wooooooot, we're compiling again

flake.lock

@@ -71,15 +71,23 @@
     "clan-core": {
       "inputs": {
         "data-mesher": "data-mesher",
-        "disko": "disko",
+        "disko": [
+          "disko"
+        ],
         "flake-parts": [
           "flake-parts"
         ],
         "nix-darwin": "nix-darwin",
         "nix-select": "nix-select",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": [
-        "sops-nix": "sops-nix",
+          "nixpkgs"
-        "systems": "systems",
+        ],
+        "sops-nix": [
+          "sops-nix"
+        ],
+        "systems": [
+          "systems"
+        ],
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
@@ -139,7 +147,6 @@
     "disko": {
       "inputs": {
         "nixpkgs": [
-          "clan-core",
           "nixpkgs"
         ]
       },
@@ -160,7 +167,7 @@
     "erosanix": {
       "inputs": {
         "flake-compat": "flake-compat",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs"
       },
       "locked": {
         "lastModified": 1773767380,
@@ -264,7 +271,6 @@
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": [
-          "clan-core",
           "nixpkgs"
         ]
       },
@@ -369,7 +375,7 @@
     "flux": {
       "inputs": {
         "mcman": "mcman",
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_3"
       },
       "locked": {
         "lastModified": 1767316901,
@@ -422,7 +428,7 @@
     },
     "grub2-themes": {
       "inputs": {
-        "nixpkgs": "nixpkgs_5"
+        "nixpkgs": "nixpkgs_4"
       },
       "locked": {
         "lastModified": 1757136219,
@@ -538,7 +544,7 @@
     "mcman": {
       "inputs": {
         "crane": "crane",
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs_2"
       },
       "locked": {
         "lastModified": 1766962671,
@@ -572,7 +578,7 @@
     "mydia": {
       "inputs": {
         "flake-parts": "flake-parts_2",
-        "nixpkgs": "nixpkgs_6"
+        "nixpkgs": "nixpkgs_5"
       },
       "locked": {
         "lastModified": 1764866402,
@@ -656,8 +662,8 @@
     "nix-minecraft": {
       "inputs": {
         "flake-compat": "flake-compat_2",
-        "nixpkgs": "nixpkgs_7",
+        "nixpkgs": "nixpkgs_6",
-        "systems": "systems_2"
+        "systems": "systems"
       },
       "locked": {
         "lastModified": 1774407052,
@@ -719,22 +725,6 @@
       }
     },
     "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1772380631,
-        "narHash": "sha256-FhW0uxeXjefINP0vUD4yRBB52Us7fXZPk9RiPAopfiY=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "6d3b61b190a899042ce82a5355111976ba76d698",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "master",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_3": {
       "locked": {
         "lastModified": 1757347588,
         "narHash": "sha256-tLdkkC6XnsY9EOZW9TlpesTclELy8W7lL2ClL+nma8o=",
@@ -749,7 +739,7 @@
         "type": "indirect"
       }
     },
-    "nixpkgs_4": {
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1766902085,
         "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=",
@@ -765,7 +755,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_5": {
+    "nixpkgs_4": {
       "locked": {
         "lastModified": 1774449288,
         "narHash": "sha256-ukB6NS45Oi62fQM4RpZfx3dpqxIu66ADCCFl6h72Fjo=",
@@ -781,7 +771,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_6": {
+    "nixpkgs_5": {
       "locked": {
         "lastModified": 1764242076,
         "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",
@@ -797,7 +787,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_7": {
+    "nixpkgs_6": {
       "locked": {
         "lastModified": 1769461804,
         "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
@@ -813,6 +803,22 @@
         "type": "github"
       }
     },
+    "nixpkgs_7": {
+      "locked": {
+        "lastModified": 1774386573,
+        "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs_8": {
       "locked": {
         "lastModified": 1771008912,
@@ -877,7 +883,7 @@
         "mnw": "mnw",
         "ndg": "ndg",
         "nixpkgs": "nixpkgs_8",
-        "systems": "systems_3"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1774375131,
@@ -919,6 +925,7 @@
     "root": {
       "inputs": {
         "clan-core": "clan-core",
+        "disko": "disko",
         "erosanix": "erosanix",
         "fenix": "fenix",
         "flake-parts": "flake-parts",
@@ -930,15 +937,12 @@
         "jovian": "jovian",
         "mydia": "mydia",
         "nix-minecraft": "nix-minecraft",
-        "nixpkgs": [
+        "nixpkgs": "nixpkgs_7",
-          "clan-core",
-          "nixpkgs"
-        ],
         "nvf": "nvf",
         "plasma-manager": "plasma-manager",
-        "sops-nix": "sops-nix_2",
+        "sops-nix": "sops-nix",
         "stylix": "stylix",
-        "systems": "systems_5",
+        "systems": "systems_4",
         "terranix": "terranix",
         "zen-browser": "zen-browser"
       }
@@ -961,27 +965,6 @@
       }
     },
     "sops-nix": {
-      "inputs": {
-        "nixpkgs": [
-          "clan-core",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1774154798,
-        "narHash": "sha256-zsTuloDSdKf+PrI1MsWx5z/cyGEJ8P3eERtAfdP8Bmg=",
-        "owner": "Mic92",
-        "repo": "sops-nix",
-        "rev": "3e0d543e6ba6c0c48117a81614e90c6d8c425170",
-        "type": "github"
-      },
-      "original": {
-        "owner": "Mic92",
-        "repo": "sops-nix",
-        "type": "github"
-      }
-    },
-    "sops-nix_2": {
       "inputs": {
         "nixpkgs": "nixpkgs_9"
       },
@@ -1010,7 +993,7 @@
         "gnome-shell": "gnome-shell",
         "nixpkgs": "nixpkgs_10",
         "nur": "nur",
-        "systems": "systems_4",
+        "systems": "systems_3",
         "tinted-foot": "tinted-foot",
         "tinted-kitty": "tinted-kitty",
         "tinted-schemes": "tinted-schemes",
@@ -1106,28 +1089,13 @@
         "type": "github"
       }
     },
-    "systems_6": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
     "terranix": {
       "inputs": {
         "flake-parts": "flake-parts_5",
         "nixpkgs": [
           "nixpkgs"
         ],
-        "systems": "systems_6"
+        "systems": "systems_5"
       },
       "locked": {
         "lastModified": 1773700838,

flake.nix

@@ -7,25 +7,37 @@
   };
 
   inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+
     flake-parts = {
       url = "github:hercules-ci/flake-parts";
-      inputs.nixpkgs-lib.follows = "clan-core/nixpkgs";
+      inputs.nixpkgs-lib.follows = "nixpkgs";
     };
     import-tree.url = "github:vic/import-tree";
-
-    clan-core = {
-      url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz";
-      inputs.flake-parts.follows = "flake-parts";
-    };
-
-    nixpkgs.follows = "clan-core/nixpkgs";
     systems.url = "github:nix-systems/default";
+    sops-nix.url = "github:Mic92/sops-nix";
+
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
 
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    clan-core = {
+      url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz";
+      inputs = {
+        flake-parts.follows = "flake-parts";
+        nixpkgs.follows = "nixpkgs";
+        sops-nix.follows = "sops-nix";
+        disko.follows = "disko";
+        systems.follows = "systems";
+      };
+    };
+
     plasma-manager = {
       url = "github:nix-community/plasma-manager";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -52,8 +64,6 @@
 
     flux.url = "github:IogaMaster/flux";
 
-    sops-nix.url = "github:Mic92/sops-nix";
-
     # Azure AD for linux
     himmelblau = {
       url = "github:himmelblau-idm/himmelblau";
@@ -98,6 +108,8 @@
         flake-parts.flakeModules.modules
         clan-core.flakeModules.default
         home-manager.flakeModules.default
+        terranix.flakeModule
+        ./packages/flake-module.nix
       ];
 
       perSystem = {system, ...}: {
@@ -113,9 +125,13 @@
 
             config = {
               allowUnfree = true;
+
               permittedInsecurePackages = [
                 # I think this is because of zen
                 "qtwebengine-5.15.19"
+
+                # For mautrix-signal, the matrix to signal bridge
+                "olm-3.2.16"
               ];
             };
           };

lib/default.nix

@@ -5,47 +5,12 @@
   ...
 }: let
   inherit (lib) mkOption types;
-  namespace = "sneeuwvlok";
-
-  sharedContext = {
-    inherit inputs namespace;
-    erosanixLib = inputs.erosanix.lib;
-    repoRoot = ../.;
-    sneeuwvlokLib = config.localLib;
-    terranixLib = inputs.terranix.lib;
-  };
-
-  baseNixosModules =
-    [
-      inputs.grub2-themes.nixosModules.default
-      inputs.home-manager.nixosModules.home-manager
-      inputs.himmelblau.nixosModules.himmelblau
-      inputs.jovian.nixosModules.default
-      inputs.mydia.nixosModules.default
-      inputs.nix-minecraft.nixosModules.minecraft-servers
-      inputs.nvf.nixosModules.default
-      inputs.sops-nix.nixosModules.sops
-      {
-        home-manager = {
-          useGlobalPkgs = true;
-          useUserPackages = true;
-          extraSpecialArgs = sharedContext;
-          sharedModules = config.localUsers.homeSharedModules;
-        };
-      }
-    ]
-    ++ [../modules/nixos];
 in {
   imports = [
     ./options
     ./strings
   ];
 
-  options.localLib = mkOption {
-    type = types.lazyAttrsOf types.raw;
-    default = {};
-  };
-
   config = {
     _module.args = {
       inherit
@@ -55,7 +20,6 @@ in {
         sharedContext
         systemOverlays
         ;
-      sneeuwvlokLib = config.localLib;
     };
 
     flake.lib = config.localLib;

lib/strings/default.nix

@@ -2,36 +2,54 @@
   inherit (builtins) isString typeOf match toString head;
   inherit (lib) throwIfNot concatStringsSep splitStringBy toLower map concatMapAttrsStringSep;
 in {
-  localLib.strings = {
+  strings = {
     #========================================================================================
     # Converts a string to snake case
     #
     # simply replaces any uppercase letter to its lowercase variant preceeded by an underscore
     #========================================================================================
-    toSnakeCase = 
+    toSnakeCase = str:
-      str:
       throwIfNot (isString str) "toSnakeCase only accepts string values, but got ${typeOf str}" (
         str
-          |> splitStringBy (prev: curr: builtins.match "[a-z]" prev != null && builtins.match "[A-Z]" curr != null) true
+        |> splitStringBy (prev: curr: builtins.match "[a-z]" prev != null && builtins.match "[A-Z]" curr != null) true
-          |> map (p: toLower p)
+        |> map (p: toLower p)
-          |> concatStringsSep "_"
+        |> concatStringsSep "_"
       );
 
     #========================================================================================
     # Converts a set of url parts to a string
     #========================================================================================
-    toUrl = 
+    toUrl = {
-      { protocol ? null, host, port ? null, path ? null, query ? null, hash ? null }:
+      protocol ? null,
-      let
+      host,
-        trim_slashes = str: str |> match "^\/*(.+?)\/*$" |> head;
+      port ? null,
-        encode_to_str = set: concatMapAttrsStringSep "&" (n: v: "${n}=${v}") set;
+      path ? null,
-        
+      query ? null,
-        _protocol = if protocol != null then "${protocol}://" else "";
+      hash ? null,
-        _port = if port != null then ":${toString port}" else "";
+    }: let
-        _path = if path != null then "/${path |> trim_slashes}" else "";
+      trim_slashes = str: str |> match "^\/*(.+?)\/*$" |> head;
-        _query = if query != null then "?${query |> encode_to_str}" else "";
+      encode_to_str = set: concatMapAttrsStringSep "&" (n: v: "${n}=${v}") set;
-        _hash = if hash != null then "#${hash |> encode_to_str}" else "";
+
-      in
+      _protocol =
-      "${_protocol}${host}${_port}${_path}${_query}${_hash}";
+        if protocol != null
+        then "${protocol}://"
+        else "";
+      _port =
+        if port != null
+        then ":${toString port}"
+        else "";
+      _path =
+        if path != null
+        then "/${path |> trim_slashes}"
+        else "";
+      _query =
+        if query != null
+        then "?${query |> encode_to_str}"
+        else "";
+      _hash =
+        if hash != null
+        then "#${hash |> encode_to_str}"
+        else "";
+    in "${_protocol}${host}${_port}${_path}${_query}${_hash}";
   };
 }

machines/ulmo/configuration.nix

@@ -1,301 +1,286 @@
 {
   pkgs,
-  inputs,
+  lib,
+  self,
   ...
 }: {
+  _module.args = {
+    pkgs = lib.mkForce (import self.inputs.nixpkgs {
+      system = "x86_64-linux";
+
+      overlays = with self.inputs; [
+        fenix.overlays.default
+        nix-minecraft.overlay
+        flux.overlays.default
+      ];
+
+      config = {
+        allowUnfree = true;
+
+        permittedInsecurePackages = [
+          # I think this is because of zen
+          "qtwebengine-5.15.19"
+
+          # For mautrix-signal, the matrix to signal bridge
+          "olm-3.2.16"
+        ];
+      };
+    });
+  };
+
   imports = [
     ./disks.nix
     ./hardware.nix
     ../../modules/nixos
+    self.inputs.home-manager.nixosModules.home-manager
+    self.inputs.himmelblau.nixosModules.himmelblau
+    self.inputs.jovian.nixosModules.default
+    self.inputs.mydia.nixosModules.default
+    self.inputs.nix-minecraft.nixosModules.minecraft-servers
+    self.inputs.nvf.nixosModules.default
+    self.inputs.sops-nix.nixosModules.sops
   ];
 
-  sneeuwvlok.application.steam.enable = true;
-
-  nixpkgs.hostPlatform = "x86_64-linux";
   system.stateVersion = "23.11";
 
-  boot = {
+  networking = {
-    kernelPackages = pkgs.linuxPackages_latest;
+    interfaces.enp2s0 = {
+      ipv6.addresses = [
+        {
+          address = "2a0d:6e00:1dc9:0::dead:beef";
+          prefixLength = 64;
+        }
+      ];
 
-    loader = {
+      useDHCP = true;
-      systemd-boot.enable = false;
+    };
-      efi.canTouchEfiVariables = true;
+
-      grub = {
+    defaultGateway = {
+      address = "192.168.1.1";
+      interface = "enp2s0";
+    };
+
+    defaultGateway6 = {
+      address = "fe80::1";
+      interface = "enp2s0";
+    };
+  };
+
+  sneeuwvlok = {
+    services = {
+      backup.borg.enable = true;
+
+      authentication.zitadel = {
         enable = true;
-        efiSupport = true;
+
-        efiInstallAsRemovable = false;
+        organization = {
-        device = "nodev"; # INFO: https://discourse.nixos.org/t/question-about-grub-and-nodev
+          nix = {
+            user = {
+              chris = {
+                email = "chris@kruining.eu";
+                firstName = "Chris";
+                lastName = "Kruining";
+
+                roles = ["ORG_OWNER"];
+                instanceRoles = ["IAM_OWNER"];
+              };
+
+              kaas = {
+                email = "chris+kaas@kruining.eu";
+                firstName = "Kaas";
+                lastName = "Kruining";
+              };
+            };
+
+            project = {
+              ulmo = {
+                projectRoleCheck = true;
+                projectRoleAssertion = true;
+                hasProjectCheck = true;
+
+                role = {
+                  jellyfin = {
+                    group = "jellyfin";
+                  };
+                  jellyfin_admin = {
+                    group = "jellyfin";
+                  };
+                };
+
+                assign = {
+                  chris = ["jellyfin" "jellyfin_admin"];
+                  kaas = ["jellyfin"];
+                };
+
+                application = {
+                  jellyfin = {
+                    redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"];
+                    grantTypes = ["authorizationCode"];
+                    responseTypes = ["code"];
+                  };
+
+                  forgejo = {
+                    redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"];
+                    grantTypes = ["authorizationCode"];
+                    responseTypes = ["code"];
+                  };
+
+                  vaultwarden = {
+                    redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"];
+                    grantTypes = ["authorizationCode"];
+                    responseTypes = ["code"];
+                    exportMap = {
+                      client_id = "SSO_CLIENT_ID";
+                      client_secret = "SSO_CLIENT_SECRET";
+                    };
+                  };
+
+                  matrix = {
+                    redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"];
+                    grantTypes = ["authorizationCode"];
+                    responseTypes = ["code"];
+                  };
+
+                  mydia = {
+                    redirectUris = ["http://localhost:2010/auth/oidc/callback"];
+                    grantTypes = ["authorizationCode"];
+                    responseTypes = ["code"];
+                  };
+
+                  grafana = {
+                    redirectUris = ["http://localhost:9001/login/generic_oauth"];
+                    grantTypes = ["authorizationCode"];
+                    responseTypes = ["code"];
+                  };
+                };
+              };
+
+              convex = {
+                projectRoleCheck = true;
+                projectRoleAssertion = true;
+                hasProjectCheck = true;
+
+                application = {
+                  scry = {
+                    redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"];
+                    grantTypes = ["authorizationCode"];
+                    responseTypes = ["code"];
+                  };
+                };
+              };
+            };
+
+            action = {
+              flattenRoles = {
+                script = ''
+                  (ctx, api) => {
+                    if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) {
+                      return;
+                    }
+
+                    const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role));
+
+                    api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles }));
+                  };
+                '';
+              };
+            };
+
+            triggers = [
+              {
+                flowType = "customiseToken";
+                triggerType = "preUserinfoCreation";
+                actions = ["flattenRoles"];
+              }
+              {
+                flowType = "customiseToken";
+                triggerType = "preAccessTokenCreation";
+                actions = ["flattenRoles"];
+              }
+            ];
+          };
+        };
+      };
+
+      communication.matrix.enable = true;
+
+      development.forgejo.enable = true;
+
+      networking.ssh.enable = true;
+      networking.caddy.hosts = {
+        # Expose amarht cloud stuff like this until I have a proper solution
+        "auth.amarth.cloud" = ''
+          reverse_proxy http://192.168.1.223:9092
+        '';
+
+        "amarth.cloud" = ''
+          reverse_proxy http://192.168.1.223:8080
+        '';
+      };
+
+      media.enable = true;
+      media.glance.enable = true;
+      media.mydia.enable = true;
+      media.nfs.enable = true;
+      media.jellyfin.enable = true;
+      media.servarr = {
+        radarr = {
+          enable = true;
+          port = 2001;
+          rootFolders = [
+            "/var/media/movies"
+          ];
+        };
+
+        sonarr = {
+          enable = true;
+          # debug = true;
+          port = 2002;
+          rootFolders = [
+            "/var/media/series"
+          ];
+        };
+
+        lidarr = {
+          enable = true;
+          debug = true;
+          port = 2003;
+          rootFolders = [
+            "/var/media/music"
+          ];
+        };
+
+        prowlarr = {
+          enable = true;
+          # debug = true;
+          port = 2004;
+        };
+      };
+
+      observability = {
+        grafana.enable = true;
+        prometheus.enable = true;
+        loki.enable = true;
+        promtail.enable = true;
+        # uptime-kuma.enable = true;
+      };
+
+      security.vaultwarden = {
+        enable = true;
+        database = {
+          # type = "sqlite";
+          # file = "/var/lib/vaultwarden/state.db";
+
+          type = "postgresql";
+          host = "localhost";
+          port = 5432;
+          sslMode = "disabled";
+        };
       };
     };
 
-    supportedFilesystems = ["nfs"];
+    editor = {
+      nano.enable = true;
+    };
   };
-
-  # sneeuwvlok.application.steam.enable = true;
-
-  # networking = {
-  #   interfaces.enp2s0 = {
-  #     ipv6.addresses = [
-  #       {
-  #         address = "2a0d:6e00:1dc9:0::dead:beef";
-  #         prefixLength = 64;
-  #       }
-  #     ];
-
-  #     useDHCP = true;
-  #   };
-
-  #   defaultGateway = {
-  #     address = "192.168.1.1";
-  #     interface = "enp2s0";
-  #   };
-
-  #   defaultGateway6 = {
-  #     address = "fe80::1";
-  #     interface = "enp2s0";
-  #   };
-  # };
-
-  # # virtualisation = {
-  # #   containers.enable = true;
-  # #   podman = {
-  # #     enable = true;
-  # #     dockerCompat = true;
-  # #   };
-
-  # #   oci-containers = {
-  # #     backend = "podman";
-  # #     containers = {
-  # #       homey = {
-  # #         image = "ghcr.io/athombv/homey-shs:latest";
-  # #         autoStart = true;
-  # #         privileged = true;
-  # #         volumes = [
-  # #           "/home/chris/.homey-shs:/homey/user"
-  # #         ];
-  # #         ports = [
-  # #           "4859:4859"
-  # #         ];
-  # #       };
-  # #     };
-  # #   };
-  # # };
-
-  # # sneeuwvlok = {
-  # #   services = {
-  # #     backup.borg.enable = true;
-
-  # #     authentication.zitadel = {
-  # #       enable = true;
-
-  # #       organization = {
-  # #         nix = {
-  # #           user = {
-  # #             chris = {
-  # #               email = "chris@kruining.eu";
-  # #               firstName = "Chris";
-  # #               lastName = "Kruining";
-
-  # #               roles = ["ORG_OWNER"];
-  # #               instanceRoles = ["IAM_OWNER"];
-  # #             };
-
-  # #             kaas = {
-  # #               email = "chris+kaas@kruining.eu";
-  # #               firstName = "Kaas";
-  # #               lastName = "Kruining";
-  # #             };
-  # #           };
-
-  # #           project = {
-  # #             ulmo = {
-  # #               projectRoleCheck = true;
-  # #               projectRoleAssertion = true;
-  # #               hasProjectCheck = true;
-
-  # #               role = {
-  # #                 jellyfin = {
-  # #                   group = "jellyfin";
-  # #                 };
-  # #                 jellyfin_admin = {
-  # #                   group = "jellyfin";
-  # #                 };
-  # #               };
-
-  # #               assign = {
-  # #                 chris = ["jellyfin" "jellyfin_admin"];
-  # #                 kaas = ["jellyfin"];
-  # #               };
-
-  # #               application = {
-  # #                 jellyfin = {
-  # #                   redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"];
-  # #                   grantTypes = ["authorizationCode"];
-  # #                   responseTypes = ["code"];
-  # #                 };
-
-  # #                 forgejo = {
-  # #                   redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"];
-  # #                   grantTypes = ["authorizationCode"];
-  # #                   responseTypes = ["code"];
-  # #                 };
-
-  # #                 vaultwarden = {
-  # #                   redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"];
-  # #                   grantTypes = ["authorizationCode"];
-  # #                   responseTypes = ["code"];
-  # #                   exportMap = {
-  # #                     client_id = "SSO_CLIENT_ID";
-  # #                     client_secret = "SSO_CLIENT_SECRET";
-  # #                   };
-  # #                 };
-
-  # #                 matrix = {
-  # #                   redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"];
-  # #                   grantTypes = ["authorizationCode"];
-  # #                   responseTypes = ["code"];
-  # #                 };
-
-  # #                 mydia = {
-  # #                   redirectUris = ["http://localhost:2010/auth/oidc/callback"];
-  # #                   grantTypes = ["authorizationCode"];
-  # #                   responseTypes = ["code"];
-  # #                 };
-
-  # #                 grafana = {
-  # #                   redirectUris = ["http://localhost:9001/login/generic_oauth"];
-  # #                   grantTypes = ["authorizationCode"];
-  # #                   responseTypes = ["code"];
-  # #                 };
-  # #               };
-  # #             };
-
-  # #             convex = {
-  # #               projectRoleCheck = true;
-  # #               projectRoleAssertion = true;
-  # #               hasProjectCheck = true;
-
-  # #               application = {
-  # #                 scry = {
-  # #                   redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"];
-  # #                   grantTypes = ["authorizationCode"];
-  # #                   responseTypes = ["code"];
-  # #                 };
-  # #               };
-  # #             };
-  # #           };
-
-  # #           action = {
-  # #             flattenRoles = {
-  # #               script = ''
-  # #                 (ctx, api) => {
-  # #                   if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) {
-  # #                     return;
-  # #                   }
-
-  # #                   const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role));
-
-  # #                   api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles }));
-  # #                 };
-  # #               '';
-  # #             };
-  # #           };
-
-  # #           triggers = [
-  # #             {
-  # #               flowType = "customiseToken";
-  # #               triggerType = "preUserinfoCreation";
-  # #               actions = ["flattenRoles"];
-  # #             }
-  # #             {
-  # #               flowType = "customiseToken";
-  # #               triggerType = "preAccessTokenCreation";
-  # #               actions = ["flattenRoles"];
-  # #             }
-  # #           ];
-  # #         };
-  # #       };
-  # #     };
-
-  # #     communication.matrix.enable = true;
-
-  # #     development.forgejo.enable = true;
-
-  # #     networking.ssh.enable = true;
-  # #     networking.caddy.hosts = {
-  # #       # Expose amarht cloud stuff like this until I have a proper solution
-  # #       "auth.amarth.cloud" = ''
-  # #         reverse_proxy http://192.168.1.223:9092
-  # #       '';
-
-  # #       "amarth.cloud" = ''
-  # #         reverse_proxy http://192.168.1.223:8080
-  # #       '';
-  # #     };
-
-  # #     media.enable = true;
-  # #     media.glance.enable = true;
-  # #     media.mydia.enable = true;
-  # #     media.nfs.enable = true;
-  # #     media.jellyfin.enable = true;
-  # #     media.servarr = {
-  # #       radarr = {
-  # #         enable = true;
-  # #         port = 2001;
-  # #         rootFolders = [
-  # #           "/var/media/movies"
-  # #         ];
-  # #       };
-
-  # #       sonarr = {
-  # #         enable = true;
-  # #         # debug = true;
-  # #         port = 2002;
-  # #         rootFolders = [
-  # #           "/var/media/series"
-  # #         ];
-  # #       };
-
-  # #       lidarr = {
-  # #         enable = true;
-  # #         debug = true;
-  # #         port = 2003;
-  # #         rootFolders = [
-  # #           "/var/media/music"
-  # #         ];
-  # #       };
-
-  # #       prowlarr = {
-  # #         enable = true;
-  # #         # debug = true;
-  # #         port = 2004;
-  # #       };
-  # #     };
-
-  # #     observability = {
-  # #       grafana.enable = true;
-  # #       prometheus.enable = true;
-  # #       loki.enable = true;
-  # #       promtail.enable = true;
-  # #       # uptime-kuma.enable = true;
-  # #     };
-
-  # #     security.vaultwarden = {
-  # #       enable = true;
-  # #       database = {
-  # #         # type = "sqlite";
-  # #         # file = "/var/lib/vaultwarden/state.db";
-
-  # #         type = "postgresql";
-  # #         host = "localhost";
-  # #         port = 5432;
-  # #         sslMode = "disabled";
-  # #       };
-  # #     };
-  # #   };
-
-  # #   editor = {
-  # #     nano.enable = true;
-  # #   };
-  # # };
 }

machines/ulmo/hardware.nix

@@ -1,18 +1,20 @@
-{ config, lib, pkgs, modulesPath, ... }:
-let
-  inherit (lib.modules) mkDefault;
-in
 {
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  config,
-
+  pkgs,
+  lib,
+  modulesPath,
+  ...
+}: let
+  inherit (lib.modules) mkDefault;
+in {
   boot = {
-    initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+    initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
-    initrd.kernelModules = [ ];
+    initrd.kernelModules = [];
-    kernelModules = [ "kvm-intel" ];
+    kernelModules = ["kvm-intel"];
     kernelParams = [];
-    extraModulePackages = [ ];
+    extraModulePackages = [];
   };
 
-  nixpkgs.hostPlatform = mkDefault pkgs.stdenv.hostPlatform.system;
+  nixpkgs.hostPlatform = "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;
 }

modules/home/application/bitwarden/default.nix

@@ -1,15 +1,19 @@
-{ inputs, config, lib, pkgs, namespace, ... }:
+{
-let
+  inputs,
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.application.bitwarden;
-in
+in {
-{
   options.sneeuwvlok.application.bitwarden = {
     enable = mkEnableOption "enable bitwarden";
   };
 
   config = mkIf cfg.enable {
-    home.packages = with pkgs; [ bitwarden-desktop ];
+    home.packages = with pkgs; [bitwarden-desktop];
   };
 }

modules/home/application/chrome/default.nix

@@ -3,7 +3,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/home/application/discord/default.nix

@@ -3,7 +3,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/home/application/ladybird/default.nix

@@ -1,15 +1,19 @@
-{ inputs, config, lib, pkgs, namespace, ... }:
+{
-let
+  inputs,
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.application.ladybird;
-in
+in {
-{
   options.sneeuwvlok.application.ladybird = {
     enable = mkEnableOption "enable ladybird";
   };
 
   config = mkIf cfg.enable {
-    home.packages = with pkgs; [ ladybird ];
+    home.packages = with pkgs; [ladybird];
   };
 }

modules/home/application/matrix/default.nix

@@ -1,16 +1,20 @@
-{ config, lib, pkgs, namespace, osConfig ? {}, ... }:
+{
-let
+  config,
+  lib,
+  pkgs,
+  osConfig ? {},
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.application.matrix;
-in
+in {
-{
   options.sneeuwvlok.application.matrix = {
     enable = mkEnableOption "enable Matrix client (Fractal)";
   };
 
   config = mkIf cfg.enable {
-    home.packages = with pkgs; [ fractal element-desktop ];
+    home.packages = with pkgs; [fractal element-desktop];
 
     programs.element-desktop = {
       enable = true;

modules/home/application/obs/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   osConfig ? {},
   ...
 }: let

modules/home/application/onlyoffice/default.nix

@@ -3,7 +3,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/home/application/signal/default.nix

@@ -1,15 +1,19 @@
-{ inputs, config, lib, pkgs, namespace, ... }:
+{
-let
+  inputs,
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.application.signal;
-in
+in {
-{
   options.sneeuwvlok.application.signal = {
     enable = mkEnableOption "enable signal";
   };
 
   config = mkIf cfg.enable {
-    home.packages = with pkgs; [ signal-desktop ];
+    home.packages = with pkgs; [signal-desktop];
   };
 }

modules/home/application/steam/default.nix

@@ -3,7 +3,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/home/application/studio/default.nix

@@ -1,18 +1,18 @@
-{ config, lib, pkgs, namespace, repoRoot, erosanixLib, ... }:
+{
-let
+  config,
+  lib,
+  self,
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.application.studio;
-  studioPackage = pkgs.callPackage (repoRoot + "/packages/studio/package.nix") {
+in {
-    inherit erosanixLib;
-  };
-in
-{
   options.sneeuwvlok.application.studio = {
     enable = mkEnableOption "enable Bricklink Studio";
   };
 
   config = mkIf cfg.enable {
-    home.packages = [ studioPackage ];
+    home.packages = [self.packages.studio];
   };
 }

modules/home/application/teamspeak/default.nix

@@ -1,10 +1,14 @@
-{ inputs, config, lib, pkgs, namespace, ... }:
+{
-let
+  inputs,
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.application.teamspeak;
-in
+in {
-{
   options.sneeuwvlok.application.teamspeak = {
     enable = mkEnableOption "enable teamspeak";
   };

modules/home/application/thunderbird/default.nix

@@ -1,10 +1,14 @@
-{ inputs, config, lib, pkgs, namespace, ... }:
+{
-let
+  inputs,
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.application.thunderbird;
-in
+in {
-{
   options.sneeuwvlok.application.thunderbird = {
     enable = mkEnableOption "enable thunderbird";
   };
@@ -14,7 +18,7 @@ in
       enable = true;
       package = pkgs.thunderbird-latest;
 
-        profiles.chris = {
+      profiles.chris = {
         isDefault = true;
       };
     };
@@ -30,7 +34,7 @@ in
         };
         thunderbird = {
           enable = true;
-          profiles = [ "chris" ];
+          profiles = ["chris"];
         };
       };
 

modules/home/application/zen/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/home/default.nix

@@ -2,7 +2,6 @@
   pkgs,
   config,
   lib,
-  namespace,
   ...
 }: let
   inherit (lib) mkOption;

modules/home/desktop/plasma/default.nix

@@ -1,13 +1,15 @@
-{ config, lib, namespace, osConfig ? {}, ... }:
+{
-let
+  config,
+  lib,
+  osConfig ? {},
+  ...
+}: let
   inherit (lib) mkIf;
 
   cfg = config.sneeuwvlok.desktop.plasma;
-  osCfg = osConfig.sneeuwvlok.desktop.plasma or { enable = false; };
+  osCfg = osConfig.sneeuwvlok.desktop.plasma or {enable = false;};
-in
+in {
-{
   options.sneeuwvlok.desktop.plasma = {
-
   };
 
   config = mkIf osCfg.enable {

modules/home/development/dotnet/default.nix

@@ -1,15 +1,18 @@
-{ config, lib, pkgs, namespace, ... }:
+{
-let
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkEnableOption mkIf;
 
   cfg = config.sneeuwvlok.development.dotnet;
-in
+in {
-{
   options.sneeuwvlok.development.dotnet = {
     enable = mkEnableOption "Enable dotnet development tools";
   };
 
   config = mkIf cfg.enable {
-    home.packages = with pkgs; [ dotnet-sdk_8 ];
+    home.packages = with pkgs; [dotnet-sdk_8];
   };
 }

modules/home/development/javascript/default.nix

@@ -1,15 +1,18 @@
-{ config, lib, pkgs, namespace, ... }:
+{
-let
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkEnableOption mkIf;
 
   cfg = config.sneeuwvlok.development.javascript;
-in
+in {
-{
   options.sneeuwvlok.development.javascript = {
     enable = mkEnableOption "Enable javascript development tools";
   };
 
   config = mkIf cfg.enable {
-    home.packages = with pkgs; [ bun nodejs nodePackages_latest.typescript-language-server ];
+    home.packages = with pkgs; [bun nodejs nodePackages_latest.typescript-language-server];
   };
 }

modules/home/development/rust/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkEnableOption mkIf;

modules/home/editor/nano/default.nix

@@ -3,7 +3,6 @@
   options,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkEnableOption mkIf;

modules/home/editor/nvim/default.nix

@@ -3,7 +3,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/home/editor/zed/default.nix

@@ -1,4 +1,9 @@
-{ config, lib, pkgs, namespace, ... }: let
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.editor.zed;
@@ -9,13 +14,16 @@ in {
 
   config = mkIf cfg.enable {
     home.packages = with pkgs; [
-      zed-editor nixd nil alejandra
+      zed-editor
+      nixd
+      nil
+      alejandra
     ];
 
     programs.zed-editor = {
       enable = true;
 
-      extensions = [ "nix" "toml" "html" "just-ls" ];
+      extensions = ["nix" "toml" "html" "just-ls"];
 
       userSettings = {
         assistant.enabled = false;

modules/home/game/minecraft/default.nix

@@ -3,7 +3,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/home/shell/default.nix

@@ -1,10 +1,13 @@
-{ config, lib, pkgs, namespace, ... }:
+{
-let
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkIf mkMerge mkEnableOption mkDefault;
 
   cfg = config.sneeuwvlok.shell;
-in
+in {
-{
   imports = [
     ./toolset
     ./zsh
@@ -30,8 +33,8 @@ in
       };
     })
 
-    ({
+    {
-      home.packages = with pkgs; [ any-nix-shell pwgen yt-dlp ripdrag fd (ripgrep.override {withPCRE2 = true;}) ];
+      home.packages = with pkgs; [any-nix-shell pwgen yt-dlp ripdrag fd (ripgrep.override {withPCRE2 = true;})];
 
       programs = {
         direnv = {
@@ -45,6 +48,6 @@ in
           config.whitelist.prefix = ["/home"];
         };
       };
-    })
+    }
   ];
 }

modules/home/shell/toolset/bat/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/home/shell/toolset/btop/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/home/shell/toolset/eza/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/home/shell/toolset/fzf/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/home/shell/toolset/git/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkEnableOption mkIf;

modules/home/shell/toolset/gnugpg/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/home/shell/toolset/just/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkEnableOption mkIf;

modules/home/shell/toolset/starship/default.nix

@@ -1,16 +1,19 @@
-{ config, lib, pkgs, namespace, ... }:
+{
-let
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.shell.toolset.starship;
-in
+in {
-{
   options.sneeuwvlok.shell.toolset.starship = {
     enable = mkEnableOption "fancy pansy shell prompt";
   };
 
   config = mkIf cfg.enable {
-    home.packages = with pkgs; [ starship ];
+    home.packages = with pkgs; [starship];
 
     programs.starship = {
       enable = true;

modules/home/shell/toolset/tmux/default.nix

@@ -1,16 +1,19 @@
-{ config, lib, pkgs, namespace, ... }:
+{
-let
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.shell.toolset.tmux;
-in
+in {
-{
+  options.sneeuwvlok.shell.toolset.tmux = {
-  options.sneeuwvlok.shell.toolset.tmux = { 
+    enable = mkEnableOption "terminal multiplexer";
-    enable = mkEnableOption "terminal multiplexer"; 
   };
 
   config = mkIf cfg.enable {
-    home.packages = with pkgs; [ tmux ];
+    home.packages = with pkgs; [tmux];
 
     programs.tmux = {
       enable = true;

modules/home/shell/toolset/yazi/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/home/shell/toolset/zellij/default.nix

@@ -1,16 +1,19 @@
-{ config, lib, pkgs, namespace, ... }:
+{
-let
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.shell.toolset.zellij;
-in
+in {
-{
   options.sneeuwvlok.shell.toolset.zellij = {
     enable = mkEnableOption "terminal multiplexer";
   };
 
   config = mkIf cfg.enable {
-    home.packages = with pkgs; [ zellij ];
+    home.packages = with pkgs; [zellij];
 
     programs.zellij = {
       enable = true;

modules/home/shell/toolset/zoxide/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/home/shell/zsh/default.nix

@@ -1,10 +1,13 @@
-{ config, lib, pkgs, namespace, ... }:
+{
-let
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.shell.zsh;
-in
+in {
-{
   options.sneeuwvlok.shell.zsh = {
     enable = mkEnableOption "enable ZSH";
   };

modules/home/terminal/alacritty/default.nix

@@ -1,7 +1,6 @@
 {
   config,
   lib,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/home/terminal/ghostty/default.nix

@@ -1,7 +1,6 @@
 {
   config,
   lib,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/home/themes/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   osConfig ? {},
   ...
 }: let

modules/nixos/application/steam.nix

@@ -12,7 +12,7 @@ in {
     enable = mkEnableOption "enable steam";
   };
   config = mkIf cfg.enable {
-    environment.systemPackages = with pkgs; [steam];
+    # environment.systemPackages = with pkgs; [steam];
 
     programs = {
       steam = {

modules/nixos/boot/default.nix

@@ -1,7 +1,6 @@
 {
   inputs,
   lib,
-  namespace,
   config,
   pkgs,
   ...

modules/nixos/desktop/cosmic/default.nix

@@ -1,7 +1,6 @@
 {
   lib,
   config,
-  namespace,
   inputs,
   ...
 }: let

modules/nixos/desktop/default.nix

@@ -1,7 +1,6 @@
 {
   lib,
   config,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkOption mkEnableOption mkMerge;

modules/nixos/desktop/gamescope/default.nix

@@ -1,7 +1,6 @@
 {
   lib,
   config,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption mkForce;

modules/nixos/desktop/gnome/default.nix

@@ -1,7 +1,6 @@
 {
   lib,
   config,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/nixos/desktop/plasma/default.nix

@@ -2,7 +2,6 @@
   pkgs,
   lib,
   config,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/nixos/editor/nano/default.nix

@@ -1,10 +1,14 @@
-{ config, options, lib, pkgs, namespace, ... }:
+{
-let
+  config,
+  options,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkEnableOption mkIf;
 
   cfg = config.sneeuwvlok.editor.nano;
-in
+in {
-{
   options.sneeuwvlok.editor.nano = {
     enable = mkEnableOption "nano";
   };

modules/nixos/editor/nvim/default.nix

@@ -1,14 +1,18 @@
-{ config, lib, pkgs, namespace, ... }:
+{
-let
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.editor.nvim;
-in
+in {
-{
   options.sneeuwvlok.editor.nvim = {
     enable = mkEnableOption "enable nvim via nvf on system level";
   };
 
-  config = mkIf cfg.enable {
+  config =
-  };
+    mkIf cfg.enable {
+    };
 }

modules/nixos/hardware/audio/default.nix

@@ -1,10 +1,13 @@
-{ pkgs, lib, namespace, config, ... }:
+{
-let
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.hardware.has.audio;
-in
+in {
-{
   options.sneeuwvlok.hardware.has.audio = mkEnableOption "Enable bluetooth";
 
   config = mkIf cfg {

modules/nixos/hardware/bluetooth/default.nix

@@ -1,10 +1,12 @@
-{ lib, namespace, config, ... }:
+{
-let
+  lib,
+  config,
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.hardware.has.bluetooth;
-in
+in {
-{
   options.sneeuwvlok.hardware.has.bluetooth = mkEnableOption "Enable bluetooth";
 
   config = mkIf cfg {
@@ -21,7 +23,7 @@ in
         "bluez5.enable-sbc-xq" = true;
         "bluez5.enable-msbc" = true;
         "bluez5.enable-hw-volume" = true;
-        "bluez5.roles" = [ "hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag" ];
+        "bluez5.roles" = ["hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag"];
       };
     };
   };

modules/nixos/hardware/gpu/amd/default.nix

@@ -1,7 +1,6 @@
 {
   pkgs,
   lib,
-  namespace,
   config,
   ...
 }: let

modules/nixos/hardware/gpu/nvidia.nix

@@ -1,14 +1,17 @@
-{ pkgs, lib, namespace, config, ... }:
+{
-let
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.hardware.has.gpu.nvidia;
-in
+in {
-{
   options.sneeuwvlok.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration";
 
   config = mkIf cfg {
-    services.xserver.videoDrivers = [ "nvidia" ];
+    services.xserver.videoDrivers = ["nvidia"];
 
     hardware = {
       graphics = {

modules/nixos/hardware/gpu/nvidia/default.nix

@@ -1,7 +1,6 @@
 {
   pkgs,
   lib,
-  namespace,
   config,
   ...
 }: let

modules/nixos/hardware/keyboard/voyager.nix

@@ -2,7 +2,6 @@
   lib,
   config,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/nixos/nix/default.nix

@@ -1,7 +1,6 @@
 {
   pkgs,
   lib,
-  namespace,
   config,
   ...
 }: let

modules/nixos/services/authentication/authelia/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/nixos/services/authentication/himmelblau/default.nix

@@ -1,7 +1,6 @@
 {
   lib,
   config,
-  namespace,
   ...
 }: let
   inherit (lib) mkEnableOption mkIf;

modules/nixos/services/authentication/zitadel/default.nix

@@ -1,7 +1,7 @@
-{ config, lib, pkgs, namespace, terranixLib, sneeuwvlokLib, ... }:
+{ config, lib, pkgs, self, ... }:
 let
   inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames;
-  inherit (sneeuwvlokLib.strings) toSnakeCase;
+  inherit ((import ../../../../../lib/strings { inherit lib;}).strings) toSnakeCase;
 
   cfg = config.sneeuwvlok.services.authentication.zitadel;
 
@@ -339,7 +339,7 @@ in
     config' = config;
 
     # this is a nix package, the generated json file to be exact
-    terraformConfiguration = terranixLib.terranixConfiguration {
+    terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration {
       system = pkgs.stdenv.hostPlatform.system;
 
       modules = [

modules/nixos/services/backup/borg/default.nix

@@ -1,10 +1,13 @@
-{ config, lib, pkgs, namespace, ... }:
+{
-let
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.services.backup.borg;
-in
+in {
-{
   options.sneeuwvlok.services.backup.borg = {
     enable = mkEnableOption "Borg Backup";
   };

modules/nixos/services/communication/matrix/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (builtins) toString toJSON;

modules/nixos/services/development/forgejo/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (builtins) toString;

modules/nixos/services/games/minecraft/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption mkOption;

modules/nixos/services/games/openrct.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/nixos/services/games/palworld/default.nix

@@ -1,7 +1,6 @@
 {
   config,
   lib,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/nixos/services/media/default.nix

@@ -1,7 +1,6 @@
 {
   pkgs,
   lib,
-  namespace,
   config,
   ...
 }: let

modules/nixos/services/media/glance/default.nix

@@ -1,7 +1,6 @@
 {
   config,
   lib,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/nixos/services/media/jellyfin/default.nix

@@ -2,7 +2,6 @@
   pkgs,
   config,
   lib,
-  namespace,
   inputs,
   ...
 }: let

modules/nixos/services/media/mydia/default.nix

@@ -1,7 +1,6 @@
 {
   config,
   lib,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/nixos/services/media/nextcloud/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption mkOption;

modules/nixos/services/media/nfs/default.nix

@@ -1,16 +1,18 @@
-{ config, lib, namespace, ... }:
+{
-let
+  config,
+  lib,
+  ...
+}: let
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.services.media.nfs;
-in
+in {
-{
   options.sneeuwvlok.services.media.nfs = {
     enable = mkEnableOption "Enable NFS";
   };
 
   config = mkIf cfg.enable {
-    networking.firewall.allowedTCPPorts = [ 2049 ];
+    networking.firewall.allowedTCPPorts = [2049];
 
     services.nfs.server = {
       enable = true;

modules/nixos/services/media/servarr/default.nix

@@ -2,8 +2,7 @@
   pkgs,
   config,
   lib,
-  namespace,
+  self,
-  terranixLib,
   ...
 }: let
   inherit (builtins) toString;
@@ -154,7 +153,7 @@ in {
           config' = config;
           lib' = lib;
 
-          terraformConfiguration = terranixLib.terranixConfiguration {
+          terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration {
             system = pkgs.stdenv.hostPlatform.system;
 
             modules = [

modules/nixos/services/networking/caddy/default.nix

@@ -2,7 +2,6 @@
   config,
   pkgs,
   lib,
-  namespace,
   ...
 }: let
   inherit (builtins) length;
@@ -12,7 +11,7 @@
   hasHosts = (cfg.hosts |> attrNames |> length) > 0;
   caddyPackage = pkgs.caddy.withPlugins {
     plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"];
-    hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs=";
+    hash = "sha256-pSXjLaZoRtKV3eFl2ySRSjl3yxi514G1Cb7pfrpxxtE=";
   };
 in {
   options.sneeuwvlok.services.networking.caddy = {

modules/nixos/services/networking/ssh/default.nix

@@ -1,7 +1,6 @@
 {
   config,
   lib,
-  namespace,
   ...
 }: let
   inherit (lib.modules) mkIf;

modules/nixos/services/networking/wireguard/default.nix

@@ -2,7 +2,6 @@
   config,
   pkgs,
   lib,
-  namespace,
   ...
 }: let
   inherit (builtins) length;
@@ -29,6 +28,7 @@ in {
           };
         };
       });
+      default = {};
     };
   };
 

modules/nixos/services/observability/grafana/default.nix

@@ -2,7 +2,6 @@
   pkgs,
   config,
   lib,
-  namespace,
   ...
 }: let
   inherit (lib.modules) mkIf;

modules/nixos/services/observability/loki/default.nix

@@ -2,7 +2,6 @@
   pkgs,
   config,
   lib,
-  namespace,
   ...
 }: let
   inherit (lib.modules) mkIf;

modules/nixos/services/observability/prometheus/default.nix

@@ -1,11 +1,14 @@
-{ pkgs, config, lib, namespace, ... }:
+{
-let
+  pkgs,
+  config,
+  lib,
+  ...
+}: let
   inherit (builtins) toString;
   inherit (lib) mkIf mkEnableOption;
 
   cfg = config.sneeuwvlok.services.observability.prometheus;
-in
+in {
-{
   options.sneeuwvlok.services.observability.prometheus = {
     enable = mkEnableOption "enable Prometheus";
   };
@@ -21,14 +24,14 @@ in
         {
           job_name = "prometheus";
           static_configs = [
-            { targets = [ "localhost:9002" ]; }
+            {targets = ["localhost:9002"];}
           ];
         }
 
         {
           job_name = "node";
           static_configs = [
-            { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }
+            {targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"];}
           ];
         }
       ];
@@ -37,12 +40,12 @@ in
         node = {
           enable = true;
           port = 9005;
-          enabledCollectors = [ "systemd" ];
+          enabledCollectors = ["systemd"];
           openFirewall = true;
         };
       };
     };
 
-    networking.firewall.allowedTCPPorts = [ 9002 ];
+    networking.firewall.allowedTCPPorts = [9002];
   };
 }

modules/nixos/services/observability/promtail/default.nix

@@ -2,7 +2,6 @@
   pkgs,
   config,
   lib,
-  namespace,
   ...
 }: let
   inherit (lib.modules) mkIf;

modules/nixos/services/observability/uptime-kuma/default.nix

@@ -2,7 +2,6 @@
   pkgs,
   config,
   lib,
-  namespace,
   ...
 }: let
   inherit (builtins) toString;

modules/nixos/services/persistance/postgesql/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/nixos/services/security/vaultwarden/default.nix

@@ -2,13 +2,12 @@
   pkgs,
   config,
   lib,
-  namespace,
+  self,
-  repoRoot,
-  sneeuwvlokLib,
   ...
 }: let
   inherit (builtins) toString;
   inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep;
+  inherit (import ../../../../../lib/strings {inherit lib;}) strings;
 
   cfg = config.sneeuwvlok.services.security.vaultwarden;
 
@@ -27,15 +26,22 @@
     };
   });
 
-  databaseProviderPostgresql = types.submodule ({...}: let
+  databaseProviderPostgresql = types.submodule ({...}: {
-    urlOptions = sneeuwvlokLib.options.mkUrlOptions {
+    options = {
-      host = {
+      type = mkOption {
+        type = types.enum ["postgresql"];
+      };
+
+      host = mkOption {
+        type = types.str;
+        example = "host.tld";
         description = ''
           Hostname of the postgresql server
         '';
       };
 
-      port = {
+      port = mkOption {
+        type = types.port;
         default = 5432;
         example = "5432";
         description = ''
@@ -44,38 +50,34 @@
       };
 
       protocol = mkOption {
+        type = types.str;
         default = "postgres";
         example = "postgres";
+        description = ''
+          Which protocol to use when creating a url string
+        '';
+      };
+
+      sslMode = mkOption {
+        type = types.enum ["verify-ca" "verify-full" "require" "prefer" "allow" "disabled"];
+        default = "verify-full";
+        example = "verify-ca";
+        description = ''
+          How to verify the server's ssl
+
+          | mode        | eavesdropping protection | MITM protection      | Statement                                                                                                                                   |
+          |-------------|--------------------------|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------|
+          | disable     | No                       | No                   | I don't care about security, and I don't want to pay the overhead of encryption.                                                            |
+          | allow       | Maybe                    | No                   | I don't care about security, but I will pay the overhead of encryption if the server insists on it.                                         |
+          | prefer      | Maybe                    | No                   | I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it.                                      |
+          | require     | Yes                      | No                   | I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want.   |
+          | verify-ca	  | Yes                      | Depends on CA policy | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust.                             |
+          | verify-full | Yes                      | Yes                  | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. |
+
+          [Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS)
+        '';
       };
     };
-  in {
-    options =
-      {
-        type = mkOption {
-          type = types.enum ["postgresql"];
-        };
-
-        sslMode = mkOption {
-          type = types.enum ["verify-ca" "verify-full" "require" "prefer" "allow" "disabled"];
-          default = "verify-full";
-          example = "verify-ca";
-          description = ''
-            How to verify the server's ssl
-
-            | mode        | eavesdropping protection | MITM protection      | Statement                                                                                                                                   |
-            |-------------|--------------------------|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------|
-            | disable     | No                       | No                   | I don't care about security, and I don't want to pay the overhead of encryption.                                                            |
-            | allow       | Maybe                    | No                   | I don't care about security, but I will pay the overhead of encryption if the server insists on it.                                         |
-            | prefer      | Maybe                    | No                   | I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it.                                      |
-            | require     | Yes                      | No                   | I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want.   |
-            | verify-ca	  | Yes                      | Depends on CA policy | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust.                             |
-            | verify-full | Yes                      | Yes                  | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. |
-
-            [Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS)
-          '';
-        };
-      }
-      // (urlOptions |> getAttrs ["protocol" "host" "port"]);
   });
 in {
   options.sneeuwvlok.services.security.vaultwarden = {
@@ -120,7 +122,7 @@ in {
         enable = true;
         dbBackend = "postgresql";
 
-        package = pkgs.callPackage (repoRoot + "/packages/vaultwarden/package.nix") {};
+        package = pkgs.vaultwarden-postgresql;
 
         config = {
           SIGNUPS_ALLOWED = false;
@@ -198,7 +200,7 @@ in {
                 else if type == "postgresql"
                 then {
                   inherit (db) type;
-                  url = sneeuwvlokLib.strings.toUrl {
+                  url = strings.toUrl {
                     inherit (db) protocol host port;
                     path = "vaultwarden";
                     query = {

modules/nixos/services/virtualisation/podman/default.nix

@@ -3,7 +3,6 @@
   options,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/nixos/shells/zsh/default.nix

@@ -3,7 +3,6 @@
   config,
   lib,
   pkgs,
-  namespace,
   ...
 }: let
   inherit (lib) mkIf mkEnableOption;

modules/nixos/system/networking/default.nix

@@ -1,10 +1,13 @@
-{ config, lib, pkgs, namespace, ... }: 
+{
-let
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkDefault;
 
   cfg = config.sneeuwvlok.system.networking;
-in 
+in {
-{
   options.sneeuwvlok.system.networking = {};
 
   config = {

modules/nixos/system/security/boot/default.nix

@@ -1,6 +1,5 @@
 {
   config,
-  namespace,
   inputs,
   ...
 }: let

modules/nixos/system/security/default.nix

@@ -1,7 +1,6 @@
 {...}: {
   flake.modules.nixos.sneeuwvlok.system.security = {
     config,
-    namespace,
     inputs,
     ...
   }: let

modules/nixos/system/security/sops/default.nix

@@ -1,8 +1,7 @@
 {
   pkgs,
   config,
-  namespace,
+  self,
-  repoRoot,
   ...
 }: let
   cfg = config.sneeuwvlok.system.security.sops;
@@ -14,7 +13,7 @@ in {
 
     sops = {
       defaultSopsFormat = "yaml";
-      defaultSopsFile = repoRoot + "/systems/${pkgs.stdenv.hostPlatform.system}/${config.networking.hostName}/secrets.yml";
+      defaultSopsFile = self + "/systems/${pkgs.stdenv.hostPlatform.system}/${config.networking.hostName}/secrets.yml";
 
       age = {
         # keyFile = "~/.config/sops/age/keys.txt";

modules/nixos/system/security/sudo/default.nix

@@ -1,8 +1,6 @@
-{ config, namespace, ... }:
+{config, ...}: let
-let
   cfg = config.sneeuwvlok.system.security.sudo;
-in
+in {
-{
   options.sneeuwvlok.system.security.sudo = {};
 
   config = {
@@ -11,7 +9,7 @@ in
         enable = false;
         execWheelOnly = true;
       };
-      
+
       sudo-rs = {
         enable = true;
         execWheelOnly = true;
@@ -19,4 +17,4 @@ in
       };
     };
   };
-}
+}