about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--checks.nix5
-rw-r--r--configurations/eonwe/default.nix8
-rw-r--r--configurations/eonwe/vidya.nix5
-rw-r--r--configurations/varda/default.nix2
-rw-r--r--flake.lock279
-rw-r--r--flake.nix3
-rw-r--r--lib/default.nix6
-rw-r--r--modules/common/nix.nix19
-rw-r--r--modules/common/systemd.nix3
-rw-r--r--modules/direnv.nix1
-rw-r--r--modules/editorconfig.nix6
-rw-r--r--modules/emacs/default.nix11
-rw-r--r--modules/emacs/doom/config.el183
-rw-r--r--modules/emacs/doom/init.el1
-rw-r--r--modules/emacs/doom/packages.el13
-rw-r--r--modules/firefox/addons.nix29
-rw-r--r--modules/firefox/default.nix7
-rw-r--r--modules/firefox/userContent.css42
-rw-r--r--modules/git/default.nix4
-rw-r--r--modules/profiles/headful.nix5
-rw-r--r--modules/profiles/headless.nix8
-rw-r--r--modules/sing-box.nix82
-rw-r--r--modules/soju.nix3
-rw-r--r--modules/vscode.nix6
-rw-r--r--modules/wireguard.nix49
-rw-r--r--overlays.nix24
26 files changed, 484 insertions, 320 deletions
diff --git a/checks.nix b/checks.nix
index 33ab57e..3261f1a 100644
--- a/checks.nix
+++ b/checks.nix
@@ -11,10 +11,6 @@
       path = ./.;
     };
     hooks = {
-      nixfmt = {
-        enable = true;
-        package = pkgs.nixfmt;
-      };
       promtool = {
         enable = true;
         name = "promtool";
@@ -35,6 +31,7 @@
       fix-byte-order-marker.enable = true;
       flake-checker.enable = true;
       nil.enable = true;
+      nixfmt-rfc-style.enable = true;
       prettier.enable = true;
       shellcheck.enable = true;
       shfmt.enable = true;
diff --git a/configurations/eonwe/default.nix b/configurations/eonwe/default.nix
index a51b5ea..7552f08 100644
--- a/configurations/eonwe/default.nix
+++ b/configurations/eonwe/default.nix
@@ -33,6 +33,7 @@ with lib;
   hm = {
     home.packages = with pkgs; [
       anki
+      audacity
       calibre
       gimp
       kdenlive
@@ -173,12 +174,9 @@ with lib;
     xserver.wacom.enable = true;
   };
 
-  # Usually stuff that is going to be compiled on this machine is going to have
-  # parallelisation support enabled, so we will make sure that all cores are
-  # utilised and limit the job queue to one.
   nix.settings = {
-    max-jobs = 1;
-    cores = 32;
+    max-jobs = 8;
+    cores = 30;
   };
 
   # Required[1] for using ZFS kernel modules with "unsupported" kernels.
diff --git a/configurations/eonwe/vidya.nix b/configurations/eonwe/vidya.nix
index 5753ede..7e10175 100644
--- a/configurations/eonwe/vidya.nix
+++ b/configurations/eonwe/vidya.nix
@@ -2,9 +2,10 @@
 {
   nixfiles.modules = {
     common.nix.allowedUnfreePackages = [
+      "cla-theme" # source-available
       "dwarf-fortress"
-      "fallout-ce"
-      "fallout2-ce"
+      "fallout-ce" # source-available
+      "fallout2-ce" # source-available
     ];
 
     games = {
diff --git a/configurations/varda/default.nix b/configurations/varda/default.nix
index 76f8daf..908a3ec 100644
--- a/configurations/varda/default.nix
+++ b/configurations/varda/default.nix
@@ -6,7 +6,7 @@ with lib;
   nixfiles.modules = {
     wireguard.client.enable = true;
 
-    k3s.enable = true;
+    sing-box.enable = true;
   };
 
   boot = {
diff --git a/flake.lock b/flake.lock
index 323ea7d..236aa63 100644
--- a/flake.lock
+++ b/flake.lock
@@ -67,11 +67,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1721720317,
-        "narHash": "sha256-KH0ILX8EGa/A4Bgc6DtsbviG8qaLrzDDV1m1bIXJ+pw=",
+        "lastModified": 1725263787,
+        "narHash": "sha256-OSNjus8VSkLCSikN6Qeq+II1bwqTRJEwl6NJvFoQHoE=",
         "owner": "dwarfmaster",
         "repo": "arkenfox-nixos",
-        "rev": "92c9a287b7b98198c3ba5cdfc90218402e49c4b3",
+        "rev": "72addd96455cce49c0c8524c53aecd02cf20adec",
         "type": "github"
       },
       "original": {
@@ -131,30 +131,14 @@
         "type": "github"
       }
     },
-    "base16-foot": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1696725948,
-        "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
-        "owner": "tinted-theming",
-        "repo": "base16-foot",
-        "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
-        "type": "github"
-      },
-      "original": {
-        "owner": "tinted-theming",
-        "repo": "base16-foot",
-        "type": "github"
-      }
-    },
     "base16-helix": {
       "flake": false,
       "locked": {
-        "lastModified": 1720809814,
-        "narHash": "sha256-numb3xigRGnr/deF7wdjBwVg7fpbTH7reFDkJ75AJkY=",
+        "lastModified": 1725860795,
+        "narHash": "sha256-Z2o8VBPW3I+KKTSfe25kskz0EUj7MpUh8u355Z1nVsU=",
         "owner": "tinted-theming",
         "repo": "base16-helix",
-        "rev": "34f41987bec14c0f3f6b2155c19787b1f6489625",
+        "rev": "7f795bf75d38e0eea9fed287264067ca187b88a9",
         "type": "github"
       },
       "original": {
@@ -163,38 +147,6 @@
         "type": "github"
       }
     },
-    "base16-kitty": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1665001328,
-        "narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=",
-        "owner": "kdrag0n",
-        "repo": "base16-kitty",
-        "rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805",
-        "type": "github"
-      },
-      "original": {
-        "owner": "kdrag0n",
-        "repo": "base16-kitty",
-        "type": "github"
-      }
-    },
-    "base16-tmux": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1696725902,
-        "narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=",
-        "owner": "tinted-theming",
-        "repo": "base16-tmux",
-        "rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7",
-        "type": "github"
-      },
-      "original": {
-        "owner": "tinted-theming",
-        "repo": "base16-tmux",
-        "type": "github"
-      }
-    },
     "base16-vim": {
       "flake": false,
       "locked": {
@@ -278,11 +230,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1724031427,
-        "narHash": "sha256-o1HdAf+7IGv9M13R3c+zc/sJ0QgeEnhsvHBcodI4UpM=",
+        "lastModified": 1727531434,
+        "narHash": "sha256-b+GBgCWd2N6pkiTkRZaMFOPztPO4IVTaclYPrQl2uLk=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "4e719b38fa7c85f4f65d0308ca7084c91e7bdd6d",
+        "rev": "b709e1cc33fcde71c7db43850a55ebe6449d0959",
         "type": "github"
       },
       "original": {
@@ -301,11 +253,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1719459426,
-        "narHash": "sha256-4Kn9Pb3lvsik/VYsEAYgXpkcmLhrr0tTE6oIT2PMSPA=",
+        "lastModified": 1726867691,
+        "narHash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ=",
         "owner": "nix-community",
         "repo": "dns.nix",
-        "rev": "e6693931023206f1f3c2bfc57d2c98b5f27f52e6",
+        "rev": "a3196708a56dee76186a9415c187473b94e6cbae",
         "type": "github"
       },
       "original": {
@@ -334,11 +286,11 @@
         "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1710146030,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "lastModified": 1726560853,
+        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
         "type": "github"
       },
       "original": {
@@ -365,6 +317,27 @@
         "type": "github"
       }
     },
+    "flake-utils_3": {
+      "inputs": {
+        "systems": [
+          "stylix",
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "fromYaml": {
       "flake": false,
       "locked": {
@@ -395,11 +368,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1723803910,
-        "narHash": "sha256-yezvUuFiEnCFbGuwj/bQcqg7RykIEqudOy/RBrId0pc=",
+        "lastModified": 1727514110,
+        "narHash": "sha256-0YRcOxJG12VGDFH8iS8pJ0aYQQUAgo/r3ZAL+cSh9nk=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "bfef0ada09e2c8ac55bbcd0831bd0c9d42e651ba",
+        "rev": "85f7a7177c678de68224af3402ab8ee1bcee25c8",
         "type": "github"
       },
       "original": {
@@ -453,11 +426,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1723986931,
-        "narHash": "sha256-Fy+KEvDQ+Hc8lJAV3t6leXhZJ2ncU5/esxkgt3b8DEY=",
+        "lastModified": 1727383923,
+        "narHash": "sha256-4/vacp3CwdGoPf8U4e/N8OsGYtO09WTcQK5FqYfJbKs=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2598861031b78aadb4da7269df7ca9ddfc3e1671",
+        "rev": "ffe2d07e771580a005e675108212597e5b367d2d",
         "type": "github"
       },
       "original": {
@@ -469,11 +442,11 @@
     "homelab-svg-assets": {
       "flake": false,
       "locked": {
-        "lastModified": 1720537204,
-        "narHash": "sha256-/hWaS/StMqrJU2Le/vTItIg55HSEbk/dHGkyDrOFoII=",
+        "lastModified": 1726669367,
+        "narHash": "sha256-/dQqkVsvE1kq30LnI233tY6dK32XHnD3PNjKLjd7vvo=",
         "owner": "loganmarchione",
         "repo": "homelab-svg-assets",
-        "rev": "6b21726b821c961d5c85b9f7afd8950ba700f306",
+        "rev": "492c9eabbdce282b14b1e46156d5fdc01c26b36b",
         "type": "github"
       },
       "original": {
@@ -484,11 +457,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1724146542,
-        "narHash": "sha256-MLxtqDtu+y/4UDhXX5pFypX9/qbH54TDP6Z90oFzd/A=",
+        "lastModified": 1727649413,
+        "narHash": "sha256-FA53of86DjFdeQzRDVtvgWF9o52rWK70VHGx0Y8fElQ=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "03fe473c731cda2900bae9894b8dfc68e3492db5",
+        "rev": "d0b38e550039a72aff896ee65b0918e975e6d48e",
         "type": "github"
       },
       "original": {
@@ -535,11 +508,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1724117732,
-        "narHash": "sha256-YukZGv8DyHYWeKMX3e/f12ShvB1fuBjIYgRP91huP28=",
+        "lastModified": 1727747697,
+        "narHash": "sha256-bNZ4ykMpxyTLrPsctiDwe5d69vafvIbNTbzbWfd2CH4=",
         "owner": "Infinidoge",
         "repo": "nix-minecraft",
-        "rev": "a8e3133e397a53a3674837a0e8a1efa3b7378da7",
+        "rev": "30af58cedcc444da772a73286e16287f94a9fef1",
         "type": "github"
       },
       "original": {
@@ -555,11 +528,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1723950649,
-        "narHash": "sha256-dHMkGjwwCGj0c2MKyCjRXVBXq2Sz3TWbbM23AS7/5Hc=",
+        "lastModified": 1727658919,
+        "narHash": "sha256-YAePt2GldkkRJ08LvZNHcuS6shIVStj+K+1DZN3gbnM=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "392828aafbed62a6ea6ccab13728df2e67481805",
+        "rev": "f9fdf8285690a351e8998f1e703ebdf9cdf51dee",
         "type": "github"
       },
       "original": {
@@ -582,11 +555,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722338736,
-        "narHash": "sha256-bSnWgJ7eXgHZ/pwL7+NTDGfOzsbOiw899BV3k7TawWE=",
+        "lastModified": 1725483443,
+        "narHash": "sha256-WzOlGMKV/51Fccn/OMHcm5yrqgbOJZrJIy1ya4pW0u8=",
         "owner": "oddlama",
         "repo": "nix-topology",
-        "rev": "870dcc9074077a327220b36597098c295944a47d",
+        "rev": "8738d94670265beb166954c4e3a26e432f79f68c",
         "type": "github"
       },
       "original": {
@@ -597,11 +570,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1724067415,
-        "narHash": "sha256-WJBAEFXAtA41RMpK8mvw0cQ62CJkNMBtzcEeNIJV7b0=",
+        "lastModified": 1727665282,
+        "narHash": "sha256-oKtfbQB1MBypqIyzkC8QCQcVGOa1soaXaGgcBIoh14o=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "b09c46430ffcf18d575acf5c339b38ac4e1db5d2",
+        "rev": "11c43c830e533dad1be527ecce379fcf994fbbb5",
         "type": "github"
       },
       "original": {
@@ -612,11 +585,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1724047581,
-        "narHash": "sha256-BypLrnMS2QvvdVhwWixppTOM3fLPC8eyJse0BNSbbfI=",
+        "lastModified": 1727716680,
+        "narHash": "sha256-uMVkVHL4r3QmlZ1JM+UoJwxqa46cgHnIfqGzVlw5ca4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e9b5094b8f6e06a46f9f53bb97a9573b7cedf2a2",
+        "rev": "b5b22b42c0d10c7d2463e90a546c394711e3a724",
         "type": "github"
       },
       "original": {
@@ -641,13 +614,29 @@
         "type": "indirect"
       }
     },
+    "nixpkgs-amneziawg": {
+      "locked": {
+        "lastModified": 1728518462,
+        "narHash": "sha256-RTZ6X/fae4dRPGk0g/LMsD9yRfJ/N2kRQJ4TIaoGNIc=",
+        "owner": "azahi",
+        "repo": "nixpkgs",
+        "rev": "8030066aad97e91dbbb11a32788c7a1f89addf1c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "azahi",
+        "ref": "amneziawg",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1724146343,
-        "narHash": "sha256-SLB5mmhHGLhb7npka7lPrIwymuOAHrsLblkWImLh2HE=",
+        "lastModified": 1727796460,
+        "narHash": "sha256-ZERpx+GPuZ7Cg54iDNxhw/9BYmqpmzgMitvU27R5rzs=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a04eac9c5aa7f82e02d6e9e0b203b6eb5704c141",
+        "rev": "8348471506d3f8abad30e848fe113cb4489ba2e9",
         "type": "github"
       },
       "original": {
@@ -659,11 +648,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1724139824,
-        "narHash": "sha256-ya2P68yRLzutFGcl0CuB6siqP0McLFM92A78NTmNtK0=",
+        "lastModified": 1727793663,
+        "narHash": "sha256-PIwGt3UeeAtiwuikQYlqxXGuOdlCHFzxyrw3FIWJ1BY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f07d0e47777d09e719f6f6ebe550f53b240c4d10",
+        "rev": "3d5d583ab403703be5b0aab368ba8d8ccc481000",
         "type": "github"
       },
       "original": {
@@ -692,11 +681,11 @@
     "nmap-vulscan": {
       "flake": false,
       "locked": {
-        "lastModified": 1721191969,
-        "narHash": "sha256-98UL6N8l/C/UJebzuHJQPxitVya55a0mcwTR4dKII6E=",
+        "lastModified": 1726027969,
+        "narHash": "sha256-I8lT5UeMTU63/dRFdWMUJJlEBwEEU0KAse6FdnjJeBs=",
         "owner": "scipag",
         "repo": "vulscan",
-        "rev": "2640d62400e9953fb9a33e6033dc59a9dc9606ba",
+        "rev": "a87aa9775d305deabd353c0c3fd8abf4b5cc0d8c",
         "type": "github"
       },
       "original": {
@@ -725,6 +714,7 @@
         "nix-topology": "nix-topology",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
+        "nixpkgs-amneziawg": "nixpkgs-amneziawg",
         "nixpkgs-master": "nixpkgs-master",
         "nixpkgs-stable": "nixpkgs-stable",
         "nmap-vulners": "nmap-vulners",
@@ -741,11 +731,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1724028469,
-        "narHash": "sha256-vUNNPBErgkbthrGq952uNkP/25J12j0uSAB7jjdrNBo=",
+        "lastModified": 1727723127,
+        "narHash": "sha256-1Wy+v5xPsAb8GvHtU4egpIo8Rhmw1faAbGaIDduVG9I=",
         "owner": "nix-community",
         "repo": "srvos",
-        "rev": "5a7a27e18839e3392ac12fcb888d5eb6009ab31b",
+        "rev": "3368388007de976ceb40f3e19f31ffd8667c36a7",
         "type": "github"
       },
       "original": {
@@ -758,28 +748,30 @@
       "inputs": {
         "base16": "base16",
         "base16-fish": "base16-fish",
-        "base16-foot": "base16-foot",
         "base16-helix": "base16-helix",
-        "base16-kitty": "base16-kitty",
-        "base16-tmux": "base16-tmux",
         "base16-vim": "base16-vim",
         "flake-compat": [
           "flake-compat"
         ],
+        "flake-utils": "flake-utils_3",
         "gnome-shell": "gnome-shell",
         "home-manager": [
           "home-manager"
         ],
         "nixpkgs": [
           "nixpkgs"
-        ]
+        ],
+        "systems": "systems_4",
+        "tinted-foot": "tinted-foot",
+        "tinted-kitty": "tinted-kitty",
+        "tinted-tmux": "tinted-tmux"
       },
       "locked": {
-        "lastModified": 1724091143,
-        "narHash": "sha256-55CrA0BNqmnS4qB812D7JY9hNBB0r36sJlErepkfeTo=",
+        "lastModified": 1727723275,
+        "narHash": "sha256-k4HrG8TJQ0RqDS1tlDz71kvWFBNQ7qZI9T5Z0qLR85Y=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "94d70292d0c687ebacb65d00bd516cbefa18d3ca",
+        "rev": "e7e97059776da7e34b739415a7bc8f80f606b803",
         "type": "github"
       },
       "original": {
@@ -833,6 +825,69 @@
         "type": "github"
       }
     },
+    "systems_4": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "tinted-foot": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696725948,
+        "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
+        "owner": "tinted-theming",
+        "repo": "tinted-foot",
+        "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
+        "type": "github"
+      },
+      "original": {
+        "owner": "tinted-theming",
+        "repo": "tinted-foot",
+        "type": "github"
+      }
+    },
+    "tinted-kitty": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1665001328,
+        "narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=",
+        "owner": "tinted-theming",
+        "repo": "tinted-kitty",
+        "rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805",
+        "type": "github"
+      },
+      "original": {
+        "owner": "tinted-theming",
+        "repo": "tinted-kitty",
+        "type": "github"
+      }
+    },
+    "tinted-tmux": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696725902,
+        "narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=",
+        "owner": "tinted-theming",
+        "repo": "tinted-tmux",
+        "rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "tinted-theming",
+        "repo": "tinted-tmux",
+        "type": "github"
+      }
+    },
     "vscode-extensions": {
       "inputs": {
         "flake-compat": [
@@ -846,11 +901,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1724117347,
-        "narHash": "sha256-/nfm6P0owPtCRjT8ktq/8OChtg2HpkrvNaDJGm9N1Lk=",
+        "lastModified": 1727747703,
+        "narHash": "sha256-YbKSShfCRNC4edx39kagpdpMYgu21L4f+sMStDI5rjc=",
         "owner": "nix-community",
         "repo": "nix-vscode-extensions",
-        "rev": "2ef60116ef361d988317cbe52a09acfeda7d3416",
+        "rev": "2e8837496c0f58c4342ed84d309a8bc57677bc41",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 62f958d..68fa8bb 100644
--- a/flake.nix
+++ b/flake.nix
@@ -10,6 +10,9 @@
     nixpkgs-master.url = "github:NixOS/nixpkgs/master";
     nixpkgs-stable.url = "github:NixOS/nixpkgs/release-24.05";
 
+    # TODO Upstream this?
+    nixpkgs-amneziawg.url = "github:azahi/nixpkgs/amneziawg";
+
     nixos-hardware.url = "github:NixOS/nixos-hardware";
 
     home-manager = {
diff --git a/lib/default.nix b/lib/default.nix
index aa8df80..662938e 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -1,6 +1,6 @@
 {
-  lib,
   inputs,
+  lib,
   system,
   ...
 }:
@@ -86,7 +86,7 @@ rec {
   # ```
   # nixosConfigurations.machine = nixosSystem {
   #   modules = [
-  #     (_: modulesFromRef "services/security/foobar.nix" "azahi:foobar-fix" "sha256-AAA...")
+  #     (_: moduleFromRef "services/security/foobar.nix" "azahi:foobar-fix" "sha256-AAA...")
   #   ];
   # };
   # ```
@@ -96,7 +96,7 @@ rec {
     imports = [
       (
         let
-          src = builtins.fetchTarball {
+          src = inputs.nixpkgs.legacyPackages.${system}.fetchzip {
             url =
               let
                 cons = splitString ":" ref;
diff --git a/modules/common/nix.nix b/modules/common/nix.nix
index d1f835c..0ab2888 100644
--- a/modules/common/nix.nix
+++ b/modules/common/nix.nix
@@ -49,7 +49,7 @@ in
           } // configurations // local._module.args
         '';
 
-      programs.bash.shellAliases.nix = "nix --verbose --print-build-logs";
+      programs.bash.shellAliases.nix = "nix --verbose --print-build-logs --no-eval-cache";
     };
 
     nix =
@@ -57,6 +57,8 @@ in
         notSelfInputs = filterAttrs (n: _: n != "self") inputs;
       in
       {
+        package = mkForce pkgs.nix; # Only use stable Nix.
+
         nixPath = mapAttrsToList (n: v: "${n}=${v}") notSelfInputs ++ [
           "nixfiles=${config.my.home}/src/nixfiles"
         ];
@@ -75,15 +77,12 @@ in
             my.username
           ];
 
-          experimental-features = mkForce [
-            "auto-allocate-uids"
-            "cgroups"
-            "fetch-closure"
-            "flakes"
-            "nix-command"
-            "recursive-nix"
-            # "configurable-impure-env"
-            # "pipe-operators"
+          substituters = [
+            "https://cache.tvl.su"
+            "https://nix-community.cachix.org"
+          ];
+          trusted-public-keys = [
+            "cache.tvl.su:kjc6KOMupXc1vHVufJUoDUYeLzbwSr9abcAKdn/U1Jk="
           ];
         };
       };
diff --git a/modules/common/systemd.nix b/modules/common/systemd.nix
index 81df05c..e058ad8 100644
--- a/modules/common/systemd.nix
+++ b/modules/common/systemd.nix
@@ -26,8 +26,7 @@ with lib;
     resolved = {
       llmnr = "false";
       dnsovertls = "opportunistic";
-      domains = mapAttrsToList (_: v: v) my.domain;
-      fallbackDns = map (v: "${v}#dns.quad9.net") dns.const.quad9.default;
+      fallbackDns = dns.const.quad9.default;
     };
 
     journald.extraConfig = ''
diff --git a/modules/direnv.nix b/modules/direnv.nix
index 709a73a..2ab0b3f 100644
--- a/modules/direnv.nix
+++ b/modules/direnv.nix
@@ -10,6 +10,7 @@ in
     hm.programs.direnv = {
       enable = true;
       config.global = {
+        load_dotenv = true;
         strict_env = true;
         warn_timeout = "1h";
       };
diff --git a/modules/editorconfig.nix b/modules/editorconfig.nix
index 5dfe845..e7f55ff 100644
--- a/modules/editorconfig.nix
+++ b/modules/editorconfig.nix
@@ -58,12 +58,6 @@ in
           indent_style = "space";
         };
 
-        # https://github.com/ziglang/zig/wiki/FAQ#why-does-zig-fmt-use-spaces-instead-of-tabs
-        "*.zig" = {
-          indent_size = 4;
-          indent_style = "space";
-        };
-
         "*.{asm,s,S}" = {
           indent_size = 4;
           indent_style = "spaces";
diff --git a/modules/emacs/default.nix b/modules/emacs/default.nix
index eccf179..a182d4c 100644
--- a/modules/emacs/default.nix
+++ b/modules/emacs/default.nix
@@ -125,7 +125,7 @@ in
                       nixfmt # :lang nix :editor format
                       nls # :lang (nickel +lsp)
                       nodePackages.bash-language-server # :lang (sh +lsp)
-                      nodePackages.eslint # :lang (json +lsp)
+                      # nodePackages.eslint # :lang (json +lsp)
                       nodePackages.js-beautify # :lang web
                       nodePackages.prettier # :editor format
                       nodePackages.stylelint # :lang web
@@ -157,8 +157,6 @@ in
                       vscode-langservers-extracted # :lang (json +lsp) (web +lsp)
                       wordnet # :tools (lookup +dictionary +offline)
                       yaml-language-server # :lang (yaml +lsp)
-                      zig # :lang zig :editor format
-                      zls # :lang (zig +lsp)
                       zstd # :emacs undo
                     ];
                   in
@@ -181,8 +179,7 @@ in
                           skk-large-jisyo "${pkgs.skk-dicts}/share/SKK-JISYO.L")
 
                     ;; :editor parinfer
-                    (setq parinfer-rust-auto-download nil
-                          parinfer-rust-library "${pkgs.parinfer-rust-emacs}/lib/libparinfer_rust.so")
+                    (setq parinfer-rust-library "${pkgs.parinfer-rust-emacs}/lib/libparinfer_rust.so")
 
                     ;; :lang (org +roam2) :email mu4e
                     (setq emacsql-sqlite-executable "${getExe pkgs.emacsql-sqlite}")
@@ -202,8 +199,8 @@ in
                 (with config.stylix.fonts; ''
                   (setq doom-font "${monospace.name}-${toString sizes.terminal}"
                         doom-serif-font "${serif.name}-${toString sizes.terminal}"
-                        doom-variable-pitch-font "${sansSerif.name}-${toString sizes.terminal}")
-                        doom-emoji-font "${emoji.name}-${toString sizes.terminal}"
+                        doom-variable-pitch-font "${sansSerif.name}-${toString sizes.terminal}"
+                        doom-emoji-font "${emoji.name}-${toString sizes.terminal}")
                 '')
                 (
                   with config.hm.accounts.email;
diff --git a/modules/emacs/doom/config.el b/modules/emacs/doom/config.el
index 206e5cd..fe3b5b4 100644
--- a/modules/emacs/doom/config.el
+++ b/modules/emacs/doom/config.el
@@ -2,15 +2,15 @@
 ;;; Misc
 ;;
 
-(setq frame-title-format '("GNU Emacs"))
+(setq! frame-title-format '("GNU Emacs"))
 
 (setq-hook! '(prog-mode-hook yaml-mode-hook)
   display-line-numbers-type 'relative
   scroll-margin 10
   hscroll-margin 10)
 
-(setq browse-url-generic-program (executable-find "firefox")
-      browse-url-browser-function 'browse-url-generic)
+(setq! browse-url-generic-program (executable-find "firefox")
+       browse-url-browser-function 'browse-url-generic)
 
 (use-package! xclip
   :config
@@ -19,34 +19,47 @@
         xclip-mode t
         xclip-method 'wl-copy))
 
-(setq migemo-options '("--quiet" "--emacs")
-      skk-show-inline t)
+(setq! migemo-options '("--quiet" "--emacs")
+       skk-show-inline t)
 
 ;;
 ;;; Doom-specific
 ;;
 
-(setq doom-theme 'modus-operandi
-      doom-modeline-icon nil
-      doom-modeline-indent-info t
-      doom-modeline-total-line-number t
-      doom-modeline-height 30)
+(setq! doom-theme 'modus-operandi
+       doom-modeline-icon nil
+       doom-modeline-indent-info t
+       doom-modeline-total-line-number t
+       doom-modeline-height 30)
+
+;;
+;;; TVL
+;;
+
+(use-package! tvl)
 
 ;;
 ;;; Editorconfig
 ;;
 
-(setq +editorconfig-mode-alist '((sh-mode . "sh"))
-      editorconfig-exclude-modes '(lisp-mode
-                                   common-lisp-mode
-                                   emacs-lisp-mode))
+(setq! +editorconfig-mode-alist '((sh-mode . "sh"))
+       ;; It's never a good idea to force specific indentation rules for Lisp,
+       ;; the only rule should be is not to use tabs.
+       editorconfig-exclude-modes '(emacs-lisp-mode
+                                    clojure-mode
+                                    scheme-mode
+                                    lisp-mode
+                                    racket-mode
+                                    fennel-mode
+                                    hy-mode
+                                    dune-mode))
 
 ;;
 ;;; LSP
 ;;
 
-(setq lsp-enable-suggest-server-download nil
-      lsp-modeline-code-actions-enable nil)
+(setq! lsp-enable-suggest-server-download nil
+       lsp-modeline-code-actions-enable nil)
 
 ;;
 ;;; Nix
@@ -66,9 +79,9 @@
 ;;; Go
 ;;
 
-(setq lsp-go-analyses '((unsedvariable . t)
-                        (unusedparams . t)
-                        (unusedwrite . t)))
+(setq! lsp-go-analyses '((unsedvariable . t)
+                         (unusedparams . t)
+                         (unusedwrite . t)))
 
 ;;
 ;;; Org
@@ -79,38 +92,38 @@
 ;; For some reason only using `after!' work here. `setq-hook!' and etc doesn't
 ;; produce expected results.
 (after! org
-  (setq org-todo-keywords '((sequence
-                             "TODO(t)"
-                             "LOOP(r)"
-                             "STRT(s@)"
-                             "WAIT(w@/!)"
-                             "HOLD(h@/!)"
-                             "IDEA(i)"
-                             "PROJ(p)"
-                             "|"
-                             "DONE(d@/!)"
-                             "KILL(k@/!)"))
-        org-todo-keyword-faces '(("STRT" . +org-todo-active)
-                                 ("WAIT" . +org-todo-onhold)
-                                 ("HOLD" . +org-todo-onhold)
-                                 ("PROJ" . +org-todo-project)
-                                 ("KILL" . +org-todo-cancel))
-        org-capture-templates '(("t" "Todo" entry
-                                 (file+headline +org-capture-todo-file "Inbox")
-                                 "* TODO %?\n%i\n%a" :prepend t)
-                                ("n" "Note" entry
-                                 (file+headline +org-capture-notes-file "Inbox")
-                                 "* %u %?\n%i\n%a" :prepend t)
-                                ("j" "Journal" entry
-                                 (file+olp+datetree +org-capture-journal-file)
-                                 "* %U %?\n%i\n%a" :prepend t))))
+  (setq! org-todo-keywords '((sequence
+                              "TODO(t)"
+                              "LOOP(r)"
+                              "STRT(s@)"
+                              "WAIT(w@/!)"
+                              "HOLD(h@/!)"
+                              "IDEA(i)"
+                              "PROJ(p)"
+                              "|"
+                              "DONE(d@/!)"
+                              "KILL(k@/!)"))
+         org-todo-keyword-faces '(("STRT" . +org-todo-active)
+                                  ("WAIT" . +org-todo-onhold)
+                                  ("HOLD" . +org-todo-onhold)
+                                  ("PROJ" . +org-todo-project)
+                                  ("KILL" . +org-todo-cancel))
+         org-capture-templates '(("t" "Todo" entry
+                                  (file+headline +org-capture-todo-file "Inbox")
+                                  "* TODO %?\n%i\n%a" :prepend t)
+                                 ("n" "Note" entry
+                                  (file+headline +org-capture-notes-file "Inbox")
+                                  "* %u %?\n%i\n%a" :prepend t)
+                                 ("j" "Journal" entry
+                                  (file+olp+datetree +org-capture-journal-file)
+                                  "* %U %?\n%i\n%a" :prepend t))))
 
 (add-hook! 'org-mode-hook 'auto-fill-mode)
 
 (setq-hook! 'org-mode-hook fill-column 80)
 
-(setq org-roam-directory "~/doc/roam/"
-      org-roam-db-location (concat org-roam-directory ".db"))
+(setq! org-roam-directory "~/doc/roam/"
+       org-roam-db-location (concat org-roam-directory ".db"))
 
 (use-package! org-roam-ui
   :requires websocket
@@ -132,8 +145,8 @@
 ;;; PlantUML
 ;;
 
-(setq plantuml-default-exec-mode 'executable
-      org-plantuml-exec-mode 'plantuml)
+(setq! plantuml-default-exec-mode 'executable
+       org-plantuml-exec-mode 'plantuml)
 
 ;;
 ;;; Elisp
@@ -142,15 +155,11 @@
 (after! flycheck
   (pushnew! flycheck-disabled-checkers 'emacs-lisp-checkdoc))
 
-;; Turn this off because it leaves face artifacts when changing indentation.
-(add-hook! 'emacs-lisp-mode-hook
-  (highlight-indent-guides-mode -1))
-
 ;;
 ;;; Haskell
 ;;
 
-(setq lsp-haskell-formatting-provider "ormolu")
+(setq! lsp-haskell-formatting-provider "ormolu")
 
 ;;
 ;;; Nickel
@@ -186,38 +195,23 @@
 ;;; Elfeed
 ;;
 
-(setq elfeed-db-directory "~/.elfeed"
-      elfeed-enclosure-default-dir (concat elfeed-db-directory "/enclosures")
-      rmh-elfeed-org-files (list (concat elfeed-db-directory "/index.org"))
-      elfeed-goodies/powerline-default-separator nil
-      elfeed-goodies/entry-pane-size 0.75
-      elfeed-goodies/entry-pane-position 'bottom)
-
-(add-hook! 'elfeed-new-entry-hook
-           '((elfeed-make-tagger
-              :before "2 weeks ago"
-              :remove 'unread)
-             (elfeed-make-tagger
-              :feed-title "SberMarket Tech"
-              :entry-title (not ".*(DevOps|Golang).*")
-              :add 'junk
-              :remove 'unread)
-             (elfeed-make-tagger
-              :feed-title "dotconferences"
-              :entry-title (not ".*dotGo.*")
-              :add 'junk
-              :remove 'unread)))
+(setq! elfeed-db-directory "~/.elfeed"
+       elfeed-enclosure-default-dir (concat elfeed-db-directory "/enclosures")
+       rmh-elfeed-org-files (list (concat elfeed-db-directory "/index.org"))
+       elfeed-goodies/powerline-default-separator nil
+       elfeed-goodies/entry-pane-size 0.75
+       elfeed-goodies/entry-pane-position 'bottom)
 
 ;;
 ;;; mu4e
 ;;
 
 (after! mu4e
-  (setq sendmail-program (executable-find "msmtp")
-        send-mail-function #'smtpmail-send-it
-        message-sendmail-f-is-evil t
-        message-sendmail-extra-arguments '("--read-envelope-from")
-        message-send-mail-function #'message-send-mail-with-sendmail))
+  (setq! sendmail-program (executable-find "msmtp")
+         send-mail-function #'smtpmail-send-it
+         message-sendmail-f-is-evil t
+         message-sendmail-extra-arguments '("--read-envelope-from")
+         message-send-mail-function #'message-send-mail-with-sendmail))
 
 (setq-hook! 'mu4e-main-mode-hook mu4e-update-interval 30)
 
@@ -225,26 +219,25 @@
 ;;; Circe
 ;;
 
-(setq circe-network-options
-      (mapcar (lambda (server)
-                `(,server
-                  :server-buffer-name ,server
-                  :host "azahi.cc"
-                  :port 6697
-                  :tls t
-                  :logging nil
-                  :user ,(concat circe-default-user "/" server)
-                  :pass ,(lambda (&rest _)
-                           (+pass-get-secret "server/soju.shire.net/azahi"))))
-              '("libera" "oftc" "hackint" "rizon")))
+(setq! circe-network-options
+       (mapcar (lambda (server)
+                 `(,server
+                   :server-buffer-name ,server
+                   :host "azahi.cc"
+                   :port 6697
+                   :tls t
+                   :logging nil
+                   :user ,(concat circe-default-user "/" server)
+                   :pass ,(lambda (&rest _)
+                            (+pass-get-secret "server/soju.shire.net/azahi"))))
+               '("libera" "oftc" "hackint" "rizon")))
 
 ;;
 ;;; Sops
 ;;
 
 (use-package! sops
-  :config
-  (global-sops-mode 1))
+  :hook (doom-first-file . global-sops-mode))
 
 ;;
 ;;; Hledger
@@ -256,7 +249,7 @@
   :hook ((hledger-view-mode . hl-line-mode)
          (hledger-view-mode . center-text-for-reading))
   :init
-  (setq hledger-jfile "~/doc/accounting/current.journal")
+  (setq! hledger-jfile "~/doc/accounting/current.journal")
   :config
   (set-company-backend! 'hledger-mode 'hledger-company)
   (add-hook! 'hledger-mode-hook
@@ -272,4 +265,4 @@
                                  (make-local-variable 'compay-idle-delay)
                                  (setq-local company-idle-delay 0.1))))
   :init
-  (setq hledger-input-buffer-height 20))
+  (setq! hledger-input-buffer-height 20))
diff --git a/modules/emacs/doom/init.el b/modules/emacs/doom/init.el
index 5788fcc..b031880 100644
--- a/modules/emacs/doom/init.el
+++ b/modules/emacs/doom/init.el
@@ -83,7 +83,6 @@
        (sh +lsp +tree-sitter)
        web
        (yaml +lsp +tree-sitter)
-       (zig +lsp +tree-sitter)
 
        :email
        mu4e
diff --git a/modules/emacs/doom/packages.el b/modules/emacs/doom/packages.el
index 2edbf1a..0f908df 100644
--- a/modules/emacs/doom/packages.el
+++ b/modules/emacs/doom/packages.el
@@ -1,5 +1,7 @@
 (disable-packages! writegood-mode)
 
+(unpin! (:editor parinfer))
+
 (package! xclip)
 
 (package! org-roam-ui)
@@ -9,12 +11,15 @@
 (package! hledger-mode)
 
 (package! sops
-  :recipe (:type git
-           :host github
+  :recipe (:host github
            :repo "djgoku/sops"))
 
 (unpin! ansible)
 (package! ansible
-  :recipe (:type git
-           :host gitlab
+  :recipe (:host gitlab
            :repo "emacs-ansible/emacs-ansible"))
+
+(package! tvl
+  :recipe (:host nil
+           :repo "https://code.tvl.fyi/depot.git:/tools/emacs-pkgs/tvl.git"
+           :build nil))
diff --git a/modules/firefox/addons.nix b/modules/firefox/addons.nix
index 7537d60..753a413 100644
--- a/modules/firefox/addons.nix
+++ b/modules/firefox/addons.nix
@@ -1,11 +1,14 @@
-{ buildFirefoxXpiAddon, lib }:
+{
+  buildFirefoxXpiAddon,
+  lib,
+}:
 {
   "bitwarden" = buildFirefoxXpiAddon {
     pname = "bitwarden";
-    version = "2024.7.1";
+    version = "2024.9.0";
     addonId = "{446900e4-71c2-419f-a6a7-df9c091e268b}";
-    url = "https://addons.mozilla.org/firefox/downloads/file/4326285/bitwarden_password_manager-2024.7.1.xpi";
-    sha256 = "28c505df3b615f6a3c829afdcff74584ddc5eb1d3fb35f9848c18470fad93772";
+    url = "https://addons.mozilla.org/firefox/downloads/file/4350677/bitwarden_password_manager-2024.9.0.xpi";
+    sha256 = "8c8b97b445fe65cbdd91eda4bd07e8946d6c1b21ac89c771205a3b9225e2ef12";
     meta = with lib; {
       homepage = "https://bitwarden.com";
       description = "At home, at work, or on the go, Bitwarden easily secures all your passwords, passkeys, and sensitive information.";
@@ -51,10 +54,10 @@
   };
   "darkreader" = buildFirefoxXpiAddon {
     pname = "darkreader";
-    version = "4.9.88";
+    version = "4.9.92";
     addonId = "addon@darkreader.org";
-    url = "https://addons.mozilla.org/firefox/downloads/file/4317971/darkreader-4.9.88.xpi";
-    sha256 = "7a965d5880be9fbf8be81a106acd1968263b1acc2db0add580b30f2dd71954b3";
+    url = "https://addons.mozilla.org/firefox/downloads/file/4351387/darkreader-4.9.92.xpi";
+    sha256 = "be55b3ea5bab95743d43823d9290fa820035b89c4d07943b568111d837a98226";
     meta = with lib; {
       homepage = "https://darkreader.org/";
       description = "Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing.";
@@ -120,10 +123,10 @@
   };
   "languagetool" = buildFirefoxXpiAddon {
     pname = "languagetool";
-    version = "8.11.2";
+    version = "8.11.8";
     addonId = "languagetool-webextension@languagetool.org";
-    url = "https://addons.mozilla.org/firefox/downloads/file/4329853/languagetool-8.11.2.xpi";
-    sha256 = "bfac73229d0973370d163cd607ed36ada0aff46d597afee2c334cc58ec431210";
+    url = "https://addons.mozilla.org/firefox/downloads/file/4341696/languagetool-8.11.8.xpi";
+    sha256 = "2f1489f7180303be730ff2b16d6a432d07017c6cffd3fbfc39f37dc809a25fc8";
     meta = with lib; {
       homepage = "https://languagetool.org";
       description = "With this extension you can check text with the free style and grammar checker LanguageTool. It finds many errors that a simple spell checker cannot detect, like mixing up there/their, a/an, or repeating a word.";
@@ -289,10 +292,10 @@
   };
   "violentmonkey" = buildFirefoxXpiAddon {
     pname = "violentmonkey";
-    version = "2.20.0";
+    version = "2.23.0";
     addonId = "{aecec67f-0d10-4fa7-b7c7-609a2db280cf}";
-    url = "https://addons.mozilla.org/firefox/downloads/file/4315769/violentmonkey-2.20.0.xpi";
-    sha256 = "94fe88507ea47e8cc5ca80b76a6aaec44a486dbfd515a03f82f228dc24d49910";
+    url = "https://addons.mozilla.org/firefox/downloads/file/4352761/violentmonkey-2.23.0.xpi";
+    sha256 = "b3eadf855b6093376590aa63ae05933c5812e9515c9acf558550a4f2c78ab49b";
     meta = with lib; {
       homepage = "https://violentmonkey.github.io/";
       description = "Userscript support for browsers, open source.";
diff --git a/modules/firefox/default.nix b/modules/firefox/default.nix
index 7b69da4..c694a7f 100644
--- a/modules/firefox/default.nix
+++ b/modules/firefox/default.nix
@@ -516,6 +516,8 @@ in
               "browser.protections_panel.infoMessage.seen" = true;
               "browser.region.update.region" = "US";
               "browser.search.region" = "US";
+              "browser.search.separatePrivateDefault" = mkForce false;
+              "browser.search.separatePrivateDefault.ui.enabled" = mkForce false;
               "browser.search.update" = false;
               "browser.shell.checkDefaultBrowser" = false;
               "browser.tabs.closeWindowWithLastTab" = true;
@@ -529,6 +531,11 @@ in
               "browser.toolbars.bookmarks.visibility" = "newtab";
               "browser.translations.enable" = false;
               "browser.urlbar.decodeURLsOnCopy" = true;
+              "browser.urlbar.suggest.addons" = false;
+              "browser.urlbar.suggest.bookmark" = true;
+              "browser.urlbar.suggest.engines" = true;
+              "browser.urlbar.suggest.history" = true;
+              "browser.urlbar.suggest.openpage" = true;
               "browser.warnOnQuitShortcut" = false;
               "devtools.everOpened" = true;
               "doh-rollout.home-region" = "US";
diff --git a/modules/firefox/userContent.css b/modules/firefox/userContent.css
index d912e5b..96bb529 100644
--- a/modules/firefox/userContent.css
+++ b/modules/firefox/userContent.css
@@ -58,27 +58,27 @@
 @-moz-document regexp("https?://(.*\.)?github.com.*")
 {
   .color-fg-muted.f6.mt-4, /* GitHub profile guide. */
-    .flex-order-1.flex-md-order-none, /* Follow button. */
-    .js-user-status-item,
-    .protip,
-    .pt-3.mt-3.d-none.d-md-block, /* Profile achievements. */
-    .user-status-circle-badge-container,
-    .user-status-container,
-    a[href^="/account/choose?action=upgrade"],
-    a[href^="/collections"],
-    a[href^="/contact/report-content"],
-    a[href^="/events"],
-    a[href^="/explore"],
-    a[href^="/github-copilot"],
-    a[href^="/organizations/enterprise"],
-    a[href^="/settings/enterprises"],
-    a[href^="/sponsors"],
-    a[href^="/topics"],
-    a[href^="/trending"],
-    a[href^="https://github.com/codespaces"], /* Absolute cringe... */
-    button[data-testid="copilot-popover-button"],
-    details[id^="funding-links-modal"],
-    footer {
+  .flex-order-1.flex-md-order-none, /* Follow button. */
+  .js-user-status-item,
+  .protip,
+  .pt-3.mt-3.d-none.d-md-block, /* Profile achievements. */
+  .user-status-circle-badge-container,
+  .user-status-container,
+  a[href^="/account/choose?action=upgrade"],
+  a[href^="/collections"],
+  a[href^="/contact/report-content"],
+  a[href^="/events"],
+  a[href^="/explore"],
+  a[href^="/github-copilot"],
+  a[href^="/organizations/enterprise"],
+  a[href^="/settings/enterprises"],
+  a[href^="/sponsors"],
+  a[href^="/topics"],
+  a[href^="/trending"],
+  a[href^="https://github.com/codespaces"], /* Absolute cringe... */
+  button[data-testid="copilot-popover-button"],
+  details[id^="funding-links-modal"],
+  footer {
     display: none !important;
   }
 
diff --git a/modules/git/default.nix b/modules/git/default.nix
index eb0021d..27c07c4 100644
--- a/modules/git/default.nix
+++ b/modules/git/default.nix
@@ -73,7 +73,7 @@ in
 
             package = if this.isHeadful then pkgs.gitFull else pkgs.gitMinimal;
 
-            userName = my.fullname;
+            userName = my.username;
             userEmail = my.email;
             signing = {
               inherit (my.pgp) key;
@@ -134,6 +134,7 @@ in
                     "nixca" = "gitlab.nixca.dev";
                     "notabug" = "notabug.org";
                     "opencode" = "opencode.net";
+                    "syndicate" = "git.syndicate-lang.org";
                     "torproject" = "gitlab.torproject.org";
                     "videolan" = "code.videolan.org";
                   };
@@ -192,7 +193,6 @@ in
       {
         ark.directories = [ config.services.gitolite.dataDir ];
 
-        # FIXME Plausible, go-import, custom favicon, etc.
         nixfiles.modules.nginx = {
           enable = true;
           virtualHosts.${domain}.locations = { };
diff --git a/modules/profiles/headful.nix b/modules/profiles/headful.nix
index 9f6bff5..841f56a 100644
--- a/modules/profiles/headful.nix
+++ b/modules/profiles/headful.nix
@@ -50,7 +50,7 @@ in
         '';
 
         packages = with pkgs; [
-          # element-desktop
+          element-desktop
           fd
           imv
           libreoffice-fresh
@@ -125,12 +125,15 @@ in
     environment.systemPackages = with pkgs; [
       arping
       dnsutils
+      eaglemode
       inetutils
       ldns
       lm_sensors
       socat
       tcpdump
       usbutils
+      anki
+      audacity
     ];
 
     my.extraGroups = [
diff --git a/modules/profiles/headless.nix b/modules/profiles/headless.nix
index f739206..5d42df0 100644
--- a/modules/profiles/headless.nix
+++ b/modules/profiles/headless.nix
@@ -30,13 +30,7 @@ in
       ".bash_history".source = config.hm.lib.file.mkOutOfStoreSymlink "/dev/null";
     };
 
-    boot = {
-      # Pin version to prevent any surprises. Try keeping this up-to-date[1]
-      # with the latest LTS release + hardened patches (just in case).
-      #
-      # [1]: https://kernel.org
-      kernelPackages = pkgs.linuxPackages_6_6_hardened; # EOL Dec, 2026
-    };
+    boot.kernelPackages = pkgs.linuxPackages_hardened;
 
     nix = {
       gc = {
diff --git a/modules/sing-box.nix b/modules/sing-box.nix
new file mode 100644
index 0000000..9fc86eb
--- /dev/null
+++ b/modules/sing-box.nix
@@ -0,0 +1,82 @@
+{
+  config,
+  inputs,
+  lib,
+  ...
+}:
+with lib;
+let
+  cfg = config.nixfiles.modules.sing-box;
+in
+{
+  options.nixfiles.modules.sing-box = {
+    enable = mkEnableOption "";
+  };
+
+  config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.enable -> !config.nixfiles.modules.nginx.enable;
+        message = "VLESS requires binding to 443";
+      }
+    ];
+
+    secrets = {
+      sing-box-shadowsocks-password.file = "${inputs.self}/secrets/sing-box-shadowsocks-password";
+      sing-box-shadowsocks-users.file = "${inputs.self}/secrets/sing-box-shadowsocks-users";
+      sing-box-vless-tls.file = "${inputs.self}/secrets/sing-box-vless-tls";
+      sing-box-vless-users.file = "${inputs.self}/secrets/sing-box-vless-users";
+    };
+
+    services.sing-box = {
+      enable = true;
+      settings = {
+        log = {
+          level = "warn";
+          timestamp = false;
+        };
+        inbounds = [
+          {
+            tag = "shadowsocks";
+            type = "shadowsocks";
+            listen = "::";
+            listen_port = 21515;
+            method = "2022-blake3-aes-128-gcm";
+            password = {
+              _secret = config.secrets.sing-box-shadowsocks-password.path;
+              quote = true;
+            };
+            users = {
+              _secret = config.secrets.sing-box-shadowsocks-users.path;
+              quote = false;
+            };
+            multiplex.enabled = true;
+          }
+          {
+            tag = "vless";
+            type = "vless";
+            listen = "::";
+            listen_port = 443;
+            users = {
+              _secret = config.secrets.sing-box-vless-users.path;
+              quote = false;
+            };
+            tls = {
+              _secret = config.secrets.sing-box-vless-tls.path;
+              quote = false;
+            };
+          }
+        ];
+        outbounds = [
+          {
+            type = "direct";
+          }
+        ];
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = map (
+      a: a.listen_port
+    ) config.services.sing-box.settings.inbounds;
+  };
+}
diff --git a/modules/soju.nix b/modules/soju.nix
index 58bb271..2060eca 100644
--- a/modules/soju.nix
+++ b/modules/soju.nix
@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  this,
   ...
 }:
 with lib;
@@ -16,7 +15,7 @@ in
     address = mkOption {
       description = "Address.";
       type = with types; str;
-      default = this.wireguard.ipv4.address;
+      default = "";
     };
 
     port = mkOption {
diff --git a/modules/vscode.nix b/modules/vscode.nix
index 586a817..393b32f 100644
--- a/modules/vscode.nix
+++ b/modules/vscode.nix
@@ -77,7 +77,6 @@ in
               tamasfe.even-better-toml
               # task.vscode-task
               # vscode-org-mode.org-mode
-              ziglang.vscode-zig
             ]
             ++ optional cfg.vim.enable vscodevim.vim;
 
@@ -228,11 +227,6 @@ in
               useSystemClipboard = true;
             };
 
-            zig.zls = {
-              checkForUpdate = false;
-              path = getExe' pkgs.zls "zls";
-            };
-
             redhat.telemetry.enabled = false;
           };
         };
diff --git a/modules/wireguard.nix b/modules/wireguard.nix
index f408731..8547f70 100644
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@@ -11,6 +11,15 @@ let
   cfg = config.nixfiles.modules.wireguard;
 in
 {
+  disabledModules = [
+    "services/networking/wireguard.nix"
+    "services/networking/wg-quick.nix"
+  ];
+  imports = [
+    "${inputs.nixpkgs-amneziawg}/nixos/modules/services/networking/wireguard.nix"
+    "${inputs.nixpkgs-amneziawg}/nixos/modules/services/networking/wg-quick.nix"
+  ];
+
   options.nixfiles.modules.wireguard = {
     client = {
       enable = mkEnableOption "WireGuard client";
@@ -64,8 +73,8 @@ in
               _: attr: with attr; {
                 inherit (wireguard) publicKey;
                 allowedIPs = with wireguard; [
-                  "${ipv4.address}/32"
                   "${ipv6.address}/128"
+                  "${ipv4.address}/32"
                 ];
               }
             )
@@ -123,11 +132,17 @@ in
       (mkIf cfg.client.enable {
         networking.wg-quick.interfaces.${cfg.interface} = mkMerge [
           (with this.wireguard; {
+            type = "amneziawg";
             privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path;
             address = [
               "${ipv4.address}/16"
               "${ipv6.address}/16"
             ];
+            extraInterfaceConfig = mkIf this.isHeadful ''
+              Jc = 4
+              Jmin = 40
+              Jmax = 70
+            '';
           })
           (with cfg.server; {
             peers = [
@@ -137,21 +152,28 @@ in
                 allowedIPs =
                   if cfg.client.enableTrafficRouting then
                     [
-                      "0.0.0.0/0"
                       "::/0"
+                      "0.0.0.0/0"
                     ]
                   else
                     [
-                      cfg.ipv4.subnet
                       cfg.ipv6.subnet
+                      cfg.ipv4.subnet
                     ];
-                persistentKeepalive = 25;
               }
             ];
             dns = [
-              ipv4.address
               ipv6.address
-            ]; # This assumes that the host has Unbound running.
+              ipv4.address
+            ];
+            postUp =
+              let
+                resolvectl = "${config.systemd.package}/bin/resolvectl";
+              in
+              ''
+                ${resolvectl} dns ${cfg.interface} ${ipv6.address} ${ipv4.address}
+                ${resolvectl} domain ${cfg.interface} ${concatStringsSep " " (mapAttrsToList (_: v: v) my.domain)}
+              '';
           })
         ];
 
@@ -159,9 +181,9 @@ in
           (writeShellApplication {
             name = "wg-toggle";
             runtimeInputs = [
+              amneziawg-tools
               iproute2
               jq
-              wireguard-tools
             ];
             text = ''
               ip46() {
@@ -169,13 +191,13 @@ in
                 sudo ip -6 "$@"
               }
 
-              fwmark=$(sudo wg show ${cfg.interface} fwmark) || exit
+              fwmark=$(sudo awg show ${cfg.interface} fwmark) || exit
               if ip -j rule list lookup "$fwmark" | jq -e 'length > 0' >/dev/null; then
-                  ip46 rule del lookup main suppress_prefixlength 0
-                  ip46 rule del lookup "$fwmark"
+                ip46 rule del lookup main suppress_prefixlength 0
+                ip46 rule del lookup "$fwmark"
               else
-                  ip46 rule add not fwmark "$fwmark" lookup "$fwmark"
-                  ip46 rule add lookup main suppress_prefixlength 0
+                ip46 rule add not fwmark "$fwmark" lookup "$fwmark"
+                ip46 rule add lookup main suppress_prefixlength 0
               fi
             '';
           })
@@ -185,11 +207,12 @@ in
         networking = {
           wireguard = {
             enable = true;
+            type = "amneziawg";
             interfaces.${cfg.interface} = with cfg.server; {
               privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path;
               ips = [
-                "${ipv4.address}/16"
                 "${ipv6.address}/16"
+                "${ipv4.address}/16"
               ];
               listenPort = port;
               inherit peers;
diff --git a/overlays.nix b/overlays.nix
index f92a655..ae4a635 100644
--- a/overlays.nix
+++ b/overlays.nix
@@ -1,6 +1,4 @@
-{ lib, ... }:
-with lib;
-with packages;
+{ inputs, ... }:
 {
   default = final: prev: {
     bruh = prev.callPackage ./packages/bruh.nix { };
@@ -92,5 +90,25 @@ with packages;
           withSystemVencord = false;
           withTTS = false;
         };
+
+    linuxPackages_xanmod_latest = prev.linuxPackages_xanmod_latest.extend (
+      f: _: {
+        amneziawg =
+          inputs.nixpkgs-amneziawg.legacyPackages.${final.system}.linuxPackages_xanmod_latest.amneziawg.override
+            {
+              inherit (f) kernel;
+            };
+      }
+    );
+    linuxPackages_hardened = prev.linuxPackages_hardened.extend (
+      f: _: {
+        amneziawg =
+          inputs.nixpkgs-amneziawg.legacyPackages.${final.system}.linuxPackages_hardened.amneziawg.override
+            {
+              inherit (f) kernel;
+            };
+      }
+    );
+    inherit (inputs.nixpkgs-amneziawg.legacyPackages.${final.system}) amneziawg-go amneziawg-tools;
   };
 }

Consider giving Nix/NixOS a try! <3