From 62c575774b2b164106c5dca621e46048324593e9 Mon Sep 17 00:00:00 2001
From: RGBCube <git@rgbcu.be>
Date: Wed, 27 Mar 2024 12:36:50 +0300
Subject: [PATCH] Refactor the whole codebase. Most notable changes:

- No more fail2ban. It didn't work properly
  anyways, I'll need to look into this in the future
- No nix-super. I don't need it and the overlay is
  broken so I'm waiting for that to be fixed first.
- Uses nh instead of nixos-rebuild. This is much
  better.
---
 .gitignore                                    |  17 +-
 derivations/rat.nix                           |  35 --
 docs/BROKEN.md                                |  11 -
 LICENSE.md => docs/LICENSE.md                 |   0
 docs/PORTS.md                                 |  12 -
 docs/README.md                                |  37 +-
 flake.lock                                    | 253 ++++---------
 flake.nix                                     | 204 +++++------
 hosts/cube/{acme/default.nix => acme.nix}     |   8 +-
 hosts/cube/acme/password.age                  | Bin 385 -> 0 bytes
 hosts/cube/default.nix                        |  32 +-
 hosts/cube/forgejo/default.nix                |  31 +-
 hosts/cube/forgejo/password.mail.age          |  19 +-
 hosts/cube/forgejo/password.runner.age        |  18 +-
 hosts/cube/grafana/default.nix                |  30 +-
 hosts/cube/grafana/password.age               | Bin 223 -> 762 bytes
 hosts/cube/grafana/password.mail.age          |  18 +-
 hosts/cube/hardware.nix                       |  12 +-
 hosts/cube/mail/default.nix                   |  30 +-
 hosts/cube/mail/password.age                  | Bin 273 -> 812 bytes
 hosts/cube/matrix-synapse/password.secret.age | Bin 307 -> 0 bytes
 hosts/cube/matrix-synapse/password.sync.age   |   6 -
 .../{matrix-synapse => matrix}/default.nix    |  37 +-
 hosts/cube/matrix/password.secret.age         | Bin 0 -> 846 bytes
 hosts/cube/matrix/password.sync.age           |  15 +
 hosts/cube/nextcloud/default.nix              |  55 ++-
 hosts/cube/nextcloud/password.age             |  18 +-
 hosts/cube/nginx.nix                          |  17 +-
 hosts/cube/password.rgb.age                   |  19 +-
 hosts/cube/podman.nix                         |   6 +-
 hosts/cube/postgresql.nix                     |  17 +-
 hosts/cube/prometheus.nix                     |  18 +-
 hosts/cube/site.nix                           |  80 +++--
 hosts/disk/default.nix                        |  41 +++
 hosts/disk/hardware.nix                       |  27 ++
 hosts/disk/password.floppy.age                | Bin 0 -> 825 bytes
 hosts/disk/site6.nix                          |   9 +
 hosts/enka/default.nix                        |  33 +-
 hosts/enka/hardware.nix                       |  19 +-
 hosts/enka/password.orhan.age                 |  20 +-
 hosts/enka/password.said.age                  |  20 +-
 hosts/password.acme.age                       |  17 +
 keys.nix                                      |   3 +-
 lib/configuration.nix                         |  37 --
 lib/configuration1.nix                        |   6 +
 lib/configuration2.nix                        |  32 ++
 lib/default.nix                               |   6 -
 lib/enabled.nix                               |  11 +
 lib/merge.nix                                 |  18 +-
 lib/modules.nix                               |  10 +
 lib/ssl.nix                                   |   7 -
 lib/values.nix                                |  21 +-
 modules/autofreq.nix                          |   4 +-
 modules/bat.nix                               |  20 +-
 modules/blueman.nix                           |   4 +-
 modules/btop.nix                              |   6 +-
 modules/discord.nix                           |  10 +-
 modules/documentation.nix                     |   6 +-
 modules/dunst.nix                             |   6 +-
 modules/endlessh-go.nix                       |  18 +-
 modules/fail2ban.nix                          |  10 -
 modules/firefox.nix                           |   6 +-
 modules/fonts.nix                             |  24 +-
 modules/fuzzel.nix                            |  20 +-
 modules/ghostty.nix                           |  23 +-
 modules/git.nix                               |  22 +-
 modules/gtk.nix                               |  15 +-
 modules/helix.nix                             |  49 ++-
 modules/hyprland/default.nix                  | 339 +++++++++---------
 modules/kernel.nix                            |   2 +-
 modules/keyring.nix                           |   6 +-
 modules/kitty.nix                             |   6 +-
 modules/kresd.nix                             |   7 +
 modules/localisation.nix                      |  26 +-
 modules/logind.nix                            |   2 +-
 modules/nano.nix                              |   4 +-
 modules/network-manager.nix                   |   9 +
 modules/networkmanager.nix                    |  11 -
 modules/nix.nix                               |  68 ++--
 modules/nushell/boom.opus                     | Bin 21680 -> 0 bytes
 modules/nushell/configuration.nix.nu          |  16 +-
 modules/nushell/default.nix                   |  48 +--
 .../{environment.nix.nu => environment.nu}    |   4 -
 modules/openssh/default.nix                   |  27 --
 modules/openssh/motd.hist                     |  21 --
 modules/openttd.nix                           |   5 -
 modules/packages.nix                          |  11 +-
 modules/pipewire.nix                          |   8 +-
 modules/pueue.nix                             |  39 --
 modules/python.nix                            |  14 +-
 modules/qt.nix                                |   9 -
 modules/ripgrep.nix                           |  12 +-
 modules/rust.nix                              |  11 +-
 modules/ssh.nix                               |  58 ++-
 modules/steam.nix                             |   4 +-
 modules/sudo.nix                              |   6 +-
 modules/thunar.nix                            |   2 +-
 modules/tmp.nix                               |   2 +-
 modules/users.nix                             |   2 +-
 modules/w3m.nix                               |  14 +-
 modules/waybar.nix                            |  66 +---
 options/desktop.nix                           |  10 +
 options/ssl.nix                               |   7 +
 options/theme.nix                             |  23 ++
 rebuild.nu                                    |  51 +--
 secrets.nix                                   |  34 +-
 106 files changed, 1252 insertions(+), 1367 deletions(-)
 delete mode 100644 derivations/rat.nix
 delete mode 100644 docs/BROKEN.md
 rename LICENSE.md => docs/LICENSE.md (100%)
 delete mode 100644 docs/PORTS.md
 rename hosts/cube/{acme/default.nix => acme.nix} (62%)
 delete mode 100644 hosts/cube/acme/password.age
 delete mode 100644 hosts/cube/matrix-synapse/password.secret.age
 delete mode 100644 hosts/cube/matrix-synapse/password.sync.age
 rename hosts/cube/{matrix-synapse => matrix}/default.nix (71%)
 create mode 100644 hosts/cube/matrix/password.secret.age
 create mode 100644 hosts/cube/matrix/password.sync.age
 create mode 100644 hosts/disk/default.nix
 create mode 100644 hosts/disk/hardware.nix
 create mode 100644 hosts/disk/password.floppy.age
 create mode 100644 hosts/disk/site6.nix
 create mode 100644 hosts/password.acme.age
 delete mode 100644 lib/configuration.nix
 create mode 100644 lib/configuration1.nix
 create mode 100644 lib/configuration2.nix
 delete mode 100644 lib/default.nix
 create mode 100644 lib/enabled.nix
 create mode 100644 lib/modules.nix
 delete mode 100644 lib/ssl.nix
 delete mode 100644 modules/fail2ban.nix
 create mode 100644 modules/kresd.nix
 create mode 100644 modules/network-manager.nix
 delete mode 100644 modules/networkmanager.nix
 delete mode 100644 modules/nushell/boom.opus
 rename modules/nushell/{environment.nix.nu => environment.nu} (83%)
 delete mode 100644 modules/openssh/default.nix
 delete mode 100644 modules/openssh/motd.hist
 delete mode 100644 modules/openttd.nix
 delete mode 100644 modules/pueue.nix
 delete mode 100644 modules/qt.nix
 create mode 100644 options/desktop.nix
 create mode 100644 options/ssl.nix
 create mode 100644 options/theme.nix

diff --git a/.gitignore b/.gitignore
index b4f8486..92e4b98 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,37 +1,34 @@
 *
 
-!derivations/
-
 !docs/
 
 !hosts/
 
-!hosts/enka/
-
 !hosts/cube/
-!hosts/cube/acme/
 !hosts/cube/forgejo/
 !hosts/cube/grafana/
 !hosts/cube/mail/
-!hosts/cube/matrix-synapse/
+!hosts/cube/matrix/
 !hosts/cube/nextcloud/
 
+!hosts/disk/
+
+!hosts/enka/
+
 !modules/
 !modules/hyprland/
 !modules/nushell/
-!modules/openssh/
 
 !lib/
 
+!options/
+
 !.gitignore
 !flake.lock
 
 !*.age
 !*.gif
-!*.hist
 !*.md
 !*.nix
 !*.nu
-!*.opus
 !*.png
-!*.sh
diff --git a/derivations/rat.nix b/derivations/rat.nix
deleted file mode 100644
index 1c1590c..0000000
--- a/derivations/rat.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{
-  stdenv,
-  fetchFromGitHub,
-  unixtools,
-}:
-
-stdenv.mkDerivation rec {
-  pname = "rat";
-  version = "2.0.1";
-
-  src = fetchFromGitHub {
-    owner  = "thinkingsand";
-    repo   = pname;
-    sha256 = "sha256-OsEIOC6EZrAN2NnDvnyN0nBRLVIviSMX2+TPqlidxrI=";
-    rev    = "4817f542b067255d2b6cd1d29137f393da6e4085";
-  };
-
-  buildInputs = [ unixtools.xxd ];
-  buildPhase = ''
-    runHook preBuild
-
-    make linux_audio
-
-    runHook postBuild
-  '';
-
-  installPhase = ''
-    runHook preInstall
-
-    mkdir -p $out/bin
-    install -Dm755 ./bin/rat -t $out/bin/
-
-    runHook postInstall
-  '';
-}
diff --git a/docs/BROKEN.md b/docs/BROKEN.md
deleted file mode 100644
index c5abbd0..0000000
--- a/docs/BROKEN.md
+++ /dev/null
@@ -1,11 +0,0 @@
-# Broken Stuff
-
-- Not broken either but set up Nextcloud exporters.
-
-- Some Nginx headers were commented out because it collided or something.
-  Idfk. Make them not. Uncomment.
-
-- QT theme doesn't work.
-
-- Nushell custom prompt title does not work, as it gets
-  overriden by the shell integration in a split second.
diff --git a/LICENSE.md b/docs/LICENSE.md
similarity index 100%
rename from LICENSE.md
rename to docs/LICENSE.md
diff --git a/docs/PORTS.md b/docs/PORTS.md
deleted file mode 100644
index d24dc95..0000000
--- a/docs/PORTS.md
+++ /dev/null
@@ -1,12 +0,0 @@
-# Internal & External Port Numbers
-
-- 80 and 443 are standard HTTP ports. Let them be.
-- Same for e-mail ports.
-- 8000-8999 are internal web application ports.
-  - Every app topic must use 80N0-80N9.
-- 9000 is the Prometheus port.
-  - Every exporter topic must use 90N0-90N9.
-  - For example, Node exporter can be on 9010.
-    Dovecot can be on 9020, Postfix can be on 9021,
-    and so on.
-- Haven't decided on redis, kresd etc. ports yet.
diff --git a/docs/README.md b/docs/README.md
index 5978671..6d849a1 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -1,39 +1,6 @@
-# My NixOS Configurations
+# NCC
 
-This repository contains my NixOS configurations for all my machines.
-
-## Bootstrapping
-
-Here is the script you need to run to get this working:
-
-> [!IMPORTANT]
-> You will need to have an SSH key to authorize GitHub with,
-> and have access to the Ghostty GitHub repository as I
-> use Ghostty and Ghostty is in private beta at the moment.
-
-```sh
-sudo nix-shell --packages git nu nix-output-monitor --command "
-  git clone https://github.com/RGBCube/NixOSConfiguration ~/Configuration
-  cd ~/Configuration
-  hostname -v <host>
-  nu rebuild.nu
-"
-```
-
-`host` is a host selected from the hosts in the `hosts` directory.
-
-## Applying Changes
-
-Lets say you have changed the configuration and want to apply the changes
-to your system. You would have to run the rebuild script:
-
-```sh
-./rebuild.nu
-```
-
-This runs the script interactively.
-
-You can also check how the script is used by reading the parameters it takes.
+RGBCube's NixOS Configuration Collection.
 
 ## License
 
diff --git a/flake.lock b/flake.lock
index 066aea5..f962741 100644
--- a/flake.lock
+++ b/flake.lock
@@ -12,11 +12,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1707830867,
-        "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
+        "lastModified": 1712079060,
+        "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
+        "rev": "1381a759b205dff7a6818733118d02253340fd5e",
         "type": "github"
       },
       "original": {
@@ -71,11 +71,11 @@
         "rust-analyzer-src": "rust-analyzer-src"
       },
       "locked": {
-        "lastModified": 1711434200,
-        "narHash": "sha256-d1/GwzQfxG66qfFiZv79m0C63JXIkzLHVHXaf9A42tY=",
+        "lastModified": 1713335151,
+        "narHash": "sha256-K97Xs+gvp9wbbpd+a4aSeeczWgtBs63ut6lAcDn3O4U=",
         "owner": "nix-community",
         "repo": "fenix",
-        "rev": "08b43790fd25acd39f3cc1fdaf36c183c59ca528",
+        "rev": "fa179d2b1528f64ae43f83c485ef914d9c3fb85a",
         "type": "github"
       },
       "original": {
@@ -137,11 +137,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1711508420,
-        "narHash": "sha256-T0io4K+gZOlps4GOUbwdskvmE9j6w33RLOTOwzfcgkI=",
+        "lastModified": 1713285560,
+        "narHash": "sha256-PlApALZSdBnRtXLk1XYksOzf47BU/V+vnIGjqrO1DmY=",
         "ref": "refs/heads/main",
-        "rev": "caf2742b768937869bb6c843c89c87f48f3ac1d2",
-        "revCount": 5721,
+        "rev": "06c5528a59f61e61c7b8b21a51bb60a172ca7955",
+        "revCount": 5909,
         "type": "git",
         "url": "ssh://git@github.com/RGBCube/ghostty"
       },
@@ -193,11 +193,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1711133180,
-        "narHash": "sha256-WJOahf+6115+GMl3wUfURu8fszuNeJLv9qAWFQl3Vmo=",
+        "lastModified": 1713294767,
+        "narHash": "sha256-LmaabaQZdx52MPGKPRt9Opoc9Gd9RbwvCdysUUYQoXI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "1c2c5e4cabba4c43504ef0f8cc3f3dfa284e2dbb",
+        "rev": "fa8c16e2452bf092ac76f09ee1fb1e9f7d0796e7",
         "type": "github"
       },
       "original": {
@@ -208,7 +208,10 @@
     },
     "hyprcursor": {
       "inputs": {
-        "hyprlang": "hyprlang",
+        "hyprlang": [
+          "hyprland",
+          "hyprlang"
+        ],
         "nixpkgs": [
           "hyprland",
           "nixpkgs"
@@ -219,11 +222,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1711035742,
-        "narHash": "sha256-5vvhCSUGG9TA2G1eIRgokuYizhRnZu0ZbcU1MXfHsUE=",
+        "lastModified": 1713214463,
+        "narHash": "sha256-zAOOjqHAbccCRgJSuvTCA0FNLqKswN63LgVo43R7pxw=",
         "owner": "hyprwm",
         "repo": "hyprcursor",
-        "rev": "6a92473237f430399a417e1c2da9d7fcd4970086",
+        "rev": "0a53b9957f0b17f1a0036b25198f569969ad43a0",
         "type": "github"
       },
       "original": {
@@ -249,11 +252,11 @@
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1711466169,
-        "narHash": "sha256-8LyPRWHz6YFWS5IIgjb94K6eDH5Riwe65BBkreC6v1c=",
+        "lastModified": 1713351856,
+        "narHash": "sha256-5lf6GAXWtJanOTgu3jH0tF4aqoqCv8IcP43wp+pemWg=",
         "owner": "hyprwm",
         "repo": "Hyprland",
-        "rev": "ae52b7f4680716976d05b638aaa90e169d199117",
+        "rev": "e57a2d7ec87ae775828ea8628ef4eeafce8e6e70",
         "type": "github"
       },
       "original": {
@@ -288,29 +291,6 @@
       }
     },
     "hyprlang": {
-      "inputs": {
-        "nixpkgs": [
-          "hyprland",
-          "hyprcursor",
-          "nixpkgs"
-        ],
-        "systems": "systems_2"
-      },
-      "locked": {
-        "lastModified": 1709914708,
-        "narHash": "sha256-bR4o3mynoTa1Wi4ZTjbnsZ6iqVcPGriXp56bZh5UFTk=",
-        "owner": "hyprwm",
-        "repo": "hyprlang",
-        "rev": "a685493fdbeec01ca8ccdf1f3655c044a8ce2fe2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprlang",
-        "type": "github"
-      }
-    },
-    "hyprlang_2": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
@@ -320,11 +300,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1711250455,
-        "narHash": "sha256-LSq1ZsTpeD7xsqvlsepDEelWRDtAhqwetp6PusHXJRo=",
+        "lastModified": 1713121246,
+        "narHash": "sha256-502X0Q0fhN6tJK7iEUA8CghONKSatW/Mqj4Wappd++0=",
         "owner": "hyprwm",
         "repo": "hyprlang",
-        "rev": "b3e430f81f3364c5dd1a3cc9995706a4799eb3fa",
+        "rev": "78fcaa27ae9e1d782faa3ff06c8ea55ddce63706",
         "type": "github"
       },
       "original": {
@@ -340,11 +320,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1711283076,
-        "narHash": "sha256-Cda+XbHpvyz3HhdJ7FlXFoaazOWtdBoOWmEaj4ZFwRM=",
+        "lastModified": 1713196199,
+        "narHash": "sha256-ifdAQO9wcw/zlAyg8fCpf5I0TtufdRS6YZoTVk1VzLM=",
         "owner": "hyprwm",
         "repo": "hyprpicker",
-        "rev": "0eb49192a5cdd5e6e8e6c2c82c33857d78d6cd56",
+        "rev": "e2472f499d67568edb1b727736c587b877e85344",
         "type": "github"
       },
       "original": {
@@ -365,84 +345,29 @@
         "url": "https://raw.githubusercontent.com/ziglang/zig/54bbc73f8502fe073d385361ddb34a43d12eec39/doc/langref.html.in"
       }
     },
-    "libgit2": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1697646580,
-        "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=",
-        "owner": "libgit2",
-        "repo": "libgit2",
-        "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5",
-        "type": "github"
-      },
-      "original": {
-        "owner": "libgit2",
-        "repo": "libgit2",
-        "type": "github"
-      }
-    },
-    "nixSuper": {
-      "inputs": {
-        "flake-compat": [
-          "flakeCompat"
-        ],
-        "libgit2": "libgit2",
-        "nixpkgs": "nixpkgs",
-        "nixpkgs-regression": "nixpkgs-regression"
-      },
-      "locked": {
-        "lastModified": 1711388763,
-        "narHash": "sha256-z5lTtZ3Np3P5E03S7J627Gie7HtLPxscmuQ40Vu8xuw=",
-        "owner": "privatevoid-net",
-        "repo": "nix-super",
-        "rev": "06eac000db910dd07c935b2dd279b92b21b61571",
-        "type": "github"
-      },
-      "original": {
-        "owner": "privatevoid-net",
-        "repo": "nix-super",
-        "type": "github"
-      }
-    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1709083642,
-        "narHash": "sha256-7kkJQd4rZ+vFrzWu8sTRtta5D1kBG0LSRYAfhtmMlSo=",
+        "lastModified": 1713248628,
+        "narHash": "sha256-NLznXB5AOnniUtZsyy/aPWOk8ussTuePp2acb9U+ISA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b550fe4b4776908ac2a861124307045f8e717c8e",
+        "rev": "5672bc9dbf9d88246ddab5ac454e82318d094bb8",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "release-23.11",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
-    "nixpkgs-regression": {
-      "locked": {
-        "lastModified": 1643052045,
-        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      }
-    },
     "nixpkgs-zig-0-12": {
       "locked": {
-        "lastModified": 1711143939,
-        "narHash": "sha256-oT6a81U4NHjJH1hjaMVXKsdTZJwl2dT+MhMESKoevvA=",
+        "lastModified": 1712247214,
+        "narHash": "sha256-7PTw86NnE2nCQPf+PPI/kOKwmlbbTqUthYSz/nDnAoc=",
         "owner": "vancluever",
         "repo": "nixpkgs",
-        "rev": "c4749393c06e52da4adf42877fdf9bac7141f0de",
+        "rev": "6726262c930716f601345b2c9d0c42ba069991b8",
         "type": "github"
       },
       "original": {
@@ -452,37 +377,6 @@
         "type": "github"
       }
     },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1711518224,
-        "narHash": "sha256-M75UGj6cj41U6WEAQIt1NT1KHtmUGFjkFGEkbkOnFFw=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "1b08f32c98637285b4dd3b74f2ea2b3b487106bd",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nuScripts": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1711478865,
-        "narHash": "sha256-cXcMGdmdfyrfhCVHRRHNQnstFbFhIKyQdNivgBT/tpA=",
-        "owner": "nushell",
-        "repo": "nu_scripts",
-        "rev": "41fe58eceeaf24e560dc448280be3a143207982f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nushell",
-        "repo": "nu_scripts",
-        "type": "github"
-      }
-    },
     "root": {
       "inputs": {
         "ageNix": "ageNix",
@@ -493,13 +387,11 @@
         "ghosttyModule": "ghosttyModule",
         "homeManager": "homeManager",
         "hyprland": "hyprland",
-        "hyprlang": "hyprlang_2",
+        "hyprlang": "hyprlang",
         "hyprpicker": "hyprpicker",
-        "nixSuper": "nixSuper",
-        "nixpkgs": "nixpkgs_2",
-        "nuScripts": "nuScripts",
+        "nixpkgs": "nixpkgs",
         "simpleMail": "simpleMail",
-        "systems": "systems_3",
+        "systems": "systems_2",
         "themes": "themes",
         "zig": "zig",
         "zls": "zls"
@@ -508,11 +400,11 @@
     "rust-analyzer-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1711404839,
-        "narHash": "sha256-5W2Vzw2nfrOk194qLcZDyNmmH/mda6B6413M58C85Bk=",
+        "lastModified": 1713285401,
+        "narHash": "sha256-/FSI+GvcLWR107Lr2ntTo4d+yw2cAFXnJBw/66hPn8c=",
         "owner": "rust-lang",
         "repo": "rust-analyzer",
-        "rev": "e52bb8cddb0d636a86a3560e9eadb5f3d8f8c2af",
+        "rev": "d07f0240fd9ced3addb8bdcda6fb9a305cb6499f",
         "type": "github"
       },
       "original": {
@@ -536,11 +428,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1710449465,
-        "narHash": "sha256-2orO8nfplp6uQJBFqKkj1iyNMC6TysmwbWwbb4osTag=",
+        "lastModified": 1713012165,
+        "narHash": "sha256-z/soXKDnz+w4Nw0LkRaM73YqolhSmIYy6cpg1F2ps8I=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "79c8cfcd5873a85559da6201b116fb38b490d030",
+        "rev": "9f6635a0351c190179dc6904545f950108a23dd8",
         "type": "gitlab"
       },
       "original": {
@@ -565,21 +457,6 @@
       }
     },
     "systems_2": {
-      "locked": {
-        "lastModified": 1689347949,
-        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "type": "github"
-      }
-    },
-    "systems_3": {
       "locked": {
         "lastModified": 1681028828,
         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -612,20 +489,18 @@
     "wlroots": {
       "flake": false,
       "locked": {
-        "host": "gitlab.freedesktop.org",
-        "lastModified": 1709983277,
-        "narHash": "sha256-wXWIJLd4F2JZeMaihWVDW/yYXCLEC8OpeNJZg9a9ly8=",
-        "owner": "wlroots",
-        "repo": "wlroots",
-        "rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b",
-        "type": "gitlab"
+        "lastModified": 1713124002,
+        "narHash": "sha256-vPeZCY+sdiGsz4fl3AVVujfyZyQBz6+vZdkUE4hQ+HI=",
+        "owner": "hyprwm",
+        "repo": "wlroots-hyprland",
+        "rev": "611a4f24cd2384378f6e500253983107c6656c64",
+        "type": "github"
       },
       "original": {
-        "host": "gitlab.freedesktop.org",
-        "owner": "wlroots",
-        "repo": "wlroots",
-        "rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b",
-        "type": "gitlab"
+        "owner": "hyprwm",
+        "repo": "wlroots-hyprland",
+        "rev": "611a4f24cd2384378f6e500253983107c6656c64",
+        "type": "github"
       }
     },
     "xdph": {
@@ -648,11 +523,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709299639,
-        "narHash": "sha256-jYqJM5khksLIbqSxCLUUcqEgI+O2LdlSlcMEBs39CAU=",
+        "lastModified": 1713214484,
+        "narHash": "sha256-h1bSIsDuPk1FGgvTuSHJyiU2Glu7oAyoPMJutKZmLQ8=",
         "owner": "hyprwm",
         "repo": "xdg-desktop-portal-hyprland",
-        "rev": "2d2fb547178ec025da643db57d40a971507b82fe",
+        "rev": "bb44921534a9cee9635304fdb876c1b3ec3a8f61",
         "type": "github"
       },
       "original": {
@@ -674,11 +549,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1711454961,
-        "narHash": "sha256-Hm5wZoCrfQYiSv6F2AqRXfb3iBQOFVwTHaXCVw4VIcg=",
+        "lastModified": 1713313372,
+        "narHash": "sha256-JqMBPQKPubOt3ToB0k4q+CTJqfwHfh5iaaFvLOr8GDA=",
         "owner": "mitchellh",
         "repo": "zig-overlay",
-        "rev": "fc90c09499061b194328f42469df73b09563fc83",
+        "rev": "5dcefc19b3fb062bb2beb224d72759ca6c25c9cd",
         "type": "github"
       },
       "original": {
@@ -702,11 +577,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1711133472,
-        "narHash": "sha256-iF7WXLFcze9f/H78NB98Oh3O55SrlgymCD7Vrk13aQU=",
+        "lastModified": 1713110866,
+        "narHash": "sha256-ddSLREpgBq87dcbSisliSoSNqKl2x7kVf3E/tFumIXw=",
         "owner": "zigtools",
         "repo": "zls",
-        "rev": "96eddd067615efd9a88fa596dfa4c75943302885",
+        "rev": "172c8f2ef81c95731d7bff6f69f8d497902fe999",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index fa9efe4..e0d9d76 100644
--- a/flake.nix
+++ b/flake.nix
@@ -7,14 +7,7 @@
   };
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs";
-
-    nixSuper = {
-      url = "github:privatevoid-net/nix-super";
-
-      inputs.flake-compat.follows = "flakeCompat";
-      # inputs.nixpkgs.follows      = "nixpkgs";
-    };
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
 
     homeManager = {
       url = "github:nix-community/home-manager";
@@ -29,11 +22,6 @@
       inputs.home-manager.follows = "homeManager";
     };
 
-    nuScripts = {
-      url   = "github:nushell/nu_scripts";
-      flake = false;
-    };
-
     simpleMail = {
       url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
 
@@ -69,7 +57,7 @@
     fenix = {
       url = "github:nix-community/fenix";
 
-      inputs.nixpkgs.follows      = "nixpkgs";
+      inputs.nixpkgs.follows = "nixpkgs";
     };
 
     zig = {
@@ -116,117 +104,103 @@
   };
 
   outputs = {
+    self,
     nixpkgs,
     ageNix,
     simpleMail,
     homeManager,
-    themes,
+    ghosttyModule,
     ...
   } @ inputs: let
-    importConfiguration = host: let
-      hostDefault = import ./hosts/${host} {
-        config = {};
-        keys   = {};
-        ulib   = (import ./lib lib null) // {
-          merge = lib.recursiveUpdate;
-        };
-      };
+    lib0  = nixpkgs.lib;
+    keys = import ./keys.nix;
 
-      users = {
-        all = let
-          users = builtins.attrNames hostDefault.users.users;
-        in if builtins.elem "root" users then
-          users
-        else
-          users ++ [ "root" ];
+    collectNixFiles = directory: with lib0; pipe (builtins.readDir directory) [
+      (mapAttrsToList (name: type: let
+        path = /${directory}/${name};
+      in if type == "directory" then
+        collectNixFiles path
+      else
+        path))
+      flatten
+      (filter (hasSuffix ".nix"))
+      (filter (name: !hasPrefix "_" (builtins.baseNameOf name)))
+    ];
 
-        graphical = builtins.attrNames (lib.filterAttrs (_: value: builtins.elem "graphical" (value.extraGroups or [])) hostDefault.users.users);
-      };
+    lib1 = with lib0; extend (_: _: pipe (collectNixFiles ./lib) [
+      (map (file: import file lib0))
+      (filter (thunk: !isFunction thunk))
+      (foldl' recursiveUpdate {})
+    ]);
 
-      system = hostDefault.nixpkgs.hostPlatform;
-
-      lib  = nixpkgs.lib;
-      ulib = import ./lib lib users;
-
-      pkgs  = import nixpkgs { inherit system; };
-      upkgs = let
-        defaults = lib.genAttrs
-          [ "nixSuper" "ageNix" "hyprland" "hyprpicker" "ghostty" "zls" ]
-          (name: inputs.${name}.packages.${system}.default);
-
-        other = {
-          nuScripts = inputs.nuScripts;
-          rat       = pkgs.callPackage ./derivations/rat.nix {};
-          zig       = inputs.zig.packages.${system}.master;
-        };
-      in defaults // other;
-
-      keys = import ./keys.nix;
-
-      theme = themes.custom (themes.raw.gruvbox-dark-hard // {
-        cornerRadius = 8;
-        borderWidth  = 2;
-
-        margin  = 6;
-        padding = 8;
-
-        font.size.normal = 12;
-        font.size.big    = 18;
-
-        font.sans.name    = "Lexend";
-        font.sans.package = pkgs.lexend;
-
-        font.mono.name    = "JetBrainsMono Nerd Font";
-        font.mono.package = (pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; });
-
-        icons.name    = "Gruvbox-Plus-Dark";
-        icons.package = pkgs.gruvbox-plus-icons;
-      });
-
-      defaultConfiguration = {
-        age.identityPaths = map (user: "/home/${user}/.ssh/id") users.all;
-
-        home-manager.users           = lib.genAttrs users.all (_: {});
-        home-manager.useGlobalPkgs   = true;
-        home-manager.useUserPackages = true;
-
-        networking.hostName  = host;
-      };
-
-    in lib.nixosSystem {
-      inherit system;
-
-      specialArgs = { inherit inputs ulib upkgs keys theme; };
-
-      modules = let
-        mapDirectory = function: directory: with builtins;
-          attrValues (mapAttrs function (readDir directory));
-
-        nullIfUnderscoreOrNotNix = name: if (builtins.substring 0 1 name) == "_" then
-          null
-        else if lib.hasSuffix ".age" name then
-          null
-        else
-          name;
-
-        filterNull = builtins.filter (x: x != null);
-
-        importDirectory = directory:
-          filterNull (mapDirectory (name: _: lib.mapNullable (name: /${directory}/${name}) (nullIfUnderscoreOrNotNix name)) directory);
-      in [
-        homeManager.nixosModules.default
-
-        ageNix.nixosModules.default
-
-        simpleMail.nixosModules.default
-
-        defaultConfiguration
-      ] ++ (importDirectory ./hosts/${host})
-        ++ (importDirectory ./modules);
+    nixpkgsOverlayModule = with lib1; {
+      nixpkgs.overlays = [(final: prev: {
+        ghostty = inputs.ghostty.packages.${prev.system}.default;
+        zls     = inputs.zls.packages.${prev.system}.default;
+      })] ++ pipe inputs [
+        attrValues
+        (filter (value: value ? overlays.default))
+        (map (value: value.overlays.default))
+      ];
     };
 
-    hosts = (builtins.attrNames (builtins.readDir ./hosts));
+    homeManagerModule = { lib, ... }: with lib; {
+      home-manager.users = genAttrs allNormalUsers (_: {});
+
+      home-manager.useGlobalPkgs   = true;
+      home-manager.useUserPackages = true;
+
+      home-manager.sharedModules = [ ghosttyModule.homeModules.default ];
+    };
+
+    ageNixModule = {
+      age.identityPaths = [ "/root/.ssh/id" ];
+    };
+
+    optionModules = [
+      homeManager.nixosModules.default
+      ageNix.nixosModules.default
+      simpleMail.nixosModules.default
+
+      (lib1.mkAliasOptionModule [ "secrets" ] [ "age" "secrets" ])
+    ] ++ collectNixFiles ./options;
+
+    optionUsageModules = [
+      nixpkgsOverlayModule
+      homeManagerModule
+      ageNixModule
+    ] ++ collectNixFiles ./modules;
+
+    specialArgs = { inherit self inputs keys; };
+
+    hosts = lib1.pipe (builtins.readDir ./hosts) [
+      (lib1.filterAttrs (name: type: type == "regular" -> lib1.hasSuffix ".nix" name))
+      lib1.attrNames
+    ];
+
+    lib2s = with lib1; genAttrs hosts (name: let
+      hostStub = nixosSystem {
+        inherit specialArgs;
+
+        modules = [ ./hosts/${name} ] ++ optionModules;
+      };
+    in extend (_: _: pipe (collectNixFiles ./lib) [
+      (map (file: import file lib1))
+      (filter (isFunction))
+      (map (func: func hostStub.config))
+      (foldl' recursiveUpdate {})
+    ]));
+
+    configurations = lib1.genAttrs hosts (name: lib2s.${name}.nixosSystem {
+      inherit specialArgs;
+ 
+      modules = [{
+        networking.hostName = name;
+      }] ++ optionModules ++ optionUsageModules ++ collectNixFiles ./hosts/${name};
+    });
   in {
-    nixosConfigurations = nixpkgs.lib.genAttrs hosts importConfiguration;
-  };
+    nixosConfigurations = configurations;
+
+  # This is here so we can do self.<whatever> instead of self.nixosConfigurations.<whatever>.config.
+  } // lib1.mapAttrs (_: value: value.config) configurations;
 }
diff --git a/hosts/cube/acme/default.nix b/hosts/cube/acme.nix
similarity index 62%
rename from hosts/cube/acme/default.nix
rename to hosts/cube/acme.nix
index 9aa3416..0a76c91 100644
--- a/hosts/cube/acme/default.nix
+++ b/hosts/cube/acme.nix
@@ -1,15 +1,15 @@
-{ config, ulib, ... }: with ulib;
+{ self, config, lib, ... }: with lib;
 
 let
   inherit (config.networking) domain;
-in serverSystemConfiguration {
-  age.secrets."hosts/cube/acme/password".file = ./password.age;
+in systemConfiguration {
+  secrets.acmePassword.file = self + /hosts/password.acme.age;
 
   security.acme = {
     acceptTerms = true;
 
     defaults = {
-      environmentFile = config.age.secrets."hosts/cube/acme/password".path;
+      environmentFile = config.secrets.acmePassword.path;
       dnsProvider     = "cloudflare";
       dnsResolver     = "1.1.1.1";
       email           = "security@${domain}";
diff --git a/hosts/cube/acme/password.age b/hosts/cube/acme/password.age
deleted file mode 100644
index ccb115a6ca164f64db654033be2c389e739f22a3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 385
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUFE{ZY;DOV^j4K~k7
zHq$P4OAPS}aW67+OH500tO%>}3rh6O3ev9hsWb`;$+M_*jO2234h&99D)vkY3Uv!l
zN(pz1@XjqY$jovLFLVshuX0NDcM9{$tMJWFapcm~)m1Qe&I*b2Ps}f~C`ok556bc`
z4hhdp3$=8~ED8wn(+?@}D9v^*HxBem4dp89{WGJ4ZHbcNIYZru6^zGPt$EX%?^tQi
zINYQ=@0r>5Rtt#*Uv&<=UE^QWnc(2~y-2vd`S-)sO-e!^u10@55|#LMWypz$9HY5U
z^Jm>m{dahKg7)s5lB{_)JQLO%Y@K-L4fCW~jW@+JHwPEr%~skNY9%5&KT~MG(L>&{
zD;5n5cMcwj<G5HQxaf``Q<v$Q1%E`UqLNnii5%RvhuOM&7SrQB=gSsfvN3;nEMj)~
nyQ#bLpJ*g+n-cv>@KSqSo4LfKB`(1{lQ(%7UE8>S;v;tew!5IZ

diff --git a/hosts/cube/default.nix b/hosts/cube/default.nix
index 87318aa..2da2b01 100644
--- a/hosts/cube/default.nix
+++ b/hosts/cube/default.nix
@@ -1,4 +1,4 @@
-{ config, ulib, keys, ... }: with ulib; merge
+{ config, lib, keys, ... }: with lib; merge
 
 (systemConfiguration {
   system.stateVersion  = "23.05";
@@ -6,18 +6,30 @@
 
   networking.domain = "rgbcu.be";
 
-  time.timeZone = "Europe/Amsterdam";
+  secrets.rgbPassword.file = ./password.rgb.age;
 
-  age.secrets."hosts/cube/password.rgb".file = ./password.rgb.age;
+  users.users = {
+    root.hashedPasswordFile = config.secrets.rgbPassword.path;
 
-  users.users.root.hashedPasswordFile = config.age.secrets."hosts/cube/password.rgb".path;
-
-  users.users.rgb = normalUser {
-    description                 = "RGB";
-    extraGroups                 = [ "wheel" ];
-    openssh.authorizedKeys.keys = [ keys.enka ];
-    hashedPasswordFile          = config.age.secrets."hosts/cube/password.rgb".path;
+    rgb = sudoUser {
+      description                 = "RGB";
+      openssh.authorizedKeys.keys = [ keys.enka ];
+      hashedPasswordFile          = config.secrets.rgbPassword.path;
+    };
   };
+
+  services.openssh.banner = ''
+     _______________________________________
+    / If God doesn't destroy San Francisco, \
+    | He should apologize to Sodom and      |
+    \ Gomorrah.                             /
+     ---------------------------------------
+            \   ^__^
+             \  (oo)\_______
+                (__)\       )\/\
+                    ||----w |
+                    ||     ||
+  '';
 })
 
 (homeConfiguration {
diff --git a/hosts/cube/forgejo/default.nix b/hosts/cube/forgejo/default.nix
index ceca47e..cb4ce7d 100644
--- a/hosts/cube/forgejo/default.nix
+++ b/hosts/cube/forgejo/default.nix
@@ -1,15 +1,17 @@
-{ config, ulib, pkgs, ... }: with ulib;
+{ config, lib, pkgs, ... }: with lib;
 
 let
   inherit (config.networking) domain;
 
   fqdn = "git.${domain}";
-in serverSystemConfiguration {
-  age.secrets."hosts/cube/forgejo/password.mail" = {
+
+  port = 8004;
+in systemConfiguration {
+  secrets.forgejoMailPassword = {
     file  = ./password.mail.age;
     owner = "forgejo";
   };
-  age.secrets."hosts/cube/forgejo/password.runner" = {
+  secrets.forgejoRunnerPassword = {
     file  = ./password.runner.age;
     owner = "forgejo";
   };
@@ -42,7 +44,7 @@ in serverSystemConfiguration {
         "act:docker://ghcr.io/catthehacker/ubuntu:act-latest"
       ];
 
-      tokenFile = config.age.secrets."hosts/cube/forgejo/password.runner".path;
+      tokenFile = config.secrets.forgejoRunnerPassword.path;
 
       settings = {
         cache.enabled     = true;
@@ -61,11 +63,12 @@ in serverSystemConfiguration {
     };
   };
 
+  services.openssh.settings.AcceptEnv = mkForce "COLORTERM GIT_PROTOCOL";
 
   services.forgejo = enabled {
-    lfs = enabled {};
+    lfs = enabled;
 
-    mailerPasswordFile = config.age.secrets."hosts/cube/forgejo/password.mail".path;
+    mailerPasswordFile = config.secrets.forgejoMailPassword.path;
 
     database = {
       socket = "/run/postgresql";
@@ -78,7 +81,7 @@ in serverSystemConfiguration {
       default.APP_NAME = description;
 
       actions = {
-        ENABLED = true;
+        ENABLED             = true;
         DEFAULT_ACTIONS_URL = "https://${fqdn}";
       };
 
@@ -89,9 +92,9 @@ in serverSystemConfiguration {
       mailer = {
         ENABLED = true;
 
-        PROTOCOL = "smtps";
+        PROTOCOL  = "smtps";
         SMTP_ADDR = config.mailserver.fqdn;
-        USER = "git@${domain}";
+        USER      = "git@${domain}";
       };
 
       other = {
@@ -123,8 +126,8 @@ in serverSystemConfiguration {
         ROOT_URL     = "https://${fqdn}/";
         LANDING_PAGE = "/explore";
 
-        HTTP_ADDR = "::";
-        HTTP_PORT = 8004;
+        HTTP_ADDR = "::1";
+        HTTP_PORT = port;
 
         SSH_PORT = builtins.elemAt config.services.openssh.ports 0;
 
@@ -145,7 +148,7 @@ in serverSystemConfiguration {
     };
   };
 
-  services.nginx.virtualHosts.${fqdn} = (sslTemplate domain) // {
-    locations."/".proxyPass = "http://[::]:${toString config.services.forgejo.settings.server.HTTP_PORT}";
+  services.nginx.virtualHosts.${fqdn} = merge config.sslTemplate {
+    locations."/".proxyPass = "http://[::1]:${toString port}";
   };
 }
diff --git a/hosts/cube/forgejo/password.mail.age b/hosts/cube/forgejo/password.mail.age
index 2113e92..b1fc1ab 100644
--- a/hosts/cube/forgejo/password.mail.age
+++ b/hosts/cube/forgejo/password.mail.age
@@ -1,6 +1,15 @@
 age-encryption.org/v1
--> ssh-ed25519 +rZ0Tw k4u86tbxSaZTIr9QzN2P+md9WwGvn93jOXqR2JHWy30
-tG7p/GaP0MhTqbAin3KmIMCrE67Ls3NYoztcJT8r7po
---- cmz8sBFqHk8RyAae/gBqrWgjCyHrVtngjZGn1xQOze8
-9rgM��׶9�������g����z�
-�@���uO���0ץ�a
\ No newline at end of file
+-> ssh-ed25519 +rZ0Tw UdpGG1O9oC4Z3OasaGJyU3TM9FkwcaXQX9+QT4Wqrjs
+RX+NdBYD+/GtOSGun8Y04S48MKLDHkQsfqjJQ0vVj18
+-> ssh-rsa jPaU3Q
+EVX4PE+5bBQm3tzrUkbPBfG7Ech9dS2Ix8ZLLWYW2DFp30F49tJvYUDLGgpRARa+
+dh0+tuiOdPHENVbyhM8pob+Jk4Ii1+ZYwQdah0bAmewJ88NAHgfNCPMuAZFsR2w7
+r+KeuMa+1PtX3llIVWqTc+pdfrPVnG/DcbQqSgs5a2NVQauMgFgT9eCrwvuWCTSQ
+dlUWdysSTYsnGHSKxSgS/MmMIFsrlxqoUUBYTFdS6yU/w6b7VFSJdGczmzD9zFMJ
+ywkregpi5y0Z8K5byroRMR1IfIl7B0CHcZbsTFqSrlDSX9Rq2D84TGwdhwBK0L17
+Yy1UM3mFIDWgWe2lBY2KRterzxF/XxfDgbDc+1d8NWANVDinoXIOLYg3QBCSupwR
+QmgjfvMcqjDSeg/QaV3PXtK/GyzVk8ehAFQpCyi+XofuavhBzP+9yk6IoHQupEAx
+mQkm1ZXRc//C5w7Svjf6DmR5KKbF/mTRr7QqJp4XuCNCHA4Bf5BQEw5p8NtfqiWh
+
+--- iRy3XLKWkh6sUOkUS79ZRtRAjGdvvlKRZ6L6h6cKzjE
+�lڣY�~�Ϭ�	��b�Q�/���o�3��^�s�}+���,B
\ No newline at end of file
diff --git a/hosts/cube/forgejo/password.runner.age b/hosts/cube/forgejo/password.runner.age
index bdc21c5..5e42912 100644
--- a/hosts/cube/forgejo/password.runner.age
+++ b/hosts/cube/forgejo/password.runner.age
@@ -1,5 +1,15 @@
 age-encryption.org/v1
--> ssh-ed25519 +rZ0Tw rraoMjYwD6IIkmgyiDKlij2+bLqY5PNyMU5IPQ4mvjI
-/yttaAf7neHJ69LYh6p33gRBXIZA4oxWS5DDMnfOhhM
---- o+/I/vPxFdL9orC3PsBTazOrwG6Le8uLMUYiHE4XMj8
-���
�]}�W�{[a'md��A�U�Ԭ�7z*�Y9"��|�1dv�Qxc��Ǔ��"�0���p����r�:��
�
\ No newline at end of file
+-> ssh-ed25519 +rZ0Tw cQ6Sb/ZjeBy7VCL03h1A4+67kNoEYfQBee90qOXytxg
+pIZpmgRZ9ISGx6CJF0yPX+PYs9VLXXoK01FB+iW4OXo
+-> ssh-rsa jPaU3Q
+aVlBcpE5GdfXtzuu7uHqDhTtiO7mXMYNr0Ww0MluxQxZmuXyxa7IIxeUR6n6eub/
+7H+B2Gcwwnh7txdWGyCytCx1rNp5Dbs0qSm+ufgyzNTSz9rPu2iEHPR0WOB2Y85x
+avpC53ESBFORZ4Zswkc0iYBAGIwbtUGDGAV/ziw1hZCEsRCJZX1Pj57Tvk5Bc9mL
+gaBix4Qo3X0j/Pqzp4NeaaMmIdCv2XOizQwFVAxqvT17xil3+TuZLKAScgbwtj9u
+QfOZjwOQxVZwB5+CHmd7AYX2QCQsi45bBKh9dUU2Fm/MLyDmfSpiwTQ3nIEkSk1n
+B6QwA4Z7v0A/IxDyQ9cWpj5TIxQ96RTf/azlRMg0H4bBuwINHlg0oWNIHfGZG15m
+uRMvs+xxPcmU710b5WEwZRSlaZ1+Lm8uLY7d0j+Ie4V41JKmMh1pOaFbyo4wxWUo
+cwRNFx9Yajiml7VnjaOZOGtA/NCUEall4mCdSJD5vntiTb3Hves0gAtoici1ZrX5
+
+--- 8RA8QeFF0brgptQpnHAO6L0J1DXWeVAKxuXmDcX46Zg
+	�t��<���&����V�9S�CsF��“
�QoCk�(�{�����H�m�� a �ˢT���[>�*�Qۓ�
\ No newline at end of file
diff --git a/hosts/cube/grafana/default.nix b/hosts/cube/grafana/default.nix
index 1031e34..a19ff27 100644
--- a/hosts/cube/grafana/default.nix
+++ b/hosts/cube/grafana/default.nix
@@ -1,25 +1,21 @@
-{ config, ulib, ... }: with ulib;
+{ config, lib, ... }: with lib;
 
 let
   inherit (config.networking) domain;
 
   fqdn = "metrics.${domain}";
-in serverSystemConfiguration {
-  age.secrets."hosts/cube/grafana/password" = {
+
+  port = 8000;
+in systemConfiguration {
+  secrets.grafanaPassword = {
     file  = ./password.age;
     owner = "grafana";
   };
-  age.secrets."hosts/cube/grafana/password.mail" = {
+  secrets.grafanaMailPassword = {
     file  = ./password.mail.age;
     owner = "grafana";
   };
 
-  services.fail2ban.jails.grafana.settings = {
-    filter       = "grafana";
-    journalmatch = "_SYSTEMD_UNIT=grafana.service";
-    maxretry     = 3;
-  };
-
   services.postgresql = {
     ensureDatabases = [ "grafana" ];
     ensureUsers     = [{
@@ -34,7 +30,7 @@ in serverSystemConfiguration {
   };
 
   services.grafana = enabled {
-    provision = enabled {};
+    provision = enabled;
 
     settings = {
       analytics.reporting_enabled = false;
@@ -44,15 +40,15 @@ in serverSystemConfiguration {
       database.user = "grafana";
 
       server.domain    = fqdn;
-      server.http_addr = "[::]";
-      server.http_port = 8000;
+      server.http_addr = "[::1]";
+      server.http_port = port;
 
       users.default_theme = "system";
     };
 
     settings.security = {
       admin_email    = "metrics@${domain}";
-      admin_password = "$__file{${config.age.secrets."hosts/cube/grafana/password".path}}";
+      admin_password = "$__file{${config.secrets.grafanaPassword.path}}";
       admin_user     = "admin";
 
       cookie_secure    = true;
@@ -64,7 +60,7 @@ in serverSystemConfiguration {
     settings.smtp = {
       enabled = true;
 
-      password        = "$__file{${config.age.secrets."hosts/cube/grafana/password.mail".path}}";
+      password        = "$__file{${config.secrets.grafanaMailPassword.path}}";
       startTLS_policy = "MandatoryStartTLS";
 
       ehlo_identity = "contact@${domain}";
@@ -74,9 +70,9 @@ in serverSystemConfiguration {
     };
   };
 
-  services.nginx.virtualHosts.${fqdn} = (sslTemplate domain) // {
+  services.nginx.virtualHosts.${fqdn} = merge config.sslTemplate {
     locations."/" = {
-      proxyPass       = "http://[::]:${toString config.services.grafana.settings.server.http_port}";
+      proxyPass       = "http://[::1]:${toString port}";
       proxyWebsockets = true;
     };
   };
diff --git a/hosts/cube/grafana/password.age b/hosts/cube/grafana/password.age
index a9816e2a2bd5bce43798b8a2a61b538bfa3ad545..7e22990255fa3ec2cb9f8e0c72a7750247e7183c 100644
GIT binary patch
delta 730
zcmcc5_=|OdPJMEUPpDIQPDoO?L2z(+W}#uAp>bwqpn-=+q;^tLkav-Dxps17Znk5#
zCs(;aX=1shV``yWxKUKDe_2I9VWoa<NMM<JRDO1Vw@<ROr;om?o3FoqHkYoQLUD11
zZc%ZfLRLUxsBs{dYk7WZU}{RPMR{>SRYaOwphrMnNqvfisbh(=bCGv`gh6nAN|0l4
zhNnkXh_{QAVUSy7QK+`7vvH6|cvWDQFPE{AVS%G@RhG7ag=MCBW_nbXv0qL>NSTjI
zPP$3Het>sXk%^I?i+PfMW^j;ml#hRESa_IOsJBsMhDl|Kqc&G|nqy?5Te820xtU>-
zd3H{PNquQ<nRbS@S!ud|dSzOgvsa0+cSdognM;*>SWrQlVSs*4L1K<)WR+{FSGZ3m
zmsfIzMMbH<TVz>DflowcNo1tEnNw7VUr9<>Nr|U_NMycuuwSxYSyDiTMMY$Bj!T$v
zak_<1n6qoBk&CvGA6J-uKyk23ZmEH3Zfbs6dA)&$X{1kLV2Gh_x^JP8W0AQ@TDh^i
zw^wjrvb#r6rMYE}hikA&K~cW3k6B8he?}CSL1Jo=yK8c}i(g5VnW>S!V`Yg^roMiL
zWs<8~qECdjmwAD4QAAaKN=0fxu|bu2mVZF1S%q(gSwTi#g`c+>my3BtX?aGZr>m<|
zV!dy2dRS6XghzgfNol0NS#FV^vteFQrbk6tL1l8Tvt?jGa7cNEi=lRac34nyPNja3
zekNDCZ)RAaaiF_TQH6<PaC&G}Mx?*HaY}h*aHe^RUrK(SXOM4XNPv@<b3s{JK|zRj
zcuA^uWkyz5xKnayMN%Lam#(g^LUyimda$=+xT|?yk$aW4SE6@OT5)EeV|Y<isaKF=
zdZ?FKc2s&ugn^@fAlJ;|)}A9Al3RlQb8TndwfXO@otNJDFlUDqNUiTXVx-q<mD88^
Ld+Hh;>F{y@DMI*u

delta 187
zcmeyxdY^HEPQ77fV6u}-nxlJoRG723xt~dRxnW6gnuU|UM}$SWqiLdJYM^IoX?9Mw
z0hfhEesFSbwsxX+x_5;|aky(hR#=)xpqsg6Ns*Cufs?Ccs#%$9c&=+!GMBEdu0oQp
zYmvE$UvimGsiT2gXkc(kfstE4UUso}P_U=Dwvnf!g-N!tQA&1xb~@MmO_62~qs@=Z
pux7Zh%;)+QQ@j5DL$)8jt!(Al8SrhbSh(f7St75^pRQcd0RYb3L>T}8

diff --git a/hosts/cube/grafana/password.mail.age b/hosts/cube/grafana/password.mail.age
index 01e8aee..c0cd623 100644
--- a/hosts/cube/grafana/password.mail.age
+++ b/hosts/cube/grafana/password.mail.age
@@ -1,5 +1,15 @@
 age-encryption.org/v1
--> ssh-ed25519 +rZ0Tw xkWa1fXAqQk5S+VNegGJpwGGDK0S3U+/QqPqSJgDUzI
-xQRrNt48YL6ueLKKN4VXZuwzP0wu7AykvShOTv06YVQ
---- pEof9mZkQfWKgX5jrFGissq6m8/CvS7O2G52d/XbS8w
-�,5��K�h��#s�(	�z�_IipY/�=��ܯ��Rw�S��
\ No newline at end of file
+-> ssh-ed25519 +rZ0Tw O0H0h+hSKjcOPaWE8iDSpYsR0TGigDeyBUmHtFTCNjQ
+EHORIYFfRAoYEME9SM6l3ef6jfYmLBXEgGxZ7L+wZyA
+-> ssh-rsa jPaU3Q
+bG32pycqaE13cyS0OVqd3mI3lmP91UOgBrhnIhUv6WCDxJdQoshrUNhfF93JAI9+
+HSAsAOM1UHeffdNuucCQsoTxENCFonldrK8+cQwPyQlPSGIP5yE4hFFRUjoct0X5
+qdJsjgHAP53c5707mdwsx7lbpRLFPhW6JvA90wn1LKZPgMHBD5yQRPc+qM0NQ10b
+sOqNU8dVuuIwWGtzHm9vrw3jUZMNiH+AUJ8IcaEC8+5FFAHr1cib3+rzyUmbzrxr
+n2dXsIICLmQZVXoNPMYltcHyM6jf1a+cxh9Z7ZKhVxJvD2jXh9CqrHw5Z2xbQJTL
+rwKNE85xxwQNzldYPMGLWyfn25j08/Jx4uZHXQIGrjVQCRRy+Mmn9d05MY2BNPNC
+vpA848kn1IIM5ybBdsEXSqywoE2+r+J39JVUcQgTdXhjQwfZWcXiaq3haD6mhtRp
+0VIqnBeu4vuvgtOEnWzvqVj0k64sYs+uPVjuXrW6szcSBcHj/QLfIQ//Tw4sRpQy
+
+--- DRdJx69Bkj+MVtk3dlZ0gMQmHG7NC7ZbzuMGbEbNVUQ
+�
���Ȏ^@���%��,�q�\4a
�E�QEi>�R�v��� 
\ No newline at end of file
diff --git a/hosts/cube/hardware.nix b/hosts/cube/hardware.nix
index 031996f..47cdec9 100644
--- a/hosts/cube/hardware.nix
+++ b/hosts/cube/hardware.nix
@@ -1,8 +1,10 @@
-{ ulib, modulesPath, ... }: with ulib; merge
+{ lib, modulesPath, ... }: with lib;
 
-(modulesPath + "/profiles/qemu-guest.nix")
+systemConfiguration {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
 
-(serverSystemConfiguration {
   boot.loader.grub = enabled {
     device      = "/dev/vda";
     useOSProber = true;
@@ -17,7 +19,7 @@
   ];
 
   fileSystems."/" = {
-    device = "/dev/disk/by-uuid/a14e3685-693a-4099-a2fe-ce959935dd50";
+    device = "/dev/disk/by-label/root";
     fsType = "ext4";
   };
-})
+}
diff --git a/hosts/cube/mail/default.nix b/hosts/cube/mail/default.nix
index fef217c..c0b0643 100644
--- a/hosts/cube/mail/default.nix
+++ b/hosts/cube/mail/default.nix
@@ -1,15 +1,18 @@
-{ config, lib, ulib, ... }: with ulib;
+{ config, lib, ... }: with lib;
 
 let
   inherit (config.networking) domain;
 
   fqdn = "mail.${domain}";
-in serverSystemConfiguration {
-  age.secrets."hosts/cube/mail/password".file = ./password.age;
+
+  prometheusPort = 9040;
+in systemConfiguration {
+  secrets.mailPassword.file = ./password.age;
 
   services.prometheus = {
     exporters.postfix = enabled {
-      port = 9040;
+      listenAddress = "[::1]";
+      port          = prometheusPort;
     };
 
     scrapeConfigs = [{
@@ -18,27 +21,12 @@ in serverSystemConfiguration {
       static_configs = [{
         labels.job = "postfix";
         targets    = [
-          "[::]:${toString config.services.prometheus.exporters.postfix.port}"
+          "[::1]:${toString prometheusPort}"
         ];
       }];
     }];
   };
 
-  services.fail2ban.jails = {
-    dovecot.settings = {
-      filter   = "dovecot";
-      maxretry = 3;
-    };
-
-    postfix.settings = {
-      filter   = "postfix";
-      maxretry = 3;
-    };
-  };
-
-  services.kresd.listenPlain         = lib.mkForce [ "[::]:53" "0.0.0.0:53" ];
-  services.redis.servers.rspamd.bind = "0.0.0.0";
-
   services.dovecot2.sieve = {
     extensions       = [ "fileinto" ];
     globalExtensions = [ "+vnd.dovecot.pipe" "+vnd.dovecot.environment" ];
@@ -74,7 +62,7 @@ in serverSystemConfiguration {
     loginAccounts."contact@${domain}" = {
       aliases = [ "@${domain}" ];
 
-      hashedPasswordFile = config.age.secrets."hosts/cube/mail/password".path;
+      hashedPasswordFile = config.secrets.mailPassword.path;
     };
   };
 }
diff --git a/hosts/cube/mail/password.age b/hosts/cube/mail/password.age
index 54765f939364ab09ba72f5e52bd8d28533a77308..6e93dd8822c7295f96d04178ab3050c95de484c9 100644
GIT binary patch
delta 781
zcmbQpw1#bhPJLinM5dQ<mZ@QAaBz-UWstjxzM)}aTCQ7BiiJ~Fie<2CVOBwML0EpU
zE0?RUNuqObYGHY)Z@8OrSVfAzws~?=c~yG4cV2j~TS1wRubHQRX_b>>HkYoQLUD11
zZc%ZfLRLUxsBs`yshM$hWTt6;SaL~jV3B@lW`$9?QN2l`rFXcIvx#?Au(7j~rE^iL
zL1k%faaM(6NqSCxkfV80W>tZydt_xrD3@tkR-j*baB5U>Wu~)hKt)tlQFf|lx?hM}
zda6@oa#FClv3Y^HwxyYwM{tx!fl*kMw@-nEzH?YmMVgm$mI+sYYnWS_i&<s1XONeh
zOS+k1c)hp2v7cdOn5(6!zG-=3R;5d&QD$bSu~~SDwoi$<nQ3xFS&^xBj#p4rzHvYv
zSGd1Zc4(GaYH^ZZhH*-uXNb0AreR5ytDkXLsild2l1qk%dzM+6fthnyPGWY6ezLJe
zRFb2=e};Z|WOjB`5?79SPEuJ(PPv6&RdQ64M}1O;Ykr`)n~PtzvtyoPUXW9fUxrg<
zy17Mgu0?RBufC&;pRsRLSeiwkX^NStuUQ#aKvub#L0VLpv$02xhhbr8c4>)UWL}b6
zNQ#qwSVehMQd+5>L1;)oUZjO%ZedkKsCH6HWt3xHaG+mgh_Ai{S8-IJwnsolX})Pe
zRK1^%Q(;6&ZjMWKxl=(!m9uM(zk88sNqA|LqjOSexu3gxmYHXTdq{?Fxo@J2M^03L
zmo`^;gnOD-ZnjTqMnOipc6vxwgt4hhNr_ugPPUmzYDk2(aiXJfMn+ChUXFi3Qbl5l
zQE+C3e{z0#a71Fhzkx9qm#(g^f^(#SWxbJ0X-Ju4eq}_8L3xO`OHrmlREe{jrHPTV
zWq5^8XhmXCsAqU;KG*FV982Xxezys3a{4zb@v#Tn%J*vbGmPh+;ww=+y}%$d^zX9z
z+bcw+7$(WB4LILhFke`e|7aM~Sq-Nyfo4tJ>Cabk9{zCoUJ|SE0_ppq6>Y~V&VJEk
NU&5BUF^sRi766qA4N3q2

delta 237
zcmZ3(Hj!z9PJN0;SV>-CRDhSZaYRsNiffgBvROe!URGe1OL&BnX+XZ0cZi{TN|0NI
z0atcWxwpP$WMQD8OSzG6nwMFIcbZFKYPnf}hgU?gg;!`|cwmu5PFZS*E0?aWu0oPe
zj%jdqu~R{qah`>Xhed>2g_~PiYLR|mk#m}-v4>+?W}2n3Q*cmNWgyo>w|f4c@f*YD
z@_x8+(6n_&X>~+b;NJ(&XX<f9P38<M2o7G~S8r3WWYwG38!fYn7&f~Ze46M!{ia{W
p1MR&Px^j6=St~?TioND{O%2=h=b-h8?tcfn?S4dWv<iw?2msNXT<rh=

diff --git a/hosts/cube/matrix-synapse/password.secret.age b/hosts/cube/matrix-synapse/password.secret.age
deleted file mode 100644
index 40911acee1e228f3a736b0aa003006093da20079..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 307
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUFE{ZY;DObqOH%QMl
z*0(e@EeXsDFZVCVH>pa@^!5o#uE@)D%k>K~H?v4e2`ViPGU2lH3Jnj+%&-jcEeQ`U
z^ejru3NkD%uJm%x@$)EiD-5%Y$o6(GO0CSvGvU(J)m3mz2~La13`ufJ_wn?}Daee}
z)(*^e@;5hjEp$##iAb$Xj56>vF$mOl^yCs0on~v8Flon|nHFK83LF1@{ImOJ;MD1V
zDlhzBB9nA1FL%QG1v{AY%maR{G-+kXu=u`e+39&^O7$~sp1$SE(y>x{)A02hQ&dG=
z&9?X966>y}eU@uKaN*ANuTPauyjOe@J?YD3?PHqv8aRH$^KuKn-T9dDzD2-g+q(Q+
Jz2c1v+W@QgeU<<K

diff --git a/hosts/cube/matrix-synapse/password.sync.age b/hosts/cube/matrix-synapse/password.sync.age
deleted file mode 100644
index efa6027..0000000
--- a/hosts/cube/matrix-synapse/password.sync.age
+++ /dev/null
@@ -1,6 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 +rZ0Tw qnll3AmLOYVpsLP78bOa0F20HjoN0dOFK2Rk/Ye5w24
-Gsmy22GHYX+0dlrUJalVlPXTWyzCz7q9W5gQza71XbA
---- UQhQek9ss1w8rqxj7HQxh8H/uaIsTK5SIfxqCAe1xoQ
-�fɏZ�r���U�Z'�P����~@��f �5_��cru����/<���Q��|�fY��[�r�^��SO6}�>
-d!�HkZ�Xr$j	[�\�n���B��(/����#
\ No newline at end of file
diff --git a/hosts/cube/matrix-synapse/default.nix b/hosts/cube/matrix/default.nix
similarity index 71%
rename from hosts/cube/matrix-synapse/default.nix
rename to hosts/cube/matrix/default.nix
index e53b84e..3e4e90d 100644
--- a/hosts/cube/matrix-synapse/default.nix
+++ b/hosts/cube/matrix/default.nix
@@ -1,4 +1,4 @@
-{ config, ulib, ... }: with ulib;
+{ config, lib, ... }: with lib;
 
 let
   inherit (config.networking) domain;
@@ -16,6 +16,7 @@ let
 
   clientConfig."m.homeserver".base_url        = "https://${chatDomain}";
   clientConfig."org.matrix.msc3575.proxy".url = "https://${syncDomain}";
+
   serverConfig."m.server" = "${chatDomain}:443";
 
   wellKnownResponseConfig.locations = {
@@ -26,8 +27,8 @@ let
   notFoundLocationConfig = {
     locations."/".extraConfig = "return 404;";
 
-    extraConfig                         = "error_page 404 /404.html;";
-    locations."= /404.html".extraConfig = "internal;";
+    extraConfig                  = "error_page 404 /404.html;";
+    locations."/404".extraConfig = "internal;";
 
     locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;";
   };
@@ -35,11 +36,11 @@ let
   synapsePort = 8001;
   syncPort    = 8002;
 in serverSystemConfiguration {
-  age.secrets."hosts/cube/matrix-synapse/password.secret" = {
+  secrets.matrixSecret = {
     file  = ./password.secret.age;
     owner = "matrix-synapse";
   };
-  age.secrets."hosts/cube/matrix-synapse/password.sync" = {
+  secrets.matrixSyncPassword = {
     file  = ./password.sync.age;
     owner = "matrix-synapse";
   };
@@ -88,12 +89,12 @@ in serverSystemConfiguration {
     };
 
     # Sets registration_shared_secret.
-    extraConfigFiles = [ config.age.secrets."hosts/cube/matrix-synapse/password.secret".path ];
+    extraConfigFiles = [ config.secrets.matrixSecret.path ];
 
     settings.listeners = [{
       port = synapsePort;
 
-      bind_addresses = [ "::" ];
+      bind_addresses = [ "::1" ];
       tls            = false;
       type           = "http";
       x_forwarded    = true;
@@ -107,29 +108,29 @@ in serverSystemConfiguration {
 
   services.nginx.virtualHosts.${domain} = wellKnownResponseConfig;
 
-  services.nginx.virtualHosts.${chatDomain} = ulib.recursiveUpdateAll [ (sslTemplate domain) wellKnownResponseConfig notFoundLocationConfig {
+  services.nginx.virtualHosts.${chatDomain} = merge config.sslTemplate wellKnownResponseConfig notFoundLocationConfig {
     root = "${sitePath}";
 
-    locations."/_matrix".proxyPass         = "http://[::]:${toString synapsePort}";
-    locations."/_synapse/client".proxyPass = "http://[::]:${toString synapsePort}";
-  }];
+    locations."/_matrix".proxyPass         = "http://[::1]:${toString synapsePort}";
+    locations."/_synapse/client".proxyPass = "http://[::1]:${toString synapsePort}";
+  };
 
   services.matrix-sliding-sync = enabled {
-    environmentFile = config.age.secrets."hosts/cube/matrix-synapse/password.sync".path;
+    environmentFile = config.age.secrets.matrixSyncPassword.path;
     settings        = {
       SYNCV3_SERVER   = "https://${chatDomain}";
       SYNCV3_DB       = "postgresql:///matrix-sliding-sync?host=/run/postgresql";
-      SYNCV3_BINDADDR = "[::]:${toString syncPort}";
+      SYNCV3_BINDADDR = "[::1]:${toString syncPort}";
     };
   };
 
-  services.nginx.virtualHosts.${syncDomain} = ulib.recursiveUpdateAll [ (sslTemplate domain) notFoundLocationConfig {
-    root = "${sitePath}";
+  services.nginx.virtualHosts.${syncDomain} = merge config.sslTemplate notFoundLocationConfig {
+    root = sitePath;
 
     locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)"
-      .proxyPass = "http://[::]:${toString synapsePort}";
+      .proxyPass = "http://[::1]:${toString synapsePort}";
 
     locations."~ ^(\\/_matrix|\\/_synapse\\/client)"
-      .proxyPass = "http://[::]:${toString syncPort}";
-  }];
+      .proxyPass = "http://[::1]:${toString syncPort}";
+  };
 }
diff --git a/hosts/cube/matrix/password.secret.age b/hosts/cube/matrix/password.secret.age
new file mode 100644
index 0000000000000000000000000000000000000000..c125322fe8be83f6270a94fd1698f41a7b040f24
GIT binary patch
literal 846
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUFE{ZY;DOWJp&&c&K
zPPIsNb9VD7^Dzz$E(*)j&j`>r^ot5DG%rmocDFFLFx3tWb>wmhs|t5Y3Cc7wPAYQs
zaV>T8Ow6uuG08E`(9W#Nw}?nLjj#+(HBJpRiG<l!RGg@g6_6Ne9LQBrm>gah>FQqP
z7m({@QD)}r>ggZonHg2&mE@U{;alNi;F9KS8DW|fVjAV;oto=Y>2DTM;FD5d>}{E;
zo$Jr#>=u>cVVve^8Wv=dADEVu8&sB;<>ypvP!^JF92i>W8<=DqlxUV!kdaxKQ|#wd
zRGj8o<!F#@TI8*tl^dAG6_65T8eElURACYpW*OmaknG~*VpLQR<!hQ)SzuCC<d$cW
zot+e!oaP#upPS{C9<E*CV^A968({2MQBo9X#AQ)gnip1_ZxQ4d7U@*#5t0;~;bi8S
zQ<xuY9G+a@lkS-w<y>eGS`^|^nC9f>9qu2Q;bak*8xT@pVCkRlU&2*tmg`fP<)4`1
zXYQ{ZRZyOsXK7koT#}fXV;<~Tu3w(-lNy{?kz}0h<dazvl$w_7UR6|;;htU;XqFOE
z<?GF5RN`n6o>iGx80u%~9Fi6h9+ID$o9|PcS5i{p8j_VAP@J9Vp6aJ>V(C_8?q=?m
zpW<H-YG|CFVVP5y<7JS?mE;vrl2@W{VdUv-5$c`o;+d50mgp94nCF({?;Pc?U+AN4
zX`F6mSeaC4YFtuTRajV&Ym{H)mgi{T<{6n2#Z_GDnwpiKm7<@m@0f4lA8uBXlI3Vv
zX>Jr0mf>mU?(UTzR+<&$q3x0v7UX808xRoan3WpnSYqktRhC@g?##udtE;P!WS*K@
zSsIoVk{#$>U~Xm>Zm8|*U*=(w6ckdB<Lu#I?Bo<_;FIo_7~;s4eevLDk8>YVgcVnt
z?^!B3;V;keD?ilR&fhw15;turQ<27uyQxQBsL0J`_;k8q|C8<CnjYLcbMpOsC&_(k
z0R@E*Qf?jAT+hq2W&Q2#`*zjs$>EL(uzD4>`}?WJM=_1kMa%_i7bZsB3s)0XUsfK&
XB+_AaKw@UM<L2926g)4Mh3o+Uner{S

literal 0
HcmV?d00001

diff --git a/hosts/cube/matrix/password.sync.age b/hosts/cube/matrix/password.sync.age
new file mode 100644
index 0000000..033da0a
--- /dev/null
+++ b/hosts/cube/matrix/password.sync.age
@@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-ed25519 +rZ0Tw 0X0Ku7Shx9cZTtdBQvBT0yNdiRBCA72grq9mbBn5w30
+pv1SwZo5Sw2Y0AH5r0U4oIE+l2HLUfAMZa7MdExmi/0
+-> ssh-rsa jPaU3Q
+yQ4L8WaeBIqJmXXnXiZAq0l0hwaWoIZDUsx1Yfu65CwkhNzxE3zC7qn8TG+/yz90
+jxv3qCwkCfKUA12R1JHJj4TAvDXgBw8Icd24M5KcXaCQGZdTGEhGSod1kHFDx30R
+J5xJ4a+kJRUGL2UOsXwFBM/7pk/gMgfPvY8kckc0jCXR4w6UxQ2g1T29uqGo17CP
+GVHnHW+Kckc34x7Szry9gLKORNlwXskfkAOhXRnoSoj6pMNiTi6qY36DJZtrO38b
+CBSx3xe5JzRn+/SwumV+lk5LG/7rqQYttffdIY/qkB322Yl5pJF8eglc/fOShbaM
+AgMsOSioE17Kp7dlWOVnYjhcFqPITUryfeCnOzmeWAK7FG1s4nErSw0X9sKn1fYr
+zXPnu/J+f862skfkgnJwUEe3hjzwEvnxNGPaTLCBluYeyKQs8L/veTMQkgEjAJKn
+/Gzoh/aYEiYgSFsAid9jteup5jNhQS+j7jvF+zjlKgWaQ8k6IcqVK8p2fd8NQ47Y
+
+--- KeyAgC1N1Th+hPkr7kT2b5tk+yd+oN8z7MbVtzHTQHE
+3�n�)��ä�%��(�'�R?e5�O���Q�ǝ��7<��Md�H���r�0�yhl����E�G{옷NJ��nj㔰�;��tEp��y��O�bm1�ݰ}�ʋ��H�=��α[�
\ No newline at end of file
diff --git a/hosts/cube/nextcloud/default.nix b/hosts/cube/nextcloud/default.nix
index f5dfdba..7259478 100644
--- a/hosts/cube/nextcloud/default.nix
+++ b/hosts/cube/nextcloud/default.nix
@@ -1,19 +1,49 @@
- { config, lib, ulib, pkgs, ... }: with ulib;
+ { config, lib, pkgs, ... }: with lib;
 
 let
   inherit (config.networking) domain;
 
   fqdn = "cloud.${domain}";
-in serverSystemConfiguration {
-  age.secrets."hosts/cube/nextcloud/password" = {
+
+  prometheusPort = 9060;
+
+  nextcloudPackage = pkgs.nextcloud28;
+in systemConfiguration {
+  secrets.nextcloudPassword = {
     file  = ./password.age;
     owner = "nextcloud";
   };
+  secrets.nextcloudExporterPassword = {
+    file  = ./password.age;
+    owner = "nextcloud-exporter";
+  };
+
+  services.prometheus = {
+    exporters.nextcloud = enabled {
+      listenAddress = "[::1]";
+      port          = prometheusPort;
+
+      username     = "admin";
+      url          = "https://${fqdn}";
+      passwordFile = config.secrets.nextcloudExporterPassword.path;
+    };
+
+    scrapeConfigs = [{
+      job_name = "nextcloud";
+
+      static_configs = [{
+        labels.job = "nextcloud";
+        targets    = [
+          "[::1]:${toString prometheusPort}"
+        ];
+      }];
+    }];
+  };
 
   services.postgresql = {
     ensureDatabases = [ "nextcloud" ];
     ensureUsers     = [{
-      name = "nextcloud";
+      name              = "nextcloud";
       ensureDBOwnership = true;
     }];
   };
@@ -22,7 +52,7 @@ in serverSystemConfiguration {
     after    = [ "postgresql.service" ];
     requires = [ "postgresql.service" ];
 
-    script = lib.mkAfter ''
+    script = mkAfter ''
       nextcloud-occ theming:config name "RGBCube's Depot"
       nextcloud-occ theming:config slogan "RGBCube's storage of insignificant data."
 
@@ -34,7 +64,7 @@ in serverSystemConfiguration {
   };
 
   services.nextcloud = enabled {
-    package  = pkgs.nextcloud28;
+    package  = nextcloudPackage;
 
     hostName = fqdn;
     https    = true;
@@ -42,7 +72,7 @@ in serverSystemConfiguration {
     configureRedis = true;
 
     config.adminuser     = "admin";
-    config.adminpassFile = config.age.secrets."hosts/cube/nextcloud/password".path;
+    config.adminpassFile = config.secrets.nextcloudPassword.path;
 
     config.dbhost = "/run/postgresql";
     config.dbtype = "pgsql";
@@ -50,7 +80,7 @@ in serverSystemConfiguration {
     settings = {
       default_phone_region = "TR";
 
-      mail_smtphost     = "::";
+      mail_smtphost     = "::1";
       mail_smtpmode     = "sendmail";
       mail_from_address = "cloud";
     };
@@ -76,16 +106,15 @@ in serverSystemConfiguration {
 
     extraAppsEnable = true;
     extraApps       = {
-      inherit (config.services.nextcloud.package.packages.apps)
+      inherit (nextcloudPackage.packages.apps)
         bookmarks calendar contacts deck
-        forms groupfolders impersonate
-        mail maps notes phonetrack
-        polls previewgenerator tasks;
+        forms groupfolders impersonate mail
+        maps notes polls previewgenerator tasks;
         # Add: files_markdown files_texteditor memories news
     };
 
     nginx.recommendedHttpHeaders = true;
   };
 
-  services.nginx.virtualHosts.${fqdn} = sslTemplate domain;
+  services.nginx.virtualHosts.${fqdn} = config.sslTemplate;
 }
diff --git a/hosts/cube/nextcloud/password.age b/hosts/cube/nextcloud/password.age
index 5836b95..ef657fa 100644
--- a/hosts/cube/nextcloud/password.age
+++ b/hosts/cube/nextcloud/password.age
@@ -1,5 +1,15 @@
 age-encryption.org/v1
--> ssh-ed25519 +rZ0Tw 3QOn//uIWJTnBEVz3bn3s3yQlAeGDCynaJ4C+2Zi8iE
-AsPa4woWILuLVS0bvkLBddda9mQqJ9CS1hkWwhNrLg8
---- 7XNX3eRRei1LrcRiQSLgHJ0OkYt145uDVq+gtN/A9tk
-\���KD�r.'Q���������D��ML3�I�����3��
\ No newline at end of file
+-> ssh-ed25519 +rZ0Tw HGa+kmHedio/tQYp0ZuMCMjdEOtETkioVoRf0a5pkkY
+OoAFxkLB8pSADTgUcCwdqInYwF83//28Cza8jblQzaU
+-> ssh-rsa jPaU3Q
+W1fQyikhppgQKqASdAuKX2tpDrNgdXhe5LD1KjPuocTUa3sS+DM9UYf8Ap/uNDlA
+V481pDnrzO9c7lwP/HzUU4O2cm5APbT+Ho0kF1B+W4T3DiXt4/pvzxcufApoloY5
+bM7l3eH4gsp6Buiqr0EowZ48KNi9wW4OXxqjVRSCbyyfygEAl80zT8QP1/cF7A4q
+JwHVM6oyGLwLkfXrdLdxQw9T1Q/5wTCePBfzNzCE6XhmL48Hb1vKXnOwTpobVb1v
+Dn0FuD7GvhkgV06sd34sN6YO90lJAgPKvE0up2gIHG2FEJK0Pt8Er+SFJ5gag+W6
+fNZ/0P3lT/sB1WSWNn5w4nzmCU5VhxdJf+8hkdRwYqnGoE29YJXT/vW8PX4qFDGf
+++0HDup6FHFp4VZf6NwVI/Ua68IfyX53Y7iAeLvMiSF/SK5b4KezR0oTRd88t6x+
+qA/iv9wcV5z2qDXaVyitcREpC+bwvF7HdI+qmFIl9i5oMFv+pSoxuQRrTtAoBwup
+
+--- TsR5Ga8FM1YlCiUXVghF3MoWq9jvAo4/2g8IvOrBMCg
+�N�y�j�㦩
��u2�҃p���B,0l<M�΁���{���
\ No newline at end of file
diff --git a/hosts/cube/nginx.nix b/hosts/cube/nginx.nix
index 1bc4005..a130f07 100644
--- a/hosts/cube/nginx.nix
+++ b/hosts/cube/nginx.nix
@@ -1,12 +1,17 @@
-{ config, ulib, pkgs, ... }: with ulib;
+{ lib, pkgs, ... }: with lib;
 
-serverSystemConfiguration {
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-  networking.firewall.allowedUDPPorts = [ 443 ];
+let
+  prometheusPort = 9030;
+in systemConfiguration {
+  networking.firewall = {
+    allowedTCPPorts = [ 443 80 ];
+    allowedUDPPorts = [ 443 ];
+  };
 
   services.prometheus = {
     exporters.nginx = enabled {
-      port = 9030;
+      listenAddress = "[::1]";
+      port          = prometheusPort;
     };
 
     scrapeConfigs = [{
@@ -14,7 +19,7 @@ serverSystemConfiguration {
 
       static_configs = [{
         labels.job = "nginx";
-        targets    = [ "[::]:${toString config.services.prometheus.exporters.nginx.port}" ];
+        targets    = [ "[::1]:${toString prometheusPort}" ];
       }];
     }];
   };
diff --git a/hosts/cube/password.rgb.age b/hosts/cube/password.rgb.age
index fc247cc..7c03ad7 100644
--- a/hosts/cube/password.rgb.age
+++ b/hosts/cube/password.rgb.age
@@ -1,5 +1,16 @@
 age-encryption.org/v1
--> ssh-ed25519 +rZ0Tw 5+B9syGilyIjTRiIbR/tQqIRZ5ZUax8gOIZR62lYGhw
-vTzxsGNvqnZKGkDHy2+gyIIPqLXZltVBzwEQ5HeuLO0
---- eRFepEnDGHeb96HOq0kZOvILnQlL/WCf8fnVJbFHP8w
-ia���o'D�̗�c[��\
;m/���K݂�����s��0�� r��)V��h}����xh��zq�A}w��D��٫V��P1jۛ�%��J-
\ No newline at end of file
+-> ssh-ed25519 +rZ0Tw AMjDOXqRZGRFrMUIlDdqbSkwXuDSwg+0I7WLgYOnqAU
+awL2vueTU9BIRVBcvWQOtV3xoqC8BCrePg/D/FHtz28
+-> ssh-rsa jPaU3Q
+wIBOZFIsnXTf0fC3u2EOBdx4WSRefY3rcvG1pjwhUhpkSYc0E9U0EgZHFvfIk2kD
+uJUxtob3X45oJtM+8IS5vPrOHJMg8HFUJ/8h8uLJ8Jv2MTZvLeIxg5eFZBtXXR3m
+pR8gY0jCTzzrRjwVvF6RHYYFtdVtAKJ9ikI7Y/Q6UKI0Qk5jWBcAVBW0fkW4BM9i
+qj0fzByXXnzORePvFItlh8JXI07L8lUgt5cPOtMnoAXZDQRvzTAbHiigHYZZKDgl
+s0rw+CZ/lbUm9fvjPdGSOZ2v8Xo147Gf0bUgHMdBpDbFHglBiW2SeP7+JJNV0M3q
+eLGgI/eMeBBoQVV/cTRkKZzeB2S7Gsh3ogSBFqmHa9nLEitzATcgW5xyVBN9YdnG
+ZDi0GcPbe0VzpGaLIiF+qSNtUjIgKQKFuMoMKT6lcSUUhDw6OK5YeliK7P6JOS30
+rlwsZcxGDEcvJp8lRFKal9Kkv6+0EOr4b3d2NLWe3Wdd5uCpVF3FusAdwgxW8VH+
+
+--- jLhThmnzFUBiv2G29RihvdYKXuk6b7JLWyPC+quwX8w
+��e��*�V71�F�p��v�PE_u������G�<�t�%�����@�/f^��xό��7*��`Y��FN�0���N��R���e��N�~x�Y���(����
+�aW�
\ No newline at end of file
diff --git a/hosts/cube/podman.nix b/hosts/cube/podman.nix
index 99a3ee6..724c663 100644
--- a/hosts/cube/podman.nix
+++ b/hosts/cube/podman.nix
@@ -1,9 +1,9 @@
-{ ulib, ... }: with ulib;
+{ lib, ... }: with lib;
 
-serverSystemConfiguration {
+systemConfiguration {
   virtualisation.podman = enabled {
     dockerCompat = true;
-    dockerSocket = enabled {};
+    dockerSocket = enabled;
 
     defaultNetwork.settings.dns_enabled = true;
 
diff --git a/hosts/cube/postgresql.nix b/hosts/cube/postgresql.nix
index 4410391..84802af 100644
--- a/hosts/cube/postgresql.nix
+++ b/hosts/cube/postgresql.nix
@@ -1,9 +1,12 @@
-{ config, lib, ulib, pkgs, ... }: with ulib; merge
+{ lib, pkgs, ... }: with lib; merge
 
-(serverSystemConfiguration {
+(let
+  prometheusPort = 9020;
+in systemConfiguration {
   services.prometheus = {
     exporters.postgres = enabled {
-      port                = 9020;
+      listenAddress       = "[::1]";
+      port                = prometheusPort;
       runAsLocalSuperUser = true;
     };
 
@@ -12,7 +15,7 @@
 
       static_configs = [{
         labels.job = "postgres";
-        targets    = [ "[::]:${toString config.services.prometheus.exporters.postgres.port}" ];
+        targets    = [ "[::1]:${toString prometheusPort}" ];
       }];
     }];
   };
@@ -22,7 +25,7 @@
 
     initdbArgs = [ "--locale=C" "--encoding=UTF8" ];
 
-    authentication = lib.mkOverride 10 ''
+    authentication = mkOverride 10 ''
     # Type  Database DBUser Authentication IdentMap
       local sameuser all    peer           map=superuser_map
     '';
@@ -58,7 +61,7 @@
     ];
 
     settings = {
-      listen_addresses = lib.mkForce "";
+      listen_addresses = mkForce "";
 
       # https://pgconfigurator.cybertec.at/
       max_connections                = 100;
@@ -118,6 +121,6 @@
   };
 })
 
-(serverSystemPackages (with pkgs; [
+(systemPackages (with pkgs; [
   postgresql
 ]))
diff --git a/hosts/cube/prometheus.nix b/hosts/cube/prometheus.nix
index 851e843..556c805 100644
--- a/hosts/cube/prometheus.nix
+++ b/hosts/cube/prometheus.nix
@@ -1,11 +1,15 @@
-{ config, ulib, ... }: with ulib;
+{ lib, ... }: with lib;
 
-serverSystemConfiguration {
+let
+  port = 9000;
+
+  nodeExporterPort = 9010;
+in systemConfiguration {
   services.grafana.provision.datasources.settings = {
     datasources = [{
       name = "Prometheus";
       type = "prometheus";
-      url  = "http://[::]:${toString config.services.prometheus.port}";
+      url  = "http://[::1]:${toString port}";
 
       orgId = 1;
     }];
@@ -17,12 +21,14 @@ serverSystemConfiguration {
   };
 
   services.prometheus = enabled {
-    port          = 9000;
+    inherit port;
+
     retentionTime = "1w";
 
     exporters.node = enabled {
       enabledCollectors = [ "processes" "systemd" ];
-      port              = 9010;
+      listenAddress     = "[::1]";
+      port              = nodeExporterPort;
     };
 
     scrapeConfigs = [{
@@ -30,7 +36,7 @@ serverSystemConfiguration {
 
       static_configs = [{
         labels.job = "node";
-        targets    = [ "[::]:${toString config.services.prometheus.exporters.node.port}" ];
+        targets    = [ "[::1]:${toString nodeExporterPort}" ];
       }];
     }];
   };
diff --git a/hosts/cube/site.nix b/hosts/cube/site.nix
index 7985048..c2b5b75 100644
--- a/hosts/cube/site.nix
+++ b/hosts/cube/site.nix
@@ -1,52 +1,54 @@
-{ config, ulib, ... }: with ulib;
+{ config, lib, ... }: with lib;
 
 let
   inherit (config.networking) domain;
 
-  path = "/var/www/site";
+  sitePath = "/var/www/site";
 
   notFoundLocationConfig = {
-    extraConfig                         = "error_page 404 /404.html;";
-    locations."= /404.html".extraConfig = "internal;";
+    extraConfig                  = "error_page 404 /404.html;";
+    locations."/404".extraConfig = "internal;";
   };
-in serverSystemConfiguration {
-  services.nginx.appendHttpConfig = ''
-    map $http_origin $allow_origin {
-      ~^https://.+\.rgbcu.be$ $http_origin;
-    }
-
-    map $http_origin $allow_methods {
-      ~^https://.+\.rgbcu.be$ "GET, HEAD, OPTIONS";
-    }
-  '';
-
-  services.nginx.virtualHosts.${domain} = ulib.recursiveUpdateAll [ (sslTemplate domain) notFoundLocationConfig {
-    root = "${path}";
-
-    locations."/".tryFiles = "$uri $uri.html $uri/index.html =404";
-
-    locations."/assets/".extraConfig = ''
-      add_header Access-Control-Allow-Origin $allow_origin;
-      add_header Access-Control-Allow-Methods $allow_methods;
-
-      if ($request_method = OPTIONS) {
-        add_header Content-Type text/plain;
-        add_header Content-Length 0;
-        return 204;
+in systemConfiguration {
+  services.nginx = enabled {
+    appendHttpConfig = ''
+      map $http_origin $allow_origin {
+        ~^https://.+\.rgbcu.be$ $http_origin;
       }
 
-      expires 24h;
+      map $http_origin $allow_methods {
+        ~^https://.+\.rgbcu.be$ "GET, HEAD, OPTIONS";
+      }
     '';
-  }];
 
-  services.nginx.virtualHosts."www.${domain}" = (sslTemplate domain) // {
-    locations."/".extraConfig = "return 301 https://${domain}$request_uri;";
+    virtualHosts.${domain} = merge config.sslTemplate notFoundLocationConfig {
+      root = sitePath;
+
+      locations."/".tryFiles = "$uri $uri.html $uri/index.html =404";
+
+      locations."/assets/".extraConfig = ''
+        add_header Access-Control-Allow-Origin $allow_origin;
+        add_header Access-Control-Allow-Methods $allow_methods;
+
+        if ($request_method = OPTIONS) {
+          add_header Content-Type text/plain;
+          add_header Content-Length 0;
+          return 204;
+        }
+
+        expires 24h;
+      '';
+    };
+
+    virtualHosts."www.${domain}" = merge config.sslTemplate {
+      locations."/".extraConfig = "return 301 https://${domain}$request_uri;";
+    };
+
+    virtualHosts._ = merge config.sslTemplate notFoundLocationConfig {
+      root = sitePath;
+
+      locations."/".extraConfig        = "return 404;";
+      locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;";
+    };
   };
-
-  services.nginx.virtualHosts._ = ulib.recursiveUpdateAll [ (sslTemplate domain) notFoundLocationConfig {
-    root = "${path}";
-
-    locations."/".extraConfig = "return 404;";
-    locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;";
-  }];
 }
diff --git a/hosts/disk/default.nix b/hosts/disk/default.nix
new file mode 100644
index 0000000..57fe5b7
--- /dev/null
+++ b/hosts/disk/default.nix
@@ -0,0 +1,41 @@
+{ config, lib, keys, ... }: with lib; merge
+
+(systemConfiguration {
+  system.stateVersion  = "23.11";
+  nixpkgs.hostPlatform = "x86_64-linux";
+
+  networking.domain = "rgbcu.be";
+
+  secrets.floppyPassword.file  = ./password.floppy.age;
+
+  users.users = {
+    root.hashedPasswordFile = config.secrets.floppyPassword.path;
+
+    floppy = sudoUser {
+      description                 = "Floppy";
+      openssh.authorizedKeys.keys = [ keys.enka ];
+      hashedPasswordFile          = config.secrets.floppyPassword.path;
+    };
+  };
+
+  networking = {
+    defaultGateway  = "23.164.232.1";
+    defaultGateway6 = "2602:f9f7::1";
+
+    interfaces.ens32 = {
+      ipv4.addresses = [{
+        address      = "23.164.232.40";
+        prefixLength = 25;
+      }];
+
+      ipv6.addresses = [{
+        address      = "2602:f9f7::40";
+        prefixLength = 64;
+      }];
+    };
+  };
+})
+
+(homeConfiguration {
+  home.stateVersion = "23.11";
+})
diff --git a/hosts/disk/hardware.nix b/hosts/disk/hardware.nix
new file mode 100644
index 0000000..afb6759
--- /dev/null
+++ b/hosts/disk/hardware.nix
@@ -0,0 +1,27 @@
+{ config, lib, ... }: with lib;
+
+systemConfiguration {
+  boot.loader = {
+    systemd-boot = enabled {
+      editor = false;
+    };
+
+    efi.canTouchEfiVariables = true;
+  };
+
+  boot.initrd.availableKernelModules = [ "ahci" "ata_piix" "nvme" "sr_mod" ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/root";
+    fsType = "ext4";
+  };
+
+  fileSystems.${config.boot.loader.efi.efiSysMountPoint} = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+  };
+
+  swapDevices = [{
+    device = "/dev/disk/by-label/swap";
+  }];
+}
diff --git a/hosts/disk/password.floppy.age b/hosts/disk/password.floppy.age
new file mode 100644
index 0000000000000000000000000000000000000000..8432dfdb676e02dc98bb72d9dd9ee9d72201e605
GIT binary patch
literal 825
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSHE^u=TbX15cu}m`0
z4vS1r2{g`43w3d=Dlv{qD-Q6^G;>VJ$aF6$cF7BHPjYdp$ma5QGjPi@3U@Iz);D!4
zFfS}LH1P?_^h_=f@XYbF@Nm)hGcxpZ%MDI(HG$byRGg@g6_6Ne9LSX(Xc}4-S?;Fo
z8<Cz;=4oV-<ewDjV;)?fZS3n@?Ca<iWF8TirCm}UV3rnGQdm)xt?!cSZS0a}8ReA~
z>YvJ$;~rI#mKbFascq?|Z&{G<RpDx$<dPni=;xYK<>OnB=on(@XPl87kYw(ZVjNgh
znNwU56&4jy<eeRnnQ!FIRpg%(<m*~gm}C?lQk-mI9#R-olH=;_?v-MZnCk9T6mDJ_
z8k}yH>RM7*;hp20lph>gWSpN@Uf^xyUgS~W!<7{5=wlr2R+SnY9#Bybk`?Aul<inz
zndqKloSvRvV40W^s2yCT?;Mno=vR_$8W^bWlUH788X4hbnB<fnmBdwQXjB~Kl9y~?
zVNht15oDR~A7Gl6>+4i$Sea(&mu2qiV{TfR=j`a0UgZ{H5D->b5|C*Tn4RzBRg_+2
z<l)3snqqF5uI=nyoLFIDP-dW?RBloc6s2$Ane0=QVeINwUK#2WSy&#D5oBnZSK(^v
zn`s!F72+D;8RStAnOs)Rm89>Rm{jF$?vquL8d9ESmJ}J9TxL{R5m;%UZ(tH!92Ao2
zR+5xu92M!37L`|!Ra}s1oTQx|;TRm4m2MIk$d#ubVUd>W>*1ae=;P+4?U|UEY7m*6
zW?<}ST$CCZVwsVWpXL@)np0Jg<CYWXmmCo4k>*|*V65%wl2KBelF7xTtE;O}W*QQi
zlwI!V?iP@3USetC?U$Ku<{Ds78EBMh8l>%#9FS-jVvrqRRGiM`cHb_5@6+BD3|n5*
zuUIniY?Bvr-Te1|Ic7DVTgLl&fllBxr_8urbG}I1)?cw_{!!vILs>A0_3Vt&#=o6e
z>U;encd$3}ZN28dqueUick?|r?d!q2o*(RgImKjE>baTC=Yn^?Ta-|Lq~wza0GvW0
AIsgCw

literal 0
HcmV?d00001

diff --git a/hosts/disk/site6.nix b/hosts/disk/site6.nix
new file mode 100644
index 0000000..a5e3c41
--- /dev/null
+++ b/hosts/disk/site6.nix
@@ -0,0 +1,9 @@
+{ self, lib, ... }: with lib;
+
+systemConfiguration {
+  imports = [
+    (self + /hosts/cube/acme.nix)
+    (self + /hosts/cube/nginx.nix)
+    (self + /hosts/cube/site.nix)
+  ];
+} 
diff --git a/hosts/enka/default.nix b/hosts/enka/default.nix
index f7cf2a7..3fb2f47 100644
--- a/hosts/enka/default.nix
+++ b/hosts/enka/default.nix
@@ -1,4 +1,4 @@
-{ config, ulib, ... }: with ulib; merge
+{ config, lib, ... }: with lib; merge
 
 (systemConfiguration {
   system.stateVersion  = "23.05";
@@ -6,26 +6,23 @@
 
   time.timeZone = "Europe/Istanbul";
 
-  age.secrets."hosts/enka/password.said".file  = ./password.said.age;
-  age.secrets."hosts/enka/password.orhan".file = ./password.orhan.age;
-
-  users.users.root.hashedPasswordFile = config.age.secrets."hosts/enka/password.said".path;
-
-  users.users.said = graphicalUser {
-    description        = "Said";
-    extraGroups        = [ "wheel" ];
-    hashedPasswordFile = config.age.secrets."hosts/enka/password.said".path;
-    uid                = 1000;
+  secrets = {
+    orhanPassword.file = ./password.orhan.age;
+    saidPassword.file  = ./password.said.age;
   };
 
-  users.users.orhan = graphicalUser {
-    description        = "Orhan";
-    hashedPasswordFile = config.age.secrets."hosts/enka/password.orhan".path;
-    uid                = 1001;
-  };
+  users.users = {
+    root.hashedPasswordFile = config.secrets.saidPassword.path;
 
-  networking.firewall = enabled {
-    allowedTCPPorts = [ 8080 ];
+    orhan = desktopUser {
+      description        = "Orhan";
+      hashedPasswordFile = config.secrets.orhanPassword.path;
+    };
+
+    said = sudoUser (desktopUser {
+      description        = "Said";
+      hashedPasswordFile = config.secrets.saidPassword.path;
+    });
   };
 })
 
diff --git a/hosts/enka/hardware.nix b/hosts/enka/hardware.nix
index 6b594a2..8cbbe97 100644
--- a/hosts/enka/hardware.nix
+++ b/hosts/enka/hardware.nix
@@ -1,10 +1,13 @@
-{ ulib, ... }: with ulib;
+{ config, lib, ... }: with lib;
 
-desktopSystemConfiguration {
+systemConfiguration {
   boot.loader = {
+    systemd-boot = enabled {
+      editor      = false;
+      consoleMode = "max";
+    };
+
     efi.canTouchEfiVariables = true;
-    systemd-boot.enable      = true;
-    systemd-boot.editor      = false;
   };
 
   boot.initrd.availableKernelModules = [
@@ -20,14 +23,14 @@ desktopSystemConfiguration {
     fsType = "btrfs";
   };
 
-  fileSystems."/boot" = {
+  fileSystems.${config.boot.loader.efi.efiSysMountPoint} = {
     device = "/dev/disk/by-label/boot";
     fsType = "vfat";
   };
 
-  swapDevices = [
-    { device = "/dev/disk/by-label/swap"; }
-  ];
+  swapDevices = [{
+    device = "/dev/disk/by-label/swap";
+  }];
 
   hardware.enableAllFirmware         = true;
   hardware.cpu.intel.updateMicrocode = true;
diff --git a/hosts/enka/password.orhan.age b/hosts/enka/password.orhan.age
index 2f79af2..d5c108a 100644
--- a/hosts/enka/password.orhan.age
+++ b/hosts/enka/password.orhan.age
@@ -1,13 +1,13 @@
 age-encryption.org/v1
 -> ssh-rsa jPaU3Q
-M19jE1+l5CGuAbWy3AAhJcVtW9E1b8al9rgjSJ26ESewP5fipabiW8/KEA6QowU4
-NbFFu9Za0Sqo2ly5AS7kubYROCYQE238cZgMfVG15nFmIP1s3MY8hNZFaeJdjYJW
-W8SLTddBA5xWBzfNH2ZtW7KBICMgl5+mKAj35pB6qxcZjj274llFy8d8Xs0UsyDW
-4exLZdzbgCXC5JXVgZpOR0Ou0AdJPtHIxYmkaS+gjkr45fSo3XGSepxRw+SOlkV/
-0kQgyw5KPPNZZ9wXo89P4zponyWNqQCKPaxXbGJl44mKBXLxFSvCPjjuAZ7cZ+xn
-vd2ZcwztgLV84JT5pSJbUwjo6a5GrzOJ3/frxYgG4MK5foM8iyZ6cHFpNVeyOx/b
-IhfCdFc71+c+hfLpa1OETlKYEVYHDQ/nuAELAy81bfEa8OL1yh8q75gJZukgwWX8
-QEJLzwsN/496uBbFwwjj05R4feu35Iql1XLqOrTaixUA6uSdWjsnJscENFpchfzI
+Ra86YZeGq1g0NlPLVj/mdqFDp/SZQHL/CDJ3SaFTYtmfUqSER/hXOz7X5wqOZ+Yf
+SC0DUxrAaPobkuK9QMayBNmwB8Rq/cGXOb/vKmT5PnLpqNVu0ggIoaO+ZTEiUG8g
+ATdjUU+xPQpOCkk7wsdW4AzW1G4bOAS7AXFipfU+BhVtLzGziDJ6Uuglvt0ussku
+FHdIaD3AJcQQ1/kMdYtiLPQUaGdBnuUqOLzcoAgsp+4SDMHXKfuvyO7EsOaGVCc1
+RmCwWZ7UqQdwsn2pXUoAXOlhr3QdjiDTcBd6nVbxWCxy/GBpHgD4ffyMrF+Xv48n
+fyX9dMhb4AAz6kAN+/7g/WNHuv0kRCjggHCcd9BhRvrZKGBs7h1B6OvUcREDxVr8
+45QpKo2bpQqPBUJPlZXuHRWiQrInGJJHdA2JU1VBGJMnIumVrUCGeJSnBP3Ui46z
+GXIqHhgUYvBLXH0eLaHH17fx7ytWez88dDL8wwaHzL8AEtN+/XPFU7kNEU97QZJo
 
---- 06pUnwHPhIIgovnUcakwOCjfK5Et4twJF8NChBf3G9o
-
��g�0Fӻ�ͱ�*�����U�;����GK�s�qH-ތ-M��
v%� �o��jdOx��Ck������Jr���e�n�:�K�B�M�7�
\ No newline at end of file
+--- RNDo4JKbsihikrIB+cxCXuDCbvd2BqdIEKfLsBplLsI
+�~59\�[{ZV7J2<�����•���!U�ID�����<H!�s�L����R�[()�V�ja�s����>�>�GGT�*��JAI1:zx
��ͺ?�t�
\ No newline at end of file
diff --git a/hosts/enka/password.said.age b/hosts/enka/password.said.age
index fb4dcd2..9cd5ff1 100644
--- a/hosts/enka/password.said.age
+++ b/hosts/enka/password.said.age
@@ -1,13 +1,13 @@
 age-encryption.org/v1
 -> ssh-rsa jPaU3Q
-fNM8bL9QB/wvgB+MZOfWXDrPMCc/2bs3B5t1xgXe/Z6I0HXcnL/G1ipebvth/+Mr
-Wv6bMPgPPwrxvWaoC84PHTclp8kqsipTYO4r40cB5F7Yyq+oBOHlm3Kd1SGSPQQn
-FPCA0BxFhYQuHtQuqEdoMRZ5YxgoxWoso1gAAMzcnhac9HVK595F4HITpYzs453Q
-UTW+c1UigqvI70YNKo2jNSqAwJh2rA4EP/ivz5Y0fOv/WD8TpygbFdbFhvLZ4rBS
-NveQrMJcha/KArzu5cxYuQq+vF7ckGmPygGSMGkXCbb66ET8Mj/daBhfPfZ+nC+v
-eaBOlAJ4y+jUwajn3PlWelOjUTNoDHdp8I/xHtJs1avmlWhv8pdA/vR/61C0mApd
-39uzl2XsnvKQkqlE2CD618h1xsmXk9RDxzUzDuejO0Kv1Of7+SsR1Swk7IKaJQpB
-SzAfBCtnJxRsTIDVcBvqtb1cJiBgJt5/FFN8IGa9C0Hf3lFvB8qqR2BlwijhfGi/
+u3Kl4BwfKKxIk1ASkkOeEBOFbusd/hYapO/Ab78sc0ufOIJvso7rXgK8pjIoKhlD
+FLJ6kD8m+z79MDJU5o0UdqAEvzT/O5vUAxVI1XWGdDliSAzEQkaLDtz/Hhg8wlel
+9l/oCaV5cEB/3JXPI++4Ck+TaZ61+DGcfkQFXBGFITQyQOcErfGP54KyYeMPPKH6
+XB57IahfwK1G9DaIhGxHni328H1d4xmoWobEOS+RalIW9Yc+oJBTw5LEJZpgt8+t
+HUQ5x1kKRqqIgZYSuyTV33LI4JxiXpJgPSQIUyUFHCN+0tkshaOa6VjZvIxX+LKi
+ZUgAsWTkA/nfpQqX9zOpyhTN1cVR8xUptZWIFlSeu2W9O6xjirOSo6+3574ANrD4
+pvUQe+VEV+U7ePnx81YS9BhESQ8lmqUlaX1d8uGHSWas5DjE8Kcaa6K9k9ab7u9q
+mh+g2b/P2w2lVRgrcUyqn2S/coEzaHgskx8fyV23w4BbMefoHWdmsNwGhIew8Uhr
 
---- JmxH14QpQiLryhESgYyK4H7fpol168CbjecUwfnRFRM
-bd!<&���-1e��s�ă�{Oq�
G�~��.c��m�u!�$(!/��a����svz��w6�C���E2��>�.xB�b=����Ԑgj�<x���N
\ No newline at end of file
+--- C4f6KVF7Y1hMY+aD+qNTbMeGj9CJ2K5nMkJAzib7QHE
+i�H)�9f*��gbd\�)/A2Vc������T�'�
�/�ң`��ƿ��h�G���ܩ�{�hȣ�ul��]�f9��	1^��.��C�aYS
\ No newline at end of file
diff --git a/hosts/password.acme.age b/hosts/password.acme.age
new file mode 100644
index 0000000..47a0d33
--- /dev/null
+++ b/hosts/password.acme.age
@@ -0,0 +1,17 @@
+age-encryption.org/v1
+-> ssh-ed25519 +rZ0Tw jXnHlBEI/Soqpgq1ivfJHfyG1Vu6587MRmsiiY/s3Gc
+PzOumPaUFNwlkD0e0c9ES7Ix1RGsdnqRKgHPBKpIGuc
+-> ssh-ed25519 spFFQA wGPxs3a6og3Hjx5a/EHY8cRoFCGHDu9Ce3BH87FwiEc
+X3FdpYD1OftG9xaFzQ3mlvZkQPn4AQmCqfB/6KnCVvE
+-> ssh-rsa jPaU3Q
+WfcscVagmu1lL48CmP+QLrswXBJVGqMvBpOGbIDDbMXXXGQhuDhKX3f/j35ThUeq
+snuV+Nz7Fs4y0RRYlZ5ieWbCV3Xa/TaEA1TfoQD4GMZreX7Fn+w4AhfiPFrc9sUV
+ZGpfIxBx2HSkV36c0iLS4Vp14wTYJzrY3gJuldMbHLY9tLD0AVF2EJ456WI4KE0v
+XpyvdH37BXwpUrWMk7dGvLS0CnQjGBceRcaWaTU93izFO2GiwE0Vk2nRO9EOxaw/
+M08VC7LvAm9Uj4iAJonfnCIf4KdrDlwbBkjDA0FPl2Wg3dOo1/qgGYuMi8wzcuYF
+OLbh5kQAcOZ/3QsWnhEd8Vf1BVaQyE/hhelj1R0ZJDB3CeVLdzTlg/MFKUOC9SPw
+5znm8ELiQziBariOgGmvAwCYt3O4Wpp7UqWjlnyPBWp94Q6teaj7PuIQ0OCuixPZ
+QQikdfG0u0FgXK0fQAmO7/UChbKcrq+xEb84NUd0WiH0t+GTuMq0CpRSg9B1fE0r
+
+--- iJOaeMlcZ5LkNlwPuRdcpyzARZpDxQB0Mn73JKZLCyM
+�K�`ں���^HZL�����|�fT�߆�À�֢E_�%��?��k�'����ZT&Y�^���PA��~����	Ɓ�*tӕ�W�/�P�h��h�M����EA�Hs���^�O��!�����H�J�~�'g�9�HTI�O"I�G�;][
����_T}S�5�e�G�׮�g�=]�bK HQ�Q��XS��Ε(Z�X�϶�%}O�:
\ No newline at end of file
diff --git a/keys.nix b/keys.nix
index 77aefdf..44ac65b 100644
--- a/keys.nix
+++ b/keys.nix
@@ -1,4 +1,5 @@
 {
-  enka = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRSLWxpIMOZIQv9ggDnAwSxmux/TZvuEPgq2HFiH+oI2OE07xYQAiroBVI5HH+aIg1nwpYtArANoD8V9Hrx2XCo2py/fMi9LhJWNMlFVcRLqYrCmrZYhBqZhxXIdY+wXqkSE7kvTKsz84BrhwilfA/bqTgVw2Ro6w0RnTzUhlYx4w10DT3isN09cQJMgvuyWNRlpGpkEGhPwyXythKM2ERoHTfq/XtpiGZQeLr6yoTTd9q4rbvnGGka5IUEz3RrmeXEs13l02IY6dCUFJkRRsK8dvB9zFjQyM08IqdaoHeudZoCOsnl/AiegZ7C5FoYEKIXY86RqxS3TH3nwuxe2fXTNr9gwf2PumM1Yh2WxV4+pHQOksxW8rWgv1nXMT5AG0RrJxr+S0Nn7NBbzCImrprX3mg4vJqT24xcUjUSDYllEMa2ioXGCeff8cwVKK/Ly5fwj0AX1scjiw+b7jD6VvDLA5z+ALwCblxiRMCN0SOMk9/V2Xsg9YIRMHyQwpqu8k= said@enka";
   cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINMkCJeHcD0SIOZ4HkyF6rqUmbvlKhSha3HWMZ0hbIjp rgb@cube";
+  disk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItpYQ3Pz6zFifKXvFX7xAC8aby9RW/m5PkW8T9SOee4 floppy@disk";
+  enka = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRSLWxpIMOZIQv9ggDnAwSxmux/TZvuEPgq2HFiH+oI2OE07xYQAiroBVI5HH+aIg1nwpYtArANoD8V9Hrx2XCo2py/fMi9LhJWNMlFVcRLqYrCmrZYhBqZhxXIdY+wXqkSE7kvTKsz84BrhwilfA/bqTgVw2Ro6w0RnTzUhlYx4w10DT3isN09cQJMgvuyWNRlpGpkEGhPwyXythKM2ERoHTfq/XtpiGZQeLr6yoTTd9q4rbvnGGka5IUEz3RrmeXEs13l02IY6dCUFJkRRsK8dvB9zFjQyM08IqdaoHeudZoCOsnl/AiegZ7C5FoYEKIXY86RqxS3TH3nwuxe2fXTNr9gwf2PumM1Yh2WxV4+pHQOksxW8rWgv1nXMT5AG0RrJxr+S0Nn7NBbzCImrprX3mg4vJqT24xcUjUSDYllEMa2ioXGCeff8cwVKK/Ly5fwj0AX1scjiw+b7jD6VvDLA5z+ALwCblxiRMCN0SOMk9/V2Xsg9YIRMHyQwpqu8k= said@enka";
 }
diff --git a/lib/configuration.nix b/lib/configuration.nix
deleted file mode 100644
index bff22f7..0000000
--- a/lib/configuration.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-users: let
-  userHomeConfiguration = users: configuration: {
-    home-manager.users = builtins.foldl' (final: user: final // {
-      ${user} = configuration;
-    }) {} (if builtins.isList users then users else [ users ]);
-  };
-in rec {
-  inherit users;
-
-  isServer  = users.graphical == [];
-  isDesktop = !isServer;
-
-  # For every machine.
-  systemConfiguration = configuration: configuration;
-  systemPackages      = packages: systemConfiguration { environment.systemPackages = packages; };
-  systemFonts         = packages: systemConfiguration { fonts.packages = packages; };
-
-  # For every user, on every machine.
-  homeConfiguration = configuration: { home-manager.sharedModules = [ configuration ]; };
-  homePackages      = packages: homeConfiguration { home.packages = packages; };
-
-  # For every desktop.
-  desktopSystemConfiguration = configuration: if isServer then {} else configuration;
-  desktopSystemPackages      = packages:      if isServer then {} else systemPackages packages;
-  desktopSystemFonts         = packages:      if isServer then {} else systemFonts packages;
-  # For every graphical user on every desktop.
-  desktopHomeConfiguration   = configuration: if isServer then {} else userHomeConfiguration users.graphical configuration;
-  desktopHomePackages        = packages:      if isServer then {} else desktopHomeConfiguration { home.packages = packages; };
-
-  # For every server.
-  serverSystemConfiguration  = configuration: if isServer then configuration else {};
-  serverSystemPackages       = packages:      if isServer then systemPackages packages else {};
-  serverSystemFonts          = packages:      if isServer then systemFonts packages else {};
-  # For every user on every server.
-  serverHomeConfiguration    = configuration: if isServer then homeConfiguration configuration else {};
-  serverHomePackages         = packages:      if isServer then homePackages packages else {};
-}
diff --git a/lib/configuration1.nix b/lib/configuration1.nix
new file mode 100644
index 0000000..067df8c
--- /dev/null
+++ b/lib/configuration1.nix
@@ -0,0 +1,6 @@
+lib: {
+  systemConfiguration = cfg: cfg;
+  systemPackages      = pkgs: { environment.systemPackages = pkgs; };
+  systemFonts         = pkgs: { fonts.packages = pkgs; };
+  homeConfiguration   = cfg: { home-manager.sharedModules = [ cfg ]; };
+}
diff --git a/lib/configuration2.nix b/lib/configuration2.nix
new file mode 100644
index 0000000..aa59e78
--- /dev/null
+++ b/lib/configuration2.nix
@@ -0,0 +1,32 @@
+lib: config: let
+  userHomeConfiguration = users: cfg: {
+    home-manager.users = lib.genAttrs users (_: cfg);
+  };
+
+  allNormalUsers = [ "root" ] ++ lib.pipe config.users.users [
+    (lib.filterAttrs (_: lib.getAttr "isNormalUser"))
+    lib.attrNames
+  ];
+
+  desktopUsers = lib.pipe config.users.users [
+    (lib.filterAttrs (_: lib.getAttr "isDesktopUser"))
+    lib.attrNames
+  ];
+in rec {
+  inherit allNormalUsers desktopUsers;
+
+  isDesktop = desktopUsers != [];
+  isServer  = desktopUsers == [];
+
+  desktopSystemConfiguration   = cfg: lib.optionalAttrs isDesktop cfg;
+  desktopSystemPackages        = pkgs: desktopSystemConfiguration (lib.systemPackages pkgs);
+  desktopSystemFonts           = pkgs: desktopSystemConfiguration (lib.systemFonts pkgs);
+  desktopUserHomeConfiguration = cfg: userHomeConfiguration desktopUsers cfg;
+  desktopUserHomePackages      = pkgs: desktopUserHomeConfiguration { home.packages = pkgs; };
+  desktopHomeConfiguration     = cfg: desktopSystemConfiguration (lib.homeConfiguration cfg);
+  desktopHomePackages          = pkgs: desktopHomeConfiguration { home.packages = pkgs; };
+
+  serverSystemConfiguration = cfg: lib.optionalAttrs isServer cfg;
+  serverSystemPackages      = pkgs: serverSystemConfiguration (lib.systemPackages pkgs);
+  serverHomeConfiguration   = cfg: serverSystemConfiguration (lib.homeConfiguration cfg);
+}
diff --git a/lib/default.nix b/lib/default.nix
deleted file mode 100644
index 634af0a..0000000
--- a/lib/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-lib: users: let
-  configuration = import ./configuration.nix users;
-  merge         = import ./merge.nix lib;
-  ssl           = import ./ssl.nix;
-  values        = import ./values.nix;
-in configuration // merge // ssl // values
diff --git a/lib/enabled.nix b/lib/enabled.nix
new file mode 100644
index 0000000..f55fac8
--- /dev/null
+++ b/lib/enabled.nix
@@ -0,0 +1,11 @@
+lib: {
+  enabled = lib.mkMerge [{
+    enable = true;
+  }] // {
+    __functor = self: attributes: self // {
+      contents = self.contents ++ [ attributes ];
+    };
+  };
+
+  disabled = { enable = false; };
+}
diff --git a/lib/merge.nix b/lib/merge.nix
index cd72807..14d86a5 100644
--- a/lib/merge.nix
+++ b/lib/merge.nix
@@ -1,13 +1,7 @@
-lib: let
-  mergeAll = builtins.foldl' (collected: module: {
-    imports = collected.imports ++ [ module ];
-  }) { imports = []; };
-in {
-  merge  = a: b: mergeAll [ a b  ];
-  merge3 = a: b: c: mergeAll [ a b c  ];
-  merge4 = a: b: c: d: mergeAll [ a b c d ];
-  merge5 = a: b: c: d: e: mergeAll [ a b c d e ];
-  merge6 = a: b: c: d: e: f: mergeAll [ a b c d e f ];
-
-  recursiveUpdateAll = builtins.foldl' lib.recursiveUpdate {};
+lib: {
+  merge = lib.mkMerge [] // {
+    __functor = self: next: self // {
+      contents = self.contents ++ [ next ];
+    };
+  };
 }
diff --git a/lib/modules.nix b/lib/modules.nix
new file mode 100644
index 0000000..e8e1586
--- /dev/null
+++ b/lib/modules.nix
@@ -0,0 +1,10 @@
+lib: {
+  mkConst = value: lib.mkOption {
+    default  = value;
+    readOnly = true;
+  };
+
+  mkValue = value: lib.mkOption {
+    default = value;
+  };
+}
diff --git a/lib/ssl.nix b/lib/ssl.nix
deleted file mode 100644
index 474c971..0000000
--- a/lib/ssl.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-  sslTemplate = domain: {
-    forceSSL    = true;
-    quic        = true;
-    useACMEHost = domain;
-  };
-}
diff --git a/lib/values.nix b/lib/values.nix
index a2328e4..00dfd25 100644
--- a/lib/values.nix
+++ b/lib/values.nix
@@ -1,18 +1,19 @@
-{
-  enabled = attributes: attributes // {
-    enable = true;
-  };
-
+lib: {
   normalUser = attributes: attributes // {
     isNormalUser = true;
   };
 
+  sudoUser = attributes: attributes // {
+    isNormalUser = true;
+    extraGroups  = [ "wheel" ] ++ attributes.extraGroups or [];
+  };
+
+  desktopUser = attributes: attributes // {
+    isNormalUser  = true;
+    isDesktopUser = true; # Defined in options/desktop.nix.
+  };
+
   systemUser = attributes: attributes // {
     isSystemUser = true;
   };
-
-  graphicalUser = attributes: attributes // {
-    isNormalUser = true;
-    extraGroups  = [ "graphical" ] ++ attributes.extraGroups or []; 
-  };
 }
diff --git a/modules/autofreq.nix b/modules/autofreq.nix
index f0ef820..53372c9 100644
--- a/modules/autofreq.nix
+++ b/modules/autofreq.nix
@@ -1,5 +1,5 @@
-{ ulib, ... }: with ulib;
+{ lib, ... }: with lib;
 
 desktopSystemConfiguration {
-  services.auto-cpufreq = enabled {};
+  services.auto-cpufreq = enabled;
 }
diff --git a/modules/bat.nix b/modules/bat.nix
index b9de9b1..0afdf35 100644
--- a/modules/bat.nix
+++ b/modules/bat.nix
@@ -1,17 +1,19 @@
-{ ulib, pkgs, theme, ... }: with ulib;
+{ config, lib, pkgs, ... }: with lib; merge
 
-homeConfiguration {
-  programs.nushell.environmentVariables = {
-    MANPAGER = ''"bat --plain --language man"'';
-    PAGER    = ''"bat --plain"'';
+(systemConfiguration {
+  environment.variables = {
+    MANPAGER = "bat --plain --language man";
+    PAGER    = "bat --plain";
   };
 
-  programs.nushell.shellAliases.cat  = "bat";
+  environment.shellAliases.cat  = "bat";
+})
 
+(homeConfiguration {
   programs.bat = enabled {
-    config.theme  = "base16";
-    themes.base16.src = pkgs.writeText "base16.tmTheme" theme.tmTheme;
+    config.theme      = "base16";
+    themes.base16.src = pkgs.writeText "base16.tmTheme" config.theme.tmTheme;
 
     config.pager = "less -FR";
   };
-}
+})
diff --git a/modules/blueman.nix b/modules/blueman.nix
index d7b426a..23fa606 100644
--- a/modules/blueman.nix
+++ b/modules/blueman.nix
@@ -1,7 +1,7 @@
-{ ulib, ... }: with ulib;
+{ lib, ... }: with lib;
 
 desktopSystemConfiguration {
-  services.blueman = enabled {};
+  services.blueman = enabled;
 
   hardware.bluetooth = enabled {
     powerOnBoot = true;
diff --git a/modules/btop.nix b/modules/btop.nix
index ac2f44c..de1fb80 100644
--- a/modules/btop.nix
+++ b/modules/btop.nix
@@ -1,11 +1,11 @@
-{ ulib, theme, ... }: with ulib;
+{ config, lib, ... }: with lib;
 
 homeConfiguration {
-  xdg.configFile."btop/themes/base16.theme".text = theme.btopTheme;
+  xdg.configFile."btop/themes/base16.theme".text = config.theme.btopTheme;
 
   programs.btop = enabled {
     settings.color_theme = "base16";
 
-    settings.rounded_corners = theme.cornerRadius != 0;
+    settings.rounded_corners = config.theme.cornerRadius > 0;
   };
 }
diff --git a/modules/discord.nix b/modules/discord.nix
index a318d9c..b1fda87 100644
--- a/modules/discord.nix
+++ b/modules/discord.nix
@@ -1,15 +1,15 @@
-{ ulib, pkgs, theme, ... }: with ulib; merge3
+{ config, lib, pkgs, ... }: with lib; merge
 
 (desktopSystemConfiguration {
   nixpkgs.config.allowUnfree = true;
 })
 
-(desktopHomeConfiguration {
-  xdg.configFile."Vencord/settings/quickCss.css".text = theme.discordCss;
+(desktopUserHomeConfiguration {
+  xdg.configFile."Vencord/settings/quickCss.css".text = config.theme.discordCss;
 })
 
-(desktopHomePackages (with pkgs; [
-  (discord-canary.override {
+(desktopUserHomePackages (with pkgs; [
+  (discord.override {
     withOpenASAR = true;
     withVencord  = true;
   })
diff --git a/modules/documentation.nix b/modules/documentation.nix
index 93112cf..c2f0218 100644
--- a/modules/documentation.nix
+++ b/modules/documentation.nix
@@ -1,9 +1,9 @@
-{ ulib, ... }: with ulib;
+{ lib, ... }: with lib;
 
 systemConfiguration {
   documentation = {
-    doc.enable  = false;
-    info.enable = false;
+    doc  = disabled;
+    info = disabled;
 
     man = enabled {
       generateCaches = true;
diff --git a/modules/dunst.nix b/modules/dunst.nix
index fae5844..c1bd869 100644
--- a/modules/dunst.nix
+++ b/modules/dunst.nix
@@ -1,7 +1,7 @@
-{ ulib, theme, ... }: with ulib;
+{ config, lib, ... }: with lib;
 
-desktopHomeConfiguration {
-  services.dunst = with theme.withHashtag; enabled {
+desktopUserHomeConfiguration {
+  services.dunst = with config.theme.withHashtag; enabled {
     iconTheme = icons;
 
     settings.global = {
diff --git a/modules/endlessh-go.nix b/modules/endlessh-go.nix
index d97982f..ac56d7b 100644
--- a/modules/endlessh-go.nix
+++ b/modules/endlessh-go.nix
@@ -1,13 +1,16 @@
-{ config, ulib, pkgs, ... }: with ulib;
+{ lib, pkgs, ... }: with lib;
 
-serverSystemConfiguration {
+let
+  fakeSSHPort    = 22;
+  prometheusPort = 9050;
+in serverSystemConfiguration {
   services.prometheus.scrapeConfigs = [{
     job_name = "endlessh-go";
 
     static_configs = [{
       labels.job = "endlessh-go";
       targets    = [
-        "[::]:${toString config.services.endlessh-go.prometheus.port}"
+        "[::1]:${toString prometheusPort}"
       ];
     }];
   }];
@@ -17,10 +20,11 @@ serverSystemConfiguration {
   # services.endlessh-go.openFirewall exposes both the Prometheus
   # exporters port and the SSH port, and we don't want the metrics
   # to leak, so we manually expose this like so.
-  networking.firewall.allowedTCPPorts = [ config.services.endlessh-go.port ];
+  networking.firewall.allowedTCPPorts = [ fakeSSHPort ];
 
   services.endlessh-go = enabled {
-    port = 22;
+    listenAddress = "[::]";
+    port          = fakeSSHPort;
 
     extraOptions = [
       "-alsologtostderr"
@@ -29,8 +33,8 @@ serverSystemConfiguration {
     ];
 
     prometheus = enabled {
-      listenAddress = "[::]";
-      port          = 9050;
+      listenAddress = "[::1]";
+      port          = prometheusPort;
     };
   };
 }
diff --git a/modules/fail2ban.nix b/modules/fail2ban.nix
deleted file mode 100644
index 0b64ad3..0000000
--- a/modules/fail2ban.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ ulib, ... }: with ulib;
-
-serverSystemConfiguration {
-  services.fail2ban = enabled {
-    bantime           = "24h";
-    bantime-increment = enabled {
-      maxtime = "7d";
-    };
-  };
-}
diff --git a/modules/firefox.nix b/modules/firefox.nix
index 7c6c220..989834a 100644
--- a/modules/firefox.nix
+++ b/modules/firefox.nix
@@ -1,8 +1,8 @@
-{ ulib, theme, ... }: with ulib;
+{ config, lib, ... }: with lib;
 
-desktopHomeConfiguration {
+desktopUserHomeConfiguration {
   programs.firefox = enabled {
-    profiles.default.settings = with theme.font; {
+    profiles.default.settings = with config.theme.font; {
       "general.autoScroll"               = true;
       "privacy.donottrackheader.enabled" = true;
 
diff --git a/modules/fonts.nix b/modules/fonts.nix
index 628ece3..9e1da4e 100644
--- a/modules/fonts.nix
+++ b/modules/fonts.nix
@@ -1,6 +1,6 @@
-{ ulib, pkgs, theme, ... }: with ulib; merge
+{ config, lib, pkgs, ... }: with lib; merge
 
-(systemConfiguration {
+(desktopSystemConfiguration {
   console = {
     earlySetup = true;
     font       = "Lat2-Terminus16";
@@ -8,12 +8,16 @@
   };
 })
 
-(desktopSystemFonts (with pkgs; [
-  theme.font.sans.package
-  theme.font.mono.package
+(desktopSystemFonts [
+  config.theme.font.sans.package
+  config.theme.font.mono.package
 
-  noto-fonts
-  noto-fonts-cjk-sans
-  noto-fonts-lgc-plus
-  noto-fonts-emoji
-]))
+  pkgs.noto-fonts
+  pkgs.noto-fonts-cjk-sans
+  pkgs.noto-fonts-lgc-plus
+  pkgs.noto-fonts-emoji
+])
+
+(serverSystemConfiguration {
+  fonts.fontconfig = disabled;
+})
diff --git a/modules/fuzzel.nix b/modules/fuzzel.nix
index 0088f55..6fceeaa 100644
--- a/modules/fuzzel.nix
+++ b/modules/fuzzel.nix
@@ -1,7 +1,7 @@
-{ ulib, theme, ... }: with ulib;
+{ config, lib, ... }: with lib;
 
-desktopHomeConfiguration {
-  programs.fuzzel = with theme; enabled {
+desktopUserHomeConfiguration {
+  programs.fuzzel = with config.theme; enabled {
     settings.main = {
       dpi-aware  = false;
       font       = "${font.sans.name}:size=${toString font.size.big}";
@@ -19,13 +19,13 @@ desktopHomeConfiguration {
       inner-pad      = padding;
     };
 
-    settings.colors = {
-      background     = base00 + "FF";
-      text           = base05 + "FF";
-      match          = base0A + "FF";
-      selection      = base05 + "FF";
-      selection-text = base00 + "FF";
-      border         = base0A + "FF";
+    settings.colors = mapAttrs (_: color: color + "FF") {
+      background     = base00;
+      text           = base05;
+      match          = base0A;
+      selection      = base05;
+      selection-text = base00;
+      border         = base0A;
     };
 
     settings.border = {
diff --git a/modules/ghostty.nix b/modules/ghostty.nix
index c39a19c..1f3828c 100644
--- a/modules/ghostty.nix
+++ b/modules/ghostty.nix
@@ -1,18 +1,14 @@
-{ inputs, lib, ulib, pkgs, upkgs, theme, ... }: with ulib; merge
+{ config, lib, pkgs, ... }: with lib;
 
-(desktopSystemConfiguration {
-  home-manager.sharedModules = [ inputs.ghosttyModule.homeModules.default ];
-})
-
-(desktopHomeConfiguration {
+desktopUserHomeConfiguration {
   programs.nushell.environmentVariables.TERMINAL = "ghostty";
 
   programs.ghostty = enabled {
-    package = upkgs.ghostty;
+    package = pkgs.ghostty;
 
     clearDefaultKeybindings = true;
 
-    keybindings = (lib.mapAttrs' (name: lib.nameValuePair "ctrl+shift+${name}") {
+    keybindings = (mapAttrs' (name: nameValuePair "ctrl+shift+${name}") {
       c = "copy_to_clipboard";
       v = "paste_from_clipboard";
 
@@ -50,14 +46,15 @@
       "physical:eight" = "goto_tab:8";
       "physical:nine"  = "goto_tab:9";
       "physical:zero"  = "goto_tab:10";
-    }) // (lib.mapAttrs' (name: lib.nameValuePair "ctrl+${name}") {
-      "physical:tab"         = "next_tab";
+    }) // (mapAttrs' (name: nameValuePair "ctrl+${name}") {
+      "physical:tab"       = "next_tab";
       "shift+physical:tab" = "previous_tab";
     });
 
-    shellIntegration.enable = false;
+    # Disabled here as Nushell isn't supported and Nushell enables it in its own config.
+    shellIntegration = disabled;
 
-    settings = with theme; {
+    settings = with config.theme; {
       font-size   = font.size.normal;
       font-family = font.mono.name;
 
@@ -73,4 +70,4 @@
       ];
     };
   };
-})
+}
diff --git a/modules/git.nix b/modules/git.nix
index 3277d03..9c31f66 100644
--- a/modules/git.nix
+++ b/modules/git.nix
@@ -1,7 +1,7 @@
-{ lib, ulib, pkgs, ... }: with ulib; merge3
+{ lib, pkgs, ... }: with lib; merge
 
-(homeConfiguration {
-  programs.nushell.shellAliases = {
+(systemConfiguration {
+  environment.shellAliases = {
     g = "git";
 
     ga  = "git add";
@@ -62,8 +62,10 @@
 
     gst = "git status";
   };
+})
 
-  programs.nushell.configFile.text = lib.mkAfter ''
+(homeConfiguration {
+  programs.nushell.configFile.text = mkAfter ''
     # Sets the remote origin to the specified user and repository on my git instance
     def gsr [user_and_repo: string] {
       let user_and_repo = if ($user_and_repo | str index-of "/") != -1 {
@@ -82,13 +84,13 @@
     userName  = "RGBCube";
     userEmail = "git@rgbcu.be";
 
-    lfs = enabled {};
+    lfs = enabled;
 
     difftastic = enabled {
       background = "dark";
     };
 
-    extraConfig = lib.recursiveUpdate {
+    extraConfig = merge {
       init.defaultBranch = "master";
 
       commit.verbose = true;
@@ -122,7 +124,7 @@
       core.sshCommand                              = "ssh -i ~/.ssh/id";
       url."ssh://git@github.com/".insteadOf        = "https://github.com/";
       url."ssh://forgejo@rgbcu.be:2222/".insteadOf = "https://git.rgbcu.be/";
-    } (lib.optionalAttrs ulib.isDesktop {
+    } (mkIf isDesktop {
       commit.gpgSign  = true;
       tag.gpgSign     = true;
       gpg.format      = "ssh";
@@ -131,13 +133,15 @@
   };
 })
 
-(desktopHomeConfiguration {
-  programs.nushell.shellAliases = {
+(desktopSystemConfiguration {
+  environment.shellAliases = {
     "??"   = "gh copilot suggest --target shell";
     "gh?"  = "gh copilot suggest --target gh";
     "git?" = "gh copilot suggest --target git";
   };
+})
 
+(desktopHomeConfiguration {
   programs.gh = enabled {
     settings.git_protocol = "ssh";
   };
diff --git a/modules/gtk.nix b/modules/gtk.nix
index 20fac3f..687bbaf 100644
--- a/modules/gtk.nix
+++ b/modules/gtk.nix
@@ -1,21 +1,21 @@
-{ ulib, pkgs, theme, ... }: with ulib; merge
+{ config, lib, pkgs, ... }: with lib; merge
 
 (desktopSystemConfiguration {
-  programs.dconf = enabled {};
+  programs.dconf = enabled;
 })
 
-(desktopHomeConfiguration {
+(desktopUserHomeConfiguration {
   gtk = enabled {
-    gtk3.extraCss = theme.adwaitaGtkCss;
-    gtk4.extraCss = theme.adwaitaGtkCss;
+    gtk3.extraCss = config.theme.adwaitaGtkCss;
+    gtk4.extraCss = config.theme.adwaitaGtkCss;
 
-    font = with theme.font; {
+    font = with config.theme.font; {
       inherit (sans) name package;
 
       size = size.normal;
     };
 
-    iconTheme = theme.icons;
+    iconTheme = config.theme.icons;
 
     theme = {
       name    = "Adwaita-dark";
@@ -24,3 +24,4 @@
   };
 })
 
+
diff --git a/modules/helix.nix b/modules/helix.nix
index 9871e14..4da4857 100644
--- a/modules/helix.nix
+++ b/modules/helix.nix
@@ -1,24 +1,26 @@
-{ ulib, lib, pkgs, upkgs, theme, ... }: with ulib; merge
+{ config, lib, pkgs, ... }: with lib; merge
+
+(systemConfiguration {
+  environment = {
+    variables.EDITOR = "hx";
+    shellAliases.x = "hx";
+  };
+})
 
 (homeConfiguration {
-  programs.nushell = {
-    environmentVariables.EDITOR = "hx";
-    shellAliases.x              = "hx";
-
-    configFile.text = lib.mkAfter ''
-      def --wrapped hx [...arguments] {
-        if $env.TERM == "xterm-kitty" {
-          kitty @ set-spacing padding=0
-        }
-
-        ^hx ...$arguments
-
-        if $env.TERM == "xterm-kitty" {
-          kitty @ set-spacing padding=${toString theme.padding}
-        }
+  programs.nushell.configFile.text = mkAfter ''
+    def --wrapped hx [...arguments] {
+      if $env.TERM == "xterm-kitty" {
+        kitty @ set-spacing padding=0
       }
-    '';
-  };
+
+      ^hx ...$arguments
+
+      if $env.TERM == "xterm-kitty" {
+        kitty @ set-spacing padding=${toString config.theme.padding}
+      }
+    }
+  '';
 
   programs.helix = enabled {
     languages.language = let
@@ -96,11 +98,6 @@
         formatter        = denoFormatter "tsx";
         language-servers = [ "deno" ];
       }
-
-      { # TODO: Remove in the next Helix release.
-        name             = "nu";
-        language-servers = [ "nu" ];
-      }
     ];
 
     languages.language-server = {
@@ -145,7 +142,7 @@
       cursorline             = true;
       bufferline             = "multiple";
       file-picker.hidden     = false;
-      idle-timeout           = 50;
+      idle-timeout           = 0;
       line-number            = "relative";
       shell                  = [ "bash" "-c" ];
       text-width             = 100;
@@ -167,7 +164,7 @@
       render.tab     = "all";
     };
 
-    settings.keys = lib.genAttrs [ "normal" "select" ] (_: {
+    settings.keys = genAttrs [ "normal" "select" ] (_: {
       D = "extend_to_line_end";
     });
   };
@@ -213,5 +210,5 @@
   yaml-language-server
 
   # ZIG
-  upkgs.zls
+  zls
 ]))
diff --git a/modules/hyprland/default.nix b/modules/hyprland/default.nix
index 321b40a..94a4585 100644
--- a/modules/hyprland/default.nix
+++ b/modules/hyprland/default.nix
@@ -1,7 +1,7 @@
-{ ulib, pkgs, upkgs, theme, ... }: with ulib; merge3
+{ config, lib, pkgs, ... }: with lib; merge
 
 (desktopSystemConfiguration {
-  hardware.opengl = enabled {};
+  hardware.opengl = enabled;
 
   xdg.portal = enabled {
     config.common.default = "*";
@@ -12,220 +12,205 @@
   };
 })
 
-(desktopHomeConfiguration {
-  wayland.windowManager.hyprland = with theme; enabled {
-    package = upkgs.hyprland;
+(desktopUserHomeConfiguration {
+  wayland.windowManager.hyprland = enabled {
+    settings = {
+      monitor    = [ ",preferred,auto,1" ];
+      windowrule = [ "noinitialfocus" ];
 
-    extraConfig =
-    ''
-      monitor = , preferred, auto, 1
-    ''
-    +
-    ''
-      windowrule = noinitialfocus
-    ''
-    +
-    ''
-      exec-once = wl-paste --type text  --watch cliphist store -max-items 1000
-      exec-once = wl-paste --type image --watch cliphist store -max-items 1000
+      exec-once = [
+        "wl-paste --type text  --watch cliphist store -max-items 1000"
+        "wl-paste --type image --watch cliphist store -max-items 1000"
+      ];
 
-      exec = pkill swaybg; swaybg --image ${./wallpaper.png}
+      exec = [
+        "pkill swaybg; swaybg --image ${./wallpaper.png}"
+        "pkill --signal SIGUSR2 waybar"
+      ];
 
-      exec = pkill --signal SIGUSR2 waybar
-    ''
-    +
-    ''
-      binde = SUPER, left , movefocus, l
-      binde = SUPER, down , movefocus, d
-      binde = SUPER, up   , movefocus, u
-      binde = SUPER, right, movefocus, r
+      bindl = [
+        (replaceStrings [ "\n;" "\n" ] [ ";" "" ] ''
+          ,XF86PowerOff,exec,
+          pkill fuzzel;
+          echo -en "Suspend\0icon\x1fsystem-suspend\nHibernate\0icon\x1fsystem-suspend-hibernate-alt2\nPower Off\0icon\x1fsystem-shutdown\nReboot\0icon\x1fsystem-reboot"
+          | fuzzel --dmenu
+          | tr --delete " "
+          | tr '[:upper:]' '[:lower:]'
+          | ifne xargs systemctl
+        '')
+      ];
 
-      binde = SUPER, h, movefocus, l
-      binde = SUPER, j, movefocus, d
-      binde = SUPER, k, movefocus, u
-      binde = SUPER, l, movefocus, r
-    ''
-    +
-    ''
-      bind = SUPER    , TAB, workspace, e+1
-      bind = SUPER+ALT, TAB, workspace, e-1
+      bindle = [
+        ",XF86AudioRaiseVolume , exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ --limit 1.5"
+        ",XF86AudioLowerVolume , exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
 
-      bind = SUPER, mouse_up,   workspace, e+1
-      bind = SUPER, mouse_down, workspace, e-1
+        ",XF86AudioMute        , exec, wpctl set-mute @DEFAULT_AUDIO_SINK@   toggle"
+        ",XF86AudioMicMute     , exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle"
 
-      bind = SUPER, 1, workspace, 1
-      bind = SUPER, 2, workspace, 2
-      bind = SUPER, 3, workspace, 3
-      bind = SUPER, 4, workspace, 4
-      bind = SUPER, 5, workspace, 5
+        ",XF86MonBrightnessUp  , exec, brightnessctl set 5%+"
+        ",XF86MonBrightnessDown, exec, brightnessctl set --min-value=0 5%-"
+      ];
 
-      bind = SUPER+ALT, 1, movetoworkspacesilent, 1
-      bind = SUPER+ALT, 2, movetoworkspacesilent, 2
-      bind = SUPER+ALT, 3, movetoworkspacesilent, 3
-      bind = SUPER+ALT, 4, movetoworkspacesilent, 4
-      bind = SUPER+ALT, 5, movetoworkspacesilent, 5
+      bindm = [
+        "SUPER, mouse:272, movewindow"
+        "SUPER, mouse:274, movewindow"
+        "SUPER, mouse:273, resizewindow"
+      ];
 
-      bindm = SUPER, mouse:272, movewindow
-      bindm = SUPER, mouse:274, movewindow
-    ''
-    +
-    ''
-      binde = SUPER+CTRL, left , resizeactive, -100 0
-      binde = SUPER+CTRL, down , resizeactive, 0 100
-      binde = SUPER+CTRL, up   , resizeactive, 0 -100
-      binde = SUPER+CTRL, right, resizeactive, 100 0
+      binde = [
+        "SUPER, left , movefocus, l"
+        "SUPER, down , movefocus, d"
+        "SUPER, up   , movefocus, u"
+        "SUPER, right, movefocus, r"
 
-      binde = SUPER+CTRL, h, resizeactive, -100 0
-      binde = SUPER+CTRL, j, resizeactive, 0 100
-      binde = SUPER+CTRL, k, resizeactive, 0 -100
-      binde = SUPER+CTRL, l, resizeactive, 100 0
+        "SUPER, h, movefocus, l"
+        "SUPER, j, movefocus, d"
+        "SUPER, k, movefocus, u"
+        "SUPER, l, movefocus, r"
 
-      bindm = SUPER, mouse:273, resizewindow
-    ''
-    +
-    ''
-      bind = SUPER+ALT, left , movewindow, l
-      bind = SUPER+ALT, down , movewindow, d
-      bind = SUPER+ALT, up   , movewindow, u
-      bind = SUPER+ALT, right, movewindow, r
+        "SUPER+CTRL, left , resizeactive, -100 0"
+        "SUPER+CTRL, down , resizeactive, 0 100"
+        "SUPER+CTRL, up   , resizeactive, 0 -100"
+        "SUPER+CTRL, right, resizeactive, 100 0"
 
-      bind = SUPER+ALT, h, movewindow, l
-      bind = SUPER+ALT, j, movewindow, d
-      bind = SUPER+ALT, k, movewindow, u
-      bind = SUPER+ALT, l, movewindow, r
-    ''
-    +
-    ''
-      bind = SUPER    , Q, killactive
-      bind = SUPER    , F, fullscreen
-      bind = SUPER+ALT, F, togglefloating
+        "SUPER+CTRL, h, resizeactive, -100 0"
+        "SUPER+CTRL, j, resizeactive, 0 100"
+        "SUPER+CTRL, k, resizeactive, 0 -100"
+        "SUPER+CTRL, l, resizeactive, 100 0"
+      ];
 
-      bind = SUPER+ALT, RETURN, exec, kitty
-      bind = SUPER    , RETURN, exec, ghostty --gtk-single-instance=true
-      bind = SUPER    , W     , exec, firefox
-      bind = SUPER    , D     , exec, discordcanary
-      bind = SUPER    , E     , exec, fractal
-      bind = SUPER    , M     , exec, thunderbird
-      bind = SUPER    , T     , exec, thunar
-      bind = SUPER    , C     , exec, hyprpicker --autocopy
+      bind = [
+        "SUPER    , TAB, workspace, e+1"
+        "SUPER+ALT, TAB, workspace, e-1"
 
-      bind = SUPER, B, exec, pkill --signal SIGUSR1 waybar
+        "SUPER, mouse_up,   workspace, e+1"
+        "SUPER, mouse_down, workspace, e-1"
 
-      bind = SUPER, SPACE, exec, pkill fuzzel; fuzzel
-      bind = SUPER, V    , exec, pkill fuzzel; cliphist list | fuzzel --dmenu | cliphist decode | wl-copy
+        "SUPER, 1, workspace, 1"
+        "SUPER, 2, workspace, 2"
+        "SUPER, 3, workspace, 3"
+        "SUPER, 4, workspace, 4"
+        "SUPER, 5, workspace, 5"
 
-      bind =    , PRINT, exec, pkill grim; grim -g "$(slurp -w 0)" - | swappy -f - -o - | wl-copy --type image/png
-      bind = ALT, PRINT, exec, pkill grim; grim                    - | swappy -f - -o - | wl-copy --type image/png
-    ''
-    +
-    ''
-      bindle = , XF86AudioRaiseVolume, exec, wpctl set-volume --limit 1.5 @DEFAULT_AUDIO_SINK@ 5%+
-      bindle = , XF86AudioLowerVolume, exec, wpctl set-volume             @DEFAULT_AUDIO_SINK@ 5%-
+        "SUPER+ALT, 1, movetoworkspacesilent, 1"
+        "SUPER+ALT, 2, movetoworkspacesilent, 2"
+        "SUPER+ALT, 3, movetoworkspacesilent, 3"
+        "SUPER+ALT, 4, movetoworkspacesilent, 4"
+        "SUPER+ALT, 5, movetoworkspacesilent, 5"
 
-      bindle = , XF86AudioMute   , exec, wpctl set-mute @DEFAULT_AUDIO_SINK@   toggle
-      bindle = , XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle
+        "SUPER+ALT, left , movewindow, l"
+        "SUPER+ALT, down , movewindow, d"
+        "SUPER+ALT, up   , movewindow, u"
+        "SUPER+ALT, right, movewindow, r"
 
-      bindle = , XF86MonBrightnessUp  , exec, brightnessctl set               5%+
-      bindle = , XF86MonBrightnessDown, exec, brightnessctl set --min-value=0 5%-
+        "SUPER+ALT, h, movewindow, l"
+        "SUPER+ALT, j, movewindow, d"
+        "SUPER+ALT, k, movewindow, u"
+        "SUPER+ALT, l, movewindow, r"
+        
+        "SUPER    , Q, killactive"
+        "SUPER    , F, fullscreen"
+        "SUPER+ALT, F, togglefloating"
 
-      bindl = , XF86PowerOff, exec, pkill fuzzel; echo -en "Suspend\0icon\x1fsystem-suspend\nHibernate\0icon\x1fsystem-suspend-hibernate-alt2\nPower Off\0icon\x1fsystem-shutdown\nReboot\0icon\x1fsystem-reboot" | fuzzel --dmenu | tr --delete " " | tr "[:upper:]" "[:lower:]" | ifne xargs systemctl
-    ''
-    +
-    ''
-      animations {
-          bezier = material_decelerate, 0.05, 0.7, 0.1,  1
+        "SUPER+ALT, RETURN, exec, kitty"
+        "SUPER    , RETURN, exec, ghostty --gtk-single-instance=true"
+        "SUPER    , W     , exec, firefox"
+        "SUPER    , D     , exec, discord"
+        "SUPER    , E     , exec, fractal"
+        "SUPER    , M     , exec, thunderbird"
+        "SUPER    , T     , exec, thunar"
+        "SUPER    , C     , exec, hyprpicker --autocopy"
 
-          animation = windows,   1, 2 , material_decelerate, popin 80%
-          animation = border ,   1, 10, default
-          animation = fade   ,   1, 2 , default
-          animation = workspaces,1, 3 , material_decelerate
-      }
-    ''
-    +
-    ''
-      decoration {
-        drop_shadow = false
-        rounding    = ${toString cornerRadius}
+        "SUPER, B, exec, pkill --signal SIGUSR1 waybar"
+        "SUPER, SPACE, exec, pkill fuzzel; fuzzel"
+        "SUPER, V    , exec, pkill fuzzel; cliphist list | fuzzel --dmenu | cliphist decode | wl-copy"
 
-        blur {
-          enabled = false
-        }
-      }
-    ''
-    +
-    ''
-      general {
-        gaps_in     = ${toString (margin/ 2)}
-        gaps_out    = ${toString margin}
-        border_size = ${toString borderWidth}
+        "   , PRINT, exec, pkill grim; grim -g \"$(slurp -w 0)\" - | swappy -f - -o - | wl-copy --type image/png"
+        "ALT, PRINT, exec, pkill grim; grim                      - | swappy -f - -o - | wl-copy --type image/png"
+      ];
 
-        col.active_border         = 0xFF${base0A}
-        col.nogroup_border_active = 0xFF${base0A}
+      general = with config.theme; {
+        gaps_in     = margin / 2;
+        gaps_out    = margin;
+        border_size = borderWidth;
 
-        col.inactive_border = 0xFF${base01}
-        col.nogroup_border  = 0xFF${base01}
+        "col.active_border"         = "0xFF${base0A}";
+        "col.nogroup_border_active" = "0xFF${base0A}";
 
-        cursor_inactive_timeout = 10
-        no_cursor_warps         = true
+        "col.inactive_border" = "0xFF${base01}";
+        "col.nogroup_border"  = "0xFF${base01}";
 
-        resize_on_border = true
-      }
-    ''
-    +
-    ''
-      gestures {
-        workspace_swipe = true
-      }
-    ''
-    +
-    ''
-      input {
-        follow_mouse = 1
+        cursor_inactive_timeout = 10;
+        no_cursor_warps         = true;
 
-        kb_layout = tr
+        resize_on_border = true;
+      };
 
-        repeat_delay = 400
-        repeat_rate  = 100
+      decoration = {
+        drop_shadow = false;
+        rounding    = config.theme.cornerRadius;
 
-        touchpad {
-          clickfinger_behavior = true
-          drag_lock            = true
+        blur.enabled = false;
+      };
 
-          natural_scroll = true
-          scroll_factor  = 0.7
-        }
-      }
-    ''
-    +
-    ''
-      dwindle {
-        preserve_split = true
-        smart_resizing = false
-      }
-    ''
-    +
-    ''
-      misc {
-        animate_manual_resizes = true
+      input = {
+        follow_mouse = 1;
 
-        disable_hyprland_logo    = true
-        disable_splash_rendering = true
+        kb_layout = "tr";
 
-        key_press_enables_dpms  = true
-        mouse_move_enables_dpms = true
-      }
-    '';
+        repeat_delay = 400;
+        repeat_rate  = 100;
+
+        touchpad = {
+          clickfinger_behavior = true;
+          drag_lock            = true;
+
+          natural_scroll = true;
+          scroll_factor  = 0.7;
+        };
+      };
+
+      gestures.workspace_swipe = true;
+
+      animations = {
+        bezier = [ "material_decelerate,0.05,0.7,0.1,1" ];
+
+        animation = [
+          "border    , 1, 10, material_decelerate"
+          "fade      , 1, 2 , material_decelerate"
+          "layers    , 1, 2 , material_decelerate"
+          "windows   , 1, 2 , material_decelerate, popin 80%"
+          "workspaces, 1, 3 , material_decelerate"
+        ];
+      };
+
+      misc = {
+        animate_manual_resizes = true;
+
+        disable_hyprland_logo    = true;
+        disable_splash_rendering = true;
+
+        hide_cursor_on_key_press = true;
+        key_press_enables_dpms   = true;
+        mouse_move_enables_dpms  = true;
+      };
+
+      dwindle = {
+        preserve_split = true;
+        smart_resizing = false;
+      };
+    };
   };
 })
 
-(desktopHomePackages (with pkgs; [
+(desktopUserHomePackages (with pkgs; [
   brightnessctl
   cliphist
   grim
+  hyprpicker
   slurp
   swappy
   swaybg
-  upkgs.hyprpicker
   wl-clipboard
   xdg-utils
   xwaylandvideobridge
diff --git a/modules/kernel.nix b/modules/kernel.nix
index 74ad770..8776b19 100644
--- a/modules/kernel.nix
+++ b/modules/kernel.nix
@@ -1,4 +1,4 @@
-{ ulib, pkgs, ... }: with ulib;
+{ lib, pkgs, ... }: with lib;
 
 systemConfiguration {
   boot.kernelPackages = pkgs.linuxPackages_latest;
diff --git a/modules/keyring.nix b/modules/keyring.nix
index 375c1a3..b47e244 100644
--- a/modules/keyring.nix
+++ b/modules/keyring.nix
@@ -1,9 +1,9 @@
-{ ulib, ... }: with ulib;
+{ lib, ... }: with lib;
 
 desktopSystemConfiguration {
-  programs.seahorse = enabled {};
+  programs.seahorse = enabled;
 
   security.pam.services.login.enableGnomeKeyring = true;
 
-  services.gnome.gnome-keyring = enabled {};
+  services.gnome.gnome-keyring = enabled;
 }
diff --git a/modules/kitty.nix b/modules/kitty.nix
index 5294193..abccd87 100644
--- a/modules/kitty.nix
+++ b/modules/kitty.nix
@@ -1,7 +1,7 @@
-{ ulib, theme, ... }: with ulib;
+{ config, lib, ... }: with lib;
 
-desktopHomeConfiguration {
-  programs.kitty = with theme.withHashtag; enabled {
+desktopUserHomeConfiguration {
+  programs.kitty = with config.theme.withHashtag; enabled {
     font = with font; {
       inherit (mono) name package;
 
diff --git a/modules/kresd.nix b/modules/kresd.nix
new file mode 100644
index 0000000..ed359ee
--- /dev/null
+++ b/modules/kresd.nix
@@ -0,0 +1,7 @@
+{ lib, ... }: with lib;
+
+systemConfiguration {
+  services.kresd = enabled;
+
+  networking.nameservers = [ "::1" "127.0.0.1" ];
+}
diff --git a/modules/localisation.nix b/modules/localisation.nix
index f3aa5dc..31496e0 100644
--- a/modules/localisation.nix
+++ b/modules/localisation.nix
@@ -1,4 +1,4 @@
-{ ulib, ... }: with ulib; merge
+{ lib, ... }: with lib; merge
 
 (systemConfiguration {
   console.keyMap = "trq";
@@ -7,17 +7,15 @@
 })
 
 (desktopSystemConfiguration {
-  i18n.extraLocaleSettings = let
-    locale = "tr_TR.UTF-8";
-  in {
-    LC_ADDRESS        = locale;
-    LC_IDENTIFICATION = locale;
-    LC_MEASUREMENT    = locale;
-    LC_MONETARY       = locale;
-    LC_NAME           = locale;
-    LC_NUMERIC        = locale;
-    LC_PAPER          = locale;
-    LC_TELEPHONE      = locale;
-    LC_TIME           = locale;
-  };
+  i18n.extraLocaleSettings = genAttrs [
+    "LC_ADDRESS"
+    "LC_IDENTIFICATION"
+    "LC_MEASUREMENT"
+    "LC_MONETARY"
+    "LC_NAME"
+    "LC_NUMERIC"
+    "LC_PAPER"
+    "LC_TELEPHONE"
+    "LC_TIME"
+  ] (_: "tr_TR.UTF-8");
 })
diff --git a/modules/logind.nix b/modules/logind.nix
index df7d75c..8e68ce3 100644
--- a/modules/logind.nix
+++ b/modules/logind.nix
@@ -1,4 +1,4 @@
-{ ulib, ... }: with ulib;
+{ lib, ... }: with lib;
 
 desktopSystemConfiguration {
   services.logind.powerKey = "ignore";
diff --git a/modules/nano.nix b/modules/nano.nix
index ccd78c6..0121211 100644
--- a/modules/nano.nix
+++ b/modules/nano.nix
@@ -1,7 +1,7 @@
-{ ulib, ... }: with ulib;
+{ lib, ... }: with lib;
 
 systemConfiguration {
   environment.defaultPackages = [];
 
-  programs.nano.enable = false; # Garbage.
+  programs.nano = disabled; # Garbage.
 }
diff --git a/modules/network-manager.nix b/modules/network-manager.nix
new file mode 100644
index 0000000..13d3186
--- /dev/null
+++ b/modules/network-manager.nix
@@ -0,0 +1,9 @@
+{ lib, ... }: with lib;
+
+systemConfiguration {
+  networking.networkmanager = enabled;
+
+  users.extraGroups.networkmanager.members = allNormalUsers;
+
+  environment.shellAliases.wifi = "nmcli dev wifi show-password";
+}
diff --git a/modules/networkmanager.nix b/modules/networkmanager.nix
deleted file mode 100644
index 114ea07..0000000
--- a/modules/networkmanager.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ ulib, ... }: with ulib; merge
-
-(systemConfiguration {
-  networking.networkmanager = enabled {};
-
-  users.extraGroups.networkmanager.members = ulib.users.all;
-})
-
-(homeConfiguration {
-  programs.nushell.shellAliases.wifi = "nmcli dev wifi show-password";
-})
diff --git a/modules/nix.nix b/modules/nix.nix
index f4a3b83..9f030d2 100644
--- a/modules/nix.nix
+++ b/modules/nix.nix
@@ -1,19 +1,7 @@
-{ inputs, lib, ulib, upkgs, ... }: with ulib; merge
-
-(homeConfiguration {
-  programs.nushell = {
-    shellAliases.ns = "nix shell";
-
-    configFile.text = lib.mkAfter ''
-      def --wrapped nr [program: string = "", ...arguments] {
-        nix run $program -- ...$arguments
-      }
-    '';
-  };
-})
+{ inputs, lib, pkgs, ... }: with lib; merge
 
 (systemConfiguration {
-  environment.etc."flakes".text = builtins.toJSON inputs;
+  environment.etc."flakes.json".text = strings.toJSON inputs;
 
   nix = {
     gc = {
@@ -27,11 +15,9 @@
 
     optimise.automatic = true;
 
-    package = upkgs.nixSuper;
-
     registry = {
       default.flake = inputs.nixpkgs;
-    } // builtins.mapAttrs (_: value: lib.mkIf (lib.isType "flake" value) {
+    } // mapAttrs (_: value: mkIf (isType "flake" value) {
       flake = value;
     }) inputs;
 
@@ -39,25 +25,51 @@
       "auto-allocate-uids"
       "ca-derivations"
       "cgroups"
-      "configurable-impure-env"
       "flakes"
-      "git-hashing"
       "nix-command"
       "recursive-nix"
       "repl-flake"
-      "verified-fetches"
     ];
 
     settings = {
-      accept-flake-config       = true;
-      builders-use-substitutes  = true;
-      flake-registry            = ""; # I DON'T WANT THE GLOBAL REGISTRY!!!
-      http-connections          = 50;
-      trusted-users             = [ "root" "@wheel" ];
-      use-cgroups               = true;
-      warn-dirty                = false;
+      accept-flake-config      = true;
+      builders-use-substitutes = true;
+      flake-registry           = ""; # I DON'T WANT THE GLOBAL REGISTRY!!!
+      http-connections         = 50;
+      show-trace               = true;
+      trusted-users            = [ "root" "@wheel" ];
+      use-cgroups              = true;
+      warn-dirty               = false;
     };
   };
 
-  programs.nix-ld = enabled {};
+  programs.nix-ld = enabled;
+})
+
+(systemPackages (with pkgs; [
+  nh
+  nix-index
+  nix-output-monitor
+]))
+
+(homeConfiguration {
+  programs.nushell.configFile.text = mkAfter ''
+    def --wrapped nr [program: string = "", ...arguments] {
+      if ($program | str contains "#") or ($program | str contains ":") {
+        nix run $program -- ...$arguments
+      } else {
+        nix run ("default#" + $program) -- ...$arguments
+      }
+    }
+
+  def --wrapped ns [...programs] {
+    nix shell ...($programs | each {
+      if ($in | str contains "#") or ($in | str contains ":") {
+        $in
+      } else {
+        "default#" + $in
+      }
+    })
+  }
+  '';
 })
diff --git a/modules/nushell/boom.opus b/modules/nushell/boom.opus
deleted file mode 100644
index df0622e1a0ea65a60e694bf15ea65c492a9607a9..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 21680
zcmeZIPY-5bVt|6LFPE<bF;$A^wJ-|%7nBxzq$Z{?GFdP->;{Q5fR%$;AOfVEk%56h
zO|P|u(FLSDBr(01hk=2?C$TKe%s|gr&(OdCWI9MJCowO*G%-EZHZ?C@gn@w}H7_|o
zCAG*FSuMo;7kfaaGcbV62kB0X*zv%DdFhg6OO`JE|G)PCf2aQ|{{Q#=ukv5{zs!Hh
z|HA(T|Fi!4bo2i08#iy?ym|A+ty{Nm-oA6==GhY`51l-A>hiHo`*;2M|L;%zzb*0`
zzkfJ<?=GkA^d=z_mq@<P-)~EDOU$)c(S0F%n?OwWan4KDPgd4$U-o47{jIlsN-oDZ
zR`yHmi2d`9`P#Sl{APEG-4cE#tmTtEAQpbbwO;$nH-jDdfp0qb537|r1ZMgE3)cU+
zRI@2kUn)}RvGLr}lbsDBY8*<Ur5pdZxlOc+a@F&du-*6D{g=&>yM@=a=B_A}{kI_h
zR}aStCL>{{1uO?3j(qt1N1V3F3T2f=kLo{$tnH~#`63;BVxnb`;~SZE-ZO&d=r{D9
z`M|vW$gvkcUKX6&^!%ueU_@@-$>qP*WF|?8t@?VVaelJ<fjKLftePw)_}%8+t#|B=
z>()ORMVr-@H~g%YVQ0K5EHPc8>|g(qBNGL}4L>olusHm&Z;zX3H^)^seTS`GqWdqK
zmXC$Ujptq~=lr*J{SOX~6UI!8LMvEWKyH+s)D<)P>O9H&lTM$=TJGqiz2aJ@*umZd
zhr8R)Z+!W4!yjYSdwN>Q#=_lA?-FI?+o#*fomXlybNq69mh<{x&&vu<Tdef9Snz#P
zl$cPzPU95^qr<ZAtk*i2zCQc#Kg{%BVb+Un3T6%uEclo#ms?)meod#Lv2_y@<1w*6
z_HB;@?M+>E{3UF|R=WSFJ#weO-FWV~^40$e@_%q}@Gvn8DJZZwfLy7h>9Xmj$g9f6
zz#Wp#`#)9oTC+cS8s@ApM~Fe9?ei+xU3SYD=axR2H`Q8t@)XW?ImZ=x)vbGf&Z$ro
zKk}?KdoGtq+<ixjh2reihswkH7WC=2%RE&L<nA)Ql6WdMV5trFljDypxL-(oT$4JR
z?aqV<<9B<QnE1sP{jqOtn`kfWs_zzI8?)Q}N4?AK!tElmLM7GzWZwVc;W)!+B*3)f
zNDs)3@*BTjo_;Q4(}8($*0=w&{<_teH2;8V&GmWWtJ{7$#Y<esI-0uF`Rh-v_YWs|
z<*Ygv&Chr8?7A7siEJ*~5x3m;`e(H0&zQ6Kh@jR5wP%|o8+&-g&eU~p3knsR*1Spb
zo^DhCx5APi>5LC<rXAaOBh?_n_}&r)g||-qhkrQMH(v{P)s>B~m2`LiQ73Y?csYlx
zQpxOpFZ6$PN$@Zl2?#Zu04GUB&C=%~XD4TxM?cbctZQRmVDyZyzBT<}|8D66xfXxa
zR<|kLZ0}w3?dY9I1NVaepRVuKP}rfu^=|7+|3!>aRvp)4&m4WJp2mD{>d&NE;jB-7
zU6OyeE_cdQcMsz-kG(VAcqp<SD3D)tv03Ntfm9n8Zni3m@G}mZU%o&5!+oRh^O~Sj
zzRi~sL+ZP4`KucjdfqtvZ}mUh{9io+Tue-Y3K|^@f9e>t@~iKp>)cafdGu(i)t|e+
z*NFwb2%Twpy<4ZzXV2V{(Ec?%n{@8o)blRtG+6YoanhXi%(}PK*%M3SYZB6xW`tRm
z^K({<%QrmRdPpKEbK^^fqi3w%ubA5Ne*LE76Smg+^ew)>R6dC7=gOwd%I0s*@pj9|
z*sRx;+!1y9&4QK5?qQd^f=!%!-^>z;5ZhTV$hJ<7>8kFgS-+&sH5Q)iw6E6KUjK4i
z!oHu6^F)?>zHrRja>~9x3~lcUmwSdyy;RsK=fbH`bv7%gqQN1jd)ekQGV1OxHIKE=
zZc>caWb<9-<SwXsE@HmLRo81-&u_Ex&Rw~9wu{r^f@hQC{l#6(k{>9_UCpiK|0eNK
z*<rT(%K2iKHP0(+<tjWloa4)H_)q4^#<tjvvR4ukj;wgH|G$^9)~k~#-3!<z?XfAV
zZh(}xbR_>AKF@Q2we&$qy|?*MC1aT##lIYlp2hR(+ssaDlu24WYo6Dy7b}*n^$j@o
zTU=w-|8nM+GvuaDx8Y9jUZ3|{b<_C}?pB}B?N92sChnH4p1IAVx0J=%cjGjh=Mh=l
ztk(ITkIu5vP+A+YwWG!1FXNQ8+oP<4McI5h(n7VR9TZNmPuW(%^+)HeF2mms$2a!-
zHY{>8GEWT+GkDq?=~DjXK>@>V?zx%!{@u$D?bTiW{&An*)0}7SIfhq0^{FRSn!6P1
z{!_Yko9X5R-R;?Bp?~U6WGPKNlzZ>}LhnQOE7*#E)j$5iG&jP*>~Z&lnky5Qwe0=(
zIpDeKj`jx<$?Up2w{EK~5Q=qOS28VkqJa3?H_TTnUtZfM@r_AF`$62VQ!i^zzVGI*
zPPE=X&w0V;kjiI)@hg%VCf(=X5yZMYC0cq)*p3CW7b`3GF7NTFIu<3sXm&@yNA984
zPPq&DEYqAD_MgfXojSYfz>1JlE|=#|O_Vy7e=7U<wv94RMeD*oo~)CLU@`wHoWg4U
z=B&_Sm%9NALVwp}&zX5}#n-!`N)7)T*&~IYrM7v$Oj&!SxNeG(Que2tW?r8zaxhlR
z_DWg5_=+me{ujrUCM{+)xT<y}^giSLN>7V-w$0oVmZUVN%yM|W$pI}P{W-&b`2QJI
zu|Az!tJhqxm(HCS`1HyS*{zaJDMrPOArXfRiq1Vz{j}r%iD;?B8{0T;2W@V6d)9S9
z@%zuOl^6F3H)Y(jnYCj{e&L-a)vDWG`$GN;WSaip_SJ0eK2e<)Usiu|3ee7v;Q6}g
z;+}Ovr)yVx2|9F_p1b(;vdJb-o{zEK#qU1~+K10L)spsL#q#wARa074M=tUd{_%Xr
zvP&)=>>*3j^0z%tUKGmo@@T-i=$dZ<g^o2-w`bhj8s4iAtn6)C{^QiKg1uT9^OOH&
zIHv?hXO-TsirwuQwbE_VYy&}an+^Zp%g;XkCh9jMm$&=m$m*B{-s{zy_Aj3r!Kbs~
z%zn|H6JJelI^KMssdB>K$J2E}Aj8ZKH3#b@f7mYlTf21C`aiXaPFf28HuCPv-4Y|f
zt^Ys&@KQU^t4oa)O~0S+DEy;eJo8Z0i?EJ0G6IJMj{m<aF2ZIgy?udO!#~0O2iNr{
ztzERcy5gOGh)%|p$cca2)||Ps{Q2gkHrJ#-*v<1@#+~}})6@iiS&4rEa<^p7S4e+3
zpAyO@5L7rpCuo{f-_NJ!(jTW}<?>`646eN#`=<KJx%Ah`wadbG&tXbjH09i*j*UUl
z0=kb{*9skrKNN6(Zo+w^8%w-gHqSXND_}fB#9nd5jxA@8H}U`5!oDr+WX@lYyCM2M
zyEm{Vupdf{e|5&%cK6c6DUUDwF`QlPm&EC7zg6OJr>IV^){K`I;ukP&+8e5KIppKl
z6cxs+-(Kde-n~U(@yi;$@Dp?PwcVBQ-JiDiz`nC9<CPqb)<_)xU1zo3ct>VVYtu`y
zee-3a=Bh6H9_%N=-RhIpb+@&qZB6dy^g1_>Yz7V2nvmr1YrO*V4l^*WVR26q{2#&F
zxO3LAjpD%}6IDL+%`IE7FN{G)xVq~8g6$i+`#R>=O27Ur7IQ&U*4_BJvbjP<_skrg
zle6nRcS=uS%2na~f7A0%HUB63f*q^ERd-*OmupD2_0q_j@vlvG(wF~MUpKzbl706~
z@m|MH+YY6J!kjn4R^5DjeyY-k{}T@+dCXe4?a^HMW1o4ZunXOG{rl?s?B=Y%ZC1M+
zKE-@tcCKk*YTdAbTV$%vm6H?RU0TV)mcmk1BV)+1``rAsfs?w_|K6)|N%Oz;*fVHt
zgT>aS9G=h%pSvWYo>yHHjQCUY?~9|xoy^?)v+iMzZuegL_RK%$BddR`NuT3@!8O@E
zWt=L%=7!8U7*^0K_+&$~dza^)e$5+SSbUGq`yB7<=_Y>O(Q23aKAE;<dmCn3&r{#q
z`A%2o`Ni8)SN(se8SCMCyxinWkK=O%MQQ2A-;<QWr(4RD%$TuzYJcgnX)-O_GWxOA
z9*qCe|0Vul;%tr#I=sK(jF(=2=e9E<yL9rOyn0(yALPTZ;rFH-%cR4srJD_!|7@7^
zB7n1EZGh)a?dE6a<Q`gCoRCwpscf{`Ht#LReXfG821a|wP|rv64+IOH%`8=M&u2Lh
zwq(xVb@u-=xgTwNJf-)2z*9$d=7-#D_Z#m#ikX$!Rw}mhb^ao2^%I9wPF=Y#8294Q
zH7%tl_kYWlW@vs8NSsu7^YGouPf0r#9k<gAI4JnDeX8I#mz{siUH-M3&3)4M$m8JN
z*oB78=NH6mm$)0bK7We*(!5*jvA3HvjwaiSwkrs(IB3<<)wi}Yk#lju2UmeCF0R|#
zXD?L#`~KPv<1BNNJm%&ClbhE{Zb%!yahmu&=j4>mNw-sOxjmWW`gh6tKfY=@bGK#w
z{JJXeqTC#*S!}#hm5lt(&%V3tjJD;PT~lVsuHsuKwDytFl%;mxT!QScx6kKW-f?DP
zNY4MI0Utf=rY}fJnZ5fV_ixj(w=S!rg?3C>uFz*2yt_DJ{c9FIzS(Vel)e39*Ti4{
zZP;vY#9W#5B(U+@UyIi|*54!3rItSTklnf4nD^L?`4J*>=Pe2pKeY1!r*cT!%gHhx
z2TFIadSCT3H$AfIa9mM-(yZNedKoHpS^I7riLpIC<JrE;{Y-xi8y~38O|DideA}s=
z=XT5Q73V!au2A{QP0ilS?|q}gTXUb-Zs>TYaHM5*m24wdqjk<xoBr&##q;-dZ9gk*
zT7KoUR)6>NkBhyRCWYi&?laWf=4EttQ!b<a?HvBMTpyOMUl8>tV!lSct19=33rubH
zrIsdhnN#Acj-~Ov@C*2@5!_m|`Fue1G1c8n5d~YHNOf2JF?#Tq&tuKuWc{xPpPW_B
zdN8R;ZJ)yb{f$RTu5EOldq=BnTl4#7$FCQ4kGn2O2z+0uy}WkC#A%xXgnee!_->E!
zKUMtdR%g$(HdiD6*Sc!K47ojZ)86p>{XK8}l>Ox_WfzrR6wUPfmUP>tW1{dDv2B%m
zs~V$SZ~uPfsIv6pH`gQSc55%}f3wPYnNdx}vAS<w`$Y|^Z@x3Iy`L(WsrmJmq}<O5
z?ALsk-kQ>Wup?&^oB8_cFE4`SkDXa~X=8dKtKkv;%lWSr^j@1cU!Tl#{_&dG5%2r|
zJ)RZru<NCEPH1I|@vS3D9!atcD$@@9VY?K%>gz9l);~UL<Q@Lk)`z}6_j>ug!f&fq
zs?NK=Y`z1N`J@9^FO&taT59b6b>o}sug>?Z4>Fsksfu~F%s=_@!m1$Gb1#k?@E-hr
zBBbP>-WB(EbK*C8-_&2K_|pBrxvoQB8qJ>W4NTqkUGS?ZZ#wfu=IE$0`^cm{ho&Ad
zxPL%@!~CiDS4>`Ap%%4JTf#!wXZ!A*uO;rkuyH&4=G<h>k5+G2)?ZE3NPYXqWZ_x^
z$I3NA;y(|zUHcLGcZclhYwOrVqMyYjRf(ON^Xz4=V`a&`?JbP2Cmc48{`BYdBP}s)
zDW_0jzSrK<zC~E<jrDu6r(k~M+KKuK`t@J;aqFwNTV{P{Iz5}wwCq{Mp81s`r=L{4
zscEy_kSgc4pMfdmmfLNvsPzmB82)VHVc0)Wo^iIP@{z;8mui(4H5G5G*5i?RGHd&h
zXkCByTC*Kz6F#p?-B9xD`^~i{4@?nVQIZ$_`juRut%mre<4-$HA9RVx6)EmIF8{?!
z<?FPLZCn|eWo*Y;4Gib;1kDjyDfuGY=dknax8@bB#aueyPkEG1c@+HM{eNBFnz?mm
zzO$?+Oa7QG7?~HPleSJTaGmalHpjkCv$x*$U0NjiHtB-X+8u&s*R0sTI?FtdZr!+U
zZo+@Y`^~d=+I|;G4lih2$F|}0$LW3<D@@*mE-Y2ubiFHmUm=@9nEc(BvXL1pYKxdQ
z_Y|AV5WJB**LL^jPeLUv_dMUL9adQSy5dZ8NXGJ`{)={b7DPUix*5HJGk25ANyq<=
zaa;^8e|%Ql+`Pq2F#0UVm+$H_ZV|1|3i<Lrc+J1A$5N)UaHZ@I{u!Isy^WZm&d|8_
zu6e$4qnmb{Qp5Ee$NvSQ(WV-o&+%DV=Doe0;N$qWU2szIyz*m8JHPn;oVa%Whc#C|
z)O<~N@x?Z_h-peuwZ!|ys-ihlH=j_Md2acJE3;<gw)ebwU-@{c$A7)-j$O6S408J3
z&D4+m^JZ$j-TGsnZ|tpkBfxM#ev!_vc2<uTejoXhN4nJ7<6>@R-4u|NU0t{A@kHlK
z?7F@ivZZ<=Y8#vlt~h;neYQ1xV=RA7#Oc%RCv~Q8tnaK%ZaMhyS@ElBCuX>CaV$#>
zw=3X$+u}OQR!byPKuOW=tiy}w+xh<)cc&~3jsO2^)gNEOTg|st?F&!MTjv%wv+v*o
z_RCd?QJ2@5@%nAJ_pASn`RP=KZjEevll_NRcfQ%aCU)6WsRd!zC%voY$*o~<tQBqf
zG~G(=(#`xw`WIz7@>057r`yTTyv(xrrQMV0Ns^w-`=77bdtt%3wf;F_TQ}cu4Hnwr
zlDwZcv2rP|m)2_W&Z(|qwG0!hCK~cR)BLBH8gleb0IS^UAD8*R9f*6-A?4DvLh9#R
zvGg5ZcX)r@wDG5|N?zHHV+!G~a+YM}G0)p9v*B>+CG&Ot^*USUSFEvDY7J9~?6$Mq
z`D2bxt>4DG=Re76<tt`L+pXgD`@@&MR^(HkZPFSZ*&mv#)q2tjGfh<_*D~;*RN?=2
zYYNj8u@&}zW}nnG>d{Z+`!2P8!k)M-;z{T0^QWeE7+EoQY3XnEeDG%ZB?E1S16x+A
zg`Y8Bl3V<8iLQhBx;1=?2Rd|@R2^&baC+!@JdoSjciV|eTkm?F_`J!`OprNs;mIq9
zV&-VEwyr$2|B}Mf$)ZmGp4Kkp__*v-%EV8s0usIT=M*yQHZJ=bkmPQ@CN;d=b@t3^
z?%A{bPAs?B7GSI7c3kD{<47B>w_G|OE>-eReRciJRs;T(4BNKdIWc){w_RJ@Q3Ks`
zl3!wG>^pMor}d)OYkf6O-r6s}#;nsW_yXJ74ey@r-+az)=@%!neu1L>mwy!a-Mf14
z75|-o)~jorbGOESyQy{{Dm02Kir@Cn?CoDVf4&g9^YKbR`gY?`Js-Uj8*0xpmz~QA
zyf)>(YWg}>eF<}O0r%Ulwl3_@F=-AI-)_-d?Pt8{{k3V1`5ZkbJ+~T%9Zj3f9RFc%
z28YDV%X=p--=H5h|M#vvhnDN|GI5rFn5IAXaGRi6OQLC{*@}eNrw^s->?HoAto`7#
z?q?6H`oH#~XUCMc_nP|&J(zbQI%v7WmMaxM>m|LEwm2DTF8tr)KmXKi-a~w%57P2l
zEN<zyuGwa#(6}L`RqETD*(}SnpG;ePhnq!gd(t=WutWWiT9@<6`u){B<G9VS>)e4V
z;lnX!v$|It_5ON){;i1z|9{Iru>H%VufG_6{aSDTCt^oe+0)zh`ycQt?r2=!RUkX%
zieT^etX1q!yw>`qD$lFvS^0eWtef9|&)R3EX4Y23cYeyr4XcHW=7v91v02x6`Ri5N
zlgFl>^R`%XYQ8&9gWDU=uyV~GpO$W#Rw<g9ll4^kjJ!1Goj+A&aogSmR1`3?N&Wxu
z&c(_6pFo4rMZ<NQn39ZcKTa!HVz<lNJo%f!W8Kt+no^BYO5yI#z7w_t>AmwevwQz^
z)vC$&4r?mhn_}$#*^}S@uD)D+|Dm`k84fmKFTCXJSAO3Yxl?*N#|E?TVhQ13@yNfj
z+qY}4WL>0}yIOCaX_Hz4r<$iwz_0&HLs|bsY-j$nEYZZkL6=9+IOCDgf|PyU`FkF1
zx);UrZr8=R8%(cU*SooD-VfnfpIKKaEO&k@?EOQq`D)4DRHrRl=bf{ctY2*{v)mxf
zBiykh?rX?Dsb>OHo>ks#nW?||PxJ}ixglPe7s|ILt`xS?d7Hh*F+O>Ru<*PnrJYeL
zYZ#yXT3{gK-R8u$sM_aVUX<Q89lpg2C#|oSIoiT>_gSuEp!%Wo@MXfUxVP+6-Esc8
z+LO+s0tZ9quUl4Q5ZWyFg#CFRYq#2yyMj|aliQyy$zot&^1Q*6yNdP0*MJXydT)on
zbvVJc;BL{O12;7-mmm5Py6kl4Y3;KoYjsxNTUKBAcVXqPbpgsE*PSv~9{%Cp_+q9@
zsNI*98<OjfZ*@6WE__IR?u83&k{bK>ycJD!`I2GhuwlJY>TG|DgI)R?5?b%A&~sHj
z5U&1yLttgOipcAQzgRl9PnCJLyO;mMVmC)+AFWIOW$tLLV#r^!duq>z=gh+GdQv-N
zqb45HnZwN;yS98y_OErdcWy1Xsu1&{O(H>1Y3Y(3Zo2&XzsmmJT#+H%s{5kUu<9%0
zIolBRl63biPj7GCHu?Ym>woo|TA42V`O((6YTv`{{~V6r+_S^I{`pdlqqC2nxpuDo
z;oqh2twLwowcF3nxMr+z+=64CW6S>6vP!`_+IAi{)jzuQQIu0vmHLPH2Bw)$QUfCt
zwbo_Z^)VR;Z`to$uaZ4IOZ51oHV@gmGV>aJBVCKdqMutNul%~+td+&~u4tA+=xim0
z*eJ#wn^QB)Ub%!@@Z4A@#&wzhkB`j!U%&R%M*LRmSSfOj^ZSoyecTl?3?Yx=&;6~N
zuXw$B_5YO_YszINR5siz?D`y8))Fauaf#dOrFYYIJ9zG$q^b}Qz`r2=`<*{ND?Hu*
z)Emp?2hG2GZ=b~4|BP4NqquxNmYldbwNB^9)ekTAG#jULue`N?)A{FH*YdIYhK1@M
zF!?FD;9JZJr9D!;&0n|ee0fjl<)t6{c@!VGZ{SUz$QD&r9`N(k-sO8&Sd?i-CvY=c
za`QzWIG<t~vuk4fz3FH8eWuv9{B!6(7r|`(ev)FFp~=0I-5#5=?`G93(7F4T|Dei?
z=hL1hnJqh4_ep)-e@6BKuL<8m0z!{FWu{G7AEr2YpU|~5>wD>z+@06HCR;l{SX!{b
z`^#SiAqJL)1xr7y3gG|KmLh*b{{{c0gX{b?#7?+8^ecOOI)Bf@8JY{bH`SSyOIXc_
zF_R3_>*#;$b#%F}5#wZ=dwF7iJly@eQtonXbzc%N|Ej*i?ajfR^Uj?X;#v5}=Q1~2
z6NAG_<_y-^)2FQbm>b1=OKRffzQFFJUF#P-S7Y(qeOc>${fQTmSuHPhCA|_IE|lE~
z*WkQ-ZD&sTb@PMgmrT!MmRn$>sXu-4^XFPknZdo?GR=QqD>T$)u(;2x@~Gk39&|OM
z<CcNg&GW4a%P+E&o!emh=&bjL*f;*)wr5CJ1g&MQ)phvOmdm-`#hcCOCfCv}dnUFN
z?SA$7kG5e>1n-oyJ5+bHtv_VC!{)#Qo3oC7KKsr}#W)*IHlAjDc$>oV`HHzB_1~}k
zTlHl{;+I`}x>$wF-1-EBFB{LA?h>|bp<|@#6!RB<SGu!jb-M^&im`HFwXVDS{dEGX
zeZ_L7k3z59jxT<jUiMEW^5f6)3mk{I-t(LCMV+qS%GS7bNlieN;l#Y|f47y?neUsk
zYc-slAG6@&qM8t%z`d-`H>BV4?X$V6E~WfkG4u2y?=sgJ?jK4x7G}ja+<&|6cJ8mg
zp|!d}hyM6hJ#nA8S!icaW9+=?=BotWmQ=jmSa)hl=+?lmH?*fo|8UOoY1%d~F-L7(
zh~7P2j}^!NN6LTr>2-rCr_pY|?$NI|-G9nHd98G6_V>_L0zbRccBW>`nz&tSv9{Ub
zvvcn-wQ;Rt&|H7gLi$IC@S;a$*@BttTCz7LJg-toy}eTITAS#x%nLDAw_C5X?+M*A
zNtI7IZN@y_y&8FHS88isoZq(pNZJ1>={!aWUOS&=#b#<G9ho=Z#%Sv1#paG-N3~sC
z*J!`F);np6*|&Mk2Sk`0?3r%o{#x*VX*~a*ww#xqLO<U&r36a9DYJd=5cknZtJ&4)
z-?_Z33o9e0ow;$-jlaiI!2hGg({Hv;;V#<BGn}R?UYwn&cYSB*vho!_dY`S2JF46o
zcqd#>RkiTs>CX>SmcM<hwoh?O*779QH1o+d--10Se7QMciRaxMyVYTCuNMC(Hi~6?
z$@y`b!<UZa{5IQ~)fX*azpKihEb5sZr|EK6aK)KbGuY-?2fW-QI{60Y$M%DHho)4@
z%!*&K^|0~m-1RJp{?7vKX5D-p71Y%&8OSb{Ws$ynj*`dS1yOf5=~n&FzfkM+r!DD-
z3D3vqa*+v-9L&Aq{wC$@eSJ!}(V_I^Eor?jjjQ47+|QY+MIM^JNNm!EM=rd(U)WSF
zSZTiVNkgWEs+yXxm&1{5XYy{woxN7tXfplox?5lRd*9y_p0a@Ltd7bp#yXwJ1`}p=
zcm37)<k6>il{Gaa&0pHMZ04*??dg*IoJm>x_a=mC@A<oLsa(*$BiybrZG{?&S5NsY
zZ(99-UBBX1*~*;ntFIX}?lJJ{w*RO7?6pZ)&iiH6jW)OVS=+ka`!Jm5JL%`w9GxEe
z(f#C~`ER$K3}9+yy1;bcPg~NV&DXBFPR&gD<J=U@w6E5^RkrA$x%G>QH3uJmFt}be
zsn=cYY-I6t^C^cjXV@pW3aq{2{3Ehz`B#aH!iDC4Y;Qfzc~N@l^yFKvw<Baf9F$96
z|8nyVS0Pj7srQ@rb#aMLEijzb%a$IbJIn0Nw<xaTo_!ns+_~~q!>{U`_pBRcpB@Q4
zW0k+1Eo$}Zmg}#nyFNBWyxeqIIq#(PuDypRm`Hf1r{<MvuKQ@QwdL1R*WK5>CWaYo
zo7KYe-M2|4eQ!eK?&Y&5x5xPWm46q-T=rHe><9ag01fs_e>U;B-TB91b9%|a2Ep#l
z9FHCzi}tJ9e0A~CovfVC_hg$UX}<XJNBi9Oy1GYP)8+?v)=d`TYJ0(Y=Kq|gg~keE
z@w?6*3b*Lnnp*h#Jv;A-i7h8s{T42+S9w*<|5Rmy>@_3Z`OmVY{jO&fa3(#DogM6F
zeu+_9VR^#K`x=GZ2ZbW#{kGidS~)BB+9t*&O|Sa5zHus_!^V@KH02z7k?qY(6*q0A
z<)(9P2nw4$JE!Z|2_8-l#-?zk&xc-I4PA34KqS}knd$aNhqq>NOZ43_&ra}E3W^S4
z^mYtcaOBTM{>hi>&vJ?K_=jfIG#j5^cSe5GtHWPz>|j#UdU-$2@3^ke^>=?&L_^ey
zHZ1s%wP@9zu#H!_R@doo5a#!3-KkiiB5-o)l)J_o9-O~_ea_iGzaE}H@H^*iUK;ZW
zmB@S#MJ?fF3*FWP|8hCRnYsIy=kXx<-=|KRJl5z?nY8Xr*~BfgHrue9UApM^t<}G6
zeeT7czh76BXxiR<Ayl~F(aWccF1f9>DXVl`70CK|rDU?H`P{(5+5M&a90j+#JmUFL
zm0B6rx9bqgaSP=&5z0$fGI&TwZ_v=cbd_Pt;XiFD7Drwzlq-#%@zP|b{_Jzrsb4-g
zO#ST2+Iy%;?#dm8sX1(ce>nYJV$Aygg~px?S6#rU>;G$}QO%pU3(7eiMaqvwJ}kU*
zU+ZSzH+|lU;Q1Sqzy9Cu!N+@H-)+veBLT8!{_uw1xGOA>x9=oJ#`{;!l|H+or>@w1
zuYT*tz1wwMsxD7vc8yTg{&=AD+pKAiynE(*Z2B_oi+n)Zk;^6`QDz<0_papWt=zdL
zZE>N_;sV9|bLOWko5cz>tCui}beg_=x=vlLyT>&}^xFl8O-Y{l|4;sD(A8?XTGeXs
zr!Du>887B-R;#(?4@(xNH2z(gS0wwp@si8@*J+oZDZiYnP;~Fnw#F+T9jmYTDPNkD
zkWrSiNXk9tNsjU2|C^VoHQr~9u{**McS&o%hU?UASN5oC`A4#EiL~g+ONiH0IC^Mn
zPh(NrkvDw3FPdH2@}Kj#IPBw_lFe-Yp?~d$V;q7fJ-F1=d={5}`8ju5P~MSrk0|lT
z>fkTCRvo!BahglrQnqH5fUfYk2V1qfHa1?(UurFRsOgRAV@31Swm*f2?F-#+<^HIM
zV|rmQfq#<kO4Th5`mI4tKeR6XY0I76Alh+vhTrrbA<u02gG1vz?RZv7*L`0boo^?)
z|4i28`J2{F>^wI6<2|YH15Jnj?3pKc(t5=llaQkv=Wj1Pb5oAHsrlQhw3&&f7o(lZ
zc9_N<ed*F~qH^Vlr^PBxqdN;vPh);8Wq)qVG?UdEzkmNRPmkl~A*p4z!sqb+S*RnB
zxrpo9d;SB5IZZ><I$6$Z9jX+QXZ%*<v5EazUVL-*pPG9bPjVHesm)rjYMs!l>6a?j
z^d8qMb2|EK`|lQhCuhxsxXG0V7~@)UG>y)@YE|7bf3i~i+JLGHtf2v*GT-xvBijni
z6-+hR3vYaXR<V6fvQm)Q|4qz#u9fC#b(>RPTvTyzTu>eQgtL8lg2Cq>UHnH{X1!NA
zlfrBGc*Y_H#Y^{3JTKz-8@knY!qrzS%(E{?KCAw8y*fv0kwZuG`7c2;bC`FDd{x{O
zEM;^ddos_=PwQCDhJ6;flATrbE9zTs?vrQwR|Dp?niZ7&*$`(j?@5!(f~%iyuUuHq
zWH`B@Y;)AHcasXD*u^CRJmzQY`g7;p|4@xurlsXeHH~}h-}Ge7D(N%->N53}qABOz
zCAXLy7`L}KU0_;W6!51lMPXW&p0ea84PNt?XTE({p7>i<{}aFJF5TD__m2A+7tfY(
zU<%~DwCcu&)Zf23w=gCMYSyia^A$R~O8oq?C(X6Kjq1CF_kDdM*s)1fcV3{vPtLC{
zPalhV%`pCO!{bKY%bwK4S*0gtY>Qj+?%`A>-wP_<f&#~UmhCLB&k3(<*EwI}|E?*2
zZ|AS$uUhwR{TU(3QCKl^dY{47S5qE8*!tvViIV8@3d_%{$`Y4-&<~N=*X8w{Dfag-
z$E&jE&&98q{d;j<^vSZckU!H-CwMS<s%~%4Z@N%3?ZTh7+#Wsomy4Q$r5%1m$YfNN
z7aYEsXnIEBC5!l7rD*n8o0O)rwVQXeEG+w<z<D50nRn;ZXWd^UZ?lPCed=*IqmkjG
z_M56g{X3Vhp0QjI=Kk0AWWfGHZkPC^Ik!A7+<f>@VdGgv>rH-c7q32)ZJA)fleZz`
zVath#-i30unx~(5h3ZWEfBY)zVI^+$mmj&ajs!`%Jqnt*JMZKPhTP3eA(PLt>MtqW
zQYbN7N<mNbs3_-x`f}&_KW7DhX|H{Aws}wV0&bQkWitxZmpO&B|2uMW`~Nrlwyb{m
zZ`(ysGe7roZ`ZVK26v{5Y*$(1?6s*+l<UOX^-_{&{%?K1<<xOmtp(NDAD8D{F;@%>
z{{4u*>dH>;87%S+L2H|4#B;_iUDqXUCO#p*v*qhCbIt7++l{|$-zJxHAb6+yyscZ8
zESl^yb#k9kanby=r{?+my*BFwGS@2HRMtBXvFgLTRolgRukon-ep&xtB*}8#?47sr
zHmsk1S5j!v`XkT(#&vW&nK%7~jd*<2!C-CeWdfzE8|PiV8eU}UQa<^`pU28;(p0xJ
zFvw5-AL{7E#R*D%7Kc~w%D+(hPXFn)Ft;<p7iG#dzTID7(Xsu&q6mgnZ9DJ#&0F|B
z_~R=NI}e6wvWjQ)<s?rC7hLx$X9{(gcD&HRbB^54_4Di-r{@XyUO4ZdS$3oEP|iQu
z&2bYq?|LJ~uk6tMe#hdYwU4Da&HP<Ho4%Z-XD#qWy18`gB*P8M^^RVDyHRml-e+5>
z&Xt!A@ia<^ef`UAx#RS7PR?S-NBdZOcD7wFp2+(4`mxpT&6dV4`&clG>Do-o?>h05
zGo(F#M{&t<zy2Z}@Mrc()6jLD(aC>&Om;D*u5uQc<LTJAZK9^XhuVCfkGD42T{HTg
zQtDP)d(!c{(y}Y%(WQ2q%<TVeuGxQ_CGU}qx2?gc(`Te=Zg6i^;Qv<rW17JGY<(&A
z@-sy|clU<$3C75@rl$wG)*WQ|m>VUqX_+L8Qc$0i)zr=<{6z^%Oax3`q?Iqo?G8H_
zz|w!_M@st4Cwt;Iv1*-)+;;I`96KY=$9dsDIS;g4IhUX#?c-DKBvmCXF>U5jll%UU
z3{++Zsb9MN|MmY@E9~e0X<>VE;rrCSi;G3qN3WAj&^tV(o~ialV(7h8anX*#g}+}*
z<~>+qzPVoYmn;9;Z*!NY{Zx&UncH;jM1-%NtKEjcZ9ZS!lyifQWh;b8I~wK(+ijdx
zvtm87x*YGcIZx*)XRMduO0e1a=y|$!NZZ=AORA0v-(kJO5b*p+KPw-5A+ybqmaFF%
z-kGd*-dJ0<Vac2;nNF{I5AWepV0qwnM%U0xaDH^7>xnC6rp~(<S0<&3?pD*=a%Hyg
zmWJBs2V4u|7XE(#${*{Nzw^4adhrv@r!RVM-L(-o7%}TJe_%3q(nj@*eadrJ{?jzp
zOz#zYq^SKlZ;HgEkKesh--P76TkmJ{a^qDk@q4Fx`Jc^h_{M$l^Pja3#T<1GDcS4Z
zOnUh8io?Y#`D&~GAL-XvanssbY|YF?@^Lxd?q7c7oZ7c;m$m)O6LDL(PIAP%D{l4V
z`4pCU*!&@vn)<_Xy)SCZ%`EQ=u<nXtsmwHgS=BjfzVFdJg~fbwOB(EYX2&@xUs+zZ
z%*-qP#M-wZ`}VC`#q#J+TZ;D`{-0+ioB1xQS+w0mXUPv;wFl~%Z+AY{(8xA!?G{fu
z<M(veYld>6tFOLsZmZK`e#WqyFU$Uxwz<8{`A;^T8EbBC4y|%inpRaaSLJw;f8}xy
z)uq=T^YGRvq+34K4in<Oz2mVZ|MhG=$(~d9-z9ET37+fvo9R^PJx)(Azg=f{{*0gP
z!=&>5^i`!fg<qHUAAi$7`=fQkf%rRHo$jvZ`qj~Led~k99ef=%@?9B<j0?H`r&m-h
z_KW`i?f;WW+^=7){=%8?r$xz^Z(ZI0jrv*Z(jw-|eO%D2=#qTKQ(4LH(w$nf<#DC2
zPx!l9K2%cMy+34|0_XL$9mZyyn*%<EFErAY@VX*>_jfhNio%sGsun-i7??)P=5l&B
zwL)@U3oBR4wXfwGy6lawroQMFInt7Mrg3x8DsD3-?Fr#^`t~zjjaGe(KmJl%LDa|j
zWZ!asjpk(2&+M<lgG28q)(c#2os{Q1?Na>5uVo&GHw0Y15LTOSI@RZGO{24~zbZe!
z(0dt<3RU$7bu9lK|1I?XBLCn|Th4onJ4-zD(pQu@m@HVES-yt*!#baRta0wXl0gaC
z!Aqwt2s>KZk$7pDPnykwmzAX^3u@gedfR<^d7Bu%EL*cIrSgqhw4QBC=)uRGABz<a
zn0-_{slW4=T>HgsOtl#j8_&$teKg<xYFDhw{yZMbz0#`F<~XX~v{ihX;kNA4q(>}w
zewxQ+F`v(P_3FPpm#e|##}7;y=Urz$ogp(>W^aI@a`(24Qs4YGCdSnzpPaJieA4;6
zwM~m6|4lspt+K-;t+ajHsp2KMTY4vlO@0{qHPkUE0pukW{zaD;9kku(^!i&f--`Po
zst4<;4cn&gx4jm0dd>#3GYyKu0;`S*t}jvF80s#!+&DEkl<Se)AG_BnR-bmP(Y<Nm
z_W81qzq?e9MU_RdUDq~|hD&m~Es3?l-%jKU2QX~e5qMy_U&7LN7vBiCgsIqSa>zW{
zmHN_H+%<GUTT|OLlTi2LM=M+$<qD03kH^|MuD&h%t1stK%36CrLH0X>v5e~@-<Y!s
zb_EzL|NgJE_spD0c^4iPWSVafTmPi}hgQ?o+Jrxwc>gI*`}^r|)pq4ffjR#r{Vlxo
z>I~;{w|GT|#wBbq>`v-&n|FQ(gSLoGpOlsMx^vd||M1`B{BvvJbp_Yg7lUHwO^otN
z`7XV9_v-Cg*(}FvlJ1B-^Avo{#WH(inA*?jng0)SZ{%zA)p#O1$F${ei}#LMCJM|R
zkr(2A3mu)cM)>U_f&T4g(I?rmzs$do+!7N0kbm{7OMC9#WL0E|Z5CC%DWVp(F87z0
z2h;zi|8b0tEPpo2Mf}ZsvQC6^XYTy(hYUhD?~0X_EOfXPI_*o06=Ru>!}*7k<B$10
zyVc*TsnusMw~c|}?Af=IypGOo`KtI`{aZx2>f<Zx?+Bi@S-2##Zia`(4a2J@XSR9;
ziCi^wNe-;NaN!}FlQrw)yA22W);KTj-o?4@fWr*`k1u09PNgzDe)FvCd9!tLz(h8#
z&EMIh6(o0L80@^?&+=sPM%RN2)~h^Kn6`c2?<8~g%hT>K#=kb4p<T@|rDX+!{J+&-
zL>O8A%--p*VD?kJ?8Cal)?xGi{)m$6*H|vRrj)Nz`o$jGbDDCSW9rSA!=B58Ese^%
zD{_7Tv)F8R|Gmc*y!>5m{O!n3y}Dr2t?wF-Umg@UKitMD%x75@(HeDE&)d7SKZ@yw
z)4iw}YlQA3?p?(()#aG{gWoIl1Wm5IdH1YN@4QHsQTK%ThR^4nHLTcoDBCRY+!E=;
zS4p8}Zrx&TRUvnx`$SLNP_bSR{4K_ot=V(`<4$|#pPJE80Rdc5QFFkH;8|X%f|k}p
z7Qr(!Ffg$CZu(-heczg`n>Xw^vi<nhJ^Oe47yEzizs3Jm|NjU4|L^|)zs>*uCjbAd
z|Nk%Z|G)76{{sK-{@(&Bpf9>F)GwI0hr9ULx&V2WiOVu)DNS5_y5%}Q=S)t|665>F
z{gk>l<-M3CYOiwPzy-bnPPX?a&owA?Opeo*DVEuLrH!NGz3{XNE=Rei1!^t{(``Eb
zFn5}^$5jdcbG++bJ<*&TpR1ibxz0X_-}X`_&+Eu?p@T1XzfyH8UimybE;c41B5i%x
zu`7m&yeIN~MScn9W?u|{wg0*Oo9AJ-O52^3+pk_d5@*0|cXr90#&5sYuVDYd;Pj`h
zY{Bmz(|`OqI$clH^>*5k>gt{)3TOW2A6?CLF=toIKc22=>C?4x^EXU?UB~p8aY4|%
zXIsK*Z%pJ{)7ZVxPWh$MYpq|WV&A@-`?Akk#l9ljHQQ@KoXk3=g%fobtg@M;^j_`g
zhX47ZKNdR`sH8>;w3HuSa8i52(did=T9gQEOqeij{bU=93d2bstN+aY>b9Y=;6BH4
zVP&7W>L)a_TaE2}7rrRpHYb7Wrb^tqd+sN`?wr9HHT~5B{l5YFYXcJg%-;Tq`Q(=W
z=II6HGrWGf-|r1PeBH0y?q9}Tr~mub-u!d?nNrIf{fQxKS4+&|o9&$+XyN_7>+m8G
zi5;a~i<Iw1nk>jWa<=4(Te$<vQQ3<gwkp22nuNR81+8j2#wgNK*rZV|@w)NZnt7`j
zqE{YcKc?HT&2jQE?%5O8?eJcb?07uwMaLiSrpno_u1n8Pe=GFzvE1@!wSg@ibv6vK
zDb?%N3gvLAX1~6EDl{N|9%vY2xqYI7y49OvfiQtso6l3vo7%nksB^h`#{Eq;e^!>*
zdi?uc=qkFTPb!z4bykFp|Ks#+%Z)#M7XH}U>Cv;5?{(18shcPM7Cgqp8QRC$tjA|+
zcOh5V(4Y6pynr<0DvyeU+b)}2VhjcH))>ZBTgi(44!UKg%Ujs4<SnSc*uUfavRx;Q
z*-og`Z`3P2Bbb-waX0qhyMp8?Yy5BWH~dmxwEj^<%;^pCx3e4qqP@R*iHNO8`qO;7
z`JVBUsHu}xH>(Opwk%|xvq5BTWXr?ltx9+P`k&e8Ql7S{J9pEp>veNXemibX3#!OY
z``F`jrBCVT&-kqUv#mPooTlDNb>dekKYXOIv);^``_ztkyWYL*olyN||K%dR-LZG$
z_9Uo1^9k4-z``Fp=Zib1&>W}3|Mm#@cjkPvI=S?Xw03F%OGjI@6wf=I9i1u42|;;Y
zm-`D}D>rOktEgDRFQKchz-e|PfMMVA^?%tP{As=|)ZO22*sfbG5T#?Z=zMN>UU+%y
z!|6w^X@8Hr5Pf-ipO)y;70nKB7QcCTZqc2)|6U0fg$fw0Rp1e_nblFda@VP?M}3ZP
z9`}@3ru0lj=INq8DRJM=O_loU-}KRJ%hVF_R|Xt=Lo{x>?D%n{WY*>OfS(VUD^qvA
z-YX-0z5Bx)hZ)xmF8?}cu;|2r!@I023}*=MFgDz`r(%WNHRB}tupI|mxVNx>63(dU
zcG#=+H~hh$=Bt7!>0d=BZrUQ_e%{{jq{iNzH$G)7=!;A{62aLl^6Qh`hZTqOozB1N
zs}WY&7ad`^L3GYJ`(;mjqHbQB*iydwtJ|F_N6AyHMXP3-CEZP$<SCGmJ9Tl6`dOI=
z*NqwdL>`pQ=sLRnVOhtlw(5OzZI8FTVwL~-BlZ6dyYiP=K`}zoN?oQOJA-3Zg}DEl
zyvlwn%L^BWOL<P+YQ@q2)^9m`P?Fo=vd?t=RMXFwqT+Vm)IH&y?Q&^V1N#crgg<k(
z-EuMVw?D`@E4TM}JgBX3=)PTJhQi&6E?sYfZ!B50eBWFCww>BDwmpk}H9@_?Y4!J1
zW1XkItYPx^qogi0zG)SyW^X@!s_x2^#coRfDjGG;cgzUB_urOz^P)>%_;uut&Gr#<
zf9YBA>s9`gvU78e6ukN?Gn4b$(u&IdlhW0uo}C$c4Q@VqHt+GqXiv}HABP?u(C%k6
z3UFbK(X)JOC+Mjfo_|@WFREqN{P!26EhozVs+H?wRmuOmBvk!c^WWOs5A*&s-#%fb
zcYCXr(~0*h`Dae;*vimdx~^-Fc5r9mvAfZqGlf~}Ea!TCT&ezIr_YO>;+v12+S0h=
z$GjiPHoXh0ruIzsczpAae9`3ioeQf^yk|)+`mpwh#CeC)D}FHrwe72w_4BVV{5SEI
z+QoBiN99f>F4}faEa&9Gt>L_@t~zh+fArjWvo`Ayck5#Po{R^62~#GvJ)F4fuR@8)
zjRR3r4#&KGDRfHoY~a51MVcxLb(h?K{X0~*zJ2}r3x7WHTuw?#n6$Ss&ws78_N+{O
zOL3nylV6Em2-^O>&f%6!ou6MrTd}aeu(#6b*K5CRFzD(3y-V%Qy~h)UG}cba56nHv
zx+af%#{63|vp3D1qWEW3)V~(y8;Lf{x7L0&(7T-@@j&z#SJHd6wKc{^Uvu%r>a5f%
zo~^-c{vuK`bAv;q2>bNH%0oKGUW<fx=RY~IU#l>zGd*2Z>%H`0+l?1)a4)m{7cW*)
z(*CYjE$7b5#GUmjT+{Bzb-&dSQkiy%rD5sU|LfUa?)>wo`L<TVoD<sHFSf>(t6u97
zKD6Tc6t0h{7rMf~r3<af?g(M96K-C|viZTY*ZL}nr(OrG(VqP`bWuq4!Rd*i3~h<$
z#g?nBlA5)VIgP!B{e}1`HN_iq6Ms|%uh?VVn-U|mec~y#{Q*X6XJ%{eoh7!->%sfR
z1NPh1w)CC+KU3zSc%Sr7Q~8fu7RDU1+}x8mfBy?1E;e(Q#N}Lma#NgQ{sz5$zQt7k
z7E3ADBHxp$3l;>huh9R$HsMbT(+{cF^*(>nFWxKtw3$b-UhPD@-sA}{))oi{y`IT0
zmzkfg67}_2cHNTgTjcLv+^OWjcCDZ~oNv_@|HPSMoToY&mX@5kbahRng@Dvj(Xu_S
zdrVRVnV6oc`hPv${n^~BqsQ%eabJOn=lN;voYN0Qe)OMS%ay&X+L!-gR7R6<UrBV-
z#pnsEb_;FQFsz-w@W8%Fog&c>U+mH}`O)&Se2bX1LB1@*-3rko&T2I?MQVEgt2FGt
zz|>k1e*M9p7PePeepwN1fB81ce0-p}+1-})tXRmp-u(UNOrB5S;`P&9IPLT5N&j57
z)|gL~JaV(WvgCrK*vfC0+RnE9E<AA3#`*4(8$Tnm&pqJjEtfhP)fQJ2A>7QQ%Q@Yk
zPv=GM%N?Q;&Z*HM$Is80wD3Ro>)l*E+V4!=R-U|*S{mJ@Ey@_0r}^aLfy-|WnauFg
zsb;UpHr(m7@RX4E)6{hy#hs#pk6ztoORxNp6*P5jgSE~Y13~#G4GbdNR%mF{H~mfc
z(|ncxxX`={@lLlLZeGZ8*d^%jR7w4p-ISxx*0~AK?p+hu7P7|t^UTij(mLT2jE^}(
z%M_Q%OPMEaS+qWG-S+7-V|q#^d{65(H}8_-UAA?b)PqldG!(x+KQ8b1da2{v8RpYA
zZrrZ(^W^J2R|<Xi&($n?X*~PIwt{IzZA@+2JMM40x%0=Pv@%DpN!Qp+R(}4@DOvhP
z`1{>G-`O`j_l>W;w#s;QrRM9f3CS-1+tqoM%l`SDezKOKHdO2XgFjtK8P&E1xdNxF
zvWr>dbxv;!T)$Xr!$a!>yN~JaPO04z_UAx;`8}Q>mt{})K4h++EEcWy_v(eRH|Ea&
z?u+*6@G`2jv_GG7yk*g%v#l$)E_K=DUh}*4&2r0`Nqc!G2S4vw_hEY5I>#r8Sp{nQ
z5^hbN)mO44K{0fHC7;ECrjw!PFSs)NR1{TC+aRen^{!8%){eV&zYkR`Eex;Eat}(W
zKT>|?>;YjL-RH%J7niGZ7o=8{tM#RC&ZuvUTO}E>!qQdA^=QqE-&ZtzP76w0{Iuiy
z`s;!-r*N|Q{r`9JLtew&M?Y6EUH!ds)AWr3$v5~F^m&y(2VN0dbu#gLy8iM5^WHr^
zdv@NgQ!`f2m=wQclJ~ba+z;-(=}h=Df0`ioti2x=wCtbqc5#%*hn)$p94|i6{<%Iv
z`*8Mj15eXNwY2ix|G&5#Y-F^ZZuW{xICM(chv-jNjy-#(WEWu~y<>h<Q7T)x_>rd@
z?jBNVY*YUbJv(Bf+$*`o3a&nXxeLGfYrYFlyu0SmOM!<*yUY|h(q)-D=S}*sR=_>O
zO8xDYAF*GP@2Hpe&M1Al$1e0{QYb^YQ^5E8P5D;-yfP+Rt=$gKn5HA|%*`9dAM1Cb
zRi|mr5;Lu-3(nLrtgJWxmvDaZr~NInzD#C#!W*_;w4p{YK)mYb$){J-L!R>`N!i_u
z+Q`7cC(pnjCeCz2g+cUge6H#1S6WQ&HyD~eeAxSdK_XuwGK4|&%I8}RGfM>>t$gN0
z`>ir)vR<6Nee$!1!gp@A8J~Z%ImTYhwtr=fK_GvG`rc{MzW*YY)*0o$a#VC>nAcs!
z+W0|q=1R_Id<Whpy(l@nENxa7ztyH~Rwb3ULvA~*7T{TL@IcHiFig($R+L6X!_(uk
zJ(6pda}*}Cb3ZFiI>Osv8Zbk+*Fn&1{rzm$li@E996T%6=CFi~k>v{S4x7!3A4myz
zww__wXZL=m{v?LJmY4-ba*uwSC&#~4n!wVj{_Viz1g-_^FIoNRoLh3H^@^tK#<1U=
z6OuQ7-CR?=`q%kgot%RD@%rlzO>R<Yx#Dwnu6O<(UGe3)zkhua-8xN2kIBgG{41yb
zo}3nn*UCC)b8~2vevgva{J?Bo(Fw^SohDW5t5dH}Rky7_u<)VW-yHtU_dPr>+?xK@
z{y+cw&E?zg&UqANxluWAOHG8q&xIyazb<;M@NdD4ZI!}lpU)k!)%(>VKIQl8RT8h&
z;;Z<qc#o=nv+woMShnb5-^Dw80gV}Z^WWbKy7j)hLQM1U|EDHBCjxHpyG?wg+cLNO
zLhT)&9U<GQ{+Iu~b3!orlb7ekdSOZ78JALcnzS`%C%ZEg-F|JB>r*RUJLL^iO5l|X
z3pRHBsa-2tH-DEvfPKT_oYK1zQfWc^Oa4XlUkScer~b~`$?;CdMC<xY&FJ_CjOr)v
zeoFe&8C|n^iT_jmO(h;%+TWa(T+2N5$+`QNw}?GB`H1(}O6Cp~hA%g+B)8sr_R*xt
zY}R$RUF$hmbxXnx7cPAK*Q9A_K=F-JDmL~EamTsO-rk%eC2;to!h^m&t$X?xxCG5R
zBVQUE-Z_WY>d<tCgDI!-JreIQJV-k5V8xxV3cjaqFT2uTZ?M{V>Sb+VlDO!Zy4a^D
zzE?CBSa$@TiJ#8Br^YaMi^IvBA6!iaUxjb{)LVbS=i9W|FIT0VeEsF@m)ka-B`>)5
zKMG_%a8F-o`~0pT;h0nF=Fe6P6Vaa>d)<ohabBuP&C!3?tA5MRXFqmXW96QScdWXK
zmJ0@dOSrn#Yodfr&coNQ^`sMw);h_kCn$BzJ$-N9{yA)+)Alc9x#BL-*1Ged<2f72
z$4f=$`)Jm-e$Nr=-E*YxNaIaj5tF7l7uqD}iQnIr{9Mk<cHe(TTMenDcb^yEe)-Ij
z`M;Ta^WtOE_gpHg6g~Vn&(NuUs;2s%|IRG`UB$Z(rvF=c>8(Dq{PlnLDg(1-%~W2-
z)8;mDre*r655BjH_iwDYzr|d+OnLj;|B5RAx3xJw^YRo-`ZI6C^4P_*cD|nS?BaVr
z$Lmd}qHgr9c-5CFyMMOU{DU*)>o)o^<-R(ygO}rVwWx}A$)}k?oBn(j*d&qUb|Kz;
z?p*(``{K`+AAYoS^R3U1DulLH6u;TNXN}s11r^_-w(!)mKHROM&SACpov6zW{|7AU
zH$GKeKl!1;snzJ&>~#*tvhrEl>vyoeYgf`-Bf4fYtL`G+@1fbw@+FBkGF1Xr7qn#T
zd%p2(RU@w~xAfV$23k8FMxPX(tom8tr&k~MhCHwDSIVmvh;*-SIJAEGcDYH7Z6Enc
zKIz?BYv%FgU*N@Oe>OVw_%*Km%P#7#b4T%Lruf~-yyB}n*WL|^EcdTvo&9}p+U%v4
zvW3YV>>ZAwa+Vt;MCNPhs(rq7D(!F3irR-K&dW7+1Y0R}KPz8oAbD%W*2c?wO};dp
z`G2r9|5{U=MAQ2V0<UWXvSvJu3U=WOlGcvD5#oF>xOe^xiQ24d_hV1q)#db<`_NcW
zckY&n@?UlC?MjpT%~AJsJ7?9QlAk(jZ}DDYSNYY^U?%!y$Ex|u$~K&Nm3GAY?)y)!
z`qON4j}{r(I<ba+y_&(@()zIcU{u1YKSy5n<hu5TPun6;mLt5rt57GBtw^?=sU`OL
zhZyH0vv-8l9J%vz{moflo@(l=`f;gVv`)U*vVG6hV`tSvg!(@JsC7}=;3Z}9U><kQ
ziCiCh&kNtxj~rXFo~_uE$)5Z0gc$3z^2hTf%Qw8N?oXR>cgBtvx-JvVe@HoN%kVs`
znXBaR{;|#f<FC$EU-7vXIJq=qzQ_L#2DRJ2KY9H>6?Wj<pDphDh5oQ~$T1yvDVaC#
z<dlZ$dwXB@JaBT0zq3$EtmjXziHAdqmDuvUMroH>={!LP&TN^hT=-<ShtQJV;*?*C
zMkVj&DJwlGc^ux`<@(@v&H?ujhUZ$h`PojYzHe@N(xJL)veC1JuQnEhwh7&P_SSD{
z>*)!p(hN6O%~E50#?;BOJ-Tb_lLhLA^VN96e)oDV+*cuevOUxAeR@)w#KEu=Y|lfh
z?0>1n8fWikYTp%hW#v`z*;9izT#?D#r2X@<{f7F_$3ym|e=;?HWw2NC;b!UWvv2Tk
zJKBCFn`eK|)rHlk*u$gd1TW`$_b_jJxND=BiB|O5{Vq-~Z%*WYtNw4<qAM15&yS|{
zNeXOaKDF=?a}dveM^5ADJpy;X9W_ecbcWqFX<ng6?v`CwrNy4C%<8{2<;NrEPjlwE
zOx&Nrr+lnHF@NG>$G_*TUJ4nW*?aUiYhJx|qI!Gs<%NAIZ|@vQylp3FxU@u9|4)s5
z+-c!*o=w|wzc;1|708)=e(U;F%5K-EEh0rVRu{PKTe7Oy*cy+dGiRA=M<w<1U4HzE
zcdZ+j^{GAo4_fh_|5yKNU-JT{Wm!5#Z)&5CO-Q*R*2eVO#3YPeB;%UMh9|B+{mT+v
zXH36rfBqh$iteEvVV4(%JjN;YantTer>n)uMy<VfX>X9=$?Xkp5j+(JY`is}bzL_!
zC+t3z?c(=NS3H*|TJYnO*SAW7R)?qDVSkdPAn6c((Y==2?E7x_1Inj2#V~7^)K>D<
zbDB$kU8wJJ#QtpgQL)ojFFB&_-);gWB4I5zznBYCpUCC>eQQ>Hx_XsK$KTa{rXOsi
zSOu7PBQL~WEYi5R<k_bQE+_ssl)hwqz9;G5y^wQDvL9~UeEn4$Yt#y}SD}9#Lbc<2
zjtVoKZBjX_{5fmG);})Kr_Hi@r1w!NKHg^Xf4AO^g;i{a3TDpIe-bOd&~B40gD|&x
zvZ8MOw{_2MeV!R67Ng<Zv9Rv4mEiog&cwBCKQpJR-0ykot*E%V>`*n2y;XT&et(^y
z)!I9AF32!GaddmWC^R#p>aapS^T#)5UM+IH%^GurC+PjcyknYa2VUh&+WczMlKuOg
zZWY`Ue$jtHdI!g@CvHur8Rpha>(9;D@i<%as*PcRThH=+eb;%NPx*+c9C;r%hhfSk
zotKje>RtY*CLPogbUkJ*!BAlK=(26ZTdUefa^2}FVjSKFosIW(=-yTP;VK^>9-f@g
za6m<k@BI95`^tFNJ#TjG_!{adz_{^Hi*V1H)%8|SPQJY(E9)1}E#g&u+&b&f)Ub+q
zWix7B)}|Ot{u&xG(K~``d6-L#{VkF2yEHf^2U*n}U$p$HZ~o+)#cw#iZ;TWVZ&7_X
zz3ltkkg65QPvySK%D?&UaZcc$^2_uo8{OGDDp@5jeK>Y+-SWMU<+m;{ki1mASD}0b
z&l4G^sGrRuT(3eTUT$d4QNF7d`|tj1X?};jlNUYo7ij!`W8WiV7Eb0qkD`y4L@#+w
zd^vM@lJBE{vNx=<Y1_Zm-deZYbNSYfe-ce<mR;CUddOjSP6proszAYG#ap*+Zv&;A
zFOTAsr@r1Wr*!?#2PRxTg3}#1lI8WJdLzGmIDFEnHJh`hnnf({hGzQa6#)_gEm=FP
z_UAo5_5Z4YgXE#(j~7dvIdIT?evw9#(aK~APhN4`go59ztS;O)SC3Zze&pqn#~krT
z1MRl0?BUzx!~AAjB4@+fDYbsbuAKRF;H@%G*v|U7DOE)bK^IExMRu;vfA!+%tY7TY
zs{b!~z0JVQ{0r0M?ib-ZmT&IaZm`5SX~%EQ6Z3E9%(iKJ72qi?ectHUyg2SNdDfb@
z*w@_O_3+Y?5Nm(274mWAJmnuIE6q!6i8|T%;gi4m$>WxlNB=xto1f0Ux?*kwYgZW4
z{e97_X0ihMGZeNTWKDZ+eejV&kHq&7#qNnyD>mI+&+@g&P%Yv3zVByyU-ZPR{gArK
zZD-%QY4)>z&r_F*k8bp|60B=|v+W{d^xAaqz@_rGt#zWsE4lrR;{25v7l-Sl`mI^8
z`uFrHA*(Bw?pwG;QMdA$NL|a0CH$x6thkVw5w?4BMp47b9=~n_(SY|a-agk|Vz(qj
zUH#f*Q8(!&`tt>*Ew6a$Y^QkqkkC7(J2FcwVxK%}ReBb6Mk(&nyJPVy*pmD9X9uVI
ziMPwk<Uak^#P`_sqj$pAxMUV}jzX{f@rN4UZIM2bd92Ij56fkyqH8}td4D-tw(R8H
zM7zt2Ohaxu+Uh%ezWB|d>}>SQ$F~xdcg&mXJXwX!_;cpQQ}tn6qQ6zwzA%Y7`?mdb
zLTN_a`_jq$%N}w67g;;G?a!7Ie^flhHa)RVY1UZ$+Ph5nM21G6FsBSt5i{rECl;rA
zZLH5}d~AK7y#LqNb(V+3%o#4)>|qo;wd(Gs)sd`L*A6hUXzp*RYJZycuJIJFpCb3t
zUosCAm%XY#WDwe)ZC;f7EZ*%x)BA%@n(c3Fw0!j9)eniRZQF8O)gy)Zr-&a}y(i{X
z$&uNC1@Q}#xG&E+_d6(Mr}Tt}Pc!CJEw%r#ulMe@A_X7K>hrhQf2YhVoyp~Qb>YR6
zt#-HmJH3&6-BDw{ra8px?ab42V(nK*Yw@h8s*+;%Y?l_2|MB4<>$+^qt=cQRY<M~P
z3zBAE*PQ#zepTeWfBWua3kZJP@bT-G<!+Pi=y?ZCu@SDGP<}K*t<l#?U~A;WJpY%4
zJGgcCEqk*go_oc7YmSpQPaN7mPkM&JqvJQ4n_e?zlv!2iEwVnX^t;~i>zeGWsS^WO
zc&9M!+-MeU!pA4T-M67J?C5!MsetphR-Anq{dea_pMc~eX*m=BMyzGKdi2R}b`y@h
z)7mW7D5S)y@lE=o_&xav!<I`^qHEX_V<wcfSRC({yI=G%tX}x)WzoX|S5F_RU2|hn
zaPbWb=Ul(J-BFSk(@$;xP{(rdbXuB?V#&U}74}iD`u|sMS^K4_>A2M*#z$<YVvQD6
z8p^LuThq=pU(dOw{P>-8jhnpZp9QQiITuiCrYXBi<>;F&>laGzJZ083@0+V&%s+Yg
zj|(nV2z0;q-6=JL|I_Rk%b6M9ukHU2NhGE6n<{61Y{)MTX8LLQ%<IxEdEYJJFBkn4
zyqv-9J0twWcK1zP?E5;lF#M10(~F2opFYvGN1m(r^;NfhpQk<7Ju<KOkMoTWrUrsX
zm#^$K%P>A)<T}AdMN#W`Mql#X%ah}FeA5n%lbZeI=7e*W<ySJia~K^ivFNF~#2!7p
zZP}BBf?|KwD@5O=N{F9M6<oA>i-*5`P`b;xQyy$yVT%lodGD<kee&F5-$K3KX~r3X
zKbLVmYGHAhX7=Xvg>Q^LQVxCFKD~5%d!Sje*-)=cJM^pfBdzeXJ!}4`7`h(_b_n1L
zdY8PD<IchlK3W>Br3}pRkx$j`yjv5(Ym~97fJu3JRG8<~AB_SFdt_x(Kk4{Sd%kJn
zq^mL4-Z!b|*{~Ev`fNET#lI^*kF!u*xUV_TL1A0!vHJmjxj$z=c)I-!v-tE&4zVBk
zt75&q($j7~?4Psi%-V~#x}t6OwW~c@xU4Vk-L$5u)_K-i#_JbaRz}C&{d#|H4Ewx!
z{L-1%j#(#f?bXoR^8Zu2Ti2Hx`?++VPw@2YJh`Lm(6S{D_CGN%l<@kJ?d9*b^pDZg
zsXv0dZXZ@$^LXQK^W*<B1@>NCmUxd<MKC0l)o@+Ov*i-&RDAjVC2#4R-Tbyt;Y-u;
zyk)s*50ke|eRefRAib5%=Fq*msjNFQl3h3#1dE)LW!c@(VN;cMfhqj%v1ZpUwte5<
z-VC1e#(rLrO;YmKZMVTGBkbYH_%|`BjRKSQWaNF6s%}_3NlxBE|AlDoi_<rst~)<#
zomHgVGXbLlgA<+ywka<(DGm3}ZpmbNntsRb;N3_!i<dH&CN;ef6LUXUnf!-i!}6f$
z|9^X=4&6SSx3|W1N&KtqJ-0S<#7=ZyUHXi5&i&2lTWqgiR=7OxZr9xK^F15-qu(v~
z@}+zgN7v2g>v@05E>D}V>A}0}y(-HOGcJ@Y=y{s0b5Ul-q`HL><_Se?DZajT@77sO
z;b}H46gkLvK&i>aH8-cRLhmsH?@`I7oP_B!)=a&cuzY$_>>Pnb97+==PQ3TEX4UmS
zXLcuulx~;E_A`IXI>~Hf<)(yAtJ<4C+!6xL&#X$=`}qB?E~&VCJDR&bUP)dZHQ9eB
z_uaMsa$m5#d!S=~`cKrsCPTdqt0(A6%WI|1^Vn*pn)NJ?_fLKvhduW>?feDFZz`5e
zeHO6f{H#^BZqp*UZC%$$=WM>M9h~5Gwyk|miQOrC&5V^3V=H!~{IhtJ@FCp6wQEy7
zLvN2tz{W0asW0D`eNk?f-pqOP%*N&&w-!G#%Gz8ZSi5b>sV^taOjWwErSpTo=4Yix
zx&PBXWSo-i$%_$Sh;^yqYMs-a%KSrtrR2DexyB2}3&|RfA9=7u$g+JiYX2nqx>nt5
z!(;2@pPt4E*ZoA@7%rMju6x+U{w!Mg=&?914)zPBX*<lHyE(ktE@&;h_q{-;IVeH=
zt+q4&nc%kY>16RQQ&vpK&A)%gsMyxUIN+0$cg@{J-?Y!<b#-bo9NAmS+5Ejq!n)DI
z|9kK1J8fQnul@<0{P^nPh?!iAqFBmQT|Kr*d~sgs@OSH)1uwc4PfVD)OD40noR^I=
zLv8V`-OQ2fNvDd<RM)TEy2#?}*4?(}6$6}K1(qu1CiBdiGs8wVq_k~S`q~B+n=AKY
z{%fv2deAqh;{0sa<(uCsHvMJ#w(5D>t^G>JP43O^&Xju|lXl>r^!(XVUu@=l&d2{|
zis)pPY|T?v`>sW)t#kA8;C-uEd(g^Z-+`Cc;`W~_J(IkqVR<wQr+xS8Q;%m9UOc&F
zVb<oqFSClb*1go$ir=v6)5bZHoa?yk*J#dk3pV#)VC3E`b1KpFhqR%%Yrenxn{A6V
ztGXY2j;z>P(|+{rN41-o^VJtu?))hn<hxew#^!nd&T`tnEw;bQpZoN}GuAH|v)kGI
zU5`)fS-+M|YC_t~p46H%HJm%<c^{XVdUxrO(!dP$jeq}#yRjsGRblzI?)zWSjAP+9
zul$>z|NoBfk#D9EOgG|1-0kNj7*`6sxR>wwIL?_rdcL|b1Lxnp><%n$(!S2~a+2%s
z{tvzPe-6V@_RDj>*8RW#%K6TLMJ44wdsi@guzCIdcb!o1GV6c(`S;l8nM7zkpLApT
z$)zg1^=tg^q&`@1G5>@0rcXRBi<JIvi(pmx{yu@R?a!9KpY~jRc<)P7Sy$SzO=~uN
z-_>-<U*X$wA8mp2@&+@MY_9&>^~AS!!^X(F+g56aDmZ<1eR_8$kIyNunhA_nE1v{&
ztQGsZ<jXEckzf0t1vW}PbmG5Lp=2$`#wx>I^k?H8*C!A5i5=6|nI_Y+-J*_Hi)U_e
zfKdB|Ynx6c?~#6>8TNV$^P?3na~vfYcQHkmNA(&QJ-Vd&dgI+Yk~O_NCqq?VhL&$%
zd3eh;K99Roeop<evM;xtt8SjrqUIZGgIqc0)wrexGo(D1nDgNMzGtr@bx*xseR2&;
z(yytF!i;lD!??4iU-&8XiT5d^r%&$70N1DIpTFFBtoBgAuG{PZXFo6SJ{H@5<NLMm
zXD%Lprh2>EOtq_eO}F74m*8WwRx?j%Dy&tEx~?R@MWwf1Ln)r?G+)t*%CiYV>5F9U
zT{p~is0ayp8S!?j#A&{g(;m^^*B2jly__Mz@Z{MU;mT<a%Kf%(N>>(#n<y}ZGBB->
zjecIZ%bkHWfbnVEimy%cW*d9-ZB4qhBKC(K!+*cK-0m+~*neHMj8_PMo;%BfL92oJ
zq}&oU#s_LDYCnCL52)1ztLit(Fv|Y)pR$iphT)>n^fSdG4zrk8E_^xu&*($IidFyL
zZe3Zwb;<v2C+pRJOU6Uv_9^#|Pn>xZwR`95vX{;*6bWOf-m-V+1>I@;=SdtE>dv>n
z<#;3K^sz|$-MgAJ%v-9M7Chk5%e#7Kb(OM$&lHvy6@J^oCN8X)9I*N9nM<wzSDp08
z-BmO5h}qJFoZ|oeH79HymlbUdyJXS6VV{#>zTBT~cc)FCPrPtnf6Zg3T5p-ws*MR&
zJz4Bh%et~1&J+dBDQlhoQ2*smdFgEP#~t5ZEm%AyEozxq*2<_8M^E($CcepN539I!
zIpWW{`?GuYb)B%9*thJ=2A1^Vg-XU+yH39mvorL3b3lwqN%~ThefiEudbU&dFAa5l
zvHzp6mL%)Pjh>5EUfEY8p4<ChJcv`g|NlSTm7Cs_MtC>yie^t=A96~~sGRS1V9ti;
z?)Gup48A`QzjmO=zx-*ogUl?(+RBJUuNin3Fx)yU7qRr517ipS(~8pkxyN40OnZIx
zJpYYH(Z|y=83a$Huj!iA(5GA?AHPKOEC)j<1H&plbB|ZH45AJUqK@sW|1xkbVBlI1
z|H>($g5~JHC2C9w98X$)dOzS5Xf!db(4XG)-{?a?qlxFPGZW<B+>pO<%kdR+vQ%gr
E0M#j}4FCWD

diff --git a/modules/nushell/configuration.nix.nu b/modules/nushell/configuration.nix.nu
index 382fb6f..eed4f4b 100644
--- a/modules/nushell/configuration.nix.nu
+++ b/modules/nushell/configuration.nix.nu
@@ -1,4 +1,4 @@
-{ lib, ulib, ... }: ''
+{ lib, ... }: ''
 $env.config = {
   bracketed_paste:                  true
   buffer_editor:                    ""
@@ -155,19 +155,7 @@ $env.config.cursor_shape = {
 }
 
 $env.config.hooks = {
-  command_not_found: {||
-    ${lib.optionalString ulib.isDesktop ''
-      task status
-      | where label == boom
-      | get id
-      | each {|id|
-        task kill $id | null
-        task remove $id | null
-      }
-
-      task spawn --label boom { pw-play ${./boom.opus} }
-    ''}
-  }
+  command_not_found: {||}
   display_output:    "table --expand"
   env_change:        {}
   pre_execution:     [
diff --git a/modules/nushell/default.nix b/modules/nushell/default.nix
index 40c76bb..56dd59d 100644
--- a/modules/nushell/default.nix
+++ b/modules/nushell/default.nix
@@ -1,7 +1,22 @@
-{ config, ulib, pkgs, ... } @ inputs: with ulib; merge3
+{ config, lib, pkgs, ... } @ inputs: with lib; merge
 
 (systemConfiguration {
-  users.defaultUserShell = pkgs.nushell;
+  users.defaultUserShell = pkgs.nushellFull;
+
+  environment.shellAliases = {
+    la  = "ls --all";
+    lla = "ls --long --all";
+    sl  = "ls";
+
+    cp = "cp --recursive --verbose --progress";
+    mk = "mkdir";
+    mv = "mv --verbose";
+    rm = "rm --recursive --verbose";
+
+    less   = "less -FR";
+    pstree = "pstree -g 2";
+    tree   = "tree -CF --dirsfirst";
+  };
 })
 
 (homeConfiguration {
@@ -10,9 +25,9 @@
       command_timeout = 100;
       scan_timeout    = 20;
 
-      cmd_duration.show_notifications = ulib.isDesktop;
+      cmd_duration.show_notifications = isDesktop;
 
-      package.disabled = ulib.isServer;
+      package.disabled = isServer;
 
       character.error_symbol   = "";
       character.success_symbol = "";
@@ -20,29 +35,16 @@
   };
 
   programs.nushell = enabled {
+    package = pkgs.nushellFull;
+
     configFile.text = import ./configuration.nix.nu inputs;
-    envFile.text    = import ./environment.nix.nu inputs;
+    envFile.source  = ./environment.nu;
 
-    environmentVariables = {
-      inherit (config.environment.variables) NIX_LD;
-    };
+    environmentVariables = mapAttrs (_: value: ''"${value}"'') config.environment.variables;
 
-    shellAliases = {
+    shellAliases = (attrsets.removeAttrs config.environment.shellAliases [ "ls" "l" ]) // {
       cdtmp = "cd (mktemp --directory)";
-
-      la  = "ls --all";
-      ll  = "ls --long";
-      lla = "ls --long --all";
-      sl  = "ls";
-
-      cp = "cp --recursive --verbose --progress";
-      mk = "mkdir";
-      mv = "mv --verbose";
-      rm = "rm --recursive --verbose";
-
-      less   = "less -FR";
-      pstree = "pstree -g 2";
-      tree   = "tree -CF --dirsfirst";
+      ll    = "ls --long";
     };
   };
 })
diff --git a/modules/nushell/environment.nix.nu b/modules/nushell/environment.nu
similarity index 83%
rename from modules/nushell/environment.nix.nu
rename to modules/nushell/environment.nu
index d4831f9..24f0672 100644
--- a/modules/nushell/environment.nix.nu
+++ b/modules/nushell/environment.nu
@@ -1,5 +1,3 @@
-{ upkgs, ... }: ''
-
 $env.ENV_CONVERSIONS.PATH = {
   from_string: {|string|
     $string | split row (char esep) | path expand --no-symlink
@@ -20,6 +18,4 @@ def --env mcg [path: path] {
   git init
 }
 
-use ${upkgs.nuScripts}/modules/background_task/task.nu
 zoxide init nushell --cmd cd | save --force ~/.config/nushell/zoxide.nu
-''
diff --git a/modules/openssh/default.nix b/modules/openssh/default.nix
deleted file mode 100644
index 6a3aaa0..0000000
--- a/modules/openssh/default.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ ulib, ... }: with ulib;
-
-serverSystemConfiguration {
-  programs.mosh = enabled {
-    openFirewall = true;
-  };
-
-  services.openssh = enabled {
-    banner   = ''
-       _______________________________________
-      / If God doesn't destroy San Francisco, \
-      | He should apologize to Sodom and      |
-      \ Gomorrah.                             /
-       ---------------------------------------
-              \   ^__^
-               \  (oo)\_______
-                  (__)\       )\/\
-                      ||----w |
-                      ||     ||
-    '';
-    ports    = [ 2222 ];
-    settings = {
-      KbdInteractiveAuthentication = false;
-      PasswordAuthentication       = false;
-    };
-  };
-}
diff --git a/modules/openssh/motd.hist b/modules/openssh/motd.hist
deleted file mode 100644
index 3897daa..0000000
--- a/modules/openssh/motd.hist
+++ /dev/null
@@ -1,21 +0,0 @@
- _________________________________________
-/ You will pay for your sins. If you have \
-| already paid, please disregard this     |
-\ message.                                /
- -----------------------------------------
-      \                    / \  //\
-       \    |\___/|      /   \//  \\
-            /0  0  \__  /    //  | \ \
-           /     /  \/_/    //   |  \  \
-           @_^_@'/   \/_   //    |   \   \
-           //_^_/     \/_ //     |    \    \
-        ( //) |        \///      |     \     \
-      ( / /) _|_ /   )  //       |      \     _\
-    ( // /) '/,_ _ _/  ( ; -.    |    _ _\.-~        .-~~~^-.
-  (( / / )) ,-{        _      `-.|.-~-.           .~         `.
- (( // / ))  '/\      /                 ~-. _ .-~      .-~^-.  \
- (( /// ))      `.   {            }                   /      \  \
-  (( / ))     .----~-.\        \-'                 .~         \  `. \^-.
-             ///.----..>        \             _ -~             `.  ^-`  ^-_
-               ///-._ _ _ _ _ _ _}^ - - - - ~                     ~-- ,.-~
-                                                                  /.-~
diff --git a/modules/openttd.nix b/modules/openttd.nix
deleted file mode 100644
index 3629d96..0000000
--- a/modules/openttd.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ ulib, pkgs, ... }: with ulib;
-
-desktopHomePackages (with pkgs; [
-  openttd
-])
diff --git a/modules/packages.nix b/modules/packages.nix
index e0e0e4e..e11934a 100644
--- a/modules/packages.nix
+++ b/modules/packages.nix
@@ -1,4 +1,4 @@
-{ ulib, pkgs, upkgs, ... }: with ulib; merge3
+{ lib, pkgs, ... }: with lib; merge
 
 (systemPackages (with pkgs; [
   asciinema
@@ -10,8 +10,6 @@
   (fortune.override { withOffensive = true; })
   hyperfine
   moreutils
-  nix-index
-  nix-output-monitor
   openssl
   p7zip
   pstree
@@ -26,7 +24,7 @@
 ]))
 
 (desktopSystemPackages (with pkgs; [
-  upkgs.ageNix
+  agenix
 
   clang_16
   clang-tools_16
@@ -36,18 +34,17 @@
   jdk
   lld
   maven
-  upkgs.zig
   vlang
+  zig
 
   wine
 ]))
 
-(desktopHomePackages (with pkgs; [
+(desktopUserHomePackages (with pkgs; [
   element-desktop
   fractal
   qbittorrent
   thunderbird
-  upkgs.rat
   whatsapp-for-linux
 
   krita
diff --git a/modules/pipewire.nix b/modules/pipewire.nix
index 01229fe..309e799 100644
--- a/modules/pipewire.nix
+++ b/modules/pipewire.nix
@@ -1,11 +1,11 @@
-{ ulib, ... }: with ulib;
+{ lib, ... }: with lib;
 
 desktopSystemConfiguration {
-  security.rtkit = enabled {};
-  sound          = enabled {};
+  security.rtkit = enabled;
+  sound          = enabled;
 
   services.pipewire = enabled {
     alsa  = enabled { support32Bit = true; };
-    pulse = enabled {};
+    pulse = enabled;
   };
 }
diff --git a/modules/pueue.nix b/modules/pueue.nix
deleted file mode 100644
index 4aee13b..0000000
--- a/modules/pueue.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ ulib, ... }: with ulib;
-
-homeConfiguration {
-  services.pueue = enabled {
-    settings = {
-      shared = {
-        pueue_directory    = "~/.local/share/pueue";
-        use_unix_socket    = true;
-        runtime_directory  = null;
-        unix_socket_path   = "~/.local/share/pueue/pueue_your_user.socket";
-        host               = "localhost";
-        port               = 6924;
-        daemon_cert        = "~/.local/share/pueue/certs/daemon.cert";
-        daemon_key         = "~/.local/share/pueue/certs/daemon.key";
-        shared_secret_path = "~/.local/share/pueue/shared_secret";
-      };
-
-      client = {
-        restart_in_place            = false;
-        read_local_logs             = true;
-        show_confirmation_questions = false;
-        show_expanded_aliases       = false;
-        dark_mode                   = false;
-        max_status_height           = null;
-        status_time_format          = "%H:%M:%S";
-        status_datetime_format      = "%Y-%m-%d\n%H:%M:%S";
-      };
-
-      daemon = {
-        default_parallel_tasks = 10;
-        pause_group_on_failure = false;
-        pause_all_on_failure   = false;
-        callback               = "\"Task {{ id }}\nCommand: {{ command }}\nPath: {{ path }}\nFinished with status '{{ result }}'\"";
-        callback_log_lines     = 10;
-        groups.default         = 1;
-      };
-    };
-  };
-}
diff --git a/modules/python.nix b/modules/python.nix
index a63dd7c..e1a1612 100644
--- a/modules/python.nix
+++ b/modules/python.nix
@@ -1,4 +1,10 @@
-{ ulib, pkgs, ... }: with ulib; merge
+{ lib, pkgs, ... }: with lib; merge
+
+(systemConfiguration {
+  environment.shellAliases = {
+    venv = "virtualenv venv";
+  };
+})
 
 (systemPackages (with pkgs; [
   (python311.withPackages (pkgs: with pkgs; [
@@ -8,9 +14,3 @@
   virtualenv
   poetry
 ]))
-
-(homeConfiguration {
-  programs.nushell.shellAliases = {
-    venv = "virtualenv venv";
-  };
-})
diff --git a/modules/qt.nix b/modules/qt.nix
deleted file mode 100644
index 127c7fc..0000000
--- a/modules/qt.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ ulib, pkgs, ... }: with ulib;
-
-desktopHomeConfiguration {
-  qt = enabled {
-    platformTheme = "gnome";
-    style.name    = "adwaita-dark";
-    style.package = pkgs.adwaita-qt;
-  };
-}
diff --git a/modules/ripgrep.nix b/modules/ripgrep.nix
index f459bd4..929cce6 100644
--- a/modules/ripgrep.nix
+++ b/modules/ripgrep.nix
@@ -1,10 +1,12 @@
-{ ulib, ... }: with ulib;
+{ lib, ... }: with lib; merge
 
-homeConfiguration {
-  programs.nushell.shellAliases = {
+(systemConfiguration {
+  environment.shellAliases = {
     rg   = "rg --line-number --smart-case";
     todo = ''rg "todo|fixme" --colors match:fg:yellow --colors match:style:bold'';
   };
+})
 
-  programs.ripgrep = enabled {};
-}
+(homeConfiguration {
+  programs.ripgrep = enabled;
+})
diff --git a/modules/rust.nix b/modules/rust.nix
index f648d78..28c2d34 100644
--- a/modules/rust.nix
+++ b/modules/rust.nix
@@ -1,8 +1,4 @@
-{ inputs, ulib, pkgs, ... }: with ulib; merge3
-
-(desktopSystemConfiguration {
-  nixpkgs.overlays = [ inputs.fenix.overlays.default ];
-})
+{ lib, pkgs, ... }: with lib; merge
 
 (desktopSystemPackages (with pkgs; [
   cargo-expand
@@ -16,6 +12,7 @@
   ])
 ]))
 
-(desktopHomeConfiguration {
-  programs.nushell.environmentVariables.CARGO_NET_GIT_FETCH_WITH_CLI = ''"true"'';
+(desktopSystemConfiguration {
+  environment.variables.CARGO_NET_GIT_FETCH_WITH_CLI = "true";
 })
+
diff --git a/modules/ssh.nix b/modules/ssh.nix
index ccf9aee..ed3c166 100644
--- a/modules/ssh.nix
+++ b/modules/ssh.nix
@@ -1,4 +1,4 @@
-{ ulib, pkgs, ... }: with ulib; merge
+{ lib, pkgs, ... }: with lib; merge
 
 (desktopSystemPackages (with pkgs; [
   mosh
@@ -11,23 +11,49 @@
     serverAliveCountMax = 2;
     serverAliveInterval = 60;
 
-    matchBlocks."*".setEnv = {
-      COLORTERM = "truecolor";
-      TERM      = "xterm-256color";
-    };
+    matchBlocks = {
+      "*" = {
+        setEnv.COLORTERM = "truecolor";
+        setEnv.TERM      = "xterm-256color";
 
-    matchBlocks.cube = {
-      hostname     = "5.255.78.70";
-      user         = "rgb";
-      port         = 2222;
-      identityFile = "~/.ssh/id";
-    };
+        identityFile = "~/.ssh/id";
+      };
 
-    matchBlocks.robotic = {
-      hostname     = "86.105.252.189";
-      user         = "rgbcube";
-      port         = 2299;
-      identityFile = "~/.ssh/id";
+      cube = {
+        hostname = "5.255.78.70";
+        user     = "rgb";
+        port     = 2222;
+      };
+
+      disk = {
+        hostname = "23.164.232.40";
+        user     = "floppy";
+        port     = 2222;
+      };
+
+      robotic = {
+        hostname = "86.105.252.189";
+        user     = "rgbcube";
+        port     = 2299;
+      };
+    };
+  };
+})
+
+(let
+  port = 2222;
+in serverSystemConfiguration {
+  programs.mosh = enabled {
+    openFirewall = true;
+  };
+
+  services.openssh = enabled {
+    ports    = [ port ];
+    settings = {
+      KbdInteractiveAuthentication = false;
+      PasswordAuthentication       = false;
+
+      AcceptEnv = "COLORTERM";
     };
   };
 })
diff --git a/modules/steam.nix b/modules/steam.nix
index 42ac1b2..14727b5 100644
--- a/modules/steam.nix
+++ b/modules/steam.nix
@@ -1,4 +1,4 @@
-{ ulib, pkgs, ... }: with ulib; merge
+{ lib, pkgs, ... }: with lib; merge
 
 (desktopSystemConfiguration {
   # Steam uses 32-bit drivers for some unholy fucking reason.
@@ -7,6 +7,6 @@
   nixpkgs.config.allowUnfree = true;
 })
 
-(desktopHomePackages (with pkgs; [
+(desktopUserHomePackages (with pkgs; [
   steam
 ]))
diff --git a/modules/sudo.nix b/modules/sudo.nix
index 16ef378..ed7be40 100644
--- a/modules/sudo.nix
+++ b/modules/sudo.nix
@@ -1,4 +1,4 @@
-{ lib, ulib, ... }: with ulib; merge
+{ lib, ... }: with lib; merge
 
 (desktopSystemConfiguration {
   security.sudo.wheelNeedsPassword = false;
@@ -6,15 +6,15 @@
 
 (systemConfiguration {
   security.sudo = enabled {
+    execWheelOnly = true;
     extraConfig   = ''
       Defaults lecture = never
       Defaults pwfeedback
       Defaults env_keep += "DISPLAY EDITOR PATH"
-      ${lib.optionalString ulib.isServer ''
+      ${optionalString isServer ''
         Defaults timestamp_timeout = 0
       ''}
     '';
-    execWheelOnly = true;
 
     extraRules = [{
       groups   = [ "wheel" ];
diff --git a/modules/thunar.nix b/modules/thunar.nix
index 95e78e4..3f1ebc5 100644
--- a/modules/thunar.nix
+++ b/modules/thunar.nix
@@ -1,4 +1,4 @@
-{ ulib, pkgs, ... }: with ulib; merge
+{ lib, pkgs, ... }: with lib; merge
 
 (desktopSystemConfiguration {
   programs.thunar = enabled {
diff --git a/modules/tmp.nix b/modules/tmp.nix
index 67f5cf3..f739059 100644
--- a/modules/tmp.nix
+++ b/modules/tmp.nix
@@ -1,4 +1,4 @@
-{ ulib, ... }: with ulib;
+{ lib, ... }: with lib;
 
 systemConfiguration {
   boot.tmp.cleanOnBoot = true;
diff --git a/modules/users.nix b/modules/users.nix
index b43732e..92342c7 100644
--- a/modules/users.nix
+++ b/modules/users.nix
@@ -1,4 +1,4 @@
-{ ulib, ... }: with ulib;
+{ lib, ... }: with lib;
 
 systemConfiguration {
   users.mutableUsers = false;
diff --git a/modules/w3m.nix b/modules/w3m.nix
index 01802a6..0975bda 100644
--- a/modules/w3m.nix
+++ b/modules/w3m.nix
@@ -1,12 +1,12 @@
-{ ulib, pkgs, ... }: with ulib; merge
+{ lib, pkgs, ... }: with lib; merge
 
-(systemPackages (with pkgs; [
-  w3m
-]))
-
-(homeConfiguration {
-  programs.nushell.shellAliases = {
+(systemConfiguration {
+  environment.shellAliases = {
     ddg = "w3m lite.duckduckgo.com";
     web = "w3m";
   };
 })
+
+(systemPackages (with pkgs; [
+  w3m
+]))
diff --git a/modules/waybar.nix b/modules/waybar.nix
index 8192197..cd02127 100644
--- a/modules/waybar.nix
+++ b/modules/waybar.nix
@@ -1,8 +1,8 @@
-{ ulib, theme, ... }: with ulib;
+{ config, lib, ... }: with lib;
 
-desktopHomeConfiguration {
-  programs.waybar = with theme.withHashtag; enabled {
-    systemd = enabled {};
+desktopUserHomeConfiguration {
+  programs.waybar = with config.theme.withHashtag; enabled {
+    systemd = enabled;
 
     settings = [{
       layer  = "top";
@@ -12,9 +12,7 @@ desktopHomeConfiguration {
       margin-left  = margin;
       margin-top   = margin;
 
-      modules-left = [
-        "hyprland/workspaces"
-      ];
+      modules-left = [ "hyprland/workspaces" ];
 
       "hyprland/workspaces" = {
         format               = "{icon}";
@@ -36,16 +34,7 @@ desktopHomeConfiguration {
         rewrite."(.*) — nu"        = " $1";
       };
 
-      modules-right = [
-        "tray"
-        "pulseaudio"
-        "backlight"
-        "cpu"
-        "memory"
-        "network"
-        "battery"
-        "clock"
-      ];
+      modules-right = [ "tray" "pulseaudio" "backlight" "cpu" "memory" "network" "battery" "clock" ];
 
       tray = {
         reverse-direction = true;
@@ -53,35 +42,21 @@ desktopHomeConfiguration {
       };
 
       pulseaudio = {
-        format                 = "{format_source} {icon} {volume}%";
-        format-muted           = "{format_source} 󰸈";
+        format       = "{format_source} {icon} {volume}%";
+        format-muted = "{format_source} 󰸈";
 
         format-bluetooth       = "{format_source} 󰋋 󰂯 {volume}%";
         format-bluetooth-muted = "{format_source} 󰟎 󰂯";
 
-        format-source          = "󰍬";
-        format-source-muted    = "󰍭";
+        format-source       = "󰍬";
+        format-source-muted = "󰍭";
 
-        format-icons.default = [
-          "󰕿"
-          "󰖀"
-          "󰕾"
-        ];
+        format-icons.default = [ "󰕿" "󰖀" "󰕾" ];
       };
 
       backlight =  {
         format       = "{icon} {percent}%";
-        format-icons = [
-          ""
-          ""
-          ""
-          ""
-          ""
-          ""
-          ""
-          ""
-          ""
-        ];
+        format-icons = [ "" "" "" "" "" "" "" "" "" ];
       };
 
       cpu.format    = " {usage}%";
@@ -99,26 +74,13 @@ desktopHomeConfiguration {
         format-charging = "󰂄 {capacity}%";
         format-plugged  = "󰂄 {capacity}%";
 
-        format-icons = [
-          "󰁺"
-          "󰁻"
-          "󰁼"
-          "󰁽"
-          "󰁾"
-          "󰁿"
-          "󰂀"
-          "󰂁"
-          "󰂂"
-          "󰁹"
-        ];
+        format-icons = [ "󰁺" "󰁻" "󰁼" "󰁽" "󰁾" "󰁿" "󰂀" "󰂁" "󰂂" "󰁹" ];
 
         states.warning  = 30;
         states.critical = 15;
       };
 
-      clock = {
-        tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
-      };
+      clock.tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
     }];
 
     style = ''
diff --git a/options/desktop.nix b/options/desktop.nix
new file mode 100644
index 0000000..609146b
--- /dev/null
+++ b/options/desktop.nix
@@ -0,0 +1,10 @@
+{ lib, ... }: let
+  userOptions.options.isDesktopUser = lib.mkOption {
+    type    = lib.types.bool;
+    default = false;
+  };
+in {
+  options.users.users = lib.mkOption {
+    type = with lib.types; attrsOf (submodule userOptions);
+  };
+}
diff --git a/options/ssl.nix b/options/ssl.nix
new file mode 100644
index 0000000..b989733
--- /dev/null
+++ b/options/ssl.nix
@@ -0,0 +1,7 @@
+{ config, lib, ... }: {
+  options.sslTemplate = lib.mkConst {
+    forceSSL    = true;
+    quic        = true;
+    useACMEHost = config.networking.domain;
+  };
+}
diff --git a/options/theme.nix b/options/theme.nix
new file mode 100644
index 0000000..7c3fb19
--- /dev/null
+++ b/options/theme.nix
@@ -0,0 +1,23 @@
+{ inputs, lib, pkgs, ... }: let
+  inherit (inputs) themes;
+in {
+  options.theme = lib.mkConst (themes.custom (themes.raw.gruvbox-dark-hard // {
+    cornerRadius = 8;
+    borderWidth  = 2;
+
+    margin  = 6;
+    padding = 8;
+
+    font.size.normal = 12;
+    font.size.big    = 18;
+
+    font.sans.name    = "Lexend";
+    font.sans.package = pkgs.lexend;
+
+    font.mono.name    = "JetBrainsMono Nerd Font";
+    font.mono.package = (pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; });
+
+    icons.name    = "Gruvbox-Plus-Dark";
+    icons.package = pkgs.gruvbox-plus-icons;
+  }));
+}
diff --git a/rebuild.nu b/rebuild.nu
index c12f440..fdb5a96 100755
--- a/rebuild.nu
+++ b/rebuild.nu
@@ -1,29 +1,40 @@
 #!/usr/bin/env nu
 
-def complete [] {
-  ls hosts | get name | each { $in | str replace "hosts/" "" }
-}
-
 def main --wrapped [
-  host: string@complete = "" # The host to build.
-  ...arguments               # The arguments to pass to `nixos-rebuild switch`.
+  host: string = "" # The host to build.
+  ...arguments      # The arguments to pass to `nixos-rebuild switch`.
 ] {
-  let flags = [
-    $"--flake ('.#' + $host)"
-    "--show-trace"
-    "--option accept-flake-config true"
-    "--log-format internal-json"
-  ] | append $arguments
-
-  if $host == (hostname) or $host == "" {
-    sudo sh -c $"nixos-rebuild switch ($flags | str join ' ') |& nom --json"
+  let host = if ($host | is-not-empty) {
+    $host
   } else {
-    git ls-files | rsync --rsh "ssh -q" --delete --compress --files-from - ./ cube:Configuration
+    (hostname)
+  }
 
-    ssh -q $host $"sh -c '
+  let args_split = $arguments | split list "--"
+
+  let nh_flags = [
+    "--hostname" $host
+  ] | append ($args_split | get --ignore-errors 0 | default [])
+
+  let nix_flags = [
+    "--option" "accept-flake-config" "true"
+  ] | append ($args_split | get --ignore-errors 1 | default [])
+
+  if $host == (hostname) {
+    nh os switch . ...$nh_flags -- ...$nix_flags
+  } else {
+    git ls-files | (
+      rsync
+        --rsh "ssh -q"
+        --delete --delete-excluded
+        --compress
+        --files-from -
+        ./ ($host + ":Configuration")
+    )
+
+    ssh -q $host $"
       cd Configuration
-      nix flake archive
-      sudo nixos-rebuild switch ($flags | str join ' ') |& nom --json
-    '"
+      ./rebuild.nu ($host) ($arguments | str join ' ')
+    "
   }
 }
diff --git a/secrets.nix b/secrets.nix
index 3640990..ceb11b7 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -1,18 +1,24 @@
 let
   keys = import ./keys.nix;
-in with builtins.mapAttrs (_: value: [ value ]) keys; {
-  "hosts/enka/password.orhan.age".publicKeys = enka;
-  "hosts/enka/password.said.age".publicKeys  = enka;
+in with keys; {
+  "hosts/cube/password.rgb.age".publicKeys       = [ cube enka ];
 
-  "hosts/cube/acme/password.age".publicKeys                  = cube;
-  "hosts/cube/forjego/password.mail.age".publicKeys          = cube;
-  "hosts/cube/forjego/password.runner.age".publicKeys        = cube;
-  "hosts/cube/grafana/password.age".publicKeys               = cube;
-  "hosts/cube/grafana/password.mail.age".publicKeys          = cube;
-  "hosts/cube/mail/password.age".publicKeys                  = cube;
-  "hosts/cube/matrix-synapse/password.secret.age".publicKeys = cube;
-  "hosts/cube/matrix-synapse/password.sync.age".publicKeys   = cube;
-  "hosts/cube/nextcloud/password.age".publicKeys             = cube;
-  "hosts/cube/password.rgb.age".publicKeys                   = cube;
+  "hosts/cube/forgejo/password.mail.age".publicKeys   = [ cube enka ];
+  "hosts/cube/forgejo/password.runner.age".publicKeys = [ cube enka ];
+
+  "hosts/cube/grafana/password.age".publicKeys      = [ cube enka ];
+  "hosts/cube/grafana/password.mail.age".publicKeys = [ cube enka ];
+
+  "hosts/cube/matrix/password.secret.age".publicKeys = [ cube enka ];
+  "hosts/cube/matrix/password.sync.age".publicKeys   = [ cube enka ];
+
+  "hosts/cube/mail/password.age".publicKeys      = [ cube enka ];
+  "hosts/cube/nextcloud/password.age".publicKeys = [ cube enka ];
+
+  "hosts/disk/password.floppy.age".publicKeys = [ disk enka ];
+
+  "hosts/enka/password.orhan.age".publicKeys = [ enka ];
+  "hosts/enka/password.said.age".publicKeys  = [ enka ];
+
+  "hosts/password.acme.age".publicKeys = [ cube disk enka ];
 }
-