...

50 files changed, 795 insertions, 757 deletions

diff --git a/_sources/generated.json b/_sources/generated.json
index b3604420..be1e12e9 100644
--- a/_sources/generated.json
+++ b/_sources/generated.json
@@ -270,11 +270,11 @@
         "pinned": false,
         "src": {
             "name": null,
-            "sha256": "sha256-D0UnGL0H+zua5fJAoBbfEyU4ZdjQXf6LeQ+475oVKow=",
+            "sha256": "sha256-8kd17ChqLuVH5/OdPc2rVDKEDWHl9ZWLh8k+EBrCGH8=",
             "type": "url",
-            "url": "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.86/netboot.xyz.efi"
+            "url": "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.87/netboot.xyz.efi"
         },
-        "version": "2.0.86"
+        "version": "2.0.87"
     },
     "netbootxyz-lkrn": {
         "cargoLocks": null,
@@ -285,11 +285,11 @@
         "pinned": false,
         "src": {
             "name": null,
-            "sha256": "sha256-zUuvv/MCXhgqBCa4dl4+bWtS+Z1PCDRUX0pGLonaWpY=",
+            "sha256": "sha256-/qY3NdRC0SghQ4kamrkm9EFumrKlirqDCJ+XY+jHWLA=",
             "type": "url",
-            "url": "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.86/netboot.xyz.lkrn"
+            "url": "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.87/netboot.xyz.lkrn"
         },
-        "version": "2.0.86"
+        "version": "2.0.87"
     },
     "postfix-mta-sts-resolver": {
         "cargoLocks": null,
@@ -437,7 +437,7 @@
     },
     "v4l2loopback": {
         "cargoLocks": null,
-        "date": "2025-04-16",
+        "date": "2025-04-29",
         "extract": null,
         "name": "v4l2loopback",
         "passthru": null,
@@ -449,12 +449,12 @@
             "name": null,
             "owner": "umlaeute",
             "repo": "v4l2loopback",
-            "rev": "119543510c0455f4e6517ae82d81d65354225a31",
-            "sha256": "sha256-1SAYXV0KEQEQEiQbBom2YHoeDzuDWkmCmcetlU85h/M=",
+            "rev": "8d806ad688961d8840081a609c39d1a82d296b24",
+            "sha256": "sha256-zuE/qFI8QCWCePmHWjTIPTh2KzmDkwQ2uj5C1dAwo1c=",
             "sparseCheckout": [],
             "type": "github"
         },
-        "version": "119543510c0455f4e6517ae82d81d65354225a31"
+        "version": "8d806ad688961d8840081a609c39d1a82d296b24"
     },
     "xcompose": {
         "cargoLocks": null,
@@ -486,10 +486,10 @@
         "pinned": false,
         "src": {
             "name": null,
-            "sha256": "sha256-G/4OZg0acKCeJ7LVj5LjCx4uNizEh4KfL4JDRq5J+5E=",
+            "sha256": "sha256-0BNn0MOulONcseLsy3p8cOGBxMpEj07iN08mSJ0mNgM=",
             "type": "url",
-            "url": "https://pypi.org/packages/source/y/yt_dlp/yt_dlp-2025.3.31.tar.gz"
+            "url": "https://pypi.org/packages/source/y/yt_dlp/yt_dlp-2025.4.30.tar.gz"
         },
-        "version": "2025.3.31"
+        "version": "2025.4.30"
     }
 }
\ No newline at end of file
diff --git a/_sources/generated.nix b/_sources/generated.nix
index c3b65800..ff85bc0d 100644
--- a/_sources/generated.nix
+++ b/_sources/generated.nix
@@ -164,18 +164,18 @@
   };
   netbootxyz-efi = {
     pname = "netbootxyz-efi";
-    version = "2.0.86";
+    version = "2.0.87";
     src = fetchurl {
-      url = "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.86/netboot.xyz.efi";
-      sha256 = "sha256-D0UnGL0H+zua5fJAoBbfEyU4ZdjQXf6LeQ+475oVKow=";
+      url = "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.87/netboot.xyz.efi";
+      sha256 = "sha256-8kd17ChqLuVH5/OdPc2rVDKEDWHl9ZWLh8k+EBrCGH8=";
     };
   };
   netbootxyz-lkrn = {
     pname = "netbootxyz-lkrn";
-    version = "2.0.86";
+    version = "2.0.87";
     src = fetchurl {
-      url = "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.86/netboot.xyz.lkrn";
-      sha256 = "sha256-zUuvv/MCXhgqBCa4dl4+bWtS+Z1PCDRUX0pGLonaWpY=";
+      url = "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.87/netboot.xyz.lkrn";
+      sha256 = "sha256-/qY3NdRC0SghQ4kamrkm9EFumrKlirqDCJ+XY+jHWLA=";
     };
   };
   postfix-mta-sts-resolver = {
@@ -270,15 +270,15 @@
   };
   v4l2loopback = {
     pname = "v4l2loopback";
-    version = "119543510c0455f4e6517ae82d81d65354225a31";
+    version = "8d806ad688961d8840081a609c39d1a82d296b24";
     src = fetchFromGitHub {
       owner = "umlaeute";
       repo = "v4l2loopback";
-      rev = "119543510c0455f4e6517ae82d81d65354225a31";
+      rev = "8d806ad688961d8840081a609c39d1a82d296b24";
       fetchSubmodules = true;
-      sha256 = "sha256-1SAYXV0KEQEQEiQbBom2YHoeDzuDWkmCmcetlU85h/M=";
+      sha256 = "sha256-zuE/qFI8QCWCePmHWjTIPTh2KzmDkwQ2uj5C1dAwo1c=";
     };
-    date = "2025-04-16";
+    date = "2025-04-29";
   };
   xcompose = {
     pname = "xcompose";
@@ -294,10 +294,10 @@
   };
   yt-dlp = {
     pname = "yt-dlp";
-    version = "2025.3.31";
+    version = "2025.4.30";
     src = fetchurl {
-      url = "https://pypi.org/packages/source/y/yt_dlp/yt_dlp-2025.3.31.tar.gz";
-      sha256 = "sha256-G/4OZg0acKCeJ7LVj5LjCx4uNizEh4KfL4JDRq5J+5E=";
+      url = "https://pypi.org/packages/source/y/yt_dlp/yt_dlp-2025.4.30.tar.gz";
+      sha256 = "sha256-0BNn0MOulONcseLsy3p8cOGBxMpEj07iN08mSJ0mNgM=";
     };
   };
 }
diff --git a/accounts/gkleen@eostre.nix b/accounts/gkleen@eostre.nix
index 72818d44..28daf3fd 100644
--- a/accounts/gkleen@eostre.nix
+++ b/accounts/gkleen@eostre.nix
@@ -1,16 +1,16 @@
 { flake, userName, pkgs, ... }:
 {
   imports = with flake.nixosModules.userProfiles.${userName}; [
-    zsh utils tmux
+    utils
   ];
 
   config = {
     home-manager.users.${userName} = {
       home.stateVersion = "20.09";
 
-      nixpkgs.config = {
-        allowUnfree = true;
-      };
+      # nixpkgs.config = {
+      #   allowUnfree = true;
+      # };
 
       home.packages = with pkgs; [
         thunderbird libreoffice element-desktop keepassxc vlc
diff --git a/accounts/gkleen@installer.nix b/accounts/gkleen@installer.nix
index c7a418f8..5fe1db38 100644
--- a/accounts/gkleen@installer.nix
+++ b/accounts/gkleen@installer.nix
@@ -1,7 +1,11 @@
-{ userName, ... }:
+{ flake, userName, ... }:
 
 {
-  home-manager.users.${userName} = { config, ... } : {
+  imports = with flake.nixosModules.userProfiles.${userName}; [
+    zsh tmux
+  ];
+
+  config.home-manager.users.${userName} = { config, ... } : {
     home.stateVersion = config.home.version.release;
   };
 }
diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix
index b46d021e..80f03e49 100644
--- a/accounts/gkleen@sif/default.nix
+++ b/accounts/gkleen@sif/default.nix
@@ -63,7 +63,7 @@ let
   };
 in {
   imports = with flake.nixosModules.userProfiles.${userName}; [
-    mpv yt-dlp (args: import ./xcompose.nix (inputs // args))
+    zsh tmux mpv yt-dlp (args: import ./xcompose.nix (inputs // args))
   ];
 
   config = {
@@ -77,10 +77,10 @@ in {
 
       home.stateVersion = "20.09";
 
-      nixpkgs.config = {
-        allowUnfree = true;
-        zathura.useMupdf = false;
-      };
+      # nixpkgs.config = {
+      #   allowUnfree = true;
+      #   zathura.useMupdf = false;
+      # };
 
       nix.registry = {
         "flk" = {
@@ -186,7 +186,7 @@ in {
           gpu-api = "vulkan";
         };
 
-        zsh.initExtra = let
+        zsh.initContent = let
           zshrc = pkgs.resholve.mkDerivation {
             pname = "zshrc";
             version = "0.0.0";
@@ -219,7 +219,6 @@ in {
                   gnutar
                   cpio
                   magic-wormhole
-                  quickserve
                   cfg.programs.zsh.package
                   fuse
                   util-linux
@@ -232,6 +231,7 @@ in {
                   config.systemd.package
                   config.programs.ssh.package
                   gnused
+                  miniserve
                 ];
                 execer = with pkgs; [
                   "cannot:${lib.getExe' rpm "rpm2cpio"}"
@@ -240,7 +240,6 @@ in {
                   "cannot:${lib.getExe cfg.programs.git.package}"
                   "cannot:${lib.getExe cpio}"
                   "cannot:${lib.getExe' magic-wormhole "wormhole"}"
-                  "cannot:${lib.getExe quickserve}"
                   "cannot:${lib.getExe' fuse "fusermount"}"
                   "cannot:${lib.getExe less}"
                   "cannot:${lib.getExe' config.systemd.package "systemctl"}"
@@ -322,14 +321,6 @@ in {
             "kitty_mod+m" = "detach_window ask";
           };
         };
-        wpaperd = {
-          enable = true;
-          settings.default = {
-            path = "~/.wallpapers";
-            duration = "15m";
-            mode = "center";
-          };
-        };
         fuzzel = {
           enable = true;
           settings = {
@@ -360,6 +351,14 @@ in {
       };
 
       services = {
+        wpaperd = {
+          enable = true;
+          settings.default = {
+            path = "~/.wallpapers";
+            duration = "15m";
+            mode = "center";
+          };
+        };
         emacs = {
           enable = true;
           socketActivation.enable = true;
diff --git a/accounts/gkleen@sif/niri/default.nix b/accounts/gkleen@sif/niri/default.nix
index 732e3c7a..a9b4b0f8 100644
--- a/accounts/gkleen@sif/niri/default.nix
+++ b/accounts/gkleen@sif/niri/default.nix
@@ -249,7 +249,7 @@ in {
           import os
           import socket
           import json
-          import sys
+          # import sys
           from collections import defaultdict
           from threading import Thread, Lock
           from socketserver import StreamRequestHandler, ThreadingTCPServer
@@ -275,7 +275,7 @@ in {
               def focus_workspace(output, workspace):
                   with history_lock:
                       workspace_history[output] = [workspace] + [ws for ws in workspace_history[output] if ws != workspace]  # noqa: E501
-                      print(json.dumps(workspace_history), file=sys.stderr)
+                      # print(json.dumps(workspace_history), file=sys.stderr)
 
               sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
               sock.connect(os.environ["NIRI_SOCKET"])
@@ -743,19 +743,19 @@ in {
                   "Mod+Shift+Control+C".action = move-workspace-up;
 
                   "Mod+ParenLeft".action = focus-workspace "comm";
-                  "Mod+Shift+ParenLeft".action = move-column-to-workspace "comm";
+                  "Mod+Shift+ParenLeft".action = kdl.magic-leaf "move-column-to-workspace" "comm";
 
                   "Mod+ParenRight".action = focus-workspace "web";
-                  "Mod+Shift+ParenRight".action = move-column-to-workspace "web";
+                  "Mod+Shift+ParenRight".action = kdl.magic-leaf "move-column-to-workspace" "web";
 
                   "Mod+BraceRight".action = focus-workspace "read";
-                  "Mod+Shift+BraceRight".action = move-column-to-workspace "read";
+                  "Mod+Shift+BraceRight".action = kdl.magic-leaf "move-column-to-workspace" "read";
 
                   "Mod+BraceLeft".action = focus-workspace "mon";
-                  "Mod+Shift+BraceLeft".action = move-column-to-workspace "mon";
+                  "Mod+Shift+BraceLeft".action = kdl.magic-leaf "move-column-to-workspace" "mon";
 
                   "Mod+Asterisk".action = focus-workspace "vid";
-                  "Mod+Shift+Asterisk".action = move-column-to-workspace "vid";
+                  "Mod+Shift+Asterisk".action = kdl.magic-leaf "move-column-to-workspace" "vid";
 
                   "Mod+Plus".action = with-unnamed-workspace-action ''{"Action":{"FocusWorkspace":{"reference":{"Id": .id}}}}'';
                   "Mod+Shift+Plus".action = with-unnamed-workspace-action ''{"Action":{"MoveColumnToWorkspace":{"reference":{"Id": .id}}}}'';
diff --git a/accounts/gkleen@sif/niri/mako.nix b/accounts/gkleen@sif/niri/mako.nix
index 2788fb82..9373dc21 100644
--- a/accounts/gkleen@sif/niri/mako.nix
+++ b/accounts/gkleen@sif/niri/mako.nix
@@ -3,37 +3,29 @@
   config = {
     services.mako = {
       enable = true;
-      font = "Fira Sans 10";
-      format = "<i>%s</i>\\n%b";
-      margin = "2";
-      maxVisible = -1;
-      backgroundColor = "#000000dd";
-      progressColor = "source #223544ff";
-      width = 384;
-      extraConfig = ''
-        outer-margin=1
-        max-history=100
-        max-icon-size=48
-
-        [grouped]
-        format=<b>(%g)</b> <i>%s</i>\n%b
-
-        [urgency=low]
-        text-color=#999999ff
-
-        [urgency=critical]
-        background-color=#900000dd
-
-        [app-name=Element]
-        group-by=summary
-
-        [app-name=poweralertd]
-        ignore-timeout=1
-        default-timeout=2000
-
-        [mode=silent]
-        invisible=1
-      '';
+      settings = {
+        font = "Fira Sans 10";
+        format = "<i>%s</i>\\n%b";
+        margin = "2";
+        max-visible = -1;
+        background-color = "#000000dd";
+        progress-color = "source #223544ff";
+        width = 384;
+        outer-margin = 1;
+        max-history = 100;
+        max-icon-size = 48;
+      };
+      criteria = {
+        grouped.format = "<b>(%g)</b> <i>%s</i>\n%b";
+        "urgency=low".text-color = "#999999ff";
+        "urgency=critical".background-color = "#900000dd";
+        "app-name=Element".group-by = "summary";
+        "app-name=poweralertd" = {
+          ignore-timeout = true;
+          default-timeout = 2000;
+        };
+        "mode=silent".invisible = true;
+      };
       package = pkgs.symlinkJoin {
         name = "${pkgs.mako.name}-wrapped";
         paths = with pkgs; [ mako ];
diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix
index 2237b708..90cccc58 100644
--- a/accounts/gkleen@sif/systemd.nix
+++ b/accounts/gkleen@sif/systemd.nix
@@ -242,7 +242,7 @@ in {
           "-${lib.getExe pkgs.playerctl} -a pause"
           "-${lib.getExe (pkgs.writeShellApplication {
             name = "generate-css";
-            runtimeInputs = with pkgs; [cfg.programs.wpaperd.package jq coreutils imagemagick findutils];
+            runtimeInputs = with pkgs; [cfg.services.wpaperd.package jq coreutils imagemagick findutils];
             text = ''
               declare -A monitors
               monitors=()
@@ -333,21 +333,21 @@ in {
         ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\"";
       };
     };
-    wpaperd = {
-      Install = {
-        WantedBy = ["graphical-session.target"];
-      };
-      Unit = {
-        After = [ "graphical-session.target" ];
-        PartOf = [ "graphical-session.target" ];
-      };
-      Service = {
-        ExecStart = lib.getExe cfg.programs.wpaperd.package;
-        Type = "simple";
-        Restart = "always";
-        RestartSec = "2s";
-      };
-    };
+    # wpaperd = {
+    #   Install = {
+    #     WantedBy = ["graphical-session.target"];
+    #   };
+    #   Unit = {
+    #     After = [ "graphical-session.target" ];
+    #     PartOf = [ "graphical-session.target" ];
+    #   };
+    #   Service = {
+    #     ExecStart = lib.getExe cfg.services.wpaperd.package;
+    #     Type = "simple";
+    #     Restart = "always";
+    #     RestartSec = "2s";
+    #   };
+    # };
     xembed-sni-proxy = {
       Unit = {
         PartOf = lib.mkForce ["tray.target"];
diff --git a/accounts/gkleen@sif/zshrc b/accounts/gkleen@sif/zshrc
index 06f6f6f2..7645e0fc 100644
--- a/accounts/gkleen@sif/zshrc
+++ b/accounts/gkleen@sif/zshrc
@@ -6,11 +6,10 @@ dir() {
     forceShell=false
     wormhole=false
     gitWorktree=""
-    # notmuchMsg=""
-    quickserve=false
     modifyPDF=""
+    miniserve=false
 
-    while getopts ':t:a:d:ir:wqg:p:' arg; do
+    while getopts ':t:a:d:ir:wg:p:m' arg; do
         case $arg in
             "t") ;;
             "a")
@@ -26,9 +25,8 @@ dir() {
             "r") repoUrl=${OPTARG} ;;
             "w") wormhole=true ;;
             "g") gitWorktree=${OPTARG} ;;
-            # "n") notmuchMsg=${OPTARG} ;;
-            "q") quickserve=true ;;
             "p") modifyPDF=${OPTARG:a} ;;
+            "m") miniserve=true ;;
             *) printf "Invalid option: %s\n" $arg >&2; exit 2 ;;
         esac
     done
@@ -52,17 +50,29 @@ dir() {
         gitWorktree=""
     fi
 
+    miniservePIDFile=""
+    if [[ ${miniserve} = "true" ]]; then
+      miniservePIDFile=$(mktemp --tmpdir --suffix=.pid)
+    fi
+
     cleanup()
     {
-        cd ${modifyPDF:h}
         if [[ -n ${modifyPDF} ]]; then
+           cd ${modifyPDF:h}
            typeset -a pages
            eval 'pages=(${dir}/${modifyPDF:t:r}_*.png(on))'
            magick -verbose "$pages" ${modifyPDF}
+           modifyPDF=""
+        fi
+        if [[ -n ${miniservePIDFile} ]]; then
+           kill --verbose $(cat ${miniservePIDFile}) && wait $(cat ${miniservePIDFile})
+           miniservePIDFile=""
         fi
     }
 
     (
+        set -o localtraps
+        trap 'return 1' INT TERM
         trap cleanup EXIT
 
         cd ${dir}
@@ -135,18 +145,18 @@ dir() {
         [[ $wormhole = "true" ]] && wormhole receive --accept-file
 
 
-        if [[ $quickserve = "true" ]]; then
-          quickserve --root . --upload . --show-hidden --tar gz
+        if [[ ${#@} -gt 0 ]]; then
+            ${@}
         fi
 
+        cd $(pwd) # Needed for mounting to work
 
-        if [[ ${#@} -eq 0 ]] || [[ $forceShell = "true" ]]; then
-            if [[ ${#@} -gt 0 ]]; then
-                ${@}
-            fi
-
-            cd $(pwd) # Needed for mounting to work
+        if [[ ${miniserve} = "true" ]]; then
+           miniserve --random-route --hidden --enable-tar-gz --enable-zip . &
+           echo $! > "${miniservePIDFile}"
+        fi
 
+        if [[ ${#@} -eq 0 ]] && [[ ${miniserve} != "true" ]] || [[ $forceShell = "true" ]]; then
             isSingleDir() {
                 typeset -a contents
                 contents=(*(N) .*(N))
@@ -160,10 +170,9 @@ dir() {
             }
             while d=$(isSingleDir); do cd ${d}; done
 
-
             zsh
-        else
-            ${@}
+        elif [[ ${miniserve} == "true" ]]; then
+            wait $(cat "${miniservePIDFile}")
         fi
     )
 }
@@ -171,27 +180,30 @@ dir() {
 tmpdir() {
     cleanup()
     {
-      cd /
+        cd /
         unmount() {
             printf "Unmounting %s\n" ${1} >&2
             fusermount -u ${1} || umount ${1} || sudo umount ${1}
         }
 
-        if mountpoint -q -- ${dir}; then
-            unmount ${dir} || return $?
-        else
-            while read -d $'\0' subDir; do
-                mountpoint -q -- ${subDir} || continue
-                unmount ${subDir} || return $?
-            done <<<$(find ${dir} -xdev -type d -print0 | sort -zr)
-        fi
-
-        rm -rfv --one-file-system -- ${dir}
+        if [[ -n ${dir} ]]; then
+            if mountpoint -q -- ${dir}; then
+                unmount ${dir} || return $?
+            else
+                while read -d $'\0' subDir; do
+                    mountpoint -q -- ${subDir} || continue
+                    unmount ${subDir} || return $?
+                done <<<$(find ${dir} -xdev -type d -print0 | sort -zr)
+            fi
+
+            rm -rfv --one-file-system -- ${dir}
+            dir=""
+        fi
     }
 
     local tmpdir=""
 
-    while getopts ':t:a:s:Sd:ir:wqg:p:' arg; do
+    while getopts ':t:a:d:ir:wg:p:m' arg; do
         case $arg in
             "t") tmpdir="=${OPTARG}" ;;
             "?"|":") printf "Invalid option: %s\n" $arg >&2; exit 2 ;;
@@ -199,6 +211,8 @@ tmpdir() {
     done
 
     (
+        set -o localtraps
+        trap 'return 1' INT TERM
         trap cleanup EXIT
 
 
@@ -247,14 +261,6 @@ l() {
   ls --long --binary --git --time-style=iso --header $@
 }
 
-re() {
-  systemctl restart $@
-}
-
-ure() {
-  systemctl --user restart $@
-}
-
 ssh-installer() {
   ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o IdentityFile=~/.ssh/gkleen@sif.midgard.yggdrasil $@
 }
diff --git a/accounts/gkleen@surtr.nix b/accounts/gkleen@surtr.nix
index 58c4f21d..8f678ac9 100644
--- a/accounts/gkleen@surtr.nix
+++ b/accounts/gkleen@surtr.nix
@@ -1,3 +1,7 @@
-{ userName, ... }: {
-  home-manager.users.${userName}.home.stateVersion = "20.09";
+{ flake, userName, ... }: {
+  imports = with flake.nixosModules.userProfiles.${userName}; [
+    zsh tmux
+  ];
+
+  config.home-manager.users.${userName}.home.stateVersion = "20.09";
 }
diff --git a/accounts/gkleen@vidhar.nix b/accounts/gkleen@vidhar.nix
index 8509c2f4..3a37c4bd 100644
--- a/accounts/gkleen@vidhar.nix
+++ b/accounts/gkleen@vidhar.nix
@@ -1,4 +1,8 @@
 { flake, pkgs, userName, config, ... }: {
+  imports = with flake.nixosModules.userProfiles.${userName}; [
+    zsh tmux
+  ];
+
   config = {
     users.users.${userName} = {
       uid = 1000;
diff --git a/accounts/mherold@eostre.nix b/accounts/mherold@eostre.nix
index 51e4529a..0e2f37aa 100644
--- a/accounts/mherold@eostre.nix
+++ b/accounts/mherold@eostre.nix
@@ -7,9 +7,9 @@
     home-manager.users.${userName} = {
       home.stateVersion = "20.09";
 
-      nixpkgs.config = {
-        allowUnfree = true;
-      };
+      # nixpkgs.config = {
+      #   allowUnfree = true;
+      # };
 
       home.packages = with pkgs; [
         thunderbird libreoffice element-desktop keepassxc vlc
diff --git a/accounts/root@installer.nix b/accounts/root@installer.nix
index c7a418f8..5fe1db38 100644
--- a/accounts/root@installer.nix
+++ b/accounts/root@installer.nix
@@ -1,7 +1,11 @@
-{ userName, ... }:
+{ flake, userName, ... }:
 
 {
-  home-manager.users.${userName} = { config, ... } : {
+  imports = with flake.nixosModules.userProfiles.${userName}; [
+    zsh tmux
+  ];
+
+  config.home-manager.users.${userName} = { config, ... } : {
     home.stateVersion = config.home.version.release;
   };
 }
diff --git a/accounts/root@sif.nix b/accounts/root@sif.nix
index c9e129a0..bb816230 100644
--- a/accounts/root@sif.nix
+++ b/accounts/root@sif.nix
@@ -1,6 +1,10 @@
-{ userName, ... }:
+{ flake, userName, ... }:
 {
-  home-manager.users.${userName} = {
+  imports = with flake.nixosModules.userProfiles.${userName}; [
+    zsh tmux
+  ];
+
+  config.home-manager.users.${userName} = {
     home.stateVersion = "20.09";
 
     programs.ssh.matchBlocks = {
diff --git a/accounts/root@surtr.nix b/accounts/root@surtr.nix
index 58c4f21d..8f678ac9 100644
--- a/accounts/root@surtr.nix
+++ b/accounts/root@surtr.nix
@@ -1,3 +1,7 @@
-{ userName, ... }: {
-  home-manager.users.${userName}.home.stateVersion = "20.09";
+{ flake, userName, ... }: {
+  imports = with flake.nixosModules.userProfiles.${userName}; [
+    zsh tmux
+  ];
+
+  config.home-manager.users.${userName}.home.stateVersion = "20.09";
 }
diff --git a/accounts/root@vidhar.nix b/accounts/root@vidhar.nix
index e82414a8..0fc56633 100644
--- a/accounts/root@vidhar.nix
+++ b/accounts/root@vidhar.nix
@@ -1,6 +1,11 @@
-{ config, userName, ... }:
+{ flake, config, userName, ... }:
+
 {
-  home-manager.users.${userName} = {
+  imports = with flake.nixosModules.userProfiles.${userName}; [
+    zsh tmux
+  ];
+
+  config.home-manager.users.${userName} = {
     home.stateVersion = "20.09";
 
     programs.ssh.matchBlocks = {
diff --git a/flake.lock b/flake.lock
index abb6541a..64091d39 100644
--- a/flake.lock
+++ b/flake.lock
@@ -115,11 +115,11 @@
     "flake-compat_3": {
       "flake": false,
       "locked": {
-        "lastModified": 1733328505,
-        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "lastModified": 1747046372,
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
         "type": "github"
       },
       "original": {
@@ -322,11 +322,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738691953,
-        "narHash": "sha256-JY/w2Xyrj3mhUhLJkSgk8t7MSf3LGZjewPTQ7QtCbHE=",
+        "lastModified": 1746904907,
+        "narHash": "sha256-XYo6bwc7xwo4lO6a/D2ttYRN4yDmsAjyt5O1E0vOLDg=",
         "owner": "gkleen",
         "repo": "home-manager",
-        "rev": "c077fc8684289ab1b1c2231bab1566879e099c97",
+        "rev": "696495266c65b76f08d8196b87aa7bd835906570",
         "type": "github"
       },
       "original": {
@@ -343,11 +343,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1710245356,
-        "narHash": "sha256-8cQGUn+N1dTgklMWMejSLN2q8Oz+7Rnqsfaw2rt3bU4=",
+        "lastModified": 1747139300,
+        "narHash": "sha256-V+YnIIM2wMprHGgzOU0HzyeWQEjP6EhG8kc4IffWFeg=",
         "owner": "gkleen",
         "repo": "home-manager",
-        "rev": "a14fe0c27d04dfa3d80abe2db743e9a7f4f2a33d",
+        "rev": "50182497604587a24bdbe97d6400b1696eac57b1",
         "type": "github"
       },
       "original": {
@@ -397,11 +397,11 @@
         "xwayland-satellite-unstable": "xwayland-satellite-unstable"
       },
       "locked": {
-        "lastModified": 1745483403,
-        "narHash": "sha256-fNemxNtPugDzCK7ofPApufFhD4EW5PiA0v3+aS1O6rY=",
+        "lastModified": 1747115632,
+        "narHash": "sha256-SypEtZQsum43HvIT4HqM1RH8CE3wCWFIO5b5IqC/2FA=",
         "owner": "sodiboo",
         "repo": "niri-flake",
-        "rev": "17ebd40a372527ad20cc799b1835beaf7abf7200",
+        "rev": "44eeba852a6671ab1c7be5ca65a58c49794cef4b",
         "type": "github"
       },
       "original": {
@@ -431,11 +431,11 @@
     "niri-unstable": {
       "flake": false,
       "locked": {
-        "lastModified": 1745351516,
-        "narHash": "sha256-nQRp1Q+kV137Dsk7WCsnq6zQA7YrvRll2wVcG7wZpHA=",
+        "lastModified": 1747113435,
+        "narHash": "sha256-9oU1mKAM2BZLSots136UA75RIed53YtYgns9TUkr3ck=",
         "owner": "YaLTeR",
         "repo": "niri",
-        "rev": "6ab055a4b968ccf115a1be3b65b0d5ec4d7c33f1",
+        "rev": "6d083ea49741d6e8e85d5a1d6b6bcaa837d3b5c0",
         "type": "github"
       },
       "original": {
@@ -472,11 +472,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1745120797,
-        "narHash": "sha256-owQ0VQ+7cSanTVPxaZMWEzI22Q4bGnuvhVjLAJBNQ3E=",
+        "lastModified": 1746934494,
+        "narHash": "sha256-3n6i+F0sDASjkhbvgFDpPDZGp7z19IrRtjfF9TwJpCA=",
         "owner": "Mic92",
         "repo": "nix-index-database",
-        "rev": "69716041f881a2af935021c1182ed5b0cc04d40e",
+        "rev": "e9b21b01e4307176b9718a29ac514838e7f6f4ff",
         "type": "github"
       },
       "original": {
@@ -493,11 +493,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737219791,
-        "narHash": "sha256-OU0NPjJ3woNDFNx7HtWuUXBb4eI6Ggre/Uj2qhiSjrg=",
+        "lastModified": 1745680380,
+        "narHash": "sha256-Z8PknjkmIr/8ZCH+dmc2Pc+UltiOr7/oKg37PXuVvuU=",
         "owner": "ners",
         "repo": "nix-monitored",
-        "rev": "6ed8ed4832ff26c616e5856ba19f5b8141d61bd3",
+        "rev": "60f3baa4701d58eab86c2d1d9c3d7e820074d461",
         "type": "github"
       },
       "original": {
@@ -529,11 +529,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1745392233,
-        "narHash": "sha256-xmqG4MZArM1JNxPJ33s0MtuBzgnaCO9laARoU3AfP8E=",
+        "lastModified": 1747083103,
+        "narHash": "sha256-dMx20S2molwqJxbmMB4pGjNfgp5H1IOHNa1Eby6xL+0=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "8bf8a2a0822365bd8f44fd1a19d7ed0a1d629d64",
+        "rev": "d1d68fe8b00248caaa5b3bbe4984c12b47e0867d",
         "type": "github"
       },
       "original": {
@@ -651,11 +651,11 @@
     },
     "nixpkgs-stable_2": {
       "locked": {
-        "lastModified": 1745279238,
-        "narHash": "sha256-AQ7M9wTa/Pa/kK5pcGTgX/DGqMHyzsyINfN7ktsI7Fo=",
+        "lastModified": 1746957726,
+        "narHash": "sha256-k9ut1LSfHCr0AW82ttEQzXVCqmyWVA5+SHJkS5ID/Jo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9684b53175fc6c09581e94cc85f05ab77464c7e3",
+        "rev": "a39ed32a651fdee6842ec930761e31d1f242cb94",
         "type": "github"
       },
       "original": {
@@ -699,11 +699,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1745391562,
-        "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",
+        "lastModified": 1746904237,
+        "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
+        "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
         "type": "github"
       },
       "original": {
@@ -962,11 +962,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1745310711,
-        "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=",
+        "lastModified": 1746485181,
+        "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c",
+        "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
         "type": "github"
       },
       "original": {
@@ -1094,11 +1094,11 @@
     "xwayland-satellite-unstable": {
       "flake": false,
       "locked": {
-        "lastModified": 1745372360,
-        "narHash": "sha256-5DX9lYmEbkdANCzME2v3coV0EnWOhS7NsTlGBQuqmjM=",
+        "lastModified": 1747111562,
+        "narHash": "sha256-GAqhWoxaBIk0tgoecZPa8gTHDHxNc0JtlwWHZN2iOOo=",
         "owner": "Supreeeme",
         "repo": "xwayland-satellite",
-        "rev": "c31679aa41966ee9272bb240703755cb1e7c72e3",
+        "rev": "ec9ff64c1e0cbec42710b580b7c0f759b1694e72",
         "type": "github"
       },
       "original": {
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index 0897e1d8..f4de24e8 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -126,38 +126,8 @@ in {
         rulesetFile = ./ruleset.nft;
       };
 
-      # firewall = {
-      #   enable = true;
-      #   allowedTCPPorts = [ 22 # ssh
-      #                       8000 # quickserve
-      #                     ];
-      # };
-
-      # wlanInterfaces = {
-      #   wlan0 = {
-      #     device = "wlp82s0";
-      #   };
-      # };
-
-      # bonds = {
-      #   "lan" = {
-      #     interfaces = [ "wlan0" "enp0s31f6" "dock0" ];
-      #     driverOptions = {
-      #       miimon = "1000";
-      #       mode = "active-backup";
-      #       primary_reselect = "always";
-      #     };
-      #   };
-      # };
-
       useDHCP = false;
       useNetworkd = true;
-
-      # interfaces."tinc.yggdrasil" = {
-      #   virtual = true;
-      #   virtualType = config.services.tinc.networks.yggdrasil.interfaceType;
-      #   macAddress = "5c:93:21:c3:61:39";
-      # };
     };
 
     environment.etc."NetworkManager/dnsmasq.d/libvirt_dnsmasq.conf" = {
@@ -751,10 +721,6 @@ in {
 
     home-manager.sharedModules = [ flakeInputs.nixVirt.homeModules.default ];
 
-    environment.pathsToLink = [
-      "share/zsh"
-    ];
-
     system.stateVersion = "24.11";
   };
 }
diff --git a/hosts/sif/ruleset.nft b/hosts/sif/ruleset.nft
index 2af8b2ee..62339f69 100644
--- a/hosts/sif/ruleset.nft
+++ b/hosts/sif/ruleset.nft
@@ -61,7 +61,7 @@ table inet filter {
   counter mosh-rx {}
   counter wg-rx {}
   counter yggdrasil-gre-rx {}
-  counter quickserve-rx {}
+  counter miniserve-rx {}
   counter ausweisapp2-rx {}
 
   counter established-rx {}
@@ -81,7 +81,7 @@ table inet filter {
   counter mosh-tx {}
   counter wg-tx {}
   counter yggdrasil-gre-tx {}
-  counter quickserve-tx {}
+  counter miniserve-tx {}
 
   counter tx {}
 
@@ -134,7 +134,7 @@ table inet filter {
     tcp dport 22 counter name ssh-rx accept
     udp dport 60000-61000 counter name mosh-rx accept
 
-    tcp dport 8000 counter name quickserve-rx accept
+    tcp dport 8080 counter name miniserve-rx accept
     udp dport 24727 counter name ausweisapp2-rx accept
 
     udp dport 51820-51822 counter name wg-rx accept
@@ -173,7 +173,7 @@ table inet filter {
     udp sport 51820-51822 counter name wg-tx
     iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-tx
 
-    tcp sport 8000 counter name quickserve-tx accept
+    tcp sport 8080 counter name miniserve-tx accept
 
     oifname virbr0 udp sport 67 counter name libvirt-dhcp accept
     oifname virbr0 udp sport 547 counter name libvirt-dhcp accept
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 13b33c7f..4666d1d6 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -215,7 +215,7 @@ in {
         smtpd_client_event_limit_exceptions = "";
 
         milter_default_action = "accept";
-        smtpd_milters = [config.services.opendkim.socket "local:/run/rspamd/rspamd-milter.sock"];
+        smtpd_milters = [config.services.opendkim.socket "local:/run/rspamd/rspamd-milter.sock" "local:/run/postsrsd/postsrsd-milter.sock"];
         non_smtpd_milters = [config.services.opendkim.socket "local:/run/rspamd/rspamd-milter.sock"];
 
         alias_maps = "";
@@ -237,11 +237,6 @@ in {
           ::/0                silent-discard, dsn
         ''}";
 
-        sender_canonical_maps = "tcp:localhost:${toString config.services.postsrsd.forwardPort}";
-        sender_canonical_classes = "envelope_sender";
-        recipient_canonical_maps = "tcp:localhost:${toString config.services.postsrsd.reversePort}";
-        recipient_canonical_classes = ["envelope_recipient" "header_recipient"];
-
         virtual_mailbox_domains = ''pgsql:${pkgs.writeText "virtual_mailbox_domains.cf" ''
           hosts = postgresql:///email
           dbname = email
@@ -366,10 +361,11 @@ in {
 
     services.postsrsd = {
       enable = true;
-      domain = "surtr.yggdrasil.li";
+      domains = [ "surtr.yggdrasil.li" ] ++ concatMap (domain: [".${domain}" domain]) emailDomains;
       separator = "+";
-      excludeDomains = [ "surtr.yggdrasil.li"
-                       ] ++ concatMap (domain: [".${domain}" domain]) emailDomains;
+      extraConfig = ''
+        milter = unix:/run/postsrsd/postsrsd-milter.sock
+      '';
     };
 
     services.opendkim = {
diff --git a/hosts/surtr/vpn/default.nix b/hosts/surtr/vpn/default.nix
index 1bdcf74e..92223144 100644
--- a/hosts/surtr/vpn/default.nix
+++ b/hosts/surtr/vpn/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, config, lib, ... }:
+{ flake, pkgs, config, lib, ... }:
 
 with lib;
 
@@ -22,7 +22,11 @@ in {
         "--load-credential=surtr.priv:/run/credentials/container@vpn.service/surtr.priv"
         "--network-ipvlan=ens3:upstream"
       ];
-      config = {
+      config = let hostConfig = config; in { config, pkgs, ... }: {
+        system.stateVersion = lib.mkIf hostConfig.containers."vpn".ephemeral config.system.nixos.release;
+        system.configurationRevision = mkIf (flake ? rev) flake.rev;
+        nixpkgs.pkgs = hostConfig.nixpkgs.pkgs;
+
         boot.kernel.sysctl = {
           "net.core.rmem_max" = 4194304;
           "net.core.wmem_max" = 4194304;
diff --git a/hosts/surtr/vpn/geri.pub b/hosts/surtr/vpn/geri.pub
index ed5de2b2..2cd9b24e 100644
--- a/hosts/surtr/vpn/geri.pub
+++ b/hosts/surtr/vpn/geri.pub
@@ -1 +1 @@
-sYuQSNZHzfegv8HRz71jnZm2nFLGeRnaGwVonhKUj2k=
+hhER05bvstOTGfiAG3IJsFkBNWCUZHokBXwaiC5d534=
diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix
index 098d3061..11460393 100644
--- a/hosts/vidhar/network/dhcp/default.nix
+++ b/hosts/vidhar/network/dhcp/default.nix
@@ -306,32 +306,30 @@ in {
               pkgs.symlinkJoin {
                 name = "installer-${system}";
                 paths = [
-                  (let
-                    installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules {
+                  (builtins.addErrorContext "while evaluating installer-${system}-nfsroot" (let
+                    installerBuild' = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules {
                       modules = [
                         ({ ... }: {
                           config.nfsroot.storeDevice = "${nfsIp}:nix-store";
                           config.nfsroot.registrationUrl = "${nfsrootBaseUrl}/installer-${system}/registration";
+                          config.system.nixos.label = "installer-${system}";
                         })
                       ];
-                    }).config.system.build;
-                  in builtins.toPath (pkgs.runCommandLocal "install-${system}" {} ''
+                    });
+                    installerBuild = installerBuild'.config.system.build;
+                  in builtins.toPath (pkgs.runCommandLocal "installer-${system}" {} ''
                     mkdir -p $out/installer-${system}
                     install -m 0444 -t $out/installer-${system} \
                       ${installerBuild.initialRamdisk}/initrd \
                       ${installerBuild.kernel}/bzImage \
                       ${installerBuild.netbootIpxeScript}/netboot.ipxe \
                       ${pkgs.closureInfo { rootPaths = installerBuild.storeContents; }}/registration
-                  ''))
-                  (pkgs.writeTextFile {
-                    name = "installer-${system}.menu.ipxe";
-                    destination = "/installer-${system}.menu.ipxe";
-                    text = ''
+                    install -m 0444 ${pkgs.writeText "installer-${system}.menu.ipxe" ''
                       #!ipxe
 
                       :start
                       menu iPXE boot menu for installer-${system}
-                      item installer installer-${system}
+                      item installer ${with installerBuild'; "${config.system.nixos.distroName} ${config.system.nixos.codeName} ${config.system.nixos.label} (Linux ${config.boot.kernelPackages.kernel.modDirVersion})"}
                       item memtest memtest86plus
                       item netboot netboot.xyz
                       item shell iPXE shell
@@ -353,8 +351,8 @@ in {
                       :memtest
                       iseq ''${platform} efi && chain --autofree memtest.efi || chain --autofree memtest.bin
                       goto start
-                    '';
-                  })
+                    ''} $out/installer-${system}.menu.ipxe
+                  '')))
                 ];
               }) ["x86_64-linux"]
             ) ++ [
@@ -366,15 +364,17 @@ in {
                 install -m 0444 ${sources.netbootxyz-efi.src} $out/netboot.xyz.efi
                 install -m 0444 ${sources.netbootxyz-lkrn.src} $out/netboot.xyz.lkrn
               '')
-              (let
-                 eostreBuild = (flake.nixosConfigurations.eostre.extendModules {
+              (builtins.addErrorContext "while evaluating eostre" (let
+                 eostreBuild' = (flake.nixosConfigurations.eostre.extendModules {
                    modules = [
                      ({ ... }: {
                        config.nfsroot.storeDevice = "${nfsIp}:nix-store";
                        config.nfsroot.registrationUrl = "${nfsrootBaseUrl}/eostre/registration";
+                       config.system.nixos.label = "eostre";
                      })
                    ];
-                 }).config.system.build;
+                 });
+                 eostreBuild = eostreBuild'.config.system.build;
                in builtins.toPath (pkgs.runCommandLocal "eostre" {} ''
                     mkdir -p $out/eostre
                     install -m 0444 -t $out/eostre \
@@ -382,43 +382,39 @@ in {
                       ${eostreBuild.kernel}/bzImage \
                       ${eostreBuild.netbootIpxeScript}/netboot.ipxe \
                       ${pkgs.closureInfo { rootPaths = eostreBuild.storeContents; }}/registration
-                  ''))
-              (pkgs.writeTextFile {
-                name = "eostre.menu.ipxe";
-                destination = "/eostre.menu.ipxe";
-                text = ''
-                  #!ipxe
+                    install -m 0444 ${pkgs.writeText "eostre.menu.ipxe" ''
+                      #!ipxe
 
-                  set menu-timeout 5000
+                      set menu-timeout 5000
 
-                  :start
-                  menu iPXE boot menu for eostre
-                  item eostre eostre
-                  item memtest memtest86plus
-                  item netboot netboot.xyz
-                  item shell iPXE shell
-                  choose --timeout ''${menu-timeout} --default eostre selected || goto shell
-                  set menu-timeout 0
-                  goto ''${selected}
+                      :start
+                      menu iPXE boot menu for eostre
+                      item eostre ${with eostreBuild'; "${config.system.nixos.distroName} ${config.system.nixos.codeName} ${config.system.nixos.label} (Linux ${config.boot.kernelPackages.kernel.modDirVersion})"}
+                      item memtest memtest86plus
+                      item netboot netboot.xyz
+                      item shell iPXE shell
+                      choose --timeout ''${menu-timeout} --default eostre selected || goto shell
+                      set menu-timeout 0
+                      goto ''${selected}
 
-                  :shell
-                  set menu-timeout 0
-                  shell
-                  goto start
+                      :shell
+                      set menu-timeout 0
+                      shell
+                      goto start
 
-                  :eostre
-                  chain eostre/netboot.ipxe
-                  goto start
+                      :eostre
+                      chain eostre/netboot.ipxe
+                      goto start
 
-                  :netboot
-                  iseq ''${platform} efi && chain --autofree netboot.xyz.efi || chain --autofree netboot.xyz.lkrn
-                  goto start
+                      :netboot
+                      iseq ''${platform} efi && chain --autofree netboot.xyz.efi || chain --autofree netboot.xyz.lkrn
+                      goto start
 
-                  :memtest
-                  iseq ''${platform} efi && chain --autofree memtest.efi || chain --autofree memtest.bin
-                  goto start
-                '';
-              })
+                      :memtest
+                      iseq ''${platform} efi && chain --autofree memtest.efi || chain --autofree memtest.bin
+                      goto start
+                    ''} $out/eostre.menu.ipxe
+                  '')))
             ];
         };
       };
diff --git a/installer-profiles/cd-dvd.nix b/installer-profiles/cd-dvd.nix
index 45291bad..ac12d885 100644
--- a/installer-profiles/cd-dvd.nix
+++ b/installer-profiles/cd-dvd.nix
@@ -1,7 +1,13 @@
-{ flakeInputs, ... }:
+{ flakeInputs, lib, ... }:
 
 {
   imports = [
     "${flakeInputs.nixpkgs.outPath}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
   ];
+
+  config = {
+    isoImage.squashfsCompression = "zstd -Xcompression-level 9";
+    system.installer.channel.enable = false;
+    boot.loader.grub.memtest86.enable = lib.mkForce false;
+  };
 }
diff --git a/installer-profiles/netboot.nix b/installer-profiles/netboot.nix
index 28e8084d..6e39ebfb 100644
--- a/installer-profiles/netboot.nix
+++ b/installer-profiles/netboot.nix
@@ -4,4 +4,9 @@
   imports = [
     "${flakeInputs.nixpkgs.outPath}/nixos/modules/installer/netboot/netboot-minimal.nix"
   ];
+
+  config = {
+    netboot.squashfsCompression = "zstd -Xcompression-level 9";
+    system.installer.channel.enable = false;
+  };
 }
diff --git a/installer-profiles/nfsroot.nix b/installer-profiles/nfsroot.nix
index 6bd875b4..a8f6def6 100644
--- a/installer-profiles/nfsroot.nix
+++ b/installer-profiles/nfsroot.nix
@@ -8,4 +8,6 @@
     "${flakeInputs.nixpkgs.outPath}/nixos/modules/profiles/base.nix"
     "${flakeInputs.nixpkgs.outPath}/nixos/modules/profiles/installation-device.nix"
   ];
+
+  config.system.installer.channel.enable = false;
 }
diff --git a/installer/default.nix b/installer/default.nix
index 7c6a4f40..26f38572 100644
--- a/installer/default.nix
+++ b/installer/default.nix
@@ -47,7 +47,7 @@ with lib;
     services.xserver.videoDrivers = [ "nvidia" ];
     systemd.services.nvidia-control-devices = {
       wantedBy = [ "multi-user.target" ];
-      serviceConfig.ExecStart = "${pkgs.linuxPackages.nvidia_x11.bin}/bin/nvidia-smi";
+      serviceConfig.ExecStart = lib.getExe' pkgs.linuxPackages.nvidia_x11.bin "nvidia-smi";
     };
     nixpkgs.externalConfig.allowUnfree = true;
 
diff --git a/modules/i18n.nix b/modules/i18n.nix
new file mode 100644
index 00000000..f84e8b64
--- /dev/null
+++ b/modules/i18n.nix
@@ -0,0 +1,156 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  aggregatedLocales =
+    (builtins.map
+      (l: (lib.replaceStrings [ "utf8" "utf-8" "UTF8" ] [ "UTF-8" "UTF-8" "UTF-8" ] l) + "/UTF-8")
+      (
+        [ config.i18n.defaultLocale ]
+        ++ (lib.optionals (builtins.isList config.i18n.extraLocales) config.i18n.extraLocales)
+        ++ (lib.attrValues (lib.filterAttrs (n: _v: lib.hasPrefix "LC_" n) config.i18n.extraLocaleSettings))
+      )
+    )
+    ++ (lib.optional (builtins.isString config.i18n.extraLocales) config.i18n.extraLocales);
+in
+{
+  disabledModules = [ "config/i18n.nix" ];
+
+  ###### interface
+
+  options = {
+
+    i18n = {
+      glibcLocales = lib.mkOption {
+        type = lib.types.path;
+        default = pkgs.glibcLocales.override {
+          allLocales = lib.any (x: x == "all") config.i18n.supportedLocales;
+          locales = config.i18n.supportedLocales;
+        };
+        defaultText = lib.literalExpression ''
+          pkgs.glibcLocales.override {
+            allLocales = lib.any (x: x == "all") config.i18n.supportedLocales;
+            locales = config.i18n.supportedLocales;
+          }
+        '';
+        example = lib.literalExpression "pkgs.glibcLocales";
+        description = ''
+          Customized pkg.glibcLocales package.
+
+          Changing this option can disable handling of i18n.defaultLocale
+          and supportedLocale.
+        '';
+      };
+
+      defaultLocale = lib.mkOption {
+        type = lib.types.str;
+        default = "en_US.UTF-8";
+        example = "nl_NL.UTF-8";
+        description = ''
+          The default locale.  It determines the language for program
+          messages, the format for dates and times, sort order, and so on.
+          It also determines the character set, such as UTF-8.
+        '';
+      };
+
+      extraLocales = lib.mkOption {
+        type = lib.types.either (lib.types.listOf lib.types.str) (lib.types.enum [ "all" ]);
+        default = [ ];
+        example = [ "nl_NL.UTF-8" ];
+        description = ''
+          Additional locales that the system should support, besides the ones
+          configured with {option}`i18n.defaultLocale` and
+          {option}`i18n.extraLocaleSettings`.
+          Set this to `"all"` to install all available locales.
+        '';
+      };
+
+      extraLocaleSettings = lib.mkOption {
+        type = lib.types.attrsOf lib.types.str;
+        default = { };
+        example = {
+          LC_MESSAGES = "en_US.UTF-8";
+          LC_TIME = "de_DE.UTF-8";
+        };
+        description = ''
+          A set of additional system-wide locale settings other than
+          `LANG` which can be configured with
+          {option}`i18n.defaultLocale`.
+        '';
+      };
+
+      supportedLocales = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
+        visible = false;
+        default = lib.unique (
+          [
+            "C.UTF-8/UTF-8"
+            "en_US.UTF-8/UTF-8"
+          ]
+          ++ aggregatedLocales
+        );
+        example = [
+          "en_US.UTF-8/UTF-8"
+          "nl_NL.UTF-8/UTF-8"
+          "nl_NL/ISO-8859-1"
+        ];
+        description = ''
+          List of locales that the system should support.  The value
+          `"all"` means that all locales supported by
+          Glibc will be installed.  A full list of supported locales
+          can be found at <https://sourceware.org/git/?p=glibc.git;a=blob;f=localedata/SUPPORTED>.
+        '';
+      };
+
+    };
+
+  };
+
+  ###### implementation
+
+  config = {
+    warnings =
+      lib.optional
+        (
+          !(
+            (lib.subtractLists config.i18n.supportedLocales aggregatedLocales) == [ ]
+            || lib.any (x: x == "all") config.i18n.supportedLocales
+          )
+        )
+        ''
+          `i18n.supportedLocales` is deprecated in favor of `i18n.extraLocales`,
+          and it seems you are using `i18n.supportedLocales` and forgot to
+          include some locales specified in `i18n.defaultLocale`,
+          `i18n.extraLocales` or `i18n.extraLocaleSettings`.
+
+          If you're trying to install additional locales not specified in
+          `i18n.defaultLocale` or `i18n.extraLocaleSettings`, consider adding
+          only those locales to `i18n.extraLocales`.
+        '';
+
+    environment.systemPackages =
+      # We increase the priority a little, so that plain glibc in systemPackages can't win.
+      lib.optional (config.i18n.supportedLocales != [ ]) (lib.setPrio (-1) config.i18n.glibcLocales);
+
+    environment.sessionVariables = {
+      LANG = config.i18n.defaultLocale;
+      LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
+    } // config.i18n.extraLocaleSettings;
+
+    systemd.globalEnvironment = lib.mkIf (config.i18n.supportedLocales != [ ]) {
+      LOCALE_ARCHIVE = "${config.i18n.glibcLocales}/lib/locale/locale-archive";
+    };
+
+    # ‘/etc/locale.conf’ is used by systemd.
+    environment.etc."locale.conf".source = pkgs.writeText "locale.conf" ''
+      LANG=${config.i18n.defaultLocale}
+      ${lib.concatStringsSep "\n" (
+        lib.mapAttrsToList (n: v: "${n}=${v}") config.i18n.extraLocaleSettings
+      )}
+    '';
+
+  };
+}
diff --git a/modules/installer.nix b/modules/installer.nix
new file mode 100644
index 00000000..3e5c6d5b
--- /dev/null
+++ b/modules/installer.nix
@@ -0,0 +1,56 @@
+{ flake, config, lib, pkgs, ... }:
+
+let
+  cfg = config.installer.links;
+
+  installerOutPath = {
+    "cd-dvd" = _: installerBuild: "${installerBuild.config.system.build.isoImage}/iso";
+    "netboot" = {system, variant}: installerBuild: pkgs.runCommandLocal "${system}-${variant}" {} ''
+      mkdir $out
+      install -m 0444 -t $out \
+        ${installerBuild.config.system.build.netbootRamdisk}/initrd \
+        ${installerBuild.config.system.build.kernel}/${config.system.boot.loader.kernelFile} \
+        ${installerBuild.config.system.build.netbootIpxeScript}/netboot.ipxe \
+        ${pkgs.ipxe.override {
+          additionalTargets = {
+            "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi";
+          };
+          additionalOptions = [
+            "NSLOOKUP_CMD"
+            "PING_CMD"
+            "CONSOLE_CMD"
+          ];
+          embedScript = pkgs.writeText "netboot.ipxe" ''
+            #!ipxe
+
+            chain netboot.ipxe
+          '';
+        }}/{ipxe.efi,i386-ipxe.efi,ipxe.lkrn}
+    '';
+  };
+in {
+  options = {
+    installer.links = lib.mkOption {
+      type = lib.types.listOf (lib.types.submodule {
+        options = {
+          system = lib.mkOption {
+            type = lib.types.str;
+          };
+          variant = lib.mkOption {
+            type = lib.types.str;
+          };
+        };
+      });
+      default = [];
+    };
+  };
+
+  config = lib.mkIf (cfg != []) {
+    systemd.tmpfiles.rules = map (installer'@{system, variant}:
+      let
+        installer = "${system}-${variant}";
+        installerBuild = builtins.addErrorContext "while evaluating installer-${installer}" flake.nixosConfigurations.${"installer-${installer}"};
+      in "L+ /run/installer-${installer} - - - - ${installerOutPath.${variant} installer' installerBuild}"
+    ) cfg;
+  };
+}
diff --git a/modules/postsrsd.nix b/modules/postsrsd.nix
new file mode 100644
index 00000000..205e669d
--- /dev/null
+++ b/modules/postsrsd.nix
@@ -0,0 +1,157 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+
+  cfg = config.services.postsrsd;
+  runtimeDirectoryName = "postsrsd";
+  runtimeDirectory = "/run/${runtimeDirectoryName}";
+  # TODO: follow RFC 42, but we need a libconfuse format first:
+  #       https://github.com/NixOS/nixpkgs/issues/401565
+  # Arrays in `libconfuse` look like this: {"Life", "Universe", "Everything"}
+  # See https://www.nongnu.org/confuse/tutorial-html/ar01s03.html.
+  #
+  # Note: We're using `builtins.toJSON` to escape strings, but JSON strings
+  # don't have exactly the same semantics as libconfuse strings. For example,
+  # "${F}" gets treated as an env var reference, see above issue for details.
+  libconfuseDomains = "{ " + lib.concatMapStringsSep ", " builtins.toJSON cfg.domains + " }";
+  configFile = pkgs.writeText "postsrsd.conf" ''
+    secrets-file = "''${CREDENTIALS_DIRECTORY}/secrets-file"
+    domains = ${libconfuseDomains}
+    separator = "${cfg.separator}"
+
+    # Disable postsrsd's jailing in favor of confinement with systemd.
+    unprivileged-user = ""
+    chroot-dir = ""
+
+    ${cfg.extraConfig}
+  '';
+
+in
+{
+  imports =
+    map
+      (
+        name:
+        lib.mkRemovedOptionModule [ "services" "postsrsd" name ] ''
+          `postsrsd` was upgraded to `>= 2.0.0`, with some different behaviors and configuration settings:
+            - NixOS Release Notes: https://nixos.org/manual/nixos/unstable/release-notes#sec-nixpkgs-release-25.05-incompatibilities
+            - NixOS Options Reference: https://nixos.org/manual/nixos/unstable/options#opt-services.postsrsd.enable
+            - Migration instructions: https://github.com/roehling/postsrsd/blob/2.0.10/README.rst#migrating-from-version-1x
+            - Postfix Setup: https://github.com/roehling/postsrsd/blob/2.0.10/README.rst#postfix-setup
+        ''
+      )
+      [
+        "domain"
+        "forwardPort"
+        "reversePort"
+        "timeout"
+        "excludeDomains"
+      ];
+
+  disabledModules = [ "services/mail/postsrsd.nix" ];
+
+  options = {
+    services.postsrsd = {
+      enable = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Whether to enable the postsrsd SRS server for Postfix.";
+      };
+
+      secretsFile = lib.mkOption {
+        type = lib.types.path;
+        default = "/var/lib/postsrsd/postsrsd.secret";
+        description = "Secret keys used for signing and verification";
+      };
+
+      domains = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
+        description = "Domain names for rewrite";
+        default = [ config.networking.hostName ];
+        defaultText = lib.literalExpression "[ config.networking.hostName ]";
+      };
+
+      separator = lib.mkOption {
+        type = lib.types.enum [
+          "-"
+          "="
+          "+"
+        ];
+        default = "=";
+        description = "First separator character in generated addresses";
+      };
+
+      user = lib.mkOption {
+        type = lib.types.str;
+        default = "postsrsd";
+        description = "User for the daemon";
+      };
+
+      group = lib.mkOption {
+        type = lib.types.str;
+        default = "postsrsd";
+        description = "Group for the daemon";
+      };
+
+      extraConfig = lib.mkOption {
+        type = lib.types.lines;
+        default = "";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    users.users = lib.optionalAttrs (cfg.user == "postsrsd") {
+      postsrsd = {
+        group = cfg.group;
+        uid = config.ids.uids.postsrsd;
+      };
+    };
+
+    users.groups = lib.optionalAttrs (cfg.group == "postsrsd") {
+      postsrsd.gid = config.ids.gids.postsrsd;
+    };
+
+    systemd.services.postsrsd-generate-secrets = {
+      path = [ pkgs.coreutils ];
+      script = ''
+        if [ -e "${cfg.secretsFile}" ]; then
+          echo "Secrets file exists. Nothing to do!"
+        else
+          echo "WARNING: secrets file not found, autogenerating!"
+          DIR="$(dirname "${cfg.secretsFile}")"
+          install -m 750 -o ${cfg.user} -g ${cfg.group} -d "$DIR"
+          install -m 600 -o ${cfg.user} -g ${cfg.group} <(dd if=/dev/random bs=18 count=1 | base64) "${cfg.secretsFile}"
+        fi
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+      };
+    };
+
+    systemd.services.postsrsd = {
+      description = "PostSRSd SRS rewriting server";
+      after = [
+        "network.target"
+        "postsrsd-generate-secrets.service"
+      ];
+      before = [ "postfix.service" ];
+      wantedBy = [ "multi-user.target" ];
+      requires = [ "postsrsd-generate-secrets.service" ];
+      confinement.enable = true;
+
+      serviceConfig = {
+        ExecStart = "${lib.getExe pkgs.postsrsd} -C ${configFile}";
+        User = cfg.user;
+        Group = cfg.group;
+        PermissionsStartOnly = true;
+        RuntimeDirectory = runtimeDirectoryName;
+        LoadCredential = "secrets-file:${cfg.secretsFile}";
+      };
+    };
+  };
+}
diff --git a/overlays/cake-prometheus-exporter/default.nix b/overlays/cake-prometheus-exporter/default.nix
index 3d0acc2d..69a5008c 100644
--- a/overlays/cake-prometheus-exporter/default.nix
+++ b/overlays/cake-prometheus-exporter/default.nix
@@ -1,19 +1,18 @@
 { final, prev, ... }:
 let
   inpPython = final.python310.override {};
+  python = inpPython.withPackages (ps: with ps; []);
 in {
   cake-prometheus-exporter = prev.stdenv.mkDerivation rec {
     pname = "cake-prometheus-exporter";
     version = "0.0.0";
 
-    src = ./cake-prometheus-exporter.py;
+    src = prev.replaceVars ./cake-prometheus-exporter.py { inherit python; };
 
-    phases = [ "buildPhase" "checkPhase" "installPhase" ];
+    phases = [ "unpackPhase" "checkPhase" "installPhase" ];
 
-    python = inpPython.withPackages (ps: with ps; []);
-
-    buildPhase = ''
-      substituteAll $src cake-prometheus-exporter
+    unpackPhase = ''
+      cp $src cake-prometheus-exporter
     '';
 
     doCheck = true;
diff --git a/overlays/inwx-cdnskey/default.nix b/overlays/inwx-cdnskey/default.nix
index cd564f24..e1bee0f2 100644
--- a/overlays/inwx-cdnskey/default.nix
+++ b/overlays/inwx-cdnskey/default.nix
@@ -2,17 +2,16 @@
 let
   packageOverrides = final.callPackage ./python-packages.nix {};
   inpPython = final.python39.override { inherit packageOverrides; };
+  python = inpPython.withPackages (ps: with ps; [pyxdg inwx-domrobot configparser dnspython]);
 in {
   inwx-cdnskey = prev.stdenv.mkDerivation rec {
     name = "inwx-cdnskey";
-    src = ./inwx-cdnskey.py;
+    src = prev.replaceVars ./inwx-cdnskey.py { inherit python; };
 
-    phases = [ "buildPhase" "checkPhase" "installPhase" ];
+    phases = [ "unpackPhase" "checkPhase" "installPhase" ];
 
-    python = inpPython.withPackages (ps: with ps; [pyxdg inwx-domrobot configparser dnspython]);
-
-    buildPhase = ''
-      substituteAll $src inwx-cdnskey
+    unpackPhase = ''
+      cp $src inwx-cdnskey
     '';
 
     doCheck = true;
diff --git a/overlays/nftables-prometheus-exporter/default.nix b/overlays/nftables-prometheus-exporter/default.nix
index aab0c8e9..48f668c4 100644
--- a/overlays/nftables-prometheus-exporter/default.nix
+++ b/overlays/nftables-prometheus-exporter/default.nix
@@ -1,17 +1,16 @@
 { final, prev, ... }:
 let
   inpPython = final.python310;
+  python = inpPython.withPackages (ps: with ps; []);
 in {
   nftables-prometheus-exporter = prev.stdenv.mkDerivation rec {
     name = "nftables-prometheus-exporter";
-    src = ./nftables-prometheus-exporter.py;
+    src = prev.replaceVars ./nftables-prometheus-exporter.py { inherit python; };
 
-    phases = [ "buildPhase" "checkPhase" "installPhase" ];
+    phases = [ "unpackPhase" "checkPhase" "installPhase" ];
 
-    python = inpPython.withPackages (ps: with ps; []);
-
-    buildPhase = ''
-      substituteAll $src nftables-prometheus-exporter
+    unpackPhase = ''
+      cp $src nftables-prometheus-exporter
     '';
 
     doCheck = true;
diff --git a/overlays/persistent-nix-shell/default.nix b/overlays/persistent-nix-shell/default.nix
index c36b9e86..6067cade 100644
--- a/overlays/persistent-nix-shell/default.nix
+++ b/overlays/persistent-nix-shell/default.nix
@@ -5,10 +5,9 @@
 
     phases = [ "buildPhase" "installPhase" ];
 
-    inherit (final) zsh;
-
     buildPhase = ''
-      substituteAll $src persistent-nix-shell
+      substitute $src persistent-nix-shell \
+        --subst-var-by zsh ${final.zsh}
     '';
 
     installPhase = ''
diff --git a/overlays/postsrsd.nix b/overlays/postsrsd.nix
new file mode 100644
index 00000000..cb1ccf30
--- /dev/null
+++ b/overlays/postsrsd.nix
@@ -0,0 +1,11 @@
+{ final, prev, ... }:
+{
+  postsrsd = prev.postsrsd.overrideAttrs (oldAttrs: {
+    cmakeFlags = (oldAttrs.cmakeFlags or []) ++ [
+      "-DWITH_MILTER=ON"
+    ];
+    buildInputs = (oldAttrs.buildInputs or []) ++ [
+      final.libmilter
+    ];
+  });
+}
diff --git a/overlays/zte-prometheus-exporter/default.nix b/overlays/zte-prometheus-exporter/default.nix
index 2188e7b3..cd4207cd 100644
--- a/overlays/zte-prometheus-exporter/default.nix
+++ b/overlays/zte-prometheus-exporter/default.nix
@@ -2,17 +2,16 @@
 let
   packageOverrides = final.callPackage ./python-packages.nix {};
   inpPython = final.python310.override { inherit packageOverrides; };
+  python = inpPython.withPackages (ps: with ps; [pytimeparse requests]);
 in {
   zte-prometheus-exporter = prev.stdenv.mkDerivation rec {
     name = "zte-prometheus-exporter";
-    src = ./zte-prometheus-exporter.py;
+    src = prev.replaceVars ./zte-prometheus-exporter.py { inherit python; };
 
-    phases = [ "buildPhase" "checkPhase" "installPhase" ];
+    phases = [ "unpackPhase" "checkPhase" "installPhase" ];
 
-    python = inpPython.withPackages (ps: with ps; [pytimeparse requests]);
-
-    buildPhase = ''
-      substituteAll $src zte-prometheus-exporter
+    unpackPhase = ''
+      cp $src zte-prometheus-exporter
     '';
 
     doCheck = true;
diff --git a/system-profiles/core/default.nix b/system-profiles/core/default.nix
index b85aea4e..229a007e 100644
--- a/system-profiles/core/default.nix
+++ b/system-profiles/core/default.nix
@@ -127,36 +127,16 @@ in {
 
           flake-registry = "${flakeInputs.flake-registry}/flake-registry.json";
         };
-        nixPath = [
-          "nixpkgs=${pkgs.runCommand "nixpkgs" {} ''
-            mkdir $out
-            ln -s ${./nixpkgs.nix} $out/default.nix
-            ln -s /run/nixpkgs/lib $out/lib
-          ''}"
-        ];
+        nixPath = map (flake: "${flake}=flake:${flake}") (attrNames config.nix.registry);
         registry =
           let override = { self = "nixos"; };
           in mapAttrs' (inpName: inpFlake: nameValuePair
             (override.${inpName} or inpName)
-            { flake = inpFlake; } ) flakeInputs;
+            { to = { type = "path"; path = inpFlake; }; } ) flakeInputs;
       };
 
       systemd.tmpfiles.rules = [
         "L+ /run/nixpkgs - - - - ${flakeInputs.${config.nixpkgs.flakeInput}.outPath}"
-        "L+ /run/nixpkgs-overlays.nix - - - - ${pkgs.writeText "overlays.nix" ''
-          with builtins;
-
-          attrValues (import
-            (
-              let lock = fromJSON (readFile ${flake + "/flake.lock"}); in
-              fetchTarball {
-                url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz";
-                sha256 = lock.nodes.flake-compat.locked.narHash;
-              }
-            )
-            { src = ${flake}; }
-          ).defaultNix.overlays
-        ''}"
         "L+ /etc/nixos - - - - ${flake}"
       ] ++ map (input: "L+ /run/flake-inputs/${input} - - - - ${flakeInputs.${input}.outPath}") (attrNames flakeInputs);
 
@@ -177,8 +157,6 @@ in {
           {
             manual.manpages.enable = true;
             systemd.user.startServices = "sd-switch";
-
-            programs.ssh.internallyManaged = mkForce true;
           }
         ];
         extraSpecialArgs = { inherit flake flakeInputs path; hostConfig = config; };
diff --git a/system-profiles/default-locale.nix b/system-profiles/default-locale.nix
index 2d483f04..60d338cb 100644
--- a/system-profiles/default-locale.nix
+++ b/system-profiles/default-locale.nix
@@ -1,16 +1,23 @@
-{ lib, ... }:
+{ lib, options, ... }:
 
 with lib;
 
 {
-  i18n = {
-    defaultLocale = "en_DK.UTF-8";
-    extraLocaleSettings = {
-      "TIME_STYLE" = "long-iso";
-    };
-    supportedLocales = [ "C.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "en_DK.UTF-8/UTF-8" ];
-  };
-  console.keyMap = mkDefault "dvorak-programmer";
+  config = foldr recursiveUpdate {} ([
+    {
+      i18n = {
+        defaultLocale = "en_DK.UTF-8";
+        extraLocaleSettings = {
+          "TIME_STYLE" = "long-iso";
+        };
+      };
+      console.keyMap = mkDefault "dvorak-programmer";
 
-  time.timeZone = mkDefault "Europe/Berlin";
+      time.timeZone = mkDefault "Europe/Berlin";
+    }
+  ] ++ (optional (options ? i18n.extraLocales) {
+    i18n.extraLocales = [ "C.UTF-8" "en_US.UTF-8" "en_DK.UTF-8" ];
+  }) ++ (optional (!(options ? i18n.extraLocales)) {
+    i18n.supportedLocales = [ "C.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "en_DK.UTF-8/UTF-8" ];
+  }));
 }
diff --git a/system-profiles/rebuild-machines/default.nix b/system-profiles/rebuild-machines/default.nix
index 544f47e1..de86cd74 100644
--- a/system-profiles/rebuild-machines/default.nix
+++ b/system-profiles/rebuild-machines/default.nix
@@ -25,16 +25,18 @@ let
 
     phases = [ "buildPhase" "installPhase" ];
 
-    inherit (pkgs) zsh coreutils openssh;
-    inherit (cfg) scriptName;
-    inherit (cfg.flake) flakeOutput;
-    flake = cfg.flake.name;
-    nixosRebuild = config.system.build.nixos-rebuild;
-    inherit (config.security) wrapperDir;
-    inherit sshConfig;
-
     buildPhase = ''
-      substituteAll $src rebuild-machine.zsh
+      substitute $src rebuild-machine.zsh \
+        --subst-var-by zsh ${pkgs.zsh} \
+        --subst-var-by coreutils ${pkgs.coreutils} \
+        --subst-var-by openssh ${pkgs.openssh} \
+        --subst-var-by wrapperDir ${config.security.wrapperDir} \
+        --subst-var-by sshConfig ${sshConfig} \
+        --subst-var-by out "$out" \
+        --subst-var-by nixosRebuild ${config.system.build.nixos-rebuild} \
+        --subst-var-by flake ${cfg.flake.name} \
+        --subst-var-by scriptName ${cfg.scriptName} \
+        --subst-var-by flakeOutput ${cfg.flake.flakeOutput}
     '';
 
     installPhase = ''
diff --git a/user-profiles/feeds/alot.config b/user-profiles/feeds/alot.config
deleted file mode 100644
index a14d4539..00000000
--- a/user-profiles/feeds/alot.config
+++ /dev/null
@@ -1,50 +0,0 @@
-attachment_prefix="~/Downloads"
-bug_on_exit=true
-editor_cmd="false"
-tabwidth=2
-timestamp_format="%a %d %b %H:%M:%S %Y UTC%z"
-auto_remove_unread=True
-#initial_command="search ( tag:inbox ) AND NOT ( tag:killed )"
-initial_command="search ( tag:inbox ) AND NOT ( is:link OR is:media OR is:killed )"
-
-[accounts]
-  [[private]]
-    realname = @realname@
-    address = @address@
-
-[bindings]
-j = 
-k =
-'g g' =
-G =
-I = search ( tag:inbox ) AND NOT ( is:killed )
-U = search ( tag:inbox ) AND NOT ( is:link OR is:media OR is:killed )
-V = search ( tag:inbox AND is:media OR ( is:live AND date:12h.. AND NOT is:unread ) ) AND NOT ( is:killed )
-W = search ( is:media ) AND NOT ( tag:inbox OR is:killed OR is:highlight )
-L = search ( tag:inbox AND is:link ) AND NOT ( is:killed )
-
-h = move first
-t = move up
-n = move down
-s = move last
-        [[search]]
-                a =
-                s = 
- 
-                u = toggletags unread
-                i = toggletags inbox
-                j = untag unread,inbox
-                r = toggletags later
-        [[thread]]
-    s =
-                S =
-                n =
-                'g j' =
-    'g k' =
-    'g l' =
-                w = save
-                W = save --all
-    'g h' = move parent
-                'g t' = move next sibling
-    'g n' = move previous sibling
-    'g s' = move first reply
\ No newline at end of file
diff --git a/user-profiles/feeds/default.nix b/user-profiles/feeds/default.nix
deleted file mode 100644
index 82be90c7..00000000
--- a/user-profiles/feeds/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ config, flakeInputs, pkgs, lib, userName, customUtils, ... }:
-{
-  home-manager.users.${userName} = {...}: {
-    imports = [
-      (customUtils.overrideModuleArgs
-        (import ./module.nix)
-        (inputs: inputs // { inherit flakeInputs; inherit (config.nixpkgs) system; })
-      )
-    ];
-  };
-}
diff --git a/user-profiles/feeds/imm-notmuch-insert.py b/user-profiles/feeds/imm-notmuch-insert.py
deleted file mode 100644
index b7eed292..00000000
--- a/user-profiles/feeds/imm-notmuch-insert.py
+++ /dev/null
@@ -1,52 +0,0 @@
-#!@python@/bin/python
-
-import json
-import sys
-import subprocess
-from io import BytesIO
-from email.message import EmailMessage
-import configparser
-from os import environ
-from datetime import *
-from dateutil.tz import *
-from dateutil.parser import isoparse
-from html2text import html2text
-
-def main():
-    notmuchConfig = configparser.ConfigParser()
-    notmuchConfig.read(environ.get('NOTMUCH_CONFIG'))
-
-    callbackMessage = json.load(sys.stdin)
-
-    msg = EmailMessage()
-    authors = ', '.join(map(lambda author: author['name'], callbackMessage['feed_item']['authors']))
-    if authors:
-        msg['From'] = f"{callbackMessage['feed_definition']['title']} ({authors}) <imm@imm.invalid>"
-    else:
-        msg['From'] = f"{callbackMessage['feed_definition']['title']} <imm@imm.invalid>"
-    msg['To'] = f"{notmuchConfig['user']['name']} <{notmuchConfig['user']['primary_email']}>"
-    if 'title' in callbackMessage['feed_item'] and callbackMessage['feed_item']['title']:
-        msg['Subject'] = callbackMessage['feed_item']['title']
-    msg['Item-Identifier'] = f"{callbackMessage['feed_item']['identifier']}"
-    for link in callbackMessage['feed_item']['links']:
-        msg.add_header('Link', link['uri'])
-    date = None
-    if 'date' in callbackMessage['feed_item']:
-        date = isoparse(callbackMessage['feed_item']['date'])
-    else:
-        date = datetime.now(tzlocal())
-    msg['Date'] = date.strftime('%a, %e %b %Y %T %z')
-
-    if 'content' in callbackMessage['feed_item'] and callbackMessage['feed_item']['content']:
-        msg.set_content(html2text(callbackMessage['feed_item']['content']))
-        msg.add_alternative(callbackMessage['feed_item']['content'], subtype='html')
-
-
-    subprocess.run(
-        args=['notmuch', 'insert'],
-        check=True,
-        input=bytes(msg)
-    )
-
-if __name__ == '__main__':
-    sys.exit(main())
diff --git a/user-profiles/feeds/module.nix b/user-profiles/feeds/module.nix
deleted file mode 100644
index 63e827eb..00000000
--- a/user-profiles/feeds/module.nix
+++ /dev/null
@@ -1,236 +0,0 @@
-{ config, flakeInputs, pkgs, lib, system, ... }:
-
-with lib;
-
-let
-  inherit (flakeInputs.home-manager.lib) hm;
-
-  databasePath = "${config.xdg.dataHome}/feeds";
-
-  imm =
-    let
-      hlib = pkgs.haskell.lib;
-      haskellPackages = pkgs.haskellPackages.override {
-        overrides = finalHaskell: prevHaskell: {
-          uri-bytestring = finalHaskell.callCabal2nix "uri-bytestring" (pkgs.fetchFromGitHub {
-            owner = "gkleen";
-            repo = "uri-bytestring";
-            rev = "5f7f32c8274bc4d1b81d99582f5148fe3e8b637e";
-            sha256 = "XLanwyCDIlMuOkpE5LbTNOBfL+1kZX+URfj9Bhs1Nsc=";
-            fetchSubmodules = true;
-          }) {};
-          atom-conduit = finalHaskell.callCabal2nix "atom-conduit" (pkgs.fetchFromGitHub {
-            owner = "gkleen";
-            repo = "atom-conduit";
-            rev = "022f0182a02373f87c06a0a09817c8c41efe2425";
-            sha256 = "8yEyh3ymqkoM/YP+eBqPq1I5ofzj0Qn7ojL7IWx1DPo=";
-            fetchSubmodules = true;
-          }) {};
-          rss-conduit = finalHaskell.callCabal2nix "rss-condit" (pkgs.fetchFromGitHub {
-            owner = "gkleen";
-            repo = "rss-conduit";
-            rev = "dbb0960a8d3dc519f1607aa0223b3a25a49282ef";
-            sha256 = "Md1XApZWkdv4JvNoaVnjz0S85LbEC6w9U3PUcwXfu94=";
-            fetchSubmodules = true;
-          }) {};
-          beam-core = hlib.doJailbreak (finalHaskell.callCabal2nix "beam-core" "${beamSrc}/beam-core" {});
-          beam-migrate = hlib.doJailbreak (finalHaskell.callCabal2nix "beam-migrate" "${beamSrc}/beam-migrate" {});
-          beam-sqlite = hlib.doJailbreak (finalHaskell.callCabal2nix "beam-sqlite" "${beamSrc}/beam-sqlite" {});
-
-          imm = finalHaskell.callCabal2nix "imm" (pkgs.fetchFromGitHub {
-            owner = "k0ral";
-            repo = "imm";
-            rev = "5033879667264cb44cee65671a66f6aa43f249e7";
-            sha256 = "PG22caLQmAGhLZP49HsazuNd8IFKKaTuhXIQBD8v4Fs=";
-            fetchSubmodules = true;
-          }) {};
-        };
-      };
-      beamSrc = pkgs.fetchFromGitHub {
-        owner = "haskell-beam";
-        repo = "beam";
-        rev = "efd464b079755a781c2bb7a2fc030d6c141bbb8a";
-        sha256 = "8nTuBP/vD0L/qMo4h3XNrGZvpIwXuMVdj40j5gvHU6w=";
-        fetchSubmodules = true;
-      };
-    in haskellPackages.imm;
-   immWrapped = pkgs.runCommand "${imm.name}-wrapped-${config.home.username}"
-    { nativeBuildInputs = with pkgs; [ makeWrapper ];
-    } ''
-      mkdir -p $out/bin
-      makeWrapper ${imm}/bin/imm $out/bin/imm \
-        --add-flags --callbacks=${notmuchCallbacks}
-    '';
-
-  notmuchCallbacks = pkgs.writeText "imm-callbacks-${config.home.username}.dhall" ''
-    [ { _executable = "${immNotmuchInsert}/bin/imm-notmuch-insert"
-      , _arguments = [] : List Text
-      }
-    ]
-  '';
-
-  immNotmuchInsert = pkgs.stdenv.mkDerivation rec {
-    name = "imm-notmuch-insert-${config.home.username}";
-    src = ./imm-notmuch-insert.py;
-
-    phases = [ "buildPhase" "checkPhase" "installPhase" "fixupPhase" ];
-
-    python = pkgs.python39.withPackages (ps: with ps; [ configparser python-dateutil html2text ]);
-
-    nativeBuildInputs = with pkgs; [ makeWrapper ];
-
-    buildPhase = ''
-      substituteAll $src imm-notmuch-insert
-    '';
-
-    doCheck = true;
-    checkPhase = ''
-      ${python}/bin/python -m py_compile imm-notmuch-insert
-    '';
-
-    installPhase = ''
-      install -m 0755 -D -t $out/bin \
-        imm-notmuch-insert
-    '';
-
-    fixupPhase = ''
-      wrapProgram $out/bin/imm-notmuch-insert \
-        --prefix PATH : ${pkgs.notmuch}/bin \
-        --set NOTMUCH_CONFIG ${configPath}
-    '';
-  };
-
-  mkIniKeyValue = key: value:
-    let
-      tweakVal = v:
-        if isString v then
-          v
-        else if isList v then
-          concatMapStringsSep ";" tweakVal v
-        else if isBool v then
-          (if v then "true" else "false")
-        else
-          toString v;
-    in "${key}=${tweakVal value}";
-
-  notmuchIni = {
-    database = { path = databasePath; };
-
-    maildir = { synchronize_flags = false; };
-
-    new = {
-      ignore = [];
-      tags = ["new"];
-    };
-
-    user = {
-      name = config.home.username;
-      primary_email = "${config.home.username}@imm.invalid";
-    };
-
-    search = { exclude_tags = ["deleted"]; };
-  };
-  configPath = pkgs.writeText "notmuchrc" (generators.toINI { mkKeyValue = mkIniKeyValue; } notmuchIni);
-
-  afewConfigDir = pkgs.symlinkJoin {
-    name = "afew-config";
-    paths = [
-      (pkgs.writeTextDir "config" ''
-         [InboxFilter]
-      '')
-    ];
-  };
-
-  notmuchHooksDir =
-    let
-      afewHook = pkgs.writeShellScript "afew" ''
-        exec -- ${pkgs.afew}/bin/afew -c ${afewConfigDir} -C ${configPath} --tag --new -vv
-      '';
-    in pkgs.linkFarm "notmuch-hooks" [
-      { name = "post-new";
-        path = afewHook;
-      }
-      { name = "post-insert";
-        path = afewHook;
-      }
-    ];
-
-  notmuchWrapped = pkgs.runCommand "${pkgs.notmuch.name}-wrapped-${config.home.username}"
-    { nativeBuildInputs = with pkgs; [ makeWrapper ];
-    } ''
-      mkdir -p $out/bin
-      makeWrapper ${pkgs.notmuch}/bin/notmuch $out/bin/notmuch-feeds \
-        --set NOTMUCH_CONFIG ${configPath}
-    '';
-  alotWrapped = pkgs.runCommand "${pkgs.alot.name}-wrapped-${config.home.username}"
-    { nativeBuildInputs = with pkgs; [ makeWrapper gnused ];
-    } ''
-      mkdir -p $out/bin
-      makeWrapper ${pkgs.alot}/bin/alot $out/bin/alot-feeds \
-        --prefix MAILCAPS : ${alotMailcaps} \
-        --add-flags --config=${alotConfig} \
-        --add-flags --notmuch-config=${configPath}
-
-      mkdir $out/share
-      ln -s ${pkgs.alot}/share/alot $out/share
-      mkdir -p $out/share/applications
-      sed -r 's/alot/alot-feeds/g' ${pkgs.alot}/share/applications/alot.desktop > $out/share/applications/alot-feeds.desktop
-      mkdir -p $out/share/zsh/site-functions
-      sed -r 's/alot/alot-feeds/g' ${pkgs.alot}/share/zsh/site-functions/_alot > $out/share/zsh/site-functions/_alot-feeds
-    '';
-
-  alotConfig = pkgs.runCommand "alot" {
-    realname = notmuchIni.user.name;
-    address = notmuchIni.user.primary_email;
-  } "substituteAll ${./alot.config} $out";
-  alotMailcaps = pkgs.writeText "mailcaps" ''
-    text/html; ${pkgs.lynx}/bin/lynx -dump -dont_wrap_pre -assume_charset=utf-8 -display_charset=utf-8 "%s"; nametemplate=%s.html; copiousoutput
-  '';
-in {
-  config = {
-    home.packages = [ immWrapped notmuchWrapped pkgs.notmuch.man alotWrapped ];
-
-    home.activation.createImm = hm.dag.entryAfter ["writeBoundary"] ''
-      $DRY_RUN_CMD mkdir -p $VERBOSE_ARG ${config.xdg.configHome}/imm
-    '';
-    
-    home.activation.createFeedsDatabase = hm.dag.entryAfter ["linkGeneration" "writeBoundary"] ''
-      $DRY_RUN_CMD mkdir -p -m 0750 $VERBOSE_ARG ${databasePath}
-      $DRY_RUN_CMD mkdir -p $VERBOSE_ARG ${databasePath}/new ${databasePath}/cur ${databasePath}/tmp
-      if ! [[ -d ${databasePath}/.notmuch ]]; then
-          NOTMUCH_VERBOSE_ARG="--quiet"
-          if [[ -v VERBOSE ]]; then
-            NOTMUCH_VERBOSE_ARG="--verbose"
-          fi
-          NOTMUCH_CONFIG=${configPath} $DRY_RUN_CMD ${pkgs.notmuch}/bin/notmuch new $NOTMUCH_VERBOSE_ARG
-      fi
-      $DRY_RUN_CMD ln -Tsf $VERBOSE_ARG ${notmuchHooksDir} ${databasePath}/.notmuch/hooks
-    '';
-
-    systemd.user.services."logrotate-imm" = {
-      Unit = {
-        Description = "Rotate imm logfile";
-      };
-      Service = {
-        Type = "oneshot";
-        ExecStart = ''
-          ${pkgs.logrotate}/bin/logrotate --state ${config.xdg.configHome}/imm/imm.logrotate ${pkgs.writeText "logrotate.conf" ''
-            ${config.xdg.configHome}/imm/imm.log {
-                rotate 5
-                size 1024k
-            }
-          ''}
-        '';
-      };
-    };
-    systemd.user.timers."logrotate-imm" = {
-      Timer = {
-        OnActiveSec = "6h";
-        OnUnitActiveSec = "6h";
-      };
-      Install = {
-        WantedBy = ["default.target"];
-      };
-    };
-  };
-}
diff --git a/user-profiles/tmux/default.nix b/user-profiles/tmux/default.nix
index 11c53788..dc4e791f 100644
--- a/user-profiles/tmux/default.nix
+++ b/user-profiles/tmux/default.nix
@@ -1,10 +1,11 @@
 { userName, pkgs, lib, ... }:
 {
-  home-manager.users.${userName} = {
+  home-manager.users.${userName} = { config, ... }: {
     programs.tmux = {
       enable = true;
       clock24 = true;
       historyLimit = 50000;
+      mouse = true;
       extraConfig = lib.readFile (pkgs.stdenv.mkDerivation {
         name = "tmux.conf";
         src = ./tmux.conf;
@@ -13,11 +14,10 @@
 
         phases = [ "installPhase" ];
 
-        inherit (pkgs) zsh;
-        mandb = pkgs.man-db;
-        
         installPhase = ''
-          substituteAll $src $out
+          substitute $src $out \
+            --subst-var-by zsh ${config.programs.zsh.package} \
+            --subst-var-by man ${config.programs.man.package}
         '';
       });
     };
diff --git a/user-profiles/tmux/tmux.conf b/user-profiles/tmux/tmux.conf
index 415d13e7..9e658800 100644
--- a/user-profiles/tmux/tmux.conf
+++ b/user-profiles/tmux/tmux.conf
@@ -1,23 +1,20 @@
-set-option -g history-limit 50000
 set-option -g status-bg black
 set-option -g status-fg white
 set-option -g clock-mode-colour white
-set-option -g clock-mode-style 24
 set-option -g bell-action any
-set-option -g default-shell @zsh@/bin/zsh
+set-option -g default-shell @zsh@
 set-option -g update-environment 'DISPLAY SSH_ASKPASS SSH_AUTH_SOCK SSH_AGENT_PID SSH_CONNECTION WINDOWID XAUTHORITY PROMPT_INFO PATH PGHOST PGLOG'
-set-option -g mouse on
 set-option -g set-clipboard on
 set-option -g terminal-overrides 'rxvt-uni*:XT:Ms=\E]52;%p1%s;%p2%s\007'
 
 set-environment -g LESS " -R "
 
 ## determine if we should enable 256-colour support
-if "[[ ''${TERM} =~ 256color || ''${TERM} == fbterm || ''${TERM} =~ alacritty ]]" 'set -g default-terminal tmux-256color'
+if "[[ ''${TERM} =~ 256color || ''${TERM} == fbterm || ''${TERM} =~ alacritty || ''${TERM} =~ kitty ]]" 'set -g default-terminal tmux-256color'
 
 set-option -g status-right ""
 
-bind / command-prompt "split-window -h 'exec @mandb@/bin/man %%'"
+bind / command-prompt "split-window -h 'exec @man@ %%'"
 bind C clock-mode
 bind r switch-client -r
 
diff --git a/user-profiles/utils.nix b/user-profiles/utils.nix
index 4b7c4d0f..da79e336 100644
--- a/user-profiles/utils.nix
+++ b/user-profiles/utils.nix
@@ -44,6 +44,8 @@ in {
       jq.enable = true;
 
       lesspipe.enable = true;
+
+      man.enable = true;
     };
 
     home.sessionVariables = {
@@ -52,7 +54,7 @@ in {
 
     home.packages = with pkgs; [
       autossh usbutils pciutils eza silver-searcher pwgen xkcdpass
-      unzip magic-wormhole qrencode tty-clock dnsutils openssl sshfs
+      unzip magic-wormhole dnsutils openssl sshfs
       psmisc mosh tree vnstat file pv bc zip nmap aspell
       aspellDicts.de aspellDicts.en borgbackup man-pages rsync socat
       inetutils yq cached-nix-shell persistent-nix-shell rage
diff --git a/user-profiles/zsh/default.nix b/user-profiles/zsh/default.nix
index 428e2459..973ff775 100644
--- a/user-profiles/zsh/default.nix
+++ b/user-profiles/zsh/default.nix
@@ -1,38 +1,69 @@
 { userName, pkgs, customUtils, lib, config, ... }:
-let
-  dotDir = ".config/zsh";
-  p10kZsh = "${dotDir}/.p10k.zsh";
-  cfg = config.home-manager.users.${userName};
-in {
-  home-manager.users.${userName} = {
-    programs.zsh = {
-      inherit dotDir;
-      enable = true;
-      autocd = true;
-      enableCompletion = true;
+{
+  config = {
+    home-manager.users.${userName} = let sysConfig = config; in { config, ... }: {
+      config = {
+        programs.zsh = {
+          dotDir = ".config/zsh";
+          enable = true;
+          autocd = true;
+          enableCompletion = true;
+          enableVteIntegration = true;
+          history = {
+            append = true;
+            expireDuplicatesFirst = true;
+            extended = true;
+            findNoDups = true;
+          };
+          syntaxHighlighting.enable = true;
+          zsh-abbr = {
+            enable = true;
+            abbreviations = {
+              re = "systemctl restart";
+              ure = "systemctl --user restart";
+            };
+            globalAbbreviations = {
+              "L" = "| less";
+              "S" = "&> /dev/null";
+              "G" = "| grep";
+              "B" = "&> /dev/null &";
+              "BB" = "&> /dev/null &!";
+            };
+          };
 
-      plugins = [
-        { name = "powerlevel10k";
-          file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
-          src = pkgs.zsh-powerlevel10k;
-        }
-      ];
-      initExtraFirst = ''
-        if [[ $TERM == "dumb" ]]; then
-          unsetopt zle
-          PS1='$ '
-          return
-        fi
-      '';
-      initExtraBeforeCompInit = ''
-        source "${cfg.home.homeDirectory}/${p10kZsh}"
-      '';
-      initExtra = lib.mkAfter ''
-        source ${./zshrc}
-        source "${pkgs.zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh"
-      '';
+          plugins = [
+            { name = "powerlevel10k";
+              file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
+              src = pkgs.zsh-powerlevel10k;
+            }
+          ];
+          initContent = lib.mkMerge [
+            (lib.mkBefore ''
+              if [[ $TERM == "dumb" ]]; then
+                unsetopt zle
+                PS1='$ '
+                return
+              fi
+            '')
+            (lib.mkOrder 550 ''
+              source "$HOME/${config.xdg.configFile."zsh/.p10k.zsh".target}"
+            '')
+            (lib.mkAfter ''
+              source ${./zshrc}
+            '')
+          ];
+        };
+
+        xdg.configFile."zsh/.p10k.zsh".source = ./p10k.zsh;
+      };
     };
 
-    home.file.${p10kZsh}.source = ./p10k.zsh;
+    programs.zsh.enable = true;
+    environment.pathsToLink = [ "/share/zsh" ];
+    environment.shellAliases = lib.mkOverride 90 {};
+
+    nixpkgs.externalConfig.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+      "zsh-abbr"
+    ];
   };
 }
diff --git a/user-profiles/zsh/zshrc b/user-profiles/zsh/zshrc
index ed614182..af3aca64 100644
--- a/user-profiles/zsh/zshrc
+++ b/user-profiles/zsh/zshrc
@@ -33,9 +33,3 @@ zle -N self-insert url-quote-magic
 zle -N bracketed-paste bracketed-paste-magic
 
 setopt extended_glob
-
-alias -g L='| less'
-alias -g S='&> /dev/null'
-alias -g G='| grep'
-alias -g B='&> /dev/null &'
-alias -g BB='&> /dev/null &!'
diff --git a/users/gkleen/default.nix b/users/gkleen/default.nix
index 5cc32521..5ce93de7 100644
--- a/users/gkleen/default.nix
+++ b/users/gkleen/default.nix
@@ -1,7 +1,7 @@
 { flake, userName, pkgs, customUtils, lib, ... }:
 {
   imports = with flake.nixosModules.userProfiles.${userName}; [
-    zsh tmux utils direnv
+    utils direnv
   ];
 
   users.users.${userName} = {
diff --git a/users/root.nix b/users/root.nix
index b61f9cfd..ed1acd50 100644
--- a/users/root.nix
+++ b/users/root.nix
@@ -3,7 +3,7 @@ let
   haveGKleen = flake.nixosModules.accounts ? "gkleen@${hostName}";
 in {
   imports = with flake.nixosModules.userProfiles.${userName}; [
-    zsh tmux direnv utils
+    direnv utils
   ];
 
   users.users.${userName} = lib.mkIf haveGKleen {