diff --git a/SwarselSystems.org b/SwarselSystems.org index 6a3bd5c..2a9758b 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -695,8 +695,6 @@ Concerning the =flake = _:= part: This does not use =perSystem= from =flake-parts= since some of my custom packages are not able to be built on darwin systems, and I was not yet interested in writing logic for handling that. Instead I use =forEachLinuxSystem= as described in [[#h:f9b7ffba-b7e2-4554-9a35-ece0bf173e1c][Library functions]] in roder to only build this for linux hosts. -Other nix users can make use of these packages either by installing them directly in their config (using my flake as an input and then installing =.=) or by making use of the overlay that I provide in [[#h:7a059bd9-13f8-4005-b270-b41eeb6a4af2][Overlays]]. In the latter case all packages will be made available to the consuming flake - More information on the actual packages build can be found in [[#h:64a5cc16-6b16-4802-b421-c67ccef853e1][Packages]]. #+begin_src nix-ts :tangle nix/packages.nix @@ -1346,10 +1344,6 @@ Defines a formatter that can be called using =nix flake format=. While a nice ut This exposes all of my modular configuration as modules. Other people can use them in their flake using =imports = [ inputs..nixosModules ];=. Per default, this enables some mechanisms like config sharing between nodes and the globals system. TODO: make it so that nothing is enabled upon initial import. -=nixosModules= is a `defined` flake output, where external tools might expect some sort of structure; hence, I call the default output =default=, which will, in many cases, allow the user to just reference to the flake itself (which will then use =nixosModules.default= automatically. - -=homeModules= on the other hand is not standardized in this way (for example, many flakes refere to =homeManagerModules= instead); in order not to unnecessarily break things, I leave it as is. - #+begin_src nix-ts :tangle nix/modules.nix { self, ... }: { @@ -1372,7 +1366,6 @@ This exposes all of my modular configuration as modules. Other people can use th This defines some apps; they differ from normal packages in that they can be called using =nix run =. So, for example, I can call my deployment script using =nix run --experimental-features 'nix-command flakes' github:Swarsel/.dotfiles -- -n -d = (here I did not specify =#swarsel-bootstrap= since it is set as the default. In general, whenever the =#...= part is ommitted, the object under the default attribute will be used. This is also true for =nixosConfigurations=: in that case, the default will be the current hostname of the machine). - uses [[#h:c63cd469-7724-4a05-b932-8843722a00f0][builtins.listToAttrs]] -- uses [[#h:b1fe7a9a-661b-4446-aefa-98373108f8fd][The '//' operator]] to add the default output to thte set of built apps. #+begin_src nix-ts :tangle nix/apps.nix { self, ... }: @@ -1413,29 +1406,21 @@ This defines some apps; they differ from normal packages in that they can be cal :CUSTOM_ID: h:7a059bd9-13f8-4005-b270-b41eeb6a4af2 :END: -In this section I define packages that I manually add to nixpkgs, or that I want to use in a modified way. This can be useful for packages that are currently awaiting a PR or public packages that I do not want to maintain. +In this section I define packages that I manually want to nixpkgs. This can be useful for packages that are currently awaiting a PR or public packages that I do not want to maintain. As such, I also define three additional overlays: 1) =additions= - These are for the aforementioned added packages. - NOTE: The packages themselves are built in [[#h:6ed1a641-dba8-4e85-a62e-be93264df57a][Packages (pkgs)]]; here, we just add them to the overlay that we then use in the configuration. + These are for the aforementioned added packages 2) =modification= These are for packages that are on nixpkgs, but do not fit my usecase, meaning I need to perform modifications on them. -3) =nixpkgs-[stable,...]= - These are simply mirrors of other branches of nixpkgs (mostly past stable branches). Useful for packages that are broken on nixpkgs, but do not need to be on bleeding edge anyways. - - TODO: I need to check out if overlays are really the way to go in this case, or if I should just use =packages=, which should make evalutation a good bit faster. +3) =nixpkgs-stable= + This is simply a mirror of the most recent stable branch of nixpkgs. Useful for packages that are broken on nixpkgs, but do not need to be on bleeding edge anyways. Also, this is where I define all of my own modules. These are mostly used for setting some host-specifics directly than opposed to through multiple options. Lastly, I add some of my own library functions to be used alongside the functions provided by =nixpkgs= and =home-manager=. -On the structure of overlays: as you notice, all of the attributes within overlays are functions which take =final= and =prev= as arguments. This is a convention (sometimes you also see =super= instead of =final=) that aims to tell you that =final= represents the =pkgs= set after it has gone over all modifications, while =prev= is the =pkgs= set before the current modification. - - So, in =additions=, the =final= set is the same as in =modifications=, but their =prev= sets might differ (in this case, I believe they will be the same since all modifications are done at the same step). #TODO: fact check - - This starts to make a difference when you use multiple overlays and have one overlay depend on the modifications in another overlay. - -- The =_= argument is used like in a number of other programing languages and signals that the argument is never actually used in the function. - #+begin_src nix-ts :tangle nix/overlays.nix { self, inputs, ... }: let @@ -1539,12 +1524,6 @@ On the structure of overlays: as you notice, all of the attributes within overla :CUSTOM_ID: h:1d1ccae5-62ca-4d37-a28e-c59987850ed2 :END: -This sections makes use of [[https://github.com/nix-community/nixos-generators][nixos-generators]] in order to easily allow me to build a live ISO of my installer system. It can be built using =nix build --print-out-paths --no-link #images..live-iso=, and can then be copied to a USB drive using, for example, =dd=. - -This is an improvement to what I did earlier, where I did not use =nixos-generators= but instead manually imported the needed modules to make this configration into a bootable USB image. Now, I can just write this in the same way that I would to write any other configuration. - -- =perSystem= is again a =flake-parts= construct. - #+begin_src nix-ts :tangle nix/iso.nix { self, inputs, ... }: { @@ -1573,19 +1552,6 @@ This is an improvement to what I did earlier, where I did not use =nixos-generat :CUSTOM_ID: h:1d4514b4-e952-4faf-b30e-d89e73a526c6 :END: -When using tools like (the builtin) =nixos-rebuild= or =nixos-anywhere=, these tools expect the flake to have a certain structure; namely, they expect to find an output named =nixosConfigurations=, which is implicitely used when passing =--flake .#= (it is used in front of ==). - -When I define my configurations, I am actually defining two versions for each actual system: - - One 'regular' config that should be used by all rebuild tools such as =nixos-rebuild= - - One 'minimal' config that should be used by =nixos=anywhere= during initial deployment of a system - -Now, I could of course define a == and =-minimal= attribute for each configuration and just put these under =nixosConfigurations=, but that would have several drawbacks: - - evaluation time would increase - - my =nodes= output (that holds information for all actual systems) would bloat - - it is actually not clear that == and =-minimal= represent the same config - -Hence, what I instead do is to define another output =nixosConfigurationsMinimal= as an output to this flakes' config, and then use it to set the =nixosConfigurations= of another, minimal, flake that I keep in =install/=. When using =nixos-anywhere= during initial deployment, I will then point it to that minimal flake, where the minimal configs can be found. - #+begin_src nix-ts :tangle install/flake.nix { description = "Minimal installer flake - not to be used manually"; @@ -1607,18 +1573,16 @@ This holds most of the NixOS side of configuration. :CUSTOM_ID: h:88bf4b90-e94b-46fb-aaf1-a381a512860d :END: -This section mainly exists to house different =default.nix= files to define some modules that should be loaded on respective systems. +This section mainly exists house different `default.nix` files to define some modules that should be loaded on respective systems. Every host is housed in the =hosts/= directory, which is then subdivided by each respective system (=nixos/=, =home-manager/=, =nix-on-droid/=, =darwin/=). As described earlier, some of these configurations (nixos and darwin) can be defined automatically in this flake. For home-manager and nix-on-droid, the system architecture must be defined manually. -*** TODO Template +*** Template :PROPERTIES: :CUSTOM_ID: h:373bd9e8-616e-434e-bfab-c216ce4470e9 :END: This is the template that I use for new deployments of personal machines. Servers are usually highly tailored to their specific task and I do not consider it worth a time to craft a template for that. Also, at least at the current time, I only provide a template for NixOS hosts, as I rarely ever use anything else. -TODO: I dont think this template would currently work out of the box - **** Main Configuration :PROPERTIES: :CUSTOM_ID: h:859aec97-65a2-4633-b7d8-73d4ccf89cc5 @@ -2081,7 +2045,7 @@ My work machine. Built for more security, this is the gold standard of my config :CUSTOM_ID: h:a320569e-7bf0-4552-9039-b2a8e0939a12 :END: -My personal laptop. Closely follows the =pyramid= config, but leaves out some security features that I consider a bother on my work machine. +My personal laptop. ***** Main Configuration :PROPERTIES: @@ -2421,7 +2385,7 @@ This is my main server that I run at home. It handles most tasks that require bi :CUSTOM_ID: h:28e1a7eb-356b-4015-83f7-9c552c8c0e9d :END: -A Mac notebook that I have received from work. I use this machine for getting accustomed to the Apple ecosystem as well as as a sandbox for nix-darwin configurations (the darwin configuration is severely under-developed). +A Mac notebook that I have received from work. I use this machine for getting accustomed to the Apple ecosystem as well as as a sandbox for nix-darwin configurations. #+begin_src nix-ts :tangle hosts/darwin/machpizza/default.nix { lib, config, ... }: @@ -2511,18 +2475,22 @@ My phone. I use only a minimal config for remote debugging here. :CUSTOM_ID: h:4dc59747-9598-4029-aa7d-92bf186d6c06 :END: -My server setup was originally built on Proxmox VE; back when I started, I created all kinds of wild Debian/Ubuntu/etc. KVMs and LXCs on there. However, the root disk has suffered a weird failure where it has become unable to be cloned, but was still functional. I was for a long time rewriting all machines on there to use NixOS instead; this process is now finished. +My server setup was originally built on Proxmox VE; back when I started, I created all kinds of wild Debian/Ubuntu/etc. KVMs and LXCs on there. However, the root disk has suffered a weird failure where it has become unable to be cloned, but it is still functional for now. I was for a long time rewriting all machines on there to use NixOS instead; this process is now finished. -I have removed most of the machines from this section. What remains are some hosts that I have deployed on OCI: - - =MilkyWell=: cloud server used for very lightweight sync tasks of non-critical data - - =Moonside=: Proxy server + some lightweight services +I have removed most of the machines from this section. What remains are some hosts that I have deployed on OCI (mostly sync for medium-important data) and one other machine that I left for now as a reference. **** MilkyWell (OCI) :PROPERTIES: :CUSTOM_ID: h:4c5febb0-fdf6-44c5-8d51-7ea0f8930abf :END: -For this I use a free Ampere instance from OCI with 50G of space. In case my account gets terminated, all of this data is easily replaceable or backed up regularly anyways. +This machine mainly acts as an external sync helper. It manages the following things: +- Anki syncing +- Forgejo git server +- Elfeed sync server (RSS) +- Syncthing backup of replaceable data + + All of these are processes that use little cpu but can take a lot of storage. For this I use a free Ampere instance from OCI with 50G of space. In case my account gets terminated, all of this data is easily replaceable or backed up regularly anyways. ***** Main configuration @@ -2718,9 +2686,6 @@ For this I use a free Ampere instance from OCI with 50G of space. In case my acc :PROPERTIES: :CUSTOM_ID: h:f547ed16-5e6e-4744-9e33-af090e0a175b :END: - -This machine mainly acts as my proxy server to stand before my local machines. - ***** Main Configuration :PROPERTIES: :CUSTOM_ID: h:a8f20a56-ce92-43d8-8bfe-3edccebf2bf9 @@ -3221,17 +3186,13 @@ This is a slim setup for developing base configuration. I do not track the hardw #+end_src -**** TODO Drugstore (ISO installer config) +**** Drugstore (ISO installer config) :PROPERTIES: :CUSTOM_ID: h:8583371d-5d47-468b-84ba-210aad7e2c90 :END: This is a live environment ISO that I use to bootstrap new systems. It only loads a minimal configuration and no graphical interface. After booting this image on a host, find out its IP and bootstrap the system using the =bootstrap= utility. -NOTE: Yes, the path to this system does not follow the scheme outlined above - I still consider this a 'config' however, so I keep it here. - -TODO: cleanup this mess - #+begin_src nix-ts :tangle install/installer-config.nix { self, config, pkgs, lib, ... }: @@ -4482,9 +4443,6 @@ Normally, doing that also resets the lecture that happens on the first use of =s :PROPERTIES: :CUSTOM_ID: h:1bb03c4c-7749-47c1-9af6-1b3d748cebf4 :END: - -This section is to be used for modules that are most likely only used on client PCs (like my laptops) but no on servers. - **** Imports :PROPERTIES: :CUSTOM_ID: h:4acbe063-188b-42e7-b75c-b6d2e232e784 @@ -4859,7 +4817,6 @@ Here I only enable =networkmanager= and a few default networks. The rest of the }; networking = { - inherit (config.swarselsystems) hostName; wireless.iwd = { enable = true; settings = { @@ -5158,7 +5115,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at }; }; } -sh#+end_src +#+end_src **** Theme (stylix) :PROPERTIES: @@ -6004,9 +5961,6 @@ Auto login for the initial session. :PROPERTIES: :CUSTOM_ID: h:e492c24a-83a0-4bcb-a084-706f49318651 :END: - -In a similar way as the [[#h:1bb03c4c-7749-47c1-9af6-1b3d748cebf4][Client]] section, these modules are to be used mostly on servers. - **** Imports :PROPERTIES: :CUSTOM_ID: h:4e64e564-b7cb-469f-bd79-cd3efb3caa62 @@ -9832,9 +9786,6 @@ Deployment notes: :PROPERTIES: :CUSTOM_ID: h:ac0cd8b3-06cf-4dca-ba73-6100c8fedb47 :END: - -This section is to be used for darwin modules, in case I can ever be bothered to actually write them. - **** Imports :PROPERTIES: :CUSTOM_ID: h:25a95a30-8e4f-4fe3-9b8e-508a82e0a1b4 @@ -9871,7 +9822,7 @@ This section sets up all the imports that are used in the home-manager section. } #+end_src -*** TODO Optional +*** Optional :PROPERTIES: :CUSTOM_ID: h:f9aa9af0-9b8d-43ff-901d-9ffccdd70589 :END: @@ -9884,8 +9835,6 @@ These sets of configuration do not need to be deployed on every host, for a mult - =nswitch-rcm= is a tool I wrote for easy payload flashing of a Nintendo Switch in RCM mode. However, that is not needed on every machine. - The work profile is only used on my work laptop. -TODO: evaluate whether I should keep using this structure. - #+begin_src nix-ts :tangle modules/nixos/optional/default.nix { lib, ... }: let @@ -10168,7 +10117,7 @@ This holds configuration that is specific to framework laptops. Options that I need specifically at work. There are more options at [[#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6][Work]] (home-manager side). #+begin_src nix-ts :tangle modules/nixos/optional/work.nix - { self, lib, pkgs, config, configName, ... }: + { self, lib, pkgs, config, ... }: let inherit (config.swarselsystems) mainUser homeDir xdgDir; iwd = config.networking.networkmanager.wifi.backend == "iwd"; @@ -10199,7 +10148,7 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 options.swarselsystems = { hostName = lib.mkOption { type = lib.types.str; - default = configName; + default = ""; }; fqdn = lib.mkOption { type = lib.types.str; @@ -10443,7 +10392,7 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 :CUSTOM_ID: h:08ded95b-9c43-475d-a0b2-fc088a512287 :END: -The general structure here is the same as in the [[#h:6da812f5-358c-49cb-aff2-0a94f20d70b3][NixOS]] section. +The general structure is the same as in the [[#h:6da812f5-358c-49cb-aff2-0a94f20d70b3][NixOS]] section. #+begin_src nix-ts :tangle modules/home/default.nix { lib, ... }: @@ -10456,13 +10405,10 @@ The general structure here is the same as in the [[#h:6da812f5-358c-49cb-aff2-0a #+end_src -*** TODO Common +*** Common :PROPERTIES: :CUSTOM_ID: h:f0a6b5e0-2157-4522-b5e1-3f0abd91c05e :END: - -TODO: split this into actual common and client sections - **** Imports :PROPERTIES: :CUSTOM_ID: h:16fd2e85-fdd4-440a-81f0-65b9b098a43a @@ -11187,7 +11133,7 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var in { options.swarselmodules.env = lib.mkEnableOption "env settings"; - config = lib.mkIf config.swarselmodules.env { + config =z lib.mkIf config.swarselmodules.env { home.sessionVariables = { EDITOR = "e -w"; DISPLAY = ":0"; @@ -13453,8 +13399,6 @@ This service changes the screen hue at night. I am not sure if that really does :CUSTOM_ID: h:b1a00339-6e9b-4ae4-b5dc-6fd5669a2ddb :END: -This is again configuration that is mostly needed on servers. Most things should be done using the NixOS config instead, consider carefully if a home-manager config must be used. - **** Imports :PROPERTIES: :CUSTOM_ID: h:7b4ee01a-b505-47da-8fb9-0b41285d0eab @@ -13504,8 +13448,6 @@ As for the `home.sessionVariables`, it should be noted that environment variable :CUSTOM_ID: h:e0536bff-2552-4ac4-a34a-a23937a2c30f :END: -Again, mostly a placeholder for future home-manager modules that run on darwin systems. - **** Imports :PROPERTIES: :CUSTOM_ID: h:cff37bdf-4f22-419a-af4e-2665ede9add0 @@ -13530,7 +13472,7 @@ This section sets up all the imports that are used in the home-manager section. :CUSTOM_ID: h:be623200-557e-4bb7-bb11-1ec5d76c6b8b :END: -Akin to the [[#h:f9aa9af0-9b8d-43ff-901d-9ffccdd70589][Optional]] NixOS modules. +Akin to the optional NixOS modules. #+begin_src nix-ts :tangle modules/home/optional/default.nix { lib, ... }: @@ -14075,18 +14017,11 @@ This holds configuration that is specific to framework laptops. } #+end_src ** Shared - -This section is for modules that are to be used on =NixOS= and =home-manager= scopes alike. This is for example needed in order to allow me to define and set my own custom functions only once in the =NixOS= config and then mirror them into the corresponding =home-manager= option. - -*** TODO Configuration options +*** Configuration options :PROPERTIES: :CUSTOM_ID: h:79f7150f-b162-4f57-abdf-07f40dffd932 :END: -These are my own configuration options that are used in multiple places throughout the configuration - for which reason I did not put them right where they are used for the first time. - -TODO: check which of these can be replaced but builtin functions. - #+begin_src nix-ts :noweb yes :tangle modules/shared/options.nix { self, config, lib, ... }: { @@ -14160,7 +14095,7 @@ TODO: check which of these can be replaced but builtin functions. *** Variables (vars; holds firefox & stylix config parts) At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in [[#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6][Work]] that are all practically using the same configuration. To save screen space, I template that profile here. -Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.stylesheets= to true. This should in principle be set automatically using the below config, but it seems not to be working reliably. +Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.stylesheets= to true. This should in principle be set automatically using the below config, but it seems not to be working reliably For styling, I am using the [[https://github.com/danth/stylix][stylix]] NixOS module, loaded by flake. This package is really great, as it adds nix expressions for basically everything. Ever since switching to this, I did not have to play around with theming anywhere else. @@ -14168,8 +14103,6 @@ The full list of nerd-fonts can be found here: https://github.com/NixOS/nixpkgs/ This is where the theme for the whole OS is defined. Originally, this noweb-ref section could not be copied to the general NixOS config since they are on different folder structure levels in the config, which would have made the flake impure. By now, I have found out that using the =${self}= method for referencing the flake root, I could circumvent this problem. Also, the noweb-ref block could in general be replaced by a custom attribute set (see for example [[#h:e7f98ad8-74a6-4860-a368-cce154285ff0][firefox]]). The difference here was, for a long time, that this block is used in a NixOS and a home-manager-only configuration, verbatim. If I were to use an attribute set, I would have to duplicate this block once each for NixOS and home-manager. Alas, this block stays (for now). However, I learned how to use an attribute set in a custom home-manager module and pass it to both NixOS and home-manager configurations, which also removed the need for that use of it. -In short, the options defined here are passed to the modules systems using =_modules.args= - they can then be used by passing =vars= as an attribute in the input attribute set of a modules system file (=basically all files in this configuration) - #+begin_src nix-ts :noweb yes :tangle modules/shared/vars.nix { self, lib, pkgs, ... }: { @@ -22974,13 +22907,13 @@ Also, this will not merge nested sets: builtins.listToAttrs converts a list of name-value pairs into an attribute set. +#+RESULTS: +: { bar = 2; foo = 1; } + #+begin_src bash :exports both swarsel-instantiate 'builtins.listToAttrs [{ name = "foo"; value = 1; } { name = "bar"; value = 2; }]' #+end_src -#+RESULTS: -: { bar = 2; foo = 1; } - ** builtins.readDir :PROPERTIES: :CUSTOM_ID: h:1fb6ff92-7cc1-4447-8a63-460f24633053 diff --git a/index.html b/index.html index 26b70e2..0b1ea37 100644 --- a/index.html +++ b/index.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + SwarselSystems: NixOS + Emacs Configuration @@ -203,12 +203,11 @@ -
  • 7. Appendix C: Explanations to nix functions and operators - -

    • -This file has 90489 words spanning 23186 lines and was last revised on 2025-08-05 01:22:51 +0200. +This file has 87025 words spanning 22627 lines and was last revised on 2025-07-14 03:07:10 +0200.

    @@ -842,24 +812,8 @@ This configuration is part of a NixOS system that is (nearly) fully declarative This literate configuration lets me explain my choices to my future self as well as you, the reader. I go to great lengths to explain the choices for all configuration steps that I take in order for me to pay due diligence in crafting my setup, and not simply copying big chunks of other peoples code. Also, the literate configuration approach is very convenient to me as I only need to keep of (ideally) a single file to manage all of my configuration. I hope that this documentation will make it easier for beginners to get into Emacs and NixOS as I know it can be a struggle in the beginning.

    -
    -

    1.1. How to use this document

    -
    -

    -When I started out with nix, it was a painful time. For a beginner, the available resources tend to be too detailed or assume too much prior knowledge. Also, it is a (sad) fact that using nix requires the user to understand it pretty well before most things start to make sense. -

    - -

    -That is the reason why I keep this configuration as a literate one: so that I am able to explain how everything works. In the start, it was my goal to keep this repo simple, so that it would be easy to understand when seen by a beginner. However, over time I have implemented more and more complicated solutions. Still, I try to keep the prosaic descriptions sufficient. -

    - -

    -For a beginner, I recommend to read this file like a book, from start to finish. I will try to explain concepts whenever they first come up, and will regularly link to Appendix C: Explanations to nix functions and operators when more context is needed. For the first few times that I am using a new function, I will place such a link again. However, to keep the writing of this file manageable, I will generally only do this no more than three times. -

    -
    -
    -

    1.2. Structure of this file

    +

    1.1. Structure of this file

    This file is structured as follows: @@ -881,7 +835,7 @@ This section defines my Emacs configuration. For a while, I considered to use ry

    -My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2025-08-05 01:22:51 +0200) +My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2025-07-14 03:07:10 +0200)

    @@ -1005,7 +959,7 @@ not that noweb-reffed blocks will not be indented correctly. You will want to ac
    -

    1.3. TODO Structure of this flake

    +

    1.2. TODO Structure of this flake

    The structure of this flake as seen many revisions, however lately I have settled on a system that I have grown to like: @@ -1030,7 +984,7 @@ These <hosttype> folders hold in turn a number of <hostname> folders

    • default.nix: -This file holds the abstracted configuration of the host. This should mostly be enabling Profiles as well as setting some [BROKEN LINK: h:f4f22166-e345-43e6-b15f-b7f5bb886554].
      • +This file holds the abstracted configuration of the host. This should mostly be enabling Profiles as well as setting some Shared Configuration Options.
    • hardware-config.nix: It is not clearly defined what I hold in this file. Mostly it is just the attributes that nix originally sets when setting up the system for the first time (although at this time modified by me!), bar any filesystem configuration. This makes my deployment in swarsel-bootstrap a little bit simpler.
    • disk-config.nix @@ -1108,7 +1062,7 @@ By themselves, most of the files in the modules folder will not do anything. In
    -

    1.4. Hosts

    +

    1.3. Hosts

    Here I give a brief overview over the hostmachines that I am using. This is held in markdown so that I can render it into my GitHub README. @@ -1133,7 +1087,7 @@ Here I give a brief overview over the hostmachines that I am using. This is held

    -

    1.5. Programs

    +

    1.4. Programs

    | Topic         | Program                         |
@@ -1153,33 +1107,32 @@ Here I give a brief overview over the hostmachines that I am using. This is held
    -

    1.6. Services

    +

    1.5. Services

    -
    | Topic                 | Program                                                                                                             |
-|-----------------------|---------------------------------------------------------------------------------------------------------------------|
-|πŸ“– **Books**           |  [Kavita](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kavita.nix)                           |
-|πŸ“Ό **Videos**          | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix)                        |
-|🎡 **Music**           | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) +  [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) +  [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix)                                                              |
-|πŸ—¨οΈ **Messaging**       | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix)                            |
+
    | Topic                 | Program                         |
+|-----------------------|---------------------------------|
+|πŸ“– **Books**           |  [Kavita](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kavita.nix)                         |
+|πŸ“Ό **Videos**          | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix)                       |
+|🎡 **Music**           | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) +  [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) +  [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix)  |
+|πŸ—¨οΈ **Messaging**       | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix)                         |
 |πŸ“ **Filesharing**     | [Nectcloud](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nextcloud.nix)                      |
-|🎞️ **Photos**          | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix)                            |
+|πŸ“· **Photos**          | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix)                         |
 |πŸ“„ **Documents**       | [Paperless](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/paperless.nix)                      |
 |πŸ”„ **File Sync**       | [Syncthing](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/syncthing.nix)                      |
-|πŸ’Ύ **Backups**         | [Restic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/restic.nix)                            |
-|πŸ‘οΈ **Monitoring**      | [Grafana](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/monitoring.nix)                       |
-|🍴 **RSS**             | [FreshRss](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/freshrss.nix)                        |
-|🌳 **Git**             | [Forgejo](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/forgejo.nix)                          |
-|βš“ **Anki Sync**       | [Anki Sync Server](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/ankisync.nix)                |
-|πŸͺͺ **SSO**             | [Kanidm](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kanidm.nix) + [oauth2-proxy](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/oauth2-proxy.nix)                                            |
-|πŸ’Έ **Finance**         | [Firefly-III](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/firefly-iii.nix)                  |
-|πŸƒ **Collections**     | [Koillection](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/koillection.nix)                  |
-|πŸ—ƒοΈ **Shell History**   | [Atuin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/atuin.nix)                              |
-|πŸ“… **CalDav/CardDav**  | [Radicale](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/radicale.nix)                        |
-|↔️ **P2P Filesharing** | [Croc](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/croc.nix)                                |
-|βœ‚οΈ **Paste Tool**      | [Microbin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/microbin.nix)                        |
-|πŸ“Έ **Image Sharing**   | [Slink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/slink.nix)                              |
-|πŸ”— **Link Shortener**  | [Shlink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/shlink.nix)                            |
+|πŸ’Ύ **Backups**         | [Restic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/restic.nix)                         |
+|πŸ‘οΈ **Monitoring**      | [Grafana](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/monitoring.nix)                        |
+|🍴 **RSS**             | [FreshRss](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/freshrss.nix)                       |
+|🌳 **Git**             | [Forgejo](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/forgejo.nix)                        |
+|βš“ **Anki Sync**       | [Anki Sync Server](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/ankisync.nix)               |
+|πŸͺͺ **SSO**             | [Kanidm](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kanidm.nix) + [oauth2-proxy](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/oauth2-proxy.nix)          |
+|πŸ’Έ **Finance**         | [Firefly-III](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/firefly-iii.nix)                    |
+|πŸƒ **Collections**     | [Koillection](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/koillection.nix)                    |
+|πŸ—ƒοΈ **Shell History**   | [Atuin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/atuin.nix)                          |
+|πŸ“… **CalDav/CardDav**  | [Radicale](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/radicale.nix)                       |
+|↔️ **P2P Filesharing** | [Croc](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/croc.nix)                           |
+|βœ‚οΈ **Paste Tool**      | [Microbin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/microbin.nix)                       |
+|πŸ”— **Link Shortener**  | [Shlink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/shlink.nix)                          |
    @@ -1263,8 +1216,6 @@ A short overview over each input and what it does: This is the base repository that I am following for all packages. I follow the unstable branch.
  • home-manager This handles user-level configuration and mostly provides dotfiles that are generated and symlinked to ~/.config/.
    • -
  • swarsel -This pulls in the very dotfiles you are currently reading. I am adding this to the flake registry in order to have easier access to my customizations in nix calls, for example nix-instantiate
  • NUR The nix user repository contains user provided modules, packages and expressions. These are not audited by the nix community, so be aware of supply chain vulnerabilities when using those. I am only really using rycee's firefox addons from there which saves me a lot of hassle, and it seems to be a safe resource.
  • nixGL @@ -1331,7 +1282,6 @@ This provides devshell support for flake-parts
    • url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - swarsel.url = "github:Swarsel/.dotfiles"; emacs-overlay = { url = "github:nix-community/emacs-overlay"; inputs.nixpkgs.follows = "nixpkgs"; @@ -1547,41 +1497,26 @@ A breakdown for the functions that have a non-obvious purpose:
    • pkgsFor: This function reads all available systems from nixpkgs and generates pkgs for them. This is needed for my generation of home-manager and nix-on-droid systems in Hosts.
        -
      • uses nixpkgs.lib.genAttrs
        • +
      • nixpkgs.lib.genAttrs is used to generate an attribute set (a dictionary-like structure) from a list of keys and a function that computes the values for those keys: genAttrs ["a" "b" "c"] (x: "${x}-value") will produce { a = "a-value"; b = "b-value"; c = "c-value"; }.
      • Also, in that function I am defining the pkgs that should be used when I reference pkgs in the actual configuration. I want to make sure that the correct system is used (keep in mind this is for home-manager configurations, which need that info! As a remark, you would not set this for a NixOS host), that I load my Overlays (extra packages and modifications that I add to pkgs), as well as a setting that allows me to install unfree software. As a base package set I choose nixpkgs from my inputs (and so does nearly every configuration out there. Keep in mind however that you could use any package set here! nixpkgs however also comes with a lot of useful lib functions (that are not builtins to the nix language!))
    • mkTrueOption: Defines a nixos module option that is by default enables (as opposed to mkEnableOption which are per default disabled).
      • -
    • mkStrong: -
        -
      • An alias for (nixpkgs.lib.mkOverride 60), which is higher than setting an option normally (i.e. option = value; which has priority 100), but being of lower priority than using nixpkgs.lib.mkForce, which has priority 50 (lower priority takes precedence). For completeness' sake, the priority set when using nixpkgs.lib.mkDefault is 1000 (a very low value).
        • -
      • -
    • forEachLinuxSystem: performs the pkgsFor function for a set of systems (here: x86_64-linux and aarch64-linux). I need to use this in the Packages (pkgs) section in order to avoid trying to build those packages for darwin systems. -
      • +
    • mkStrong: This function uses nixpkgs.lib.mkOverride in order to set a priority for an expression that is higher than setting an option normally (i.e. option = value;) which has priority 100, while being of lower priority than using nixpkgs.lib.mkForce, which has priority 50 (lower priority takes precedence). For completeness' sake, the priority set when using nixpkgs.lib.mkDefault is 1000 (a very low value).
      • +
    • forEachLinuxSystem: performs the pkgsFor function for a set of systems (here: x86_64-linux and aarch64-linux). I need to use this in the Packages (pkgs) section in order to avoid trying to build those packages for darwin systems.
    • readHosts: Reads the names of directories under the hosts/ folder for a particular system type
        -
      • uses builtins.readDir
        • -
      • uses nixpkgs.lib.attrNames to acquire attribute names from the outputs of builtins.readDir
        • +
      • builtins.readDir reads the name of items of a directory as attributes and their type as values. As an example builtins.readDir ./hosts/nixos ran on this flake yieled at some point the output { bakery = "directory"; chaostheatre = "directory"; milkywell = "directory"; moonside = "directory"; pyramid = "directory"; toto = "directory"; winters = "directory"; }
        • +
      • nixpkgs.lib.attrNames is used to aquire these attribute names (you might think of them as the "keys") from the output of builtins.readDir
      • -
    • readNix: reads all files in a directory that are not default.nix (usually used to simply load everything from a folder and is called inside that respective default.nix). +
    • readNix: reads all files in a directory that are not default.nix (usually used to simply load everything from a folder and is called inside that respective default.nix).
      • +
    • mk[Modules,Profiles,Imports]: These are used to help with importing files mostly:
      • -
    • mkImports: These are used to help with importing files mostly: -
        -
      • uses nixpkgs.lib.map to actually import the list of modules that are passed to mkImports in names.
        • +
      • builtins.listToAttrs converts a list of name-value pairs into an attribute set. builtins.listToAttrs [{ name = "foo"; value = 1; } { name = "bar"; value = 2; }] for example returns { bar = 2; foo = 1; }.
        • +
      • nixpkgs.lib.map takes a function and applies the elements of a list upon them, e.g. lib.map (x: x + 1) [1 2 3] yields [ 2 3 4 ]. This is always used in mkImports to actually import the list of modules that are generated by the other mk[...] options.
    -

    -Concerning the flake = _: part: -

    -
      -
    • this is a mechanism introduced by flake-parts. A flake output is akin to a 'normal' output of a standard nix flake (meaning, it will not be built specifically for each system defined by mkFlake)
      • -
    • lib is then defined as the merged set of the nixpkgs and home-manager lib's, as well as some extra functions that I defined in the let-block (the .extend() method adds attributes to a set)
      • -
    + 
    { self, inputs, ... }:
@@ -1633,6 +1568,20 @@ let
       readHosts = type: lib.attrNames (builtins.readDir "${self}/hosts/${type}");
       readNix = type: lib.filter (name: name != "default.nix") (lib.attrNames (builtins.readDir "${self}/${type}"));
 
+      mkModules = names: type: builtins.listToAttrs (map
+        (name: {
+          inherit name;
+          value = import "${self}/modules/${type}/${name}";
+        })
+        names);
+
+      mkProfiles = names: type: builtins.listToAttrs (map
+        (name: {
+          inherit name;
+          value = import "${self}/profiles/${type}/${name}";
+        })
+        names);
+
       mkImports = names: baseDir: lib.map (name: "${self}/${baseDir}/${name}") names;
     };
 in
@@ -1655,10 +1604,6 @@ in
 This does not use perSystem from flake-parts since some of my custom packages are not able to be built on darwin systems, and I was not yet interested in writing logic for handling that. Instead I use forEachLinuxSystem as described in Library functions in roder to only build this for linux hosts.
 
    
 
-
    
-Other nix users can make use of these packages either by installing them directly in their config (using my flake as an input and then installing <packages.<systems>.<name>) or by making use of the overlay that I provide in  Overlays. In the latter case all packages will be made available to the consuming flake
-
    
-
 
    
 More information on the actual packages build can be found in Packages.
 
    
@@ -1684,11 +1629,12 @@ More information on the actual packages build can be found in 
-
  • uses nixpkgs.lib.mapAttrsToList on config.nodes
    • 
-
  • uses nixpkgs.lib.flip to reverse the function argument order of the mapAttrsToList call, so that we can give the attribute set (config.nodes) first. Alternatively, we could have written lib.mapAttrsToList (name: cfg: [...]) config.nodes but it would be harder to read since there would be a big block between the arguments.
    • 
-
  • uses nixpkgs.lib.concatLists. options.config._globalDefs holds the options.globals.definitions for each node (which in turn basically holds the information that has been set for each node under the globals option), so the concatenated list will look something like  [ { services.kanidm.domain = "foo"; }; } { services.freshrss.domain = "bar"; } ].
    • 
-
  • uses nixpkgs.lib.mkMerge to merge these seperate attribute sets in the list into one big attribute set (the above attribute set example would become then { services = { kanidm.domain = "foo"; freshrss.domain = "bar"; }; }. You can see how this can now be referenced as a "global" set.
    • 
+
  • nixpkgs.lib.mapAttrsToList converts an attribute set into a list by applying a given function to each name-value pair: lib.mapAttrsToList (name: value: "${name} = ${value}) { a = "1"; b = "2"; } yields the list [ "a = 1" "b = 2" ]. It is used on config.nodes.
    • 
+
  • nixpkgs.lib.flip is used to reverse the function argument order of the mapAttrsToList call, so that we can give the attribute set (config.nodes) first. Alternatively, we could have written lib.mapAttrsToList (name: cfg: [...]) config.nodes but it would be harder to read since there would be a big block between the arguments.
    • 
+
  • nixpkgs.lib.concatLists, as the name suggests, concatenates lists: lib.concatLists  [ [ 1 2 ] [ 3 4 ] [ 5 ] ] yields [ 1 2 3 4 5 ]. options.config._globalDefs holds the options.globals.definitions for each node (which in turn basically holds the information that has been set for each node under the globals option), so the concatenated list will look something like  [ { services.kanidm.domain = "foo"; }; } { services.freshrss.domain = "bar"; } ].
    • 
+
  • nixpgks.lib.mkMerge is used to merge these seperate attribute sets in the list into one big attribute set (the above attribute set example would become then { services = { kanidm.domain = "foo"; freshrss.domain = "bar"; }; }. You can see how this can now be referenced as a "global" set.
    • 
 
 
 
    
@@ -1757,7 +1703,6 @@ Lastly, in order make this actually available to my configurations, i use the Globals and the nodes output that I define right here (it simply mirrors all "full" configurations - nixOS and darwin. I like to refer to home-manager only and nix-on-droid as a "half" configurations). It is also here that I set the node name for the configuration (I prefer this explicit call over referencing networking.hostName or such) and the directory that should be used for secrets of a configuration.
 
  • mkDarwinHost works in the same way but for darwin machines.
    • 
 
-
  • mkHalfHost is a function that either creates a pure home-manager configuration or a nix-on-droid one. The type must be explicitly passed when calling the function. Here, again, we make use of pkgsFor that we defined in Library functions. Also, we make sure to pass extraSpecialArgs (the pendant to specialArgs, just for home-manager configurations).
    • 
-
-
  • diskoConfigurations: specifies a default disko configuration that is to be used if someone pulls in my flake as a disko configuration. This is not used by me, but I think it is kind of neat.
    • 
-
-
  • nodes: As stated above, a shorthand for my configurations. Is built using the The '//' operator
    • 
-
-
-
    
-The rest of the outputs either define or help define the actual configurations:
-
    
-
      
-
    • mkHalfHostConfigs works by calling the nixpkgs.lib.foldl function to build an attribute set of home-manager/nix-on-droidd configurations
-
        
-
      • uses nixpkgs.lib.foldl  on the list created by nixpkgs.lib.map over mkHalfHost. In each step of the fold, I receive an attribute set. This attribute set is then merged to the resulting set using the (acc: set: acc // set) expression
        • 
-
      • uses The '//' operator to merge the sets of the fold operation.
        • 
-
      • 
+
    • mkFullHostConfigs is the function that dynamically creates all definded hosts. The hosts are defined by placing a directory in hosts/ under either the nixos/ or darwin/ directory. These directories are being read by readHosts and delivered to this funtion in the later call in [BROKEN LINK: h:9c9b9e3b-8771-44fa-ba9e-5056ae809655] or [BROKEN LINK: h:f881aa05-a670-48dd-a57b-2916abdcb692].
      • 
+
    • mkFullHost:
+This is a function that takes a hostname as well as a boolean whether it is NixOS or not, and returns a matching nixosSystem or darwinSystem. This function is only used for systems that can use both NixOS and home-manager options (darwin still counts here as it can use some NixOS options). This is used in mkFullHostConfigs. In more detail, it dynamically creates a nixosConfiguration host, setting its speciaArgs and modules attributes. The modules are populated based on whether this is a NixOS or darwin host. For the latter, I will only ever use machines that I get for testing from work, and for these my username is different, so I implemented an if-condition for it. This could be done more cleanly using variables, but some care needs to be taken with the home-manager imports and this approach works, so for now this is fine. Thanks to this function, the import sections of the host configs are pretty clean for most hosts.
      • 
 
    
 
 
    
@@ -1825,14 +1757,6 @@ The rest of the outputs either define or help define the actual configurations:
                 name = configName;
                 secretsDir = ../hosts/nixos/${configName}/secrets;
               };
-
-              swarselprofiles = {
-                minimal = lib.mkIf minimal (lib.mkDefault true);
-              };
-
-              swarselsystems = {
-                mainUser = lib.mkDefault "swarsel";
-              };
             }
           ];
         };
@@ -1856,7 +1780,6 @@ The rest of the outputs either define or help define the actual configurations:
             {
               node.name = configName;
               node.secretsDir = ../hosts/darwin/${configName}/secrets;
-
             }
           ];
         };
@@ -1866,41 +1789,41 @@ The rest of the outputs either define or help define the actual configurations:
           let
             systemFunc = if (type == "home") then inputs.home-manager.lib.homeManagerConfiguration else inputs.nix-on-droid.lib.nixOnDroidConfiguration;
           in
-            systemFunc
-              {
-                inherit pkgs;
-                extraSpecialArgs = { inherit inputs outputs lib self configName; };
-                modules = [ "${self}/hosts/${type}/${configName}" ];
-              };
+          systemFunc
+            {
+              inherit pkgs;
+              extraSpecialArgs = { inherit inputs outputs lib self configName; };
+              modules = [ "${self}/hosts/${type}/${configName}" ];
+            };
       };
 
       mkHalfHostConfigs = hosts: type: pkgs: lib.foldl (acc: set: acc // set) { } (lib.map (name: mkHalfHost name type pkgs) hosts);
       nixosHosts = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir "${self}/hosts/nixos"));
       darwinHosts = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir "${self}/hosts/darwin"));
     in
-      {
-        nixosConfigurations = lib.genAttrs nixosHosts (mkNixosHost {
-          minimal = false;
-        });
-        nixosConfigurationsMinimal = lib.genAttrs nixosHosts (mkNixosHost {
-          minimal = true;
-        });
-        darwinConfigurations = lib.genAttrs darwinHosts (mkDarwinHost {
-          minimal = false;
-        });
-        darwinConfigurationsMinimal = lib.genAttrs darwinHosts (mkDarwinHost {
-          minimal = true;
-        });
+    {
+      nixosConfigurations = lib.genAttrs nixosHosts (mkNixosHost {
+        minimal = false;
+      });
+      nixosConfigurationsMinimal = lib.genAttrs nixosHosts (mkNixosHost {
+        minimal = true;
+      });
+      darwinConfigurations = lib.genAttrs darwinHosts (mkDarwinHost {
+        minimal = false;
+      });
+      darwinConfigurationsMinimal = lib.genAttrs darwinHosts (mkDarwinHost {
+        minimal = true;
+      });
 
-        # TODO: Build these for all architectures
-        homeConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.x86_64-linux;
-        nixOnDroidConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "android") "android" lib.swarselsystems.pkgsFor.aarch64-linux;
+      # TODO: Build these for all architectures
+      homeConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.x86_64-linux;
+      nixOnDroidConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "android") "android" lib.swarselsystems.pkgsFor.aarch64-linux;
 
-        diskoConfigurations.default = import "${self}/files/templates/hosts/nixos/disk-config.nix";
+      diskoConfigurations.default = import "${self}/files/templates/hosts/nixos/disk-config.nix";
 
-        nodes = config.nixosConfigurations // config.darwinConfigurations;
+      nodes = config.nixosConfigurations // config.darwinConfigurations;
 
-      };
+    };
 }
    @@ -1909,17 +1832,6 @@ The rest of the outputs either define or help define the actual configurations:

    2.7. Topology

    -

    -This defines some topology for the nix-topology modole that can not otherwise be parsed from the config (or is global). For example, this is used to define a number of switches, printers and routers. The topology graph is built from left to right, meaning that nodes.internet = mkInternet { connections = [ (mkConnection "moonside" "wan") ]; }; means that the node internet 'initiates' the connection to the node moonside (internet will be on the left). -

    - -

    -Another note concerning flake-parts: -

    -
      -
    • perSystem is a mechanism that tells flake-parts to build the following attribute set for all systems. This replaces the need to handle myself any system or pkgs variables, this is done by flake-parts.
      • -
    - 
    { self, inputs, ... }:
 {
@@ -1958,7 +1870,6 @@ Another note concerning flake-parts:
             (mkConnection "moonside" "wan")
             (mkConnection "pfsense" "wan")
             (mkConnection "milkywell" "wan")
-            (mkConnection "magicant" "wifi")
             (mkConnection "toto" "bootstrapper")
             (mkConnection "chaostheatre" "demo host")
           ];
@@ -2017,10 +1928,6 @@ Another note concerning flake-parts:
         };
 
         winters.interfaces."eth1" = { };
-        bakery.interfaces = {
-          "eth1" = { };
-          "wifi" = { };
-        };
 
         wifi-ap = mkSwitch "Wi-Fi AP" {
           info = "Huawei";
@@ -2031,9 +1938,6 @@ Another note concerning flake-parts:
               "wifi"
             ]
           ];
-          connections = {
-            wifi = mkConnection "bakery" "wifi";
-          };
         };
 
         switch-livingroom = mkSwitch "Switch Livingroom" {
@@ -2064,19 +1968,6 @@ Another note concerning flake-parts:
           interfaces.eth1 = { };
         };
 
-        magicant = mkDevice "magicant" {
-          icon = "${self}/files/topology-images/phone.png";
-          info = "Samsung Z Flip 6";
-          image = "${self}/files/topology-images/zflip6.png";
-          interfaces.wifi = { };
-        };
-
-        machpizza = mkDevice "machpizza" {
-          info = "MacBook Pro 2016";
-          icon = "${self}/files/topology-images/mac.png";
-          interfaces."eth1" = { };
-        };
-
         pc = mkDevice "Windows Gaming Server" {
           info = "i7-4790k, GTX970, 32GB RAM";
           image = "${self}/files/topology-images/pc.png";
@@ -2098,7 +1989,6 @@ Another note concerning flake-parts:
             ]
           ];
           connections.eth2 = mkConnection "printer" "eth1";
-          connections.eth3 = mkConnection "machpizza" "eth1";
         };
 
         printer = mkDevice "Printer" {
@@ -2123,15 +2013,7 @@ Another note concerning flake-parts:
 
    2.8. Devshell (checks)
    
 
    
 
    
-This file defines a number of checks that can either be run by calling nix flake check or while in a nix-shell or nix develop. This helps me make sure that my flake confirms to my self-imposed standards. The GitHub actions perform less checks than are being done here (they are only checking the formatting, as well as statix and deadnix).
-
    
-
-
    
-The devshell also provides a number of useful shorthand commands, as well as a 'safe' version of nixpkgs that I can use to rebuild from in case a version bump in nixpkgs suddenly breaks nix-plugins.
-
    
-
-
    
-Lastly, in the perSystem attribute set, we see that it is actually passed some values here. These expose to the scoped expressions the enclosed values, which makes it possible to still reference e.g. system and pkgs even when they are actually handled by flake-parts.
+This file defines a number of checks that can either be run by calling nix flake check or while in a nix-shell or nix develop. This helps me make sure that my flake confirms to my self-imposed standards. The GitHub actions perform less checks than are being done here (they are only checking the formatting, as well as statix and deadnix)
 
    
 
 
    
@@ -2284,16 +2166,9 @@ Lastly, in the perSystem attribute set, we see that it is actually
 
    2.9. Templates
    
 
    
 
    
-This file defines the templates that are being exposed by the flake. These can be used by running nix flake init -t github:Swarsel/.dotfiles#<TEMPLATE_NAME> by others. Personally, I mostly use these as part of the project utility.
+This file defines the templates that are being exposed by the flake. These can be used by running nix flake init -t github:Swarsel/.dotfiles#<TEMPLATE_NAME>.
 
    
 
-
    
-Otherwise, I define the function mkTemplates here which builds a named attribute set for each type of template that I have.
-
    
-
-
 
 
    
 
    { self, ... }:
@@ -2330,10 +2205,6 @@ Otherwise, I define the function mkTemplates here which builds a na
 
    
 
    2.10. Formatter
    
 
    
-
    
-Defines a formatter that can be called using nix flake format. While a nice utility, I have stronger tools to perform this job.
-
    
-
 
    
 
    _:
 {
@@ -2347,20 +2218,8 @@ Defines a formatter that can be called using nix flake format. Whil
 
    
 
    
 
    
-
    2.11. TODO Modules
    
+
    2.11. Modules
    
 
    
-
    
-This exposes all of my modular configuration as modules. Other people can use them in their flake using imports = [ inputs.<name>.nixosModules ];. Per default, this enables some mechanisms like config sharing between nodes and the globals system. TODO: make it so that nothing is enabled upon initial import.
-
    
-
-
    
-nixosModules is a `defined` flake output, where external tools might expect some sort of structure; hence, I call the default output default, which will, in many cases, allow the user to just reference to the flake itself (which will then use nixosModules.default automatically.
-
    
-
-
    
-homeModules on the other hand is not standardized in this way (for example, many flakes refere to homeManagerModules instead); in order not to unnecessarily break things, I leave it as is.
-
    
-
 
    
 
    { self, ... }:
 {
@@ -2382,14 +2241,9 @@ This exposes all of my modular configuration as modules. Other people can use th
 
    2.12. Apps
    
 
    
 
    
-This defines some apps; they differ from normal packages in that they can be called using nix run <repo><appName>. So, for example, I can call my deployment script using nix run --experimental-features 'nix-command flakes' github:Swarsel/.dotfiles -- -n <CONFIGURATION_NAME> -d <TARGET_IP> (here I did not specify #swarsel-bootstrap since it is set as the default. In general, whenever the #... part is ommitted, the object under the default attribute will be used. This is also true for nixosConfigurations: in that case, the default will be the current hostname of the machine).
+This file defines a number of checks that can either be run by calling nix flake check or while in a nix-shell or nix develop. This helps me make sure that my flake confirms to my self-imposed standards. The GitHub actions perform less checks than are being done here (they are only checking the formatting, as well as statix and deadnix)
 
    
 
-
-
 
    
 
    { self, ... }:
 {
@@ -2431,7 +2285,7 @@ This defines some apps; they differ from normal packages in that they can be cal
 
    2.13. Overlays
    
 
    
 
    
-In this section I define packages that I manually add to nixpkgs, or that I want to use in a modified way. This can be useful for packages that are currently awaiting a PR or public packages that I do not want to maintain.
+In this section I define packages that I manually want to nixpkgs. This can be useful for packages that are currently awaiting a PR or public packages that I do not want to maintain.
 
    
 
 
    
@@ -2440,15 +2294,11 @@ As such, I also define three additional overlays:
 
 
      
 
    1. additions
-These are for the aforementioned added packages.
-NOTE: The packages themselves are built in Packages (pkgs); here, we just add them to the overlay that we then use in the configuration.
      2. 
+These are for the aforementioned added packages
 
    2. modification
 These are for packages that are on nixpkgs, but do not fit my usecase, meaning I need to perform modifications on them.
      3. 
-
    3. nixpkgs-[stable,...]
-These are simply mirrors of other branches of nixpkgs (mostly past stable branches). Useful for packages that are broken on nixpkgs, but do not need to be on bleeding edge anyways.
-
        
-
      • TODO: I need to check out if overlays are really the way to go in this case, or if I should just use packages, which should make evalutation a good bit faster.
        • 
-
      4. 
+
    4. nixpkgs-stable
+This is simply a mirror of the most recent stable branch of nixpkgs. Useful for packages that are broken on nixpkgs, but do not need to be on bleeding edge anyways.
      5. 
 
    
 
 
    
@@ -2459,18 +2309,6 @@ Also, this is where I define all of my own modules. These are mostly used for se
 Lastly, I add some of my own library functions to be used alongside the functions provided by nixpkgs and home-manager.
 
    
 
-
    
-On the structure of overlays: as you notice, all of the attributes within overlays are functions which take final and prev as arguments. This is a convention (sometimes you also see super instead of final) that aims to tell you that final represents the pkgs set after it has gone over all modifications, while prev is the pkgs set before the current modification.
-
    
-
      
-
    • So, in additions, the final set is the same as in modifications, but their prev sets might differ (in this case, I believe they will be the same since all modifications are done at the same step). #TODO: fact check
      • 
-
    • This starts to make a difference when you use multiple overlays and have one overlay depend on the modifications in another overlay.
      • 
-
    
-
-
      
-
    • The _ argument is used like in a number of other programing languages and signals that the argument is never actually used in the function.
      • 
-
    
-
 
    
 
    { self, inputs, ... }:
 let
@@ -2575,18 +2413,6 @@ in
 
    
 
    2.14. Installer iso
    
 
    
-
    
-This sections makes use of nixos-generators in order to easily allow me to build a live ISO of my installer system. It can be built using nix build --print-out-paths --no-link <flake path>#images.<target-system>.live-iso, and can then be copied to a USB drive using, for example, dd.
-
    
-
-
    
-This is an improvement to what I did earlier, where I did not use nixos-generators but instead manually imported the needed modules to make this configration into a bootable USB image. Now, I can just write this in the same way that I would to write any other configuration.
-
    
-
-
      
-
    • perSystem is again a flake-parts construct.
      • 
-
    
-
 
    
 
    { self, inputs, ... }:
 {
@@ -2616,31 +2442,6 @@ This is an improvement to what I did earlier, where I did not use nixos-ge
 
    
 
    2.15. Installer flake
    
 
    
-
    
-When using tools like (the builtin) nixos-rebuild or nixos-anywhere, these tools expect the flake to have a certain structure; namely, they expect to find an output named nixosConfigurations, which is implicitely used when passing --flake .#<config name> (it is used in front of <config name>).
-
    
-
-
    
-When I define my configurations, I am actually defining two versions for each actual system:
-
    
-
      
-
    • One 'regular' config that should be used by all rebuild tools such as nixos-rebuild
      • 
-
    • One 'minimal' config that should be used by nixos=anywhere during initial deployment of a system
      • 
-
    
-
-
    
-Now, I could of course define a <name> and <name>-minimal attribute for each configuration and just put these under nixosConfigurations, but that would have several drawbacks:
-
    
-
      
-
    • evaluation time would increase
      • 
-
    • my nodes output (that holds information for all actual systems) would bloat
      • 
-
    • it is actually not clear that <name> and <name>-minimal represent the same config
      • 
-
    
-
-
    
-Hence, what I instead do is to define another output nixosConfigurationsMinimal as an output to this flakes' config, and then use it to set the nixosConfigurations of another, minimal, flake that I keep in install/. When using nixos-anywhere during initial deployment, I will then point it to that minimal flake, where the minimal configs can be found.
-
    
-
 
    
 
    {
   description = "Minimal installer flake - not to be used manually";
@@ -2665,20 +2466,16 @@ This holds most of the NixOS side of configuration.
 
    3.1. System specific configuration
    
 
    
 
    
-This section mainly exists to house different default.nix files to define some modules that should be loaded on respective systems.
+This section mainly exists house different `default.nix` files to define some modules that should be loaded on respective systems.
 Every host is housed in the hosts/ directory, which is then subdivided by each respective system (nixos/, home-manager/, nix-on-droid/, darwin/). As described earlier, some of these configurations (nixos and darwin) can be defined automatically in this flake. For home-manager and nix-on-droid, the system architecture must be defined manually.
 
    
 
    
 
    
-
    3.1.1. TODO Template
    
+
    3.1.1. Template
    
 
    
 
    
 This is the template that I use for new deployments of personal machines. Servers are usually highly tailored to their specific task and I do not consider it worth a time to craft a template for that. Also, at least at the current time, I only provide a template for NixOS hosts, as I rarely ever use anything else.
 
    
-
-
    
-TODO: I dont think this template would currently work out of the box
-
    
 
    
 
    
 
    3.1.1.1. Main Configuration
    
@@ -2905,6 +2702,19 @@ My work machine. Built for more security, this is the gold standard of my config
 
    { self, config, inputs, lib, minimal, ... }:
 let
   primaryUser = config.swarselsystems.mainUser;
+  sharedOptions = {
+    isLaptop = true;
+    isNixos = true;
+    isBtrfs = true;
+    isLinux = true;
+    sharescreen = "eDP-2";
+    profiles = {
+      personal = lib.mkIf (!minimal) true;
+      minimal = lib.mkIf minimal true;
+      work = lib.mkIf (!minimal) true;
+      framework = lib.mkIf (!minimal) true;
+    };
+  };
 in
 {
 
@@ -2917,57 +2727,54 @@ in
   ];
 
 
-  swarselprofiles = {
-    personal = lib.mkIf (!minimal) true;
-    work = lib.mkIf (!minimal) true;
-    framework = lib.mkIf (!minimal) true;
-    amdcpu = true;
-    amdgpu = true;
-    hibernation = true;
-    btrfs = true;
-  };
-  swarselsystems = {
-    lowResolution = "1280x800";
-    highResolution = "2560x1600";
-    isLaptop = true;
-    isNixos = true;
-    isBtrfs = true;
-    isLinux = true;
-    sharescreen = "eDP-2";
-    info = "Framework Laptop 16, 7940HS, RX7700S, 64GB RAM";
-    firewall = lib.mkForce true;
-    wallpaper = self + /files/wallpaper/lenovowp.png;
-    hasBluetooth = true;
-    hasFingerprint = true;
-    isImpermanence = false;
-    isSecureBoot = true;
-    isCrypted = true;
-    inherit (config.repo.secrets.local) hostName;
-    inherit (config.repo.secrets.local) fqdn;
-    hibernation.offset = 533760;
-  };
+  swarselsystems = lib.recursiveUpdate
+    {
+      info = "Framework Laptop 16, 7940HS, RX7700S, 64GB RAM";
+      firewall = lib.mkForce true;
+      wallpaper = self + /files/wallpaper/lenovowp.png;
+      hasBluetooth = true;
+      hasFingerprint = true;
+      isImpermanence = false;
+      isSecureBoot = true;
+      isCrypted = true;
+      inherit (config.repo.secrets.local) hostName;
+      inherit (config.repo.secrets.local) fqdn;
+      hibernation.offset = 533760;
+      profiles = {
+        amdcpu = true;
+        amdgpu = true;
+        hibernation = true;
+        btrfs = true;
+      };
+    }
+    sharedOptions;
 
   home-manager.users."${primaryUser}" = {
-    swarselsystems = {
-      isSecondaryGpu = true;
-      SecondaryGpuCard = "pci-0000_03_00_0";
-      cpuCount = 16;
-      temperatureHwmon = {
-        isAbsolutePath = true;
-        path = "/sys/devices/virtual/thermal/thermal_zone0/";
-        input-filename = "temp4_input";
-      };
-      monitors = {
-        main = {
-          name = "BOE 0x0BC9 Unknown";
-          mode = "2560x1600"; # TEMPLATE
-          scale = "1";
-          position = "2560,0";
-          workspace = "15:L";
-          output = "eDP-2";
+    # home.stateVersion = lib.mkForce "23.05";
+    swarselsystems = lib.recursiveUpdate
+      {
+        isSecondaryGpu = true;
+        SecondaryGpuCard = "pci-0000_03_00_0";
+        cpuCount = 16;
+        temperatureHwmon = {
+          isAbsolutePath = true;
+          path = "/sys/devices/virtual/thermal/thermal_zone0/";
+          input-filename = "temp4_input";
         };
-      };
-    };
+        lowResolution = "1280x800";
+        highResolution = "2560x1600";
+        monitors = {
+          main = {
+            name = "BOE 0x0BC9 Unknown";
+            mode = "2560x1600"; # TEMPLATE
+            scale = "1";
+            position = "2560,0";
+            workspace = "15:L";
+            output = "eDP-2";
+          };
+        };
+      }
+      sharedOptions;
   };
 }
 
@@ -3015,7 +2822,6 @@ in
         # improve performance on ssds
         bypassWorkqueues = true;
         preLVM = true;
-        # crypttabExtraOpts = ["fido2-device=auto"];
       };
     };
 
@@ -3150,7 +2956,7 @@ in
 
    3.1.2.2. Bakery (Lenovo ThinkPad)
    
 
    
 
    
-My personal laptop. Closely follows the pyramid config, but leaves out some security features that I consider a bother on my work machine.
+My personal laptop.
 
    
 
    
 
    
@@ -3160,7 +2966,17 @@ My personal laptop. Closely follows the pyramid config, but leaves
 
    { self, config, inputs, lib, minimal, ... }:
 let
   primaryUser = config.swarselsystems.mainUser;
-  sharedOptions = { };
+  sharedOptions = {
+    isLaptop = true;
+    isNixos = true;
+    isBtrfs = true;
+    isLinux = true;
+    sharescreen = "eDP-1";
+    profiles = {
+      reduced = lib.mkIf (!minimal) true;
+      minimal = lib.mkIf minimal true;
+    };
+  };
 in
 {
 
@@ -3172,21 +2988,10 @@ in
 
   ];
 
-  swarselprofiles = {
-    reduced = lib.mkIf (!minimal) true;
-    btrfs = true;
-  };
 
   swarselsystems = lib.recursiveUpdate
     {
-      isLaptop = true;
-      isNixos = true;
-      isBtrfs = true;
-      isLinux = true;
-      lowResolution = "1280x800";
-      highResolution = "1920x1080";
-      sharescreen = "eDP-1";
-      info = "Lenovo Ideapad 720S-13IKB";
+      info = "Lenovo ThinkPad";
       firewall = lib.mkForce true;
       wallpaper = self + /files/wallpaper/lenovowp.png;
       hasBluetooth = true;
@@ -3198,23 +3003,30 @@ in
       rootDisk = "/dev/nvme0n1";
       swapSize = "4G";
       hostName = config.node.name;
+      profiles = {
+        btrfs = true;
+      };
     }
     sharedOptions;
 
   home-manager.users."${primaryUser}" = {
     # home.stateVersion = lib.mkForce "23.05";
-    swarselsystems = {
-      monitors = {
-        main = {
-          name = "LG Display 0x04EF Unknown";
-          mode = "1920x1080"; # TEMPLATE
-          scale = "1";
-          position = "1920,0";
-          workspace = "15:L";
-          output = "eDP-1";
+    swarselsystems = lib.recursiveUpdate
+      {
+        lowResolution = "1280x800";
+        highResolution = "1920x1080";
+        monitors = {
+          main = {
+            name = "LG Display 0x04EF Unknown";
+            mode = "1920x1080"; # TEMPLATE
+            scale = "1";
+            position = "1920,0";
+            workspace = "15:L";
+            output = "eDP-1";
+          };
         };
-      };
-    };
+      }
+      sharedOptions;
   };
 }
 
@@ -3398,7 +3210,18 @@ This is my main server that I run at home. It handles most tasks that require bi
 
    3.1.2.3.1. Main Configuration
    
 
    
 
    
-
    { config, ... }:
+
    { lib, config, ... }:
+let
+  primaryUser = config.swarselsystems.mainUser;
+  sharedOptions = {
+    isBtrfs = false;
+    isLinux = true;
+    isNixos = true;
+    profiles = {
+      server.local = true;
+    };
+  };
+in
 {
 
   imports = [
@@ -3419,20 +3242,21 @@ This is my main server that I run at home. It handles most tasks that require bi
   };
 
 
-  swarselprofiles = {
-    server.local = true;
-  };
+  swarselsystems = lib.recursiveUpdate
+    {
+      info = "ASRock J4105-ITX, 32GB RAM";
+      isImpermanence = false;
+      isSecureBoot = true;
+      isCrypted = true;
+    }
+    sharedOptions;
 
-  swarselsystems = {
-    info = "ASRock J4105-ITX, 32GB RAM";
-    isImpermanence = false;
-    isSecureBoot = true;
-    isCrypted = true;
-    isBtrfs = false;
-    isLinux = true;
-    isNixos = true;
+  home-manager.users."${primaryUser}" = {
+    home.stateVersion = lib.mkForce "23.05";
+    swarselsystems = lib.recursiveUpdate
+      { }
+      sharedOptions;
   };
-
 }
 
 
@@ -3498,7 +3322,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 
    3.1.2.4. machpizza (MacBook Pro)
    
 
    
 
    
-A Mac notebook that I have received from work. I use this machine for getting accustomed to the Apple ecosystem as well as as a sandbox for nix-darwin configurations (the darwin configuration is severely under-developed).
+A Mac notebook that I have received from work. I use this machine for getting accustomed to the Apple ecosystem as well as as a sandbox for nix-darwin configurations.
 
    
 
 
    
@@ -3593,29 +3417,48 @@ My phone. I use only a minimal config for remote debugging here.
 
    3.1.3. Virtual hosts
    
 
    
 
    
-My server setup was originally built on Proxmox VE; back when I started, I created all kinds of wild Debian/Ubuntu/etc. KVMs and LXCs on there. However, the root disk has suffered a weird failure where it has become unable to be cloned, but was still functional. I was for a long time rewriting all machines on there to use NixOS instead; this process is now finished.
+My server setup was originally built on Proxmox VE; back when I started, I created all kinds of wild Debian/Ubuntu/etc. KVMs and LXCs on there. However, the root disk has suffered a weird failure where it has become unable to be cloned, but it is still functional for now. I was for a long time rewriting all machines on there to use NixOS instead; this process is now finished.
 
    
 
 
    
-I have removed most of the machines from this section. What remains are some hosts that I have deployed on OCI:
+I have removed most of the machines from this section. What remains are some hosts that I have deployed on OCI (mostly sync for medium-important data) and one other machine that I left for now as a reference.
 
    
-
      
-
    • MilkyWell: cloud server used for very lightweight sync tasks of non-critical data
      • 
-
    • Moonside: Proxy server + some lightweight services
      • 
-
    
 
    
 
    
 
    3.1.3.1. MilkyWell (OCI)
    
 
    
 
    
-For this I use a free Ampere instance from OCI with 50G of space. In case my account gets terminated, all of this data is easily replaceable or backed up regularly anyways.
+This machine mainly acts as an external sync helper. It manages the following things:
 
    
+
      
+
    • Anki syncing
      • 
+
    • Forgejo git server
      • 
+
    • Elfeed sync server (RSS)
      • 
+
    • 
+Syncthing backup of replaceable data
+
      
+
+
      
+All of these are processes that use little cpu but can take a lot of storage. For this I use a free Ampere instance from OCI with 50G of space. In case my account gets terminated, all of this data is easily replaceable or backed up regularly anyways.
+
      • 
+
    
 
    
 
    
 
    3.1.3.1.1. Main configuration
    
 
    
 
    
-
    { lib, minimal, ... }:
+
    { lib, config, minimal, ... }:
+let
+  primaryUser = config.swarselsystems.mainUser;
+  sharedOptions = {
+    isBtrfs = true;
+    isLinux = true;
+    isNixos = true;
+  };
+  profiles = {
+    minimal = lib.mkIf minimal true;
+  };
+in
 {
   imports = [
     ./hardware-configuration.nix
@@ -3634,29 +3477,29 @@ For this I use a free Ampere instance from OCI with 50G of space. In case my acc
     domain = "subnet03112148.vcn03112148.oraclevcn.com";
   };
 
-  topology.self = {
-    icon = "devices.cloud-server";
-  };
-
   hardware = {
     enableAllFirmware = lib.mkForce false;
   };
 
-  swarselprofiles = {
-    minimal = lib.mkIf minimal true;
-    server.syncserver = true;
-  };
-  swarselsystems = {
-    info = "VM.Standard.E2.1.Micro";
-    isImpermanence = true;
-    isSecureBoot = false;
-    isCrypted = true;
-    isSwap = true;
-    rootDisk = "/dev/sda";
-    swapSize = "4G";
-    isBtrfs = true;
-    isLinux = true;
-    isNixos = true;
+  swarselsystems = lib.recursiveUpdate
+    {
+      info = "VM.Standard.E2.1.Micro";
+      isImpermanence = true;
+      isSecureBoot = false;
+      isCrypted = true;
+      isSwap = true;
+      rootDisk = "/dev/sda";
+      swapSize = "4G";
+      profiles = {
+        server.syncserver = true;
+      };
+    }
+    sharedOptions;
+
+  home-manager.users."${primaryUser}" = {
+    swarselsystems = lib.recursiveUpdate
+      { }
+      sharedOptions;
   };
 
 }
@@ -3807,18 +3650,24 @@ in
 
    
 
    3.1.3.2. Moonside (OCI)
    
 
    
-
    
-This machine mainly acts as my proxy server to stand before my local machines.
-
    
 
    
 
    
 
    3.1.3.2.1. Main Configuration
    
 
    
 
    
-
    { lib, config, ... }:
+
    { lib, config, globals, ... }:
 let
+  primaryUser = config.swarselsystems.mainUser;
+  inherit (config.repo.secrets.common) workHostName;
   inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1;
   inherit (config.swarselsystems) sopsFile;
+  serviceDomain = config.repo.secrets.common.services.domains.syncthing3;
+
+  sharedOptions = {
+    isBtrfs = true;
+    isNixos = true;
+    isLinux = true;
+  };
 in
 {
   imports = [
@@ -3841,16 +3690,22 @@ in
 
   environment = {
     etc."issue".text = "\4";
+
+    persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [
+      {
+        directory = "/var/lib/syncthing";
+        user = "syncthing";
+        group = "syncthing";
+        mode = "0700";
+      }
+    ];
   };
 
-  topology.self = {
-    icon = "devices.cloud-server";
-    interfaces.wg = {
-      addresses = [ "192.168.3.4" ];
-      renderer.hidePhysicalConnections = true;
-      virtual = true;
-      type = "wireguard";
-    };
+  topology.self.interfaces.wg = {
+    addresses = [ "192.168.3.4" ];
+    renderer.hidePhysicalConnections = true;
+    virtual = true;
+    type = "wireguard";
   };
 
   networking = {
@@ -3890,74 +3745,148 @@ in
 
   system.stateVersion = "23.11";
 
-  services.syncthing = {
-    dataDir = lib.mkForce "/sync";
-    settings = {
-      devices = config.swarselsystems.syncthing.devices // {
-        "${dev1}" = {
-          id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7";
-        };
-        "${dev2}" = {
-          id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH";
-        };
-        "${dev3}" = {
-          id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR";
-        };
-      };
-      folders = {
-        "Documents" = {
-          path = "/sync/Documents";
-          type = "receiveonly";
-          versioning = {
-            type = "simple";
-            params.keep = "2";
+  globals.services."syncthing-${config.networking.hostName}".domain = serviceDomain;
+
+  services = {
+    nginx = {
+      virtualHosts = {
+        ${serviceDomain} = {
+          enableACME = true;
+          forceSSL = true;
+          acmeRoot = null;
+          locations = {
+            "/" = {
+              proxyPass = "http://localhost:8384";
+              extraConfig = ''
+                client_max_body_size 0;
+              '';
+            };
           };
-          devices = [ "pyramid" ];
-          id = "hgr3d-pfu3w";
-        };
-        "runandbun" = {
-          path = "/sync/runandbun";
-          type = "receiveonly";
-          versioning = {
-            type = "simple";
-            params.keep = "5";
-          };
-          devices = [ "winters" "magicant" ];
-          id = "kwnql-ev64v";
-        };
-        "${loc1}" = {
-          path = "/sync/${loc1}";
-          type = "receiveonly";
-          versioning = {
-            type = "simple";
-            params.keep = "3";
-          };
-          devices = [ dev1 dev2 dev3 ];
-          id = "5gsxv-rzzst";
         };
       };
     };
-  };
 
-  swarselprofiles = {
-    server.moonside = true;
-  };
-
-  swarselsystems = {
-    info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM";
-    isImpermanence = true;
-    isSecureBoot = false;
-    isCrypted = false;
-    isSwap = false;
-    rootDisk = "/dev/sda";
-    isBtrfs = true;
-    isNixos = true;
-    isLinux = true;
     syncthing = {
-      serviceDomain = config.repo.secrets.common.services.domains.syncthing3;
-      serviceIP = "localhost";
+      enable = true;
+      guiAddress = "0.0.0.0:8384";
+      openDefaultPorts = true;
+      relay.enable = false;
+      settings = {
+        urAccepted = -1;
+        devices = {
+          "magicant" = {
+            id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO";
+          };
+          "winters" = {
+            id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
+          };
+          "${workHostName}" = {
+            id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB";
+          };
+          "${dev1}" = {
+            id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7";
+          };
+          "${dev2}" = {
+            id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH";
+          };
+          "${dev3}" = {
+            id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR";
+          };
+        };
+        folders = {
+          "Default Folder" = lib.mkForce {
+            path = "/sync/Sync";
+            type = "receiveonly";
+            versioning = null;
+            devices = [ "winters" "magicant" "${workHostName}" ];
+            id = "default";
+          };
+          "Obsidian" = {
+            path = "/sync/Obsidian";
+            type = "receiveonly";
+            versioning = {
+              type = "simple";
+              params.keep = "5";
+            };
+            devices = [ "winters" "magicant" "${workHostName}" ];
+            id = "yjvni-9eaa7";
+          };
+          "Org" = {
+            path = "/sync/Org";
+            type = "receiveonly";
+            versioning = {
+              type = "simple";
+              params.keep = "5";
+            };
+            devices = [ "winters" "magicant" "${workHostName}" ];
+            id = "a7xnl-zjj3d";
+          };
+          "Vpn" = {
+            path = "/sync/Vpn";
+            type = "receiveonly";
+            versioning = {
+              type = "simple";
+              params.keep = "5";
+            };
+            devices = [ "winters" "magicant" "${workHostName}" ];
+            id = "hgp9s-fyq3p";
+          };
+          "Documents" = {
+            path = "/sync/Documents";
+            type = "receiveonly";
+            versioning = {
+              type = "simple";
+              params.keep = "2";
+            };
+            devices = [ "winters" ];
+            id = "hgr3d-pfu3w";
+          };
+          "runandbun" = {
+            path = "/sync/runandbun";
+            type = "receiveonly";
+            versioning = {
+              type = "simple";
+              params.keep = "5";
+            };
+            devices = [ "winters" "magicant" ];
+            id = "kwnql-ev64v";
+          };
+          "${loc1}" = {
+            path = "/sync/${loc1}";
+            type = "receiveonly";
+            versioning = {
+              type = "simple";
+              params.keep = "3";
+            };
+            devices = [ dev1 dev2 dev3 ];
+            id = "5gsxv-rzzst";
+          };
+        };
+      };
     };
   };
+
+  swarselsystems = lib.recursiveUpdate
+    {
+      info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM";
+      isImpermanence = true;
+      isSecureBoot = false;
+      isCrypted = false;
+      isSwap = false;
+      rootDisk = "/dev/sda";
+      profiles = {
+        server.moonside = true;
+      };
+    }
+    sharedOptions;
+
+  home-manager.users."${primaryUser}" = {
+    home.stateVersion = lib.mkForce "23.11";
+    swarselsystems = lib.recursiveUpdate
+      { }
+      sharedOptions;
+  };
+
 }
 
 
    
@@ -4138,7 +4067,18 @@ This is a slim setup for developing base configuration. I do not track the hardw
 
    3.1.4.1.1. Main Configuration
    
 
    
 
    
-
    { self, lib, minimal, ... }:
+
    { self, config, lib, minimal, ... }:
+let
+  primaryUser = config.swarselsystems.mainUser;
+  sharedOptions = {
+    isBtrfs = true;
+    isLinux = true;
+    profiles = {
+      toto = lib.mkIf (!minimal) true;
+      minimal = lib.mkIf minimal true;
+    };
+  };
+in
 {
 
   imports = [
@@ -4146,33 +4086,38 @@ This is a slim setup for developing base configuration. I do not track the hardw
     ./hardware-configuration.nix
   ];
 
+
+
   networking = {
     hostName = "toto";
     firewall.enable = false;
   };
 
-  swarselprofiles = {
-    toto = lib.mkIf (!minimal) true;
-    btrfs = true;
-  };
+  swarselsystems = lib.recursiveUpdate
+    {
+      info = "~SwarselSystems~ remote install helper";
+      wallpaper = self + /files/wallpaper/lenovowp.png;
+      isImpermanence = true;
+      isCrypted = true;
+      isSecureBoot = false;
+      isSwap = true;
+      swapSize = "2G";
+      # rootDisk = "/dev/nvme0n1";
+      rootDisk = "/dev/vda";
+      profiles.btrfs = true;
+      # rootDisk = "/dev/vda";
+    }
+    sharedOptions;
 
-  swarselsystems = {
-    info = "~SwarselSystems~ remote install helper";
-    wallpaper = self + /files/wallpaper/lenovowp.png;
-    isImpermanence = true;
-    isCrypted = true;
-    isSecureBoot = false;
-    isSwap = true;
-    swapSize = "2G";
-    # rootDisk = "/dev/nvme0n1";
-    rootDisk = "/dev/vda";
-    # rootDisk = "/dev/vda";
-    isBtrfs = true;
-    isLinux = true;
-    isLaptop = false;
-    isNixos = true;
+  home-manager.users.${primaryUser} = {
+    home.stateVersion = lib.mkForce "23.05";
+    swarselsystems = lib.recursiveUpdate
+      {
+        isLaptop = false;
+        isNixos = true;
+      }
+      sharedOptions;
   };
-
 }
 
 
@@ -4320,20 +4265,12 @@ in
 
    
 
    
 
    
-
    3.1.4.2. TODO Drugstore (ISO installer config)
    
+
    3.1.4.2. Drugstore (ISO installer config)
    
 
    
 
    
 This is a live environment ISO that I use to bootstrap new systems. It only loads a minimal configuration and no graphical interface. After booting this image on a host, find out its IP and bootstrap the system using the bootstrap utility.
 
    
 
-
    
-NOTE: Yes, the path to this system does not follow the scheme outlined above - I still consider this a 'config' however, so I keep it here.
-
    
-
-
    
-TODO: cleanup this mess
-
    
-
 
 
    
 
    { self, config, pkgs, lib, ... }:
@@ -4521,8 +4458,6 @@ This is the "reference implementation" of a setup that runs without NixOS, only
     inputs.sops-nix.homeManagerModules.sops
     inputs.nix-index-database.hmModules.nix-index
     "${self}/modules/home"
-    "${self}/modules/nixos/common/pii.nix"
-    "${self}/modules/nixos/common/meta.nix"
   ];
 
   nixpkgs = {
@@ -4576,56 +4511,67 @@ I also set the WLR_RENDERER_ALLOW_SOFTWARE=1 to allow this configur
 
    { self, config, pkgs, lib, minimal, ... }:
 let
   mainUser = "demo";
-in
-{
-
-  imports = [
-    ./hardware-configuration.nix
-    ./disk-config.nix
-    {
-      _module.args.diskDevice = config.swarselsystems.rootDisk;
-    }
-  ];
-
-  environment.variables = {
-    WLR_RENDERER_ALLOW_SOFTWARE = 1;
-  };
-
-  services.qemuGuest.enable = true;
-
-  boot = {
-    loader.systemd-boot.enable = lib.mkForce true;
-    loader.efi.canTouchEfiVariables = true;
-    kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
-  };
-
-  networking = {
-    hostName = "chaostheatre";
-    firewall.enable = true;
-  };
-
-  swarselprofiles = {
-    chaostheatre = lib.mkIf (!minimal) true;
-    minimal = lib.mkIf minimal true;
-    btrfs = true;
-  };
-  swarselsystems = {
-    info = "~SwarselSystems~ demo host";
-    wallpaper = self + /files/wallpaper/lenovowp.png;
-    isImpermanence = true;
-    isCrypted = true;
-    isSecureBoot = false;
-    isSwap = true;
-    swapSize = "4G";
-    rootDisk = "/dev/vda";
-    isBtrfs = false;
+  sharedOptions = {
     inherit mainUser;
+    isBtrfs = false;
     isLinux = true;
     isPublic = true;
-    isNixos = true;
+    profiles = {
+      chaostheatre = lib.mkIf (!minimal) true;
+      minimal = lib.mkIf minimal true;
+    };
   };
+in
+  {
 
-}
+    imports = [
+      ./hardware-configuration.nix
+      ./disk-config.nix
+      {
+        _module.args.diskDevice = config.swarselsystems.rootDisk;
+      }
+    ];
+
+    environment.variables = {
+      WLR_RENDERER_ALLOW_SOFTWARE = 1;
+    };
+
+    services.qemuGuest.enable = true;
+
+    boot = {
+      loader.systemd-boot.enable = lib.mkForce true;
+      loader.efi.canTouchEfiVariables = true;
+      kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+    };
+
+    networking = {
+      hostName = "chaostheatre";
+      firewall.enable = true;
+    };
+
+    swarselsystems = lib.recursiveUpdate
+      {
+        info = "~SwarselSystems~ demo host";
+        wallpaper = self + /files/wallpaper/lenovowp.png;
+        isImpermanence = true;
+        isCrypted = true;
+        isSecureBoot = false;
+        isSwap = true;
+        swapSize = "4G";
+        rootDisk = "/dev/vda";
+        profiles.btrfs = true;
+      }
+      sharedOptions;
+
+    home-manager.users.${mainUser} = {
+      home.stateVersion = lib.mkForce "23.05";
+      swarselsystems = lib.recursiveUpdate
+        {
+          isNixos = true;
+        }
+        sharedOptions;
+    };
+  }
 
 
 
    
@@ -4827,15 +4773,18 @@ This section is for setting things that should be used on hosts that are using t
 
    
 
 
    
-
    { lib, ... }:
+
    { self, lib, ... }:
 let
   importNames = lib.swarselsystems.readNix "modules/nixos/common";
-  sharedNames = lib.swarselsystems.readNix "modules/shared";
+  modulesPath = "${self}/modules";
 in
-{
-  imports = lib.swarselsystems.mkImports importNames "modules/nixos/common" ++
-    lib.swarselsystems.mkImports sharedNames "modules/shared";
-}
+  {
+    imports = lib.swarselsystems.mkImports importNames "modules/nixos/common" ++ [
+      "${modulesPath}/home/common/sharedsetup.nix"
+    ];
+
+
+  }
 
 
    
 
    
@@ -4922,65 +4871,59 @@ let
   inherit (lib)
     mkOption
     types
-    ;
+  ;
 in
   {
-  options = {
-    globals = mkOption {
-      default = { };
-      type = types.submodule {
-        options = {
-          root = {
-            hashedPassword = mkOption {
-              type = types.str;
+    options = {
+      globals = mkOption {
+        default = { };
+        type = types.submodule {
+          options = {
+            user = {
+              name = mkOption {
+                type = types.str;
+              };
+              work = mkOption {
+                type = types.str;
+              };
             };
-          };
-
-          user = {
-            name = mkOption {
-              type = types.str;
-            };
-            work = mkOption {
-              type = types.str;
-            };
-          };
 
 
-          services = mkOption {
-            type = types.attrsOf (
-              types.submodule {
-                options = {
-                  domain = mkOption {
-                    type = types.str;
+            services = mkOption {
+              type = types.attrsOf (
+                types.submodule {
+                  options = {
+                    domain = mkOption {
+                      type = types.str;
+                    };
                   };
-                };
-              }
-            );
-          };
+                }
+              );
+            };
 
-          domains = {
-            main = mkOption {
-              type = types.str;
+            domains = {
+              main = mkOption {
+                type = types.str;
+              };
             };
           };
         };
       };
-    };
 
-    _globalsDefs = mkOption {
-      type = types.unspecified;
-      default = options.globals.definitions;
-      readOnly = true;
-      internal = true;
+      _globalsDefs = mkOption {
+        type = types.unspecified;
+        default = options.globals.definitions;
+        readOnly = true;
+        internal = true;
+      };
     };
-  };
-}
+  }
 
    
 
    
 
    
 
    
 
    
-
    3.2.1.4. Meta options (options only)
    
+
    3.2.1.4. Meta options (automatically active)
    
 
    
 
    
 
    { lib, ... }:
@@ -5003,43 +4946,38 @@ in
 
    
 
    
 
    
-
    
-
    3.2.1.5. Expose home-manager secrets in NixOS (automatically active)
    
-
    
+
    
+
    3.2.1.5. Shared Configuration Options (automatically active)
    
+
    
+
    
+I usually use mutableUsers = false in my NixOS configuration. However, on a new system where sops-keys have not been deployed, this would immediately lock me out of the system. Hence this flag can be used until sops-keys are created.
+
    
+
 
    
-
    { lib, config, globals, ... }:
-let
-  inherit (config.swarselsystems) mainUser homeDir;
-  inherit (config.repo.secrets.common.emacs) radicaleUser;
-  modules = config.home-manager.users.${mainUser}.swarselmodules;
-in
+
    { lib, ... }:
 {
-  config = lib.mkIf config.swarselsystems.withHomeManager {
-    sops = {
-      secrets = (lib.optionalAttrs modules.mail
-        {
-          address1-token = { owner = mainUser; };
-          address2-token = { owner = mainUser; };
-          address3-token = { owner = mainUser; };
-          address4-token = { owner = mainUser; };
-        }) // (lib.optionalAttrs modules.waybar {
-        github-notifications-token = { owner = mainUser; };
-      }) // (lib.optionalAttrs modules.emacs {
-        fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; };
-      }) // (lib.optionalAttrs modules.zsh {
-        croc-password = { owner = mainUser; };
-      }) // (lib.optionalAttrs modules.emacs {
-        emacs-radicale-pw = { owner = mainUser; };
-      });
-      templates = {
-        authinfo = {
-          path = "${homeDir}/.emacs.d/.authinfo";
-          content = ''
-            machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
-          '';
-          owner = mainUser;
-        };
+  options = {
+    swarselsystems = {
+      withHomeManager = lib.mkOption {
+        type = lib.types.bool;
+        default = true;
       };
+      isSwap = lib.mkOption {
+        type = lib.types.bool;
+        default = true;
+      };
+      swapSize = lib.mkOption {
+        type = lib.types.str;
+        default = "8G";
+      };
+      rootDisk = lib.mkOption {
+        type = lib.types.str;
+        default = "";
+      };
+      isCrypted = lib.mkEnableOption "uses full disk encryption";
+
+      isImpermanence = lib.mkEnableOption "use impermanence on this system";
+      isSecureBoot = lib.mkEnableOption "use secure boot on this system";
     };
   };
 }
@@ -5149,9 +5087,7 @@ let
         channel.enable = false;
         registry = rec {
           nixpkgs.flake = inputs.nixpkgs;
-          swarsel.flake = inputs.swarsel;
-          n = nixpkgs;
-          s = swarsel;
+          p = nixpkgs;
         };
         nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
       };
@@ -5165,8 +5101,8 @@ let
   };
 in
 {
-  options.swarselmodules.general = lib.mkEnableOption "general nix settings";
-  config = lib.mkIf config.swarselmodules.general
+  options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings";
+  config = lib.mkIf config.swarselsystems.modules.general
     (lib.recursiveUpdate
       {
         sops.secrets.github-api-token = lib.mkIf (!minimal) {
@@ -5224,15 +5160,15 @@ We enable the use of home-manager as a NixoS module. A nice trick h
 
    
 
 
    
-
    { self, inputs, config, lib, outputs, globals, options, nodes, minimal, configName, ... }:
+
    { self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }:
   {
-    options.swarselmodules.home-manager = lib.mkEnableOption "home-manager";
-    config = lib.mkIf config.swarselmodules.home-manager {
+    options.swarselsystems.modules.home-manager = lib.mkEnableOption "home-manager";
+    config = lib.mkIf config.swarselsystems.modules.home-manager {
       home-manager = lib.mkIf config.swarselsystems.withHomeManager {
         useGlobalPkgs = true;
         useUserPackages = true;
         verbose = true;
-        users.${config.swarselsystems.mainUser}.imports = [
+        users.swarsel.imports = [
           inputs.nix-index-database.hmModules.nix-index
           inputs.sops-nix.homeManagerModules.sops
           # inputs.stylix.homeModules.stylix
@@ -5240,11 +5176,8 @@ We enable the use of home-manager as a NixoS module. A nice trick h
             imports = [
               "${self}/profiles/home"
               "${self}/modules/home"
-              {
-                swarselprofiles = {
-                  minimal = lib.mkIf minimal true;
-                };
-              }
+              # "${self}/modules/nixos/common/pii.nix"
+              # "${self}/modules/nixos/common/meta.nix"
             ];
             # node = {
             #   secretsDir = if (!config.swarselsystems.isNixos) then ../../../hosts/home/${configName}/secrets else ../../../hosts/nixos/${configName}/secrets;
@@ -5273,30 +5206,24 @@ For that reason, make sure that sops-nix is properly working before
 
    
 
 
    
-
    { self, pkgs, config, lib, globals, minimal, ... }:
+
    { self, pkgs, config, lib, minimal, ... }:
 let
   sopsFile = self + /secrets/general/secrets.yaml;
 in
   {
-    options.swarselmodules.users = lib.mkEnableOption "user config";
-    config = lib.mkIf config.swarselmodules.users {
+    options.swarselsystems.modules.users = lib.mkEnableOption "user config";
+    config = lib.mkIf config.swarselsystems.modules.users {
       sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; };
 
       users = {
         mutableUsers = lib.mkIf (!minimal) false;
-        users = {
-          root = {
-            inherit (globals.root) hashedPassword;
-            shell = pkgs.zsh;
-          };
-          "${config.swarselsystems.mainUser}" = {
+        users."${config.swarselsystems.mainUser}" = {
           isNormalUser = true;
           description = "Leon S";
-          password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup";
-          hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path;
+          password = lib.mkIf minimal "setup";
+          hashedPasswordFile = lib.mkIf (!minimal) config.sops.secrets.main-user-hashed-pw.path;
           extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ];
           packages = with pkgs; [ ];
-          };
         };
       };
     };
@@ -5315,8 +5242,8 @@ Next, we setup the keymap in case we are not in a graphical session. At this poi
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.xserver = lib.mkEnableOption "xserver keymap";
-  config = lib.mkIf config.swarselmodules.packages {
+  options.swarselsystems.modules.xserver = lib.mkEnableOption "xserver keymap";
+  config = lib.mkIf config.swarselsystems.modules.packages {
     services.xserver = {
       xkb = {
         layout = "us";
@@ -5339,8 +5266,8 @@ Setup timezone and locale. I want to use the US layout, but have the rest adapte
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.time = lib.mkEnableOption "time config";
-  config = lib.mkIf config.swarselmodules.time {
+  options.swarselsystems.modules.time = lib.mkEnableOption "time config";
+  config = lib.mkIf config.swarselsystems.modules.time {
     time = {
       timeZone = "Europe/Vienna";
       # hardwareClockInLocalTime = true;
@@ -5434,9 +5361,9 @@ in
           description = "Exposes the loaded repo secrets. This option is read-only.";
         };
       };
-      swarselmodules.pii = lib.mkEnableOption "enable pii management";
+      swarselsystems.modules.pii = lib.mkEnableOption "enable pii management";
     };
-  config = lib.mkIf config.swarselmodules.pii {
+  config = lib.mkIf config.swarselsystems.modules.pii {
     repo.secretFiles =
       let
         local = config.node.secretsDir + "/pii.nix.enc";
@@ -5461,8 +5388,8 @@ This dynamically uses systemd boot or Lanzaboote depending on the minimal system
 
    
 
    { lib, pkgs, config, minimal, ... }:
 {
-  options.swarselmodules.lanzaboote = lib.mkEnableOption "lanzaboote config";
-  config = lib.mkIf config.swarselmodules.lanzaboote {
+  options.swarselsystems.modules.lanzaboote = lib.mkEnableOption "lanzaboote config";
+  config = lib.mkIf config.swarselsystems.modules.lanzaboote {
 
     environment.systemPackages = lib.mkIf config.swarselsystems.isSecureBoot [
       pkgs.sbctl
@@ -5485,41 +5412,8 @@ This dynamically uses systemd boot or Lanzaboote depending on the minimal system
 
    
 
    
 
    
-
    
-
    3.2.1.14. Boot
    
-
    
-
    
-
    { lib, pkgs, config, globals, ... }:
-{
-  options.swarselmodules.boot = lib.mkEnableOption "boot config";
-  config = lib.mkIf config.swarselmodules.boot {
-    boot = {
-      initrd.systemd = {
-        enable = true;
-        emergencyAccess = globals.root.hashedPassword;
-        users.root.shell = "${pkgs.bashInteractive}/bin/bash";
-        storePaths = [ "${pkgs.bashInteractive}/bin/bash" ];
-        extraBin = {
-          ip = "${pkgs.iproute2}/bin/ip";
-          ping = "${pkgs.iputils}/bin/ping";
-          cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
-        };
-      };
-      kernelParams = [ "log_buf_len=16M" ];
-      tmp.useTmpfs = true;
-      loader.timeout = lib.mkDefault 2;
-    };
-
-    console.earlySetup = true;
-
-  };
-}
-
    
-
    
-
    
-
    
 
    
-
    3.2.1.15. Impermanence
    
+
    3.2.1.14. Impermanence
    
 
    
 
    
 This is where the impermanence magic happens. When this is enabled, the root directory is rolled back to a blanket state on each reboot.
@@ -5536,8 +5430,8 @@ let
   inherit (config.swarselsystems) isImpermanence isCrypted;
 in
 {
-  options.swarselmodules.impermanence = lib.mkEnableOption "impermanence config";
-  config = lib.mkIf config.swarselmodules.impermanence {
+  options.swarselsystems.modules.impermanence = lib.mkEnableOption "impermanence config";
+  config = lib.mkIf config.swarselsystems.modules.impermanence {
 
 
     security.sudo.extraConfig = lib.mkIf isImpermanence ''
@@ -5632,9 +5526,6 @@ in
 
    
 
    3.2.2. Client
    
 
    
-
    
-This section is to be used for modules that are most likely only used on client PCs (like my laptops) but no on servers.
-
    
 
    
 
    
 
    3.2.2.1. Imports
    
@@ -5666,8 +5557,8 @@ Mostly used to install some compilers and lsp's that I want to have available wh
 
    
 
    { lib, config, pkgs, minimal, ... }:
 {
-  options.swarselmodules.packages = lib.mkEnableOption "install packages";
-  config = lib.mkIf config.swarselmodules.packages {
+  options.swarselsystems.modules.packages = lib.mkEnableOption "install packages";
+  config = lib.mkIf config.swarselsystems.modules.packages {
 
     environment.systemPackages = with pkgs; lib.optionals (!minimal) [
       # yubikey packages
@@ -5774,8 +5665,8 @@ Next, we will setup some environment variables that need to be set on the system
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.env = lib.mkEnableOption "environment config";
-  config = lib.mkIf config.swarselmodules.env {
+  options.swarselsystems.modules.env = lib.mkEnableOption "environment config";
+  config = lib.mkIf config.swarselsystems.modules.env {
 
     environment = {
       wordlist.enable = true;
@@ -5805,8 +5696,8 @@ Needed for control over system-wide privileges etc. Also I make sure that the ro
 
    
 
    { lib, config, minimal, ... }:
 {
-  options.swarselmodules.security = lib.mkEnableOption "security config";
-  config = lib.mkIf config.swarselmodules.security {
+  options.swarselsystems.modules.security = lib.mkEnableOption "security config";
+  config = lib.mkIf config.swarselsystems.modules.security {
 
     security = {
       pam.services = lib.mkIf (!minimal) {
@@ -5840,8 +5731,8 @@ There is a persistent bug over Linux kernels that makes the user wait 1m30s on s
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.systemdTimeout = lib.mkEnableOption "systemd timeout config";
-  config = lib.mkIf config.swarselmodules.systemdTimeout {
+  options.swarselsystems.modules.systemdTimeout = lib.mkEnableOption "systemd timeout config";
+  config = lib.mkIf config.swarselsystems.modules.systemdTimeout {
     # systemd
     systemd.extraConfig = ''
       DefaultTimeoutStartSec=60s
@@ -5864,8 +5755,8 @@ Enable OpenGL, Sound, Bluetooth and various drivers.
 
    { pkgs, config, lib, ... }:
 {
 
-  options.swarselmodules.hardware = lib.mkEnableOption "hardware config";
   options.swarselsystems = {
+    modules.hardware = lib.mkEnableOption "hardware config";
     hasBluetooth = lib.mkEnableOption "bluetooth availability";
     hasFingerprint = lib.mkEnableOption "fingerprint sensor availability";
     trackpoint = {
@@ -5876,7 +5767,7 @@ Enable OpenGL, Sound, Bluetooth and various drivers.
       };
     };
   };
-  config = lib.mkIf config.swarselmodules.hardware {
+  config = lib.mkIf config.swarselsystems.modules.hardware {
     hardware = {
       # opengl.driSupport32Bit = true is replaced with graphics.enable32Bit and hence redundant
       graphics = {
@@ -5924,8 +5815,8 @@ This is only used on systems not running Pipewire.
 
    
 
    { config, pkgs, lib, ... }: {
 
-  options.swarselmodules.pulseaudio = lib.mkEnableOption "pulseaudio config";
-  config = lib.mkIf config.swarselmodules.pulseaudio {
+  options.swarselsystems.modules.pulseaudio = lib.mkEnableOption "pulseaudio config";
+  config = lib.mkIf config.swarselsystems.modules.pulseaudio {
     services.pulseaudio = {
       enable = lib.mkIf (!config.services.pipewire.enable) true;
       package = pkgs.pulseaudioFull;
@@ -5947,8 +5838,8 @@ Pipewire handles communication on Wayland. This enables several sound tools as w
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.pipewire = lib.mkEnableOption "pipewire config";
-  config = lib.mkIf config.swarselmodules.pipewire {
+  options.swarselsystems.modules.pipewire = lib.mkEnableOption "pipewire config";
+  config = lib.mkIf config.swarselsystems.modules.pipewire {
     security.rtkit.enable = true; # this is required for pipewire real-time access
 
     services.pipewire = {
@@ -5989,10 +5880,10 @@ let
 in
 {
   options.swarselsystems = {
+    modules.network = lib.mkEnableOption "network config";
     firewall = lib.swarselsystems.mkTrueOption;
   };
-  options.swarselmodules.network = lib.mkEnableOption "network config";
-  config = lib.mkIf config.swarselmodules.network {
+  config = lib.mkIf config.swarselsystems.modules.network {
 
     sops = {
       secrets = lib.mkIf (!config.swarselsystems.isPublic) {
@@ -6028,7 +5919,6 @@ in
     };
 
     networking = {
-      inherit (config.swarselsystems) hostName;
       wireless.iwd = {
         enable = true;
         settings = {
@@ -6097,7 +5987,7 @@ in
               wifi-security = {
                 auth-alg = "open";
                 key-mgmt = "wpa-psk";
-                psk = "$WLAN1_PW";
+                psk = "WLAN1_PW";
               };
             };
 
@@ -6314,33 +6204,25 @@ I use sops-nix to handle secrets that I want to have available on my machines at
 
  • update entry for sops.age.sshKeyPaths
    • 
 
 
-
    
-#+beginsrc nix-ts :tangle modules/nixos/client/sops.nix
-  { config, lib, … }:
-  {
-    options.swarselmodules.sops = lib.mkEnableOption "sops config";
-    config = lib.mkIf config.swarselmodules.sops {
-      sops = {
-
    
+
    
+
    { config, lib, ... }:
+{
+  options.swarselsystems.modules.sops = lib.mkEnableOption "sops config";
+  config = lib.mkIf config.swarselsystems.modules.sops {
+    sops = {
 
-
    
-age.sshKeyPaths = [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/sshhosted25519key" ];
-
    
+      # age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
+      age.sshKeyPaths = [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
+      # defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
+      defaultSopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
 
-
    
-defaultSopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
-
    
+      validateSopsFiles = false;
 
-
    
-validateSopsFiles = false;
-
    
-
-
    
-      };
     };
-  }
-sh#+endsrc
-
    
+  };
+}
+
    
+
    
 
    
 
    
 
    
@@ -6352,23 +6234,23 @@ By default, stylix wants to style
 
    
 
 
    
-
    { self, lib, config, vars, ... }:
+
    { self, lib, config, ... }:
 {
-  options.swarselmodules.stylix = lib.mkEnableOption "stylix config";
+  options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix config";
   config = {
     stylix = {
       enable = true;
       base16Scheme = "${self}/files/stylix/swarsel.yaml";
-    } // lib.optionalAttrs config.swarselmodules.stylix
+    } // lib.optionalAttrs config.swarselsystems.modules.stylix
       (lib.recursiveUpdate
         {
           targets.grub.enable = false; # the styling makes grub more ugly
           image = config.swarselsystems.wallpaper;
         }
-        vars.stylix);
+        config.swarselsystems.stylix);
     home-manager.users."${config.swarselsystems.mainUser}" = {
       stylix = {
-        targets = vars.stylixHomeTargets;
+        targets = config.swarselsystems.stylixHomeTargets;
       };
     };
   };
@@ -6387,8 +6269,8 @@ Some programs profit from being installed through dedicated NixOS settings on sy
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.programs = lib.mkEnableOption "small program modules config";
-  config = lib.mkIf config.swarselmodules.programs {
+  options.swarselsystems.modules.programs = lib.mkEnableOption "small program modules config";
+  config = lib.mkIf config.swarselsystems.modules.programs {
     programs = {
       dconf.enable = true;
       evince.enable = true;
@@ -6409,8 +6291,8 @@ Here I disable global completion to prevent redundant compinit calls and cache i
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.zsh = lib.mkEnableOption "zsh base config";
-  config = lib.mkIf config.swarselmodules.zsh {
+  options.swarselsystems.modules.zsh = lib.mkEnableOption "zsh base config";
+  config = lib.mkIf config.swarselsystems.modules.zsh {
     programs.zsh = {
       enable = true;
       enableCompletion = false;
@@ -6431,11 +6313,10 @@ Here I disable global completion to prevent redundant compinit calls and cache i
 
    { lib, config, pkgs, ... }:
 let
   inherit (config.swarselsystems) mainUser homeDir;
-  devices = config.swarselsystems.syncthing.syncDevices;
 in
 {
-  options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config";
-  config = lib.mkIf config.swarselmodules.syncthing {
+  options.swarselsystems.modules.syncthing = lib.mkEnableOption "syncthing config";
+  config = lib.mkIf config.swarselsystems.modules.syncthing {
     services.syncthing = {
       enable = true;
       package = pkgs.stable.syncthing;
@@ -6449,26 +6330,39 @@ in
         options = {
           urAccepted = -1;
         };
-        inherit (config.swarselsystems.syncthing) devices;
+        devices = {
+          "magicant" = {
+            id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO";
+          };
+          "sync@oracle" = {
+            id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
+          };
+          "winters" = {
+            id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
+          };
+          "moonside@oracle" = {
+            id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE";
+          };
+        };
         folders = {
           "Default Folder" = lib.mkDefault {
             path = "${homeDir}/Sync";
-            inherit devices;
+            devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ];
             id = "default";
           };
           "Obsidian" = {
             path = "${homeDir}/Nextcloud/Obsidian";
-            inherit devices;
+            devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ];
             id = "yjvni-9eaa7";
           };
           "Org" = {
             path = "${homeDir}/Nextcloud/Org";
-            inherit devices;
+            devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ];
             id = "a7xnl-zjj3d";
           };
           "Vpn" = {
             path = "${homeDir}/Vpn";
-            inherit devices;
+            devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ];
             id = "hgp9s-fyq3p";
           };
         };
@@ -6498,8 +6392,8 @@ Enables the blueman service including the nice system tray icon.
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.blueman = lib.mkEnableOption "blueman config";
-  config = lib.mkIf config.swarselmodules.blueman {
+  options.swarselsystems.modules.blueman = lib.mkEnableOption "blueman config";
+  config = lib.mkIf config.swarselsystems.modules.blueman {
     services.blueman.enable = true;
     services.hardware.bolt.enable = true;
   };
@@ -6524,8 +6418,8 @@ Avahi is the service used for the network discovery.
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.networkDevices = lib.mkEnableOption "network device config";
-  config = lib.mkIf config.swarselmodules.networkDevices {
+  options.swarselsystems.modules.networkDevices = lib.mkEnableOption "network device config";
+  config = lib.mkIf config.swarselsystems.modules.networkDevices {
     # enable scanners over network
     hardware.sane = {
       enable = true;
@@ -6569,8 +6463,8 @@ This is being set to allow myself to use all functions of nautilus in NixOS
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.gvfs = lib.mkEnableOption "gvfs config for nautilus";
-  config = lib.mkIf config.swarselmodules.gvfs {
+  options.swarselsystems.modules.gvfs = lib.mkEnableOption "gvfs config for nautilus";
+  config = lib.mkIf config.swarselsystems.modules.gvfs {
     services.gvfs.enable = true;
   };
 }
@@ -6588,8 +6482,8 @@ This is a super-convenient package that lets my remap my CAPS key t
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.interceptionTools = lib.mkEnableOption "interception tools config";
-  config = lib.mkIf config.swarselmodules.interceptionTools {
+  options.swarselsystems.modules.interceptionTools = lib.mkEnableOption "interception tools config";
+  config = lib.mkIf config.swarselsystems.modules.interceptionTools {
     # Make CAPS work as a dual function ESC/CTRL key
     services.interception-tools = {
       enable = true;
@@ -6642,8 +6536,8 @@ Most of the time I am using power-saver, however, it is good to be
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.ppd = lib.mkEnableOption "power profiles daemon config";
-  config = lib.mkIf config.swarselmodules.ppd {
+  options.swarselsystems.modules.ppd = lib.mkEnableOption "power profiles daemon config";
+  config = lib.mkIf config.swarselsystems.modules.ppd {
     services.power-profiles-daemon.enable = true;
   };
 }
@@ -6657,8 +6551,8 @@ Most of the time I am using power-saver, however, it is good to be
 
    
 
    { lib, pkgs, config, ... }:
 {
-  options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings";
-  config = lib.mkIf config.swarselmodules.swayosd {
+  options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings";
+  config = lib.mkIf config.swarselsystems.modules.swayosd {
     environment.systemPackages = [ pkgs.dev.swayosd ];
     services.udev.packages = [ pkgs.dev.swayosd ];
     systemd.services.swayosd-libinput-backend = {
@@ -6707,34 +6601,15 @@ Also, since I use a GPG key in sops, it seems that scdaemon creates an instance
 
 
    
 
    { lib, config, pkgs, ... }:
-let
-  inherit (config.swarselsystems) mainUser;
-  inherit (config.repo.secrets.common.yubikeys) cfg1 cfg2;
-in
 {
-  options.swarselmodules.yubikey = lib.mkEnableOption "yubikey config";
-  config = lib.mkIf config.swarselmodules.yubikey {
+  options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey config";
+  config = lib.mkIf config.swarselsystems.modules.yubikey {
     programs.ssh.startAgent = false;
 
     services.pcscd.enable = false;
 
     hardware.gpgSmartcards.enable = true;
 
-    security.pam.u2f = {
-      enable = true;
-      control = "sufficient";
-      settings = {
-        interactive = false; # displays a prompt BEFORE asking for presence
-        cue = true; # prints a message that a touch is requrired
-        origin = "pam://${mainUser}"; # make the keys work on all machines
-        authfile = pkgs.writeText "u2f-mappings" (lib.concatStrings [
-          mainUser
-          cfg1
-          cfg2
-        ]);
-      };
-    };
-
     services.udev.packages = with pkgs; [
       yubikey-personalization
     ];
@@ -6755,8 +6630,8 @@ This performs the necessary configuration to support this hardware.
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.ledger = lib.mkEnableOption "ledger config";
-  config = lib.mkIf config.swarselmodules.ledger {
+  options.swarselsystems.modules.ledger = lib.mkEnableOption "ledger config";
+  config = lib.mkIf config.swarselsystems.modules.ledger {
     hardware.ledger.enable = true;
 
     services.udev.packages = with pkgs; [
@@ -6779,8 +6654,8 @@ This loads some udev rules that I need for my split keyboards.
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.keyboards = lib.mkEnableOption "keyboards config";
-  config = lib.mkIf config.swarselmodules.keyboards {
+  options.swarselsystems.modules.keyboards = lib.mkEnableOption "keyboards config";
+  config = lib.mkIf config.swarselsystems.modules.keyboards {
     services.udev.packages = with pkgs; [
       qmk-udev-rules
       vial
@@ -6803,8 +6678,8 @@ This section houses the greetd related settings. I do not really want to use a d
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.login = lib.mkEnableOption "login config";
-  config = lib.mkIf config.swarselmodules.login {
+  options.swarselsystems.modules.login = lib.mkEnableOption "login config";
+  config = lib.mkIf config.swarselsystems.modules.login {
     services.greetd = {
       enable = true;
       settings = {
@@ -6846,8 +6721,8 @@ When a program does not work, start with nix-ldd <program>. T
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.nix-ld = lib.mkEnableOption "nix-ld config";
-  config = lib.mkIf config.swarselmodules.nix-ld {
+  options.swarselsystems.modules.nix-ld = lib.mkEnableOption "nix-ld config";
+  config = lib.mkIf config.swarselsystems.modules.nix-ld {
     programs.nix-ld = {
       enable = true;
       libraries = with pkgs; [
@@ -6971,8 +6846,8 @@ This snipped is added to the activation script that is run after every rebuild a
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.nvd = lib.mkEnableOption "nvd config";
-  config = lib.mkIf config.swarselmodules.nvd {
+  options.swarselsystems.modules.nvd = lib.mkEnableOption "nvd config";
+  config = lib.mkIf config.swarselsystems.modules.nvd {
 
     environment.systemPackages = [
       pkgs.nvd
@@ -7001,8 +6876,8 @@ Used for storing sessions in e.g. Nextcloud. Using this on a system level keeps
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.gnome-keyring = lib.mkEnableOption "gnome-keyring config";
-  config = lib.mkIf config.swarselmodules.gnome-keyring {
+  options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome-keyring config";
+  config = lib.mkIf config.swarselsystems.modules.gnome-keyring {
     services.gnome.gnome-keyring = {
       enable = true;
     };
@@ -7024,8 +6899,8 @@ This is used to better integrate Sway into the system on NixOS hosts. On the hom
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.sway = lib.mkEnableOption "sway config";
-  config = lib.mkIf config.swarselmodules.sway {
+  options.swarselsystems.modules.sway = lib.mkEnableOption "sway config";
+  config = lib.mkIf config.swarselsystems.modules.sway {
     programs.sway = {
       enable = true;
       package = pkgs.dev.swayfx;
@@ -7060,8 +6935,8 @@ This allows me to use screen sharing on Wayland. The implementation is a bit cru
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.xdg-portal = lib.mkEnableOption "xdg portal config";
-  config = lib.mkIf config.swarselmodules.xdg-portal {
+  options.swarselsystems.modules.xdg-portal = lib.mkEnableOption "xdg portal config";
+  config = lib.mkIf config.swarselsystems.modules.xdg-portal {
     xdg.portal = {
       enable = true;
       config = {
@@ -7083,7 +6958,7 @@ This allows me to use screen sharing on Wayland. The implementation is a bit cru
 
    
 
    
 
    
-
    3.2.2.21. Podman (distrobox)
    
+
    3.2.2.21. Podmam (distrobox)
    
 
    
 
    
 I am using distrobox to quickly circumvent isses that I cannot immediately solve on NixOS. It is always the goal to quickly get things working on NixOS, but this prevents me from getting completely stuck.
@@ -7092,8 +6967,8 @@ I am using distrobox to quickly circumvent isses that I cannot immediately solve
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.distrobox = lib.mkEnableOption "distrobox config";
-  config = lib.mkIf config.swarselmodules.distrobox {
+  options.swarselsystems.modules.distrobox = lib.mkEnableOption "distrobox config";
+  config = lib.mkIf config.swarselsystems.modules.distrobox {
     environment.systemPackages = with pkgs; [
       distrobox
       boxbuddy
@@ -7120,8 +6995,8 @@ Adds the necessary tools to allow .appimage programs easily.
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.appimage = lib.mkEnableOption "appimage config";
-  config = lib.mkIf config.swarselmodules.appimage {
+  options.swarselsystems.modules.appimage = lib.mkEnableOption "appimage config";
+  config = lib.mkIf config.swarselsystems.modules.appimage {
     programs.appimage = {
       enable = true;
       binfmt = true;
@@ -7143,8 +7018,8 @@ This turns off the display when the lid is closed.
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.lid = lib.mkEnableOption "lid config";
-  config = lib.mkIf config.swarselmodules.lid {
+  options.swarselsystems.modules.lid = lib.mkEnableOption "lid config";
+  config = lib.mkIf config.swarselsystems.modules.lid {
     services.logind = {
       lidSwitch = "suspend";
       lidSwitchDocked = "ignore";
@@ -7192,8 +7067,8 @@ Since I hide the waybar completely during normal operation, I run the risk of no
 
    
 
    { pkgs, lib, config, ... }:
 {
-  options.swarselmodules.lowBattery = lib.mkEnableOption "low battery notification config";
-  config = lib.mkIf config.swarselmodules.lowBattery {
+  options.swarselsystems.modules.lowBattery = lib.mkEnableOption "low battery notification config";
+  config = lib.mkIf config.swarselsystems.modules.lowBattery {
     systemd.user.services."battery-low" = {
       enable = true;
       description = "Timer for battery check that alerts at 10% or less";
@@ -7236,8 +7111,8 @@ let
   inherit (config.swarselsystems) mainUser;
 in
 {
-  options.swarselmodules.autologin = lib.mkEnableOption "optional autologin settings";
-  config = lib.mkIf config.swarselmodules.autologin {
+  options.swarselsystems.modules.autologin = lib.mkEnableOption "optional autologin settings";
+  config = lib.mkIf config.swarselsystems.modules.autologin {
     services = {
       getty.autologinUser = mainUser;
       greetd.settings.initial_session.user = mainUser;
@@ -7252,9 +7127,6 @@ in
 
    
 
    3.2.3. Server
    
 
    
-
    
-In a similar way as the Client section, these modules are to be used mostly on servers.
-
    
 
    
 
    
 
    3.2.3.1. Imports
    
@@ -7296,15 +7168,14 @@ let
   inherit (config.swarselsystems) flakePath;
 in
 {
-
-  options.swarselmodules.server.general = lib.mkEnableOption "general setting on server";
   options.swarselsystems = {
+    modules.server.general = lib.mkEnableOption "general setting on server";
     shellAliases = lib.mkOption {
       type = lib.types.attrsOf lib.types.str;
       default = { };
     };
   };
-  config = lib.mkIf config.swarselmodules.server.general {
+  config = lib.mkIf config.swarselsystems.modules.server.general {
 
     environment.shellAliases = lib.recursiveUpdate
       {
@@ -7339,8 +7210,8 @@ in
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.server.packages = lib.mkEnableOption "enable packages on server";
-  config = lib.mkIf config.swarselmodules.server.packages {
+  options.swarselsystems.modules.server.packages = lib.mkEnableOption "enable packages on server";
+  config = lib.mkIf config.swarselsystems.modules.server.packages {
     environment.systemPackages = with pkgs; [
       gnupg
       nix-index
@@ -7369,8 +7240,8 @@ let
   nfsUser = globals.user.name;
 in
 {
-  options.swarselmodules.server.nfs = lib.mkEnableOption "enable nfs on server";
-  config = lib.mkIf config.swarselmodules.server.nfs {
+  options.swarselsystems.modules.server.nfs = lib.mkEnableOption "enable nfs on server";
+  config = lib.mkIf config.swarselsystems.modules.server.nfs {
     services = {
       # add a user with sudo smbpasswd -a <user>
       samba = {
@@ -7433,8 +7304,8 @@ let
 
 in
 {
-  options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server";
-  config = lib.mkIf config.swarselmodules.server.nginx {
+  options.swarselsystems.modules.server.nginx = lib.mkEnableOption "enable nginx on server";
+  config = lib.mkIf config.swarselsystems.modules.server.nginx {
     environment.systemPackages = with pkgs; [
       lego
     ];
@@ -7481,8 +7352,8 @@ Here I am forcing startWhenNeeded to false so that the value will n
 
    
 
    { self, lib, config, ... }:
 {
-  options.swarselmodules.server.ssh = lib.mkEnableOption "enable ssh on server";
-  config = lib.mkIf config.swarselmodules.server.ssh {
+  options.swarselsystems.modules.server.ssh = lib.mkEnableOption "enable ssh on server";
+  config = lib.mkIf config.swarselsystems.modules.server.ssh {
     services.openssh = {
       enable = true;
       startWhenNeeded = lib.mkForce false;
@@ -7529,8 +7400,8 @@ let
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
     environment.systemPackages = with pkgs; [
       calibre
     ];
@@ -7600,8 +7471,8 @@ let
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
     users.users.${serviceUser} = {
       extraGroups = [ "video" "render" "users" ];
     };
@@ -7671,8 +7542,8 @@ let
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
     environment.systemPackages = with pkgs; [
       pciutils
       alsa-utils
@@ -7814,8 +7685,8 @@ let
   serviceGroup = serviceUser;
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
     users.groups.${serviceGroup} = {
       gid = 65136;
     };
@@ -7865,8 +7736,8 @@ let
   serviceName = "mpd";
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
     users = {
       groups = {
         mpd = { };
@@ -7931,7 +7802,7 @@ in
 
    
 
    { lib, config, ... }:
 {
-  config = lib.mkIf (config?swarselmodules.server.mpd || config?swarselmodules.server.navidrome) {
+  config = lib.mkIf (config?swarselsystems.modules.server.mpd || config?swarselsystems.modules.server.navidrome) {
 
     security.rtkit.enable = true; # this is required for pipewire real-time access
 
@@ -7963,8 +7834,8 @@ let
   postgresVersion = 14;
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
     services = {
       ${serviceName} = {
         enable = true;
@@ -8005,8 +7876,8 @@ let
   '';
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
     environment.systemPackages = with pkgs; [
       matrix-synapse
       lottieconverter
@@ -8349,8 +8220,8 @@ let
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     sops.secrets = {
       nextcloud-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
@@ -8425,8 +8296,8 @@ let
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     users.users.${serviceUser} = {
       extraGroups = [ "video" "render" "users" ];
@@ -8516,8 +8387,8 @@ let
   kanidmDomain = globals.services.kanidm.domain;
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     users.users.${serviceUser} = {
       extraGroups = [ "users" ];
@@ -8661,8 +8532,8 @@ let
   prowlarrPort = 9696;
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     # this user/group section is probably unneeded
     users = {
@@ -8828,56 +8699,21 @@ in
 
    3.2.3.19. syncthing
    
 
    
 
    
-
    { lib, config, configName, ... }:
+
    { lib, config, ... }:
 let
+  inherit (config.repo.secrets.common) workHostName;
+
   servicePort = 8384;
   serviceUser = "syncthing";
   serviceGroup = serviceUser;
   serviceName = "syncthing";
-  specificServiceName = "syncthing-${configName}";
-  inherit (config.swarselsystems.syncthing) serviceDomain;
-  inherit (config.swarselsystems.syncthing) serviceIP;
+  serviceDomain = config.repo.secrets.common.services.domains.syncthing1;
 
   cfg = config.services.${serviceName};
-  devices = config.swarselsystems.syncthing.syncDevices;
 in
 {
-  options = {
-    swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-
-    swarselsystems.syncthing = {
-      serviceDomain = lib.mkOption {
-        type = lib.types.str;
-        default = config.repo.secrets.common.services.domains.syncthing1;
-      };
-      serviceIP = lib.mkOption {
-        type = lib.types.str;
-        default = "192.168.1.2";
-      };
-      syncDevices = lib.mkOption {
-        type = lib.types.listOf lib.types.str;
-        default = [ "magicant" "winters" "pyramid" "moonside@oracle" ];
-      };
-      devices = lib.mkOption {
-        type = lib.types.attrs;
-        default = {
-          "magicant" = {
-            id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO";
-          };
-          "winters" = {
-            id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
-          };
-          "moonside@oracle" = {
-            id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE";
-          };
-          "pyramid" = {
-            id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB";
-          };
-        };
-      };
-    };
-  };
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     users.users.${serviceUser} = {
       extraGroups = [ "users" ];
@@ -8889,26 +8725,39 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
-    globals.services."${specificServiceName}".domain = serviceDomain;
+    globals.services."${serviceName}-${config.networking.hostName}".domain = serviceDomain;
 
     services.${serviceName} = rec {
       enable = true;
       user = serviceUser;
       group = serviceGroup;
-      dataDir = lib.mkDefault "/Vault/data/${serviceName}";
+      dataDir = "/Vault/data/${serviceName}";
       configDir = "${cfg.dataDir}/.config/${serviceName}";
       guiAddress = "0.0.0.0:${builtins.toString servicePort}";
       openDefaultPorts = true; # opens ports TCP/UDP 22000 and UDP 21027 for discovery
       relay.enable = false;
       settings = {
         urAccepted = -1;
-        inherit (config.swarselsystems.syncthing) devices;
+        devices = {
+          "magicant" = {
+            id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO";
+          };
+          "milkywell@oracle" = {
+            id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
+          };
+          "${workHostName}" = {
+            id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB";
+          };
+          "moonside@oracle" = {
+            id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE";
+          };
+        };
         folders = {
           "Default Folder" = lib.mkForce {
             path = "${cfg.dataDir}/Sync";
             type = "receiveonly";
             versioning = null;
-            inherit devices;
+            devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
             id = "default";
           };
           "Obsidian" = {
@@ -8918,7 +8767,7 @@ in
               type = "simple";
               params.keep = "5";
             };
-            inherit devices;
+            devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
             id = "yjvni-9eaa7";
           };
           "Org" = {
@@ -8928,7 +8777,7 @@ in
               type = "simple";
               params.keep = "5";
             };
-            inherit devices;
+            devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
             id = "a7xnl-zjj3d";
           };
           "Vpn" = {
@@ -8938,18 +8787,28 @@ in
               type = "simple";
               params.keep = "5";
             };
-            inherit devices;
+            devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
             id = "hgp9s-fyq3p";
           };
+          # "Documents" = {
+          #   path = "${cfg.dataDir}/Documents";
+          #   type = "receiveonly";
+          #   versioning = {
+          #     type = "simple";
+          #     params.keep = "5";
+          #   };
+          #   devices = [ "magicant" "${workHostName}" "moonside@oracle" ];
+          #   id = "hgr3d-pfu3w";
+          # };
         };
       };
     };
 
     nodes.moonside.services.nginx = {
       upstreams = {
-        ${specificServiceName} = {
+        ${serviceName} = {
           servers = {
-            "${serviceIP}:${builtins.toString servicePort}" = { };
+            "192.168.1.2:${builtins.toString servicePort}" = { };
           };
         };
       };
@@ -8960,7 +8819,7 @@ in
           acmeRoot = null;
           locations = {
             "/" = {
-              proxyPass = "http://${specificServiceName}";
+              proxyPass = "http://${serviceName}";
               extraConfig = ''
                 client_max_body_size 0;
               '';
@@ -8988,8 +8847,8 @@ let
   inherit (config.swarselsystems) sopsFile;
   in
 {
-  options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server";
-  config = lib.mkIf config.swarselmodules.server.restic {
+  options.swarselsystems.modules.server.restic = lib.mkEnableOption "enable restic backups on server";
+  config = lib.mkIf config.swarselsystems.modules.server.restic {
 
     sops = {
       secrets = {
@@ -9016,11 +8875,6 @@ let
             passwordFile = config.sops.secrets.resticpw.path;
             paths = [
               "/Vault/data/paperless"
-              "/Vault/data/koillection"
-              "/Vault/data/postgresql"
-              "/Vault/data/firefly-iii"
-              "/Vault/data/radicale"
-              "/Vault/data/matrix-synapse"
               "/Vault/Eternor/Paperless"
               "/Vault/Eternor/Bilder"
               "/Vault/Eternor/Immich"
@@ -9077,8 +8931,8 @@ let
   inherit (config.swarselsystems) sopsFile;
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     sops = {
       secrets = {
@@ -9253,7 +9107,7 @@ in
               sslVerify = false;
               scrapeUri = "http://localhost/nginx_status";
             };
-            nextcloud = lib.mkIf config.swarselmodules.server.nextcloud {
+            nextcloud = lib.mkIf config.swarselsystems.modules.server.nextcloud {
               enable = true;
               port = 9205;
               url = "https://${serviceDomain}/ocs/v2.php/apps/serverinfo/api/v1/info";
@@ -9322,8 +9176,8 @@ let
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     services.jenkins = {
       enable = true;
@@ -9379,8 +9233,8 @@ let
   servicePort = 9812;
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} server on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} server on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
@@ -9428,8 +9282,8 @@ let
   inherit (config.swarselsystems) sopsFile;
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     users.users.${serviceUser} = {
       extraGroups = [ "users" ];
@@ -9543,8 +9397,8 @@ let
   kanidmDomain = globals.services.kanidm.domain;
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
@@ -9706,8 +9560,8 @@ let
   ankiUser = globals.user.name;
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
@@ -9801,8 +9655,8 @@ let
   nextcloudDomain = globals.services.nextcloud.domain;
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     users.users.${serviceUser} = {
       group = serviceGroup;
@@ -9868,7 +9722,6 @@ in
             "freshrss.access" = { };
             "firefly.access" = { };
             "radicale.access" = { };
-            "slink.access" = { };
           };
 
           inherit (config.repo.secrets.local) persons;
@@ -9989,11 +9842,6 @@ in
                     "email"
                     "profile"
                   ];
-                  "slink.access" = [
-                    "openid"
-                    "email"
-                    "profile"
-                  ];
                 };
                 preferShortUsername = true;
                 claimMaps.groups = {
@@ -10003,7 +9851,6 @@ in
                     "navidrome.access" = [ "navidrome_access" ];
                     "firefly.access" = [ "firefly_access" ];
                     "radicale.access" = [ "radicale_access" ];
-                    "slink.access" = [ "slink_access" ];
                   };
                 };
               };
@@ -10066,7 +9913,7 @@ let
 in
 {
   options = {
-    swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+    swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
     # largely based on https://github.com/oddlama/nix-config/blob/main/modules/oauth2-proxy.nix
     services.nginx.virtualHosts = lib.mkOption {
       type = lib.types.attrsOf (
@@ -10174,7 +10021,7 @@ in
       );
     };
   };
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     sops = {
       secrets = {
@@ -10297,8 +10144,8 @@ let
   cfg = config.services.firefly-iii;
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     users = {
       groups.${serviceGroup} = { };
@@ -10409,7 +10256,6 @@ let
   serviceName = "koillection";
   servicePort = 2282;
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceDir = "/Vault/data/koillection";
 
   postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres
   postgresPort = config.services.postgresql.settings.port; # 5432
@@ -10418,8 +10264,8 @@ let
   inherit (config.swarselsystems) sopsFile;
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     sops.secrets = {
       koillection-db-password = { inherit sopsFile; owner = postgresUser; group = postgresUser; mode = "0440"; };
@@ -10441,10 +10287,6 @@ in
           "${toString servicePort}:80"
         ];
 
-        volumes = [
-          "${serviceDir}/uploads:/uploads"
-        ];
-
         environment = {
           APP_DEBUG = "0";
           APP_ENV = "prod";
@@ -10523,11 +10365,6 @@ in
           locations = {
             "/" = {
               proxyPass = "http://${serviceName}";
-              extraConfig = ''
-                proxy_buffer_size          128k;
-                proxy_buffers              4 256k;
-                proxy_busy_buffers_size    256k;
-              '';
             };
           };
         };
@@ -10550,8 +10387,8 @@ let
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     topology.self.services.${serviceName}.info = "https://${serviceDomain}";
     globals.services.${serviceName}.domain = serviceDomain;
@@ -10613,8 +10450,8 @@ let
   cfg = config.services.${serviceName};
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     sops = {
       secrets.radicale-user = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
@@ -10678,7 +10515,7 @@ in
     };
 
     systemd.tmpfiles.rules = [
-      "d ${cfg.settings.storage.filesystem_folder} 0750 ${serviceUser} ${serviceGroup} - -"
+      "d '${cfg.settings.storage.filesystem_folder}'        0750 ${serviceUser} ${serviceGroup} - -"
     ];
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
@@ -10737,8 +10574,8 @@ let
   cfg = config.services.croc;
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     sops = {
       secrets = {
@@ -10809,8 +10646,8 @@ let
   cfg = config.services.${serviceName};
 in
 {
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     users = {
       groups.${serviceGroup} = { };
@@ -10947,9 +10784,9 @@ let
 in
 {
   options = {
-    swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+    swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   };
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+  config = lib.mkIf config.swarselsystems.modules.server.${serviceName} {
 
     sops = {
       secrets = {
@@ -11022,110 +10859,10 @@ in
 
    
 
    
 
    
-
    
-
    3.2.3.36. slink
    
-
    
-
    
-Deployment notes:
-
    
-
      
-
    • enable user: podman exec -it slink slink user:activate --email=<mail>
      • 
-
    • make user admin: podman  exec -it slink slink user:grant:role --email=<mail> ROLE_ADMIN
      • 
-
    • finally, disable new user registration in web ui
      • 
-
    
-
-
    
-
    { self, lib, config, ... }:
-let
-  servicePort = 3000;
-  serviceName = "slink";
-  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceDir = "/var/lib/slink";
-
-  containerRev = "sha256:98b9442696f0a8cbc92f0447f54fa4bad227af5dcfd6680545fedab2ed28ddd9";
-in
-{
-  options = {
-    swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  };
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
-
-    virtualisation.oci-containers.containers.${serviceName} = {
-      image = "anirdev/slink@${containerRev}";
-      environment = {
-        "ORIGIN" = "https://${serviceDomain}";
-        "TZ" = config.repo.secrets.common.location.timezone;
-        "STORAGE_PROVIDER" = "local";
-        "IMAGE_MAX_SIZE" = "50M";
-        "USER_APPROVAL_REQUIRED" = "true";
-      };
-      ports = [ "${builtins.toString servicePort}:${builtins.toString servicePort}" ];
-      volumes = [
-        "${serviceDir}/var/data:/app/var/data"
-        "${serviceDir}/images:/app/slink/images"
-      ];
-    };
-
-    systemd.tmpfiles.rules = [
-      "d ${serviceDir}/var/data 0750 root root - -"
-      "d ${serviceDir}/images   0750 root root - -"
-    ];
-
-    networking.firewall.allowedTCPPorts = [ servicePort ];
-
-    environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [
-      { directory = serviceDir; }
-    ];
-
-    topology.self.services.${serviceName} = {
-      name = lib.swarselsystems.toCapitalized serviceName;
-      info = "https://${serviceDomain}";
-      icon = "${self}/files/topology-images/shlink.png";
-    };
-    globals.services.${serviceName}.domain = serviceDomain;
-
-    services.nginx = {
-      upstreams = {
-        ${serviceName} = {
-          servers = {
-            "localhost:${builtins.toString servicePort}" = { };
-          };
-        };
-      };
-      virtualHosts = {
-        "${serviceDomain}" = {
-          enableACME = true;
-          forceSSL = true;
-          acmeRoot = null;
-          oauth2.enable = true;
-          oauth2.allowedGroups = [ "slink_access" ];
-          locations = {
-            "/" = {
-              proxyPass = "http://${serviceName}";
-              setOauth2Headers = false;
-            };
-            "/image" = {
-              proxyPass = "http://${serviceName}";
-              setOauth2Headers = false;
-              bypassAuth = true;
-            };
-          };
-        };
-      };
-    };
-  };
-}
-
    
-
    
-
    
-
    
 
    
 
    
 
    3.2.4. Darwin
    
 
    
-
    
-This section is to be used for darwin modules, in case I can ever be bothered to actually write them.
-
    
 
    
 
    
 
    3.2.4.1. Imports
    
@@ -11143,23 +10880,23 @@ in
   imports = [
   ];
 
-  options.swarselmodules.optional.darwin = lib.mkEnableOption "optional darwin settings";
-  config = lib.mkIf config.swarselmodules.optional.darwin {
-  nix.settings.experimental-features = "nix-command flakes";
-  nixpkgs = {
-    hostPlatform = "x86_64-darwin";
-    overlays = [ outputs.overlays.default ];
-    config = {
-      allowUnfree = true;
+  options.swarselsystems.modules.darwin.general = lib.mkEnableOption "darwin config";
+  config = lib.mkIf config.swarselsystems.modules.darwin.general {
+    nix.settings.experimental-features = "nix-command flakes";
+    nixpkgs = {
+      hostPlatform = "x86_64-darwin";
+      overlays = [ outputs.overlays.default ];
+      config = {
+        allowUnfree = true;
+      };
     };
+
+    home-manager.users."${macUser}".imports = [
+      "${self}/modules/home/darwin"
+    ];
+
+    system.stateVersion = 4;
   };
-
-  home-manager.users."${macUser}".imports = [
-    "${self}/modules/home/darwin"
-  ];
-
-  system.stateVersion = 4;
-    };
 }
 
    
 
    
@@ -11167,7 +10904,7 @@ in
 
    
 
    
 
    
-
    3.2.5. TODO Optional
    
+
    3.2.5. Optional
    
 
    
 
    
 These sets of configuration do not need to be deployed on every host, for a multitude of reasons.
@@ -11178,23 +10915,24 @@ These sets of configuration do not need to be deployed on every host, for a mult
 
  • The VirtualBox package takes forever to build, and I do not need virtual machines on every host.
    • 
 
  • There are some hosts that I do not want to autologin to.
    • 
 
  • nswitch-rcm is a tool I wrote for easy payload flashing of a Nintendo Switch in RCM mode. However, that is not needed on every machine.
    • 
-
  • The work profile is only used on my work laptop.
    • 
-
-
-
    
-TODO: evaluate whether I should keep using this structure.
+
  • 
+The work profile is only used on my work laptop.
 
    
 
 
    
-
    { lib, ... }:
+
    { self, lib, ... }:
 let
   importNames = lib.swarselsystems.readNix "modules/nixos/optional";
+  modulesPath = "${self}/modules";
 in
 {
-  imports = lib.swarselsystems.mkImports importNames "modules/nixos/optional";
+  imports = lib.swarselsystems.mkImports importNames "modules/nixos/optional" ++ [
+    "${modulesPath}/home/common/sharedsetup.nix"
+  ];
 }
 
    
-
    
+
    • 
+
 
    
 
    
 
    3.2.5.1. gaming
    
@@ -11206,8 +10944,8 @@ This opens a few gaming ports and installs the steam configuration suite for gam
 
    
 
    { pkgs, lib, config, ... }:
 {
-  options.swarselmodules.optional.gaming = lib.mkEnableOption "optional gaming settings";
-  config = lib.mkIf config.swarselmodules.optional.gaming {
+  options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings";
+  config = lib.mkIf config.swarselsystems.modules.optional.gaming {
     programs.steam = {
       enable = true;
       package = pkgs.steam;
@@ -11260,8 +10998,8 @@ This sets the VirtualBox configuration. Guest should not be enabled if not direl
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.optional.virtualbox = lib.mkEnableOption "optional VBox settings";
-  config = lib.mkIf config.swarselmodules.optional.virtualbox {
+  options.swarselsystems.modules.optional.virtualbox = lib.mkEnableOption "optional VBox settings";
+  config = lib.mkIf config.swarselsystems.modules.optional.virtualbox {
     specialisation = {
       VBox.configuration = {
         virtualisation.virtualbox = {
@@ -11301,8 +11039,8 @@ This sets the VirtualBox configuration. Guest should not be enabled if not direl
 
    { lib, config, ... }:
 {
 
-  options.swarselmodules.optional.vmware = lib.mkEnableOption "optional vmware settings";
-  config = lib.mkIf config.swarselmodules.optional.vmware {
+  options.swarselsystems.modules.optional.vmware = lib.mkEnableOption "optional vmware settings";
+  config = lib.mkIf config.swarselsystems.modules.optional.vmware {
     virtualisation.vmware.host.enable = true;
     virtualisation.vmware.guest.enable = true;
   };
@@ -11321,8 +11059,8 @@ This smashes Atmosphere 1.3.2 on the switch, which is what I am currenty using.
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings";
-  config = lib.mkIf config.swarselmodules.optional.nswitch-rcm {
+  options.swarselsystems.modules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings";
+  config = lib.mkIf config.swarselsystems.modules.optional.nswitch-rcm {
     services.nswitch-rcm = {
       enable = true;
       package = pkgs.fetchurl {
@@ -11349,8 +11087,8 @@ This holds configuration that is specific to framework laptops.
   imports = [
     inputs.fw-fanctrl.nixosModules.default
   ];
-  options.swarselmodules.optional.framework = lib.mkEnableOption "optional framework machine settings";
-  config = lib.mkIf config.swarselmodules.optional.framework {
+  options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings";
+  config = lib.mkIf config.swarselsystems.modules.optional.framework {
     services = {
       fwupd = {
         enable = true;
@@ -11384,8 +11122,8 @@ This holds configuration that is specific to framework laptops.
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings";
-  config = lib.mkIf config.swarselmodules.optional.amdcpu {
+  options.swarselsystems.modules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings";
+  config = lib.mkIf config.swarselsystems.modules.optional.amdcpu {
     hardware = {
       cpu.amd.updateMicrocode = true;
     };
@@ -11401,8 +11139,8 @@ This holds configuration that is specific to framework laptops.
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings";
-  config = lib.mkIf config.swarselmodules.optional.amdgpu {
+  options.swarselsystems.modules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings";
+  config = lib.mkIf config.swarselsystems.modules.optional.amdgpu {
     hardware = {
       amdgpu = {
         opencl.enable = true;
@@ -11424,8 +11162,8 @@ This holds configuration that is specific to framework laptops.
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings";
   options.swarselsystems = {
+    modules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings";
     hibernation = {
       offset = lib.mkOption {
         type = lib.types.int;
@@ -11437,7 +11175,7 @@ This holds configuration that is specific to framework laptops.
       };
     };
   };
-  config = lib.mkIf config.swarselmodules.optional.hibernation {
+  config = lib.mkIf config.swarselsystems.modules.optional.hibernation {
     boot = {
       kernelParams = [
         "resume_offset=${builtins.toString config.swarselsystems.hibernation.offset}"
@@ -11456,8 +11194,8 @@ This holds configuration that is specific to framework laptops.
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.optional.btrfs = lib.mkEnableOption "optional btrfs settings";
-  config = lib.mkIf config.swarselmodules.optional.btrfs {
+  options.swarselsystems.modules.optional.btrfs = lib.mkEnableOption "optional btrfs settings";
+  config = lib.mkIf config.swarselsystems.modules.optional.btrfs {
     boot = {
       supportedFilesystems = [ "btrfs" ];
     };
@@ -11475,7 +11213,7 @@ Options that I need specifically at work. There are more options at 
-
    { self, lib, pkgs, config, configName, ... }:
+
    { self, lib, pkgs, config, ... }:
 let
   inherit (config.swarselsystems) mainUser homeDir xdgDir;
   iwd = config.networking.networkmanager.wifi.backend == "iwd";
@@ -11502,18 +11240,18 @@ let
   };
 in
 {
-  options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings";
   options.swarselsystems = {
+    modules.optional.work = lib.mkEnableOption "optional work settings";
     hostName = lib.mkOption {
       type = lib.types.str;
-      default = configName;
+      default = "";
     };
     fqdn = lib.mkOption {
       type = lib.types.str;
       default = "";
     };
   };
-  config = lib.mkIf config.swarselmodules.optional.work {
+  config = lib.mkIf config.swarselsystems.modules.optional.work {
     sops =
       let
         secretNames = [
@@ -11685,9 +11423,6 @@ in
       spice-protocol
       win-virtio
       win-spice
-
-      powershell
-      gh
     ];
 
 
@@ -11753,7 +11488,7 @@ in
 
    3.3. Home-manager
    
 
    
 
    
-The general structure here is the same as in the NixOS section.
+The general structure is the same as in the NixOS section.
 
    
 
 
    
@@ -11769,11 +11504,8 @@ in
 
    
 
    
 
    
-
    3.3.1. TODO Common
    
+
    3.3.1. Common
    
 
    
-
    
-TODO: split this into actual common and client sections
-
    
 
    
 
    
 
    3.3.1.1. Imports
    
@@ -11786,31 +11518,307 @@ This section sets up all the imports that are used in the home-manager section.
 
    { lib, ... }:
 let
   importNames = lib.swarselsystems.readNix "modules/home/common";
-  sharedNames = lib.swarselsystems.readNix "modules/shared";
 in
 {
-  imports = lib.swarselsystems.mkImports importNames "modules/home/common" ++
-    lib.swarselsystems.mkImports sharedNames "modules/shared";
+  imports = lib.swarselsystems.mkImports importNames "modules/home/common";
 }
 
    
 
    
 
    
 
    
-
    
-
    3.3.1.2. Mirror home-manager shared options (automatically active)
    
-
    
+
    
+
    3.3.1.2. Shared Configuration Options (holds firefox & stylix config parts)
    
+
    
+
    
+Provides settings related to nix-darwin systems. At the moment, I am only making use of a isDarwin flag.
+
    
+
+
    
+At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in Work that are all practically using the same configuration. To save screen space, I template that profile here.
+Set in firefox about:config > toolkit.legacyUserProfileCustomizations.stylesheets to true. This should in principle be set automatically using the below config, but it seems not to be working reliably
+
    
+
+
    
+For styling, I am using the stylix NixOS module, loaded by flake. This package is really great, as it adds nix expressions for basically everything. Ever since switching to this, I did not have to play around with theming anywhere else.
+
    
+
+
    
+The full list of nerd-fonts can be found here: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/data/fonts/nerd-fonts/manifests/fonts.json
+
    
+
+
    
+This is where the theme for the whole OS is defined. Originally, this noweb-ref section could not be copied to the general NixOS config since they are on different folder structure levels in the config, which would have made the flake impure. By now, I have found out that using the ${self} method for referencing the flake root, I could circumvent this problem. Also, the noweb-ref block could in general be replaced by a custom attribute set (see for example [BROKEN LINK: h:e7f98ad8-74a6-4860-a368-cce154285ff0]). The difference here was, for a long time, that this block is used in a NixOS and a home-manager-only configuration, verbatim. If I were to use an attribute set, I would have to duplicate this block once each for NixOS and home-manager. Alas, this block stays (for now). However, I learned how to use an attribute set in a custom home-manager module and pass it to both NixOS and home-manager configurations, which also removed the need for that use of it.
+
    
+
 
    
-
    { lib, config, nixosConfig ? null, ... }:
-let
-  # mirrorAttrs = lib.mapAttrs (_: v: lib.mkDefault v) nixosConfig.swarselsystems;
-  inherit (lib) mkDefault mapAttrs filterAttrs;
-  mkDefaultCommonAttrs = base: defaults:
-    lib.mapAttrs (_: v: lib.mkDefault v)
-      (lib.filterAttrs (k: _: base ? ${k}) defaults);
-in
+
    { self, config, lib, pkgs, globals, minimal, ... }:
 {
-  # config.swarselsystems = mirrorAttrs;
-  config.swarselsystems = lib.mkIf (nixosConfig != null) (mkDefaultCommonAttrs config.swarselsystems nixosConfig.swarselsystems);
+  options.swarselsystems = {
+    isLaptop = lib.mkEnableOption "laptop host";
+    isNixos = lib.mkEnableOption "nixos host";
+    isPublic = lib.mkEnableOption "is a public machine (no secrets)";
+    isDarwin = lib.mkEnableOption "darwin host";
+    isLinux = lib.mkEnableOption "whether this is a linux machine";
+    isBtrfs = lib.mkEnableOption "use btrfs filesystem";
+    mainUser = lib.mkOption {
+      type = lib.types.str;
+      default = if (!minimal) then globals.user.name else "swarsel" ;
+    };
+    sopsFile = lib.mkOption {
+      type = lib.types.str;
+      default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml";
+    };
+    homeDir = lib.mkOption {
+      type = lib.types.str;
+      default = "/home/swarsel";
+    };
+    xdgDir = lib.mkOption {
+      type = lib.types.str;
+      default = "/run/user/1000";
+    };
+    flakePath = lib.mkOption {
+      type = lib.types.str;
+      default = "/home/swarsel/.dotfiles";
+    };
+    wallpaper = lib.mkOption {
+      type = lib.types.path;
+      default = "${self}/files/wallpaper/lenovowp.png";
+    };
+    sharescreen = lib.mkOption {
+      type = lib.types.str;
+      default = "";
+    };
+    lowResolution = lib.mkOption {
+      type = lib.types.str;
+      default = "";
+    };
+    highResolution = lib.mkOption {
+      type = lib.types.str;
+      default = "";
+    };
+
+    stylix = lib.mkOption {
+      type = lib.types.attrs;
+      default = {
+        polarity = "dark";
+        opacity.popups = 0.5;
+        cursor = {
+          package = pkgs.banana-cursor;
+          # package = pkgs.capitaine-cursors;
+          name = "Banana";
+          # name = "capitaine-cursors";
+          size = 16;
+        };
+        fonts = {
+          sizes = {
+            terminal = 10;
+            applications = 11;
+          };
+          serif = {
+            # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
+            package = pkgs.cantarell-fonts;
+            # package = pkgs.montserrat;
+            name = "Cantarell";
+            # name = "FiraCode Nerd Font Propo";
+            # name = "Montserrat";
+          };
+          sansSerif = {
+            # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
+            package = pkgs.cantarell-fonts;
+            # package = pkgs.montserrat;
+            name = "Cantarell";
+            # name = "FiraCode Nerd Font Propo";
+            # name = "Montserrat";
+          };
+          monospace = {
+            package = pkgs.nerd-fonts.fira-mono; # has overrides
+            name = "FiraCode Nerd Font Mono";
+          };
+          emoji = {
+            package = pkgs.noto-fonts-emoji;
+            name = "Noto Color Emoji";
+          };
+        };
+      };
+    };
+    stylixHomeTargets = lib.mkOption {
+      type = lib.types.attrs;
+      default = {
+        emacs.enable = false;
+        waybar.enable = false;
+        sway.useWallpaper = false;
+        firefox.profileNames = [ "default" ];
+      };
+    };
+
+    firefox = lib.mkOption {
+      type = lib.types.attrs;
+      default = {
+        userChrome = builtins.readFile "${self}/files/firefox/chrome/userChrome.css";
+        extensions = {
+          packages = with pkgs.nur.repos.rycee.firefox-addons; [
+            tridactyl
+            tampermonkey
+            sidebery
+            browserpass
+            clearurls
+            darkreader
+            enhancer-for-youtube
+            istilldontcareaboutcookies
+            translate-web-pages
+            ublock-origin
+            reddit-enhancement-suite
+            sponsorblock
+            web-archives
+            onepassword-password-manager
+            single-file
+            widegithub
+            enhanced-github
+            unpaywall
+            don-t-fuck-with-paste
+            plasma-integration
+            noscript
+
+            # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut
+            (buildFirefoxXpiAddon {
+              pname = "shortkeys";
+              version = "4.0.2";
+              addonId = "Shortkeys@Shortkeys.com";
+              url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
+              sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
+              meta = with lib;
+                {
+                  description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
+                  mozPermissions = [
+                    "tabs"
+                    "downloads"
+                    "clipboardWrite"
+                    "browsingData"
+                    "storage"
+                    "bookmarks"
+                    "sessions"
+                    "<all_urls>"
+                  ];
+                  platforms = platforms.all;
+                };
+            })
+          ];
+        };
+
+        settings =
+          {
+            "extensions.autoDisableScopes" = 0;
+            "browser.bookmarks.showMobileBookmarks" = true;
+            "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
+            "browser.search.suggest.enabled" = false;
+            "browser.search.suggest.enabled.private" = false;
+            "browser.urlbar.suggest.searches" = false;
+            "browser.urlbar.showSearchSuggestionsFirst" = false;
+            "browser.topsites.contile.enabled" = false;
+            "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
+            "browser.newtabpage.activity-stream.feeds.snippets" = false;
+            "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
+            "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
+            "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
+            "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
+            "browser.newtabpage.activity-stream.showSponsored" = false;
+            "browser.newtabpage.activity-stream.system.showSponsored" = false;
+            "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
+          };
+
+        search = {
+          # default = "Kagi";
+          default = "google";
+          # privateDefault = "Kagi";
+          privateDefault = "google";
+          engines = {
+            "Kagi" = {
+              urls = [{
+                template = "https://kagi.com/search";
+                params = [
+                  { name = "q"; value = "{searchTerms}"; }
+                ];
+              }];
+              icon = "https://kagi.com/favicon.ico";
+              updateInterval = 24 * 60 * 60 * 1000; # every day
+              definedAliases = [ "@k" ];
+            };
+
+            "Nix Packages" = {
+              urls = [{
+                template = "https://search.nixos.org/packages";
+                params = [
+                  { name = "type"; value = "packages"; }
+                  { name = "query"; value = "{searchTerms}"; }
+                ];
+              }];
+              icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+              definedAliases = [ "@np" ];
+            };
+
+            "NixOS Wiki" = {
+              urls = [{
+                template = "https://nixos.wiki/index.php?search={searchTerms}";
+              }];
+              icon = "https://nixos.wiki/favicon.png";
+              updateInterval = 24 * 60 * 60 * 1000; # every day
+              definedAliases = [ "@nw" ];
+            };
+
+            "NixOS Options" = {
+              urls = [{
+                template = "https://search.nixos.org/options";
+                params = [
+                  { name = "query"; value = "{searchTerms}"; }
+                ];
+              }];
+
+              icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+              definedAliases = [ "@no" ];
+            };
+
+            "Home Manager Options" = {
+              urls = [{
+                template = "https://home-manager-options.extranix.com/";
+                params = [
+                  { name = "query"; value = "{searchTerms}"; }
+                ];
+              }];
+
+              icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+              definedAliases = [ "@hm" "@ho" "@hmo" ];
+            };
+
+            "Confluence search" = {
+              urls = [{
+                template = "https://vbc.atlassian.net/wiki/search";
+                params = [
+                  { name = "text"; value = "{searchTerms}"; }
+                ];
+              }];
+
+              definedAliases = [ "@c" "@cf" "@confluence" ];
+            };
+
+            "Jira search" = {
+              urls = [{
+                template = "https://vbc.atlassian.net/issues/";
+                params = [
+                  { name = "jql"; value = "textfields ~ \"{searchTerms}*\"&wildcardFlag=true"; }
+                ];
+              }];
+
+              definedAliases = [ "@j" "@jire" ];
+            };
+
+            "google".metaData.alias = "@g";
+          };
+          force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart
+        };
+      };
+    };
+
+  };
 }
 
    
 
    
@@ -11829,8 +11837,8 @@ let
   inherit (config.swarselsystems) mainUser;
 in
 {
-  options.swarselmodules.general = lib.mkEnableOption "general nix settings";
-  config = lib.mkIf config.swarselmodules.general {
+  options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings";
+  config = lib.mkIf config.swarselsystems.modules.general {
     nix = lib.mkIf (!config.swarselsystems.isNixos) {
       package = lib.mkForce pkgs.nixVersions.nix_2_28;
       extraOptions = ''
@@ -11903,15 +11911,15 @@ It can be set to either:
 
    
 
    { lib, config, nixgl, ... }:
 {
-  options.swarselmodules.nixgl = lib.mkEnableOption "nixgl settings";
   options.swarselsystems = {
+    modules.nixgl = lib.mkEnableOption "nixgl settings";
     isSecondaryGpu = lib.mkEnableOption "device has a secondary GPU";
     SecondaryGpuCard = lib.mkOption {
       type = lib.types.str;
       default = "";
     };
   };
-  config = lib.mkIf config.swarselmodules.nixgl {
+  config = lib.mkIf config.swarselsystems.modules.nixgl {
     nixGL = lib.mkIf (!config.swarselsystems.isNixos) {
       inherit (nixgl) packages;
       defaultWrapper = lib.mkDefault "mesa";
@@ -11958,8 +11966,8 @@ This holds packages that I can use as provided, or with small modifications (as
 
    { lib, config, pkgs, ... }:
 
 {
-  options.swarselmodules.packages = lib.mkEnableOption "packages settings";
-  config = lib.mkIf config.swarselmodules.packages {
+  options.swarselsystems.modules.packages = lib.mkEnableOption "packages settings";
+  config = lib.mkIf config.swarselsystems.modules.packages {
     home.packages = with pkgs; [
 
       # audio stuff
@@ -12155,8 +12163,8 @@ This is just a separate container for derivations defined in { lib, config, pkgs, ... }:
 
 {
-  options.swarselmodules.ownpackages = lib.mkEnableOption "own packages settings";
-  config = lib.mkIf config.swarselmodules.ownpackages {
+  options.swarselsystems.modules.ownpackages = lib.mkEnableOption "own packages settings";
+  config = lib.mkIf config.swarselsystems.modules.ownpackages {
     home.packages = with pkgs; lib.mkIf (!config.swarselsystems.isPublic) [
       pass-fuzzel
       cdw
@@ -12179,7 +12187,6 @@ This is just a separate container for derivations defined in 3.3.1.7. Yubikey
 
    
 
    
-
    { lib, config, nixosConfig ? config, ... }:
+
    { lib, config, nixosConfig, ... }:
 let
   inherit (config.swarselsystems) homeDir;
 in
 {
-  options.swarselmodules.yubikey = lib.mkEnableOption "yubikey settings";
+  options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey settings";
 
-  config = lib.mkIf config.swarselmodules.yubikey {
+  config = lib.mkIf config.swarselsystems.modules.yubikey {
 
     sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
       u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
@@ -12271,8 +12278,8 @@ It is very convenient to have SSH aliases in place for machines that I use. This
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.ssh = lib.mkEnableOption "ssh settings";
-  config = lib.mkIf config.swarselmodules.ssh {
+  options.swarselsystems.modules.ssh = lib.mkEnableOption "ssh settings";
+  config = lib.mkIf config.swarselsystems.modules.ssh {
     programs.ssh = {
       enable = true;
       forwardAgent = true;
@@ -12337,16 +12344,16 @@ This section has been notably empty ever since switching to stylix. Only Emacs i
 
    
 
 
    
-
    { lib, config, vars, ... }:
+
    { lib, config, ... }:
 {
-  options.swarselmodules.stylix = lib.mkEnableOption "stylix settings";
-  config = lib.mkIf config.swarselmodules.stylix {
+  options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix settings";
+  config = lib.mkIf config.swarselsystems.modules.stylix {
     stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate
       {
         image = config.swarselsystems.wallpaper;
-        targets = vars.stylixHomeTargets;
+        targets = config.swarselsystems.stylixHomeTargets;
       }
-      vars.stylix);
+      config.swarselsystems.stylix);
   };
 }
 
    
@@ -12367,8 +12374,8 @@ TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.desktop = lib.mkEnableOption "desktop settings";
-  config = lib.mkIf config.swarselmodules.desktop {
+  options.swarselsystems.modules.desktop = lib.mkEnableOption "desktop settings";
+  config = lib.mkIf config.swarselsystems.modules.desktop {
     xdg.desktopEntries = {
 
       cura = {
@@ -12491,8 +12498,8 @@ Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.style
 
    
 
    { self, lib, config, ... }:
 {
-  options.swarselmodules.symlink = lib.mkEnableOption "symlink settings";
-  config = lib.mkIf config.swarselmodules.symlink {
+  options.swarselsystems.modules.symlink = lib.mkEnableOption "symlink settings";
+  config = lib.mkIf config.swarselsystems.modules.symlink {
     home.file = {
       "init.el" = lib.mkDefault {
         source = self + /files/emacs/init.el;
@@ -12533,37 +12540,27 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var
 
    
 
 
    
-
    { lib, config, globals, nixosConfig ? config, ... }:
+
    { lib, config, globals, nixosConfig, ... }:
 let
   inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses;
-  inherit (nixosConfig.repo.secrets.common.calendar) source1 source1-name source2 source2-name source3 source3-name;
   inherit (nixosConfig.repo.secrets.common) fullName;
-  inherit (config.swarselsystems) isPublic;
   crocDomain = globals.services.croc.domain;
 in
 {
-  options.swarselmodules.env = lib.mkEnableOption "env settings";
-  config = lib.mkIf config.swarselmodules.env {
+  options.swarselsystems.modules.env = lib.mkEnableOption "env settings";
+  config = lib.mkIf config.swarselsystems.modules.env {
     home.sessionVariables = {
       EDITOR = "e -w";
       DISPLAY = ":0";
+      CROC_RELAY = crocDomain;
       SWARSEL_LO_RES = config.swarselsystems.lowResolution;
       SWARSEL_HI_RES = config.swarselsystems.highResolution;
-    } // (lib.optionalAttrs (!isPublic) {
-      CROC_RELAY = crocDomain;
-      GITHUB_NOTIFICATION_TOKEN_PATH = nixosConfig.sops.secrets.github-notifications-token.path;
-    });
-    systemd.user.sessionVariables = lib.mkIf (!isPublic) {
+    };
+    systemd.user.sessionVariables = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
       SWARSEL_MAIL1 = address1;
       SWARSEL_MAIL2 = address2;
       SWARSEL_MAIL3 = address3;
       SWARSEL_MAIL4 = address4;
-      SWARSEL_CAL1 = source1;
-      SWARSEL_CAL1NAME = source1-name;
-      SWARSEL_CAL2 = source2;
-      SWARSEL_CAL2NAME = source2-name;
-      SWARSEL_CAL3 = source3;
-      SWARSEL_CAL3NAME = source3-name;
       SWARSEL_FULLNAME = fullName;
       SWARSEL_MAIL_ALL = allMailAddresses;
     };
@@ -12583,8 +12580,8 @@ This section is for programs that require no further configuration. zsh Integrat
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.programs = lib.mkEnableOption "programs settings";
-  config = lib.mkIf config.swarselmodules.programs {
+  options.swarselsystems.modules.programs = lib.mkEnableOption "programs settings";
+  config = lib.mkIf config.swarselsystems.modules.programs {
     programs = {
       bottom.enable = true;
       imv.enable = true;
@@ -12626,8 +12623,8 @@ nix-index provides a way to find out which packages are provided by which deriva
 
    
 
    { self, lib, config, pkgs, ... }:
 {
-  options.swarselmodules.nix-index = lib.mkEnableOption "nix-index settings";
-  config = lib.mkIf config.swarselmodules.nix-index {
+  options.swarselsystems.modules.nix-index = lib.mkEnableOption "nix-index settings";
+  config = lib.mkIf config.swarselsystems.modules.nix-index {
     programs.nix-index =
       let
         commandNotFound = pkgs.runCommandLocal "command-not-found.sh" { } ''
@@ -12662,8 +12659,8 @@ Enables password store with the pass-otp extension which allows me
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.passwordstore = lib.mkEnableOption "passwordstore settings";
-  config = lib.mkIf config.swarselmodules.passwordstore {
+  options.swarselsystems.modules.passwordstore = lib.mkEnableOption "passwordstore settings";
+  config = lib.mkIf config.swarselsystems.modules.passwordstore {
     programs.password-store = {
       enable = true;
       settings = {
@@ -12687,8 +12684,8 @@ Enables direnv, which I use for nearly all of my nix dev flakes.
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.direnv = lib.mkEnableOption "direnv settings";
-  config = lib.mkIf config.swarselmodules.direnv {
+  options.swarselsystems.modules.direnv = lib.mkEnableOption "direnv settings";
+  config = lib.mkIf config.swarselsystems.modules.direnv {
     programs.direnv = {
       enable = true;
       silent = true;
@@ -12710,8 +12707,8 @@ Eza provides me with a better ls command and some other useful alia
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.eza = lib.mkEnableOption "eza settings";
-  config = lib.mkIf config.swarselmodules.eza {
+  options.swarselsystems.modules.eza = lib.mkEnableOption "eza settings";
+  config = lib.mkIf config.swarselsystems.modules.eza {
     programs.eza = {
       enable = true;
       icons = "auto";
@@ -12736,8 +12733,8 @@ let
   atuinDomain = globals.services.atuin.domain;
 in
 {
-  options.swarselmodules.atuin = lib.mkEnableOption "atuin settings";
-  config = lib.mkIf config.swarselmodules.atuin {
+  options.swarselsystems.modules.atuin = lib.mkEnableOption "atuin settings";
+  config = lib.mkIf config.swarselsystems.modules.atuin {
     programs.atuin = {
       enable = true;
       enableZshIntegration = true;
@@ -12761,7 +12758,7 @@ Here I set up my git config, automatic signing of commits, useful aliases for my
 
    
 
 
    
-
    { lib, config, globals, minimal, nixosConfig ? config, ... }:
+
    { lib, config, globals, minimal, nixosConfig, ... }:
 let
   inherit (nixosConfig.repo.secrets.common.mail) address1;
   inherit (nixosConfig.repo.secrets.common) fullName;
@@ -12769,8 +12766,8 @@ let
   gitUser = globals.user.name;
 in
 {
-  options.swarselmodules.git = lib.mkEnableOption "git settings";
-  config = lib.mkIf config.swarselmodules.git {
+  options.swarselsystems.modules.git = lib.mkEnableOption "git settings";
+  config = lib.mkIf config.swarselsystems.modules.git {
     programs.git = {
       enable = true;
       } // lib.optionalAttrs (!minimal) {
@@ -12824,8 +12821,8 @@ Here I only need to set basic layout options - the rest is being managed by styl
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.fuzzel = lib.mkEnableOption "fuzzel settings";
-  config = lib.mkIf config.swarselmodules.fuzzel {
+  options.swarselsystems.modules.fuzzel = lib.mkEnableOption "fuzzel settings";
+  config = lib.mkIf config.swarselsystems.modules.fuzzel {
     programs.fuzzel = {
       enable = true;
       settings = {
@@ -12853,8 +12850,8 @@ Starship makes my zsh look cooler! I have symbols for most programm
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.starship = lib.mkEnableOption "starship settings";
-  config = lib.mkIf config.swarselmodules.starship {
+  options.swarselsystems.modules.starship = lib.mkEnableOption "starship settings";
+  config = lib.mkIf config.swarselsystems.modules.starship {
     programs.starship = {
       enable = true;
       enableZshIntegration = true;
@@ -12993,8 +12990,8 @@ The theme is handled by stylix.
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.kitty = lib.mkEnableOption "kitty settings";
-  config = lib.mkIf config.swarselmodules.kitty {
+  options.swarselsystems.modules.kitty = lib.mkEnableOption "kitty settings";
+  config = lib.mkIf config.swarselsystems.modules.kitty {
     programs.kitty = {
       enable = true;
       keybindings = { };
@@ -13055,22 +13052,22 @@ Currently I only use it as before with initExtra though.
 
    
 
 
    
-
    { config, lib, minimal, nixosConfig ? config, ... }:
+
    { config, lib, minimal, ... }:
 let
   inherit (config.swarselsystems) flakePath;
 in
 {
-  options.swarselmodules.zsh = lib.mkEnableOption "zsh settings";
   options.swarselsystems = {
+    modules.zsh = lib.mkEnableOption "zsh settings";
     shellAliases = lib.mkOption {
       type = lib.types.attrsOf lib.types.str;
       default = { };
     };
   };
-  config = lib.mkIf config.swarselmodules.zsh
+  config = lib.mkIf config.swarselsystems.modules.zsh
     {
 
-      sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
+      sops.secrets = {
         croc-password = { };
       };
 
@@ -13083,10 +13080,9 @@ in
             hg = "history | grep";
             hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom";
             # nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json";
-            nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;";
-            nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;";
-            ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;";
+            nswitch = "swarsel-deploy $(hostname) switch";
             # nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json";
+            nboot = "swarsel-deploy $(hostname) boot";
             magit = "emacsclient -nc -e \"(magit-status)\"";
             config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME";
             g = "git";
@@ -13106,8 +13102,6 @@ in
             boot-diff = "nix store diff-closures /run/*-system";
             gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system";
             cc = "wl-copy";
-            topology = "nix build .#topology.x86_64-linux.config.output";
-            iso = "nix build --print-out-paths .#live-iso";
           }
           config.swarselsystems.shellAliases;
         autosuggestion.enable = true;
@@ -13180,7 +13174,7 @@ in
           # ctrl + del
           bindkey '^H' my-backward-delete-word
 
-          export CROC_PASS="$(cat ${nixosConfig.sops.secrets.croc-password.path})"
+          export CROC_PASS="$(cat ${config.sops.secrets.croc-password.path})"
         '';
       };
     };
@@ -13195,8 +13189,8 @@ in
 
    
 
    { self, lib, config, pkgs, ... }:
 {
-  options.swarselmodules.zellij = lib.mkEnableOption "zellij settings";
-  config = lib.mkIf config.swarselmodules.zellij {
+  options.swarselsystems.modules.zellij = lib.mkEnableOption "zellij settings";
+  config = lib.mkIf config.swarselsystems.modules.zellij {
     programs.zellij = {
       enable = true;
       enableZshIntegration = true;
@@ -13236,8 +13230,8 @@ let
     };
 in
 {
-  options.swarselmodules.tmux = lib.mkEnableOption "tmux settings";
-  config = lib.mkIf config.swarselmodules.tmux {
+  options.swarselsystems.modules.tmux = lib.mkEnableOption "tmux settings";
+  config = lib.mkIf config.swarselsystems.modules.tmux {
     home.packages = with pkgs; [
       lsof
       sesh
@@ -13334,17 +13328,17 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
 
    
 
 
    
-
    { lib, config, nixosConfig ? config, ... }:
+
    { lib, config, nixosConfig, ... }:
 let
   inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host;
   inherit (nixosConfig.repo.secrets.common) fullName;
   inherit (config.swarselsystems) xdgDir;
 in
 {
-  options.swarselmodules.mail = lib.mkEnableOption "mail settings";
-  config = lib.mkIf config.swarselmodules.mail {
+  options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings";
+  config = lib.mkIf config.swarselsystems.modules.mail {
 
-    sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
+    sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
       address1-token = { path = "${xdgDir}/secrets/address1-token"; };
       address2-token = { path = "${xdgDir}/secrets/address2-token"; };
       address3-token = { path = "${xdgDir}/secrets/address3-token"; };
@@ -13378,7 +13372,7 @@ in
             address = address1;
             userName = address1;
             realName = fullName;
-            passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}";
+            passwordCommand = "cat ${config.sops.secrets.address1-token.path}";
             gpg = {
               key = "0x76FD3810215AE097";
               signByDefault = true;
@@ -13410,7 +13404,7 @@ in
             address = address4;
             userName = address4-user;
             realName = fullName;
-            passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}";
+            passwordCommand = "cat ${config.sops.secrets.address4-token.path}";
             smtp = {
               host = address4-host;
               port = 587;
@@ -13433,7 +13427,7 @@ in
             address = address2;
             userName = address2;
             realName = address2-name;
-            passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}";
+            passwordCommand = "cat ${config.sops.secrets.address2-token.path}";
             imap.host = "imap.gmail.com";
             smtp.host = "smtp.gmail.com";
             msmtp.enable = true;
@@ -13460,7 +13454,7 @@ in
             address = address3;
             userName = address3;
             realName = address3-name;
-            passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}";
+            passwordCommand = "cat ${config.sops.secrets.address3-token.path}";
             imap.host = "imap.gmail.com";
             smtp.host = "smtp.gmail.com";
             msmtp.enable = true;
@@ -13503,29 +13497,15 @@ Lastly, I am defining some more packages here that the parser has problems findi
 
    
 
 
    
-
    { self, lib, config, pkgs, globals, ... }:
+
    { self, lib, config, pkgs, ... }:
 let
-  inherit (config.swarselsystems) homeDir isPublic isNixos;
-  inherit (config.repo.secrets.common.emacs) radicaleUser;
+  inherit (config.swarselsystems) homeDir isPublic;
 in
 {
-  options.swarselmodules.emacs = lib.mkEnableOption "emacs settings";
-  config = lib.mkIf config.swarselmodules.emacs {
+  options.swarselsystems.modules.emacs = lib.mkEnableOption "emacs settings";
+  config = lib.mkIf config.swarselsystems.modules.emacs {
     # needed for elfeed
-    sops = lib.mkIf (!isPublic && !isNixos) {
-      secrets = {
-        fever-pw = { path = "${homeDir}/.emacs.d/.fever"; };
-        emacs-radicale-pw = { };
-      };
-      templates = {
-        authinfo = {
-          path = "${homeDir}/.emacs.d/.authinfo";
-          content = ''
-            machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
-          '';
-        };
-      };
-    };
+    sops.secrets.fever-pw = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; };
 
     # enable emacs overlay for bleeding edge features
     # also read init.el file and install use-package packages
@@ -13648,8 +13628,8 @@ let
   ];
 in
 {
-  options.swarselmodules.waybar = lib.mkEnableOption "waybar settings";
   options.swarselsystems = {
+    modules.waybar = lib.mkEnableOption "waybar settings";
     cpuCount = lib.mkOption {
       type = lib.types.int;
       default = 8;
@@ -13678,7 +13658,7 @@ in
       internal = true;
     };
   };
-  config = lib.mkIf config.swarselmodules.waybar {
+  config = lib.mkIf config.swarselsystems.modules.waybar {
 
     swarselsystems = {
       waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [
@@ -13686,7 +13666,7 @@ in
       ] ++ modulesRight);
     };
 
-    sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
+    sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
       github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
     };
 
@@ -13965,10 +13945,10 @@ I used to build the firefox addon bypass-paywalls-clean myself here
 
    
 
 
    
-
    { config, pkgs, lib, vars, ... }:
+
    { config, pkgs, lib, ... }:
 {
-  options.swarselmodules.firefox = lib.mkEnableOption "firefox settings";
-  config = lib.mkIf config.swarselmodules.firefox {
+  options.swarselsystems.modules.firefox = lib.mkEnableOption "firefox settings";
+  config = lib.mkIf config.swarselsystems.modules.firefox {
     programs.firefox = {
       enable = true;
       package = pkgs.firefox; # uses overrides
@@ -14110,7 +14090,7 @@ I used to build the firefox addon bypass-paywalls-clean myself here
               "browser.startup.homepage" = "https://lobste.rs";
             };
           }
-          vars.firefox;
+          config.swarselsystems.firefox;
       };
     };
   };
@@ -14136,8 +14116,8 @@ Used for storing sessions in e.g. Nextcloud
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.gnome-keyring = lib.mkEnableOption "gnome keyring settings";
-  config = lib.mkIf config.swarselmodules.gnome-keyring {
+  options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome keyring settings";
+  config = lib.mkIf config.swarselsystems.modules.gnome-keyring {
     services.gnome-keyring = lib.mkIf (!config.swarselsystems.isNixos) {
       enable = true;
     };
@@ -14157,8 +14137,8 @@ This enables phone/computer communication, including sending clipboard, files et
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.kdeconnect = lib.mkEnableOption "kdeconnect settings";
-  config = lib.mkIf config.swarselmodules.kdeconnect {
+  options.swarselsystems.modules.kdeconnect = lib.mkEnableOption "kdeconnect settings";
+  config = lib.mkIf config.swarselsystems.modules.kdeconnect {
     services.kdeconnect = {
       enable = true;
       indicator = true;
@@ -14184,8 +14164,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.mako = lib.mkEnableOption "mako settings";
-  config = lib.mkIf config.swarselmodules.mako {
+  options.swarselsystems.modules.mako = lib.mkEnableOption "mako settings";
+  config = lib.mkIf config.swarselsystems.modules.mako {
     services.mako = {
       enable = true;
       settings = {
@@ -14227,8 +14207,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
 
    
 
    { lib, pkgs, config, ... }:
 {
-  options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings";
-  config = lib.mkIf config.swarselmodules.swayosd {
+  options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings";
+  config = lib.mkIf config.swarselsystems.modules.swayosd {
     services.swayosd = {
       enable = true;
       package = pkgs.dev.swayosd;
@@ -14246,8 +14226,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
 
    
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings";
-  config = lib.mkIf config.swarselmodules.yubikeytouch {
+  options.swarselsystems.modules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings";
+  config = lib.mkIf config.swarselsystems.modules.yubikeytouch {
     systemd.user.services.yubikey-touch-detector = {
       Unit = {
         Description = "Detects when your YubiKey is waiting for a touch";
@@ -14301,8 +14281,8 @@ let
   };
 in
 {
-  options.swarselmodules.sway = lib.mkEnableOption "sway settings";
   options.swarselsystems = {
+    modules.sway = lib.mkEnableOption "sway settings";
     inputs = lib.mkOption {
       type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
       default = { };
@@ -14367,7 +14347,7 @@ in
       internal = true;
     };
   };
-  config = lib.mkIf config.swarselmodules.sway {
+  config = lib.mkIf config.swarselsystems.modules.sway {
     swarselsystems = {
       touchpad = lib.mkIf config.swarselsystems.isLaptop {
         "type:touchpad" = {
@@ -14412,6 +14392,8 @@ in
               "${modifier}+Space" = "exec fuzzel";
               "${modifier}+Shift+Space" = "floating toggle";
               "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\"";
+              "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\"";
+              "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\"";
               "${modifier}+m" = "exec swaymsg workspace back_and_forth";
               "${modifier}+a" = "exec swarselcheck -s";
               "${modifier}+x" = "exec swarselcheck -k";
@@ -14420,10 +14402,7 @@ in
               "${modifier}+Shift+t" = "exec opacitytoggle";
               "${modifier}+Shift+F12" = "move scratchpad";
               "${modifier}+F12" = "scratchpad show";
-              "${modifier}+Shift+c" = "exec qalculate-gtk";
-              "${modifier}+c" = "emacsclient -e '(prot-window-popup-org-capture)'";
-              "${modifier}+Shift+m" = "emacsclient -e '(prot-window-popup-mu4e)'";
-              "${modifier}+Shift+a" = "emacsclient -e '(prot-window-popup-swarsel/open-calendar)'";
+              "${modifier}+c" = "exec qalculate-gtk";
               "${modifier}+p" = "exec pass-fuzzel";
               "${modifier}+o" = "exec pass-fuzzel --otp";
               "${modifier}+Shift+p" = "exec pass-fuzzel --type";
@@ -14556,7 +14535,6 @@ in
             { title = "^Add$"; }
             { title = "^Picture-in-Picture$"; }
             { title = "Syncthing Tray"; }
-            { title = "Emacs Popup Frame"; }
             { title = "^spotifytui$"; }
             { title = "^kittyterm$"; }
             { app_id = "vesktop"; }
@@ -14715,8 +14693,8 @@ in
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.kanshi = lib.mkEnableOption "kanshi settings";
-  config = lib.mkIf config.swarselmodules.kanshi {
+  options.swarselsystems.modules.kanshi = lib.mkEnableOption "kanshi settings";
+  config = lib.mkIf config.swarselsystems.modules.kanshi {
     swarselsystems = {
       monitors = {
         homedesktop = {
@@ -14818,8 +14796,8 @@ let
   inherit (config.swarselsystems) mainUser homeDir;
 in
 {
-  options.swarselmodules.gpgagent = lib.mkEnableOption "gpg agent settings";
-  config = lib.mkIf config.swarselmodules.gpgagent {
+  options.swarselsystems.modules.gpgagent = lib.mkEnableOption "gpg agent settings";
+  config = lib.mkIf config.swarselsystems.modules.gpgagent {
     services.gpg-agent = {
       enable = true;
       enableZshIntegration = true;
@@ -14867,13 +14845,13 @@ This service changes the screen hue at night. I am not sure if that really does
 
    
 
 
    
-
    { lib, config, nixosConfig ? config, ... }:
+
    { lib, config, nixosConfig, ... }:
 let
   inherit (nixosConfig.repo.secrets.common.location) latitude longitude;
 in
 {
-  options.swarselmodules.gammastep = lib.mkEnableOption "gammastep settings";
-  config = lib.mkIf config.swarselmodules.gammastep {
+  options.swarselsystems.modules.gammastep = lib.mkEnableOption "gammastep settings";
+  config = lib.mkIf config.swarselsystems.modules.gammastep {
     services.gammastep = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
       enable = true;
       provider = "manual";
@@ -14889,9 +14867,6 @@ in
 
    
 
    3.3.2. Server
    
 
    
-
    
-This is again configuration that is mostly needed on servers. Most things should be done using the NixOS config instead, consider carefully if a home-manager config must be used.
-
    
 
    
 
    
 
    3.3.2.1. Imports
    
@@ -14909,6 +14884,7 @@ in
 {
   imports = lib.swarselsystems.mkImports importNames "modules/home/server" ++ [
     "${modulesPath}/home/common/settings.nix"
+    "${modulesPath}/home/common/sharedsetup.nix"
   ];
 }
 
    
@@ -14929,8 +14905,8 @@ As for the `home.sessionVariables`, it should be noted that environment variable
 
    
 
    { self, lib, config, ... }:
 {
-  options.swarselmodules.server.dotfiles = lib.mkEnableOption "server dotfiles settings";
-  config = lib.mkIf config.swarselmodules.server.dotfiles {
+  options.swarselsystems.modules.server.dotfiles = lib.mkEnableOption "server dotfiles settings";
+  config = lib.mkIf config.swarselsystems.modules.server.dotfiles {
     home.file = {
       "init.el" = lib.mkForce {
         source = self + /files/emacs/server.el;
@@ -14947,9 +14923,6 @@ As for the `home.sessionVariables`, it should be noted that environment variable
 
    
 
    3.3.3. Darwin
    
 
    
-
    
-Again, mostly a placeholder for future home-manager modules that run on darwin systems.
-
    
 
    
 
    
 
    3.3.3.1. Imports
    
@@ -14961,11 +14934,9 @@ This section sets up all the imports that are used in the home-manager section.
 
    
 
    { self, ... }:
 {
-  home.stateVersion = "23.05";
   imports = [
     "${self}/modules/home/common/settings.nix"
-    "${self}/modules/shared/options.nix"
-    "${self}/modules/shared/vars.nix"
+    "${self}/modules/home/common/sharedsetup.nix"
   ];
 }
 
    
@@ -14977,7 +14948,7 @@ This section sets up all the imports that are used in the home-manager section.
 
    3.3.4. Optional
    
 
    
 
    
-Akin to the Optional NixOS modules.
+Akin to the optional NixOS modules.
 
    
 
 
    
@@ -15001,8 +14972,8 @@ The rest of the settings is at 
 
    { lib, config, pkgs, ... }:
 {
-  options.swarselmodules.optional.gaming = lib.mkEnableOption "optional gaming settings";
-  config = lib.mkIf config.swarselmodules.optional.gaming {
+  options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings";
+  config = lib.mkIf config.swarselsystems.modules.optional.gaming {
     # specialisation = {
     #   gaming.configuration = {
     home.packages = with pkgs; [
@@ -15051,13 +15022,13 @@ The rest of the settings is at 
 
 
    
-
    { self, config, pkgs, lib, vars, nixosConfig ? config, ... }:
+
    { self, config, pkgs, lib, nixosConfig, ... }:
 let
   inherit (config.swarselsystems) homeDir;
 in
 {
-  options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings";
-  config = lib.mkIf config.swarselmodules.optional.work {
+  options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings";
+  config = lib.mkIf config.swarselsystems.modules.optional.work {
     home.packages = with pkgs; [
       stable.teams-for-linux
       shellcheck
@@ -15179,7 +15150,7 @@ in
                     "browser.startup.homepage" = "${site1}|${site2}";
                   };
                 }
-                vars.firefox;
+                config.swarselsystems.firefox;
               "${user2}" = lib.recursiveUpdate
                 {
                   inherit isDefault;
@@ -15188,13 +15159,13 @@ in
                     "browser.startup.homepage" = "${site3}";
                   };
                 }
-                vars.firefox;
+                config.swarselsystems.firefox;
               "${user3}" = lib.recursiveUpdate
                 {
                   inherit isDefault;
                   id = 3;
                 }
-                vars.firefox;
+                config.swarselsystems.firefox;
               work = lib.recursiveUpdate
                 {
                   inherit isDefault;
@@ -15203,7 +15174,7 @@ in
                     "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}";
                   };
                 }
-                vars.firefox;
+                config.swarselsystems.firefox;
             };
         };
 
@@ -15514,8 +15485,8 @@ This holds configuration that is specific to framework laptops.
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.optional.framework = lib.mkEnableOption "optional framework machine settings";
-  config = lib.mkIf config.swarselmodules.optional.framework {
+  options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings";
+  config = lib.mkIf config.swarselsystems.modules.optional.framework {
     swarselsystems = {
       inputs = {
         "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = {
@@ -15532,347 +15503,8 @@ This holds configuration that is specific to framework laptops.
 
    
 
    
 
    
-
    
-
    3.4. Shared
    
-
    
-
    
-This section is for modules that are to be used on NixOS and home-manager scopes alike. This is for example needed in order to allow me to define and set my own custom functions only once in the NixOS config and then mirror them into the corresponding home-manager option.
-
    
-
    
-
    
-
    3.4.1. TODO Configuration options
    
-
    
-
    
-These are my own configuration options that are used in multiple places throughout the configuration - for which reason I did not put them right where they are used for the first time.
-
    
-
-
    
-TODO: check which of these can be replaced but builtin functions.
-
    
-
-
    
-
    { self, config, lib, ... }:
-{
-  options.swarselsystems = {
-    withHomeManager = lib.mkOption {
-      type = lib.types.bool;
-      default = true;
-    };
-    isSwap = lib.mkOption {
-      type = lib.types.bool;
-      default = true;
-    };
-    swapSize = lib.mkOption {
-      type = lib.types.str;
-      default = "8G";
-    };
-    rootDisk = lib.mkOption {
-      type = lib.types.str;
-      default = "";
-    };
-    mainUser = lib.mkOption {
-      type = lib.types.str;
-      default = "swarsel";
-    };
-    isCrypted = lib.mkEnableOption "uses full disk encryption";
-
-    isImpermanence = lib.mkEnableOption "use impermanence on this system";
-    isSecureBoot = lib.mkEnableOption "use secure boot on this system";
-    isLaptop = lib.mkEnableOption "laptop host";
-    isNixos = lib.mkEnableOption "nixos host";
-    isPublic = lib.mkEnableOption "is a public machine (no secrets)";
-    isDarwin = lib.mkEnableOption "darwin host";
-    isLinux = lib.mkEnableOption "whether this is a linux machine";
-    isBtrfs = lib.mkEnableOption "use btrfs filesystem";
-    sopsFile = lib.mkOption {
-      type = lib.types.str;
-      default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml";
-    };
-    homeDir = lib.mkOption {
-      type = lib.types.str;
-      default = "/home/swarsel";
-    };
-    xdgDir = lib.mkOption {
-      type = lib.types.str;
-      default = "/run/user/1000";
-    };
-    flakePath = lib.mkOption {
-      type = lib.types.str;
-      default = "/home/swarsel/.dotfiles";
-    };
-    wallpaper = lib.mkOption {
-      type = lib.types.path;
-      default = "${self}/files/wallpaper/lenovowp.png";
-    };
-    sharescreen = lib.mkOption {
-      type = lib.types.str;
-      default = "";
-    };
-    lowResolution = lib.mkOption {
-      type = lib.types.str;
-      default = "";
-    };
-    highResolution = lib.mkOption {
-      type = lib.types.str;
-      default = "";
-    };
-  };
-}
-
    
-
    
-
    
-
    
-
    
-
    3.4.2. Variables (vars; holds firefox & stylix config parts)
    
-
    
-
    
-At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in Work that are all practically using the same configuration. To save screen space, I template that profile here.
-Set in firefox about:config > toolkit.legacyUserProfileCustomizations.stylesheets to true. This should in principle be set automatically using the below config, but it seems not to be working reliably.
-
    
-
-
    
-For styling, I am using the stylix NixOS module, loaded by flake. This package is really great, as it adds nix expressions for basically everything. Ever since switching to this, I did not have to play around with theming anywhere else.
-
    
-
-
    
-The full list of nerd-fonts can be found here: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/data/fonts/nerd-fonts/manifests/fonts.json
-
    
-
-
    
-This is where the theme for the whole OS is defined. Originally, this noweb-ref section could not be copied to the general NixOS config since they are on different folder structure levels in the config, which would have made the flake impure. By now, I have found out that using the ${self} method for referencing the flake root, I could circumvent this problem. Also, the noweb-ref block could in general be replaced by a custom attribute set (see for example [BROKEN LINK: h:e7f98ad8-74a6-4860-a368-cce154285ff0]). The difference here was, for a long time, that this block is used in a NixOS and a home-manager-only configuration, verbatim. If I were to use an attribute set, I would have to duplicate this block once each for NixOS and home-manager. Alas, this block stays (for now). However, I learned how to use an attribute set in a custom home-manager module and pass it to both NixOS and home-manager configurations, which also removed the need for that use of it.
-
    
-
-
    
-In short, the options defined here are passed to the modules systems using _modules.args - they can then be used by passing vars as an attribute in the input attribute set of a modules system file (=basically all files in this configuration)
-
    
-
-
    
-
    { self, lib, pkgs, ... }:
-{
-  _module.args = {
-    vars = {
-      stylix = {
-        polarity = "dark";
-        opacity.popups = 0.5;
-        cursor = {
-          package = pkgs.banana-cursor;
-          # package = pkgs.capitaine-cursors;
-          name = "Banana";
-          # name = "capitaine-cursors";
-          size = 16;
-        };
-        fonts = {
-          sizes = {
-            terminal = 10;
-            applications = 11;
-          };
-          serif = {
-            # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
-            package = pkgs.cantarell-fonts;
-            # package = pkgs.montserrat;
-            name = "Cantarell";
-            # name = "FiraCode Nerd Font Propo";
-            # name = "Montserrat";
-          };
-          sansSerif = {
-            # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
-            package = pkgs.cantarell-fonts;
-            # package = pkgs.montserrat;
-            name = "Cantarell";
-            # name = "FiraCode Nerd Font Propo";
-            # name = "Montserrat";
-          };
-          monospace = {
-            package = pkgs.nerd-fonts.fira-mono; # has overrides
-            name = "FiraCode Nerd Font Mono";
-          };
-          emoji = {
-            package = pkgs.noto-fonts-emoji;
-            name = "Noto Color Emoji";
-          };
-        };
-      };
-
-      stylixHomeTargets = {
-        emacs.enable = false;
-        waybar.enable = false;
-        sway.useWallpaper = false;
-        firefox.profileNames = [ "default" ];
-      };
-
-      firefox = {
-        userChrome = builtins.readFile "${self}/files/firefox/chrome/userChrome.css";
-        extensions = {
-          packages = with pkgs.nur.repos.rycee.firefox-addons; [
-            tridactyl
-            tampermonkey
-            sidebery
-            browserpass
-            clearurls
-            darkreader
-            enhancer-for-youtube
-            istilldontcareaboutcookies
-            translate-web-pages
-            ublock-origin
-            reddit-enhancement-suite
-            sponsorblock
-            web-archives
-            onepassword-password-manager
-            single-file
-            widegithub
-            enhanced-github
-            unpaywall
-            don-t-fuck-with-paste
-            plasma-integration
-            noscript
-
-            # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut
-            (buildFirefoxXpiAddon {
-              pname = "shortkeys";
-              version = "4.0.2";
-              addonId = "Shortkeys@Shortkeys.com";
-              url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
-              sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
-              meta = with lib;
-                {
-                  description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
-                  mozPermissions = [
-                    "tabs"
-                    "downloads"
-                    "clipboardWrite"
-                    "browsingData"
-                    "storage"
-                    "bookmarks"
-                    "sessions"
-                    "<all_urls>"
-                  ];
-                  platforms = platforms.all;
-                };
-            })
-          ];
-        };
-
-        settings =
-          {
-            "extensions.autoDisableScopes" = 0;
-            "browser.bookmarks.showMobileBookmarks" = true;
-            "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
-            "browser.search.suggest.enabled" = false;
-            "browser.search.suggest.enabled.private" = false;
-            "browser.urlbar.suggest.searches" = false;
-            "browser.urlbar.showSearchSuggestionsFirst" = false;
-            "browser.topsites.contile.enabled" = false;
-            "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
-            "browser.newtabpage.activity-stream.feeds.snippets" = false;
-            "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
-            "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
-            "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
-            "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
-            "browser.newtabpage.activity-stream.showSponsored" = false;
-            "browser.newtabpage.activity-stream.system.showSponsored" = false;
-            "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
-          };
-
-        search = {
-          # default = "Kagi";
-          default = "google";
-          # privateDefault = "Kagi";
-          privateDefault = "google";
-          engines = {
-            "Kagi" = {
-              urls = [{
-                template = "https://kagi.com/search";
-                params = [
-                  { name = "q"; value = "{searchTerms}"; }
-                ];
-              }];
-              icon = "https://kagi.com/favicon.ico";
-              updateInterval = 24 * 60 * 60 * 1000; # every day
-              definedAliases = [ "@k" ];
-            };
-
-            "Nix Packages" = {
-              urls = [{
-                template = "https://search.nixos.org/packages";
-                params = [
-                  { name = "type"; value = "packages"; }
-                  { name = "query"; value = "{searchTerms}"; }
-                ];
-              }];
-              icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
-              definedAliases = [ "@np" ];
-            };
-
-            "NixOS Wiki" = {
-              urls = [{
-                template = "https://nixos.wiki/index.php?search={searchTerms}";
-              }];
-              icon = "https://nixos.wiki/favicon.png";
-              updateInterval = 24 * 60 * 60 * 1000; # every day
-              definedAliases = [ "@nw" ];
-            };
-
-            "NixOS Options" = {
-              urls = [{
-                template = "https://search.nixos.org/options";
-                params = [
-                  { name = "query"; value = "{searchTerms}"; }
-                ];
-              }];
-
-              icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
-              definedAliases = [ "@no" ];
-            };
-
-            "Home Manager Options" = {
-              urls = [{
-                template = "https://home-manager-options.extranix.com/";
-                params = [
-                  { name = "query"; value = "{searchTerms}"; }
-                ];
-              }];
-
-              icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
-              definedAliases = [ "@hm" "@ho" "@hmo" ];
-            };
-
-            "Confluence search" = {
-              urls = [{
-                template = "https://vbc.atlassian.net/wiki/search";
-                params = [
-                  { name = "text"; value = "{searchTerms}"; }
-                ];
-              }];
-
-              definedAliases = [ "@c" "@cf" "@confluence" ];
-            };
-
-            "Jira search" = {
-              urls = [{
-                template = "https://vbc.atlassian.net/issues/";
-                params = [
-                  { name = "jql"; value = "textfields ~ \"{searchTerms}*\"&wildcardFlag=true"; }
-                ];
-              }];
-
-              definedAliases = [ "@j" "@jire" ];
-            };
-
-            "google".metaData.alias = "@g";
-          };
-          force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart
-        };
-      };
-    };
-  };
-}
-
    
-
    
-
    
-
    
-
    
 
    
-
    3.5. Packages
    
+
    3.4. Packages
    
 
    
 
    
 This is the central station for self-defined packages. These are all referenced in default.nix. Wherever possible, I am keeping the shell version of these scripts in this file as well and then read it using builtin.readFile in the NixOS configurations. This lets me keep full control in this one file but also keep the separate files uncluttered.
@@ -15900,7 +15532,7 @@ mkPackages packageNames pkgs
 
    
 
    
 
    
-
    3.5.1. pass-fuzzel
    
+
    3.4.1. pass-fuzzel
    
 
    
 
    
 This app allows me, in conjunction with my Yubikey, to quickly enter passwords when the need arises. Normal and TOTP passwords are supported, and they can either be printed directly or copied to the clipboard.
@@ -15974,7 +15606,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.2. cura5
    
+
    3.4.2. cura5
    
 
    
 
    
 The version of cura used to be quite outdated in nixpkgs. I am fetching a newer AppImage here and use that instead.
@@ -16017,7 +15649,7 @@ writeScriptBin "cura" ''
 
    
 
    
 
    
-
    3.5.3. hm-specialisation
    
+
    3.4.3. hm-specialisation
    
 
    
 
    
 This script allows for quick git home-manager specialisation switching.
@@ -16043,7 +15675,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.4. cdw
    
+
    3.4.4. cdw
    
 
    
 
    
 This script allows for quick git worktree switching.
@@ -16067,7 +15699,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.5. cdb
    
+
    3.4.5. cdb
    
 
    
 
    
 This script allows for quick git branch switching.
@@ -16089,7 +15721,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.6. bak
    
+
    3.4.6. bak
    
 
    
 
    
 This script lets me quickly backup files by appending .bak to the filename.
@@ -16112,7 +15744,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.7. timer
    
+
    3.4.7. timer
    
 
    
 
    
 This app starts a configuratble timer and uses TTS to say something once the timer runs out.
@@ -16135,7 +15767,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.8. e
    
+
    3.4.8. e
    
 
    
 
    
 This is a shorthand for calling emacsclient mostly. Also, it hides the kittyterm scratchpad window that I sometimes use for calling a command quickly, in case it is on the screen. After emacs closes, the kittyterm window is then shown again if it was visible earlier.
@@ -16181,7 +15813,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.9. command-not-found
    
+
    3.4.9. command-not-found
    
 
    
 
    
 The normal command-not-found.sh uses the outdated nix-shell commands as suggestions. This version supplies me with the more modern nixpkgs#<name> version.
@@ -16227,7 +15859,7 @@ command_not_found_handler() {
 
    
 
    
 
    
-
    3.5.10. swarselcheck
    
+
    3.4.10. swarselcheck
    
 
    
 
    
 This app checks for different apps that I keep around in the scratchpad for quick viewing and hiding (messengers and music players mostly) and then behaves like the kittyterm hider that I described in e.
@@ -16312,17 +15944,16 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.11. swarselzellij
    
+
    3.4.11. swarselzellij
    
 
    
 
    
-
    # KITTIES=$(($(pgrep -P 1 kitty | wc -l) - 1))
+
    KITTIES=$(($(pgrep -P 1 kitty | wc -l) - 1))
 
-# if ((KITTIES < 1)); then
-#     exec kitty -o confirm_os_window_close=0 zellij attach --create main
-# else
-#     exec kitty -o confirm_os_window_close=0 zellij attach --create "temp $KITTIES"
-# fi
-exec kitty -o confirm_os_window_close=0 zellij
+if ((KITTIES < 1)); then
+    exec kitty -o confirm_os_window_close=0 zellij attach --create main
+else
+    exec kitty -o confirm_os_window_close=0 zellij attach --create "temp $KITTIES"
+fi
 
    
 
    
 
@@ -16339,7 +15970,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.12. waybarupdate
    
+
    3.4.12. waybarupdate
    
 
    
 
    
 This scripts checks if there are uncommited changes in either my dotfile repo, my university repo, or my passfile repo. In that case a warning will be shown in waybar.
@@ -16386,7 +16017,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.13. opacitytoggle
    
+
    3.4.13. opacitytoggle
    
 
    
 
    
 This app quickly toggles between 5% and 0% transparency.
@@ -16413,7 +16044,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.14. fs-diff
    
+
    3.4.14. fs-diff
    
 
    
 
    
 This utility is used to compare the current state of the root directory with the blanket state that is stored in /root-blank (the snapshot that is restored on each reboot of an impermanence machine). Using this, I can find files that I will lose once I reboot - if there are important files in that list, I can then easily add them to the persist options.
@@ -16454,7 +16085,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.15. github-notifications
    
+
    3.4.15. github-notifications
    
 
    
 
    
 This utility checks if there are updated packages in nixpkgs-unstable. It does so by fully building the most recent configuration, which I do not love, but it has its merits once I am willing to switch to the newer version.
@@ -16468,7 +16099,7 @@ writeShellApplication {
   inherit name;
   runtimeInputs = [ jq ];
   text = ''
-    count=$(curl -u Swarsel:"$(cat "$GITHUB_NOTIFICATION_TOKEN_PATH")" https://api.github.com/notifications | jq '. | length')
+    count=$(curl -u Swarsel:"$(cat "$XDG_RUNTIME_DIR/secrets/github-notifications-token")" https://api.github.com/notifications | jq '. | length')
 
     if [[ "$count" != "0" ]]; then
         echo "{\"text\":\"$count\"}"
@@ -16480,7 +16111,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.16. fullscreen
    
+
    3.4.16. fullscreen
    
 
    
 
    
 This application moves the wl-mirror app to the T workspace and makes it fullscreen there.
@@ -16502,7 +16133,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.17. screenshare
    
+
    3.4.17. screenshare
    
 
    
 
    
 
    @@ -16545,7 +16176,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.18. swarsel-bootstrap
    
+
    3.4.18. swarsel-bootstrap
    
 
    
 
    
 This program sets up a new NixOS host remotely. It also takes care of secret management on the new host.
@@ -16918,7 +16549,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.19. swarsel-rebuild
    
+
    3.4.19. swarsel-rebuild
    
 
    
 
    
 
    set -eo pipefail
@@ -17037,7 +16668,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.20. swarsel-install
    
+
    3.4.20. swarsel-install
    
 
    
 
    
 Autoformatting always puts the EOF with indentation, which makes shfmt check fail. When editing this block, unindent them manually.
@@ -17239,7 +16870,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.21. swarsel-postinstall
    
+
    3.4.21. swarsel-postinstall
    
 
    
 
    
 
    set -eo pipefail
@@ -17331,7 +16962,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.22. t2ts
    
+
    3.4.22. t2ts
    
 
    
 
    
 
    { name, writeShellApplication, ... }:
@@ -17349,7 +16980,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.23. ts2t
    
+
    3.4.23. ts2t
    
 
    
 
    
 
    { name, writeShellApplication, ... }:
@@ -17367,7 +16998,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.24. vershell
    
+
    3.4.24. vershell
    
 
    
 
    
 
    { name, writeShellApplication, ... }:
@@ -17385,7 +17016,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.25. eontimer
    
+
    3.4.25. eontimer
    
 
    
 
    
 
    { lib
@@ -17489,7 +17120,7 @@ python3.pkgs.buildPythonApplication rec {
 
    
 
    
 
    
-
    3.5.26. project
    
+
    3.4.26. project
    
 
    
 
    
 
    set -euo pipefail
@@ -17513,7 +17144,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.27. fhs
    
+
    3.4.27. fhs
    
 
    
 
    
 
    { name, pkgs, ... }:
@@ -17532,7 +17163,7 @@ pkgs.buildFHSEnv (base // {
 
    
 
    
 
    
-
    3.5.28. swarsel-displaypower
    
+
    3.4.28. swarsel-displaypower
    
 
    
 
    
 A crude script to power on all displays that might be attached. Needed because sometimes displays do not awake from sleep.
@@ -17557,7 +17188,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.29. swarsel-mgba
    
+
    3.4.29. swarsel-mgba
    
 
    
 
    
 AppImage version of mgba in which the lua scripting works.
@@ -17591,7 +17222,7 @@ appimageTools.wrapType2 {
 
    
 
    
 
    
-
    3.5.30. swarsel-deploy
    
+
    3.4.30. swarsel-deploy
    
 
    
 
    
 
    # heavily inspired from https://github.com/oddlama/nix-config/blob/d42cbde676001a7ad8a3cace156e050933a4dcc3/pkgs/deploy.nix
@@ -17723,7 +17354,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.5.31. swarsel-build
    
+
    3.4.31. swarsel-build
    
 
    
 
    
 
    { name, nix-output-monitor, writeShellApplication, ... }:
@@ -17742,33 +17373,12 @@ writeShellApplication {
   '';
 }
 
-
    
-
    
-
    
-
    
-
    
-
    3.5.32. swarsel-instantiate
    
-
    
-
    
-This is a convenience function that calls nix-instantiate with a number of flags that I need in order to evaluate nix expressions in org-src blocks.
-
    
-
-
    
-
    { name, writeShellApplication, ... }:
-writeShellApplication {
-  inherit name;
-  text = ''
-    set -euo pipefail
-    nix-instantiate --strict --eval --expr "let lib = import <nixpkgs/lib>; in $*"
-  '';
-}
-
 
    
 
    
 
    
 
    
 
    
-
    3.5.33. sshrm
    
+
    3.4.32. sshrm
    
 
    
 
    
 This programs simply runs ssh-keygen on the last host that I tried to ssh into. I need this frequently when working with cloud-init usually.
@@ -17802,7 +17412,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.6. Profiles
    
+
    3.5. Profiles
    
 
    
 
    
 In this section I define custom modules under the swarsel attribute. These are mostly used to define settings specific to a host. I keep these settings confined to either home-manager or nixos to maintain compatibility with non-NixOS machines.
@@ -17813,7 +17423,7 @@ Note: The structure of generating the packages was changed in commit 2cf03
 
    
 
    
 
    
-
    3.6.1. NixOS
    
+
    3.5.1. NixOS
    
 
    
 
    
 Modules that need to be loaded on the NixOS level. Note that these will not be available on systems that are not running NixOS.
@@ -17831,14 +17441,14 @@ in
 
    
 
    
 
    
-
    3.6.1.1. Personal
    
+
    3.5.1.1. Personal
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host";
-  config = lib.mkIf config.swarselprofiles.personal {
-    swarselmodules = {
+  options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host";
+  config = lib.mkIf config.swarselsystems.profiles.personal {
+    swarselsystems.modules = {
       packages = lib.mkDefault true;
       pii = lib.mkDefault true;
       general = lib.mkDefault true;
@@ -17880,7 +17490,6 @@ in
       lowBattery = lib.mkDefault true;
       lanzaboote = lib.mkDefault true;
       autologin = lib.mkDefault true;
-      boot = lib.mkDefault true;
 
       optional = {
         gaming = lib.mkDefault true;
@@ -17892,11 +17501,6 @@ in
         ssh = lib.mkDefault true;
       };
     };
-    home-manager.users."${config.swarselsystems.mainUser}" = {
-      swarselprofiles = {
-        personal = lib.mkDefault true;
-      };
-    };
 
   };
 
@@ -17907,14 +17511,14 @@ in
 
    
 
    
 
    
-
    3.6.1.2. Reduced
    
+
    3.5.1.2. Reduced
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host";
-  config = lib.mkIf config.swarselprofiles.reduced {
-    swarselmodules = {
+  options.swarselsystems.profiles.reduced = lib.mkEnableOption "is this a reduced personal host";
+  config = lib.mkIf config.swarselsystems.profiles.reduced {
+    swarselsystems.modules = {
       packages = lib.mkDefault true;
       pii = lib.mkDefault true;
       general = lib.mkDefault true;
@@ -17956,17 +17560,11 @@ in
       lowBattery = lib.mkDefault true;
       lanzaboote = lib.mkDefault true;
       autologin = lib.mkDefault true;
-      boot = lib.mkDefault true;
 
       server = {
         ssh = lib.mkDefault true;
       };
     };
-    home-manager.users."${config.swarselsystems.mainUser}" = {
-      swarselprofiles = {
-        personal = lib.mkDefault true;
-      };
-    };
 
   };
 
@@ -17977,14 +17575,14 @@ in
 
    
 
    
 
    
-
    3.6.1.3. Minimal
    
+
    3.5.1.3. Minimal
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.minimal = lib.mkEnableOption "declare this a minimal host";
-  config = lib.mkIf config.swarselprofiles.minimal {
-    swarselmodules = {
+  options.swarselsystems.profiles.minimal = lib.mkEnableOption "declare this a minimal host";
+  config = lib.mkIf config.swarselsystems.profiles.minimal {
+    swarselsystems.modules = {
       general = lib.mkDefault true;
       home-manager = lib.mkDefault true;
       xserver = lib.mkDefault true;
@@ -17998,7 +17596,6 @@ in
       zsh = lib.mkDefault true;
       yubikey = lib.mkDefault true;
       autologin = lib.mkDefault true;
-      boot = lib.mkDefault true;
 
       server = {
         ssh = lib.mkDefault true;
@@ -18014,20 +17611,19 @@ in
 
    
 
    
 
    
-
    3.6.1.4. Chaostheatre
    
+
    3.5.1.4. Chaostheatre
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host";
-  config = lib.mkIf config.swarselprofiles.chaostheatre {
-    swarselmodules = {
+  options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host";
+  config = lib.mkIf config.swarselsystems.profiles.chaostheatre {
+    swarselsystems.modules = {
       packages = lib.mkDefault true;
       general = lib.mkDefault true;
       home-manager = lib.mkDefault true;
       xserver = lib.mkDefault true;
       users = lib.mkDefault true;
-      sops = lib.mkDefault true;
       env = lib.mkDefault true;
       security = lib.mkDefault true;
       systemdTimeout = lib.mkDefault true;
@@ -18036,6 +17632,7 @@ in
       pipewire = lib.mkDefault true;
       network = lib.mkDefault true;
       time = lib.mkDefault true;
+      sops = lib.mkDefault false;
       stylix = lib.mkDefault true;
       programs = lib.mkDefault true;
       zsh = lib.mkDefault true;
@@ -18046,7 +17643,7 @@ in
       interceptionTools = lib.mkDefault true;
       swayosd = lib.mkDefault true;
       ppd = lib.mkDefault true;
-      yubikey = lib.mkDefault false;
+      yubikey = lib.mkDefault true;
       ledger = lib.mkDefault true;
       keyboards = lib.mkDefault true;
       login = lib.mkDefault true;
@@ -18073,14 +17670,14 @@ in
 
    
 
    
 
    
-
    3.6.1.5. toto
    
+
    3.5.1.5. toto
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host";
-  config = lib.mkIf config.swarselprofiles.toto {
-    swarselmodules = {
+  options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host";
+  config = lib.mkIf config.swarselsystems.profiles.toto {
+    swarselsystems.modules = {
       general = lib.mkDefault true;
       packages = lib.mkDefault true;
       home-manager = lib.mkDefault true;
@@ -18105,23 +17702,18 @@ in
 
    
 
    
 
    
-
    3.6.1.6. Work
    
+
    3.5.1.6. Work
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.work = lib.mkEnableOption "is this a work host";
-  config = lib.mkIf config.swarselprofiles.work {
-    swarselmodules = {
+  options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host";
+  config = lib.mkIf config.swarselsystems.profiles.work {
+    swarselsystems.modules = {
       optional = {
         work = lib.mkDefault true;
       };
     };
-    home-manager.users."${config.swarselsystems.mainUser}" = {
-      swarselprofiles = {
-        work = lib.mkDefault true;
-      };
-    };
 
   };
 
@@ -18132,23 +17724,18 @@ in
 
    
 
    
 
    
-
    3.6.1.7. Framework
    
+
    3.5.1.7. Framework
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host";
-  config = lib.mkIf config.swarselprofiles.framework {
-    swarselmodules = {
+  options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host";
+  config = lib.mkIf config.swarselsystems.profiles.framework {
+    swarselsystems.modules = {
       optional = {
         framework = lib.mkDefault true;
       };
     };
-    home-manager.users."${config.swarselsystems.mainUser}" = {
-      swarselprofiles = {
-        framework = lib.mkDefault true;
-      };
-    };
 
   };
 
@@ -18159,14 +17746,14 @@ in
 
    
 
    
 
    
-
    3.6.1.8. AMD CPU
    
+
    3.5.1.8. AMD CPU
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu";
-  config = lib.mkIf config.swarselprofiles.amdcpu {
-    swarselmodules = {
+  options.swarselsystems.profiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu";
+  config = lib.mkIf config.swarselsystems.profiles.amdcpu {
+    swarselsystems.modules = {
       optional = {
         amdcpu = lib.mkDefault true;
       };
@@ -18181,14 +17768,14 @@ in
 
    
 
    
 
    
-
    3.6.1.9. AMD GPU
    
+
    3.5.1.9. AMD GPU
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu";
-  config = lib.mkIf config.swarselprofiles.amdgpu {
-    swarselmodules = {
+  options.swarselsystems.profiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu";
+  config = lib.mkIf config.swarselsystems.profiles.amdgpu {
+    swarselsystems.modules = {
       optional = {
         amdgpu = lib.mkDefault true;
       };
@@ -18203,14 +17790,14 @@ in
 
    
 
    
 
    
-
    3.6.1.10. Hibernation
    
+
    3.5.1.10. Hibernation
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.hibernation = lib.mkEnableOption "is this a host using hibernation";
-  config = lib.mkIf config.swarselprofiles.hibernation {
-    swarselmodules = {
+  options.swarselsystems.profiles.hibernation = lib.mkEnableOption "is this a host using hibernation";
+  config = lib.mkIf config.swarselsystems.profiles.hibernation {
+    swarselsystems.modules = {
       optional = {
         hibernation = lib.mkDefault true;
       };
@@ -18225,14 +17812,14 @@ in
 
    
 
    
 
    
-
    3.6.1.11. BTRFS
    
+
    3.5.1.11. BTRFS
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.btrfs = lib.mkEnableOption "is this a host using btrfs";
-  config = lib.mkIf config.swarselprofiles.btrfs {
-    swarselmodules = {
+  options.swarselsystems.profiles.btrfs = lib.mkEnableOption "is this a host using btrfs";
+  config = lib.mkIf config.swarselsystems.profiles.btrfs {
+    swarselsystems.modules = {
       optional = {
         btrfs = lib.mkDefault true;
       };
@@ -18247,14 +17834,15 @@ in
 
    
 
    
 
    
-
    3.6.1.12. Local Server
    
+
    3.5.1.12. Local Server
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.server.local = lib.mkEnableOption "is this a local server";
-  config = lib.mkIf config.swarselprofiles.server.local {
-    swarselmodules = {
+  options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server";
+  config = lib.mkIf config.swarselsystems.profiles.server.local {
+    swarselsystems = {
+      modules = {
         general = lib.mkDefault true;
         pii = lib.mkDefault true;
         home-manager = lib.mkDefault true;
@@ -18262,7 +17850,6 @@ in
         time = lib.mkDefault true;
         users = lib.mkDefault true;
         sops = lib.mkDefault true;
-        boot = lib.mkDefault true;
         server = {
           general = lib.mkDefault true;
           packages = lib.mkDefault true;
@@ -18295,6 +17882,7 @@ in
           ankisync = lib.mkDefault true;
         };
       };
+    };
   };
 
 }
@@ -18304,14 +17892,15 @@ in
 
    
 
    
 
    
-
    3.6.1.13. OCI Sync Server
    
+
    3.5.1.13. OCI Sync Server
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server";
-  config = lib.mkIf config.swarselprofiles.server.syncserver {
-    swarselmodules = {
+  options.swarselsystems.profiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server";
+  config = lib.mkIf config.swarselsystems.profiles.server.syncserver {
+    swarselsystems = {
+      modules = {
         general = lib.mkDefault true;
         nix-ld = lib.mkDefault true;
         pii = lib.mkDefault true;
@@ -18320,7 +17909,6 @@ in
         time = lib.mkDefault true;
         users = lib.mkDefault true;
         sops = lib.mkDefault true;
-        boot = lib.mkDefault true;
         server = {
           general = lib.mkDefault true;
           packages = lib.mkDefault true;
@@ -18330,6 +17918,7 @@ in
           ankisync = lib.mkDefault false;
         };
       };
+    };
   };
 
 }
@@ -18339,14 +17928,15 @@ in
 
    
 
    
 
    
-
    3.6.1.14. Moonside
    
+
    3.5.1.14. Moonside
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.server.moonside = lib.mkEnableOption "is this a moonside server";
-  config = lib.mkIf config.swarselprofiles.server.moonside {
-    swarselmodules= {
+  options.swarselsystems.profiles.server.moonside = lib.mkEnableOption "is this a moonside server";
+  config = lib.mkIf config.swarselsystems.profiles.server.moonside {
+    swarselsystems = {
+      modules = {
         general = lib.mkDefault true;
         pii = lib.mkDefault true;
         home-manager = lib.mkDefault true;
@@ -18355,7 +17945,6 @@ in
         users = lib.mkDefault true;
         impermanence = lib.mkDefault true;
         sops = lib.mkDefault true;
-        boot = lib.mkDefault true;
         server = {
           general = lib.mkDefault true;
           packages = lib.mkDefault true;
@@ -18365,9 +17954,8 @@ in
           croc = lib.mkDefault true;
           microbin = lib.mkDefault true;
           shlink = lib.mkDefault true;
-          slink = lib.mkDefault true;
-          syncthing = lib.mkDefault true;
         };
+      };
     };
   };
 
@@ -18379,7 +17967,7 @@ in
 
    
 
    
 
    
-
    3.6.2. home-manager
    
+
    3.5.2. home-manager
    
 
    
 
    
 This holds modules that are to be used on most hosts. These are also the most important options to configure, as these allow me easy access to monitor, keyboard, and other setups.
@@ -18397,20 +17985,20 @@ in
 
    
 
    
 
    
-
    3.6.2.1. Personal
    
+
    3.5.2.1. Personal
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host";
-  config = lib.mkIf config.swarselprofiles.personal {
-    swarselmodules = {
+  options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host";
+  config = lib.mkIf config.swarselsystems.profiles.personal {
+    swarselsystems.modules = {
       packages = lib.mkDefault true;
       ownpackages = lib.mkDefault true;
       general = lib.mkDefault true;
       nixgl = lib.mkDefault true;
-      sops = lib.mkDefault false;
-      yubikey = lib.mkDefault false;
+      sops = lib.mkDefault true;
+      yubikey = lib.mkDefault true;
       ssh = lib.mkDefault true;
       stylix = lib.mkDefault true;
       desktop = lib.mkDefault true;
@@ -18456,14 +18044,14 @@ in
 
    
 
    
 
    
-
    3.6.2.2. Reduced
    
+
    3.5.2.2. Reduced
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host";
-  config = lib.mkIf config.swarselprofiles.reduced {
-    swarselmodules = {
+  options.swarselsystems.profiles.reduced = lib.mkEnableOption "is this a reduced personal host";
+  config = lib.mkIf config.swarselsystems.profiles.reduced {
+    swarselsystems.modules = {
       packages = lib.mkDefault true;
       ownpackages = lib.mkDefault true;
       general = lib.mkDefault true;
@@ -18512,14 +18100,14 @@ in
 
    
 
    
 
    
-
    3.6.2.3. Minimal
    
+
    3.5.2.3. Minimal
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.minimal = lib.mkEnableOption "is this a personal host";
-  config = lib.mkIf config.swarselprofiles.minimal {
-    swarselmodules = {
+  options.swarselsystems.profiles.minimal = lib.mkEnableOption "is this a personal host";
+  config = lib.mkIf config.swarselsystems.profiles.minimal {
+    swarselsystems.modules = {
       general = lib.mkDefault true;
       sops = lib.mkDefault true;
       kitty = lib.mkDefault true;
@@ -18535,14 +18123,14 @@ in
 
    
 
    
 
    
-
    3.6.2.4. Chaostheatre
    
+
    3.5.2.4. Chaostheatre
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host";
-  config = lib.mkIf config.swarselprofiles.chaostheatre {
-    swarselmodules = {
+  options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host";
+  config = lib.mkIf config.swarselsystems.profiles.chaostheatre {
+    swarselsystems.modules = {
       packages = lib.mkDefault true;
       ownpackages = lib.mkDefault true;
       general = lib.mkDefault true;
@@ -18588,14 +18176,14 @@ in
 
    
 
    
 
    
-
    3.6.2.5. toto
    
+
    3.5.2.5. toto
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host";
-  config = lib.mkIf config.swarselprofiles.toto {
-    swarselmodules = {
+  options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host";
+  config = lib.mkIf config.swarselsystems.profiles.toto {
+    swarselsystems.modules = {
       general = lib.mkDefault true;
       sops = lib.mkDefault true;
       ssh = lib.mkDefault true;
@@ -18611,14 +18199,14 @@ in
 
    
 
    
 
    
-
    3.6.2.6. Work
    
+
    3.5.2.6. Work
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.work = lib.mkEnableOption "is this a work host";
-  config = lib.mkIf config.swarselprofiles.work {
-    swarselmodules = {
+  options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host";
+  config = lib.mkIf config.swarselsystems.profiles.work {
+    swarselsystems.modules = {
       optional = {
         work = lib.mkDefault true;
       };
@@ -18632,14 +18220,14 @@ in
 
    
 
    
 
    
-
    3.6.2.7. Framework
    
+
    3.5.2.7. Framework
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host";
-  config = lib.mkIf config.swarselprofiles.framework {
-    swarselmodules = {
+  options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host";
+  config = lib.mkIf config.swarselsystems.profiles.framework {
+    swarselsystems.modules = {
       optional = {
         framework = lib.mkDefault true;
       };
@@ -18649,19 +18237,38 @@ in
 
 }
 
+
    
+
    
+
    
+
    
+
    
+
    3.5.2.8. Darwin
    
+
    
+
    
+
    { lib, config, ... }:
+{
+  options.swarselsystems.profiles.darwin = lib.mkEnableOption "is this a darwin host";
+  config = lib.mkIf config.swarselsystems.profiles.darwin {
+    swarselsystems.modules = {
+      general = lib.mkDefault true;
+    };
+  };
+
+}
+
 
    
 
    
 
    
 
    
 
    
-
    3.6.2.8. Local Server
    
+
    3.5.2.9. Local Server
    
 
    
 
    
 
    { lib, config, ... }:
 {
-  options.swarselprofiles.server.local = lib.mkEnableOption "is this a local server";
-  config = lib.mkIf config.swarselprofiles.server.local {
-    swarselmodules = {
+  options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server";
+  config = lib.mkIf config.swarselsystems.profiles.server.local {
+    swarselsystems.modules = {
       general = lib.mkDefault true;
       server = {
         dotfiles = lib.mkDefault true;
@@ -18709,26 +18316,25 @@ Also packed into the hook function is the line (fset 'epg-wait-for-status
 
    
 
 
    
-
    ;; -*- lexical-binding: t; -*-
-  (defvar swarsel-file-name-handler-alist file-name-handler-alist)
-  (defvar swarsel-vc-handled-backends vc-handled-backends)
+
    (defvar swarsel-file-name-handler-alist file-name-handler-alist)
+(defvar swarsel-vc-handled-backends vc-handled-backends)
 
-  (setq gc-cons-threshold most-positive-fixnum
-        gc-cons-percentage 0.6
-        file-name-handler-alist nil
-        vc-handled-backends nil)
+(setq gc-cons-threshold most-positive-fixnum
+      gc-cons-percentage 0.6
+      file-name-handler-alist nil
+      vc-handled-backends nil)
 
-  (add-hook 'emacs-startup-hook
-            (lambda ()
-              (progn
-                (setq gc-cons-threshold (* 32 1024 1024)
-                      gc-cons-percentage 0.1
-                      jit-lock-defer-time 0.05
-                      read-process-output-max (* 1024 1024)
-                      file-name-handler-alist swarsel-file-name-handler-alist
-                      vc-handled-backends swarsel-vc-handled-backends)
-                (fset 'epg-wait-for-status 'ignore)
-                )))
+(add-hook 'emacs-startup-hook
+          (lambda ()
+            (progn
+              (setq gc-cons-threshold (* 32 1024 1024)
+                    gc-cons-percentage 0.1
+                    jit-lock-defer-time 0.05
+                    read-process-output-max (* 1024 1024)
+                    file-name-handler-alist swarsel-file-name-handler-alist
+                    vc-handled-backends swarsel-vc-handled-backends)
+              (fset 'epg-wait-for-status 'ignore)
+              )))
 
 
    
 
    
@@ -18849,13 +18455,12 @@ Since I am rebinding the C-z hotkey for emacs-evil-state toggling,
 
    
 
 
    
-
    ;; -*- lexical-binding: t; -*-
-
-  (defun swarsel/toggle-evil-state ()
-    (interactive)
-    (if (or (evil-emacs-state-p) (evil-insert-state-p))
-        (evil-normal-state)
-      (evil-emacs-state)))
+
    +(defun swarsel/toggle-evil-state ()
+  (interactive)
+  (if (or (evil-emacs-state-p) (evil-insert-state-p))
+      (evil-normal-state)
+    (evil-emacs-state)))
 
 
    
 
    
@@ -18921,7 +18526,7 @@ Used here: mu4e
           (insert (format "%s <%s>" (or from-user user-full-name) from-addr)))))))
 
 (defun swarsel/mu4e-restore-default ()
-  (setq user-mail-address (getenv "SWARSEL_MAIL4")
+  (setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL")
         user-full-name (getenv "SWARSEL_FULLNAME")))
 
 
@@ -19309,7 +18914,7 @@ These functions are used here: 
 
    
 
    
-
    4.2.1.14. Disable garbage collection while minibuffer is active
    
+
    4.2.1.14. Disable garbace collection while minibuffer is active
    
 
    
 
    
 
    @@ -20656,7 +20261,7 @@ org 9.2 changed the way structure templates work. This brings back the old way i
 
    
 
 
    
-Usage: Type <, followed by one of the below keywords and press TAB. The corresponding source block should appear.
+Usage: Type <, followed by one of the below keywords and press RET. The corresponding source block should appear.
 
    
 
 
    
@@ -20666,7 +20271,6 @@ Usage: Type <, followed by one of the below keywords and press <
 (add-to-list 'org-structure-template-alist '("el" . "src emacs-lisp"))
 (add-to-list 'org-structure-template-alist '("py" . "src python :results output"))
 (add-to-list 'org-structure-template-alist '("nix" . "src nix-ts :tangle"))
-(add-to-list 'org-structure-template-alist '("ne" . "bash :exports both"))
 
 
    
 
    
@@ -22075,11 +21679,11 @@ Yes, I am aware that I am exposing my university-calendar to the public here. I
   :init
   ;; set org-caldav-sync-initalization
   (setq swarsel-caldav-synced 0)
-  ;; (setq org-caldav-url "https://schedule.swarsel.win/swarsel/calendar")
-  ;; (setq org-caldav-calendars
-  ;;       '((:calendar-id "personal"
-  ;;                       :inbox "~/Calendars/leon_cal.org")))
-  ;; (setq org-caldav-files '("~/Calendars/leon_cal.org"))
+  (setq org-caldav-url "https://stash.swarsel.win/remote.php/dav/calendars/Swarsel")
+  (setq org-caldav-calendars
+        '((:calendar-id "personal"
+                        :inbox "~/Calendars/leon_cal.org")))
+  (setq org-caldav-files '("~/Calendars/leon_cal.org"))
   ;; (setq org-caldav-backup-file "~/org-caldav/org-caldav-backup.org")
   ;; (setq org-caldav-save-directory "~/org-caldav/")
 
@@ -22106,14 +21710,6 @@ Yes, I am aware that I am exposing my university-calendar to the public here. I
   :config
   (bind-key "g" 'cfw:refresh-calendar-buffer cfw:calendar-mode-map)
   (bind-key "q" 'evil-quit cfw:details-mode-map)
-  ;; dont change the order of days in this one, as it will break weekend markings
-  (setq calendar-day-name-array
-        ["Sunday" "Monday" "Tuesday" "Wednesday" "Thursday" "Friday" "Saturday"])
-
-  ;; First day of the week
-  (setq calendar-week-start-day 1) ; 0:Sunday, 1:Monday
-
-
   ;; (custom-set-faces
   ;;  '(cfw:face-title ((t (:foreground "#f0dfaf" :weight bold :height 65))))
   ;; )
@@ -22121,17 +21717,14 @@ Yes, I am aware that I am exposing my university-calendar to the public here. I
 
 (defun swarsel/open-calendar ()
   (interactive)
-  ;; (unless (eq swarsel-caldav-synced 1) (org-caldav-sync) (setq swarsel-caldav-synced 1))
+  (unless (eq swarsel-caldav-synced 1) (org-caldav-sync) (setq swarsel-caldav-synced 1))
   ;;  (select-frame (make-frame '((name . "calendar")))) ; makes a new frame and selects it
   ;; (set-face-attribute 'default (selected-frame) :height 65) ; reduces the font size of the new frame
   (cfw:open-calendar-buffer
    :contents-sources
    (list
-    (cfw:org-create-source "Blue")  ; orgmode source
-    (cfw:ical-create-source (getenv "SWARSEL_CAL1NAME") (getenv "SWARSEL_CAL1") "Cyan")
-    (cfw:ical-create-source (getenv "SWARSEL_CAL2NAME") (getenv "SWARSEL_CAL2") "Green")
-    (cfw:ical-create-source (getenv "SWARSEL_CAL3NAME") (getenv "SWARSEL_CAL3") "Magenta")
-    )))
+    (cfw:org-create-source "Purple")  ; orgmode source
+    (cfw:ical-create-source "TISS" "https://tiss.tuwien.ac.at/events/rest/calendar/personal?locale=de&token=4463bf7a-87a3-490a-b54c-99b4a65192f3" "Cyan"))))
 
 
    
 
    
@@ -22243,52 +21836,6 @@ This sets up the dashboard, which is really quite useless. But, it
 (setq comint-buffer-maximum-size 50)
 (add-hook 'comint-output-filter-functions 'comint-truncate-buffer)
 
-
    
-
    
-
    
-
    
-
    
-
    4.4.45. Popup frames
    
-
    
-
    
-
    (defun prot-window-delete-popup-frame (&rest _)
-  "Kill selected selected frame if it has parameter `prot-window-popup-frame'.
-Use this function via a hook."
-  (when (frame-parameter nil 'prot-window-popup-frame)
-    (delete-frame)))
-
-(defmacro prot-window-define-with-popup-frame (command)
-  "Define interactive function which calls COMMAND in a new frame.
-Make the new frame have the `prot-window-popup-frame' parameter."
-  `(defun ,(intern (format "prot-window-popup-%s" command)) ()
-     ,(format "Run `%s' in a popup frame with `prot-window-popup-frame' parameter.
-Also see `prot-window-delete-popup-frame'." command)
-     (interactive)
-     (let ((frame (make-frame '((prot-window-popup-frame . t)))))
-       (select-frame frame)
-       (modify-frame-parameters nil '((title . "Emacs Popup Frame")))
-       (switch-to-buffer " prot-window-hidden-buffer-for-popup-frame")
-       (condition-case nil
-           (call-interactively ',command)
-         ((quit error user-error)
-          (delete-frame frame))))))
-
-(declare-function org-capture "org-capture" (&optional goto keys))
-(defvar org-capture-after-finalize-hook)
-;;;###autoload (autoload 'prot-window-popup-org-capture "prot-window")
-(prot-window-define-with-popup-frame org-capture)
-(add-hook 'org-capture-after-finalize-hook #'prot-window-delete-popup-frame)
-
-(declare-function mu4e "mu4e" (&optional goto keys))
-;;;###autoload (autoload 'prot-window-popup-mu4e "prot-window")
-(prot-window-define-with-popup-frame mu4e)
-(advice-add 'mu4e-quit :after #'prot-window-delete-popup-frame)
-
-(declare-function swarsel/open-calendar "swarsel/open-calendar" (&optional goto keys))
-;;;###autoload (autoload 'prot-window-popup-swarsel/open-calendar "prot-window")
-(prot-window-define-with-popup-frame swarsel/open-calendar)
-(advice-add 'bury-buffer :after #'prot-window-delete-popup-frame)
-
 
    
 
    
 
    
@@ -23037,7 +22584,7 @@ dd DRIVE ISO:
   sudo dd if=$(eza --sort changed {{ISO}} | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync
 
 sync USER HOST:
-  rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/
+  rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/
 
 
    
 
    
@@ -23260,7 +22807,6 @@ in
   default_shell "zsh"
   copy_on_select true
   on_force_close "detach"
-  show_startup_tips false
 
   default_layout "default"
   layout_dir "${config.home.homeDirectory}/.config/zellij/layouts"
@@ -24660,289 +24206,286 @@ Here lies defined the readme for GitHub and Forgejo:
 
    
 
 
    
-
      [![Build Status](https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2FSwarsel%2F.dotfiles%2Fbadge%3Fref%3Dmain&style=flat&labelColor=11111b)](https://actions-badge.atrox.dev/Swarsel/.dotfiles/goto?ref=main)
+
    [![Build Status](https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2FSwarsel%2F.dotfiles%2Fbadge%3Fref%3Dmain&style=flat&labelColor=11111b)](https://actions-badge.atrox.dev/Swarsel/.dotfiles/goto?ref=main)
 
-  ###### Disclaimer
+###### Disclaimer
 
-  You probably do not want to use this setup verbatim. This is made to fit my specific use cases, and I do not guarantee best practises everywhere. Changes are made on a daily basis.
+You probably do not want to use this setup verbatim. This is made to fit my specific use cases, and I do not guarantee best practises everywhere. Changes are made on a daily basis.
 
-  That being said, there is a lot of general configuration that you *probably* can use without changes; if you only want to use this repository as a starting point for your own configuration, you should be fine. See below for more information. Also, if you see something that can be done more efficiently or better in general, please let me know! :)
+That being said, there is a lot of general configuration that you *probably* can use without changes; if you only want to use this repository as a starting point for your own configuration, you should be fine. See below for more information. Also, if you see something that can be done more efficiently or better in general, please let me know! :)
 
-  # \~SwarselSystems\~
+# \~SwarselSystems\~
 
-  <p align="center">
-    <img width="49%" title="Tiling" alt="swarselsystems_preview1" src="https://github.com/user-attachments/assets/f6021ab9-6289-497d-8747-28f5d526b75a" />
-    <img width="49%" title="Waybar" alt="swarselsystems_preview2" src="https://github.com/user-attachments/assets/1160d9f7-710c-4046-8fcf-476bb4a0be84" />
-  </p>
+<p align="center">
+  <img src="https://i.imgur.com/bmgLNcu.png" width="49%" title="Tiling">
+  <img src="https://i.imgur.com/0G7Be6e.png" width="49%" title="Waybar">
+</p>
 
-  ## Overview
+## Overview
 
-  - [Literate configuration](https://swarsel.github.io/.dotfiles/) defining my entire infrastructure, including Emacs
-  - Configuration based on flakes for personal hosts as well as servers on:
-    - [NixOS](https://github.com/NixOS/nixpkgs)
-    - [home-manager](https://github.com/nix-community/home-manager) only (no full NixOS) with support from [nixGL](https://github.com/nix-community/nixGL)
-    - [nix-darwin](https://github.com/LnL7/nix-darwin)
-    - [nix-on-droid](https://github.com/nix-community/nix-on-droid)
-  - Streamlined configuration and deployment pipeline:
-    - Framework for [packages](https://github.com/Swarsel/.dotfiles/blob/main/pkgs/default.nix), [overlays](https://github.com/Swarsel/.dotfiles/blob/main/overlays/default.nix), [modules](https://github.com/Swarsel/.dotfiles/tree/main/modules), and [library functions](https://github.com/Swarsel/.dotfiles/tree/main/lib/default.nix)
-    - Dynamically generated host configurations
-    - Limited local installer (no secrets handling) with a supported demo build
-    - Fully autonomous remote deployment using [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) and [disko](https://github.com/nix-community/disko) (with secrets handling)
-    - Improved nix tooling
-  - Support for advanced features:
-    - Secrets handling using [sops-nix](https://github.com/Mic92/sops-nix) (pls no pwn ❀️)
-    - Management of personally identifiable information using [nix-plugins](https://github.com/shlevy/nix-plugins)
-    - Full Yubikey support
-    - LUKS-encryption
-    - Secure boot using [Lanzaboote](https://github.com/nix-community/lanzaboote)
-    - BTRFS-based [Impermanence](https://github.com/nix-community/impermanence)
-    - Configuration shared between configurations (configuration for one nixosConfiguration can be defined in another nixosConfiguration)
-    - Global attributes shared between all configurations to reduce attribute redeclaration
+- [Literate configuration](https://swarsel.github.io/.dotfiles/) defining my entire infrastructure, including Emacs
+- Configuration based on flakes for personal hosts as well as servers on:
+  - [NixOS](https://github.com/NixOS/nixpkgs)
+  - [home-manager](https://github.com/nix-community/home-manager) only (no full NixOS) with support from [nixGL](https://github.com/nix-community/nixGL)
+  - [nix-darwin](https://github.com/LnL7/nix-darwin)
+  - [nix-on-droid](https://github.com/nix-community/nix-on-droid)
+- Streamlined configuration and deployment pipeline:
+  - Framework for [packages](https://github.com/Swarsel/.dotfiles/blob/main/pkgs/default.nix), [overlays](https://github.com/Swarsel/.dotfiles/blob/main/overlays/default.nix), [modules](https://github.com/Swarsel/.dotfiles/tree/main/modules), and [library functions](https://github.com/Swarsel/.dotfiles/tree/main/lib/default.nix)
+  - Dynamically generated host configurations
+  - Limited local installer (no secrets handling) with a supported demo build
+  - Fully autonomous remote deployment using [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) and [disko](https://github.com/nix-community/disko) (with secrets handling)
+  - Improved nix tooling
+- Support for advanced features:
+  - Secrets handling using [sops-nix](https://github.com/Mic92/sops-nix) (pls no pwn ❀️)
+  - Management of personally identifiable information using [nix-plugins](https://github.com/shlevy/nix-plugins)
+  - Full Yubikey support
+  - LUKS-encryption
+  - Secure boot using [Lanzaboote](https://github.com/nix-community/lanzaboote)
+  - BTRFS-based [Impermanence](https://github.com/nix-community/impermanence)
+  - Configuration shared between configurations (configuration for one nixosConfiguration can be defined in another nixosConfiguration)
+  - Global attributes shared between all configurations to reduce attribute redeclaration
 
-  ## Documentation
+## Documentation
 
-  If you are mainly interested in how I configured this system, check out this page:
+If you are mainly interested in how I configured this system, check out this page:
 
-  [SwarselSystems literate configuration](https://swarsel.github.io/.dotfiles/)
+[SwarselSystems literate configuration](https://swarsel.github.io/.dotfiles/)
 
-  This file will take you through my design process, in varying amounts of detail.
+This file will take you through my design process, in varying amounts of detail.
 
-  Otherwise, the files that are possibly of biggest interest are found here:
+Otherwise, the files that are possibly of biggest interest are found here:
 
-  - [SwarselSystems.org](../SwarselSystems.org)
-  - [flake.nix](../flake.nix)
-  - [early-init.el](../files/emacs/early-init.el)
-  - [init.el](../files/emacs/init.el)
+- [SwarselSystems.org](../SwarselSystems.org)
+- [flake.nix](../flake.nix)
+- [early-init.el](../files/emacs/early-init.el)
+- [init.el](../files/emacs/init.el)
 
 
-  ### Getting started
+### Getting started
 
-  #### Demo configuration
+#### Demo configuration
 
-  <details>
-    <summary>Click here for instructions on how to install the demo system</summary>
+<details>
+  <summary>Click here for instructions on how to install the demo system</summary>
 
-  If you just want to see if this configuration is for you, run this command on any system that has `nix` installed:
+If you just want to see if this configuration is for you, run this command on any system that has `nix` installed:
 
-  ``` shell
-  nix run --experimental-features 'nix-command flakes' github:Swarsel/.dotfiles#swarsel-rebuild -- -u <YOUR_USERNAME>
-  ```
+``` shell
+nix run --experimental-features 'nix-command flakes' github:Swarsel/.dotfiles#swarsel-rebuild -- -u <YOUR_USERNAME>
+```
 
-  This will activate the `chaostheatre` configuration on your system, which is a de-facto mirror of my main configuration with secret-based settings removed.
-  Please keep in mind that this limited installer will make local changes to the cloned repository in order to be able to install it (otherwise the builder would fail at fetching my private secrets repository). As such, this should only be used to evaluate the system - if you want to use it longterm, you will need to create a fork and make some changes.
-  </details>
+This will activate the `chaostheatre` configuration on your system, which is a de-facto mirror of my main configuration with secret-based settings removed.
+Please keep in mind that this limited installer will make local changes to the cloned repository in order to be able to install it (otherwise the builder would fail at fetching my private secrets repository). As such, this should only be used to evaluate the system - if you want to use it longterm, you will need to create a fork and make some changes.
+</details>
 
-  ### Deployment
+### Deployment
 
-  <details>
-    <summary>Click here for deployment instructions</summary>
+<details>
+  <summary>Click here for deployment instructions</summary>
 
-  The deployment process for this configuration is mostly automated, there are only a few steps that are needed to be done manually. You can choose between a remote deployment strategy that is also able to deploy new age keys for sops for you and a local installer that will only install the system without any secret handling.
+The deployment process for this configuration is mostly automated, there are only a few steps that are needed to be done manually. You can choose between a remote deployment strategy that is also able to deploy new age keys for sops for you and a local installer that will only install the system without any secret handling.
 
-  #### Remote deployment (recommended if you have at least one running system)
+#### Remote deployment (recommended if you have at least one running system)
 
-  0) Fork this repo, and write your own host config at `hosts/nixos/<YOUR_CONFIG_NAME>/default.nix` (you can use one of the other configurations as a template. Also see https://github.com/Swarsel/.dotfiles/tree/main/modules for a list of all additional options). At the very least, you should replace the `secrets/` directory with your own secrets and replace the SSH public keys with your own ones (otherwise I will come visit you!πŸ”“β€οΈ). I personally recommend to use the literate configuration and `org-babel-tangle-file` in Emacs, but you can also simply edit the separate `.nix` files.
-  1) Have a system with `nix` available booted (this does not need to be installed, i.e. you can use a NixOS installer image; a custom minimal installer ISO can be built by running `just iso` in the root of this repo)
-  2) Make sure that your Yubikey is plugged in or that you have your SSH key available (and configured)
-  3) Run `swarsel-bootstrap -n <CONFIGURATION_NAME> -d <TARGET_IP>` on your existing system.
-    - Alternatively (if you run this on a system that is not yet running this configuration), you can also run `nix run --experimental-features 'nix-command flakes' github:Swarsel/.dotfiles -- -n <CONFIGURATION_NAME> -d <TARGET_IP>` (this runs the same program as the command above).
-  4) Follow the installers instructions:
-    - you will have to choose a disk encryption password (if you want that feature)
-    - you will have to confirm once that the target system has rebooted
-    - you will have to enter the root password once during the final system install
-  5) That should be it! The installer will take care of setting up disks, secrets, and the rest of the hardware configuration! You will still have to sign in manually to some webservices etc.
+0) Fork this repo, and write your own host config at `hosts/nixos/<YOUR_CONFIG_NAME>/default.nix` (you can use one of the other configurations as a template. Also see https://github.com/Swarsel/.dotfiles/tree/main/modules for a list of all additional options). At the very least, you should replace the `secrets/` directory with your own secrets and replace the SSH public keys with your own ones (otherwise I will come visit you!πŸ”“β€οΈ). I personally recommend to use the literate configuration and `org-babel-tangle-file` in Emacs, but you can also simply edit the separate `.nix` files.
+1) Have a system with `nix` available booted (this does not need to be installed, i.e. you can use a NixOS installer image; a custom minimal installer ISO can be built by running `just iso` in the root of this repo)
+2) Make sure that your Yubikey is plugged in or that you have your SSH key available (and configured)
+3) Run `swarsel-bootstrap -n <CONFIGURATION_NAME> -d <TARGET_IP>` on your existing system.
+  - Alternatively (if you run this on a system that is not yet running this configuration), you can also run `nix run --experimental-features 'nix-command flakes' github:Swarsel/.dotfiles -- -n <CONFIGURATION_NAME> -d <TARGET_IP>` (this runs the same program as the command above).
+4) Follow the installers instructions:
+  - you will have to choose a disk encryption password (if you want that feature)
+  - you will have to confirm once that the target system has rebooted
+  - you will have to enter the root password once during the final system install
+5) That should be it! The installer will take care of setting up disks, secrets, and the rest of the hardware configuration! You will still have to sign in manually to some webservices etc.
 
-  #### Local deployment (recommended for setting up the first system)
+#### Local deployment (recommended for setting up the first system)
 
-  1) Boot the latest install ISO from this repository on an UEFI system.
-  2) Run `swarsel-install -n <CONFIGURATION_NAME>`
-  3) Reboot
+1) Boot the latest install ISO from this repository on an UEFI system.
+2) Run `swarsel-install -n <CONFIGURATION_NAME>`
+3) Reboot
 
-  Alternatively, to install this from any NixOS live ISO, run `nix run --experimental-features 'nix-command flakes' github:Swarsel/.dotfiles#install -- -n <CONFIGURATION_NAME>` at step 2.
-  </details>
+Alternatively, to install this from any NixOS live ISO, run `nix run --experimental-features 'nix-command flakes' github:Swarsel/.dotfiles#install -- -n <CONFIGURATION_NAME>` at step 2.
+</details>
 
-  ## Infrastructure
+## Infrastructure
 
-  <details>
-    <summary>Click here for a summary of my infrastructure</summary>
+<details>
+  <summary>Click here for a summary of my infrastructure</summary>
 
-<img width="2202" height="2947" alt="topology" src="https://github.com/user-attachments/assets/0eb37288-47a8-40e3-9211-648eee0ed408" />
+### Programs
 
-  ### Programs
+| Topic         | Program                         |
+|---------------|---------------------------------|
+|🐚 **Shell**   | [zsh](https://github.com/Swarsel/.dotfiles/tree/main/modules/home/common/zsh.nix)                            |
+|πŸšͺ **DM**      | [greetd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/common/login.nix)                         |
+|πŸͺŸ **WM**      | [SwayFX](https://github.com/Swarsel/.dotfiles/tree/main/modules/home/common/sway.nix)                         |
+|⛩️ **Bar**     | [Waybar](https://github.com/Swarsel/.dotfiles/tree/main/modules/home/common/waybar.nix)                         |
+|βœ’οΈ **Editor**  | [Emacs](https://github.com/Swarsel/.dotfiles/tree/main/files/emacs/init.el)                          |
+|πŸ–₯️ **Terminal**| [Kitty](https://github.com/Swarsel/.dotfiles/tree/main/modules/home/common/kitty.nix)                          |
+|πŸš€ **Launcher**| [Fuzzel](https://github.com/Swarsel/.dotfiles/tree/main/modules/home/common/fuzzel.nix)                         |
+|🚨 **Alerts**  | [Mako](https://github.com/Swarsel/.dotfiles/tree/main/modules/home/common/mako.nix)                           |
+|🌐 **Browser** | [Firefox](https://github.com/Swarsel/.dotfiles/tree/main/modules/home/common/zsh.nix)                        |
+|🎨 **Theme**   | [City-Lights (managed by stylix)](https://github.com/Swarsel/.dotfiles/tree/main/modules/home/common/sharedsetup.nix)|
 
-  | Topic         | Program                         |
-  |---------------|---------------------------------|
-  |🐚 **Shell**   | [zsh](https://github.com/Swarsel/.dotfiles/tree/main/modules/home/common/zsh.nix)                            |
-  |πŸšͺ **DM**      | [greetd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/common/login.nix)                         |
-  |πŸͺŸ **WM**      | [SwayFX](https://github.com/Swarsel/.dotfiles/tree/main/modules/home/common/sway.nix)                         |
-  |⛩️ **Bar**     | [Waybar](https://github.com/Swarsel/.dotfiles/tree/main/modules/home/common/waybar.nix)                         |
-  |βœ’οΈ **Editor**  | [Emacs](https://github.com/Swarsel/.dotfiles/tree/main/files/emacs/init.el)                          |
-  |πŸ–₯️ **Terminal**| [Kitty](https://github.com/Swarsel/.dotfiles/tree/main/modules/home/common/kitty.nix)                          |
-  |πŸš€ **Launcher**| [Fuzzel](https://github.com/Swarsel/.dotfiles/tree/main/modules/home/common/fuzzel.nix)                         |
-  |🚨 **Alerts**  | [Mako](https://github.com/Swarsel/.dotfiles/tree/main/modules/home/common/mako.nix)                           |
-  |🌐 **Browser** | [Firefox](https://github.com/Swarsel/.dotfiles/tree/main/modules/home/common/zsh.nix)                        |
-  |🎨 **Theme**   | [City-Lights (managed by stylix)](https://github.com/Swarsel/.dotfiles/tree/main/modules/home/common/sharedsetup.nix)|
+### Services
 
-  ### Services
+| Topic                 | Program                         |
+|-----------------------|---------------------------------|
+|πŸ“– **Books**           |  [Kavita](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kavita.nix)                         |
+|πŸ“Ό **Videos**          | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix)                       |
+|🎡 **Music**           | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) +  [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) +  [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix)  |
+|πŸ—¨οΈ **Messaging**       | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix)                         |
+|πŸ“ **Filesharing**     | [Nectcloud](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nextcloud.nix)                      |
+|πŸ“· **Photos**          | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix)                         |
+|πŸ“„ **Documents**       | [Paperless](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/paperless.nix)                      |
+|πŸ”„ **File Sync**       | [Syncthing](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/syncthing.nix)                      |
+|πŸ’Ύ **Backups**         | [Restic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/restic.nix)                         |
+|πŸ‘οΈ **Monitoring**      | [Grafana](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/monitoring.nix)                        |
+|🍴 **RSS**             | [FreshRss](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/freshrss.nix)                       |
+|🌳 **Git**             | [Forgejo](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/forgejo.nix)                        |
+|βš“ **Anki Sync**       | [Anki Sync Server](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/ankisync.nix)               |
+|πŸͺͺ **SSO**             | [Kanidm](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kanidm.nix) + [oauth2-proxy](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/oauth2-proxy.nix)          |
+|πŸ’Έ **Finance**         | [Firefly-III](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/firefly-iii.nix)                    |
+|πŸƒ **Collections**     | [Koillection](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/koillection.nix)                    |
+|πŸ—ƒοΈ **Shell History**   | [Atuin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/atuin.nix)                          |
+|πŸ“… **CalDav/CardDav**  | [Radicale](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/radicale.nix)                       |
+|↔️ **P2P Filesharing** | [Croc](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/croc.nix)                           |
+|βœ‚οΈ **Paste Tool**      | [Microbin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/microbin.nix)                       |
+|πŸ”— **Link Shortener**  | [Shlink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/shlink.nix)                          |
 
-  | Topic                 | Program                                                                                                             |
-  |-----------------------|---------------------------------------------------------------------------------------------------------------------|
-  |πŸ“– **Books**           |  [Kavita](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kavita.nix)                           |
-  |πŸ“Ό **Videos**          | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix)                        |
-  |🎡 **Music**           | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) +  [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) +  [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix)                                                              |
-  |πŸ—¨οΈ **Messaging**       | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix)                            |
-  |πŸ“ **Filesharing**     | [Nectcloud](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nextcloud.nix)                      |
-  |🎞️ **Photos**          | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix)                            |
-  |πŸ“„ **Documents**       | [Paperless](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/paperless.nix)                      |
-  |πŸ”„ **File Sync**       | [Syncthing](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/syncthing.nix)                      |
-  |πŸ’Ύ **Backups**         | [Restic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/restic.nix)                            |
-  |πŸ‘οΈ **Monitoring**      | [Grafana](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/monitoring.nix)                       |
-  |🍴 **RSS**             | [FreshRss](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/freshrss.nix)                        |
-  |🌳 **Git**             | [Forgejo](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/forgejo.nix)                          |
-  |βš“ **Anki Sync**       | [Anki Sync Server](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/ankisync.nix)                |
-  |πŸͺͺ **SSO**             | [Kanidm](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kanidm.nix) + [oauth2-proxy](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/oauth2-proxy.nix)                                            |
-  |πŸ’Έ **Finance**         | [Firefly-III](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/firefly-iii.nix)                  |
-  |πŸƒ **Collections**     | [Koillection](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/koillection.nix)                  |
-  |πŸ—ƒοΈ **Shell History**   | [Atuin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/atuin.nix)                              |
-  |πŸ“… **CalDav/CardDav**  | [Radicale](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/radicale.nix)                        |
-  |↔️ **P2P Filesharing** | [Croc](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/croc.nix)                                |
-  |βœ‚οΈ **Paste Tool**      | [Microbin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/microbin.nix)                        |
-  |πŸ“Έ **Image Sharing**   | [Slink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/slink.nix)                              |
-  |πŸ”— **Link Shortener**  | [Shlink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/shlink.nix)                            |
+### Hosts
 
-  ### Hosts
+| Name               | Hardware                                            | Use                                                  |
+|--------------------|-----------------------------------------------------|------------------------------------------------------|
+|πŸ’» **pyramid**      | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop                                          |
+|πŸ’» **bakery**       | Lenovo Ideapad 720S-13IKB                           | Personal lapto                                       |
+|πŸ’» **machpizza**    | MacBook Pro 2016                                    | MacOS sandbox                                        |
+|πŸ–₯️ **winters**      | ASRock J4105-ITX, 32GB RAM                          | Main homeserver and data storgae                     |
+|πŸ–₯️ **milkywell**    | Oracle Cloud: VM.Standard.E2.1.Micro                | Server for lightweight synchronization tasks         |
+|πŸ–₯️ **moonside**     | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services  |
+|πŸ“± **magicant**     | Samsung Galaxy Z Flip 6                             | Phone                                                |
+|πŸ’Ώ **drugstore**    | -                                                   | ISO installer configuration                          |
+|❔ **chaotheatre**  | -                                                   | Demo config for checking out my configurtion         |
+|❔ **toto**         | -                                                   | Helper configuration for bootstrapping a new system  |
+|🏠 **treehouse**    | -                                                   | Reference configuration for a home-manager only host |
+</details>
 
-  | Name               | Hardware                                            | Use                                                  |
-  |--------------------|-----------------------------------------------------|------------------------------------------------------|
-  |πŸ’» **pyramid**      | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop                                          |
-  |πŸ’» **bakery**       | Lenovo Ideapad 720S-13IKB                           | Personal lapto                                       |
-  |πŸ’» **machpizza**    | MacBook Pro 2016                                    | MacOS sandbox                                        |
-  |πŸ–₯️ **winters**      | ASRock J4105-ITX, 32GB RAM                          | Main homeserver and data storgae                     |
-  |πŸ–₯️ **milkywell**    | Oracle Cloud: VM.Standard.E2.1.Micro                | Server for lightweight synchronization tasks         |
-  |πŸ–₯️ **moonside**     | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services  |
-  |πŸ“± **magicant**     | Samsung Galaxy Z Flip 6                             | Phone                                                |
-  |πŸ’Ώ **drugstore**    | -                                                   | ISO installer configuration                          |
-  |❔ **chaotheatre**  | -                                                   | Demo config for checking out my configurtion         |
-  |❔ **toto**         | -                                                   | Helper configuration for bootstrapping a new system  |
-  |🏠 **treehouse**    | -                                                   | Reference configuration for a home-manager only host |
-  </details>
+## General Nix tips & useful links
 
-  ## General Nix tips & useful links
+<details>
+  <summary>Click here for a summary of nix tips & links</summary>
 
-  <details>
-    <summary>Click here for a summary of nix tips & links</summary>
+- Below is a small list of tips that should be helpful if you are new to the nix ecosystem:
 
-  - Below is a small list of tips that should be helpful if you are new to the nix ecosystem:
+  - Temporarily install any package using `nix shell nixpkgs#<PACKAGE_NAME>` - this can be e.g. useful if you accidentally removed home-manager from your packages on a non-NixOS machine. Alternatively, use [comma](https://github.com/nix-community/comma)
+    - More info on `nix [...]` commands: https://nixos.org/manual/nix/stable/command-ref/new-cli/nix
+  - When you are trying to setup a new configuration part, [GitHub code search](https://github.com/search?q=language%3ANix&type=code) can really help you to find a working configuration. Just filter for `.nix` files and the options you are trying to set up.
+  - getting packages at a different version than your target (or not packaged at all) can be done in most cases easily with fetchFromGithub (https://ryantm.github.io/nixpkgs/builders/fetchers/)
+  - you can easily install old revisions of packages using https://lazamar.co.uk/nix-versions/. You can conveniently spawn a shell with a chosen package available using `vershell <NIXPKGS_REVISION> <PACKAGE>`. Just make sure to pick a revision that has flakes enabled, otherwise you will need the legacy way of spawning the shell (see the link for more info)
 
-    - Temporarily install any package using `nix shell nixpkgs#<PACKAGE_NAME>` - this can be e.g. useful if you accidentally removed home-manager from your packages on a non-NixOS machine. Alternatively, use [comma](https://github.com/nix-community/comma)
-      - More info on `nix [...]` commands: https://nixos.org/manual/nix/stable/command-ref/new-cli/nix
-    - When you are trying to setup a new configuration part, [GitHub code search](https://github.com/search?q=language%3ANix&type=code) can really help you to find a working configuration. Just filter for `.nix` files and the options you are trying to set up.
-    - getting packages at a different version than your target (or not packaged at all) can be done in most cases easily with fetchFromGithub (https://ryantm.github.io/nixpkgs/builders/fetchers/)
-    - you can easily install old revisions of packages using https://lazamar.co.uk/nix-versions/. You can conveniently spawn a shell with a chosen package available using `vershell <NIXPKGS_REVISION> <PACKAGE>`. Just make sure to pick a revision that has flakes enabled, otherwise you will need the legacy way of spawning the shell (see the link for more info)
+- These links are your best friends:
+  - The nix documentation: https://nix.dev/
+  - The nixpkgs reference manual: https://nixos.org/manual/nixpkgs/unstable/#buildpythonapplication-function
+    - the [nixpkgs repository](https://github.com/NixOS/nixpkgs) - especially useful to look at the various READMEs that are in various places in the repository (find using GitHub code search) as well as the [issues](https://github.com/Swarsel/.dotfiles/issues) and [PRs](https://github.com/Swarsel/.dotfiles/pulls) pages
+    - and the [nixpkgs Pull Request Tracker](https://nixpk.gs/pr-tracker.html)
+  - The NixOS manual: https://nixos.org/manual/nixos/stable/
+  - The NixOS package search: https://search.nixos.org/packages
+    - and the nix package version search: https://lazamar.co.uk/nix-versions/
+  - The NixOS option search https://search.nixos.org/options
+  - [mipmip](https://github.com/mipmip)'s home-manager option search: https://mipmip.github.io/home-manager-option-search/
+  - [Alan Pearce](https://alanpearce.eu/)'s nix-darwin search: https://searchix.alanpearce.eu/options/darwin/search (which supports all of the other versions as well :o)
+  - For the above, you can use the CLI tool [manix](https://github.com/mlvzk/manix)
+  - Nix function search: https://noogle.dev/
+  - Search for nix-community options: https://search.nΓΌschtos.de/
+- But that is not all:
+  - Some nix resources
+    - A tour of Nix: https://nixcloud.io/tour/
+    - The Nix One Pager: https://github.com/tazjin/nix-1p
+    - another one page introduction: https://learnxinyminutes.com/nix/
+    - a very short introduction to Nix features: https://zaynetro.com/explainix
+    - introductory nix article: https://medium.com/@MrJamesFisher/nix-by-example-a0063a1a4c55
+    - and another one: https://web.archive.org/web/20210121042658/https://ebzzry.io/en/nix/#nix
+    - How to learn nix: https://ianthehenry.com/posts/how-to-learn-nix/
+    - the Nix Cookbook: https://github.com/functionalops/nix-cookbook?tab=readme-ov-file
+    - and the Nix Pills: https://nixos.org/guides/nix-pills/
+  - Some resources on flakes
+    - Why to use flakes and introduction to flakes: https://www.tweag.io/blog/2020-05-25-flakes/
+    - The [NixOS & Flakes Book](https://nixos-and-flakes.thiscute.world/)
+    - and [Wombat's book](https://mhwombat.codeberg.page/nix-book/)
+    - or the [Zero to Nix series](https://zero-to-nix.com/)
+    - Practical nix flakes article: https://serokell.io/blog/practical-nix-flakes
+  - A bit on Overlays:
+    - Overview on overlays: [Mastering Nixpkgs overlays article](https://nixcademy.com/posts/mastering-nixpkgs-overlays-techniques-and-best-practice/)
+    - Some examples on best practises: [Do's and Don'ts of overlays](https://flyingcircus.io/news/detailsansicht/nixos-the-dos-and-donts-of-nixpkgs-overlays)
+    - Blog article about overrides: https://bobvanderlinden.me/customizing-packages-in-nix/#using-modified-packages
+  - Also useful is the [official NixOS Wiki](https://wiki.nixos.org/wiki/NixOS_Wiki)
+    - there is also the [unofficial NixOS Wiki](https://nixos.wiki/) that tends to be a bit outdated, use with care
+- Some resources for specific nix tools:
+  - Flake output reference: https://nixos-and-flakes.thiscute.world/other-usage-of-flakes/outputs
+  - You can find public repositories with modules at https://nur.nix-community.org/ (you should check what you are installing however):
+    - I like to use this for rycee's firefox extensions: https://nur.nix-community.org/repos/rycee/
+  - List of nerdfonts: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/data/fonts/nerd-fonts/manifests/fonts.json
+  - Stylix configuration options: https://danth.github.io/stylix/
+  - nix-on-droid options: https://nix-community.github.io/nix-on-droid/nix-on-droid-options.html#sec-options
+- Very useful tools that are mostly not directly used in configuration but instead called on need:
+  - Convert non-NixOS machines to NixOS using [nixos-infect](https://github.com/elitak/nixos-infect)
+  - Create various installation media with [nixos-generators](https://github.com/nix-community/nixos-generators)
+  - Remotely deploy NixOS using [nixos-anywhere](https://github.com/nix-community/nixos-anywhere)
+- And a few links that are not directly nix-related, but may still serve you well:
+  - List of pre-commit-hooks: https://devenv.sh/reference/options/#pre-commithooks
+  - Waybar configuration: https://github.com/Alexays/Waybar/wiki
+</details>
 
-  - These links are your best friends:
-    - The nix documentation: https://nix.dev/
-    - The nixpkgs reference manual: https://nixos.org/manual/nixpkgs/unstable/#buildpythonapplication-function
-      - the [nixpkgs repository](https://github.com/NixOS/nixpkgs) - especially useful to look at the various READMEs that are in various places in the repository (find using GitHub code search) as well as the [issues](https://github.com/Swarsel/.dotfiles/issues) and [PRs](https://github.com/Swarsel/.dotfiles/pulls) pages
-      - and the [nixpkgs Pull Request Tracker](https://nixpk.gs/pr-tracker.html)
-    - The NixOS manual: https://nixos.org/manual/nixos/stable/
-    - The NixOS package search: https://search.nixos.org/packages
-      - and the nix package version search: https://lazamar.co.uk/nix-versions/
-    - The NixOS option search https://search.nixos.org/options
-    - [mipmip](https://github.com/mipmip)'s home-manager option search: https://mipmip.github.io/home-manager-option-search/
-    - [Alan Pearce](https://alanpearce.eu/)'s nix-darwin search: https://searchix.alanpearce.eu/options/darwin/search (which supports all of the other versions as well :o)
-    - For the above, you can use the CLI tool [manix](https://github.com/mlvzk/manix)
-    - Nix function search: https://noogle.dev/
-    - Search for nix-community options: https://search.nΓΌschtos.de/
-  - But that is not all:
-    - Some nix resources
-      - A tour of Nix: https://nixcloud.io/tour/
-      - The Nix One Pager: https://github.com/tazjin/nix-1p
-      - another one page introduction: https://learnxinyminutes.com/nix/
-      - a very short introduction to Nix features: https://zaynetro.com/explainix
-      - introductory nix article: https://medium.com/@MrJamesFisher/nix-by-example-a0063a1a4c55
-      - and another one: https://web.archive.org/web/20210121042658/https://ebzzry.io/en/nix/#nix
-      - How to learn nix: https://ianthehenry.com/posts/how-to-learn-nix/
-      - the Nix Cookbook: https://github.com/functionalops/nix-cookbook?tab=readme-ov-file
-      - and the Nix Pills: https://nixos.org/guides/nix-pills/
-    - Some resources on flakes
-      - Why to use flakes and introduction to flakes: https://www.tweag.io/blog/2020-05-25-flakes/
-      - The [NixOS & Flakes Book](https://nixos-and-flakes.thiscute.world/)
-      - and [Wombat's book](https://mhwombat.codeberg.page/nix-book/)
-      - or the [Zero to Nix series](https://zero-to-nix.com/)
-      - Practical nix flakes article: https://serokell.io/blog/practical-nix-flakes
-    - A bit on Overlays:
-      - Overview on overlays: [Mastering Nixpkgs overlays article](https://nixcademy.com/posts/mastering-nixpkgs-overlays-techniques-and-best-practice/)
-      - Some examples on best practises: [Do's and Don'ts of overlays](https://flyingcircus.io/news/detailsansicht/nixos-the-dos-and-donts-of-nixpkgs-overlays)
-      - Blog article about overrides: https://bobvanderlinden.me/customizing-packages-in-nix/#using-modified-packages
-    - Also useful is the [official NixOS Wiki](https://wiki.nixos.org/wiki/NixOS_Wiki)
-      - there is also the [unofficial NixOS Wiki](https://nixos.wiki/) that tends to be a bit outdated, use with care
-  - Some resources for specific nix tools:
-    - Flake output reference: https://nixos-and-flakes.thiscute.world/other-usage-of-flakes/outputs
-    - You can find public repositories with modules at https://nur.nix-community.org/ (you should check what you are installing however):
-      - I like to use this for rycee's firefox extensions: https://nur.nix-community.org/repos/rycee/
-    - List of nerdfonts: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/data/fonts/nerd-fonts/manifests/fonts.json
-    - Stylix configuration options: https://danth.github.io/stylix/
-    - nix-on-droid options: https://nix-community.github.io/nix-on-droid/nix-on-droid-options.html#sec-options
-  - Very useful tools that are mostly not directly used in configuration but instead called on need:
-    - Convert non-NixOS machines to NixOS using [nixos-infect](https://github.com/elitak/nixos-infect)
-    - Create various installation media with [nixos-generators](https://github.com/nix-community/nixos-generators)
-    - Remotely deploy NixOS using [nixos-anywhere](https://github.com/nix-community/nixos-anywhere)
-  - And a few links that are not directly nix-related, but may still serve you well:
-    - List of pre-commit-hooks: https://devenv.sh/reference/options/#pre-commithooks
-    - Waybar configuration: https://github.com/Alexays/Waybar/wiki
-  </details>
+## Attributions, Acknowledgements, Inspirations, etc.
 
-  ## Attributions, Acknowledgements, Inspirations, etc.
+These are in random order (also known as 'the order in which I discovered them'). I would like to express my gratitude to:
 
-  These are in random order (also known as 'the order in which I discovered them'). I would like to express my gratitude to:
+- All the great people who have contributed code for the nix-community, with special mentions for (this list is unfairly incomplete):
+<details>
+  <summary>Click here to expand...</summary>
 
-  - All the great people who have contributed code for the nix-community, with special mentions for (this list is unfairly incomplete):
-  <details>
-    <summary>Click here to expand...</summary>
+  - [guibou](https://github.com/guibou/)
+  - [rycee](https://github.com/rycee)
+  - [adisbladis](https://github.com/adisbladis)
+  - [Mic92](https://github.com/Mic92/sops-nix)
+  - [lassulus](https://github.com/lassulus)
+  - [danth](https://github.com/danth/)
+  - [LnL7](https://github.com/LnL7)
+  - [t184256](https://github.com/t184256)
+  - [bennofs](https://github.com/bennofs)
+  - [Pandapip1](https://github.com/Pandapip1)
+  - [zowoq](https://github.com/zowoq)
+  - [numtide](https://github.com/numtide)
+  - [hsjobeki](https://github.com/hsjobeki)
+  - [blitz](https://github.com/blitz)
+  - [RaitoBezarius](https://github.com/RaitoBezarius)
+  - [nikstur](https://github.com/nikstur)
+  - [talyz](https://github.com/talyz)
+  - [infinisil](https://github.com/infinisil)
+  - [zhaofengli](https://github.com/zhaofengli)
+  - [Artturin](https://github.com/Artturin)
+  - [oddlama](https://github.com/oddlama)
+</details>
 
-    - [guibou](https://github.com/guibou/)
-    - [rycee](https://github.com/rycee)
-    - [adisbladis](https://github.com/adisbladis)
-    - [Mic92](https://github.com/Mic92/sops-nix)
-    - [lassulus](https://github.com/lassulus)
-    - [danth](https://github.com/danth/)
-    - [LnL7](https://github.com/LnL7)
-    - [t184256](https://github.com/t184256)
-    - [bennofs](https://github.com/bennofs)
-    - [Pandapip1](https://github.com/Pandapip1)
-    - [zowoq](https://github.com/zowoq)
-    - [numtide](https://github.com/numtide)
-    - [hsjobeki](https://github.com/hsjobeki)
-    - [blitz](https://github.com/blitz)
-    - [RaitoBezarius](https://github.com/RaitoBezarius)
-    - [nikstur](https://github.com/nikstur)
-    - [talyz](https://github.com/talyz)
-    - [infinisil](https://github.com/infinisil)
-    - [zhaofengli](https://github.com/zhaofengli)
-    - [Artturin](https://github.com/Artturin)
-    - [oddlama](https://github.com/oddlama)
-  </details>
+- All the people who have inspired me with their configurations (sadly also highly incomplete):
+<details>
+  <summary>Click here to expand...</summary>
 
-  - All the people who have inspired me with their configurations (sadly also highly incomplete):
-  <details>
-    <summary>Click here to expand...</summary>
+  - [theSuess](https://github.com/theSuess) with their [home-manager](https://code.kulupu.party/thesuess/home-manager)
+  - [hlissner](https://github.com/hlissner) with their [dotfiles](https://github.com/hlissner/dotfiles)
+  - [drduh](https://github.com/drduh/YubiKey-Guide) with their [YubiKey-Guide](https://github.com/drduh/YubiKey-Guide)
+  - [AntonHakansson](https://github.com/AntonHakansson) with their [nixos-config](https://github.com/AntonHakansson/nixos-config?tab=readme-ov-file)
+  - [Guekka](https://github.com/Guekka/) with their [blog](https://guekka.github.io/)
+  - [NotAShelf](https://github.com/NotAShelf) with their [nyx](https://github.com/NotAShelf/nyx)
+  - [Misterio77](https://github.com/Misterio77) with their [nix-config](https://github.com/Misterio77/nix-config)
+  - [0xdade](https://github.com/0xdade) with their [blog](https://0xda.de/blog/)
+  - [EmergentMind](https://github.com/EmergentMind) with their [nix-config](https://github.com/EmergentMind/nix-config)
+  - [librephoenix](https://github.com/librephoenix) with their [nixos-config](https://github.com/librephoenix/nixos-config)
+  - [Xe](https://github.com/Xe) with their [blog](https://xeiaso.net/blog/)
+  - [oddlama](https://github.com/oddlama) with their absolutely incredible [nix-config](https:/github.com/oddlama/nix-config)
+</details>
 
-    - [theSuess](https://github.com/theSuess) with their [home-manager](https://code.kulupu.party/thesuess/home-manager)
-    - [hlissner](https://github.com/hlissner) with their [dotfiles](https://github.com/hlissner/dotfiles)
-    - [drduh](https://github.com/drduh/YubiKey-Guide) with their [YubiKey-Guide](https://github.com/drduh/YubiKey-Guide)
-    - [AntonHakansson](https://github.com/AntonHakansson) with their [nixos-config](https://github.com/AntonHakansson/nixos-config?tab=readme-ov-file)
-    - [Guekka](https://github.com/Guekka/) with their [blog](https://guekka.github.io/)
-    - [NotAShelf](https://github.com/NotAShelf) with their [nyx](https://github.com/NotAShelf/nyx)
-    - [Misterio77](https://github.com/Misterio77) with their [nix-config](https://github.com/Misterio77/nix-config)
-    - [0xdade](https://github.com/0xdade) with their [blog](https://0xda.de/blog/)
-    - [EmergentMind](https://github.com/EmergentMind) with their [nix-config](https://github.com/EmergentMind/nix-config)
-    - [librephoenix](https://github.com/librephoenix) with their [nixos-config](https://github.com/librephoenix/nixos-config)
-    - [Xe](https://github.com/Xe) with their [blog](https://xeiaso.net/blog/)
-    - [oddlama](https://github.com/oddlama) with their absolutely incredible [nix-config](https:/github.com/oddlama/nix-config)
-  </details>
-
-  If you feel that I forgot to pay you tribute for code that I used in this repository, please shoot me a message and I will fix it :)
+If you feel that I forgot to pay you tribute for code that I used in this repository, please shoot me a message and I will fix it :)
 
 
 
    
@@ -24950,328 +24493,10 @@ Here lies defined the readme for GitHub and Forgejo:
 
    
 
    
 
    
-
    
-
    7. Appendix C: Explanations to nix functions and operators
    
-
    
-
    
-This sections explains commonly used functions in nix (both builtins as well as in the nixpkgs library).
-
    
-
    
-    
-
    
-
    7.2. builtins.listToAttrs
    
-
    
-
    
-builtins.listToAttrs converts a list of name-value pairs into an attribute set.
-
    
-
-
    
-
    swarsel-instantiate 'builtins.listToAttrs [{ name = "foo"; value = 1; } { name = "bar"; value = 2; }]'
-
    
-
    
-
-
    -{ bar = 2; foo = 1; }
-
    
-
    
-
    
-
    
-
    7.3. builtins.readDir
    
-
    
-
    
-builtins.readDir reads the name of items of a directory as attributes and their type as values.
-
    
-
-
    
-
    swarsel-instantiate 'builtins.readDir ./hosts/nixos'
-
    
-
    
-
-
    -{ bakery = "directory"; chaostheatre = "directory"; milkywell = "directory"; moonside = "directory"; pyramid = "directory"; sync = "directory"; toto = "directory"; winters = "directory"; }
-
    
-
    
-
    
-
    
-
    7.4. nixpkgs.lib.recursiveUpdate
    
-
    
-
    
-If you want to merge nested attribute sets, use nixpkgs.lib.recursiveUpdate instead of The '//' operator:
-
    
-
-
    
-
    swarsel-instantiate 'lib.recursiveUpdate { a = { a1 = 1; a2 = 2; }; b = { b1 = 1; b2 = 2; }; } { b = { b1 = 3; b3 = 4;}; c = 4; }'
-
    
-
    
-
-
    -{ a = { a1 = 1; a2 = 2; }; b = { b1 = 3; b2 = 2; b3 = 4; }; c = 4; }
-
    
-
    
-
    
-
    
-
    7.5. nixpkgs.lib.genAttrs
    
-
    
-
    
-nixpkgs.lib.genAttrs is used to generate an attribute set (a dictionary-like structure) from a list of keys and a function that computes the values for those keys.
-
    
-
-
    
-
    swarsel-instantiate 'lib.genAttrs ["a" "b" "c"] (x: "${x}-value")'
-
    
-
    
-
-
    -{ a = "a-value"; b = "b-value"; c = "c-value"; }
-
    
-
    
-
    
-
    
-
    7.6. nixpkgs.lib.attrNames
    
-
    
-
    
-nixpkgs.lib.attrNames returns the list of attribute names from an attribute set.
-
    
-
-
    
-
    swarsel-instantiate 'lib.attrNames { a = 1; b = 2; c = 3; }'
-
    
-
    
-
-
    -[ "a" "b" "c" ]
-
    
-
    
-
    
-
    
-
    7.7. nixpkgs.lib.map
    
-
    
-
    
-nixpkgs.lib.map takes a function and applies the elements of a list upon them.
-
    
-
-
    
-
    swarsel-instantiate 'lib.map (x: x + 1) [1 2 3]'
-
    
-
    
-
-
    -[ 2 3 4 ]
-
    
-
    
-
    
-
    
-
    7.8. nixpkgs.lib.mkOverride
    
-
    
-
    
-nixpkgs.lib.mkOverride sets the priority of an expression.
-
    
-
-
    
-If two expression are defined twice accross the configuration, the evaluator does not know which one should take precedence; this will lead to an error. By default, all option definitions are given priority 100. Lower values take precedence over lower values. For reference, here are some commonly used values:
-
    
-
-
      
-
    • nixpkgs.lib.mkForce sets the priority to 50, which is a very low value, meaning it will be prioritised in nearly all cases
      • 
-
    • nixpkgs.lib.mkDefault sets the priority to 1000, which is a quite high value that will almost never be used if the same attribute is defined elswheer.
      • 
-
    
-
    
-
    
-
    
-
    7.9. nixpkgs.lib.mkForce
    
-
    
-
    
-An alias for (nixpkgs.lib.mkOverride 50).
-
    
-
    
-
    
-
    
-
    7.10. nixpkgs.lib.mkDefault
    
-
    
-
    
-An alias for (nixpkgs.lib.mkOverride 1000).
-
    
-
    
-
    
-
    
-
    7.11. nixpkgs.lib.filter
    
-
    
-
    
-nixpkgs.lib.filter takes a list as input and only keeps elements that fulfill a given function:
-
    
-
-
    
-
    swarsel-instantiate 'lib.filter (x: x != "a") (lib.attrNames { a = 1; b = 2; c = 3; })'
-
    
-
    
-
-
    -[ "b" "c" ]
-
    
-
    
-
    
-
    
-
    7.12. nixpkgs.lib.mapAttrsToList
    
-
    
-
    
-nixpkgs.lib.mapAttrsToList converts an attribute set into a list by applying a given function to each name-value pair:
-
    
-
-
    
-
    swarsel-instantiate 'lib.mapAttrsToList (name: value: "${name} = ${value}") { a = "1"; b = "2"; }'
-
    
-
    
-
-
    -[ "a = 1" "b = 2" ]
-
    
-
    
-
    
-
    
-
    7.13. nixpkgs.lib.flip
    
-
    
-
      
-
    • nixpkgs.lib.flip reverses the argument order passed to an expression (in semantics, that is lib.flip f a b == f b a). This is useful when an expression has one big argument and one small one; in that case it is convenient to have the shorter expression at the start of the function. Take this example of a function that simply prints its attributes as a list:
      • 
-
    
-
-
    
-
    swarsel-instantiate 'lib.mapAttrsToList (name: value: "${name} = ${value}") {a = "1"; b = "2";}'
-
    
-
    
-
-
    -[ "a = 1" "b = 2" ]
-
    
-
-
-
    
-It prints the attributs unchanged, as is to be expected. If, however, we call the function using nixpkgs.lib.flip:
-
    
-
-
    
-
    swarsel-instantiate 'lib.mapAttrsToList (lib.flip (name: value: "${name} = ${value}")) {a = "1"; b = "2";}'
-
    
-
    
-
-
    -[ "1 = a" "2 = b" ]
-
    
-
    
-
    
-
    
-
    7.14. nixpkgs.lib.concatLists
    
-
    
-
    
-nixpkgs.lib.concatLists, as the name suggests, concatenates lists, while keeping the original order of items:
-
    
-
-
    
-
    swarsel-instantiate 'lib.concatLists  [ [ 1 2 ] [ 3 4 ] [ 5 ] ]'
-
    
-
    
-
-
    -[ 1 2 3 4 5 ]
-
    
-
    
-
    
-
    
-
    7.15. nixpkgs.lib.mkMerge
    
-
    
-
      
-
    • nixpgks.lib.mkMerge is used to deeply merge values.
      • 
-
    
-
-
    
-
    swarsel-instantiate '
-  lib.mkMerge [
-    {
-      a = [ 1 ];
-    }
-    {
-      a = [ 3 ];
-    }
-  ]
-'
-
    
-
    
-
-
    -{ _type = "merge"; contents = [ { a = [ 1 ]; } { a = [ 3 ]; } ]; }
-
    
-
    
-
    
-
    
-
    7.16. nixpkgs.lib.foldl
    
-
    
-
    
-nixpkgs.lib.foldl reduces an attribute set by repeatedly calling a function on an attribute set from the left.
-
    
-
-
    
-
    swarsel-instantiate 'lib.foldl (acc: x: "(" + acc + " + " + x + ")") "0" ["1" "2" "3"]'
-
    
-
    
-
-
    -(((0 + 1) + 2) + 3)
-
    
-
-
-
    
-similarly, there exists an version that starts from the right.
-
    
-
-
    
-
    swarsel-instantiate 'lib.foldr (acc: x: "(" + acc + " + " + x + ")") "0" ["1" "2" "3"]'
-
    
-
    
-
-
    -(1 + (2 + (3 + 0)))
-
    
-
    
-
    
-
    
 
    
 
    
 
    Author: Leon SchwarzΓ€ugl
    
-
    Created: 2025-08-05 Di 01:22
    
+
    Created: 2025-07-14 Mo 03:07
    
 
    Validate
    
 
    
 
diff --git a/modules/home/common/env.nix b/modules/home/common/env.nix
index a2604c5..db4d446 100644
--- a/modules/home/common/env.nix
+++ b/modules/home/common/env.nix
@@ -8,7 +8,7 @@ let
 in
 {
   options.swarselmodules.env = lib.mkEnableOption "env settings";
-  config = lib.mkIf config.swarselmodules.env {
+  config = z lib.mkIf config.swarselmodules.env {
     home.sessionVariables = {
       EDITOR = "e -w";
       DISPLAY = ":0";
diff --git a/modules/nixos/client/network.nix b/modules/nixos/client/network.nix
index 92d4c4f..8f7ffc3 100644
--- a/modules/nixos/client/network.nix
+++ b/modules/nixos/client/network.nix
@@ -49,7 +49,6 @@ in
     };
 
     networking = {
-      inherit (config.swarselsystems) hostName;
       wireless.iwd = {
         enable = true;
         settings = {
diff --git a/modules/nixos/optional/work.nix b/modules/nixos/optional/work.nix
index 5ac8a2c..402851c 100644
--- a/modules/nixos/optional/work.nix
+++ b/modules/nixos/optional/work.nix
@@ -1,4 +1,4 @@
-{ self, lib, pkgs, config, configName, ... }:
+{ self, lib, pkgs, config, ... }:
 let
   inherit (config.swarselsystems) mainUser homeDir xdgDir;
   iwd = config.networking.networkmanager.wifi.backend == "iwd";
@@ -29,7 +29,7 @@ in
   options.swarselsystems = {
     hostName = lib.mkOption {
       type = lib.types.str;
-      default = configName;
+      default = "";
     };
     fqdn = lib.mkOption {
       type = lib.types.str;