10 files changed, 161 insertions, 129 deletions

diff --git a/_sources/generated.json b/_sources/generated.json
index 9eb52238..f5ead269 100644
--- a/_sources/generated.json
+++ b/_sources/generated.json
@@ -273,7 +273,7 @@
     },
     "nix-output-monitor": {
         "cargoLock": null,
-        "date": "2025-11-09",
+        "date": "2025-11-20",
         "extract": null,
         "name": "nix-output-monitor",
         "passthru": null,
@@ -283,13 +283,13 @@
             "fetchSubmodules": false,
             "leaveDotGit": false,
             "name": null,
-            "rev": "698e6f3afdc9d68dd65d84df7b030499dbfaf84b",
-            "sha256": "sha256-QwEVaUxvXEdx5icIZZYQQjvJO5j0+GeWtJvCJ/LZwpA=",
+            "rev": "0cb46615fb8187e4598feac4ccf8f27a06aae0b7",
+            "sha256": "sha256-iEvbCIlHX6WUblrnoF7gwUQtu2ay97zoZsvoP85I2BA=",
             "sparseCheckout": [],
             "type": "git",
             "url": "https://code.maralorn.de/maralorn/nix-output-monitor.git"
         },
-        "version": "698e6f3afdc9d68dd65d84df7b030499dbfaf84b"
+        "version": "0cb46615fb8187e4598feac4ccf8f27a06aae0b7"
     },
     "postfix-mta-sts-resolver": {
         "cargoLock": null,
@@ -355,7 +355,7 @@
     },
     "quickshell": {
         "cargoLock": null,
-        "date": "2025-10-31",
+        "date": "2025-11-20",
         "extract": null,
         "name": "quickshell",
         "passthru": null,
@@ -365,13 +365,13 @@
             "fetchSubmodules": false,
             "leaveDotGit": false,
             "name": null,
-            "rev": "fc704e6b5d445899a1565955268c91942a4f263f",
-            "sha256": "sha256-er4gYrIoThYLjlsOMTysoRfn67d1Gci+ZpqDrtQxrA0=",
+            "rev": "ed036d514b0fdbce03158a0b331305be166f4555",
+            "sha256": "sha256-jWz10RbNAyylJbH4cUTLS/CsDjkd8gxfT8OsIgQIgEg=",
             "sparseCheckout": [],
             "type": "git",
             "url": "https://git.outfoxxed.me/quickshell/quickshell.git"
         },
-        "version": "fc704e6b5d445899a1565955268c91942a4f263f"
+        "version": "ed036d514b0fdbce03158a0b331305be166f4555"
     },
     "scutiger": {
         "cargoLock": null,
diff --git a/_sources/generated.nix b/_sources/generated.nix
index 14548513..d3d9b36f 100644
--- a/_sources/generated.nix
+++ b/_sources/generated.nix
@@ -171,17 +171,17 @@
   };
   nix-output-monitor = {
     pname = "nix-output-monitor";
-    version = "698e6f3afdc9d68dd65d84df7b030499dbfaf84b";
+    version = "0cb46615fb8187e4598feac4ccf8f27a06aae0b7";
     src = fetchgit {
       url = "https://code.maralorn.de/maralorn/nix-output-monitor.git";
-      rev = "698e6f3afdc9d68dd65d84df7b030499dbfaf84b";
+      rev = "0cb46615fb8187e4598feac4ccf8f27a06aae0b7";
       fetchSubmodules = false;
       deepClone = false;
       leaveDotGit = false;
       sparseCheckout = [ ];
-      sha256 = "sha256-QwEVaUxvXEdx5icIZZYQQjvJO5j0+GeWtJvCJ/LZwpA=";
+      sha256 = "sha256-iEvbCIlHX6WUblrnoF7gwUQtu2ay97zoZsvoP85I2BA=";
     };
-    date = "2025-11-09";
+    date = "2025-11-20";
   };
   postfix-mta-sts-resolver = {
     pname = "postfix-mta-sts-resolver";
@@ -223,17 +223,17 @@
   };
   quickshell = {
     pname = "quickshell";
-    version = "fc704e6b5d445899a1565955268c91942a4f263f";
+    version = "ed036d514b0fdbce03158a0b331305be166f4555";
     src = fetchgit {
       url = "https://git.outfoxxed.me/quickshell/quickshell.git";
-      rev = "fc704e6b5d445899a1565955268c91942a4f263f";
+      rev = "ed036d514b0fdbce03158a0b331305be166f4555";
       fetchSubmodules = false;
       deepClone = false;
       leaveDotGit = false;
       sparseCheckout = [ ];
-      sha256 = "sha256-er4gYrIoThYLjlsOMTysoRfn67d1Gci+ZpqDrtQxrA0=";
+      sha256 = "sha256-jWz10RbNAyylJbH4cUTLS/CsDjkd8gxfT8OsIgQIgEg=";
     };
-    date = "2025-10-31";
+    date = "2025-11-20";
   };
   scutiger = {
     pname = "scutiger";
diff --git a/flake.lock b/flake.lock
index 71b66525..bb3f952a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -264,11 +264,11 @@
     "flake-registry": {
       "flake": false,
       "locked": {
-        "lastModified": 1744623129,
-        "narHash": "sha256-nlQTQrHqM+ywXN0evDXnYEV6z6WWZB5BFQ2TkXsduKw=",
+        "lastModified": 1763556067,
+        "narHash": "sha256-q2jzJQdsJMpD3dbuNphQJgwx6XeGPonWOp43U0nY7o0=",
         "owner": "NixOS",
         "repo": "flake-registry",
-        "rev": "1322f33d5836ae757d2e6190239252cf8402acf6",
+        "rev": "cb70c9306b44501de412649c356dee503a25f119",
         "type": "github"
       },
       "original": {
@@ -507,11 +507,11 @@
         "xwayland-satellite-unstable": "xwayland-satellite-unstable"
       },
       "locked": {
-        "lastModified": 1762886612,
-        "narHash": "sha256-gaPe/qkI4C9KyT8IZMvS9rXCWn2klxCC+MjXFU+jvqk=",
+        "lastModified": 1763581369,
+        "narHash": "sha256-HTLoe4UvnG5fWruO+zjnZJNCnKcbVM8eeSPpIlKHOyI=",
         "owner": "sodiboo",
         "repo": "niri-flake",
-        "rev": "4efef728e910bb8f009fa2db143baeacaa3466ec",
+        "rev": "ca75677ad47613f6afbbc2c6142601fef0ac7631",
         "type": "github"
       },
       "original": {
@@ -583,11 +583,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1762660502,
-        "narHash": "sha256-C9F1C31ys0V7mnp4EcDy7L1cLZw/sCTEXqqTtGnvu08=",
+        "lastModified": 1763265660,
+        "narHash": "sha256-Ad9Rd3ZAidrH01xP73S3CjPiyXo7ywZs3uCESjPwUdc=",
         "owner": "Mic92",
         "repo": "nix-index-database",
-        "rev": "15c5451c63f4c612874a43846bfe3fa828b03eee",
+        "rev": "469ef53571ea80890c9497952787920c79c1ee6e",
         "type": "github"
       },
       "original": {
@@ -765,11 +765,11 @@
     },
     "nixpkgs-stable_2": {
       "locked": {
-        "lastModified": 1762756533,
-        "narHash": "sha256-HiRDeUOD1VLklHeOmaKDzf+8Hb7vSWPVFcWwaTrpm+U=",
+        "lastModified": 1763334038,
+        "narHash": "sha256-LBVOyaH6NFzQ3X/c6vfMZ9k4SV2ofhpxeL9YnhHNJQQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c2448301fb856e351aab33e64c33a3fc8bcf637d",
+        "rev": "4c8cdd5b1a630e8f72c9dd9bf582b1afb3127d2c",
         "type": "github"
       },
       "original": {
@@ -813,11 +813,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1762981181,
-        "narHash": "sha256-tnAS+voD6T221j4u7ldRrM3WwQtVVmwC3TYRkubdeKI=",
-        "owner": "gkleen",
+        "lastModified": 1763421233,
+        "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=",
+        "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "258ffe798997c648dcc04a784166c4e1a3bdd68e",
+        "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648",
         "type": "github"
       },
       "original": {
@@ -1077,11 +1077,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1762427963,
-        "narHash": "sha256-CkPlAbIQ87wmjy5qHibfzk4DmMGBNqFer+lLfXjpP5M=",
+        "lastModified": 1763435975,
+        "narHash": "sha256-SKdpcVuJKMNEXloIpLXY+jDI42+6Ew21vdkl894DxHo=",
         "owner": "pyproject-nix",
         "repo": "pyproject.nix",
-        "rev": "4540ea004e04fcd12dd2738d51383d10f956f7b9",
+        "rev": "7d3d8848358ccbd415afe2139f12b9e1508d3ace",
         "type": "github"
       },
       "original": {
@@ -1149,11 +1149,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1762812535,
-        "narHash": "sha256-A91a+K0Q9wfdPLwL06e/kbHeAWSzPYy2EGdTDsyfb+s=",
+        "lastModified": 1763607916,
+        "narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "d75e4f89e58fdda39e4809f8c52013caa22483b7",
+        "rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b",
         "type": "github"
       },
       "original": {
@@ -1224,11 +1224,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1762859175,
-        "narHash": "sha256-R4lx2xW4NuIU/+YvF4hNb/Fw6xIImlmm+6S1QB+Jh+k=",
+        "lastModified": 1763421857,
+        "narHash": "sha256-8JurcmEzAkrpm+eUDm8W/+KkU/w/viAeyJhJlIX2qOQ=",
         "owner": "pyproject-nix",
         "repo": "uv2nix",
-        "rev": "41816ac37553af248bb29624885c471f5ae2b835",
+        "rev": "c9752c6c5915eece99505612d8f7805185cff990",
         "type": "github"
       },
       "original": {
diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe.nix
index 5cc84862..d17be349 100644
--- a/hosts/vidhar/network/pppoe.nix
+++ b/hosts/vidhar/network/pppoe.nix
@@ -4,6 +4,48 @@ with lib;
 
 let
   pppInterface = config.networking.pppInterface;
+
+  corerad-deprecated = pkgs.writers.writeBashBin "corerad-deprecated" ''
+    exec -- ${lib.getExe' config.systemd.package "systemd-run"} \
+      --unit=corerad-deprecated@$(${lib.getExe' config.systemd.package "systemd-escape"} $1) \
+      --property=AmbientCapabilities="CAP_NET_ADMIN CAP_NET_RAW" \
+      --property=CapabilityBoundingSet="CAP_NET_ADMIN CAP_NET_RAW" \
+      --property=DynamicUser=yes \
+      --property=LimitNOFILE=1048576 \
+      --property=LimitNPROC=512 \
+      --property=NotifyAccess=main \
+      --property=Type=notify \
+      --property=RuntimeMaxSec=4h \
+      ${pkgs.writers.writeBash "corerad-deprecated" ''
+        exec -- ${lib.getExe pkgs.corerad} -c=<(${pkgs.writers.writePython3 "corerad-config" {
+            libraries = with pkgs.python3Packages; [ toml ];
+            flakeIgnore = [ "E124" "E121" ];
+          } ''
+            import toml
+            import sys
+            import re
+
+            match = re.fullmatch(r'(?P<interface>[^/]+)/(?P<prefix>.+)', sys.argv[1])
+
+            toml.dump({
+              "interfaces": [
+                {
+                  "name": match.group("interface"),
+                  "advertise": True,
+                  "prefix": [
+                    {
+                      "prefix": match.group("prefix"),
+                      "preferred_lifetime": "1s",
+                      "valid_lifetime": "14400s",
+                      "deprecated": True,
+                    },
+                  ],
+                },
+              ],
+            }, sys.stdout)
+          ''} $@)
+      ''} $@
+  '';
 in {
   options = {
     networking.pppInterface = mkOption {
@@ -131,6 +173,8 @@ in {
         };
       };
     };
+    environment.systemPackages = [ corerad-deprecated ];
+
     services.ndppd = {
       enable = true;
       proxies = {
@@ -160,75 +204,69 @@ in {
       bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
       after = [ "sys-subsystem-net-devices-telekom.device" ];
     };
-    systemd.services."dhcpcd-${pppInterface}" = {
-      wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
-      bindsTo = [ "pppd-telekom.service" ];
-      after = [ "pppd-telekom.service" ];
-      wants = [ "network.target" ];
-      before = [ "network-online.target" ];
 
-      path = with pkgs; [ dhcpcd nettools openresolv ];
-      unitConfig.ConditionCapability = "CAP_NET_ADMIN";
-
-      stopIfChanged = true;
+    networking.interfaces.${pppInterface}.useDHCP = true;
+    networking.dhcpcd = {
+      enable = true;
+      persistent = false;
+      setHostname = false;
+      wait = "ipv6";
+      IPv6rs = false;
 
-      preStart = ''
-        i=0
+      extraConfig = ''
+        duid
+        vendorclassid
+        ipv6only
 
-        while [[ -z "$(${pkgs.iproute2}/bin/ip -6 addr show dev ${pppInterface} scope link)" ]]; do
-          ${pkgs.coreutils}/bin/sleep 0.1
-          i=$((i + 1))
-          if [[ "$i" -ge 10 ]]; then
-            exit 1
-          fi
-        done
-      '';
+        require dhcp_server_identifier
 
-      postStop = ''
-        for dev in lan; do
-          ${pkgs.iproute2}/bin/ip -6 a show dev "''${dev}" scope global | ${pkgs.gnugrep}/bin/grep inet6 | ${pkgs.gawk}/bin/awk '{ print $2; }' | ${pkgs.findutils}/bin/xargs -I '{}' -- ${pkgs.iproute2}/bin/ip addr del '{}' dev "''${dev}"
-        done
-      '';
+        reboot 0
 
-      serviceConfig = let
-        dhcpcdConf = pkgs.writeText "dhcpcd.conf" ''
-          duid
-          vendorclassid
-          ipv6only
+        interface ${pppInterface}
+          nooption domain_name_servers, domain_name, domain_search, ntp_servers
+          nohook hostname, resolv.conf
+          option rapid_commit
 
-          nooption domain_name_servers, domain_name, domain_search
-          option classless_static_routes
-          option interface_mtu
+          ipv6rs
 
-          option host_name
-          option rapid_commit
-          require dhcp_server_identifier
-          slaac private
+          ia_pd 1 lan/0/64/0
+      '';
+    };
+    systemd.services.dhcpcd = {
+      wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
+      bindsTo = [ "pppd-telekom.service" ];
+      after = [ "pppd-telekom.service" ];
+      wants = [ "network.target" ];
+      before = [ "network-online.target" ];
 
-          nohook resolv.conf
-          ipv6ra_autoconf
-          iaid 1195061668
-          ipv6rs                 # enable routing solicitation for WAN adapter
-          ia_pd 1 lan/0/64/0     # request a PD and assign it to the LAN
+      serviceConfig = {
+        ExecStartPre = [
+          (pkgs.resholve.writeScript "wait-${pppInterface}-ip" {
+            interpreter = pkgs.runtimeShell;
+            inputs = with pkgs; [ iproute2 coreutils ];
+            execer = [
+              "cannot:${lib.getExe' pkgs.iproute2 "ip"}"
+            ];
+          } ''
+            i=0
 
-          reboot 0
+            while [[ -z "$(ip -6 addr show dev ${pppInterface} scope link)" ]]; do
+              sleep 0.1
+              i=$((i + 1))
+              if [[ "$i" -ge 10 ]]; then
+                exit 1
+              fi
+            done
+          '')
+        ];
 
-          waitip 6
-        '';
-      in {
-        Type = "forking";
-        PIDFile = "/var/run/dhcpcd/${pppInterface}.pid";
-        RuntimeDirectory = "dhcpcd";
-        ExecStart = "@${pkgs.dhcpcd}/sbin/dhcpcd dhcpcd -q --config ${dhcpcdConf} ${pppInterface}";
-        ExecReload = "${pkgs.dhcpcd}/sbin/dhcpcd --rebind ${pppInterface}";
-        Restart = "always";
         RestartSec = "5";
       };
     };
     systemd.services.ndppd = {
-      wantedBy = [ "dhcpcd-${pppInterface}.service" ];
-      bindsTo = [ "dhcpcd-${pppInterface}.service" ];
-      after = [ "dhcpcd-${pppInterface}.service" ];
+      wantedBy = [ "dhcpcd.service" ];
+      bindsTo = [ "dhcpcd.service" ];
+      after = [ "dhcpcd.service" ];
 
       serviceConfig = {
         Restart = "always";
@@ -236,25 +274,20 @@ in {
       };
     };
     systemd.services.corerad = {
-      wantedBy = [ "dhcpcd-${pppInterface}.service" ];
-      bindsTo = [ "dhcpcd-${pppInterface}.service" ];
-      after = [ "dhcpcd-${pppInterface}.service" ];
+      wantedBy = [ "dhcpcd.service" ];
+      bindsTo = [ "dhcpcd.service" ];
+      after = [ "dhcpcd.service" ];
 
       serviceConfig = {
         Restart = lib.mkForce "always";
         RestartSec = "5";
       };
     };
-    users.users.dhcpcd = {
-      isSystemUser = true;
-      group = "dhcpcd";
-    };
-    users.groups.dhcpcd = {};
 
     systemd.services.unbound = {
-      wantedBy = [ "dhcpcd-${pppInterface}.service" ];
-      bindsTo = [ "dhcpcd-${pppInterface}.service" ];
-      after = [ "dhcpcd-${pppInterface}.service" ];
+      wantedBy = [ "dhcpcd.service" ];
+      bindsTo = [ "dhcpcd.service" ];
+      after = [ "dhcpcd.service" ];
 
       serviceConfig = {
         Restart = lib.mkForce "always";
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix
index df135b58..125fd568 100644
--- a/hosts/vidhar/prometheus/default.nix
+++ b/hosts/vidhar/prometheus/default.nix
@@ -64,7 +64,7 @@ in {
         systemd = {
           enable = true;
           extraFlags = [
-            "--systemd.collector.unit-include=(dhcpcd-.*|pppd-telekom|corerad|ndppd)\.service"
+            "--systemd.collector.unit-include=(dhcpcd|pppd-telekom|corerad|ndppd)\.service"
             "--systemd.collector.enable-restart-count"
             "--systemd.collector.enable-ip-accounting"
           ];
diff --git a/overlays/spm/default.nix b/overlays/spm/default.nix
index ff135279..bd81ef82 100644
--- a/overlays/spm/default.nix
+++ b/overlays/spm/default.nix
@@ -4,10 +4,11 @@ let
     # defaultPackages = (import ./stackage.nix {});
     # haskellPackages = defaultPackages // argumentPackages;
     # haskellPackages = argumentPackages;
-    haskellPackages = final.haskell.packages.ghc96.override {
+    haskellPackages = final.haskell.packages.ghc912.override {
       overrides = self: super: {
         warp-systemd = final.haskell.lib.doJailbreak (super.warp-systemd.overrideAttrs (oldAttrs: { meta = oldAttrs.meta // { broken = false; }; }));
         unliftio-pool = final.haskell.lib.doJailbreak super.unliftio-pool;
+        cryptonite = super.cryptonite.overrideAttrs (oldAttrs: { doCheck = false; });
       #    servant-server = super.servant-server.overrideAttrs (oldAttrs: {
       #      patches = [];
       #    });
diff --git a/overlays/spm/lib/Spm/Api.hs b/overlays/spm/lib/Spm/Api.hs
index 8285cc55..3c22bfb6 100644
--- a/overlays/spm/lib/Spm/Api.hs
+++ b/overlays/spm/lib/Spm/Api.hs
@@ -21,7 +21,6 @@ import Data.Text (Text)
 import qualified Data.Text as Text
 
 import GHC.Generics (Generic)
-import Type.Reflection (Typeable)
 
 import Control.Lens
 
@@ -62,7 +61,7 @@ instance FromHttpApiData SpmStyle where
 
 
 newtype SpmMailbox = SpmMailbox { unSpmMailbox :: CI Text }
-  deriving stock (Eq, Ord, Read, Show, Generic, Typeable)
+  deriving stock (Eq, Ord, Read, Show, Generic)
   deriving newtype (MimeRender PlainText)
 makeWrapped ''SpmMailbox
 
@@ -70,7 +69,7 @@ instance MimeRender JSON SpmMailbox where
   mimeRender p mbox = mimeRender p $ JSON.object [ "mailbox" JSON..= unSpmMailbox mbox ]
 
 newtype SpmDomain = SpmDomain { unSpmDomain :: CI Text }
-  deriving stock (Eq, Ord, Read, Show, Generic, Typeable)
+  deriving stock (Eq, Ord, Read, Show, Generic)
   deriving newtype (MimeRender PlainText)
 makeWrapped ''SpmDomain
 
@@ -79,17 +78,17 @@ instance MimeRender JSON SpmDomain where
 
 newtype SpmLocal = SpmLocal
   { unSpmLocal :: CI Text
-  } deriving stock (Eq, Ord, Read, Show, Generic, Typeable)
+  } deriving stock (Eq, Ord, Read, Show, Generic)
     deriving newtype (ToJSON, FromJSON)
 makeWrapped ''SpmLocal
 newtype SpmExtension = SpmExtension
   { unSpmExtension :: CI Text
-  } deriving stock (Eq, Ord, Read, Show, Generic, Typeable)
+  } deriving stock (Eq, Ord, Read, Show, Generic)
     deriving newtype (ToJSON, FromJSON)
 makeWrapped ''SpmExtension
 
 data SpmMappingState = Valid | Reject
-  deriving (Eq, Ord, Read, Show, Enum, Bounded, Generic, Typeable)
+  deriving (Eq, Ord, Read, Show, Enum, Bounded, Generic)
 instance MimeRender PlainText SpmMappingState where
   mimeRender p = mimeRender @_ @Text p . \case
     Valid -> "valid"
@@ -109,15 +108,15 @@ _SpmMappingStateReject = iso toReject fromReject
 data SpmMappingListingItem = SpmMappingListingItem
   { smlMapping :: SpmMapping
   , smlState :: SpmMappingState
-  } deriving (Eq, Ord, Read, Show, Generic, Typeable)
+  } deriving (Eq, Ord, Read, Show, Generic)
 
 newtype SpmMappingListing = SpmMappingListing { unSpmMappingListing :: [SpmMappingListingItem] }
-  deriving stock (Eq, Ord, Read, Show, Generic, Typeable)
+  deriving stock (Eq, Ord, Read, Show, Generic)
 
 data SpmMapping = SpmMapping
   { spmMappingLocal :: Maybe SpmLocal
   , spmMappingExtension :: Maybe SpmExtension
-  } deriving stock (Eq, Ord, Read, Show, Generic, Typeable)
+  } deriving stock (Eq, Ord, Read, Show, Generic)
 
 _SpmMappingText :: Iso' SpmMapping Text
 _SpmMappingText = iso toText fromText
@@ -170,7 +169,7 @@ instance ToJSON SpmMappingListing where
 data SpmJWTClaims = SpmJWTClaims
   { spmjwtStdClaims :: ClaimsSet
   , spmjwtLocal :: SpmLocal
-  } deriving stock (Eq, Show, Generic, Typeable)
+  } deriving stock (Eq, Show, Generic)
 
 makeLensesFor [("spmjwtStdClaims", "_stdClaims"), ("spmjwtLocal", "_spmjwtLocal")] ''SpmJWTClaims
 
diff --git a/overlays/spm/server/Spm/Server.hs b/overlays/spm/server/Spm/Server.hs
index 8e7f8786..dc334729 100644
--- a/overlays/spm/server/Spm/Server.hs
+++ b/overlays/spm/server/Spm/Server.hs
@@ -1,3 +1,5 @@
+{-# OPTIONS_GHC -Wno-orphans #-}
+
 {-# LANGUAGE OverloadedStrings #-}
 
 module Spm.Server
@@ -24,7 +26,6 @@ import Data.Attoparsec.Text
 import qualified Data.ByteString.Lazy as LBS
 
 import GHC.Generics (Generic)
-import Type.Reflection (Typeable)
 
 import Control.Applicative
 import Control.Monad
@@ -101,7 +102,7 @@ hSslClientSDn = "SSL-Client-S-DN"
 data SSLClientVerify
   = SSLClientVerifySuccess
   | SSLClientVerifyOther Text
-  deriving (Eq, Ord, Read, Show, Generic, Typeable)
+  deriving (Eq, Ord, Read, Show, Generic)
 instance FromHttpApiData SSLClientVerify where
   parseUrlPiece = (left Text.pack .) . parseOnly $ p <* endOfInput
     where
@@ -163,7 +164,7 @@ data ServerCtxError
   | ServerCtxNoCredentialsDirectory
   | ServerCtxJwkSetDecodeError String
   | ServerCtxJwkSetEmpty
-  deriving stock (Eq, Ord, Read, Show, Generic, Typeable)
+  deriving stock (Eq, Ord, Read, Show, Generic)
   deriving anyclass (Exception)
 
 mkSpmApp :: (MonadUnliftIO m, MonadThrow m) => m Application
diff --git a/overlays/spm/server/Spm/Server/Ctx.hs b/overlays/spm/server/Spm/Server/Ctx.hs
index 18452a0a..1d228043 100644
--- a/overlays/spm/server/Spm/Server/Ctx.hs
+++ b/overlays/spm/server/Spm/Server/Ctx.hs
@@ -11,7 +11,6 @@ import Database.Persist.Postgresql
 import UnliftIO.Pool
 import Control.Lens.TH
 
-import Type.Reflection (Typeable)
 import GHC.Generics (Generic)
 
 
@@ -19,6 +18,6 @@ data ServerCtx = ServerCtx
   { _sctxSqlPool :: Pool SqlBackend
   , _sctxInstanceId :: UUID
   , _sctxJwkSet :: JWKSet
-  } deriving (Generic, Typeable)
+  } deriving (Generic)
 makeLenses ''ServerCtx
 
diff --git a/overlays/spm/server/Spm/Server/Database.hs b/overlays/spm/server/Spm/Server/Database.hs
index 3156e920..4405452f 100644
--- a/overlays/spm/server/Spm/Server/Database.hs
+++ b/overlays/spm/server/Spm/Server/Database.hs
@@ -13,7 +13,6 @@ import Database.Persist.Sql
 import Database.Persist.TH
 
 import GHC.Generics (Generic)
-import Type.Reflection (Typeable)
 
 import Data.Text (Text)
 
@@ -33,22 +32,22 @@ import Web.HttpApiData
 
 newtype MailMailbox = MailMailbox
   { unMailMailbox :: CI Text
-  } deriving stock (Eq, Ord, Read, Show, Generic, Typeable)
+  } deriving stock (Eq, Ord, Read, Show, Generic)
     deriving newtype (PersistField, PersistFieldSql)
 makeWrapped ''MailMailbox
 newtype MailLocal = MailLocal
   { unMailLocal :: CI Text
-  } deriving stock (Eq, Ord, Read, Show, Generic, Typeable)
+  } deriving stock (Eq, Ord, Read, Show, Generic)
     deriving newtype (PersistField, PersistFieldSql)
 makeWrapped ''MailLocal
 newtype MailExtension = MailExtension
   { unMailExtension :: CI Text
-  } deriving stock (Eq, Ord, Read, Show, Generic, Typeable)
+  } deriving stock (Eq, Ord, Read, Show, Generic)
     deriving newtype (PersistField, PersistFieldSql)
 makeWrapped ''MailExtension
 newtype MailDomain = MailDomain
   { unMailDomain :: CI Text
-  } deriving stock (Eq, Ord, Read, Show, Generic, Typeable)
+  } deriving stock (Eq, Ord, Read, Show, Generic)
     deriving newtype (PersistField, PersistFieldSql)
 makeWrapped ''MailDomain