about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--configurations/default.nix9
-rw-r--r--configurations/eonwe/default.nix42
-rw-r--r--configurations/eonwe/ollama.nix97
-rw-r--r--configurations/eonwe/vidya.nix9
-rw-r--r--configurations/ilmare/default.nix5
-rw-r--r--configurations/manwe/default.nix12
-rw-r--r--configurations/manwe/webserver.nix64
-rw-r--r--configurations/tulkas/default.nix66
-rw-r--r--configurations/varda/default.nix2
-rw-r--r--flake.lock245
-rw-r--r--flake.nix3
-rw-r--r--lib/default.nix4
-rw-r--r--lib/my.nix127
-rw-r--r--modules/acme.nix13
-rw-r--r--modules/android.nix5
-rw-r--r--modules/chromium.nix3
-rw-r--r--modules/common/ark.nix26
-rw-r--r--modules/common/default.nix5
-rw-r--r--modules/common/documentation.nix3
-rw-r--r--modules/common/home-manager.nix14
-rw-r--r--modules/common/kernel.nix27
-rw-r--r--modules/common/locale.nix1
-rw-r--r--modules/common/networking.nix163
-rw-r--r--modules/common/nix.nix13
-rw-r--r--modules/common/secrets.nix16
-rw-r--r--modules/common/shell/default.nix30
-rw-r--r--modules/common/stylix.nix13
-rw-r--r--modules/common/systemd.nix9
-rw-r--r--modules/common/users.nix13
-rw-r--r--modules/common/xdg.nix43
-rw-r--r--modules/curl.nix2
-rw-r--r--modules/docker.nix9
-rw-r--r--modules/emacs/default.nix5
-rw-r--r--modules/emacs/doom/config.el115
-rw-r--r--modules/emacs/doom/init.el2
-rw-r--r--modules/emacs/doom/packages.el17
-rw-r--r--modules/firefox/addons.json16
-rw-r--r--modules/firefox/addons.nix98
-rw-r--r--modules/firefox/default.nix36
-rw-r--r--modules/firefox/userChrome.css140
-rw-r--r--modules/firefox/userContent.css10
-rw-r--r--modules/games/gamemode.nix7
-rw-r--r--modules/games/lutris.nix4
-rw-r--r--modules/games/minecraft.nix27
-rw-r--r--modules/games/steam-run.nix79
-rw-r--r--modules/git/default.nix386
-rw-r--r--modules/hyprland.nix131
-rw-r--r--modules/ipfs.nix3
-rw-r--r--modules/jackett.nix9
-rw-r--r--modules/kde.nix11
-rw-r--r--modules/monitoring/default.nix3
-rw-r--r--modules/nsd.nix4
-rw-r--r--modules/openssh.nix33
-rw-r--r--modules/password-store.nix3
-rw-r--r--modules/plausible.nix12
-rw-r--r--modules/podman.nix29
-rw-r--r--modules/profiles/default.nix1
-rw-r--r--modules/profiles/dev/default.nix8
-rw-r--r--modules/profiles/headful.nix3
-rw-r--r--modules/profiles/headless.nix5
-rw-r--r--modules/psd.nix1
-rw-r--r--modules/searx.nix13
-rw-r--r--modules/syncthing.nix11
-rw-r--r--modules/thelounge.nix49
-rw-r--r--modules/unbound-ng.nix185
-rw-r--r--modules/unbound.nix20
-rw-r--r--modules/uptime-kuma.nix49
-rw-r--r--modules/vaultwarden.nix19
-rw-r--r--modules/wayland.nix7
-rw-r--r--modules/wireguard-ng.nix255
-rw-r--r--modules/wireguard.nix43
-rw-r--r--overlays.nix82
-rw-r--r--packages/hiccup.nix6
73 files changed, 1936 insertions, 1094 deletions
diff --git a/configurations/default.nix b/configurations/default.nix
index cc160e9..312ca9f 100644
--- a/configurations/default.nix
+++ b/configurations/default.nix
@@ -90,6 +90,15 @@ mapAttrs' mkConfiguration (
       srvos.nixosModules.server
     ];
 
+    tulkas.modules = with inputs; [
+      "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
+      disko.nixosModules.disko
+      nixos-hardware.nixosModules.common-cpu-amd
+      nixos-hardware.nixosModules.common-pc-ssd
+      nixpkgs.nixosModules.notDetected
+      srvos.nixosModules.server
+    ];
+
     yavanna.modules = with inputs; [
       "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
       nixos-hardware.nixosModules.common-cpu-intel
diff --git a/configurations/eonwe/default.nix b/configurations/eonwe/default.nix
index c33c21d..f718135 100644
--- a/configurations/eonwe/default.nix
+++ b/configurations/eonwe/default.nix
@@ -12,6 +12,7 @@ with lib;
     ark.enable = true;
 
     wireguard.client.enable = true;
+    wireguard-ng.client.enable = false;
 
     syncthing.enable = true;
 
@@ -23,10 +24,11 @@ with lib;
     android.enable = true;
     beets.enable = true;
     bluetooth.enable = true;
-    incus.enable = true;
     libvirtd.enable = true;
     mpd.enable = true;
     qutebrowser.enable = true;
+
+    hyprland.enable = true;
   };
 
   hm = {
@@ -37,6 +39,7 @@ with lib;
       paper-plane
       qolibri
       radeontop
+      rocmPackages.rocm-smi
       vial
       wacomtablet
     ];
@@ -50,8 +53,8 @@ with lib;
             mapShaders = map (args: toString (pkgs.fetchurl args));
             cfl-prediction = mapShaders [
               {
-                url = "https://raw.githubusercontent.com/Artoriuz/glsl-chroma-from-luma-prediction/471c65dd3915d39e7ef69957ab63e006125fbb88/CfL_Prediction.glsl";
-                sha256 = "sha256-Mgb1KqF1EPPzR3SCVr9S4XzVmZkYEEFIHSp59RZ9wq8=";
+                url = "https://raw.githubusercontent.com/Artoriuz/glsl-chroma-from-luma-prediction/9fdd0bc68cd8ae42a8072a7d5d098f118daa4293/CfL_Prediction.glsl";
+                sha256 = "sha256-RK3baWkL0mZwcx+utsHfiiX1mY1jxEOg7/kNsNJvEPc=";
               }
             ];
             ravu-lite-ar-r4 = mapShaders [
@@ -62,8 +65,8 @@ with lib;
             ];
             ssimdownscaler = mapShaders [
               {
-                url = "https://gist.githubusercontent.com/igv/36508af3ffc84410fe39761d6969be10/raw/575d13567bbe3caa778310bd3b2a4c516c445039/SSimDownscaler.glsl";
-                sha256 = "sha256-AEq2wv/Nxo9g6Y5e4I9aIin0plTcMqBG43FuOxbnR1w=";
+                url = "https://gist.githubusercontent.com/igv/36508af3ffc84410fe39761d6969be10/raw/38992bce7f9ff844f800820df0908692b65bb74a/SSimDownscaler.glsl";
+                sha256 = "sha256-9G9HEKFi0XBYudgu2GEFiLDATXvgfO9r8qjEB3go+AQ=";
               }
             ];
           in
@@ -149,7 +152,17 @@ with lib;
     };
   };
 
+  programs.corectrl.enable = true;
+
   services = {
+    displayManager = {
+      sddm.enable = lib.mkForce false;
+      ly = {
+        enable = true;
+        settings.animation = "matrix";
+      };
+    };
+
     languagetool = {
       enable = true;
       port = 8081;
@@ -293,11 +306,30 @@ with lib;
     "/home/${my.username}".neededForBoot = true;
   };
 
+  systemd.mounts = [
+    {
+      type = "tmpfs";
+      what = "tmpfs";
+      where = "/var/tmp";
+      mountConfig.Options = [
+        "huge=within_size"
+        "mode=1777"
+        "noatime"
+        "nodev"
+        "nosuid"
+        "rw"
+        "size=25%"
+      ];
+    }
+  ];
+
   zramSwap = {
     enable = true;
     memoryPercent = 25;
   };
 
+  my.extraGroups = [ "corectrl" ];
+
   users = {
     users.builder = {
       isSystemUser = true;
diff --git a/configurations/eonwe/ollama.nix b/configurations/eonwe/ollama.nix
new file mode 100644
index 0000000..806885b
--- /dev/null
+++ b/configurations/eonwe/ollama.nix
@@ -0,0 +1,97 @@
+{
+  config,
+  lib,
+  ...
+}:
+{
+  ark.directories = [
+    config.services.ollama.home
+  ];
+
+  hm.programs.firefox.profiles.default.bookmarks = [
+    {
+      name = "Bookmarks Toolbar";
+      toolbar = true;
+      bookmarks = [
+        {
+          name = "Ollama";
+          url = "http://eonwe.shire.net:11435";
+        }
+        {
+          name = "Open WebUI";
+          url = "http://eonwe.shire.net:11436";
+        }
+      ];
+    }
+  ];
+
+  services = {
+    ollama = {
+      enable = true;
+
+      host = "0.0.0.0";
+      port = 11434;
+
+      user = "ollama";
+      group = "ollama";
+
+      acceleration = "rocm";
+      rocmOverrideGfx = "11.0.0";
+
+      environmentVariables.OLLAMA_ORIGINS = lib.concatStringsSep "," [
+        "http://eonwe.shire.net:11434"
+        "http://eonwe.shire.net:11435"
+        "http://eonwe.shire.net:11436"
+      ];
+
+      openFirewall = true;
+    };
+
+    nextjs-ollama-llm-ui = {
+      enable = true;
+
+      hostname = "0.0.0.0";
+      port = 11435;
+
+      ollamaUrl = "http://eonwe.shire.net:11434";
+    };
+
+    open-webui = {
+      enable = true;
+
+      host = "0.0.0.0";
+      port = 11436;
+
+      environment = {
+        ANONYMIZED_TELEMETRY = "False";
+        DO_NOT_TRACK = "True";
+        ENABLE_SIGNUP = "False";
+        OLLAMA_BASE_URL = "http://eonwe.shire.net:11434";
+        SCARF_NO_ANALYTICS = "True";
+        WEBUI_AUTH = "False";
+        WEBUI_URL = "http://eonwe.shire.net:11436";
+      };
+
+      openFirewall = true;
+    };
+  };
+
+  systemd.services.ollama.serviceConfig = {
+    StateDirectory = lib.mkForce config.services.ollama.home;
+    DynamicUser = lib.mkForce false;
+    User = config.services.ollama.user;
+    Group = config.services.ollama.group;
+  };
+
+  users = {
+    users.ollama = {
+      isSystemUser = true;
+      group = "ollama";
+      inherit (config.services.ollama) home;
+      uid = 241; # Reuses a removed ID from Nixpkgs.
+    };
+    groups.ollama.gid = 241;
+  };
+
+  my.extraGroups = [ "ollama" ];
+}
diff --git a/configurations/eonwe/vidya.nix b/configurations/eonwe/vidya.nix
index 7e10175..a40daa9 100644
--- a/configurations/eonwe/vidya.nix
+++ b/configurations/eonwe/vidya.nix
@@ -3,7 +3,7 @@
   nixfiles.modules = {
     common.nix.allowedUnfreePackages = [
       "cla-theme" # source-available
-      "dwarf-fortress"
+      "dwarf-fortress" # proprietary
       "fallout-ce" # source-available
       "fallout2-ce" # source-available
     ];
@@ -12,7 +12,11 @@
       lutris.enable = true;
 
       steam.enable = true;
-      steam-run.quirks.blackIsleStudios = true;
+      steam-run.quirks = {
+        blackIsleStudios = true;
+        cryptOfTheNecrodancer = true;
+        mountAndBladeWarband = false;
+      };
 
       minecraft.client.enable = true;
     };
@@ -29,7 +33,6 @@
     fallout-ce
     fallout2-ce
     gzdoom
-    nethack
     openmw
     openttd
     qzdl
diff --git a/configurations/ilmare/default.nix b/configurations/ilmare/default.nix
index a1b5007..bb89699 100644
--- a/configurations/ilmare/default.nix
+++ b/configurations/ilmare/default.nix
@@ -1,4 +1,7 @@
-_: {
+{ lib, ... }:
+{
+  imports = lib.attrValues (lib.modulesIn ./.);
+
   nixfiles.modules = {
     wireguard.client.enable = true;
 
diff --git a/configurations/manwe/default.nix b/configurations/manwe/default.nix
index 609d2a8..f9cb2be 100644
--- a/configurations/manwe/default.nix
+++ b/configurations/manwe/default.nix
@@ -1,17 +1,21 @@
-{ config, lib, ... }:
+{
+  config,
+  lib,
+  ...
+}:
 with lib;
 {
   imports = attrValues (modulesIn ./.);
 
   nixfiles.modules = {
+    wireguard.server.enable = true;
+
     nsd = {
       enable = true;
       fqdn = "ns1.${config.networking.domain}";
     };
     unbound.enable = true;
 
-    wireguard.server.enable = true;
-
     acme.enable = true;
 
     monitoring.enable = true;
@@ -38,6 +42,8 @@ with lib;
     vaultwarden.enable = true;
     ntfy.enable = true;
     plausible.enable = true;
+    uptime-kuma.enable = true;
+    thelounge.enable = true;
   };
 
   boot = {
diff --git a/configurations/manwe/webserver.nix b/configurations/manwe/webserver.nix
index 95a0b0b..051ddba 100644
--- a/configurations/manwe/webserver.nix
+++ b/configurations/manwe/webserver.nix
@@ -12,70 +12,6 @@ with lib;
     virtualHosts =
       with my.domain;
       {
-        # TODO Start using this.
-        # "start.local" = {
-        #   root = pkgs.hiccup;
-        #   locations = {
-        #     "/".tryFiles = "$uri $uri/ /index.html";
-        #     "~* ^.+config.json$".extraConfig = let
-        #       config = pkgs.writeText "config.json" (generators.toJSON {} {
-        #         version = "2.0";
-        #         id = "default";
-        #         title = "Demo Config";
-        #         url = "./configs/config.json";
-        #         featured = [
-        #           {
-        #             name = "GitHub";
-        #             background = "/assets/card.png";
-        #             link = "https://github.com/ashwin-pc/hiccup";
-        #           }
-        #         ];
-        #         categories = [
-        #           {
-        #             title = "Category 1";
-        #             links = [
-        #               {
-        #                 name = "Link 1";
-        #                 link = "https://example.com";
-        #               }
-        #             ];
-        #           }
-        #           {
-        #             title = "Category 2";
-        #             links = [
-        #               {
-        #                 name = "Link 1";
-        #                 link = "https://example.com";
-        #               }
-        #             ];
-        #           }
-        #           {
-        #             title = "Category 3";
-        #             links = [
-        #               {
-        #                 name = "Link 1";
-        #                 link = "https://example.com";
-        #               }
-        #             ];
-        #           }
-        #           {
-        #             title = "Category 4";
-        #             links = [
-        #               {
-        #                 name = "Link 1";
-        #                 link = "https://example.com";
-        #               }
-        #             ];
-        #           }
-        #         ];
-        #       });
-        #     in ''
-        #       alias ${config};
-        #     '';
-        #   };
-        #   enableACME = false;
-        #   forceSSL = false;
-        # };
         ${shire}.locations."/".return = "301 https://www.youtube.com/watch?v=dQw4w9WgXcQ";
         "git.${shire}".locations."/".return = "301 https://git.${azahi}";
         "bitwarden.${shire}".locations."/".return = "301 https://vaultwarden.${shire}";
diff --git a/configurations/tulkas/default.nix b/configurations/tulkas/default.nix
new file mode 100644
index 0000000..5946ea8
--- /dev/null
+++ b/configurations/tulkas/default.nix
@@ -0,0 +1,66 @@
+{ lib, this, ... }:
+with lib;
+{
+  imports = attrValues (modulesIn ./.);
+
+  nixfiles.modules = {
+    wireguard.client.enable = true;
+    wireguard-ng.server.enable = true;
+
+    unbound-ng.enable = true;
+    unbound-ng.domain = "shire.local";
+  };
+
+  services.qemuGuest.enable = true;
+
+  systemd.network.networks."40-eth0" = {
+    addresses = [
+      {
+        Address = this.ipv4.address;
+        Broadcast = true;
+      }
+    ];
+    routes = [
+      {
+        Gateway = this.ipv4.gatewayAddress;
+        GatewayOnLink = true;
+      }
+    ];
+  };
+
+  boot.loader.systemd-boot.enable = true;
+
+  disko.devices.disk.vda = {
+    device = "/dev/vda";
+    type = "disk";
+    content = {
+      type = "gpt";
+      partitions = {
+        esp = {
+          name = "ESP";
+          type = "EF00";
+          size = "512M";
+          content = {
+            type = "filesystem";
+            format = "vfat";
+            mountpoint = "/boot";
+          };
+        };
+        root = {
+          size = "100%";
+          content = {
+            type = "filesystem";
+            format = "xfs";
+            mountpoint = "/";
+            mountOptions = [ "noatime" ];
+          };
+        };
+      };
+    };
+  };
+
+  zramSwap = {
+    enable = true;
+    memoryPercent = 50;
+  };
+}
diff --git a/configurations/varda/default.nix b/configurations/varda/default.nix
index 908a3ec..c12c811 100644
--- a/configurations/varda/default.nix
+++ b/configurations/varda/default.nix
@@ -7,6 +7,8 @@ with lib;
     wireguard.client.enable = true;
 
     sing-box.enable = true;
+
+    games.minecraft.server.enable = false;
   };
 
   boot = {
diff --git a/flake.lock b/flake.lock
index 8e8b256..c4ee276 100644
--- a/flake.lock
+++ b/flake.lock
@@ -83,11 +83,11 @@
     "azahi-cc": {
       "flake": false,
       "locked": {
-        "lastModified": 1688374221,
-        "narHash": "sha256-FK8wJXsOQHzLH3QJ932xJXan8NmWjJbenjL9OAZzw7w=",
+        "lastModified": 1731443312,
+        "narHash": "sha256-+w/EjWb1OTHD4htRNTjKNshHMhzG2W3yhabsPloyKAw=",
         "ref": "master",
-        "rev": "e5faa2c2cb107c77ce2f4268c6b5d3d01be078cb",
-        "revCount": 17,
+        "rev": "9ba3c3d09c6db4449722607d899ccef2730ac886",
+        "revCount": 18,
         "type": "git",
         "url": "https://git.azahi.cc/azahi-cc"
       },
@@ -102,11 +102,11 @@
         "fromYaml": "fromYaml"
       },
       "locked": {
-        "lastModified": 1708890466,
-        "narHash": "sha256-LlrC09LoPi8OPYOGPXegD72v+//VapgAqhbOFS3i8sc=",
+        "lastModified": 1732200724,
+        "narHash": "sha256-+R1BH5wHhfnycySb7Sy5KbYEaTJZWm1h+LW1OtyhiTs=",
         "owner": "SenchoPens",
         "repo": "base16.nix",
-        "rev": "665b3c6748534eb766c777298721cece9453fdae",
+        "rev": "153d52373b0fb2d343592871009a286ec8837aec",
         "type": "github"
       },
       "original": {
@@ -150,11 +150,11 @@
     "base16-vim": {
       "flake": false,
       "locked": {
-        "lastModified": 1716150083,
-        "narHash": "sha256-ZMhnNmw34ogE5rJZrjRv5MtG3WaqKd60ds2VXvT6hEc=",
+        "lastModified": 1731949548,
+        "narHash": "sha256-XIDexXM66sSh5j/x70e054BnUsviibUShW7XhbDGhYo=",
         "owner": "tinted-theming",
         "repo": "base16-vim",
-        "rev": "6e955d704d046b0dc3e5c2d68a2a6eeffd2b5d3d",
+        "rev": "61165b1632409bd55e530f3dbdd4477f011cadc6",
         "type": "github"
       },
       "original": {
@@ -203,18 +203,17 @@
     },
     "devshell": {
       "inputs": {
-        "flake-utils": "flake-utils_2",
         "nixpkgs": [
           "nix-topology",
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1713532798,
-        "narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
+        "lastModified": 1728330715,
+        "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
         "owner": "numtide",
         "repo": "devshell",
-        "rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
+        "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
         "type": "github"
       },
       "original": {
@@ -230,11 +229,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730045523,
-        "narHash": "sha256-W5Avk1THhZALXITHGazKfZbIZ5+Bc4nSYvAYHUn96EU=",
+        "lastModified": 1734343412,
+        "narHash": "sha256-b7G8oFp0Nj01BYUJ6ENC9Qf/HsYAIZvN9k/p0Kg/PFU=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "89e458a3bb3693e769bfb2b2447c3fe72092d498",
+        "rev": "a08bfe06b39e94eec98dd089a2c1b18af01fef19",
         "type": "github"
       },
       "original": {
@@ -253,11 +252,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1726867691,
-        "narHash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ=",
+        "lastModified": 1733919067,
+        "narHash": "sha256-ZsL5pKwEDhcZhVJh+3IwgHus7kSW/N8qOlBscwB6BCI=",
         "owner": "nix-community",
         "repo": "dns.nix",
-        "rev": "a3196708a56dee76186a9415c187473b94e6cbae",
+        "rev": "a23f43f9762aa96d3e35c8eeefa7610bd0cdf456",
         "type": "github"
       },
       "original": {
@@ -268,11 +267,11 @@
     },
     "flake-compat": {
       "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
         "type": "github"
       },
       "original": {
@@ -286,11 +285,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1727826117,
-        "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
+        "lastModified": 1733312601,
+        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
+        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
         "type": "github"
       },
       "original": {
@@ -304,11 +303,11 @@
         "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1726560853,
-        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
         "type": "github"
       },
       "original": {
@@ -319,35 +318,17 @@
     },
     "flake-utils_2": {
       "inputs": {
-        "systems": "systems_3"
-      },
-      "locked": {
-        "lastModified": 1701680307,
-        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_3": {
-      "inputs": {
         "systems": [
           "stylix",
           "systems"
         ]
       },
       "locked": {
-        "lastModified": 1710146030,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
         "type": "github"
       },
       "original": {
@@ -359,11 +340,11 @@
     "fromYaml": {
       "flake": false,
       "locked": {
-        "lastModified": 1689549921,
-        "narHash": "sha256-iX0pk/uB019TdBGlaJEWvBCfydT6sRq+eDcGPifVsCM=",
+        "lastModified": 1731966426,
+        "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=",
         "owner": "SenchoPens",
         "repo": "fromYaml",
-        "rev": "11fbbbfb32e3289d3c631e0134a23854e7865c84",
+        "rev": "106af9e2f715e2d828df706c386a685698f3223b",
         "type": "github"
       },
       "original": {
@@ -386,11 +367,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1729104314,
-        "narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=",
+        "lastModified": 1734379367,
+        "narHash": "sha256-Keu8z5VgT5gnCF4pmB+g7XZFftHpfl4qOn7nqBcywdE=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6",
+        "rev": "0bb4be58f21ff38fc3cdbd6c778eb67db97f0b99",
         "type": "github"
       },
       "original": {
@@ -423,16 +404,16 @@
     "gnome-shell": {
       "flake": false,
       "locked": {
-        "lastModified": 1713702291,
-        "narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=",
+        "lastModified": 1732369855,
+        "narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=",
         "owner": "GNOME",
         "repo": "gnome-shell",
-        "rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934",
+        "rev": "dadd58f630eeea41d645ee225a63f719390829dc",
         "type": "github"
       },
       "original": {
         "owner": "GNOME",
-        "ref": "46.1",
+        "ref": "47.2",
         "repo": "gnome-shell",
         "type": "github"
       }
@@ -444,11 +425,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730016908,
-        "narHash": "sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0=",
+        "lastModified": 1734344598,
+        "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e83414058edd339148dc142a8437edb9450574c8",
+        "rev": "83ecd50915a09dca928971139d3a102377a8d242",
         "type": "github"
       },
       "original": {
@@ -460,11 +441,11 @@
     "homelab-svg-assets": {
       "flake": false,
       "locked": {
-        "lastModified": 1729175365,
-        "narHash": "sha256-r43u2HqdhRezqGwo/nbbZhHx5WUmkvAsfoLt8taFKyw=",
+        "lastModified": 1733409874,
+        "narHash": "sha256-Q9QMq9dXIjvJB7YSE3DU5W2eOAPQxjBRKYmNvk+ZnFo=",
         "owner": "loganmarchione",
         "repo": "homelab-svg-assets",
-        "rev": "745e5d9249f2c847d58de5f1fd7ba4de2f63918e",
+        "rev": "f084a7da8dc72f44edcd8c21dd8650b5f781734c",
         "type": "github"
       },
       "original": {
@@ -475,11 +456,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1729068498,
-        "narHash": "sha256-C2sGRJl1EmBq0nO98TNd4cbUy20ABSgnHWXLIJQWRFA=",
+        "lastModified": 1734200366,
+        "narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "e337457502571b23e449bf42153d7faa10c0a562",
+        "rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48",
         "type": "github"
       },
       "original": {
@@ -491,11 +472,11 @@
     "infuse": {
       "flake": false,
       "locked": {
-        "lastModified": 1729644337,
-        "narHash": "sha256-4XPDTUvV8dfuf9GzKg2/r7j7lMELRAwKKFx3ecQObeg=",
+        "lastModified": 1732860261,
+        "narHash": "sha256-xGOVrmZgsi5qAEFrPelsC7DE1Kd9+EJ2oY/gCKD4Diw=",
         "ref": "refs/heads/trunk",
-        "rev": "786657a2cf262c3cdce08f64dd4857655f18f166",
-        "revCount": 40,
+        "rev": "0005869a31b879b57cfc9b216c8cf7f3c710579c",
+        "revCount": 41,
         "type": "git",
         "url": "https://codeberg.org/amjoseph/infuse.nix"
       },
@@ -516,11 +497,11 @@
         "nixpkgs-24_05": "nixpkgs-24_05"
       },
       "locked": {
-        "lastModified": 1722877200,
-        "narHash": "sha256-qgKDNJXs+od+1UbRy62uk7dYal3h98I4WojfIqMoGcg=",
+        "lastModified": 1734370678,
+        "narHash": "sha256-a8zkti1QM5Oxkdfnzr/NjrFlyqI36/kYV/X8G1jOmB4=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2",
+        "rev": "c43d8c4a3ce84a7bebd110b06e69365484db6208",
         "type": "gitlab"
       },
       "original": {
@@ -542,11 +523,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1729993975,
-        "narHash": "sha256-Z5DQ48PdCo3IyfKbngL62Q/HuA/fsn22bMyPbTQGSKQ=",
+        "lastModified": 1734314370,
+        "narHash": "sha256-9PhjDAAuXP4tuJg+kM1AozKwBFyHHJ8ZqhQD+peqGtg=",
         "owner": "Infinidoge",
         "repo": "nix-minecraft",
-        "rev": "4753ea1f1285e944839cb2ab0b4373eb4e00c12a",
+        "rev": "616634de04e87b621bc3d495af114c4e9c6ccd36",
         "type": "github"
       },
       "original": {
@@ -562,11 +543,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1729999765,
-        "narHash": "sha256-LYsavZXitFjjyETZoij8usXjTa7fa9AIF3Sk3MJSX+Y=",
+        "lastModified": 1734234111,
+        "narHash": "sha256-icEMqBt4HtGH52PU5FHidgBrNJvOfXH6VQKNtnD1aw8=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "0e3a8778c2ee218eff8de6aacf3d2fa6c33b2d4f",
+        "rev": "311d6cf3ad3f56cb051ffab1f480b2909b3f754d",
         "type": "github"
       },
       "original": {
@@ -589,11 +570,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1725483443,
-        "narHash": "sha256-WzOlGMKV/51Fccn/OMHcm5yrqgbOJZrJIy1ya4pW0u8=",
+        "lastModified": 1734266385,
+        "narHash": "sha256-k9P9Sa6jw/Xre8UDp7Ukk75h4Tcq8ZrK+nz6A2MC1IM=",
         "owner": "oddlama",
         "repo": "nix-topology",
-        "rev": "8738d94670265beb166954c4e3a26e432f79f68c",
+        "rev": "ba6f61e594a85eabebf1c8f373923b59b3b07448",
         "type": "github"
       },
       "original": {
@@ -604,11 +585,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1729742320,
-        "narHash": "sha256-u3Of8xRkN//me8PU+RucKA59/6RNy4B2jcGAF36P4jI=",
+        "lastModified": 1734352517,
+        "narHash": "sha256-mfv+J/vO4nqmIOlq8Y1rRW8hVsGH3M+I2ESMjhuebDs=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "e8a2f6d5513fe7b7d15701b2d05404ffdc3b6dda",
+        "rev": "b12e314726a4226298fe82776b4baeaa7bcf3dcd",
         "type": "github"
       },
       "original": {
@@ -619,11 +600,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1729980323,
-        "narHash": "sha256-eWPRZAlhf446bKSmzw6x7RWEE4IuZgAp8NW3eXZwRAY=",
+        "lastModified": 1734126203,
+        "narHash": "sha256-0XovF7BYP50rTD2v4r55tR5MuBLet7q4xIz6Rgh3BBU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "86e78d3d2084ff87688da662cf78c2af085d8e73",
+        "rev": "71a6392e367b08525ee710a93af2e80083b5b3e2",
         "type": "github"
       },
       "original": {
@@ -635,11 +616,11 @@
     },
     "nixpkgs-24_05": {
       "locked": {
-        "lastModified": 1717144377,
-        "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
+        "lastModified": 1731797254,
+        "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "805a384895c696f802a9bf5bf4720f37385df547",
+        "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
         "type": "github"
       },
       "original": {
@@ -650,11 +631,11 @@
     },
     "nixpkgs-amneziawg": {
       "locked": {
-        "lastModified": 1729516182,
-        "narHash": "sha256-u+HH+gyGSUERSnhYVFX/jMykfpDrQJvGUNsBmN31GsM=",
+        "lastModified": 1733085004,
+        "narHash": "sha256-pskW7udXL6KssMYlBR7cxSLPzqLMrZWgel98dKEgKPs=",
         "owner": "azahi",
         "repo": "nixpkgs",
-        "rev": "cebf00faa0dab35517b368b5d14dc42018bf3ee0",
+        "rev": "ba3f8e26212ff64cc96a4c1932d91bd18eb87757",
         "type": "github"
       },
       "original": {
@@ -666,23 +647,23 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1727825735,
-        "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=",
+        "lastModified": 1733096140,
+        "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
       },
       "original": {
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
       }
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1730047773,
-        "narHash": "sha256-oNzx2k7lmdRO9WAY176pTo76kN1PtT02QyTz1N/tpWE=",
+        "lastModified": 1734389326,
+        "narHash": "sha256-YPjF7N9G9tGjnm630FVaLojjpl+OnWao+UqhprZ29dQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2ba15d4f55c092002f792a8e7af585bbf3277e63",
+        "rev": "6ea67fde4864ca2ab720f946e4af74ab2b73e5b9",
         "type": "github"
       },
       "original": {
@@ -694,11 +675,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1730039714,
-        "narHash": "sha256-T/UCiOaxNBvqeQMOkQq89Ni7W0XTvDxCe+7TFpQ2QE0=",
+        "lastModified": 1734284970,
+        "narHash": "sha256-iPXIDT8Rth+fJ9VpeZMu9wgdEEhrUrn77uYNcmtw3s0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5e34aff468a6cfd6c2b02cbb4a8d2d8643feaade",
+        "rev": "6903830d1075f13346be0ea9611ae6ef50a472d6",
         "type": "github"
       },
       "original": {
@@ -779,11 +760,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1729731316,
-        "narHash": "sha256-InsUCPq86xyvJ9U+pVijYNBCep/dYACyJblG6fgkkWA=",
+        "lastModified": 1734311023,
+        "narHash": "sha256-NpiSmBZ4usbCuucwLWKX8TypbP+KfKZB5GOJevdp2rM=",
         "owner": "nix-community",
         "repo": "srvos",
-        "rev": "0e447b6d3f16d6a305ca99ac89686d51042f516a",
+        "rev": "528f3ec754231bd6dc0113cd3010f66513e957f4",
         "type": "github"
       },
       "original": {
@@ -801,7 +782,7 @@
         "flake-compat": [
           "flake-compat"
         ],
-        "flake-utils": "flake-utils_3",
+        "flake-utils": "flake-utils_2",
         "gnome-shell": "gnome-shell",
         "home-manager": [
           "home-manager"
@@ -809,17 +790,17 @@
         "nixpkgs": [
           "nixpkgs"
         ],
-        "systems": "systems_4",
+        "systems": "systems_3",
         "tinted-foot": "tinted-foot",
         "tinted-kitty": "tinted-kitty",
         "tinted-tmux": "tinted-tmux"
       },
       "locked": {
-        "lastModified": 1729963473,
-        "narHash": "sha256-uGjTjvvlGQfQ0yypVP+at0NizI2nrb6kz4wGAqzRGbY=",
+        "lastModified": 1734110168,
+        "narHash": "sha256-Q0eeLYn45ErXlqGQyXmLLHGe1mqnUiK0Y9wZRa1SNFI=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "04afcfc0684d9bbb24bb1dc77afda7c1843ec93b",
+        "rev": "a9e3779949925ef22f5a215c5f49cf520dea30b1",
         "type": "github"
       },
       "original": {
@@ -873,34 +854,20 @@
         "type": "github"
       }
     },
-    "systems_4": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
     "tinted-foot": {
       "flake": false,
       "locked": {
-        "lastModified": 1696725948,
-        "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
+        "lastModified": 1726913040,
+        "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
         "owner": "tinted-theming",
         "repo": "tinted-foot",
-        "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
+        "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
         "type": "github"
       },
       "original": {
         "owner": "tinted-theming",
         "repo": "tinted-foot",
+        "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
         "type": "github"
       }
     },
@@ -924,11 +891,11 @@
     "tinted-tmux": {
       "flake": false,
       "locked": {
-        "lastModified": 1696725902,
-        "narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=",
+        "lastModified": 1729501581,
+        "narHash": "sha256-1ohEFMC23elnl39kxWnjzH1l2DFWWx4DhFNNYDTYt54=",
         "owner": "tinted-theming",
         "repo": "tinted-tmux",
-        "rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7",
+        "rev": "f0e7f7974a6441033eb0a172a0342e96722b4f14",
         "type": "github"
       },
       "original": {
@@ -950,11 +917,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1729994042,
-        "narHash": "sha256-raAG3cW29BRYmu3Pxej65QgnNi88bGUqlqMkuaJRF8s=",
+        "lastModified": 1734314392,
+        "narHash": "sha256-EydUadS7omV3SO/4TLeMkLT2JUugvPEtvBoAF43ggWU=",
         "owner": "nix-community",
         "repo": "nix-vscode-extensions",
-        "rev": "88bf73817636e232513bff1f3a071b3ae2bcfd14",
+        "rev": "4ef033412f0732794077fcc25af4f79f097ad1e1",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index c621f04..67180ca 100644
--- a/flake.nix
+++ b/flake.nix
@@ -12,7 +12,7 @@
 
     flake-parts.url = "github:hercules-ci/flake-parts";
 
-    # TODO Upstream this?
+    # TODO https://github.com/NixOS/nixpkgs/pull/360866
     nixpkgs-amneziawg.url = "github:azahi/nixpkgs/amneziawg";
 
     nixos-hardware.url = "github:NixOS/nixos-hardware";
@@ -193,6 +193,7 @@
         topology = self.topology.config.output;
 
         iso = self.nixosConfigurations.iso.config.system.build.isoImage;
+
         test-headless = self.nixosConfigurations.test-headless.config.system.build.vm;
         test-headful = self.nixosConfigurations.test-headful.config.system.build.vm;
       };
diff --git a/lib/default.nix b/lib/default.nix
index 3a67063..e06b7ec 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -11,9 +11,7 @@ rec {
 
   packages = import ./packages.nix { inherit lib inputs system; };
 
-  infuse = import inputs.infuse {
-    inherit lib;
-  };
+  inherit ((import inputs.infuse { inherit lib; }).v1) infuse;
 
   isEven =
     number:
diff --git a/lib/my.nix b/lib/my.nix
index f959de2..3a8058e 100644
--- a/lib/my.nix
+++ b/lib/my.nix
@@ -51,78 +51,6 @@ with lib;
                     isHeadless = mkConfigurationTypeOption "headless";
                     isHeadful = mkConfigurationTypeOption "headful";
                     isOther = mkConfigurationTypeOption "other";
-
-                    ipv4 = {
-                      address = mkOption {
-                        description = "The machine's public IPv4 address.";
-                        type = nullOr str;
-                        default = null;
-                      };
-                      prefixLength = mkOption {
-                        description = "The machine's public IPv4 prefix length.";
-                        type = nullOr int;
-                        default = null;
-                      };
-                      gatewayAddress = mkOption {
-                        description = "The machine's public IPv4 gateway address.";
-                        type = nullOr str;
-                        default = null;
-                      };
-                    };
-                    ipv6 = {
-                      address = mkOption {
-                        description = "The machine's public IPv6 address.";
-                        type = nullOr str;
-                        default = null;
-                      };
-                      prefixLength = mkOption {
-                        description = "The machine's public IPv6 prefix length.";
-                        type = nullOr int;
-                        default = null;
-                      };
-                      gatewayAddress = mkOption {
-                        description = "The machine's public IPv6 gateway address.";
-                        type = nullOr str;
-                        default = null;
-                      };
-                    };
-
-                    wireguard = {
-                      ipv4.address = mkOption {
-                        description = "The machine's internal IPv4 addresses.";
-                        type = nullOr str;
-                        default = null;
-                      };
-                      ipv6.address = mkOption {
-                        description = "The machine's internal IPv6 addresses.";
-                        type = nullOr str;
-                        default = null;
-                      };
-                      publicKey = mkOption {
-                        description = "The machine's public key.";
-                        type = nullOr str;
-                        default = null;
-                      };
-                    };
-
-                    # TODO Automate filling of this from the NSD service module.
-                    # Right now I need to copy domain definitions from there to here
-                    # manually.
-                    #
-                    # Something like taking `config.services.nsd.zones[$domain]` and
-                    # filtering for actual subdomains. We can remove this option
-                    # altogether then.
-                    domains = mkOption {
-                      description = "External domains that resolve to this address.";
-                      type = listOf str;
-                      default = [ ];
-                    };
-
-                    syncthing.id = mkOption {
-                      description = "Syncthing ID.";
-                      type = nullOr str;
-                      default = null;
-                    };
                   };
               }
             )
@@ -185,6 +113,7 @@ with lib;
               "git.${azahi}"
               "git.${shire}"
               "grafana.${shire}"
+              "irc.${shire}"
               "loki.${shire}"
               "ntfy.${shire}"
               "plausible.${shire}"
@@ -192,6 +121,7 @@ with lib;
               "radicale.${shire}"
               "rss-bridge.${shire}"
               "start.local"
+              "uptime.${shire}"
               "vaultwarden.${shire}"
               azahi
               rohan
@@ -250,6 +180,41 @@ with lib;
               "lidarr.${shire}"
             ];
             syncthing.id = "@SYNCTHING_ID@";
+
+            wireguard-ng = {
+              ipv4.address = "10.70.1.2";
+              ipv6.address = "fd70::1:2";
+              publicKey = "@PUBLIC_KEY@";
+            };
+          };
+
+          # VPS in Russia.
+          tulkas = {
+            stateVersion = "24.05";
+            deviceIcon = "devices.cloud-server";
+            system = "x86_64-linux";
+            isHeadless = true;
+            ipv4 = {
+              gatewayAddress = "@IPV4_ADDRESS@";
+              address = "@IPV4_ADDRESS@";
+              prefixLength = 32;
+            };
+            ipv6 = {
+              gatewayAddress = "@IPV6_ADDRESS@";
+              address = "@IPV6_ADDRESS@";
+              prefixLength = 64;
+            };
+            wireguard = {
+              ipv4.address = "10.69.0.4";
+              ipv6.address = "fd69::0:4";
+              publicKey = "@PUBLIC_KEY@";
+            };
+
+            wireguard-ng = {
+              ipv4.address = "10.70.0.1";
+              ipv6.address = "fd70::0:1";
+              publicKey = "@PUBLIC_KEY@";
+            };
           };
 
           # A beefy desktop: 7950x/rx6750xt/128GB.
@@ -264,6 +229,12 @@ with lib;
               publicKey = "@PUBLIC_KEY@";
             };
             syncthing.id = "@SYNCTHING_ID@";
+
+            wireguard-ng = {
+              ipv4.address = "10.70.3.1";
+              ipv6.address = "fd70::3:1";
+              publicKey = "@PUBLIC_KEY@";
+            };
           };
 
           # ThinkPad X1 Nano Gen 3.
@@ -278,6 +249,12 @@ with lib;
               publicKey = "@PUBLIC_KEY@";
             };
             syncthing.id = "@SYNCTHING_ID@";
+
+            wgireguard-ng = {
+              ipv4.address = "10.70.4.1";
+              ipv6.address = "fd70::4:1";
+              publicKey = "@PUBLIC_KEY@";
+            };
           };
 
           # Google Pixel 7a w/ GrapheneOS.
@@ -289,6 +266,12 @@ with lib;
               publicKey = "@PUBLIC_KEY@";
             };
             syncthing.id = "@SYNCTHING_ID@";
+
+            wireguard-ng = {
+              ipv4.address = "10.70.5.1";
+              ipv6.address = "fd70::5:1";
+              publicKey = "@PUBLIC_KEY@";
+            };
           };
         };
       };
diff --git a/modules/acme.nix b/modules/acme.nix
index 6a75818..9a2f3f1 100644
--- a/modules/acme.nix
+++ b/modules/acme.nix
@@ -5,11 +5,14 @@ let
 in
 {
   imports = [
-    (mkAliasOptionModule [ "certs" ] [
-      "security"
-      "acme"
-      "certs"
-    ])
+    (mkAliasOptionModule
+      [ "certs" ]
+      [
+        "security"
+        "acme"
+        "certs"
+      ]
+    )
   ];
 
   options.nixfiles.modules.acme = {
diff --git a/modules/android.nix b/modules/android.nix
index 363bd6c..65710ca 100644
--- a/modules/android.nix
+++ b/modules/android.nix
@@ -1,12 +1,11 @@
 { config, lib, ... }:
-with lib;
 let
   cfg = config.nixfiles.modules.android;
 in
 {
-  options.nixfiles.modules.android.enable = mkEnableOption "support for Android devices";
+  options.nixfiles.modules.android.enable = lib.mkEnableOption "support for Android devices";
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     programs.adb.enable = true;
 
     my.extraGroups = [ "adbusers" ];
diff --git a/modules/chromium.nix b/modules/chromium.nix
index c7842d5..bc34ecd 100644
--- a/modules/chromium.nix
+++ b/modules/chromium.nix
@@ -18,10 +18,11 @@ in
       programs.chromium = {
         enable = true;
 
-        package = pkgs.ungoogled-chromium;
+        # package = pkgs.ungoogled-chromium;
 
         extensions = [
           { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
+          { id = "nkbihfbeogaeaoehlefnkodbefgpgknn"; } # MetaMask
         ];
       };
     };
diff --git a/modules/common/ark.nix b/modules/common/ark.nix
index 1e43ef8..007e209 100644
--- a/modules/common/ark.nix
+++ b/modules/common/ark.nix
@@ -4,32 +4,34 @@
   lib,
   ...
 }:
-with lib;
 let
   cfg = config.nixfiles.modules.ark;
 in
 {
   imports = [
     inputs.impermanence.nixosModules.impermanence
-    (mkAliasOptionModule [ "ark" ] [
-      "nixfiles"
-      "modules"
-      "ark"
-    ])
+    (lib.mkAliasOptionModule
+      [ "ark" ]
+      [
+        "nixfiles"
+        "modules"
+        "ark"
+      ]
+    )
   ];
 
   options.nixfiles.modules.ark =
     let
-      mkListOfAnythingOption = mkOption {
-        type = with types; listOf anything; # Assumed to be matching with the upstream type.
+      mkListOfAnythingOption = lib.mkOption {
+        type = with lib.types; listOf anything; # Assumed to be matching with the upstream type.
         default = [ ];
       };
     in
     {
-      enable = mkEnableOption "persistent storage support via impermanence";
+      enable = lib.mkEnableOption "persistent storage support via impermanence";
 
-      path = mkOption {
-        type = types.str;
+      path = lib.mkOption {
+        type = lib.types.str;
         default = "/ark";
       };
 
@@ -41,7 +43,7 @@ in
       # };
     };
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     environment.persistence.${cfg.path} = {
       hideMounts = true;
       enableDebugging = false;
diff --git a/modules/common/default.nix b/modules/common/default.nix
index ef9fb18..38094e7 100644
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@@ -1 +1,4 @@
-{ lib, ... }: with lib; { imports = attrValues (modulesIn ./.); }
+{ lib, ... }:
+{
+  imports = lib.attrValues (lib.modulesIn ./.);
+}
diff --git a/modules/common/documentation.nix b/modules/common/documentation.nix
index 33e767c..f9e0fcb 100644
--- a/modules/common/documentation.nix
+++ b/modules/common/documentation.nix
@@ -5,7 +5,6 @@
   this,
   ...
 }:
-with lib;
 {
   config = {
     hm.manual = {
@@ -34,7 +33,7 @@ with lib;
 
     environment.variables = {
       MANOPT = "--no-hyphenation";
-      MANPAGER = "${getExe pkgs.less} -+F";
+      MANPAGER = "${lib.getExe pkgs.less} -+F";
     };
   };
 }
diff --git a/modules/common/home-manager.nix b/modules/common/home-manager.nix
index f2fc8a8..118fc0e 100644
--- a/modules/common/home-manager.nix
+++ b/modules/common/home-manager.nix
@@ -4,15 +4,17 @@
   lib,
   ...
 }:
-with lib;
 {
   imports = [
     inputs.home-manager.nixosModule
-    (mkAliasOptionModule [ "hm" ] [
-      "home-manager"
-      "users"
-      my.username
-    ])
+    (lib.mkAliasOptionModule
+      [ "hm" ]
+      [
+        "home-manager"
+        "users"
+        lib.my.username
+      ]
+    )
   ];
 
   hm = {
diff --git a/modules/common/kernel.nix b/modules/common/kernel.nix
index ddc4f62..f7e520a 100644
--- a/modules/common/kernel.nix
+++ b/modules/common/kernel.nix
@@ -1,29 +1,28 @@
 { lib, ... }:
-with lib;
 {
   boot.kernel.sysctl = {
-    "fs.file-max" = pow 2 17;
-    "fs.inotify.max_user_watches" = pow 2 19;
+    "fs.file-max" = lib.pow 2 17;
+    "fs.inotify.max_user_watches" = lib.pow 2 19;
     "fs.suid_dumpable" = 0;
     "kernel.core_uses_pid" = 1;
     "kernel.exec-shield" = 1;
     "kernel.kptr_restrict" = 1;
     "kernel.maps_protect" = 1;
-    "kernel.msgmax" = pow 2 16;
-    "kernel.msgmnb" = pow 2 16;
-    "kernel.pid_max" = pow 2 16;
+    "kernel.msgmax" = lib.pow 2 16;
+    "kernel.msgmnb" = lib.pow 2 16;
+    "kernel.pid_max" = lib.pow 2 16;
     "kernel.randomize_va_space" = 2;
-    "kernel.shmall" = pow 2 28;
-    "kernel.shmmax" = pow 2 28;
+    "kernel.shmall" = lib.pow 2 28;
+    "kernel.shmmax" = lib.pow 2 28;
     "kernel.sysrq" = 0;
-    "vm.dirty_background_bytes" = pow 2 22;
+    "vm.dirty_background_bytes" = lib.pow 2 22;
     "vm.dirty_background_ratio" = 5;
-    "vm.dirty_bytes" = pow 2 22;
+    "vm.dirty_bytes" = lib.pow 2 22;
     "vm.dirty_ratio" = 30;
-    "vm.min_free_kbytes" = pow 2 16;
-    "vm.mmap_min_addr" = pow 2 12;
-    "vm.overcommit_memory" = mkDefault 0;
-    "vm.overcommit_ratio" = mkDefault 50;
+    "vm.min_free_kbytes" = lib.pow 2 16;
+    "vm.mmap_min_addr" = lib.pow 2 12;
+    "vm.overcommit_memory" = lib.mkDefault 0;
+    "vm.overcommit_ratio" = lib.mkDefault 50;
     "vm.vfs_cache_pressure" = 50;
   };
 
diff --git a/modules/common/locale.nix b/modules/common/locale.nix
index 372b69b..acd1ecd 100644
--- a/modules/common/locale.nix
+++ b/modules/common/locale.nix
@@ -51,7 +51,6 @@ with lib;
       "caps:escape"
       "compose:menu"
       "grp:win_space_toggle"
-      "terminate:ctrl_alt_bksp"
     ];
   };
 }
diff --git a/modules/common/networking.nix b/modules/common/networking.nix
index f681deb..2e9c218 100644
--- a/modules/common/networking.nix
+++ b/modules/common/networking.nix
@@ -5,47 +5,35 @@
   this,
   ...
 }:
-with lib;
 let
   cfg = config.nixfiles.modules.common.networking;
+
+  interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false.
 in
 {
-  options.nixfiles.modules.common.networking.onlyDefault = mkEnableOption "custom networking settings";
+  options.nixfiles.modules.common.networking.onlyDefault =
+    lib.mkEnableOption "custom networking settings";
 
-  config = mkIf (!cfg.onlyDefault) {
+  config = lib.mkIf (!cfg.onlyDefault) {
     ark.directories =
       with config.networking;
-      optional networkmanager.enable "/etc/NetworkManager/system-connections"
-      ++ optional wireless.iwd.enable "/var/lib/iwd";
+      lib.optional networkmanager.enable "/etc/NetworkManager/system-connections"
+      ++ lib.optional wireless.iwd.enable "/var/lib/iwd";
 
-    networking = mkMerge [
+    networking = lib.mkMerge [
       {
-        domain = my.domain.shire;
+        domain = lib.my.domain.shire;
 
         hostName = this.hostname;
-        hostId = substring 0 8 (builtins.hashString "md5" this.hostname);
+        hostId = lib.substring 0 8 (builtins.hashString "md5" this.hostname);
 
         # Remove default hostname mappings. This is required at least by the
         # current implementation of the monitoring module.
         hosts = {
-          "127.0.0.2" = mkForce [ ];
-          "::1" = mkForce [ ];
+          "127.0.0.2" = lib.mkForce [ ];
+          "::1" = lib.mkForce [ ];
         };
 
-        # There's no way[1] to configure DNS server priority in
-        # systemd-resolved. The only solution for dealing with a broken VPN
-        # connection is to delete /etc/systemd/resolved.conf and restart the
-        # systemd-resolved service. Otherwise I'll just end up with a random
-        # server from the list most of the time because systemd-resolved
-        # "conveniently" will manage server priority for me...
-        #
-        # [1]: https://askubuntu.com/questions/1116732/how-do-i-list-dns-server-order-in-systemd-resolve
-        # [2]: https://github.com/systemd/systemd/issues/6076
-        nameservers = with my.configurations.manwe.wireguard; [
-          ipv6.address
-          ipv4.address
-        ];
-
         useDHCP = false;
 
         nftables.enable = true;
@@ -63,70 +51,101 @@ in
           logRefusedUnicastsOnly = false;
           logReversePathDrops = false;
         };
+
+        usePredictableInterfaceNames = false;
       }
-      (
-        let
-          interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false.
-        in
-        mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) {
-          usePredictableInterfaceNames = false; # NOTE This can break something!
-          interfaces.${interface} = {
-            ipv4.addresses =
-              with this.ipv4;
-              optional (isString address && isInt prefixLength) { inherit address prefixLength; };
-
-            ipv6.addresses =
-              with this.ipv6;
-              optional (isString address && isInt prefixLength) { inherit address prefixLength; };
+      (lib.mkIf (lib.hasAttr "ipv4" this) {
+        interfaces.${interface}.ipv4.addresses =
+          with this.ipv4;
+          lib.optional (lib.isString address && lib.isInt prefixLength) {
+            inherit address prefixLength;
           };
-          defaultGateway =
-            with this.ipv4;
-            mkIf (isString gatewayAddress) {
-              inherit interface;
-              address = gatewayAddress;
-            };
-          defaultGateway6 =
-            with this.ipv6;
-            mkIf (isString gatewayAddress) {
-              inherit interface;
-              address = gatewayAddress;
-            };
-        }
-      )
-      (mkIf this.isHeadful {
-        interfaces.eth0.useDHCP = mkDefault true;
-
+        defaultGateway =
+          with this.ipv4;
+          lib.mkIf (lib.isString gatewayAddress) {
+            inherit interface;
+            address = gatewayAddress;
+          };
+      })
+      (lib.mkIf (lib.hasAttr "ipv6" this) {
+        interfaces.${interface}.ipv6.addresses =
+          with this.ipv6;
+          lib.optional (lib.isString address && lib.isInt prefixLength) {
+            inherit address prefixLength;
+          };
+        defaultGateway6 =
+          with this.ipv6;
+          lib.mkIf (lib.isString gatewayAddress) {
+            inherit interface;
+            address = gatewayAddress;
+          };
+      })
+      (lib.mkIf this.isHeadless {
+        nameservers = with lib.my.configurations.manwe.wireguard; [
+          ipv6.address
+          ipv4.address
+        ];
+      })
+      (lib.mkIf this.isHeadful {
         networkmanager = {
-          enable = mkDefault true;
-          unmanaged = [
-            "bridge"
-            "ethernet"
-            "loopback"
-            "wireguard"
-          ];
-          plugins = mkForce [ ];
+          enable = true;
           wifi.backend = "iwd";
+          dns = "none";
         };
 
         wireless = {
           enable = false;
-          iwd.enable = mkDefault true;
+          iwd.enable = lib.mkDefault true;
           userControlled.enable = true;
           allowAuxiliaryImperativeNetworks = true;
         };
+
+        resolvconf.extraConfig = ''
+          append_nameservers='127.0.0.1'
+        '';
       })
     ];
 
-    services.resolved = {
-      llmnr = "false";
-      dnsovertls = "opportunistic";
-      dnssec = "allow-downgrade";
-      fallbackDns = dns.mkDoT dns.const.quad9.ecs;
-    };
+    services = lib.mkMerge [
+      (lib.mkIf this.isHeadless {
+        resolved = {
+          enable = true;
+          llmnr = "false";
+          dnsovertls = "opportunistic";
+          dnssec = "allow-downgrade";
+          fallbackDns = lib.dns.mkDoT lib.dns.const.quad9.ecs;
+        };
+      })
+      (lib.mkIf this.isHeadful {
+        resolved.enable = false;
+
+        dnscrypt-proxy2 = {
+          enable = true;
+          settings = {
+            ipv4_servers = true;
+            ipv6_servers = false;
+            dnscrypt_servers = true;
+            doh_servers = true;
+            odoh_servers = false;
+            require_dnssec = true;
+            require_nolog = true;
+            require_nofilter = true;
+
+            disabled_server_names = [
+              "cloudflare"
+              "cloudflare-ipv6"
+            ];
+
+            cache = true;
+            cache_size = lib.pow 2 13;
+          };
+        };
+      })
+    ];
 
     environment = {
-      shellAliases = listToAttrs (
-        map ({ name, value }: nameValuePair name "${pkgs.iproute2}/bin/${value}") [
+      shellAliases = lib.listToAttrs (
+        map ({ name, value }: lib.nameValuePair name "${pkgs.iproute2}/bin/${value}") [
           {
             name = "bridge";
             value = "bridge -color=always";
diff --git a/modules/common/nix.nix b/modules/common/nix.nix
index 58d572f..2054185 100644
--- a/modules/common/nix.nix
+++ b/modules/common/nix.nix
@@ -72,6 +72,11 @@ in
 
           keep-going = true;
 
+          experimental-features = [
+            "fetch-tree"
+            "pipe-operators"
+          ];
+
           trusted-users = [ my.username ];
 
           substituters = [
@@ -80,12 +85,12 @@ in
             "https://nix-community.cachix.org"
             "https://numtide.cachix.org"
           ];
-          trusted-substituters = [
-            "https://cache.tvl.su"
-          ];
           trusted-public-keys = [
             "cache.tvl.su:kjc6KOMupXc1vHVufJUoDUYeLzbwSr9abcAKdn/U1Jk="
           ];
+
+          # https://github.com/NixOS/nix/issues/6901
+          fallback = true;
         };
       };
 
@@ -95,6 +100,8 @@ in
       overlays = [ inputs.self.overlays.default ];
     };
 
+    programs.nh.enable = this.isHeadful;
+
     environment = {
       defaultPackages = [ ];
       systemPackages =
diff --git a/modules/common/secrets.nix b/modules/common/secrets.nix
index 03a2eeb..77dee44 100644
--- a/modules/common/secrets.nix
+++ b/modules/common/secrets.nix
@@ -10,10 +10,13 @@ with lib;
 {
   imports = [
     inputs.agenix.nixosModules.default
-    (mkAliasOptionModule [ "secrets" ] [
-      "age"
-      "secrets"
-    ])
+    (mkAliasOptionModule
+      [ "secrets" ]
+      [
+        "age"
+        "secrets"
+      ]
+    )
   ];
 
   config = {
@@ -23,7 +26,10 @@ with lib;
       else
         map (attr: attr.path) (filter (attr: attr.type == my.ssh.type) config.services.openssh.hostKeys);
 
-    environment.systemPackages = with pkgs; [ agenix ];
+    environment.systemPackages = with pkgs; [
+      age
+      agenix
+    ];
 
     nixpkgs.overlays = [ inputs.agenix.overlays.default ];
   };
diff --git a/modules/common/shell/default.nix b/modules/common/shell/default.nix
index 4ae41d8..cacb411 100644
--- a/modules/common/shell/default.nix
+++ b/modules/common/shell/default.nix
@@ -5,14 +5,13 @@
   this,
   ...
 }:
-with lib;
 let
   cfg = config.nixfiles.modules.common.shell;
 in
 {
-  options.nixfiles.modules.common.shell.aliases = mkOption {
+  options.nixfiles.modules.common.shell.aliases = lib.mkOption {
     description = "An attribute set of shell aliases.";
-    type = with types; attrsOf str;
+    type = with lib.types; attrsOf str;
     default = { };
   };
 
@@ -24,8 +23,8 @@ in
 
           initExtra =
             let
-              aliasCompletions = concatStringsSep "\n" (
-                mapAttrsToList (name: _: "complete -F _complete_alias ${name}") cfg.aliases
+              aliasCompletions = lib.concatStringsSep "\n" (
+                lib.mapAttrsToList (name: _: "complete -F _complete_alias ${name}") cfg.aliases
               );
             in
             ''
@@ -45,7 +44,7 @@ in
 
               source "${./functions.bash}"
 
-              source "${getExe' pkgs.complete-alias "complete_alias"}"
+              source "${lib.getExe' pkgs.complete-alias "complete_alias"}"
               ${aliasCompletions}
 
               # https://github.com/garabik/grc?tab=readme-ov-file#bash
@@ -73,19 +72,18 @@ in
           ];
 
           shellAliases =
-            listToAttrs (
+            lib.listToAttrs (
               map
                 (
                   { name, value }:
-                  nameValuePair name (
-                    with pkgs;
+                  lib.nameValuePair name (
                     let
                       pkg =
                         if this.isHeadful then
                           (pkgs.coreutils.overrideAttrs (
                             _: super: {
                               patches = (super.patches or [ ]) ++ [
-                                (fetchpatch {
+                                (pkgs.fetchpatch {
                                   url = "https://raw.githubusercontent.com/jarun/advcpmv/1e2b1c6b74fa0974896bf94604279a3f74b37a63/advcpmv-0.9-9.5.patch";
                                   hash = "sha256-LRfb4heZlAUKiXl/hC/HgoqeGMxCt8ruBYZUrbzSH+Y=";
                                 })
@@ -93,24 +91,24 @@ in
                             }
                           ))
                         else
-                          coreutils;
+                          pkgs.coreutils;
                     in
-                    "${getExe' pkg "coreutils"} --coreutils-prog=${value}"
+                    "${lib.getExe' pkg "coreutils"} --coreutils-prog=${value}"
                   )
                 )
                 (
                   let
                     mkAlias =
                       {
-                        name ? head command,
+                        name ? lib.head command,
                         command,
                       }:
                       {
                         inherit name;
-                        value = concatStringsSep " " command;
+                        value = lib.concatStringsSep " " command;
                       };
 
-                    progressBar = optionalString this.isHeadful "--progress-bar";
+                    progressBar = lib.optionalString this.isHeadful "--progress-bar";
                   in
                   [
                     (mkAlias {
@@ -171,7 +169,7 @@ in
                   ]
                 )
             )
-            // (genAttrs [
+            // (lib.genAttrs [
               "grep"
               "egrep"
               "fgrep"
diff --git a/modules/common/stylix.nix b/modules/common/stylix.nix
index f1e0417..f17cb4c 100644
--- a/modules/common/stylix.nix
+++ b/modules/common/stylix.nix
@@ -10,11 +10,14 @@ with lib;
 {
   imports = [
     inputs.stylix.nixosModules.stylix
-    (mkAliasOptionModule [ "colors" ] [
-      "lib"
-      "stylix"
-      "colors"
-    ])
+    (mkAliasOptionModule
+      [ "colors" ]
+      [
+        "lib"
+        "stylix"
+        "colors"
+      ]
+    )
   ];
 
   options.nixfiles.modules.common.stylix.fonts.extraPackages = mkOption {
diff --git a/modules/common/systemd.nix b/modules/common/systemd.nix
index f832518..996096e 100644
--- a/modules/common/systemd.nix
+++ b/modules/common/systemd.nix
@@ -1,5 +1,6 @@
 {
   config,
+  lib,
   ...
 }:
 {
@@ -35,8 +36,16 @@
       user = {
         inherit extraConfig;
       };
+
+      suppressedSystemUnits = lib.optionals config.nixfiles.modules.ark.enable [
+        "systemd-machine-id-commit.service"
+      ];
     };
 
+  boot.initrd.systemd.suppressedUnits = lib.optionals config.nixfiles.modules.ark.enable [
+    "systemd-machine-id-commit.service"
+  ];
+
   environment.variables = {
     SYSTEMD_PAGERSECURE = "1";
     SYSTEMD_PAGER = "less";
diff --git a/modules/common/users.nix b/modules/common/users.nix
index b8aca28..e0811b7 100644
--- a/modules/common/users.nix
+++ b/modules/common/users.nix
@@ -5,11 +5,14 @@ let
 in
 {
   imports = [
-    (mkAliasOptionModule [ "my" ] [
-      "users"
-      "users"
-      my.username
-    ])
+    (mkAliasOptionModule
+      [ "my" ]
+      [
+        "users"
+        "users"
+        my.username
+      ]
+    )
   ];
 
   ark.directories = [ home ];
diff --git a/modules/common/xdg.nix b/modules/common/xdg.nix
index 0b807b7..df7d624 100644
--- a/modules/common/xdg.nix
+++ b/modules/common/xdg.nix
@@ -4,7 +4,6 @@
   this,
   ...
 }:
-with lib;
 let
   cfg = config.nixfiles.modules.common.xdg;
 in
@@ -20,44 +19,44 @@ in
       ];
     in
     [
-      (mkAliasOptionModule [
+      (lib.mkAliasOptionModule [
         "dirs"
         "cache"
       ] (withBase "cacheHome"))
-      (mkAliasOptionModule [
+      (lib.mkAliasOptionModule [
         "dirs"
         "config"
       ] (withBase "configHome"))
-      (mkAliasOptionModule [
+      (lib.mkAliasOptionModule [
         "dirs"
         "data"
       ] (withBase "dataHome"))
-      (mkAliasOptionModule [
+      (lib.mkAliasOptionModule [
         "dirs"
         "state"
       ] (withBase "stateHome"))
-      (mkAliasOptionModule [ "userDirs" ] (withBase "userDirs"))
+      (lib.mkAliasOptionModule [ "userDirs" ] (withBase "userDirs"))
     ];
 
   options.nixfiles.modules.common.xdg = {
-    cacheHome = mkOption {
-      type = types.str;
+    cacheHome = lib.mkOption {
+      type = lib.types.str;
       default = "${config.hm.home.homeDirectory}/.cache";
     };
-    configHome = mkOption {
-      type = types.str;
+    configHome = lib.mkOption {
+      type = lib.types.str;
       default = "${config.hm.home.homeDirectory}/.config";
     };
-    dataHome = mkOption {
-      type = types.str;
+    dataHome = lib.mkOption {
+      type = lib.types.str;
       default = "${config.hm.home.homeDirectory}/.local/share";
     };
-    stateHome = mkOption {
-      type = types.str;
+    stateHome = lib.mkOption {
+      type = lib.types.str;
       default = "${config.hm.home.homeDirectory}/.local/state";
     };
-    userDirs = mkOption {
-      type = types.attrs;
+    userDirs = lib.mkOption {
+      type = lib.types.attrs;
       default =
         let
           inherit (config.my) home;
@@ -76,9 +75,9 @@ in
           videos = tmp;
         };
     };
-    defaultApplications = mkOption {
+    defaultApplications = lib.mkOption {
       description = "Default applications.";
-      type = with types; attrsOf (listOf str);
+      type = with lib.types; attrsOf (listOf str);
       default = { };
     };
   };
@@ -89,7 +88,7 @@ in
       sounds.enable = this.isHeadful;
     };
 
-    hm.xdg = mkMerge [
+    hm.xdg = lib.mkMerge [
       (with cfg; {
         enable = true;
 
@@ -99,11 +98,11 @@ in
         inherit stateHome;
         inherit userDirs;
       })
-      (mkIf this.isHeadful {
+      (lib.mkIf this.isHeadful {
         mimeApps = {
           enable = true;
-          defaultApplications = mkMerge (
-            mapAttrsToList (n: v: genAttrs v (_: [ "${n}.desktop" ])) cfg.defaultApplications
+          defaultApplications = lib.mkMerge (
+            lib.mapAttrsToList (n: v: lib.genAttrs v (_: [ "${n}.desktop" ])) cfg.defaultApplications
           );
         };
       })
diff --git a/modules/curl.nix b/modules/curl.nix
index 6895262..3c318fc 100644
--- a/modules/curl.nix
+++ b/modules/curl.nix
@@ -20,7 +20,7 @@ in
     '';
 
     environment.systemPackages = with pkgs; [
-      curl
+      curlHTTP3
       (writeShellScriptBin "0x0" ''
         url="https://0x0.st"
         form="file=@"
diff --git a/modules/docker.nix b/modules/docker.nix
index 62dc095..330d417 100644
--- a/modules/docker.nix
+++ b/modules/docker.nix
@@ -5,14 +5,13 @@
   pkgs,
   ...
 }:
-with lib;
 let
   cfg = config.nixfiles.modules.docker;
 in
 {
-  options.nixfiles.modules.docker.enable = mkEnableOption "Docker";
+  options.nixfiles.modules.docker.enable = lib.mkEnableOption "Docker";
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     assertions = [
       {
         assertion = cfg.enable -> !config.nixfiles.modules.podman.enable;
@@ -20,12 +19,14 @@ in
       }
     ];
 
+    ark.directories = [ "/var/lib/docker" ];
+
     nixfiles.modules.common.shell.aliases.d = "docker";
 
     secrets.containers-auth = {
       file = "${inputs.self}/secrets/containers-auth";
       path = "${config.my.home}/.docker/config.json";
-      owner = my.username;
+      owner = lib.my.username;
       inherit (config.my) group;
     };
 
diff --git a/modules/emacs/default.nix b/modules/emacs/default.nix
index 455f710..71bc24c 100644
--- a/modules/emacs/default.nix
+++ b/modules/emacs/default.nix
@@ -231,9 +231,8 @@ in
                               (mu4e-drafts-folder       . "/${name}/${folders.drafts}")
                               (mu4e-trash-folder        . "/${name}/${folders.trash}")
                               (mu4e-refile-folder       . "/${name}/Archive")
-                              ${
-                                optionalString (signature.showSignature != "none")
-                                  ''(mu4e-compose-signature   . "${replaceStrings [ "\n" ] [ "\\n" ] signature.text}")''
+                              ${optionalString (signature.showSignature != "none")
+                                ''(mu4e-compose-signature   . "${replaceStrings [ "\n" ] [ "\\n" ] signature.text}")''
                               }
                               (+mu4e-personal-addresses . (${personalAddresses})))
                             t)
diff --git a/modules/emacs/doom/config.el b/modules/emacs/doom/config.el
index 85fe4a9..a212e17 100644
--- a/modules/emacs/doom/config.el
+++ b/modules/emacs/doom/config.el
@@ -260,3 +260,118 @@
                                  (setq-local company-idle-delay 0.1))))
   :init
   (setq! hledger-input-buffer-height 20))
+
+;;
+;;; LLM
+;;
+
+(use-package! gptel
+  :config
+  (setq! gptel-model 'codegemma:7b
+         gptel-backend (gptel-make-ollama "ollama"
+                         :host "eonwe.shire.net:11434"
+                         :stream t
+                         :models '(dagbs/qwen2.5-coder-7b-instruct-abliterated:latest
+                                   qwen2.5-coder:7b
+                                   deepseek-coder-v2:16b
+                                   codegemma:7b
+                                   codellama:7b
+                                   llama3.2:3b
+                                   mistral:7b))))
+
+(use-package! ellama
+  :init
+  (setq! ellama-naming-scheme 'ellama-generate-name-by-time)
+  :config
+  (require 'llm-ollama)
+  (setq! ellama-provider (make-llm-ollama
+                          :scheme "http"
+                          :host "eonwe.shire.net"
+                          :port 11434
+                          :chat-model "llama3.2:3b"
+                          :embedding-model "nomic-embed-text:latest")
+         ellama-providers '(("llama" . (make-llm-ollama
+                                        :scheme "http"
+                                        :host "eonwe.shire.net"
+                                        :port 11434
+                                        :chat-model "llama3.2:3b"
+                                        :embedding-model "nomic-embed-text:latest"))
+                            ("codellama" . (make-llm-ollama
+                                            :scheme "http"
+                                            :host "eonwe.shire.net"
+                                            :port 11434
+                                            :chat-model "codellama:7b"
+                                            :embedding-model "nomic-embed-text:latest"))
+                            ("qwen" . (make-llm-ollama
+                                       :scheme "http"
+                                       :host "eonwe.shire.net"
+                                       :port 11434
+                                       :chat-model "qwen2.5:7b"
+                                       :embedding-model "nomic-embed-text:latest"))
+                            ("qwen-coder" . (make-llm-ollama
+                                             :scheme "http"
+                                             :host "eonwe.shire.net"
+                                             :port 11434
+                                             :chat-model "qwen2.5-coder:7b"
+                                             :embedding-model "nomic-embed-text:latest"))
+                            ("qwen-coder-instruct" . (make-llm-ollama
+                                                      :scheme "http"
+                                                      :host "eonwe.shire.net"
+                                                      :port 11434
+                                                      :chat-model "dagbs/qwen2.5-coder-7b-instruct-abliterated:latest"
+                                                      :embedding-model "nomic-embed-text:latest"))
+                            ("gemma" . (make-llm-ollama
+                                        :scheme "http"
+                                        :host "eonwe.shire.net"
+                                        :port 11434
+                                        :chat-model "gemma2:9b"
+                                        :embedding-model "nomic-embed-text:latest"))
+                            ("codegemma" . (make-llm-ollama
+                                            :scheme "http"
+                                            :host "eonwe.shire.net"
+                                            :port 11434
+                                            :chat-model "codegemma:7b"
+                                            :embedding-model "nomic-embed-text:latest"))
+                            ("mistral" . (make-llm-ollama
+                                          :scheme "http"
+                                          :host "eonwe.shire.net"
+                                          :port 11434
+                                          :chat-model "mistral:7b"
+                                          :embedding-model "nomic-embed-text:latest"))
+                            ("hermes" . (make-llm-ollama
+                                         :scheme "http"
+                                         :host "eonwe.shire.net"
+                                         :port 11434
+                                         :chat-model "hermes3:8b"
+                                         :embedding-model "nomic-embed-text:latest"))
+                            ("deepseek" . (make-llm-ollama
+                                           :scheme "http"
+                                           :host "eonwe.shire.net"
+                                           :port 11434
+                                           :chat-model "deepseek-coder-v2:16b"
+                                           :embedding-model "nomic-embed-text:latest")))
+         ellama-translation-provider (make-llm-ollama
+                                      :scheme "http"
+                                      :host "eonwe.shire.net"
+                                      :port 11434
+                                      :chat-model "qwen2.5:7b"
+                                      :embedding-model "nomic-embed-text:latest")
+         ellama-summarization-provider (make-llm-ollama
+                                        :scheme "http"
+                                        :host "eonwe.shire.net"
+                                        :port 11434
+                                        :chat-model "mistral:7b"
+                                        :embedding-model "nomic-embed-text:latest")))
+
+(use-package! magit-gptcommit
+  :after magit
+  :config
+  (require 'llm-ollama)
+  (setq! magit-gptcommit-llm-provider (make-llm-ollama
+                                       :scheme "http"
+                                       :host "eonwe.shire.net"
+                                       :port 11434
+                                       :chat-model "dagbs/qwen2.5-coder-7b-instruct-abliterated:latest"
+                                       :embedding-model "nomic-embed-text:latest"))
+
+  (magit-gptcommit-status-buffer-setup))
diff --git a/modules/emacs/doom/init.el b/modules/emacs/doom/init.el
index 8575c3f..3845fd6 100644
--- a/modules/emacs/doom/init.el
+++ b/modules/emacs/doom/init.el
@@ -48,7 +48,7 @@
 
        :checkers
        syntax
-       (spell +everywhere +icons)
+       (spell +flyspell +everywhere +icons)
        grammar
 
        :tools
diff --git a/modules/emacs/doom/packages.el b/modules/emacs/doom/packages.el
index fb521bc..a7085da 100644
--- a/modules/emacs/doom/packages.el
+++ b/modules/emacs/doom/packages.el
@@ -8,18 +8,23 @@
 
 (package! org-roam-ui)
 
+;; https://github.com/doomemacs/doomemacs/issues/8166
+;; https://github.com/org-roam/org-roam/issues/2485
+(unpin! emacsql)
+(package! emacsql
+  :recipe (:host github :repo "magit/emacsql")
+  :pin "491105a01f58bf0b346cbc0254766c6800b229a2")
+
 (package! nickel-mode)
 
 (package! hledger-mode)
 
 (package! sops
-  :recipe (:host github
-           :repo "djgoku/sops"))
+  :recipe (:host github :repo "djgoku/sops"))
 
-(unpin! ansible)
-(package! ansible
-  :recipe (:host gitlab
-           :repo "emacs-ansible/emacs-ansible"))
+(package! gptel)
+(package! ellama)
+(package! magit-gptcommit)
 
 ;; (package! tvl
 ;;   :recipe (:host nil
diff --git a/modules/firefox/addons.json b/modules/firefox/addons.json
index 5c6a090..c194368 100644
--- a/modules/firefox/addons.json
+++ b/modules/firefox/addons.json
@@ -7,9 +7,6 @@
     "slug": "consent-o-matic"
   },
   {
-    "slug": "darkreader"
-  },
-  {
     "slug": "furiganaize"
   },
   {
@@ -19,9 +16,16 @@
     "slug": "languagetool"
   },
   {
+    "pname": "metamask",
+    "slug": "ether-metamask"
+  },
+  {
     "slug": "no-pdf-download"
   },
   {
+    "slug": "plasma-integration"
+  },
+  {
     "pname": "rikaichamp",
     "slug": "10ten-ja-reader"
   },
@@ -32,6 +36,9 @@
     "slug": "skip-redirect"
   },
   {
+    "slug": "switchyomega"
+  },
+  {
     "slug": "ublock-origin"
   },
   {
@@ -40,8 +47,5 @@
   },
   {
     "slug": "violentmonkey"
-  },
-  {
-    "slug": "switchyomega"
   }
 ]
diff --git a/modules/firefox/addons.nix b/modules/firefox/addons.nix
index e416a3f..5a08549 100644
--- a/modules/firefox/addons.nix
+++ b/modules/firefox/addons.nix
@@ -5,10 +5,10 @@
 {
   "bitwarden" = buildFirefoxXpiAddon {
     pname = "bitwarden";
-    version = "2024.10.0";
+    version = "2024.10.1";
     addonId = "{446900e4-71c2-419f-a6a7-df9c091e268b}";
-    url = "https://addons.mozilla.org/firefox/downloads/file/4363548/bitwarden_password_manager-2024.10.0.xpi";
-    sha256 = "9ea9428444870a74ae1999d77eb12d97a45275c85e83d6afdcbc4597fa3eccfb";
+    url = "https://addons.mozilla.org/firefox/downloads/file/4371752/bitwarden_password_manager-2024.10.1.xpi";
+    sha256 = "7b7357ddce2756dc536b86b5c14139ec09731c1c114ac82807c60fba3ced12a5";
     meta = with lib; {
       homepage = "https://bitwarden.com";
       description = "At home, at work, or on the go, Bitwarden easily secures all your passwords, passkeys, and sensitive information.";
@@ -52,27 +52,6 @@
       platforms = platforms.all;
     };
   };
-  "darkreader" = buildFirefoxXpiAddon {
-    pname = "darkreader";
-    version = "4.9.94";
-    addonId = "addon@darkreader.org";
-    url = "https://addons.mozilla.org/firefox/downloads/file/4359254/darkreader-4.9.94.xpi";
-    sha256 = "251c4e7d0a30c0cab006803600e59ab92dcc0c606429740d42677846d4c9ccd6";
-    meta = with lib; {
-      homepage = "https://darkreader.org/";
-      description = "Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing.";
-      license = licenses.mit;
-      mozPermissions = [
-        "alarms"
-        "contextMenus"
-        "storage"
-        "tabs"
-        "theme"
-        "<all_urls>"
-      ];
-      platforms = platforms.all;
-    };
-  };
   "furiganaize" = buildFirefoxXpiAddon {
     pname = "furiganaize";
     version = "0.7.2";
@@ -144,6 +123,36 @@
       platforms = platforms.all;
     };
   };
+  "metamask" = buildFirefoxXpiAddon {
+    pname = "metamask";
+    version = "12.0.6";
+    addonId = "webextension@metamask.io";
+    url = "https://addons.mozilla.org/firefox/downloads/file/4342782/ether_metamask-12.0.6.xpi";
+    sha256 = "a66e20bbe5ded1b9408420e4c2ffc82369cc3bfd27350afe25f2c0ef6b26ff3b";
+    meta = with lib; {
+      description = "Ethereum Browser Extension";
+      mozPermissions = [
+        "storage"
+        "unlimitedStorage"
+        "clipboardWrite"
+        "http://localhost:8545/"
+        "https://*.infura.io/"
+        "https://*.codefi.network/"
+        "https://*.cx.metamask.io/"
+        "https://chainid.network/chains.json"
+        "https://lattice.gridplus.io/*"
+        "activeTab"
+        "webRequest"
+        "*://*.eth/"
+        "notifications"
+        "file://*/*"
+        "http://*/*"
+        "https://*/*"
+        "*://connect.trezor.io/*/popup.html"
+      ];
+      platforms = platforms.all;
+    };
+  };
   "no-pdf-download" = buildFirefoxXpiAddon {
     pname = "no-pdf-download";
     version = "1.0.6";
@@ -162,6 +171,29 @@
       platforms = platforms.all;
     };
   };
+  "plasma-integration" = buildFirefoxXpiAddon {
+    pname = "plasma-integration";
+    version = "1.9.1";
+    addonId = "plasma-browser-integration@kde.org";
+    url = "https://addons.mozilla.org/firefox/downloads/file/4298512/plasma_integration-1.9.1.xpi";
+    sha256 = "394a3525185679dd5430d05f980ab6be19d96557560fe86208c21a8807669b33";
+    meta = with lib; {
+      homepage = "http://kde.org";
+      description = "Multitask efficiently by controlling browser functions from the Plasma desktop.";
+      license = licenses.gpl3;
+      mozPermissions = [
+        "nativeMessaging"
+        "notifications"
+        "storage"
+        "downloads"
+        "tabs"
+        "<all_urls>"
+        "contextMenus"
+        "*://*/*"
+      ];
+      platforms = platforms.all;
+    };
+  };
   "redirector" = buildFirefoxXpiAddon {
     pname = "redirector";
     version = "3.5.3";
@@ -187,10 +219,10 @@
   };
   "rikaichamp" = buildFirefoxXpiAddon {
     pname = "rikaichamp";
-    version = "1.21.1";
+    version = "1.22.0";
     addonId = "{59812185-ea92-4cca-8ab7-cfcacee81281}";
-    url = "https://addons.mozilla.org/firefox/downloads/file/4355635/10ten_ja_reader-1.21.1.xpi";
-    sha256 = "81d85cfdc03cb0c921cac84547e7a7a539af11ff9a81dd901b3f3bfa67ba45f1";
+    url = "https://addons.mozilla.org/firefox/downloads/file/4371439/10ten_ja_reader-1.22.0.xpi";
+    sha256 = "d6f3197b7e3383f2723b9376d93e03fe515e5c610f9c0723d9618b10d3cc4bf1";
     meta = with lib; {
       homepage = "https://github.com/birchill/10ten-ja-reader/";
       description = "Quickly translate Japanese by hovering over words. Formerly released as Rikaichamp.";
@@ -258,10 +290,10 @@
   };
   "ublock-origin" = buildFirefoxXpiAddon {
     pname = "ublock-origin";
-    version = "1.60.0";
+    version = "1.61.0";
     addonId = "uBlock0@raymondhill.net";
-    url = "https://addons.mozilla.org/firefox/downloads/file/4359936/ublock_origin-1.60.0.xpi";
-    sha256 = "e2cda9b2a1b0a7f6e5ef0da9f87f28df52f8560587ba2e51a3003121cfb81600";
+    url = "https://addons.mozilla.org/firefox/downloads/file/4382536/ublock_origin-1.61.0.xpi";
+    sha256 = "e6fd55b799a568c66c10892a8f22428e6773fe16d7466ce9dee2952f224b203d";
     meta = with lib; {
       homepage = "https://github.com/gorhill/uBlock#ublock-origin";
       description = "Finally, an efficient wide-spectrum content blocker. Easy on CPU and memory.";
@@ -318,10 +350,10 @@
   };
   "violentmonkey" = buildFirefoxXpiAddon {
     pname = "violentmonkey";
-    version = "2.26.0";
+    version = "2.28.0";
     addonId = "{aecec67f-0d10-4fa7-b7c7-609a2db280cf}";
-    url = "https://addons.mozilla.org/firefox/downloads/file/4362578/violentmonkey-2.26.0.xpi";
-    sha256 = "47b61fd463602a38bf67591ab94c60d3f1a02ad4f81b9a8a3de97d5461b2e12e";
+    url = "https://addons.mozilla.org/firefox/downloads/file/4379821/violentmonkey-2.28.0.xpi";
+    sha256 = "30bc3db14194a5197e4721d419123f3a02b9c6f3e94646724aa991137121bcba";
     meta = with lib; {
       homepage = "https://violentmonkey.github.io/";
       description = "Userscript support for browsers, open source.";
diff --git a/modules/firefox/default.nix b/modules/firefox/default.nix
index b7e47b6..ee45434 100644
--- a/modules/firefox/default.nix
+++ b/modules/firefox/default.nix
@@ -41,28 +41,6 @@ in
             mkCssWithRoot =
               css:
               mkMerge [
-                # https://github.com/tinted-theming/base24/blob/master/styling.md
-                (with config.colors.withHashtag; ''
-                  :root {
-                    --black: ${base01};
-                    --red: ${base08};
-                    --green: ${base0B};
-                    --yellow: ${base09};
-                    --blue: ${base0D};
-                    --magenta: ${base0E};
-                    --cyan: ${base0C};
-                    --white: ${base06};
-                    --bright-black: ${base02};
-                    --bright-red: ${base12};
-                    --bright-green: ${base14};
-                    --bright-yellow: ${base13};
-                    --bright-blue: ${base16};
-                    --bright-magenta: ${base17};
-                    --bright-cyan: ${base15};
-                    --bright-white: ${base07};
-                    --background: ${base00};
-                    --foreground: ${base05};
-                '')
                 (
                   let
                     mapFonts = concatMapStringsSep ", " (font: ''"${font}"'');
@@ -70,6 +48,7 @@ in
                   in
                   with config.fonts.fontconfig.defaultFonts;
                   ''
+                    :root {
                       --serif-font-family: ${mapFonts serif}, serif;
                       --serif-font-size: ${size};
                       --sans-serif-font-family: ${mapFonts sansSerif}, sans-serif;
@@ -124,9 +103,9 @@ in
               with addons;
               [
                 consent-o-matic
-                darkreader
                 furiganaize
                 languagetool
+                metamask
                 no-pdf-download
                 redirector
                 rikaichamp
@@ -136,6 +115,7 @@ in
                 user-agent-switcher
                 violentmonkey
               ]
+              ++ optional config.nixfiles.modules.kde.enable plasma-integration
               ++ optional config.nixfiles.modules.ipfs.enable ipfs-companion;
 
             search = {
@@ -222,7 +202,7 @@ in
 
                   "GitHub" = {
                     urls = [ { template = "https://github.com/search?q={searchTerms}"; } ];
-                    icon = getIcon "https://github.githubassets.com/favicons/favicon-dark.svg" "sha256-qu/d9ftvsntplFuxw9RFL8BpI9b2g5b6xfeGw6Ekh6w=";
+                    icon = getIcon "https://github.githubassets.com/favicons/favicon.svg" "sha256-apV3zU9/prdb3hAlr4W5ROndE4g3O1XMum6fgKwurmA=";
                     definedAliases = [
                       "@github"
                       "@gh"
@@ -373,7 +353,7 @@ in
 
                   "SourceHut" = {
                     urls = [ { template = "https://sr.ht/projects?search={searchTerms}"; } ];
-                    icon = getIcon "https://sr.ht/static/logo.png" "sha256-NBzKZhqE9//zVJlOwYiwyW/jRFh8+nS2YvC3zMCQ1fU=";
+                    icon = getIcon "https://sourcehut.org/logo.svg" "sha256-tX7ppdGitgaVFCI1aGc41n6er7srHi+GMv5+lpFvYBc=";
                     definedAliases = [
                       "@sourcehut"
                       "@srht"
@@ -421,6 +401,10 @@ in
                 name = "Bookmarks Toolbar";
                 toolbar = true;
                 bookmarks = with config.nixfiles.modules; [
+                  {
+                    name = "XUL";
+                    url = "chrome://browser/content/browser.xhtml";
+                  }
                   (mkIf syncthing.enable {
                     name = "Syncthing";
                     url = "http://${config.services.syncthing.guiAddress}";
@@ -529,6 +513,7 @@ in
               "browser.tabs.warnOnClose" = false;
               "browser.tabs.warnOnCloseOtherTabs" = false;
               "browser.tabs.warnOnOpen" = false;
+              "browser.theme.dark-private-windows" = false;
               "browser.toolbars.bookmarks.visibility" = "newtab";
               "browser.translations.enable" = false;
               "browser.urlbar.decodeURLsOnCopy" = true;
@@ -551,6 +536,7 @@ in
               "media.autoplay.blocking_policy" = 2;
               "media.autoplay.default" = 5;
               "media.hardwaremediakeys.enabled" = false;
+              "media.videocontrols.picture-in-picture.video-toggle.enabled" = false;
               "reader.parse-on-load.enabled" = false;
               "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
             };
diff --git a/modules/firefox/userChrome.css b/modules/firefox/userChrome.css
index 80d1f7a..aeb1c8f 100644
--- a/modules/firefox/userChrome.css
+++ b/modules/firefox/userChrome.css
@@ -1,23 +1,9 @@
 @-moz-document url(chrome://browser/content/browser.xhtml)
 {
-  /*
-   ***
-   * Tabbar
-   ***
-   */
-
-  /*
-   * Apply colours and fonts.
-   */
-  .tabbrowser-tab {
-    color: var(--background-alt) !important;
+  #urlbar {
     font-family: var(--sans-serif-font-family) !important;
     font-size: var(--sans-serif-font-size) !important;
   }
-  .tabbrowser-tab[visuallyselected="true"] {
-    background: var(--background) !important;
-    color: var(--foreground) !important;
-  }
 
   /*
    * Not sure why is this shit even exists...
@@ -34,32 +20,6 @@
   }
 
   /*
-   * Disable borders and margins.
-   */
-  #tabbrowser-tabs {
-    border-inline-start: 0 !important;
-    /* padding-inline-start: 0 !important; */
-    margin-inline-start: 0 !important;
-  }
-  #tabbrowser-tabs[haspinnedtabs]:not([positionpinnedtabs])
-    > #tabbrowser-arrowscrollbox
-    > .tabbrowser-tab[first-visible-unpinned-tab] {
-    margin-inline-start: none !important;
-  }
-  .tabbrowser-tab::after,
-  .tabbrowser-tab::before {
-    border: none !important;
-  }
-
-  /*
-   * Make tabs backgroundless.
-   */
-  /* .tab-background, */
-  /* .tab-line { */
-  /*   display: none !important; */
-  /* } */
-
-  /*
    * Stretch tabs to the max by default.
    */
   .tabbrowser-tab[fadein]:not([pinned="true"]) {
@@ -67,14 +27,6 @@
   }
 
   /*
-   * Fix favicon location.
-   */
-  .tab-icon-image {
-    margin-inline-end: 10px !important;
-    margin-top: 0px !important;
-  }
-
-  /*
    * "C-t" exists.
    */
   #tabs-newtab-button,
@@ -90,64 +42,13 @@
   }
 
   /*
-   ***
-   * Navbar & urlbar.
-   ***
-   */
-
-  /*
-   * Remove padding between urlbar and side elements.
+   * Remove padding between URL bar and side elements.
    */
   #customizableui-special-spring1,
   #customizableui-special-spring2 {
     display: none !important;
   }
 
-  #urlbar {
-    background: var(--background) !important;
-    color: var(--foreground) !important;
-    font-family: var(--sans-serif-font-family) !important;
-    font-size: var(--sans-serif-font-size) !important;
-    border-color: transparent !important;
-  }
-
-  /* #urlbar:not(:-moz-lwtheme):not([focused="true"]) > #urlbar-background, */
-  /* #searchbar:not(:-moz-lwtheme):not(:focus-within) { */
-  /*   border: none !important; */
-  /* } */
-
-  /* #urlbar *|*.textbox-input::-moz-placeholder { */
-  /*   color: transparent !important; */
-  /* } */
-
-  /* .urlbar-icon:hover:not([disabled]), */
-  /* .urlbar-icon-wrapper:hover:not([disabled]) { */
-  /*   background-color: var(--background-alt) !important; */
-  /* } */
-
-  /* #urlbar-background { */
-  /*   background: transparent !important; */
-  /* } */
-
-  /* .urlbarView-tags, */
-  /* .urlbarView-url, */
-  /* .urlbarView-title:not(:empty) ~ .urlbarView-action { */
-  /*   font-size: var(--sans-serif-font-size) !important; */
-  /* } */
-
-  .urlbarView-row[label="Firefox Suggest"] {
-    margin-block-start: 0 !important;
-  }
-  .urlbarView-row[label="Firefox Suggest"]::before {
-    display: none !important;
-  }
-
-  /*
-   ***
-   * Misc.
-   ***
-   */
-
   /*
    * Call indicator that some "designer" decided to make floating and impossible
    * to hide.
@@ -157,16 +58,41 @@
   }
 
   /*
-   * Disable some context menu entries.
-   */
-  #context-navigation {
+   * Context menu. Both for tabs and page.
+   */
+  #context-bookmarklink,
+  #context-inspect-a11y,
+  #context-navigation,
+  #context-pocket,
+  #context-print-selection,
+  #context-searchselect,
+  #context-selectall,
+  #context-sendimage,
+  #context-sendlinktodevice,
+  #context-sendpagetodevice,
+  #context-viewsource,
+  #context_bookmarkTab,
+  #context_moveTabOptions,
+  #context_selectAllTabs,
+  #context_sendTabToDevice,
+  menuseparator {
     display: none !important;
   }
 
   /*
-   * Remove dumb websites that Mozilla is forced to include.
+   * Unify margins for tab browser.
    */
-  .search-one-offs {
-    display: none !important;
+  #tabbrowser-tabs {
+    margin-inline-start: 0 !important;
+    border-inline-start: 0 !important;
+    padding-inline-start: calc(
+      var(--tab-overflow-pinned-tabs-width) + 2px
+    ) !important;
+    margin-inline-start: 0 !important;
+  }
+  #tabbrowser-tabs[haspinnedtabs]:not([positionpinnedtabs])[orient="horizontal"]
+    > #tabbrowser-arrowscrollbox
+    > .tabbrowser-tab:nth-child(1 of :not([pinned], [hidden])) {
+    margin-inline-start: 0 !important;
   }
 }
diff --git a/modules/firefox/userContent.css b/modules/firefox/userContent.css
index 96bb529..a009ad8 100644
--- a/modules/firefox/userContent.css
+++ b/modules/firefox/userContent.css
@@ -1,16 +1,11 @@
 @-moz-document media-document(all) {
   body {
     background-image: none !important;
-    background-color: var(--background) !important;
+    background-color: var(--background-color-box) !important;
   }
 }
 
 @-moz-document regexp("about:(blank|home|newtab|privatebrowsing|welcome)") {
-  html,
-  body {
-    background: var(--background) !important;
-  }
-
   body {
     display: none !important;
   }
@@ -265,7 +260,8 @@
   #highlight__main-container,
   .global-footer,
   .global-navigation,
-  .global-registration-buttons {
+  .global-registration-buttons,
+  .notifications-placeholder {
     display: none !important;
   }
 
diff --git a/modules/games/gamemode.nix b/modules/games/gamemode.nix
index eb485f8..4e57a8b 100644
--- a/modules/games/gamemode.nix
+++ b/modules/games/gamemode.nix
@@ -1,13 +1,12 @@
 { config, lib, ... }:
-with lib;
 let
   cfg = config.nixfiles.modules.games.gamemode;
 in
 {
-  options.nixfiles.modules.games.gamemode.enable = mkEnableOption "Feral GameMode";
+  options.nixfiles.modules.games.gamemode.enable = lib.mkEnableOption "Feral GameMode";
 
-  config = mkIf cfg.enable {
-    hm.xdg.configFile."gamemode.ini".text = generators.toINI { } { general.softrealtime = "auto"; };
+  config = lib.mkIf cfg.enable {
+    hm.xdg.configFile."gamemode.ini".text = lib.generators.toINI { } { general.softrealtime = "auto"; };
 
     programs.gamemode.enable = true;
   };
diff --git a/modules/games/lutris.nix b/modules/games/lutris.nix
index 62fe521..d926971 100644
--- a/modules/games/lutris.nix
+++ b/modules/games/lutris.nix
@@ -22,10 +22,12 @@ in
       (lutris.override {
         extraPkgs = _: [
           vkBasalt
-          wine
+          wine-staging
           winetricks
         ];
       })
+      wine-staging
+      winetricks
     ];
   };
 }
diff --git a/modules/games/minecraft.nix b/modules/games/minecraft.nix
index f93a139..f849360 100644
--- a/modules/games/minecraft.nix
+++ b/modules/games/minecraft.nix
@@ -5,7 +5,6 @@
   pkgs,
   ...
 }:
-with lib;
 let
   cfg = config.nixfiles.modules.games.minecraft;
 in
@@ -13,28 +12,30 @@ in
   imports = [ inputs.minecraft.nixosModules.minecraft-servers ];
 
   options.nixfiles.modules.games.minecraft = {
-    client.enable = mkEnableOption "Minecraft client";
+    client.enable = lib.mkEnableOption "Minecraft client";
     server = {
-      enable = mkEnableOption "Minecraft server";
+      enable = lib.mkEnableOption "Minecraft server";
 
-      port = mkOption {
+      port = lib.mkOption {
         description = "Server port.";
-        type = types.port;
+        type = lib.types.port;
         default = 25565;
       };
 
-      memory = mkOption {
+      memory = lib.mkOption {
         description = "Amount of RAM to allocate.";
-        type = types.str;
+        type = lib.types.str;
         default = "2G";
       };
     };
   };
 
-  config = mkMerge [
-    (mkIf cfg.client.enable { hm.home.packages = [ pkgs.prismlauncher ]; })
-    (mkIf cfg.server.enable {
-      nixfiles.modules.common.nix.allowedUnfreePackages = [ "minecraft-server" ];
+  config = lib.mkMerge [
+    (lib.mkIf cfg.client.enable { hm.home.packages = [ pkgs.prismlauncher ]; })
+    (lib.mkIf cfg.server.enable {
+      nixfiles.modules.common.nix.allowedUnfreePackages = [
+        "minecraft-server" # proprietary
+      ];
 
       ark.directories = [ config.services.minecraft-servers.dataDir ];
 
@@ -50,7 +51,7 @@ in
 
           # https://api.papermc.io/v2/projects/paper
           # https://github.com/Infinidoge/nix-minecraft/blob/master/pkgs/paper-servers/lock.json
-          package = pkgs.paperServers.paper-1_21_47;
+          package = pkgs.minecraftServers.paper-1_21_3;
 
           serverProperties = {
             # motd = "";
@@ -71,7 +72,7 @@ in
           };
 
           jvmOpts =
-            (concatStringsSep " " [
+            (lib.concatStringsSep " " [
               "-Xms${cfg.server.memory}"
               "-Xmx${cfg.server.memory}"
               "--add-modules=jdk.incubator.vector" # Required by some plugins.
diff --git a/modules/games/steam-run.nix b/modules/games/steam-run.nix
index be06c78..9e3c962 100644
--- a/modules/games/steam-run.nix
+++ b/modules/games/steam-run.nix
@@ -2,72 +2,49 @@
   config,
   lib,
   pkgs,
-  pkgsRev,
   ...
 }:
-with lib;
 let
   cfg = config.nixfiles.modules.games.steam-run;
 in
 {
   options.nixfiles.modules.games.steam-run = {
-    enable = mkEnableOption "native Steam runtime";
+    enable = lib.mkEnableOption "native Steam runtime";
 
     quirks = {
-      blackIsleStudios = mkEnableOption "fixes for games from Black Isle Studios";
-      cryptOfTheNecrodancer = mkEnableOption ''fixes for "Crypt of the NecroDancer" issues'';
-      mountAndBladeWarband = mkEnableOption ''fixes for "Mount & Blade: Warband" issues'';
+      blackIsleStudios = lib.mkEnableOption "fixes for games from Black Isle Studios";
+      cryptOfTheNecrodancer = lib.mkEnableOption ''fixes for "Crypt of the NecroDancer" issues'';
+      mountAndBladeWarband = lib.mkEnableOption ''fixes for "Mount & Blade: Warband" issues'';
     };
   };
 
-  config = mkIf cfg.enable {
-    nixfiles.modules.games.steam.enable = true;
+  config = lib.mkIf cfg.enable {
+    nixfiles.modules = {
+      games.steam.enable = true;
 
-    hm.home.packages = with pkgs; [
-      (steam.override {
+      common.nix.allowedUnfreePackages = lib.optionals cfg.quirks.mountAndBladeWarband [
+        "fmod" # proprietary
+      ];
+    };
+
+    hm.home.packages = [
+      (pkgs.steam.override {
+        extraEnv.MANGOHUD = 1;
         extraLibraries =
           _:
-          with cfg.quirks;
-          optional blackIsleStudios openssl_1_0_0
-          ++ optional cryptOfTheNecrodancer (pkgsRev "d1c3fea7ecbed758168787fe4e4a3157e52bc808" "sha256-3muuhz3fjtF1bz32UXOYCho51E8JSeEwo2iDZFQJdXo=")
-          .flac
-          ++ optionals mountAndBladeWarband [
-            (glew.overrideAttrs (
-              _: super:
-              let
-                opname = super.pname;
-              in
-              rec {
-                pname = "${opname}-steam-run-fix";
-                inherit (super) version;
-                src = fetchurl {
-                  url = "mirror://sourceforge/${opname}/${opname}-${version}.tgz";
-                  hash = "sha256-BN6R5+Z2MDm8EZQAlc2cf4gLq6ghlqd2X3J6wFqZPJU=";
-                };
-              }
-            ))
-            (fmodex.overrideAttrs (
-              _: super:
-              let
-                opname = super.pname;
-              in
-              rec {
-                pname = "${opname}-steam-run-fix";
-                inherit (super) version;
-                installPhase =
-                  let
-                    libPath = makeLibraryPath [
-                      alsa-lib
-                      libpulseaudio
-                      stdenv.cc.cc
-                    ];
-                  in
-                  ''
-                    install -Dm755 api/lib/libfmodex64-${version}.so $out/lib/libfmodex64.so
-                    patchelf --set-rpath ${libPath} $out/lib/libfmodex64.so
-                  '';
-              }
-            ))
+          lib.optionals cfg.quirks.blackIsleStudios [
+            pkgs.openssl_1_0_0
+          ]
+          ++ lib.optionals cfg.quirks.cryptOfTheNecrodancer [
+            (lib.packages.fromRev "d1c3fea7ecbed758168787fe4e4a3157e52bc808" "sha256-3muuhz3fjtF1bz32UXOYCho51E8JSeEwo2iDZFQJdXo=")
+            .flac
+          ]
+          ++ lib.optionals cfg.quirks.mountAndBladeWarband [
+            (pkgs.fmodex.overrideAttrs (oldAttrs: {
+              postInstall = ''
+                ln -s $out/lib/libfmodex64.so $out/lib/libfmodex-${oldAttrs.version}.so
+              '';
+            }))
           ];
       }).run
     ];
diff --git a/modules/git/default.nix b/modules/git/default.nix
index b618a57..f370ae6 100644
--- a/modules/git/default.nix
+++ b/modules/git/default.nix
@@ -8,38 +8,37 @@
   this,
   ...
 }:
-with lib;
 let
   cfg = config.nixfiles.modules.git;
 in
 {
   options.nixfiles.modules.git = {
-    client.enable = mkEnableOption "Git client";
+    client.enable = lib.mkEnableOption "Git client";
 
     server = {
-      enable = mkEnableOption "Git server";
+      enable = lib.mkEnableOption "Git server";
 
-      domain = mkOption {
+      domain = lib.mkOption {
         description = "Domain name sans protocol scheme.";
-        type = with types; nullOr str;
+        type = with lib.types; nullOr str;
         default = "git.${config.networking.domain}";
       };
 
-      package = mkOption {
+      package = lib.mkOption {
         description = "Package.";
-        type = types.package;
+        type = lib.types.package;
         default = pkgs.cgit;
       };
     };
   };
 
-  config = mkMerge [
-    (mkIf cfg.client.enable {
+  config = lib.mkMerge [
+    (lib.mkIf cfg.client.enable {
       secrets = {
         glab-cli-config = {
           file = "${inputs.self}/secrets/glab-cli-config";
           path = "${config.dirs.config}/glab-cli/config.yml";
-          owner = my.username;
+          owner = lib.my.username;
         };
         # NOTE SSO requires relogin every day, so keeping persistent auth tokens
         # doesn't work.
@@ -51,7 +50,7 @@ in
         hut = {
           file = "${inputs.self}/secrets/hut";
           path = "${config.dirs.config}/hut/config";
-          owner = my.username;
+          owner = lib.my.username;
         };
       };
 
@@ -73,10 +72,10 @@ in
 
             package = if this.isHeadful then pkgs.gitFull else pkgs.gitMinimal;
 
-            userName = my.username;
-            userEmail = my.email;
+            userName = lib.my.username;
+            userEmail = lib.my.email;
             signing = {
-              inherit (my.pgp) key;
+              inherit (lib.my.pgp) key;
               signByDefault = true;
             };
 
@@ -102,48 +101,46 @@ in
                 };
                 submodule.recurse = true;
                 sendemail = rec {
-                  smtpServer = my.domain.shire;
-                  smtpUser = "${my.username}@${smtpServer}";
+                  smtpServer = lib.my.domain.shire;
+                  smtpUser = "${lib.my.username}@${smtpServer}";
                   smtpEncryption = "ssl";
                   smtpServerPort = 465;
                   annotate = true;
                   confirm = "always";
                 };
                 column.ui = "auto";
-                github.user = my.username;
-                gitlab.user = my.username;
+                github.user = lib.my.username;
+                gitlab.user = lib.my.username;
               }
-              // mapAttrs' (name: value: nameValuePair ''url "git@${value}:"'' { insteadOf = "${name}:"; }) {
+              // lib.mapAttrs' (n: v: lib.nameValuePair ''url "git@${v}:"'' { insteadOf = "${n}:"; }) {
                 "bitbucket" = "bitbucket.com";
                 "codeberg" = "codeberg.org";
                 "github" = "github.com";
                 "gitlab" = "gitlab.com";
                 "sourcehut" = "git.sr.ht";
               }
-              //
-                mapAttrs' (name: values: nameValuePair ''url "https://${values}/"'' { insteadOf = "${name}:"; })
-                  {
-                    "alpine" = "gitlab.alpinelinux.org";
-                    "clan" = "git.clan.lol";
-                    "debian" = "salsa.debian.org";
-                    "freedesktop" = "gitlab.freedesktop.org";
-                    "gnome" = "gitlab.gnome.org";
-                    "haskell" = "gitlab.haskell.org";
-                    "homotopic" = "gitlab.homotopic.tech";
-                    "horizon" = "gitlab.horizon-haskell.net";
-                    "kde" = "invent.kde.org";
-                    "nixca" = "gitlab.nixca.dev";
-                    "notabug" = "notabug.org";
-                    "opencode" = "opencode.net";
-                    "syndicate" = "git.syndicate-lang.org";
-                    "torproject" = "gitlab.torproject.org";
-                    "videolan" = "code.videolan.org";
-                  };
+              // lib.mapAttrs' (n: v: lib.nameValuePair ''url "https://${v}/"'' { insteadOf = "${n}:"; }) {
+                "alpine" = "gitlab.alpinelinux.org";
+                "clan" = "git.clan.lol";
+                "debian" = "salsa.debian.org";
+                "freedesktop" = "gitlab.freedesktop.org";
+                "gnome" = "gitlab.gnome.org";
+                "haskell" = "gitlab.haskell.org";
+                "homotopic" = "gitlab.homotopic.tech";
+                "horizon" = "gitlab.horizon-haskell.net";
+                "kde" = "invent.kde.org";
+                "nixca" = "gitlab.nixca.dev";
+                "notabug" = "notabug.org";
+                "opencode" = "opencode.net";
+                "syndicate" = "git.syndicate-lang.org";
+                "torproject" = "gitlab.torproject.org";
+                "videolan" = "code.videolan.org";
+              };
 
             aliases =
               let
-                git = getExe config.hm.programs.git.package;
-                curl = getExe pkgs.curl;
+                git = lib.getExe config.hm.programs.git.package;
+                curl = lib.getExe pkgs.curl;
               in
               {
                 amend = "commit --amend";
@@ -189,181 +186,178 @@ in
         };
       };
     })
-    (mkIf cfg.server.enable (
-      with cfg.server;
-      {
-        ark.directories = [ config.services.gitolite.dataDir ];
+    (lib.mkIf cfg.server.enable {
+      ark.directories = [ config.services.gitolite.dataDir ];
 
-        nixfiles.modules.nginx = {
-          enable = true;
-          virtualHosts.${domain}.locations = { };
-        };
+      nixfiles.modules.nginx = {
+        enable = true;
+        virtualHosts.${cfg.server.domain}.locations = { };
+      };
 
-        services = {
-          cgit.${domain} = {
-            enable = true;
+      services = {
+        cgit.${cfg.server.domain} = {
+          enable = true;
 
-            package = pkgs.cgit-pink;
+          package = pkgs.cgit-pink;
 
-            # We make gitolite repos readable by the common group.
-            user = "git";
-            group = "git";
+          # We make gitolite repos readable by the common group.
+          user = "git";
+          group = "git";
 
-            scanPath = "${config.services.gitolite.dataDir}/repositories";
+          scanPath = "${config.services.gitolite.dataDir}/repositories";
 
-            settings = {
-              root-title = "git.azahi.cc";
-              root-desc = "British scientists have discovered that using GitHub frequently is harmful to one's mental health, especially GitHub Actions...";
+          settings = {
+            root-title = "git.azahi.cc";
+            root-desc = "British scientists have discovered that using GitHub frequently is harmful to one's mental health, especially GitHub Actions...";
 
-              footer = "${pkgs.writeText "cgit-footer" ''
-                <p style="text-align: center;">Consider giving <a href="https://nixos.org">Nix/NixOS</a> a try! <3</p>
-              ''}";
+            footer = "${pkgs.writeText "cgit-footer" ''
+              <p style="text-align: center;">Consider giving <a href="https://nixos.org">Nix/NixOS</a> a try! <3</p>
+            ''}";
 
-              about-filter = "${pkgs.writeScript "cgit-about-filter.sh" ''
-                #!${pkgs.bash}/bin/sh
-                filename=$1
-                case "$filename" in
-                  *.md)
-                    exec ${pkgs.pandoc}/bin/pandoc -f markdown -t html
-                    ;;
-                  *.org)
-                    exec ${pkgs.pandoc}/bin/pandoc -f org -t html
-                        ;;
-                  *)
-                    echo "<pre>"
-                    ${pkgs.coreutils}/bin/cat
-                    echo "</pre>"
-                    ;;
-                esac
-              ''}";
-              source-filter = "${package}/lib/cgit/filters/syntax-highlighting.py";
-              commit-filter = "${package}/lib/cgit/filters/commit-links.sh";
+            about-filter = "${pkgs.writeScript "cgit-about-filter.sh" ''
+              #!${pkgs.bash}/bin/sh
+              filename=$1
+              case "$filename" in
+                *.md)
+                  exec ${pkgs.pandoc}/bin/pandoc -f markdown -t html
+                  ;;
+                *.org)
+                  exec ${pkgs.pandoc}/bin/pandoc -f org -t html
+                      ;;
+                *)
+                  echo "<pre>"
+                  ${pkgs.coreutils}/bin/cat
+                  echo "</pre>"
+                  ;;
+              esac
+            ''}";
+            source-filter = "${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py";
+            commit-filter = "${cfg.server.package}/lib/cgit/filters/commit-links.sh";
 
-              readme = [
-                ":README"
-                ":readme.md"
-                ":readme.org"
-              ];
+            readme = [
+              ":README"
+              ":readme.md"
+              ":readme.org"
+            ];
 
-              clone-url = "https://$HTTP_HOST/$CGIT_REPO_URL";
+            clone-url = "https://$HTTP_HOST/$CGIT_REPO_URL";
 
-              enable-blame = true;
-              enable-commit-graph = true;
-              enable-follow-links = true;
-              enable-git-config = true;
-              enable-gitweb-owner = true;
-              enable-html-serving = true;
-              enable-http-clone = true;
-              enable-index-links = false;
-              enable-index-owner = false;
-              enable-log-filecount = true;
-              enable-log-linecount = true;
-              enable-subject-links = true;
-              enable-tree-linenumbers = true;
+            enable-blame = true;
+            enable-commit-graph = true;
+            enable-follow-links = true;
+            enable-git-config = true;
+            enable-gitweb-owner = true;
+            enable-html-serving = true;
+            enable-http-clone = true;
+            enable-index-links = false;
+            enable-index-owner = false;
+            enable-log-filecount = true;
+            enable-log-linecount = true;
+            enable-subject-links = true;
+            enable-tree-linenumbers = true;
 
-              branch-sort = "age";
-              repository-sort = "age";
+            branch-sort = "age";
+            repository-sort = "age";
 
-              remove-suffix = true;
+            remove-suffix = true;
 
-              logo = "/logo.gif";
-              logo-link = "https://www.youtube.com/watch?v=dQw4w9WgXcQ";
-            };
+            logo = "/logo.gif";
+            logo-link = "https://www.youtube.com/watch?v=dQw4w9WgXcQ";
           };
+        };
 
-          gitolite = {
-            enable = true;
-            user = "git";
-            group = "git";
-            adminPubkey = my.ssh.key;
-            extraGitoliteRc = ''
-              # This allows cgit to scan repositories while running under a
-              # different user.
-              $RC{UMASK} = 0027;
+        gitolite = {
+          enable = true;
+          user = "git";
+          group = "git";
+          adminPubkey = lib.my.ssh.key;
+          extraGitoliteRc = ''
+            # This allows cgit to scan repositories while running under a
+            # different user.
+            $RC{UMASK} = 0027;
 
-              # This allows hiding repositories via "cgit.ignore"[1].
-              #
-              # [1]: https://www.omarpolo.com/post/cgit-gitolite.html
-              $RC{GIT_CONFIG_KEYS} = '.*';
-            '';
-          };
+            # This allows hiding repositories via "cgit.ignore"[1].
+            #
+            # [1]: https://www.omarpolo.com/post/cgit-gitolite.html
+            $RC{GIT_CONFIG_KEYS} = '.*';
+          '';
+        };
 
-          nginx.virtualHosts.${domain}.locations =
-            let
-              extraHead = ''
-                ${libNginx.config.appendHead [
-                  ''<meta name="go-import" content="$host$uri git https://$host$uri">''
-                  (libPlausible.htmlPlausibleScript { inherit (cfg.server) domain; })
-                ]}
+        nginx.virtualHosts.${cfg.server.domain}.locations =
+          let
+            extraHead = ''
+              ${libNginx.config.appendHead [
+                ''<meta name="go-import" content="$host$uri git https://$host$uri">''
+                (libPlausible.htmlPlausibleScript { inherit (cfg.server) domain; })
+              ]}
+            '';
+          in
+          {
+            "/" = {
+              extraConfig = lib.mkBefore extraHead;
+              fastcgiParams.HTTP_ACCEPT_ENCODING = "";
+            };
+            "~ /.+/(info/refs|git-upload-pack)" = {
+              extraConfig = lib.mkBefore extraHead;
+              fastcgiParams.HTTP_ACCEPT_ENCODING = "";
+            };
+            "= /logo.gif".alias = "${./logo.gif}";
+            "= /favicon.ico" = {
+              alias = "${./favicon.ico}";
+              extraConfig = lib.mkForce "";
+            };
+            "= /cgit.css" = {
+              alias = pkgs.writeText "cgit.css" ''
+                ${builtins.readFile "${cfg.server.package}/cgit/cgit.css"}
+                * {
+                  line-height: 1.25em;
+                }
+                div#cgit {
+                  font-family: ${
+                    lib.concatMapStringsSep ", " (f: ''"${f}"'') config.fonts.fontconfig.defaultFonts.monospace
+                  }, monospace;
+                  -moz-tab-size: 2;
+                  tab-size: 2;
+                  max-width: 117ch;
+                  margin: auto;
+                }
+                div#cgit table#header td.sub {
+                  border-top: none;
+                }
+                div#cgit table#header td.sub.right {
+                  padding-right: 1em;
+                }
+                div#cgit table.tabs {
+                  border-bottom: none;
+                }
+                div#cgit div.content {
+                  border-bottom: none;
+                }
+                div#cgit table.list th a {
+                  color: inherit;
+                }
+                div#cgit table.list tr:nth-child(even) {
+                  background: inherit;
+                }
+                div#cgit table.list tr:hover {
+                  background: inherit;
+                }
+                div#cgit table.list tr.nohover-highlight:hover:nth-child(even) {
+                  background: inherit;
+                }
+                div#cgit table.blob td.linenumbers a:target {
+                  color: goldenrod;
+                  text-decoration: underline;
+                  outline: none;
+                }
+                div#cgit div#summary {
+                  max-width: 80ch;
+                }
               '';
-            in
-            {
-              "/" = {
-                extraConfig = mkBefore extraHead;
-                fastcgiParams.HTTP_ACCEPT_ENCODING = "";
-              };
-              "~ /.+/(info/refs|git-upload-pack)" = {
-                extraConfig = mkBefore extraHead;
-                fastcgiParams.HTTP_ACCEPT_ENCODING = "";
-              };
-              "= /logo.gif".alias = "${./logo.gif}";
-              "= /favicon.ico" = {
-                alias = "${./favicon.ico}";
-                extraConfig = mkForce "";
-              };
-              "= /cgit.css" = {
-                alias = pkgs.writeText "cgit.css" ''
-                  ${readFile "${package}/cgit/cgit.css"}
-                  * {
-                    line-height: 1.25em;
-                  }
-                  div#cgit {
-                    font-family: ${
-                      concatMapStringsSep ", " (f: ''"${f}"'') config.fonts.fontconfig.defaultFonts.monospace
-                    }, monospace;
-                    -moz-tab-size: 2;
-                    tab-size: 2;
-                    max-width: 117ch;
-                    margin: auto;
-                  }
-                  div#cgit table#header td.sub {
-                    border-top: none;
-                  }
-                  div#cgit table#header td.sub.right {
-                    padding-right: 1em;
-                  }
-                  div#cgit table.tabs {
-                    border-bottom: none;
-                  }
-                  div#cgit div.content {
-                    border-bottom: none;
-                  }
-                  div#cgit table.list th a {
-                    color: inherit;
-                  }
-                  div#cgit table.list tr:nth-child(even) {
-                    background: inherit;
-                  }
-                  div#cgit table.list tr:hover {
-                    background: inherit;
-                  }
-                  div#cgit table.list tr.nohover-highlight:hover:nth-child(even) {
-                    background: inherit;
-                  }
-                  div#cgit table.blob td.linenumbers a:target {
-                    color: goldenrod;
-                    text-decoration: underline;
-                    outline: none;
-                  }
-                  div#cgit div#summary {
-                    max-width: 80ch;
-                  }
-                '';
-                extraConfig = mkForce "";
-              };
+              extraConfig = lib.mkForce "";
             };
-        };
-      }
-    ))
+          };
+      };
+    })
   ];
 }
diff --git a/modules/hyprland.nix b/modules/hyprland.nix
new file mode 100644
index 0000000..c7f574a
--- /dev/null
+++ b/modules/hyprland.nix
@@ -0,0 +1,131 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.nixfiles.modules.hyprland;
+in
+{
+  options.nixfiles.modules.hyprland.enable = lib.mkEnableOption "Hyprland";
+
+  config = lib.mkIf cfg.enable {
+    nixfiles.modules.wayland.enable = true;
+
+    hm = {
+      stylix.targets.hyprland.enable = false;
+
+      wayland.windowManager.hyprland = {
+        enable = true;
+
+        systemd = {
+          enable = true;
+          variables = [ "--all" ];
+        };
+
+        settings = {
+          misc = {
+            disable_hyprland_logo = true;
+            disable_splash_rendering = true;
+          };
+
+          general = {
+            gaps_in = 0;
+            gaps_out = 0;
+          };
+
+          decoration = {
+            blur.enabled = false;
+          };
+
+          animations.enabled = false;
+
+          debug.disable_logs = false;
+
+          input = with config.services.xserver.xkb; {
+            kb_layout = layout;
+            kb_variant = variant;
+            kb_options = options;
+
+            repeat_delay = config.services.xserver.autoRepeatDelay;
+            repeat_rate = config.services.xserver.autoRepeatInterval;
+          };
+
+          bindm = [
+            "SUPER, mouse:272, movewindow"
+            "SUPER, mouse:273, resizewindow"
+            "SUPER ALT, mouse:272, resizewindow"
+          ];
+
+          bind =
+            [
+              "SUPER SHIFT, E, exec, pkill Hyprland"
+
+              "SUPER, D, killactive,"
+              "SUPER, F, fullscreen,"
+
+              "SUPER, G, togglegroup,"
+              "SUPER SHIFT, N, changegroupactive, f"
+              "SUPER SHIFT, P, changegroupactive, b"
+
+              "SUPER, R, togglesplit,"
+              "SUPER, T, togglefloating,"
+              "SUPER, P, pseudo,"
+              "SUPER ALT, ,resizeactive,"
+
+              "SUPER, Return, exec, foot"
+              "SUPER, L, exec, pgrep hyprlock || hyprlock"
+
+              "SUPER, H, movefocus, l"
+              "SUPER, J, movefocus, d"
+              "SUPER, K, movefocus, u"
+              "SUPER, L, movefocus, r"
+
+              "SUPER SHIFT, H, movewindow, l"
+              "SUPER SHIFT, J, movewindow, d"
+              "SUPER SHIFT, K, movewindow, u"
+              "SUPER SHIFT, L, movewindow, r"
+
+              "SUPER ALT, H, resizeactive, 10 0"
+              "SUPER ALT, J, resizeactive, 0 10"
+              "SUPER ALT, K, resizeactive, 0 -10"
+              "SUPER ALT, L, resizeactive, -10 0"
+
+              ", XF86AudioPlay, exec, mpc play"
+              ", XF86AudioPrev, exec, mpc prev"
+              ", XF86AudioNext, exec, mpc next"
+
+              ", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ .1+"
+              ", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ .1-"
+
+              ", XF86AudioMute,    exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
+              ", XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle"
+
+              ", XF86MonBrightnessUp,   exec, brightnessctl set +5%"
+              ", XF86MonBrightnessDown, exec, brightnessctl set 5%-"
+            ]
+            ++ (builtins.concatLists (
+              builtins.genList (
+                x:
+                let
+                  ws =
+                    let
+                      c = (x + 1) / 10;
+                    in
+                    toString (x + 1 - (c * 10));
+                in
+                [
+                  "SUPER, ${ws}, workspace, ${toString (x + 1)}"
+                  "SUPER SHIFT, ${ws}, movetoworkspace, ${toString (x + 1)}"
+                ]
+              ) 10
+            ));
+        };
+      };
+
+      programs.hyprlock.enable = true;
+    };
+
+    programs.hyprland.enable = true;
+  };
+}
diff --git a/modules/ipfs.nix b/modules/ipfs.nix
index 25f7fce..80a43b6 100644
--- a/modules/ipfs.nix
+++ b/modules/ipfs.nix
@@ -175,7 +175,8 @@ in
           "api.${cfg.domain}" = {
             locations = {
               "/".proxyPass = "http://kubo_api";
-              "~ ^/$".return = "301 http${optionalString config.nixfiles.modules.acme.enable "s"}://api.${cfg.domain}/webui";
+              "~ ^/$".return =
+                "301 http${optionalString config.nixfiles.modules.acme.enable "s"}://api.${cfg.domain}/webui";
             };
             extraConfig = libNginx.config.internalOnly;
           };
diff --git a/modules/jackett.nix b/modules/jackett.nix
index 07a5b16..5b0b2c0 100644
--- a/modules/jackett.nix
+++ b/modules/jackett.nix
@@ -6,22 +6,21 @@
   this,
   ...
 }:
-with lib;
 let
   cfg = config.nixfiles.modules.jackett;
 in
 {
   options.nixfiles.modules.jackett = {
-    enable = mkEnableOption "Jackett";
+    enable = lib.mkEnableOption "Jackett";
 
-    domain = mkOption {
+    domain = lib.mkOption {
       description = "Domain name sans protocol scheme.";
-      type = with types; str;
+      type = lib.types.str;
       default = "jackett.${config.networking.domain}";
     };
   };
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     ark.directories = [ "/var/lib/jackett" ];
 
     nixfiles.modules.nginx = {
diff --git a/modules/kde.nix b/modules/kde.nix
index e017e11..9490b71 100644
--- a/modules/kde.nix
+++ b/modules/kde.nix
@@ -50,9 +50,14 @@ in
 
     services = {
       desktopManager.plasma6.enable = true;
+
       displayManager.sddm = {
         enable = true;
-        wayland.enable = true;
+
+        wayland = {
+          enable = false;
+          compositor = "kwin";
+        };
       };
     };
 
@@ -64,7 +69,9 @@ in
         khelpcenter
         print-manager
       ];
-      systemPackages = with pkgs.kdePackages; [ plasma-disks ];
+      systemPackages = with pkgs.kdePackages; [
+        plasma-disks
+      ];
     };
   };
 }
diff --git a/modules/monitoring/default.nix b/modules/monitoring/default.nix
index 6e5b782..a3e57d3 100644
--- a/modules/monitoring/default.nix
+++ b/modules/monitoring/default.nix
@@ -166,6 +166,7 @@ in
               promtail = {
                 hosts = [
                   manwe
+                  tulkas
                   varda
                   yavanna
                 ];
@@ -182,6 +183,7 @@ in
               endlessh-go = {
                 hosts = [
                   manwe
+                  tulkas
                   varda
                   yavanna
                 ];
@@ -197,6 +199,7 @@ in
               node = {
                 hosts = [
                   manwe
+                  tulkas
                   varda
                   yavanna
                 ];
diff --git a/modules/nsd.nix b/modules/nsd.nix
index 322d88a..acf7e27 100644
--- a/modules/nsd.nix
+++ b/modules/nsd.nix
@@ -134,6 +134,8 @@ in
                   subdomains = rec {
                     manwe = ips "manwe";
                     "*.manwe" = manwe;
+                    tulkas = ips "tulkas";
+                    "*.tulkas" = tulkas;
                     varda = ips "varda";
                     "*.varda" = varda;
                     yavanna = ips "yavanna";
@@ -148,12 +150,14 @@ in
                     bitwarden = manwe;
                     git = manwe;
                     grafana = manwe;
+                    irc = manwe;
                     loki = manwe;
                     ntfy = manwe;
                     plausible = manwe;
                     prometheus = manwe;
                     radicale = manwe;
                     rss-bridge = manwe;
+                    uptime = manwe;
                     vaultwarden = manwe;
 
                     flood = yavanna;
diff --git a/modules/openssh.nix b/modules/openssh.nix
index 470b6c9..a41f0d6 100644
--- a/modules/openssh.nix
+++ b/modules/openssh.nix
@@ -4,26 +4,25 @@
   pkgs,
   ...
 }:
-with lib;
 let
   cfg = config.nixfiles.modules.openssh;
 in
 {
   options.nixfiles.modules.openssh = {
-    client.enable = mkEnableOption "OpenSSH client";
+    client.enable = lib.mkEnableOption "OpenSSH client";
     server = {
-      enable = mkEnableOption "OpenSSH server";
+      enable = lib.mkEnableOption "OpenSSH server";
 
-      port = mkOption {
+      port = lib.mkOption {
         description = "OpenSSH server port.";
-        type = types.port;
+        type = lib.types.port;
         default = 22022; # Port 22 should be occupied by a tarpit.
       };
     };
   };
 
-  config = mkMerge [
-    (mkIf cfg.client.enable {
+  config = lib.mkMerge [
+    (lib.mkIf cfg.client.enable {
       hm = {
         home.packages = with pkgs; [
           mosh
@@ -49,11 +48,11 @@ in
                 {
                   hostname ? name,
                   port ? 22022, # NOTE This is not the default OpenSSH port.
-                  user ? my.username,
-                  identityFile ? "${config.my.home}/.ssh/${my.username}_${my.ssh.type}",
+                  user ? lib.my.username,
+                  identityFile ? "${config.my.home}/.ssh/${lib.my.username}_${lib.my.ssh.type}",
                   extraAttrs ? { },
                 }:
-                nameValuePair name (
+                lib.nameValuePair name (
                   {
                     inherit
                       hostname
@@ -65,23 +64,23 @@ in
                   // extraAttrs
                 );
 
-              internalServers = mapAttrs' mkBlock (
-                mapAttrs (name: _: { hostname = "${name}.${my.domain.shire}"; }) (
-                  filterAttrs (_: attr: hasAttr "wireguard" attr && attr.isHeadless) my.configurations
+              internalServers = lib.mapAttrs' mkBlock (
+                lib.mapAttrs (name: _: { hostname = "${name}.${lib.my.domain.shire}"; }) (
+                  lib.filterAttrs (_: attr: lib.hasAttr "wireguard" attr && attr.isHeadless) lib.my.configurations
                 )
               );
             in
             internalServers
-            // (mapAttrs' mkBlock {
+            // (lib.mapAttrs' mkBlock {
               gitolite = {
                 user = "git";
-                hostname = "git.${my.domain.shire}";
+                hostname = "git.${lib.my.domain.shire}";
               };
             });
         };
       };
     })
-    (mkIf cfg.server.enable {
+    (lib.mkIf cfg.server.enable {
       ark.files = [
         "/etc/ssh/ssh_host_ed25519_key"
         "/etc/ssh/ssh_host_ed25519_key.pub"
@@ -101,7 +100,7 @@ in
             KbdInteractiveAuthentication = false;
             MaxAuthTries = 3;
             PasswordAuthentication = false;
-            PermitRootLogin = mkForce "no";
+            PermitRootLogin = lib.mkForce "no";
           };
         };
 
diff --git a/modules/password-store.nix b/modules/password-store.nix
index e5cd756..886afb6 100644
--- a/modules/password-store.nix
+++ b/modules/password-store.nix
@@ -9,7 +9,8 @@ let
   cfg = config.nixfiles.modules.password-store;
 in
 {
-  options.nixfiles.modules.password-store.enable = mkEnableOption "the standard UNIX password manager";
+  options.nixfiles.modules.password-store.enable =
+    mkEnableOption "the standard UNIX password manager";
 
   config = mkIf cfg.enable {
     hm.programs = {
diff --git a/modules/plausible.nix b/modules/plausible.nix
index c5b66c3..89729fd 100644
--- a/modules/plausible.nix
+++ b/modules/plausible.nix
@@ -80,12 +80,12 @@ in
       services.plausible = {
         enable = true;
 
-        adminUser = {
-          name = "admin";
-          email = "admin@${my.domain.shire}";
-          passwordFile = config.secrets.plausible-admin-password.path;
-          activate = false;
-        };
+        # adminUser = {
+        #   name = "admin";
+        #   email = "admin@${my.domain.shire}";
+        #   passwordFile = config.secrets.plausible-admin-password.path;
+        #   activate = false;
+        # };
 
         mail = {
           email = "admin+plausible@${my.domain.shire}";
diff --git a/modules/podman.nix b/modules/podman.nix
index bdef5be..6c4b20a 100644
--- a/modules/podman.nix
+++ b/modules/podman.nix
@@ -5,14 +5,13 @@
   pkgs,
   ...
 }:
-with lib;
 let
   cfg = config.nixfiles.modules.podman;
 in
 {
-  options.nixfiles.modules.podman.enable = mkEnableOption "Podman";
+  options.nixfiles.modules.podman.enable = lib.mkEnableOption "Podman";
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     assertions = [
       {
         assertion = cfg.enable -> !config.nixfiles.modules.docker.enable;
@@ -20,33 +19,31 @@ in
       }
     ];
 
+    ark.directories = [ "/var/lib/containers" ];
+
     nixfiles.modules.common.shell.aliases.p = "podman";
 
     secrets.containers-auth = {
       file = "${inputs.self}/secrets/containers-auth";
       path = "${config.dirs.config}/containers/auth.json";
-      owner = my.username;
+      owner = lib.my.username;
       inherit (config.my) group;
     };
 
     virtualisation.podman = {
       enable = true;
-      dockerCompat = true;
-      dockerSocket.enable = true;
+      dockerCompat = false;
+      dockerSocket.enable = false;
     };
 
-    environment.systemPackages = with pkgs; [ podman-compose ];
+    environment.systemPackages = [ pkgs.podman-compose ];
 
     my.extraGroups = [ "podman" ];
 
-    hm.xdg.configFile = {
-      "containers/registries.conf".source = pkgs.writers.writeTOML "containers-registries.toml" {
-        registries.search.registries = [ "docker.io" ];
-      };
-
-      "containers/storage.conf".source = pkgs.writers.writeTOML "containers-storage.toml" {
-        storage.driver = "overlay";
-      };
-    };
+    hm.xdg.configFile."containers/registries.conf".source =
+      pkgs.writers.writeTOML "containers-registries.toml"
+        {
+          registries.search.registries = [ "docker.io" ];
+        };
   };
 }
diff --git a/modules/profiles/default.nix b/modules/profiles/default.nix
index 8824dfd..ae03bcc 100644
--- a/modules/profiles/default.nix
+++ b/modules/profiles/default.nix
@@ -54,6 +54,7 @@ in
       dnsutils
       file
       inetutils
+      iotop
       ldns
       lshw
       lsof
diff --git a/modules/profiles/dev/default.nix b/modules/profiles/dev/default.nix
index 61de848..af151a1 100644
--- a/modules/profiles/dev/default.nix
+++ b/modules/profiles/dev/default.nix
@@ -11,7 +11,8 @@ in
 {
   imports = attrValues (modulesIn ./.);
 
-  options.nixfiles.modules.profiles.dev.enable = mkEnableOption "Catch-all profile for stuff related to software development and etc.";
+  options.nixfiles.modules.profiles.dev.enable =
+    mkEnableOption "Catch-all profile for stuff related to software development and etc.";
 
   config = mkIf cfg.enable {
     nixfiles.modules = {
@@ -22,6 +23,7 @@ in
       git.client.enable = true;
       nmap.enable = true;
       wget.enable = true;
+      podman.enable = true;
     };
 
     hm = {
@@ -58,6 +60,8 @@ in
 
         packages = with pkgs; [
           age
+          dbeaver-bin
+          distrobox
           google-cloud-sdk
           htmlq
           httpie
@@ -69,6 +73,8 @@ in
           nixpkgs-review
           scaleway-cli
           sops
+          sqlitebrowser
+          toolbox
           vultr-cli
           yq
         ];
diff --git a/modules/profiles/headful.nix b/modules/profiles/headful.nix
index 256ec25..e2ed1df 100644
--- a/modules/profiles/headful.nix
+++ b/modules/profiles/headful.nix
@@ -123,15 +123,16 @@ in
     services = {
       fwupd.enable = true;
       libinput.enable = true;
-      psd.enable = true;
       upower.enable = true;
     };
 
     time.timeZone = "Europe/Moscow";
 
     environment.systemPackages = with pkgs; [
+      brightnessctl
       lm_sensors
       usbutils
+      wirelesstools
     ];
 
     my.extraGroups = [
diff --git a/modules/profiles/headless.nix b/modules/profiles/headless.nix
index 5d42df0..bf0d23a 100644
--- a/modules/profiles/headless.nix
+++ b/modules/profiles/headless.nix
@@ -5,16 +5,15 @@
   this,
   ...
 }:
-with lib;
 let
   cfg = config.nixfiles.modules.profiles.headless;
 in
 {
-  options.nixfiles.modules.profiles.headless.enable = mkEnableOption "headless profile" // {
+  options.nixfiles.modules.profiles.headless.enable = lib.mkEnableOption "headless profile" // {
     default = this.isHeadless;
   };
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     nixfiles.modules = {
       openssh.server.enable = true;
       endlessh-go.enable = true;
diff --git a/modules/psd.nix b/modules/psd.nix
index f974af2..5bb9dc3 100644
--- a/modules/psd.nix
+++ b/modules/psd.nix
@@ -17,6 +17,7 @@ in
 
       xdg.configFile."psd/psd.conf".text = ''
         USE_OVERLAYFS="yes"
+        USE_BACKUPS="no"
       '';
     };
 
diff --git a/modules/searx.nix b/modules/searx.nix
index de51a20..ab186af 100644
--- a/modules/searx.nix
+++ b/modules/searx.nix
@@ -5,28 +5,27 @@
   libNginx,
   ...
 }:
-with lib;
 let
   cfg = config.nixfiles.modules.searx;
 in
 {
   options.nixfiles.modules.searx = {
-    enable = mkEnableOption "SearX";
+    enable = lib.mkEnableOption "SearX";
 
-    port = mkOption {
+    port = lib.mkOption {
       description = "Port.";
-      type = with types; port;
+      type = with lib.types; port;
       default = 61001;
     };
 
-    domain = mkOption {
+    domain = lib.mkOption {
       description = "Domain name sans protocol scheme.";
-      type = with types; nullOr str;
+      type = with lib.types; nullOr str;
       default = "searx.${config.networking.domain}";
     };
   };
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     secrets.searx-environment = {
       file = "${inputs.self}/secrets/searx-environment";
       owner = "searx";
diff --git a/modules/syncthing.nix b/modules/syncthing.nix
index e261a12..d239aa4 100644
--- a/modules/syncthing.nix
+++ b/modules/syncthing.nix
@@ -79,7 +79,7 @@ in
 
           devices = mapAttrs (
             name: attr:
-            mkIf (attr.syncthing.id != null && hasAttr "wireguard" attr) {
+            mkIf (hasAttr "syncthing" attr && hasAttr "wireguard" attr) {
               inherit (attr.syncthing) id;
               compression = "always";
               introducer = false;
@@ -98,7 +98,7 @@ in
                 f:
                 attrNames (
                   filterAttrs (
-                    _: attr: (attr.hostname != this.hostname) && (attr.syncthing.id != null) && f attr
+                    _: attr: attr.hostname != this.hostname && hasAttr "syncthing" attr && f attr
                   ) my.configurations
                 );
               all = filterDevices (_: true);
@@ -111,7 +111,7 @@ in
               };
               trashcan = {
                 type = "trashcan";
-                params.cleanoutDays = "7";
+                params.cleanouctDays = "7";
               };
             in
             with config.hm.xdg.userDirs;
@@ -121,11 +121,6 @@ in
                 devices = notHeadless;
                 versioning = trashcan;
               };
-              pass = {
-                path = config.hm.programs.password-store.settings.PASSWORD_STORE_DIR;
-                devices = notOther;
-                versioning = trashcan;
-              };
               org = {
                 path = "${documents}/org";
                 devices = all;
diff --git a/modules/thelounge.nix b/modules/thelounge.nix
new file mode 100644
index 0000000..ae4b4ff
--- /dev/null
+++ b/modules/thelounge.nix
@@ -0,0 +1,49 @@
+{
+  config,
+  lib,
+  libNginx,
+  ...
+}:
+let
+  cfg = config.nixfiles.modules.thelounge;
+in
+{
+  options.nixfiles.modules.thelounge = {
+    enable = lib.mkEnableOption "The Lounge";
+
+    port = lib.mkOption {
+      description = "Port.";
+      type = lib.types.port;
+      default = 11887;
+    };
+
+    domain = lib.mkOption {
+      description = "Domain name sans protocol scheme.";
+      type = lib.types.str;
+      default = "irc.${config.networking.domain}";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    ark.directories = [ "/var/lib/thelounge" ];
+
+    nixfiles.modules.nginx = {
+      upstreams.thelounge.servers."127.0.0.1:${toString cfg.port}" = { };
+      virtualHosts.${cfg.domain} = {
+        locations."/".proxyPass = "http://thelounge";
+        extraConfig = libNginx.config.internalOnly;
+      };
+    };
+
+    services.thelounge = {
+      enable = true;
+      extraConfig = {
+        public = false;
+        host = "127.0.0.1";
+        inherit (cfg) port;
+        reverseProxy = true;
+        defaults = { };
+      };
+    };
+  };
+}
diff --git a/modules/unbound-ng.nix b/modules/unbound-ng.nix
new file mode 100644
index 0000000..3d3c6da
--- /dev/null
+++ b/modules/unbound-ng.nix
@@ -0,0 +1,185 @@
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  this,
+  ...
+}:
+with lib;
+let
+  cfg = config.nixfiles.modules.unbound-ng;
+in
+{
+  options.nixfiles.modules.unbound-ng = {
+    enable = mkEnableOption "Unbound";
+
+    domain = mkOption {
+      description = "Domain name sans protocol scheme.";
+      type = with types; str;
+      default = config.networking.domain;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    ark.directories = [ config.services.unbound.stateDir ];
+
+    nixfiles.modules.redis.enable = true;
+
+    services = {
+      unbound = {
+        enable = true;
+
+        package = pkgs.unbound-with-systemd.override {
+          withRedis = true;
+          withTFO = true;
+        };
+
+        checkconf = true;
+        settings = {
+          server = {
+            module-config = ''"respip validator iterator"'';
+
+            interface = with this.wireguard-ng; [
+              "127.0.0.1"
+              "::1"
+              ipv4.address
+              ipv6.address
+            ];
+
+            local-zone = concatLists (
+              mapAttrsToList (h: _: [ "\"${h}.${cfg.domain}\" redirect" ]) my.configurations
+            );
+            local-data = concatLists (
+              mapAttrsToList (
+                hostname:
+                let
+                  domain = "${hostname}.${cfg.domain}";
+                in
+                attr:
+                (optionals (hasAttr "wireguard-ng" attr) (
+                  with attr.wireguard-ng;
+                  [
+                    "\"${domain} 604800 IN A ${ipv4.address}\""
+                    "\"${domain} 604800 IN AAAA ${ipv6.address}\""
+                    "\"${domain}. A ${ipv4.address}\""
+                    "\"${domain}. AAAA ${ipv6.address}\""
+                  ]
+                  ++ (optionals (hasAttr "domains" attr) (
+                    concatMap (domain: [
+                      "\"${domain}. A ${ipv4.address}\""
+                      "\"${domain}. AAAA ${ipv6.address}\""
+                    ]) attr.domains
+                  ))
+                ))
+              ) my.configurations
+            );
+            local-data-ptr = concatLists (
+              mapAttrsToList (
+                hostname:
+                let
+                  domain = "${hostname}.${cfg.domain}";
+                in
+                attr:
+                (optionals (hasAttr "wireguard-ng" attr) (
+                  with attr.wireguard-ng;
+                  [
+                    "\"${ipv4.address} ${domain}\""
+                    "\"${ipv6.address} ${domain}\""
+                  ]
+                  ++ (optionals (hasAttr "domains" attr) (
+                    concatMap (domain: [
+                      "\"${ipv4.address} ${domain}\""
+                      "\"${ipv6.address} ${domain}\""
+                    ]) attr.domains
+                  ))
+                ))
+              ) my.configurations
+            );
+
+            private-domain = map (domain: "${domain}.") [
+              cfg.domain
+              "local"
+            ];
+            private-address = with config.nixfiles.modules.wireguard-ng; [
+              ipv4.subnet
+              ipv6.subnet
+            ];
+
+            access-control = with config.nixfiles.modules.wireguard-ng; [
+              "0.0.0.0/0 refuse"
+              "::/0 refuse"
+              "127.0.0.0/8 allow"
+              "::1/128 allow"
+              "${ipv4.subnet} allow"
+              "${ipv6.subnet} allow"
+            ];
+
+            cache-min-ttl = 0;
+
+            serve-expired = true;
+            serve-expired-reply-ttl = 0;
+
+            prefetch = true;
+            prefetch-key = true;
+
+            hide-identity = true;
+            hide-version = true;
+
+            extended-statistics = true;
+
+            log-replies = false;
+            log-tag-queryreply = false;
+            log-local-actions = false;
+
+            verbosity = 0;
+          };
+
+          forward-zone = [
+            {
+              name = ".";
+              forward-tls-upstream = true;
+              forward-addr = dns.mkDoT dns.const.quad9.ecs;
+            }
+          ];
+
+          cachedb = with config.services.redis.servers.default; {
+            backend = "redis";
+            redis-server-host = bind;
+            redis-server-port = port;
+          };
+
+          rpz = {
+            name = "hagezi.pro";
+            zonefile = "hagezi.pro";
+            url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/rpz/pro.txt";
+          };
+        };
+
+        enableRootTrustAnchor = true;
+
+        localControlSocketPath = "/run/unbound/unbound.socket";
+      };
+
+      prometheus.exporters.unbound = {
+        enable = true;
+        listenAddress = mkDefault this.wireguard-ng.ipv4.address;
+        port = 9167;
+        inherit (config.services.unbound) group user;
+        unbound.host = "unix://${config.services.unbound.localControlSocketPath}";
+      };
+    };
+
+    boot.kernel.sysctl."net.ipv4.tcp_fastopen" = mkOverride 200 3;
+
+    topology = with cfg; {
+      nodes.${this.hostname}.services.unbound = {
+        name = "Unbound";
+        icon = "${inputs.homelab-svg-assets}/assets/unbound.svg";
+        details.listen.text = concatMapStringsSep "\n" (i: "${i}:53") (
+          filter (i: i != "127.0.0.1" && i != "::1") config.services.unbound.settings.server.interface
+        );
+      };
+    };
+  };
+}
diff --git a/modules/unbound.nix b/modules/unbound.nix
index e837f89..b8de321 100644
--- a/modules/unbound.nix
+++ b/modules/unbound.nix
@@ -65,10 +65,12 @@ in
                     "\"${domain}. A ${ipv4.address}\""
                     "\"${domain}. AAAA ${ipv6.address}\""
                   ]
-                  ++ concatMap (domain: [
-                    "\"${domain}. A ${ipv4.address}\""
-                    "\"${domain}. AAAA ${ipv6.address}\""
-                  ]) attr.domains
+                  ++ (optionals (hasAttr "domains" attr) (
+                    concatMap (domain: [
+                      "\"${domain}. A ${ipv4.address}\""
+                      "\"${domain}. AAAA ${ipv6.address}\""
+                    ]) attr.domains
+                  ))
                 ))
               ) my.configurations
             );
@@ -85,10 +87,12 @@ in
                     "\"${ipv4.address} ${domain}\""
                     "\"${ipv6.address} ${domain}\""
                   ]
-                  ++ concatMap (domain: [
-                    "\"${ipv4.address} ${domain}\""
-                    "\"${ipv6.address} ${domain}\""
-                  ]) attr.domains
+                  ++ (optionals (hasAttr "domains" attr) (
+                    concatMap (domain: [
+                      "\"${ipv4.address} ${domain}\""
+                      "\"${ipv6.address} ${domain}\""
+                    ]) attr.domains
+                  ))
                 ))
               ) my.configurations
             );
diff --git a/modules/uptime-kuma.nix b/modules/uptime-kuma.nix
new file mode 100644
index 0000000..5f48d0d
--- /dev/null
+++ b/modules/uptime-kuma.nix
@@ -0,0 +1,49 @@
+{
+  config,
+  lib,
+  libNginx,
+  ...
+}:
+let
+  cfg = config.nixfiles.modules.uptime-kuma;
+in
+{
+  options.nixfiles.modules.uptime-kuma = {
+    enable = lib.mkEnableOption "Uptime Kuma";
+
+    port = lib.mkOption {
+      description = "Port.";
+      type = lib.types.port;
+      default = 9988;
+    };
+
+    domain = lib.mkOption {
+      description = "Domain name sans protocol scheme.";
+      type = lib.types.str;
+      default = "uptime.${config.networking.domain}";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    ark.directories = [
+      "/var/lib/private/uptime-kuma"
+      "/var/lib/uptime-kuma"
+    ];
+
+    nixfiles.modules.nginx = {
+      upstreams.uptime-kuma.servers."127.0.0.1:${toString cfg.port}" = { };
+      virtualHosts.${cfg.domain} = {
+        locations."/".proxyPass = "http://uptime-kuma";
+        extraConfig = libNginx.config.internalOnly;
+      };
+    };
+
+    services.uptime-kuma = {
+      enable = true;
+      settings = {
+        UPTIME_KUMA_HOST = "127.0.0.1";
+        UPTIME_KUMA_PORT = toString cfg.port;
+      };
+    };
+  };
+}
diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix
index edce8e5..124ff78 100644
--- a/modules/vaultwarden.nix
+++ b/modules/vaultwarden.nix
@@ -5,17 +5,16 @@
   this,
   ...
 }:
-with lib;
 let
   cfg = config.nixfiles.modules.vaultwarden;
 in
 {
   options.nixfiles.modules.vaultwarden = {
-    enable = mkEnableOption "Vaultwarden";
+    enable = lib.mkEnableOption "Vaultwarden";
 
-    domain = mkOption {
+    domain = lib.mkOption {
       description = "Domain name sans protocol scheme.";
-      type = with types; str;
+      type = lib.types.str;
       default = "vaultwarden.${config.networking.domain}";
     };
   };
@@ -24,7 +23,7 @@ in
     let
       db = "vaultwarden";
     in
-    mkIf cfg.enable {
+    lib.mkIf cfg.enable {
       ark.directories = [ "/var/lib/bitwarden_rs" ];
 
       secrets.vaultwarden-environment = {
@@ -73,7 +72,7 @@ in
 
             WEB_VAULT_ENABLED = true;
 
-            DOMAIN = optionalString (cfg.domain != null) "http://${cfg.domain}";
+            DOMAIN = lib.optionalString (cfg.domain != null) "http://${cfg.domain}";
 
             SIGNUPS_ALLOWED = false;
             INVITATIONS_ALLOWED = false;
@@ -127,14 +126,14 @@ in
       };
 
       environment.etc = {
-        "fail2ban/filter.d/vaultwarden.conf".text = generators.toINI { } {
+        "fail2ban/filter.d/vaultwarden.conf".text = lib.generators.toINI { } {
           Definition = {
             failregex = "^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$";
             ignoreregex = "";
             journalmatch = "_SYSTEMD_UNIT=vaultwarden.service";
           };
         };
-        "fail2ban/filter.d/vaultwarden-admin.conf".text = generators.toINI { } {
+        "fail2ban/filter.d/vaultwarden-admin.conf".text = lib.generators.toINI { } {
           Definition = {
             failregex = "^.*Invalid admin token\. IP: <ADDR>.*$";
             ignoreregex = "";
@@ -143,9 +142,9 @@ in
         };
       };
 
-      topology = with cfg; {
+      topology = {
         nodes.${this.hostname}.services.vaultwarden = {
-          info = mkForce domain;
+          info = lib.mkForce cfg.domain;
         };
       };
     };
diff --git a/modules/wayland.nix b/modules/wayland.nix
index 7a9820d..f15f66e 100644
--- a/modules/wayland.nix
+++ b/modules/wayland.nix
@@ -15,7 +15,12 @@ in
     nixfiles.modules.foot.enable = true;
 
     hm.home = {
-      packages = with pkgs; [ wl-clipboard ];
+      packages = with pkgs; [
+        grim
+        slurp
+        wl-clipboard
+        wlr-randr
+      ];
 
       sessionVariables.NIXOS_OZONE_WL = 1;
     };
diff --git a/modules/wireguard-ng.nix b/modules/wireguard-ng.nix
new file mode 100644
index 0000000..5374a71
--- /dev/null
+++ b/modules/wireguard-ng.nix
@@ -0,0 +1,255 @@
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  this,
+  ...
+}:
+with lib;
+let
+  cfg = config.nixfiles.modules.wireguard-ng;
+
+  DNSSetup = optionalString config.services.resolved.enable (
+    let
+      resolvectl = "${config.systemd.package}/bin/resolvectl";
+    in
+    ''
+      ${resolvectl} dns ${cfg.interface} ${cfg.server.ipv6.address} ${cfg.server.ipv4.address}
+      ${resolvectl} domain ${cfg.interface} local ${my.domain.shire}
+      ${resolvectl} dnssec ${cfg.interface} no
+      ${resolvectl} dnsovertls ${cfg.interface} no
+    ''
+  );
+in
+{
+  options.nixfiles.modules.wireguard-ng = {
+    client = {
+      enable = mkEnableOption "WireGuard client";
+
+      enableTrafficRouting = mkOption {
+        description = "Whether to enable traffic routing through the sever.";
+        type = with types; bool;
+        # default = !this.isHeadless;
+        default = false;
+      };
+    };
+
+    server = {
+      enable = mkEnableOption "WireGuard server";
+
+      ipv4.address = mkOption {
+        description = "IPv4 address to bind to.";
+        type = with types; str;
+        default = my.configurations.tulkas.wireguard-ng.ipv4.address;
+      };
+
+      ipv6.address = mkOption {
+        description = "IPv4 address to bind to.";
+        type = with types; str;
+        default = my.configurations.tulkas.wireguard-ng.ipv6.address;
+      };
+
+      address = mkOption {
+        description = "Endpoint address to use";
+        type = with types; str;
+        default = my.configurations.tulkas.ipv4.address;
+      };
+
+      port = mkOption {
+        description = "Endpoint port to use.";
+        type = with types; int;
+        default = 7070;
+      };
+
+      publicKey = mkOption {
+        description = "Server's public key.";
+        type = with types; str;
+        default = my.configurations.tulkas.wireguard.publicKey;
+      };
+
+      peers = mkOption {
+        description = "List of peers.";
+        type = with types; listOf attrs;
+        default =
+          mapAttrsToList
+            (
+              _: attr: with attr; {
+                inherit (wireguard-ng) publicKey;
+                allowedIPs = with wireguard-ng; [
+                  "${ipv6.address}/128"
+                  "${ipv4.address}/32"
+                ];
+              }
+            )
+            (
+              filterAttrs (
+                _: attr: attr.hostname != this.hostname && hasAttr "wireguard-ng" attr
+              ) my.configurations
+            );
+      };
+    };
+
+    interface = mkOption {
+      description = "Name of the interface to use WireGuard with.";
+      type = with types; str;
+      default = "wg70";
+    };
+
+    ipv4.subnet = mkOption {
+      description = "CIDR notation for the IPv4 subnet to use over WireGuard.";
+      type = with types; str;
+      default = "10.70.0.0/16";
+    };
+
+    ipv6.subnet = mkOption {
+      description = "CIDR notation for the IPv6 subnet to use over WireGuard.";
+      type = with types; str;
+      default = "fd70::/16";
+    };
+  };
+
+  config =
+    {
+      assertions = [
+        {
+          assertion = config.security.sudo.enable;
+          message = "Sudo is not enabled.";
+        }
+        {
+          assertion = any (x: x == "wheel") config.my.extraGroups;
+          message = ''User is not in the "wheel" group.'';
+        }
+      ];
+    }
+    // mkMerge [
+      (mkIf (cfg.client.enable || cfg.server.enable) {
+        secrets."wireguard-private-key-${this.hostname}".file =
+          "${inputs.self}/secrets/wireguard-private-key-${this.hostname}";
+
+        networking.firewall.trustedInterfaces = [ cfg.interface ];
+
+        topology = with cfg; {
+          nodes.${this.hostname}.interfaces.${interface} = {
+            network = interface;
+            icon = "interfaces.wireguard";
+          };
+        };
+      })
+      (mkIf cfg.client.enable {
+        networking.wg-quick.interfaces.${cfg.interface} = mkMerge [
+          (with this.wireguard-ng; {
+            privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path;
+            address = [
+              "${ipv4.address}/16"
+              "${ipv6.address}/16"
+            ];
+          })
+          (with cfg.server; {
+            peers = [
+              {
+                inherit publicKey;
+                endpoint = "${address}:${toString port}";
+                allowedIPs =
+                  if cfg.client.enableTrafficRouting then
+                    [
+                      "::/0"
+                      "0.0.0.0/0"
+                    ]
+                  else
+                    [
+                      cfg.ipv6.subnet
+                      cfg.ipv4.subnet
+                    ];
+              }
+            ];
+            dns = [
+              ipv6.address
+              ipv4.address
+            ];
+            postUp = DNSSetup;
+          })
+        ];
+
+        environment.systemPackages = with pkgs; [
+          (writeShellApplication {
+            name = "wg-toggle-ng";
+            runtimeInputs = [
+              iproute2
+              jq
+            ];
+            text = ''
+              ip46() {
+                sudo ip -4 "$@"
+                sudo ip -6 "$@"
+              }
+
+              fwmark=$(sudo awg show ${cfg.interface} fwmark) || exit
+              if ip -j rule list lookup "$fwmark" | jq -e 'length > 0' >/dev/null; then
+                ip46 rule del lookup main suppress_prefixlength 0
+                ip46 rule del lookup "$fwmark"
+              else
+                ip46 rule add not fwmark "$fwmark" lookup "$fwmark"
+                ip46 rule add lookup main suppress_prefixlength 0
+              fi
+            '';
+          })
+        ];
+      })
+      (mkIf cfg.server.enable {
+        networking = {
+          wireguard = {
+            enable = true;
+            interfaces.${cfg.interface} = with cfg.server; {
+              privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path;
+              ips = [
+                "${ipv6.address}/16"
+                "${ipv4.address}/16"
+              ];
+              listenPort = port;
+              inherit peers;
+              postSetup = DNSSetup;
+              allowedIPsAsRoutes = false;
+            };
+          };
+
+          nat = {
+            enable = true;
+            enableIPv6 = true;
+
+            externalInterface = mkDefault "eth0";
+
+            internalInterfaces = [ cfg.interface ];
+            internalIPs = [ cfg.ipv4.subnet ];
+            internalIPv6s = [ cfg.ipv6.subnet ];
+          };
+
+          firewall.allowedUDPPorts = [ cfg.server.port ];
+        };
+
+        services.prometheus.exporters.wireguard = {
+          enable = true;
+          listenAddress = mkDefault this.wireguard-ng.ipv4.address;
+          withRemoteIp = true;
+          port = 9586;
+        };
+
+        topology = with cfg; {
+          networks = {
+            ${interface} = {
+              name = interface;
+              cidrv4 = ipv4.subnet;
+              cidrv6 = ipv6.subnet;
+              icon = "interfaces.wireguard";
+            };
+          };
+
+          nodes.${this.hostname}.interfaces.${interface}.physicalConnections =
+            mapAttrsToList (name: _: config.lib.topology.mkConnection name interface)
+              (
+                filterAttrs (n: v: !v.isOther && n != this.hostname && hasAttr "wireguard-ng" v) my.configurations
+              );
+        };
+      })
+    ];
+}
diff --git a/modules/wireguard.nix b/modules/wireguard.nix
index 3589e12..633ec5b 100644
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@@ -10,16 +10,29 @@ with lib;
 let
   cfg = config.nixfiles.modules.wireguard;
 
-  DNSSetup =
+  DNSSetup = optionalString config.services.resolved.enable (
     let
       resolvectl = "${config.systemd.package}/bin/resolvectl";
     in
     ''
       ${resolvectl} dns ${cfg.interface} ${cfg.server.ipv6.address} ${cfg.server.ipv4.address}
-      ${resolvectl} domain ${cfg.interface} ${my.domain.shire}
+      ${resolvectl} domain ${cfg.interface} local ${my.domain.shire}
       ${resolvectl} dnssec ${cfg.interface} no
       ${resolvectl} dnsovertls ${cfg.interface} no
-    '';
+    ''
+  );
+
+  extraOptions = {
+    jc = 23;
+    jmin = 58;
+    jmax = 1021;
+    s1 = 49;
+    s2 = 87;
+    h1 = 1264154357;
+    h2 = 462401493;
+    h3 = 737329836;
+    h4 = 1039929807;
+  };
 in
 {
   disabledModules = [
@@ -129,7 +142,8 @@ in
     }
     // mkMerge [
       (mkIf (cfg.client.enable || cfg.server.enable) {
-        secrets."wireguard-private-key-${this.hostname}".file = "${inputs.self}/secrets/wireguard-private-key-${this.hostname}";
+        secrets."wireguard-private-key-${this.hostname}".file =
+          "${inputs.self}/secrets/wireguard-private-key-${this.hostname}";
 
         networking.firewall.trustedInterfaces = [ cfg.interface ];
 
@@ -149,13 +163,7 @@ in
               "${ipv4.address}/16"
               "${ipv6.address}/16"
             ];
-            extraInterfaceConfig = ''
-              jc = 228
-              jmin = 42
-              jmax = 420
-              s1 = 69
-              s2 = 96
-            '';
+            inherit extraOptions;
           })
           (with cfg.server; {
             peers = [
@@ -221,17 +229,8 @@ in
                 "${ipv4.address}/16"
               ];
               listenPort = port;
-              inherit peers;
-              postSetup =
-                DNSSetup
-                + ''
-                  awg set ${cfg.interface} \
-                    jc 228 \
-                    jmin 42 \
-                    jmax 420 \
-                    s1 69 \
-                    s2 96
-                '';
+              inherit peers extraOptions;
+              postSetup = DNSSetup;
               allowedIPsAsRoutes = false;
             };
           };
diff --git a/overlays.nix b/overlays.nix
index 18fe174..71735cc 100644
--- a/overlays.nix
+++ b/overlays.nix
@@ -1,12 +1,11 @@
 {
-  inputs,
   lib,
   ...
 }:
 {
   default =
     final: prev:
-    lib.infuse.v1.infuse prev {
+    lib.infuse prev {
       bruh = _: prev.callPackage ./packages/bruh.nix { };
 
       emacsql-sqlite = _: prev.callPackage ./packages/emacsql-sqlite.nix { };
@@ -63,27 +62,27 @@
 
       openssl_1_0_0 = _: prev.callPackage ./packages/openssl_1_0_0.nix { };
 
-      telegram-desktop = {
-        __input.stdenv = stdenv: final.useMoldLinker stdenv;
-        __output.patches.__append =
-          let
-            patches = "https://raw.githubusercontent.com/msva/mva-overlay/4c89938831bcce03fae22081809e53a47bdee31b/net-im/telegram-desktop/files/patches/0/conditional";
-          in
-          [
-            (prev.fetchpatch {
-              url = "${patches}/tdesktop_patches_hide-sponsored-messages/0000-data_data_sponsored_messages.cpp.patch";
-              hash = "sha256-vVucKG0YNY41MVdqibhKfxL/2/nNPPtYw+otwat971U=";
-            })
-            (prev.fetchpatch {
-              url = "${patches}/tdesktop_patches_allow-disable-stories/option-to-disable-stories.patch";
-              hash = "sha256-ctL9wIn3cLtqgCcQFNnx7WQuBw+9IjDlMJUicmVt8no=";
-            })
-            (prev.fetchpatch {
-              url = "${patches}/tdesktop_patches_hide-banned/0000_hide-messages-from-blocked-users.patch";
-              hash = "sha256-61U3wQsUdLvB4ymHPjVecw9WvhW8W/V0Jf1cnvYUkHk=";
-            })
-          ];
-      };
+      # telegram-desktop = {
+      #   __input.stdenv = stdenv: final.useMoldLinker stdenv;
+      #   __output.patches.__append =
+      #     let
+      #       patches = "https://raw.githubusercontent.com/msva/mva-overlay/4c89938831bcce03fae22081809e53a47bdee31b/net-im/telegram-desktop/files/patches/0/conditional";
+      #     in
+      #     [
+      #       (prev.fetchpatch {
+      #         url = "${patches}/tdesktop_patches_hide-sponsored-messages/0000-data_data_sponsored_messages.cpp.patch";
+      #         hash = "sha256-vVucKG0YNY41MVdqibhKfxL/2/nNPPtYw+otwat971U=";
+      #       })
+      #       (prev.fetchpatch {
+      #         url = "${patches}/tdesktop_patches_allow-disable-stories/option-to-disable-stories.patch";
+      #         hash = "sha256-ctL9wIn3cLtqgCcQFNnx7WQuBw+9IjDlMJUicmVt8no=";
+      #       })
+      #       (prev.fetchpatch {
+      #         url = "${patches}/tdesktop_patches_hide-banned/0000_hide-messages-from-blocked-users.patch";
+      #         hash = "sha256-61U3wQsUdLvB4ymHPjVecw9WvhW8W/V0Jf1cnvYUkHk=";
+      #       })
+      #     ];
+      # };
 
       vesktop = {
         __input = {
@@ -102,42 +101,5 @@
           '';
         };
       };
-
-      # TODO Can this be infused?
-      linuxPackages_latest =
-        _:
-        prev.linuxPackages_latest.extend (
-          self: _: {
-            amneziawg =
-              inputs.nixpkgs-amneziawg.legacyPackages.${final.system}.linuxPackages_latest.amneziawg.override
-                {
-                  inherit (self) kernel;
-                };
-          }
-        );
-      linuxPackages_hardened =
-        _:
-        prev.linuxPackages_hardened.extend (
-          self: _: {
-            amneziawg =
-              inputs.nixpkgs-amneziawg.legacyPackages.${final.system}.linuxPackages_hardened.amneziawg.override
-                {
-                  inherit (self) kernel;
-                };
-          }
-        );
-      linuxPackages_xanmod_latest =
-        _:
-        prev.linuxPackages_xanmod_latest.extend (
-          self: _: {
-            amneziawg =
-              inputs.nixpkgs-amneziawg.legacyPackages.${final.system}.linuxPackages_xanmod_latest.amneziawg.override
-                {
-                  inherit (self) kernel;
-                };
-          }
-        );
-      amneziawg-go = _: inputs.nixpkgs-amneziawg.legacyPackages.${final.system}.amneziawg-go;
-      amneziawg-tools = _: inputs.nixpkgs-amneziawg.legacyPackages.${final.system}.amneziawg-tools;
     };
 }
diff --git a/packages/hiccup.nix b/packages/hiccup.nix
index b0dc64d..f74de74 100644
--- a/packages/hiccup.nix
+++ b/packages/hiccup.nix
@@ -5,16 +5,16 @@
 }:
 buildNpmPackage rec {
   pname = "hiccup";
-  version = "0.4.3";
+  version = "0.5.0";
 
   src = fetchFromGitHub {
     owner = "ashwin-pc";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-JLuXQ4jZHI9wF1fgnnBPH/TaTHJL/zGCSuKc9hy4e28=";
+    hash = "sha256-krtV//cVBt3EFzVZy9e55LJokDBSsr1xdNTKNOFFxbM=";
   };
 
-  npmDepsHash = "sha256-YPj7tzMUh56rJfxOVhye4cK6VS0azA/LiE9DMweGLuw=";
+  npmDepsHash = "sha256-zxpimQtX03/+0/DgeQEDia82LAd14R4HcGFgASLevHE=";
 
   CYPRESS_INSTALL_BINARY = "0";
 

Consider giving Nix/NixOS a try! <3