmein ];
 }

modules/networkmanager-declarative.nix

@@ -1,69 +0,0 @@
-# https://github.com/jmackie/nixos-networkmanager-profiles/
-{
-  lib,
-  config,
-  ...
-}:
-with lib; let
-  nm = config.networking.networkmanager;
-
-  mkProfile = profileAttrs:
-    if !(isAttrs profileAttrs)
-    then throw "error 1"
-    else {
-      enable = true;
-      mode = "0400"; # readonly (user)
-      text =
-        (foldlAttrs (accum: {
-            name,
-            value,
-          }: ''
-            ${accum}
-
-            [${name}] ${mkProfileEntry value}'')
-          "# Generated by nixos-networkmanager-profiles"
-          profileAttrs)
-        + "\n";
-    };
-
-  mkProfileEntry = entryAttrs:
-    if !(isAttrs entryAttrs)
-    then throw "error 2"
-    else
-      foldlAttrs (accum: {
-        name,
-        value,
-      }: ''
-        ${accum}
-        ${name}=${toString value}'') ""
-      entryAttrs;
-
-  foldlAttrs = op: nul: attrs:
-    foldl (accum: {
-      fst,
-      snd,
-    }:
-      op accum (nameValuePair fst snd))
-    nul
-    (lists.zipLists (attrNames attrs) (attrValues attrs));
-
-  attrLength = attrs: length (attrValues attrs);
-in {
-  options.networking.networkmanager.profiles = mkOption {
-    type = types.attrs;
-    default = {};
-  };
-
-  config = mkIf (attrLength nm.profiles > 0) {
-    environment.etc = foldlAttrs (accum: {
-      name,
-      value,
-    }:
-      accum
-      // {
-        "NetworkManager/system-connections/${name}.nmconnection" =
-          mkProfile value;
-      }) {}
-    nm.profiles;
-  };
-}

modules/panoptikon.nix

@@ -3,65 +3,69 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   options.services.panoptikon = {
     enable = lib.mkEnableOption "Generic command output / website watcher";
     watchers = lib.mkOption {
-      type = lib.types.attrsOf (lib.types.submodule (watcher: {
-        options = {
-          script = lib.mkOption {
-            type = lib.types.path;
-            description = ''
-              A script whose stdout is to be watched.
-            '';
-            example = ''
-              pkgs.writers.writeDash "github-meta" '''
-                ''${pkgs.curl}/bin/curl -sSL https://api.github.com/meta | ''${pkgs.jq}/bin/jq
-              '''
-            '';
+      type = lib.types.attrsOf (
+        lib.types.submodule (watcher: {
+          options = {
+            script = lib.mkOption {
+              type = lib.types.path;
+              description = ''
+                A script whose stdout is to be watched.
+              '';
+              example = ''
+                pkgs.writers.writeDash "github-meta" '''
+                  ''${pkgs.curl}/bin/curl -sSL https://api.github.com/meta | ''${pkgs.jq}/bin/jq
+                '''
+              '';
+            };
+            frequency = lib.mkOption {
+              type = lib.types.str;
+              description = ''
+                How often to run the script. See systemd.time(7) for more information about the format.
+              '';
+              example = "*:0/3";
+              default = "daily";
+            };
+            loadCredential = lib.mkOption {
+              type = lib.types.listOf lib.types.str;
+              description = ''
+                This can be used to pass secrets to the systemd service without adding them to the nix store.
+              '';
+              default = [ ];
+            };
+            reporters = lib.mkOption {
+              type = lib.types.listOf lib.types.path;
+              description = ''
+                A list of scripts that take the diff (if any) via stdin and report it (e.g. to IRC, Telegram or Prometheus). The name of the watcher will be in the $PANOPTIKON_WATCHER environment variable.
+              '';
+              example = ''
+                [
+                  (pkgs.writers.writeDash "telegram-reporter" '''
+                    ''${pkgs.curl}/bin/curl -X POST https://api.telegram.org/bot''${TOKEN}/sendMessage \
+                      -d chat_id=123456 \
+                      -d text="$(cat)"
+                  ''')
+                  (pkgs.writers.writeDash "notify" '''
+                    ''${pkgs.libnotify}/bin/notify-send "$PANOPTIKON_WATCHER has changed."
+                  ''')
+                ]
+              '';
+            };
           };
-          frequency = lib.mkOption {
-            type = lib.types.str;
-            description = ''
-              How often to run the script. See systemd.time(7) for more information about the format.
-            '';
-            example = "*:0/3";
-            default = "daily";
-          };
-          loadCredential = lib.mkOption {
-            type = lib.types.listOf lib.types.str;
-            description = ''
-              This can be used to pass secrets to the systemd service without adding them to the nix store.
-            '';
-            default = [];
-          };
-          reporters = lib.mkOption {
-            type = lib.types.listOf lib.types.path;
-            description = ''
-              A list of scripts that take the diff (if any) via stdin and report it (e.g. to IRC, Telegram or Prometheus). The name of the watcher will be in the $PANOPTIKON_WATCHER environment variable.
-            '';
-            example = ''
-              [
-                (pkgs.writers.writeDash "telegram-reporter" '''
-                  ''${pkgs.curl}/bin/curl -X POST https://api.telegram.org/bot''${TOKEN}/sendMessage \
-                    -d chat_id=123456 \
-                    -d text="$(cat)"
-                ''')
-                (pkgs.writers.writeDash "notify" '''
-                  ''${pkgs.libnotify}/bin/notify-send "$PANOPTIKON_WATCHER has changed."
-                ''')
-              ]
-            '';
-          };
-        };
-        config = {};
-      }));
+          config = { };
+        })
+      );
     };
   };
 
-  config = let
-    cfg = config.services.panoptikon;
-  in
+  config =
+    let
+      cfg = config.services.panoptikon;
+    in
     lib.mkIf cfg.enable {
       users.extraUsers.panoptikon = {
         isSystemUser = true;
@@ -70,45 +74,50 @@
         group = "panoptikon";
       };
 
-      users.extraGroups.panoptikon = {};
+      users.extraGroups.panoptikon = { };
 
-      systemd.timers = lib.attrsets.mapAttrs' (watcherName: _:
+      systemd.timers = lib.attrsets.mapAttrs' (
+        watcherName: _:
         lib.nameValuePair "panoptikon-${watcherName}" {
           timerConfig.RandomizedDelaySec = toString (60 * 60);
-        })
-      cfg.watchers;
+        }
+      ) cfg.watchers;
 
-      systemd.services =
-        lib.attrsets.mapAttrs' (watcherName: watcherOptions:
-          lib.nameValuePair "panoptikon-${watcherName}" {
-            enable = true;
-            startAt = watcherOptions.frequency;
-            serviceConfig = {
-              Type = "oneshot";
-              User = "panoptikon";
-              Group = "panoptikon";
-              WorkingDirectory = "/var/lib/panoptikon";
-              RestartSec = toString (60 * 60);
-              Restart = "on-failure";
-              LoadCredential = watcherOptions.loadCredential;
-            };
-            unitConfig = {
-              StartLimitIntervalSec = "300";
-              StartLimitBurst = "5";
-            };
-            environment.PANOPTIKON_WATCHER = watcherName;
-            wants = ["network-online.target"];
-            script = ''
-              set -fux
-              ${watcherOptions.script} > ${lib.escapeShellArg watcherName}
-              diff_output=$(${pkgs.diffutils}/bin/diff --new-file ${lib.escapeShellArg (watcherName + ".old")} ${lib.escapeShellArg watcherName} || :)
-              if [ -n "$diff_output" ]
-              then
-                ${lib.strings.concatMapStringsSep "\n" (reporter: ''echo "$diff_output" | ${reporter} || :'') watcherOptions.reporters}
-              fi
-              mv ${lib.escapeShellArg watcherName} ${lib.escapeShellArg (watcherName + ".old")}
-            '';
-          })
-        cfg.watchers;
+      systemd.services = lib.attrsets.mapAttrs' (
+        watcherName: watcherOptions:
+        lib.nameValuePair "panoptikon-${watcherName}" {
+          enable = true;
+          startAt = watcherOptions.frequency;
+          serviceConfig = {
+            Type = "oneshot";
+            User = "panoptikon";
+            Group = "panoptikon";
+            WorkingDirectory = "/var/lib/panoptikon";
+            RestartSec = toString (60 * 60);
+            Restart = "on-failure";
+            LoadCredential = watcherOptions.loadCredential;
+          };
+          unitConfig = {
+            StartLimitIntervalSec = "300";
+            StartLimitBurst = "5";
+          };
+          environment.PANOPTIKON_WATCHER = watcherName;
+          wants = [ "network-online.target" ];
+          script = ''
+            set -fux
+            ${watcherOptions.script} > ${lib.escapeShellArg watcherName}
+            diff_output=$(${pkgs.diffutils}/bin/diff --new-file ${
+              lib.escapeShellArg (watcherName + ".old")
+            } ${lib.escapeShellArg watcherName} || :)
+            if [ -n "$diff_output" ]
+            then
+              ${lib.strings.concatMapStringsSep "\n" (
+                reporter: ''echo "$diff_output" | ${reporter} || :''
+              ) watcherOptions.reporters}
+            fi
+            mv ${lib.escapeShellArg watcherName} ${lib.escapeShellArg (watcherName + ".old")}
+          '';
+        }
+      ) cfg.watchers;
     };
 }

modules/passport.nix

@@ -3,7 +3,8 @@
   lib,
   pkgs,
   ...
-}: let
+}:
+let
   cfg = config.niveum.passport;
   sortOn = a: lib.sort (as1: as2: lib.lessThan (lib.getAttr a as1) (lib.getAttr a as2));
   css = ''
@@ -52,20 +53,22 @@
     }
   '';
 in
-  with lib; {
-    options.niveum.passport = {
-      enable = mkEnableOption "server passport";
+with lib;
+{
+  options.niveum.passport = {
+    enable = mkEnableOption "server passport";
 
-      introductionHTML = mkOption {type = types.str;};
+    introductionHTML = mkOption { type = types.str; };
 
-      virtualHost = mkOption {
-        type = types.str;
-      };
+    virtualHost = mkOption {
+      type = types.str;
+    };
 
-      services = mkOption {
-        type = types.listOf (types.submodule {
+    services = mkOption {
+      type = types.listOf (
+        types.submodule {
           options = {
-            title = mkOption {type = types.str;};
+            title = mkOption { type = types.str; };
             link = mkOption {
               type = types.nullOr types.str;
               default = null;
@@ -75,61 +78,62 @@ in
               default = "";
             };
           };
-        });
-        default = [];
+        }
+      );
+      default = [ ];
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.nginx.enable = true;
+
+    services.nginx.virtualHosts."${cfg.virtualHost}".locations."/passport".extraConfig = ''
+      default_type "text/html";
+      root ${
+        pkgs.linkFarm "www" [
+          {
+            name = "passport/index.html";
+            path = pkgs.writeText "index.html" ''
+              <!doctype html>
+              <head>
+                <meta charset="utf-8">
+                <meta name="viewport" content="width=device-width, initial-scale=1">
+                <title>${config.networking.hostName} passport</title>
+                <style>${css}</style>
+              </head>
+              <body>
+                <main>
+                  <section id="server">
+                  <h1>${config.networking.hostName}</h1>
+                  ${cfg.introductionHTML}
+                  </section>
+
+                  <section id="services">
+                  <h2>Services</h2>
+                  <dl>
+                  ${lib.strings.concatMapStringsSep "\n" (service: ''
+                    <dt>
+                    ${lib.optionalString (service.link != null) "<a href=\"${service.link}\">"}
+                    ${service.title}
+                    ${lib.optionalString (service.link != null) "</a>"}
+                    </dt>
+                    <dd>
+                    ${service.description}
+                    </dd>
+                  '') (sortOn "title" cfg.services)}
+                  </dl>
+                  </section>
+                </main>
+
+                <footer>
+                  <tt>${config.networking.hostName}</tt> is part of the <i><a href="https://github.com/kmein/niveum/tree/master/systems/${config.networking.hostName}">niveum</a></i> network.
+                </footer>
+              </body>
+            '';
+          }
+        ]
       };
-    };
-
-    config = mkIf cfg.enable {
-      services.nginx.enable = true;
-
-      services.nginx.virtualHosts."${cfg.virtualHost}".locations."/passport".extraConfig = ''
-        default_type "text/html";
-        root ${
-          pkgs.linkFarm "www" [
-            {
-              name = "passport/index.html";
-              path = pkgs.writeText "index.html" ''
-                <!doctype html>
-                <head>
-                  <meta charset="utf-8">
-                  <meta name="viewport" content="width=device-width, initial-scale=1">
-                  <title>${config.networking.hostName} passport</title>
-                  <style>${css}</style>
-                </head>
-                <body>
-                  <main>
-                    <section id="server">
-                    <h1>${config.networking.hostName}</h1>
-                    ${cfg.introductionHTML}
-                    </section>
-
-                    <section id="services">
-                    <h2>Services</h2>
-                    <dl>
-                    ${lib.strings.concatMapStringsSep "\n" (service: ''
-                  <dt>
-                  ${lib.optionalString (service.link != null) "<a href=\"${service.link}\">"}
-                  ${service.title}
-                  ${lib.optionalString (service.link != null) "</a>"}
-                  </dt>
-                  <dd>
-                  ${service.description}
-                  </dd>
-                '') (sortOn "title" cfg.services)}
-                    </dl>
-                    </section>
-                  </main>
-
-                  <footer>
-                    <tt>${config.networking.hostName}</tt> is part of the <i><a href="https://github.com/kmein/niveum/tree/master/systems/${config.networking.hostName}">niveum</a></i> network.
-                  </footer>
-                </body>
-              '';
-            }
-          ]
-        };
-        index index.html;
-      '';
-    };
-  }
+      index index.html;
+    '';
+  };
+}