116 changed files with 1084 additions and 1605 deletions
--- a/default.nix
+++ b/default.nix
@ -3,21 +3,21 @@ let
  # https://github.com/andir/npins?tab=readme-ov-file#using-the-nixpkgs-fetchers
  src = import ./npins;
-  pkgs = import src.nixpkgs { };
+  pkgs = import src.nixpkgs {};
-  sources = mapAttrs (k: v: v { inherit pkgs; }) src;
+  sources = mapAttrs (k: v: v {inherit pkgs;}) src;
  inherit (pkgs) lib;
  inherit (lib.filesystem) listFilesRecursive;
  inherit (lib.strings) hasSuffix;
-  mkSystem =
+  mkSystem = system: hostname:
    system: hostname:
    import (src.nixpkgs + "/nixos/lib/eval-config.nix") {
      specialArgs = {
        inherit sources;
        self = ./.;
      };
-      modules = [
+      modules =
        [
          # This is used to pre-emptively set the hostPlatform for nixpkgs.
          # Also, we set the system hostname here.
          {
@ -27,10 +27,10 @@ let
          ./hosts/common.nix
          ./hosts/${hostname}
        ]
-      ++ ((listFilesRecursive ./modules) |> filter (hasSuffix ".mod.nix"));
+        ++ ((listFilesRecursive ./modules)
          |> filter (hasSuffix ".mod.nix"));
    };
-in
+in {
 {
  temperance = mkSystem "x86_64-linux" "temperance";
  hermit = mkSystem "x86_64-linux" "hermit";
  tower = mkSystem "aarch64-linux" "tower";
--- a/flake.nix
+++ b/flake.nix
@ -3,37 +3,64 @@
  # No inputs, take this flakers
-  outputs =
+  outputs = _: let
    _:
    let
    sources = import ./npins;
-      nixpkgs = (import sources.flake-compat { src = sources.nixpkgs; }).outputs;
+    nixpkgs = (import sources.flake-compat {src = sources.nixpkgs;}).outputs;
    inherit (nixpkgs) lib;
    eachSystem = lib.genAttrs (import sources.systems);
    pkgsFor = nixpkgs.legacyPackages;
    inputs = sources;
-    in
+  in {
    {
    nixosConfigurations = import ./default.nix;
-      packages = lib.mapAttrs (_: pkgs: {
+    formatter = eachSystem (system: pkgsFor.${system}.alejandra);
    packages =
      lib.mapAttrs (
        _: pkgs: {
          inherit
            (import ./packages {
-            inherit inputs pkgs sources;
+              inherit inputs pkgs;
            })
            fish
            helix
            kakoune
            nushell
            ;
-      }) pkgsFor;
+        }
-      devShells = lib.mapAttrs (_: pkgs: {
+      )
      pkgsFor;
    devShells =
      lib.mapAttrs (
        _: pkgs: {
          default = pkgs.mkShellNoCC {
            packages = [
-            (pkgs.callPackage (sources.npins + "/npins.nix") { })
+              (pkgs.callPackage (sources.npins + "/npins.nix") {})
            ];
            env.NPINS_OVERRIDE_nichts = ".";
          };
-      }) pkgsFor;
+        }
      )
      pkgsFor;
    apps = eachSystem (system: let
      inherit (inputs.self.packages.${system}) fish helix nushell;
    in {
      default = inputs.self.apps.${system}.nushell;
      helix = {
        type = "app";
        program = "${helix}/bin/hx";
      };
      nushell = {
        type = "app";
        program = "${nushell}/bin/nu";
      };
      fish = {
        type = "app";
        program = "${fish}/bin/fish";
      };
    });
    templates = import ./templates;
  };
--- a/hosts/common.nix
+++ b/hosts/common.nix
@ -6,19 +6,16 @@
  lib,
  self,
  pkgs,
  sources,
  ...
-}:
+}: let
 let
  inherit (lib.meta) hiPrioSet;
-  helix = pkgs.callPackage (self + "/packages/helix") { inherit sources; };
+  helix = pkgs.callPackage (self + "/packages/helix") {};
-
+  fish = pkgs.callPackage (self + "/packages/fish") {};
-  fish = pkgs.callPackage (self + "/packages/fish") { inherit sources; };
+in {
 in
 {
  environment.systemPackages =
    builtins.attrValues {
-      inherit (pkgs)
+      inherit
        (pkgs)
        cachix
        calc
        delta
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -3,8 +3,7 @@
  nixpkgs,
  self,
  ...
-}:
+}: let
 let
  inherit (builtins) filter map toString;
  inherit (nixpkgs) lib;
  inherit (lib.attrsets) recursiveUpdate;
@ -15,18 +14,20 @@ let
  # NOTE: This was inspired by raf, and I find this
  # to be quite a sane way of managing all modules in my flake.
-  mkSystem =
+  mkSystem = {
    {
    system,
    hostname,
    ...
-    }@args:
+  } @ args:
    nixosSystem {
-      specialArgs = recursiveUpdate {
+      specialArgs =
        recursiveUpdate
        {
          inherit lib;
          inputs = sources;
          inherit self;
-      } args.specialArgs or { };
+        }
        args.specialArgs or {};
      modules = concatLists [
        # This is used to pre-emptively set the hostPlatform for nixpkgs.
        # Also, we set the system hostname here.
@ -41,15 +42,20 @@ let
            # common configuration,  which all hosts share.
            (singleton ./common.nix)
            # Import all files called module.nix from my modules directory.
-            (map toString (listFilesRecursive ../modules) |> filter (hasSuffix "module.nix"))
+            (
-            (map toString (listFilesRecursive ../modules) |> filter (hasSuffix ".mod.nix"))
+              map toString (listFilesRecursive ../modules)
              |> filter (hasSuffix "module.nix")
            )
            (
              map toString (listFilesRecursive ../modules)
              |> filter (hasSuffix ".mod.nix")
            )
          ]
          |> flatten
        )
      ];
    };
-in
+in {
 {
  temperance = mkSystem {
    system = "x86_64-linux";
    hostname = "temperance";
--- a/hosts/hermit/configuration.nix
+++ b/hosts/hermit/configuration.nix
@ -2,8 +2,7 @@
  lib,
  pkgs,
  ...
-}:
+}: {
 {
  # Time Zone
  time.timeZone = "Europe/Zurich";
  # Select internationalisation properties.
--- a/hosts/hermit/filesystem/default.nix
+++ b/hosts/hermit/filesystem/default.nix
@ -1,7 +1,6 @@
 {
  config = {
-    boot.initrd.luks.devices."cryptroot".device =
+    boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/10318654-ed20-43f6-885d-35366a427581";
      "/dev/disk/by-uuid/10318654-ed20-43f6-885d-35366a427581";
    fileSystems = {
      "/boot" = {
        device = "/dev/disk/by-uuid/5D7D-FC52";
@ -11,28 +10,17 @@
      "/" = {
        device = "/dev/disk/by-uuid/e353013b-8ac7-40ed-80f2-ddbea21b8d5e";
        fsType = "btrfs";
-        options = [
+        options = ["compress=zstd" "noatime"];
          "compress=zstd"
          "noatime"
        ];
      };
      "/nix" = {
        device = "/dev/disk/by-uuid/e353013b-8ac7-40ed-80f2-ddbea21b8d5e";
        fsType = "btrfs";
-        options = [
+        options = ["subvol=nix" "compress=zstd" "noatime"];
          "subvol=nix"
          "compress=zstd"
          "noatime"
        ];
      };
      "/home" = {
        device = "/dev/disk/by-uuid/e353013b-8ac7-40ed-80f2-ddbea21b8d5e";
        fsType = "btrfs";
-        options = [
+        options = ["subvol=home" "compress=zstd" "noatime"];
          "subvol=home"
          "compress=zstd"
          "noatime"
        ];
      };
    };
    # swapDevices = [
--- a/hosts/hermit/hardware-configuration.nix
+++ b/hosts/hermit/hardware-configuration.nix
@ -6,34 +6,21 @@
  lib,
  modulesPath,
  ...
-}:
+}: {
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot = {
    initrd = {
-      availableKernelModules = [
+      availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
-        "xhci_pci"
+      kernelModules = [];
        "ahci"
        "nvme"
        "usb_storage"
        "sd_mod"
        "rtsx_pci_sdmmc"
      ];
      kernelModules = [ ];
    };
-    kernelModules = [ "kvm-intel" ];
+    kernelModules = ["kvm-intel"];
-    blacklistedKernelModules = [
+    blacklistedKernelModules = ["nouveau" "nvidia" "nvidia_drm" "nvidia_modeset"];
      "nouveau"
      "nvidia"
      "nvidia_drm"
      "nvidia_modeset"
    ];
-    kernelParams = [ "mem_sleep_default=deep" ];
+    kernelParams = ["mem_sleep_default=deep"];
-    extraModulePackages = [ ];
+    extraModulePackages = [];
    extraModprobeConfig = ''
      blacklist nouveau
      options nouveau modeset=0
--- a/hosts/hermit/hardware/default.nix
+++ b/hosts/hermit/hardware/default.nix
@ -1 +1 @@
-_: { imports = [ ./monitors.nix ]; }
+_: {imports = [./monitors.nix];}
--- a/hosts/hermit/kernel/default.nix
+++ b/hosts/hermit/kernel/default.nix
@ -3,10 +3,8 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  xanmod_custom = callPackage ./xanmod.nix;
-in
+in {
 {
  boot.kernelPackages = xanmod_custom;
 }
--- a/hosts/hermit/programs.nix
+++ b/hosts/hermit/programs.nix
@ -1,5 +1,4 @@
-{ pkgs, ... }:
+{pkgs, ...}: let
 let
  # a newer nil version, for pipes support.
  new-nil = pkgs.nil.overrideAttrs (_: {
    version = "unstable-18-07-2025";
@ -18,12 +17,13 @@ let
      hash = "sha256-Sljr3ff8hl/qm/0wqc1GXsEr1wWn7NAXmdrd5wHzUX8=";
    };
  });
-in
+in {
 {
  environment.systemPackages = builtins.attrValues {
-    inherit (pkgs)
+    inherit
      (pkgs)
      abook
      aerc
      alejandra
      aichat
      alsa-utils
      anki
--- a/hosts/temperance/configuration.nix
+++ b/hosts/temperance/configuration.nix
@ -3,8 +3,7 @@
  lib,
  pkgs,
  ...
-}:
+}: {
 {
  # Time Zone
  time.timeZone = "Europe/Zurich";
  # Select internationalisation properties.
--- a/hosts/temperance/filesystem/default.nix
+++ b/hosts/temperance/filesystem/default.nix
@ -1,7 +1,6 @@
 {
  config = {
-    boot.initrd.luks.devices."cryptroot".device =
+    boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/96e8f3d6-8d2d-4e2d-abd9-3eb7f48fed02";
      "/dev/disk/by-uuid/96e8f3d6-8d2d-4e2d-abd9-3eb7f48fed02";
    fileSystems = {
      "/boot" = {
        device = "/dev/disk/by-uuid/B3AC-9050";
@ -11,49 +10,29 @@
      "/" = {
        device = "none";
        fsType = "tmpfs";
-        options = [
+        options = ["defaults" "size=40%" "mode=755"];
          "defaults"
          "size=40%"
          "mode=755"
        ];
      };
      "/nix" = {
        device = "/dev/disk/by-uuid/f0569993-722e-4721-b0d9-8ac537a7a548";
        fsType = "btrfs";
-        options = [
+        options = ["subvol=nix" "compress=zstd" "noatime"];
          "subvol=nix"
          "compress=zstd"
          "noatime"
        ];
      };
      "/persist" = {
        device = "/dev/disk/by-uuid/f0569993-722e-4721-b0d9-8ac537a7a548";
        neededForBoot = true;
        fsType = "btrfs";
-        options = [
+        options = ["subvol=persist" "compress=zstd" "noatime"];
          "subvol=persist"
          "compress=zstd"
          "noatime"
        ];
      };
      "/home" = {
        device = "/dev/disk/by-uuid/f0569993-722e-4721-b0d9-8ac537a7a548";
        fsType = "btrfs";
-        options = [
+        options = ["subvol=home" "compress=zstd" "noatime"];
          "subvol=home"
          "compress=zstd"
          "noatime"
        ];
      };
      "/swap" = {
        device = "/dev/disk/by-uuid/f0569993-722e-4721-b0d9-8ac537a7a548";
        fsType = "btrfs";
-        options = [
+        options = ["subvol=swap" "compress=lzo" "noatime"];
          "subvol=swap"
          "compress=lzo"
          "noatime"
        ];
      };
    };
    swapDevices = [
--- a/hosts/temperance/hardware-configuration.nix
+++ b/hosts/temperance/hardware-configuration.nix
@ -3,21 +3,14 @@
  lib,
  modulesPath,
  ...
-}:
+}: {
-{
+  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot = {
-    initrd.availableKernelModules = [
+    initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod"];
-      "xhci_pci"
+    initrd.kernelModules = [];
-      "ahci"
+    kernelModules = [];
-      "nvme"
+    extraModulePackages = [];
      "usbhid"
      "sd_mod"
    ];
    initrd.kernelModules = [ ];
    kernelModules = [ ];
    extraModulePackages = [ ];
  };
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -28,5 +21,6 @@
  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.intel.updateMicrocode =
    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/temperance/hardware/default.nix
+++ b/hosts/temperance/hardware/default.nix
@ -1 +1 @@
-_: { imports = [ ./monitors.nix ]; }
+_: {imports = [./monitors.nix];}
--- a/hosts/temperance/kernel/default.nix
+++ b/hosts/temperance/kernel/default.nix
@ -3,10 +3,8 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  xanmod_custom = callPackage ./xanmod.nix;
-in
+in {
 {
  boot.kernelPackages = xanmod_custom;
 }
--- a/hosts/temperance/kernel/unused.nix
+++ b/hosts/temperance/kernel/unused.nix
@ -1,10 +1,8 @@
-{ lib, ... }:
+{lib, ...}: let
 let
  inherit (lib.kernel) no unset;
  inherit (lib.attrsets) mapAttrs;
  inherit (lib.modules) mkForce;
-in
+in {
 {
  boot.kernelPatches = [
    {
      name = "disable-unused-features";
--- a/hosts/temperance/kernel/xanmod.nix
+++ b/hosts/temperance/kernel/xanmod.nix
@ -4,8 +4,7 @@
  buildLinux,
  kernelPatches,
  ...
-}:
+}: let
 let
  pname = "linux-xanmod";
  version = "6.11.5";
  vendorSuffix = "xanmod1";
@ -59,17 +58,17 @@ let
      };
    })
    # 1:1 taken from raf's custom kernel, check out his config for this.
-    .overrideAttrs
+    .overrideAttrs (oa: {
-      (oa: {
+      prePatch =
-        prePatch = oa.prePatch or "" + ''
+        oa.prePatch or ""
        + ''
          # bragging rights
          echo "Replacing localversion with custom suffix"
          substituteInPlace localversion \
            --replace-fail "xanmod1" "blox"
        '';
    });
-in
+in {
 {
  inherit
    xanmod_blox
    ;
--- a/hosts/temperance/programs.nix
+++ b/hosts/temperance/programs.nix
@ -1,7 +1,7 @@
-{ pkgs, ... }:
+{pkgs, ...}: {
 {
  environment.systemPackages = builtins.attrValues {
-    inherit (pkgs)
+    inherit
      (pkgs)
      alsa-utils
      anki
      asciinema
--- a/hosts/tower/configuration.nix
+++ b/hosts/tower/configuration.nix
@ -2,8 +2,7 @@
  lib,
  pkgs,
  ...
-}:
+}: {
 {
  # Time Zone
  time.timeZone = "Europe/Vienna";
  # Select internationalisation properties.
--- a/hosts/tower/filesystem/default.nix
+++ b/hosts/tower/filesystem/default.nix
@ -8,7 +8,7 @@
    "/" = {
      device = "/dev/disk/by-uuid/3a781f2e-290a-4609-9035-a93374459def";
      fsType = "ext4";
-      options = [ "noatime" ];
+      options = ["noatime"];
    };
  };
 }
--- a/hosts/tower/hardware-configuration.nix
+++ b/hosts/tower/hardware-configuration.nix
@ -2,24 +2,19 @@
  lib,
  modulesPath,
  ...
-}:
+}: {
 {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
  boot = {
-    initrd.availableKernelModules = [
+    initrd.availableKernelModules = ["xhci_pci" "virtio_scsi" "sr_mod"];
-      "xhci_pci"
+    initrd.kernelModules = [];
-      "virtio_scsi"
+    kernelModules = [];
-      "sr_mod"
+    extraModulePackages = [];
    ];
    initrd.kernelModules = [ ];
    kernelModules = [ ];
    extraModulePackages = [ ];
  };
-  swapDevices = [ ];
+  swapDevices = [];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
--- a/hosts/tower/programs.nix
+++ b/hosts/tower/programs.nix
@ -1,7 +1,7 @@
-{ pkgs, ... }:
+{pkgs, ...}: {
 {
  environment.systemPackages = builtins.attrValues {
-    inherit (pkgs)
+    inherit
      (pkgs)
      ;
  };
 }
--- a/hosts/world/configuration.nix
+++ b/hosts/world/configuration.nix
@ -2,8 +2,7 @@
  lib,
  pkgs,
  ...
-}:
+}: {
 {
  # Time Zone
  time.timeZone = "Europe/Zurich";
  # Select internationalisation properties.
--- a/hosts/world/filesystem/default.nix
+++ b/hosts/world/filesystem/default.nix
@ -1,7 +1,6 @@
 {
  config = {
-    boot.initrd.luks.devices."cryptroot".device =
+    boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/10318654-ed20-43f6-885d-35366a427581";
      "/dev/disk/by-uuid/10318654-ed20-43f6-885d-35366a427581";
    fileSystems = {
      "/boot" = {
        device = "/dev/disk/by-uuid/5D7D-FC52";
@ -11,28 +10,17 @@
      "/" = {
        device = "/dev/disk/by-uuid/e353013b-8ac7-40ed-80f2-ddbea21b8d5e";
        fsType = "btrfs";
-        options = [
+        options = ["compress=zstd" "noatime"];
          "compress=zstd"
          "noatime"
        ];
      };
      "/nix" = {
        device = "/dev/disk/by-uuid/e353013b-8ac7-40ed-80f2-ddbea21b8d5e";
        fsType = "btrfs";
-        options = [
+        options = ["subvol=nix" "compress=zstd" "noatime"];
          "subvol=nix"
          "compress=zstd"
          "noatime"
        ];
      };
      "/home" = {
        device = "/dev/disk/by-uuid/e353013b-8ac7-40ed-80f2-ddbea21b8d5e";
        fsType = "btrfs";
-        options = [
+        options = ["subvol=home" "compress=zstd" "noatime"];
          "subvol=home"
          "compress=zstd"
          "noatime"
        ];
      };
    };
    # swapDevices = [
--- a/hosts/world/hardware-configuration.nix
+++ b/hosts/world/hardware-configuration.nix
@ -3,8 +3,7 @@
  lib,
  modulesPath,
  ...
-}:
+}: {
 {
  imports = [
    # (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
    (modulesPath + "/installer/scan/not-detected.nix")
@ -12,26 +11,14 @@
  boot = {
    initrd = {
-      availableKernelModules = [
+      availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
-        "xhci_pci"
+      kernelModules = [];
        "ahci"
        "nvme"
        "usb_storage"
        "sd_mod"
        "rtsx_pci_sdmmc"
      ];
      kernelModules = [ ];
    };
-    kernelModules = [ "kvm-intel" ];
+    kernelModules = ["kvm-intel"];
-    blacklistedKernelModules = [
+    blacklistedKernelModules = ["nouveau" "nvidia" "nvidia_drm" "nvidia_modeset"];
      "nouveau"
      "nvidia"
      "nvidia_drm"
      "nvidia_modeset"
    ];
-    kernelParams = [ "mem_sleep_default=deep" ];
+    kernelParams = ["mem_sleep_default=deep"];
-    extraModulePackages = [ ];
+    extraModulePackages = [];
    extraModprobeConfig = ''
      blacklist nouveau
      options nouveau modeset=0
--- a/hosts/world/hardware/default.nix
+++ b/hosts/world/hardware/default.nix
@ -1 +1 @@
-_: { imports = [ ./monitors.nix ]; }
+_: {imports = [./monitors.nix];}
--- a/hosts/world/programs.nix
+++ b/hosts/world/programs.nix
@ -2,10 +2,10 @@
  self,
  pkgs,
  ...
-}:
+}: {
 {
  environment.systemPackages = builtins.attrValues {
-    inherit (pkgs)
+    inherit
      (pkgs)
      calc
      comma
      difftastic
--- a/modules/options/system/monitors.mod.nix
+++ b/modules/options/system/monitors.mod.nix
@ -1,18 +1,10 @@
-{ lib, ... }:
+{lib, ...}: let
 let
  inherit (lib.options) mkOption;
-  inherit (lib.types)
+  inherit (lib.types) submodule int ints number attrsOf;
-    submodule
+in {
    int
    ints
    number
    attrsOf
    ;
 in
 {
  options.modules.system.hardware.monitors = mkOption {
    description = "\n      List of monitors to use\n    ";
-    default = { };
+    default = {};
    type = attrsOf (submodule {
      options = {
        resolution = mkOption {
--- a/modules/options/system/options.mod.nix
+++ b/modules/options/system/options.mod.nix
@ -2,26 +2,18 @@
  config,
  lib,
  ...
-}:
+}: let
 let
  inherit (builtins) elemAt;
  inherit (lib.options) mkOption mkEnableOption;
-  inherit (lib.types)
+  inherit (lib.types) enum listOf str nullOr bool;
    enum
    listOf
    str
    nullOr
    bool
    ;
  inherit (lib.lists) elem;
  inherit (config.modules.system) systemType;
-in
+in {
 {
  options.modules.system = {
    users = mkOption {
      type = listOf str;
-      default = [ "cr" ];
+      default = ["cr"];
      description = "A list of  users on the system.";
    };
@ -35,11 +27,7 @@ in
    };
    systemType = mkOption {
-      type = nullOr (enum [
+      type = nullOr (enum ["desktop" "laptop" "server"]);
        "desktop"
        "laptop"
        "server"
      ]);
      default = null;
      description = ''
        The type of the current system. This is used to determine whether things like graphical
@ -49,10 +37,7 @@ in
    isGraphical = mkOption {
      type = bool;
-      default = elem systemType [
+      default = elem systemType ["desktop" "laptop"];
        "desktop"
        "laptop"
      ];
      description = ''
        Whether the current system is a graphical system.
      '';
@ -61,10 +46,7 @@ in
    yubikeySupport = {
      enable = mkEnableOption "yubikey support";
      deviceType = mkOption {
-        type = nullOr (enum [
+        type = nullOr (enum ["NFC5" "nano"]);
          "NFC5"
          "nano"
        ]);
        default = null;
        description = "A list of device models to enable Yubikey support for";
      };
@ -94,7 +76,7 @@ in
      enable = mkEnableOption "printing";
      extraDrivers = mkOption {
        type = listOf str;
-        default = [ ];
+        default = [];
        description = "A list of extra drivers to enable for printing";
      };
    };
--- a/modules/options/system/programs.mod.nix
+++ b/modules/options/system/programs.mod.nix
@ -1,9 +1,7 @@
-{ lib, ... }:
+{lib, ...}: let
 let
  inherit (lib.types) str enum;
  inherit (lib.options) mkEnableOption mkOption;
-in
+in {
 {
  options.modules.system.programs = {
    editors = {
      helix.enable = mkEnableOption "Helix text editor";
@ -29,42 +27,23 @@ in
    };
    default = {
      terminal = mkOption {
-        type = enum [
+        type = enum ["foot" "kitty"];
          "foot"
          "kitty"
        ];
        default = "foot";
      };
      fileManager = mkOption {
-        type = enum [
+        type = enum ["thunar" "dolphin" "nemo"];
          "thunar"
          "dolphin"
          "nemo"
        ];
        default = "thunar";
      };
      browser = mkOption {
-        type = enum [
+        type = enum ["firefox" "librewolf" "chromium"];
          "firefox"
          "librewolf"
          "chromium"
        ];
        default = "firefox";
      };
      editor = mkOption {
-        type = enum [
+        type = enum ["neovim" "helix" "emacs"];
          "neovim"
          "helix"
          "emacs"
        ];
        default = "emacs";
      };
      launcher = mkOption {
-        type = enum [
+        type = enum ["anyrun" "rofi" "wofi"];
          "anyrun"
          "rofi"
          "wofi"
        ];
        default = "anyrun";
      };
    };
--- a/modules/other/git.mod.nix
+++ b/modules/other/git.mod.nix
@ -1,8 +1,7 @@
-{ pkgs, ... }:
+{pkgs, ...}: let
-let
+  key =
-  key = pkgs.writeText "signingkey" "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAAWEDj/Yib6Mqs016jx7rtecWpytwfVl28eoHtPYCM9TVLq81VIHJSN37lbkc/JjiXCdIJy2Ta3A3CVV5k3Z37NbgAu23oKA2OcHQNaRTLtqWlcBf9fk9suOkP1A3NzAqzivFpBnZm3ytaXwU8LBJqxOtNqZcFVruO6fZxJtg2uE34mAw==";
+    pkgs.writeText "signingkey" "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAAWEDj/Yib6Mqs016jx7rtecWpytwfVl28eoHtPYCM9TVLq81VIHJSN37lbkc/JjiXCdIJy2Ta3A3CVV5k3Z37NbgAu23oKA2OcHQNaRTLtqWlcBf9fk9suOkP1A3NzAqzivFpBnZm3ytaXwU8LBJqxOtNqZcFVruO6fZxJtg2uE34mAw==";
-in
+in {
 {
  programs.git = {
    enable = true;
    lfs.enable = true;
--- a/modules/other/system.mod.nix
+++ b/modules/other/system.mod.nix
@ -1,9 +1,7 @@
-{ lib, ... }:
+{lib, ...}: let
 let
  inherit (lib.options) mkOption;
  inherit (lib.types) str;
-in
+in {
 {
  options.modules.other.system = {
    username = mkOption {
      description = "username for this system";
--- a/modules/other/users.mod.nix
+++ b/modules/other/users.mod.nix
@ -4,20 +4,18 @@
  pkgs,
  self,
  ...
-}:
+}: let
 let
  inherit (builtins) elemAt;
  inherit (lib.options) mkOption;
  inherit (lib.types) listOf str package;
  inherit (config.meta.mainUser) username;
-  nushell = pkgs.callPackage (self + "/packages/nushell") { };
+  nushell = pkgs.callPackage (self + "/packages/nushell") {};
-in
+in {
 {
  options.meta = {
    users = mkOption {
      type = listOf str;
-      default = [ "cr" ];
+      default = ["cr"];
      description = ''
        A list of users on a system.
      '';
--- a/modules/other/xdg.mod.nix
+++ b/modules/other/xdg.mod.nix
@ -2,8 +2,7 @@
  config,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (config.meta.mainUser) username;
  primary_browser = "Librewolf.desktop";
@ -14,10 +13,9 @@ let
  text_editor = "helix.desktop";
  terminal = "foot.desktop";
  pdf_viewer = "zathura.desktop";
-in
+in {
 {
  environment = {
-    systemPackages = [ pkgs.xdg-utils ];
+    systemPackages = [pkgs.xdg-utils];
    variables = {
      TERMINAL = "${terminal}";
      XDG_CACHE_HOME = "/home/${username}/.config";
@ -31,43 +29,43 @@ in
    mime = {
      enable = true;
      defaultApplications = {
-        "text/html" = [ primary_browser ];
+        "text/html" = [primary_browser];
-        "x-scheme-handler/http" = [ primary_browser ];
+        "x-scheme-handler/http" = [primary_browser];
-        "x-scheme-handler/https" = [ primary_browser ];
+        "x-scheme-handler/https" = [primary_browser];
-        "x-scheme-handler/about" = [ primary_browser ];
+        "x-scheme-handler/about" = [primary_browser];
-        "x-scheme-handler/unknown" = [ primary_browser ];
+        "x-scheme-handler/unknown" = [primary_browser];
-        "x-scheme-handler/mailto" = [ mail_client ];
+        "x-scheme-handler/mailto" = [mail_client];
-        "message/rfc822" = [ mail_client ];
+        "message/rfc822" = [mail_client];
-        "x-scheme-handler/mid" = [ mail_client ];
+        "x-scheme-handler/mid" = [mail_client];
-        "inode/directory" = [ file_manager ];
+        "inode/directory" = [file_manager];
-        "audio/mp3" = [ media_player ];
+        "audio/mp3" = [media_player];
-        "audio/ogg" = [ media_player ];
+        "audio/ogg" = [media_player];
-        "audio/mpeg" = [ media_player ];
+        "audio/mpeg" = [media_player];
-        "audio/aac" = [ media_player ];
+        "audio/aac" = [media_player];
-        "audio/opus" = [ media_player ];
+        "audio/opus" = [media_player];
-        "audio/wav" = [ media_player ];
+        "audio/wav" = [media_player];
-        "audio/webm" = [ media_player ];
+        "audio/webm" = [media_player];
-        "audio/3gpp" = [ media_player ];
+        "audio/3gpp" = [media_player];
-        "audio/3gpp2" = [ media_player ];
+        "audio/3gpp2" = [media_player];
-        "video/mp4" = [ media_player ];
+        "video/mp4" = [media_player];
-        "video/x-msvideo" = [ media_player ];
+        "video/x-msvideo" = [media_player];
-        "video/mpeg" = [ media_player ];
+        "video/mpeg" = [media_player];
-        "video/ogg" = [ media_player ];
+        "video/ogg" = [media_player];
-        "video/mp2t" = [ media_player ];
+        "video/mp2t" = [media_player];
-        "video/webm" = [ media_player ];
+        "video/webm" = [media_player];
-        "video/3gpp" = [ media_player ];
+        "video/3gpp" = [media_player];
-        "video/3gpp2" = [ media_player ];
+        "video/3gpp2" = [media_player];
-        "image/png" = [ image_viewer ];
+        "image/png" = [image_viewer];
-        "image/jpeg" = [ image_viewer ];
+        "image/jpeg" = [image_viewer];
-        "image/gif" = [ image_viewer ];
+        "image/gif" = [image_viewer];
-        "image/avif" = [ image_viewer ];
+        "image/avif" = [image_viewer];
-        "image/bmp" = [ image_viewer ];
+        "image/bmp" = [image_viewer];
-        "image/vnd.microsoft.icon" = [ image_viewer ];
+        "image/vnd.microsoft.icon" = [image_viewer];
-        "image/svg+xml" = [ image_viewer ];
+        "image/svg+xml" = [image_viewer];
-        "image/tiff" = [ image_viewer ];
+        "image/tiff" = [image_viewer];
-        "image/webp" = [ image_viewer ];
+        "image/webp" = [image_viewer];
-        "text/plain" = [ text_editor ];
+        "text/plain" = [text_editor];
-        "application/pdf" = [ pdf_viewer ];
+        "application/pdf" = [pdf_viewer];
      };
    };
  };
--- a/modules/packages/packages.mod.nix
+++ b/modules/packages/packages.mod.nix
@ -1,13 +0,0 @@
 {
  pkgs,
  sources,
  ...
 }:
 let
  nixfmt = pkgs.callPackage "${sources.nixfmt}/default.nix" { };
 in
 {
  environment.systemPackages = [
    nixfmt
  ];
 }
--- a/modules/programs/cli/jj.mod.nix
+++ b/modules/programs/cli/jj.mod.nix
@ -3,11 +3,10 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.meta) getExe;
-  toml = pkgs.formats.toml { };
+  toml = pkgs.formats.toml {};
  jj-config = toml.generate "config.toml" {
    user = {
      name = "Bloxx12";
@ -15,20 +14,11 @@ let
    };
    ui = {
-      pager = [
+      pager = ["${getExe pkgs.bat}" "--plain"];
        "${getExe pkgs.bat}"
        "--plain"
      ];
      default-command = "log";
      movement.edit = true;
-      diff.tool = [
+      diff.tool = ["${getExe pkgs.difftastic}" "--color" "always" "$left" "$right"];
        "${getExe pkgs.difftastic}"
        "--color"
        "always"
        "$left"
        "$right"
      ];
    };
    # FIXME: do this with agenix
    # "--scope" = [
@ -54,52 +44,26 @@ let
    signing = {
      behaviour = "own";
      backend = "ssh";
-      key = [
+      key = ["ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAAWEDj/Yib6Mqs016jx7rtecWpytwfVl28eoHtPYCM9TVLq81VIHJSN37lbkc/JjiXCdIJy2Ta3A3CVV5k3Z37NbgAu23oKA2OcHQNaRTLtqWlcBf9fk9suOkP1A3NzAqzivFpBnZm3ytaXwU8LBJqxOtNqZcFVruO6fZxJtg2uE34mAw=="];
        "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAAWEDj/Yib6Mqs016jx7rtecWpytwfVl28eoHtPYCM9TVLq81VIHJSN37lbkc/JjiXCdIJy2Ta3A3CVV5k3Z37NbgAu23oKA2OcHQNaRTLtqWlcBf9fk9suOkP1A3NzAqzivFpBnZm3ytaXwU8LBJqxOtNqZcFVruO6fZxJtg2uE34mAw=="
      ];
    };
    aliases = {
-      c = [ "commit" ];
+      c = ["commit"];
-      ci = [
+      ci = ["commit" "--interactive"];
        "commit"
        "--interactive"
      ];
-      e = [ "edit" ];
+      e = ["edit"];
      # "new bookmark"
-      nb = [
+      nb = ["bookmark" "create" "-r @-"];
        "bookmark"
        "create"
        "-r @-"
      ];
-      pull = [
+      pull = ["git" "fetch"];
-        "git"
+      push = ["git" "push" "--allow-new"];
        "fetch"
      ];
      push = [
        "git"
        "push"
        "--allow-new"
      ];
-      r = [ "rebase" ];
+      r = ["rebase"];
-      s = [ "squash" ];
+      s = ["squash"];
-      si = [
+      si = ["squash" "--interactive"];
        "squash"
        "--interactive"
      ];
-      tug = [
+      tug = ["bookmark" "move" "--from" "closest_bookmark(@-)" "--to" "@-"];
        "bookmark"
        "move"
        "--from"
        "closest_bookmark(@-)"
        "--to"
        "@-"
      ];
    };
    revset-aliases = {
      "closest_bookmark(to)" = "heads(::to & bookmarks())";
@ -125,15 +89,14 @@ let
  jj-wrapped = pkgs.symlinkJoin {
    name = "jj-wrapped";
-    paths = [ pkgs.jj ];
+    paths = [pkgs.jj];
-    nativeBuildInputs = [ pkgs.makeWrapper ];
+    nativeBuildInputs = [pkgs.makeWrapper];
    postBuild = ''
      wrapProgram $out/bin/mako --add-flags "\
      --config ${jj-config}
    '';
  };
-in
+in {
 {
  # environment.systemPackages = [jj-wrapped];
 }
--- a/modules/programs/cli/nh.mod.nix
+++ b/modules/programs/cli/nh.mod.nix
@ -4,17 +4,15 @@
  pkgs,
  sources,
  ...
-}:
+}: let
 let
  cfg = config.modules.programs.nh;
  inherit (config.modules.other.system) username;
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkEnableOption;
-  nh = (pkgs.callPackage "${sources.nh}/package.nix" { }).overrideAttrs (_: {
+  nh = (pkgs.callPackage "${sources.nh}/package.nix" {}).overrideAttrs (_: {
    doInstallCheck = false;
  });
-in
+in {
 {
  options.modules.programs.nh.enable = mkEnableOption "nh";
  config = mkIf cfg.enable {
--- a/modules/programs/gui/bitwarden.mod.nix
+++ b/modules/programs/gui/bitwarden.mod.nix
@ -3,26 +3,25 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (config.modules.system) isGraphical;
  inherit (lib.modules) mkIf;
  bitwarden-desktop-wrapped = pkgs.symlinkJoin {
    name = "bitwarden-desktop-wrapped";
-    paths = [ pkgs.bitwarden-desktop ];
+    paths = [pkgs.bitwarden-desktop];
-    nativeBuildInputs = [ pkgs.makeWrapper ];
+    nativeBuildInputs = [pkgs.makeWrapper];
    postBuild = ''
      wrapProgram $out/bin/bitwarden --set \
      BITWARDEN_SSH_AUTH_SOCK /run/user/1000/ssh-agent.sock
    '';
  };
-in
+in {
 {
  config = mkIf isGraphical {
    environment = {
      systemPackages = lib.attrValues {
-        inherit (pkgs)
+        inherit
          (pkgs)
          bitwarden-cli
          ;
        inherit bitwarden-desktop-wrapped;
--- a/modules/programs/gui/brave.mod.nix
+++ b/modules/programs/gui/brave.mod.nix
@ -2,8 +2,7 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.lists) map;
  inherit (lib.strings) concatStringsSep;
@ -21,15 +20,16 @@ let
  brave-wrapped = pkgs.symlinkJoin {
    name = "brave";
    paths = [
-      (pkgs.brave.override { vulkanSupport = true; })
+      (
        pkgs.brave.override {vulkanSupport = true;}
      )
    ];
-    nativeBuildInputs = [ pkgs.makeWrapper ];
+    nativeBuildInputs = [pkgs.makeWrapper];
    postBuild = ''
      wrapProgram $out/bin/brave --append-flags "${flags}"
    '';
  };
-in
+in {
 {
  environment.systemPackages = [
    brave-wrapped
  ];
--- a/modules/programs/gui/dolphin.mod.nix
+++ b/modules/programs/gui/dolphin.mod.nix
@ -3,17 +3,15 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf;
  inherit (config.modules.system) isGraphical;
-in
+in {
 {
  config = mkIf isGraphical {
    environment.systemPackages = with pkgs; [
      kdePackages.dolphin
-      kdePackages.kio-fuse # to mount remote filesystems via FUSE
+      kdePackages.kio-fuse #to mount remote filesystems via FUSE
-      kdePackages.kio-extras # extra protocols support (sftp, fish and more)
+      kdePackages.kio-extras #extra protocols support (sftp, fish and more)
    ];
  };
 }
--- a/modules/programs/gui/foot.mod.nix
+++ b/modules/programs/gui/foot.mod.nix
@ -3,16 +3,14 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf;
  inherit (config.meta.mainUser) username;
  cfg = config.modules.system.programs.terminals.foot;
  theme-colors = config.modules.style.colorScheme.colors;
-  foot-config = pkgs.writeText "foot.ini" (
+  foot-config = pkgs.writeText "foot.ini" (lib.generators.toINI {} {
    lib.generators.toINI { } {
    main = {
      term = "xterm-256color";
      app-id = "foot";
@ -125,19 +123,17 @@ let
      alpha = 0.9;
    };
-    }
+  });
  );
  foot-wrapped = pkgs.symlinkJoin {
    name = "foot-wrapped";
-    paths = [ pkgs.foot ];
+    paths = [pkgs.foot];
-    nativeBuildInputs = [ pkgs.makeWrapper ];
+    nativeBuildInputs = [pkgs.makeWrapper];
    postBuild = ''
      wrapProgram $out/bin/foot --add-flags "--config=${foot-config} --working-directory=/home/${username}"
    '';
  };
-in
+in {
 {
  config = mkIf cfg.enable {
-    environment.systemPackages = [ foot-wrapped ];
+    environment.systemPackages = [foot-wrapped];
  };
 }
--- a/modules/programs/gui/ghostty.mod.nix
+++ b/modules/programs/gui/ghostty.mod.nix
@ -3,8 +3,7 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.lists) elem;
  inherit (lib.meta) getExe;
  inherit (lib.attrsets) mapAttrsToList;
@ -16,16 +15,9 @@ let
  # Shell integration for ghostty only supports
  # bash, fish and zsh for now.
  shell-integration =
-    if
+    if elem name ["bash" "fish" "zsh"]
-      elem name [
+    then name
-        "bash"
+    else "none";
        "fish"
        "zsh"
      ]
    then
      name
    else
      "none";
  ghostty-settings = {
    font-size = 14;
@ -61,21 +53,17 @@ let
    command = getExe package;
  };
-  settingsFile =
+  settingsFile = pkgs.writeText "config" <| concatStringsSep "\n" <| mapAttrsToList (name: value: "${name} = ${toString value}") ghostty-settings;
    pkgs.writeText "config"
    <| concatStringsSep "\n"
    <| mapAttrsToList (name: value: "${name} = ${toString value}") ghostty-settings;
  ghostty-wrapped = pkgs.symlinkJoin {
    name = "ghostty-wrapped";
-    paths = [ pkgs.ghostty ];
+    paths = [pkgs.ghostty];
-    nativeBuildInputs = [ pkgs.makeWrapper ];
+    nativeBuildInputs = [pkgs.makeWrapper];
    postBuild = ''
      wrapProgram $out/bin/ghostty --add-flags "--config-file=${settingsFile}"
    '';
  };
-in
+in {
 {
  environment.systemPackages = builtins.attrValues {
    inherit ghostty-wrapped;
  };
--- a/modules/programs/gui/minecraft.nix
+++ b/modules/programs/gui/minecraft.nix
@ -3,20 +3,18 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.options) mkEnableOption;
  inherit (lib.modules) mkIf;
  cfg = config.modules.programs.minecraft;
-in
+in {
 {
  options.modules.programs.minecraft = {
    enable = mkEnableOption "minecraft";
    wayland = mkEnableOption "wayland";
  };
  config = mkIf cfg.enable {
-    environment.systemPackages = [ pkgs.prismlauncher ];
+    environment.systemPackages = [pkgs.prismlauncher];
  };
 }
--- a/modules/programs/gui/spotify.mod.nix
+++ b/modules/programs/gui/spotify.mod.nix
@ -1,6 +1,6 @@
-{ pkgs, ... }:
+{pkgs, ...}: {
-{
+  environment.systemPackages =
-  environment.systemPackages = [
+    [
      pkgs.spotify
    ]
    ++ (with pkgs; [
--- a/modules/programs/gui/steam.mod.nix
+++ b/modules/programs/gui/steam.mod.nix
@ -3,14 +3,12 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkEnableOption;
  cfg = config.modules.system.programs.steam;
-in
+in {
 {
  options.modules.system.programs.steam.enable = mkEnableOption "Steam games platform";
  config = mkIf cfg.enable {
    programs.steam = {
@ -21,15 +19,14 @@ in
          SDL_VIDEODRIVER = "x11";
        };
-        extraLibraries =
+        extraLibraries = p:
          p:
          builtins.attrValues {
            inherit (p) atk;
          };
      };
      gamescopeSession.enable = true;
-      extraCompatPackages = [ pkgs.proton-ge-bin.steamcompattool ];
+      extraCompatPackages = [pkgs.proton-ge-bin.steamcompattool];
    };
    # See
    # https://wiki.nixos.org/wiki/GameMode
--- a/modules/programs/gui/thunar.mod.nix
+++ b/modules/programs/gui/thunar.mod.nix
@ -3,19 +3,18 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkEnableOption;
  cfg = config.modules.programs.thunar;
-in
+in {
 {
  options.modules.programs.thunar.enable = mkEnableOption "Thunar file manager";
  config = mkIf cfg.enable {
    programs.thunar = {
      enable = true;
      plugins = builtins.attrValues {
-        inherit (pkgs.xfce)
+        inherit
          (pkgs.xfce)
          thunar-volman
          thunar-vcs-plugin
          thunar-archive-plugin
--- a/modules/programs/other/direnv.mod.nix
+++ b/modules/programs/other/direnv.mod.nix
@ -1,5 +1,4 @@
-{ pkgs, ... }:
+{pkgs, ...}: {
 {
  config = {
    programs.direnv = {
      enable = true;
--- a/modules/programs/other/nix-index.mod.nix
+++ b/modules/programs/other/nix-index.mod.nix
@ -1,5 +1,4 @@
-{ pkgs, ... }:
+{pkgs, ...}: {
 {
  programs = {
    # We have to disable this and use nix-index instead. (Rust >>> Pearl)
    command-not-found = {
--- a/modules/programs/tui/btop.mod.nix
+++ b/modules/programs/tui/btop.mod.nix
@ -3,8 +3,7 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.options) mkEnableOption;
  inherit (lib.modules) mkIf;
@ -34,16 +33,15 @@ let
  btop-wrapped = pkgs.symlinkJoin {
    name = "btop-wrapped";
-    paths = [ btop-no-desktop-entry ];
+    paths = [btop-no-desktop-entry];
-    nativeBuildInputs = [ pkgs.makeWrapper ];
+    nativeBuildInputs = [pkgs.makeWrapper];
    postBuild = ''
      wrapProgram $out/bin/btop --set XDG_CONFIG_HOME "${btop-settings}"
    '';
  };
-in
+in {
 {
  options.modules.programs.btop.enable = mkEnableOption "btop";
  config = mkIf cfg.enable {
-    environment.systemPackages = [ btop-wrapped ];
+    environment.systemPackages = [btop-wrapped];
  };
 }
--- a/modules/programs/tui/zellij/zellij.mod.nix
+++ b/modules/programs/tui/zellij/zellij.mod.nix
@ -1,16 +1,14 @@
-{ pkgs, ... }:
+{pkgs, ...}: let
 let
  zellij-wrapped = pkgs.symlinkJoin {
    name = "zellij-wrapped";
-    paths = [ pkgs.zellij ];
+    paths = [pkgs.zellij];
-    nativeBuildInputs = [ pkgs.makeWrapper ];
+    nativeBuildInputs = [pkgs.makeWrapper];
    postBuild = ''
      wrapProgram $out/bin/zellij --add-flags "\
      --config ${./config.kdl}"
    '';
  };
-in
+in {
 {
  environment.systemPackages = builtins.attrValues {
    inherit zellij-wrapped;
  };
--- a/modules/services/acme.mod.nix
+++ b/modules/services/acme.mod.nix
@ -3,8 +3,7 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  mkAcmeCert = domain: {
    # An acme system user is created. This user belongs to the acme group
    # and the home directory is /var/lib/acme. This user will try to make the directory
@ -16,8 +15,7 @@ let
    email = "charlie@charlieroot.dev";
    group = "nginx";
  };
-in
+in {
 {
  security.acme = {
    acceptTerms = true;
    defaults = {
--- a/modules/services/forgejo/forgejo.mod.nix
+++ b/modules/services/forgejo/forgejo.mod.nix
@ -3,8 +3,7 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (pkgs) fetchurl;
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkEnableOption;
@ -17,8 +16,7 @@ let
  img = ./img;
  dataDir = "/srv/data/forgejo";
  dumpDir = "/srv/data/forgejo-dump";
-in
+in {
 {
  options.modules.system.services.forgejo.enable = mkEnableOption "forgejo";
  config = mkIf cfg.enable {
@ -52,7 +50,7 @@ in
      group = "git";
      isSystemUser = true;
    };
-    users.groups.git = { };
+    users.groups.git = {};
    services.forgejo = {
      enable = true;
@ -115,8 +113,7 @@ in
      };
    };
-    systemd.tmpfiles.rules =
+    systemd.tmpfiles.rules = let
      let
      # no crawlers, thank you.
      robots = pkgs.writeText "robots-txt" ''
        User-agent: *
@ -134,8 +131,7 @@ in
        url = "https://codeberg.org/Codeberg-Infrastructure/forgejo/raw/branch/codeberg-10/web_src/css/themes/theme-codeberg-dark.css";
        hash = "sha256-KyXznH49koRGlzIDDqagN4PvFGD/zCX//wrctmtfgBs=";
      };
-      in
+    in [
      [
      "d '${customDir}/public' 0750 ${user} ${group} - -"
      "d '${customDir}/public/assets' 0750 ${user} ${group} - -"
      "d '${customDir}/public/assets/img' 0750 ${user} ${group} - -"
--- a/modules/services/forgejo/templates/home.tmpl
+++ b/modules/services/forgejo/templates/home.tmpl
@ -7,10 +7,49 @@
 				<h1 class="ui icon header title">
 					{{AppDisplayName}}
 				</h1>
-				<h2>{{ctx.Locale.Tr "startpage.app_desc"}}</h2>
+				<h2>A very painful Git service</h2>
 			</div>
 		</div>
 	</div>
-	{{template "home_forgejo" .}}
+	<div class="ui stackable middle very relaxed page grid">
 		<div class="eight wide center column">
 			<h1 class="hero ui icon header stackable">
 				<img class="logo" width="100" height="100" src="{{AssetUrlPrefix}}/img/logo.svg" alt="{{ctx.Locale.Tr "logo"}}">
 				<p>Made with copious amounts of caffeeine</p>
 			</h1>
 			<p class="large">
 				<b>TODO</b>: Write some funny text here
 			</p>
 		</div>
 		<div class="eight wide center column stackable">
 			<h1 class="hero ui icon header">
 				<img class="logo" width="100" height="100" src="{{AssetUrlPrefix}}/img/logo.svg" alt="{{ctx.Locale.Tr "logo"}}">
 				<p><it>I hate it here</it></p>
 			</h1>
 			<p class="large">
 				Bottom text
 			</p>
 		</div>
 	</div>
 	<div class="ui stackable middle very relaxed page grid">
 		<div class="eight wide center column">
 			<h1 class="hero ui icon header stackable">
 				<img class="logo" width="100" height="100" src="{{AssetUrlPrefix}}/img/logo.svg" alt="{{ctx.Locale.Tr "logo"}}">
 				<p>Is this the real life?</p>
 			</h1>
 			<p class="large">
 				Something something fuck poettering
 			</p>
 		</div>
 		<div class="eight wide center column stackable">
 			<h1 class="hero ui icon header">
 				<img class="logo" width="100" height="100" src="{{AssetUrlPrefix}}/img/logo.svg" alt="{{ctx.Locale.Tr "logo"}}">
 				<p>Open source or something</p>
 			</h1>
 			<p class="large">
 				I forgor
 			</p>
 		</div>
 	</div>
 </div>
 {{template "base/footer" .}}
--- a/modules/services/forgejo/templates/home_forgejo.tmpl
+++ b/modules/services/forgejo/templates/home_forgejo.tmpl
@ -1,36 +0,0 @@
 	<div class="ui stackable middle very relaxed page grid">
 		<div class="eight wide center column">
 			<h1 class="hero ui icon header">
 				{{svg "octicon-flame"}} {{ctx.Locale.Tr "startpage.install"}}
 			</h1>
 			<p class="large">
 				{{ctx.Locale.Tr "startpage.install_desc" "https://forgejo.org/download/#installation-from-binary" "https://forgejo.org/download/#container-image" "https://forgejo.org/download"}}
 			</p>
 		</div>
 		<div class="eight wide center column">
 			<h1 class="hero ui icon header">
 				{{svg "octicon-device-desktop"}} {{ctx.Locale.Tr "startpage.platform"}}
 			</h1>
 			<p class="large">
 				{{ctx.Locale.Tr "startpage.platform_desc"}}
 			</p>
 		</div>
 	</div>
 	<div class="ui stackable middle very relaxed page grid">
 		<div class="eight wide center column">
 			<h1 class="hero ui icon header">
 				{{svg "octicon-rocket"}} {{ctx.Locale.Tr "startpage.lightweight"}}
 			</h1>
 			<p class="large">
 				{{ctx.Locale.Tr "startpage.lightweight_desc"}}
 			</p>
 		</div>
 		<div class="eight wide center column">
 			<h1 class="hero ui icon header">
 				{{svg "octicon-code"}} {{ctx.Locale.Tr "startpage.license"}}
 			</h1>
 			<p class="large">
 				{{ctx.Locale.Tr "startpage.license_desc" "https://forgejo.org/download" "https://codeberg.org/forgejo/forgejo"}}
 			</p>
 		</div>
 	</div>
--- a/modules/services/grafana/grafana.mod.nix
+++ b/modules/services/grafana/grafana.mod.nix
@ -3,8 +3,7 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (builtins) fetchurl;
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkEnableOption;
@ -12,12 +11,11 @@ let
  cfg = config.modules.system.services.grafana;
  domain = "info.copeberg.org";
  port = 4021;
-in
+in {
 {
  options.modules.system.services.grafana.enable = mkEnableOption "Grafana, a graphing service";
  config = mkIf cfg.enable {
-    networking.firewall.allowedTCPPorts = [ config.services.grafana.settings.server.http_port ];
+    networking.firewall.allowedTCPPorts = [config.services.grafana.settings.server.http_port];
    modules.system.services.database.postgresql.enable = true;
--- a/modules/services/greetd.mod.nix
+++ b/modules/services/greetd.mod.nix
@ -3,8 +3,7 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.meta) getExe getExe';
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkOption mkEnableOption;
@ -13,8 +12,7 @@ let
  inherit (config.meta.mainUser) username;
  cfg = config.modules.services.greetd;
  uwsmEnabled = config.modules.services.uwsm.enable;
-in
+in {
 {
  options.modules.services.greetd = {
    enable = mkEnableOption "greetd";
    greeter = mkOption {
@ -29,13 +27,14 @@ in
      description = "Which login session to start";
      type = str;
      default =
-        if uwsmEnabled then "${getExe config.programs.uwsm.package} start Hyprland" else "Hyprland";
+        if uwsmEnabled
        then "${getExe config.programs.uwsm.package} start Hyprland"
        else "Hyprland";
    };
  };
  config = mkIf cfg.enable {
-    services.greetd =
+    services.greetd = let
      let
      session = {
        # command = ''
        # ${pkgs.greetd.tuigreet}/bin/tuigreet \
@ -47,8 +46,7 @@ in
        command = "${getExe config.programs.uwsm.package} start hyprland-uwsm.desktop";
        user = username;
      };
-      in
+    in {
      {
      enable = true;
      package = pkgs.greetd;
      vt = 7;
--- a/modules/services/kanata/kanata.mod.nix
+++ b/modules/services/kanata/kanata.mod.nix
@ -2,14 +2,12 @@
  config,
  lib,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkEnableOption;
  cfg = config.modules.services.kanata;
-in
+in {
 {
  options.modules.services.kanata.enable = mkEnableOption "kanata";
  config = mkIf cfg.enable {
    services.kanata = {
--- a/modules/services/locate.mod.nix
+++ b/modules/services/locate.mod.nix
@ -3,16 +3,14 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  cfg = config.modules.services.locate;
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkEnableOption;
-in
+in {
 {
  options.modules.services.locate.enable = mkEnableOption "Locate service";
  config = mkIf cfg.enable {
-    environment.systemPackages = [ pkgs.plocate ];
+    environment.systemPackages = [pkgs.plocate];
    services.locate = {
      enable = true;
      interval = "hourly";
--- a/modules/services/mako.mod.nix
+++ b/modules/services/mako.mod.nix
@ -1,9 +1,8 @@
-{ pkgs, ... }:
+{pkgs, ...}: let
 let
  mako-wrapped = pkgs.symlinkJoin {
    name = "mako-wrapped";
-    paths = [ pkgs.mako ];
+    paths = [pkgs.mako];
-    nativeBuildInputs = [ pkgs.makeWrapper ];
+    nativeBuildInputs = [pkgs.makeWrapper];
    postBuild = ''
      wrapProgram $out/bin/mako --add-flags "\
      --font 'Lexend 11' \
@ -13,7 +12,6 @@ let
      --default-timeout 4000"
    '';
  };
-in
+in {
-{
+  environment.systemPackages = [mako-wrapped];
  environment.systemPackages = [ mako-wrapped ];
 }
--- a/modules/services/monitoring/loki/loki.mod.nix
+++ b/modules/services/monitoring/loki/loki.mod.nix
@ -3,16 +3,14 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkEnableOption;
  cfg = config.modules.system.services.loki;
  port = 4026;
  dataDir = "/srv/data/loki";
-in
+in {
 {
  options.modules.system.services.loki.enable = mkEnableOption "Grafana, a graphing service";
  config = mkIf cfg.enable {
--- a/modules/services/mpd.mod.nix
+++ b/modules/services/mpd.mod.nix
@ -3,15 +3,13 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  cfg = config.modules.services.media.mpd;
  inherit (config.meta.mainUser) username;
  inherit (lib.modules) mkIf;
  inherit (lib.types) str;
  inherit (lib.options) mkOption mkEnableOption;
-in
+in {
 {
  options.modules.services = {
    media = {
      mpd = {
@ -26,7 +24,7 @@ in
  };
  config = mkIf cfg.enable {
    # command line interface to mpd
-    environment.systemPackages = [ pkgs.mpc ];
+    environment.systemPackages = [pkgs.mpc];
    systemd.services.mpd.environment = {
      # https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/609
--- a/modules/services/nginx.mod.nix
+++ b/modules/services/nginx.mod.nix
@ -3,13 +3,11 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf mkDefault;
  inherit (lib.options) mkEnableOption;
  cfg = config.modules.system.services.nginx;
-in
+in {
 {
  options.modules.system.services.nginx.enable = mkEnableOption "nginx";
  config = mkIf cfg.enable {
    security = {
--- a/modules/services/owncloud.mod.nix
+++ b/modules/services/owncloud.mod.nix
@ -3,14 +3,12 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.meta) getExe';
  inherit (lib.modules) mkIf;
  cfg = config.modules.system.services.owncloud;
-in
+in {
 {
  options.modules.system.services.owncloud.enable = lib.mkEnableOption "owncloud";
  config = {
@ -18,11 +16,11 @@ in
      description = "Owncloud client service";
      # makes the graphical session start this service when it starts
-      wantedBy = [ "graphical-session.target" ];
+      wantedBy = ["graphical-session.target"];
      # when graphical session restarts or gets stopped, this also gets restarted/stopped.
-      partOf = [ "graphical-session.target" ];
+      partOf = ["graphical-session.target"];
      # gets started only after graphical session
-      after = [ "graphical-session.target" ];
+      after = ["graphical-session.target"];
      serviceConfig = {
        ExecStart = "${getExe' pkgs.owncloud-client "owncloud"}";
--- a/modules/services/pipewire.mod.nix
+++ b/modules/services/pipewire.mod.nix
@ -2,12 +2,10 @@
  config,
  lib,
  ...
-}:
+}: let
 let
  cfg = config.modules.system.sound;
  inherit (lib.modules) mkIf;
-in
+in {
 {
  config = mkIf cfg.enable {
    services.pulseaudio.enable = false;
    services.pipewire = {
--- a/modules/services/postgresql.mod.nix
+++ b/modules/services/postgresql.mod.nix
@ -3,14 +3,12 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkEnableOption;
  cfg = config.modules.system.services.database.postgresql;
-in
+in {
 {
  options.modules.system.services.database.postgresql.enable = mkEnableOption "postgresql";
  config = mkIf cfg.enable {
--- a/modules/services/printing.mod.nix
+++ b/modules/services/printing.mod.nix
@ -2,11 +2,9 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.options) mkEnableOption;
-in
+in {
 {
  options.modules.services.cups.enable = mkEnableOption "CUPS, the Common UNIX printing system";
  config = {
--- a/modules/services/prometheus/prometheus.mod.nix
+++ b/modules/services/prometheus/prometheus.mod.nix
@ -3,15 +3,13 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkEnableOption;
  cfg = config.modules.system.services.prometheus;
  port = 4022;
-in
+in {
 {
  options.modules.system.services.prometheus.enable = mkEnableOption "Grafana, a graphing service";
  config = mkIf cfg.enable {
@ -24,10 +22,7 @@ in
        node = {
          enable = true;
          port = 4023;
-          enabledCollectors = [
+          enabledCollectors = ["systemd" "processes"];
            "systemd"
            "processes"
          ];
        };
        postgres = {
@ -44,28 +39,22 @@ in
        {
          job_name = "prometheus";
          scrape_interval = "30s";
-          static_configs = [ { targets = [ "localhost:${toString port}" ]; } ];
+          static_configs = [{targets = ["localhost:${toString port}"];}];
        }
        {
          job_name = "node";
          scrape_interval = "30s";
-          static_configs = [
+          static_configs = [{targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"];}];
            { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }
          ];
        }
        {
          job_name = "postgres";
          scrape_interval = "30s";
-          static_configs = [
+          static_configs = [{targets = ["localhost:${toString config.services.prometheus.exporters.postgres.port}"];}];
            { targets = [ "localhost:${toString config.services.prometheus.exporters.postgres.port}" ]; }
          ];
        }
        {
          job_name = "nginx";
          scrape_interval = "30s";
-          static_configs = [
+          static_configs = [{targets = ["localhost:${toString config.services.prometheus.exporters.nginx.port}"];}];
            { targets = [ "localhost:${toString config.services.prometheus.exporters.nginx.port}" ]; }
          ];
        }
      ];
    };
--- a/modules/services/spotifyd.mod.nix
+++ b/modules/services/spotifyd.mod.nix
@ -2,17 +2,15 @@
  config,
  lib,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf;
  inherit (config.modules.system) isGraphical;
-in
+in {
 {
  # TODO: setup
  services.spotifyd = mkIf isGraphical {
    enable = true;
    settings = {
-      # backend = "pipe";
+      backend = "pipe";
    };
  };
 }
--- a/modules/services/ssh.mod.nix
+++ b/modules/services/ssh.mod.nix
@ -1,13 +1,11 @@
-{ lib, ... }:
+{lib, ...}: let
 let
  inherit (lib.options) mkEnableOption;
-in
+in {
 {
  options.modules.programs.ssh.enable = mkEnableOption "ssh";
  config = {
    services.openssh = {
      enable = true;
-      ports = [ 22 ];
+      ports = [22];
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "no";
--- a/modules/services/stalwart.mod.nix
+++ b/modules/services/stalwart.mod.nix
@ -3,16 +3,14 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkEnableOption;
  domain = "charlieroot.dev";
  cfg = config.modules.system.services.stalwart;
-in
+in {
 {
  options.modules.system.services.stalwart.enable = mkEnableOption "stalwart";
  config = mkIf cfg.enable {
    # create the stallwart user
@ -22,7 +20,7 @@ in
      group = "stalwart";
      isSystemUser = true;
    };
-    users.groups.stalwart = { };
+    users.groups.stalwart = {};
    services.stalwart-mail = {
      enable = true;
@ -57,7 +55,7 @@ in
            # This is the standard port for SMTP, and is used by mail servers to send email to each other.
            smtp = {
              protocol = "smtp";
-              bind = [ "[::]:25" ];
+              bind = ["[::]:25"];
              tls.implicit = true;
            };
            # SMTP submissions with implicit TLS are received on port 465 by default.
@ -65,17 +63,17 @@ in
            # and is used by mail clients to send email to mail servers.
            submissions = {
-              bind = [ "[::]:465" ];
+              bind = ["[::]:465"];
              protocol = "smtp";
              tls.implicit = true;
            };
            imaps = {
-              bind = [ "[::]:993" ];
+              bind = ["[::]:993"];
              protocol = "imap";
              tls.implicit = true;
            };
            management = {
-              bind = [ "127.0.0.1:8080" ];
+              bind = ["127.0.0.1:8080"];
              protocol = "http";
              tls.implicit = true;
            };
--- a/modules/services/usbguard.mod.nix
+++ b/modules/services/usbguard.mod.nix
@ -3,23 +3,18 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (config.meta.mainUser) username;
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkEnableOption;
  cfg = config.modules.services.usbguard;
-in
+in {
 {
  options.modules.services.usbguard.enable = mkEnableOption "usbguard";
  config = mkIf cfg.enable {
-    environment.systemPackages = [ pkgs.usbguard ];
+    environment.systemPackages = [pkgs.usbguard];
    services.usbguard = {
      enable = true;
-      IPCAllowedUsers = [
+      IPCAllowedUsers = ["root" "${username}"];
        "root"
        "${username}"
      ];
      presentDevicePolicy = "allow";
      rules = ''
        allow with-interface equals { 08:*:* }
--- a/modules/services/uwsm.mod.nix
+++ b/modules/services/uwsm.mod.nix
@ -3,13 +3,11 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  cfg = config.modules.services.uwsm;
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkEnableOption;
-in
+in {
 {
  options.modules.services.uwsm.enable = mkEnableOption "uwsm";
  config = mkIf cfg.enable {
    programs.uwsm = {
--- a/modules/services/wayneko.mod.nix
+++ b/modules/services/wayneko.mod.nix
@ -2,8 +2,7 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.meta) getExe;
  custom-wayneko = pkgs.wayneko.overrideAttrs {
@ -17,17 +16,16 @@ let
    hash = "";
  };
-in
+in {
 {
  systemd.user.services.wayneko = {
    description = "Wayneko, as a systemd service";
    # makes the graphical session start this service when it starts
-    wantedBy = [ "graphical-session.target" ];
+    wantedBy = ["graphical-session.target"];
    # when graphical session restarts or gets stopped, this also gets restarted/stopped.
-    partOf = [ "graphical-session.target" ];
+    partOf = ["graphical-session.target"];
    # gets started only after graphical session
-    after = [ "graphical-session.target" ];
+    after = ["graphical-session.target"];
    serviceConfig = {
      ExecStart = ''
@ -41,7 +39,7 @@ in
      RestartSec = 1;
      TimeoutStopSec = 10;
-      CapabilityBoundingSet = [ "" ];
+      CapabilityBoundingSet = [""];
      DevicePolicy = "closed";
      LockPersonality = true;
      MemoryDenyWriteExecute = true;
@ -67,7 +65,7 @@ in
      RestrictRealTime = true;
      RestrictSUIDSGID = true;
-      SystemCallArchitectures = [ "native" ];
+      SystemCallArchitectures = ["native"];
      SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap @privileged";
    };
--- a/modules/style/colors.mod.nix
+++ b/modules/style/colors.mod.nix
@ -9,24 +9,10 @@
  config,
  lib,
  ...
-}:
+}: let
 let
  inherit (lib.options) mkOption literalExpression;
-  inherit (lib.strings)
+  inherit (lib.strings) toLower replaceStrings removePrefix hasPrefix isString;
-    toLower
+  inherit (lib.types) str nullOr enum mkOptionType attrsOf coercedTo;
    replaceStrings
    removePrefix
    hasPrefix
    isString
    ;
  inherit (lib.types)
    str
    nullOr
    enum
    mkOptionType
    attrsOf
    coercedTo
    ;
  cfg = config.modules.style;
@ -38,24 +24,16 @@ let
  };
  colorType = attrsOf (coercedTo str (removePrefix "#") hexColorType);
-  nameToSlug = name: toLower (replaceStrings [ " " ] [ "-" ] name);
+  nameToSlug = name: toLower (replaceStrings [" "] ["-"] name);
-  getPaletteFromScheme =
+  getPaletteFromScheme = slug:
-    slug:
+    if builtins.pathExists ./palettes/${slug}.nix
-    if builtins.pathExists ./palettes/${slug}.nix then
+    then (import ./palettes/${slug}.nix).colorscheme.palette
-      (import ./palettes/${slug}.nix).colorscheme.palette
+    else throw "The following colorscheme was imported but not found: ${slug}";
-    else
+in {
      throw "The following colorscheme was imported but not found: ${slug}";
 in
 {
  options.modules.style = {
    colorScheme = {
      name = mkOption {
-        type = nullOr (enum [
+        type = nullOr (enum ["Catppuccin Mocha" "Zenburn" "Black Metal Venom" "Gruvbox"]);
          "Catppuccin Mocha"
          "Zenburn"
          "Black Metal Venom"
          "Gruvbox"
        ]);
        description = "The colorscheme that should be used globally to theme your system.";
        default = "Catppuccin Mocha";
      };
@ -105,11 +83,11 @@ in
      };
      variant = mkOption {
-        type = enum [
+        type = enum ["dark" "light"];
-          "dark"
+        default =
-          "light"
+          if builtins.substring 0 1 cfg.colorScheme.colors.base00 < "5"
-        ];
+          then "dark"
-        default = if builtins.substring 0 1 cfg.colorScheme.colors.base00 < "5" then "dark" else "light";
+          else "light";
        description = ''
          Whether the scheme is dark or light
        '';
--- a/modules/style/fonts.mod.nix
+++ b/modules/style/fonts.mod.nix
@ -1,5 +1,4 @@
-{ pkgs, ... }:
+{pkgs, ...}: let
 let
  inherit (builtins) mapAttrs;
  fancy-iosevka = pkgs.iosevka.override {
@ -41,8 +40,7 @@ let
    };
    set = "Fancy";
  };
-in
+in {
 {
  # A (somewhat) sane list of fonts to be installed.
  fonts = {
    fontconfig = {
@ -60,8 +58,7 @@ in
      # Set the defalt fonts. This was taken from raf,
      # many thanks.
-      defaultFonts =
+      defaultFonts = let
        let
        common = [
          "Iosevka Nerd Font"
          "Roboto Mono Nerd Font"
@ -72,14 +69,15 @@ in
        ];
      in
        mapAttrs (_: fonts: fonts ++ common) {
-          serif = [ "Noto Serif" ];
+          serif = ["Noto Serif"];
-          sansSerif = [ "Lexend" ];
+          sansSerif = ["Lexend"];
-          emoji = [ "Noto Color Emoji" ];
+          emoji = ["Noto Color Emoji"];
-          monospace = [ "Iosevka Nerd Font" ];
+          monospace = ["Iosevka Nerd Font"];
        };
    };
    packages = builtins.attrValues {
-      inherit (pkgs)
+      inherit
        (pkgs)
        material-icons
        material-design-icons
        lexend
@ -90,7 +88,8 @@ in
        corefonts
        font-awesome
        ;
-      inherit (pkgs.nerd-fonts)
+      inherit
        (pkgs.nerd-fonts)
        iosevka
        jetbrains-mono
        comic-shanns-mono
--- a/modules/style/gtk-colors.nix
+++ b/modules/style/gtk-colors.nix
@ -1,7 +1,6 @@
 # blatantly stolen from sioodmy, thanks :3
-{ colors }:
+{colors}:
-with colors;
+with colors; ''
 ''
  @define-color accent_color #${base0D};
  @define-color accent_bg_color #${base0D};
  @define-color accent_fg_color #${base00};
--- a/modules/style/gtk.mod.nix
+++ b/modules/style/gtk.mod.nix
@ -3,8 +3,7 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (builtins) toString isBool;
  inherit (lib.generators) toINI;
  inherit (lib.modules) mkIf;
@ -16,12 +15,12 @@ let
  cfg = config.modules.theming.gtk;
  toGtk3Ini = toINI {
-    mkKeyValue =
+    mkKeyValue = key: value: let
-      key: value:
+      value' =
-      let
+        if isBool value
-        value' = if isBool value then boolToString value else toString value;
+        then boolToString value
-      in
+        else toString value;
-      "${escape [ "=" ] key}=${value'}";
+    in "${escape ["="] key}=${value'}";
  };
  gtkIni = {
@ -35,8 +34,7 @@ let
    gtk-cursor-theme-name = "BreezeX-RosePine-Linux";
    gtk-theme-name = "Gruvbox-Dark";
  };
-in
+in {
 {
  options.modules.theming.gtk = {
    enable = mkEnableOption "Wether to enable GTK theming";
    theme = {
@ -65,15 +63,15 @@ in
      };
    };
  };
-  config =
+  config = let
    let
    cursorSize = 32;
  in
    mkIf cfg.enable {
      programs.dconf.enable = true;
      environment = {
        systemPackages = builtins.attrValues {
-          inherit (pkgs)
+          inherit
            (pkgs)
            rose-pine-cursor
            gruvbox-gtk-theme
            papirus-icon-theme
@ -85,11 +83,9 @@ in
          XCURSOR_THEME = "BreezeX-RosePine-Linux";
          XCURSOR_SIZE = cursorSize;
        };
-        etc =
+        etc = let
-          let
+          css = import ./gtk-colors.nix {inherit (config.modules.style.colorScheme) colors;};
-            css = import ./gtk-colors.nix { inherit (config.modules.style.colorScheme) colors; };
+        in {
          in
          {
          "xdg/gtk-4.0/settings.ini".text = toGtk3Ini {
            Settings = gtkIni;
          };
--- a/modules/style/qt.mod.nix
+++ b/modules/style/qt.mod.nix
@ -3,15 +3,13 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkEnableOption mkOption;
  inherit (lib.types) str package;
  cfg = config.modules.theming.qt;
-in
+in {
 {
  options.modules.theming.qt = {
    enable = mkEnableOption "qt theming";
    name = mkOption {
--- a/modules/style/quickshell/quickshell.mod.nix
+++ b/modules/style/quickshell/quickshell.mod.nix
@ -4,19 +4,17 @@
  pkgs,
  sources,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkEnableOption;
  cfg = config.modules.theming.quickshell;
-in
+in {
 {
  options.modules.theming.quickshell.enable = mkEnableOption "quickshell";
  config = mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
-      (pkgs.callPackage (sources.quickshell + "/default.nix") { })
+      (pkgs.callPackage (sources.quickshell + "/default.nix") {})
      qt6.qtimageformats
      qt6.qt5compat
      qt6.qtmultimedia
--- a/modules/style/quickshell/shell/.qmlls.ini
+++ b/modules/style/quickshell/shell/.qmlls.ini
@ -1 +1 @@
-/run/user/1000/quickshell/vfs/4f7a8066a49ba487f5b2754750896151/.qmlls.ini
+/run/user/1000/quickshell/vfs/97b86fe3cbb42714790f5e96b44b706b/.qmlls.ini
--- a/modules/system/boot/boot.mod.nix
+++ b/modules/system/boot/boot.mod.nix
@ -3,15 +3,13 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkForce mkDefault;
  inherit (lib.options) mkOption mkEnableOption;
  inherit (lib.types) int;
  cfg = config.modules.system.boot;
-in
+in {
 {
  options.modules.system.boot = {
    grub.enable = mkEnableOption "Grub, a bloated boot loader";
    systemd-boot.enable = mkEnableOption "Poetteringboot";
@ -31,8 +29,7 @@ in
        message = "No bootloader is enabled.";
      }
      {
-        assertion =
+        assertion = cfg.systemd-boot.enable -> !cfg.grub.enable && cfg.grub.enable -> !cfg.systemd-boot.enable;
          cfg.systemd-boot.enable -> !cfg.grub.enable && cfg.grub.enable -> !cfg.systemd-boot.enable;
        message = "Please enable only ONE of systemd-boot or grub.";
      }
    ];
@ -76,7 +73,8 @@ in
      plymouth = {
        enable = true;
        themePackages = [
-          (pkgs.adi1090x-plymouth-themes.override {
+          (pkgs.adi1090x-plymouth-themes.override
            {
              selected_themes = [
                "hud_3"
              ];
--- a/modules/system/boot/lanzaboote.mod.nix
+++ b/modules/system/boot/lanzaboote.mod.nix
@ -4,14 +4,12 @@
  pkgs,
  sources,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkEnableOption;
  cfg = config.modules.system.boot.lanzaboote;
-in
+in {
 {
  options.modules.system.boot.lanzaboote.enable = mkEnableOption "Lanzaboote";
  imports = [
    (sources.lanzaboote + "/nix/modules/lanzaboote.nix")
@ -31,6 +29,6 @@ in
      loader.systemd-boot.enable = lib.mkForce false;
    };
-    environment.systemPackages = [ pkgs.sbctl ];
+    environment.systemPackages = [pkgs.sbctl];
  };
 }
--- a/modules/system/hardware/bluetooth.mod.nix
+++ b/modules/system/hardware/bluetooth.mod.nix
@ -3,20 +3,19 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf;
  cfg = config.modules.system.hardware.bluetooth;
-in
+in {
 {
  config = mkIf cfg.enable {
    hardware.bluetooth = {
      enable = true;
      inherit (cfg) powerOnBoot;
    };
    environment.systemPackages = builtins.attrValues {
-      inherit (pkgs)
+      inherit
        (pkgs)
        bluetuith
        bluez
        blueman
--- a/modules/system/hardware/graphics.mod.nix
+++ b/modules/system/hardware/graphics.mod.nix
@ -2,14 +2,12 @@
  config,
  lib,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkEnableOption;
  cfg = config.modules.system.hardware;
-in
+in {
 {
  options.modules.system.hardware = {
    nvidia = {
      enable = mkEnableOption "Nvidia graphics drivers";
@ -34,6 +32,6 @@ in
        package = config.boot.kernelPackages.nvidiaPackages.beta;
      };
    };
-    services.xserver.videoDrivers = mkIf cfg.nvidia.enable [ "nvidia" ];
+    services.xserver.videoDrivers = mkIf cfg.nvidia.enable ["nvidia"];
  };
 }
--- a/modules/system/hardware/intel.mod.nix
+++ b/modules/system/hardware/intel.mod.nix
@ -3,20 +3,19 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkDefault mkIf;
  inherit (lib.options) mkEnableOption;
  cfg = config.modules.system.hardware.intel;
-in
+in {
 {
  options.modules.system.hardware.intel.enable = mkEnableOption "Intel Hardware";
  config = mkIf cfg.enable {
    hardware = {
      cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;
      graphics.extraPackages = builtins.attrValues {
-        inherit (pkgs)
+        inherit
          (pkgs)
          intel-vaapi-driver
          intel-media-driver
          ;
--- a/modules/system/hardware/pipewire.mod.nix
+++ b/modules/system/hardware/pipewire.mod.nix
@ -2,13 +2,11 @@
  config,
  lib,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf;
  cfg = config.modules.system.sound;
-in
+in {
 {
  config = mkIf cfg.enable {
    services.pipewire = {
      enable = true;
--- a/modules/system/hardware/power.mod.nix
+++ b/modules/system/hardware/power.mod.nix
@ -4,24 +4,23 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkDefault;
-in
+in {
 {
  imports = [
    # (sources.watt + "/nix/module.nix")
  ];
  config = {
    environment.systemPackages = builtins.attrValues {
-      inherit (pkgs)
+      inherit
        (pkgs)
        acpi
        powertop
        ;
    };
    boot = {
-      kernelModules = [ "acpi_call" ];
+      kernelModules = ["acpi_call"];
      extraModulePackages = with config.boot.kernelPackages; [
        acpi_call
        cpupower
--- a/modules/system/nix/determinate.mod.nix
+++ b/modules/system/nix/determinate.mod.nix
@ -4,12 +4,9 @@
  pkgs,
  sources,
  ...
-}:
+}: let
-let
+  determinate = (import sources.flake-compat {src = sources.determinate;}).outputs;
-  determinate = (import sources.flake-compat { src = sources.determinate; }).outputs;
+  dix = (import sources.flake-compat {src = determinate.inputs.nix;}).outputs.packages.${pkgs.stdenv.system}.nix;
  dix =
    (import sources.flake-compat { src = determinate.inputs.nix; })
    .outputs.packages.${pkgs.stdenv.system}.nix;
  # Stronger than mkDefault (1000), weaker than mkForce (50) and the "default override priority"
  # (100).
@ -17,8 +14,7 @@ let
  # Stronger than the "default override priority", as the upstream module uses that, and weaker than mkForce (50).
  mkMorePreferable = lib.mkOverride 75;
-in
+in {
 {
  config = {
    nix = {
      package = dix;
@ -34,9 +30,7 @@ in
      services.nix-daemon.serviceConfig = {
        ExecStart = [
          ""
-          "@${
+          "@${determinate.packages.${pkgs.stdenv.system}.default}/bin/determinate-nixd determinate-nixd --nix-bin ${config.nix.package}/bin daemon"
            determinate.packages.${pkgs.stdenv.system}.default
          }/bin/determinate-nixd determinate-nixd --nix-bin ${config.nix.package}/bin daemon"
        ];
        KillMode = mkPreferable "process";
        LimitNOFILE = mkMorePreferable 1048576;
@ -47,14 +41,11 @@ in
        nix-daemon.socketConfig.FileDescriptorName = "nix-daemon.socket";
        determinate-nixd = {
          description = "Determinate Nixd Daemon Socket";
-          wantedBy = [ "sockets.target" ];
+          wantedBy = ["sockets.target"];
-          before = [ "multi-user.target" ];
+          before = ["multi-user.target"];
          unitConfig = {
-            RequiresMountsFor = [
+            RequiresMountsFor = ["/nix/store" "/nix/var/determinate"];
              "/nix/store"
              "/nix/var/determinate"
            ];
          };
          socketConfig = {
--- a/modules/system/nix/nix.mod.nix
+++ b/modules/system/nix/nix.mod.nix
@ -5,12 +5,10 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.attrsets) mapAttrsToList;
  inherit (lib.modules) mkForce;
-in
+in {
 {
  nix = {
    # Check that Nix can parse the generated nix.conf.
    checkConfig = true;
@ -48,7 +46,7 @@ in
    # Automatically optimize nix store by removing hard links
    optimise = {
      automatic = true;
-      dates = [ "21:00" ];
+      dates = ["21:00"];
    };
    # NOTE:
@ -64,18 +62,10 @@ in
      auto-optimise-store = true;
      # Users that are allowed to connect to the Nix daemon.
-      allowed-users = [
+      allowed-users = ["root" "@wheel" "nix-builder"];
        "root"
        "@wheel"
        "nix-builder"
      ];
      # Users that are allowed to connect to the Nix daemon.
-      trusted-users = [
+      trusted-users = ["root" "@wheel" "nix-builder"];
        "root"
        "@wheel"
        "nix-builder"
      ];
      # Let the system decide the number of max jobs
      # based on available system specs. Usually this is
--- a/modules/system/nix/nixpkgs.mod.nix
+++ b/modules/system/nix/nixpkgs.mod.nix
@ -1,6 +1,5 @@
 # taken from raf
-{ sources, ... }:
+{sources, ...}: {
 {
  # Global nixpkgs configuration.
  # This is ignored if nixpkgs.pkgs is set, which should be avoided.
  nixpkgs = {
@ -41,7 +40,7 @@
      # List of derivation warnings to display while rebuilding.
      #  See: <https://github.com/NixOS/nixpkgs/blob/master/pkgs/stdenv/generic/check-meta.nix>
-      showDerivationWarnings = [ ];
+      showDerivationWarnings = [];
    };
  };
 }
--- a/modules/system/os/impermanence.mod.nix
+++ b/modules/system/os/impermanence.mod.nix
@ -4,14 +4,12 @@
  lib,
  sources,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf mkForce;
  inherit (builtins) map;
  cfg = config.modules.system.impermanence;
-in
+in {
 {
  imports = [
    (sources.impermanence + "/nixos.nix")
  ];
@ -43,36 +41,20 @@ in
      ];
      users.cr = {
-        directories = [
+        directories =
          [
            "cloud"
            "repos"
          ]
-        ++ map (dir: ".config/${dir}") [
+          ++ map (
-          "nicotine"
+            dir: ".config/${dir}"
-          "Signal"
+          ) ["nicotine" "Signal" "Nextcloud" "emacs" "doom"]
-          "Nextcloud"
+          ++ map (
-          "emacs"
+            dir: ".cache/${dir}"
-          "doom"
+          ) ["tealdeer" "keepassxc" "nix" "starship" "nix-index" "mozilla" "zsh" "nvim"]
-        ]
+          ++ map (
-        ++ map (dir: ".cache/${dir}") [
+            dir: ".local/share/${dir}"
-          "tealdeer"
+          ) ["direnv" "Steam" "TelegramDesktop" "PrismLauncher" "nicotine" "zoxide" ".keepass"];
          "keepassxc"
          "nix"
          "starship"
          "nix-index"
          "mozilla"
          "zsh"
          "nvim"
        ]
        ++ map (dir: ".local/share/${dir}") [
          "direnv"
          "Steam"
          "TelegramDesktop"
          "PrismLauncher"
          "nicotine"
          "zoxide"
          ".keepass"
        ];
      };
    };
--- a/modules/system/os/networking/dns.mod.nix
+++ b/modules/system/os/networking/dns.mod.nix
@ -3,12 +3,10 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  StateDirectory = "dnscrypt-proxy";
  inherit (lib.modules) mkForce;
-in
+in {
 {
  networking = {
    networkmanager.dns = mkForce "none";
    nameservers = [
--- a/modules/system/os/networking/firewall.mod.nix
+++ b/modules/system/os/networking/firewall.mod.nix
@ -3,8 +3,7 @@
  lib,
  pkgs,
  ...
-}:
+}: {
 {
  networking = {
    # use nftables over iptables
    nftables.enable = true;
--- a/modules/system/os/networking/networking.mod.nix
+++ b/modules/system/os/networking/networking.mod.nix
@ -1,8 +1,6 @@
-{ config, ... }:
+{config, ...}: let
 let
  inherit (config.modules.other.system) username;
-in
+in {
 {
  networking = {
    enableIPv6 = true;
@ -42,7 +40,7 @@ in
    openFirewall = true;
  };
-  users.users.${username}.extraGroups = [ "networkmanager" ];
+  users.users.${username}.extraGroups = ["networkmanager"];
  # faster boot
  systemd = {
--- a/modules/system/os/security/security.mod.nix
+++ b/modules/system/os/security/security.mod.nix
@ -1,12 +1,11 @@
-{ pkgs, ... }:
+{pkgs, ...}: {
 {
  security = {
    # Enable Soteria, a GTK-based Polkit authentication agent.
    soteria.enable = true;
    apparmor = {
      enable = true;
      killUnconfinedConfinables = true;
-      packages = [ pkgs.apparmor-profiles ];
+      packages = [pkgs.apparmor-profiles];
    };
    pam.services = {
--- a/modules/system/os/security/sudo.mod.nix
+++ b/modules/system/os/security/sudo.mod.nix
@ -2,18 +2,16 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkForce mkDefault;
-in
+in {
 {
  security = {
    sudo-rs.enable = mkForce false;
    sudo = {
      enable = true;
      # We use the default sudo package, but with insults if we
      # fail to provide the correct password
-      package = pkgs.sudo.override { withInsults = true; };
+      package = pkgs.sudo.override {withInsults = true;};
      # Wheel user should need the password to execute sudo commands
      wheelNeedsPassword = mkDefault true;
--- a/modules/system/os/systemd.mod.nix
+++ b/modules/system/os/systemd.mod.nix
@ -1,13 +1,11 @@
-{ lib, ... }:
+{lib, ...}: let
 let
  inherit (lib.modules) mkForce;
-in
+in {
 {
  config.systemd = {
    # faster startup
-    targets.network-online.wantedBy = mkForce [ ]; # Normally ["multi-user.target"]
+    targets.network-online.wantedBy = mkForce []; # Normally ["multi-user.target"]
    services = {
-      NetworkManager-wait-online.wantedBy = mkForce [ ]; # Normally ["network-online.target"]
+      NetworkManager-wait-online.wantedBy = mkForce []; # Normally ["network-online.target"]
      systemd-udev-settle.enable = false;
    };
  };
--- a/modules/system/system.mod.nix
+++ b/modules/system/system.mod.nix
@ -1,8 +1,6 @@
-{ config, ... }:
+{config, ...}: let
 let
  machine-id = builtins.substring 0 32 (builtins.hashString "sha256" config.networking.hostName);
-in
+in {
 {
  system = {
    # My state version.
    stateVersion = "23.11";
--- a/modules/wms/niri/niri.mod.nix
+++ b/modules/wms/niri/niri.mod.nix
@ -3,8 +3,7 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkForce mkIf;
  inherit (lib.options) mkEnableOption;
  inherit (config.modules.system) isGraphical;
@ -28,11 +27,13 @@ let
      })
    ];
  });
-in
+in {
 {
  options.modules.desktops.niri.enable = mkEnableOption "Niri, a scolling tiling wayland compositor";
-  config = mkIf (cfg.enable || isGraphical) {
+  config =
    mkIf (cfg.enable
      || isGraphical)
    {
      programs.niri = {
        enable = true;
        package = patched-niri;
@ -44,7 +45,8 @@ in
      environment.etc."niri/config.kdl".source = ./config.kdl;
      environment.systemPackages = builtins.attrValues {
-      inherit (pkgs)
+        inherit
          (pkgs)
          xwayland-satellite
          avizo
          playerctl
--- a/modules/wms/portal.mod.nix
+++ b/modules/wms/portal.mod.nix
@ -3,12 +3,10 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  inherit (lib.modules) mkIf;
  inherit (lib.lists) optional;
-in
+in {
 {
  xdg.portal = {
    enable = true;
    # Sets environment variable NIXOS_XDG_OPEN_USE_PORTAL to 1.
@ -28,7 +26,7 @@ in
        "org.freedesktop.impl.portal.Secret" = [
          "kwallet"
        ];
-        "org.freedesktop.secrets" = [ "kwalletd6" ];
+        "org.freedesktop.secrets" = ["kwalletd6"];
      };
      niri = {
        default = [
@ -40,7 +38,7 @@ in
        # https://docs.flatpak.org/en/latest/portal-api-reference.html
        # "org.freedesktop.impl.portal.Access" = ["kde"];
        # "org.freedesktop.impl.portal.Notification" = ["kde"];
-        "org.freedesktop.impl.portal.FileChooser" = [ "kde" ];
+        "org.freedesktop.impl.portal.FileChooser" = ["kde"];
      };
    };
  };
--- a/Show more
+++ b/Show more
`@ -1 +1 @@`
	`_: { imports = [ ./monitors.nix ]; }`	`_: {imports = [./monitors.nix];}`
		`@ -1 +1 @@`
			`/run/user/1000/quickshell/vfs/4f7a8066a49ba487f5b2754750896151/.qmlls.ini`				`/run/user/1000/quickshell/vfs/97b86fe3cbb42714790f5e96b44b706b/.qmlls.ini`