diff --git a/.git-crypt/.gitattributes b/.git-crypt/.gitattributes
new file mode 100644
index 0000000..665b10e
--- /dev/null
+++ b/.git-crypt/.gitattributes
@@ -0,0 +1,4 @@
+# Do not edit this file.  To specify the files to encrypt, create your own
+# .gitattributes file in the directory where your files are.
+* !filter !diff
+*.gpg binary
diff --git a/.git-crypt/keys/default/0/059F098EBF0E9A13E10A46BF6500251E087653C9.gpg b/.git-crypt/keys/default/0/059F098EBF0E9A13E10A46BF6500251E087653C9.gpg
new file mode 100644
index 0000000..8164576
Binary files /dev/null and b/.git-crypt/keys/default/0/059F098EBF0E9A13E10A46BF6500251E087653C9.gpg differ
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..7e0e7cf
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+secrets.gcrypt/** filter=git-crypt diff=git-crypt
diff --git a/.github/screenshots/desktop.png b/.github/screenshots/desktop.png
new file mode 100644
index 0000000..a37242f
Binary files /dev/null and b/.github/screenshots/desktop.png differ
diff --git a/.github/screenshots/neovim.png b/.github/screenshots/neovim.png
new file mode 100644
index 0000000..030fff1
Binary files /dev/null and b/.github/screenshots/neovim.png differ
diff --git a/.github/workflows/autoupdate.yml b/.github/workflows/autoupdate.yml
new file mode 100644
index 0000000..6ab9707
--- /dev/null
+++ b/.github/workflows/autoupdate.yml
@@ -0,0 +1,50 @@
+name: Auto update
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  update:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PAT_TOKEN }}
+
+      - name: Check for updates
+        id: check
+        run: |
+          local=$(cat flake.lock | jq ".nodes.nixpkgs.locked.rev")
+          remote=$(curl "https://api.github.com/repos/NixOS/nixpkgs/branches/nixos-unstable/commits?per_page=1" | jq ".commit.sha")
+          if [[ $local == $remote ]]; then
+            echo "skip=1" >> "$GITHUB_OUTPUT"
+          else
+            echo "skip=0" >> "$GITHUB_OUTPUT"
+            branch=$(TZ='Australia/Melbourne' date '+staging_auto/%Y%m%d')
+            echo "branch_name=${branch}" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Install nix
+        if: steps.check.outputs.skip == 0
+        uses: cachix/install-nix-action@v31
+
+      - name: Configure git
+        if: steps.check.outputs.skip == 0
+        run: |
+          git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --local user.name "github-actions[bot]"
+
+      - name: Update
+        if: steps.check.outputs.skip == 0
+        run: ./update.sh
+
+      - name: Push
+        if: steps.check.outputs.skip == 0
+        uses: ad-m/github-push-action@master
+        with:
+          github_token: ${{ secrets.PAT_TOKEN }}
+          branch: ${{ steps.check.outputs.branch_name }}
diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml
index 602af55..06bed3e 100644
--- a/.github/workflows/cachix.yml
+++ b/.github/workflows/cachix.yml
@@ -1,35 +1,28 @@
-name: Cachix build
+name: CI
 
 on:
   push:
   workflow_dispatch:
 
 jobs:
-  linux:
-    name: Build Linux
+  build:
+    name: Build linux-lava for x86_64-linux
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.4
-      - uses: cachix/install-nix-action@v13
+      # credits to https://github.com/easimon/maximize-build-space/issues/45
+      - name: Remove unneeded packages to maximise build space
+        shell: bash
+        run: |
+            df -h
+            sudo rm -rf /usr/share/dotnet
+            sudo rm -rf /usr/local/lib/android
+            df -h
+      - uses: actions/checkout@v4
         with:
-          install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-3.0pre20201007_5257a25/install
-          extra_nix_config: experimental-features = nix-command flakes
-      - uses: cachix/cachix-action@v10
+          fetch-depth: 0
+      - uses: cachix/install-nix-action@v31
+      - uses: cachix/cachix-action@v16
         with:
           name: lava
           authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
       - run: nix build -L .#linux-lava
-  wine:
-    name: Build Wine
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2.3.4
-      - uses: cachix/install-nix-action@v13
-        with:
-          install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-3.0pre20201007_5257a25/install
-          extra_nix_config: experimental-features = nix-command flakes
-      - uses: cachix/cachix-action@v10
-        with:
-          name: lava
-          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
-      - run: nix build -L .#wine-osu
diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml
new file mode 100644
index 0000000..4990cc7
--- /dev/null
+++ b/.github/workflows/image.yml
@@ -0,0 +1,31 @@
+name: Build images
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    name: Build caramel-img
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - uses: dbhi/qus/action@main
+        with:
+          targets: arm aarch64
+      - uses: cachix/install-nix-action@v17
+        with:
+          install_url: https://github.com/numtide/nix-unstable-installer/releases/download/nix-2.12.0pre20220930_89ca75c/install
+          extra_nix_config: |
+            extra-platforms = aarch64-linux arm-linux
+            experimental-features = nix-command flakes
+      - uses: cachix/cachix-action@v10
+        with:
+          name: lava
+          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+      - run: nix build -L .#packages.aarch64-linux.caramel-img
+      - uses: actions/upload-artifact@v3
+        with:
+          name: caramel-sd-image
+          path: result/sd-image/*
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b2be92b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+result
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..daec2a6
--- /dev/null
+++ b/README.md
@@ -0,0 +1,31 @@
+# flakes
+My NixOS config!
+
+![Desktop](.github/screenshots/desktop.png?raw=true)
+![Neovim](.github/screenshots/neovim.png?raw=true)
+
+## Usage
+I recommend more that you only simply look at the modules as inspiration for your own config. Some of them
+may or may not work on your machine if copied directly (but theoretically they should).
+
+But if you insist, just copy-paste one of the hosts in `hosts/`, one of the users in `users/`, and modify them
+to your liking. Open up `flake.nix`, add your new host config at the bottom, and then build it!
+
+## Hosts
+| Name      | Description |
+| -------   | ----------- |
+| hyacinth  | Main Desktop PC |
+| anemone   | Main Laptop |
+| caramel   | Raspberry Pi 400, stateless |
+| dandelion | ARM OCI VPS, stateless |
+
+## Users
+| Name | Description |
+| ---- | ----------- |
+| rin  | Main user for general usage |
+| hana | Lightweight user intended for inspecting stateless hosts |
+
+## License
+Licensed under CC0
+
+Credit is appreciated but not necessary
diff --git a/containers/amethyst/configuration.nix b/containers/amethyst/configuration.nix
new file mode 100644
index 0000000..b9d496d
--- /dev/null
+++ b/containers/amethyst/configuration.nix
@@ -0,0 +1,47 @@
+{ lib, pkgs, ... }: {
+  system.stateVersion = "23.11";
+  systemd.tmpfiles.rules = [
+    "d /persist/transmission 755 transmission transmission"
+    "d /persist/transmission/.config/transmission-daemon 750 transmission transmission"
+    "d /persist/transmission/.incomplete 750 transmission transmission"
+    "d /persist/transmission/Downloads 755 transmission transmission"
+    "d /persist/transmission/watchdir 755 transmission transmission"
+  ];
+  networking.wg-quick.interfaces.wg0 = {
+    configFile = "/persist/vpn.conf";
+    preUp = ''
+          # Try to access the DNS for up to 300s
+          for i in {1..60}; do
+            ${pkgs.iputils}/bin/ping -c1 'google.com' && break
+            echo "Attempt $i: DNS still not available"
+            sleep 5s
+          done
+    '';
+  };
+
+  # https://github.com/NixOS/nixpkgs/issues/258793
+  systemd.services.transmission.serviceConfig = {
+    BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ];
+    RootDirectoryStartOnly = lib.mkForce false;
+    RootDirectory = lib.mkForce "";
+    PrivateMounts = lib.mkForce false;
+    PrivateUsers = lib.mkForce false;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 9091 ];
+  services.transmission = {
+    enable = true;
+    package = pkgs.transmission_4;
+    downloadDirPermissions = "775";
+    openFirewall = true;
+    home = "/persist/transmission";
+    settings = {
+      ratio-limit-enabled = true;
+      rpc-bind-address = "0.0.0.0";
+      rpc-enabled = true;
+      rpc-port = 9091;
+      rpc-host-whitelist-enabled = false;
+      rpc-whitelist-enabled = false;
+    };
+  };
+}
diff --git a/containers/amethyst/flake.lock b/containers/amethyst/flake.lock
new file mode 100644
index 0000000..88ab73f
--- /dev/null
+++ b/containers/amethyst/flake.lock
@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1773282481,
+        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix
new file mode 100644
index 0000000..739c3e5
--- /dev/null
+++ b/containers/amethyst/flake.nix
@@ -0,0 +1,51 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  };
+  outputs = { nixpkgs, ... }: {
+    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
+      modules = [ ./configuration.nix ];
+    };
+    nixosModule = { ... }:
+    let
+      name = "amethyst";
+      fqdn = "amethyst.lava.moe";
+      subnet = "1";
+    in {
+      networking.nat = {
+        enable = true;
+        enableIPv6 = true;
+        internalInterfaces = [ "ve-${name}" ];
+      };
+
+      services.nginx.virtualHosts."${fqdn}" = {
+        useACMEHost = "lava.moe";
+        forceSSL = true;
+        #locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091";
+        locations."/".proxyPass = "http://10.30.${subnet}.2:9091";
+        listenAddresses = [ "10.0.0.1" "[fd0d::1]" ];
+      };
+
+      systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
+      containers.${name} = {
+        autoStart = true;
+        privateNetwork = true;
+        hostAddress = "10.30.${subnet}.1";
+        localAddress = "10.30.${subnet}.2";
+        hostAddress6 = "fd0d:1::${subnet}:1";
+        localAddress6 = "fd0d:1::${subnet}:2";
+        # privateUsers = "pick";
+        nixpkgs = nixpkgs;
+        ephemeral = true;
+        config = { imports = [ ./configuration.nix ]; };
+
+        bindMounts."persist" = {
+          hostPath = "/persist/containers/${name}";
+          mountPoint = "/persist";
+          isReadOnly = false;
+        };
+        # flake = "path:" + ./.;
+      };
+    };
+  };
+}
diff --git a/containers/beryllium/configuration.nix b/containers/beryllium/configuration.nix
new file mode 100644
index 0000000..6629a31
--- /dev/null
+++ b/containers/beryllium/configuration.nix
@@ -0,0 +1,23 @@
+{ ... }: {
+  system.stateVersion = "25.11";
+  fileSystems."/var/lib/private" = {
+    device = "/persist";
+    fsType = "none";
+    options = [ "bind" ];
+  };
+  networking.firewall.allowedTCPPorts = [ 6167 ];
+  networking.firewall.allowedUDPPorts = [ 6167 ];
+  # TODO: this should be generically set
+  networking.useHostResolvConf = false;
+  networking.nameservers = [ "8.8.8.8" ];
+
+  services.matrix-continuwuity = {
+    enable = true;
+    settings.global = {
+      # TODO: link this with outer container's address
+      address = [ "10.30.2.2" ];
+      server_name = "lava.moe";
+      rocksdb_recovery_mode = 2;
+    };
+  };
+}
diff --git a/containers/beryllium/flake.lock b/containers/beryllium/flake.lock
new file mode 100644
index 0000000..88ab73f
--- /dev/null
+++ b/containers/beryllium/flake.lock
@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1773282481,
+        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix
new file mode 100644
index 0000000..5805401
--- /dev/null
+++ b/containers/beryllium/flake.nix
@@ -0,0 +1,69 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  };
+  outputs = { nixpkgs, ... }: {
+    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
+      modules = [ ./configuration.nix ];
+    };
+    nixosModule = { ... }:
+    let
+      name = "beryllium";
+      fqdn = "beryllium.lava.moe";
+      subnet = "2";
+    in {
+      networking.nat = {
+        enable = true;
+        enableIPv6 = true;
+        internalInterfaces = [ "ve-${name}" ];
+      };
+
+      services.nginx.virtualHosts."${fqdn}" = {
+        useACMEHost = "lava.moe";
+        forceSSL = true;
+        locations."/".extraConfig = "return 302 'https://lava.moe';";
+        locations."/_matrix".proxyPass = "http://10.30.${subnet}.2:6167";
+        locations."/_conduwuit".proxyPass = "http://10.30.${subnet}.2:6167";
+        locations."/_continuwuity".proxyPass = "http://10.30.${subnet}.2:6167";
+      };
+
+      services.nginx.virtualHosts."lava.moe" = {
+        locations."= /.well-known/matrix/server".extraConfig =
+          let
+            server = { "m.server" = "${fqdn}:443"; };
+          in ''
+            add_header Content-Type application/json;
+            return 200 '${builtins.toJSON server}';
+          '';
+        locations."= /.well-known/matrix/client".extraConfig =
+          let
+            client = {
+              "m.homeserver" = { "base_url" = "https://${fqdn}"; };
+              # "m.identity_server" = { "base_url" = "https://vector.im"; };
+            };
+          in ''
+            add_header Content-Type application/json;
+            add_header Access-Control-Allow-Origin *;
+            return 200 '${builtins.toJSON client}';
+          '';
+      };
+
+      systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
+      containers.${name} = {
+        autoStart = true;
+        privateNetwork = true;
+        hostAddress = "10.30.${subnet}.1";
+        localAddress = "10.30.${subnet}.2";
+        nixpkgs = nixpkgs;
+        ephemeral = true;
+        config = { imports = [ ./configuration.nix ]; };
+
+        bindMounts."persist" = {
+          hostPath = "/persist/containers/${name}";
+          mountPoint = "/persist";
+          isReadOnly = false;
+        };
+      };
+    };
+  };
+}
diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix
new file mode 100644
index 0000000..0f4242a
--- /dev/null
+++ b/containers/citrine/configuration.nix
@@ -0,0 +1,53 @@
+{ config, fqdn, lib, ... }: {
+  system.stateVersion = "25.11";
+  networking.firewall.allowedTCPPorts = [ 22 3000 ];
+  networking.firewall.allowedUDPPorts = [ 22 3000 ];
+
+  systemd.tmpfiles.rules = [
+    "L+ /persist/forgejo/custom/templates - - - - ${./templates}"
+  ];
+
+  services.forgejo = {
+    enable = true;
+    lfs.enable = true;
+    settings = {
+      DEFAULT.APP_NAME = "cilly's botanical laboratory";
+      server = {
+        DOMAIN = fqdn;
+        ROOT_URL = "https://${fqdn}/";
+        HTTP_PORT = 3000;
+        START_SSH_SERVER = true;
+        BUILTIN_SSH_SERVER_USER = "git";
+        SSH_DOMAIN = "git.lava.moe";
+        SSH_SERVER_KEY_EXCHANGES = "mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256";
+      };
+      ui = lib.mkForce {
+        DEFAULT_THEME = "catppuccin-maroon-auto";
+        THEMES = lib.strings.concatMapStringsSep "," (x: "${x}-auto") [
+          "catppuccin-pink"
+          "catppuccin-maroon"
+          "catppuccin-flamingo"
+          "catppuccin-rosewater"
+          "forgejo"
+          "gitea"
+        ];
+      };
+      api.ENABLE_SWAGGER = false;
+      other.SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
+      repository.ENABLE_PUSH_CREATE_USER = true;
+      repository.ENABLE_PUSH_CREATE_ORG = true;
+      service.DISABLE_REGISTRATION = true;
+    };
+    stateDir = "/persist/forgejo";
+  };
+
+  systemd.services.forgejo.serviceConfig = {
+    AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
+    CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
+    PrivateUsers = lib.mkForce false;
+  };
+
+  catppuccin.forgejo.enable = true;
+
+  environment.systemPackages = [ config.services.forgejo.package ];
+}
diff --git a/containers/citrine/flake.lock b/containers/citrine/flake.lock
new file mode 100644
index 0000000..d627614
--- /dev/null
+++ b/containers/citrine/flake.lock
@@ -0,0 +1,62 @@
+{
+  "nodes": {
+    "catppuccin": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1773403535,
+        "narHash": "sha256-47MZaFrHxNO8tVUAmtVnerXUw2WWVluBOiU9MulN/yM=",
+        "owner": "catppuccin",
+        "repo": "nix",
+        "rev": "d45b5665cc638bad1b794350de02f4dd41b0bb47",
+        "type": "github"
+      },
+      "original": {
+        "owner": "catppuccin",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1773122722,
+        "narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1773282481,
+        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "catppuccin": "catppuccin",
+        "nixpkgs": "nixpkgs_2"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix
new file mode 100644
index 0000000..c2a81b7
--- /dev/null
+++ b/containers/citrine/flake.nix
@@ -0,0 +1,68 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    catppuccin.url = "github:catppuccin/nix";
+  };
+  outputs = { nixpkgs, catppuccin, ... }:
+  let
+    name = "citrine";
+    fqdn = "lab.lava.moe";
+    subnetId = "3";
+
+    subnet = x: "fd0d:1::${subnetId}:${toString x}";
+    host = subnet 1;
+    client = subnet 2;
+
+    subnet4 = x: "10.30.${subnetId}.${toString x}";
+    host4 = subnet4 1;
+    client4 = subnet4 2;
+
+    modules = [
+      ./configuration.nix
+      catppuccin.nixosModules.catppuccin
+      {
+        networking.useHostResolvConf = false;
+        networking.nameservers = [ host ];
+      }
+    ];
+  in {
+    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
+      inherit modules;
+    };
+    nixosModule = { ... }: {
+      networking.nat = {
+        enable = true;
+        enableIPv6 = true;
+        internalInterfaces = [ "ve-${name}" ];
+      };
+
+      services.nginx.virtualHosts."${fqdn}" = {
+        useACMEHost = "lava.moe";
+        forceSSL = true;
+        locations."/".proxyPass = "http://[${client}]:3000";
+      };
+
+      systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
+      containers.${name} = {
+        autoStart = true;
+        privateNetwork = true;
+        hostAddress = host4;
+        localAddress = client4;
+        hostAddress6 = host;
+        localAddress6 = client;
+        # privateUsers = "pick";
+        nixpkgs = nixpkgs;
+        ephemeral = true;
+        config = { imports = modules; };
+        specialArgs = { inherit fqdn; };
+
+        bindMounts."persist" = {
+          hostPath = "/persist/containers/${name}";
+          mountPoint = "/persist";
+          isReadOnly = false;
+        };
+        # flake = "path:" + ./.;
+      };
+    };
+  };
+}
diff --git a/containers/citrine/templates/base/footer_content.tmpl b/containers/citrine/templates/base/footer_content.tmpl
new file mode 100644
index 0000000..a9238c3
--- /dev/null
+++ b/containers/citrine/templates/base/footer_content.tmpl
@@ -0,0 +1,31 @@
+<footer class="page-footer" role="group" aria-label="{{ctx.Locale.Tr "aria.footer"}}">
+    <div class="left-links" role="contentinfo" aria-label="{{ctx.Locale.Tr "aria.footer.software"}}">
+        {{if ShowFooterPoweredBy}}
+            <a target="_blank" rel="noopener noreferrer" href="https://forgejo.org">Forgejo</a>
+        {{end}}
+        {{if (or .ShowFooterVersion .PageIsAdmin)}}
+            {{if .IsAdmin}}
+                <a href="{{AppSubUrl}}/admin/config">{{AppVerNoMetadata}}</a>
+            {{else}}
+                {{AppVerNoMetadata}}
+            {{end}}
+        {{end}}
+        {{if and .TemplateLoadTimes ShowFooterTemplateLoadTime}}
+            {{ctx.Locale.Tr "page"}}: <strong>{{LoadTimes .PageStartTime}}</strong>
+            {{ctx.Locale.Tr "template"}}{{if .TemplateName}} {{.TemplateName}}{{end}}: <strong>{{call .TemplateLoadTimes}}</strong>
+        {{end}}
+    </div>
+    <div class="right-links" role="group" aria-label="{{ctx.Locale.Tr "aria.footer.links"}}">
+        <div class="ui dropdown upward language">
+            <span class="flex-text-inline">{{svg "octicon-globe" 14}} {{ctx.Locale.LangName}}</span>
+            <div class="menu language-menu">
+                {{range .AllLangs}}
+                    <a lang="{{.Lang}}" data-url="{{AppSubUrl}}/?lang={{.Lang}}" class="item {{if eq ctx.Locale.Lang .Lang}}active selected{{end}}">{{.Name}}</a>
+                {{end}}
+            </div>
+        </div>
+        <a href="{{AssetUrlPrefix}}/licenses.txt">{{ctx.Locale.Tr "licenses"}}</a>
+        {{if .EnableSwagger}}<a href="{{AppSubUrl}}/api/swagger">API</a>{{end}}
+        {{template "custom/extra_links_footer" .}}
+    </div>
+</footer>
diff --git a/containers/citrine/templates/home.tmpl b/containers/citrine/templates/home.tmpl
new file mode 100644
index 0000000..d460caf
--- /dev/null
+++ b/containers/citrine/templates/home.tmpl
@@ -0,0 +1,19 @@
+{{template "base/head" .}}
+{{if not .IsSigned}}
+    <script>window.location.href = "/explore/repos";</script>
+{{end}}
+<div role="main" aria-label="{{if .IsSigned}}{{ctx.Locale.Tr "dashboard"}}{{else}}{{ctx.Locale.Tr "home"}}{{end}}" class="page-content home">
+    <div class="tw-mb-8 tw-px-8">
+        <div class="center">
+            <img class="logo" width="220" height="220" src="{{AssetUrlPrefix}}/img/logo.svg" alt="{{ctx.Locale.Tr "logo"}}">
+            <div class="hero">
+                <h1 class="ui icon header title">
+                    {{AppDisplayName}}
+                </h1>
+                <h2>{{ctx.Locale.Tr "startpage.app_desc"}}</h2>
+            </div>
+        </div>
+    </div>
+    {{template "home_forgejo" .}}
+</div>
+{{template "base/footer" .}}
diff --git a/containers/diamond/configuration.nix b/containers/diamond/configuration.nix
new file mode 100644
index 0000000..01b4311
--- /dev/null
+++ b/containers/diamond/configuration.nix
@@ -0,0 +1,22 @@
+{ fqdn, ... }: {
+  system.stateVersion = "25.11";
+  systemd.tmpfiles.rules = [
+    "d /persist/vaultwarden 755 vaultwarden vaultwarden"
+  ];
+  fileSystems."/var/lib/vaultwarden" = {
+    device = "/persist/vaultwarden";
+    fsType = "none";
+    options = [ "bind" ];
+  };
+  networking.firewall.allowedTCPPorts = [ 8000 ];
+  networking.firewall.allowedUDPPorts = [ 8000 ];
+
+  services.vaultwarden = {
+    enable = true;
+    domain = fqdn;
+    config = {
+      DOMAIN = "https://${fqdn}";
+      ROCKET_ADDRESS = "::";
+    };
+  };
+}
diff --git a/containers/diamond/flake.lock b/containers/diamond/flake.lock
new file mode 100644
index 0000000..88ab73f
--- /dev/null
+++ b/containers/diamond/flake.lock
@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1773282481,
+        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/containers/diamond/flake.nix b/containers/diamond/flake.nix
new file mode 100644
index 0000000..71ab4fd
--- /dev/null
+++ b/containers/diamond/flake.nix
@@ -0,0 +1,51 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  };
+  outputs = { nixpkgs, ... }:
+  let
+    name = "diamond";
+    fqdn = "astransia.lava.moe";
+    subnetId = "4";
+
+    subnet = x: "fd0d:1::${subnetId}:${toString x}";
+    host = subnet 1;
+    client = subnet 2;
+
+    modules = [
+      ./configuration.nix
+    ];
+  in {
+    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
+      inherit modules;
+    };
+    nixosModule = { ... }: {
+      services.nginx.virtualHosts."${fqdn}" = {
+        useACMEHost = "lava.moe";
+        forceSSL = true;
+        locations."/".proxyPass = "http://[${client}]:8000";
+        listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ];
+      };
+
+      systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
+      containers.${name} = {
+        autoStart = true;
+        privateNetwork = true;
+        hostAddress6 = host;
+        localAddress6 = client;
+        # privateUsers = "pick";
+        nixpkgs = nixpkgs;
+        ephemeral = true;
+        config = { imports = modules; };
+        specialArgs = { inherit fqdn; };
+
+        bindMounts."persist" = {
+          hostPath = "/persist/containers/${name}";
+          mountPoint = "/persist";
+          isReadOnly = false;
+        };
+        # flake = "path:" + ./.;
+      };
+    };
+  };
+}
diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix
new file mode 100644
index 0000000..421ddb0
--- /dev/null
+++ b/containers/emerald/configuration.nix
@@ -0,0 +1,23 @@
+{ fqdn, shareFqdn, ... }: {
+  system.stateVersion = "25.11";
+  systemd.tmpfiles.rules = [
+    "d /persist/navidrome 755 navidrome navidrome"
+  ];
+  networking.firewall.allowedTCPPorts = [ 4533 ];
+  networking.firewall.allowedUDPPorts = [ 4533 ];
+
+  services.navidrome = {
+    enable = true;
+    environmentFile = "/binds/navidrome_env";
+    settings = {
+      Port = 4533;
+      Address = "[::]";
+      BaseUrl = "https://${fqdn}/";
+      ShareURL = "https://${shareFqdn}";
+      EnableSharing = true;
+      DataFolder = "/persist/navidrome";
+      MusicFolder = "/binds/music/main";
+    };
+  };
+  systemd.services.navidrome.serviceConfig.BindReadOnlyPaths = ["/binds/music"];
+}
diff --git a/containers/emerald/flake.lock b/containers/emerald/flake.lock
new file mode 100644
index 0000000..88ab73f
--- /dev/null
+++ b/containers/emerald/flake.lock
@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1773282481,
+        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix
new file mode 100644
index 0000000..5ee69e4
--- /dev/null
+++ b/containers/emerald/flake.nix
@@ -0,0 +1,78 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  };
+  outputs = { nixpkgs, ... }:
+  let
+    name = "emerald";
+    fqdn = "navia.lava.moe";
+    shareFqdn = "muse.lava.moe";
+    subnetId = "5";
+
+    subnet = x: "fd0d:2::${subnetId}:${toString x}";
+    host = subnet 1;
+    client = subnet 2;
+
+    subnet4 = x: "10.32.${subnetId}.${toString x}";
+    host4 = subnet4 1;
+    client4 = subnet4 2;
+
+    modules = [
+      ./configuration.nix
+      {
+        networking.useHostResolvConf = false;
+        networking.nameservers = [ host ];
+      }
+    ];
+  in {
+    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
+      inherit modules;
+    };
+    nixosModule = { config, ... }: {
+      networking.nat = {
+        enable = true;
+        enableIPv6 = true;
+        internalInterfaces = [ "ve-${name}" ];
+      };
+
+      services.nginx.virtualHosts."${fqdn}" = {
+        useACMEHost = "lava.moe";
+        forceSSL = true;
+        locations."/".proxyPass = "http://[${client}]:4533";
+        listenAddresses = [ "100.67.2.1" ];
+      };
+
+      systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
+      containers.${name} = {
+        autoStart = true;
+        privateNetwork = true;
+        hostAddress = host4;
+        localAddress = client4;
+        hostAddress6 = host;
+        localAddress6 = client;
+        # privateUsers = "pick";
+        nixpkgs = nixpkgs;
+        ephemeral = true;
+        config = { imports = modules; };
+        specialArgs = { inherit fqdn shareFqdn; };
+
+        bindMounts."persist" = {
+          hostPath = "/persist/containers/${name}";
+          mountPoint = "/persist";
+          isReadOnly = false;
+        };
+        bindMounts."music" = {
+          hostPath = "/flower/media/music";
+          mountPoint = "/binds/music";
+          isReadOnly = true;
+        };
+        bindMounts."navidrome_env" = {
+          hostPath = config.age.secrets.navidrome_env.path;
+          mountPoint = "/binds/navidrome_env";
+          isReadOnly = true;
+        };
+        # flake = "path:" + ./.;
+      };
+    };
+  };
+}
diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix
new file mode 100644
index 0000000..9fcb5f5
--- /dev/null
+++ b/containers/fluorite/configuration.nix
@@ -0,0 +1,22 @@
+{ ... }: {
+  system.stateVersion = "25.11";
+  systemd.tmpfiles.rules = [
+    "d /persist/slskd/Downloads 755 slskd slskd"
+  ];
+  fileSystems."/var/lib/slskd" = {
+    device = "/persist/slskd";
+    fsType = "none";
+    options = [ "bind" ];
+  };
+  networking.firewall.allowedTCPPorts = [ 5030 50300 ];
+  networking.firewall.allowedUDPPorts = [ 5030 50300 ];
+
+  services.slskd = {
+    enable = true;
+    domain = null;
+    environmentFile = "/binds/slskd_env";
+    settings = {
+      shares.directories = [ "/binds/music/" ];
+    };
+  };
+}
diff --git a/containers/fluorite/flake.lock b/containers/fluorite/flake.lock
new file mode 100644
index 0000000..88ab73f
--- /dev/null
+++ b/containers/fluorite/flake.lock
@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1773282481,
+        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix
new file mode 100644
index 0000000..33fcdb1
--- /dev/null
+++ b/containers/fluorite/flake.nix
@@ -0,0 +1,89 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  };
+  outputs = { nixpkgs, ... }:
+  let
+    name = "fluorite";
+    fqdn = "fluorite.lava.moe";
+    subnetId = "6";
+
+    subnet = x: "fd0d:1::${subnetId}:${toString x}";
+    host = subnet 1;
+    client = subnet 2;
+
+    subnet4 = x: "10.30.${subnetId}.${toString x}";
+    host4 = subnet4 1;
+    client4 = subnet4 2;
+
+    modules = [
+      ./configuration.nix
+      {
+        networking.useHostResolvConf = false;
+        networking.nameservers = [ host ];
+      }
+    ];
+  in {
+    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
+      inherit modules;
+    };
+    nixosModule = { config, ... }: {
+      networking.nat = {
+        enable = true;
+        enableIPv6 = true;
+        internalInterfaces = [ "ve-${name}" ];
+      };
+      networking.firewall.allowedTCPPorts = [ 50300 ];
+
+      services.nginx.virtualHosts."${fqdn}" = {
+        useACMEHost = "lava.moe";
+        forceSSL = true;
+        locations."/".proxyPass = "http://[${client}]:5030";
+        listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ];
+      };
+
+      systemd.tmpfiles.rules = [
+        "d /persist/containers/${name} 755 root users"
+        "d /persist/media/music 075 nobody users"
+      ];
+      containers.${name} = {
+        autoStart = true;
+        privateNetwork = true;
+        hostAddress = host4;
+        localAddress = client4;
+        hostAddress6 = host;
+        localAddress6 = client;
+        # privateUsers = "pick";
+        nixpkgs = nixpkgs;
+        ephemeral = true;
+        config = { imports = modules; };
+        specialArgs = { inherit fqdn; };
+
+        forwardPorts = [
+          {
+            containerPort = 50300;
+            hostPort = 50300;
+            protocol = "tcp";
+          }
+        ];
+
+        bindMounts."persist" = {
+          hostPath = "/persist/containers/${name}";
+          mountPoint = "/persist";
+          isReadOnly = false;
+        };
+        bindMounts."music" = {
+          hostPath = "/persist/media/music";
+          mountPoint = "/binds/music";
+          isReadOnly = true;
+        };
+        bindMounts."slskd_env" = {
+          hostPath = config.age.secrets.slskd_env.path;
+          mountPoint = "/binds/slskd_env";
+          isReadOnly = true;
+        };
+        # flake = "path:" + ./.;
+      };
+    };
+  };
+}
diff --git a/containers/garnet/configuration.nix b/containers/garnet/configuration.nix
new file mode 100644
index 0000000..21400c5
--- /dev/null
+++ b/containers/garnet/configuration.nix
@@ -0,0 +1,36 @@
+{ ... }: {
+  system.stateVersion = "25.11";
+  fileSystems."/var/lib/opencloud" = {
+    device = "/flower/data";
+    fsType = "none";
+    options = [ "bind" ];
+  };
+  fileSystems."/etc/opencloud" = {
+    device = "/persist/cfg";
+    fsType = "none";
+    options = [ "bind" ];
+  };
+  # TODO: hardcoded address
+  networking.extraHosts = ''
+    100.67.2.1 cloud.lava.moe
+  '';
+
+  networking.firewall.allowedTCPPorts = [ 9200 ];
+  networking.firewall.allowedUDPPorts = [ 9200 ];
+
+  environment.etc."opencloud-admin-pass".text = ''
+    IDM_ADMIN_PASSWORD=supersillysecure
+  '';
+  services.opencloud = {
+    enable = true;
+    url = "https://cloud.lava.moe";
+    address = "10.30.7.2";
+    port = 9200;
+    environment = {
+      PROXY_TLS = "false";
+      IDP_ACCESS_TOKEN_EXPIRATION = "2592000";
+      IDP_ID_TOKEN_EXPIRATION = "2592000";
+    };
+    environmentFile = "/etc/opencloud-admin-pass";
+  };
+}
diff --git a/containers/garnet/flake.lock b/containers/garnet/flake.lock
new file mode 100644
index 0000000..4070242
--- /dev/null
+++ b/containers/garnet/flake.lock
@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1779560665,
+        "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix
new file mode 100644
index 0000000..df835a4
--- /dev/null
+++ b/containers/garnet/flake.nix
@@ -0,0 +1,84 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  };
+  outputs = { nixpkgs, ... }:
+  let
+    name = "garnet";
+    fqdn = "cloud.lava.moe";
+    subnetId = "7";
+
+    subnet = x: "fd0d:1::${subnetId}:${toString x}";
+    host = subnet 1;
+    client = subnet 2;
+
+    subnet4 = x: "10.30.${subnetId}.${toString x}";
+    host4 = subnet4 1;
+    client4 = subnet4 2;
+
+    modules = [
+      ./configuration.nix
+      {
+        networking.useHostResolvConf = false;
+        networking.nameservers = [ host ];
+      }
+    ];
+  in {
+    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
+      inherit modules;
+    };
+    nixosModule = { config, ... }: {
+      networking.nat = {
+        enable = true;
+        enableIPv6 = true;
+        internalInterfaces = [ "ve-${name}" ];
+      };
+
+      services.nginx.virtualHosts."${fqdn}" = {
+        useACMEHost = "lava.moe";
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://${client4}:9200";
+          proxyWebsockets = true;
+        };
+        extraConfig = ''
+          proxy_read_timeout 3600s;
+          proxy_send_timeout 3600s;
+          keepalive_requests 100000;
+          keepalive_timeout 5m;
+          http2_max_concurrent_streams 512;
+        '';
+        # TODO: hardcoded address
+        listenAddresses = [ "100.67.2.1" ];
+      };
+
+      systemd.tmpfiles.rules = [
+        "d /persist/containers/${name} 755 root users"
+      ];
+      containers.${name} = {
+        autoStart = true;
+        privateNetwork = true;
+        hostAddress = host4;
+        localAddress = client4;
+        hostAddress6 = host;
+        localAddress6 = client;
+        # privateUsers = "pick";
+        nixpkgs = nixpkgs;
+        ephemeral = true;
+        config = { imports = modules; };
+        specialArgs = { inherit fqdn; };
+
+        bindMounts."persist" = {
+          hostPath = "/persist/containers/${name}";
+          mountPoint = "/persist";
+          isReadOnly = false;
+        };
+        bindMounts."content" = {
+          hostPath = "/flower/opencloud";
+          mountPoint = "/flower";
+          isReadOnly = false;
+        };
+      };
+    };
+  };
+}
diff --git a/flake.lock b/flake.lock
index 887c732..2578a7e 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,60 +1,1233 @@
 {
   "nodes": {
+    "aagl": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nixpkgs": "nixpkgs",
+        "rust-overlay": "rust-overlay"
+      },
+      "locked": {
+        "lastModified": 1779903856,
+        "narHash": "sha256-uRShMtD6xW3ZKZbCQ6sDzKWEnbBXUg3IGfOARYogKhg=",
+        "owner": "ezKEa",
+        "repo": "aagl-gtk-on-nix",
+        "rev": "50671fc7f29d686f63ef34b603320d44ad7f2d29",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ezKEa",
+        "repo": "aagl-gtk-on-nix",
+        "type": "github"
+      }
+    },
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": "home-manager",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1770165109,
+        "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
+    "c-amethyst": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "path": "./containers/amethyst",
+        "type": "path"
+      },
+      "original": {
+        "path": "./containers/amethyst",
+        "type": "path"
+      },
+      "parent": []
+    },
+    "c-beryllium": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_3"
+      },
+      "locked": {
+        "path": "./containers/beryllium",
+        "type": "path"
+      },
+      "original": {
+        "path": "./containers/beryllium",
+        "type": "path"
+      },
+      "parent": []
+    },
+    "c-citrine": {
+      "inputs": {
+        "catppuccin": "catppuccin",
+        "nixpkgs": "nixpkgs_5"
+      },
+      "locked": {
+        "path": "./containers/citrine",
+        "type": "path"
+      },
+      "original": {
+        "path": "./containers/citrine",
+        "type": "path"
+      },
+      "parent": []
+    },
+    "c-diamond": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_6"
+      },
+      "locked": {
+        "path": "./containers/diamond",
+        "type": "path"
+      },
+      "original": {
+        "path": "./containers/diamond",
+        "type": "path"
+      },
+      "parent": []
+    },
+    "c-emerald": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_7"
+      },
+      "locked": {
+        "path": "./containers/emerald",
+        "type": "path"
+      },
+      "original": {
+        "path": "./containers/emerald",
+        "type": "path"
+      },
+      "parent": []
+    },
+    "c-fluorite": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_8"
+      },
+      "locked": {
+        "path": "./containers/fluorite",
+        "type": "path"
+      },
+      "original": {
+        "path": "./containers/fluorite",
+        "type": "path"
+      },
+      "parent": []
+    },
+    "c-garnet": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_9"
+      },
+      "locked": {
+        "path": "./containers/garnet",
+        "type": "path"
+      },
+      "original": {
+        "path": "./containers/garnet",
+        "type": "path"
+      },
+      "parent": []
+    },
+    "catppuccin": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_4"
+      },
+      "locked": {
+        "lastModified": 1773403535,
+        "narHash": "sha256-47MZaFrHxNO8tVUAmtVnerXUw2WWVluBOiU9MulN/yM=",
+        "owner": "catppuccin",
+        "repo": "nix",
+        "rev": "d45b5665cc638bad1b794350de02f4dd41b0bb47",
+        "type": "github"
+      },
+      "original": {
+        "owner": "catppuccin",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
+    "catppuccin-palette": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1774131488,
+        "narHash": "sha256-hsy+GhuM4MSjnwGq1YJSLBFIbVm67SSdPRgObP00mxw=",
+        "owner": "catppuccin",
+        "repo": "palette",
+        "rev": "07d02aa110ef9eb7e7427afca5c73ba9cf7f8ebd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "catppuccin",
+        "repo": "palette",
+        "type": "github"
+      }
+    },
+    "catppuccin-v1_1": {
+      "locked": {
+        "lastModified": 1734055249,
+        "narHash": "sha256-pCWJgwo77KD7EJpwynwKrWPZ//dwypHq2TfdzZWqK68=",
+        "rev": "7221d6ca17ac36ed20588e1c3a80177ac5843fa7",
+        "revCount": 326,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/catppuccin/nix/1.1.1/0193bdc0-b045-7eed-bbec-95611a8ecdf5/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/catppuccin/nix/1.1.%2A.tar.gz"
+      }
+    },
+    "catppuccin-v1_2": {
+      "locked": {
+        "lastModified": 1734728407,
+        "narHash": "sha256-Let3uJo4YDyfqbqaw66dpZxhJB2TrDyZWSFd5rpPLJA=",
+        "rev": "23ee86dbf4ed347878115a78971d43025362fab1",
+        "revCount": 341,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/catppuccin/nix/1.2.0/0193e5e0-33b7-7149-a362-bfe56b20f64e/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/catppuccin/nix/1.2.%2A.tar.gz"
+      }
+    },
+    "catppuccin_2": {
+      "inputs": {
+        "catppuccin-v1_1": "catppuccin-v1_1",
+        "catppuccin-v1_2": "catppuccin-v1_2",
+        "home-manager": "home-manager_2",
+        "home-manager-stable": "home-manager-stable",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable",
+        "nuscht-search": "nuscht-search"
+      },
+      "locked": {
+        "lastModified": 1736069220,
+        "narHash": "sha256-76MaB3COao55nlhWmSmq9PKgu2iGIs54C1cAE0E5J6Y=",
+        "owner": "catppuccin",
+        "repo": "nix",
+        "rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "catppuccin",
+        "repo": "nix",
+        "rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e",
+        "type": "github"
+      }
+    },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1744478979,
+        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
+    "fast-syntax-highlighting": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1752660993,
+        "narHash": "sha256-ZihUL4JAVk9V+IELSakytlb24BvEEJ161CQEHZYYoSA=",
+        "owner": "zdharma-continuum",
+        "repo": "fast-syntax-highlighting",
+        "rev": "3d574ccf48804b10dca52625df13da5edae7f553",
+        "type": "github"
+      },
+      "original": {
+        "owner": "zdharma-continuum",
+        "repo": "fast-syntax-highlighting",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1767039857,
+        "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1767039857,
+        "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
+        "owner": "NixOS",
+        "repo": "flake-compat",
+        "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "neovim-nightly",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1778716662,
+        "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-parts_2": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1778716662,
+        "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_3": {
+      "inputs": {
+        "systems": "systems_4"
+      },
+      "locked": {
+        "lastModified": 1701680307,
+        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "git-hooks": {
+      "inputs": {
+        "flake-compat": "flake-compat_2",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "nix-gaming",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1778507602,
+        "narHash": "sha256-kTwur1wV+01SdqskVMSo6JMEpg71ps3HpbFY2GsflKs=",
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "nix-gaming",
+          "git-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1709087332,
+        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
     "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1745494811,
+        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager-stable": {
+      "inputs": {
+        "nixpkgs": [
+          "catppuccin",
+          "nixpkgs-stable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1734366194,
+        "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-24.11",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
+      "inputs": {
+        "nixpkgs": [
+          "catppuccin",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1734622215,
+        "narHash": "sha256-OOfI0XhSJGHblfdNDhfnn8QnZxng63rWk9eeJ2tCbiI=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "1395379a7a36e40f2a76e7b9936cc52950baa1be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_3": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1624126484,
-        "narHash": "sha256-x0LmdaceksI7posLR3yRzuIwuaK+Sf7/r+g9OX9uYAA=",
-        "owner": "LavaDesu",
+        "lastModified": 1779969295,
+        "narHash": "sha256-HwIJ3tOcwSMiV75L7KqJXciXR9UfT+d7rwOZMX7cTnA=",
+        "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "410c8a5d87e6d341fca25f8632b2e2e5df4c1982",
+        "rev": "61e2c9659324181e0f0ed911958c536333b1d4f6",
         "type": "github"
       },
       "original": {
-        "owner": "LavaDesu",
-        "ref": "xsession-profilePath",
+        "owner": "nix-community",
         "repo": "home-manager",
         "type": "github"
       }
     },
+    "ixx": {
+      "inputs": {
+        "flake-utils": [
+          "catppuccin",
+          "nuscht-search",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "catppuccin",
+          "nuscht-search",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1729958008,
+        "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
+        "owner": "NuschtOS",
+        "repo": "ixx",
+        "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NuschtOS",
+        "ref": "v0.0.6",
+        "repo": "ixx",
+        "type": "github"
+      }
+    },
+    "linux-tkg": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1779857514,
+        "narHash": "sha256-dCrVB3cFvv1d/9wuEejYN131b1phyf6SDy1bcEvtWGo=",
+        "owner": "Frogging-Family",
+        "repo": "linux-tkg",
+        "rev": "c9196dea7ee464f7792f94cd39c32431ad9e25ab",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Frogging-Family",
+        "repo": "linux-tkg",
+        "type": "github"
+      }
+    },
+    "neovim-nightly": {
+      "inputs": {
+        "flake-parts": "flake-parts",
+        "neovim-src": "neovim-src",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1780013080,
+        "narHash": "sha256-m984DKbcIeNNuLYFjN3780rPEd55Xe9/cB4BNKkIDvg=",
+        "owner": "nix-community",
+        "repo": "neovim-nightly-overlay",
+        "rev": "c6cc238427db8f61b786a66d7e02cf7724b30226",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "neovim-nightly-overlay",
+        "type": "github"
+      }
+    },
+    "neovim-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1779979065,
+        "narHash": "sha256-3uF/oP2D4Jka3DU2G8qqml75UOzPRrK+FIp+jghOq0s=",
+        "owner": "neovim",
+        "repo": "neovim",
+        "rev": "5d85669a33e10f1f156b086562458cbbc8054438",
+        "type": "github"
+      },
+      "original": {
+        "owner": "neovim",
+        "repo": "neovim",
+        "type": "github"
+      }
+    },
+    "nix-gaming": {
+      "inputs": {
+        "flake-parts": "flake-parts_2",
+        "git-hooks": "git-hooks",
+        "nixpkgs": "nixpkgs_10"
+      },
+      "locked": {
+        "lastModified": 1779768228,
+        "narHash": "sha256-/dRavNAx/Mp67xcQQ3JBIMyf0cLoXqKedafB1+wksAE=",
+        "owner": "fufexan",
+        "repo": "nix-gaming",
+        "rev": "6e7a8414c0f547a86646eb0b56ebf89e7cc217a2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "fufexan",
+        "repo": "nix-gaming",
+        "type": "github"
+      }
+    },
+    "nix-index-database": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1779604987,
+        "narHash": "sha256-ZQ5z+fVhxYKtIFwtqGp5O0PD84BM1riASvqDaN5Xs+s=",
+        "owner": "nix-community",
+        "repo": "nix-index-database",
+        "rev": "8fba98c80b48fa013820e0163c5096922fea4ddd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-index-database",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1624148921,
-        "narHash": "sha256-FAhKTXZV67C36hK5lPvZfsFt+QY1QSHYQXwGXqpOChs=",
+        "lastModified": 1777268161,
+        "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-lib": {
+      "locked": {
+        "lastModified": 1777168982,
+        "narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1734600368,
+        "narHash": "sha256-nbG9TijTMcfr+au7ZVbKpAhMJzzE2nQBYmRvSdXUD8g=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f2122ea5815648effdd97157c7bf4e9a1a6dbb34",
+        "rev": "b47fd6fa00c6afca88b8ee46cfdb00e104f50bca",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
+        "ref": "nixos-24.11",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
+    "nixpkgs_10": {
+      "locked": {
+        "lastModified": 1779536132,
+        "narHash": "sha256-q+fF42iv/geEbHfgSzy3tS0FF/EyD6XTZ98E6yxiBO8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "3d8f0f3f72a6cd4d93d0ad13203f2ea1cb7e1456",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_11": {
+      "locked": {
+        "lastModified": 1779560665,
+        "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_12": {
+      "locked": {
+        "lastModified": 1770019141,
+        "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1773282481,
+        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1773282481,
+        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1773122722,
+        "narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_5": {
+      "locked": {
+        "lastModified": 1773282481,
+        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_6": {
+      "locked": {
+        "lastModified": 1773282481,
+        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_7": {
+      "locked": {
+        "lastModified": 1773282481,
+        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_8": {
+      "locked": {
+        "lastModified": 1773282481,
+        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_9": {
+      "locked": {
+        "lastModified": 1779560665,
+        "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nuscht-search": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "ixx": "ixx",
+        "nixpkgs": [
+          "catppuccin",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733773348,
+        "narHash": "sha256-Y47y+LesOCkJaLvj+dI/Oa6FAKj/T9sKVKDXLNsViPw=",
+        "owner": "NuschtOS",
+        "repo": "search",
+        "rev": "3051be7f403bff1d1d380e4612f0c70675b44fc9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NuschtOS",
+        "repo": "search",
+        "type": "github"
+      }
+    },
+    "nvim-treesitter": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1775221900,
+        "narHash": "sha256-PQR6tFt4lCrAZNQG7BLMD1IiCKja9wDS1S4laGJf/HE=",
+        "owner": "nvim-treesitter",
+        "repo": "nvim-treesitter",
+        "rev": "4916d6592ede8c07973490d9322f187e07dfefac",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nvim-treesitter",
+        "repo": "nvim-treesitter",
+        "type": "github"
+      }
+    },
+    "pastel": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": "nixpkgs_12",
+        "pnpm2nix": "pnpm2nix"
+      },
+      "locked": {
+        "lastModified": 1775622883,
+        "narHash": "sha256-2+7uCRXn+tn4LVaO7hLKPaezdKPW6HGvTr00aO4Tcxs=",
+        "owner": "cillynder",
+        "repo": "pastel",
+        "rev": "46f6569d5ad41ec1256dbf999d21701f73d6077b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cillynder",
+        "repo": "pastel",
+        "type": "github"
+      }
+    },
+    "pnpm2nix": {
+      "inputs": {
+        "flake-utils": "flake-utils_3",
+        "nixpkgs": [
+          "pastel",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1717937937,
+        "narHash": "sha256-bKoHjG5P15vCVpDndIXFfoJC65XhrBPQ9GWcXtXNuDA=",
+        "owner": "wrvsrx",
+        "repo": "pnpm2nix-nzbr",
+        "rev": "a2d285ad5718cb202f45e98a4f839a5b2608c4b1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "wrvsrx",
+        "ref": "adapt-to-v9",
+        "repo": "pnpm2nix-nzbr",
+        "type": "github"
+      }
+    },
+    "pure": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1779255807,
+        "narHash": "sha256-UQ0hP3qJd4Qxiw1LXPdb9d0Dc4OSD3HJpgYzaCfujno=",
+        "owner": "sindresorhus",
+        "repo": "pure",
+        "rev": "cc0759a0de620f191510e2e2f9748194a605b54d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "sindresorhus",
+        "repo": "pure",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
-        "home-manager": "home-manager",
-        "nixpkgs": "nixpkgs",
-        "secrets": "secrets"
+        "aagl": "aagl",
+        "agenix": "agenix",
+        "c-amethyst": "c-amethyst",
+        "c-beryllium": "c-beryllium",
+        "c-citrine": "c-citrine",
+        "c-diamond": "c-diamond",
+        "c-emerald": "c-emerald",
+        "c-fluorite": "c-fluorite",
+        "c-garnet": "c-garnet",
+        "catppuccin": "catppuccin_2",
+        "catppuccin-palette": "catppuccin-palette",
+        "fast-syntax-highlighting": "fast-syntax-highlighting",
+        "home-manager": "home-manager_3",
+        "linux-tkg": "linux-tkg",
+        "neovim-nightly": "neovim-nightly",
+        "nix-gaming": "nix-gaming",
+        "nix-index-database": "nix-index-database",
+        "nixpkgs": "nixpkgs_11",
+        "nvim-treesitter": "nvim-treesitter",
+        "pastel": "pastel",
+        "pure": "pure",
+        "spicetify-nix": "spicetify-nix",
+        "spotify-adblock": "spotify-adblock",
+        "stevenblack-hosts": "stevenblack-hosts",
+        "tree-sitter-jsonc": "tree-sitter-jsonc",
+        "website": "website",
+        "wine-discord-ipc-bridge": "wine-discord-ipc-bridge",
+        "zsh-abbr": "zsh-abbr",
+        "zsh-history-substring-search": "zsh-history-substring-search"
       }
     },
-    "secrets": {
+    "rust-overlay": {
+      "inputs": {
+        "nixpkgs": [
+          "aagl",
+          "nixpkgs"
+        ]
+      },
       "locked": {
-        "lastModified": 1621557628,
-        "narHash": "sha256-exoyO1kp/2Pheentn1MPHU9gbx/wtbkPay3aoC0ooOM=",
-        "owner": "LavaDesu",
-        "repo": "flakes-secrets",
-        "rev": "365392dd012cb896fcbbedbd8b05ad91fcf0b56a",
+        "lastModified": 1777605393,
+        "narHash": "sha256-Hjp0VOOHgHcTrX23iVvnfAudPcuCmfkfpQNFwv2v/ks=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "ff88db34cfa486fc4964a6991cab1678d82eee8c",
         "type": "github"
       },
       "original": {
-        "owner": "LavaDesu",
-        "repo": "flakes-secrets",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "spicetify-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": "systems_5"
+      },
+      "locked": {
+        "lastModified": 1779824049,
+        "narHash": "sha256-dWHVUjP03KSVG1PaLKA6j9EdxWSxSQvipMUIcSyuA/U=",
+        "owner": "Gerg-L",
+        "repo": "spicetify-nix",
+        "rev": "1362178e5f5f7a848c49fe9dee004ef8824f100a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Gerg-L",
+        "repo": "spicetify-nix",
+        "type": "github"
+      }
+    },
+    "spotify-adblock": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1773417310,
+        "narHash": "sha256-nwiX2wCZBKRTNPhmrurWQWISQdxgomdNwcIKG2kSQsE=",
+        "owner": "abba23",
+        "repo": "spotify-adblock",
+        "rev": "813d3451c53126bf1941baaf8dd37f1152c3f412",
+        "type": "github"
+      },
+      "original": {
+        "owner": "abba23",
+        "repo": "spotify-adblock",
+        "type": "github"
+      }
+    },
+    "stevenblack-hosts": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1779976382,
+        "narHash": "sha256-wt5NGa4K8/vda669UYUmTUt+BR9X5fPnuTZFfQdpLYo=",
+        "owner": "StevenBlack",
+        "repo": "hosts",
+        "rev": "d3e838712512490260f051150e3573eeebecfadb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "StevenBlack",
+        "repo": "hosts",
+        "type": "github"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_4": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_5": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "tree-sitter-jsonc": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1769637052,
+        "narHash": "sha256-V38tvBHJsSHJbj8QrMbt5hz2q8WLf4jtKsTiAo98/Vo=",
+        "owner": "WhyNotHugo",
+        "repo": "tree-sitter-jsonc",
+        "rev": "f7890ba894d885d1b2b721cfae759b07d53c8886",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "WhyNotHugo",
+        "repo": "tree-sitter-jsonc",
+        "type": "gitlab"
+      }
+    },
+    "website": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1668017714,
+        "narHash": "sha256-ywy/7xeT6FHkF7lcs+stW1WPV+piE8ztSwcQ161iico=",
+        "owner": "cillynder",
+        "repo": "lavadesu.github.io",
+        "rev": "4e30c50be520a0a1bbecf408f056e6aaf135df67",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cillynder",
+        "ref": "master",
+        "repo": "lavadesu.github.io",
+        "type": "github"
+      }
+    },
+    "wine-discord-ipc-bridge": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1730092778,
+        "narHash": "sha256-jzsbOKMakNQ6RNMlioX088fGzFBDxOP45Atlsfm2RKg=",
+        "owner": "0e4ef622",
+        "repo": "wine-discord-ipc-bridge",
+        "rev": "86fcbddaf654aec40c6fe6a8293f627340331b0c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "0e4ef622",
+        "repo": "wine-discord-ipc-bridge",
+        "type": "github"
+      }
+    },
+    "zsh-abbr": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1773890443,
+        "narHash": "sha256-SVuwDeHIBg8yArKGzDEfsG3fz0UwABQoJkyKTQAPUiw=",
+        "ref": "refs/heads/main",
+        "rev": "889f4772c12b9dbe4965bbd56f2572af0a28fa3b",
+        "revCount": 1139,
+        "submodules": true,
+        "type": "git",
+        "url": "https://github.com/olets/zsh-abbr"
+      },
+      "original": {
+        "submodules": true,
+        "type": "git",
+        "url": "https://github.com/olets/zsh-abbr"
+      }
+    },
+    "zsh-history-substring-search": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1768499095,
+        "narHash": "sha256-KHujL1/TM5R3m4uQh2nGVC98D6MOyCgQpyFf+8gjKR0=",
+        "owner": "zsh-users",
+        "repo": "zsh-history-substring-search",
+        "rev": "14c8d2e0ffaee98f2df9850b19944f32546fdea5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "zsh-users",
+        "repo": "zsh-history-substring-search",
         "type": "github"
       }
     }
diff --git a/flake.nix b/flake.nix
index a2ad8b4..5cf3457 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,64 +1,101 @@
 {
   inputs = {
-    nixpkgs = { url = "github:NixOS/nixpkgs"; };
-    home-manager = { url = "github:LavaDesu/home-manager/xsession-profilePath"; };
-    secrets = { url = "github:LavaDesu/flakes-secrets"; };
-
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    home-manager.url = "github:nix-community/home-manager";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
+
+    agenix.url = "github:ryantm/agenix";
+    agenix.inputs.nixpkgs.follows = "nixpkgs";
+    aagl.url = "github:ezKEa/aagl-gtk-on-nix";
+    catppuccin.url = "github:catppuccin/nix/8eada392fd6571a747e1c5fc358dd61c14c8704e";
+    catppuccin.inputs.nixpkgs.follows = "nixpkgs";
+    catppuccin-palette = { url = "github:catppuccin/palette"; flake = false; };
+    neovim-nightly.url = "github:nix-community/neovim-nightly-overlay";
+    neovim-nightly.inputs.nixpkgs.follows = "nixpkgs";
+
+    nix-gaming.url = "github:fufexan/nix-gaming";
+    nix-index-database.url = "github:nix-community/nix-index-database";
+    nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
+    spicetify-nix.url = "github:Gerg-L/spicetify-nix";
+    spicetify-nix.inputs.nixpkgs.follows = "nixpkgs";
+
+    # services
+    pastel.url = "github:cillynder/pastel";
+    stevenblack-hosts = { url = "github:StevenBlack/hosts"; flake = false; };
+    website = { url = "github:cillynder/lavadesu.github.io/master"; flake = false; };
+
+    # zsh plugins
+    zsh-abbr = { url = "git+https://github.com/olets/zsh-abbr?submodules=1"; flake = false; };
+    zsh-history-substring-search = { url = "github:zsh-users/zsh-history-substring-search"; flake = false; };
+    fast-syntax-highlighting = { url = "github:zdharma-continuum/fast-syntax-highlighting"; flake = false; };
+    pure = { url = "github:sindresorhus/pure"; flake = false; };
+
+    # overlays
+    linux-tkg = { url = "github:Frogging-Family/linux-tkg"; flake = false; };
+    nvim-treesitter = { url = "github:nvim-treesitter/nvim-treesitter"; flake = false; };
+    spotify-adblock = { url = "github:abba23/spotify-adblock"; flake = false; };
+    tree-sitter-jsonc = { url = "gitlab:WhyNotHugo/tree-sitter-jsonc"; flake = false; };
+    wine-discord-ipc-bridge = { url = "github:0e4ef622/wine-discord-ipc-bridge"; flake = false; };
+
+    # containers
+    c-amethyst.url = "path:./containers/amethyst";
+    c-beryllium.url = "path:./containers/beryllium";
+    c-citrine.url = "path:./containers/citrine";
+    c-diamond.url = "path:./containers/diamond";
+    c-emerald.url = "path:./containers/emerald";
+    c-fluorite.url = "path:./containers/fluorite";
+    c-garnet.url = "path:./containers/garnet";
   };
 
-  outputs = inputs: with inputs;
+  outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs:
     let
-      revCount = "296773";
-      base = { config, ... }: {
-        system = {
-          configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev;
-          nixos = rec {
-            version = config.system.nixos.release + versionSuffix;
-            versionSuffix = ".${nixpkgs.lib.substring 0 8 (nixpkgs.lastModifiedDate or nixpkgs.lastModified or "19700101")}.r${revCount}-${nixpkgs.lib.substring 0 11 (nixpkgs.rev or "dirty")}";
+      overlays = (import ./overlays)
+        ++ [(final: prev: {
+          me = prev.callPackage ./packages { inherit inputs; } // { inherit inputs; };
+        })];
+
+        patchOverlaysWithLinuxLava = nixpkgs: arch: ([(self: super: {
+          linuxLavaNixpkgs = import nixpkgs {
+            overlays = [ (import ./overlays/linux-lava.nix) ] ++ overlays;
+            system = arch;
+          };
+        })] ++ overlays);
+
+      mkSystem =
+        if !(self ? rev) then throw "Dirty git tree detected." else
+        nixpkgs: name: arch: extraModules: nixpkgs.lib.nixosSystem {
+          system = arch;
+          modules = [
+            ({
+              nixpkgs.overlays = patchOverlaysWithLinuxLava nixpkgs arch;
+            })
+            agenix.nixosModules.age
+            catppuccin.nixosModules.catppuccin
+            (./hosts + "/${name}")
+          ] ++ extraModules;
+          specialArgs = {
+            inherit inputs;
+            modules = import ./modules { lib = nixpkgs.lib; };
+            gcSecrets = builtins.fromJSON (builtins.readFile "${self}/secrets.gcrypt/shared.json");
           };
         };
-        nix.registry.nixpkgs.flake = nixpkgs;
-        nixpkgs.overlays = builtins.attrValues overlays;
-      };
-      hm-base = {
-        home-manager.useGlobalPkgs = true;
-        home-manager.useUserPackages = true;
-      };
-      overlays = {
-        discord = import ./overlays/discord.nix;
-        linux = import ./overlays/linux.nix;
-        material-icons = import ./overlays/material-icons.nix;
-        mps-youtube = import ./overlays/mps-youtube.nix;
-        picom = import ./overlays/picom.nix;
-        polybar = import ./overlays/polybar.nix;
-        transcrypt = import ./overlays/transcrypt.nix;
-        winetricks = import ./overlays/winetricks.nix;
-        wine-osu = import ./overlays/wine-osu.nix;
-        xinit = import ./overlays/xinit.nix;
-      };
     in
     {
-      nixosConfigurations."winter" = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
-        modules = [
-          base
-          home-manager.nixosModules.home-manager
-          hm-base
-          ./hosts/winter
-          secrets.nixosModules.winter
-        ];
-        specialArgs = { inherit overlays; };
-      };
+      nixosConfigurations."alyssum" = mkSystem nixpkgs "alyssum" "x86_64-linux" [];
+      nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" [];
+      nixosConfigurations."dandelion" = mkSystem nixpkgs "dandelion" "aarch64-linux" [];
+      nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" [];
 
-      packages.x86_64-linux =
+      packages."x86_64-linux" =
         let
-          pkgs = import nixpkgs {
-            overlays = builtins.attrValues overlays;
+          pkgs = import nixpkgs rec {
+            overlays = patchOverlaysWithLinuxLava nixpkgs system;
             system = "x86_64-linux";
           };
-        in {
-          inherit (pkgs) linux-lava wine-osu;
+        in
+        {
+          inherit (pkgs.me) linux-lava spotify-adblock;
+          linux-lava-ccache = pkgs.me.linux-lava.override { useCcache = true; };
         };
     };
 }
diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix
new file mode 100644
index 0000000..06c415f
--- /dev/null
+++ b/hosts/alyssum/default.nix
@@ -0,0 +1,45 @@
+{ inputs, lib, modules, modulesPath, ... }: {
+  networking.hostName = "alyssum";
+  system.stateVersion = "25.11";
+  time.timeZone = "Australia/Melbourne";
+
+  age.secrets = {
+    acme_dns.file = ../../secrets/acme_dns.age;
+    passwd.file = ../../secrets/passwd.age;
+    navidrome_env.file = ../../secrets/navidrome_env.age;
+    wpa_conf = {
+      file = ../../secrets/wpa_conf.age;
+      path = "/etc/wpa_supplicant/imperative.conf";
+      symlink = false;
+    };
+  };
+
+  imports = with modules.system; [
+    (modulesPath + "/profiles/qemu-guest.nix")
+    home-manager
+
+    base
+    kernel
+    nix-stable
+    packages
+    security
+    tailscale
+
+    modules.services.nginx
+    modules.services.syncthing
+
+    inputs.c-emerald.nixosModule
+    inputs.c-garnet.nixosModule
+
+    ./filesystem.nix
+    ./kernel.nix
+    ./networking.nix
+    ./home.syncthing.nix
+    ./samba.nix
+
+    ../../users/hana
+  ];
+
+  me.environment = "headless";
+  services.syncthing.user = lib.mkForce "hana";
+}
diff --git a/hosts/alyssum/filesystem.nix b/hosts/alyssum/filesystem.nix
new file mode 100644
index 0000000..bdea423
--- /dev/null
+++ b/hosts/alyssum/filesystem.nix
@@ -0,0 +1,35 @@
+{ ... }:
+let
+  bind = src: {
+    depends = [ "/nix" ];
+    device = src;
+    fsType = "none";
+    neededForBoot = true;
+    options = [ "bind" ];
+  };
+
+  mkLabelMount = label: type: {
+    device = "/dev/disk/by-label/${label}";
+    fsType = type;
+    options = [ "defaults" "relatime" ];
+  };
+  mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" // {
+    options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ];
+  };
+  submount = mkBtrfsMount "alyssum";
+in {
+  fileSystems = {
+    "/" = {
+      device = "rootfs";
+      fsType = "tmpfs";
+      options = [ "defaults" "size=8G" "mode=755" ];
+    };
+    "/boot" = mkLabelMount "stem" "vfat";
+
+    "/flower" = mkBtrfsMount "myosotis" "/@" true;
+    "/nix" = submount "/@/nix" false;
+    "/persist" = (submount "/@/persist" true) // { neededForBoot = true; };
+    "/persist/.snapshots" = submount "/snap/persist" false;
+    "/var/log/journal" = bind "/persist/journal";
+  };
+}
diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix
new file mode 100644
index 0000000..8d5a1cc
--- /dev/null
+++ b/hosts/alyssum/home.syncthing.nix
@@ -0,0 +1,39 @@
+{ config, lib, ... }:
+let
+  configOn = user: port: {
+    me.binds."/home/${user}/.config/syncthing" = "${user}/syncthing/config";
+    me.binds."/home/${user}/.local/state/syncthing" = "${user}/syncthing/state";
+
+    systemd.tmpfiles.rules = [ "d /flower/syncthing/${user} 700 ${user} users" ];
+
+    users.users.${user} = {
+      hashedPasswordFile = config.age.secrets.passwd.path;
+      isNormalUser = true;
+      linger = true;
+    };
+    home-manager.users.${user} = { ... }: {
+      home = {
+        username = "${user}";
+        homeDirectory = "/home/${user}";
+        stateVersion = "26.05";
+      };
+      services.syncthing = {
+        enable = true;
+        guiAddress = "[::]:${toString port}";
+        overrideDevices = false;
+        overrideFolders = false;
+        settings = {
+          options.listenAddresses = [
+            "tcp://0.0.0.0:2${toString port}"
+            "quic://0.0.0.0:2${toString port}"
+            "dynamic+https://relays.syncthing.net/endpoint"
+          ];
+          defaults.folder.path = "/flower/syncthing/${user}";
+        };
+      };
+    };
+  };
+in lib.mkMerge [
+  (configOn "kujira" 8385)
+  (configOn "cilly" 8386)
+]
diff --git a/hosts/alyssum/kernel.nix b/hosts/alyssum/kernel.nix
new file mode 100644
index 0000000..5e9b300
--- /dev/null
+++ b/hosts/alyssum/kernel.nix
@@ -0,0 +1,12 @@
+{ config, lib, ... }: {
+  boot = {
+    loader = {
+      efi.canTouchEfiVariables = true;
+      systemd-boot.enable = true;
+    };
+    initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
+    initrd.kernelModules = [ ];
+    kernelModules = [ "kvm-amd" ];
+  };
+  hardware.cpu.amd.updateMicrocode = true;
+}
diff --git a/hosts/alyssum/networking.nix b/hosts/alyssum/networking.nix
new file mode 100644
index 0000000..281cbb6
--- /dev/null
+++ b/hosts/alyssum/networking.nix
@@ -0,0 +1,15 @@
+{ config, ... }: {
+  networking = {
+    useDHCP = true;
+    wireless.enable = true;
+
+    interfaces.wlp1s0.useDHCP = false;
+    interfaces.wlp1s0.ipv4.addresses = [{
+      address = "192.168.1.167";
+      prefixLength = 24;
+    }];
+
+    defaultGateway = "192.168.1.1";
+    nameservers = [ "8.8.8.8" "8.8.4.4" ];
+  };
+}
diff --git a/hosts/alyssum/packages.nix b/hosts/alyssum/packages.nix
new file mode 100644
index 0000000..2d4bd30
--- /dev/null
+++ b/hosts/alyssum/packages.nix
@@ -0,0 +1,14 @@
+{ pkgs, ... }: {
+  environment.systemPackages = with pkgs; [
+    git
+    htop
+    jq
+    neovim
+    rsync
+    sshfs
+    wget
+
+    kitty.terminfo
+  ];
+  environment.variables.EDITOR = "nvim";
+}
diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix
new file mode 100644
index 0000000..d876981
--- /dev/null
+++ b/hosts/alyssum/samba.nix
@@ -0,0 +1,84 @@
+{ config, lib, pkgs, ... }:
+let
+  configOn = user: let
+    passwd_fname = "passwd_smb${user}";
+  in {
+    age.secrets.${passwd_fname}.file = ../../secrets/${passwd_fname}.age;
+    me.binds."/flower/smb/${user}/music" = "/flower/media/music/${user}";
+    me.binds."/flower/smb/${user}/syncthing" = "/flower/syncthing/${user}";
+
+    users.users.${user} = {
+      hashedPasswordFile = config.age.secrets.passwd.path;
+      isNormalUser = true;
+    };
+
+    system.activationScripts = {
+      init_smbpasswd.text = let
+        smbpasswd = "${config.services.samba.package}/bin/smbpasswd";
+      in ''
+        printf "$(cat ${config.age.secrets.${passwd_fname}.path})\n$(cat ${config.age.secrets.${passwd_fname}.path})\n" | ${smbpasswd} -sa ${user}
+      '';
+    };
+    services.samba.settings."${user}" = {
+      "path" = "/flower/smb/${user}";
+      "browseable" = "yes";
+      "read only" = "no";
+      "guest ok" = "no";
+      "create mask" = "0644";
+      "directory mask" = "0755";
+      "force user" = user;
+      "force group" = "users";
+      "valid users" = user;
+    };
+  };
+in lib.mkMerge [
+  (configOn "cilly")
+  (configOn "kujira")
+  {
+    me.binds."/flower/smb/kujira/opencloud" = "/flower/opencloud/data/storage/users/users/a8e29fc0-673c-4c67-be00-2442904acb43";
+
+    networking.firewall.allowPing = true;
+
+    services.samba = {
+      enable = true;
+      package = pkgs.samba4Full;
+      openFirewall = true;
+      settings = {
+        global = {
+          "server smb encrypt" = "required";
+          "workgroup" = "WORKGROUP";
+          "server string" = "smbnix";
+          "netbios name" = "smbnix";
+          "security" = "user";
+          "hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost";
+          "hosts deny" = "0.0.0.0/0";
+          "guest account" = "nobody";
+          "map to guest" = "bad user";
+        };
+        "public" = {
+          "path" = "/flower/smb/public";
+          "browseable" = "yes";
+          "read only" = "no";
+          "guest ok" = "yes";
+          "create mask" = "0644";
+          "directory mask" = "0755";
+          "force user" = "hana";
+          "force group" = "users";
+        };
+      };
+    };
+
+    services.samba-wsdd = {
+      enable = true;
+      openFirewall = true;
+    };
+
+    services.avahi = {
+      enable = true;
+      openFirewall = true;
+      nssmdns4 = true;
+      publish.enable = true;
+      publish.userServices = true;
+    };
+  }
+]
diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix
new file mode 100644
index 0000000..841e909
--- /dev/null
+++ b/hosts/anemone/default.nix
@@ -0,0 +1,60 @@
+{ config, inputs, modules, overlays, pkgs, ... }: {
+  networking.hostName = "anemone";
+  system.stateVersion = "23.11";
+  time.timeZone = "Australia/Melbourne";
+
+  nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ];
+  age.secrets = {
+    wg_anemone.file = ../../secrets/wg_anemone.age;
+    passwd.file = ../../secrets/passwd.age;
+  };
+
+  imports = with modules.system; [
+    home-manager
+
+    audio
+    base
+    bluetooth
+    ccache
+    corectrl
+    docker
+    flatpak
+    greetd
+    gui
+    input
+    kernel
+    nix
+    packages
+    printing
+    security
+    snapper
+    tailscale
+    wireguard
+
+    ./filesystem.nix
+    ./kernel.nix
+    ./networking.nix
+
+    ../../users/rin
+
+    modules.services.syncthing
+  ];
+
+  me = {
+    environment = "laptop";
+    batteryDevice = "BATT";
+    kbBacklightDevice = "asus::kbd_backlight";
+    hasFingerprint = true;
+    hidpi = true;
+  };
+
+  programs.wireshark = {
+    enable = true;
+    package = pkgs.wireshark;
+  };
+
+  services.fprintd.enable = true;
+  services.tlp.enable = true;
+
+  programs.kdeconnect.enable = true;
+}
diff --git a/hosts/anemone/filesystem.nix b/hosts/anemone/filesystem.nix
new file mode 100644
index 0000000..1c984e8
--- /dev/null
+++ b/hosts/anemone/filesystem.nix
@@ -0,0 +1,36 @@
+{ config, lib, ... }:
+let
+  mkLabelMount = label: type: lazy: {
+    device = "/dev/disk/by-label/${label}";
+    fsType = type;
+    options = [ "defaults" "relatime" ] ++ lib.optionals lazy [ "nofail" ];
+  };
+  mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" false // {
+    options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ];
+  };
+  submount = mkBtrfsMount "Anemone";
+in
+{
+  fileSystems = {
+    "/" = {
+      device = "rootfs";
+      fsType = "tmpfs";
+      options = [ "defaults" "size=8G" "mode=755" ];
+    };
+    "/boot" = mkLabelMount "SYSTEM" "vfat" true;
+
+    "/mnt/butter" = submount "/" true;
+    "/nix" = submount "/current/snow" false;
+    "/home" = submount "/current/home" true;
+    "/home/.snapshots" = submount "/snapshot/home" false;
+    "/root" = submount "/current/root" false;
+    "/var" = submount "/current/var" false;
+    "/persist" = {
+      depends = [ "/var" ];
+      device = "/var/persist";
+      fsType = "none";
+      options = [ "bind" ];
+      neededForBoot = true;
+    };
+  };
+}
diff --git a/hosts/anemone/kernel.nix b/hosts/anemone/kernel.nix
new file mode 100644
index 0000000..d959b37
--- /dev/null
+++ b/hosts/anemone/kernel.nix
@@ -0,0 +1,62 @@
+{ config, lib, pkgs, ... }: {
+  boot = {
+    consoleLogLevel = 0;
+    loader = {
+      efi.canTouchEfiVariables = true;
+      systemd-boot.enable = true;
+    };
+    initrd = {
+      availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+      systemd.enable = true;
+      verbose = false;
+    };
+    kernelModules = [ "kvm-amd" ];
+    kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.me.linux-lava);
+    kernelParams = [
+      "quiet"
+      "console=tty2"
+      "systemd.show_status=0"
+      "rd.systemd.show_status=0"
+      "rd.udev.log_level=3"
+      "udev.log_level=3"
+      "udev.log_priority=3"
+    ];
+  };
+
+  # swapDevices = [{
+  #   device = "/persist/swapfile";
+  #   size = 16 * 1024;
+  # }];
+  #
+  # systemd.sleep.extraConfig = ''
+  #   HibernateMode=shutdown
+  # '';
+  /*
+  services.logind.lidSwitch = "suspend-then-hibernate";
+  systemd.sleep.extraConfig = ''
+    HibernateDelaySec=14400
+    SuspendEstimationSec=3600
+    HibernateOnACPower=true
+  '';
+  */
+
+  powerManagement.cpufreq.min = 400000;
+
+  hardware.cpu.amd.updateMicrocode = true;
+
+  hardware.firmware = let
+    fw = "${pkgs.linux-firmware}/lib/firmware/cirrus/";
+   in [(
+    pkgs.runCommandNoCC "cs35l41-10431683" { } ''
+      mkdir -p $out/lib/firmware/cirrus
+      cd $out/lib/firmware/cirrus
+
+      cp ${fw}/cs35l41-dsp1-spk-prot-10431e12-spkid0-l0.bin cs35l41-dsp1-spk-prot-10431683-spkid0-l0.bin
+      cp ${fw}/cs35l41-dsp1-spk-prot-10431e12-spkid0-l0.bin cs35l41-dsp1-spk-prot-10431683-spkid0-r0.bin
+      cp ${fw}/cs35l41-dsp1-spk-prot-10431e12-spkid0-l0.bin cs35l41-dsp1-spk-prot-10431683-spkid1-l0.bin
+      cp ${fw}/cs35l41-dsp1-spk-prot-10431e12-spkid0-l0.bin cs35l41-dsp1-spk-prot-10431683-spkid1-r0.bin
+
+      cp ${fw}/cs35l41-dsp1-spk-prot-10431e12.wmfw cs35l41-dsp1-spk-prot-10431683.wmfw
+    ''
+  )];
+}
diff --git a/hosts/anemone/networking.nix b/hosts/anemone/networking.nix
new file mode 100644
index 0000000..f5a4dc5
--- /dev/null
+++ b/hosts/anemone/networking.nix
@@ -0,0 +1,4 @@
+{ config, ... }: {
+  networking.wireless.iwd.enable = true;
+  environment.etc."NetworkManager/system-connections".source = "/persist/nm_system-connections";
+}
diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix
new file mode 100644
index 0000000..f65dfd1
--- /dev/null
+++ b/hosts/dandelion/default.nix
@@ -0,0 +1,44 @@
+{ inputs, modules, modulesPath, ... }: {
+  networking.hostName = "dandelion";
+  system.stateVersion = "23.11";
+  time.timeZone = "Australia/Melbourne";
+
+  age.secrets = {
+    acme_dns.file = ../../secrets/acme_dns.age;
+    slskd_env.file = ../../secrets/slskd_env.age;
+    wg_dandelion.file = ../../secrets/wg_dandelion.age;
+  };
+
+  imports = with modules.system; [
+    (modulesPath + "/profiles/qemu-guest.nix")
+    home-manager
+
+    base
+    kernel
+    nix-stable
+    packages
+    security
+    tailscale
+    wireguard
+
+    modules.services.banksia
+    modules.services.nginx
+    modules.services.unbound
+    modules.services.website
+
+    inputs.c-amethyst.nixosModule
+    inputs.c-beryllium.nixosModule
+    inputs.c-citrine.nixosModule
+    inputs.c-diamond.nixosModule
+    inputs.c-fluorite.nixosModule
+
+    ./filesystem.nix
+    ./kernel.nix
+    ./networking.nix
+    ./nginx.nix
+
+    ../../users/hana
+  ];
+
+  me.environment = "headless";
+}
diff --git a/hosts/dandelion/filesystem.nix b/hosts/dandelion/filesystem.nix
new file mode 100644
index 0000000..861bc15
--- /dev/null
+++ b/hosts/dandelion/filesystem.nix
@@ -0,0 +1,34 @@
+{ ... }:
+let
+  bind = src: {
+    depends = [ "/nix" ];
+    device = src;
+    fsType = "none";
+    neededForBoot = true;
+    options = [ "bind" ];
+  };
+
+  mkLabelMount = label: type: {
+    device = "/dev/disk/by-label/${label}";
+    fsType = type;
+    options = [ "defaults" "relatime" ];
+  };
+  mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" // {
+    options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ];
+  };
+  submount = mkBtrfsMount "DANDELION";
+in {
+  fileSystems = {
+    "/" = {
+      device = "rootfs";
+      fsType = "tmpfs";
+      options = [ "defaults" "size=6G" "mode=755" ];
+    };
+    "/boot" = mkLabelMount "UEFI" "vfat";
+
+    "/nix" = submount "/@/nix" false;
+    "/persist" = (submount "/@/persist" true) // { neededForBoot = true; };
+    "/persist/.snapshots" = submount "/snap/persist" false;
+    "/var/log/journal" = bind "/persist/journal";
+  };
+}
diff --git a/hosts/dandelion/kernel.nix b/hosts/dandelion/kernel.nix
new file mode 100644
index 0000000..7ea7d43
--- /dev/null
+++ b/hosts/dandelion/kernel.nix
@@ -0,0 +1,10 @@
+{ ... }: {
+  boot = {
+    loader = {
+      efi.canTouchEfiVariables = true;
+      systemd-boot.enable = true;
+    };
+    initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
+    initrd.kernelModules = [ "nvme" ];
+  };
+}
diff --git a/hosts/dandelion/networking.nix b/hosts/dandelion/networking.nix
new file mode 100644
index 0000000..322719e
--- /dev/null
+++ b/hosts/dandelion/networking.nix
@@ -0,0 +1,4 @@
+{ ... }: {
+  networking.useDHCP = true;
+  networking.interfaces.enp2s0.useDHCP = false;
+}
diff --git a/hosts/dandelion/nginx.nix b/hosts/dandelion/nginx.nix
new file mode 100644
index 0000000..c29de38
--- /dev/null
+++ b/hosts/dandelion/nginx.nix
@@ -0,0 +1,8 @@
+{ ... }: {
+  services.nginx.virtualHosts."muse.lava.moe" = {
+    useACMEHost = "lava.moe";
+    forceSSL = true;
+    locations."/".return = "404";
+    locations."/share/".proxyPass = "http://[fd0d:2::5:2]:4533";
+  };
+}
diff --git a/hosts/dandelion/packages.nix b/hosts/dandelion/packages.nix
new file mode 100644
index 0000000..2d4bd30
--- /dev/null
+++ b/hosts/dandelion/packages.nix
@@ -0,0 +1,14 @@
+{ pkgs, ... }: {
+  environment.systemPackages = with pkgs; [
+    git
+    htop
+    jq
+    neovim
+    rsync
+    sshfs
+    wget
+
+    kitty.terminfo
+  ];
+  environment.variables.EDITOR = "nvim";
+}
diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix
new file mode 100644
index 0000000..a32d4bd
--- /dev/null
+++ b/hosts/hyacinth/default.nix
@@ -0,0 +1,47 @@
+{ config, inputs, modules, overlays, pkgs, ... }: {
+  networking.hostName = "hyacinth";
+  system.stateVersion = "21.11";
+  time.timeZone = "Australia/Melbourne";
+
+  nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ];
+  age.secrets = {
+    passwd.file = ../../secrets/passwd.age;
+    wg_hyacinth.file = ../../secrets/wg_hyacinth.age;
+    wpa_conf.file = ../../secrets/wpa_conf.age;
+  };
+  imports = with modules.system; [
+    home-manager
+
+    aagl
+    audio
+    base
+    bluetooth
+    ccache
+    corectrl
+    docker
+    flatpak
+    greetd
+    gui
+    input
+    kernel
+    nix
+    packages
+    printing
+    security
+    snapper
+    tailscale
+    wireguard
+
+    modules.services.syncthing
+
+    ./filesystem.nix
+    ./kernel.nix
+    ./networking.nix
+    ./packages.nix
+
+    ../../users/rin
+  ];
+  systemd.services.nix-daemon.environment.TMPDIR = "/nix/tmp";
+
+  me.hasBluetooth = true;
+}
diff --git a/hosts/hyacinth/filesystem.nix b/hosts/hyacinth/filesystem.nix
new file mode 100644
index 0000000..2757182
--- /dev/null
+++ b/hosts/hyacinth/filesystem.nix
@@ -0,0 +1,50 @@
+{ config, lib, ... }:
+let
+  mkLabelMount = label: type: {
+    device = "/dev/disk/by-label/${label}";
+    fsType = type;
+    options = [ "defaults" "relatime" ];
+  };
+  mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" // {
+    options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ];
+  };
+  mkCakeMount = mkBtrfsMount "CAKE";
+in
+{
+  fileSystems = {
+    "/" = {
+      device = "rootfs";
+      fsType = "tmpfs";
+      options = [ "defaults" "size=24G" "mode=755" ];
+    };
+    "/boot" = mkLabelMount "CUP" "vfat";
+
+    "/mnt/butter" = mkCakeMount "/" true;
+    "/mnt/cream" = mkBtrfsMount "CREAM" "/" true;
+    "/mnt/cream/permanence/.snapshots" = mkBtrfsMount "CREAM" "/snapshot/permanence" false;
+    "/nix" = mkCakeMount "/current/snow" false;
+    "/home" = mkCakeMount "/current/home" true;
+    "/home/.snapshots" = mkCakeMount "/snapshot/home" false;
+    "/root" = mkCakeMount "/current/root" false;
+    "/var" = mkCakeMount "/current/var" false;
+    "/persist" = {
+      depends = [ "/var" ];
+      device = "/var/persist";
+      fsType = "none";
+      options = [ "bind" ];
+      neededForBoot = true;
+    };
+  };
+  services.snapper.configs.cream = {
+      FSTYPE = "btrfs";
+      SUBVOLUME = "/mnt/cream/permanence";
+      TIMELINE_CLEANUP = true;
+      TIMELINE_CREATE = true;
+      TIMELINE_MIN_AGE = "1800";
+      TIMELINE_LIMIT_HOURLY = "5";
+      TIMELINE_LIMIT_DAILY = "7";
+      TIMELINE_LIMIT_WEEKLY = "0";
+      TIMELINE_LIMIT_MONTHLY = "0";
+      TIMELINE_LIMIT_YEARLY = "0";
+    };
+}
diff --git a/hosts/hyacinth/kernel.nix b/hosts/hyacinth/kernel.nix
new file mode 100644
index 0000000..f410014
--- /dev/null
+++ b/hosts/hyacinth/kernel.nix
@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }: {
+  boot = {
+    loader = {
+      efi.canTouchEfiVariables = true;
+      systemd-boot.enable = true;
+    };
+    initrd.availableKernelModules = [ "xhci_pci" "nvme" ];
+    initrd.kernelModules = [ "amdgpu" ];
+    kernelParams = [
+      "amdgpu.gpu_recovery=1"
+      "intel_pstate=passive"
+      "split_lock_detect=off"
+    ];
+    kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.me.linux-lava);
+  };
+  hardware.amdgpu.overdrive = {
+    enable = true;
+    ppfeaturemask = "0xffffffff";
+  };
+}
diff --git a/hosts/hyacinth/networking.nix b/hosts/hyacinth/networking.nix
new file mode 100644
index 0000000..0b2eb03
--- /dev/null
+++ b/hosts/hyacinth/networking.nix
@@ -0,0 +1,19 @@
+{ config, ... }: {
+  environment.etc."wpa_supplicant.conf".source = config.age.secrets.wpa_conf.path;
+  networking = {
+    useDHCP = true;
+    interfaces.enp5s0.useDHCP = false;
+    interfaces.enp5s0.wakeOnLan.enable = true;
+
+    interfaces.enp5s0.ipv4.addresses = [{
+      address = "192.168.1.201";
+      prefixLength = 24;
+    }];
+    defaultGateway = "192.168.1.1";
+    nameservers = [ "8.8.8.8" "8.8.4.4" ];
+
+    extraHosts = ''
+      10.100.0.1     sugarcane
+    '';
+  };
+}
diff --git a/hosts/hyacinth/packages.nix b/hosts/hyacinth/packages.nix
new file mode 100644
index 0000000..69f9ba1
--- /dev/null
+++ b/hosts/hyacinth/packages.nix
@@ -0,0 +1,7 @@
+{ pkgs, ... }: {
+  environment.systemPackages = with pkgs; [
+    discord
+    jetbrains.idea
+    texliveFull
+  ];
+}
diff --git a/hosts/winter/audio.nix b/hosts/winter/audio.nix
deleted file mode 100644
index 1f34689..0000000
--- a/hosts/winter/audio.nix
+++ /dev/null
@@ -1,107 +0,0 @@
-{ config, ... }:
-let
-  int = {
-    quantum = {
-      min = 512;
-      def = 1024;
-      max = 2048;
-    };
-    rate = 48000;
-  };
-  str = {
-    quantum = {
-      min = toString int.quantum.min;
-      def = toString int.quantum.def;
-      max = toString int.quantum.max;
-    };
-    rate = toString int.rate;
-  };
-in {
-  sound.enable = false;
-  security.rtkit.enable = true;
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-    jack.enable = true;
-
-    config.pipewire = {
-      "context.properties" = {
-        "link.max-buffers" = 16;
-        "default.clock.rate" = int.rate;
-        "default.clock.quantum" = int.quantum.def;
-        "default.clock.min-quantum" = int.quantum.min;
-        "default.clock.max-quantum" = int.quantum.max;
-        "core.daemon" = true;
-        "core.name" = "pipewire-0";
-      };
-
-      "context.modules" = [
-        {
-          name = "libpipewire-module-rtkit";
-          args = {
-            "nice.level" = -15;
-            "rt.prio" = 88;
-            "rt.time.soft" = 200000;
-            "rt.time.hard" = 200000;
-          };
-          flags = [ "ifexists" "nofail" ];
-        }
-        { name = "libpipewire-module-protocol-native"; }
-        { name = "libpipewire-module-profiler"; }
-        { name = "libpipewire-module-metadata"; }
-        { name = "libpipewire-module-spa-device-factory"; }
-        { name = "libpipewire-module-spa-node-factory"; }
-        { name = "libpipewire-module-client-node"; }
-        { name = "libpipewire-module-client-device"; }
-        {
-          name = "libpipewire-module-portal";
-          flags = [ "ifexists" "nofail" ];
-        }
-        { name = "libpipewire-module-access"; args = {}; }
-        { name = "libpipewire-module-adapter"; }
-        { name = "libpipewire-module-link-factory"; }
-        { name = "libpipewire-module-session-manager"; }
-      ];
-      "stream.properties" = {
-        "node.latency" = "${str.quantum.min}/${str.rate}";
-        "resample.quality" = 1;
-      };
-    };
-    config.pipewire-pulse = {
-      "context.modules" = [
-        {
-          name = "libpipewire-module-rtkit";
-          args = {
-            "nice.level" = -15;
-            "rt.prio" = 88;
-            "rt.time.soft" = 200000;
-            "rt.time.hard" = 200000;
-          };
-          flags = [ "ifexists" "nofail" ];
-        }
-        { name = "libpipewire-module-protocol-native"; }
-        { name = "libpipewire-module-client-node"; }
-        { name = "libpipewire-module-adapter"; }
-        { name = "libpipewire-module-metadata"; }
-        {
-          name = "libpipewire-module-protocol-pulse";
-          args = {
-            "pulse.min.req" = "${str.quantum.min}/${str.rate}";
-            "pulse.default.req" = "${str.quantum.def}/${str.rate}";
-            "pulse.max.req" = "${str.quantum.max}/${str.rate}";
-            "pulse.min.quantum" = "${str.quantum.min}/${str.rate}";
-            "pulse.max.quantum" = "${str.quantum.max}/${str.rate}";
-            "server.address" = [ "unix:native" ];
-          };
-        }
-      ];
-      "stream.properties" = {
-        "node.latency" = "${str.quantum.min}/${str.rate}";
-        "resample.quality" = 1;
-      };
-    };
-  };
-}
-
diff --git a/hosts/winter/default.nix b/hosts/winter/default.nix
deleted file mode 100644
index d7c8030..0000000
--- a/hosts/winter/default.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ config, overlays, pkgs, ... }: {
-  networking.hostName = "winter";
-  system.stateVersion = "20.09";
-
-  environment.etc = {
-    "machine-id".source = "/var/persist/machine-id";
-    "ssh/ssh_host_rsa_key".source = "/var/persist/ssh_host_rsa_key";
-    "ssh/ssh_host_rsa_key.pub".source = "/var/persist/ssh_host_rsa_key.pub";
-    "ssh/ssh_host_ed25519_key".source = "/var/persist/ssh_host_ed25519_key";
-    "ssh/ssh_host_ed25519_key.pub".source = "/var/persist/ssh_host_ed25519_key.pub";
-  };
-  environment.pathsToLink = [ "/share/zsh" ];
-  users.mutableUsers = false;
-
-  imports = [
-    ./audio.nix
-    ./gui.nix
-    ./hardware-configuration.nix
-    ./kernel.nix
-    ./networking.nix
-    ./packages.nix
-    ./security.nix
-
-    ../../users/rin
-  ];
-  nix = rec {
-    package = pkgs.nixUnstable;
-    binaryCaches = [
-      "https://cache.nixos.org?priority=10"
-      "https://lava.cachix.org"
-    ];
-    binaryCachePublicKeys = [
-      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-      "lava.cachix.org-1:8lTWI/3IKWHByzzYHZySunMPYs2eAJw2duL+uLZkSy0="
-    ];
-    trustedBinaryCaches = binaryCaches;
-
-    extraOptions = ''
-      experimental-features = nix-command flakes
-    '';
-  };
-  nixpkgs.config.allowUnfree = true;
-
-  i18n.defaultLocale = "en_GB.UTF-8";
-  console.useXkbConfig = true;
-}
-
diff --git a/hosts/winter/gui.nix b/hosts/winter/gui.nix
deleted file mode 100644
index 15cb649..0000000
--- a/hosts/winter/gui.nix
+++ /dev/null
@@ -1,60 +0,0 @@
-{ config, lib, pkgs, ... }: {
-  fonts = {
-    enableDefaultFonts = true;
-    fontconfig = {
-      defaultFonts = {
-        serif = ["NotoSerif"];
-        sansSerif = ["NotoSans"];
-        monospace = ["CascadiaCode"];
-      };
-    };
-    fonts = with pkgs; [
-      cascadia-code
-      font-awesome-ttf
-      font-awesome_4
-      hanazono
-      material-icons
-      noto-fonts
-      noto-fonts-cjk
-      noto-fonts-extra
-      open-sans
-      twemoji-color-font
-      unifont
-    ];
-  };
-  services.xserver = {
-    enable = true;
-    autorun = false;
-    displayManager = {
-      lightdm.enable = lib.mkForce false;
-      startx.enable = true;
-      xserverArgs = [
-        "-ardelay 250"
-        "-arinterval 15"
-      ];
-    };
-    desktopManager.xterm.enable = false;
-    libinput = {
-      enable = true;
-      mouse = {
-        accelSpeed = "0";
-        accelProfile = "flat";
-      };
-    };
-    xkbOptions = "caps:escape";
-    windowManager.i3 = {
-      enable = true;
-      package = pkgs.i3-gaps;
-      extraPackages = with pkgs; [
-        dunst
-        feh
-        lxappearance
-        maim
-        picom
-        polybar
-        rofi
-        xclip
-      ];
-    };
-  };
-}
diff --git a/hosts/winter/hardware-configuration.nix b/hosts/winter/hardware-configuration.nix
deleted file mode 100644
index fee857b..0000000
--- a/hosts/winter/hardware-configuration.nix
+++ /dev/null
@@ -1,63 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "rootfs";
-      fsType = "tmpfs";
-      options = [ "defaults" "size=4G" "mode=755" ];
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/E8E8-E570";
-      fsType = "vfat";
-    };
-
-  fileSystems."/mnt/butter" =
-    { device = "/dev/disk/by-uuid/8f0ba28e-5dff-4a4e-8db0-aa72cc90cb5d";
-      fsType = "btrfs";
-      options = [ "autodefrag" "compress=zstd:3" "nossd" "nossd_spread" "relatime" "subvolid=5" ];
-    };
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/8f0ba28e-5dff-4a4e-8db0-aa72cc90cb5d";
-      fsType = "btrfs";
-      options = [ "autodefrag" "compress=zstd:3" "nossd" "nossd_spread" "relatime" "subvolid=258" ];
-    };
-
-  fileSystems."/home" =
-    { device = "/dev/disk/by-uuid/8f0ba28e-5dff-4a4e-8db0-aa72cc90cb5d";
-      fsType = "btrfs";
-      options = [ "autodefrag" "compress=zstd:3" "nossd" "nossd_spread" "relatime" "subvolid=260" ];
-    };
-
-  fileSystems."/root" =
-    { device = "/dev/disk/by-uuid/8f0ba28e-5dff-4a4e-8db0-aa72cc90cb5d";
-      fsType = "btrfs";
-      options = [ "autodefrag" "compress=zstd:3" "nossd" "nossd_spread" "relatime" "subvolid=261" ];
-    };
-
-  fileSystems."/var" =
-    { device = "/dev/disk/by-uuid/8f0ba28e-5dff-4a4e-8db0-aa72cc90cb5d";
-      fsType = "btrfs";
-      options = [ "autodefrag" "compress=zstd:3" "nossd" "nossd_spread" "relatime" "subvolid=259" ];
-    };
-
-  fileSystems."/mnt/hdd" =
-    { device = "/dev/disk/by-uuid/d5e3cfe5-c73a-4695-b81b-fc0215d4cefe";
-      fsType = "ext4";
-    };
-
-  swapDevices = [ ];
-}
diff --git a/hosts/winter/kernel.nix b/hosts/winter/kernel.nix
deleted file mode 100644
index 320a9c7..0000000
--- a/hosts/winter/kernel.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ config, pkgs, ...}: {
-  powerManagement.cpuFreqGovernor = "ondemand";
-  boot = {
-    loader = {
-      systemd-boot.enable = true;
-      efi.canTouchEfiVariables = true;
-      grub = {
-        enable = true;
-        efiSupport = true;
-        device = "nodev";
-      };
-    };
-    blacklistedKernelModules = ["uvcvideo"];
-    initrd = {
-      includeDefaultModules = false;
-      kernelModules = [ "i915" ];
-    };
-    kernel.sysctl = {
-      "kernel.core_pattern" = "|/bin/false";
-      "kernel.sysrq" = 1;
-    };
-    kernelParams = [
-      "amdgpu.gpu_recovery=1"
-      "amdgpu.si_support=1"
-      "radeon.si_support=0"
-      "intel_pstate=passive"
-      "msr.allow_writes=on"
-    ];
-    kernelPackages = pkgs.lib.mkForce (pkgs.linuxPackagesFor pkgs.linux-lava);
-  };
-  zramSwap.enable = true;
-}
diff --git a/hosts/winter/networking.nix b/hosts/winter/networking.nix
deleted file mode 100644
index a504e73..0000000
--- a/hosts/winter/networking.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, ... }: {
-  networking.wireless = {
-    enable = true;
-    interfaces = [ "wlp3s0" ];
-  };
-
-  networking.useDHCP = false;
-  networking.interfaces.eno1.useDHCP = false;
-  networking.interfaces.wlp3s0.useDHCP = false;
-
-  networking.interfaces.eno1.ipv4.addresses = [{
-    address = "10.0.0.2";
-    prefixLength = 24;
-  }];
-  networking.interfaces.wlp3s0.ipv4.addresses = [{
-    address = "192.168.100.13";
-    prefixLength = 24;
-  }];
-  networking.defaultGateway = "192.168.100.1";
-  networking.nameservers = ["192.168.100.11"];
-}
diff --git a/hosts/winter/packages.nix b/hosts/winter/packages.nix
deleted file mode 100644
index 6f7edc6..0000000
--- a/hosts/winter/packages.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ config, pkgs, ...}: {
-  environment.systemPackages = with pkgs; [
-    efibootmgr
-    git
-    gparted
-    htop
-    libarchive
-    lf
-    msr-tools
-    ncdu
-    neovim
-    rsync
-    wget
-
-    gnome3.nautilus
-  ];
-  environment.variables.EDITOR = "nvim";
-
-  hardware.opengl.extraPackages = with pkgs; [
-     vaapiIntel
-     vaapiVdpau
-     libvdpau-va-gl
-     intel-ocl
-     rocm-opencl-icd
-     rocm-opencl-runtime
-  ];
-  programs.light.enable = true;
-  hardware.opentabletdriver.enable = true;
-  programs.steam.enable = true;
-  services.dbus.packages = [ pkgs.gnome3.dconf pkgs.gcr ];
-  services.gnome.sushi.enable = true;
-  # services.ipfs.enable = true;
-}
diff --git a/hosts/winter/security.nix b/hosts/winter/security.nix
deleted file mode 100644
index 78748e5..0000000
--- a/hosts/winter/security.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, pkgs, ... }: {
-  networking.firewall.enable = false;
-  services.openssh.enable = true;
-
-  security = {
-    polkit.enable = true;
-    sudo.enable = false;
-    doas = {
-      enable = true;
-      extraRules = [
-        {
-          groups = ["wheel"];
-          keepEnv = true;
-          persist = true;
-        }
-      ];
-    };
-  };
-}
diff --git a/modules/binds.nix b/modules/binds.nix
new file mode 100644
index 0000000..c9ffe18
--- /dev/null
+++ b/modules/binds.nix
@@ -0,0 +1,13 @@
+{ config, lib, ...}: {
+  imports = [ ./options.nix ];
+  fileSystems = lib.mapAttrs (dest: key: let
+    target = if (lib.strings.hasPrefix "/" key)
+      then key
+      else "/persist/binds/${key}";
+  in {
+    depends = [ "/persist" ];
+    device = target;
+    fsType = "none";
+    options = [ "bind" ];
+  }) config.me.binds;
+}
diff --git a/modules/default.nix b/modules/default.nix
new file mode 100644
index 0000000..6775c55
--- /dev/null
+++ b/modules/default.nix
@@ -0,0 +1,80 @@
+{ lib }:
+let
+  getName = path: lib.removeSuffix ".nix" ( # Strip extension
+    lib.last (                              # Gets the last part (filename)
+      lib.splitString "/" (                 # Splits the path into components
+        builtins.toString path              # Converts the path into a string
+      )
+    )
+  );
+  mkAttrsFromPaths = paths: builtins.listToAttrs (
+    builtins.map (path: {
+      name = getName path;
+      value = path;
+    }) paths
+  );
+in {
+  binds = ./binds.nix;
+  options = ./options.nix;
+  services = mkAttrsFromPaths [
+    ./services/banksia.nix
+    ./services/jellyfin.nix
+    ./services/nginx.nix
+    ./services/postgres.nix
+    ./services/sonarr.nix
+    ./services/synapse.nix
+    ./services/syncthing.nix
+    ./services/tmptsync.nix
+    ./services/transmission.nix
+    ./services/unbound.nix
+    ./services/vaultwarden.nix
+    ./services/website.nix
+  ];
+  system = mkAttrsFromPaths [
+    ./system/aagl.nix
+    ./system/audio.nix
+    ./system/base.nix
+    ./system/bluetooth.nix
+    ./system/ccache.nix
+    ./system/corectrl.nix
+    ./system/docker.nix
+    ./system/flatpak.nix
+    ./system/greetd.nix
+    ./system/gui.nix
+    ./system/home-manager.nix
+    ./system/input.nix
+    ./system/kernel.nix
+    ./system/nix.nix
+    ./system/nix-stable.nix
+    ./system/packages.nix
+    ./system/printing.nix
+    ./system/security.nix
+    ./system/snapper.nix
+    ./system/tailscale.nix
+    ./system/virtualisation.nix
+    ./system/wireguard.nix
+  ];
+  user = mkAttrsFromPaths [
+    ./user/catppuccin.nix
+    ./user/comma.nix
+    ./user/direnv.nix
+    ./user/dunst.nix
+    ./user/eww.nix
+    ./user/git.nix
+    ./user/gpg.nix
+    ./user/hypridle.nix
+    ./user/hyprlock.nix
+    ./user/kitty.nix
+    ./user/mpv.nix
+    ./user/neovim.nix
+    ./user/neovim-minimal.nix
+    ./user/npm.nix
+    ./user/obs.nix
+    ./user/rofi.nix
+    ./user/sessionVariables.nix
+    ./user/spicetify.nix
+    ./user/theming.nix
+    ./user/xdg.nix
+    ./user/zsh.nix
+  ];
+}
diff --git a/modules/options.nix b/modules/options.nix
new file mode 100644
index 0000000..e861c12
--- /dev/null
+++ b/modules/options.nix
@@ -0,0 +1,53 @@
+{ config, lib, ... }:
+let
+  inherit (lib)
+    mkOption
+    types;
+in {
+  options.me = {
+    environment = mkOption {
+      type = types.enum [ "desktop" "laptop" "headless" ];
+      default = "desktop";
+    };
+
+    hasFingerprint = mkOption {
+      type = types.bool;
+      default = false;
+    };
+
+    gui = mkOption {
+      type = types.bool;
+      default = config.me.environment != "headless";
+    };
+
+    batteryDevice = mkOption {
+      type = with types; nullOr (uniq str);
+      default = null;
+    };
+
+    kbBacklightDevice = mkOption {
+      type = with types; nullOr (uniq str);
+      default = null;
+    };
+
+    hasBluetooth = mkOption {
+      type = types.bool;
+      default = config.me.environment == "laptop";
+    };
+
+    hasWifi = mkOption {
+      type = types.bool;
+      default = config.me.environment == "laptop";
+    };
+
+    hidpi = mkOption {
+      type = types.bool;
+      default = false;
+    };
+
+    binds = lib.mkOption {
+      type = with lib.types; attrsOf str;
+      default = {};
+    };
+  };
+}
diff --git a/modules/services/banksia.nix b/modules/services/banksia.nix
new file mode 100644
index 0000000..2ace618
--- /dev/null
+++ b/modules/services/banksia.nix
@@ -0,0 +1,11 @@
+# TODO ^^
+{ ... }: {
+  services.nginx.virtualHosts = {
+    "banksia.lava.moe" = {
+      useACMEHost = "lava.moe";
+      forceSSL = true;
+      locations."/".return = "302 https://lab.lava.moe/cilly/Banksia";
+      locations."/api".proxyPass = "http://localhost:8080/";
+    };
+  };
+}
diff --git a/modules/services/jellyfin.nix b/modules/services/jellyfin.nix
new file mode 100644
index 0000000..4a52ed6
--- /dev/null
+++ b/modules/services/jellyfin.nix
@@ -0,0 +1,28 @@
+{ ... }:
+let
+  dir = "/persist/jellyfin";
+in
+{
+  fileSystems."/var/lib/jellyfin" = {
+    depends = [ "/persist" ];
+    device = dir;
+    fsType = "none";
+    options = [ "bind" ];
+  };
+  system.activationScripts."jellyfin-create-bind-mount" = {
+    deps = [ "users" "groups" ];
+    text = ''
+      mkdir -p ${dir}
+      chown jellyfin:jellyfin ${dir}
+      chmod 700 ${dir}
+    '';
+  };
+  systemd.tmpfiles.rules = [
+    "d /tmp/jelly-transcodes 700 jellyfin jellyfin"
+    "L+ /var/lib/jellyfin/transcodes - - - - /tmp/jelly-transcodes"
+  ];
+  services.jellyfin = {
+    enable = true;
+    openFirewall = true;
+  };
+}
diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix
new file mode 100644
index 0000000..a02b7e9
--- /dev/null
+++ b/modules/services/nginx.nix
@@ -0,0 +1,28 @@
+{ config, ... }: {
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "me@lava.moe";
+      group = "nginx";
+      dnsProvider = "cloudflare";
+      environmentFile = config.age.secrets."acme_dns".path;
+    };
+    certs."lava.moe" = {
+      extraDomainNames = [
+        "*.lava.moe"
+        "*.local.lava.moe"
+      ];
+    };
+    certs."cilly.moe" = {};
+    certs."cilly.dev" = {};
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+  };
+}
diff --git a/modules/services/postgres.nix b/modules/services/postgres.nix
new file mode 100644
index 0000000..bbbeaa1
--- /dev/null
+++ b/modules/services/postgres.nix
@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+let
+  dir = "/persist/postgresql/${config.services.postgresql.package.psqlSchema}";
+  uid = toString config.ids.uids.postgres;
+  gid = toString config.ids.gids.postgres;
+in {
+  systemd.tmpfiles.rules = [ "d ${dir} 700 ${uid} ${gid}" ];
+  services.postgresql = {
+    enable = true;
+    dataDir = dir;
+    # TODO: broken :3
+    package = pkgs.postgresql_13;
+    authentication = lib.mkOverride 10 ''
+      #type  database  DBuser  origin-address      auth-method
+      local  all       all                         trust
+      host   all       all     127.0.0.1/32        trust
+      host   all       all     ::1/128             trust
+    '';
+  };
+}
diff --git a/modules/services/sonarr.nix b/modules/services/sonarr.nix
new file mode 100644
index 0000000..b64d5ef
--- /dev/null
+++ b/modules/services/sonarr.nix
@@ -0,0 +1,11 @@
+{ ... }:
+let
+  dir = "/persist/sonarr";
+in
+{
+  services.sonarr = {
+    enable = true;
+    dataDir = dir;
+    openFirewall = true;
+  };
+}
diff --git a/modules/services/synapse.nix b/modules/services/synapse.nix
new file mode 100644
index 0000000..030de52
--- /dev/null
+++ b/modules/services/synapse.nix
@@ -0,0 +1,89 @@
+{ config, lib, options, pkgs, ... }:
+let
+  dom = "lava.moe";
+  sub = "matrix.lava.moe";
+  dir = "/persist/matrix-synapse";
+  uid = toString config.ids.uids.matrix-synapse;
+  gid = toString config.ids.gids.matrix-synapse;
+in {
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  systemd.tmpfiles.rules = [ "d ${dir} 700 ${uid} ${gid}" ];
+
+  /*services.postgresql = {
+    ensureDatabases = [ "matrix-synapse" ];
+    ensureUsers = [{
+      name = "matrix-synapse";
+      ensurePermissions = {
+        "DATABASE matrix-synapse" = "ALL PRIVILEGES";
+      };
+    }];
+  };*/
+  # TODO this would be bad if we use postgres for other things too
+  services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
+    CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
+    CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
+      TEMPLATE template0
+      LC_COLLATE = "C"
+      LC_CTYPE = "C";
+  '';
+
+  services.nginx = {
+    virtualHosts = {
+      ${dom} = {
+        locations."= /.well-known/matrix/server".extraConfig =
+          let
+            server = { "m.server" = "${sub}:443"; };
+          in ''
+            add_header Content-Type application/json;
+            return 200 '${builtins.toJSON server}';
+          '';
+        locations."= /.well-known/matrix/client".extraConfig =
+          let
+            client = {
+              "m.homeserver" =  { "base_url" = "https://${sub}"; };
+              "m.identity_server" =  { "base_url" = "https://vector.im"; };
+            };
+          in ''
+            add_header Content-Type application/json;
+            add_header Access-Control-Allow-Origin *;
+            return 200 '${builtins.toJSON client}';
+          '';
+      };
+
+      ${sub} = {
+        forceSSL = true;
+        useACMEHost = dom;
+
+        locations."/".extraConfig = ''
+          return 302 'https://${dom}';
+        '';
+
+        locations."/_matrix" = {
+          proxyPass = "http://[::1]:8008";
+        };
+      };
+    };
+  };
+
+  services.matrix-synapse = {
+    enable = true;
+    dataDir = dir;
+    server_name = dom;
+    logConfig = builtins.replaceStrings [ "INFO" ] [ "WARNING" ] options.services.matrix-synapse.logConfig.default;
+    listeners = [
+      {
+        port = 8008;
+        bind_address = "::1";
+        type = "http";
+        tls = false;
+        x_forwarded = true;
+        resources = [
+          {
+            names = [ "client" "federation" ];
+            compress = false;
+          }
+        ];
+      }
+    ];
+  };
+}
diff --git a/modules/services/syncthing.nix b/modules/services/syncthing.nix
new file mode 100644
index 0000000..db32371
--- /dev/null
+++ b/modules/services/syncthing.nix
@@ -0,0 +1,23 @@
+{ config, ... }:
+let
+  dir = "/persist/shared/.syncthing";
+  user = if config.me.gui then "rin" else "hana";
+  uid = toString config.users.users."${user}".uid;
+  gid = toString config.users.groups.users.gid;
+in
+{
+  systemd.tmpfiles.rules = [
+    "d ${dir}/config 700 ${uid} ${gid}"
+    "d ${dir}/data 700 ${uid} ${gid}"
+  ];
+  systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true";
+  services.syncthing = {
+    enable = true;
+    openDefaultPorts = true;
+    user = user;
+    group = "users";
+    dataDir = "/persist/shared/.syncthing/data";
+    configDir = "/persist/shared/.syncthing/config";
+    guiAddress = if config.me.gui then "127.0.0.1:8384" else ":8384";
+  };
+}
diff --git a/modules/services/tmptsync.nix b/modules/services/tmptsync.nix
new file mode 100644
index 0000000..54004c4
--- /dev/null
+++ b/modules/services/tmptsync.nix
@@ -0,0 +1,32 @@
+{ ... }:
+let
+  dir = "/persist/tmptsync";
+in
+{
+  systemd = {
+    services = {
+      tmptsync-load = {
+        before = [ "basic.target" ];
+        after = [ "local-fs.target" "sysinit.target" ];
+        unitConfig.DefaultDependencies = false;
+
+        environment.FILE = dir;
+        script = "${../../scripts/tmptsync.sh} load";
+        wantedBy = [ "basic.target" ];
+      };
+
+      tmptsync-save = {
+        environment.FILE = dir;
+        script = "${../../scripts/tmptsync.sh} save";
+        wantedBy = [ "basic.target" ];
+      };
+    };
+    timers.tmptsync-save = {
+      timerConfig = {
+        Unit = "tmptsync-save.service";
+        OnBootSec = "30min";
+        OnUnitActiveSec = "2h";
+      };
+    };
+  };
+}
diff --git a/modules/services/transmission.nix b/modules/services/transmission.nix
new file mode 100644
index 0000000..7540d68
--- /dev/null
+++ b/modules/services/transmission.nix
@@ -0,0 +1,18 @@
+{ config, ... }: {
+  networking.firewall.allowedTCPPorts = [ 9091 ];
+  services.transmission = {
+    enable = true;
+    downloadDirPermissions = "775";
+    openFirewall = true;
+    settings = {
+      download-dir = "/persist/transmission/Downloads";
+      incomplete-dir = "/persist/transmission/.incomplete";
+      ratio-limit-enabled = true;
+      rpc-bind-address = "0.0.0.0";
+      rpc-enabled = true;
+      rpc-port = 9091;
+      rpc-host-whitelist = "${config.networking.hostName}";
+      rpc-whitelist = "10.100.0.*,10.0.0.*,192.168.100.*";
+    };
+  };
+}
diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix
new file mode 100644
index 0000000..8aae0fd
--- /dev/null
+++ b/modules/services/unbound.nix
@@ -0,0 +1,62 @@
+{ inputs, pkgs, gcSecrets, ... }:
+let
+  dir = "/persist/unbound";
+
+  converted = pkgs.runCommand "stevenblack-hosts-unbound" {} ''
+    echo "server:" > "$out"
+    grep '^0\.0\.0\.0' "${inputs.stevenblack-hosts}/hosts" | awk '{print "local-zone: \""$2"\" always_refuse"}' | tail -n +2 >> "$out"
+  '';
+in {
+  networking.firewall.interfaces."ve-+" = {
+    allowedUDPPorts = [ 53 853 ];
+    allowedTCPPorts = [ 53 853 ];
+  };
+  networking.firewall.interfaces.wg0 = {
+    allowedUDPPorts = [ 53 853 ];
+    allowedTCPPorts = [ 53 853 ];
+  };
+  systemd.tmpfiles.rules = [ "d ${dir} 700 unbound unbound" ];
+
+  services.unbound = {
+    enable = true;
+    stateDir = dir;
+    settings = {
+      forward-zone = [{
+        name = ".";
+        forward-tls-upstream = true;
+        forward-addr = [
+          "2606:4700:4700::1111@853#cloudflare-dns.com"
+          "2606:4700:4700::1001@853#cloudflare-dns.com"
+          "2001:4860:4860::8888@853#dns.google"
+          "2001:4860:4860::8844@853#dns.google"
+          "1.1.1.1@853#cloudflare-dns.com"
+          "1.0.0.1@853#cloudflare-dns.com"
+          "8.8.8.8@853#dns.google"
+          "8.8.4.4@853#dns.google"
+        ];
+      }];
+
+      server = {
+        interface = [ "0.0.0.0" "::0" ];
+        access-control = [
+          "127.0.0.1/8      allow"
+          "10.0.0.0/8       allow"
+          "100.64.0.0/10    allow"
+          "192.168.100.0/24 allow"
+          "fd0d::/16        allow"
+          "fd7a:115c:a1e0::/48 allow"
+          "${gcSecrets.wireguard.ipv6Subnet}:/80 allow"
+        ];
+        domain-insecure = [ "\"local.lava.moe\"" ];
+        local-zone = [ "\"warden.local.lava.moe.\" redirect" ];
+        local-data = [
+          "\"warden.local.lava.moe. IN A 10.100.0.2\""
+        ];
+      };
+
+      include = "${converted}";
+    };
+  };
+
+  systemd.services.unbound.serviceConfig.ReadWritePaths = [ dir ];
+}
diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix
new file mode 100644
index 0000000..9c8d8b4
--- /dev/null
+++ b/modules/services/vaultwarden.nix
@@ -0,0 +1,32 @@
+{ config, lib, ... }:
+let
+  dir = "/persist/vaultwarden";
+  user = config.users.users.vaultwarden.name;
+  group = config.users.groups.vaultwarden.name;
+in {
+  systemd.tmpfiles.rules = [
+    "d ${dir} 700 ${user} ${group}"
+    "d ${dir}_backup 700 ${user} ${group}"
+  ];
+  services.vaultwarden = {
+    enable = true;
+    backupDir = "${dir}_backup";
+    config = {
+      dataFolder = dir;
+      signupsAllowed = false;
+      domain = "https://warden.local.lava.moe";
+      rocketPort = 8002;
+    };
+    environmentFile = config.age.secrets.warden_admin.path;
+  };
+
+  services.nginx.virtualHosts."warden.local.lava.moe" = {
+    forceSSL = true;
+    useACMEHost = "lava.moe";
+
+    locations."/".proxyPass = "http://localhost:8002";
+  };
+
+  systemd.services.vaultwarden.serviceConfig.ReadWritePaths = [ dir ];
+  systemd.services.backup-vaultwarden.environment.DATA_FOLDER = lib.mkForce dir;
+}
diff --git a/modules/services/website.nix b/modules/services/website.nix
new file mode 100644
index 0000000..3fba609
--- /dev/null
+++ b/modules/services/website.nix
@@ -0,0 +1,43 @@
+{ inputs, pkgs, ... }: let
+  pastel = inputs.pastel.packages.${pkgs.system}.default;
+in {
+  services.nginx.virtualHosts = {
+    "cilly.moe" = {
+      useACMEHost = "cilly.moe";
+      forceSSL = true;
+      root = pastel.outPath;
+    };
+    "cilly.dev" = {
+      useACMEHost = "cilly.dev";
+      forceSSL = true;
+      root = pastel.outPath;
+    };
+    "lava.moe" = {
+      useACMEHost = "lava.moe";
+      forceSSL = true;
+      root = inputs.website.outPath;
+    };
+    "cdn.lava.moe" = {
+      useACMEHost = "lava.moe";
+      forceSSL = true;
+      extraConfig = ''
+        return 301 https://sh.lava.moe$request_uri;
+      '';
+    };
+    "sh.lava.moe" = {
+      useACMEHost = "lava.moe";
+      forceSSL = true;
+      root = "/persist/cdn";
+    };
+    "_" = {
+      default = true;
+      addSSL = true;
+      # TODO generate this somewhere
+      sslCertificate = "/persist/fakeCerts/fake.crt";
+      sslCertificateKey = "/persist/fakeCerts/fake.key";
+      extraConfig = ''
+        return 444;
+      '';
+    };
+  };
+}
diff --git a/modules/system/aagl.nix b/modules/system/aagl.nix
new file mode 100644
index 0000000..57826c4
--- /dev/null
+++ b/modules/system/aagl.nix
@@ -0,0 +1,6 @@
+{ inputs, ... }: {
+  imports = [ inputs.aagl.nixosModules.default ];
+  nix.settings = inputs.aagl.nixConfig;
+  programs.anime-game-launcher.enable = true;
+  programs.sleepy-launcher.enable = true;
+}
diff --git a/modules/system/audio.nix b/modules/system/audio.nix
new file mode 100644
index 0000000..46d50c0
--- /dev/null
+++ b/modules/system/audio.nix
@@ -0,0 +1,88 @@
+{ config, ... }:
+let
+  int = {
+    quantum = {
+      min = 64;
+      def = 1024;
+      max = 2048;
+    };
+    rate = 48000;
+  };
+  str = {
+    quantum = {
+      min = toString int.quantum.min;
+      def = toString int.quantum.def;
+      max = toString int.quantum.max;
+    };
+    rate = toString int.rate;
+  };
+in {
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+  services.pipewire.extraConfig.pipewire = {
+    "context.properties" = {
+      "default.clock.rate" = int.rate;
+      "default.clock.quantum" = int.quantum.def;
+      "default.clock.min-quantum" = int.quantum.min;
+      "default.clock.max-quantum" = int.quantum.max;
+    };
+
+    "context.modules" = [
+      {
+        name = "libpipewire-module-rtkit";
+        args = {
+          "nice.level" = -15;
+          "rt.prio" = 88;
+          "rt.time.soft" = 200000;
+          "rt.time.hard" = 200000;
+        };
+      }
+    ];
+    "stream.properties" = {
+      "node.latency" = "${str.quantum.min}/${str.rate}";
+      "resample.quality" = 1;
+    };
+  };
+  services.pipewire.extraConfig.pipewire-pulse = {
+      "context.modules" = [
+        {
+          name = "libpipewire-module-rtkit";
+          args = {
+            "nice.level" = -15;
+            "rt.prio" = 88;
+            "rt.time.soft" = 200000;
+            "rt.time.hard" = 200000;
+          };
+        }
+      ];
+      "pulse.properties" = {
+         "pulse.min.req" = "${str.quantum.min}/${str.rate}";
+         "pulse.default.req" = "${str.quantum.def}/${str.rate}";
+         "pulse.max.req" = "${str.quantum.max}/${str.rate}";
+         "pulse.min.quantum" = "${str.quantum.min}/${str.rate}";
+         "pulse.max.quantum" = "${str.quantum.max}/${str.rate}";
+      };
+      "pulse.rules" = [
+        {
+          # Discord notification sounds fix
+          matches = [ { "application.process.binary" = ".DiscordCanary-wrapped"; } ];
+          actions = {
+              update-props = {
+                  "pulse.min.quantum" = "1024/48000";
+              };
+          };
+        }
+      ];
+      "stream.properties" = {
+        "node.latency" = "${str.quantum.min}/${str.rate}";
+        "resample.quality" = 1;
+      };
+  };
+}
+
diff --git a/modules/system/base.nix b/modules/system/base.nix
new file mode 100644
index 0000000..c45eb99
--- /dev/null
+++ b/modules/system/base.nix
@@ -0,0 +1,27 @@
+{ config, inputs, modules, ... }: {
+  imports = [ modules.binds modules.options ];
+
+  environment.etc = {
+    "machine-id".source = "/persist/machine-id";
+    "ssh/ssh_host_rsa_key".source = "/persist/ssh_host_rsa_key";
+    "ssh/ssh_host_rsa_key.pub".source = "/persist/ssh_host_rsa_key.pub";
+    "ssh/ssh_host_ed25519_key".source = "/persist/ssh_host_ed25519_key";
+    "ssh/ssh_host_ed25519_key.pub".source = "/persist/ssh_host_ed25519_key.pub";
+  };
+  environment.pathsToLink = [ "/share/zsh" ];
+
+  i18n.defaultLocale = "en_AU.UTF-8";
+  i18n.extraLocales = [ "en_GB.UTF-8/UTF-8" ];
+
+  users.mutableUsers = false;
+
+  system = {
+    configurationRevision = inputs.self.rev;
+    nixos = rec {
+      version = config.system.nixos.release + versionSuffix;
+      versionSuffix = "-${config.system.name}.r${builtins.toString inputs.self.revCount}.${inputs.self.shortRev}";
+    };
+  };
+  nix.registry.config.flake = inputs.self;
+  nix.registry.shells.flake = inputs.self;
+}
diff --git a/modules/system/bluetooth.nix b/modules/system/bluetooth.nix
new file mode 100644
index 0000000..1e2a72e
--- /dev/null
+++ b/modules/system/bluetooth.nix
@@ -0,0 +1,6 @@
+{ ... }: {
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = true;
+  };
+}
diff --git a/modules/system/ccache.nix b/modules/system/ccache.nix
new file mode 100644
index 0000000..b9e0847
--- /dev/null
+++ b/modules/system/ccache.nix
@@ -0,0 +1,3 @@
+{ config, ... }: {
+  programs.ccache.enable = true;
+}
diff --git a/modules/system/corectrl.nix b/modules/system/corectrl.nix
new file mode 100644
index 0000000..6f6ca01
--- /dev/null
+++ b/modules/system/corectrl.nix
@@ -0,0 +1,5 @@
+{ ... }: {
+  programs.corectrl = {
+    enable = true;
+  };
+}
diff --git a/modules/system/docker.nix b/modules/system/docker.nix
new file mode 100644
index 0000000..1ebd190
--- /dev/null
+++ b/modules/system/docker.nix
@@ -0,0 +1,13 @@
+{ pkgs, ... }: {
+  virtualisation.docker = {
+    enable = true;
+    storageDriver = "btrfs";
+    # rootless = {
+    #   enable = true;
+    #   setSocketVariable = true;
+    # };
+  };
+  environment.systemPackages = [
+    pkgs.docker-compose
+  ];
+}
diff --git a/modules/system/flatpak.nix b/modules/system/flatpak.nix
new file mode 100644
index 0000000..fbb80bb
--- /dev/null
+++ b/modules/system/flatpak.nix
@@ -0,0 +1,8 @@
+{ pkgs, ... }: {
+  services.flatpak.enable = true;
+  xdg.portal = {
+    enable = true;
+    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
+    config.common.default = "*";
+  };
+}
diff --git a/modules/system/greetd.nix b/modules/system/greetd.nix
new file mode 100644
index 0000000..f220847
--- /dev/null
+++ b/modules/system/greetd.nix
@@ -0,0 +1,18 @@
+{ pkgs, ... }: {
+  services.greetd = {
+    enable = true;
+    settings = {
+      default_session = {
+        command = "${pkgs.tuigreet}/bin/tuigreet --remember --asterisks --time --cmd 'zsh -c \"source $HOME/.config/zsh/.zshrc && Hyprland > $XDG_RUNTIME_DIR/Hyprland.out\"'";
+        user = "greeter";
+      };
+
+      initial_session = {
+        command = "${pkgs.writeShellScript "launch.sh" ''
+          zsh -c "source $HOME/.config/zsh/.zshrc && Hyprland > \"$XDG_RUNTIME_DIR/Hyprland.out\""
+        ''}";
+        user = "rin";
+      };
+    };
+  };
+}
diff --git a/modules/system/gui.nix b/modules/system/gui.nix
new file mode 100644
index 0000000..7028dac
--- /dev/null
+++ b/modules/system/gui.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ... }: {
+  fonts = {
+    enableDefaultPackages = true;
+    fontconfig = {
+      defaultFonts = {
+        serif = [ "NotoSerif" ];
+        sansSerif = [ "NotoSans" ];
+        monospace = [ "CascadiaCode" ];
+      };
+    };
+    packages = with pkgs; [
+      material-symbols
+      material-icons
+      cascadia-code
+      hanazono
+      noto-fonts
+      noto-fonts-cjk-sans
+      open-sans
+      twemoji-color-font
+      unifont
+    ];
+  };
+  services.xserver = {
+    enable = true;
+    displayManager.lightdm.enable = lib.mkForce false;
+    desktopManager.xterm.enable = false;
+  };
+
+  programs.hyprland.enable = true;
+  security.pam.services.hyprlock = {};
+}
diff --git a/modules/system/home-manager.nix b/modules/system/home-manager.nix
new file mode 100644
index 0000000..7d0f19d
--- /dev/null
+++ b/modules/system/home-manager.nix
@@ -0,0 +1,19 @@
+{ config, inputs, modules, ... }: {
+  imports = [
+    inputs.home-manager.nixosModules.home-manager
+  ];
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    extraSpecialArgs = {
+      inherit inputs modules;
+      sysConfig = config;
+    };
+    sharedModules = [
+      {
+        imports = [ modules.options ];
+        config.me = config.me;
+      }
+    ];
+  };
+}
diff --git a/modules/system/input.nix b/modules/system/input.nix
new file mode 100644
index 0000000..a0bf2ff
--- /dev/null
+++ b/modules/system/input.nix
@@ -0,0 +1,24 @@
+{ ... }: {
+  services.xserver = {
+    displayManager = {
+      xserverArgs = [
+        "-ardelay 150"
+        "-arinterval 15"
+      ];
+    };
+  };
+  services.keyd = {
+    enable = true;
+    keyboards = {
+      default = {
+        ids = [ "*" ];
+        settings = {
+          main = {
+            capslock = "esc";
+            esc = "capslock";
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/modules/system/kernel.nix b/modules/system/kernel.nix
new file mode 100644
index 0000000..c0a1bcf
--- /dev/null
+++ b/modules/system/kernel.nix
@@ -0,0 +1,18 @@
+{ config, pkgs, ... }: {
+  boot = {
+    blacklistedKernelModules = [ "uvcvideo" ];
+    initrd = {
+      includeDefaultModules = false;
+      availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
+    };
+    kernel.sysctl = {
+      "kernel.core_pattern" = "|/bin/false";
+      "kernel.sysrq" = 1;
+    };
+  };
+  hardware.enableRedistributableFirmware = true;
+  zramSwap = {
+    enable = true;
+    priority = 100;
+  };
+}
diff --git a/modules/system/nix-stable.nix b/modules/system/nix-stable.nix
new file mode 100644
index 0000000..1884c04
--- /dev/null
+++ b/modules/system/nix-stable.nix
@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }: {
+  nix = {
+    package = pkgs.nixVersions.latest;
+
+    settings = rec {
+      substituters = [
+        "https://cache.nixos.org?priority=10"
+        "https://lava.cachix.org"
+      ];
+      trusted-public-keys = [
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "lava.cachix.org-1:8lTWI/3IKWHByzzYHZySunMPYs2eAJw2duL+uLZkSy0="
+      ];
+      trusted-substituters = substituters;
+    };
+
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+  };
+  nixpkgs.config.allowUnfree = true;
+  programs.nh.enable = true;
+}
diff --git a/modules/system/nix.nix b/modules/system/nix.nix
new file mode 100644
index 0000000..eb14f73
--- /dev/null
+++ b/modules/system/nix.nix
@@ -0,0 +1,28 @@
+{ config, inputs, pkgs, ... }: {
+  nix = {
+    nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
+    package = pkgs.nixVersions.latest;
+
+    settings = rec {
+      extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
+      substituters = [
+        "https://cache.nixos.org?priority=10"
+        "https://lava.cachix.org"
+        "https://nix-gaming.cachix.org"
+      ];
+      trusted-public-keys = [
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "lava.cachix.org-1:8lTWI/3IKWHByzzYHZySunMPYs2eAJw2duL+uLZkSy0="
+        "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
+      ];
+      trusted-substituters = substituters;
+      trusted-users = [ "root" "rin" ];
+    };
+
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+  };
+  nixpkgs.config.allowUnfree = true;
+  programs.nh.enable = true;
+}
diff --git a/modules/system/packages-gui.nix b/modules/system/packages-gui.nix
new file mode 100644
index 0000000..d853c40
--- /dev/null
+++ b/modules/system/packages-gui.nix
@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }: {
+  config = lib.mkIf config.me.gui {
+    environment.systemPackages = with pkgs; [
+      android-tools
+      gparted
+      nautilus
+    ];
+    hardware.graphics.extraPackages = with pkgs; [
+      intel-vaapi-driver
+      libva-vdpau-driver
+      libvdpau-va-gl
+    ];
+    hardware.opentabletdriver.enable = true;
+    hardware.keyboard.qmk.enable = true;
+    programs.steam = {
+      enable = true;
+      package = pkgs.steam.override {
+        extraPkgs = pkgs: with pkgs; [
+          gsettings-desktop-schemas
+        ];
+      };
+    };
+    services.dbus.packages = [ pkgs.dconf pkgs.gcr ];
+    services.gnome.sushi.enable = true;
+  };
+}
diff --git a/modules/system/packages.nix b/modules/system/packages.nix
new file mode 100644
index 0000000..d4e2e3c
--- /dev/null
+++ b/modules/system/packages.nix
@@ -0,0 +1,25 @@
+{ pkgs, ... }: {
+  imports = [ ./packages-gui.nix ];
+  environment.systemPackages = with pkgs; [
+    # ecryptfs
+    efibootmgr
+    fd
+    git
+    git-crypt
+    htop
+    jq
+    kitty.terminfo
+    libarchive
+    lf
+    msr-tools
+    ncdu
+    neovim
+    nfs-utils
+    ntfs3g
+    ripgrep
+    rsync
+    sshfs
+    wget
+  ];
+  environment.variables.EDITOR = "nvim";
+}
diff --git a/modules/system/printing.nix b/modules/system/printing.nix
new file mode 100644
index 0000000..f7ccb20
--- /dev/null
+++ b/modules/system/printing.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }: {
+  services.printing = {
+    enable = true;
+    drivers = with pkgs; [
+      epson-escpr
+      #me.epson-201112j
+    ];
+  };
+}
diff --git a/modules/system/security.nix b/modules/system/security.nix
new file mode 100644
index 0000000..f1f087b
--- /dev/null
+++ b/modules/system/security.nix
@@ -0,0 +1,85 @@
+{ config, lib, pkgs, ... }: {
+  networking.firewall =
+  let
+    iptables = "${pkgs.iptables}/bin/iptables";
+    genCmds = type: ''
+      ${iptables} -${type} nixos-fw -p tcp --source 192.168.0.0/16 -j nixos-fw-accept ${if type == "D" then " || true" else ""}
+      ${iptables} -${type} nixos-fw -p udp --source 192.168.0.0/16 -j nixos-fw-accept ${if type == "D" then " || true" else ""}
+    '';
+  in {
+    enable = true;
+    allowedUDPPortRanges = [ { from = 20000; to = 20100; } ];
+    allowedTCPPortRanges = [ { from = 20000; to = 20100; } ];
+    trustedInterfaces = [ "wg0" ];
+    logRefusedConnections = false;
+
+    extraCommands = genCmds "I";
+    extraStopCommands = genCmds "D";
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+      X11Forwarding = true;
+    };
+
+    hostKeys = [
+      {
+        bits = 4096;
+        path = "/persist/ssh_host_rsa_key";
+        rounds = 100;
+        type = "rsa";
+      }
+      {
+        path = "/persist/ssh_host_ed25519_key";
+        rounds = 100;
+        type = "ed25519";
+      }
+    ];
+  };
+
+  security = {
+    polkit.enable = true;
+    sudo.enable = false;
+    doas = {
+      enable = true;
+      extraRules = [
+        {
+          groups = [ "wheel" ];
+          keepEnv = true;
+          persist = true;
+        }
+      ];
+    };
+    pam = lib.mkIf (config.me.environment != "headless") {
+      u2f = {
+        enable = true;
+        settings = {
+          cue = true;
+          pinverification = 1;
+        };
+      };
+      services.doas.rules.auth = {
+        u2f.settings.pinverification = lib.mkForce 0;
+        u2f_int = lib.mkMerge [
+          {
+            enable = true;
+            order = config.security.pam.services.doas.rules.auth.u2f.order + 1;
+            control = "sufficient";
+            modulePath = "${pkgs.pam_u2f}/lib/security/pam_u2f.so";
+            inherit (config.security.pam.u2f) settings;
+          }
+          {
+            settings = lib.mkForce {
+              interactive = true;
+              pinverification = 0;
+              userpresence = 0;
+            };
+          }
+        ];
+      };
+    };
+  };
+}
diff --git a/modules/system/snapper.nix b/modules/system/snapper.nix
new file mode 100644
index 0000000..60cf41e
--- /dev/null
+++ b/modules/system/snapper.nix
@@ -0,0 +1,17 @@
+{ config, lib, ... }: {
+  services.snapper = {
+    cleanupInterval = "1h";
+    configs.home = {
+      FSTYPE = "btrfs";
+      SUBVOLUME = "/home";
+      TIMELINE_CLEANUP = true;
+      TIMELINE_CREATE = true;
+      TIMELINE_MIN_AGE = "1800";
+      TIMELINE_LIMIT_HOURLY = "5";
+      TIMELINE_LIMIT_DAILY = "7";
+      TIMELINE_LIMIT_WEEKLY = "0";
+      TIMELINE_LIMIT_MONTHLY = "0";
+      TIMELINE_LIMIT_YEARLY = "0";
+    };
+  };
+}
diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix
new file mode 100644
index 0000000..5e3e044
--- /dev/null
+++ b/modules/system/tailscale.nix
@@ -0,0 +1,13 @@
+{ config, lib, ... }: {
+  age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age;
+  me.binds."/var/lib/tailscale" = "tailscale";
+  networking.firewall.trustedInterfaces = [ "tailscale0" ];
+  networking.firewall.allowedUDPPorts = lib.mkIf (config.me.environment == "headless") [ 123 ];
+
+  services.tailscale = {
+    enable = true;
+    authKeyFile = config.age.secrets.tailscale_auth.path;
+    openFirewall = true;
+    useRoutingFeatures = if config.me.environment == "headless" then "both" else "client";
+  };
+}
diff --git a/modules/system/virtualisation.nix b/modules/system/virtualisation.nix
new file mode 100644
index 0000000..b575f05
--- /dev/null
+++ b/modules/system/virtualisation.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }: {
+  virtualisation = {
+    spiceUSBRedirection.enable = true;
+    libvirtd = {
+      enable = true;
+      qemu.package = pkgs.qemu_kvm.override { smbdSupport = true; };
+    };
+  };
+}
diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix
new file mode 100644
index 0000000..71f85ad
--- /dev/null
+++ b/modules/system/wireguard.nix
@@ -0,0 +1,127 @@
+{ config, lib, pkgs, gcSecrets, ... }:
+let
+  port = 51801;
+  serverName = "dandelion";
+  serverInterface = "enp0s6";
+  serverIp = gcSecrets.wireguard.gateway;
+
+  forwarding = {
+    "22727" = [ "10.100.0.3" "7777" ];
+  };
+
+  mapForwards = type:
+    builtins.concatStringsSep "\n" (
+      lib.mapAttrsToList (sport: tuple:
+      let
+        dest = builtins.head tuple;
+        dport = lib.last tuple;
+      in ''
+        ${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p tcp --dport ${sport} -j DNAT --to ${dest}:${dport}
+        ${pkgs.iptables}/bin/iptables -${type} FORWARD -p tcp -d ${dest} --dport ${dport} -j ACCEPT
+        ${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p udp --dport ${sport} -j DNAT --to ${dest}:${dport}
+        ${pkgs.iptables}/bin/iptables -${type} FORWARD -p udp -d ${dest} --dport ${dport} -j ACCEPT
+      '') forwarding
+    );
+
+  clients = {
+    hyacinth = {
+      publicKey = "6nVhazYdmC15A/nke9VrqIg3sOBVOmqj4GEsyBq7MVo=";
+      allowedIPs = [ "10.100.0.3/32" "${gcSecrets.wireguard.ipv6Subnet}:3" "fd0d::3" ];
+      interfaces = {
+        wg0 = { peers = [ server6OnlyPeer ]; };
+        wg1 = { peers = [ serverPeer ]; autostart = false; };
+        wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; };
+      };
+    };
+    anemone = {
+      publicKey = "px5+JNdAmqBvUC++DhiJrUBRAr+BYP6iYVt4sbhPTWY=";
+      allowedIPs = [ "10.100.0.4/32" "${gcSecrets.wireguard.ipv6Subnet}:4" "fd0d::4" ];
+      interfaces = {
+        wg0 = { peers = [ server6OnlyPeer ]; };
+        wg1 = { peers = [ serverPeer ]; autostart = false; };
+        wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; };
+      };
+    };
+    hibiscus = {
+      publicKey = "vQ5a2KMrwi7RCRsD0yvog+n35vQYFuvwiPn+W4lbRBw=";
+      allowedIPs = [ "10.100.0.5/32" "${gcSecrets.wireguard.ipv6Subnet}:5" "fd0d::5" ];
+      interfaces = {
+        wg0 = { peers = [ server6OnlyPeer ]; };
+        wg1 = { peers = [ serverPeer ]; autostart = false; };
+        wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; };
+      };
+    };
+    hazel = {
+      publicKey = "0zruTndObzHo+b1rbOuTsxCU97epygZycxXS/lgUHUc=";
+      allowedIPs = [ "10.100.0.21/32" "${gcSecrets.wireguard.ipv6Subnet}:21" "fd0d::21" ];
+      interfaces = {
+        wg0 = {
+          dns = [ "::1" "127.0.0.1" ];
+          peers = [ serverLocalOnlyPeer ];
+        };
+      };
+    };
+  };
+
+  clientPeers = builtins.map (client: builtins.removeAttrs client [ "interfaces" ]) (builtins.attrValues clients);
+  serverPeerWith = ips: {
+    publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0=";
+    allowedIPs = ips;
+    endpoint = "${serverIp}:${toString port}";
+    persistentKeepalive = 25;
+  };
+  serverPeer = serverPeerWith [ "0.0.0.0/0" "::/0" ];
+  server6OnlyPeer = serverPeerWith [ "10.100.0.0/24" "::/0" ];
+  serverLocalOnlyPeer = serverPeerWith [ "10.100.0.0/24" "fd0d::/16" ];
+
+  serverConfig = {
+    nat = {
+      enable = true;
+      externalInterface = serverInterface;
+      internalInterfaces = [ "wg0" ];
+    };
+    firewall = {
+      allowedTCPPorts = (builtins.map (s: lib.strings.toInt s) (builtins.attrNames forwarding));
+      allowedUDPPorts = [ port ];
+    };
+
+    wireguard.interfaces.wg0 = {
+      ips = [ "10.100.0.1/24" "${gcSecrets.wireguard.ipv6Subnet}:1" "fd0d::1" ];
+      listenPort = port;
+
+      postSetup = ''
+        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${serverInterface} -j MASQUERADE
+        ${mapForwards "A"}
+      '';
+      postShutdown = ''
+        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${serverInterface} -j MASQUERADE
+        ${mapForwards "D"}
+      '';
+
+      privateKeyFile = config.age.secrets."wg_${serverName}".path;
+      peers = clientPeers;
+    };
+  };
+
+  clientConfig = {
+    wg-quick.interfaces =
+    let
+      client = clients."${config.networking.hostName}";
+    in
+      builtins.mapAttrs (interface: conf: {
+        address = client.allowedIPs;
+        dns = [ "fd0d::1" "10.100.0.1" ];
+        privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path;
+      } // conf) client.interfaces;
+  };
+in {
+  boot.kernel.sysctl = lib.mkIf (config.networking.hostName == serverName) ({
+    "net.ipv6.conf.all.forwarding" = true;
+    "net.ipv6.conf.default.forwarding" = true;
+  });
+  networking =
+    lib.mkMerge [
+      (lib.mkIf (config.networking.hostName == serverName) serverConfig)
+      (lib.mkIf (config.networking.hostName != serverName) clientConfig)
+    ];
+}
diff --git a/modules/user/catppuccin.nix b/modules/user/catppuccin.nix
new file mode 100644
index 0000000..176b42c
--- /dev/null
+++ b/modules/user/catppuccin.nix
@@ -0,0 +1,75 @@
+{ config, inputs, lib, pkgs, ... }: {
+  imports = [
+    inputs.catppuccin.homeManagerModules.catppuccin
+  ];
+
+  options.catppuccin.colors = lib.mkOption {
+    type = lib.types.attrs;
+    default = (builtins.fromJSON (builtins.readFile "${inputs.catppuccin-palette}/palette.json"))."${config.catppuccin.flavor}".colors;
+  };
+  options.catppuccin.hexcolors = lib.mkOption {
+    type = lib.types.attrs;
+    default = builtins.mapAttrs (name: value: value.hex) config.catppuccin.colors;
+  };
+
+  config = {
+    catppuccin = {
+      accent = lib.mkDefault "pink";
+      flavor = lib.mkDefault "mocha";
+      kitty.enable = true;
+      gtk.enable = true;
+      hyprlock.enable = true;
+      nvim.enable = true;
+    };
+
+    specialisation = {
+      light.configuration.catppuccin.flavor = "latte";
+      dark.configuration.catppuccin.flavor = "mocha";
+    };
+
+    home.packages = [(pkgs.writeShellScriptBin "theme" ''
+      last_path="$HOME/.local/state/last-theme"
+      target="$1"
+      if [ "$target" == "get_last" ]; then
+        if [ ! -e "$last_path" ]; then
+          echo "no last theme found; assuming dark" >&2
+          target="dark"
+        else
+          target=$(cat "$last_path" | tr -d "\n")
+        fi
+        echo "$target"
+        exit 0
+      fi
+      if [ "$target" == "restore" ]; then
+        echo "restoring theme"
+        if [ ! -e "$last_path" ]; then
+          echo "no last theme found; assuming dark" >&2
+          target="dark"
+        else
+          target=$(cat "$last_path" | tr -d "\n")
+        fi
+      fi
+      if [ "$target" != "dark" ] && [ "$target" != "light" ]; then
+        echo "invalid theme, valid values: [dark, light, restore]"
+        exit 1
+      fi
+      current="$HOME/.local/state/home-manager/gcroots/current-home/"
+      cached="$HOME/.local/state/last-parent-specialisation"
+      if [ -d "$current/specialisation" ]; then
+        if [ -d "$cached" ]; then
+          rm -f "$cached"
+        fi
+        ln -sf "$(readlink -f $current)" "$cached"
+      fi
+
+      if [ ! -d "$cached/specialisation" ]; then
+        echo "no specialisations found"
+        exit 1
+      fi
+
+      "$cached/specialisation/$target/activate"
+
+      echo "$target" > "$last_path"
+    '')];
+  };
+}
diff --git a/modules/user/comma.nix b/modules/user/comma.nix
new file mode 100644
index 0000000..5ae7f03
--- /dev/null
+++ b/modules/user/comma.nix
@@ -0,0 +1,7 @@
+{ inputs, ... }: {
+  imports = [
+    inputs.nix-index-database.homeModules.default
+  ];
+  programs.nix-index.enable = true;
+  programs.nix-index-database.comma.enable = true;
+}
diff --git a/modules/user/direnv.nix b/modules/user/direnv.nix
new file mode 100644
index 0000000..2329800
--- /dev/null
+++ b/modules/user/direnv.nix
@@ -0,0 +1,16 @@
+{ config, lib, ... }: {
+  programs.direnv = {
+    enable = true;
+    nix-direnv = {
+      enable = true;
+    };
+  };
+  programs.git.settings.core.excludesFile = ".envrc";
+  # We can't use .source since hm manages this file too
+  xdg.configFile."direnv/direnvrc".text = builtins.readFile ../../res/direnvrc;
+  home.activation = {
+    direnvClearCache = lib.hm.dag.entryAfter ["writeBoundary"] ''
+      $DRY_RUN_CMD rm -rf $VERBOSE_ARG $HOME/.cache/direnv/layouts
+    '';
+  };
+}
diff --git a/modules/user/dunst.nix b/modules/user/dunst.nix
new file mode 100644
index 0000000..2ae1404
--- /dev/null
+++ b/modules/user/dunst.nix
@@ -0,0 +1,71 @@
+{ config, pkgs, ... }:
+let
+  historyScript = pkgs.writeShellScript "dunst_history.sh" ''
+    echo "$(${pkgs.coreutils}/bin/date +%s):$DUNST_TIMESTAMP:$DUNST_APP_NAME:$DUNST_URGENCY:$DUNST_SUMMARY:$DUNST_BODY" >> ${config.xdg.dataHome}/dunst/history
+  '';
+in {
+  systemd.user.tmpfiles.rules = [ "d ${config.xdg.dataHome}/dunst - - - -" ];
+
+  services.dunst = {
+    enable = true;
+    settings = {
+      global = {
+        monitor = 0;
+        follow = "mouse";
+        width = "(100, 450)";
+        origin = "top-right";
+        offset = "24x50";
+        notification_limit = 0;
+        indicate_hidden = true;
+        shrink = true;
+        separator_height = 0;
+        padding = 16;
+        horizontal_padding = 24;
+        frame_width = 0;
+        sort = false;
+        idle_threshold = 60;
+        font = "Open Sans 9";
+        line_height = 4;
+        markup = "full";
+        format = "<b>%s</b>\\n%b";
+        alignment = "left";
+        show_age_threshold = 60;
+        word_wrap = true;
+        ignore_newline = false;
+        stack_duplicates = false;
+        hide_duplicate_count = true;
+        show_indicators = false;
+        icon_position = "left";
+        max_icon_size = 40;
+        sticky_history = true;
+        history_length = 100;
+        browser = "${pkgs.firefox}/bin/firefox -new-tab";
+        always_run_script = true;
+        title = "Dunst";
+        class = "Dunst";
+        corner_radius = 15;
+
+        script = historyScript.outPath;
+      };
+
+      urgency_low = {
+        background = config.catppuccin.hexcolors.crust;
+        foreground = config.catppuccin.hexcolors.text;
+        timeout = 3;
+      };
+
+      urgency_normal = {
+        background = config.catppuccin.hexcolors.crust;
+        foreground = config.catppuccin.hexcolors.text;
+        timeout = 5;
+      };
+
+      urgency_critical = {
+        background = config.catppuccin.hexcolors.crust;
+        foreground = config.catppuccin.hexcolors.text;
+        frame_color = config.catppuccin.hexcolors.red;
+        timeout = 0;
+      };
+    };
+  };
+}
diff --git a/modules/user/eww.nix b/modules/user/eww.nix
new file mode 100644
index 0000000..13db70e
--- /dev/null
+++ b/modules/user/eww.nix
@@ -0,0 +1,29 @@
+{ config, lib, pkgs, ... }:
+let
+  inherit (lib) boolToString defaultTo;
+  res = pkgs.stdenvNoCC.mkDerivation {
+    pname = "eww-wayland-config";
+    version = "1.0.0";
+    dontUnpack = true;
+    installPhase = ''
+      cp -r ${../../res/eww} $out
+
+      substituteInPlace $out/eww.yuck \
+        --replace-fail "_BAT_ENABLED_" "${boolToString (config.me.batteryDevice != null)}" \
+        --replace-fail "_BAT_PATH_" "${defaultTo "" config.me.batteryDevice}" \
+        --replace-fail "_BT_ENABLED_" "${boolToString config.me.hasBluetooth}" \
+        --replace-fail "_WIFI_ENABLED_" "${boolToString config.me.hasWifi}"
+
+      substituteInPlace $out/eww.scss \
+        --replace-fail "EWW_BACKGROUND" "${config.catppuccin.hexcolors.crust}" \
+        --replace-fail "EWW_TEXT" "${config.catppuccin.hexcolors.text}" \
+        --replace-fail "EWW_ACCENT" "${config.catppuccin.hexcolors.${config.catppuccin.accent}}"
+    '';
+  };
+in {
+  home.packages = with pkgs; [ iw socat ];
+  programs.eww = {
+    enable = true;
+  };
+  xdg.configFile."eww".source = res;
+}
diff --git a/modules/user/git.nix b/modules/user/git.nix
new file mode 100644
index 0000000..ca2762e
--- /dev/null
+++ b/modules/user/git.nix
@@ -0,0 +1,16 @@
+{ ... }: {
+  programs.git = {
+    enable = true;
+    signing = {
+      key = "059F098EBF0E9A13E10A46BF6500251E087653C9";
+      signByDefault = true;
+    };
+    settings = {
+      user.name = "Cilly Leang";
+      user.email = "mini@cilly.moe";
+      core.abbrev = 11;
+      safe.directory = "/home/rin/Projects/flakes";
+      init.defaultBranch = "master";
+    };
+  };
+}
diff --git a/modules/user/gpg.nix b/modules/user/gpg.nix
new file mode 100644
index 0000000..dba731f
--- /dev/null
+++ b/modules/user/gpg.nix
@@ -0,0 +1,10 @@
+{ config, pkgs, ... }: {
+  programs.gpg = {
+    enable = true;
+    homedir = "${config.xdg.dataHome}/gnupg";
+  };
+  services.gpg-agent = {
+    enable = true;
+    pinentry.package = pkgs.pinentry-gnome3;
+  };
+}
diff --git a/modules/user/hypridle.nix b/modules/user/hypridle.nix
new file mode 100644
index 0000000..af7af86
--- /dev/null
+++ b/modules/user/hypridle.nix
@@ -0,0 +1,45 @@
+{ config, lib, pkgs, ... }:
+let
+  kblight = "brightnessctl -d ${config.me.kbBacklightDevice}";
+in
+{
+  home.packages = [ config.services.hypridle.package ];
+  services.hypridle = {
+    enable = true;
+    settings = {
+      general = {
+        lock_cmd = "pidof hyprlock || hyprlock";
+        before_sleep_cmd = "${lib.getExe pkgs.playerctl} pause; loginctl lock-session";
+        after_sleep_cmd = "hyprctl dispatch dpms on";
+      };
+
+      listener = lib.optionals (config.me.kbBacklightDevice != null) [
+        {
+          timeout = 120;
+          on-timeout = "${kblight} -s && ${kblight} 0";
+          on-resume = "${kblight} -r";
+        }
+      ] ++ [
+        {
+          timeout = 150;
+          on-timeout = "brightnessctl -s && brightnessctl 50%-";
+          on-resume = "brightnessctl -r";
+        }
+        {
+          timeout = 180;
+          on-timeout = "brightnessctl -r && loginctl lock-session";
+        }
+        {
+          timeout = 195;
+          on-timeout = "hyprctl dispatch dpms off";
+          on-resume = "hyprctl dispatch dpms on";
+        }
+      ] ++ lib.optionals (config.me.environment == "laptop") [
+        {
+          timeout = 600;
+          on-timeout = "systemctl suspend";
+        }
+      ];
+    };
+  };
+}
diff --git a/modules/user/hyprlock.nix b/modules/user/hyprlock.nix
new file mode 100644
index 0000000..529c522
--- /dev/null
+++ b/modules/user/hyprlock.nix
@@ -0,0 +1,148 @@
+{ config, lib, ... }:
+let
+  scaling = if config.me.hidpi then 1 else 0.5;
+  s = value: if builtins.isInt value || builtins.isFloat value
+  then
+    builtins.floor (value * scaling)
+  else if builtins.isList value
+  then
+    lib.strings.concatMapStringsSep "," (v: builtins.toString (scaling * v)) value
+  else
+    builtins.throw "invalid scaled value type ${builtins.typeOf value} for ${value}";
+  sn = value: s (builtins.map (v: (-v)) value);
+in
+{
+  programs.hyprlock = {
+    enable = true;
+    settings = {
+      general = {
+        disable_loading_bar = true;
+        hide_cursor = true;
+      };
+      auth = {
+        fingerprint = {
+          enabled = config.me.hasFingerprint;
+          ready_message = "Scan fingerprint to unlock";
+        };
+      };
+      background = {
+        monitor = "";
+        color = "$base";
+      };
+      shape = lib.optionals (config.me.batteryDevice != null) [
+        # Battery pill
+        {
+          monitor = "";
+          size = s [165 65];
+          color = "$crust";
+          rounding = -1;
+          halign = "right";
+          valign = "top";
+          position = sn [595 10];
+        }
+      ] ++ [
+        # Time pill
+        {
+          monitor = "";
+          size = s [545 65];
+          color = "$crust";
+          rounding = -1;
+          halign = "right";
+          valign = "top";
+          position = sn [40 10];
+        }
+      ];
+      label = lib.optionals config.me.hasFingerprint [
+        # Fingerprint icon
+        {
+            monitor = "";
+            color = "$text";
+            font_family = "Material Symbols Outlined";
+            font_size = s 64;
+            halign = "center";
+            valign = "top";
+            position = sn [0 100];
+            text = "";
+        }
+        # Fingerprint text
+        {
+          monitor = "";
+          color = "$text";
+          text = "$FPRINTPROMPT";
+          font_size = s 25;
+          font_family = "Open Sans";
+          position = sn [0 235];
+          halign = "center";
+          valign = "top";
+        }
+      ] ++ lib.optionals (config.me.batteryDevice != null) [
+        # Battery icon
+        {
+          monitor = "";
+          text = "";
+          color = "$accent";
+          font_family = "Material Symbols Outlined";
+          font_size = s 27;
+          position = sn [695 20];
+          halign = "right";
+          valign = "top";
+        }
+        # Battery percentage
+        {
+          monitor = "";
+          text = ''cmd[update:60000] echo "<span weight='700'>$(cat /sys/class/power_supply/${config.me.batteryDevice}/capacity)%</span>"'';
+          color = "$text";
+          font_size = s 23;
+          font_family = "Open Sans";
+          position = sn [625 20];
+          halign = "right";
+          valign = "top";
+        }
+      ] ++ [
+        # Time and Date
+        {
+          monitor = "";
+          color = "$text";
+          font_family = "Open Sans";
+          font_size = s 23;
+          halign = "right";
+          valign = "top";
+          position = sn [70 20];
+          text = ''cmd[update:1000] echo "<span alpha='70%' weight='550'>$(date '+%A, %d %B %Y')</span>  <span weight='700'>$(date +%H:%M)</span><span alpha='70%' weight='550'>$(date +:%S)</span>"'';
+        }
+
+        # Fail text under input
+        {
+          monitor = "";
+          color = "$red";
+          font_family = "Open Sans";
+          font_size = s 25;
+          text = "$FAIL $ATTEMPTS[]";
+          position = sn [0 200];
+          halign = "center";
+          valign = "center";
+        }
+      ];
+      input-field = {
+        monitor = "";
+        size = s [600 120];
+        outline_thickness = s 4;
+        check_color = "$peach";
+        dots_size = 0.2;
+        dots_spacing = 0.2;
+        dots_center = true;
+        fail_text = "";
+        font_color = "$text";
+        inner_color = "$crust";
+        outer_color = "$base";
+        placeholder_text = "Password";
+        fade_on_empty = false;
+        hide_input = false;
+        capslock_color = "$yellow";
+        position = sn [0 47];
+        halign = "center";
+        valign = "center";
+      };
+    };
+  };
+}
diff --git a/modules/user/kitty.nix b/modules/user/kitty.nix
new file mode 100644
index 0000000..ddc189a
--- /dev/null
+++ b/modules/user/kitty.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, ... }: {
+  programs.kitty = {
+    enable = true;
+    font = {
+      package = pkgs.cascadia-code;
+      name = "Cascadia Code PL";
+      size = 13;
+    };
+    settings = {
+      font_features = "-ss01 +ss19";
+      enable_audio_bell = false;
+      color5 = config.catppuccin.hexcolors.mauve;
+      color13 = config.catppuccin.hexcolors.mauve;
+      window_margin_width = 5;
+      scrollback_pager = ''nvim --noplugin -c "set signcolumn=no showtabline=0" -c "silent write! /tmp/kitty_scrollback_buffer | te cat /tmp/kitty_scrollback_buffer - " -c "autocmd VimEnter * normal G"'';
+      scrollback_pager_history_size = 2;
+    };
+  };
+}
diff --git a/users/rin/mpv.nix b/modules/user/mpv.nix
similarity index 62%
rename from users/rin/mpv.nix
rename to modules/user/mpv.nix
index c740392..6ef3da4 100644
--- a/users/rin/mpv.nix
+++ b/modules/user/mpv.nix
@@ -1,7 +1,7 @@
-{ config, pkgs, ... }: {
+{ pkgs, ... }: {
   programs.mpv = {
     enable = true;
-    package = pkgs.wrapMpv pkgs.mpv-unwrapped {
+    package = pkgs.mpv.override {
       youtubeSupport = true;
       scripts = [ pkgs.mpvScripts.mpris ];
     };
diff --git a/modules/user/neovim-minimal.nix b/modules/user/neovim-minimal.nix
new file mode 100644
index 0000000..392097d
--- /dev/null
+++ b/modules/user/neovim-minimal.nix
@@ -0,0 +1,38 @@
+{ config, lib, pkgs, ... }: {
+  systemd.user.tmpfiles.rules = [
+    "D %t/vim/swap 0755 - - - -"
+    "D %t/vim/undo 0755 - - - -"
+  ];
+  programs.neovim = {
+    enable = true;
+    viAlias = true;
+    vimAlias = true;
+    vimdiffAlias = true;
+    withNodeJs = false;
+    withPython3 = false;
+    withRuby = false;
+
+    plugins = with pkgs.vimPlugins; [
+      fzf-vim
+      lualine-nvim
+      tokyonight-nvim
+      vim-fugitive
+      vim-nix
+      vim-repeat
+      vim-signify
+      vim-surround
+
+      (nvim-treesitter.withPlugins (p: with p; [
+        tree-sitter-json
+        tree-sitter-lua
+        tree-sitter-nix
+        tree-sitter-toml
+        tree-sitter-yaml
+      ]))
+    ];
+
+    extraConfig = ''
+      luafile ${../../res/config-minimal.lua}
+    '';
+  };
+}
diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix
new file mode 100644
index 0000000..2b8d4c1
--- /dev/null
+++ b/modules/user/neovim.nix
@@ -0,0 +1,101 @@
+{ config, lib, pkgs, sysConfig, ... }:
+let
+  luaconf = pkgs.writeText "config.lua"
+    (lib.replaceStrings
+      ["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}" "{{USERNAME}}" "{{HOSTNAME}}"]
+      ["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor config.home.username sysConfig.networking.hostName]
+      (builtins.readFile ../../res/config.lua));
+in {
+  systemd.user.tmpfiles.rules = [
+    "D %t/vim/swap 0755 - - - -"
+    "D %t/vim/undo 0755 - - - -"
+  ];
+  programs.neovim = {
+    enable = true;
+    viAlias = true;
+    vimAlias = true;
+    vimdiffAlias = true;
+    #package = pkgs.neovim-nightly;
+    withNodeJs = true;
+    withPython3 = true;
+    withRuby = false;
+
+    extraPackages = with pkgs; [
+      nixd
+      rust-analyzer
+      texlab
+      astro-language-server
+      tailwindcss-language-server
+      diagnostic-languageserver
+      eslint_d
+      typescript-language-server
+      vscode-langservers-extracted
+      yaml-language-server
+    ];
+
+    plugins = with pkgs.vimPlugins; [
+      autoclose-nvim
+      auto-save-nvim
+      flutter-tools-nvim
+      fzf-vim
+      fzf-lsp-nvim
+      lualine-nvim
+      nvim-ts-autotag
+      nvim-web-devicons
+      plenary-nvim
+      tokyonight-nvim
+      vim-fugitive
+      vim-latex-live-preview
+      vim-nix
+      vim-repeat
+      vim-signify
+      vim-surround
+      vimtex
+      lsp_signature-nvim
+
+      nvim-cmp
+      nvim-dap
+      nvim-highlight-colors
+      nvim-lspconfig
+      cmp-nvim-lsp
+      cmp_luasnip
+      luasnip
+
+      #(pkgs.me.nvim-treesitter-nightly.withPlugins (p: with p; [
+      (nvim-treesitter.withPlugins (p: with p; [
+        tree-sitter-astro
+        tree-sitter-bash
+        tree-sitter-c
+        tree-sitter-c-sharp
+        tree-sitter-cpp
+        tree-sitter-groovy
+        tree-sitter-html
+        tree-sitter-java
+        tree-sitter-javascript
+        tree-sitter-json
+        tree-sitter-kotlin
+        tree-sitter-latex
+        tree-sitter-lua
+        tree-sitter-markdown
+        tree-sitter-nix
+        tree-sitter-php
+        tree-sitter-python
+        tree-sitter-query
+        tree-sitter-regex
+        tree-sitter-rust
+        tree-sitter-swift
+        tree-sitter-toml
+        tree-sitter-tsx
+        tree-sitter-typescript
+        tree-sitter-vim
+        tree-sitter-vimdoc
+        tree-sitter-xml
+        tree-sitter-yaml
+      ]))
+    ];
+
+    extraConfig = ''
+      luafile ${luaconf}
+    '';
+  };
+}
diff --git a/users/rin/npm.nix b/modules/user/npm.nix
similarity index 85%
rename from users/rin/npm.nix
rename to modules/user/npm.nix
index db86429..815cd46 100644
--- a/users/rin/npm.nix
+++ b/modules/user/npm.nix
@@ -1,6 +1,4 @@
 { config, pkgs, ... }: {
-  home.packages = [ pkgs.nodejs ];
-
   xdg.configFile."npm/npmrc".text = ''
     cache=${config.xdg.dataHome}/npm/cache
     prefix=${config.xdg.dataHome}/npm
diff --git a/modules/user/obs.nix b/modules/user/obs.nix
new file mode 100644
index 0000000..9ad912e
--- /dev/null
+++ b/modules/user/obs.nix
@@ -0,0 +1,10 @@
+{ pkgs, ... }: {
+  programs.obs-studio = {
+    enable = true;
+    plugins = with pkgs.obs-studio-plugins; [
+      obs-pipewire-audio-capture
+      obs-vaapi
+      obs-vkcapture
+    ];
+  };
+}
diff --git a/modules/user/rofi.nix b/modules/user/rofi.nix
new file mode 100644
index 0000000..1f11d06
--- /dev/null
+++ b/modules/user/rofi.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+let
+  theme = pkgs.stdenvNoCC.mkDerivation {
+    pname = "rofi-theme";
+    version = "1.0.0";
+    dontUnpack = true;
+    installPhase = ''
+      cp ${../../res/theme.rasi} $out
+      substituteInPlace $out \
+        --replace-fail "CAT_BACKGROUND" "${config.catppuccin.hexcolors.crust}" \
+        --replace-fail "CAT_TEXT" "${config.catppuccin.hexcolors.text}" \
+        --replace-fail "CAT_ACCENT" "${config.catppuccin.hexcolors.${config.catppuccin.accent}}" \
+        --replace-fail "CAT_PLACEHOLDER" "${config.catppuccin.hexcolors.overlay1}"
+    '';
+  };
+in {
+  programs.rofi = {
+    enable = true;
+    theme = "theme";
+  };
+  xdg.configFile."rofi/theme.rasi".source = theme;
+}
diff --git a/modules/user/sessionVariables.nix b/modules/user/sessionVariables.nix
new file mode 100644
index 0000000..22a6b09
--- /dev/null
+++ b/modules/user/sessionVariables.nix
@@ -0,0 +1,30 @@
+{ config, ... }: {
+  home.sessionVariables = {
+    PATH = builtins.concatStringsSep ":" [
+      "${config.home.homeDirectory}/.local/bin"
+      "${config.xdg.dataHome}/npm/bin"
+      "$PATH"
+    ];
+
+    EDITOR = "nvim";
+
+    _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${config.xdg.configHome}/java";
+    CARGO_HOME = "${config.xdg.dataHome}/cargo";
+    DIRENV_LOG_FORMAT = "";
+    FZF_DEFAULT_COMMAND = "fd --type f --hidden --follow --exclude .git";
+    GNUPGHOME = "${config.xdg.dataHome}/gnupg";
+    GTK2_RC_FILES = "${config.xdg.configHome}/gtk-2.0/gtkrc";
+    LESSHISTFILE = "-";
+    LUTRIS_SKIP_INIT = "1";
+    NIXOS_OZONE_WL = "1";
+    NODE_REPL_HISTORY = "${config.xdg.dataHome}/nodejs/repl_history";
+    NPM_CONFIG_USERCONFIG = "${config.xdg.configHome}/npm/npmrc";
+    PUB_CACHE = "${config.xdg.cacheHome}/dart";
+    WGETRC = "${config.xdg.configHome}/wgetrc";
+
+    WINEPREFIX = "${config.xdg.dataHome}/wine64";
+    WINEARCH = "win64";
+    # Stops wine from creating filetype associations
+    WINEDLLOVERRIDES = "winemenubuilder.exe=d";
+  };
+}
diff --git a/modules/user/spicetify.nix b/modules/user/spicetify.nix
new file mode 100644
index 0000000..ec854c4
--- /dev/null
+++ b/modules/user/spicetify.nix
@@ -0,0 +1,50 @@
+{ config, inputs, lib, pkgs, ... }:
+let
+  spicePkgs = inputs.spicetify-nix.legacyPackages.${pkgs.system};
+in
+{
+  imports = [ inputs.spicetify-nix.homeManagerModules.spicetify ];
+
+  programs.spicetify = {
+    enable = true;
+    alwaysEnableDevTools = true;
+    theme = spicePkgs.themes.catppuccin // {
+      additionalCss = ''
+        /* Removes "About the artist" text in now playing menu */
+        .main-nowPlayingView-sectionHeaderText {
+          display: none;
+        }
+
+        /* Removes gradient in now playing menu */
+        .main-nowPlayingView-contextItemInfo:before {
+          background: none;
+        }
+
+        /* Removes gradient above artist image */
+        /* https://stackoverflow.com/a/77015731 < this is so smart */
+        .main-nowPlayingView-aboutArtistV2ImageContainer.main-nowPlayingView-aboutArtistV2Image {
+          background-size: 0% 0%, cover;
+        }
+      '';
+    };
+    colorScheme = config.catppuccin.flavor;
+
+    enabledSnippets = with spicePkgs.snippets; [
+      removeGradient
+    ];
+    enabledCustomApps = with spicePkgs.apps; [
+      lyricsPlus
+    ];
+    enabledExtensions = with spicePkgs.extensions; [
+      fullAppDisplay
+      shuffle
+      hidePodcasts
+
+      songStats
+      history
+      volumePercentage
+    ];
+  };
+
+  home.file.".local/bin/spotify".source = lib.getExe config.programs.spicetify.spicedSpotify;
+}
diff --git a/modules/user/theming.nix b/modules/user/theming.nix
new file mode 100644
index 0000000..00ab88f
--- /dev/null
+++ b/modules/user/theming.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, ... }: {
+  gtk = {
+    enable = true;
+    gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
+    font = {
+      package = pkgs.open-sans;
+      name = "Open Sans";
+      size = 11;
+    };
+    gtk3.extraConfig = {
+      gtk-application-prefer-dark-theme = if config.catppuccin.flavor == "latte" then "0" else "1";
+    };
+    gtk4.extraConfig = {
+      gtk-application-prefer-dark-theme = if config.catppuccin.flavor == "latte" then "0" else "1";
+    };
+  };
+
+  dconf.settings = {
+    "org/gnome/desktop/interface".color-scheme = if config.catppuccin.flavor == "latte" then "prefer-light" else "prefer-dark";
+  };
+
+  home.pointerCursor = {
+    package = pkgs.yaru-theme;
+    name = "Yaru";
+    size = 24;
+    gtk.enable = true;
+    x11.enable = true;
+  };
+}
diff --git a/users/rin/xdg.nix b/modules/user/xdg.nix
similarity index 64%
rename from users/rin/xdg.nix
rename to modules/user/xdg.nix
index 1515e08..01802f0 100644
--- a/users/rin/xdg.nix
+++ b/modules/user/xdg.nix
@@ -1,9 +1,11 @@
 { config, ... }:
 let
-  genMimes = mimeTypes: builtins.listToAttrs (builtins.map (mimeType: {
-    name = mimeType;
-    value = "brave-browser.desktop";
-  }) mimeTypes);
+  genMimes = mimeTypes: builtins.listToAttrs (
+    builtins.map (mimeType: {
+      name = mimeType;
+      value = "firefox.desktop";
+    }) mimeTypes
+  );
 
   mimes = genMimes [
     "x-scheme-handler/http"
@@ -17,19 +19,20 @@ let
     "application/x-extension-xhtml"
     "application/x-extension-xht"
   ] // {
-    # XXX: this thing found it unwritable so it just deletes it and rewrite???
     "x-scheme-handler/tg" = "userapp-Kotatogram Desktop-CHJI40.desktop";
+    "image/png" = "feh.desktop";
+    "image/jpeg" = "feh.desktop";
   };
 in {
   xdg = {
     enable = true;
     mime.enable = true;
-    mimeApps = {
-      enable = true;
+    # mimeApps = {
+    #   enable = true;
 
-      associations.added = mimes;
-      defaultApplications = mimes;
-    };
+    #   associations.added = mimes;
+    #   defaultApplications = mimes;
+    # };
   };
 
   # XXX: might need to be moved
diff --git a/users/rin/zsh.nix b/modules/user/zsh.nix
similarity index 50%
rename from users/rin/zsh.nix
rename to modules/user/zsh.nix
index 8fb6d3b..1eb736c 100644
--- a/users/rin/zsh.nix
+++ b/modules/user/zsh.nix
@@ -1,7 +1,13 @@
-{ config, pkgs, ... }:
+# vim: ft=nix
+{ config, inputs, pkgs, sysConfig, ... }:
 let
   lib = pkgs.lib;
 
+  pluginFromInput = name: {
+    inherit name;
+    src = inputs.${name};
+  };
+
   abbrs = {
     e = "$EDITOR";
     rs = "source ~/.config/zsh/.zshrc";
@@ -32,7 +38,8 @@ let
     jf = "doas journalctl -f";
 
     fl = "cd ~/Projects/flakes";
-    nr = "doas nixos-rebuild switch --flake .#winter -v";
+    nr = "nh os switch";
+    nb = "nh os boot";
 
     gs = "git status";
     ga = "git add";
@@ -43,7 +50,8 @@ let
     gco = "git checkout";
     gd = "git diff";
     gds = "git diff --staged";
-    gf = "git commit --amend --no-edit";
+    gf = "git commit --amend --reset-author --no-edit";
+    gfe = "git commit --amend --reset-author";
     gl = "git log";
     gr = "git rebase -i";
   };
@@ -90,12 +98,14 @@ let
     bindkey -M vicmd 'k' history-substring-search-up
     bindkey -M vicmd 'j' history-substring-search-down
   '';
-in rec {
+  disableExecute = ''
+    bindkey -a -r ':'
+  '';
+in {
   programs.zsh = {
     enable = true;
-    dotDir = ".config/zsh";
+    dotDir = "${config.xdg.configHome}/zsh";
 
-    enableAutosuggestions = true;
     autocd = true;
     defaultKeymap = "viins";
 
@@ -107,40 +117,11 @@ in rec {
     };
 
     enableCompletion = true;
-    initExtraBeforeCompInit = ''
-      zstyle ':completion:*' completer _complete
-      zstyle ':completion:*' matcher-list "" 'm:{[:lower:][:upper:]-_}={[:upper:][:lower:]_-}' '+l:|=* r:|=*'
-      zstyle ':completion:*' menu select
-      _comp_options+=(globdots)
-      zmodload zsh/complist
-    '';
 
-    sessionVariables = {
-      PATH = builtins.concatStringsSep ":" [
-        "${config.home.homeDirectory}/.local/bin"
-        "${config.xdg.dataHome}/npm/bin"
-        "$PATH"
-      ];
-
-      XAUTHORITY = "$XDG_RUNTIME_DIR/Xauthority";
-      EDITOR = "nvim";
-
-      CARGO_HOME = "${config.xdg.dataHome}/cargo";
-      DIRENV_LOG_FORMAT = "";
-      GNUPGHOME = "${config.xdg.dataHome}/gnupg";
-      GTK2_RC_FILES = "${config.xdg.configHome}/gtk-2.0/gtkrc";
-      LESSHISTFILE = "-";
-      NODE_REPL_HISTORY="${config.xdg.dataHome}/nodejs/repl_history";
-      NPM_CONFIG_USERCONFIG = "${config.xdg.configHome}/npm/npmrc";
-      WGETRC = "${config.xdg.configHome}/wgetrc";
-      XINITRC = "${config.xdg.configHome}/xorg/xinitrc";
-
-      WINEPREFIX = "${config.xdg.dataHome}/wine64";
-      WINEARCH = "win64";
-    };
     localVariables = {
-      PS1 = "%B%{$fg[red]%}[%{$fg[yellow]%}%n%{$fg[green]%}@%{$fg[blue]%}%M %{$fg[magenta]%}%~%{$fg[red]%}]%{$reset_color%}$%b ";
-      ZSH_AUTOSUGGEST_STRATEGY = ["completion"];
+      KEYTIMEOUT = "1";
+      #PS1 = "%B%{$fg[red]%}[%{$fg[yellow]%}%n%{$fg[green]%}@%{$fg[blue]%}%M %{$fg[magenta]%}%~%{$fg[red]%}]%{$reset_color%}$%b ";
+      ZSH_AUTOSUGGEST_STRATEGY = [ "completion" ];
       ZSH_AUTOSUGGEST_USE_ASYNC = true;
       ZSH_AUTOSUGGEST_BUFFER_MAX_SIZE = 40;
     };
@@ -149,54 +130,37 @@ in rec {
       ls = "ls --color=auto --group-directories-first -v";
       diff = "diff -Naur --color=auto";
     };
-    initExtraFirst = ''
-      autoload -U colors && colors
-    '';
-    initExtra = lib.concatStringsSep "\n" [
-      # pure
-      cursorShape
-      direnv
-      genAbbrs
-      viExtraNav
+    initContent = lib.mkMerge [
+      (lib.mkBefore ''
+        autoload -U colors && colors
+      '')
+      (lib.mkOrder 550 ''
+        fpath+=(/run/current-system/sw/share/zsh/site-functions)
+        zstyle ':completion:*' completer _complete
+        zstyle ':completion:*' matcher-list "" 'm:{[:lower:][:upper:]-_}={[:upper:][:lower:]_-}' '+l:|=* r:|=*'
+        zstyle ':completion:*' menu select
+        _comp_options+=(globdots)
+        zmodload zsh/complist
+      '')
+      (lib.concatStringsSep "\n" [
+        pure
+        cursorShape
+        direnv
+        genAbbrs
+        viExtraNav
+        disableExecute
+      ])
     ];
 
-    plugins = [
-      {
-        name = "zsh-abbr";
-        src = pkgs.fetchFromGitHub {
-          owner = "olets";
-          repo = "zsh-abbr";
-          rev = "99af0455b7b86ff3894a4bcf73380be2d595fa54";
-          sha256 = "014zvikfqqcv40x24h60ad3vyjz6kf9f7xhkk6iz7qyxwgcs90zs";
-        };
-      }
-      {
-        name = "zsh-history-substring-search";
-        src = pkgs.fetchFromGitHub {
-          owner = "zsh-users";
-          repo = "zsh-history-substring-search";
-          rev = "0f80b8eb3368b46e5e573c1d91ae69eb095db3fb";
-          sha256 = "0y8va5kc2ram38hbk2cibkk64ffrabfv1sh4xm7pjspsba9n5p1y";
-        };
-      }
-      {
-        name = "fast-syntax-highlighting";
-        src = pkgs.fetchFromGitHub {
-          owner = "zdharma";
-          repo = "fast-syntax-highlighting";
-          rev = "817916dfa907d179f0d46d8de355e883cf67bd97";
-          sha256 = "0m102makrfz1ibxq8rx77nngjyhdqrm8hsrr9342zzhq1nf4wxxc";
-        };
-      }
-      # {
-      #   name = "pure";
-      #   src = pkgs.fetchFromGitHub {
-      #     owner = "sindresorhus";
-      #     repo = "pure";
-      #     rev = "43aafe0b4dc05174c57ee623c03c64400e832ece";
-      #     sha256 = "0dadhbmq9ijk9nvkg936axgp12x2v2wppxqvlzn095d6v9nikc9p";
-      #   };
-      # }
-    ];
+    plugins = builtins.map (e: pluginFromInput e) [
+      "pure"
+      "zsh-abbr"
+      "zsh-history-substring-search"
+      "fast-syntax-highlighting"
+    ] ++ [{
+      name = "zsh-autosuggestions";
+      src = pkgs.zsh-autosuggestions + "/share/zsh-autosuggestions";
+      file = "zsh-autosuggestions.zsh";
+    }];
   };
 }
diff --git a/overlays/bitwarden-desktop.nix b/overlays/bitwarden-desktop.nix
new file mode 100644
index 0000000..2d7be24
--- /dev/null
+++ b/overlays/bitwarden-desktop.nix
@@ -0,0 +1,19 @@
+# https://github.com/NixOS/nixpkgs/pull/374068
+self: super: {
+  bitwarden-desktop = super.bitwarden-desktop.overrideAttrs (o: {
+    preBuild = o.preBuild + ''
+      pushd apps/desktop/desktop_native/proxy
+      cargo build --offline --bin desktop_proxy --release
+      popd
+    '';
+    installPhase = builtins.replaceStrings ["runHook preInstall"] [''
+      runHook preInstall
+
+      install -Dm755 -t $out/bin apps/desktop/desktop_native/target/release/desktop_proxy
+
+      mkdir -p $out/lib/mozilla/native-messaging-hosts
+      substituteAll ${./patches/firefox-native-messaging-host.json} $out/lib/mozilla/native-messaging-hosts/com.8bit.bitwarden.json
+
+    ''] o.installPhase;
+  });
+}
diff --git a/overlays/cascadia-code.nix b/overlays/cascadia-code.nix
new file mode 100644
index 0000000..59ce553
--- /dev/null
+++ b/overlays/cascadia-code.nix
@@ -0,0 +1,12 @@
+self: super: {
+  cascadia-code = super.cascadia-code.overrideAttrs(o: {
+    installPhase = (builtins.replaceStrings ["runHook postInstall"] [""] o.installPhase) + ''
+      install -Dm644 otf/static/*.otf -t $out/share/fonts/opentype
+      install -Dm644 ttf/static/*.ttf -t $out/share/fonts/truetype
+      rm $out/share/fonts/opentype/*NF*
+      rm $out/share/fonts/truetype/*NF*
+      runHook postInstall
+    '';
+
+  });
+}
diff --git a/overlays/ccache.nix b/overlays/ccache.nix
new file mode 100644
index 0000000..e88593b
--- /dev/null
+++ b/overlays/ccache.nix
@@ -0,0 +1,25 @@
+self: super: {
+  ccacheWrapper = super.ccacheWrapper.override {
+    extraConfig = ''
+      export CCACHE_COMPRESS=1
+      export CCACHE_DIR="/var/cache/ccache"
+      export CCACHE_UMASK=007
+      if [ ! -d "$CCACHE_DIR" ]; then
+        echo "====="
+        echo "Directory '$CCACHE_DIR' does not exist"
+        echo "Please create it with:"
+        echo "  sudo mkdir -m0770 '$CCACHE_DIR'"
+        echo "  sudo chown root:nixbld '$CCACHE_DIR'"
+        echo "====="
+        exit 1
+      fi
+      if [ ! -w "$CCACHE_DIR" ]; then
+        echo "====="
+        echo "Directory '$CCACHE_DIR' is not accessible for user $(whoami)"
+        echo "Please verify its access permissions"
+        echo "====="
+        exit 1
+      fi
+    '';
+  };
+}
diff --git a/overlays/default.nix b/overlays/default.nix
new file mode 100644
index 0000000..cbe3e7e
--- /dev/null
+++ b/overlays/default.nix
@@ -0,0 +1,12 @@
+builtins.map (path: import path) [
+  ./bitwarden-desktop.nix
+  ./cascadia-code.nix
+  ./ccache.nix
+  ./eww.nix
+  ./jetbrains.nix
+  ./material-icons.nix
+  ./openldap.nix
+  ./steam.nix
+  ./utillinux.nix
+  ./wpa-supplicant.nix
+]
diff --git a/overlays/discord.nix b/overlays/discord.nix
deleted file mode 100644
index a80f48b..0000000
--- a/overlays/discord.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-self: super: {
-  discord-canary = super.discord-canary.override rec {
-    version = "0.0.125";
-    src = builtins.fetchurl {
-      url = "https://dl-canary.discordapp.net/apps/linux/${version}/discord-canary-${version}.tar.gz";
-      sha256 = "0ly5a6l7rvl54mc39xma14jrcrf11q3ndnkkr16by5hy3palmz9g";
-    };
-  };
-}
diff --git a/overlays/eww.nix b/overlays/eww.nix
new file mode 100644
index 0000000..8d89aa1
--- /dev/null
+++ b/overlays/eww.nix
@@ -0,0 +1,8 @@
+self: super: {
+  eww = super.eww.overrideAttrs (old: rec {
+    patches = old.patches ++ [
+      # Use normal scroll events instead of smooth scroll ( due to https://bugzilla.gnome.org/show_bug.cgi?id=675959 )
+      ./patches/eww.patch
+    ];
+  });
+}
diff --git a/overlays/jetbrains.nix b/overlays/jetbrains.nix
new file mode 100644
index 0000000..dd1d1ad
--- /dev/null
+++ b/overlays/jetbrains.nix
@@ -0,0 +1,22 @@
+# https://github.com/NixOS/nixpkgs/issues/375254
+self: super: {
+  jetbrains = super.jetbrains // {
+    gateway = let
+      unwrapped = super.jetbrains.gateway;
+    in super.buildFHSEnv {
+      name = "gateway";
+      inherit (unwrapped) version;
+
+      runScript = super.writeScript "gateway-wrapper" ''
+        unset JETBRAINS_CLIENT_JDK
+        exec ${unwrapped}/bin/gateway "$@"
+      '';
+
+      meta = unwrapped.meta;
+
+      passthru = {
+        inherit unwrapped;
+      };
+    };
+  };
+}
diff --git a/overlays/linux-lava.nix b/overlays/linux-lava.nix
new file mode 100644
index 0000000..321532f
--- /dev/null
+++ b/overlays/linux-lava.nix
@@ -0,0 +1,26 @@
+self: super: let
+  llvmPackages = super.llvmPackages_19;
+  clangVersion = super.lib.versions.major llvmPackages.libclang.version;
+  addFlagsScript = "$out/nix-support/add-local-cc-cflags-before.sh";
+  cc = llvmPackages.stdenv.cc.override {
+    # :sob: see https://github.com/NixOS/nixpkgs/issues/142901
+    bintools = llvmPackages.bintools;
+
+    # https://github.com/NixOS/nixpkgs/issues/368850
+    extraBuildCommands = ''
+      cat <(echo "NIX_CC_WRAPPER_SUPPRESS_TARGET_WARNING=1") "${addFlagsScript}" > "${addFlagsScript}.new"
+      mv "${addFlagsScript}.new" "${addFlagsScript}"
+      substituteInPlace "$out/nix-support/cc-cflags" --replace " -nostdlibinc" ""
+      echo " -resource-dir=${llvmPackages.libclang.lib}/lib/clang/${clangVersion}" >> $out/nix-support/cc-cflags
+    '';
+  };
+  stdenv = super.overrideCC llvmPackages.stdenv cc;
+  ccacheStdenv = super.ccacheStdenv.override { inherit stdenv; };
+in {
+  linuxLavaEnv = {
+    inherit llvmPackages clangVersion cc stdenv ccacheStdenv;
+  };
+  rust-bindgen-unwrapped = super.rust-bindgen-unwrapped.override {
+    clang = cc;
+  };
+}
diff --git a/overlays/linux.nix b/overlays/linux.nix
deleted file mode 100644
index 6f1eb90..0000000
--- a/overlays/linux.nix
+++ /dev/null
@@ -1,119 +0,0 @@
-self: super: {
-  linux-lava = super.buildLinux (
-  let
-    major = "5";
-    minor = "12";
-    patch = "10";
-    tkg = "2da317c20ed6f70085b195639b9aad2cacf31ab5";
-
-    mm = "${major}.${minor}";
-    mmp = "${major}.${minor}.${patch}";
-
-    kernelUrl = name: sha256: builtins.fetchurl {
-      inherit sha256;
-      url = "https://cdn.kernel.org/pub/linux/kernel/v${major}.x/${name}.xz";
-    };
-
-    tkgPatch = name: sha256: {
-      inherit name;
-      patch = builtins.fetchurl {
-        inherit sha256;
-        url = "https://raw.githubusercontent.com/Frogging-Family/linux-tkg/${tkg}/linux-tkg-patches/${mm}/${name}.patch";
-      };
-    };
-  in {
-    version = "${mmp}-tkg-Lava";
-    isZen = true;
-    # TODO:
-    # some stuff is set in pkgs/os-specific/linux/kernel/common-config.nix
-    # but i have no idea how to change it
-    structuredExtraConfig = with super.lib.kernel; builtins.mapAttrs (_: value: super.lib.mkForce value) {
-      LOCALVERSION = freeform "-tkg-Lava";
-      ZENIFY = yes;
-      FUTEX2 = yes;
-      MHASWELL = yes;
-      WINESYNC = module;
-
-      # timers
-      HZ_PERIODIC = no;
-      NO_HZ = yes;
-      NO_HZ_COMMON = yes;
-      NO_HZ_FULL = yes;
-      NO_HZ_IDLE = no;
-      CONTEXT_TRACKING = yes;
-      CONTEXT_TRACKING_FORCE = yes;
-      # HZ_100 = yes;
-      HZ_1000 = yes;
-      HZ_1000_NODEF = yes;
-
-      # scheduler
-      # SCHED_ALT = yes;
-      # SCHED_PDS = yes;
-      CACULE_SCHED = yes;
-
-      # cacule stuff
-      SCHED_AUTOGROUP = yes;
-      BSD_PROCESS_ACCT = no;
-      TASK_XACCT = no;
-      CGROUP_CPUACCT = no;
-      CGROUP_DEBUG = no;
-
-      # disable numa
-      NUMA = no;
-      AMD_NUMA = no;
-      X86_64_ACPI_NUMA = no;
-      NODES_SPAN_OTHER_NODES = no;
-      NUMA_EMU = no;
-      NEED_MULTIPLE_NODES = no;
-      USE_PERCPU_NUMA_NODE_ID = no;
-      ACPI_NUMA = no;
-
-      # disable misc debugging
-      SLUB_DEBUG = no;
-      PM_DEBUG = no;
-      PM_ADVANCED_DEBUG = no;
-      PM_SLEEP_DEBUG = no;
-      ACPI_DEBUG = no;
-      SCHED_DEBUG = no;
-      LATENCYTOP = no;
-      DEBUG_PREEMPT = no;
-    };
-    ignoreConfigErrors = true;
-
-    src = kernelUrl "linux-${mm}.tar" "0rn3z942vjc7bixjw066rm6kcr0x0wzgxqfq1f6xd113pzrgc3bx";
-    kernelPatches = [
-      # Kernel version patch
-      {
-        name = "patch-${patch}";
-        patch = kernelUrl "patch-${mmp}" "06ddk5d81lnkkhg1691b7vh5zqqw93prkxsf3gy2cflzsjdb6kh3";
-      }
-
-      # AMD SI manual clocking
-      {
-        name = "amd";
-        patch = ./misc/0001-Lava-s-amdgpu-patches.patch;
-      }
-
-      # Graysky gcc patches
-      {
-        name = "graysky-gcc";
-        patch = builtins.fetchurl {
-          url = "https://raw.githubusercontent.com/graysky2/kernel_gcc_patch/d2e7942c19ee568638d3795cf52db5274a90ce0a/more-uarches-for-kernel-5.8+.patch";
-          sha256 = "16jbknjlg12jxbj8cjkk01djvr01n9zz7qlzxppcqizmz55vk0wh";
-        };
-      }
-
-      # TK-Glitch patches
-      ( tkgPatch "0002-clear-patches"           "1h1gx6rq2c961d36z1szqv9xpq1xgz2bhqjsyb03jjdrdzlcv9rm" )
-      ( tkgPatch "0003-cacule-${mm}"            "1rgdk1x514xsjwcjjcdmggbaj6biql5p41skn98ysqbjaw7k22ib" )
-      ( tkgPatch "0003-glitched-base"           "1dg177i3y54z5nadc5678hm67angram2vlr314mpxv3jgsh7vj8s" )
-      ( tkgPatch "0003-glitched-cfs"            "1cm4s72pymxnh37da84qrzvrwbbwagk46m1xsk99ir7cjb1l1zay" )
-      # ( tkgPatch "0005-glitched-pds"            "0833awp8n9ngyl5spx8znwyw1lj3nacp8vg7ffysw0j5r8akv9pw" )
-      ( tkgPatch "0007-v${mm}-fsync"            "0mplwdglw58bmkkxix4ccwgax3r02gahax9042dx33mybdnbl0mk" )
-      ( tkgPatch "0007-v${mm}-futex2_interface" "1j29zyx2s85scfhbprgb9cs11rp50glbzczl4plphli8wds342pw" )
-      ( tkgPatch "0007-v${mm}-winesync"         "1av2k86ns0zc3lmgbfdch1z2a808brp2jvsfl4cwwlwwb51qzipp" )
-      # ( tkgPatch "0009-prjc_v${mm}-r1"          "1z731jiwyc7z4d5hzd6szrxnvw0iygbqx82y2anzm32n22731dqv" )
-      ( tkgPatch "0012-misc-additions"          "092ws9v1snk61i6x3gbqm5m803zd81wykkdxizn7knvy2r611cbz")
-    ];
-  });
-}
diff --git a/overlays/material-icons.nix b/overlays/material-icons.nix
index 9282bb2..9d1fcf9 100644
--- a/overlays/material-icons.nix
+++ b/overlays/material-icons.nix
@@ -1,17 +1,11 @@
 self: super: {
-  material-icons = let version = "4.0.0"; in super.fetchFromGitHub {
+  material-icons = let version = "4.0.0"; in (super.fetchFromGitHub {
     name = "material-icons-${version}";
 
     owner  = "google";
     repo   = "material-design-icons";
     rev    = version;
 
-    postFetch = ''
-      tar xf $downloadedFile --strip=1
-      mkdir -p $out/share/fonts/opentype $out/share/fonts/truetype
-      cp font/*.ttf $out/share/fonts/truetype
-      cp font/*.otf $out/share/fonts/opentype
-    '';
     sha256 = "05g5b8dn8vkjv98lmfgbd92wb5i8cfgc9j5f9ai86xl4r58yx10a";
 
     meta = with super.lib; {
@@ -21,5 +15,12 @@ self: super: {
       platforms = platforms.all;
       maintainers = with maintainers; [ mpcsh ];
     };
-  };
+  }).overrideAttrs(o: {
+    postFetch = ''
+      tar xf $downloadedFile --strip=1
+      mkdir -p $out/share/fonts/opentype $out/share/fonts/truetype
+      cp font/*.ttf $out/share/fonts/truetype
+      cp font/*.otf $out/share/fonts/opentype
+    '';
+  });
 }
diff --git a/overlays/misc/0001-Lava-s-amdgpu-patches.patch b/overlays/misc/0001-Lava-s-amdgpu-patches.patch
deleted file mode 100644
index 9560b54..0000000
--- a/overlays/misc/0001-Lava-s-amdgpu-patches.patch
+++ /dev/null
@@ -1,216 +0,0 @@
-From 5d133651479c4be74cd7eb8006fc43366c9b15b9 Mon Sep 17 00:00:00 2001
-From: LavaDesu <me@lava.moe>
-Date: Wed, 3 Mar 2021 17:37:38 +0700
-Subject: [PATCH] Lava's amdgpu patches
-
----
- drivers/gpu/drm/amd/amdgpu/amdgpu.h         |   6 ++
- drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c |   2 +-
- drivers/gpu/drm/amd/pm/amdgpu_pm.c          | 111 +++++++++++++++++++-
- drivers/gpu/drm/amd/pm/powerplay/si_dpm.c   |  17 +++
- 4 files changed, 130 insertions(+), 6 deletions(-)
-
-diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
-index 29885febc0b0..2ed893e8983c 100644
---- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h
-+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
-@@ -191,6 +191,12 @@ extern int amdgpu_discovery;
- extern int amdgpu_mes;
- extern int amdgpu_noretry;
- extern int amdgpu_force_asic_type;
-+
-+extern __u32 amdgpu_force_mclk;
-+extern __u32 amdgpu_force_sclk;
-+extern __u32 amdgpu_force_vddc;
-+extern __u32 amdgpu_force_vddci;
-+
- #ifdef CONFIG_HSA_AMD
- extern int sched_policy;
- extern bool debug_evictions;
-diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c
-index 47e0b48dc26f..f1e4485a60b2 100644
---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c
-+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c
-@@ -146,7 +146,7 @@ static int amdgpu_dma_buf_attach(struct dma_buf *dmabuf,
- 	struct amdgpu_device *adev = amdgpu_ttm_adev(bo->tbo.bdev);
- 	int r;
- 
--	if (pci_p2pdma_distance_many(adev->pdev, &attach->dev, 1, true) < 0)
-+	if (pci_p2pdma_distance_many(adev->pdev, &attach->dev, 1, amdgpu_dpm == 1) < 0)
- 		attach->peer2peer = false;
- 
- 	if (attach->dev->driver == adev->dev->driver)
-diff --git a/drivers/gpu/drm/amd/pm/amdgpu_pm.c b/drivers/gpu/drm/amd/pm/amdgpu_pm.c
-index 5fa65f191a37..8a90331da0e5 100644
---- a/drivers/gpu/drm/amd/pm/amdgpu_pm.c
-+++ b/drivers/gpu/drm/amd/pm/amdgpu_pm.c
-@@ -39,6 +39,11 @@
- #include <asm/processor.h>
- #include "hwmgr.h"
- 
-+__u32 amdgpu_force_mclk = 0;
-+__u32 amdgpu_force_sclk = 0;
-+__u32 amdgpu_force_vddc = 0;
-+__u32 amdgpu_force_vddci = 0;
-+
- static const struct cg_flag_name clocks[] = {
- 	{AMD_CG_SUPPORT_GFX_FGCG, "Graphics Fine Grain Clock Gating"},
- 	{AMD_CG_SUPPORT_GFX_MGCG, "Graphics Medium Grain Clock Gating"},
-@@ -2167,6 +2172,94 @@ static ssize_t amdgpu_get_gpu_metrics(struct device *dev,
- 	return size;
- }
- 
-+/**
-+ * DOC: pp_override_mclk
-+ *
-+ * It's like pp_od_clk_voltage but worse and can potentially destroy your gpu idk
-+ */
-+static ssize_t amdgpu_get_pp_override_mclk(struct device *dev,
-+		struct device_attribute *attr,
-+		char *buf)
-+{
-+	DRM_INFO("[Lava] Read pp_override_mclk\n");
-+	return sprintf(buf, "%u", amdgpu_force_mclk);
-+}
-+static ssize_t amdgpu_set_pp_override_mclk(struct device *dev,
-+		struct device_attribute *attr,
-+		const char *buf,
-+		size_t count)
-+{
-+	sscanf(buf, "%u", &amdgpu_force_mclk);
-+	DRM_INFO("[Lava] Write pp_override_mclk, %u\n", amdgpu_force_mclk);
-+	return count;
-+}
-+
-+/**
-+ * DOC: pp_override_sclk
-+ *
-+ * pp_override_mclk but sclk
-+ */
-+static ssize_t amdgpu_get_pp_override_sclk(struct device *dev,
-+		struct device_attribute *attr,
-+		char *buf)
-+{
-+	DRM_INFO("[Lava] Read pp_override_sclk\n");
-+	return sprintf(buf, "%u", amdgpu_force_sclk);
-+}
-+static ssize_t amdgpu_set_pp_override_sclk(struct device *dev,
-+		struct device_attribute *attr,
-+		const char *buf,
-+		size_t count)
-+{
-+	sscanf(buf, "%u", &amdgpu_force_sclk);
-+	DRM_INFO("[Lava] Write pp_override_sclk, %u\n", amdgpu_force_sclk);
-+	return count;
-+}
-+
-+/**
-+ * DOC: pp_override_vddc
-+ *
-+ * pp_override_mclk but vddc
-+ */
-+static ssize_t amdgpu_get_pp_override_vddc(struct device *dev,
-+		struct device_attribute *attr,
-+		char *buf)
-+{
-+	DRM_INFO("[Lava] Read pp_override_vddc\n");
-+	return sprintf(buf, "%u", amdgpu_force_vddc);
-+}
-+static ssize_t amdgpu_set_pp_override_vddc(struct device *dev,
-+		struct device_attribute *attr,
-+		const char *buf,
-+		size_t count)
-+{
-+	sscanf(buf, "%u", &amdgpu_force_vddc);
-+	DRM_INFO("[Lava] Write pp_override_vddc, %u\n", amdgpu_force_vddc);
-+	return count;
-+}
-+
-+/**
-+ * DOC: pp_override_vddci
-+ *
-+ * pp_override_mclk but vddci
-+ */
-+static ssize_t amdgpu_get_pp_override_vddci(struct device *dev,
-+		struct device_attribute *attr,
-+		char *buf)
-+{
-+	DRM_INFO("[Lava] Read pp_override_vddci\n");
-+	return sprintf(buf, "%u", amdgpu_force_vddci);
-+}
-+static ssize_t amdgpu_set_pp_override_vddci(struct device *dev,
-+		struct device_attribute *attr,
-+		const char *buf,
-+		size_t count)
-+{
-+	sscanf(buf, "%u", &amdgpu_force_vddci);
-+	DRM_INFO("[Lava] Write pp_override_vddci, %u\n", amdgpu_force_vddci);
-+	return count;
-+}
-+
- static struct amdgpu_device_attr amdgpu_device_attrs[] = {
- 	AMDGPU_DEVICE_ATTR_RW(power_dpm_state,				ATTR_FLAG_BASIC|ATTR_FLAG_ONEVF),
- 	AMDGPU_DEVICE_ATTR_RW(power_dpm_force_performance_level,	ATTR_FLAG_BASIC),
-@@ -2193,6 +2286,10 @@ static struct amdgpu_device_attr amdgpu_device_attrs[] = {
- 	AMDGPU_DEVICE_ATTR_RO(unique_id,				ATTR_FLAG_BASIC),
- 	AMDGPU_DEVICE_ATTR_RW(thermal_throttling_logging,		ATTR_FLAG_BASIC),
- 	AMDGPU_DEVICE_ATTR_RO(gpu_metrics,				ATTR_FLAG_BASIC),
-+	AMDGPU_DEVICE_ATTR_RW(pp_override_mclk,				ATTR_FLAG_BASIC),
-+	AMDGPU_DEVICE_ATTR_RW(pp_override_sclk,				ATTR_FLAG_BASIC),
-+	AMDGPU_DEVICE_ATTR_RW(pp_override_vddc,				ATTR_FLAG_BASIC),
-+	AMDGPU_DEVICE_ATTR_RW(pp_override_vddci,			ATTR_FLAG_BASIC),
- };
- 
- static int default_attr_update(struct amdgpu_device *adev, struct amdgpu_device_attr *attr,
-@@ -2220,11 +2317,15 @@ static int default_attr_update(struct amdgpu_device *adev, struct amdgpu_device_
- 		if (asic_type < CHIP_VEGA20)
- 			*states = ATTR_STATE_UNSUPPORTED;
- 	} else if (DEVICE_ATTR_IS(pp_od_clk_voltage)) {
--		*states = ATTR_STATE_UNSUPPORTED;
--		if ((is_support_sw_smu(adev) && adev->smu.od_enabled) ||
--		    (is_support_sw_smu(adev) && adev->smu.is_apu) ||
--			(!is_support_sw_smu(adev) && hwmgr->od_enabled))
--			*states = ATTR_STATE_SUPPORTED;
-+		*states = ATTR_STATE_SUPPORTED;
-+	} else if (DEVICE_ATTR_IS(pp_override_mclk)) {
-+		*states = ATTR_STATE_SUPPORTED;
-+	} else if (DEVICE_ATTR_IS(pp_override_sclk)) {
-+		*states = ATTR_STATE_SUPPORTED;
-+	} else if (DEVICE_ATTR_IS(pp_override_vddc)) {
-+		*states = ATTR_STATE_SUPPORTED;
-+	} else if (DEVICE_ATTR_IS(pp_override_vddci)) {
-+		*states = ATTR_STATE_SUPPORTED;
- 	} else if (DEVICE_ATTR_IS(mem_busy_percent)) {
- 		if (adev->flags & AMD_IS_APU || asic_type == CHIP_VEGA10)
- 			*states = ATTR_STATE_UNSUPPORTED;
-diff --git a/drivers/gpu/drm/amd/pm/powerplay/si_dpm.c b/drivers/gpu/drm/amd/pm/powerplay/si_dpm.c
-index afa1711c9620..74b847bf83e0 100644
---- a/drivers/gpu/drm/amd/pm/powerplay/si_dpm.c
-+++ b/drivers/gpu/drm/amd/pm/powerplay/si_dpm.c
-@@ -3492,6 +3492,23 @@ static void si_apply_state_adjust_rules(struct amdgpu_device *adev,
- 							&max_mclk_vddc);
- 
- 	for (i = 0; i < ps->performance_level_count; i++) {
-+		if (amdgpu_force_mclk) {
-+			if (ps->performance_levels[i].mclk > amdgpu_force_mclk)
-+				ps->performance_levels[i].mclk = amdgpu_force_mclk;
-+		}
-+		if (amdgpu_force_sclk) {
-+			if (ps->performance_levels[i].sclk > amdgpu_force_sclk)
-+				ps->performance_levels[i].sclk = amdgpu_force_sclk;
-+		}
-+		if (amdgpu_force_vddc) {
-+			if (ps->performance_levels[i].vddc > amdgpu_force_vddc)
-+				ps->performance_levels[i].vddc = amdgpu_force_vddc;
-+		}
-+		if (amdgpu_force_vddci) {
-+			if (ps->performance_levels[i].vddci > amdgpu_force_vddci)
-+				ps->performance_levels[i].vddci = amdgpu_force_vddci;
-+		}
-+
- 		if (max_sclk_vddc) {
- 			if (ps->performance_levels[i].sclk > max_sclk_vddc)
- 				ps->performance_levels[i].sclk = max_sclk_vddc;
--- 
-2.31.1
-
diff --git a/overlays/misc/startx.patch b/overlays/misc/startx.patch
deleted file mode 100644
index da1cdea..0000000
--- a/overlays/misc/startx.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff --git a/startx.cpp b/startx.cpp
-index 125c398..296b29f 100644
---- a/startx.cpp
-+++ b/startx.cpp
-@@ -47,10 +47,10 @@ XCOMM so export the new PATH just in case the user changes the shell
- export PATH
- #endif
- 
--userclientrc=$HOME/.xinitrc
-+userclientrc="${XINITRC:-$HOME/.xinitrc}"
- sysclientrc=XINITDIR/xinitrc
- 
--userserverrc=$HOME/.xserverrc
-+userserverrc="${XSERVERRC:-$HOME/.xserverrc}"
- sysserverrc=XINITDIR/xserverrc
- defaultclient=XTERM
- defaultserver=XSERVER
-@@ -270,7 +270,7 @@ if [ x"$enable_xauth" = x1 ] ; then
-     dummy=0
- 
-     XCOMM create a file with auth information for the server. ':0' is a dummy.
--    xserverauthfile=$HOME/.serverauth.$$
-+    xserverauthfile=$XAUTHORITY
-     trap "rm -f '$xserverauthfile'" HUP INT QUIT ILL TRAP KILL BUS TERM
-     xauth -q -f "$xserverauthfile" << EOF
- add :$dummy . $mcookie
diff --git a/overlays/misc/transcrypt.patch b/overlays/misc/transcrypt.patch
deleted file mode 100644
index aec80dc..0000000
--- a/overlays/misc/transcrypt.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-diff --git a/transcrypt b/transcrypt
-index 610b94f..7cc5035 100755
---- a/transcrypt
-+++ b/transcrypt
-@@ -282,6 +282,7 @@ save_helper_scripts() {
- 
- 	cat <<-'EOF' >"${GIT_DIR}/crypt/clean"
- 		#!/usr/bin/env bash
-+		PATH="$(transcrypt-depspathprefix 2>/dev/null)$PATH"
- 		filename=$1
- 		# ignore empty files
- 		if [[ -s $filename ]]; then
-@@ -304,6 +305,7 @@ save_helper_scripts() {
- 
- 	cat <<-'EOF' >"${GIT_DIR}/crypt/smudge"
- 		#!/usr/bin/env bash
-+		PATH="$(transcrypt-depspathprefix 2>/dev/null)$PATH"
- 		tempfile=$(mktemp 2>/dev/null || mktemp -t tmp)
- 		trap 'rm -f "$tempfile"' EXIT
- 		cipher=$(git config --get --local transcrypt.cipher)
-@@ -313,6 +315,7 @@ save_helper_scripts() {
- 
- 	cat <<-'EOF' >"${GIT_DIR}/crypt/textconv"
- 		#!/usr/bin/env bash
-+		PATH="$(transcrypt-depspathprefix 2>/dev/null)$PATH"
- 		filename=$1
- 		# ignore empty files
- 		if [[ -s $filename ]]; then
-@@ -324,6 +327,7 @@ save_helper_scripts() {
- 
- 	cat <<-'EOF' >"${GIT_DIR}/crypt/merge"
- 		#!/usr/bin/env bash
-+		PATH="$(transcrypt-depspathprefix 2>/dev/null)$PATH"
- 
- 		# Look up name of local branch/ref to which changes are being merged
- 		OURS_LABEL=$(git rev-parse --abbrev-ref HEAD)
-@@ -459,7 +463,7 @@ save_configuration() {
- 	git config merge.crypt.name 'Merge transcrypt secret files'
- 
- 	# add a git alias for listing encrypted files
--	git config alias.ls-crypt "!git -c core.quotePath=false ls-files | git -c core.quotePath=false check-attr --stdin filter | awk 'BEGIN { FS = \":\" }; /crypt$/{ print \$1 }'"
-+	git config alias.ls-crypt "!PATH=\"\$(transcrypt-depspathprefix 2>/dev/null)\$PATH\"; git -c core.quotePath=false ls-files | git -c core.quotePath=false check-attr --stdin filter | awk 'BEGIN { FS = \":\" }; /crypt$/{ print \$1 }'"
- }
- 
- # display the current configuration settings
diff --git a/overlays/misc/wine-lowlatency.patch b/overlays/misc/wine-lowlatency.patch
deleted file mode 100644
index dfe464f..0000000
--- a/overlays/misc/wine-lowlatency.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-diff --git a/dlls/winepulse.drv/pulse.c b/dlls/winepulse.drv/pulse.c
-index 55579ecda80..6f7ff732135 100644
---- a/dlls/winepulse.drv/pulse.c
-+++ b/dlls/winepulse.drv/pulse.c
-@@ -93,9 +93,6 @@ static REFERENCE_TIME pulse_min_period[2], pulse_def_period[2];
- 
- static UINT g_phys_speakers_mask = 0;
- 
--static const REFERENCE_TIME MinimumPeriod = 30000;
--static const REFERENCE_TIME DefaultPeriod = 100000;
--
- static pthread_mutex_t pulse_mutex;
- static pthread_cond_t pulse_cond = PTHREAD_COND_INITIALIZER;
- 
-@@ -481,11 +478,12 @@ static void pulse_probe_settings(int render, WAVEFORMATEXTENSIBLE *fmt) {
-     if (length)
-         pulse_def_period[!render] = pulse_min_period[!render] = pa_bytes_to_usec(10 * length, &ss);
- 
--    if (pulse_min_period[!render] < MinimumPeriod)
--        pulse_min_period[!render] = MinimumPeriod;
--
--    if (pulse_def_period[!render] < DefaultPeriod)
--        pulse_def_period[!render] = DefaultPeriod;
-+    const char* penv = getenv("STAGING_AUDIO_PERIOD");
-+    if (penv) {
-+        int val = atoi(penv);
-+        pulse_def_period[!render] = pulse_min_period[!render] = val;
-+        printf("Staging audio period set to %d.\n", val);
-+    }
- 
-     wfx->wFormatTag = WAVE_FORMAT_EXTENSIBLE;
-     wfx->cbSize = sizeof(WAVEFORMATEXTENSIBLE) - sizeof(WAVEFORMATEX);
-@@ -836,6 +834,13 @@ static NTSTATUS pulse_create_stream(void *args)
-     if (duration < 3 * period)
-         duration = 3 * period;
- 
-+    const char* denv = getenv("STAGING_AUDIO_DURATION");
-+    if (denv) {
-+        int val = atoi(denv);
-+        duration = val;
-+        printf("Staging audio duration set to %d.\n", val);
-+    }
-+
-     stream->period_bytes = pa_frame_size(&stream->ss) * muldiv(period, stream->ss.rate, 10000000);
- 
-     stream->bufsize_frames = ceil((duration / 10000000.) * params->fmt->nSamplesPerSec);
diff --git a/overlays/mps-youtube.nix b/overlays/mps-youtube.nix
deleted file mode 100644
index 1c78b38..0000000
--- a/overlays/mps-youtube.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-self: super: {
-  mps-youtube = super.mps-youtube.overrideAttrs(old: rec {
-    src = super.fetchFromGitHub {
-      owner = "louisabraham";
-      repo = "mps-youtube";
-      rev = "234bc691f43f6df88d831409b2887fda45270636";
-      sha256 = "14gsiacd05fsqb62zfapdll8dn1hbfi9vvh4wvk41qbxrla4p7d7";
-    };
-  });
-}
diff --git a/overlays/openldap.nix b/overlays/openldap.nix
new file mode 100644
index 0000000..f9b2b46
--- /dev/null
+++ b/overlays/openldap.nix
@@ -0,0 +1,9 @@
+self: super: {
+  # openldap i686 fails checks
+  # issue: https://github.com/NixOS/nixpkgs/issues/514113
+  # workaround: https://github.com/NixOS/nixpkgs/issues/513245#issuecomment-4320293674
+  # fix: https://github.com/NixOS/nixpkgs/pull/515956
+  openldap = super.openldap.overrideAttrs {
+    doCheck = !self.stdenv.hostPlatform.isi686;
+  };
+}
diff --git a/overlays/patches/eww.patch b/overlays/patches/eww.patch
new file mode 100644
index 0000000..ce7a685
--- /dev/null
+++ b/overlays/patches/eww.patch
@@ -0,0 +1,23 @@
+diff --git a/crates/eww/src/widgets/widget_definitions.rs b/crates/eww/src/widgets/widget_definitions.rs
+index 16f1f17d063..08d54cbe343 100644
+--- a/crates/eww/src/widgets/widget_definitions.rs
++++ b/crates/eww/src/widgets/widget_definitions.rs
+@@ -679,11 +679,14 @@ fn build_gtk_event_box(bargs: &mut BuilderArgs) -> Result<gtk::EventBox> {
+         // @prop onscroll - event to execute when the user scrolls with the mouse over the widget. The placeholder `{}` used in the command will be replaced with either `up` or `down`.
+         prop(timeout: as_duration = Duration::from_millis(200), onscroll: as_string) {
+             gtk_widget.add_events(gdk::EventMask::SCROLL_MASK);
+-            gtk_widget.add_events(gdk::EventMask::SMOOTH_SCROLL_MASK);
+             connect_signal_handler!(gtk_widget, gtk_widget.connect_scroll_event(move |_, evt| {
+-                let delta = evt.delta().1;
+-                if delta != 0f64 { // Ignore the first event https://bugzilla.gnome.org/show_bug.cgi?id=675959
+-                    run_command(timeout, &onscroll, &[if delta < 0f64 { "up" } else { "down" }]);
++                let dir = match evt.direction() {
++                    gdk::ScrollDirection::Up => "up",
++                    gdk::ScrollDirection::Down => "down",
++                    _ => "",
++                };
++                if dir != "" {
++                    run_command(timeout, &onscroll, &[dir]);
+                 }
+                 gtk::Inhibit(false)
+             }));
diff --git a/overlays/patches/firefox-native-messaging-host.json b/overlays/patches/firefox-native-messaging-host.json
new file mode 100644
index 0000000..e9f5f99
--- /dev/null
+++ b/overlays/patches/firefox-native-messaging-host.json
@@ -0,0 +1,7 @@
+{
+  "name": "com.8bit.bitwarden",
+  "description": "Bitwarden desktop <-> browser bridge",
+  "path": "@out@/bin/desktop_proxy",
+  "type": "stdio",
+  "allowed_extensions": ["{446900e4-71c2-419f-a6a7-df9c091e268b}"]
+}
diff --git a/overlays/patches/wpa-supplicant.patch b/overlays/patches/wpa-supplicant.patch
new file mode 100644
index 0000000..7c27be4
--- /dev/null
+++ b/overlays/patches/wpa-supplicant.patch
@@ -0,0 +1,13 @@
+diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in
+index 58a6228..fbe7de3 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant.service.in
++++ b/wpa_supplicant/systemd/wpa_supplicant.service.in
+@@ -7,7 +7,7 @@ Wants=network.target
+ [Service]
+ Type=dbus
+ BusName=fi.w1.wpa_supplicant1
+-ExecStart=@BINDIR@/wpa_supplicant -u
++ExecStart=@BINDIR@/wpa_supplicant -u -q
+ 
+ [Install]
+ WantedBy=multi-user.target
diff --git a/overlays/picom.nix b/overlays/picom.nix
deleted file mode 100644
index 81e4c5f..0000000
--- a/overlays/picom.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-self: super: {
-  picom = super.picom.overrideAttrs(old: {
-    src = super.fetchFromGitHub {
-      repo = "picom";
-
-      owner = "ibhagwan";
-      rev = "60eb00ce1b52aee46d343481d0530d5013ab850b";
-      sha256 = "1m17znhl42sa6ry31yiy05j5ql6razajzd6s3k2wz4c63rc2fd1w";
-
-      # owner = "jonaburg";
-      # rev = "a8445684fe18946604848efb73ace9457b29bf80";
-      # sha256 = "154s67p3lxdv9is3lnc32j48p7v9n18ga1j8ln1dxcnb38c19rj7";
-    };
-  });
-}
diff --git a/overlays/polybar.nix b/overlays/polybar.nix
deleted file mode 100644
index 17b201c..0000000
--- a/overlays/polybar.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-self: super: {
-  polybar = super.polybar.override { i3Support = true; };
-}
diff --git a/overlays/steam.nix b/overlays/steam.nix
new file mode 100644
index 0000000..d3514f5
--- /dev/null
+++ b/overlays/steam.nix
@@ -0,0 +1,9 @@
+self: super: {
+  steam = super.steam.override {
+    extraPkgs = pkgs: with pkgs; [
+      libkrb5
+      keyutils
+      gamescope
+    ];
+  };
+}
diff --git a/overlays/transcrypt.nix b/overlays/transcrypt.nix
deleted file mode 100644
index 85f350f..0000000
--- a/overlays/transcrypt.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-self: super: {
-  transcrypt = super.transcrypt.overrideAttrs(o: rec {
-    version = "2.1.0";
-
-    patches = [ ./misc/transcrypt.patch ];
-    src = super.fetchFromGitHub {
-      owner = "elasticdog";
-      repo = "transcrypt";
-      rev = "v${version}";
-      sha256 = "0bpz1hazbhfb6pqi68x55kq6a31bgh6vwij836slmi4jqiwvnh5a";
-    };
-  });
-}
diff --git a/overlays/utillinux.nix b/overlays/utillinux.nix
new file mode 100644
index 0000000..20db08a
--- /dev/null
+++ b/overlays/utillinux.nix
@@ -0,0 +1,4 @@
+self: super: {
+  # Waiting for nixpkgs#349783
+  utillinux = self.util-linux;
+}
diff --git a/overlays/wine-osu.nix b/overlays/wine-osu.nix
deleted file mode 100644
index ce0f2fb..0000000
--- a/overlays/wine-osu.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-self: super: {
-  wine-osu = (super.wineStaging.overrideDerivation(o: {
-    patches = (o.patches or []) ++ [ ./misc/wine-lowlatency.patch ];
-  })).override {
-    wineRelease = "staging";
-    wineBuild = "wineWow";
-
-    pngSupport = true;
-    jpegSupport = true;
-    tiffSupport = true;
-    gettextSupport = true;
-    fontconfigSupport = true;
-    alsaSupport = true;
-    gtkSupport = true;
-    openglSupport = true;
-    tlsSupport = true;
-    gstreamerSupport = true;
-    #cupsSupport = true;
-    colorManagementSupport = true;
-    dbusSupport = true;
-    mpg123Support = true;
-    #openalSupport = true;
-    #openclSupport = true;
-    #cairoSupport = true;
-    #odbcSupport = true;
-    netapiSupport = true;
-    cursesSupport = true;
-    vaSupport = true;
-    pcapSupport = true;
-    #v4lSupport = true;
-    #saneSupport = true;
-    gsmSupport = true;
-    #gphoto2Support = true;
-    #ldapSupport = true;
-    pulseaudioSupport = true;
-    udevSupport = true;
-    xineramaSupport = true;
-    xmlSupport = true;
-    vulkanSupport = true;
-    sdlSupport = true;
-    faudioSupport = true;
-    vkd3dSupport = true;
-    mingwSupport = true;
-  };
-}
diff --git a/overlays/winetricks.nix b/overlays/winetricks.nix
deleted file mode 100644
index 861911a..0000000
--- a/overlays/winetricks.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-self: super: {
-  winetricks = super.winetricks.overrideAttrs(old: rec {
-    name = "winetricks-20210528-073e2db";
-    src = super.fetchFromGitHub {
-      repo = "winetricks";
-      owner = "Winetricks";
-      rev = "073e2db522e7db56f83fab2338d831ac716264cb";
-      sha256 = "1fic4wzc3qyw5bki4zx0h9g8yyhh8db806pwm8mz8qv4n7syk4dd";
-    };
-  });
-}
diff --git a/overlays/wpa-supplicant.nix b/overlays/wpa-supplicant.nix
new file mode 100644
index 0000000..1a2cf86
--- /dev/null
+++ b/overlays/wpa-supplicant.nix
@@ -0,0 +1,6 @@
+self: super: {
+  # Thanks https://discourse.nixos.org/t/journal-logs-spammed-with-ctrl-event-scan-failed/56316/5
+  wpa_supplicant = super.wpa_supplicant.overrideAttrs(o: {
+    patches = o.patches ++ [ ./patches/wpa-supplicant.patch ];
+  });
+}
diff --git a/overlays/xinit.nix b/overlays/xinit.nix
deleted file mode 100644
index f89ce59..0000000
--- a/overlays/xinit.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-self: super: {
-  xorg = super.xorg // {
-    xinit = super.xorg.xinit.overrideAttrs(o: {
-      # Some info:
-      # - Make startx use $XAUTHORITY as server auth files instead of .serverauth.$$
-      # - Make startx respect $XINITRC and $XSERVERRC
-      patches = o.patches ++ [ ./misc/startx.patch ];
-    });
-  };
-}
diff --git a/packages/default.nix b/packages/default.nix
new file mode 100644
index 0000000..4ae8658
--- /dev/null
+++ b/packages/default.nix
@@ -0,0 +1,12 @@
+{
+  callPackage,
+  linuxLavaNixpkgs,
+  inputs
+}: {
+  linux-lava = linuxLavaNixpkgs.callPackage ./linux-lava { inherit inputs; };
+  nvim-treesitter-nightly = callPackage ./nvim-treesitter-nightly { inherit inputs; };
+  psensor = callPackage ./psensor { };
+  spotify-adblock = callPackage ./spotify-adblock { inherit inputs; };
+  tree-sitter-jsonc = callPackage ./tree-sitter-jsonc { inherit inputs; };
+  wine-discord-ipc-bridge = callPackage ./wine-discord-ipc-bridge { inherit inputs; };
+}
diff --git a/packages/linux-lava/bluetooth.patch b/packages/linux-lava/bluetooth.patch
new file mode 100644
index 0000000..87e198c
--- /dev/null
+++ b/packages/linux-lava/bluetooth.patch
@@ -0,0 +1,13 @@
+diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
+index ef9689f8776..aabbc031b5f 100644
+--- a/drivers/bluetooth/btusb.c
++++ b/drivers/bluetooth/btusb.c
+@@ -759,6 +759,8 @@ static const struct usb_device_id quirks_table[] = {
+ 						     BTUSB_WIDEBAND_SPEECH },
+ 	{ USB_DEVICE(0x2b89, 0x8761), .driver_info = BTUSB_REALTEK |
+ 						     BTUSB_WIDEBAND_SPEECH },
++	{ USB_DEVICE(0x2c4e, 0x0115), .driver_info = BTUSB_REALTEK |
++ 						     BTUSB_WIDEBAND_SPEECH },
+ 
+ 	/* Additional Realtek 8821AE Bluetooth devices */
+ 	{ USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK },
diff --git a/packages/linux-lava/default.nix b/packages/linux-lava/default.nix
new file mode 100644
index 0000000..aa288f5
--- /dev/null
+++ b/packages/linux-lava/default.nix
@@ -0,0 +1,115 @@
+{ buildLinux
+, callPackage
+, inputs
+, lib
+, linuxLavaEnv
+, useCcache ? false
+, ...
+} @ args:
+
+let
+  sources = callPackage ./sources.nix { inherit inputs; };
+  kernel = buildLinux (args // {
+    inherit (sources) src kernelPatches;
+    stdenv = if useCcache then linuxLavaEnv.ccacheStdenv else linuxLavaEnv.stdenv;
+    version = "${sources.version}-tkg-Lava";
+    isZen = true;
+    extraMakeFlags = [ "LLVM=1" "LLVM_IAS=1" ];
+    # TODO:
+    # some stuff is set in pkgs/os-specific/linux/kernel/common-config.nix
+    # but i have no idea how to change it
+    structuredExtraConfig = with lib.kernel; builtins.mapAttrs (_: value: lib.mkForce value) {
+      LOCALVERSION = freeform "-tkg-Lava";
+      ZENIFY = yes;
+      WINESYNC = module;
+
+      #tkg defaults
+      DYNAMIC_FAULT = no;
+      DEFAULT_FQ_CODEL = no;
+      WERROR = no;
+      NTP_PPS = no;
+      ZSWAP_COMPRESSOR_DEFAULT_LZO = no;
+      PROFILE_ALL_BRANCHES = no;
+      CRYPTO_LZ4 = yes;
+      CRYPTO_LZ4HC = yes;
+      LZ4_COMPRESS = yes;
+      LZ4HC_COMPRESS = yes;
+      ZSWAP_COMPRESSOR_DEFAULT_LZ4 = yes;
+      DEBUG_FORCE_FUNCTION_ALIGN_64B = no;
+      X86_P6_NOP = no;
+      RCU_STRICT_GRACE_PERIOD = no;
+      ZSWAP_COMPRESSOR_DEFAULT = freeform "lz4";
+      CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = yes;
+      CPU_FREQ_DEFAULT_GOV_ONDEMAND = no;
+      CPU_FREQ_DEFAULT_GOV_CONSERVATIVE = no;
+      CPU_FREQ_DEFAULT_GOV_PERFORMANCE = no;
+      CPU_FREQ_DEFAULT_GOV_PERFORMANCE_NODEF = no;
+      BLK_DEV_LOOP = module;
+      I2C_NCT6775 = module; # openrgb
+
+      # clang/llvm
+      LTO_CLANG_FULL = no;
+      LTO_CLANG_THIN = yes;
+      LTO_NONE = no;
+      KCSAN = no;
+      INIT_ON_FREE_DEFAULT_ON = yes;
+      INIT_STACK_ALL_ZERO = yes;
+      INIT_STACK_NONE = no;
+
+      # bore
+      SCHED_BORE = yes;
+      MIN_BASE_SLICE_NS = freeform "2000000";
+
+      # tickless timers
+      HZ_PERIODIC = no;
+      NO_HZ = yes;
+      NO_HZ_COMMON = yes;
+      NO_HZ_FULL = yes;
+      NO_HZ_FULL_NODEF = yes;
+      NO_HZ_IDLE = no;
+      TICK_CPU_ACCOUNTING = no;
+      VIRT_CPU_ACCOUNTING_GEN = yes;
+      CONTEXT_TRACKING = yes;
+      CONTEXT_TRACKING_FORCE = no;
+      HZ_1000 = yes;
+      HZ_1000_NODEF = yes;
+
+      # preempt
+      PREEMPT = yes;
+      PREEMPT_COUNT = yes;
+      PREEMPT_VOLUNTARY = no;
+      PREEMPTION = yes;
+      PREEMPT_DYNAMIC = yes;
+
+      # disable numa
+      NUMA = no;
+      AMD_NUMA = no;
+      ACPI_NUMA = no;
+      X86_64_ACPI_NUMA = no;
+      NODES_SPAN_OTHER_NODES = no;
+      NUMA_EMU = no;
+      NODES_SHIFT = no;
+      NEED_MULTIPLE_NODES = no;
+      USE_PERCPU_NUMA_NODE_ID = no;
+
+      # disable ftrace
+      FUNCTION_TRACER = no;
+      FUNCTION_GRAPH_TRACER = no;
+
+      # disable misc debugging
+      SLUB_DEBUG = no;
+      PM_DEBUG = no;
+      PM_ADVANCED_DEBUG = no;
+      PM_SLEEP_DEBUG = no;
+      ACPI_DEBUG = no;
+      SCHED_DEBUG = no;
+      LATENCYTOP = no;
+      DEBUG_PREEMPT = no;
+    };
+    ignoreConfigErrors = true;
+  } // (args.argsOverride or {}));
+in kernel.overrideAttrs(old: {
+  # :sob: see https://github.com/NixOS/nixpkgs/issues/37249
+  passthru = kernel.passthru;
+  hardeningDisable = (old.hardeningDisable or []) ++ [ "strictoverflow" ];
+})
diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix
new file mode 100644
index 0000000..1ea7dcb
--- /dev/null
+++ b/packages/linux-lava/sources.nix
@@ -0,0 +1,45 @@
+{ fetchFromGitHub, inputs, lib }:
+let
+  version = "7.0.10";
+  kernelHash = "1w4i705i0nl1xqv7fdhdbhy7j3xrzhl31fabs6vmgiw7nf06szxv";
+  kernelPatchHash = "0h7gxqcnww7sj5cdyblzj04775zhavwdylkm2pm91v6xkjbnz1zj";
+
+  mm = lib.versions.majorMinor version;
+  hasPatch = (builtins.length (builtins.splitVersion version)) == 3;
+  tkgPatches = [
+    "0002-clear-patches"
+    "0003-glitched-base"
+    "0001-bore"
+    "0003-glitched-cfs"
+    "0012-misc-additions"
+  ];
+
+  patch = path: {
+    name = "patch-${path}";
+    patch = path;
+  };
+  kernelPatchSrc = {
+    name = "patch";
+    patch = builtins.fetchurl {
+      url = "https://cdn.kernel.org/pub/linux/kernel/v${lib.versions.major version}.x/patch-${version}.xz";
+      sha256 = kernelPatchHash;
+    };
+  };
+in {
+  inherit version;
+
+  src = builtins.fetchurl {
+    url = "https://cdn.kernel.org/pub/linux/kernel/v${lib.versions.major version}.x/linux-${mm}.tar.xz";
+    sha256 = kernelHash;
+  };
+
+  kernelPatches = lib.optionals hasPatch [
+    kernelPatchSrc
+    (patch ./bluetooth.patch)
+  ]
+  ++ builtins.map (name: {
+    inherit name;
+    patch = "${inputs.linux-tkg}/linux-tkg-patches/${mm}/${name}.patch";
+  }) tkgPatches
+  ++ [ ];
+}
diff --git a/packages/nvim-treesitter-nightly/default.nix b/packages/nvim-treesitter-nightly/default.nix
new file mode 100644
index 0000000..eb61436
--- /dev/null
+++ b/packages/nvim-treesitter-nightly/default.nix
@@ -0,0 +1,26 @@
+{
+  inputs,
+  tree-sitter,
+  vimPlugins
+}:
+let
+  nvim-treesitter-nightly = vimPlugins.nvim-treesitter.overrideAttrs(_: {
+    pname = "nvim-treesitter-nightly";
+    version = inputs.nvim-treesitter.lastModifiedDate;
+    src = inputs.nvim-treesitter;
+  });
+in nvim-treesitter-nightly.overrideAttrs(o: {
+  passthru = o.passthru // {
+    unwrapped = nvim-treesitter-nightly;
+    withPlugins = grammarFn: nvim-treesitter-nightly.overrideAttrs (_: {
+      postPatch =
+        let
+          grammars = tree-sitter.withPlugins grammarFn;
+        in
+        ''
+          rm -r parser
+          ln -s ${grammars} parser
+        '';
+    });
+  };
+})
diff --git a/packages/psensor/default.nix b/packages/psensor/default.nix
new file mode 100644
index 0000000..165cc73
--- /dev/null
+++ b/packages/psensor/default.nix
@@ -0,0 +1,53 @@
+{ stdenv
+, lib
+, fetchurl
+, pkg-config
+, lm_sensors
+, libgtop
+, libatasmart
+, gtk3
+, libnotify
+, udisks2
+, wrapGAppsHook3
+, libappindicator
+, linuxPackages
+}:
+let
+  libXNVCtrl = linuxPackages.nvidia_x11.settings.libXNVCtrl;
+in
+stdenv.mkDerivation rec {
+  pname = "psensor";
+
+  version = "1.2.1";
+
+  src = fetchurl {
+    url = "https://wpitchoune.net/psensor/files/psensor-${version}.tar.gz";
+    sha256 = "1ark901va79gfq5p8h8dqypjgm3f8crmj37520q3slwz2rfphkq8";
+  };
+
+  nativeBuildInputs = [ pkg-config wrapGAppsHook3 ];
+
+  buildInputs = [
+    lm_sensors
+    libgtop
+    libatasmart
+    gtk3
+    libnotify
+    udisks2
+    libappindicator
+  ];
+
+  preConfigure = ''
+    NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${libXNVCtrl}/include -Wno-error"
+    NIX_LDFLAGS="$NIX_LDFLAGS -L${libXNVCtrl}/lib"
+  '';
+
+  meta = with lib; {
+    description = "Graphical hardware monitoring application for Linux";
+    homepage = "https://wpitchoune.net/psensor/";
+    license = licenses.mit;
+    platforms = platforms.linux;
+    maintainers = [ ];
+    mainProgram = "psensor";
+  };
+}
diff --git a/packages/spotify-adblock/0002-allow-setting-config-from-environment-variable.patch b/packages/spotify-adblock/0002-allow-setting-config-from-environment-variable.patch
new file mode 100644
index 0000000..e2f23bc
--- /dev/null
+++ b/packages/spotify-adblock/0002-allow-setting-config-from-environment-variable.patch
@@ -0,0 +1,24 @@
+From 9a6d08d266a5e138c08e822a6ffb761db644aead Mon Sep 17 00:00:00 2001
+From: LavaDesu <me@lava.moe>
+Date: Sun, 19 Sep 2021 11:28:45 +0700
+Subject: [PATCH] allow setting config from environment variable
+
+---
+ src/lib.rs | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/lib.rs b/src/lib.rs
+index 5a0d7bd961e..86f2ac04ebf 100644
+--- a/src/lib.rs
++++ b/src/lib.rs
+@@ -44,6 +45,7 @@ struct Config {
+ lazy_static! {
+     static ref CONFIG: Config = {
+         let config_paths = vec![
++            PathBuf::from(std::env::var("SPOTIFY_ADBLOCK_CONFIG").unwrap_or("".into())),
+             PathBuf::from("config.toml"),
+             #[allow(deprecated)] // std::env::home_dir() is only broken on Windows
+             std::env::home_dir().unwrap().join(".config/spotify-adblock/config.toml"),
+-- 
+2.32.0
+
diff --git a/packages/spotify-adblock/default.nix b/packages/spotify-adblock/default.nix
new file mode 100644
index 0000000..57992de
--- /dev/null
+++ b/packages/spotify-adblock/default.nix
@@ -0,0 +1,17 @@
+{ inputs
+, lib
+, rustPlatform
+}:
+rustPlatform.buildRustPackage {
+  pname = "spotify-adblock";
+  version = "1.0";
+  src = inputs.spotify-adblock;
+
+  cargoHash = "sha256-oGpe+kBf6kBboyx/YfbQBt1vvjtXd1n2pOH6FNcbF8M=";
+
+  patches = [ ./0002-allow-setting-config-from-environment-variable.patch ];
+
+  postInstall = ''
+    cp ${inputs.spotify-adblock}/config.toml $out/lib
+  '';
+}
diff --git a/packages/tree-sitter-jsonc/default.nix b/packages/tree-sitter-jsonc/default.nix
new file mode 100644
index 0000000..ad36b85
--- /dev/null
+++ b/packages/tree-sitter-jsonc/default.nix
@@ -0,0 +1,9 @@
+{
+  callPackage,
+  inputs
+}:
+callPackage (inputs.nixpkgs + "/pkgs/development/tools/parsing/tree-sitter/grammar.nix") {} {
+  language = "jsonc";
+  version = "1.0.0";
+  src = inputs.tree-sitter-jsonc;
+}
diff --git a/packages/wine-discord-ipc-bridge/default.nix b/packages/wine-discord-ipc-bridge/default.nix
new file mode 100644
index 0000000..5e7ff2c
--- /dev/null
+++ b/packages/wine-discord-ipc-bridge/default.nix
@@ -0,0 +1,15 @@
+{
+  inputs,
+  pkgsCross,
+  stdenv
+}:
+stdenv.mkDerivation {
+  name = "wine-discord-ipc-bridge.exe";
+  src = inputs.wine-discord-ipc-bridge;
+
+  buildInputs = [ pkgsCross.mingw32.buildPackages.gcc ];
+
+  installPhase = ''
+    cp winediscordipcbridge.exe $out
+  '';
+}
diff --git a/res/README.md b/res/README.md
deleted file mode 100644
index 28d2424..0000000
--- a/res/README.md
+++ /dev/null
@@ -1,2 +0,0 @@
-### Wallpaper
-Edited from https://www.deviantart.com/mrezamulia/art/Hifumi-wallpaper-731342039
diff --git a/res/authorized_keys b/res/authorized_keys
new file mode 100644
index 0000000..9e9178d
--- /dev/null
+++ b/res/authorized_keys
@@ -0,0 +1,2 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15 rin@blossom
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5l9t8dc6mPsKKYqZlPKvhOdyqz+DS5UOcvHuh3uVGt @strawberry
diff --git a/res/config-minimal.lua b/res/config-minimal.lua
new file mode 100644
index 0000000..c2d3f06
--- /dev/null
+++ b/res/config-minimal.lua
@@ -0,0 +1,55 @@
+-- Keybindings
+local map = vim.keymap.set
+map('n', '<C-H>', '<C-W>h', { noremap = true })
+map('n', '<C-J>', '<C-W>j', { noremap = true })
+map('n', '<C-K>', '<C-W>k', { noremap = true })
+map('n', '<C-L>', '<C-W>l', { noremap = true })
+map('n', '<C-Q>', ':q<CR>', { noremap = true })
+map('n', '<C-P>', ':Files<CR>', { noremap = true })
+
+-- Autocommands
+vim.cmd('au BufEnter * set noro')
+vim.cmd('au CursorHold * lua vim.diagnostic.open_float(0, { scope = "line", focusable = false })')
+
+-- Settings
+vim.opt.mouse = ""
+vim.opt.relativenumber = true
+vim.opt.number = true
+vim.opt.cursorline = true
+vim.opt.signcolumn = "yes:3"
+vim.opt.title = true
+vim.opt.termguicolors = true
+vim.opt.updatetime = 0
+vim.opt.clipboard:prepend('unnamedplus')
+
+local runtimedir = os.getenv('XDG_RUNTIME_DIR')
+vim.opt.directory:prepend(runtimedir..'/vim/swap//')
+vim.opt.undodir:prepend(runtimedir..'/vim/undo//')
+vim.opt.swapfile = true
+vim.opt.undofile = true
+
+vim.opt.hlsearch = true
+vim.opt.ignorecase = true
+vim.opt.smartcase = true
+vim.opt.incsearch = true
+
+vim.opt.tabstop = 8
+vim.opt.softtabstop = 0
+vim.opt.expandtab = true
+vim.opt.shiftwidth = 4
+vim.opt.smarttab = true
+
+vim.g.signify_priority               = 5
+vim.g.signify_sign_show_count        = 0
+vim.g.signify_sign_add               = '┃'
+vim.g.signify_sign_delete            = vim.g.signify_sign_add
+vim.g.signify_sign_delete_first_line = '┏━'
+vim.g.signify_sign_change            = vim.g.signify_sign_add
+vim.g.signify_sign_change_delete     = vim.g.signify_sign_delete
+
+-- Plugins
+require('nvim-treesitter').setup {
+    highlight = { enable = true },
+    indent = { enable = false }
+}
+require('lualine').setup { }
diff --git a/res/config.lua b/res/config.lua
new file mode 100644
index 0000000..c0b5dad
--- /dev/null
+++ b/res/config.lua
@@ -0,0 +1,340 @@
+-- Keybindings
+local map = vim.keymap.set
+map('n', '<C-H>', '<C-W>h', { remap = false })
+map('n', '<C-J>', '<C-W>j', { remap = false })
+map('n', '<C-K>', '<C-W>k', { remap = false })
+map('n', '<C-L>', '<C-W>l', { remap = false })
+map('n', '<C-Q>', ':q<CR>', { remap = false })
+map('n', '<C-P>', ':Files<CR>', { remap = false })
+map('n', '<C-/>', 'gcc', { remap = true, silent = true })
+map('v', '<C-/>', 'gc', { remap = true, silent = true })
+
+-- Autocommands
+vim.cmd('au BufEnter * set noro')
+vim.cmd('au CursorHold * lua vim.diagnostic.open_float(0, { scope = "line", focusable = false })')
+
+-- Settings
+vim.opt.mouse = ""
+vim.opt.relativenumber = true
+vim.opt.number = true
+vim.opt.cursorline = true
+vim.opt.signcolumn = "yes:3"
+vim.opt.title = true
+vim.opt.termguicolors = true
+vim.opt.updatetime = 0
+vim.opt.clipboard:prepend('unnamedplus')
+
+local runtimedir = os.getenv('XDG_RUNTIME_DIR')
+vim.opt.directory:prepend(runtimedir..'/vim/swap//')
+vim.opt.undodir:prepend(runtimedir..'/vim/undo//')
+vim.opt.swapfile = true
+vim.opt.undofile = true
+
+vim.opt.hlsearch = true
+vim.opt.ignorecase = true
+vim.opt.smartcase = true
+vim.opt.incsearch = true
+
+vim.opt.tabstop = 8
+vim.opt.softtabstop = 0
+vim.opt.expandtab = true
+vim.opt.shiftwidth = 4
+vim.opt.smarttab = true
+
+vim.g.signify_priority               = 5
+vim.g.signify_sign_show_count        = 0
+vim.g.signify_sign_add               = '┃'
+vim.g.signify_sign_delete            = vim.g.signify_sign_add
+vim.g.signify_sign_delete_first_line = '┏━'
+vim.g.signify_sign_change            = vim.g.signify_sign_add
+vim.g.signify_sign_change_delete     = vim.g.signify_sign_delete
+
+-- VimTeX
+vim.g.vimtex_view_method = "zathura"
+vim.g.vimtex_quickfix_open_on_warning = 0
+
+-- Theming
+vim.api.nvim_command("syntax enable")
+local colors = require("catppuccin.palettes").get_palette "{{CATPPUCCIN_FLAVOUR}}"
+vim.cmd("highlight SignifySignAdd             guifg="..colors.green)
+vim.cmd("highlight SignifySignChange          guifg="..colors.peach)
+vim.cmd("highlight SignifySignDelete          guifg="..colors.red)
+vim.cmd("highlight SignifySignDeleteFirstLine guifg="..colors.red)
+vim.cmd("highlight SignifySignChangeDelete    guifg="..colors.red)
+
+-- Set this specific highlight group in rust
+-- Shown when using #[cfg] directives, entire chunks of disabled code has squiggly lines and I don't want
+-- to see it
+vim.cmd("au FileType rust highlight DiagnosticUnderlineHint ctermfg=14 gui=italic guifg="..colors.overlay2)
+
+-- Plugins
+require('autoclose').setup {}
+local function autosavecond(buf)
+    if vim.tbl_contains({"astro", "tex"}, vim.fn.getbufvar(buf, "&filetype")) then
+        return true
+    end
+    return false
+end
+require('auto-save').setup {
+    trigger_events = {
+        defer_save = { "InsertLeave", "TextChanged", "TextChangedI" },
+    },
+    debounce_delay = 250,
+    condition = autosavecond,
+}
+require('nvim-ts-autotag').setup {}
+require('nvim-highlight-colors').setup {
+    render = "virtual",
+}
+require('nvim-treesitter').setup {
+    highlight = { enable = true },
+    indent = { enable = false }
+}
+require('lualine').setup {
+    options = {
+        theme = 'catppuccin'
+    },
+    sections = {
+        lualine_c = {
+            {
+                "filename",
+                path = 1,
+            }
+        }
+    }
+}
+
+-- Block comments indent workaround
+-- many thanks to @kristijanhusak
+-- https://github.com/nvim-treesitter/nvim-treesitter/issues/1167#issuecomment-920824125
+function _G.javascript_indent()
+    local line = vim.fn.getline(vim.v.lnum)
+    local prev_line = vim.fn.getline(vim.v.lnum - 1)
+    if line:match('^%s*[%*/]%s*') then
+        if prev_line:match('^%s*%*%s*') then
+            return vim.fn.indent(vim.v.lnum - 1)
+        end
+        if prev_line:match('^%s*/%*%*%s*$') then
+            return vim.fn.indent(vim.v.lnum - 1) + 1
+        end
+    end
+
+    return vim.fn['GetJavascriptIndent']()
+end
+
+vim.cmd('au FileType javascript setlocal indentexpr=v:lua.javascript_indent()')
+
+-- LSP
+vim.api.nvim_create_autocmd("LspAttach", {
+    callback = function(args)
+        local client = vim.lsp.get_client_by_id(args.data.client_id)
+        if not client then
+            return
+        end
+
+        local function buf_set_keymap(...) vim.api.nvim_buf_set_keymap(args.buf, ...) end
+        local function buf_set_option(...) vim.api.nvim_buf_set_option(args.buf, ...) end
+
+        local opts = { noremap = true, silent = true }
+
+        buf_set_keymap('n', 'gD', '<cmd>lua vim.lsp.buf.declaration()<CR>', opts)
+        buf_set_keymap('n', 'gd', '<cmd>lua vim.lsp.buf.definition()<CR>', opts)
+        buf_set_keymap('n', 'K', '<cmd>lua vim.lsp.buf.hover()<CR>', opts)
+        buf_set_keymap('n', 'gi', '<cmd>lua vim.lsp.buf.implementation()<CR>', opts)
+        buf_set_keymap('n', '<C-k>', '<cmd>lua vim.lsp.buf.signature_help()<CR>', opts)
+        buf_set_keymap('n', '<space>wa', '<cmd>lua vim.lsp.buf.add_workspace_folder()<CR>', opts)
+        buf_set_keymap('n', '<space>wr', '<cmd>lua vim.lsp.buf.remove_workspace_folder()<CR>', opts)
+        buf_set_keymap('n', '<space>wl', '<cmd>lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))<CR>', opts)
+        buf_set_keymap('n', '<space>D', '<cmd>lua vim.lsp.buf.type_definition()<CR>', opts)
+        buf_set_keymap('n', '<space>rn', '<cmd>lua vim.lsp.buf.rename()<CR>', opts)
+        buf_set_keymap('n', '<space>ca', '<cmd>lua vim.lsp.buf.code_action()<CR>', opts)
+        buf_set_keymap('n', 'gr', '<cmd>lua vim.lsp.buf.references()<CR>', opts)
+        buf_set_keymap('n', '<space>e', '<cmd>lua vim.diagnostic.open_float(0, { scope = "line" })<CR>', opts)
+        buf_set_keymap('n', '[d', '<cmd>lua vim.lsp.diagnostic.goto_prev()<CR>', opts)
+        buf_set_keymap('n', ']d', '<cmd>lua vim.lsp.diagnostic.goto_next()<CR>', opts)
+        buf_set_keymap('n', '<space>q', '<cmd>lua vim.lsp.diagnostic.set_loclist()<CR>', opts)
+        buf_set_keymap('n', '<space>f', '<cmd>lua vim.lsp.buf.formatting()<CR>', opts)
+    end
+})
+
+vim.diagnostic.config({
+    focusable = false,
+    virtual_text = false,
+    underline = true,
+    signs = true,
+    update_in_insert = true
+})
+
+capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities)
+
+local servers = { 'astro', 'clangd', 'cssls', 'html', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' }
+for _, lsp in ipairs(servers) do
+    vim.lsp.config(lsp, {
+        capabilities = capabilities,
+        flags = { debounce_text_changes = 150 }
+    })
+    vim.lsp.enable(lsp)
+end
+
+-- nvim-cmp
+local luasnip = require('luasnip')
+local cmp = require('cmp')
+cmp.setup {
+    snippet = {
+        expand = function(args)
+            luasnip.lsp_expand(args.body)
+        end
+    },
+    mapping = {
+        ['<C-n>'] = cmp.mapping.select_next_item(),
+        ['<C-N>'] = cmp.mapping.select_prev_item(),
+        ['<C-d>'] = cmp.mapping.scroll_docs(-4),
+        ['<C-f>'] = cmp.mapping.scroll_docs(4),
+        ['<C-Space>'] = cmp.mapping.complete(),
+        ['<C-e>'] = cmp.mapping.close(),
+        ['<CR>'] = cmp.mapping.confirm {
+            behavior = cmp.ConfirmBehavior.Replace,
+            select = true,
+        },
+        ['<Tab>'] = function(fallback)
+            if cmp.visible() then
+                cmp.select_next_item()
+            elseif luasnip.expand_or_jumpable() then
+                vim.fn.feedkeys(vim.api.nvim_replace_termcodes('<Plug>luasnip-expand-or-jump', true, true, true), '')
+            else
+                fallback()
+            end
+        end,
+        ['<S-Tab>'] = function(fallback)
+            if cmp.visible() then
+                cmp.select_prev_item()
+            elseif luasnip.jumpable(-1) then
+                vim.fn.feedkeys(vim.api.nvim_replace_termcodes('<Plug>luasnip-jump-prev', true, true, true), '')
+            else
+                fallback()
+            end
+        end
+    },
+    sources = {
+        { name = 'nvim_lsp' },
+        { name = 'luasnip' }
+    }
+}
+
+-- LSP/Omnisharp
+local pid = vim.fn.getpid()
+vim.lsp.config("omnisharp", {
+    capabilities = capabilities,
+    on_attach = on_attach,
+    flags = { debounce_text_changes = 150 },
+    cmd = { "{{OMNISHARP_PATH}}", "--languageserver", "--hostPID", tostring(pid) }
+})
+vim.lsp.enable("omnisharp")
+
+-- LSP/rust_analyzer
+vim.lsp.config("rust_analyzer", {
+    capabilities = capabilities,
+    on_attach = on_attach,
+    flags = { debounce_text_changes = 150 },
+    settings = {
+        ["rust-analyzer"] = {
+            imports = {
+                granularity = {
+                    enforce = true,
+                    group = "module"
+                }
+            },
+            diagnostics = {
+                disabled = { "incorrect-ident-case" }
+            }
+        }
+    }
+})
+vim.lsp.enable("rust_analyzer")
+
+-- LSP/Diagnostics
+vim.lsp.config("diagnosticls", {
+    capabilities = capabilities,
+    on_attach = on_attach,
+    flags = { debounce_text_changes = 150 },
+    filetypes = { 'javascript', 'javascriptreact', 'typescript', 'typescriptreact', 'vue' },
+    init_options = {
+        linters = {
+            eslint = {
+                command = 'eslint_d',
+                rootPatterns = { '.git' },
+                debounce = 100,
+                args = { '--stdin', '--stdin-filename', '%filepath', '--format', 'json' },
+                sourceName = 'eslint',
+                parseJson = {
+                    errorsRoot = '[0].messages',
+                    line = 'line',
+                    column = 'column',
+                    endLine = 'endLine',
+                    endColumn = 'endColumn',
+                    message = '[eslint] ${message} [${ruleId}]',
+                    security = 'severity'
+                },
+                securities = {
+                    [2] = 'error',
+                    [1] = 'warning'
+                }
+            }
+        },
+        filetypes = {
+            javascript = 'eslint',
+            javascriptreact = 'eslint',
+            typescript = 'eslint',
+            typescriptreact = 'eslint',
+            vue = 'eslint'
+        }
+    }
+})
+vim.lsp.enable("diagnosticls")
+
+-- LSP/nixd
+vim.lsp.config("nixd", {
+  cmd = { "nixd" },
+  filetypes = { "nix" },
+  root_markers = { "flake.nix", ".git" },
+  settings = {
+    nixd = {
+      nixpkgs = {
+        expr = "import <nixpkgs> { }",
+      },
+      formatting = {
+        command = { "nixfmt" },
+      },
+      options = {
+        nixos = {
+          expr = '(builtins.getFlake (toString ./.)).nixosConfigurations.{{HOSTNAME}}.options',
+        },
+        home_manager = {
+          expr = '(builtins.getFlake (builtins.toString ./.)).nixosConfigurations."{{USERNAME}}@{{HOSTNAME}}".options.home-manager.users.type.getSubOptions []',
+        },
+      },
+    },
+  },
+})
+vim.lsp.enable("nixd")
+
+-- LSP/Signatures
+require("lsp_signature").setup {
+    hint_enable = false,
+    handler_opts = { border = "none" },
+    fix_pos = true
+}
+
+-- LSP/fzf
+require("fzf_lsp").setup()
+
+-- LSP/flutter
+require("flutter-tools").setup {
+    debugger = {
+        enabled = true
+    },
+    lsp = {
+        on_attach = on_attach,
+        cmd = { "{{DART_PATH}}", "language-server", "--protocol=lsp" }
+    }
+}
diff --git a/res/direnvrc b/res/direnvrc
new file mode 100644
index 0000000..8839ab5
--- /dev/null
+++ b/res/direnvrc
@@ -0,0 +1,9 @@
+: ${XDG_CACHE_HOME:=$HOME/.cache}
+declare -A direnv_layout_dirs
+direnv_layout_dir() {
+    echo "${direnv_layout_dirs[$PWD]:=$(
+        echo -n "$XDG_CACHE_HOME"/direnv/layouts/
+        echo -n "$(echo -n "$PWD" | shasum | cut -d ' ' -f 1)"
+        echo -n "-$(basename $PWD)"
+    )}"
+}
diff --git a/res/eww/eww.scss b/res/eww/eww.scss
new file mode 100644
index 0000000..763e6fd
--- /dev/null
+++ b/res/eww/eww.scss
@@ -0,0 +1,91 @@
+$background: EWW_BACKGROUND;
+$accent: EWW_ACCENT;
+$foreground: EWW_TEXT;
+
+* {
+  all: unset;
+}
+
+window {
+    background: transparent;
+}
+
+.bar {
+    margin: 5px 20px 5px 20px;
+}
+
+.widget {
+    background: $background;
+    color: $foreground;
+    font-family: "Noto Sans";
+    font-weight: 600;
+    font-size: 15px;
+    padding: 5px 15px;
+    border-radius: 50px;
+    box-shadow: rgba($foreground, .7) 0px 0px 2px;
+}
+
+.title {
+    margin: 0 5px;
+}
+
+.pill {
+    margin-right: 5px;
+    padding: 5px 10px;
+}
+
+.extended {
+    padding: 5px 15px;
+}
+
+.time {
+    .base {
+        font-weight: 700;
+    }
+    .extension {
+        font-weight: 500;
+        color: rgba($foreground, .7);
+    }
+}
+
+.workspaces {
+    padding: 5px 10px;
+    font-size: 22px;
+
+    button {
+        padding: 0px 2px;
+    }
+
+    .empty, .occupied {
+        color: $accent;
+    }
+}
+
+.widget.line-workspaces {
+    color: transparent;
+    padding: 0;
+    border-radius: 0;
+    font-size: 0;
+
+    button {
+        padding: 0 13px;
+    }
+
+    .empty {
+        background-color: $background;
+    }
+
+    .occupied {
+        background-color: $accent;
+    }
+
+    .focused {
+        background-color: $foreground;
+    }
+}
+
+.pill-icon {
+    color: $accent;
+    font-family: Material Symbols Outlined;
+    font-size: 18px;
+}
diff --git a/res/eww/eww.yuck b/res/eww/eww.yuck
new file mode 100644
index 0000000..d72a2cc
--- /dev/null
+++ b/res/eww/eww.yuck
@@ -0,0 +1,165 @@
+(defwindow mainbar :monitor 0
+
+                   :geometry (geometry :x "0%"
+                                       :y "0%"
+                                       :width "100%"
+                                       :height "30px"
+                                       :anchor "top center")
+                   :stacking "fg"
+                   :exclusive false
+                   :focusable false
+  (bar))
+
+(defwindow mainbar-ext :monitor 1
+                   :geometry (geometry :x "0%"
+                                       :y "0%"
+                                       :width "100%"
+                                       :height "30px"
+                                       :anchor "top center")
+                   :stacking "fg"
+                   :exclusive false
+                   :focusable false
+  (bar))
+
+(defvar bat-enabled _BAT_ENABLED_)
+(defvar bt-enabled _BT_ENABLED_)
+(defvar wifi-enabled _WIFI_ENABLED_)
+
+(defvar bat-extended true)
+(defvar bluetooth-extended false)
+(defvar network-extended false)
+(defvar time-extended false)
+
+(defpoll ptime   :interval "1s"
+  `date +%H:%M`)
+(defpoll petimea :interval "1s" :run-while time-extended
+  `date "+%A, %d %B %Y  "`)
+(defpoll petimeb :interval "1s" :run-while time-extended
+  `date "+:%S"`)
+(defpoll pbat_cap :interval "5s" :run-while bat-enabled
+  `cat /sys/class/power_supply/_BAT_PATH_/capacity`)
+(defpoll pbat_status :interval "1s" :run-while bat-enabled
+  `cat /sys/class/power_supply/_BAT_PATH_/status`)
+(defpoll wifi_ssid :interval "1s" :run-while wifi-enabled
+  `iwctl station wlan0 show | grep "Connected network" | awk '{print $3}'`)
+(defpoll wifi_strength :interval "1s" :run-while wifi-enabled
+  `iw dev wlan0 link | awk '/signal/ {gsub("-",""); print $2}'`)
+(defpoll bluetooth_device :interval "1s" :run-while bt-enabled
+  `bluetoothctl devices Connected | grep Device | cut -d" " -f3-`)
+(defpoll bluetooth_device_count :interval "1s" :run-while bt-enabled
+  `bluetoothctl devices Connected | wc -l`)
+
+(deflisten ltitle :initial "" "./scripts/title.sh")
+(deflisten lworkspaces :initial "[]" "./scripts/workspaces.sh")
+(deflisten lcurrent_workspace :initial "1" "./scripts/active-workspace.sh")
+
+(defwidget bar []
+  (eventbox :onscroll "./scripts/scroll.sh {}"
+    (centerbox :orientation "h"
+               :class "bar"
+      (workspaces)
+      (title)
+      (right_bar))))
+
+(defwidget workspaces []
+  (box :class "widget workspaces"
+       :halign "start"
+       :valign "center"
+       :vexpand true
+       :hexpand true
+    (for workspace in lworkspaces
+      (eventbox :cursor "hand"
+        (button :class "${workspace.id == lcurrent_workspace ? "focused" : (workspace.windows > 0 ? "occupied" : "empty")}"
+                :onclick "hyprctl dispatch workspace ${workspace.id}"
+          "${workspace.id == lcurrent_workspace ? "" : (workspace.windows > 0 ? "" : "")}")))))
+
+(defwidget title []
+  (literal :content ltitle))
+
+(defwidget time_extension [text]
+  (revealer :transition "slideleft"
+            :reveal time-extended
+            :duration 150
+    (label :text text
+           :class "extension")))
+
+(defwidget right_bar []
+  (box :orientation "horizontal"
+       :space-evenly false
+       :halign "end"
+    (box :visible {bt-enabled} (bluetooth))
+    (box :visible {wifi-enabled} (network))
+    (box :visible {bat-enabled} (battery))
+    (time)))
+
+(defwidget bluetooth []
+  (button :onclick `eww update bluetooth-extended=${bluetooth-extended ? "false" : "true"}`
+    (box :orientation "horizontal"
+         :class {"widget pill" + ((bluetooth-extended && bluetooth_device != "") ? " extended" : "")}
+         :spacing {(bluetooth-extended && bluetooth_device != "") ? 5 : 0}
+         :space-evenly false
+      (label :text { bluetooth_device == "" ? "" : ""}
+             :class "base pill-icon")
+      (revealer :transition "slideleft"
+                :reveal {bluetooth-extended && bluetooth_device != ""}
+                :duration 150
+        (label :text { bluetooth_device_count == "1" ? bluetooth_device : (bluetooth_device_count + " devices") }
+               :class "base")))))
+
+(defwidget network []
+  (button :onclick `eww update network-extended=${network-extended ? "false" : "true"}`
+    (box :orientation "horizontal"
+         :class {"widget pill" + ((network-extended && wifi_ssid != "") ? " extended" : "")}
+         :spacing {(network-extended && wifi_ssid != "") ? 5 : 0}
+         :space-evenly false
+      (label :text {
+          (wifi_ssid == "") ? ""
+        : (wifi_strength == "") ? ""
+        : (wifi_strength < 75) ? ""
+        : (wifi_strength < 65) ? ""
+        : (wifi_strength < 60) ? ""
+        : (wifi_strength < 50) ? ""
+        : ""}
+             :class "base pill-icon")
+      (revealer :transition "slideleft"
+                :reveal {network-extended && wifi_ssid != ""}
+                :duration 150
+        (label :text wifi_ssid
+               :class "base")))))
+
+(defwidget battery []
+  (button :onclick `eww update bat-extended=${bat-extended ? "false" : "true"}`
+    (box :orientation "horizontal"
+         :class {"widget pill" + (bat-extended ? " extended" : "")}
+         :spacing {bat-extended ? 3 : 0}
+         :space-evenly false
+      (label :text {
+          (pbat_status == "Charging" || pbat_status == "Full") ?
+            ( (pbat_cap < 20) ? ""
+            : (pbat_cap < 50) ? ""
+            : (pbat_cap < 100) ? ""
+            : "" )
+        : (pbat_cap < 10) ? ""
+        : (pbat_cap < 20) ? ""
+        : (pbat_cap < 50) ? ""
+        : (pbat_cap < 80) ? ""
+        : ""}
+             :class "base pill-icon")
+      (revealer :transition "slideleft"
+                :reveal bat-extended
+                :duration 150
+        (label :text {pbat_cap + "%"}
+               :class "base")))))
+
+
+(defwidget time []
+  (button :onclick `eww update time-extended=${time-extended ? "false" : "true"}`
+    (box :orientation "horizontal"
+         :space-evenly false
+         :hexpand true
+         :class "widget time"
+      (time_extension :text petimea)
+      (label :text ptime
+             :class "base")
+      (time_extension :text petimeb))))
+
diff --git a/res/eww/scripts/active-workspace.sh b/res/eww/scripts/active-workspace.sh
new file mode 100755
index 0000000..d4e6b87
--- /dev/null
+++ b/res/eww/scripts/active-workspace.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env sh
+
+hyprctl monitors -j | jq '.[] | select(.focused) | .activeWorkspace.id'
+
+socat -u UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock - |
+  stdbuf -o0 awk -F '>>|,' -e '/^workspace>>/ {print $2}' -e '/^focusedmon>>/ {print $3}'
diff --git a/res/eww/scripts/title.sh b/res/eww/scripts/title.sh
new file mode 100755
index 0000000..108e0a5
--- /dev/null
+++ b/res/eww/scripts/title.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env sh
+
+out () {
+    if [ -z "$1" ] || [ "$1" == "null" ]; then
+        echo ""
+    else
+        echo "(box :class \"widget title\" :halign \"center\" :valign \"center\" :vexpand true :hexpand true (label :text \"$1\"))"
+    fi
+}
+
+init=$(hyprctl activewindow -j | jq --raw-output .title)
+trunc=$(echo $init | cut -c-60)
+out "$trunc"
+
+socat -u UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock - | stdbuf -o0 awk -F '>>|,' '/^activewindow>>/{print $3}' | while read -r line ; do
+    trunc=$(echo $line | cut -c-60)
+    out "$trunc"
+done
diff --git a/res/eww/scripts/workspaces.sh b/res/eww/scripts/workspaces.sh
new file mode 100755
index 0000000..963dbe8
--- /dev/null
+++ b/res/eww/scripts/workspaces.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env sh
+
+spaces (){
+	WORKSPACE_WINDOWS=$(hyprctl workspaces -j | jq 'map({key: .id | tostring, value: .windows}) | from_entries')
+	seq 1 10 | jq --argjson windows "${WORKSPACE_WINDOWS}" --slurp -Mc 'map(tostring) | map({id: ., windows: ($windows[.]//0)})'
+}
+
+spaces
+socat -u UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock - | while read -r line; do
+	spaces
+done
diff --git a/res/theme.rasi b/res/theme.rasi
new file mode 100644
index 0000000..b7fd398
--- /dev/null
+++ b/res/theme.rasi
@@ -0,0 +1,89 @@
+// Stolen from https://github.com/DanisDGK thanks uwu
+
+configuration {
+  modi:                           "drun,run";
+  terminal:                       "kitty";
+  display-drun:                   "";
+  drun-display-format:            "{name}";
+  sidebar-mode:                   false;
+  show-icons:                     true;
+}
+
+@theme "/dev/null"
+
+* {
+  bg:                              CAT_BACKGROUND;
+  fg:                              CAT_TEXT;
+  button:                          CAT_ACCENT;
+
+  background-color:                @bg;
+  text-color:                      @fg;
+}
+
+window {
+  transparency:                   "real";
+  width:                          40%;
+  border-radius:                  20px;
+}
+
+prompt { enabled: false; }
+
+entry {
+  placeholder:                    "Search";
+  placeholder-color:              CAT_PLACEHOLDER;
+  transparency:                   "real";
+  expand:                         true;
+  font:                           "Noto Sans 32";
+  padding:                        1.5%;
+  border-radius:                  8px;
+  background-color:               transparent;
+}
+
+inputbar {
+  children:                       [ prompt, entry ];
+  expand:                         false;
+  border-radius:                  0px 0 8px 8px;
+  padding:                        30px 30px 15px 30px;
+}
+
+listview {
+  columns:                        1;
+  lines:                          4;
+  cycle:                          false;
+  dynamic:                        true;
+  layout:                         vertical;
+  padding:                        30px 30px 15px 30px;
+}
+
+mainbox { children: [ inputbar, listview ]; }
+
+element {
+  orientation:                    horizontal;
+  padding:                        1.5% 0% 1.5% 0%;
+  border-radius:                  8px;
+}
+
+element-text {
+  expand:                         true;
+  vertical-align:                 0.5;
+  horizontal-align:               0.97;
+  margin:                         0% 3% 0.5% 3%;
+  background-color:               inherit;
+  text-color:                     inherit;
+  font:                           "Noto Sans Medium 12";
+}
+
+element-icon {
+  vertical-align:                 0.5;
+  horizonal-align:                0.03;
+  margin:                         0.5% 3% 0.5% 3%;
+  background-color:               inherit;
+  text-color:                     inherit;
+  size:                           54;
+}
+
+element selected {
+  background-color:               @button;
+  border-radius:                  8px;
+  text-color:                     @bg;
+}
diff --git a/res/wallpaper.png b/res/wallpaper.png
index ea95619..fce7b00 100644
Binary files a/res/wallpaper.png and b/res/wallpaper.png differ
diff --git a/users/rin/scripts/osu b/scripts/osu
similarity index 100%
rename from users/rin/scripts/osu
rename to scripts/osu
diff --git a/scripts/tmptsync.sh b/scripts/tmptsync.sh
new file mode 100755
index 0000000..9d5aca7
--- /dev/null
+++ b/scripts/tmptsync.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+#
+# Super simple script that saves clock to file and reads from it later
+# Something like fake-hwclock from debian
+# CC0-1.0
+
+CMD="${1:-save}"
+
+if [ ! -v FILE ]; then
+    echo 'missing $FILE'
+    exit 64
+fi
+
+case $CMD in 
+    save)
+        date -u '+%Y-%m-%d %H:%M:%S' > $FILE
+        ;;
+    load)
+        if [ ! -e $FILE ]; then
+            echo "attempted to load from nonexistent file"
+            exit 65
+        fi
+        NEW=$(cat $FILE)
+        date -u -s "$NEW"
+        ;;
+    *)
+        echo "unknown subcommand"
+        exit 66
+        ;;
+esac
diff --git a/secrets.gcrypt/shared.json b/secrets.gcrypt/shared.json
new file mode 100644
index 0000000..21378e7
Binary files /dev/null and b/secrets.gcrypt/shared.json differ
diff --git a/secrets.nix b/secrets.nix
new file mode 100644
index 0000000..b1f55e5
--- /dev/null
+++ b/secrets.nix
@@ -0,0 +1,25 @@
+let
+  alyssum = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAp00i2DTwMk9i2WBEwpNTDA51TQJEqzpyCka6znmRzR";
+  anemone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEPFifSAybe97xDP/cq6AAjy7Fm0go0dtQ9ICK6JRUgc";
+  blossom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5wfPCcpkNR3ubr7cBV0UwVCDo/sMmV0aI/JOJTIxQj";
+  dandelion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFUk99ku7+eiIO7Q9sIPlPx3GiUljLv7W404W/zwrtzI";
+  hazel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6mi50ecrrMIn5C4QUyCjPHfSElz0mhevvFCznUzIrK";
+
+  rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15";
+in {
+  "secrets/passwd.age".publicKeys = [ alyssum anemone blossom rin ];
+  "secrets/passwd_smbcilly.age".publicKeys = [ alyssum rin ];
+  "secrets/passwd_smbkujira.age".publicKeys = [ alyssum rin ];
+  "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ];
+
+  "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ];
+  "secrets/navidrome_env.age".publicKeys = [ alyssum dandelion rin ];
+  "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ];
+  "secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ];
+  "secrets/warden_admin.age".publicKeys = [ rin ];
+  "secrets/wg_anemone.age".publicKeys = [ anemone rin ];
+  "secrets/wg_dandelion.age".publicKeys = [ dandelion rin ];
+  "secrets/wg_hazel.age".publicKeys = [ hazel rin ];
+  "secrets/wg_hyacinth.age".publicKeys = [ blossom rin ];
+  "secrets/wg_caramel.age".publicKeys = [ rin ];
+}
diff --git a/secrets/acme_dns.age b/secrets/acme_dns.age
new file mode 100644
index 0000000..c440de6
--- /dev/null
+++ b/secrets/acme_dns.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 kOMSPw vqjZO82kILUQaoD9EwOgnmXKD9IyscgtzP65BVKkGhs
+07f0vL5fSq+EVdJ4n3L/q0tGsh0SVLCueTzbrMQC2ok
+-> ssh-ed25519 bRFqeQ qZAsyhdIY/fg7weEBYfB/WwFBrr/fDRrjt0J/m+57W4
+FOWjbk7efoVdL9WxjWvaZ/0mJrQ4yj0fN/Fa3zztz84
+-> ssh-ed25519 ZAcXHw UHpAQ4nKoGGaZWXVj4UM6uBanOgDpBvG6XdoBvhz6y8
+xF1orqajQxp2QzU/e1sq8lMxz4AQ2Vr5a3wEU55QqyE
+-> ssh-ed25519 U9FXlg n/LPuRDZ7N0VbZYLNr86hH/yRuqd2zFC7Nnpooz8d0o
+aZig/wjd5vitGaJwQ89w2M7fj8fAiqTpdDOmLae74sM
+--- mXuALIh6k4n0cErsTFnwKemo/r2jFG7mGSTz2M8zXF8
+Zr2��.	��~M��P��XŹ1�)p�9R�9�ScLzhQ���O��0��H7���L�j�5�
�����\��l9�7���ܫn���>��
diff --git a/secrets/navidrome_env.age b/secrets/navidrome_env.age
new file mode 100644
index 0000000..7df364f
--- /dev/null
+++ b/secrets/navidrome_env.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 kOMSPw s/uDjoILzZ4meH5Thqdly/pPe2bTO7sKHPIsn7B/Ays
+Pg3ePdLimArZbzBJJkole/d6UjUafNayktjKqt9gqv4
+-> ssh-ed25519 bRFqeQ /yrku11wKk2gf24aPjSBZ1KBZXLOlSTOgvW13gjzC3M
+xTCWHdq5Vr02v9xDoEZqCcGLIdjZT9s29Gldoz27ow0
+-> ssh-ed25519 U9FXlg HhSqF8DRz/vW42Sf34fqGMIgj9Zpc5MeYNhqqsz7fBk
+4IzAURq50rY160/qAzo49cmhV7/skh7PGM8h9qI9WGE
+--- aSO1slFKfkECL6Gro84fMiDZ0QLLNbOrfiNegNK7ksc
+i'r��Ќ��l"�j^S�"_�UP��C��xs�1����M��w�ʍ�;#{a��}+��=��eԑ$�#s�z�Ki����J��D�?�>F��8k�Z(���;���)�[��b+�o�@�#2�L,����חL�<\��U���#����>13�p\��IQ)޽��@��p�,C��5�v8M%�NA	r7�ɀ�n��t
�'Ѕֲ��5+�bj��)�Ra�C�
\ No newline at end of file
diff --git a/secrets/passwd.age b/secrets/passwd.age
new file mode 100644
index 0000000..05ad906
--- /dev/null
+++ b/secrets/passwd.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 kOMSPw rWkX3HSRLDrGS1MJhIttcTrDpUkpKuvgzzj8VGYwo00
+ei4Smot7TzHG267tZOTHZGP/r708VyXsth6JkutoD0M
+-> ssh-ed25519 ohyStA i3Os44jBRhjApBM+LB2OBtN5Va5B4Rn9ns1T5ZgHsjw
+chQ66k2O/5vKQ/H3UK/SpyAVyMijeFzPamZrUuA2gFE
+-> ssh-ed25519 CUCjXQ bcoF9UqyTLIkv8voU3MqN8Z3ewXbIkDwdTD0MAbNiwA
+clZLUvkiT8kXITUh3n1khtUKRhzSEfql1+LaTpGyXtE
+-> ssh-ed25519 U9FXlg ICIR8S4zMAdXicH72HzJeeQfffjNThvSDkGc9fkRKQQ
+lr3xEi63dR+sywvIrbOTWkYyd9jTX619LHvZU9H9+Bw
+--- P7jilfDiKJ6O6vXk5s3FimCLHRQoVatVwoEjzoYncdg
+��$�a�s�[ԡ`��|��7�n��YYU6#�8Fl���W'��H;��O)OM�B�1�b_�i�S��pg��u-��yh�V�B�<!���T���'}�'}�·�����p���K�CKZ����Γ0�5yOI
\ No newline at end of file
diff --git a/secrets/passwd_smbcilly.age b/secrets/passwd_smbcilly.age
new file mode 100644
index 0000000..41ad172
--- /dev/null
+++ b/secrets/passwd_smbcilly.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 kOMSPw CQaXT9/nw3NGD2/H/ctSQGXIoacgjfKQ24wkpEieLSQ
+i4xEXgWGQ7xgQyaDQQIeDuiCLjA6Le23qSnv8C1cbcI
+-> ssh-ed25519 U9FXlg GL4dCSCku/FA6ipb9XI1AxO4lhm2r/1lRAeqaGrB32o
++pPgqwnoPi3wJLobTimVMj0rng+XRapRG6jTYFXSsDM
+--- eVgn3ON19pqq+L832bqlbkHUQXdaTI+LfSL4bYfEdew
+�*�l\�W�!J7E/����"f@%\���[��j8fӶ��
\ No newline at end of file
diff --git a/secrets/passwd_smbkujira.age b/secrets/passwd_smbkujira.age
new file mode 100644
index 0000000..71b6bb8
--- /dev/null
+++ b/secrets/passwd_smbkujira.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 kOMSPw Kn+LPMoyOrVwI/nrGgnxgVA3D+tVY9Tccg/Yx/jL+E8
+IfWiSBh7KgNvgcHlcDzfdcB9nxm1zy12Ae7AGm39fdE
+-> ssh-ed25519 U9FXlg 6eIIGEIYDo02FBsgBnwbuOeR8t4xB6jSmLfIL73UCDg
+QOc0ddunQQcVEVD20DKKpn3wZWUSveFJSUTBnv+xnNk
+--- MjN2i0FNzbUpBGUDNgWGXrRsYl2gtsQX+JlzZV/fYdw
+T� <�R#d�Ć̎lLk�N���8�c�_N�)��T
\ No newline at end of file
diff --git a/secrets/slskd_env.age b/secrets/slskd_env.age
new file mode 100644
index 0000000..eded5d0
--- /dev/null
+++ b/secrets/slskd_env.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 ohyStA 3Do7MsCBX9ZgP6pIekvkRisFgF74jq2cKxrjUi2NlhM
+EdfLIUk40isfNBY4CKA0JjHc2RaCM/LJmvQJuue+aYs
+-> ssh-ed25519 bRFqeQ XcjdLy6CEELgdN133BkgTG0cUffU6N9nsapB3c9Swyc
++ILEkir7XMK/xLNrTs2R+pBoucIN7fVEBRZSZwBo7Fs
+-> ssh-ed25519 U9FXlg bqpdUcMN/bk7WlIruWmhj0hpFL/CliDHto/P/KaMdxk
+z6wKPbT1OAW7sDjeziwdqs6mf9Rk37xsU9pw4wYMOF4
+--- wNvTtQPOTxetOpazjBXo4fR3wPL7CVQq4R30gOj/qQw
+&P+�����S��y�=}��~1�C�����^.�?zL��H��R`akE��R��(4�R!�*l�!���A��~@VG����<��2��-K8H�Pu�2jS#WД�����l>@�a	.Mƞ���Hg[���$�Wˌ�[��"%N�,� rGN�mf�9F��k&~�OW�Z70���t�����?���eOf��A������z�,hq/�Z�&��Fy�5ɾ�BQw���/�"��J�S섘5�f}%B��PĮ�,
r�F`�Nm��n�C�Î��rJ���af� �i�?���0���pz�aV�[��y�j�X4��B>R,�tyO��IW!�(��n#�ܒj>�����58�9���d��0�����mi���%�t�C�R˄^I�r�M�")֙�S�&.)l�z�Өq����:�r���brE@�JǺsM����d��?�Sk
\ No newline at end of file
diff --git a/secrets/tailscale_auth.age b/secrets/tailscale_auth.age
new file mode 100644
index 0000000..be7af43
--- /dev/null
+++ b/secrets/tailscale_auth.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 kOMSPw judP6VmZDGErkHfUpCp3xTgJtWVmGv3/tZw3WGyhfhM
+10jxPIR6Qaf/iWLzbWOrFq9XBsm8OC3mcMrxEt+BYQ8
+-> ssh-ed25519 ohyStA Xc6TjSJYtJkK1VEauNJKn+RcTdwdkyJ0Sr+tbAJ8rGc
+vzQt4zMdktY5tNvfu9HsKBgJb52uM7x8bhF+WXwpWZ8
+-> ssh-ed25519 CUCjXQ r8WxaXpWtaBdMJ2ubaAwJ4ipSz/UtnMs0x3+eI8p0VU
+CdicUH7AE4E4XVHDAeYzQdsYMYA0sCLlt2P4eR24vvs
+-> ssh-ed25519 bRFqeQ E9sknPioO9leKqs8bFJDLrAMuRAJf0ZRyGMvy7O5wVA
+KX93oSqGHimM/PaeaoHq1aYVXGG1YsVMO2ihZaM8xVE
+-> ssh-ed25519 U9FXlg u7yG7cLylPUgu/Is4xx0BXVhX31vUtgStV5CYa8Cowg
+xAuGYZpMPVQpZYASXrMuqNE9wqqEG3kMLUNjLzPmL4g
+--- EoeqIMnX5tR3J51Cz2QEyjsgD/7h468bqjRmt3mOEjY
+��xHQ���)����k�)ĉB�~ە�֖Zv?����%lQx
OwZIs�ۄ�f4�D���ǔ�*�Otݳ�0.m[q�_[�����v���
\ No newline at end of file
diff --git a/secrets/warden_admin.age b/secrets/warden_admin.age
new file mode 100644
index 0000000..1c56924
Binary files /dev/null and b/secrets/warden_admin.age differ
diff --git a/secrets/wg_anemone.age b/secrets/wg_anemone.age
new file mode 100644
index 0000000..3ed5b37
Binary files /dev/null and b/secrets/wg_anemone.age differ
diff --git a/secrets/wg_caramel.age b/secrets/wg_caramel.age
new file mode 100644
index 0000000..a85d63f
--- /dev/null
+++ b/secrets/wg_caramel.age
@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 U9FXlg VpFnvpTVZFSkKRpEgcmuT/WDLIP1ZySFLq2lRvrjq20
+7zQoSoIs1URmAYn2AdjvDTIY8GDYROcSxFq1bcl24Og
+--- iaQQUE1/Xj1vxto3d+Llyl6XGrSff5MGPxdCHW9EI40
+����Ʀ�`t��	�\� �
+b��peH���X�3�!�$�3]X�32�t~V�.=��>�$�x�B�KJ�AL:�DD�}5
\ No newline at end of file
diff --git a/secrets/wg_dandelion.age b/secrets/wg_dandelion.age
new file mode 100644
index 0000000..0229699
--- /dev/null
+++ b/secrets/wg_dandelion.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 bRFqeQ swv/p+w9+aytIkQ/6Yk1jouA+0M3rJabuiOz2rlpyAs
+wt+wnM1EEKAyDNefr9K4+DtZvHcOzz9Y1EBRFkA5Nv4
+-> ssh-ed25519 U9FXlg xxV/8JoorO4YWPbwSG7p306Pb2+aT10u9eNR69PhZAA
+rjOOuapa/h1tMYbdOc3Y/fPPzkNcYiamSk6rS/tbhtE
+--- UKvt/4aAyYHOk5bhAP55yxPhkxTE94/xEqIqpGF3yiE
+����5;_�E�DB�<k�J~��&�TD��z`/=t��ɲ�؈����;�y�)��%�LٕJ*@��
cx<;�ko��
\ No newline at end of file
diff --git a/secrets/wg_hazel.age b/secrets/wg_hazel.age
new file mode 100644
index 0000000..fa7fbb8
--- /dev/null
+++ b/secrets/wg_hazel.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 ZAcXHw eEKOjQqzqL9npB+C/wUahKJg58fedM6oxPKuKlMHpRo
+obx/pnoSM0uXYR7EC/yHYVs8gM/W74zoMijdWRpnYv8
+-> ssh-ed25519 U9FXlg o8QW/BHBKLHhahpcHf5ZrYIbCzilWVZvXr1nEChAqFM
+fgmtkUzJs2Oeq85JVl0HrHwBg/gjDQfzT5J+9Wyk8Kw
+--- yXs0fQOQfJ1NyPAPSr+1nm5/hVds5dhxW4WZagtMna0
+;�ǓוZ�I=Z��[�c�Ϗ7���&.�H�Fk��JUDN������i_N��TȊ�"��l�_G�o)f��s9&
\ No newline at end of file
diff --git a/secrets/wg_hyacinth.age b/secrets/wg_hyacinth.age
new file mode 100644
index 0000000..082940f
--- /dev/null
+++ b/secrets/wg_hyacinth.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 CUCjXQ ptHKlNvz+AmnB/Wt9XBBNyfOGeoPG5TbyrXv5993PDQ
+P0C17K+Kz8ocn0vzLf02aaYnxvRM/yjfRLMsBaJhsok
+-> ssh-ed25519 U9FXlg /M8ryJjXAdlWhvNHbQgKUxe/UtL7HqEs9RqNDQBW3SM
+p2d9OnOkU2Hx7+Kn+Z66qElFvczd3F4zVm5KXbOzYWY
+--- PVd8mrRk/t6qv/U32/AZk9YssRU1yn3CLPeyaEPBXi0
+��:�Dx[cyyۙc4�ɥ�/އ^�.��=�†�ȯo�G�VQdXf���^�@TRe���g���n����9UT�	
\ No newline at end of file
diff --git a/secrets/wpa_conf.age b/secrets/wpa_conf.age
new file mode 100644
index 0000000..555b594
--- /dev/null
+++ b/secrets/wpa_conf.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 kOMSPw WjWYVdPA5nC91K7UTi5lsbmljg1nVKCGkx1xtWWmR3A
+ZqwrUa6UMKMs7VPPlL7Q7mevVS8PKb/CBmPjt9l+stE
+-> ssh-ed25519 CUCjXQ 6NWpq4HWsktCO86TO8QvPA13gu5QVo6MDh8pNGYItn4
+LBqgl0q5VF/246BNc1+Mp4nKgpFdsbM6B/H/dL2e3lE
+-> ssh-ed25519 U9FXlg yWJhHQPrrE/OvVSTJyPove9/eyCDOozEBUhSPpEDvSs
+TI5tdtnRnNhVe6whNVmuQA/TcO5VlUCwTOpauoMqtRw
+--- FCXwxwx3KHMqQic8vkJVcxRqvUIisZRtoVA4lRo9+8o
+�c;)s9x�X�PG�6>u������@��1��o\ ��-�<��1 �,⯨��R���S(Q�����8oἐ����Jy7�fK�>��#�F
��U� S��,����A�������Q��}x�V0Q�O�ށ�[%�?u
\ No newline at end of file
diff --git a/update.sh b/update.sh
new file mode 100755
index 0000000..6167e8c
--- /dev/null
+++ b/update.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env -S nix shell 'nixpkgs#git' 'nixpkgs#curl' -c bash
+
+update_kernel() {
+    previous_ver=$(cat packages/linux-lava/sources.nix | grep "version =" | sed --expression='s/[^0-9.]//g')
+    kernel_ver=$(curl -s https://www.kernel.org/finger_banner | grep -m1 stable | awk '{print $NF}')
+
+    if [ "$previous_ver" = "$kernel_ver" ]; then
+        return
+    fi
+
+    kernel_major=$(cut -d '.' -f 1 <<< "$kernel_ver")
+    kernel_mmver=$(cut -d '.' -f 1,2 <<< "$kernel_ver")
+
+    hash_mm=$(nix-prefetch-url "https://cdn.kernel.org/pub/linux/kernel/v${kernel_major}.x/linux-${kernel_mmver}.tar.xz")
+    hash_patch=$(nix-prefetch-url "https://cdn.kernel.org/pub/linux/kernel/v${kernel_major}.x/patch-${kernel_ver}.xz")
+
+    sed -i "/version =/c\  version = \"${kernel_ver}\";" packages/linux-lava/sources.nix
+    sed -i "/kernelHash =/c\  kernelHash = \"${hash_mm}\";" packages/linux-lava/sources.nix
+    sed -i "/kernelPatchHash =/c\  kernelPatchHash = \"${hash_patch}\";" packages/linux-lava/sources.nix
+
+    git add packages/linux-lava/sources.nix
+    git commit -m "packages/linux-lava: bump to ${kernel_ver}"
+}
+
+bump_inputs() {
+    nix flake update
+    git add flake.lock
+    git commit -m "flake: bump inputs"
+}
+
+bump_inputs
+update_kernel
diff --git a/users/hana/default.nix b/users/hana/default.nix
new file mode 100644
index 0000000..69558ea
--- /dev/null
+++ b/users/hana/default.nix
@@ -0,0 +1,36 @@
+{ config, lib, modules, pkgs, ... }: {
+  programs.nh.flake = "/persist/hana/flakes";
+  programs.zsh.enable = true;
+  users.users.hana = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    shell = pkgs.zsh;
+    uid = 1002;
+    hashedPassword = "$y$j9T$3xCNDudmfrIu5VfQQoDkj/$ugzJWq0gORN9jnhDsREu31CkL3zwniQu6KoLbmg6Wr/";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15 rin@anemone"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhP8yi/CdACtql3I4j0xI+r0KV4AVCb265Bd/RTFBu4 hana@dandelion"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5l9t8dc6mPsKKYqZlPKvhOdyqz+DS5UOcvHuh3uVGt cilly@hibiscus"
+    ];
+  };
+
+  home-manager.users.hana = { config, lib, pkgs, ... }: {
+    home = {
+      username = "hana";
+      homeDirectory = "/home/hana";
+      stateVersion = "24.11";
+    };
+
+    imports = with modules.user; [
+      comma
+      direnv
+      git
+      neovim-minimal
+      sessionVariables
+      zsh
+    ];
+
+    programs.git.signing.signByDefault = lib.mkForce false;
+    programs.zsh.history.path = lib.mkForce "/persist/hana/zsh_history";
+  };
+}
diff --git a/users/rin/alacritty.nix b/users/rin/alacritty.nix
deleted file mode 100644
index bd814dd..0000000
--- a/users/rin/alacritty.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ config, ... }: {
-  programs.alacritty = {
-    enable = true;
-    settings = {
-      scrolling = {
-        history = 10000;
-        multiplier = 3;
-      };
-      font = {
-        normal = {
-          family = "CascadiaCode";
-          style = "Regular";
-        };
-        size = 8.6;
-      };
-      window = {
-        dynamic_title = true;
-        padding = {
-          x = 5;
-          y = 0;
-        };
-      };
-      # TODO: how
-      # hints.enabled = [{
-      #   command = "xdg-open";
-      #   post_processing = true;
-      #   mouse = {
-      #     enabled = true;
-      #     mods = "Control";
-      #   };
-      # }];
-
-      colors.primary.background = "#000000";
-      background_opacity = 0.65;
-      draw_bold_text_with_bright_colors = true;
-    };
-  };
-}
diff --git a/users/rin/bspwm.nix b/users/rin/bspwm.nix
deleted file mode 100644
index d20632d..0000000
--- a/users/rin/bspwm.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ config, ... }: {
-  xsession.windowManager.bspwm = {
-    enable = true;
-    monitors = { eDP-1 = [ "I" "II" "III" "IV" "V" "VI" "VII" "VIII" "XI" "X" ]; };
-    settings = {
-      window_gap = 10;
-      border_width = 0;
-      split_ratio = 0.5;
-      top_padding = 25;
-    };
-    extraConfig = ''
-      feh --no-fehbg --bg-fill ${config.xdg.configHome}/xorg/wallpaper.png
-      systemctl --user restart polybar # home-manager loads this too early
-    '';
-  };
-}
diff --git a/users/rin/default.nix b/users/rin/default.nix
index dd9a585..a70d716 100644
--- a/users/rin/default.nix
+++ b/users/rin/default.nix
@@ -1,9 +1,62 @@
-{ config, pkgs, ... }: {
+{ config, modules, pkgs, ... }: {
+  programs.nh.flake = "/home/rin/Projects/flakes";
+  programs.zsh.enable = true;
   users.users.rin = {
     isNormalUser = true;
-    extraGroups = [ "audio" "video" "wheel" ];
+    extraGroups = [ "adbusers" "audio" "corectrl" "dialout" "docker" "libvirtd" "networkmanager" "video" "wheel" "wireshark" ];
     shell = pkgs.zsh;
     uid = 1001;
+    hashedPasswordFile = config.age.secrets.passwd.path;
+  };
+  home-manager.users.rin = { config, lib, pkgs, ... }: {
+    home = {
+      username = "rin";
+      homeDirectory = "/home/rin";
+      stateVersion = "21.05";
+      keyboard = null; # see https://github.com/nix-community/home-manager/issues/2219
+    };
+
+    imports = with modules.user; [
+      ./packages.nix
+      sessionVariables
+
+      catppuccin
+      comma
+      direnv
+      git
+      gpg
+      neovim
+      npm
+      zsh
+    # HACK: include all gui for now due to infinite recursion (inability to dynamically control imports)
+    # ] ++ lib.optionals config.me.gui [
+    ] ++ [
+      theming
+      xdg
+
+      hypridle
+      hyprlock
+      kitty
+      mpv
+      obs
+      rofi
+
+      dunst
+      eww
+
+      spicetify
+    ];
+
+    services.mpris-proxy.enable = true;
+    home.packages = [ pkgs.wl-clipboard ];
+
+    home.file.".local/bin/ipc-bridge.exe".source = builtins.fetchurl {
+      url = "https://github.com/0e4ef622/wine-discord-ipc-bridge/releases/download/v0.0.1/winediscordipcbridge.exe";
+      sha256 = "1swn9spxpq6blm74kjmfz4ipq6a8qjzccvb2msb25pf5b1z7jnns";
+    };
+    home.file.".local/bin/osu" = {
+      executable = true;
+      source = ../../scripts/osu;
+    };
   };
-  home-manager.users.rin = import ./home.nix;
 }
diff --git a/users/rin/dunst.nix b/users/rin/dunst.nix
deleted file mode 100644
index 9699e94..0000000
--- a/users/rin/dunst.nix
+++ /dev/null
@@ -1,68 +0,0 @@
-# TODO: i've literally never configured dunst ever since i first installed it (the rc was copypasted from somewhere i forgot im sorry), should play around with it later
-{ config, ... }: {
-  services.dunst = {
-    enable = true;
-    settings = {
-      global = {
-        monitor = 0;
-        follow = "mouse";
-        #geometry = "250x50-24+24";
-        geometry = "600x50-24+24";
-        indicate_hidden = true;
-        shrink = true;
-        separator_height = 0;
-        padding = 16;
-        horizontal_padding = 24;
-        frame_width = 2;
-        sort = false;
-        idle_threshold = 120;
-        font = "Open Sans 8";
-        line_height = 4;
-        markup = "full";
-        format = "<b>%s</b>\\n%b";
-        alignment = "left";
-        show_age_threshold = 60;
-        word_wrap = true;
-        ignore_newline = false;
-        stack_duplicates = false;
-        hide_duplicate_count = true;
-        show_indicators = false;
-        icon_position = "left";
-        max_icon_size = 32;
-        sticky_history = true;
-        history_length = 20;
-        browser = "/run/current-system/sw/bin/firefox -new-tab";
-        always_run_script = true;
-        title = "Dunst";
-        class = "Dunst";
-        corner_radius = 5;
-      };
-
-      shortcuts = {
-        close = "ctrl+space";
-        close_all = "ctrl+shift+space";
-        history = "ctrl+grave";
-        context = "ctrl+shift+period";
-      };
-
-      urgency_low = {
-        background = "#2f343f";
-        foreground = "#d8dee8";
-        timeout = 2;
-      };
-
-      urgency_normal = {
-        background = "#2f343f";
-        foreground = "#d8dee8";
-        timeout = 4;
-      };
-
-      urgency_critical = {
-        background = "#2f343f";
-        foreground = "#d8dee8";
-        frame_color = "#bf616a";
-        timeout = 0;
-      };
-    };
-  };
-}
diff --git a/users/rin/home.nix b/users/rin/home.nix
deleted file mode 100644
index 47de358..0000000
--- a/users/rin/home.nix
+++ /dev/null
@@ -1,102 +0,0 @@
-{ config, pkgs, ... }: rec {
-  home = {
-    username = "rin";
-    homeDirectory = "/home/rin";
-    stateVersion = "21.05";
-    packages = with pkgs; [
-      appimage-run
-      brave
-      discord-canary
-      element-desktop
-      ffmpeg
-      gnome.file-roller
-      ghidra-bin
-      gimp
-      gnupg
-      inkscape
-      kotatogram-desktop
-      lf
-      mps-youtube
-      neofetch
-      pamixer
-      pavucontrol
-      tor-browser-bundle-bin
-      transcrypt
-      unrar
-      vlc
-      wine-osu
-      (winetricks.override { wine = wine-osu; })
-      xorg.xgamma
-      youtube-dl
-    ];
-  };
-
-  imports = [
-    ./theming.nix
-    ./xdg.nix
-
-    ./alacritty.nix
-    ./mpv.nix
-    ./neovim.nix
-    ./npm.nix
-    ./rofi.nix
-    # ./urxvt.nix
-    ./zsh.nix
-
-    ./dunst.nix
-    ./picom.nix
-    ./polybar.bspwm.nix
-    # ./polybar.i3.nix
-
-    ./xorg.nix
-    ./sxhkd.nix
-    ./bspwm.nix
-    # ./i3.nix
-  ];
-
-  programs = {
-    feh.enable = true;
-
-    direnv = {
-      enable = true;
-      nix-direnv = {
-        enable = true;
-        enableFlakes = true;
-      };
-    };
-    git = {
-      enable = true;
-      userName = "LavaDesu";
-      userEmail = "me@lava.moe";
-      signing = {
-        key = "059F098EBF0E9A13E10A46BF6500251E087653C9";
-        signByDefault = true;
-      };
-      extraConfig = {
-        core.abbrev = 11;
-      };
-    };
-    gpg = {
-      enable = true;
-      homedir = "${config.xdg.dataHome}/gnupg";
-    };
-  };
-
-  services = {
-    # TODO: borked
-    clipmenu.enable = false;
-    gpg-agent = {
-      enable = true;
-      pinentryFlavor = "gnome3";
-    };
-  };
-
-  home.file.".local/bin/ipc-bridge.exe".source = builtins.fetchurl {
-    url = "https://github.com/0e4ef622/wine-discord-ipc-bridge/releases/download/v0.0.1/winediscordipcbridge.exe";
-    sha256 = "1swn9spxpq6blm74kjmfz4ipq6a8qjzccvb2msb25pf5b1z7jnns";
-  };
-  home.file.".local/bin/osu" = {
-    executable = true;
-    source = ./scripts/osu;
-  };
-}
diff --git a/users/rin/i3.nix b/users/rin/i3.nix
deleted file mode 100644
index 4c7cbc2..0000000
--- a/users/rin/i3.nix
+++ /dev/null
@@ -1,233 +0,0 @@
-{ config, pkgs, ... }:
-let
-  super = "Mod4";
-  alt = "Mod1";
-
-  mkGapsMode = mode: {
-    "plus"  = "gaps ${mode} current plus 5";
-    "minus" = "gaps ${mode} current minus 5";
-    "0"     = "gaps ${mode} current set 0";
-    "Shift+plus"  = "gaps ${mode} all plus 5";
-    "Shift+minus" = "gaps ${mode} all minus 5";
-    "Shift+0"     = "gaps ${mode} all set 0";
-    "Return" = "mode gapsMode";
-    "Escape" = "mode default";
-  };
-  genGapsModes = modes: builtins.listToAttrs (builtins.map (mode: {
-    name = mode;
-    value = mkGapsMode mode;
-  }) modes);
-  genColors = states: builtins.listToAttrs (builtins.map (state: {
-    name = state;
-    value = {
-      background = "#2f343f";
-      border = "#2f343f";
-      childBorder = "#2f343f";
-      indicator = "#2f343f";
-      text = "#d8dee8";
-    };
-  }) states);
-
-in rec {
-  xsession.windowManager.i3 = {
-    enable = true;
-    package = pkgs.i3-gaps;
-
-    config = {
-      startup = [
-        {
-          # HACK: what is this lol
-          command = "systemctl --user restart polybar";
-          always = true;
-          notification = false;
-        }
-        {
-          command = "feh --no-fehbg --bg-fill ${config.xdg.configHome}/xorg/wallpaper.png";
-          always = true;
-          notification = false;
-        }
-      ];
-
-      fonts = {
-        names = [
-          "Open Sans"
-          "HanaMinA"
-          "HanaMinB"
-        ];
-        style = "Regular";
-        size = 8.0;
-      };
-
-      floating = {
-        titlebar = false;
-        modifier = super;
-        border = 0;
-      };
-
-      window.border = 0;
-      bars = [];
-
-      gaps = {
-        smartGaps = true;
-        inner = 5;
-      };
-
-      colors = genColors [
-        "focused"
-        "focusedInactive"
-        "unfocused"
-        "urgent"
-        "placeholder"
-      ] // { background = "#2f343f"; };
-      #colors.focused.background = "#1d242f";
-
-      modifier = super;
-      keybindings = {
-        # Rofi (App launcher)
-        "${super}+Return" = "exec rofi -lines 12 -padding 18 -width 60 -location 0 -show drun -sidebar-mode -columns 3 -font 'Noto Sans 8'";
-
-        # Printscreen
-        "Print" = "exec maim -us | tee ~/Pictures/Screenshots/$(date +%s)c.png | xclip -selection clipboard -t image/png";
-        "Shift+Print" = "exec maim -u | tee ~/Pictures/Screenshots/$(date +%s).png | xclip -selection clipboard -t image/png";
-
-        # Quick-kill picom
-        "${super}+p" = "exec systemctl --user stop picom";
-        "${super}+Shift+p" = "exec systemctl --user restart picom";
-
-        # Volume
-        "XF86AudioRaiseVolume" = "exec pamixer -i 5%";
-        "XF86AudioLowerVolume" = "exec pamixer -d 5%";
-        "XF86AudioMute" = "exec pamixer -t";
-
-        # Brightness
-        "XF86MonBrightnessUp" = "exec light -A 10";
-        "XF86MonBrightnessDown" = "exec light -U 10";
-        "Shift+XF86MonBrightnessUp" = "exec light -A 1";
-        "Shift+XF86MonBrightnessDown" = "exec light -U 1";
-        "Ctrl+XF86MonBrightnessUp" = "exec xgamma -gamma 1.3";
-        "Ctrl+XF86MonBrightnessDown" = "exec xgamma -gamma 1";
-
-        # Music control
-        # "XF86AudioNext" = "exec mpc next";
-        # "XF86AudioPrev" = "exec mpc prev";
-        # "XF86AudioPlay" = "exec mpc toggle";
-        # "XF86AudioStop" = "exec mpc stop";
-
-        # Kill focused window
-        "${super}+c" = "kill";
-        "${alt}+F4" = "kill";
-
-        # Change focus
-        "${super}+Left" = "focus left";
-        "${super}+Down" = "focus down";
-        "${super}+Up" = "focus up";
-        "${super}+Right" = "focus right";
-        "${super}+h" = "focus left";
-        "${super}+j" = "focus down";
-        "${super}+k" = "focus up";
-        "${super}+l" = "focus right";
-
-        # Move focused window
-        "${super}+Shift+Left" = "move left";
-        "${super}+Shift+Down" = "move down";
-        "${super}+Shift+Up" = "move up";
-        "${super}+Shift+Right" = "move right";
-        "${super}+Shift+h" = "move left";
-        "${super}+Shift+j" = "move down";
-        "${super}+Shift+k" = "move up";
-        "${super}+Shift+l" = "move right";
-
-        # Change split modes
-        "${super}+b" = "split h";
-        "${super}+v" = "split v";
-        "${super}+s" = "layout toggle split";
-        "${super}+w" = "layout tabbed";
-
-        # Enter fullscreen
-        "${super}+f" = "fullscreen toggle";
-
-        # Toggle floating windows
-        "${super}+space" = "floating toggle";
-
-        # Restart / Exit i3
-        "${super}+Shift+r" = "restart";
-        "${super}+q" = "exec i3-nagbar -m 'Exit?' -b 'Yes' 'i3-msg exit'";
-
-        # Modes
-        "${super}+r" = "mode Resize";
-        "${super}+Shift+g" = "mode Gaps";
-
-        # Workspace switching
-        "${super}+1" = "workspace number $ws1";
-        "${super}+2" = "workspace number $ws2";
-        "${super}+3" = "workspace number $ws3";
-        "${super}+4" = "workspace number $ws4";
-        "${super}+5" = "workspace number $ws5";
-        "${super}+6" = "workspace number $ws6";
-        "${super}+7" = "workspace number $ws7";
-        "${super}+8" = "workspace number $ws8";
-        "${super}+9" = "workspace number $ws9";
-        "${super}+0" = "workspace number $ws10";
-        "${alt}+Control+Left" = "workspace prev";
-        "${alt}+Control+Right" = "workspace next";
-        "${alt}+Control+h" = "workspace prev";
-        "${alt}+Control+l" = "workspace next";
-
-        "${super}+Shift+1" = "move container to workspace number $ws1";
-        "${super}+Shift+2" = "move container to workspace number $ws2";
-        "${super}+Shift+3" = "move container to workspace number $ws3";
-        "${super}+Shift+4" = "move container to workspace number $ws4";
-        "${super}+Shift+5" = "move container to workspace number $ws5";
-        "${super}+Shift+6" = "move container to workspace number $ws6";
-        "${super}+Shift+7" = "move container to workspace number $ws7";
-        "${super}+Shift+8" = "move container to workspace number $ws8";
-        "${super}+Shift+9" = "move container to workspace number $ws9";
-        "${super}+Shift+0" = "move container to workspace number $ws10";
-      };
-
-      modes = {
-        "Resize" = {
-          "Left" = "resize shrink width 5 px or 5 ppt";
-          "Down" = "resize grow height 5 px or 5 ppt";
-          "Up" = "resize shrink height 5 px or 5 ppt";
-          "Right" = "resize grow width 5 px or 5 ppt";
-          "Return" = "mode default";
-        };
-        "Gaps" = {
-          "o"      = "mode Outer";
-          "i"      = "mode Inner";
-          "h"      = "mode Horizontal";
-          "v"      = "mode Vertical";
-          "t"      = "mode Top";
-          "r"      = "mode Right";
-          "b"      = "mode Bottom";
-          "l"      = "mode Left";
-          "Return" = "mode Gaps";
-          "Escape" = "mode default";
-        };
-      } // genGapsModes [
-        "Outer"
-        "Inner"
-        "Horizontal"
-        "Vertical"
-        "Top"
-        "Right"
-        "Bottom"
-        "Left"
-      ];
-    };
-
-    extraConfig = ''
-      set $ws1 "1:code"
-      set $ws2 "2:web"
-      set $ws3 "3:discord"
-      set $ws4 "4:game"
-      set $ws5 "5"
-      set $ws6 "6"
-      set $ws7 "7"
-      set $ws8 "8:steam"
-      set $ws9 "9:spotify"
-      set $ws10 "10:term"
-    '';
-  };
-}
diff --git a/users/rin/neovim.nix b/users/rin/neovim.nix
deleted file mode 100644
index 982264d..0000000
--- a/users/rin/neovim.nix
+++ /dev/null
@@ -1,91 +0,0 @@
-{ config, pkgs, ... }:
-let
-  vim-material = pkgs.vimUtils.buildVimPlugin {
-    name = "vim-material";
-    src = pkgs.fetchFromGitHub {
-      owner = "hzchirs";
-      repo = "vim-material";
-      rev = "05461c967b861ef532c44d5348555febac94b0d5";
-      sha256 = "1w59zqrx3scqsrg1a43497xybc3m4zm00kwfqpvjfw6qrpk2zb3f";
-    };
-  };
-in {
-  programs.neovim = {
-    enable = true;
-    viAlias = true;
-    vimAlias = true;
-    vimdiffAlias = true;
-
-    plugins = with pkgs.vimPlugins; [
-      # nerdtree
-      # vim-fugitive
-      ale
-      coc-nvim
-      dart-vim-plugin
-      vim-airline
-      vim-javascript
-      vim-material
-      vim-nix
-      vim-repeat
-      vim-surround
-
-      lf-vim
-      vim-floaterm
-    ];
-    withNodeJs = true;
-
-    extraConfig = ''
-      " configuration
-      syntax enable
-      set relativenumber number
-      set noswapfile
-      set hlsearch
-      set ignorecase
-      set incsearch
-      set title
-      set clipboard^=unnamed
-      set tabstop=8 softtabstop=0 expandtab shiftwidth=4 smarttab
-      set expandtab
-
-      " theming
-      set termguicolors
-      hi MatchParen cterm=underline ctermbg=none ctermfg=white
-      let g:material_style='oceanic'
-      let g:airline_theme='material'
-      set background=dark
-      colorscheme vim-material
-
-      " using tab for trigger completion
-      function! s:check_back_space() abort
-        let col = col('.') - 1
-        return !col || getline('.')[col - 1]  =~ '\s'
-      endfunction
-
-      inoremap <silent><expr> <Tab>
-            \ pumvisible() ? "\<C-n>" :
-            \ <SID>check_back_space() ? "\<Tab>" :
-            \ coc#refresh()
-
-      inoremap <expr> <cr> pumvisible() ? "\<C-y>" : "\<C-g>u\<CR>"
-      inoremap <silent><expr> <c-space> coc#refresh()
-
-      " various aliases
-      nnoremap <c-p> :Lf<CR>
-      nnoremap <leader>r :source $MYVIMRC<CR>
-      command! -nargs=0 Sw w !doas tee % > /dev/null
-
-      " disable read-only warning
-      au BufEnter * set noro
-
-      " disable empty line tildes
-      set fcs=eob:\ 
-
-      let g:coc_global_extensions = ['coc-tsserver', 'coc-rust-analyzer', 'coc-flutter']
-    '';
-  };
-  xdg.configFile."nvim/coc-settings.json".text = builtins.toJSON {
-    "rust-analyzer.lens.enable" = false;
-    "rust-analyzer.inlayHints.enable" = false;
-    "rust-analyzer.serverPath" = pkgs.rust-analyzer + "/bin/rust-analyzer";
-  };
-}
diff --git a/users/rin/packages.nix b/users/rin/packages.nix
new file mode 100644
index 0000000..3fe0129
--- /dev/null
+++ b/users/rin/packages.nix
@@ -0,0 +1,70 @@
+{ config, inputs, pkgs, ... }:
+let
+  dotnet-combined = (with pkgs.dotnetCorePackages; combinePackages [
+      dotnet_10.sdk
+      aspnetcore_10_0-bin
+  ]);
+in {
+  programs.firefox = {
+    enable = true;
+    nativeMessagingHosts = [];
+  };
+
+  home.packages = with pkgs; [
+    dconf
+    ffmpeg
+    gnupg
+    kitty
+    nodejs_latest
+    pamixer
+    pnpm
+    unrar
+    yt-dlp
+  ] ++ lib.optionals (config.me.environment == "desktop") [
+    krita
+    lutris
+    mangohud
+    inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin
+    qmk
+    tetrio-desktop
+    tor-browser
+    virt-manager
+    winetricks
+  ] ++ lib.optionals config.me.gui [
+    android-studio
+    brightnessctl
+    drawio
+    evince
+    eww
+    feh
+    feishin
+    file-roller
+    gamescope
+    gimp3
+    grim
+    lm_sensors
+    maim
+    me.psensor
+    obsidian
+    pavucontrol
+    (prismlauncher.override {
+      jdks = [
+        jdk21
+        temurin-bin-25
+      ];
+    })
+    qbittorrent
+    rivalcfg
+    screenkey
+    slurp
+    swaybg
+    texliveFull
+    transmission-remote-gtk
+    vesktop
+    zathura
+    zenity
+
+    (vscode.fhsWithPackages (_: [ dotnet-combined ]))
+    dotnet-combined
+  ];
+}
diff --git a/users/rin/picom.nix b/users/rin/picom.nix
deleted file mode 100644
index 7cf8349..0000000
--- a/users/rin/picom.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{ config, ... }: {
-  services.picom = {
-    enable = true;
-    experimentalBackends = true;
-
-    blur = true;
-    blurExclude = [
-      (builtins.concatStringsSep " && " [
-        "class_g != 'Alacritty'"
-        #"class_g != 'Polybar'"
-        "class_g != 'URxvt'"
-      ])
-    ];
-    fade = true;
-    fadeDelta = 5;
-    fadeSteps = [ "0.05" "0.05" ];
-
-    opacityRule = [
-      "80:class_g = 'Alacritty' && !focused"
-    ];
-    vSync = true;
-
-    extraOptions = ''
-      glx-no-stencil = true;
-      glx-copy-from-front = false;
-      glx-no-rebind-pixmap = true;
-      use-damage = true;
-
-      blur-method = "dual_kawase";
-      blur-strength = 15;
-
-      detect-transient = true;
-      detect-client-leader = true;
-      detect-client-opacity = true;
-      detect-rounded-corners = true;
-      use-ewmh-active-win = true;
-      mark-wmwin-focused = true;
-      mark-ovredir-focused = true;
-    '';
-  };
-}
diff --git a/users/rin/polybar.bspwm.nix b/users/rin/polybar.bspwm.nix
deleted file mode 100644
index 27fe0cb..0000000
--- a/users/rin/polybar.bspwm.nix
+++ /dev/null
@@ -1,96 +0,0 @@
-{ config, ... }: {
-  services.polybar = {
-    enable = true;
-    script = builtins.readFile ./scripts/polybar.sh;
-    settings = {
-      "bar/top" = {
-        monitor = "eDP-1";
-        width = "100%";
-        height = 35;
-        #background = "#64506c";
-        background = "#00000000";
-        foreground = "#fff";
-
-        spacing = 2;
-        padding = {
-          left = 5;
-          right = 5;
-          bottom = 5;
-        };
-        override-redirect = true;
-
-        font = [
-          "NotoSans:style=Regular:size=11:antialias=true;2"
-          "NotoSans:size=11:antialias=true;2"
-          "MaterialIcons:size=17:antialias=true;6"
-
-          "HanaMinA:size=9.8;1"
-          "HanaMinB:size=9.8;1"
-        ];
-
-        modules = {
-          left = "workspaces";
-          center = "title";
-          right = "datetime";
-        };
-
-        enable-ipc = true;
-        scroll = {
-          up = "#workspaces.prev";
-          down = "#workspaces.next";
-        };
-      };
-
-      "module/workspaces" = {
-        type = "internal/bspwm";
-
-        pin-workspaces = true;
-        enable-click = true;
-        enable-scroll = false;
-        reverse-scroll = false;
-
-        #ws-icon.default = "%{T3}"; # ef4a
-        label = {
-          monitor = "";
-          focused = "%{T3}"; # ef4a
-          occupied = {
-            text = "%{T3}"; # e837
-            foreground = "#80FFFFFF";
-          };
-          empty = {
-            text = "%{T3}"; # ef4a
-            foreground = "#80FFFFFF";
-          };
-          urgent = {
-            text = "%{T3}"; # e837
-            foreground = "#EE1012";
-          };
-
-          separator = {
-            text = " ";
-            padding = "0";
-          };
-        };
-      };
-
-      "module/title" = {
-        type = "internal/xwindow";
-        format = {
-          text = "%{T1}<label>";
-          padding = 4;
-        };
-      };
-
-      "module/datetime" = {
-        type = "internal/date";
-        date = {
-          text = "%{T2}%%{F#fff}%H:%M%%{F-}";
-          alt = "%{T2}%%{F#ccc}%A, %d %B %Y  %%{F#fff}%H:%M%%{F#666}:%%{F#ccc}%S%%{F-}";
-        };
-        format = {
-          padding = 4;
-        };
-      };
-    };
-  };
-}
diff --git a/users/rin/polybar.i3.nix b/users/rin/polybar.i3.nix
deleted file mode 100644
index 215db94..0000000
--- a/users/rin/polybar.i3.nix
+++ /dev/null
@@ -1,291 +0,0 @@
-{ config, ... }:
-let
-  memoryBar = {
-    width = 20;
-    foreground = [
-      "#aaff77"
-      "#aaff77"
-      "#fba922"
-      "#ff5555"
-    ];
-    indicator = {
-      text = "|";
-      font = 6;
-      foreground = "#fff";
-    };
-    fill = {
-      text = "─";
-      font = 6;
-    };
-    empty = {
-      text = "─";
-      font = 6;
-      foreground = "#444444";
-    };
-  };
-  formatRampCoreload = text: color: {
-    inherit text;
-    font = 2;
-    foreground = color;
-  };
-in {
-  services.polybar = {
-    enable = true;
-    script = builtins.readFile ./scripts/polybar.sh;
-    settings = rec {
-      _base = {
-        monitor = "eDP-1";
-        width = "100%";
-        height = 22;
-        background = "#00";
-        foreground = "#fff";
-        line = {
-          color = "#00";
-          size = 1;
-        };
-
-        enable-ipc = true;
-      };
-
-      "bar/top" = _base // {
-        spacing = 2;
-        padding = {
-          right = 5;
-          bottom = 5;
-          left = 5;
-        };
-
-        font = [
-          "NotoSans-Regular:size=8.2;2"
-          "MaterialIcons:size=10;1"
-          "FontAwesome:size=10;3"
-          "NotoSans-Regular:size=10;2"
-          "MaterialIcons:size=12;4"
-          "FontAwesome5Brands:style=Solid:pixelsize=10;1"
-          "HanaMinA:size=9.8;1"
-          "HanaMinB:size=9.8;1"
-        ];
-
-        # enable-ipc = true;
-        modules = {
-          # left = "previous playpause next spotify";
-          left = "title";
-          right = "datetime";
-        };
-      };
-
-      "bar/bottom" = _base // {
-        bottom = true;
-
-        spacing = 3;
-        padding = {
-          top = 5;
-          right = 5;
-        };
-        module.margin = {
-          left = 2;
-          right = 2;
-        };
-
-        font = [
-          "NotoSans-Regular:size=8.2;1"
-          "unifont:size=6;1"
-          "FontAwesome:size=10;1"
-          "NotoSans-Regular:size=10;1"
-          "MaterialIcons:size=12;4"
-          "FontAwesome5Brands:style=Solid:pixelsize=10;1"
-        ];
-
-        modules = {
-          left = "i3";
-          right = "fs cpu memory swap wifi";
-        };
-
-        tray = {
-          position = "right";
-          padding = 2;
-          scale = 1.1;
-        };
-      };
-
-      "module/i3" = {
-        type = "internal/i3";
-
-        format = "<label-state> <label-mode>";
-        strip.wsnumbers = true;
-        wrapping.scroll = false;
-
-        ws.icon = {
-          text = [
-            "1:code;"
-            "2:web;"
-            "3:discord;%{T6}"
-            "4:game;"
-            "8:steam;"
-            "9:spotify;"
-            "10:term;"
-          ];
-          default = "";
-        };
-
-        label = {
-          mode = {
-            text = "%mode%";
-            padding = 5;
-          };
-
-          dimmed.underline = _base.background;
-
-          focused = {
-            text = "%icon%";
-            foreground = "#fff";
-            background = "#773f3f3f";
-            underline = "#c9665e";
-            font = 4;
-            padding = 4;
-          };
-
-          unfocused = {
-            text = "%icon%";
-            foreground = "#fff";
-            background = "#00";
-            underline = "#00";
-            font = 4;
-            padding = 4;
-          };
-
-          visible = {
-            text = "%index%";
-            underline = "#555555";
-            padding = 4;
-          };
-
-          urgent = {
-            text = "%icon%";
-            foreground = "#00";
-            background = "#bd2c40";
-            underline = "#9b0a20";
-            font = 4;
-            padding = 4;
-          };
-        };
-      };
-
-      "module/cpu" = {
-        type = "internal/cpu";
-        interval = 0.5;
-        label = "CPU %percentage%%";
-        format = {
-          text = "<label> <ramp-coreload>";
-          underline = "#00f5ff";
-        };
-
-        ramp.coreload = [
-          ( formatRampCoreload "▁" "#aaff77" )
-          ( formatRampCoreload "▂" "#aaff77" )
-          ( formatRampCoreload "▃" "#aaff77" )
-          ( formatRampCoreload "▄" "#aaff77" )
-          ( formatRampCoreload "▅" "#fba922" )
-          ( formatRampCoreload "▆" "#fba922" )
-          ( formatRampCoreload "▇" "#ff5555" )
-          ( formatRampCoreload "█" "#ff5555" )
-        ];
-      };
-
-      "module/datetime" = {
-        type = "internal/date";
-        date = {
-          text = "%{T1}%%{F#ccc}%A, %d %B %Y  %{T4}%%{F#fff}%H:%M%%{F#666}:%%{F#ccc}%S%%{F-}";
-          alt = "%{T1}%%{F#ccc}%Y-%m-%d%%{F-}  %{T4}%%{F#fff}%H:%M%%{F-}";
-        };
-        format = {
-          overline = "#fff";
-          background = _base.background;
-          padding = 4;
-        };
-      };
-
-      "module/fs" = {
-        type = "internal/fs";
-        format.mounted = {
-          text = "<label-mounted>";
-          underline = "#ffea61";
-        };
-        label.mounted = "%mountpoint% %free%";
-        mount = [
-          "/home"
-          "/mnt/hdd"
-        ];
-        fixed-values = true;
-      };
-
-      "module/memory" = {
-        type = "internal/memory";
-        format = {
-          text = "<label> <bar-used>";
-          underline = "#aaff77";
-        };
-        label = "RAM %gb_used%";
-
-        bar.used = memoryBar;
-      };
-
-      "module/swap" = {
-        type = "internal/memory";
-        format = {
-          text = "<label> <bar-swap-used>";
-          underline = "#fba922";
-        };
-        label = "SWAP %gb_swap_used%";
-
-        bar.swap.used = memoryBar;
-      };
-
-      "module/title" = {
-        type = "internal/xwindow";
-        format = {
-          text = "%{T4}<label>";
-          overline = "#fff";
-          padding = 6;
-        };
-      };
-
-      "module/wifi" = {
-        type = "internal/network";
-        interface = "wlp3s0";
-        interval = 3;
-        ping.interval = 30;
-
-        format = {
-          connected = "<ramp-signal>";
-          packetloss = "<animation-packetloss>";
-        };
-        label.disconnected = {
-          text = "   not connected";
-          foreground = "#66";
-        };
-
-        ramp.signal = [
-          ""
-          ""
-          ""
-          ""
-          ""
-        ];
-        animation.packetloss = {
-          text = [
-            {
-              text = "";
-              foreground = "#ffa64c";
-            }
-            {
-              text = "";
-              foreground = _base.foreground;
-            }
-          ];
-          framerate = 500;
-        };
-      };
-    };
-  };
-}
diff --git a/users/rin/rofi.nix b/users/rin/rofi.nix
deleted file mode 100644
index 6ec88d0..0000000
--- a/users/rin/rofi.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ config, ... }: {
-  programs.rofi = {
-    font = "Open Sans 10";
-    scrollbar = false;
-    #theme = builtins.fetchUrl {};
-  };
-}
diff --git a/users/rin/scripts/polybar.sh b/users/rin/scripts/polybar.sh
deleted file mode 100755
index 3a4d46d..0000000
--- a/users/rin/scripts/polybar.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-
-polybar top    >>/tmp/bar-top.log 2>&1 &
-polybar bottom >>/tmp/bar-bottom.log 2>&1 &
diff --git a/users/rin/scripts/xinitrc b/users/rin/scripts/xinitrc
deleted file mode 100755
index 44caff4..0000000
--- a/users/rin/scripts/xinitrc
+++ /dev/null
@@ -1,11 +0,0 @@
-if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
-    eval $(dbus-launch --exit-with-session --sh-syntax)
-fi
-systemctl --user import-environment DISPLAY XAUTHORITY
-
-if command -v dbus-update-activation-environment > /dev/null 2>&1; then
-    dbus-update-activation-environment DISPLAY XAUTHORITY
-fi
-
-xrdb ${XDG_CONFIG_HOME}/xorg/xresources
-exec ${XDG_CONFIG_HOME}/xorg/xsession
diff --git a/users/rin/sxhkd.nix b/users/rin/sxhkd.nix
deleted file mode 100644
index e96d8b4..0000000
--- a/users/rin/sxhkd.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{ config, pkgs, ... }:
-let
-  super = "Mod4";
-  alt = "Mod1";
-
-in rec {
-  services.sxhkd = {
-    enable = true;
-    keybindings = {
-      # Rofi (App launcher)
-      "super + Return" = "rofi -lines 12 -padding 18 -width 60 -location 0 -show drun -sidebar-mode -columns 3 -font 'Noto Sans 8'";
-
-      # Printscreen
-      "Print" = "maim -us | tee ~/Pictures/Screenshots/$(date +%s)c.png | xclip -selection clipboard -t image/png";
-      "shift + Print" = "maim -u | tee ~/Pictures/Screenshots/$(date +%s).png | xclip -selection clipboard -t image/png";
-
-      # Quick-kill picom
-      "super + p" = "systemctl --user stop picom";
-      "super + shift + p" = "systemctl --user restart picom";
-
-      # Volume
-      "XF86Audio{RaiseVolume,LowerVolume,Mute}" = "pamixer -{i 5,d 5,t}";
-
-      # Brightness
-      "XF86MonBrightness{Up,Down}" = "light -{A,U} 10";
-      "shift + XF86MonBrightness{Up,Down}" = "light -{A,U} 1";
-
-      # Gamma
-      "ctrl + XF86MonBrightness{Up,Down}" = "xgamma -gamma {1.3,1}";
-
-      # Kill focused window
-      "super + {_,shift + }c" = "bspc node -{c,k}";
-
-      # Change focus
-      "super + {h,j,k,l}" = "bspc node -f {west,south,north,east}";
-      "super + {Left,Down,Up,Right}" = "bspc node -f {west,south,north,east}";
-
-      # Move focused window
-      "super + shift + {1-9,0}" = "bspc node -d ^{1-9,10}";
-
-      # Toggle tiled/fullscreen/floating
-      "super + {t,f,space}" = "bspc node -t '~{tiled,fullscreen,floating}'";
-
-      # Exit / Restart bspwm
-      "super + shift + {q,r}" = "bspc {quit,wm -r}";
-
-      # Restart sxhkd
-      "super + shift + s" = "pkill -USR1 -x sxhkd";
-
-      # Workspace switching
-      "super + {1-9,0}" = "bspc desktop -f ^{1-9,10}";
-    };
-  };
-}
diff --git a/users/rin/theming.nix b/users/rin/theming.nix
deleted file mode 100644
index adeaeac..0000000
--- a/users/rin/theming.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ config, pkgs, ... }: {
-  gtk = {
-    enable = true;
-    gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
-    font = {
-      package = pkgs.open-sans;
-      name = "Open Sans";
-      size = 11;
-    };
-    iconTheme = {
-      package = pkgs.yaru-theme;
-      name = "Yaru";
-    };
-    theme = {
-      name = "Materia-dark";
-      package = pkgs.materia-theme;
-    };
-  };
-
-  xsession.pointerCursor = {
-    package = pkgs.yaru-theme;
-    name = "Yaru";
-    size = 16;
-  };
-}
diff --git a/users/rin/urxvt.nix b/users/rin/urxvt.nix
deleted file mode 100644
index 6d057ed..0000000
--- a/users/rin/urxvt.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ config, ... }: {
-  programs.urxvt = {
-    enable = true;
-    fonts = [ "xft:Cascadia Code:size=12.4" ];
-    scroll.bar.enable = false;
-    extraConfig = {
-      background = "[65]#000000";
-      depth = 32;
-
-      cursorBlink = true;
-      letterSpace = 0;
-      lineSpace = 0;
-      saveline = 4096;
-      urlLauncher = "firefox";
-      underlineURLs = true;
-      urlButton = 1;
-
-      perl-ext = "";
-      perl-ext-common = "";
-    };
-  };
-}
-
diff --git a/users/rin/xorg.nix b/users/rin/xorg.nix
deleted file mode 100644
index 958934f..0000000
--- a/users/rin/xorg.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-{ config, ... }: {
-
-  xsession = {
-    enable = true;
-    profilePath = ".config/xorg/xprofile";
-    scriptPath = ".config/xorg/xsession";
-  };
-
-  xdg.configFile."xorg/xinitrc".source = ./scripts/xinitrc;
-  xdg.configFile."xorg/wallpaper.png".source = ../../res/wallpaper.png;
-  xresources = {
-    path = "${config.xdg.configHome}/xorg/xresources";
-    properties = {
-      # special
-      "*.foreground" =  "#c5c8c6";
-      "*.background" =  "#1d1f21";
-      "*.cursorColor" = "#c5c8c6";
-
-      # black
-      "*.color0" =      "#1d1f21";
-      "*.color8" =      "#969896";
-
-      # red
-      "*.color1" =      "#cc342b";
-      "*.color9" =      "#cc342b";
-
-      # green
-      "*.color2" =      "#198844";
-      "*.color10" =     "#198844";
-
-      # yellow
-      "*.color3" =      "#fba922";
-      "*.color11" =     "#fba922";
-
-      # blue
-      "*.color4" =      "#3971ed";
-      "*.color12" =     "#3971ed";
-
-      # magenta
-      "*.color5" =      "#a36ac7";
-      "*.color13" =     "#a36ac7";
-
-      # cyan
-      "*.color6" =      "#3971ed";
-      "*.color14" =     "#3971ed";
-
-      # white
-      "*.color7" =      "#c5c8c6";
-      "*.color15" =     "#ffffff";
-    };
-  };
-}