about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--configurations/manwe/mailserver.nix148
-rw-r--r--configurations/manwe/webserver.nix4
-rw-r--r--configurations/melian/default.nix100
-rw-r--r--flake.lock189
-rw-r--r--flake.nix84
-rw-r--r--modules/nixfiles/alertmanager.nix4
-rw-r--r--modules/nixfiles/aria2.nix49
-rw-r--r--modules/nixfiles/beets.nix2
-rw-r--r--modules/nixfiles/common/networking.nix92
-rw-r--r--modules/nixfiles/common/nix/default.nix26
-rw-r--r--modules/nixfiles/common/shell/default.nix2
-rw-r--r--modules/nixfiles/emacs/default.nix16
-rw-r--r--modules/nixfiles/emacs/doom/config.el6
-rw-r--r--modules/nixfiles/firefox/default.nix17
-rw-r--r--modules/nixfiles/firefox/userContent.css66
-rw-r--r--modules/nixfiles/games/minecraft.nix4
-rw-r--r--modules/nixfiles/gotify.nix8
-rw-r--r--modules/nixfiles/grafana.nix8
-rw-r--r--modules/nixfiles/ipfs.nix6
-rw-r--r--modules/nixfiles/kde.nix7
-rw-r--r--modules/nixfiles/loki.nix4
-rw-r--r--modules/nixfiles/mpd.nix2
-rw-r--r--modules/nixfiles/nginx.nix3
-rw-r--r--modules/nixfiles/nmap.nix9
-rw-r--r--modules/nixfiles/nsd.nix2
-rw-r--r--modules/nixfiles/profiles/dev/containers.nix32
-rw-r--r--modules/nixfiles/profiles/headful.nix12
-rw-r--r--modules/nixfiles/prometheus.nix4
-rw-r--r--modules/nixfiles/psd.nix8
-rw-r--r--modules/nixfiles/radicale.nix4
-rw-r--r--modules/nixfiles/rss-bridge.nix15
-rw-r--r--modules/nixfiles/rtorrent.nix16
-rw-r--r--modules/nixfiles/searx.nix4
-rw-r--r--modules/nixfiles/syncthing.nix6
-rw-r--r--modules/nixfiles/xmonad.nix3
35 files changed, 518 insertions, 444 deletions
diff --git a/configurations/manwe/mailserver.nix b/configurations/manwe/mailserver.nix
index 83713f9..966c21c 100644
--- a/configurations/manwe/mailserver.nix
+++ b/configurations/manwe/mailserver.nix
@@ -7,90 +7,90 @@
 with lib; {
   imports = [inputs.simple-nixos-mailserver.nixosModule];
 
-  config = {
-    secrets = {
-      dkim-key-azahi-cc = {
-        file = "${inputs.self}/secrets/dkim-key-azahi-cc";
-        path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key";
-        owner = "opendkim";
-        group = "opendkim";
-      };
-      dkim-key-rohan-net = {
-        file = "${inputs.self}/secrets/dkim-key-rohan-net";
-        path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key";
-        owner = "opendkim";
-        group = "opendkim";
-      };
-      dkim-key-gondor-net = {
-        file = "${inputs.self}/secrets/dkim-key-gondor-net";
-        path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key";
-        owner = "opendkim";
-        group = "opendkim";
-      };
-      dkim-key-shire-me = {
-        file = "${inputs.self}/secrets/dkim-key-shire-me";
-        path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key";
-        owner = "opendkim";
-        group = "opendkim";
-      };
+  secrets = {
+    dkim-key-azahi-cc = {
+      file = "${inputs.self}/secrets/dkim-key-azahi-cc";
+      path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key";
+      owner = "opendkim";
+      group = "opendkim";
+    };
+    dkim-key-rohan-net = {
+      file = "${inputs.self}/secrets/dkim-key-rohan-net";
+      path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key";
+      owner = "opendkim";
+      group = "opendkim";
+    };
+    dkim-key-gondor-net = {
+      file = "${inputs.self}/secrets/dkim-key-gondor-net";
+      path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key";
+      owner = "opendkim";
+      group = "opendkim";
+    };
+    dkim-key-shire-me = {
+      file = "${inputs.self}/secrets/dkim-key-shire-me";
+      path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key";
+      owner = "opendkim";
+      group = "opendkim";
     };
+  };
 
-    nixfiles.modules.acme.enable = true;
+  nixfiles.modules.acme.enable = true;
 
-    mailserver = let
-      cert = config.certs.${my.domain.shire};
-    in {
-      enable = true;
+  mailserver = let
+    cert = config.certs.${my.domain.shire};
+  in {
+    enable = true;
 
-      fqdn = config.networking.domain;
-      domains = with my.domain; [azahi gondor rohan shire];
+    fqdn = config.networking.domain;
+    domains = with my.domain; [azahi gondor rohan shire];
 
-      localDnsResolver = false;
+    localDnsResolver = false;
 
-      certificateScheme = 1;
-      certificateFile = "${cert.directory}/fullchain.pem";
-      keyFile = "${cert.directory}/key.pem";
+    certificateScheme = 1;
+    certificateFile = "${cert.directory}/fullchain.pem";
+    keyFile = "${cert.directory}/key.pem";
 
-      lmtpSaveToDetailMailbox = "no";
+    lmtpSaveToDetailMailbox = "no";
 
-      loginAccounts = with my.domain; {
-        "azahi@${shire}" = {
-          hashedPassword = "@HASHED_PASSWORD@";
-          aliases = [
-            "@${azahi}"
-            "@${rohan}"
-            "@${gondor}"
-            "abuse@${shire}"
-            "admin@${shire}"
-            "ceo@${shire}"
-            "postmaster@${shire}"
-          ];
-        };
-        "samwise@${shire}" = {
-          hashedPassword = "@HASHED_PASSWORD@";
-          aliases = ["chad@${shire}"];
-          quota = "1G";
-        };
-        "pippin@${shire}" = {
-          hashedPassword = "@HASHED_PASSWORD@";
-          quota = "1G";
-        };
-        "meriadoc@${shire}" = {
-          hashedPassword = "@HASHED_PASSWORD@";
-          quota = "1G";
-        };
+    loginAccounts = with my.domain; {
+      "azahi@${shire}" = {
+        hashedPassword = "@HASHED_PASSWORD@";
+        aliases = [
+          "@${azahi}"
+          "@${rohan}"
+          "@${gondor}"
+          "abuse@${shire}"
+          "admin@${shire}"
+          "ceo@${shire}"
+          "postmaster@${shire}"
+        ];
+      };
+      "samwise@${shire}" = {
+        hashedPassword = "@HASHED_PASSWORD@";
+        aliases = ["chad@${shire}"];
+        quota = "1G";
+      };
+      "pippin@${shire}" = {
+        hashedPassword = "@HASHED_PASSWORD@";
+        quota = "1G";
+      };
+      "meriadoc@${shire}" = {
+        hashedPassword = "@HASHED_PASSWORD@";
+        quota = "1G";
       };
     };
+  };
 
-    services.fail2ban.jails = {
-      dovecot = ''
-        enabled = true
-        mode = aggressive
-      '';
-      postfix = ''
-        enabled = true
-        mode = aggressive
-      '';
-    };
+  services.fail2ban.jails = {
+    dovecot = ''
+      enabled = true
+      mode = aggressive
+    '';
+    postfix = ''
+      enabled = true
+      mode = aggressive
+    '';
   };
+
+  system.extraDependencies = [inputs.simple-nixos-mailserver];
 }
diff --git a/configurations/manwe/webserver.nix b/configurations/manwe/webserver.nix
index dde3e63..e1ee425 100644
--- a/configurations/manwe/webserver.nix
+++ b/configurations/manwe/webserver.nix
@@ -4,7 +4,7 @@
   ...
 }:
 with lib; {
-  config.nixfiles.modules.nginx.virtualHosts = with my.domain;
+  nixfiles.modules.nginx.virtualHosts = with my.domain;
     {
       ${shire}.locations."/".return = "301 https://www.youtube.com/watch?v=dQw4w9WgXcQ";
       "git.${shire}".locations."/".return = "301 https://git.${azahi}";
@@ -20,4 +20,6 @@ with lib; {
       ${gondor}.locations."/".return = concatStrings [frodo gondor];
       ${rohan}.locations."/".return = concatStrings [frodo rohan];
     });
+
+  system.extraDependencies = [inputs.azahi-cc];
 }
diff --git a/configurations/melian/default.nix b/configurations/melian/default.nix
index 3ef0e46..bfdc42e 100644
--- a/configurations/melian/default.nix
+++ b/configurations/melian/default.nix
@@ -1,4 +1,5 @@
 {
+  config,
   lib,
   pkgs,
   ...
@@ -14,6 +15,7 @@ with lib; {
 
     syncthing.enable = true;
 
+    android.enable = true;
     beets.enable = true;
     bluetooth.enable = true;
     libvirtd.enable = true;
@@ -29,6 +31,68 @@ with lib; {
       wlan0.useDHCP = true;
     };
 
+    networkmanager = {
+      enable = true;
+      wifi.backend = "iwd";
+
+      # Spent three days trying to make this work but still getting "No SSO
+      # handler" even on the HEAD version that 100% has SSO support baked in.
+      # It's all so tiresome[1]... aaand KDE is not supported[2].
+      #
+      # I fucking hate AnyConnect, truly an example of how shit is is non-free
+      # software. SAML also sucks balls. I also hate my company for using this
+      # shit, guess I have no other choice but to use the absolute dogshit
+      # Ubuntu laptop they gave me.
+      #
+      # [1]: https://gitlab.gnome.org/GNOME/NetworkManager-openconnect
+      # [1]: https://gitlab.com/openconnect/openconnect/-/issues/424
+      # [2]: https://groups.google.com/g/linux.debian.bugs.dist/c/lK8u-LMY7n4
+      # [2]: https://bugs.kde.org/show_bug.cgi?id=448153
+      #
+      # plugins = with pkgs; [
+      #   ((networkmanager-openconnect.override {
+      #     withGnome = false;
+      #     openconnect = openconnect.overrideAttrs (_: super: {
+      #       version = "unstable-2022-10-23";
+      #       src = fetchFromGitLab {
+      #         owner = "openconnect";
+      #         repo = "openconnect";
+      #         rev = "acdfc753f7885b2a539f99036ac41ba1b78cc7ae";
+      #         hash = "sha256-ub+Z4WFD77h5YMQTb+TLc7EyY2KjBWglF1QVTirCHJM=";
+      #       };
+      #     });
+      #   }).overrideAttrs (_: super: {
+      #     version = "unstable-2022-09-10";
+      #     src = fetchFromGitLab {
+      #       domain = "gitlab.gnome.org";
+      #       owner = "GNOME";
+      #       repo = "NetworkManager-openconnect";
+      #       rev = "3c1590786518e9acca33c250660ad21cae565acd";
+      #       hash = "sha256-YTUN46QHsHkXPAhImPG/MMLMqjlSRknapVO8u43nnWk=";
+      #     };
+      #     buildInputs = super.buildInputs ++ [
+      #       (webkitgtk_4_1.override {
+      #         libsoup = gnome.libsoup;
+      #       })
+      #     ];
+      #     nativeBuildInputs = super.nativeBuildInputs ++ [
+      #       autoreconfHook
+      #     ];
+      #     postPatch = ''
+      #       substituteInPlace configure.ac \
+      #         --replace "PKG_CHECK_MODULES(LIBSECRET, libsecret-1 >= 0.18)" ""
+      #     '';
+      #     preAutoreconf = ''
+      #       autoupdate
+      #     '';
+      #     preConfigure = ''
+      #       NOCONFIGURE=x ./autogen.sh
+      #       touch gtk4/nm-openconnect-dialog.ui
+      #     '';
+      #   }))
+      # ];
+    };
+
     wireless = {
       enable = false;
       iwd.enable = true;
@@ -59,23 +123,27 @@ with lib; {
     powerUpCommands = "${modprobe} xhci_pci";
   };
 
-  services.thinkfan = {
-    enable = true;
-
-    settings = {
-      sensors = [
-        {
-          hwmon = "/sys/class/hwmon";
-          name = "coretemp";
-          indices = [1];
-        }
-      ];
-      fans = [{tpacpi = "/proc/acpi/ibm/fan";}];
-      levels = [
-        ["level auto" 0 50]
-        ["level disengaged" 50 32767]
-      ];
+  services = {
+    thinkfan = {
+      enable = true;
+
+      settings = {
+        sensors = [
+          {
+            hwmon = "/sys/class/hwmon";
+            name = "coretemp";
+            indices = [1];
+          }
+        ];
+        fans = [{tpacpi = "/proc/acpi/ibm/fan";}];
+        levels = [
+          ["level auto" 0 50]
+          ["level disengaged" 50 32767]
+        ];
+      };
     };
+
+    fwupd.enable = true;
   };
 
   boot = {
diff --git a/flake.lock b/flake.lock
index 9e4a3cf..4b17572 100644
--- a/flake.lock
+++ b/flake.lock
@@ -280,11 +280,11 @@
     "azahi-cc": {
       "flake": false,
       "locked": {
-        "lastModified": 1663794131,
-        "narHash": "sha256-HPgP6ay74LsG0nEERVmbl3l2kBTVqTtzvUyJYQIzJMI=",
+        "lastModified": 1667813970,
+        "narHash": "sha256-gQG7yukKNbc1OIdi/Uh+/EyKtFfB0AMqCaqmWFJnqkc=",
         "ref": "master",
-        "rev": "8179ba2c314bca033e40c117e0fa2d3736be9508",
-        "revCount": 13,
+        "rev": "3ee6367deea23cc59c73bc031367be0267b9d7c2",
+        "revCount": 14,
         "type": "git",
         "url": "https://git.azahi.cc/azahi-cc"
       },
@@ -337,17 +337,17 @@
     "doom-emacs": {
       "flake": false,
       "locked": {
-        "lastModified": 1660901074,
-        "narHash": "sha256-3apl0eQlfBj3y0gDdoPp2M6PXYnhxs0QWOHp8B8A9sc=",
+        "lastModified": 1662497747,
+        "narHash": "sha256-4n7E1fqda7cn5/F2jTkOnKw1juG6XMS/FI9gqODL3aU=",
         "owner": "doomemacs",
         "repo": "doomemacs",
-        "rev": "c44bc81a05f3758ceaa28921dd9c830b9c571e61",
+        "rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac",
         "type": "github"
       },
       "original": {
         "owner": "doomemacs",
-        "ref": "master",
         "repo": "doomemacs",
+        "rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac",
         "type": "github"
       }
     },
@@ -377,11 +377,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1666641778,
-        "narHash": "sha256-C5EHT/gi7FtEiPnKDUT2GK0/v46xXMIY8FgNsOHHCS0=",
+        "lastModified": 1667882772,
+        "narHash": "sha256-hoVW9/xcfZTsKn++nGYwEMgBLfh+iq7i8+eEcAhOxy0=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "58d63216b84f9399db23048c537ee7c5d1842524",
+        "rev": "f04cb6f6724ba4568a7f6dae0863e507477667b7",
         "type": "github"
       },
       "original": {
@@ -499,7 +499,6 @@
       },
       "original": {
         "owner": "edolstra",
-        "ref": "master",
         "repo": "flake-compat",
         "type": "github"
       }
@@ -523,11 +522,11 @@
     },
     "flake-utils": {
       "locked": {
-        "lastModified": 1659877975,
-        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
         "type": "github"
       },
       "original": {
@@ -537,27 +536,6 @@
         "type": "github"
       }
     },
-    "flake-utils-plus": {
-      "inputs": {
-        "flake-utils": [
-          "flake-utils"
-        ]
-      },
-      "locked": {
-        "lastModified": 1657226504,
-        "narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=",
-        "owner": "gytis-ivaskevicius",
-        "repo": "flake-utils-plus",
-        "rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "gytis-ivaskevicius",
-        "ref": "master",
-        "repo": "flake-utils-plus",
-        "type": "github"
-      }
-    },
     "format-all": {
       "flake": false,
       "locked": {
@@ -585,11 +563,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1666558342,
-        "narHash": "sha256-qiH0Zgig28yaSyebehrrYiX1y53Y/xFcQW+EFMRSVI0=",
+        "lastModified": 1667898954,
+        "narHash": "sha256-VqHVeoxcOl9M6yQ+LV3yTWMb0h5Rl5yixn9PCY/MJJo=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "186d9399f9eb64fb06ea4385732c1cf1624ae2b6",
+        "rev": "d20e3d070c78271356a2d5d73c01f1de94586087",
         "type": "github"
       },
       "original": {
@@ -599,22 +577,6 @@
         "type": "github"
       }
     },
-    "libnbtplusplus": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1650031308,
-        "narHash": "sha256-TvVOjkUobYJD9itQYueELJX3wmecvEdCbJ0FinW2mL4=",
-        "owner": "PolyMC",
-        "repo": "libnbtplusplus",
-        "rev": "2203af7eeb48c45398139b583615134efd8d407f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "PolyMC",
-        "repo": "libnbtplusplus",
-        "type": "github"
-      }
-    },
     "master": {
       "flake": false,
       "locked": {
@@ -644,9 +606,7 @@
         "evil-org-mode": "evil-org-mode",
         "evil-quick-diff": "evil-quick-diff",
         "explain-pause-mode": "explain-pause-mode",
-        "flake-compat": [
-          "flake-compat"
-        ],
+        "flake-compat": "flake-compat",
         "flake-utils": [
           "flake-utils"
         ],
@@ -668,11 +628,11 @@
         "ws-butler": "ws-butler"
       },
       "locked": {
-        "lastModified": 1666606461,
-        "narHash": "sha256-YNbI/dDtrzkSqJ2hi7UFbwmBRasHVE28n8IOgwhh4FA=",
+        "lastModified": 1667731647,
+        "narHash": "sha256-E/Y5yxX8u0RlLt07PJoQ+QAYMbbL19WayLU/SJDtnMw=",
         "owner": "nix-community",
         "repo": "nix-doom-emacs",
-        "rev": "4ae03d1dc2d8bf6daeda4f28be793ed2b82147bd",
+        "rev": "c38ccd08345f58001cac2c2578e71d3f29b59bc0",
         "type": "github"
       },
       "original": {
@@ -682,38 +642,14 @@
         "type": "github"
       }
     },
-    "nix-minecraft-servers": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "utils": [
-          "flake-utils-plus"
-        ]
-      },
-      "locked": {
-        "lastModified": 1666577326,
-        "narHash": "sha256-wvHTJ+0UBEysXE+TiQOG6oaZEcwC9IQeBwW/8aGS7OE=",
-        "owner": "jyooru",
-        "repo": "nix-minecraft-servers",
-        "rev": "12013698438fc2a68cc5b15a67b778b3a7c7d393",
-        "type": "github"
-      },
-      "original": {
-        "owner": "jyooru",
-        "ref": "main",
-        "repo": "nix-minecraft-servers",
-        "type": "github"
-      }
-    },
     "nix-straight": {
       "flake": false,
       "locked": {
-        "lastModified": 1656684255,
-        "narHash": "sha256-ZefQiv4Ipu2VkLjs1oyelTLU7kBVJgkcQd+yBpJU0yo=",
+        "lastModified": 1666982610,
+        "narHash": "sha256-xjgIrmUsekVTE+MpZb5DMU8DQf9DJ/ZiR0o30L9/XCc=",
         "owner": "nix-community",
         "repo": "nix-straight.el",
-        "rev": "fb8dd5c44cde70abd13380766e40af7a63888942",
+        "rev": "ad10364d64f472c904115fd38d194efe1c3f1226",
         "type": "github"
       },
       "original": {
@@ -724,11 +660,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1665987993,
-        "narHash": "sha256-MvlaIYTRiqefG4dzI5p6vVCfl+9V8A1cPniUjcn6Ngc=",
+        "lastModified": 1667768008,
+        "narHash": "sha256-PGbX0s2hhXGnZDFVE6UIhPSOf5YegpWs5dUXpT/14F0=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "0e6593630071440eb89cd97a52921497482b22c6",
+        "rev": "f6483e0def85efb9c1e884efbaff45a5e7aabb34",
         "type": "github"
       },
       "original": {
@@ -740,11 +676,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1666603677,
-        "narHash": "sha256-apAEIj+z1iwMaMJ4tB21r/VTetfGDLDzuhXRHJknIAU=",
+        "lastModified": 1667758139,
+        "narHash": "sha256-CbDAP6wttlaVs9s4DPZlJ5Wf6Ozz9lX7SdJVtFA8cAo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "074da18a72269cc5a6cf444dce42daea5649b2fe",
+        "rev": "8993cc730d11148ef59e84a8f15f94f688e1bfd1",
         "type": "github"
       },
       "original": {
@@ -756,11 +692,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1666646783,
-        "narHash": "sha256-ywmovc9Fr3S0Ka+ljaKTkSN+8NXvblOG/UDkZbkD/cc=",
+        "lastModified": 1667897130,
+        "narHash": "sha256-s8gf6ysK3q6GigxUgaLp1NPH12Tz74ycAb8arlDFNVE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f6f42f3fcf4af3706461b902177b9caeb6aabfca",
+        "rev": "12ac168cc776030ada752deb43da8cc751074748",
         "type": "github"
       },
       "original": {
@@ -772,11 +708,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1666610816,
-        "narHash": "sha256-q4F2VNe5bpxXOvp16DyLwE1SgNZMbNO29ZQJPIomedg=",
+        "lastModified": 1667896688,
+        "narHash": "sha256-gB30K2usfzeWZ9VsP92NmAGr/mEZ1IJ0Hkpq587ZzCY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "6107f97012a0c134c5848125b5aa1b149b76d2c9",
+        "rev": "67bcb74195474ebdd667c7844fcfe649e8a1ff32",
         "type": "github"
       },
       "original": {
@@ -806,11 +742,11 @@
     "nmap-vulscan": {
       "flake": false,
       "locked": {
-        "lastModified": 1646989909,
-        "narHash": "sha256-hV9gCEQwoA2l7eg2pKFmZeUdPkzeF9tnWTswgw0P4A8=",
+        "lastModified": 1667425422,
+        "narHash": "sha256-NqRDzajxQilkvqfgRCjtplpSu4Q0fun0W3+IaK1aYWc=",
         "owner": "scipag",
         "repo": "vulscan",
-        "rev": "64bd0049894431d81517801c42b8585f9064a043",
+        "rev": "a89e5b1372dfb2c07b37907537ac10a576532adf",
         "type": "github"
       },
       "original": {
@@ -838,11 +774,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1666640642,
-        "narHash": "sha256-jMqV8vRro+F2Y6ge2caf3h6ZitKH/IiYLH3Wzd6rm6Q=",
+        "lastModified": 1667890820,
+        "narHash": "sha256-pGp7GQdMM2xGR/v72v6+d3PeZ5UxnIxsZL9lXfHCJhY=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "17e3882babed0b965175b5c1f144bc3e052b8404",
+        "rev": "744f97297a0eb816aa5c272c4bc795eb4a4f3523",
         "type": "github"
       },
       "original": {
@@ -871,11 +807,11 @@
     "org": {
       "flake": false,
       "locked": {
-        "lastModified": 1666258795,
-        "narHash": "sha256-k2FbWk4OJKZbih3pTvJYxkaXuauWsuaXXthV54UFqCM=",
+        "lastModified": 1666586252,
+        "narHash": "sha256-cwYEMnsv8kreTPKslM2yz59I4zm331w4WU4OHGzcslc=",
         "owner": "emacs-straight",
         "repo": "org-mode",
-        "rev": "98cae03b7d9a612334d5ea461e73ac0b37b0285d",
+        "rev": "48b237d9e21a4edf528d4bd1ed99d1f3757e4931",
         "type": "github"
       },
       "original": {
@@ -932,31 +868,6 @@
         "type": "github"
       }
     },
-    "pollymc": {
-      "inputs": {
-        "flake-compat": [
-          "flake-compat"
-        ],
-        "libnbtplusplus": "libnbtplusplus",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1662670318,
-        "narHash": "sha256-SZdKI85G+Aa9Oz3FgZydpKfAjyG3ZcF4ZE0jv2pG6wE=",
-        "owner": "fn2006",
-        "repo": "PollyMC",
-        "rev": "d2a9dd88db564cf31b600ef2828d7636bffdcb52",
-        "type": "github"
-      },
-      "original": {
-        "owner": "fn2006",
-        "ref": "1.4.2",
-        "repo": "PollyMC",
-        "type": "github"
-      }
-    },
     "pre-commit-hooks": {
       "inputs": {
         "flake-utils": [
@@ -967,11 +878,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1666604592,
-        "narHash": "sha256-Bxy7xeVAwC0yxFaeYZM7N9Us/ebxpMC9TCceKEFeay4=",
+        "lastModified": 1667760143,
+        "narHash": "sha256-+X5CyeNEKp41bY/I1AJgW/fn69q5cLJ1bgiaMMCKB3M=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "1b436f36e2812c589e6d830e3223059ea9661100",
+        "rev": "06f48d63d473516ce5b8abe70d15be96a0147fcd",
         "type": "github"
       },
       "original": {
@@ -1004,13 +915,10 @@
         "azahi-cc": "azahi-cc",
         "dns-nix": "dns-nix",
         "emacs-overlay": "emacs-overlay",
-        "flake-compat": "flake-compat",
         "flake-registry": "flake-registry",
         "flake-utils": "flake-utils",
-        "flake-utils-plus": "flake-utils-plus",
         "home-manager": "home-manager",
         "nix-doom-emacs": "nix-doom-emacs",
-        "nix-minecraft-servers": "nix-minecraft-servers",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "nixpkgs-master": "nixpkgs-master",
@@ -1018,7 +926,6 @@
         "nmap-vulners": "nmap-vulners",
         "nmap-vulscan": "nmap-vulscan",
         "nur": "nur",
-        "pollymc": "pollymc",
         "pre-commit-hooks": "pre-commit-hooks",
         "simple-nixos-mailserver": "simple-nixos-mailserver",
         "xmonad-ng": "xmonad-ng"
diff --git a/flake.nix b/flake.nix
index f5b1a48..39cd74a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -84,33 +84,43 @@
       ref = "master";
       inputs = {
         emacs-overlay.follows = "emacs-overlay";
-        flake-compat.follows = "flake-compat";
         flake-utils.follows = "flake-utils";
         nixpkgs.follows = "nixpkgs";
       };
     };
 
-    nix-minecraft-servers = {
-      type = "github";
-      owner = "jyooru";
-      repo = "nix-minecraft-servers";
-      ref = "main";
-      inputs = {
-        nixpkgs.follows = "nixpkgs";
-        utils.follows = "flake-utils-plus";
-      };
-    };
+    # nil = {
+    #   type = "github";
+    #   owner = "oxalica";
+    #   repo = "nil";
+    #   ref = "main";
+    #   inputs = {
+    #     flake-utils.follows = "flake-utils";
+    #     nixpkgs.follows = "nixpkgs";
+    #   };
+    # };
 
-    pollymc = {
-      type = "github";
-      owner = "fn2006";
-      repo = "PollyMC";
-      ref = "1.4.2";
-      inputs = {
-        flake-compat.follows = "flake-compat";
-        nixpkgs.follows = "nixpkgs";
-      };
-    };
+    # nix-minecraft-servers = {
+    #   type = "github";
+    #   owner = "jyooru";
+    #   repo = "nix-minecraft-servers";
+    #   ref = "main";
+    #   inputs = {
+    #     nixpkgs.follows = "nixpkgs";
+    #     utils.inputs.flake-utils.follows = "flake-utils";
+    #   };
+    # };
+
+    # pollymc = {
+    #   type = "github";
+    #   owner = "fn2006";
+    #   repo = "PollyMC";
+    #   ref = "5.1";
+    #   inputs = {
+    #     flake-compat.follows = "flake-compat";
+    #     nixpkgs.follows = "nixpkgs";
+    #   };
+    # };
 
     dns-nix = {
       type = "github";
@@ -210,25 +220,25 @@
       flake = false;
     };
 
-    # NOTE These inputs are used indirectly by other inputs. These are declared
-    # explicitly because nested follows are broken[1].
+    # NOTE These inputs are used indirectly. They are declared explicitly here
+    # because nested follows is not yet release in a stable version of nix[1].
     #
     # [1]: https://github.com/NixOS/nix/issues/5790
     # [1]: https://github.com/NixOS/nix/pull/6621
-    flake-utils-plus = {
-      type = "github";
-      owner = "gytis-ivaskevicius";
-      repo = "flake-utils-plus";
-      ref = "master";
-      inputs.flake-utils.follows = "flake-utils";
-    };
-    flake-compat = {
-      type = "github";
-      owner = "edolstra";
-      repo = "flake-compat";
-      ref = "master";
-      flake = false;
-    };
+    # flake-utils-plus = {
+    #   type = "github";
+    #   owner = "gytis-ivaskevicius";
+    #   repo = "flake-utils-plus";
+    #   ref = "master";
+    #   inputs.flake-utils.follows = "flake-utils";
+    # };
+    # flake-compat = {
+    #   type = "github";
+    #   owner = "edolstra";
+    #   repo = "flake-compat";
+    #   ref = "master";
+    #   flake = false;
+    # };
   };
 
   outputs = inputs:
diff --git a/modules/nixfiles/alertmanager.nix b/modules/nixfiles/alertmanager.nix
index e6564fb..871b0c4 100644
--- a/modules/nixfiles/alertmanager.nix
+++ b/modules/nixfiles/alertmanager.nix
@@ -26,8 +26,8 @@ in {
     nixfiles.modules.nginx = with cfg; {
       enable = true;
       upstreams.alertmanager.servers."127.0.0.1:${toString cfg.port}" = {};
-      virtualHosts.${cfg.domain}.locations."/" = {
-        proxyPass = "http://alertmanager";
+      virtualHosts.${cfg.domain} = {
+        locations."/".proxyPass = "http://alertmanager";
         extraConfig = nginxInternalOnly;
       };
     };
diff --git a/modules/nixfiles/aria2.nix b/modules/nixfiles/aria2.nix
index a9b5d42..9e72176 100644
--- a/modules/nixfiles/aria2.nix
+++ b/modules/nixfiles/aria2.nix
@@ -11,37 +11,26 @@ in {
     mkEnableOption "aria2";
 
   config = mkIf cfg.enable {
-    hm = {
-      programs.aria2 = {
-        enable = true;
+    hm.programs.aria2 = {
+      enable = true;
 
-        settings = {
-          bt-max-peers = 128;
-          bt-save-metadata = true;
-          continue = true;
-          enable-dht = true;
-          enable-peer-exchange = true;
-          enable-rpc = false;
-          follow-torrent = true;
-          log-level = "info";
-          max-connection-per-server = 16;
-          max-overall-upload-limit = "1K";
-          max-tries = 5;
-          max-upload-limit = "1K";
-          seed-ratio = 0.1;
-          seed-time = 0.1;
-          stream-piece-selector = "default";
-          timeout = 60;
-        };
-      };
-
-      xdg.desktopEntries.aria2c = {
-        name = "aria2";
-        genericName = "Download Manager";
-        exec = "${pkgs.aria2}/bin/aria2c";
-        terminal = true;
-        categories = ["Application" "Network"];
-        mimeType = ["application/x-bittorrent" "x-scheme-handler/magnet"];
+      settings = {
+        bt-max-peers = 128;
+        bt-save-metadata = true;
+        continue = true;
+        enable-dht = true;
+        enable-peer-exchange = true;
+        enable-rpc = false;
+        follow-torrent = true;
+        log-level = "info";
+        max-connection-per-server = 16;
+        max-overall-upload-limit = "1K";
+        max-tries = 5;
+        max-upload-limit = "1K";
+        seed-ratio = 0.1;
+        seed-time = 0.1;
+        stream-piece-selector = "default";
+        timeout = 60;
       };
     };
   };
diff --git a/modules/nixfiles/beets.nix b/modules/nixfiles/beets.nix
index 6b1e227..83cbff1 100644
--- a/modules/nixfiles/beets.nix
+++ b/modules/nixfiles/beets.nix
@@ -11,7 +11,7 @@ in {
 
   config = mkIf cfg.enable {
     hm = let
-      beetsdir = "${config.hm.xdg.dataHome}/beets";
+      beetsdir = "${config.dirs.data}/beets";
     in {
       home.sessionVariables.BEETSDIR = beetsdir;
 
diff --git a/modules/nixfiles/common/networking.nix b/modules/nixfiles/common/networking.nix
index 3085797..8512d78 100644
--- a/modules/nixfiles/common/networking.nix
+++ b/modules/nixfiles/common/networking.nix
@@ -13,56 +13,66 @@ with lib; {
   '';
 
   # TODO Support multiple interfaces and IP addresses.
-  networking = let
-    interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false.
-  in {
-    domain = my.domain.shire;
+  networking = mkMerge [
+    {
+      domain = my.domain.shire;
 
-    hostName = this.hostname;
-    hostId = substring 0 8 (builtins.hashString "md5" this.hostname);
+      hostName = this.hostname;
+      hostId = substring 0 8 (builtins.hashString "md5" this.hostname);
 
-    nameservers = mkDefault dns.const.quad9.default;
+      # Remove default hostname mappings. This is required at least by the current
+      # implementation of the montoring module.
+      hosts = {
+        "127.0.0.2" = mkForce [];
+        "::1" = mkForce [];
+      };
 
-    useDHCP = false;
+      nameservers = mkDefault dns.const.quad9.default;
 
-    # This could potentially break something.
-    usePredictableInterfaceNames = false;
-    interfaces.${interface} = {
-      ipv4.addresses = with this.ipv4;
-        optional (isString address && isInt prefixLength) {
-          inherit address prefixLength;
-        };
+      useDHCP = false;
 
-      ipv6.addresses = with this.ipv6;
-        optional (isString address && isInt prefixLength) {
-          inherit address prefixLength;
-        };
-    };
-    defaultGateway = with this.ipv4;
-      mkIf (isString gatewayAddress) {
-        inherit interface;
-        address = gatewayAddress;
-      };
-    defaultGateway6 = with this.ipv6;
-      mkIf (isString gatewayAddress) {
-        inherit interface;
-        address = gatewayAddress;
-      };
+      firewall = {
+        enable = true;
 
-    firewall = {
-      enable = true;
+        rejectPackets = false;
 
-      rejectPackets = false;
+        allowPing = true;
+        pingLimit = "--limit 1/minute --limit-burst 5";
 
-      allowPing = true;
-      pingLimit = "--limit 1/minute --limit-burst 5";
+        logRefusedConnections = false;
+        logRefusedPackets = false;
+        logRefusedUnicastsOnly = false;
+        logReversePathDrops = false;
+      };
+    }
+    (let
+      interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false.
+    in
+      mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) {
+        usePredictableInterfaceNames = false; # NOTE This can break something!
+        interfaces.${interface} = {
+          ipv4.addresses = with this.ipv4;
+            optional (isString address && isInt prefixLength) {
+              inherit address prefixLength;
+            };
 
-      logRefusedConnections = false;
-      logRefusedPackets = false;
-      logRefusedUnicastsOnly = false;
-      logReversePathDrops = false;
-    };
-  };
+          ipv6.addresses = with this.ipv6;
+            optional (isString address && isInt prefixLength) {
+              inherit address prefixLength;
+            };
+        };
+        defaultGateway = with this.ipv4;
+          mkIf (isString gatewayAddress) {
+            inherit interface;
+            address = gatewayAddress;
+          };
+        defaultGateway6 = with this.ipv6;
+          mkIf (isString gatewayAddress) {
+            inherit interface;
+            address = gatewayAddress;
+          };
+      })
+  ];
 
   environment = {
     systemPackages = with pkgs; [myip];
diff --git a/modules/nixfiles/common/nix/default.nix b/modules/nixfiles/common/nix/default.nix
index 47cd5c1..f6c75ba 100644
--- a/modules/nixfiles/common/nix/default.nix
+++ b/modules/nixfiles/common/nix/default.nix
@@ -98,14 +98,6 @@ with lib; {
         alejandra = super.alejandra.overrideAttrs (_: _: {
           patches = [./patches/alejandra-no-ads.patch];
         });
-
-        # https://github.com/NixOS/nixpkgs/pull/192671
-        # inherit
-        #   (pkgsPR
-        #     "192671"
-        #     "sha256-BdmWzoR+l7f7aV2oTmA8kfm63Y9UZFHABni8xRgkK/M=")
-        #   please
-        #   ;
       }
       // (with super; let
         np = nodePackages;
@@ -114,6 +106,7 @@ with lib; {
         css-language-server = np.vscode-css-languageserver-bin;
         dockerfile-language-server = np.dockerfile-language-server-nodejs;
         editorconfig = editorconfig-core-c;
+        go-language-server = gopls;
         html-language-server = np.vscode-html-languageserver-bin;
         inherit (np) bash-language-server;
         inherit (np) vim-language-server;
@@ -127,13 +120,24 @@ with lib; {
       }))
     agenix.overlay
     emacs-overlay.overlay
-    nix-minecraft-servers.overlays.default
+    # nil.overlays.default
+    # nix-minecraft-servers.overlays.default
     nur.overlay
-    pollymc.overlay
+    # pollymc.overlay
     xmonad-ng.overlays.default
   ];
 
-  system.stateVersion = builtins.readFile "${inputs.nixpkgs}/.version";
+  system = {
+    stateVersion = builtins.readFile "${inputs.nixpkgs}/.version";
+
+    extraDependencies = with inputs; [
+      nixos-hardware
+      nixpkgs
+      nixpkgs-master
+      nixpkgs-stable
+      nur
+    ];
+  };
 
   environment = {
     sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1";
diff --git a/modules/nixfiles/common/shell/default.nix b/modules/nixfiles/common/shell/default.nix
index 4e0572f..8ed2e99 100644
--- a/modules/nixfiles/common/shell/default.nix
+++ b/modules/nixfiles/common/shell/default.nix
@@ -70,7 +70,7 @@ with lib; {
                     super.patches
                     ++ [
                       (fetchpatch {
-                        url = "https://raw.githubusercontent.com/jarun/advcpmv/master/advcpmv-0.9-9.1.patch";
+                        url = "https://raw.githubusercontent.com/jarun/advcpmv/ea268d870b475edd5960dcd55d5378abc9705958/advcpmv-0.9-9.1.patch";
                         hash = "sha256-d+SRT/R4xmfHLAdOr7m4R3WFiW64P5ZH6iqDvErYCyg=";
                       })
                     ];
diff --git a/modules/nixfiles/emacs/default.nix b/modules/nixfiles/emacs/default.nix
index ff0238d..fa72549 100644
--- a/modules/nixfiles/emacs/default.nix
+++ b/modules/nixfiles/emacs/default.nix
@@ -30,13 +30,13 @@ in {
       programs.doom-emacs = {
         enable = true;
         doomPrivateDir = ./doom;
-        emacsPackage = pkgs.emacs28; # Package is pinned to avoid surprises.
+        emacsPackage = pkgs.emacs28; # The package is pinned to avoid surprises.
         extraPackages = with pkgs; [
           mu # :email mu4e
         ];
         extraConfig = let
-          # NOTE gopls will require a Go executable, which must be provided by
-          # the project's flake.
+          # NOTE gopls will require the "go" executable which must be provided
+          # by the project's flake/shell.
           extraBins = with pkgs; [
             (aspellWithDicts (p: with p; [en ru])) # :checkers (spell +aspell)
             (python3.withPackages (p:
@@ -59,8 +59,8 @@ in {
             gdb # :tools debugger
             gnuplot # :lang (org +gnuplot)
             gnutls # doom!
+            go-language-server # :lang (go +lsp)
             gomodifytags # :lang go
-            gopls # :lang (go +lsp)
             gore # :lang go
             gotests # :lang go
             graphviz # :lang (org +roam2) :lang plantuml
@@ -92,6 +92,7 @@ in {
             shellcheck # :lang sh
             shfmt # :lang sh :editor format
             sqlite # :lang (org +roam2) :tools lookup
+            texlab # lang (tex +lsp)
             texlive.combined.scheme-full # :lang org tex
             unzip # :tools debugger
             wordnet # :tools (lookup +dictionary +offline)
@@ -104,7 +105,7 @@ in {
             zstd # :emacs undo
           ];
         in ''
-          ;; This will integrate packages, which are required by various modules
+          ;; This will integrate packages which are required by various modules
           ;; without polluting the user's profile.
           (setq exec-path (append exec-path '(${
             concatMapStringsSep " " (x: ''"${x}/bin"'') extraBins
@@ -145,5 +146,10 @@ in {
         client.enable = true;
       };
     };
+
+    system.extraDependencies = with inputs; [
+      emacs-overlay
+      nix-doom-emacs
+    ];
   };
 }
diff --git a/modules/nixfiles/emacs/doom/config.el b/modules/nixfiles/emacs/doom/config.el
index fedd98d..4f2d835 100644
--- a/modules/nixfiles/emacs/doom/config.el
+++ b/modules/nixfiles/emacs/doom/config.el
@@ -170,6 +170,12 @@
     :user "azahi/oftc"
     :pass nixfiles/irc-bouncer-password-f))
 
+;; (set-irc-server! "hackint"
+;;   `(:host "shire.me"
+;;     :port 6667
+;;     :user "azahi/hackint"
+;;     :pass nixfiles/irc-bouncer-password-f))
+
 (set-irc-server! "rizon"
   `(:host "shire.me"
     :port 6667
diff --git a/modules/nixfiles/firefox/default.nix b/modules/nixfiles/firefox/default.nix
index 8642b6f..6f4d327 100644
--- a/modules/nixfiles/firefox/default.nix
+++ b/modules/nixfiles/firefox/default.nix
@@ -207,7 +207,20 @@ in {
                 };
               };
             };
-            "2000".enable = true;
+            "2000" = {
+              enable = true;
+              "2022" = {
+                enable = true;
+                "media.eme.enabled" = {
+                  enable = true;
+                  value = false;
+                };
+                "browser.eme.ui.enabled" = {
+                  enable = true;
+                  value = false;
+                };
+              };
+            };
             "2400".enable = false;
             "2600" = {
               enable = true;
@@ -276,5 +289,7 @@ in {
     };
 
     services.psd.enable = true;
+
+    system.extraDependencies = [inputs.arkenfox-nixos];
   };
 }
diff --git a/modules/nixfiles/firefox/userContent.css b/modules/nixfiles/firefox/userContent.css
index 1440c1a..9b2dd4e 100644
--- a/modules/nixfiles/firefox/userContent.css
+++ b/modules/nixfiles/firefox/userContent.css
@@ -16,22 +16,33 @@
     }
 }
 
-@-moz-document regexp("https?:\/\/(.*.)?gitlab(\..*)?\.(com|org).*") {
+@-moz-document regexp("https?://(www)?yandex\.(com|ru)/search/.*")
+{
+    #search-result-aside,
+    .RelatedAbove {
+        display: none !important;
+    }
+}
+
+@-moz-document regexp("https?://(.*.)?gitlab(\..*)?\.(com|org).*")
+{
     code {
         font-family: var(--monospace-font-family) !important;
         font-size: var(--monospace-font-size) !important;
     }
 }
 
-@-moz-document regexp("https?:\/\/(.*\.)?github.com.*") {
+@-moz-document regexp("https?://(.*\.)?github.com.*")
+{
     #org-repo-pin-select-menu,
     #sponsor-button,
-    .btn.ml-2.d-none.d-md-block, /* Go to file button */
+    .btn.ml-2.d-none.d-md-block, /* "Go to file" button. */
     .dropdown-divider,
     .footer,
     .octicon.octicon-info,
     .pt-3.mt-3.d-none.d-md-block, /* Profile achievements. */
     .starring-container,
+    .user-following-container,
     .user-profile-link,
     .user-status-circle-badge-container,
     .user-status-container,
@@ -60,13 +71,15 @@
     }
 }
 
-@-moz-document regexp("https?:\/\/github.com/?") {
+@-moz-document regexp("https?://github.com/?")
+{
     .application-main {
         display: none !important;
     }
 }
 
-@-moz-document regexp("https?:\/\/.*(stack(exchange|overflow)|askubuntu|superuser|serverfault)\.com\/questions\/.*") {
+@-moz-document regexp("https?://.*(stack(exchange|overflow)|askubuntu|superuser|serverfault)\.com/questions/.*")
+{
     html,
     body {
         --ff-mono: var(--monospace-font-family) !important;
@@ -109,7 +122,8 @@
     }
 }
 
-@-moz-document regexp("https?:\/\/kubernetes\.io\/docs\/.*") {
+@-moz-document regexp("https?://kubernetes\.io/docs/.*")
+{
     .announcement,
     .announcement-main,
     .d-none {
@@ -117,19 +131,22 @@
     }
 }
 
-@-moz-document regexp("https?:\/\/min\.io\/docs\/.*") {
+@-moz-document regexp("https?://min\.io/docs/.*")
+{
     #cookie {
         display: none !important;
     }
 }
 
-@-moz-document regexp("https?:\/\/werf\.io\/documentation\/.*") {
+@-moz-document regexp("https?://werf\.io/documentation/.*")
+{
     .guides-banner {
         display: none !important;
     }
 }
 
-@-moz-document regexp("https?:\/\/habr\.com\/(ru|en)\/(article|company\/.*\/blog|post)\/.*") {
+@-moz-document regexp("https?://habr\.com/(ru|en)/(article|company/.*/blog|post)/.*")
+{
     .Vue-Toastification__container,
     .tm-article-presenter__footer,
     .tm-article-presenter__meta,
@@ -188,26 +205,30 @@
     }
 }
 
-@-moz-document regexp("https?:\/\/jisho\.org.*") {
+@-moz-document regexp("https?://jisho\.org.*")
+{
     header,
     footer {
         display: none !important;
     }
 }
 
-@-moz-document regexp("https?:\/\/gog.com.*") {
-    .galaxy-section-wrapper {
+@-moz-document regexp("https?:\/\/gog\.com.*") {
+    .galaxy-section-wrapper,
+    footer {
         display: none !important;
     }
 }
 
-@-moz-document regexp("https?:\/\/steamdb\.info.*") {
+@-moz-document regexp("https?://steamdb\.info.*")
+{
     #steamdb-extension-protip {
         display: none !important;
     }
 }
 
-@-moz-document regexp("https?:\/\/\.*\.hh\.ru.*") {
+@-moz-document regexp("https?://(.*\.)?hh\.ru.*")
+{
     .HH-Supernova-Footer,
     .index-dashboard-applicant__banners,
     .notification-manager,
@@ -217,7 +238,8 @@
     }
 }
 
-@-moz-document regexp("https?:\/\/www\.songsterr\.com.*") {
+@-moz-document regexp("https?://www\.songsterr\.com.*")
+{
     #favorite,
     #fullscreen,
     #logo,
@@ -229,14 +251,18 @@
     #promo,
     #revisions,
     #showroom,
+    #showroom_sidebar,
     #text-showroom,
     footer {
         display: none !important;
     }
 }
 
-@-moz-document regexp("https?:\/\/developer\.mozilla\.org.*") {
-    .main-document-header-container.top-navigation {
+@-moz-document regexp("https?://developer\.mozilla\.org.*")
+{
+    #nav-footer,
+    .main-document-header-container.top-navigation,
+    .mdn-cta-container {
         display: none !important;
     }
 
@@ -245,7 +271,8 @@
     }
 }
 
-@-moz-document regexp("https?:\/\/(.*\.)?wikipedia\.org\/wiki\/.*") {
+@-moz-document regexp("https?://(.*\.)?wikipedia\.org/wiki/.*")
+{
     #footer,
     #mp-topbanner,
     #siteNotice {
@@ -253,7 +280,8 @@
     }
 }
 
-@-moz-document regexp("https?:\/\/wikiless\.org\/wiki\/.*") {
+@-moz-document regexp("https?://wikiless\.org/wiki/.*")
+{
     #footer,
     #mw-navigation,
     #mw-page-base {
diff --git a/modules/nixfiles/games/minecraft.nix b/modules/nixfiles/games/minecraft.nix
index e53f9eb..47279f8 100644
--- a/modules/nixfiles/games/minecraft.nix
+++ b/modules/nixfiles/games/minecraft.nix
@@ -23,6 +23,8 @@ in {
   config = mkMerge [
     (mkIf cfg.client.enable {
       hm.home.packages = with pkgs; [pollymc];
+
+      system.extraDependencies = [inputs.pollymc];
     })
     (mkIf cfg.server.enable {
       # Configurations, opslist, whitelist and plugins are managed imperatively.
@@ -45,6 +47,8 @@ in {
 
       # Defined in /var/lib/minecraft/server.properties.
       networking.firewall.allowedTCPPorts = [55565];
+
+      system.extraDependencies = [inputs.nix-minecraft-servers];
     })
   ];
 }
diff --git a/modules/nixfiles/gotify.nix b/modules/nixfiles/gotify.nix
index f21a98d..db47bb4 100644
--- a/modules/nixfiles/gotify.nix
+++ b/modules/nixfiles/gotify.nix
@@ -24,9 +24,11 @@ in {
         nginx = {
           enable = true;
           upstreams.gotify.servers."127.0.0.1:${toString config.services.gotify.port}" = {};
-          virtualHosts.${cfg.domain}.locations."/" = {
-            proxyPass = "http://gotify";
-            proxyWebsockets = true;
+          virtualHosts.${cfg.domain} = {
+            locations."/" = {
+              proxyPass = "http://gotify";
+              proxyWebsockets = true;
+            };
             extraConfig = nginxInternalOnly;
           };
         };
diff --git a/modules/nixfiles/grafana.nix b/modules/nixfiles/grafana.nix
index b98be13..a614502 100644
--- a/modules/nixfiles/grafana.nix
+++ b/modules/nixfiles/grafana.nix
@@ -49,9 +49,11 @@ in {
         nginx = {
           enable = true;
           upstreams.grafana.servers."127.0.0.1:${toString cfg.port}" = {};
-          virtualHosts.${cfg.domain}.locations."/" = {
-            proxyPass = "http://grafana";
-            proxyWebsockets = true;
+          virtualHosts.${cfg.domain} = {
+            locations."/" = {
+              proxyPass = "http://grafana";
+              proxyWebsockets = true;
+            };
             extraConfig = nginxInternalOnly;
           };
         };
diff --git a/modules/nixfiles/ipfs.nix b/modules/nixfiles/ipfs.nix
index f998d6d..0ec64e5 100644
--- a/modules/nixfiles/ipfs.nix
+++ b/modules/nixfiles/ipfs.nix
@@ -157,10 +157,8 @@ in {
           };
           "api.${cfg.domain}" = {
             # TODO Redirect "/" to "/webui" but keep other endpoints.
-            locations."/" = {
-              proxyPass = "http://ipfs_api";
-              extraConfig = nginxInternalOnly;
-            };
+            locations."/".proxyPass = "http://ipfs_api";
+            extraConfig = nginxInternalOnly;
           };
         };
       };
diff --git a/modules/nixfiles/kde.nix b/modules/nixfiles/kde.nix
index e22663c..6b20569 100644
--- a/modules/nixfiles/kde.nix
+++ b/modules/nixfiles/kde.nix
@@ -27,7 +27,12 @@ in {
           print-manager
         ];
       };
-      displayManager.sddm.enable = true;
+      displayManager = {
+        sddm.enable = true;
+
+        # NOTE https://github.com/NixOS/nixpkgs/pull/199881
+        setupCommands = lib.mkForce "";
+      };
     };
 
     environment.systemPackages = with pkgs; [pinentry-qt];
diff --git a/modules/nixfiles/loki.nix b/modules/nixfiles/loki.nix
index 4d9aab7..1582164 100644
--- a/modules/nixfiles/loki.nix
+++ b/modules/nixfiles/loki.nix
@@ -27,8 +27,8 @@ in {
     nixfiles.modules.nginx = with cfg; {
       enable = true;
       upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {};
-      virtualHosts.${domain}.locations."/" = {
-        proxyPass = "http://loki";
+      virtualHosts.${domain} = {
+        locations."/".proxyPass = "http://loki";
         extraConfig = nginxInternalOnly;
       };
     };
diff --git a/modules/nixfiles/mpd.nix b/modules/nixfiles/mpd.nix
index cc542fe..4b49213 100644
--- a/modules/nixfiles/mpd.nix
+++ b/modules/nixfiles/mpd.nix
@@ -41,7 +41,7 @@ in {
         enable = true;
 
         settings = rec {
-          ncmpcpp_directory = "${config.hm.xdg.dataHome}/ncmpcpp";
+          ncmpcpp_directory = "${config.dirs.data}/ncmpcpp";
           lyrics_directory = "${ncmpcpp_directory}/lyrics";
 
           playlist_disable_highlight_delay = 1;
diff --git a/modules/nixfiles/nginx.nix b/modules/nixfiles/nginx.nix
index 38fc613..b8ab24d 100644
--- a/modules/nixfiles/nginx.nix
+++ b/modules/nixfiles/nginx.nix
@@ -43,13 +43,14 @@ in {
 
         commonHttpConfig = concatStrings [
           ''
-            add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
+            add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet";
           ''
           (optionalString (hasAttr "wireguard" this)
             (with config.nixfiles.modules.wireguard; ''
               geo $internal {
                 default 0;
                 127.0.0.1/32 1;
+                ::1/128 1;
                 ${ipv4.subnet} 1;
                 ${ipv6.subnet} 1;
               }
diff --git a/modules/nixfiles/nmap.nix b/modules/nixfiles/nmap.nix
index 27a36bb..14ad007 100644
--- a/modules/nixfiles/nmap.nix
+++ b/modules/nixfiles/nmap.nix
@@ -46,14 +46,19 @@ in {
         shellAliases = let
           base = "${pkgs.nmap}/bin/nmap -sV";
         in {
-          nmap-vulscan = "${base} --script=vulscan/vulscan.nse";
           nmap-vulners = "${base} --script=vulners/vulners.nse";
+          nmap-vulscan = "${base} --script=vulscan/vulscan.nse";
         };
         initExtra = mkAfter ''
-          _complete_alias nmap-vulscan _nmap nmap
           _complete_alias nmap-vulners _nmap nmap
+          _complete_alias nmap-vulscan _nmap nmap
         '';
       };
     };
+
+    system.extraDependencies = with inputs; [
+      nmap-vulners
+      nmap-vulscan
+    ];
   };
 }
diff --git a/modules/nixfiles/nsd.nix b/modules/nixfiles/nsd.nix
index 0dade8f..f5a7d84 100644
--- a/modules/nixfiles/nsd.nix
+++ b/modules/nixfiles/nsd.nix
@@ -170,5 +170,7 @@ in {
       allowedTCPPorts = [53];
       allowedUDPPorts = allowedTCPPorts;
     };
+
+    system.extraDependencies = [inputs.dns-nix];
   };
 }
diff --git a/modules/nixfiles/profiles/dev/containers.nix b/modules/nixfiles/profiles/dev/containers.nix
index c9e82d7..ef41229 100644
--- a/modules/nixfiles/profiles/dev/containers.nix
+++ b/modules/nixfiles/profiles/dev/containers.nix
@@ -16,26 +16,18 @@ in {
   config = mkIf cfg.enable {
     nixfiles.modules.podman.enable = true;
 
-    hm = let
-      minikubeHome = "${config.dirs.data}/minikube";
-    in {
+    hm = {
       home = {
         sessionVariables = {
-          MINIKUBE_HOME = minikubeHome;
-          MINIKUBE_IN_STYLE = false;
-          WERF_DEV = true;
-          WERF_INSECURE_REGISTRY = true;
-          WERF_LOG_DEBUG = true;
-          WERF_LOG_PRETTY = false;
-          WERF_LOG_VERBOSE = true;
+          MINIKUBE_HOME = "${config.dirs.config}/minikube";
+          MINIKUBE_IN_STYLE = "false";
+          WERF_DEV = "true";
+          WERF_INSECURE_REGISTRY = "true";
+          WERF_LOG_DEBUG = "true";
+          WERF_LOG_PRETTY = "false";
+          WERF_LOG_VERBOSE = "true";
           WERF_SYNCHRONIZATION = ":local";
-          WERF_TELEMETRY = false;
-        };
-
-        file."${minikubeHome}/config/config.json".text = generators.toJSON {} {
-          config.Rootless = true;
-          driver = "podman";
-          container-runtime = "cri-o";
+          WERF_TELEMETRY = "false";
         };
 
         packages = with pkgs; [
@@ -56,6 +48,12 @@ in {
         ];
       };
 
+      xdg.dataFile."minikube/config/config.json".text = generators.toJSON {} {
+        config.Rootless = true;
+        driver = "podman";
+        container-runtime = "cri-o";
+      };
+
       programs.bash = {
         shellAliases = with pkgs; {
           b = "${buildah}/bin/buildah";
diff --git a/modules/nixfiles/profiles/headful.nix b/modules/nixfiles/profiles/headful.nix
index 0563640..f3355b6 100644
--- a/modules/nixfiles/profiles/headful.nix
+++ b/modules/nixfiles/profiles/headful.nix
@@ -33,6 +33,18 @@ in {
 
     hm = {
       home.packages = with pkgs; [
+        # (openconnect.overrideAttrs (_: super: {
+        #   version = "unstable-2022-10-23";
+        #   src = pkgs.fetchFromGitLab {
+        #     owner = "openconnect";
+        #     repo = "openconnect";
+        #     rev = "acdfc753f7885b2a539f99036ac41ba1b78cc7ae";
+        #     hash = "sha256-ub+Z4WFD77h5YMQTb+TLc7EyY2KjBWglF1QVTirCHJM=";
+        #   };
+        #   configureFlags = super.configureFlags ++ [
+        #     "--with-external-browser=${config.hm.programs.firefox.package}/bin/firefox"
+        #   ];
+        # }))
         calibre
         fd
         imv
diff --git a/modules/nixfiles/prometheus.nix b/modules/nixfiles/prometheus.nix
index 0b0c096..a75c151 100644
--- a/modules/nixfiles/prometheus.nix
+++ b/modules/nixfiles/prometheus.nix
@@ -26,8 +26,8 @@ in {
     nixfiles.modules.nginx = with cfg; {
       enable = true;
       upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = {};
-      virtualHosts.${domain}.locations."/" = {
-        proxyPass = "http://prometheus";
+      virtualHosts.${domain} = {
+        locations."/".proxyPass = "http://prometheus";
         extraConfig = nginxInternalOnly;
       };
     };
diff --git a/modules/nixfiles/psd.nix b/modules/nixfiles/psd.nix
index e497bcf..77d3c66 100644
--- a/modules/nixfiles/psd.nix
+++ b/modules/nixfiles/psd.nix
@@ -11,12 +11,12 @@ in {
     mkEnableOption "Profile Sync Daemon";
 
   config = mkIf cfg.enable {
-    hm.home = {
-      file."${config.hm.xdg.configHome}/psd/psd.conf".text = ''
+    hm = {
+      home.packages = with pkgs; [profile-sync-daemon];
+
+      xdg.configFile."psd/psd.conf".text = ''
         USE_OVERLAYFS="yes"
       '';
-
-      packages = with pkgs; [profile-sync-daemon];
     };
 
     systemd.user = {
diff --git a/modules/nixfiles/radicale.nix b/modules/nixfiles/radicale.nix
index 76f6b49..c903d39 100644
--- a/modules/nixfiles/radicale.nix
+++ b/modules/nixfiles/radicale.nix
@@ -30,8 +30,8 @@ in {
       nixfiles.modules.nginx = {
         enable = true;
         upstreams.radicale.servers."127.0.0.1:${toString port}" = {};
-        virtualHosts.${cfg.domain}.locations."/" = {
-          proxyPass = "http://radicale";
+        virtualHosts.${cfg.domain} = {
+          locations."/".proxyPass = "http://radicale";
           extraConfig = nginxInternalOnly;
         };
       };
diff --git a/modules/nixfiles/rss-bridge.nix b/modules/nixfiles/rss-bridge.nix
index 42bb7d0..fef1070 100644
--- a/modules/nixfiles/rss-bridge.nix
+++ b/modules/nixfiles/rss-bridge.nix
@@ -17,14 +17,15 @@ in {
   };
 
   config = mkIf cfg.enable {
-    nixfiles.modules.nginx.enable = true;
+    nixfiles.modules.nginx = {
+      enable = true;
+      virtualHosts.${cfg.domain}.extraConfig = nginxInternalOnly;
+    };
 
-    services = {
-      rss-bridge = {
-        enable = true;
-        virtualHost = cfg.domain;
-        whitelist = ["LWNprev" "Phoronix"];
-      };
+    services.rss-bridge = {
+      enable = true;
+      virtualHost = cfg.domain;
+      whitelist = ["*"];
     };
   };
 }
diff --git a/modules/nixfiles/rtorrent.nix b/modules/nixfiles/rtorrent.nix
index 834e36d..4014a3b 100644
--- a/modules/nixfiles/rtorrent.nix
+++ b/modules/nixfiles/rtorrent.nix
@@ -220,20 +220,16 @@ in {
             virtualHosts.${cfg.flood.domain} = {
               root = "${pkg}/lib/node_modules/flood/dist/assets";
               locations = {
-                "/" = {
-                  tryFiles = "$uri /index.html";
-                  extraConfig = nginxInternalOnly;
-                };
+                "/".tryFiles = "$uri /index.html";
                 "/api" = {
                   proxyPass = "http://flood";
-                  extraConfig =
-                    nginxInternalOnly
-                    + ''
-                      proxy_buffering off;
-                      proxy_cache off;
-                    '';
+                  extraConfig = ''
+                    proxy_buffering off;
+                    proxy_cache off;
+                  '';
                 };
               };
+              extraConfig = nginxInternalOnly;
             };
           };
 
diff --git a/modules/nixfiles/searx.nix b/modules/nixfiles/searx.nix
index 24482cc..9462d5d 100644
--- a/modules/nixfiles/searx.nix
+++ b/modules/nixfiles/searx.nix
@@ -33,8 +33,8 @@ in {
     nixfiles.modules.nginx = {
       enable = true;
       upstreams.searx.servers."127.0.0.1:${toString cfg.port}" = {};
-      virtualHosts.${cfg.domain}.locations."/" = {
-        proxyPass = "http://searx";
+      virtualHosts.${cfg.domain} = {
+        locations."/".proxyPass = "http://searx";
         extraConfig = nginxInternalOnly;
       };
     };
diff --git a/modules/nixfiles/syncthing.nix b/modules/nixfiles/syncthing.nix
index ed51e73..b690ab4 100644
--- a/modules/nixfiles/syncthing.nix
+++ b/modules/nixfiles/syncthing.nix
@@ -119,7 +119,7 @@ in {
           options = {
             autoUpgradeIntervalH = 0;
             crashReportingEnabled = false;
-            globalAnnounceEnabled = false; # We don't need that with Wireguard.
+            globalAnnounceEnabled = false;
             relaysEnabled = false;
             setLowPriority = this.isHeadless;
             stunKeepaliveMinS = 0;
@@ -135,8 +135,8 @@ in {
       nixfiles.modules.nginx = {
         enable = true;
         upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = {};
-        virtualHosts.${cfg.domain}.locations."/" = {
-          proxyPass = "http://syncthing";
+        virtualHosts.${cfg.domain} = {
+          locations."/".proxyPass = "http://syncthing";
           extraConfig = nginxInternalOnly;
         };
       };
diff --git a/modules/nixfiles/xmonad.nix b/modules/nixfiles/xmonad.nix
index da005b2..847110e 100644
--- a/modules/nixfiles/xmonad.nix
+++ b/modules/nixfiles/xmonad.nix
@@ -1,5 +1,6 @@
 {
   config,
+  inputs,
   lib,
   pkgs,
   ...
@@ -23,5 +24,7 @@ in {
     };
 
     services.xserver.displayManager.startx.enable = true;
+
+    system.extraDependencies = [inputs.xmonad-ng];
   };
 }

Consider giving Nix/NixOS a try! <3