diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml
index 06bed3e..2a4d902 100644
--- a/.github/workflows/cachix.yml
+++ b/.github/workflows/cachix.yml
@@ -5,6 +5,27 @@ on:
   workflow_dispatch:
 
 jobs:
+  check:
+    name: Check flake
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Unlock secrets
+        uses: sliteteam/github-action-git-crypt-unlock@1.2.0
+        env:
+          GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }}
+      - uses: cachix/install-nix-action@v31
+      - uses: cachix/cachix-action@v16
+        with:
+          name: lava
+          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+      - run: |
+            cd /
+            cd -
+      - run: nix flake check --keep-going --verbose
+
   build:
     name: Build linux-lava for x86_64-linux
     runs-on: ubuntu-latest
diff --git a/containers/amethyst/configuration.nix b/containers/amethyst/configuration.nix
deleted file mode 100644
index b9d496d..0000000
--- a/containers/amethyst/configuration.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ lib, pkgs, ... }: {
-  system.stateVersion = "23.11";
-  systemd.tmpfiles.rules = [
-    "d /persist/transmission 755 transmission transmission"
-    "d /persist/transmission/.config/transmission-daemon 750 transmission transmission"
-    "d /persist/transmission/.incomplete 750 transmission transmission"
-    "d /persist/transmission/Downloads 755 transmission transmission"
-    "d /persist/transmission/watchdir 755 transmission transmission"
-  ];
-  networking.wg-quick.interfaces.wg0 = {
-    configFile = "/persist/vpn.conf";
-    preUp = ''
-          # Try to access the DNS for up to 300s
-          for i in {1..60}; do
-            ${pkgs.iputils}/bin/ping -c1 'google.com' && break
-            echo "Attempt $i: DNS still not available"
-            sleep 5s
-          done
-    '';
-  };
-
-  # https://github.com/NixOS/nixpkgs/issues/258793
-  systemd.services.transmission.serviceConfig = {
-    BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ];
-    RootDirectoryStartOnly = lib.mkForce false;
-    RootDirectory = lib.mkForce "";
-    PrivateMounts = lib.mkForce false;
-    PrivateUsers = lib.mkForce false;
-  };
-
-  networking.firewall.allowedTCPPorts = [ 9091 ];
-  services.transmission = {
-    enable = true;
-    package = pkgs.transmission_4;
-    downloadDirPermissions = "775";
-    openFirewall = true;
-    home = "/persist/transmission";
-    settings = {
-      ratio-limit-enabled = true;
-      rpc-bind-address = "0.0.0.0";
-      rpc-enabled = true;
-      rpc-port = 9091;
-      rpc-host-whitelist-enabled = false;
-      rpc-whitelist-enabled = false;
-    };
-  };
-}
diff --git a/containers/amethyst/flake.lock b/containers/amethyst/flake.lock
deleted file mode 100644
index 88ab73f..0000000
--- a/containers/amethyst/flake.lock
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-  "nodes": {
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1773282481,
-        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "nixpkgs": "nixpkgs"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}
diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix
deleted file mode 100644
index 739c3e5..0000000
--- a/containers/amethyst/flake.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{
-  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-  };
-  outputs = { nixpkgs, ... }: {
-    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
-      modules = [ ./configuration.nix ];
-    };
-    nixosModule = { ... }:
-    let
-      name = "amethyst";
-      fqdn = "amethyst.lava.moe";
-      subnet = "1";
-    in {
-      networking.nat = {
-        enable = true;
-        enableIPv6 = true;
-        internalInterfaces = [ "ve-${name}" ];
-      };
-
-      services.nginx.virtualHosts."${fqdn}" = {
-        useACMEHost = "lava.moe";
-        forceSSL = true;
-        #locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091";
-        locations."/".proxyPass = "http://10.30.${subnet}.2:9091";
-        listenAddresses = [ "10.0.0.1" "[fd0d::1]" ];
-      };
-
-      systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
-      containers.${name} = {
-        autoStart = true;
-        privateNetwork = true;
-        hostAddress = "10.30.${subnet}.1";
-        localAddress = "10.30.${subnet}.2";
-        hostAddress6 = "fd0d:1::${subnet}:1";
-        localAddress6 = "fd0d:1::${subnet}:2";
-        # privateUsers = "pick";
-        nixpkgs = nixpkgs;
-        ephemeral = true;
-        config = { imports = [ ./configuration.nix ]; };
-
-        bindMounts."persist" = {
-          hostPath = "/persist/containers/${name}";
-          mountPoint = "/persist";
-          isReadOnly = false;
-        };
-        # flake = "path:" + ./.;
-      };
-    };
-  };
-}
diff --git a/containers/beryllium/configuration.nix b/containers/beryllium/configuration.nix
deleted file mode 100644
index 6629a31..0000000
--- a/containers/beryllium/configuration.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ ... }: {
-  system.stateVersion = "25.11";
-  fileSystems."/var/lib/private" = {
-    device = "/persist";
-    fsType = "none";
-    options = [ "bind" ];
-  };
-  networking.firewall.allowedTCPPorts = [ 6167 ];
-  networking.firewall.allowedUDPPorts = [ 6167 ];
-  # TODO: this should be generically set
-  networking.useHostResolvConf = false;
-  networking.nameservers = [ "8.8.8.8" ];
-
-  services.matrix-continuwuity = {
-    enable = true;
-    settings.global = {
-      # TODO: link this with outer container's address
-      address = [ "10.30.2.2" ];
-      server_name = "lava.moe";
-      rocksdb_recovery_mode = 2;
-    };
-  };
-}
diff --git a/containers/beryllium/flake.lock b/containers/beryllium/flake.lock
deleted file mode 100644
index 88ab73f..0000000
--- a/containers/beryllium/flake.lock
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-  "nodes": {
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1773282481,
-        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "nixpkgs": "nixpkgs"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}
diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix
deleted file mode 100644
index 5805401..0000000
--- a/containers/beryllium/flake.nix
+++ /dev/null
@@ -1,69 +0,0 @@
-{
-  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-  };
-  outputs = { nixpkgs, ... }: {
-    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
-      modules = [ ./configuration.nix ];
-    };
-    nixosModule = { ... }:
-    let
-      name = "beryllium";
-      fqdn = "beryllium.lava.moe";
-      subnet = "2";
-    in {
-      networking.nat = {
-        enable = true;
-        enableIPv6 = true;
-        internalInterfaces = [ "ve-${name}" ];
-      };
-
-      services.nginx.virtualHosts."${fqdn}" = {
-        useACMEHost = "lava.moe";
-        forceSSL = true;
-        locations."/".extraConfig = "return 302 'https://lava.moe';";
-        locations."/_matrix".proxyPass = "http://10.30.${subnet}.2:6167";
-        locations."/_conduwuit".proxyPass = "http://10.30.${subnet}.2:6167";
-        locations."/_continuwuity".proxyPass = "http://10.30.${subnet}.2:6167";
-      };
-
-      services.nginx.virtualHosts."lava.moe" = {
-        locations."= /.well-known/matrix/server".extraConfig =
-          let
-            server = { "m.server" = "${fqdn}:443"; };
-          in ''
-            add_header Content-Type application/json;
-            return 200 '${builtins.toJSON server}';
-          '';
-        locations."= /.well-known/matrix/client".extraConfig =
-          let
-            client = {
-              "m.homeserver" = { "base_url" = "https://${fqdn}"; };
-              # "m.identity_server" = { "base_url" = "https://vector.im"; };
-            };
-          in ''
-            add_header Content-Type application/json;
-            add_header Access-Control-Allow-Origin *;
-            return 200 '${builtins.toJSON client}';
-          '';
-      };
-
-      systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
-      containers.${name} = {
-        autoStart = true;
-        privateNetwork = true;
-        hostAddress = "10.30.${subnet}.1";
-        localAddress = "10.30.${subnet}.2";
-        nixpkgs = nixpkgs;
-        ephemeral = true;
-        config = { imports = [ ./configuration.nix ]; };
-
-        bindMounts."persist" = {
-          hostPath = "/persist/containers/${name}";
-          mountPoint = "/persist";
-          isReadOnly = false;
-        };
-      };
-    };
-  };
-}
diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix
deleted file mode 100644
index 0f4242a..0000000
--- a/containers/citrine/configuration.nix
+++ /dev/null
@@ -1,53 +0,0 @@
-{ config, fqdn, lib, ... }: {
-  system.stateVersion = "25.11";
-  networking.firewall.allowedTCPPorts = [ 22 3000 ];
-  networking.firewall.allowedUDPPorts = [ 22 3000 ];
-
-  systemd.tmpfiles.rules = [
-    "L+ /persist/forgejo/custom/templates - - - - ${./templates}"
-  ];
-
-  services.forgejo = {
-    enable = true;
-    lfs.enable = true;
-    settings = {
-      DEFAULT.APP_NAME = "cilly's botanical laboratory";
-      server = {
-        DOMAIN = fqdn;
-        ROOT_URL = "https://${fqdn}/";
-        HTTP_PORT = 3000;
-        START_SSH_SERVER = true;
-        BUILTIN_SSH_SERVER_USER = "git";
-        SSH_DOMAIN = "git.lava.moe";
-        SSH_SERVER_KEY_EXCHANGES = "mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256";
-      };
-      ui = lib.mkForce {
-        DEFAULT_THEME = "catppuccin-maroon-auto";
-        THEMES = lib.strings.concatMapStringsSep "," (x: "${x}-auto") [
-          "catppuccin-pink"
-          "catppuccin-maroon"
-          "catppuccin-flamingo"
-          "catppuccin-rosewater"
-          "forgejo"
-          "gitea"
-        ];
-      };
-      api.ENABLE_SWAGGER = false;
-      other.SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
-      repository.ENABLE_PUSH_CREATE_USER = true;
-      repository.ENABLE_PUSH_CREATE_ORG = true;
-      service.DISABLE_REGISTRATION = true;
-    };
-    stateDir = "/persist/forgejo";
-  };
-
-  systemd.services.forgejo.serviceConfig = {
-    AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
-    CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
-    PrivateUsers = lib.mkForce false;
-  };
-
-  catppuccin.forgejo.enable = true;
-
-  environment.systemPackages = [ config.services.forgejo.package ];
-}
diff --git a/containers/citrine/flake.lock b/containers/citrine/flake.lock
deleted file mode 100644
index d627614..0000000
--- a/containers/citrine/flake.lock
+++ /dev/null
@@ -1,62 +0,0 @@
-{
-  "nodes": {
-    "catppuccin": {
-      "inputs": {
-        "nixpkgs": "nixpkgs"
-      },
-      "locked": {
-        "lastModified": 1773403535,
-        "narHash": "sha256-47MZaFrHxNO8tVUAmtVnerXUw2WWVluBOiU9MulN/yM=",
-        "owner": "catppuccin",
-        "repo": "nix",
-        "rev": "d45b5665cc638bad1b794350de02f4dd41b0bb47",
-        "type": "github"
-      },
-      "original": {
-        "owner": "catppuccin",
-        "repo": "nix",
-        "type": "github"
-      }
-    },
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1773122722,
-        "narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1773282481,
-        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "catppuccin": "catppuccin",
-        "nixpkgs": "nixpkgs_2"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}
diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix
deleted file mode 100644
index c2a81b7..0000000
--- a/containers/citrine/flake.nix
+++ /dev/null
@@ -1,68 +0,0 @@
-{
-  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-    catppuccin.url = "github:catppuccin/nix";
-  };
-  outputs = { nixpkgs, catppuccin, ... }:
-  let
-    name = "citrine";
-    fqdn = "lab.lava.moe";
-    subnetId = "3";
-
-    subnet = x: "fd0d:1::${subnetId}:${toString x}";
-    host = subnet 1;
-    client = subnet 2;
-
-    subnet4 = x: "10.30.${subnetId}.${toString x}";
-    host4 = subnet4 1;
-    client4 = subnet4 2;
-
-    modules = [
-      ./configuration.nix
-      catppuccin.nixosModules.catppuccin
-      {
-        networking.useHostResolvConf = false;
-        networking.nameservers = [ host ];
-      }
-    ];
-  in {
-    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
-      inherit modules;
-    };
-    nixosModule = { ... }: {
-      networking.nat = {
-        enable = true;
-        enableIPv6 = true;
-        internalInterfaces = [ "ve-${name}" ];
-      };
-
-      services.nginx.virtualHosts."${fqdn}" = {
-        useACMEHost = "lava.moe";
-        forceSSL = true;
-        locations."/".proxyPass = "http://[${client}]:3000";
-      };
-
-      systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
-      containers.${name} = {
-        autoStart = true;
-        privateNetwork = true;
-        hostAddress = host4;
-        localAddress = client4;
-        hostAddress6 = host;
-        localAddress6 = client;
-        # privateUsers = "pick";
-        nixpkgs = nixpkgs;
-        ephemeral = true;
-        config = { imports = modules; };
-        specialArgs = { inherit fqdn; };
-
-        bindMounts."persist" = {
-          hostPath = "/persist/containers/${name}";
-          mountPoint = "/persist";
-          isReadOnly = false;
-        };
-        # flake = "path:" + ./.;
-      };
-    };
-  };
-}
diff --git a/containers/citrine/templates/base/footer_content.tmpl b/containers/citrine/templates/base/footer_content.tmpl
deleted file mode 100644
index a9238c3..0000000
--- a/containers/citrine/templates/base/footer_content.tmpl
+++ /dev/null
@@ -1,31 +0,0 @@
-<footer class="page-footer" role="group" aria-label="{{ctx.Locale.Tr "aria.footer"}}">
-    <div class="left-links" role="contentinfo" aria-label="{{ctx.Locale.Tr "aria.footer.software"}}">
-        {{if ShowFooterPoweredBy}}
-            <a target="_blank" rel="noopener noreferrer" href="https://forgejo.org">Forgejo</a>
-        {{end}}
-        {{if (or .ShowFooterVersion .PageIsAdmin)}}
-            {{if .IsAdmin}}
-                <a href="{{AppSubUrl}}/admin/config">{{AppVerNoMetadata}}</a>
-            {{else}}
-                {{AppVerNoMetadata}}
-            {{end}}
-        {{end}}
-        {{if and .TemplateLoadTimes ShowFooterTemplateLoadTime}}
-            {{ctx.Locale.Tr "page"}}: <strong>{{LoadTimes .PageStartTime}}</strong>
-            {{ctx.Locale.Tr "template"}}{{if .TemplateName}} {{.TemplateName}}{{end}}: <strong>{{call .TemplateLoadTimes}}</strong>
-        {{end}}
-    </div>
-    <div class="right-links" role="group" aria-label="{{ctx.Locale.Tr "aria.footer.links"}}">
-        <div class="ui dropdown upward language">
-            <span class="flex-text-inline">{{svg "octicon-globe" 14}} {{ctx.Locale.LangName}}</span>
-            <div class="menu language-menu">
-                {{range .AllLangs}}
-                    <a lang="{{.Lang}}" data-url="{{AppSubUrl}}/?lang={{.Lang}}" class="item {{if eq ctx.Locale.Lang .Lang}}active selected{{end}}">{{.Name}}</a>
-                {{end}}
-            </div>
-        </div>
-        <a href="{{AssetUrlPrefix}}/licenses.txt">{{ctx.Locale.Tr "licenses"}}</a>
-        {{if .EnableSwagger}}<a href="{{AppSubUrl}}/api/swagger">API</a>{{end}}
-        {{template "custom/extra_links_footer" .}}
-    </div>
-</footer>
diff --git a/containers/citrine/templates/home.tmpl b/containers/citrine/templates/home.tmpl
deleted file mode 100644
index d460caf..0000000
--- a/containers/citrine/templates/home.tmpl
+++ /dev/null
@@ -1,19 +0,0 @@
-{{template "base/head" .}}
-{{if not .IsSigned}}
-    <script>window.location.href = "/explore/repos";</script>
-{{end}}
-<div role="main" aria-label="{{if .IsSigned}}{{ctx.Locale.Tr "dashboard"}}{{else}}{{ctx.Locale.Tr "home"}}{{end}}" class="page-content home">
-    <div class="tw-mb-8 tw-px-8">
-        <div class="center">
-            <img class="logo" width="220" height="220" src="{{AssetUrlPrefix}}/img/logo.svg" alt="{{ctx.Locale.Tr "logo"}}">
-            <div class="hero">
-                <h1 class="ui icon header title">
-                    {{AppDisplayName}}
-                </h1>
-                <h2>{{ctx.Locale.Tr "startpage.app_desc"}}</h2>
-            </div>
-        </div>
-    </div>
-    {{template "home_forgejo" .}}
-</div>
-{{template "base/footer" .}}
diff --git a/containers/diamond/configuration.nix b/containers/diamond/configuration.nix
deleted file mode 100644
index 01b4311..0000000
--- a/containers/diamond/configuration.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ fqdn, ... }: {
-  system.stateVersion = "25.11";
-  systemd.tmpfiles.rules = [
-    "d /persist/vaultwarden 755 vaultwarden vaultwarden"
-  ];
-  fileSystems."/var/lib/vaultwarden" = {
-    device = "/persist/vaultwarden";
-    fsType = "none";
-    options = [ "bind" ];
-  };
-  networking.firewall.allowedTCPPorts = [ 8000 ];
-  networking.firewall.allowedUDPPorts = [ 8000 ];
-
-  services.vaultwarden = {
-    enable = true;
-    domain = fqdn;
-    config = {
-      DOMAIN = "https://${fqdn}";
-      ROCKET_ADDRESS = "::";
-    };
-  };
-}
diff --git a/containers/diamond/flake.lock b/containers/diamond/flake.lock
deleted file mode 100644
index 88ab73f..0000000
--- a/containers/diamond/flake.lock
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-  "nodes": {
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1773282481,
-        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "nixpkgs": "nixpkgs"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}
diff --git a/containers/diamond/flake.nix b/containers/diamond/flake.nix
deleted file mode 100644
index 71ab4fd..0000000
--- a/containers/diamond/flake.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{
-  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-  };
-  outputs = { nixpkgs, ... }:
-  let
-    name = "diamond";
-    fqdn = "astransia.lava.moe";
-    subnetId = "4";
-
-    subnet = x: "fd0d:1::${subnetId}:${toString x}";
-    host = subnet 1;
-    client = subnet 2;
-
-    modules = [
-      ./configuration.nix
-    ];
-  in {
-    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
-      inherit modules;
-    };
-    nixosModule = { ... }: {
-      services.nginx.virtualHosts."${fqdn}" = {
-        useACMEHost = "lava.moe";
-        forceSSL = true;
-        locations."/".proxyPass = "http://[${client}]:8000";
-        listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ];
-      };
-
-      systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
-      containers.${name} = {
-        autoStart = true;
-        privateNetwork = true;
-        hostAddress6 = host;
-        localAddress6 = client;
-        # privateUsers = "pick";
-        nixpkgs = nixpkgs;
-        ephemeral = true;
-        config = { imports = modules; };
-        specialArgs = { inherit fqdn; };
-
-        bindMounts."persist" = {
-          hostPath = "/persist/containers/${name}";
-          mountPoint = "/persist";
-          isReadOnly = false;
-        };
-        # flake = "path:" + ./.;
-      };
-    };
-  };
-}
diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix
deleted file mode 100644
index 421ddb0..0000000
--- a/containers/emerald/configuration.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ fqdn, shareFqdn, ... }: {
-  system.stateVersion = "25.11";
-  systemd.tmpfiles.rules = [
-    "d /persist/navidrome 755 navidrome navidrome"
-  ];
-  networking.firewall.allowedTCPPorts = [ 4533 ];
-  networking.firewall.allowedUDPPorts = [ 4533 ];
-
-  services.navidrome = {
-    enable = true;
-    environmentFile = "/binds/navidrome_env";
-    settings = {
-      Port = 4533;
-      Address = "[::]";
-      BaseUrl = "https://${fqdn}/";
-      ShareURL = "https://${shareFqdn}";
-      EnableSharing = true;
-      DataFolder = "/persist/navidrome";
-      MusicFolder = "/binds/music/main";
-    };
-  };
-  systemd.services.navidrome.serviceConfig.BindReadOnlyPaths = ["/binds/music"];
-}
diff --git a/containers/emerald/flake.lock b/containers/emerald/flake.lock
deleted file mode 100644
index 88ab73f..0000000
--- a/containers/emerald/flake.lock
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-  "nodes": {
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1773282481,
-        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "nixpkgs": "nixpkgs"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}
diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix
deleted file mode 100644
index 5ee69e4..0000000
--- a/containers/emerald/flake.nix
+++ /dev/null
@@ -1,78 +0,0 @@
-{
-  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-  };
-  outputs = { nixpkgs, ... }:
-  let
-    name = "emerald";
-    fqdn = "navia.lava.moe";
-    shareFqdn = "muse.lava.moe";
-    subnetId = "5";
-
-    subnet = x: "fd0d:2::${subnetId}:${toString x}";
-    host = subnet 1;
-    client = subnet 2;
-
-    subnet4 = x: "10.32.${subnetId}.${toString x}";
-    host4 = subnet4 1;
-    client4 = subnet4 2;
-
-    modules = [
-      ./configuration.nix
-      {
-        networking.useHostResolvConf = false;
-        networking.nameservers = [ host ];
-      }
-    ];
-  in {
-    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
-      inherit modules;
-    };
-    nixosModule = { config, ... }: {
-      networking.nat = {
-        enable = true;
-        enableIPv6 = true;
-        internalInterfaces = [ "ve-${name}" ];
-      };
-
-      services.nginx.virtualHosts."${fqdn}" = {
-        useACMEHost = "lava.moe";
-        forceSSL = true;
-        locations."/".proxyPass = "http://[${client}]:4533";
-        listenAddresses = [ "100.67.2.1" ];
-      };
-
-      systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
-      containers.${name} = {
-        autoStart = true;
-        privateNetwork = true;
-        hostAddress = host4;
-        localAddress = client4;
-        hostAddress6 = host;
-        localAddress6 = client;
-        # privateUsers = "pick";
-        nixpkgs = nixpkgs;
-        ephemeral = true;
-        config = { imports = modules; };
-        specialArgs = { inherit fqdn shareFqdn; };
-
-        bindMounts."persist" = {
-          hostPath = "/persist/containers/${name}";
-          mountPoint = "/persist";
-          isReadOnly = false;
-        };
-        bindMounts."music" = {
-          hostPath = "/flower/media/music";
-          mountPoint = "/binds/music";
-          isReadOnly = true;
-        };
-        bindMounts."navidrome_env" = {
-          hostPath = config.age.secrets.navidrome_env.path;
-          mountPoint = "/binds/navidrome_env";
-          isReadOnly = true;
-        };
-        # flake = "path:" + ./.;
-      };
-    };
-  };
-}
diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix
deleted file mode 100644
index 9fcb5f5..0000000
--- a/containers/fluorite/configuration.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ ... }: {
-  system.stateVersion = "25.11";
-  systemd.tmpfiles.rules = [
-    "d /persist/slskd/Downloads 755 slskd slskd"
-  ];
-  fileSystems."/var/lib/slskd" = {
-    device = "/persist/slskd";
-    fsType = "none";
-    options = [ "bind" ];
-  };
-  networking.firewall.allowedTCPPorts = [ 5030 50300 ];
-  networking.firewall.allowedUDPPorts = [ 5030 50300 ];
-
-  services.slskd = {
-    enable = true;
-    domain = null;
-    environmentFile = "/binds/slskd_env";
-    settings = {
-      shares.directories = [ "/binds/music/" ];
-    };
-  };
-}
diff --git a/containers/fluorite/flake.lock b/containers/fluorite/flake.lock
deleted file mode 100644
index 88ab73f..0000000
--- a/containers/fluorite/flake.lock
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-  "nodes": {
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1773282481,
-        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "nixpkgs": "nixpkgs"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}
diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix
deleted file mode 100644
index 33fcdb1..0000000
--- a/containers/fluorite/flake.nix
+++ /dev/null
@@ -1,89 +0,0 @@
-{
-  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-  };
-  outputs = { nixpkgs, ... }:
-  let
-    name = "fluorite";
-    fqdn = "fluorite.lava.moe";
-    subnetId = "6";
-
-    subnet = x: "fd0d:1::${subnetId}:${toString x}";
-    host = subnet 1;
-    client = subnet 2;
-
-    subnet4 = x: "10.30.${subnetId}.${toString x}";
-    host4 = subnet4 1;
-    client4 = subnet4 2;
-
-    modules = [
-      ./configuration.nix
-      {
-        networking.useHostResolvConf = false;
-        networking.nameservers = [ host ];
-      }
-    ];
-  in {
-    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
-      inherit modules;
-    };
-    nixosModule = { config, ... }: {
-      networking.nat = {
-        enable = true;
-        enableIPv6 = true;
-        internalInterfaces = [ "ve-${name}" ];
-      };
-      networking.firewall.allowedTCPPorts = [ 50300 ];
-
-      services.nginx.virtualHosts."${fqdn}" = {
-        useACMEHost = "lava.moe";
-        forceSSL = true;
-        locations."/".proxyPass = "http://[${client}]:5030";
-        listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ];
-      };
-
-      systemd.tmpfiles.rules = [
-        "d /persist/containers/${name} 755 root users"
-        "d /persist/media/music 075 nobody users"
-      ];
-      containers.${name} = {
-        autoStart = true;
-        privateNetwork = true;
-        hostAddress = host4;
-        localAddress = client4;
-        hostAddress6 = host;
-        localAddress6 = client;
-        # privateUsers = "pick";
-        nixpkgs = nixpkgs;
-        ephemeral = true;
-        config = { imports = modules; };
-        specialArgs = { inherit fqdn; };
-
-        forwardPorts = [
-          {
-            containerPort = 50300;
-            hostPort = 50300;
-            protocol = "tcp";
-          }
-        ];
-
-        bindMounts."persist" = {
-          hostPath = "/persist/containers/${name}";
-          mountPoint = "/persist";
-          isReadOnly = false;
-        };
-        bindMounts."music" = {
-          hostPath = "/persist/media/music";
-          mountPoint = "/binds/music";
-          isReadOnly = true;
-        };
-        bindMounts."slskd_env" = {
-          hostPath = config.age.secrets.slskd_env.path;
-          mountPoint = "/binds/slskd_env";
-          isReadOnly = true;
-        };
-        # flake = "path:" + ./.;
-      };
-    };
-  };
-}
diff --git a/containers/garnet/configuration.nix b/containers/garnet/configuration.nix
deleted file mode 100644
index 21400c5..0000000
--- a/containers/garnet/configuration.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{ ... }: {
-  system.stateVersion = "25.11";
-  fileSystems."/var/lib/opencloud" = {
-    device = "/flower/data";
-    fsType = "none";
-    options = [ "bind" ];
-  };
-  fileSystems."/etc/opencloud" = {
-    device = "/persist/cfg";
-    fsType = "none";
-    options = [ "bind" ];
-  };
-  # TODO: hardcoded address
-  networking.extraHosts = ''
-    100.67.2.1 cloud.lava.moe
-  '';
-
-  networking.firewall.allowedTCPPorts = [ 9200 ];
-  networking.firewall.allowedUDPPorts = [ 9200 ];
-
-  environment.etc."opencloud-admin-pass".text = ''
-    IDM_ADMIN_PASSWORD=supersillysecure
-  '';
-  services.opencloud = {
-    enable = true;
-    url = "https://cloud.lava.moe";
-    address = "10.30.7.2";
-    port = 9200;
-    environment = {
-      PROXY_TLS = "false";
-      IDP_ACCESS_TOKEN_EXPIRATION = "2592000";
-      IDP_ID_TOKEN_EXPIRATION = "2592000";
-    };
-    environmentFile = "/etc/opencloud-admin-pass";
-  };
-}
diff --git a/containers/garnet/flake.lock b/containers/garnet/flake.lock
deleted file mode 100644
index 4070242..0000000
--- a/containers/garnet/flake.lock
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-  "nodes": {
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1779560665,
-        "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "nixpkgs": "nixpkgs"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}
diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix
deleted file mode 100644
index df835a4..0000000
--- a/containers/garnet/flake.nix
+++ /dev/null
@@ -1,84 +0,0 @@
-{
-  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-  };
-  outputs = { nixpkgs, ... }:
-  let
-    name = "garnet";
-    fqdn = "cloud.lava.moe";
-    subnetId = "7";
-
-    subnet = x: "fd0d:1::${subnetId}:${toString x}";
-    host = subnet 1;
-    client = subnet 2;
-
-    subnet4 = x: "10.30.${subnetId}.${toString x}";
-    host4 = subnet4 1;
-    client4 = subnet4 2;
-
-    modules = [
-      ./configuration.nix
-      {
-        networking.useHostResolvConf = false;
-        networking.nameservers = [ host ];
-      }
-    ];
-  in {
-    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
-      inherit modules;
-    };
-    nixosModule = { config, ... }: {
-      networking.nat = {
-        enable = true;
-        enableIPv6 = true;
-        internalInterfaces = [ "ve-${name}" ];
-      };
-
-      services.nginx.virtualHosts."${fqdn}" = {
-        useACMEHost = "lava.moe";
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://${client4}:9200";
-          proxyWebsockets = true;
-        };
-        extraConfig = ''
-          proxy_read_timeout 3600s;
-          proxy_send_timeout 3600s;
-          keepalive_requests 100000;
-          keepalive_timeout 5m;
-          http2_max_concurrent_streams 512;
-        '';
-        # TODO: hardcoded address
-        listenAddresses = [ "100.67.2.1" ];
-      };
-
-      systemd.tmpfiles.rules = [
-        "d /persist/containers/${name} 755 root users"
-      ];
-      containers.${name} = {
-        autoStart = true;
-        privateNetwork = true;
-        hostAddress = host4;
-        localAddress = client4;
-        hostAddress6 = host;
-        localAddress6 = client;
-        # privateUsers = "pick";
-        nixpkgs = nixpkgs;
-        ephemeral = true;
-        config = { imports = modules; };
-        specialArgs = { inherit fqdn; };
-
-        bindMounts."persist" = {
-          hostPath = "/persist/containers/${name}";
-          mountPoint = "/persist";
-          isReadOnly = false;
-        };
-        bindMounts."content" = {
-          hostPath = "/flower/opencloud";
-          mountPoint = "/flower";
-          isReadOnly = false;
-        };
-      };
-    };
-  };
-}
diff --git a/flake.lock b/flake.lock
index 2578a7e..6d5f2e3 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1779903856,
-        "narHash": "sha256-uRShMtD6xW3ZKZbCQ6sDzKWEnbBXUg3IGfOARYogKhg=",
+        "lastModified": 1771170334,
+        "narHash": "sha256-tCgoCWORfNHaRXTh2QS44LwxlV8q28jVvjN5ioMicv8=",
         "owner": "ezKEa",
         "repo": "aagl-gtk-on-nix",
-        "rev": "50671fc7f29d686f63ef34b603320d44ad7f2d29",
+        "rev": "821b4f92c2c0981ea5b571b03403df87d2b2e2ae",
         "type": "github"
       },
       "original": {
@@ -43,131 +43,41 @@
         "type": "github"
       }
     },
-    "c-amethyst": {
-      "inputs": {
-        "nixpkgs": "nixpkgs_2"
-      },
-      "locked": {
-        "path": "./containers/amethyst",
-        "type": "path"
-      },
-      "original": {
-        "path": "./containers/amethyst",
-        "type": "path"
-      },
-      "parent": []
-    },
-    "c-beryllium": {
-      "inputs": {
-        "nixpkgs": "nixpkgs_3"
-      },
-      "locked": {
-        "path": "./containers/beryllium",
-        "type": "path"
-      },
-      "original": {
-        "path": "./containers/beryllium",
-        "type": "path"
-      },
-      "parent": []
-    },
-    "c-citrine": {
-      "inputs": {
-        "catppuccin": "catppuccin",
-        "nixpkgs": "nixpkgs_5"
-      },
-      "locked": {
-        "path": "./containers/citrine",
-        "type": "path"
-      },
-      "original": {
-        "path": "./containers/citrine",
-        "type": "path"
-      },
-      "parent": []
-    },
-    "c-diamond": {
-      "inputs": {
-        "nixpkgs": "nixpkgs_6"
-      },
-      "locked": {
-        "path": "./containers/diamond",
-        "type": "path"
-      },
-      "original": {
-        "path": "./containers/diamond",
-        "type": "path"
-      },
-      "parent": []
-    },
-    "c-emerald": {
-      "inputs": {
-        "nixpkgs": "nixpkgs_7"
-      },
-      "locked": {
-        "path": "./containers/emerald",
-        "type": "path"
-      },
-      "original": {
-        "path": "./containers/emerald",
-        "type": "path"
-      },
-      "parent": []
-    },
-    "c-fluorite": {
-      "inputs": {
-        "nixpkgs": "nixpkgs_8"
-      },
-      "locked": {
-        "path": "./containers/fluorite",
-        "type": "path"
-      },
-      "original": {
-        "path": "./containers/fluorite",
-        "type": "path"
-      },
-      "parent": []
-    },
-    "c-garnet": {
-      "inputs": {
-        "nixpkgs": "nixpkgs_9"
-      },
-      "locked": {
-        "path": "./containers/garnet",
-        "type": "path"
-      },
-      "original": {
-        "path": "./containers/garnet",
-        "type": "path"
-      },
-      "parent": []
-    },
     "catppuccin": {
       "inputs": {
-        "nixpkgs": "nixpkgs_4"
+        "catppuccin-v1_1": "catppuccin-v1_1",
+        "catppuccin-v1_2": "catppuccin-v1_2",
+        "home-manager": "home-manager_2",
+        "home-manager-stable": "home-manager-stable",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable",
+        "nuscht-search": "nuscht-search"
       },
       "locked": {
-        "lastModified": 1773403535,
-        "narHash": "sha256-47MZaFrHxNO8tVUAmtVnerXUw2WWVluBOiU9MulN/yM=",
+        "lastModified": 1736069220,
+        "narHash": "sha256-76MaB3COao55nlhWmSmq9PKgu2iGIs54C1cAE0E5J6Y=",
         "owner": "catppuccin",
         "repo": "nix",
-        "rev": "d45b5665cc638bad1b794350de02f4dd41b0bb47",
+        "rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e",
         "type": "github"
       },
       "original": {
         "owner": "catppuccin",
         "repo": "nix",
+        "rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e",
         "type": "github"
       }
     },
     "catppuccin-palette": {
       "flake": false,
       "locked": {
-        "lastModified": 1774131488,
-        "narHash": "sha256-hsy+GhuM4MSjnwGq1YJSLBFIbVm67SSdPRgObP00mxw=",
+        "lastModified": 1742245182,
+        "narHash": "sha256-R52Q1FVAclvBk7xNgj/Jl+GPCIbORNf6YbJ1nxH3Gzs=",
         "owner": "catppuccin",
         "repo": "palette",
-        "rev": "07d02aa110ef9eb7e7427afca5c73ba9cf7f8ebd",
+        "rev": "0df7db6fe201b437d91e7288fa22807bb0e44701",
         "type": "github"
       },
       "original": {
@@ -204,33 +114,6 @@
         "url": "https://flakehub.com/f/catppuccin/nix/1.2.%2A.tar.gz"
       }
     },
-    "catppuccin_2": {
-      "inputs": {
-        "catppuccin-v1_1": "catppuccin-v1_1",
-        "catppuccin-v1_2": "catppuccin-v1_2",
-        "home-manager": "home-manager_2",
-        "home-manager-stable": "home-manager-stable",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "nixpkgs-stable": "nixpkgs-stable",
-        "nuscht-search": "nuscht-search"
-      },
-      "locked": {
-        "lastModified": 1736069220,
-        "narHash": "sha256-76MaB3COao55nlhWmSmq9PKgu2iGIs54C1cAE0E5J6Y=",
-        "owner": "catppuccin",
-        "repo": "nix",
-        "rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "catppuccin",
-        "repo": "nix",
-        "rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e",
-        "type": "github"
-      }
-    },
     "darwin": {
       "inputs": {
         "nixpkgs": [
@@ -285,22 +168,6 @@
         "type": "github"
       }
     },
-    "flake-compat_2": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1767039857,
-        "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
-        "owner": "NixOS",
-        "repo": "flake-compat",
-        "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": [
@@ -309,11 +176,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1778716662,
-        "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
+        "lastModified": 1769996383,
+        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
+        "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
         "type": "github"
       },
       "original": {
@@ -327,11 +194,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1778716662,
-        "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
+        "lastModified": 1769996383,
+        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
+        "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
         "type": "github"
       },
       "original": {
@@ -358,87 +225,6 @@
         "type": "github"
       }
     },
-    "flake-utils_2": {
-      "inputs": {
-        "systems": "systems_3"
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_3": {
-      "inputs": {
-        "systems": "systems_4"
-      },
-      "locked": {
-        "lastModified": 1701680307,
-        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "git-hooks": {
-      "inputs": {
-        "flake-compat": "flake-compat_2",
-        "gitignore": "gitignore",
-        "nixpkgs": [
-          "nix-gaming",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1778507602,
-        "narHash": "sha256-kTwur1wV+01SdqskVMSo6JMEpg71ps3HpbFY2GsflKs=",
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "rev": "61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "type": "github"
-      }
-    },
-    "gitignore": {
-      "inputs": {
-        "nixpkgs": [
-          "nix-gaming",
-          "git-hooks",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1709087332,
-        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "type": "github"
-      }
-    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -482,6 +268,27 @@
         "type": "github"
       }
     },
+    "home-manager-stable_2": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-stable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1763992789,
+        "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-25.05",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
     "home-manager_2": {
       "inputs": {
         "nixpkgs": [
@@ -510,11 +317,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1779969295,
-        "narHash": "sha256-HwIJ3tOcwSMiV75L7KqJXciXR9UfT+d7rwOZMX7cTnA=",
+        "lastModified": 1771683283,
+        "narHash": "sha256-WxAEkAbo8dP7qiyPM6VN4ZGAxfuBVlNBNPkrqkrXVEc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "61e2c9659324181e0f0ed911958c536333b1d4f6",
+        "rev": "c6ed3eab64d23520bcbb858aa53fe2b533725d4a",
         "type": "github"
       },
       "original": {
@@ -554,11 +361,11 @@
     "linux-tkg": {
       "flake": false,
       "locked": {
-        "lastModified": 1779857514,
-        "narHash": "sha256-dCrVB3cFvv1d/9wuEejYN131b1phyf6SDy1bcEvtWGo=",
+        "lastModified": 1771645433,
+        "narHash": "sha256-CX6hHS4VCUUYXmZ9CXTpgXrqAyYzv3+Z4N9Y6324hZU=",
         "owner": "Frogging-Family",
         "repo": "linux-tkg",
-        "rev": "c9196dea7ee464f7792f94cd39c32431ad9e25ab",
+        "rev": "d384a06b85d80f0232d7a1736b1473cb7e616771",
         "type": "github"
       },
       "original": {
@@ -576,11 +383,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1780013080,
-        "narHash": "sha256-m984DKbcIeNNuLYFjN3780rPEd55Xe9/cB4BNKkIDvg=",
+        "lastModified": 1771718719,
+        "narHash": "sha256-3l+XqvGhtEAgO/Bmj0BztZzt/B8/TaeXAueJLZnGWXg=",
         "owner": "nix-community",
         "repo": "neovim-nightly-overlay",
-        "rev": "c6cc238427db8f61b786a66d7e02cf7724b30226",
+        "rev": "9ea828da7d7a4f21beb909a541a2da790031059c",
         "type": "github"
       },
       "original": {
@@ -592,11 +399,11 @@
     "neovim-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1779979065,
-        "narHash": "sha256-3uF/oP2D4Jka3DU2G8qqml75UOzPRrK+FIp+jghOq0s=",
+        "lastModified": 1771717439,
+        "narHash": "sha256-sH9AWegmJXG6cDCW7FtbTAcdno8KODvh2FwHozeyDgk=",
         "owner": "neovim",
         "repo": "neovim",
-        "rev": "5d85669a33e10f1f156b086562458cbbc8054438",
+        "rev": "940d5c239b088fe0e994a220b4d524ddb44760e9",
         "type": "github"
       },
       "original": {
@@ -608,15 +415,14 @@
     "nix-gaming": {
       "inputs": {
         "flake-parts": "flake-parts_2",
-        "git-hooks": "git-hooks",
-        "nixpkgs": "nixpkgs_10"
+        "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1779768228,
-        "narHash": "sha256-/dRavNAx/Mp67xcQQ3JBIMyf0cLoXqKedafB1+wksAE=",
+        "lastModified": 1771727683,
+        "narHash": "sha256-CHSMJloptCbB/3nDrtWNmP3J9luGlMPulbfZ125UcFQ=",
         "owner": "fufexan",
         "repo": "nix-gaming",
-        "rev": "6e7a8414c0f547a86646eb0b56ebf89e7cc217a2",
+        "rev": "ad1418b31ecb40543d9317b285983339f4fec333",
         "type": "github"
       },
       "original": {
@@ -625,33 +431,13 @@
         "type": "github"
       }
     },
-    "nix-index-database": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1779604987,
-        "narHash": "sha256-ZQ5z+fVhxYKtIFwtqGp5O0PD84BM1riASvqDaN5Xs+s=",
-        "owner": "nix-community",
-        "repo": "nix-index-database",
-        "rev": "8fba98c80b48fa013820e0163c5096922fea4ddd",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nix-index-database",
-        "type": "github"
-      }
-    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1777268161,
-        "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
+        "lastModified": 1770841267,
+        "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
+        "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae",
         "type": "github"
       },
       "original": {
@@ -663,11 +449,11 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1777168982,
-        "narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=",
+        "lastModified": 1769909678,
+        "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14",
+        "rev": "72716169fe93074c333e8d0173151350670b824c",
         "type": "github"
       },
       "original": {
@@ -692,13 +478,29 @@
         "type": "github"
       }
     },
-    "nixpkgs_10": {
+    "nixpkgs-stable_2": {
       "locked": {
-        "lastModified": 1779536132,
-        "narHash": "sha256-q+fF42iv/geEbHfgSzy3tS0FF/EyD6XTZ98E6yxiBO8=",
+        "lastModified": 1768649915,
+        "narHash": "sha256-jc21hKogFnxU7KXSVTRmxC7u5D4RHwm9BAvDf5/Z1Uo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3d8f0f3f72a6cd4d93d0ad13203f2ea1cb7e1456",
+        "rev": "3e3f3c7f9977dc123c23ee21e8085ed63daf8c37",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1744536153,
+        "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11",
         "type": "github"
       },
       "original": {
@@ -708,157 +510,29 @@
         "type": "github"
       }
     },
-    "nixpkgs_11": {
-      "locked": {
-        "lastModified": 1779560665,
-        "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_12": {
-      "locked": {
-        "lastModified": 1770019141,
-        "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1773282481,
-        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1773282481,
-        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "lastModified": 1771207753,
+        "narHash": "sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "rev": "d1c15b7d5806069da59e819999d70e1cec0760bf",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-unstable",
+        "ref": "nixpkgs-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1773122722,
-        "narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=",
+        "lastModified": 1771369470,
+        "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_5": {
-      "locked": {
-        "lastModified": 1773282481,
-        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_6": {
-      "locked": {
-        "lastModified": 1773282481,
-        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_7": {
-      "locked": {
-        "lastModified": 1773282481,
-        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_8": {
-      "locked": {
-        "lastModified": 1773282481,
-        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_9": {
-      "locked": {
-        "lastModified": 1779560665,
-        "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
+        "rev": "0182a361324364ae3f436a63005877674cf45efb",
         "type": "github"
       },
       "original": {
@@ -894,11 +568,11 @@
     "nvim-treesitter": {
       "flake": false,
       "locked": {
-        "lastModified": 1775221900,
-        "narHash": "sha256-PQR6tFt4lCrAZNQG7BLMD1IiCKja9wDS1S4laGJf/HE=",
+        "lastModified": 1771657810,
+        "narHash": "sha256-Ipmzk/e7ubXFI1lBBJl6hU7scZ/w9BKc5JrgePSUl8U=",
         "owner": "nvim-treesitter",
         "repo": "nvim-treesitter",
-        "rev": "4916d6592ede8c07973490d9322f187e07dfefac",
+        "rev": "dc42c209f3820bdfaae0956f15de29689aa6b451",
         "type": "github"
       },
       "original": {
@@ -907,57 +581,14 @@
         "type": "github"
       }
     },
-    "pastel": {
-      "inputs": {
-        "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs_12",
-        "pnpm2nix": "pnpm2nix"
-      },
-      "locked": {
-        "lastModified": 1775622883,
-        "narHash": "sha256-2+7uCRXn+tn4LVaO7hLKPaezdKPW6HGvTr00aO4Tcxs=",
-        "owner": "cillynder",
-        "repo": "pastel",
-        "rev": "46f6569d5ad41ec1256dbf999d21701f73d6077b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cillynder",
-        "repo": "pastel",
-        "type": "github"
-      }
-    },
-    "pnpm2nix": {
-      "inputs": {
-        "flake-utils": "flake-utils_3",
-        "nixpkgs": [
-          "pastel",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1717937937,
-        "narHash": "sha256-bKoHjG5P15vCVpDndIXFfoJC65XhrBPQ9GWcXtXNuDA=",
-        "owner": "wrvsrx",
-        "repo": "pnpm2nix-nzbr",
-        "rev": "a2d285ad5718cb202f45e98a4f839a5b2608c4b1",
-        "type": "github"
-      },
-      "original": {
-        "owner": "wrvsrx",
-        "ref": "adapt-to-v9",
-        "repo": "pnpm2nix-nzbr",
-        "type": "github"
-      }
-    },
     "pure": {
       "flake": false,
       "locked": {
-        "lastModified": 1779255807,
-        "narHash": "sha256-UQ0hP3qJd4Qxiw1LXPdb9d0Dc4OSD3HJpgYzaCfujno=",
+        "lastModified": 1770811375,
+        "narHash": "sha256-Fhk4nlVPS09oh0coLsBnjrKncQGE6cUEynzDO2Skiq8=",
         "owner": "sindresorhus",
         "repo": "pure",
-        "rev": "cc0759a0de620f191510e2e2f9748194a605b54d",
+        "rev": "dbefd0dcafaa3ac7d7222ca50890d9d0c97f7ca2",
         "type": "github"
       },
       "original": {
@@ -970,24 +601,17 @@
       "inputs": {
         "aagl": "aagl",
         "agenix": "agenix",
-        "c-amethyst": "c-amethyst",
-        "c-beryllium": "c-beryllium",
-        "c-citrine": "c-citrine",
-        "c-diamond": "c-diamond",
-        "c-emerald": "c-emerald",
-        "c-fluorite": "c-fluorite",
-        "c-garnet": "c-garnet",
-        "catppuccin": "catppuccin_2",
+        "catppuccin": "catppuccin",
         "catppuccin-palette": "catppuccin-palette",
         "fast-syntax-highlighting": "fast-syntax-highlighting",
         "home-manager": "home-manager_3",
+        "home-manager-stable": "home-manager-stable_2",
         "linux-tkg": "linux-tkg",
         "neovim-nightly": "neovim-nightly",
         "nix-gaming": "nix-gaming",
-        "nix-index-database": "nix-index-database",
-        "nixpkgs": "nixpkgs_11",
+        "nixpkgs": "nixpkgs_4",
+        "nixpkgs-stable": "nixpkgs-stable_2",
         "nvim-treesitter": "nvim-treesitter",
-        "pastel": "pastel",
         "pure": "pure",
         "spicetify-nix": "spicetify-nix",
         "spotify-adblock": "spotify-adblock",
@@ -1001,17 +625,14 @@
     },
     "rust-overlay": {
       "inputs": {
-        "nixpkgs": [
-          "aagl",
-          "nixpkgs"
-        ]
+        "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1777605393,
-        "narHash": "sha256-Hjp0VOOHgHcTrX23iVvnfAudPcuCmfkfpQNFwv2v/ks=",
+        "lastModified": 1770952264,
+        "narHash": "sha256-CjymNrJZWBtpavyuTkfPVPaZkwzIzGaf0E/3WgcwM14=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "ff88db34cfa486fc4964a6991cab1678d82eee8c",
+        "rev": "ec6a3d5cdf14bb5a1dd03652bd3f6351004d2188",
         "type": "github"
       },
       "original": {
@@ -1025,14 +646,14 @@
         "nixpkgs": [
           "nixpkgs"
         ],
-        "systems": "systems_5"
+        "systems": "systems_3"
       },
       "locked": {
-        "lastModified": 1779824049,
-        "narHash": "sha256-dWHVUjP03KSVG1PaLKA6j9EdxWSxSQvipMUIcSyuA/U=",
+        "lastModified": 1771268051,
+        "narHash": "sha256-nGqPcngnezoT+/xAvw3UDjwdKP2MC4fO315A/Otb9eE=",
         "owner": "Gerg-L",
         "repo": "spicetify-nix",
-        "rev": "1362178e5f5f7a848c49fe9dee004ef8824f100a",
+        "rev": "b930de84c561f62a0c39a6a57c2ab553a97e8495",
         "type": "github"
       },
       "original": {
@@ -1044,11 +665,11 @@
     "spotify-adblock": {
       "flake": false,
       "locked": {
-        "lastModified": 1773417310,
+        "lastModified": 1739206126,
         "narHash": "sha256-nwiX2wCZBKRTNPhmrurWQWISQdxgomdNwcIKG2kSQsE=",
         "owner": "abba23",
         "repo": "spotify-adblock",
-        "rev": "813d3451c53126bf1941baaf8dd37f1152c3f412",
+        "rev": "8e0312d6085a6e4f9afeb7c2457517a75e8b8f9d",
         "type": "github"
       },
       "original": {
@@ -1060,11 +681,11 @@
     "stevenblack-hosts": {
       "flake": false,
       "locked": {
-        "lastModified": 1779976382,
-        "narHash": "sha256-wt5NGa4K8/vda669UYUmTUt+BR9X5fPnuTZFfQdpLYo=",
+        "lastModified": 1771512308,
+        "narHash": "sha256-59wQPekxVSVOo1lAbspt7qF7iKy+3Ps6QEPA92gnVUY=",
         "owner": "StevenBlack",
         "repo": "hosts",
-        "rev": "d3e838712512490260f051150e3573eeebecfadb",
+        "rev": "00bf53fd415f133fb7ffa6b5e6867d650ec56ad2",
         "type": "github"
       },
       "original": {
@@ -1118,36 +739,6 @@
         "type": "github"
       }
     },
-    "systems_4": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "systems_5": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
     "tree-sitter-jsonc": {
       "flake": false,
       "locked": {
@@ -1169,13 +760,13 @@
       "locked": {
         "lastModified": 1668017714,
         "narHash": "sha256-ywy/7xeT6FHkF7lcs+stW1WPV+piE8ztSwcQ161iico=",
-        "owner": "cillynder",
+        "owner": "LavaDesu",
         "repo": "lavadesu.github.io",
         "rev": "4e30c50be520a0a1bbecf408f056e6aaf135df67",
         "type": "github"
       },
       "original": {
-        "owner": "cillynder",
+        "owner": "LavaDesu",
         "ref": "master",
         "repo": "lavadesu.github.io",
         "type": "github"
@@ -1200,11 +791,11 @@
     "zsh-abbr": {
       "flake": false,
       "locked": {
-        "lastModified": 1773890443,
-        "narHash": "sha256-SVuwDeHIBg8yArKGzDEfsG3fz0UwABQoJkyKTQAPUiw=",
+        "lastModified": 1770748719,
+        "narHash": "sha256-RvdMEk1bQ/mCbcTneg8mMJJh6j60km0/wchBBQQ+Ugo=",
         "ref": "refs/heads/main",
-        "rev": "889f4772c12b9dbe4965bbd56f2572af0a28fa3b",
-        "revCount": 1139,
+        "rev": "2de4a08c5e0d9dbe8447e11e0a177b59b5b6d6ea",
+        "revCount": 1137,
         "submodules": true,
         "type": "git",
         "url": "https://github.com/olets/zsh-abbr"
diff --git a/flake.nix b/flake.nix
index 5cf3457..98a4505 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,6 +4,10 @@
     home-manager.url = "github:nix-community/home-manager";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
 
+    nixpkgs-stable.url = "github:NixOS/nixpkgs/release-25.05";
+    home-manager-stable.url = "github:nix-community/home-manager/release-25.05";
+    home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable";
+
     agenix.url = "github:ryantm/agenix";
     agenix.inputs.nixpkgs.follows = "nixpkgs";
     aagl.url = "github:ezKEa/aagl-gtk-on-nix";
@@ -14,15 +18,12 @@
     neovim-nightly.inputs.nixpkgs.follows = "nixpkgs";
 
     nix-gaming.url = "github:fufexan/nix-gaming";
-    nix-index-database.url = "github:nix-community/nix-index-database";
-    nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
     spicetify-nix.url = "github:Gerg-L/spicetify-nix";
     spicetify-nix.inputs.nixpkgs.follows = "nixpkgs";
 
     # services
-    pastel.url = "github:cillynder/pastel";
     stevenblack-hosts = { url = "github:StevenBlack/hosts"; flake = false; };
-    website = { url = "github:cillynder/lavadesu.github.io/master"; flake = false; };
+    website = { url = "github:LavaDesu/lavadesu.github.io/master"; flake = false; };
 
     # zsh plugins
     zsh-abbr = { url = "git+https://github.com/olets/zsh-abbr?submodules=1"; flake = false; };
@@ -36,18 +37,9 @@
     spotify-adblock = { url = "github:abba23/spotify-adblock"; flake = false; };
     tree-sitter-jsonc = { url = "gitlab:WhyNotHugo/tree-sitter-jsonc"; flake = false; };
     wine-discord-ipc-bridge = { url = "github:0e4ef622/wine-discord-ipc-bridge"; flake = false; };
-
-    # containers
-    c-amethyst.url = "path:./containers/amethyst";
-    c-beryllium.url = "path:./containers/beryllium";
-    c-citrine.url = "path:./containers/citrine";
-    c-diamond.url = "path:./containers/diamond";
-    c-emerald.url = "path:./containers/emerald";
-    c-fluorite.url = "path:./containers/fluorite";
-    c-garnet.url = "path:./containers/garnet";
   };
 
-  outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs:
+  outputs = { self, agenix, catppuccin, nixpkgs, nixpkgs-stable, ... } @ inputs:
     let
       overlays = (import ./overlays)
         ++ [(final: prev: {
@@ -81,9 +73,9 @@
         };
     in
     {
-      nixosConfigurations."alyssum" = mkSystem nixpkgs "alyssum" "x86_64-linux" [];
       nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" [];
-      nixosConfigurations."dandelion" = mkSystem nixpkgs "dandelion" "aarch64-linux" [];
+      nixosConfigurations."dandelion" = mkSystem nixpkgs-stable "dandelion" "aarch64-linux" [];
+      nixosConfigurations."hazel" = mkSystem nixpkgs-stable "hazel" "x86_64-linux" [];
       nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" [];
 
       packages."x86_64-linux" =
diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix
deleted file mode 100644
index 06c415f..0000000
--- a/hosts/alyssum/default.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ inputs, lib, modules, modulesPath, ... }: {
-  networking.hostName = "alyssum";
-  system.stateVersion = "25.11";
-  time.timeZone = "Australia/Melbourne";
-
-  age.secrets = {
-    acme_dns.file = ../../secrets/acme_dns.age;
-    passwd.file = ../../secrets/passwd.age;
-    navidrome_env.file = ../../secrets/navidrome_env.age;
-    wpa_conf = {
-      file = ../../secrets/wpa_conf.age;
-      path = "/etc/wpa_supplicant/imperative.conf";
-      symlink = false;
-    };
-  };
-
-  imports = with modules.system; [
-    (modulesPath + "/profiles/qemu-guest.nix")
-    home-manager
-
-    base
-    kernel
-    nix-stable
-    packages
-    security
-    tailscale
-
-    modules.services.nginx
-    modules.services.syncthing
-
-    inputs.c-emerald.nixosModule
-    inputs.c-garnet.nixosModule
-
-    ./filesystem.nix
-    ./kernel.nix
-    ./networking.nix
-    ./home.syncthing.nix
-    ./samba.nix
-
-    ../../users/hana
-  ];
-
-  me.environment = "headless";
-  services.syncthing.user = lib.mkForce "hana";
-}
diff --git a/hosts/alyssum/filesystem.nix b/hosts/alyssum/filesystem.nix
deleted file mode 100644
index bdea423..0000000
--- a/hosts/alyssum/filesystem.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ ... }:
-let
-  bind = src: {
-    depends = [ "/nix" ];
-    device = src;
-    fsType = "none";
-    neededForBoot = true;
-    options = [ "bind" ];
-  };
-
-  mkLabelMount = label: type: {
-    device = "/dev/disk/by-label/${label}";
-    fsType = type;
-    options = [ "defaults" "relatime" ];
-  };
-  mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" // {
-    options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ];
-  };
-  submount = mkBtrfsMount "alyssum";
-in {
-  fileSystems = {
-    "/" = {
-      device = "rootfs";
-      fsType = "tmpfs";
-      options = [ "defaults" "size=8G" "mode=755" ];
-    };
-    "/boot" = mkLabelMount "stem" "vfat";
-
-    "/flower" = mkBtrfsMount "myosotis" "/@" true;
-    "/nix" = submount "/@/nix" false;
-    "/persist" = (submount "/@/persist" true) // { neededForBoot = true; };
-    "/persist/.snapshots" = submount "/snap/persist" false;
-    "/var/log/journal" = bind "/persist/journal";
-  };
-}
diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix
deleted file mode 100644
index 8d5a1cc..0000000
--- a/hosts/alyssum/home.syncthing.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ config, lib, ... }:
-let
-  configOn = user: port: {
-    me.binds."/home/${user}/.config/syncthing" = "${user}/syncthing/config";
-    me.binds."/home/${user}/.local/state/syncthing" = "${user}/syncthing/state";
-
-    systemd.tmpfiles.rules = [ "d /flower/syncthing/${user} 700 ${user} users" ];
-
-    users.users.${user} = {
-      hashedPasswordFile = config.age.secrets.passwd.path;
-      isNormalUser = true;
-      linger = true;
-    };
-    home-manager.users.${user} = { ... }: {
-      home = {
-        username = "${user}";
-        homeDirectory = "/home/${user}";
-        stateVersion = "26.05";
-      };
-      services.syncthing = {
-        enable = true;
-        guiAddress = "[::]:${toString port}";
-        overrideDevices = false;
-        overrideFolders = false;
-        settings = {
-          options.listenAddresses = [
-            "tcp://0.0.0.0:2${toString port}"
-            "quic://0.0.0.0:2${toString port}"
-            "dynamic+https://relays.syncthing.net/endpoint"
-          ];
-          defaults.folder.path = "/flower/syncthing/${user}";
-        };
-      };
-    };
-  };
-in lib.mkMerge [
-  (configOn "kujira" 8385)
-  (configOn "cilly" 8386)
-]
diff --git a/hosts/alyssum/kernel.nix b/hosts/alyssum/kernel.nix
deleted file mode 100644
index 5e9b300..0000000
--- a/hosts/alyssum/kernel.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, lib, ... }: {
-  boot = {
-    loader = {
-      efi.canTouchEfiVariables = true;
-      systemd-boot.enable = true;
-    };
-    initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
-    initrd.kernelModules = [ ];
-    kernelModules = [ "kvm-amd" ];
-  };
-  hardware.cpu.amd.updateMicrocode = true;
-}
diff --git a/hosts/alyssum/networking.nix b/hosts/alyssum/networking.nix
deleted file mode 100644
index 281cbb6..0000000
--- a/hosts/alyssum/networking.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ config, ... }: {
-  networking = {
-    useDHCP = true;
-    wireless.enable = true;
-
-    interfaces.wlp1s0.useDHCP = false;
-    interfaces.wlp1s0.ipv4.addresses = [{
-      address = "192.168.1.167";
-      prefixLength = 24;
-    }];
-
-    defaultGateway = "192.168.1.1";
-    nameservers = [ "8.8.8.8" "8.8.4.4" ];
-  };
-}
diff --git a/hosts/alyssum/packages.nix b/hosts/alyssum/packages.nix
deleted file mode 100644
index 2d4bd30..0000000
--- a/hosts/alyssum/packages.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ pkgs, ... }: {
-  environment.systemPackages = with pkgs; [
-    git
-    htop
-    jq
-    neovim
-    rsync
-    sshfs
-    wget
-
-    kitty.terminfo
-  ];
-  environment.variables.EDITOR = "nvim";
-}
diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix
deleted file mode 100644
index d876981..0000000
--- a/hosts/alyssum/samba.nix
+++ /dev/null
@@ -1,84 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  configOn = user: let
-    passwd_fname = "passwd_smb${user}";
-  in {
-    age.secrets.${passwd_fname}.file = ../../secrets/${passwd_fname}.age;
-    me.binds."/flower/smb/${user}/music" = "/flower/media/music/${user}";
-    me.binds."/flower/smb/${user}/syncthing" = "/flower/syncthing/${user}";
-
-    users.users.${user} = {
-      hashedPasswordFile = config.age.secrets.passwd.path;
-      isNormalUser = true;
-    };
-
-    system.activationScripts = {
-      init_smbpasswd.text = let
-        smbpasswd = "${config.services.samba.package}/bin/smbpasswd";
-      in ''
-        printf "$(cat ${config.age.secrets.${passwd_fname}.path})\n$(cat ${config.age.secrets.${passwd_fname}.path})\n" | ${smbpasswd} -sa ${user}
-      '';
-    };
-    services.samba.settings."${user}" = {
-      "path" = "/flower/smb/${user}";
-      "browseable" = "yes";
-      "read only" = "no";
-      "guest ok" = "no";
-      "create mask" = "0644";
-      "directory mask" = "0755";
-      "force user" = user;
-      "force group" = "users";
-      "valid users" = user;
-    };
-  };
-in lib.mkMerge [
-  (configOn "cilly")
-  (configOn "kujira")
-  {
-    me.binds."/flower/smb/kujira/opencloud" = "/flower/opencloud/data/storage/users/users/a8e29fc0-673c-4c67-be00-2442904acb43";
-
-    networking.firewall.allowPing = true;
-
-    services.samba = {
-      enable = true;
-      package = pkgs.samba4Full;
-      openFirewall = true;
-      settings = {
-        global = {
-          "server smb encrypt" = "required";
-          "workgroup" = "WORKGROUP";
-          "server string" = "smbnix";
-          "netbios name" = "smbnix";
-          "security" = "user";
-          "hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost";
-          "hosts deny" = "0.0.0.0/0";
-          "guest account" = "nobody";
-          "map to guest" = "bad user";
-        };
-        "public" = {
-          "path" = "/flower/smb/public";
-          "browseable" = "yes";
-          "read only" = "no";
-          "guest ok" = "yes";
-          "create mask" = "0644";
-          "directory mask" = "0755";
-          "force user" = "hana";
-          "force group" = "users";
-        };
-      };
-    };
-
-    services.samba-wsdd = {
-      enable = true;
-      openFirewall = true;
-    };
-
-    services.avahi = {
-      enable = true;
-      openFirewall = true;
-      nssmdns4 = true;
-      publish.enable = true;
-      publish.userServices = true;
-    };
-  }
-]
diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix
index 841e909..dda36f5 100644
--- a/hosts/anemone/default.nix
+++ b/hosts/anemone/default.nix
@@ -17,7 +17,6 @@
     bluetooth
     ccache
     corectrl
-    docker
     flatpak
     greetd
     gui
@@ -28,7 +27,6 @@
     printing
     security
     snapper
-    tailscale
     wireguard
 
     ./filesystem.nix
@@ -55,6 +53,4 @@
 
   services.fprintd.enable = true;
   services.tlp.enable = true;
-
-  programs.kdeconnect.enable = true;
 }
diff --git a/hosts/anemone/networking.nix b/hosts/anemone/networking.nix
index f5a4dc5..8b6bdf9 100644
--- a/hosts/anemone/networking.nix
+++ b/hosts/anemone/networking.nix
@@ -1,4 +1,18 @@
 { config, ... }: {
-  networking.wireless.iwd.enable = true;
+  networking = {
+    #nameservers = [ "8.8.8.8" "8.8.4.4" ];
+
+    #wg-quick.interfaces.wg0.configFile = "/persist/vpn.conf";
+
+    networkmanager = {
+      enable = true;
+      #dns = "none";
+    };
+
+    extraHosts = ''
+      192.168.100.16 hyacinth
+    '';
+  };
+
   environment.etc."NetworkManager/system-connections".source = "/persist/nm_system-connections";
 }
diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix
index f65dfd1..b9f5e42 100644
--- a/hosts/dandelion/default.nix
+++ b/hosts/dandelion/default.nix
@@ -1,41 +1,33 @@
-{ inputs, modules, modulesPath, ... }: {
+{ modules, modulesPath, ... }: {
   networking.hostName = "dandelion";
   system.stateVersion = "23.11";
   time.timeZone = "Australia/Melbourne";
 
   age.secrets = {
     acme_dns.file = ../../secrets/acme_dns.age;
-    slskd_env.file = ../../secrets/slskd_env.age;
     wg_dandelion.file = ../../secrets/wg_dandelion.age;
   };
 
   imports = with modules.system; [
     (modulesPath + "/profiles/qemu-guest.nix")
-    home-manager
+    home-manager-stable
 
     base
     kernel
     nix-stable
     packages
     security
-    tailscale
     wireguard
 
-    modules.services.banksia
     modules.services.nginx
+    modules.services.postgres
     modules.services.unbound
     modules.services.website
 
-    inputs.c-amethyst.nixosModule
-    inputs.c-beryllium.nixosModule
-    inputs.c-citrine.nixosModule
-    inputs.c-diamond.nixosModule
-    inputs.c-fluorite.nixosModule
-
     ./filesystem.nix
     ./kernel.nix
     ./networking.nix
-    ./nginx.nix
+    ./transmission-container.nix
 
     ../../users/hana
   ];
diff --git a/hosts/dandelion/filesystem.nix b/hosts/dandelion/filesystem.nix
index 861bc15..4dd6a55 100644
--- a/hosts/dandelion/filesystem.nix
+++ b/hosts/dandelion/filesystem.nix
@@ -22,7 +22,7 @@ in {
     "/" = {
       device = "rootfs";
       fsType = "tmpfs";
-      options = [ "defaults" "size=6G" "mode=755" ];
+      options = [ "defaults" "size=12G" "mode=755" ];
     };
     "/boot" = mkLabelMount "UEFI" "vfat";
 
diff --git a/hosts/dandelion/networking.nix b/hosts/dandelion/networking.nix
index 322719e..ee27faf 100644
--- a/hosts/dandelion/networking.nix
+++ b/hosts/dandelion/networking.nix
@@ -1,4 +1,3 @@
 { ... }: {
   networking.useDHCP = true;
-  networking.interfaces.enp2s0.useDHCP = false;
 }
diff --git a/hosts/dandelion/nginx.nix b/hosts/dandelion/nginx.nix
deleted file mode 100644
index c29de38..0000000
--- a/hosts/dandelion/nginx.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ ... }: {
-  services.nginx.virtualHosts."muse.lava.moe" = {
-    useACMEHost = "lava.moe";
-    forceSSL = true;
-    locations."/".return = "404";
-    locations."/share/".proxyPass = "http://[fd0d:2::5:2]:4533";
-  };
-}
diff --git a/hosts/dandelion/transmission-container.nix b/hosts/dandelion/transmission-container.nix
new file mode 100644
index 0000000..e3ee5ae
--- /dev/null
+++ b/hosts/dandelion/transmission-container.nix
@@ -0,0 +1,68 @@
+{ lib, modules, pkgs, gcSecrets, ... }: {
+  networking.nat = {
+    enable = true;
+    internalInterfaces = [ "ve-+" ];
+    externalInterface = "enp0s6";
+  };
+
+  networking.firewall = {
+    extraCommands = ''
+        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -d 10.25.0.11 -p tcp -m tcp --dport 9091 -j MASQUERADE
+    '';
+    extraStopCommands = ''
+        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -d 10.25.0.11 -p tcp -m tcp --dport 9091 -j MASQUERADE || true
+    '';
+  };
+
+  services.nginx.virtualHosts."tr.dandelion.gw.lava.moe" = {
+    locations."/".proxyPass = "http://10.25.0.11:9091";
+  };
+
+  containers.transmission = {
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress = "10.25.0.10";
+    localAddress = "10.25.0.11";
+    bindMounts."vpn" = {
+      hostPath = "/persist/aus.conf";
+      mountPoint = "/vpn.conf";
+      isReadOnly = true;
+    };
+    bindMounts."transmission" = {
+      hostPath = "/persist/transmission";
+      mountPoint = "/persist/transmission";
+      isReadOnly = false;
+    };
+    config = {
+      system.stateVersion = "23.11";
+      networking.wg-quick.interfaces.wg0 = {
+        configFile = "/vpn.conf";
+        preUp = ''
+          # Try to access the DNS for up to 300s
+          for i in {1..60}; do
+            ${pkgs.iputils}/bin/ping -c1 'google.com' && break
+            echo "Attempt $i: DNS still not available"
+            sleep 5s
+          done
+        '';
+      };
+
+      networking.firewall.enable = false;
+      # https://github.com/NixOS/nixpkgs/issues/258793
+      systemd.services.transmission.serviceConfig = {
+          BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ];
+          RootDirectoryStartOnly = lib.mkForce false;
+          RootDirectory = lib.mkForce "";
+          PrivateMounts = lib.mkForce false;
+          PrivateUsers = lib.mkForce false;
+      };
+      imports = [ modules.services.transmission ];
+      services.transmission.settings = {
+        rpc-host-whitelist-enabled = false;
+        rpc-whitelist = lib.mkForce "10.100.0.*,10.0.0.*,10.25.0.*,192.168.100.*";
+        rpc-username = gcSecrets.transmission.username;
+        rpc-password = gcSecrets.transmission.password;
+      };
+    };
+  };
+}
diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix
new file mode 100644
index 0000000..cd568c3
--- /dev/null
+++ b/hosts/hazel/default.nix
@@ -0,0 +1,95 @@
+{ config, modules, pkgs, ... }:
+let
+  dirs = [
+    ["immich" "immich"]
+    ["nextcloud" "nextcloud"]
+    ["postgresql" "postgres"]
+    ["redis-immich" "redis-immich"]
+  ];
+
+  rules = builtins.map (d: "d /flower/${builtins.elemAt d 0} 750 ${builtins.elemAt d 1} ${builtins.elemAt d 1}") dirs;
+  mounts = builtins.listToAttrs (builtins.map (d: {
+    name = "/var/lib/${builtins.elemAt d 0}";
+    value = {
+      depends = [ "/flower" ];
+      device = "/flower/${builtins.elemAt d 0}";
+      fsType = "none";
+      options = [ "bind" ];
+    };
+  }) dirs);
+in
+{
+  networking.hostName = "hazel";
+  system.stateVersion = "24.11";
+  time.timeZone = "Australia/Melbourne";
+
+  age.secrets = {
+    acme_dns.file = ../../secrets/acme_dns.age;
+    wg_hazel.file = ../../secrets/wg_hazel.age;
+  };
+
+  imports = with modules.system; with modules.services; [
+    home-manager-stable
+
+    base
+    kernel
+    nix-stable
+    packages
+    security
+
+    nginx
+    unbound
+    wireguard
+
+    ./filesystem.nix
+    ./kernel.nix
+    ./networking.nix
+
+    ../../users/hana
+  ];
+
+  me.environment = "headless";
+
+  services.nextcloud = {
+    enable = true;
+    package = pkgs.nextcloud31;
+    hostName = "cloud.lava.moe";
+    database.createLocally = true;
+    config = {
+      dbtype = "pgsql";
+      adminpassFile = "/persist/nextcloud-admin-pass";
+    };
+    https = true;
+  };
+
+  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
+    forceSSL = true;
+    enableACME = true;
+  };
+
+  services.immich = {
+    enable = true;
+    port = 2283;
+  };
+
+  users.users.immich.extraGroups = [ "video" "render" ];
+  hardware.graphics.enable = true;
+  services.nginx.virtualHosts."photos.lava.moe" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://[::1]:${toString config.services.immich.port}";
+      proxyWebsockets = true;
+      recommendedProxySettings = true;
+      extraConfig = ''
+        client_max_body_size 50000M;
+        proxy_read_timeout   600s;
+        proxy_send_timeout   600s;
+        send_timeout         600s;
+      '';
+    };
+  };
+
+  systemd.tmpfiles.rules = rules;
+  fileSystems = mounts;
+}
diff --git a/hosts/hazel/filesystem.nix b/hosts/hazel/filesystem.nix
new file mode 100644
index 0000000..2a60898
--- /dev/null
+++ b/hosts/hazel/filesystem.nix
@@ -0,0 +1,53 @@
+{ ... }:
+let
+  mkLabelMount = label: type: options: {
+    device = "/dev/disk/by-label/${label}";
+    fsType = type;
+    options = [ "defaults" ] ++ options;
+  };
+  mkBtrfsMount = name: ext: subvol: atime: mkLabelMount name "btrfs"
+  ([
+    "autodefrag"
+    "compress=zstd:4"
+    "compress-force=zstd:4"
+    "defaults"
+    "nossd"
+    "space_cache=v2"
+    "subvol=${subvol}"
+    (if atime then "relatime" else "noatime")
+  ] ++ ext);
+
+  mkHazelMount = mkBtrfsMount "HAZEL" [];
+in
+{
+  boot.supportedFilesystems = [ "btrfs" ];
+  fileSystems = {
+    "/" = {
+      device = "rootfs";
+      fsType = "tmpfs";
+      options = [ "defaults" "mode=755" ];
+    };
+    "/boot" = mkLabelMount "ROOT" "vfat" [];
+
+    "/flower" = mkHazelMount "/current/flower" true;
+    "/persist" = mkHazelMount "/current/persist" true;
+    "/var" = mkHazelMount "/current/var" true;
+    "/nix" = mkHazelMount "/current/nix" false;
+
+    "/mnt" = mkHazelMount "/" true;
+  };
+
+  services.snapper.cleanupInterval = "1h";
+  services.snapper.configs.flower = {
+      FSTYPE = "btrfs";
+      SUBVOLUME = "/mnt/current/flower";
+      TIMELINE_CLEANUP = true;
+      TIMELINE_CREATE = true;
+      TIMELINE_MIN_AGE = "1800";
+      TIMELINE_LIMIT_HOURLY = "5";
+      TIMELINE_LIMIT_DAILY = "7";
+      TIMELINE_LIMIT_WEEKLY = "0";
+      TIMELINE_LIMIT_MONTHLY = "0";
+      TIMELINE_LIMIT_YEARLY = "0";
+    };
+}
diff --git a/hosts/hazel/fs-decrypt.nix b/hosts/hazel/fs-decrypt.nix
new file mode 100644
index 0000000..e69de29
diff --git a/hosts/hazel/kernel.nix b/hosts/hazel/kernel.nix
new file mode 100644
index 0000000..20be1ed
--- /dev/null
+++ b/hosts/hazel/kernel.nix
@@ -0,0 +1,10 @@
+{ ... }: {
+  boot = {
+    loader = {
+      efi.canTouchEfiVariables = true;
+      systemd-boot.enable = true;
+    };
+    initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+    kernelModules = [ "kvm-amd" ];
+  };
+}
diff --git a/hosts/hazel/networking.nix b/hosts/hazel/networking.nix
new file mode 100644
index 0000000..42656e4
--- /dev/null
+++ b/hosts/hazel/networking.nix
@@ -0,0 +1,15 @@
+{ gcSecrets, ... }: {
+  networking = {
+    useDHCP = true;
+    interfaces.enp8s0.ipv6.addresses = [
+      {
+        address = gcSecrets.hazel.ipv6Addr;
+        prefixLength = 64;
+      }
+    ];
+    defaultGateway6 = {
+      address = "fe80::1";
+      interface = "enp8s0";
+    };
+  };
+}
diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix
index a32d4bd..620798b 100644
--- a/hosts/hyacinth/default.nix
+++ b/hosts/hyacinth/default.nix
@@ -18,7 +18,6 @@
     bluetooth
     ccache
     corectrl
-    docker
     flatpak
     greetd
     gui
@@ -29,7 +28,6 @@
     printing
     security
     snapper
-    tailscale
     wireguard
 
     modules.services.syncthing
diff --git a/hosts/hyacinth/packages.nix b/hosts/hyacinth/packages.nix
index 69f9ba1..f4e4fe4 100644
--- a/hosts/hyacinth/packages.nix
+++ b/hosts/hyacinth/packages.nix
@@ -1,6 +1,5 @@
 { pkgs, ... }: {
   environment.systemPackages = with pkgs; [
-    discord
     jetbrains.idea
     texliveFull
   ];
diff --git a/modules/binds.nix b/modules/binds.nix
deleted file mode 100644
index c9ffe18..0000000
--- a/modules/binds.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, lib, ...}: {
-  imports = [ ./options.nix ];
-  fileSystems = lib.mapAttrs (dest: key: let
-    target = if (lib.strings.hasPrefix "/" key)
-      then key
-      else "/persist/binds/${key}";
-  in {
-    depends = [ "/persist" ];
-    device = target;
-    fsType = "none";
-    options = [ "bind" ];
-  }) config.me.binds;
-}
diff --git a/modules/default.nix b/modules/default.nix
index 6775c55..9a1898a 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -14,10 +14,8 @@ let
     }) paths
   );
 in {
-  binds = ./binds.nix;
   options = ./options.nix;
   services = mkAttrsFromPaths [
-    ./services/banksia.nix
     ./services/jellyfin.nix
     ./services/nginx.nix
     ./services/postgres.nix
@@ -37,11 +35,11 @@ in {
     ./system/bluetooth.nix
     ./system/ccache.nix
     ./system/corectrl.nix
-    ./system/docker.nix
     ./system/flatpak.nix
     ./system/greetd.nix
     ./system/gui.nix
     ./system/home-manager.nix
+    ./system/home-manager-stable.nix
     ./system/input.nix
     ./system/kernel.nix
     ./system/nix.nix
@@ -50,13 +48,11 @@ in {
     ./system/printing.nix
     ./system/security.nix
     ./system/snapper.nix
-    ./system/tailscale.nix
     ./system/virtualisation.nix
     ./system/wireguard.nix
   ];
   user = mkAttrsFromPaths [
     ./user/catppuccin.nix
-    ./user/comma.nix
     ./user/direnv.nix
     ./user/dunst.nix
     ./user/eww.nix
diff --git a/modules/options.nix b/modules/options.nix
index e861c12..b522127 100644
--- a/modules/options.nix
+++ b/modules/options.nix
@@ -44,10 +44,5 @@ in {
       type = types.bool;
       default = false;
     };
-
-    binds = lib.mkOption {
-      type = with lib.types; attrsOf str;
-      default = {};
-    };
   };
 }
diff --git a/modules/services/banksia.nix b/modules/services/banksia.nix
deleted file mode 100644
index 2ace618..0000000
--- a/modules/services/banksia.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-# TODO ^^
-{ ... }: {
-  services.nginx.virtualHosts = {
-    "banksia.lava.moe" = {
-      useACMEHost = "lava.moe";
-      forceSSL = true;
-      locations."/".return = "302 https://lab.lava.moe/cilly/Banksia";
-      locations."/api".proxyPass = "http://localhost:8080/";
-    };
-  };
-}
diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix
index a02b7e9..10a2d84 100644
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@@ -2,20 +2,17 @@
   networking.firewall.allowedTCPPorts = [ 80 443 ];
   security.acme = {
     acceptTerms = true;
-    defaults = {
-      email = "me@lava.moe";
-      group = "nginx";
-      dnsProvider = "cloudflare";
-      environmentFile = config.age.secrets."acme_dns".path;
-    };
+    defaults.email = "me@lava.moe";
     certs."lava.moe" = {
+      group = "nginx";
+      domain = "lava.moe";
       extraDomainNames = [
         "*.lava.moe"
         "*.local.lava.moe"
       ];
+      dnsProvider = "cloudflare";
+      credentialsFile = config.age.secrets."acme_dns".path;
     };
-    certs."cilly.moe" = {};
-    certs."cilly.dev" = {};
   };
 
   services.nginx = {
diff --git a/modules/services/postgres.nix b/modules/services/postgres.nix
index bbbeaa1..bffdcee 100644
--- a/modules/services/postgres.nix
+++ b/modules/services/postgres.nix
@@ -8,7 +8,6 @@ in {
   services.postgresql = {
     enable = true;
     dataDir = dir;
-    # TODO: broken :3
     package = pkgs.postgresql_13;
     authentication = lib.mkOverride 10 ''
       #type  database  DBuser  origin-address      auth-method
diff --git a/modules/services/syncthing.nix b/modules/services/syncthing.nix
index db32371..2316f9f 100644
--- a/modules/services/syncthing.nix
+++ b/modules/services/syncthing.nix
@@ -1,8 +1,7 @@
 { config, ... }:
 let
   dir = "/persist/shared/.syncthing";
-  user = if config.me.gui then "rin" else "hana";
-  uid = toString config.users.users."${user}".uid;
+  uid = toString config.users.users.rin.uid;
   gid = toString config.users.groups.users.gid;
 in
 {
@@ -14,10 +13,9 @@ in
   services.syncthing = {
     enable = true;
     openDefaultPorts = true;
-    user = user;
+    user = "rin";
     group = "users";
     dataDir = "/persist/shared/.syncthing/data";
     configDir = "/persist/shared/.syncthing/config";
-    guiAddress = if config.me.gui then "127.0.0.1:8384" else ":8384";
   };
 }
diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix
index 8aae0fd..e6ec4ad 100644
--- a/modules/services/unbound.nix
+++ b/modules/services/unbound.nix
@@ -7,10 +7,6 @@ let
     grep '^0\.0\.0\.0' "${inputs.stevenblack-hosts}/hosts" | awk '{print "local-zone: \""$2"\" always_refuse"}' | tail -n +2 >> "$out"
   '';
 in {
-  networking.firewall.interfaces."ve-+" = {
-    allowedUDPPorts = [ 53 853 ];
-    allowedTCPPorts = [ 53 853 ];
-  };
   networking.firewall.interfaces.wg0 = {
     allowedUDPPorts = [ 53 853 ];
     allowedTCPPorts = [ 53 853 ];
@@ -27,12 +23,8 @@ in {
         forward-addr = [
           "2606:4700:4700::1111@853#cloudflare-dns.com"
           "2606:4700:4700::1001@853#cloudflare-dns.com"
-          "2001:4860:4860::8888@853#dns.google"
-          "2001:4860:4860::8844@853#dns.google"
           "1.1.1.1@853#cloudflare-dns.com"
           "1.0.0.1@853#cloudflare-dns.com"
-          "8.8.8.8@853#dns.google"
-          "8.8.4.4@853#dns.google"
         ];
       }];
 
@@ -41,10 +33,8 @@ in {
         access-control = [
           "127.0.0.1/8      allow"
           "10.0.0.0/8       allow"
-          "100.64.0.0/10    allow"
           "192.168.100.0/24 allow"
-          "fd0d::/16        allow"
-          "fd7a:115c:a1e0::/48 allow"
+          "fd0d::/16 allow"
           "${gcSecrets.wireguard.ipv6Subnet}:/80 allow"
         ];
         domain-insecure = [ "\"local.lava.moe\"" ];
diff --git a/modules/services/website.nix b/modules/services/website.nix
index 3fba609..5e7a223 100644
--- a/modules/services/website.nix
+++ b/modules/services/website.nix
@@ -1,30 +1,11 @@
-{ inputs, pkgs, ... }: let
-  pastel = inputs.pastel.packages.${pkgs.system}.default;
-in {
+{ inputs, ... }: {
   services.nginx.virtualHosts = {
-    "cilly.moe" = {
-      useACMEHost = "cilly.moe";
-      forceSSL = true;
-      root = pastel.outPath;
-    };
-    "cilly.dev" = {
-      useACMEHost = "cilly.dev";
-      forceSSL = true;
-      root = pastel.outPath;
-    };
     "lava.moe" = {
       useACMEHost = "lava.moe";
       forceSSL = true;
       root = inputs.website.outPath;
     };
     "cdn.lava.moe" = {
-      useACMEHost = "lava.moe";
-      forceSSL = true;
-      extraConfig = ''
-        return 301 https://sh.lava.moe$request_uri;
-      '';
-    };
-    "sh.lava.moe" = {
       useACMEHost = "lava.moe";
       forceSSL = true;
       root = "/persist/cdn";
diff --git a/modules/system/base.nix b/modules/system/base.nix
index c45eb99..36c9993 100644
--- a/modules/system/base.nix
+++ b/modules/system/base.nix
@@ -1,5 +1,5 @@
 { config, inputs, modules, ... }: {
-  imports = [ modules.binds modules.options ];
+  imports = [ modules.options ];
 
   environment.etc = {
     "machine-id".source = "/persist/machine-id";
diff --git a/modules/system/docker.nix b/modules/system/docker.nix
deleted file mode 100644
index 1ebd190..0000000
--- a/modules/system/docker.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ pkgs, ... }: {
-  virtualisation.docker = {
-    enable = true;
-    storageDriver = "btrfs";
-    # rootless = {
-    #   enable = true;
-    #   setSocketVariable = true;
-    # };
-  };
-  environment.systemPackages = [
-    pkgs.docker-compose
-  ];
-}
diff --git a/modules/system/home-manager-stable.nix b/modules/system/home-manager-stable.nix
new file mode 100644
index 0000000..43842d7
--- /dev/null
+++ b/modules/system/home-manager-stable.nix
@@ -0,0 +1,19 @@
+{ config, inputs, modules, ... }: {
+  imports = [
+    inputs.home-manager-stable.nixosModules.home-manager
+  ];
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    extraSpecialArgs = {
+      inherit inputs modules;
+      sysConfig = config;
+    };
+    sharedModules = [
+      {
+        imports = [ modules.options ];
+        config.me = config.me;
+      }
+    ];
+  };
+}
diff --git a/modules/system/input.nix b/modules/system/input.nix
index a0bf2ff..2ef1eab 100644
--- a/modules/system/input.nix
+++ b/modules/system/input.nix
@@ -6,19 +6,7 @@
         "-arinterval 15"
       ];
     };
+    xkb.options = "caps:escape";
   };
-  services.keyd = {
-    enable = true;
-    keyboards = {
-      default = {
-        ids = [ "*" ];
-        settings = {
-          main = {
-            capslock = "esc";
-            esc = "capslock";
-          };
-        };
-      };
-    };
-  };
+  console.useXkbConfig = true;
 }
diff --git a/modules/system/nix-stable.nix b/modules/system/nix-stable.nix
index 1884c04..a88612a 100644
--- a/modules/system/nix-stable.nix
+++ b/modules/system/nix-stable.nix
@@ -1,7 +1,5 @@
 { config, lib, pkgs, ... }: {
   nix = {
-    package = pkgs.nixVersions.latest;
-
     settings = rec {
       substituters = [
         "https://cache.nixos.org?priority=10"
@@ -19,5 +17,4 @@
     '';
   };
   nixpkgs.config.allowUnfree = true;
-  programs.nh.enable = true;
 }
diff --git a/modules/system/nix.nix b/modules/system/nix.nix
index eb14f73..6a6fd04 100644
--- a/modules/system/nix.nix
+++ b/modules/system/nix.nix
@@ -1,6 +1,5 @@
-{ config, inputs, pkgs, ... }: {
+{ config, lib, pkgs, ... }: {
   nix = {
-    nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
     package = pkgs.nixVersions.latest;
 
     settings = rec {
diff --git a/modules/system/packages-gui.nix b/modules/system/packages-gui.nix
index d853c40..77eb510 100644
--- a/modules/system/packages-gui.nix
+++ b/modules/system/packages-gui.nix
@@ -10,6 +10,7 @@
       libva-vdpau-driver
       libvdpau-va-gl
     ];
+    programs.light.enable = true;
     hardware.opentabletdriver.enable = true;
     hardware.keyboard.qmk.enable = true;
     programs.steam = {
diff --git a/modules/system/packages.nix b/modules/system/packages.nix
index d4e2e3c..8670e6e 100644
--- a/modules/system/packages.nix
+++ b/modules/system/packages.nix
@@ -1,6 +1,7 @@
 { pkgs, ... }: {
   imports = [ ./packages-gui.nix ];
   environment.systemPackages = with pkgs; [
+    comma
     # ecryptfs
     efibootmgr
     fd
@@ -16,6 +17,7 @@
     neovim
     nfs-utils
     ntfs3g
+    oci-cli
     ripgrep
     rsync
     sshfs
diff --git a/modules/system/security.nix b/modules/system/security.nix
index f1f087b..602f108 100644
--- a/modules/system/security.nix
+++ b/modules/system/security.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }: {
+{ config, pkgs, ... }: {
   networking.firewall =
   let
     iptables = "${pkgs.iptables}/bin/iptables";
@@ -53,33 +53,5 @@
         }
       ];
     };
-    pam = lib.mkIf (config.me.environment != "headless") {
-      u2f = {
-        enable = true;
-        settings = {
-          cue = true;
-          pinverification = 1;
-        };
-      };
-      services.doas.rules.auth = {
-        u2f.settings.pinverification = lib.mkForce 0;
-        u2f_int = lib.mkMerge [
-          {
-            enable = true;
-            order = config.security.pam.services.doas.rules.auth.u2f.order + 1;
-            control = "sufficient";
-            modulePath = "${pkgs.pam_u2f}/lib/security/pam_u2f.so";
-            inherit (config.security.pam.u2f) settings;
-          }
-          {
-            settings = lib.mkForce {
-              interactive = true;
-              pinverification = 0;
-              userpresence = 0;
-            };
-          }
-        ];
-      };
-    };
   };
 }
diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix
deleted file mode 100644
index 5e3e044..0000000
--- a/modules/system/tailscale.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, lib, ... }: {
-  age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age;
-  me.binds."/var/lib/tailscale" = "tailscale";
-  networking.firewall.trustedInterfaces = [ "tailscale0" ];
-  networking.firewall.allowedUDPPorts = lib.mkIf (config.me.environment == "headless") [ 123 ];
-
-  services.tailscale = {
-    enable = true;
-    authKeyFile = config.age.secrets.tailscale_auth.path;
-    openFirewall = true;
-    useRoutingFeatures = if config.me.environment == "headless" then "both" else "client";
-  };
-}
diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix
index 71f85ad..dbc8938 100644
--- a/modules/system/wireguard.nix
+++ b/modules/system/wireguard.nix
@@ -1,12 +1,12 @@
 { config, lib, pkgs, gcSecrets, ... }:
 let
-  port = 51801;
+  port = 123;
   serverName = "dandelion";
   serverInterface = "enp0s6";
   serverIp = gcSecrets.wireguard.gateway;
 
   forwarding = {
-    "22727" = [ "10.100.0.3" "7777" ];
+#    "22727" = [ "10.100.0.3" "7777" ];
   };
 
   mapForwards = type:
@@ -18,8 +18,6 @@ let
       in ''
         ${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p tcp --dport ${sport} -j DNAT --to ${dest}:${dport}
         ${pkgs.iptables}/bin/iptables -${type} FORWARD -p tcp -d ${dest} --dport ${dport} -j ACCEPT
-        ${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p udp --dport ${sport} -j DNAT --to ${dest}:${dport}
-        ${pkgs.iptables}/bin/iptables -${type} FORWARD -p udp -d ${dest} --dport ${dport} -j ACCEPT
       '') forwarding
     );
 
diff --git a/modules/user/comma.nix b/modules/user/comma.nix
deleted file mode 100644
index 5ae7f03..0000000
--- a/modules/user/comma.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ inputs, ... }: {
-  imports = [
-    inputs.nix-index-database.homeModules.default
-  ];
-  programs.nix-index.enable = true;
-  programs.nix-index-database.comma.enable = true;
-}
diff --git a/modules/user/eww.nix b/modules/user/eww.nix
index 13db70e..9d839e0 100644
--- a/modules/user/eww.nix
+++ b/modules/user/eww.nix
@@ -21,9 +21,9 @@ let
     '';
   };
 in {
-  home.packages = with pkgs; [ iw socat ];
+  home.packages = with pkgs; [ socat ];
   programs.eww = {
     enable = true;
+    configDir = res;
   };
-  xdg.configFile."eww".source = res;
 }
diff --git a/modules/user/git.nix b/modules/user/git.nix
index ca2762e..6c21f20 100644
--- a/modules/user/git.nix
+++ b/modules/user/git.nix
@@ -10,7 +10,6 @@
       user.email = "mini@cilly.moe";
       core.abbrev = 11;
       safe.directory = "/home/rin/Projects/flakes";
-      init.defaultBranch = "master";
     };
   };
 }
diff --git a/modules/user/hypridle.nix b/modules/user/hypridle.nix
index af7af86..68203b1 100644
--- a/modules/user/hypridle.nix
+++ b/modules/user/hypridle.nix
@@ -1,6 +1,6 @@
 { config, lib, pkgs, ... }:
 let
-  kblight = "brightnessctl -d ${config.me.kbBacklightDevice}";
+  kblight = "light -s sysfs/leds/${config.me.kbBacklightDevice}";
 in
 {
   home.packages = [ config.services.hypridle.package ];
@@ -16,18 +16,18 @@ in
       listener = lib.optionals (config.me.kbBacklightDevice != null) [
         {
           timeout = 120;
-          on-timeout = "${kblight} -s && ${kblight} 0";
-          on-resume = "${kblight} -r";
+          on-timeout = "${kblight} -O && ${kblight} -S 0";
+          on-resume = "${kblight} -I";
         }
       ] ++ [
         {
           timeout = 150;
-          on-timeout = "brightnessctl -s && brightnessctl 50%-";
-          on-resume = "brightnessctl -r";
+          on-timeout = "light -O && light -T 0.5";
+          on-resume = "light -I";
         }
         {
           timeout = 180;
-          on-timeout = "brightnessctl -r && loginctl lock-session";
+          on-timeout = "light -I && loginctl lock-session";
         }
         {
           timeout = 195;
diff --git a/modules/user/neovim-minimal.nix b/modules/user/neovim-minimal.nix
index 392097d..a7d3f8c 100644
--- a/modules/user/neovim-minimal.nix
+++ b/modules/user/neovim-minimal.nix
@@ -9,8 +9,6 @@
     vimAlias = true;
     vimdiffAlias = true;
     withNodeJs = false;
-    withPython3 = false;
-    withRuby = false;
 
     plugins = with pkgs.vimPlugins; [
       fzf-vim
diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix
index 2b8d4c1..4dc4830 100644
--- a/modules/user/neovim.nix
+++ b/modules/user/neovim.nix
@@ -1,9 +1,9 @@
-{ config, lib, pkgs, sysConfig, ... }:
+{ config, lib, pkgs, ... }:
 let
   luaconf = pkgs.writeText "config.lua"
     (lib.replaceStrings
-      ["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}" "{{USERNAME}}" "{{HOSTNAME}}"]
-      ["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor config.home.username sysConfig.networking.hostName]
+      ["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}"]
+      ["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor]
       (builtins.readFile ../../res/config.lua));
 in {
   systemd.user.tmpfiles.rules = [
@@ -17,20 +17,17 @@ in {
     vimdiffAlias = true;
     #package = pkgs.neovim-nightly;
     withNodeJs = true;
-    withPython3 = true;
-    withRuby = false;
 
     extraPackages = with pkgs; [
-      nixd
       rust-analyzer
       texlab
-      astro-language-server
-      tailwindcss-language-server
-      diagnostic-languageserver
-      eslint_d
-      typescript-language-server
-      vscode-langservers-extracted
-      yaml-language-server
+      nodePackages."@astrojs/language-server"
+      nodePackages."@tailwindcss/language-server"
+      nodePackages.diagnostic-languageserver
+      nodePackages.eslint_d
+      nodePackages.typescript-language-server
+      nodePackages.vscode-langservers-extracted
+      nodePackages.yaml-language-server
     ];
 
     plugins = with pkgs.vimPlugins; [
diff --git a/modules/user/zsh.nix b/modules/user/zsh.nix
index 1eb736c..3fefce6 100644
--- a/modules/user/zsh.nix
+++ b/modules/user/zsh.nix
@@ -38,8 +38,7 @@ let
     jf = "doas journalctl -f";
 
     fl = "cd ~/Projects/flakes";
-    nr = "nh os switch";
-    nb = "nh os boot";
+    nr = "doas nixos-rebuild switch --flake .#${sysConfig.networking.hostName} -v -L";
 
     gs = "git status";
     ga = "git add";
@@ -102,6 +101,7 @@ let
     bindkey -a -r ':'
   '';
 in {
+  programs.command-not-found.enable = true;
   programs.zsh = {
     enable = true;
     dotDir = "${config.xdg.configHome}/zsh";
diff --git a/overlays/default.nix b/overlays/default.nix
index cbe3e7e..31648cc 100644
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -3,9 +3,7 @@ builtins.map (path: import path) [
   ./cascadia-code.nix
   ./ccache.nix
   ./eww.nix
-  ./jetbrains.nix
   ./material-icons.nix
-  ./openldap.nix
   ./steam.nix
   ./utillinux.nix
   ./wpa-supplicant.nix
diff --git a/overlays/jetbrains.nix b/overlays/jetbrains.nix
deleted file mode 100644
index dd1d1ad..0000000
--- a/overlays/jetbrains.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-# https://github.com/NixOS/nixpkgs/issues/375254
-self: super: {
-  jetbrains = super.jetbrains // {
-    gateway = let
-      unwrapped = super.jetbrains.gateway;
-    in super.buildFHSEnv {
-      name = "gateway";
-      inherit (unwrapped) version;
-
-      runScript = super.writeScript "gateway-wrapper" ''
-        unset JETBRAINS_CLIENT_JDK
-        exec ${unwrapped}/bin/gateway "$@"
-      '';
-
-      meta = unwrapped.meta;
-
-      passthru = {
-        inherit unwrapped;
-      };
-    };
-  };
-}
diff --git a/overlays/openldap.nix b/overlays/openldap.nix
deleted file mode 100644
index f9b2b46..0000000
--- a/overlays/openldap.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-self: super: {
-  # openldap i686 fails checks
-  # issue: https://github.com/NixOS/nixpkgs/issues/514113
-  # workaround: https://github.com/NixOS/nixpkgs/issues/513245#issuecomment-4320293674
-  # fix: https://github.com/NixOS/nixpkgs/pull/515956
-  openldap = super.openldap.overrideAttrs {
-    doCheck = !self.stdenv.hostPlatform.isi686;
-  };
-}
diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix
index 1ea7dcb..c0362b4 100644
--- a/packages/linux-lava/sources.nix
+++ b/packages/linux-lava/sources.nix
@@ -1,8 +1,8 @@
 { fetchFromGitHub, inputs, lib }:
 let
-  version = "7.0.10";
-  kernelHash = "1w4i705i0nl1xqv7fdhdbhy7j3xrzhl31fabs6vmgiw7nf06szxv";
-  kernelPatchHash = "0h7gxqcnww7sj5cdyblzj04775zhavwdylkm2pm91v6xkjbnz1zj";
+  version = "6.19.3";
+  kernelHash = "0mqka8ii7bvmx9hvfjdiyva9ib0j7m390gxhh8gki3qb4nl7jc1h";
+  kernelPatchHash = "0madbbnn90vkbdwsi8alaa34a7h728frkw5kdzi9xmvkyi828acg";
 
   mm = lib.versions.majorMinor version;
   hasPatch = (builtins.length (builtins.splitVersion version)) == 3;
diff --git a/res/config-minimal.lua b/res/config-minimal.lua
index c2d3f06..f941c9e 100644
--- a/res/config-minimal.lua
+++ b/res/config-minimal.lua
@@ -1,5 +1,5 @@
 -- Keybindings
-local map = vim.keymap.set
+local map = vim.api.nvim_set_keymap
 map('n', '<C-H>', '<C-W>h', { noremap = true })
 map('n', '<C-J>', '<C-W>j', { noremap = true })
 map('n', '<C-K>', '<C-W>k', { noremap = true })
@@ -18,7 +18,6 @@ vim.opt.number = true
 vim.opt.cursorline = true
 vim.opt.signcolumn = "yes:3"
 vim.opt.title = true
-vim.opt.termguicolors = true
 vim.opt.updatetime = 0
 vim.opt.clipboard:prepend('unnamedplus')
 
@@ -48,7 +47,7 @@ vim.g.signify_sign_change            = vim.g.signify_sign_add
 vim.g.signify_sign_change_delete     = vim.g.signify_sign_delete
 
 -- Plugins
-require('nvim-treesitter').setup {
+require('nvim-treesitter.configs').setup {
     highlight = { enable = true },
     indent = { enable = false }
 }
diff --git a/res/config.lua b/res/config.lua
index c0b5dad..ef10504 100644
--- a/res/config.lua
+++ b/res/config.lua
@@ -51,7 +51,6 @@ vim.g.signify_sign_change_delete     = vim.g.signify_sign_delete
 
 -- VimTeX
 vim.g.vimtex_view_method = "zathura"
-vim.g.vimtex_quickfix_open_on_warning = 0
 
 -- Theming
 vim.api.nvim_command("syntax enable")
@@ -108,18 +107,18 @@ require('lualine').setup {
 -- many thanks to @kristijanhusak
 -- https://github.com/nvim-treesitter/nvim-treesitter/issues/1167#issuecomment-920824125
 function _G.javascript_indent()
-    local line = vim.fn.getline(vim.v.lnum)
-    local prev_line = vim.fn.getline(vim.v.lnum - 1)
-    if line:match('^%s*[%*/]%s*') then
-        if prev_line:match('^%s*%*%s*') then
-            return vim.fn.indent(vim.v.lnum - 1)
-        end
-        if prev_line:match('^%s*/%*%*%s*$') then
-            return vim.fn.indent(vim.v.lnum - 1) + 1
-        end
+  local line = vim.fn.getline(vim.v.lnum)
+  local prev_line = vim.fn.getline(vim.v.lnum - 1)
+  if line:match('^%s*[%*/]%s*') then
+    if prev_line:match('^%s*%*%s*') then
+      return vim.fn.indent(vim.v.lnum - 1)
     end
+    if prev_line:match('^%s*/%*%*%s*$') then
+      return vim.fn.indent(vim.v.lnum - 1) + 1
+    end
+  end
 
-    return vim.fn['GetJavascriptIndent']()
+  return vim.fn['GetJavascriptIndent']()
 end
 
 vim.cmd('au FileType javascript setlocal indentexpr=v:lua.javascript_indent()')
@@ -157,17 +156,22 @@ vim.api.nvim_create_autocmd("LspAttach", {
     end
 })
 
-vim.diagnostic.config({
-    focusable = false,
-    virtual_text = false,
-    underline = true,
-    signs = true,
-    update_in_insert = true
-})
+vim.lsp.handlers["textDocument/publishDiagnostics"] = vim.lsp.with(
+    vim.lsp.diagnostic.on_publish_diagnostics, {
+        focusable = false,
+        virtual_text = false,
+        underline = true,
+        signs = true,
+        update_in_insert = true
+    }
+)
+vim.lsp.handlers["textDocument/signatureHelp"] = vim.lsp.with(
+    vim.lsp.handlers.signature_help, { focusable = false }
+)
 
 capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities)
 
-local servers = { 'astro', 'clangd', 'cssls', 'html', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' }
+local servers = { 'astro', 'clangd', 'cssls', 'html', 'nil_ls', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' }
 for _, lsp in ipairs(servers) do
     vim.lsp.config(lsp, {
         capabilities = capabilities,
@@ -292,32 +296,6 @@ vim.lsp.config("diagnosticls", {
 })
 vim.lsp.enable("diagnosticls")
 
--- LSP/nixd
-vim.lsp.config("nixd", {
-  cmd = { "nixd" },
-  filetypes = { "nix" },
-  root_markers = { "flake.nix", ".git" },
-  settings = {
-    nixd = {
-      nixpkgs = {
-        expr = "import <nixpkgs> { }",
-      },
-      formatting = {
-        command = { "nixfmt" },
-      },
-      options = {
-        nixos = {
-          expr = '(builtins.getFlake (toString ./.)).nixosConfigurations.{{HOSTNAME}}.options',
-        },
-        home_manager = {
-          expr = '(builtins.getFlake (builtins.toString ./.)).nixosConfigurations."{{USERNAME}}@{{HOSTNAME}}".options.home-manager.users.type.getSubOptions []',
-        },
-      },
-    },
-  },
-})
-vim.lsp.enable("nixd")
-
 -- LSP/Signatures
 require("lsp_signature").setup {
     hint_enable = false,
diff --git a/res/eww/eww.yuck b/res/eww/eww.yuck
index d72a2cc..c153154 100644
--- a/res/eww/eww.yuck
+++ b/res/eww/eww.yuck
@@ -1,5 +1,4 @@
 (defwindow mainbar :monitor 0
-
                    :geometry (geometry :x "0%"
                                        :y "0%"
                                        :width "100%"
@@ -40,15 +39,12 @@
   `cat /sys/class/power_supply/_BAT_PATH_/capacity`)
 (defpoll pbat_status :interval "1s" :run-while bat-enabled
   `cat /sys/class/power_supply/_BAT_PATH_/status`)
-(defpoll wifi_ssid :interval "1s" :run-while wifi-enabled
-  `iwctl station wlan0 show | grep "Connected network" | awk '{print $3}'`)
-(defpoll wifi_strength :interval "1s" :run-while wifi-enabled
-  `iw dev wlan0 link | awk '/signal/ {gsub("-",""); print $2}'`)
+(defpoll network_strength :interval "1s" :run-while wifi-enabled
+  `nmcli -f IN-USE,SIGNAL device wifi | grep '*' | tr -d -c 0-9`)
 (defpoll bluetooth_device :interval "1s" :run-while bt-enabled
   `bluetoothctl devices Connected | grep Device | cut -d" " -f3-`)
-(defpoll bluetooth_device_count :interval "1s" :run-while bt-enabled
-  `bluetoothctl devices Connected | wc -l`)
 
+(deflisten lnetwork :initial "" :run-while wifi-enabled "./scripts/network.sh")
 (deflisten ltitle :initial "" "./scripts/title.sh")
 (deflisten lworkspaces :initial "[]" "./scripts/workspaces.sh")
 (deflisten lcurrent_workspace :initial "1" "./scripts/active-workspace.sh")
@@ -103,28 +99,28 @@
       (revealer :transition "slideleft"
                 :reveal {bluetooth-extended && bluetooth_device != ""}
                 :duration 150
-        (label :text { bluetooth_device_count == "1" ? bluetooth_device : (bluetooth_device_count + " devices") }
+        (label :text bluetooth_device
                :class "base")))))
 
 (defwidget network []
   (button :onclick `eww update network-extended=${network-extended ? "false" : "true"}`
     (box :orientation "horizontal"
-         :class {"widget pill" + ((network-extended && wifi_ssid != "") ? " extended" : "")}
-         :spacing {(network-extended && wifi_ssid != "") ? 5 : 0}
+         :class {"widget pill" + ((network-extended && lnetwork != "Disconnected") ? " extended" : "")}
+         :spacing {(network-extended && lnetwork != "Disconnected") ? 5 : 0}
          :space-evenly false
       (label :text {
-          (wifi_ssid == "") ? ""
-        : (wifi_strength == "") ? ""
-        : (wifi_strength < 75) ? ""
-        : (wifi_strength < 65) ? ""
-        : (wifi_strength < 60) ? ""
-        : (wifi_strength < 50) ? ""
+          (lnetwork == "Disconnected") ? ""
+        : (network_strength == "") ? ""
+        : (network_strength < 20) ? ""
+        : (network_strength < 30) ? ""
+        : (network_strength < 55) ? ""
+        : (network_strength < 80) ? ""
         : ""}
              :class "base pill-icon")
       (revealer :transition "slideleft"
-                :reveal {network-extended && wifi_ssid != ""}
+                :reveal {network-extended && lnetwork != "Disconnected"}
                 :duration 150
-        (label :text wifi_ssid
+        (label :text lnetwork
                :class "base")))))
 
 (defwidget battery []
diff --git a/res/eww/scripts/network.sh b/res/eww/scripts/network.sh
new file mode 100755
index 0000000..7d0c2c8
--- /dev/null
+++ b/res/eww/scripts/network.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+init=$(nmcli -t -f name,device connection show --active | grep wlp1s0 | cut -d\: -f1)
+
+if [[ -z $init ]]; then
+    echo Disconnected
+else
+    echo $init
+fi
+
+nmcli monitor | while read -r line ; do
+    if [[ $line == *"is now the primary connection" ]]; then
+        conn=$(echo $line | cut -d\' -f2)
+        echo $conn
+    fi
+    if [[ $line == "There's no primary connection" ]]; then
+        echo Disconnected
+    fi
+done
diff --git a/secrets.nix b/secrets.nix
index b1f55e5..4fc6c4a 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -1,5 +1,4 @@
 let
-  alyssum = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAp00i2DTwMk9i2WBEwpNTDA51TQJEqzpyCka6znmRzR";
   anemone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEPFifSAybe97xDP/cq6AAjy7Fm0go0dtQ9ICK6JRUgc";
   blossom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5wfPCcpkNR3ubr7cBV0UwVCDo/sMmV0aI/JOJTIxQj";
   dandelion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFUk99ku7+eiIO7Q9sIPlPx3GiUljLv7W404W/zwrtzI";
@@ -7,15 +6,10 @@ let
 
   rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15";
 in {
-  "secrets/passwd.age".publicKeys = [ alyssum anemone blossom rin ];
-  "secrets/passwd_smbcilly.age".publicKeys = [ alyssum rin ];
-  "secrets/passwd_smbkujira.age".publicKeys = [ alyssum rin ];
-  "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ];
+  "secrets/passwd.age".publicKeys = [ anemone blossom rin ];
+  "secrets/wpa_conf.age".publicKeys = [ blossom rin ];
 
-  "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ];
-  "secrets/navidrome_env.age".publicKeys = [ alyssum dandelion rin ];
-  "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ];
-  "secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ];
+  "secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ];
   "secrets/warden_admin.age".publicKeys = [ rin ];
   "secrets/wg_anemone.age".publicKeys = [ anemone rin ];
   "secrets/wg_dandelion.age".publicKeys = [ dandelion rin ];
diff --git a/secrets/acme_dns.age b/secrets/acme_dns.age
index c440de6..a573417 100644
--- a/secrets/acme_dns.age
+++ b/secrets/acme_dns.age
@@ -1,11 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 kOMSPw vqjZO82kILUQaoD9EwOgnmXKD9IyscgtzP65BVKkGhs
-07f0vL5fSq+EVdJ4n3L/q0tGsh0SVLCueTzbrMQC2ok
--> ssh-ed25519 bRFqeQ qZAsyhdIY/fg7weEBYfB/WwFBrr/fDRrjt0J/m+57W4
-FOWjbk7efoVdL9WxjWvaZ/0mJrQ4yj0fN/Fa3zztz84
--> ssh-ed25519 ZAcXHw UHpAQ4nKoGGaZWXVj4UM6uBanOgDpBvG6XdoBvhz6y8
-xF1orqajQxp2QzU/e1sq8lMxz4AQ2Vr5a3wEU55QqyE
--> ssh-ed25519 U9FXlg n/LPuRDZ7N0VbZYLNr86hH/yRuqd2zFC7Nnpooz8d0o
-aZig/wjd5vitGaJwQ89w2M7fj8fAiqTpdDOmLae74sM
---- mXuALIh6k4n0cErsTFnwKemo/r2jFG7mGSTz2M8zXF8
-Zr2��.	��~M��P��XŹ1�)p�9R�9�ScLzhQ���O��0��H7���L�j�5�
�����\��l9�7���ܫn���>��
+-> ssh-ed25519 bRFqeQ trK7wfJ1fObF70yD3a6axuXaZv/EzzFI7he1dvUajH8
+1C5IrwITtma/um0zUo6by0llVTnla7TBdyRD07azTT8
+-> ssh-ed25519 ZAcXHw f+n0WJKTViwizwTIgRpbLGqk458SnuAFVVj5FQS0nwA
+MRinOTxWGwfeg16VWJYD+1Uta+7xF6G9oyqtYSfEq80
+-> ssh-ed25519 U9FXlg 24QGfemIAHZYMwroayNJp91fUkbwUF7ACuXIk+7qdBg
+RNGpjxUgfzV/e1Ab/NcA8A0zzxsXU06xmVbLpG3x+iI
+--- mekieJNQOl4vcg+hsSOQsFC7mVUZf/oRl/dT7AeTRKg
+��H즏)k��#%3c�Q�ں�����1?�ad|�쳄ٗ��o2�
�
+B�)��=�Zi�9�pR���	�Kl��g� ՞��
h�
\ No newline at end of file
diff --git a/secrets/navidrome_env.age b/secrets/navidrome_env.age
deleted file mode 100644
index 7df364f..0000000
--- a/secrets/navidrome_env.age
+++ /dev/null
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 kOMSPw s/uDjoILzZ4meH5Thqdly/pPe2bTO7sKHPIsn7B/Ays
-Pg3ePdLimArZbzBJJkole/d6UjUafNayktjKqt9gqv4
--> ssh-ed25519 bRFqeQ /yrku11wKk2gf24aPjSBZ1KBZXLOlSTOgvW13gjzC3M
-xTCWHdq5Vr02v9xDoEZqCcGLIdjZT9s29Gldoz27ow0
--> ssh-ed25519 U9FXlg HhSqF8DRz/vW42Sf34fqGMIgj9Zpc5MeYNhqqsz7fBk
-4IzAURq50rY160/qAzo49cmhV7/skh7PGM8h9qI9WGE
---- aSO1slFKfkECL6Gro84fMiDZ0QLLNbOrfiNegNK7ksc
-i'r��Ќ��l"�j^S�"_�UP��C��xs�1����M��w�ʍ�;#{a��}+��=��eԑ$�#s�z�Ki����J��D�?�>F��8k�Z(���;���)�[��b+�o�@�#2�L,����חL�<\��U���#����>13�p\��IQ)޽��@��p�,C��5�v8M%�NA	r7�ɀ�n��t
�'Ѕֲ��5+�bj��)�Ra�C�
\ No newline at end of file
diff --git a/secrets/passwd.age b/secrets/passwd.age
index 05ad906..64ec861 100644
Binary files a/secrets/passwd.age and b/secrets/passwd.age differ
diff --git a/secrets/passwd_smbcilly.age b/secrets/passwd_smbcilly.age
deleted file mode 100644
index 41ad172..0000000
--- a/secrets/passwd_smbcilly.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 kOMSPw CQaXT9/nw3NGD2/H/ctSQGXIoacgjfKQ24wkpEieLSQ
-i4xEXgWGQ7xgQyaDQQIeDuiCLjA6Le23qSnv8C1cbcI
--> ssh-ed25519 U9FXlg GL4dCSCku/FA6ipb9XI1AxO4lhm2r/1lRAeqaGrB32o
-+pPgqwnoPi3wJLobTimVMj0rng+XRapRG6jTYFXSsDM
---- eVgn3ON19pqq+L832bqlbkHUQXdaTI+LfSL4bYfEdew
-�*�l\�W�!J7E/����"f@%\���[��j8fӶ��
\ No newline at end of file
diff --git a/secrets/passwd_smbkujira.age b/secrets/passwd_smbkujira.age
deleted file mode 100644
index 71b6bb8..0000000
--- a/secrets/passwd_smbkujira.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 kOMSPw Kn+LPMoyOrVwI/nrGgnxgVA3D+tVY9Tccg/Yx/jL+E8
-IfWiSBh7KgNvgcHlcDzfdcB9nxm1zy12Ae7AGm39fdE
--> ssh-ed25519 U9FXlg 6eIIGEIYDo02FBsgBnwbuOeR8t4xB6jSmLfIL73UCDg
-QOc0ddunQQcVEVD20DKKpn3wZWUSveFJSUTBnv+xnNk
---- MjN2i0FNzbUpBGUDNgWGXrRsYl2gtsQX+JlzZV/fYdw
-T� <�R#d�Ć̎lLk�N���8�c�_N�)��T
\ No newline at end of file
diff --git a/secrets/slskd_env.age b/secrets/slskd_env.age
deleted file mode 100644
index eded5d0..0000000
--- a/secrets/slskd_env.age
+++ /dev/null
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 ohyStA 3Do7MsCBX9ZgP6pIekvkRisFgF74jq2cKxrjUi2NlhM
-EdfLIUk40isfNBY4CKA0JjHc2RaCM/LJmvQJuue+aYs
--> ssh-ed25519 bRFqeQ XcjdLy6CEELgdN133BkgTG0cUffU6N9nsapB3c9Swyc
-+ILEkir7XMK/xLNrTs2R+pBoucIN7fVEBRZSZwBo7Fs
--> ssh-ed25519 U9FXlg bqpdUcMN/bk7WlIruWmhj0hpFL/CliDHto/P/KaMdxk
-z6wKPbT1OAW7sDjeziwdqs6mf9Rk37xsU9pw4wYMOF4
---- wNvTtQPOTxetOpazjBXo4fR3wPL7CVQq4R30gOj/qQw
-&P+�����S��y�=}��~1�C�����^.�?zL��H��R`akE��R��(4�R!�*l�!���A��~@VG����<��2��-K8H�Pu�2jS#WД�����l>@�a	.Mƞ���Hg[���$�Wˌ�[��"%N�,� rGN�mf�9F��k&~�OW�Z70���t�����?���eOf��A������z�,hq/�Z�&��Fy�5ɾ�BQw���/�"��J�S섘5�f}%B��PĮ�,
r�F`�Nm��n�C�Î��rJ���af� �i�?���0���pz�aV�[��y�j�X4��B>R,�tyO��IW!�(��n#�ܒj>�����58�9���d��0�����mi���%�t�C�R˄^I�r�M�")֙�S�&.)l�z�Өq����:�r���brE@�JǺsM����d��?�Sk
\ No newline at end of file
diff --git a/secrets/tailscale_auth.age b/secrets/tailscale_auth.age
deleted file mode 100644
index be7af43..0000000
--- a/secrets/tailscale_auth.age
+++ /dev/null
@@ -1,13 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 kOMSPw judP6VmZDGErkHfUpCp3xTgJtWVmGv3/tZw3WGyhfhM
-10jxPIR6Qaf/iWLzbWOrFq9XBsm8OC3mcMrxEt+BYQ8
--> ssh-ed25519 ohyStA Xc6TjSJYtJkK1VEauNJKn+RcTdwdkyJ0Sr+tbAJ8rGc
-vzQt4zMdktY5tNvfu9HsKBgJb52uM7x8bhF+WXwpWZ8
--> ssh-ed25519 CUCjXQ r8WxaXpWtaBdMJ2ubaAwJ4ipSz/UtnMs0x3+eI8p0VU
-CdicUH7AE4E4XVHDAeYzQdsYMYA0sCLlt2P4eR24vvs
--> ssh-ed25519 bRFqeQ E9sknPioO9leKqs8bFJDLrAMuRAJf0ZRyGMvy7O5wVA
-KX93oSqGHimM/PaeaoHq1aYVXGG1YsVMO2ihZaM8xVE
--> ssh-ed25519 U9FXlg u7yG7cLylPUgu/Is4xx0BXVhX31vUtgStV5CYa8Cowg
-xAuGYZpMPVQpZYASXrMuqNE9wqqEG3kMLUNjLzPmL4g
---- EoeqIMnX5tR3J51Cz2QEyjsgD/7h468bqjRmt3mOEjY
-��xHQ���)����k�)ĉB�~ە�֖Zv?����%lQx
OwZIs�ۄ�f4�D���ǔ�*�Otݳ�0.m[q�_[�����v���
\ No newline at end of file
diff --git a/secrets/wpa_conf.age b/secrets/wpa_conf.age
index 555b594..2b6862e 100644
Binary files a/secrets/wpa_conf.age and b/secrets/wpa_conf.age differ
diff --git a/users/hana/default.nix b/users/hana/default.nix
index 69558ea..ed7a464 100644
--- a/users/hana/default.nix
+++ b/users/hana/default.nix
@@ -1,5 +1,4 @@
 { config, lib, modules, pkgs, ... }: {
-  programs.nh.flake = "/persist/hana/flakes";
   programs.zsh.enable = true;
   users.users.hana = {
     isNormalUser = true;
@@ -22,7 +21,6 @@
     };
 
     imports = with modules.user; [
-      comma
       direnv
       git
       neovim-minimal
diff --git a/users/rin/default.nix b/users/rin/default.nix
index a70d716..e8d6f5c 100644
--- a/users/rin/default.nix
+++ b/users/rin/default.nix
@@ -3,7 +3,7 @@
   programs.zsh.enable = true;
   users.users.rin = {
     isNormalUser = true;
-    extraGroups = [ "adbusers" "audio" "corectrl" "dialout" "docker" "libvirtd" "networkmanager" "video" "wheel" "wireshark" ];
+    extraGroups = [ "adbusers" "audio" "corectrl" "dialout" "libvirtd" "networkmanager" "video" "wheel" "wireshark" ];
     shell = pkgs.zsh;
     uid = 1001;
     hashedPasswordFile = config.age.secrets.passwd.path;
@@ -21,7 +21,6 @@
       sessionVariables
 
       catppuccin
-      comma
       direnv
       git
       gpg
diff --git a/users/rin/packages.nix b/users/rin/packages.nix
index 3fe0129..3b07cab 100644
--- a/users/rin/packages.nix
+++ b/users/rin/packages.nix
@@ -1,8 +1,10 @@
 { config, inputs, pkgs, ... }:
 let
   dotnet-combined = (with pkgs.dotnetCorePackages; combinePackages [
-      dotnet_10.sdk
-      aspnetcore_10_0-bin
+      dotnet_8.sdk
+      dotnet_9.sdk
+      aspnetcore_8_0-bin
+      aspnetcore_9_0-bin
   ]);
 in {
   programs.firefox = {
@@ -15,52 +17,51 @@ in {
     ffmpeg
     gnupg
     kitty
+    nil
     nodejs_latest
     pamixer
-    pnpm
-    unrar
-    yt-dlp
-  ] ++ lib.optionals (config.me.environment == "desktop") [
-    krita
-    lutris
-    mangohud
-    inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin
     qmk
-    tetrio-desktop
-    tor-browser
-    virt-manager
-    winetricks
+    unrar
+    weechat
+    yt-dlp
+
+    nodePackages_latest.pnpm
   ] ++ lib.optionals config.me.gui [
     android-studio
-    brightnessctl
     drawio
+    element-desktop
     evince
     eww
     feh
-    feishin
     file-roller
     gamescope
     gimp3
     grim
+    #kotatogram-desktop
+    krita
     lm_sensors
+    lutris
+    insomnia
     maim
+    mangohud
     me.psensor
+    inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin
+    # inputs.nix-gaming.packages.x86_64-linux.wine-osu
     obsidian
     pavucontrol
-    (prismlauncher.override {
-      jdks = [
-        jdk21
-        temurin-bin-25
-      ];
-    })
+    prismlauncher
     qbittorrent
     rivalcfg
     screenkey
     slurp
     swaybg
+    tetrio-desktop
     texliveFull
+    tor-browser
     transmission-remote-gtk
     vesktop
+    virt-manager
+    winetricks
     zathura
     zenity