files/emacs/init.el

@@ -162,30 +162,16 @@ create a new one."
 (define-key minibuffer-local-filename-completion-map
             [C-backspace] #'up-directory)
 
-(declare-function consult--read "consult")
-
 (defun swarsel/consult-magit-repos ()
   (interactive)
   (require 'magit)
-  (let ((repos (magit-list-repos)))
+  (let* ((repos (magit-list-repos))
-    (unless repos
+         (repo  (consult--read repos
-      (user-error "No repositories found in `magit-repository-directories'"))
+                               :prompt "Magit repo: "
-    (let ((repo
+                               :require-match t
-           (if (or (fboundp 'consult--read)
+                               :history 'my/consult-magit-repos-history
-                   (require 'consult nil t))
+                               :sort t)))
-               (consult--read repos
+    (magit-status repo)))
-                              :prompt "Magit repo: "
-                              :require-match t
-                              :history 'my/consult-magit-repos-history
-                              :sort t)
-             (completing-read "Magit repo: "
-                              repos
-                              nil
-                              t
-                              nil
-                              'my/consult-magit-repos-history))))
-      (when (and repo (> (length repo) 0))
-        (magit-status repo)))))
 
 (defun swarsel/org-mode-setup ()
   (variable-pitch-mode 1)

flake.nix

@@ -28,9 +28,7 @@
     smallpkgs.url = "github:nixos/nixpkgs/08fcb0dcb59df0344652b38ea6326a2d8271baff?narHash=sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc%3D&shallow=1";
     nixpkgs-dev.url = "github:Swarsel/nixpkgs/main";
     nixpkgs-bisect.url = "github:nixos/nixpkgs/master";
-    nixpkgs-update.url = "github:r-ryantm/nixpkgs/auto-update/oauth2-proxy";
+    nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version
-    # nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version
-    nixpkgs-kernel.url = "github:nixos/nixpkgs/dd9b079222d43e1943b6ebd802f04fd959dc8e61?narHash=sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE%3D"; #specifically pinned for kernel version
     nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
     nixpkgs-oddlama.url = "github:oddlama/nixpkgs/update/firezone-server";
     nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05";
@@ -72,8 +70,7 @@
     systems.url = "github:nix-systems/default";
     nur.url = "github:nix-community/NUR";
     nixgl.url = "github:guibou/nixGL";
-    # stylix.url = "github:danth/stylix";
+    stylix.url = "github:danth/stylix";
-    stylix.url = "github:Swarsel/stylix";
     sops.url = "github:Mic92/sops-nix";
     lanzaboote.url = "github:nix-community/lanzaboote";
     nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05";
@@ -90,7 +87,6 @@
     flake-parts.url = "github:hercules-ci/flake-parts";
     devshell.url = "github:numtide/devshell";
     spicetify-nix.url = "github:Gerg-l/spicetify-nix";
-    # spicetify-nix.url = "github:Swarsel/spicetify-nix";
     niri-flake.url = "github:sodiboo/niri-flake";
     nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main";
     microvm.url = "github:astro/microvm.nix";
@@ -99,8 +95,6 @@
     simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
     nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall";
     pia.url = "github:Swarsel/pia.nix/custom";
-    niritiling.url = "github:Swarsel/niritiling";
-    noctoggle.url = "git+ssh://git@github.com/Swarsel/noctoggle.git?ref=main";
   };
 
   outputs =

hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix

@@ -22,8 +22,7 @@
   #   '';
 
   boot = {
-    # kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages;
+    kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages;
-    kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages_latest;
     # kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
     binfmt.emulatedSystems = [ "aarch64-linux" ];
     initrd = {

modules/home/common/anki.nix

@@ -10,7 +10,7 @@ in
 
       programs.anki = {
         enable = true;
-        package = pkgs.anki;
+        # # package = pkgs.anki;
         hideBottomBar = true;
         hideBottomBarMode = "always";
         hideTopBar = true;
@@ -18,7 +18,7 @@ in
         reduceMotion = true;
         spacebarRatesCard = true;
         # videoDriver = "opengl";
-        profiles."User 1".sync = {
+        sync = {
           autoSync = false; # sync on profile close will delay system shutdown
           syncMedia = true;
           autoSyncMediaMinutes = 5;

modules/home/common/khal.nix

@@ -1,14 +0,0 @@
-{ lib, config, pkgs, ... }:
-let
-  moduleName = "khal";
-in
-{
-  options.swarselmodules.${moduleName} = lib.mkEnableOption "enable ${moduleName} and settings";
-  config = lib.mkIf config.swarselmodules.${moduleName} {
-    programs.${moduleName} = {
-      enable = true;
-      package = pkgs.khal;
-    };
-  };
-
-}

modules/home/common/packages.nix

@@ -14,6 +14,7 @@
       picard-tools
       audacity
       sox
+      # stable.feishin # does not work with oauth2-proxy
       calibre
 
       # printing
@@ -31,7 +32,7 @@
       (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ]))
 
       # browser
-      vieb
+      stable24_11.vieb
       mgba
 
       # utilities
@@ -88,7 +89,7 @@
       # element-desktop
 
       nicotine-plus
-      transmission_3
+      stable25_05.transmission_3
       mktorrent
       hugo
 
@@ -149,7 +150,13 @@
       slurp
 
       # the following packages are used (in some way) by waybar
+      # playerctl
       pavucontrol
+      # stable.pamixer
+      # gnome.gnome-clocks
+      # wlogout
+      # jdiskreport
+      # monitor
 
       #keychain
       qalculate-gtk

modules/home/common/programs.nix

@@ -9,7 +9,8 @@
           pkgs.bat-extras.batdiff
           pkgs.bat-extras.batman
           pkgs.bat-extras.batwatch
-          pkgs.bat-extras.batgrep
+        ] ++ [
+          pkgs.stable.bat-extras.batgrep
         ];
         # extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ];
       };
@@ -87,9 +88,5 @@
         ];
       };
     };
-
-    home.sessionVariables = {
-      _ZO_EXCLUDE_DIRS = "$HOME:$HOME/.ansible/*:$HOME/test/*:/persist";
-    };
   };
 }

modules/home/common/settings.nix

@@ -61,8 +61,6 @@ in
       nixpkgs = lib.mkIf (!isNixos) {
         overlays = [
           outputs.overlays.default
-          outputs.overlays.stables
-          outputs.overlays.modifications
           (final: prev:
             let
               additions = final: _: import "${self}/pkgs/config" {

modules/home/common/swayosd.nix

@@ -5,7 +5,7 @@
     systemd.user.services.swayosd = confLib.overrideTarget "sway-session.target";
     services.swayosd = {
       enable = true;
-      package = pkgs.swayosd;
+      package = pkgs.dev.swayosd;
       topMargin = 0.5;
     };
   };

modules/home/common/vesktop.nix

@@ -7,7 +7,7 @@ in
   config = lib.mkIf config.swarselmodules.${moduleName} {
     programs.${moduleName} = {
       enable = true;
-      package = pkgs.vesktop;
+      package = pkgs.stable.vesktop;
       settings = {
         appBadge = false;
         arRPC = false;

modules/home/optional/niri.nix

@@ -8,7 +8,6 @@
       package = pkgs.niri-stable; # which package to use for niri validation
       settings = {
         gestures.hot-corners.enable = false;
-        hotkey-overlay.skip-at-startup = true;
         debug = {
           honor-xdg-activation-with-invalid-serial = [ ];
         };
@@ -106,19 +105,17 @@
         };
         binds = with config.lib.niri.actions; let
           sh = spawn "sh" "-c";
+          resizer = "niri-resize & sleep 0.05";
         in
         {
           "Mod+Shift+t".action = toggle-window-rule-opacity;
           "Mod+m".action = focus-workspace-previous;
           "Mod+Shift+Space".action = toggle-window-floating;
           "Mod+Shift+f".action = fullscreen-window;
-          # "Mod+q".action = sh "${resizer} && niri msg action close-window";
+          "Mod+q".action = sh "${resizer} && niri msg action close-window";
-          "Mod+q".action = sh "niri msg action close-window";
+          "Mod+f".action = sh "${resizer} && exec firefox";
-          # "Mod+f".action = sh "${resizer} && exec firefox";
-          "Mod+f".action = sh "exec firefox";
           # "Mod+Space".action = spawn "noctalia-shell" "ipc" "call" "launcher" "toggle";
-          # "Mod+Space".action = sh "${resizer} && exec noctalia-shell ipc call launcher toggle";
+          "Mod+Space".action = sh "${resizer} && exec noctalia-shell ipc call launcher toggle";
-          "Mod+Space".action = sh "exec noctalia-shell ipc call launcher toggle";
           # "Mod+Space".action = sh "${resizer} & exec fuzzel";
           "Mod+z".action = spawn "noctalia-shell" "ipc" "call" "bar" "toggle";
           "Mod+Shift+c".action = spawn "qalculate-gtk";
@@ -133,16 +130,11 @@
           "Mod+Shift+s".action.screenshot-window = { write-to-disk = true; };
           # "Mod+Shift+v".action = spawn "wf-recorder" "-g" "'$(slurp -f %o -or)'" "-f" "~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv";
 
-          # "Mod+e".action = sh "${resizer} && exec emacsclient -nquc -a emacs -e '(dashboard-open)'";
+          "Mod+e".action = sh "${resizer} && exec emacsclient -nquc -a emacs -e '(dashboard-open)'";
-          "Mod+e".action = sh "exec emacsclient -nquc -a emacs -e '(dashboard-open)'";
+          "Mod+c".action = sh "${resizer} && exec emacsclient -ce '(org-capture)'";
-          # "Mod+c".action = sh "${resizer} && exec emacsclient -ce '(org-capture)'";
+          "Mod+t".action = sh "${resizer} && exec emacsclient -ce '(org-agenda)'";
-          "Mod+c".action = sh "exec emacsclient -ce '(org-capture)'";
+          "Mod+Shift+m".action = sh "${resizer} && exec emacsclient -ce '(mu4e)'";
-          # "Mod+t".action = sh "${resizer} && exec emacsclient -ce '(org-agenda)'";
+          "Mod+Shift+a".action = sh "${resizer} && exec emacsclient -ce '(swarsel/open-calendar)'";
-          "Mod+t".action = sh "exec emacsclient -ce '(org-agenda)'";
-          # "Mod+Shift+m".action = sh "${resizer} && exec emacsclient -ce '(mu4e)'";
-          "Mod+Shift+m".action = sh "exec emacsclient -ce '(mu4e)'";
-          # "Mod+Shift+a".action = sh "${resizer} && exec emacsclient -ce '(swarsel/open-calendar)'";
-          "Mod+Shift+a".action = sh "exec emacsclient -ce '(swarsel/open-calendar)'";
 
           "Mod+a".action = spawn "swarselcheck-niri" "-s";
           "Mod+x".action = spawn "swarselcheck-niri" "-k";
@@ -167,8 +159,7 @@
           # "Mod+Shift+e".action = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
           # "Mod+r".action = "mode resize";
           # "Mod+Return".action = "exec kitty";
-          # "Mod+Return".action = sh "${resizer} && exec kitty -o confirm_os_window_close=0";
+          "Mod+Return".action = sh "${resizer} && exec kitty -o confirm_os_window_close=0";
-          "Mod+Return".action = sh "exec kitty -o confirm_os_window_close=0";
           "XF86AudioRaiseVolume".action = spawn "noctalia-shell" "ipc" "call" "volume" "increase";
           "XF86AudioLowerVolume".action = spawn "noctalia-shell" "ipc" "call" "volume" "decrease";
           "XF86AudioMute".action = spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput";
@@ -214,7 +205,7 @@
           # { command = [ "niri" "msg" "action" "focus-workspace" "2" ]; }
           # { command = [ "noctalia-shell" ]; }
           # { argv = [ "pkill" "mako" ]; }
-          { argv = [ "systemctl" "--user" "restart" "noctalia-shell.target" ]; }
+          { argv = [ "systemctl" "--user" "restart" "noctalia-shell.target" "tray.target" ]; }
         ];
         # workspaces = {
         # "01-Main" = {
@@ -227,33 +218,5 @@
       };
     };
 
-    xdg.portal = {
-      enable = true;
-      xdgOpenUsePortal = true;
-      config.niri = {
-        default = [
-          "gtk"
-          "gnome"
-        ];
-        "org.freedesktop.impl.portal.Access" = [ "gtk" ];
-        "org.freedesktop.impl.portal.Notification" = [ "gtk" ];
-        "org.freedesktop.impl.portal.Secret" = [ "gnome-keyring" ];
-        "org.freedesktop.impl.portal.FileChooser" = [ "gtk" ];
-        "org.freedesktop.impl.portal.ScreenCast" = [ "xdg-desktop-portal-gnome" ];
-        "org.freedesktop.impl.portal.Screenshot" = [ "xdg-desktop-portal-gnome" ];
-      };
-      extraPortals = [
-        pkgs.gnome-keyring
-        pkgs.xdg-desktop-portal-gtk
-        pkgs.xdg-desktop-portal-gnome
-      ];
-    };
-
-    swarselmodules.gnome-keyring = lib.swarselsystems.mkStrong true;
-
-    home.packages = [
-      pkgs.nirius
-    ];
-
   };
 }

modules/home/optional/noctalia.nix

@@ -1,13 +1,8 @@
-{ self, inputs, config, pkgs, lib, confLib, type, ... }:
+{ self, inputs, config, pkgs, lib, confLib, ... }:
-let
-  inherit (confLib.getConfig.repo.secrets.common) caldavTasksEndpoint;
-  inherit (config.swarselsystems) xdgDir;
-in
 {
   imports = [
     inputs.noctalia.homeModules.default
   ];
-  options.swarselmodules.optional-noctalia = lib.swarselsystems.mkTrueOption;
   config = {
     systemd.user = {
       targets = {
@@ -16,35 +11,24 @@ in
         };
         tray = {
           Unit = {
-            Wants = [ "noctalia-init.service" ];
+            After = [ "noctalia-init.service" ];
-            After = [
+            PartOf = [ "noctalia-shell.service" ];
-              "noctalia-shell.service"
-              "noctalia-init.service"
-            ];
           };
           Install.WantedBy = [ "noctalia-shell.target" ];
         };
       };
       services = {
-        noctalia-shell = {
+        noctalia-shell = confLib.overrideTarget "noctalia-shell.target";
-          Unit.PartOf = [ "noctalia-shell.target" ];
-          Install.WantedBy = [ "noctalia-shell.target" ];
-        };
         noctalia-init = {
 
-          Unit = {
-            Requires = [ "noctalia-shell.service" ];
-            After = [ "noctalia-shell.service" ];
-          };
-
           Service = {
             Type = "oneshot";
-            ExecStart = "${pkgs.coreutils}/bin/sleep 3";
+            ExecStart = "${pkgs.coreutils}/bin/sleep 15";
             RemainAfterExit = true;
           };
 
           Install = {
-            WantedBy = [ "tray.target" ];
+            WantedBy = [ "noctalia-shell.target" ];
           };
         };
       };
@@ -54,7 +38,7 @@ in
       fastfetch.enable = true;
       noctalia-shell = {
         enable = true;
-        package = pkgs.noctalia-shell;
+        package = pkgs.noctalia-shell.override { calendarSupport = true; };
         systemd.enable = true;
         settings = {
           bar = {
@@ -74,7 +58,7 @@ in
             frameRadius = 12;
             outerCorners = false;
             hideOnOverview = false;
-            displayMode = "non_exclusive";
+            displayMode = "auto_hide";
             autoHideDelay = 100;
             autoShowDelay = 300;
             screenOverrides = [ ];
@@ -123,7 +107,7 @@ in
                     todos = [ ];
                     useCustomColors = false;
                   };
-                  id = "plugin:ba7043:todo";
+                  id = "plugin:todo";
                 }
               ];
               center = [
@@ -165,7 +149,7 @@ in
                   showUnreadBadge = true;
                 }
                 {
-                  id = "plugin:github-feed";
+                  id = "plugin:ba7043:github-feed";
                 }
                 {
                   id = "plugin:clipper";
@@ -191,7 +175,7 @@ in
                   showPowerProfiles = true;
                 }
                 {
-                  iconColor = "none";
+                  colorName = "primary";
                   id = "SessionMenu";
                 }
                 {
@@ -205,7 +189,7 @@ in
                 }
                 {
                   colorizeDistroLogo = false;
-                  colorizeSystemIcon = "none";
+                  colorizeSystemIcon = "primary";
                   customIconPath = "${self}/files/icons/swarsel.png";
                   enableColorization = true;
                   icon = "noctalia";
@@ -338,12 +322,9 @@ in
             viewMode = "list";
             showCategories = false;
             iconMode = "native";
-            density = "compact";
-            overviewLayer = false;
             showIconBackground = false;
             enableSettingsSearch = false;
             enableWindowsSearch = false;
-            enableSessionSearch = false;
             ignoreMouseInput = true;
             screenshotAnnotationTool = "";
           };
@@ -453,49 +434,36 @@ in
                 command = "";
                 countdownEnabled = true;
                 enabled = true;
-                keybind = "L";
               }
               {
                 action = "suspend";
                 command = "";
                 countdownEnabled = true;
                 enabled = true;
-                keybind = "S";
               }
               {
                 action = "hibernate";
                 command = "";
                 countdownEnabled = true;
                 enabled = true;
-                keybind = "H";
               }
               {
                 action = "reboot";
                 command = "";
                 countdownEnabled = true;
                 enabled = true;
-                keybind = "R";
               }
               {
                 action = "logout";
                 command = "";
                 countdownEnabled = true;
                 enabled = true;
-                keybind = "U";
               }
               {
                 action = "shutdown";
                 command = "";
                 countdownEnabled = true;
                 enabled = true;
-                keybind = "P";
-              }
-              {
-                action = "rebootToUefi";
-                command = "";
-                countdownEnabled = true;
-                enabled = true;
-                keybind = "B";
               }
             ];
           };
@@ -582,7 +550,7 @@ in
                   "unicode-picker"
                   "screen-recorder"
                 ]) // {
-              todo = {
+              github-feed = {
                 enabled = true;
                 sourceUrl = "https://github.com/Swarsel/noctalia-plugins";
               };
@@ -593,28 +561,6 @@ in
               enableTodoIntegration = false;
             };
 
-            todo = {
-
-              caldavEnabled = true;
-              caldavUrl = caldavTasksEndpoint;
-              caldavUsername = config.swarselsystems.mainUser;
-              caldavPasswordType = "file";
-              caldavPasswordCmd = "";
-              caldavPasswordFile = confLib.getConfig.sops.secrets.radicale-token.path;
-              caldavSyncInterval = 300;
-              current_page_id = 1;
-              pages = [
-                {
-                  id = 0;
-                  name = "General";
-                }
-                {
-                  id = 1;
-                  name = "Work";
-                }
-              ];
-            };
-
             privacy-indicator = {
               hideInactive = true;
               iconSpacing = 4;
@@ -652,8 +598,8 @@ in
               # my fork:
               showNotificationBadge = true;
               colorizationEnabled = true;
-              colorizationIcon = "None";
+              colorizationIcon = "Primary";
-              colorizationBadge = "Primary";
+              colorizationBadge = "Tertiary";
               colorizationBadgeText = "None";
               defaultTab = 1;
               enableSystemNotifications = true;
@@ -669,9 +615,5 @@ in
         };
       };
     };
-  } // lib.optionalAttrs (type != "nixos") {
-    sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
-      radicale-token = { path = "${xdgDir}/secrets/radicaleToken"; };
-    };
   };
 }

modules/home/optional/work.nix

@@ -11,7 +11,7 @@ in
   config = {
     home = {
       packages = with pkgs; [
-        teams-for-linux
+        stable.teams-for-linux
         shellcheck
         dig
         docker
@@ -21,12 +21,9 @@ in
         prometheus.cli
         tigervnc
         # openstackclient
-        step-cli
-
-        vscode-fhs
-        copilot-cli
-        antigravity
 
+        vscode
+        dev.antigravity
 
         rustdesk-vbc
       ];
@@ -148,7 +145,7 @@ in
 
     programs =
       let
-        inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 clouds;
+        inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail clouds;
       in
       {
         openstackclient = {
@@ -157,7 +154,7 @@ in
         };
         awscli = {
           enable = true;
-          package = pkgs.awscli2;
+          package = pkgs.stable24_05.awscli2;
           # settings = {
           #   "default" = { };
           #   "profile s3-imagebuilder-prod" = { };
@@ -169,8 +166,7 @@ in
           #   };
           # };
         };
-        # this is no longer needed since moving away from bitbucket
+        git.settings.user.email = lib.mkForce gitMail;
-        # git.settings.user.email = lib.mkForce gitMail;
 
         zsh = {
           shellAliases = {
@@ -556,7 +552,7 @@ in
         };
 
         Service = {
-          ExecStart = "${pkgs.teams-for-linux}/bin/teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true";
+          ExecStart = "${pkgs.stable.teams-for-linux}/bin/teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true";
         };
       };
 

modules/nixos/client/distrobox.nix

@@ -10,7 +10,7 @@
     virtualisation.podman = {
       enable = true;
       dockerCompat = true;
-      package = pkgs.podman;
+      package = pkgs.stable.podman;
     };
   };
 }

modules/nixos/client/hardware.nix

@@ -33,7 +33,7 @@
 
       bluetooth = lib.mkIf config.swarselsystems.hasBluetooth {
         enable = true;
-        package = pkgs.bluez;
+        package = pkgs.stable.bluez;
         powerOnBoot = true;
         settings = {
           General = {

modules/nixos/client/nix-ld.nix

@@ -82,30 +82,31 @@
         pipewire
         pixman
         speex
-        steam-fhsenv-without-steam
+        # stable.cc.cc
+        stable25_05.steam-fhsenv-without-steam
         systemd
         tbb
         vulkan-loader
-        libice
+        xorg.libICE
-        libsm
+        xorg.libSM
-        libx11
+        xorg.libX11
-        libxscrnsaver
+        xorg.libXScrnSaver
-        libxcomposite
+        xorg.libXcomposite
-        libxcursor
+        xorg.libXcursor
-        libxdamage
+        xorg.libXdamage
-        libxext
+        xorg.libXext
-        libxfixes
+        xorg.libXfixes
-        libxft
+        xorg.libXft
-        libxi
+        xorg.libXi
-        libxinerama
+        xorg.libXinerama
-        libxmu
+        xorg.libXmu
-        libxrandr
+        xorg.libXrandr
-        libxrender
+        xorg.libXrender
-        libxt
+        xorg.libXt
-        libxtst
+        xorg.libXtst
-        libxxf86vm
+        xorg.libXxf86vm
-        libxcb
+        xorg.libxcb
-        libxshmfence
+        xorg.libxshmfence
         zlib
       ];
     };

modules/nixos/client/packages.nix

@@ -16,7 +16,6 @@
       pcsc-tools
       pcscliteWithPolkit.out
 
-
       # ledger packages
       ledger-live-desktop
 

modules/nixos/client/pipewire.nix

@@ -6,7 +6,7 @@
 
     services.pipewire = {
       enable = true;
-      package = pkgs.pipewire;
+      package = pkgs.stable.pipewire;
       pulse.enable = true;
       jack.enable = true;
       audio.enable = true;

modules/nixos/client/swayosd.nix

@@ -2,8 +2,8 @@
 {
   options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings";
   config = lib.mkIf config.swarselmodules.swayosd {
-    environment.systemPackages = [ pkgs.swayosd ];
+    environment.systemPackages = [ pkgs.dev.swayosd ];
-    services.udev.packages = [ pkgs.swayosd ];
+    services.udev.packages = [ pkgs.dev.swayosd ];
     systemd.services.swayosd-libinput-backend = {
       description = "SwayOSD LibInput backend for listening to certain keys like CapsLock, ScrollLock, VolumeUp, etc.";
       documentation = [ "https://github.com/ErikReider/SwayOSD" ];
@@ -14,7 +14,7 @@
       serviceConfig = {
         Type = "dbus";
         BusName = "org.erikreider.swayosd";
-        ExecStart = "${pkgs.swayosd}/bin/swayosd-libinput-backend";
+        ExecStart = "${pkgs.dev.swayosd}/bin/swayosd-libinput-backend";
         Restart = "on-failure";
       };
     };

modules/nixos/common/home-manager-secrets.nix

@@ -29,8 +29,6 @@ in
           github-forge-token = { owner = mainUser; };
         }) // (lib.optionalAttrs (modules ? optional-work) {
           harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; };
-        }) // (lib.optionalAttrs (modules ? optional-noctalia) {
-          radicale-token = { owner = mainUser; };
         }) // (lib.optionalAttrs modules.anki {
           anki-user = { owner = mainUser; };
           anki-pw = { owner = mainUser; };

modules/nixos/common/settings.nix

@@ -122,8 +122,6 @@ in
         nixpkgs = {
           overlays = [
             outputs.overlays.default
-            outputs.overlays.stables
-            outputs.overlays.modifications
           ] ++ lib.optionals withHomeManager [
             (final: prev:
               let

modules/nixos/common/users.nix

@@ -30,7 +30,7 @@
           description = "Leon S";
           password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup";
           hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path;
-          extraGroups = [ "wheel" ] ++ lib.optionals (!minimal && !config.swarselsystems.isMicroVM) [ "networkmanager" "input" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ];
+          extraGroups = [ "wheel" ] ++ lib.optionals (!minimal && !config.swarselsystems.isMicroVM) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ];
           packages = with pkgs; [ ];
         };
       };

modules/nixos/darwin/default.nix

@@ -12,11 +12,7 @@ in
       nix.settings.experimental-features = "nix-command flakes";
       nixpkgs = {
         hostPlatform = "x86_64-darwin";
-        overlays = [
+        overlays = [ outputs.overlays.default ];
-          outputs.overlays.default
-          outputs.overlays.stables
-          outputs.overlays.modifications
-        ];
         config = {
           allowUnfree = true;
         };

modules/nixos/optional/niri.nix

@@ -19,7 +19,6 @@
       xwayland-satellite-unstable
     ];
 
-    services.niritiling.enable = true;
 
     programs = {
       niri = {

modules/nixos/optional/noctalia.nix

@@ -11,16 +11,7 @@
     services = {
       upower.enable = true; # needed for battery percentage
       gnome.evolution-data-server.enable = true; # needed for calendar integration
-
-      noctoggle = {
-        enable = true;
-        # noctaliaPackage = pkgs.noctalia-shell;
-      };
-
-    };
-    programs = {
-      gpu-screen-recorder.enable = true;
-      evolution.enable = true;
     };
+    programs.gpu-screen-recorder.enable = true;
   };
 }

modules/nixos/optional/virtualbox.nix

@@ -8,7 +8,7 @@
         enable = true;
         enableKvm = true;
         addNetworkInterface = lib.mkIf config.virtualisation.virtualbox.host.enableKvm false;
-        package = pkgs.virtualbox;
+        package = pkgs.stable.virtualbox;
         enableExtensionPack = true;
       };
       # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch

modules/nixos/optional/work.nix

@@ -160,7 +160,7 @@ in
     environment.systemPackages = with pkgs; [
       remmina
       # gp-onsaml-gui
-      python39
+      stable24_11.python39
       qemu
       packer
       gnumake

modules/nixos/server/firezone.nix

@@ -174,19 +174,19 @@ in
 
         domain = {
           settings.ERLANG_DISTRIBUTION_PORT = domainPort;
-          package = pkgs.firezone-server-domain;
+          package = pkgs.dev.firezone-server-domain;
         };
         api = {
           externalUrl = "https://${serviceDomain}/api/";
           address = "0.0.0.0";
           port = apiPort;
-          package = pkgs.firezone-server-api;
+          package = pkgs.dev.firezone-server-api;
         };
         web = {
           externalUrl = "https://${serviceDomain}/";
           address = "0.0.0.0";
           port = webPort;
-          package = pkgs.firezone-server-web;
+          package = pkgs.dev.firezone-server-web;
         };
       };
 
@@ -199,7 +199,7 @@ in
         publicIpv4 = proxyAddress4;
         publicIpv6 = proxyAddress6;
         openFirewall = lib.mkIf (!isProxied) true;
-        package = pkgs.firezone-relay;
+        package = pkgs.dev.firezone-relay;
       };
     };
     # systemd.services.firezone-initialize =

modules/nixos/server/kanidm.nix

@@ -110,7 +110,7 @@ in
           };
 
           script = ''
-                  set -eu
+            set -eu
 
             ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir}
             ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""}
@@ -205,27 +205,23 @@ in
 
     services = {
       ${serviceName} = {
-        package = pkgs.kanidmWithSecretProvisioning_1_9;
+        package = pkgs.kanidmWithSecretProvisioning_1_8;
-        server = {
+        enableServer = true;
-          enable = true;
+        serverSettings = {
-          settings = {
+          domain = serviceDomain;
-            domain = serviceDomain;
+          origin = "https://${serviceDomain}";
-            origin = "https://${serviceDomain}";
+          # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path;
-            # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path;
+          tls_chain = certPathBase;
-            tls_chain = certPathBase;
+          # tls_key = config.sops.secrets.kanidm-self-signed-key.path;
-            # tls_key = config.sops.secrets.kanidm-self-signed-key.path;
+          tls_key = keyPathBase;
-            tls_key = keyPathBase;
+          bindaddress = "0.0.0.0:${toString servicePort}";
-            bindaddress = "0.0.0.0:${toString servicePort}";
+          # trust_x_forward_for = true;
-            # trust_x_forward_for = true;
-          };
         };
-        client = {
+        enableClient = true;
-          enable = true;
+        clientSettings = {
-          settings = {
+          uri = config.services.kanidm.serverSettings.origin;
-            uri = config.services.kanidm.server.settings.origin;
+          verify_ca = true;
-            verify_ca = true;
+          verify_hostnames = true;
-            verify_hostnames = true;
-          };
         };
         provision = {
           enable = true;
@@ -420,7 +416,7 @@ in
     nodes =
       let
         extraConfig = ''
-            allow ${globals.networks.home-lan.vlans.services.cidrv4};
+          allow ${globals.networks.home-lan.vlans.services.cidrv4};
           allow ${globals.networks.home-lan.vlans.services.cidrv6};
         '';
       in

modules/nixos/server/kavita.nix

@@ -1,4 +1,4 @@
-{ lib, config, globals, dns, confLib, ... }:
+{ self, lib, config, pkgs, globals, dns, confLib, ... }:
 let
   inherit (config.swarselsystems) sopsFile;
 
@@ -8,6 +8,9 @@ in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
+    environment.systemPackages = with pkgs; [
+      calibre
+    ];
 
     users = {
       persistentIds.kavita = confLib.mkIds 995;

modules/nixos/server/mailserver.nix

@@ -1,7 +1,7 @@
 { self, lib, config, globals, dns, confLib, ... }:
 let
   inherit (config.swarselsystems) sopsFile;
-  inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 443; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceAddress serviceDomain proxyAddress4 proxyAddress6;
+  inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 80; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceAddress serviceDomain proxyAddress4 proxyAddress6;
   inherit (confLib.static) isHome webProxy homeWebProxy dnsServer homeServiceAddress nginxAccessRules;
   inherit (config.repo.secrets.local.mailserver) user1 alias1_1 alias1_2 alias1_3 alias1_4 user2 alias2_1 alias2_2 alias2_3 user3;
   baseDomain = globals.domains.main;
@@ -127,7 +127,7 @@ in
     };
 
     # the rest of the ports are managed by snm
-    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    networking.firewall.allowedTCPPorts = [ 80 servicePort ];
 
     services.nginx = {
       virtualHosts = {
@@ -158,8 +158,8 @@ in
           "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host endpointAddress4 endpointAddress6;
           "${globals.services.roundcube.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
         };
-        ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; };
+        ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; };
-        ${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; });
+        ${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; });
       };
 
   };

modules/nixos/server/monitoring.nix

@@ -124,9 +124,7 @@ in
           analytics.reporting_enabled = false;
           users.allow_sign_up = false;
           security = {
-            # admin_password = "$__file{/run/secrets/grafana-admin-pw}";
+            admin_password = "$__file{/run/secrets/grafana-admin-pw}";
-            disable_initial_admin_creation = true;
-            secret_key = "$__file{${config.sops.secrets.grafana-admin-pw.path}}";
             cookie_secure = true;
             disable_gravatar = true;
           };

modules/nixos/server/navidrome.nix

@@ -82,6 +82,7 @@ in
 
     services.${serviceName} = {
       enable = true;
+      # openFirewall = true;
       settings = {
         LogLevel = "debug";
         Address = "0.0.0.0";

modules/nixos/server/nextcloud.nix

@@ -5,7 +5,7 @@ let
   inherit (confLib.gen { name = "nextcloud"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6;
   inherit (confLib.static) isHome dnsServer webProxy homeWebProxy homeServiceAddress nginxAccessRules;
 
-  nextcloudVersion = "33";
+  nextcloudVersion = "32";
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";

modules/nixos/server/oauth2-proxy.nix

@@ -165,14 +165,14 @@ in
     services = {
       ${serviceName} = {
         enable = true;
-        package = pkgs.update.oauth2-proxy;
+        package = pkgs.dev.oauth2-proxy;
         cookie = {
           domain = ".${mainDomain}";
           secure = true;
           expire = "900m";
-          secretFile = null;
+          secret = null; # set by service EnvironmentFile
         };
-        clientSecretFile = null;
+        clientSecret = null; # set by service EnvironmentFile
         reverseProxy = true;
         httpAddress = "0.0.0.0:${builtins.toString servicePort}";
         redirectURL = "https://${serviceDomain}/oauth2/callback";

modules/nixos/server/paperless.nix

@@ -103,19 +103,18 @@ in
 
       gotenberg = {
         enable = true;
-        package = pkgs.gotenberg;
+        package = pkgs.stable.gotenberg;
-        libreoffice.package = pkgs.libreoffice;
         port = gotenbergPort;
         bindIP = "127.0.0.1";
         timeout = "600s";
-        chromium.package = pkgs.chromium;
+        chromium.package = pkgs.stable.chromium;
       };
     };
 
 
     # Add secret to PAPERLESS_SOCIALACCOUNT_PROVIDERS
     systemd.services.paperless-web.script = lib.mkBefore ''
-        oidcSecret=$(< ${config.sops.secrets.kanidm-paperless-client.path})
+      oidcSecret=$(< ${config.sops.secrets.kanidm-paperless-client.path})
       export PAPERLESS_SOCIALACCOUNT_PROVIDERS=$(
         ${pkgs.jq}/bin/jq <<< "$PAPERLESS_SOCIALACCOUNT_PROVIDERS" \
           --compact-output \
@@ -126,7 +125,7 @@ in
     nodes =
       let
         extraConfigLoc = ''
-            proxy_connect_timeout   300;
+          proxy_connect_timeout   300;
           proxy_send_timeout      300;
           proxy_read_timeout      300;
           send_timeout            300;

modules/shared/vars.nix

@@ -1,17 +1,14 @@
-{ self, pkgs, ... }:
+{ self, lib, pkgs, ... }:
 {
   _module.args = {
     vars = rec {
       waylandSessionVariables = {
-        ANKI_WAYLAND = "1";
-        MOZ_ENABLE_WAYLAND = "1";
-        MOZ_WEBRENDER = "1";
-        NIXOS_OZONE_WL = "1";
-        OBSIDIAN_USE_WAYLAND = "1";
-        QT_QPA_PLATFORM = "wayland-egl";
-        QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
         SDL_VIDEODRIVER = "wayland";
-        _JAVA_AWT_WM_NONREPARENTING = "1";
+        QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
+        QT_QPA_PLATFORM = "wayland-egl";
+        ANKI_WAYLAND = "1";
+        OBSIDIAN_USE_WAYLAND = "1";
+        MOZ_ENABLE_WAYLAND = "1";
       };
 
       waylandExports =
@@ -97,28 +94,28 @@
             noscript
 
             # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut
-            # (buildFirefoxXpiAddon {
+            (buildFirefoxXpiAddon {
-            #   pname = "shortkeys";
+              pname = "shortkeys";
-            #   version = "4.0.2";
+              version = "4.0.2";
-            #   addonId = "Shortkeys@Shortkeys.com";
+              addonId = "Shortkeys@Shortkeys.com";
-            #   url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
+              url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
-            #   sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
+              sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
-            #   meta = with lib;
+              meta = with lib;
-            #     {
+                {
-            #       description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
+                  description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
-            #       mozPermissions = [
+                  mozPermissions = [
-            #         "tabs"
+                    "tabs"
-            #         "downloads"
+                    "downloads"
-            #         "clipboardWrite"
+                    "clipboardWrite"
-            #         "browsingData"
+                    "browsingData"
-            #         "storage"
+                    "storage"
-            #         "bookmarks"
+                    "bookmarks"
-            #         "sessions"
+                    "sessions"
-            #         "<all_urls>"
+                    "<all_urls>"
-            #       ];
+                  ];
-            #       platforms = platforms.all;
+                  platforms = platforms.all;
-            #     };
+                };
-            # })
+            })
           ];
         };
 

nix/hosts.nix

@@ -34,8 +34,6 @@
             inputs.swarsel-nix.nixosModules.default
             inputs.nixos-nftables-firewall.nixosModules.default
             inputs.pia.nixosModules.default
-            inputs.niritiling.nixosModules.default
-            inputs.noctoggle.nixosModules.default
             (inputs.nixos-extra-modules + "/modules/guests")
             (inputs.nixos-extra-modules + "/modules/interface-naming.nix")
             "${self}/hosts/nixos/${arch}/${configName}"

nix/iso.nix

@@ -5,7 +5,7 @@
       packages = {
         # nix build --print-out-paths --no-link .#live-iso
         live-iso = inputs.nixos-generators.nixosGenerate {
-          inherit pkgs system;
+          inherit pkgs;
           specialArgs = { inherit self; };
           modules = [
             inputs.home-manager.nixosModules.home-manager

nix/lib.nix

@@ -49,11 +49,7 @@ let
       pkgsFor = lib.genAttrs (import systems) (system:
         import inputs.nixpkgs {
           inherit system;
-          overlays = [
+          overlays = [ self.overlays.default ];
-            self.overlays.default
-            self.overlays.stables
-            self.overlays.modifications
-          ];
           config.allowUnfree = true;
         }
       );

nix/overlays.nix

@@ -6,162 +6,93 @@ in
 {
   flake = _:
     {
-      overlays =
+      overlays = {
-        let
+        default = final: prev:
-          nixpkgs-stable-versions = final: _:
+          let
-            let
+            additions = final: _: import "${self}/pkgs/flake" { pkgs = final; inherit self lib; }
-              nixpkgsInputs =
+              // {
-                lib.filterAttrs
+              swarsel-nix = import inputs.swarsel-nix {
-                  (name: _v: builtins.match "^nixpkgs-.*" name != null)
+                pkgs = prev;
-                  inputs;
+              };
+              zjstatus = inputs.zjstatus.packages.${prev.system}.default;
+            };
 
-              rename = name: builtins.replaceStrings [ "nixpkgs-" ] [ "" ] name;
+            modifications = final: prev: {
+              # vesktop = prev.vesktop.override {
+              #   withSystemVencord = true;
+              # };
 
-              mkPkgs = src:
+              lib = prev.lib // {
-                import src {
+                swarselsystems = self.outputs.swarselsystemsLib;
-                  inherit (final.stdenv.hostPlatform) system;
+                hm = self.outputs.homeLib;
-                  config.allowUnfree = true;
-                };
-            in
-            builtins.listToAttrs (map
-              (name: {
-                name = rename name;
-                value = mkPkgs nixpkgsInputs.${name};
-              })
-              (builtins.attrNames nixpkgsInputs));
-
-        in
-        rec {
-          default = additions;
-          additions = final: prev:
-            let
-              additions = final: _: import "${self}/pkgs/flake" { pkgs = final; inherit self lib; }
-                // {
-                swarsel-nix = import inputs.swarsel-nix {
-                  pkgs = prev;
-                };
-                zjstatus = inputs.zjstatus.packages.${prev.stdenv.hostPlatform.system}.default;
               };
 
-            in
+              firefox = prev.firefox.override {
-            (additions final prev)
+                nativeMessagingHosts = [
-            // (nixpkgs-stable-versions final prev)
+                  prev.tridactyl-native
-            // (inputs.niri-flake.overlays.niri final prev)
+                  prev.browserpass
-            // (inputs.noctalia.overlays.default final prev)
+                  # prev.plasma5Packages.plasma-browser-integration
-            // (inputs.vbc-nix.overlays.default final prev)
+                ];
-            // (inputs.nur.overlays.default final prev)
-            // (inputs.emacs-overlay.overlay final prev)
-            // (inputs.nix-topology.overlays.default final prev)
-            // (inputs.nix-index-database.overlays.nix-index final prev)
-            // (inputs.nixgl.overlay final prev)
-            // (inputs.nix-minecraft.overlay final prev)
-            // (inputs.nixos-extra-modules.overlays.default final prev);
-
-
-          stables = final: prev:
-            let
-              mkUsePkgsFrom = pkgsFrom: names:
-                builtins.listToAttrs (map
-                  (name: {
-                    inherit name;
-                    value = pkgsFrom.${name};
-                  })
-                  names);
-
-              from =
-                let
-                  stablePackages = nixpkgs-stable-versions final prev;
-                in
-                key:
-                  stablePackages.${key} or (throw "Missing nixpkgs input nixpkgs-${key}");
-
-            in
-            (mkUsePkgsFrom (from "dev") [
-              # "swayosd"
-              "firezone-relay"
-              "firezone-server-web"
-              "firezone-server-api"
-              "firezone-server-domain"
-            ])
-            // (mkUsePkgsFrom (from "stable24_05") [
-              "awscli2"
-            ])
-            // (mkUsePkgsFrom (from "stable24_11") [
-              "python39"
-              "spotify"
-              "vieb"
-            ])
-            // (mkUsePkgsFrom (from "stable25_05") [
-              "steam-fhsenv-without-steam"
-              "transmission_3"
-            ])
-            // (mkUsePkgsFrom (from "stable") [
-              # "anki"
-              "azure-cli"
-              # "bat-extras.batgrep"
-              # "bluez"
-              "calibre"
-              # "chromium"
-              "dwarfs"
-              "gotenberg"
-              "khal"
-              "libreoffice"
-              "libreoffice-qt"
-              "nerd-fonts-symbols-only"
-              "noto-fonts"
-              "noto-fonts-cjk-sans"
-              "noto-fonts-color-emoji"
-              # "pipewire"
-              "podman"
-              "teams-for-linux"
-              # "vesktop"
-              "virtualbox"
-            ]);
-
-          modifications = final: prev:
-            let
-              modifications = final: prev: {
-                # vesktop = prev.vesktop.override {
-                #   withSystemVencord = true;
-                # };
-
-                lib = prev.lib // {
-                  swarselsystems = self.outputs.swarselsystemsLib;
-                  hm = self.outputs.homeLib;
-                };
-
-                firefox = prev.firefox.override {
-                  nativeMessagingHosts = [
-                    prev.tridactyl-native
-                    prev.browserpass
-                    # prev.plasma5Packages.plasma-browser-integration
-                  ];
-                };
-
-                isync = prev.isync.override {
-                  withCyrusSaslXoauth2 = true;
-                };
-
-                mgba = final.swarsel-mgba;
-
-                noctalia-shell = prev.noctalia-shell.override {
-                  calendarSupport = true;
-                };
-
-                retroarch = prev.retroarch.withCores (cores: with cores; [
-                  snes9x # snes
-                  nestopia # nes
-                  dosbox # dos
-                  scummvm # scumm
-                  vba-m # gb/a
-                  mgba # gb/a
-                  melonds # ds
-                  dolphin # gc/wii
-                ]);
-
               };
-            in
+
-            modifications final prev;
+              isync = prev.isync.override {
-        };
+                withCyrusSaslXoauth2 = true;
+              };
+
+              mgba = final.swarsel-mgba;
+
+              retroarch = prev.retroarch.withCores (cores: with cores; [
+                snes9x # snes
+                nestopia # nes
+                dosbox # dos
+                scummvm # scumm
+                vba-m # gb/a
+                mgba # gb/a
+                melonds # ds
+                dolphin # gc/wii
+              ]);
+
+            };
+
+            nixpkgs-stable-versions = final: _:
+              let
+                nixpkgsInputs =
+                  lib.filterAttrs
+                    (name: _v: builtins.match "^nixpkgs-.*" name != null)
+                    inputs;
+
+                rename = name: builtins.replaceStrings [ "nixpkgs-" ] [ "" ] name;
+
+                mkPkgs = src:
+                  import src {
+                    inherit (final) system;
+                    config.allowUnfree = true;
+                  };
+              in
+              builtins.listToAttrs (map
+                (name: {
+                  name = rename name;
+                  value = mkPkgs nixpkgsInputs.${name};
+                })
+                (builtins.attrNames nixpkgsInputs));
+
+          in
+          lib.recursiveUpdate
+            (
+              (additions final prev)
+              // (nixpkgs-stable-versions final prev)
+              // (inputs.niri-flake.overlays.niri final prev)
+              // (inputs.noctalia.overlays.default final prev)
+              // (inputs.vbc-nix.overlays.default final prev)
+              // (inputs.nur.overlays.default final prev)
+              // (inputs.emacs-overlay.overlay final prev)
+              // (inputs.nix-topology.overlays.default final prev)
+              // (inputs.nix-index-database.overlays.nix-index final prev)
+              // (inputs.nixgl.overlay final prev)
+              // (inputs.nix-minecraft.overlay final prev)
+              // (inputs.nixos-extra-modules.overlays.default final prev)
+            )
+            (modifications final prev);
+      };
     };
 }

nix/packages.nix

@@ -42,8 +42,6 @@
         };
         overlays = [
           self.overlays.default
-          self.overlays.stables
-          self.overlays.modifications
         ];
       };
       inherit pkgs;

pkgs/config/cdr/default.nix

@@ -4,38 +4,10 @@ writeShellApplication {
   inherit name;
   runtimeInputs = [ fzf ];
   text = ''
-    cdr_had_errexit=0
-    cdr_had_nounset=0
-    cdr_had_pipefail=0
-
-    case $- in
-      *e*) cdr_had_errexit=1 ;;
-    esac
-
-    case $- in
-      *u*) cdr_had_nounset=1 ;;
-    esac
-
-    if set -o 2>/dev/null | grep -q '^pipefail[[:space:]]*on'; then
-      cdr_had_pipefail=1
-    fi
-
-    set +e
-    set +u
-    set +o pipefail 2>/dev/null || true
-
     DOCUMENT_DIR_WORK=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_WORK or ""}
     DOCUMENT_DIR_PRIV=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_PRIV}
     FLAKE=${homeConfig.home.sessionVariables.FLAKE}
 
-    cdr_target="$( (find "$DOCUMENT_DIR_WORK" "$DOCUMENT_DIR_PRIV" -maxdepth 1 && echo "$FLAKE") | fzf )"
+    cd "$( (find "$DOCUMENT_DIR_WORK" "$DOCUMENT_DIR_PRIV" -maxdepth 1 && echo "$FLAKE") | fzf )"
-
-    if [ -n "$cdr_target" ]; then
-      cd "$cdr_target" || true
-    fi
-
-    if [ "$cdr_had_errexit" -eq 1 ]; then set -e; else set +e; fi
-    if [ "$cdr_had_nounset" -eq 1 ]; then set -u; else set +u; fi
-    if [ "$cdr_had_pipefail" -eq 1 ]; then set -o pipefail; else set +o pipefail 2>/dev/null || true; fi
   '';
 }

profiles/home/hotel/default.nix

@@ -2,15 +2,41 @@
 {
   options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host";
   config = lib.mkIf config.swarselprofiles.hotel {
-    swarselprofiles.personal = true;
     swarselmodules = {
+      packages = lib.mkForce true;
+      ownpackages = lib.mkForce true;
+      general = lib.mkForce true;
+      nixgl = lib.mkForce true;
+      sops = lib.mkForce true;
       yubikey = lib.mkForce false;
-      ssh = lib.mkForce false;
+      ssh = lib.mkForce true;
+      stylix = lib.mkForce true;
+      desktop = lib.mkForce true;
+      symlink = lib.mkForce true;
       env = lib.mkForce false;
+      programs = lib.mkForce true;
+      nix-index = lib.mkForce true;
+      direnv = lib.mkForce true;
+      eza = lib.mkForce true;
       git = lib.mkForce false;
+      fuzzel = lib.mkForce true;
+      starship = lib.mkForce true;
+      kitty = lib.mkForce true;
+      zsh = lib.mkForce true;
+      zellij = lib.mkForce true;
+      tmux = lib.mkForce true;
       mail = lib.mkForce false;
-      emacs = lib.mkForce false;
+      emacs = lib.mkForce true;
-      obsidian = lib.mkForce false;
+      waybar = lib.mkForce true;
+      firefox = lib.mkForce true;
+      gnome-keyring = lib.mkForce true;
+      kdeconnect = lib.mkForce true;
+      mako = lib.mkForce true;
+      swayosd = lib.mkForce true;
+      yubikeytouch = lib.mkForce true;
+      sway = lib.mkForce true;
+      kanshi = lib.mkForce true;
+      gpgagent = lib.mkForce true;
       gammastep = lib.mkForce false;
     };
   };

profiles/home/personal/default.nix

@@ -7,8 +7,8 @@
       anki-tray = lib.mkDefault true;
       attic-store-push = lib.mkDefault true;
       atuin = lib.mkDefault true;
-      autotiling = lib.mkDefault false; # niri
+      autotiling = lib.mkDefault true;
-      batsignal = lib.mkDefault false; # niri
+      batsignal = lib.mkDefault true;
       blueman-applet = lib.mkDefault true;
       desktop = lib.mkDefault true;
       direnv = lib.mkDefault true;
@@ -20,18 +20,17 @@
       firefox = lib.mkDefault true;
       firezone-tray = lib.mkDefault true;
       fuzzel = lib.mkDefault true;
-      gammastep = lib.mkDefault false; # niri
+      gammastep = lib.mkDefault true;
       general = lib.mkDefault true;
       git = lib.mkDefault true;
       gnome-keyring = lib.mkDefault true;
       gpgagent = lib.mkDefault true;
       hexchat = lib.mkDefault true;
-      kanshi = lib.mkDefault false; # niri
+      kanshi = lib.mkDefault true;
       kdeconnect = lib.mkDefault true;
       kitty = lib.mkDefault true;
-      khal = lib.mkDefault true;
       mail = lib.mkDefault true;
-      mako = lib.mkDefault false; # niri
+      mako = lib.mkDefault true;
       nix-index = lib.mkDefault true;
       nixgl = lib.mkDefault true;
       nix-your-shell = lib.mkDefault true;
@@ -50,9 +49,9 @@
       ssh = lib.mkDefault true;
       starship = lib.mkDefault true;
       stylix = lib.mkDefault true;
-      sway = lib.mkDefault false; # niri
+      sway = lib.mkDefault true;
       swayidle = lib.mkDefault true;
-      swaylock = lib.mkDefault false; # niri
+      swaylock = lib.mkDefault true;
       swayosd = lib.mkDefault true;
       symlink = lib.mkDefault true;
       tmux = lib.mkDefault true;

profiles/nixos/hotel/default.nix

@@ -2,9 +2,48 @@
 {
   options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host";
   config = lib.mkIf config.swarselprofiles.hotel {
-    swarselprofiles.personal = true;
     swarselmodules = {
-      yubikey = false;
+      packages = lib.mkForce true;
+      general = lib.mkForce true;
+      home-manager = lib.mkForce true;
+      xserver = lib.mkForce true;
+      users = lib.mkForce true;
+      sops = lib.mkForce true;
+      env = lib.mkForce true;
+      security = lib.mkForce true;
+      systemdTimeout = lib.mkForce true;
+      hardware = lib.mkForce true;
+      pulseaudio = lib.mkForce true;
+      pipewire = lib.mkForce true;
+      network = lib.mkForce true;
+      time = lib.mkForce true;
+      stylix = lib.mkForce true;
+      programs = lib.mkForce true;
+      zsh = lib.mkForce true;
+      syncthing = lib.mkForce true;
+      blueman = lib.mkForce true;
+      networkDevices = lib.mkForce true;
+      gvfs = lib.mkForce true;
+      interceptionTools = lib.mkForce true;
+      swayosd = lib.mkForce true;
+      ppd = lib.mkForce true;
+      yubikey = lib.mkForce false;
+      ledger = lib.mkForce true;
+      keyboards = lib.mkForce true;
+      login = lib.mkForce true;
+      nix-ld = lib.mkForce true;
+      impermanence = lib.mkForce true;
+      nvd = lib.mkForce true;
+      gnome-keyring = lib.mkForce true;
+      sway = lib.mkForce true;
+      xdg-portal = lib.mkForce true;
+      distrobox = lib.mkForce true;
+      appimage = lib.mkForce true;
+      lid = lib.mkForce true;
+      lowBattery = lib.mkForce true;
+      lanzaboote = lib.mkForce true;
+      autologin = lib.mkForce true;
+      nftables = lib.mkDefault true;
     };
 
   };

profiles/nixos/personal/default.nix

@@ -41,8 +41,8 @@
       security = lib.mkDefault true;
       sops = lib.mkDefault true;
       stylix = lib.mkDefault true;
-      sway = lib.mkDefault false; # niri
+      sway = lib.mkDefault true;
-      swayosd = lib.mkDefault false; # niri
+      swayosd = lib.mkDefault true;
       syncthing = lib.mkDefault true;
       systemdTimeout = lib.mkDefault true;
       time = lib.mkDefault true;

secrets/repo/common.yaml

@@ -31,8 +31,6 @@ github-nixpkgs-review-token: ENC[AES256_GCM,data:/4ssZAEwEc9fZeR69GCvLMm4eRv4uab
 #ENC[AES256_GCM,data:PI5MX6PgK1y0lqyoYA0=,iv:25UAvFaANHFD04GRafGlCzOc5h+15YPtSES2z2tmpXw=,tag:+XLwQ01+AtGWjtsSQhQ1AQ==,type:comment]
 anki-user: ENC[AES256_GCM,data:WoGaNDAHFw==,iv:ZSjHfKMIjlgOuvGl7hVxJc1fE80nfxxXYLgsKangBCs=,tag:UP8ZI7gzOrJJjNDHovIkyg==,type:str]
 anki-pw: ENC[AES256_GCM,data:z2SCsSvZIqN2/2VK1EdmcAnl42x5A15PAiK932k3n50Vj1jczGRoSw==,iv:keQCutY4vizVzu5YzPBJLgDLveYDb2VGeEnYmO7CeQw=,tag:KGplFfC5xktNAOTbIlt+Tg==,type:str]
-#ENC[AES256_GCM,data:mjwlHRe0Rx9p83eK/LGR,iv:KclQ4xwJMH5HJ9AcmglOCvFIBP6WyEJLyencUdDpzt0=,tag:nRhwhIRPUNmhSZM7ZzUfFA==,type:comment]
-radicale-token: ENC[AES256_GCM,data:WEL8Z3gOs/7MAQQ=,iv:osgMVisr/03I+IHI+3jLIn8p5dnZwyja3lQUi+wcH5g=,tag:F1yzI0rZS4sON6T9TuuG9A==,type:str]
 #ENC[AES256_GCM,data:veUC1sj6BSqHBA==,iv:L36lv9aQ38/WEaIccQDgOw2PB9U9k/t8x00wIw2Y858=,tag:3s2LBCwGzYpUk8WBj70UGQ==,type:comment]
 attic-cache-key: ENC[AES256_GCM,data:2Xw8YX6wiQg2yb2pbZ/UowmzUdhtb2iRTVZZD2ypGaiwhI3mteG3qUgQm1oCz0bp+5jip6+kVzt576qVbUGim/m+dUZYU6mqm64/78bfuTvd/UBlJnmjNtWE2ILjnP+M4EodzbYlBlxwGhFS28wrVOHo77rzbcrPJEwZiqIzSgGIWKdNzzo5AXL2b1lKAngXO6Bi5Jc9W4lkTVFJ/Ixh6aOoHpq9TzsHHx2Aak22969pnxmFFpXKof4eiNGnoGBZDAr8pC7oSwVqDYbZwxH1ulRq863KVQkve+HBR2JJLAQjYHHUJJGhJG9jWYT03WjBNHwIDMTTvC9Fiw9Cr0TG0B8Bxwm3dhgLirjUyLOiST2CbDxxld1M8DJFkBwrih6hMJXmJw8Dlqy/D+3EZXT947BI8ythYjuL3jIHHQhUjfEf+sLdqPSngHolAAKqKE84Xv2FDn2wXGwe8UY3NMmIeaWYZsyDu77KnQR2R+6TuJTOw6vOdDoUJ55YRPdb9UR186b+TiSrP0SZOujoSYGs9dattEvN3XKlm3cQztB9UygmdEk/stDZ/CJIRUNXsu46o1nR5FWPkgoW91Fzxs00QgQMpYlnXM2CWknYMSHL45t0BYA7yuFwq9MYNUK/vrdCr3mtHxA6R28HajDUWoZA6uS+DF/i1nF79sYfam7SdKNCqu2r/1CGLblHQwKT27HmrTCXdjeLqe+Yv7sJzlEbV+sKD+ccW8jI4NZRjCbVJVKydK23YWj94NEt/M2rtxzV30XKw8GClqsdEF+v4nu48oB894RPZCy9qQjaFHnqYpiqSa0oXluiQQmRfA0jtQLRTXN5ri7U/GtfH1za179MFWwMorRMK6qdTt3pi8Fie4UgzGyGq6CugN8HxeMNl70pPVIKjGNO8Npezk6T3YDUpB3/OGY56jhSYxIEadBvW9CqDS7al7zEKgD1wx1gzT2mQh60H2B/InWg9p96qOqVEQxOFDklxlcnygLu3z7Y0mAds/HXOJJnJbagjfxVi+qROOtVrR5y/kySR0pM9Syk8GvqdtRct7qorONAV/yonarEgz+eEFj10kderSsPdz1sgiYe93VLmPp07cdVsUsaDtLW8gXafc3aWOZ8JIkSUhYDbR49pf2bTeoMDoyi9d6pgLr+cJGQbJC/1LmsAIqOQ7WPiTeAZG2lStNf3bwClpUuL0t78UabZyNzJJN5TFDZqGkwXlaJmQ==,iv:6sa44WnyrXW3KQHdGIKuiGWwqp3qtQu4Q9RSXA45PYs=,tag:MbtS4Xx5K8O3mFAlriuuIA==,type:str]
 #ENC[AES256_GCM,data:KCqwghIJ8tlGFxMt94svo6285cA1YRbYoeivx6A=,iv:qlZCGrCn5fU1xPQF9wfOMarU6Z7oa3mLtd1LzVzMbuI=,tag:Qq5lBtUsd3lQMx6ffk+kzQ==,type:comment]
@@ -355,8 +353,8 @@ sops:
             OVRuazF6YzBRckJQdVlJZWZrbThyZGsKxMDtLfQDPiHN934xE98if3cFHLwFpNdm
             /RGFLObFn2saTI86D83xmmjgjeosxPX47JvGHyzCHSVeA8Hd+Qp93A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-02-26T10:38:07Z"
+    lastmodified: "2025-12-23T01:11:36Z"
-    mac: ENC[AES256_GCM,data:pxaR0X3f5oiCwnrr8jjs8mQDWbjuUkNpFoyQxaC61rRnoLvbkEzxSxmI0zDv2VEcua4Eqfoj7Q4H+qcsR5tM3SjPc0KuYE5eFW4RDv+FIr+XA9om3B4uMy+bIleSvSXroBD+1bLhzJsacudjBpVA6r+INrZKvtjO+L16nNylTSc=,iv:CgOc3ht5zwZGEoxJF6d9ZMwiiNQ2fcnLVFxUxJs6pHY=,tag:4JZgLJlyTbqacIHryciPFg==,type:str]
+    mac: ENC[AES256_GCM,data:e0WoFBQSR5q3GOQ+GMJGBd4lNBAMqlnVjtUq3snxrdvcytb9YvKnoYQH+GjbdGIiqrND8pOVnZt34AjkR8YfpWe+VrkP3Vj/3l+1GjF1XIHbzBNKOQHdYPSVsH2NZwftcAdphbStf3GTlb+b+cpTn4a9Y4pTNGVoOaOA1tBr8bM=,iv:sPXktitTNMkBhHr6E/QRZCVKrgyED9/o9hiivbObACI=,tag:tTNr4UEf92UrtI0Jvi5o3g==,type:str]
     pgp:
         - created_at: "2026-01-12T22:05:05Z"
           enc: |-
@@ -390,4 +388,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 4BE7925262289B476DBBC17B76FD3810215AE097
     unencrypted_suffix: _unencrypted
-    version: 3.12.0
+    version: 3.11.0