tree-wide: refactor

i went overboard on modules. this is much comfier

146 files changed, 1115 insertions, 1665 deletions

diff --git a/parts/dev.nix b/dev.nix
index 0ca95aa..cffde52 100644
--- a/parts/dev.nix
+++ b/dev.nix
@@ -20,7 +20,6 @@
         deadnix.enable = true;
         nil.enable = true;
         statix.enable = true;
-        stylua.enable = true;
       };
     };
 
@@ -33,8 +32,8 @@
             alejandra
             deadnix
             just
+            nil
             statix
-            stylua
           ]
           ++ lib.optional stdenv.isLinux inputs'.agenix.packages.agenix;
       };
diff --git a/flake.nix b/flake.nix
index e342cfb..6a53cb0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -136,6 +136,19 @@
 
   outputs = {parts, ...} @ inputs:
     parts.lib.mkFlake {inherit inputs;} {
-      imports = [./parts];
+      imports = [
+        ./modules
+        ./overlays
+        ./systems
+        ./users
+        ./dev.nix
+      ];
+
+      systems = [
+        "x86_64-linux"
+        "aarch64-linux"
+        "x86_64-darwin"
+        "aarch64-darwin"
+      ];
     };
 }
diff --git a/modules/darwin/base.nix b/modules/darwin/base.nix
new file mode 100644
index 0000000..b01bd12
--- /dev/null
+++ b/modules/darwin/base.nix
@@ -0,0 +1,17 @@
+{inputs, ...}: let
+  channelPath = i: "${inputs.${i}.outPath}";
+  mapInputs = fn: map fn (builtins.filter (n: n != "self") (builtins.attrNames inputs));
+in {
+  imports = [../shared];
+
+  nix.nixPath =
+    mapInputs (i: "${i}=${channelPath i}");
+
+  programs = {
+    bash.enable = true;
+    vim.enable = true;
+    zsh.enable = true;
+  };
+
+  services.nix-daemon.enable = true;
+}
diff --git a/modules/darwin/default.nix b/modules/darwin/default.nix
new file mode 100644
index 0000000..a685fab
--- /dev/null
+++ b/modules/darwin/default.nix
@@ -0,0 +1,6 @@
+{
+  flake.darwinModules = {
+    default = ./base.nix;
+    desktop = ./desktop.nix;
+  };
+}
diff --git a/modules/darwin/desktop.nix b/modules/darwin/desktop.nix
new file mode 100644
index 0000000..23664f9
--- /dev/null
+++ b/modules/darwin/desktop.nix
@@ -0,0 +1,30 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  fonts.fonts = with pkgs;
+    lib.mkDefault [
+      (nerdfonts.override {fonts = ["FiraCode"];})
+    ];
+
+  homebrew = {
+    enable = lib.mkDefault true;
+    caskArgs.require_sha = true;
+    onActivation = lib.mkDefault {
+      autoUpdate = true;
+      cleanup = "zap";
+      upgrade = true;
+    };
+
+    caskArgs = {
+      no_quarantine = true;
+    };
+
+    casks = [
+      "chromium"
+    ];
+  };
+
+  programs.gnupg.agent.enable = lib.mkDefault true;
+}
diff --git a/modules/default.nix b/modules/default.nix
new file mode 100644
index 0000000..c5f7ce9
--- /dev/null
+++ b/modules/default.nix
@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./nixos
+    ./darwin
+  ];
+}
diff --git a/modules/nixos/base.nix b/modules/nixos/base.nix
new file mode 100644
index 0000000..ca696dd
--- /dev/null
+++ b/modules/nixos/base.nix
@@ -0,0 +1,103 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit (lib) mkDefault;
+  channelPath = i: "/etc/nix/channels/${i}";
+
+  mapInputs = fn: map fn (builtins.filter (n: n != "self") (builtins.attrNames inputs));
+
+  # yes this is a bad way to detect which option should be used (or exists)
+  # but i'm lazy. please do not copy this
+  passwordFile =
+    if lib.versionAtLeast config.system.stateVersion "23.11"
+    then "hashedPasswordFile"
+    else "passwordFile";
+in {
+  imports = [
+    ../shared
+  ];
+
+  environment.systemPackages = with pkgs; [man-pages man-pages-posix];
+
+  documentation.man = {
+    generateCaches = mkDefault true;
+    man-db.enable = mkDefault true;
+  };
+
+  i18n = {
+    supportedLocales = [
+      "en_US.UTF-8/UTF-8"
+    ];
+
+    defaultLocale = "en_US.UTF-8";
+  };
+
+  networking.networkmanager = {
+    enable = mkDefault true;
+    dns = mkDefault "systemd-resolved";
+  };
+
+  nix = {
+    nixPath = mapInputs (i: "${i}=${channelPath i}");
+    gc.dates = mkDefault "weekly";
+    settings.trusted-users = ["root" "@wheel"];
+  };
+
+  programs = {
+    git.enable = mkDefault true;
+    vim.defaultEditor = mkDefault true;
+  };
+
+  security = {
+    apparmor.enable = mkDefault true;
+    audit.enable = mkDefault true;
+    auditd.enable = mkDefault true;
+    polkit.enable = mkDefault true;
+    rtkit.enable = mkDefault true;
+    sudo.execWheelOnly = true;
+  };
+
+  services = {
+    dbus.apparmor = mkDefault "enabled";
+
+    resolved = {
+      enable = mkDefault true;
+      dnssec = mkDefault "allow-downgrade";
+      extraConfig = mkDefault ''
+        [Resolve]
+        DNS=1.1.1.1 1.0.0.1
+        DNSOverTLS=yes
+      '';
+    };
+
+    journald.extraConfig = ''
+      MaxRetentionSec=1w
+    '';
+  };
+
+  system.activationScripts."upgrade-diff" = {
+    supportsDryActivation = true;
+    text = ''
+      ${pkgs.nvd}/bin/nvd --nix-bin-dir=${config.nix.package}/bin diff /run/current-system "$systemConfig"
+    '';
+  };
+
+  systemd.tmpfiles.rules =
+    mapInputs (i: "L+ ${channelPath i}     - - - - ${inputs.${i}.outPath}");
+
+  users = {
+    defaultUserShell = pkgs.bash;
+    mutableUsers = false;
+
+    users.root = {
+      home = mkDefault "/root";
+      uid = mkDefault config.ids.uids.root;
+      group = mkDefault "root";
+      "${passwordFile}" = mkDefault config.age.secrets.rootPassword.path;
+    };
+  };
+}
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
new file mode 100644
index 0000000..f43e8ae
--- /dev/null
+++ b/modules/nixos/default.nix
@@ -0,0 +1,12 @@
+{
+  flake.nixosModules = {
+    default = ./base.nix;
+    desktop = ./desktop;
+    gnome = ./desktop/gnome;
+    plasma = ./desktop/plasma;
+    budgie = ./desktop/budgie;
+    server = ./server;
+    services = ./services;
+    hardware = ./hardware;
+  };
+}
diff --git a/modules/nixos/desktop/budgie/default.nix b/modules/nixos/desktop/budgie/default.nix
new file mode 100644
index 0000000..d29649b
--- /dev/null
+++ b/modules/nixos/desktop/budgie/default.nix
@@ -0,0 +1,44 @@
+{pkgs, ...}: {
+  services.xserver = {
+    displayManager.lightdm.greeters.slick = {
+      theme = {
+        name = "Materia-dark";
+        package = pkgs.materia-theme;
+      };
+      iconTheme = {
+        name = "Papirus-Dark";
+        package = pkgs.papirus-icon-theme;
+      };
+      cursorTheme = {
+        name = "Breeze-gtk";
+        package = pkgs.libsForQt5.breeze-gtk;
+      };
+    };
+
+    desktopManager.budgie = {
+      enable = true;
+      extraGSettingsOverrides = ''
+        [org.gnome.desktop.interface:Budgie]
+        gtk-theme="Materia-dark"
+        icon-theme="Papirus-Dark"
+        cursor-theme="Breeze-gtk"
+        font-name="Noto Sans 10"
+        document-font-name="Noto Sans 10"
+        monospace-font-name="Fira Code 10"
+        enable-hot-corners=true
+      '';
+    };
+  };
+
+  environment.budgie.excludePackages = with pkgs; [
+    qogir-theme
+    qogir-icon-theme
+  ];
+
+  environment.systemPackages = with pkgs; [
+    alacritty
+    breeze-gtk
+    materia-theme
+    papirus-icon-theme
+  ];
+}
diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix
new file mode 100644
index 0000000..a40d94e
--- /dev/null
+++ b/modules/nixos/desktop/default.nix
@@ -0,0 +1,56 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  environment = {
+    noXlibs = lib.mkForce false;
+    systemPackages = with pkgs; [wl-clipboard xclip];
+  };
+
+  fonts = {
+    enableDefaultPackages = lib.mkDefault true;
+
+    packages = lib.mkDefault (with pkgs; [
+      corefonts
+      fira-code
+      (nerdfonts.override {fonts = ["FiraCode"];})
+      noto-fonts
+      noto-fonts-extra
+      noto-fonts-emoji
+      noto-fonts-cjk-sans
+    ]);
+
+    fontconfig = {
+      enable = lib.mkDefault true;
+      defaultFonts = lib.mkDefault {
+        serif = ["Noto Serif"];
+        sansSerif = ["Noto Sans"];
+        emoji = ["Noto Color Emoji"];
+        monospace = ["Fira Code"];
+      };
+    };
+  };
+
+  hardware.pulseaudio.enable = false;
+
+  programs = {
+    dconf.enable = lib.mkDefault true;
+    firefox.enable = lib.mkDefault true;
+    xwayland.enable = lib.mkDefault true;
+  };
+
+  services = {
+    pipewire = lib.mkDefault {
+      enable = true;
+      wireplumber.enable = true;
+      alsa.enable = true;
+      jack.enable = true;
+      pulse.enable = true;
+    };
+
+    xserver.enable = lib.mkDefault true;
+  };
+
+  xdg.portal.enable = lib.mkDefault true;
+}
diff --git a/modules/nixos/desktop/gnome/default.nix b/modules/nixos/desktop/gnome/default.nix
new file mode 100644
index 0000000..7e2c07e
--- /dev/null
+++ b/modules/nixos/desktop/gnome/default.nix
@@ -0,0 +1,29 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  environment = {
+    gnome.excludePackages = with pkgs; [
+      gnome-tour
+    ];
+
+    sessionVariables = {
+      NIXOS_OZONE_WL = "1";
+    };
+
+    systemPackages = with pkgs; [
+      adw-gtk3
+      blackbox-terminal
+    ];
+  };
+
+  services.xserver = {
+    displayManager.gdm = {
+      enable = true;
+      wayland = lib.mkForce true;
+    };
+
+    desktopManager.gnome.enable = true;
+  };
+}
diff --git a/modules/nixos/desktop/plasma/default.nix b/modules/nixos/desktop/plasma/default.nix
new file mode 100644
index 0000000..d580e3f
--- /dev/null
+++ b/modules/nixos/desktop/plasma/default.nix
@@ -0,0 +1,17 @@
+{pkgs, ...}: {
+  environment = {
+    plasma5.excludePackages = with pkgs.libsForQt5; [
+      khelpcenter
+      plasma-browser-integration
+      print-manager
+    ];
+  };
+
+  services.xserver = {
+    displayManager.sddm.enable = true;
+    desktopManager.plasma5 = {
+      enable = true;
+      useQtScaling = true;
+    };
+  };
+}
diff --git a/parts/modules/nixos/features/tailscale.nix b/modules/nixos/features/tailscale.nix
index 5a00110..cbbe2e5 100644
--- a/parts/modules/nixos/features/tailscale.nix
+++ b/modules/nixos/features/tailscale.nix
@@ -2,11 +2,12 @@
   config,
   lib,
   pkgs,
-  self,
   ...
 }: let
   cfg = config.features.tailscale;
   inherit (lib) mkDefault mkEnableOption mkIf optionalAttrs;
+
+  baseDir = ../../../secrets/systems/${config.networking.hostName};
 in {
   options.features.tailscale = {
     enable = mkEnableOption "enable support for tailscale";
@@ -14,12 +15,9 @@ in {
   };
 
   config = mkIf cfg.enable {
-    age.secrets = let
-      baseDir = "${self}/parts/secrets/systems/${config.networking.hostName}";
-    in
-      mkIf cfg.ssh.enable {
-        tailscaleAuthKey.file = "${baseDir}/tailscaleAuthKey.age";
-      };
+    age.secrets = mkIf cfg.ssh.enable {
+      tailscaleAuthKey.file = "${baseDir}/tailscaleAuthKey.age";
+    };
 
     networking.firewall =
       {
@@ -45,20 +43,18 @@ in {
 
         serviceConfig.Type = "oneshot";
 
-        script = let
-          inherit (pkgs) tailscale jq;
-        in ''
+        script = ''
           # wait for tailscaled to settle
           sleep 2
 
           # check if we are already authenticated to tailscale
-          status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
+          status="$(${lib.getExe pkgs.tailscale} status -json | ${lib.getExe pkgs.jq}/bin/jq -r .BackendState)"
           if [ $status = "Running" ]; then # if so, then do nothing
             exit 0
           fi
 
           # otherwise authenticate with tailscale
-          ${tailscale}/bin/tailscale up --ssh \
+          ${lib.getExe pkgs.tailscale}/bin/tailscale up --ssh \
             --auth-key "file:${config.age.secrets.tailscaleAuthKey.path}"
         '';
       };
diff --git a/parts/modules/nixos/features/virtualisation.nix b/modules/nixos/features/virtualisation.nix
index 206a98e..206a98e 100644
--- a/parts/modules/nixos/features/virtualisation.nix
+++ b/modules/nixos/features/virtualisation.nix
diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix
new file mode 100644
index 0000000..b939953
--- /dev/null
+++ b/modules/nixos/hardware/default.nix
@@ -0,0 +1,8 @@
+{lib, ...}: {
+  imports = [
+    ./ssd.nix
+    ./nvidia.nix
+  ];
+
+  hardware.enableAllFirmware = lib.mkDefault true;
+}
diff --git a/parts/modules/nixos/hardware/nvidia.nix b/modules/nixos/hardware/nvidia.nix
index dd371f2..1b42fef 100644
--- a/parts/modules/nixos/hardware/nvidia.nix
+++ b/modules/nixos/hardware/nvidia.nix
@@ -16,8 +16,6 @@ in {
     };
 
     hardware = {
-      enable = true;
-
       nvidia = {
         package = config.boot.kernelPackages.nvidiaPackages.stable;
         modesetting.enable = true;
diff --git a/parts/modules/nixos/hardware/ssd.nix b/modules/nixos/hardware/ssd.nix
index 2995d93..7279a12 100644
--- a/parts/modules/nixos/hardware/ssd.nix
+++ b/modules/nixos/hardware/ssd.nix
@@ -9,7 +9,6 @@ in {
   options.hardware.ssd.enable = mkEnableOption "ssd settings";
 
   config = mkIf cfg.enable {
-    hardware.enable = true;
     services.fstrim.enable = true;
   };
 }
diff --git a/modules/nixos/server/acme.nix b/modules/nixos/server/acme.nix
new file mode 100644
index 0000000..48746c2
--- /dev/null
+++ b/modules/nixos/server/acme.nix
@@ -0,0 +1,14 @@
+{config, ...}: {
+  age.secrets = {
+    cloudflareApiKey.file = ../../../secrets/systems/${config.networking.hostName}/cloudflareApiKey.age;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "[email protected]";
+      dnsProvider = "cloudflare";
+      credentialsFile = config.age.secrets.cloudflareApiKey.path;
+    };
+  };
+}
diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix
new file mode 100644
index 0000000..1f759ec
--- /dev/null
+++ b/modules/nixos/server/default.nix
@@ -0,0 +1,39 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: {
+  imports = [
+    ./acme.nix
+    ./secrets.nix
+  ];
+
+  _module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system};
+
+  documentation = {
+    enable = false;
+
+    man = {
+      enable = false;
+      man-db.enable = false;
+    };
+
+    nixos.enable = false;
+    dev.enable = false;
+  };
+
+  environment.defaultPackages = lib.mkForce [];
+
+  nix = {
+    gc = {
+      dates = "*-*-1,5,9,13,17,21,25,29 00:00:00";
+      options = "-d --delete-older-than 2d";
+    };
+
+    settings.allowed-users = [config.networking.hostName];
+  };
+
+  security.pam.enableSSHAgentAuth = true;
+}
diff --git a/modules/nixos/server/secrets.nix b/modules/nixos/server/secrets.nix
new file mode 100644
index 0000000..e435690
--- /dev/null
+++ b/modules/nixos/server/secrets.nix
@@ -0,0 +1,12 @@
+{config, ...}: {
+  age = let
+    baseDir = ../../../secrets/systems/${config.networking.hostName};
+  in {
+    identityPaths = ["/etc/age/key"];
+
+    secrets = {
+      rootPassword.file = "${baseDir}/rootPassword.age";
+      userPassword.file = "${baseDir}/userPassword.age";
+    };
+  };
+}
diff --git a/parts/modules/nixos/server/services/cloudflared.nix b/modules/nixos/services/cloudflared.nix
index 2bf7907..a144266 100644
--- a/parts/modules/nixos/server/services/cloudflared.nix
+++ b/modules/nixos/services/cloudflared.nix
@@ -1,7 +1,6 @@
 {
   config,
   lib,
-  self,
   ...
 }: let
   cfg = config.server.services.cloudflared;
@@ -13,7 +12,7 @@ in {
 
   config = mkIf cfg.enable {
     age.secrets.cloudflaredCreds = {
-      file = "${self}/parts/secrets/systems/${config.networking.hostName}/cloudflaredCreds.age";
+      file = ../../../secrets/systems/${config.networking.hostName}/cloudflaredCreds.age;
       mode = "400";
       owner = "cloudflared";
       group = "cloudflared";
diff --git a/parts/modules/nixos/server/services/default.nix b/modules/nixos/services/default.nix
index 23f2542..3423b79 100644
--- a/parts/modules/nixos/server/services/default.nix
+++ b/modules/nixos/services/default.nix
@@ -1,4 +1,4 @@
-_: {
+{
   imports = [
     ./cloudflared.nix
     ./hercules.nix
diff --git a/parts/modules/nixos/server/services/hercules.nix b/modules/nixos/services/hercules.nix
index b11a133..fc3c92d 100644
--- a/parts/modules/nixos/server/services/hercules.nix
+++ b/modules/nixos/services/hercules.nix
@@ -1,12 +1,18 @@
 {
   config,
   lib,
-  self,
   unstable,
   ...
 }: let
   cfg = config.server.services.hercules-ci;
   inherit (lib) mkEnableOption mkIf;
+
+  baseDir = ../../../secrets/systems/${config.networking.hostName};
+  hercArgs = {
+    mode = "400";
+    owner = "hercules-ci-agent";
+    group = "hercules-ci-agent";
+  };
 in {
   options.server.services.hercules-ci = {
     enable = mkEnableOption "enable hercules-ci";
@@ -14,33 +20,25 @@ in {
   };
 
   config = mkIf cfg.enable {
-    age.secrets = let
-      baseDir = "${self}/parts/secrets/systems/${config.networking.hostName}";
-      hercArgs = {
-        mode = "400";
-        owner = "hercules-ci-agent";
-        group = "hercules-ci-agent";
-      };
-    in
-      mkIf cfg.secrets.enable {
-        binaryCache =
-          {
-            file = "${baseDir}/binaryCache.age";
-          }
-          // hercArgs;
+    age.secrets = mkIf cfg.secrets.enable {
+      binaryCache =
+        {
+          file = "${baseDir}/binaryCache.age";
+        }
+        // hercArgs;
 
-        clusterToken =
-          {
-            file = "${baseDir}/clusterToken.age";
-          }
-          // hercArgs;
+      clusterToken =
+        {
+          file = "${baseDir}/clusterToken.age";
+        }
+        // hercArgs;
 
-        secretsJson =
-          {
-            file = "${baseDir}/secretsJson.age";
-          }
-          // hercArgs;
-      };
+      secretsJson =
+        {
+          file = "${baseDir}/secretsJson.age";
+        }
+        // hercArgs;
+    };
 
     services = {
       hercules-ci-agent = {
diff --git a/parts/modules/nixos/server/services/promtail.nix b/modules/nixos/services/promtail.nix
index 63faf15..63faf15 100644
--- a/parts/modules/nixos/server/services/promtail.nix
+++ b/modules/nixos/services/promtail.nix
diff --git a/modules/shared/default.nix b/modules/shared/default.nix
new file mode 100644
index 0000000..f251bb2
--- /dev/null
+++ b/modules/shared/default.nix
@@ -0,0 +1,8 @@
+{lib, ...}: {
+  imports = [./nix.nix];
+
+  documentation.man.enable = lib.mkDefault true;
+  time.timeZone = lib.mkDefault "America/New_York";
+
+  programs.gnupg.agent.enable = lib.mkDefault true;
+}
diff --git a/modules/shared/nix.nix b/modules/shared/nix.nix
new file mode 100644
index 0000000..2c0aedd
--- /dev/null
+++ b/modules/shared/nix.nix
@@ -0,0 +1,33 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: {
+  nix = {
+    registry =
+      {
+        n.flake = lib.mkDefault inputs.nixpkgs;
+      }
+      // (builtins.mapAttrs (_: flake: {inherit flake;})
+        (lib.filterAttrs (n: _: n != "nixpkgs") inputs));
+
+    settings = {
+      auto-optimise-store = pkgs.stdenv.isLinux;
+      experimental-features = lib.mkDefault ["nix-command" "flakes" "auto-allocate-uids" "repl-flake"];
+
+      trusted-substituters = lib.mkDefault ["https://cache.garnix.io"];
+      trusted-public-keys = lib.mkDefault ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="];
+    };
+
+    gc = {
+      automatic = lib.mkDefault true;
+      options = lib.mkDefault "--delete-older-than 7d";
+    };
+  };
+
+  nixpkgs = {
+    overlays = with inputs; [nur.overlay getchoo.overlays.default self.overlays.default];
+    config.allowUnfree = lib.mkDefault true;
+  };
+}
diff --git a/parts/overlays/btop.nix b/overlays/btop.nix
index b2a5b24..b2a5b24 100644
--- a/parts/overlays/btop.nix
+++ b/overlays/btop.nix
diff --git a/parts/overlays/default.nix b/overlays/default.nix
index 66869c4..66869c4 100644
--- a/parts/overlays/default.nix
+++ b/overlays/default.nix
diff --git a/parts/overlays/discord.nix b/overlays/discord.nix
index dfb0cae..dfb0cae 100644
--- a/parts/overlays/discord.nix
+++ b/overlays/discord.nix
diff --git a/parts/overlays/fish.nix b/overlays/fish.nix
index 4e7fffc..4e7fffc 100644
--- a/parts/overlays/fish.nix
+++ b/overlays/fish.nix
diff --git a/parts/default.nix b/parts/default.nix
deleted file mode 100644
index ac7bc08..0000000
--- a/parts/default.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{
-  imports = [
-    ./lib
-    ./modules
-    ./overlays
-    ./systems
-    ./users
-    ./dev.nix
-  ];
-
-  systems = [
-    "x86_64-linux"
-    "aarch64-linux"
-    "x86_64-darwin"
-    "aarch64-darwin"
-  ];
-}
diff --git a/parts/lib/configs.nix b/parts/lib/configs.nix
deleted file mode 100644
index 5392d9b..0000000
--- a/parts/lib/configs.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{inputs, ...}: let
-  inherit (builtins) mapAttrs;
-  inherit (inputs) nixpkgs hm;
-
-  mkSystemCfg = name: {
-    profile,
-    modules ? profile.modules,
-    system ? profile.system,
-    specialArgs ? profile.specialArgs,
-  }:
-    profile.builder {
-      inherit specialArgs system;
-      modules =
-        [../systems/${name}]
-        ++ (
-          if modules == profile.modules
-          then modules
-          else modules ++ profile.modules
-        );
-    };
-
-  mkHMCfg = name: {
-    pkgs ? nixpkgs.legacyPackages."x86_64-linux",
-    extraSpecialArgs ? {inherit inputs;},
-    modules ? [],
-  }:
-    hm.lib.homeManagerConfiguration {
-      inherit extraSpecialArgs pkgs;
-
-      modules =
-        [
-          ../users/${name}/home.nix
-
-          {
-            _module.args.osConfig = {};
-            programs.home-manager.enable = true;
-          }
-        ]
-        ++ modules;
-    };
-in {
-  mapSystems = mapAttrs mkSystemCfg;
-  mapHMUsers = mapAttrs mkHMCfg;
-}
diff --git a/parts/lib/default.nix b/parts/lib/default.nix
deleted file mode 100644
index c499eec..0000000
--- a/parts/lib/default.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-args: {
-  flake.lib = {
-    configs = import ./configs.nix args;
-    utils = {
-      nginx = import ./utils/nginx.nix args;
-    };
-  };
-}
diff --git a/parts/lib/utils/nginx.nix b/parts/lib/utils/nginx.nix
deleted file mode 100644
index 57be4fb..0000000
--- a/parts/lib/utils/nginx.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{lib, ...}: let
-  inherit (builtins) mapAttrs;
-  inherit (lib) recursiveUpdate;
-in {
-  mkProxy = endpoint: port: {
-    "${endpoint}" = {
-      proxyPass = "http://localhost:${toString port}";
-      proxyWebsockets = true;
-    };
-  };
-
-  mkVHosts = let
-    commonSettings = {
-      enableACME = true;
-      # workaround for https://github.com/NixOS/nixpkgs/issues/210807
-      acmeRoot = null;
-
-      addSSL = true;
-    };
-  in
-    mapAttrs (_: recursiveUpdate commonSettings);
-}
diff --git a/parts/modules/darwin/base/default.nix b/parts/modules/darwin/base/default.nix
deleted file mode 100644
index 42c0335..0000000
--- a/parts/modules/darwin/base/default.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.base;
-  inherit (lib) mkDefault mkEnableOption mkIf;
-in {
-  options.base.enable = mkEnableOption "base darwin module";
-
-  imports = [
-    ../../shared
-    ./nix.nix
-    ./packages.nix
-  ];
-
-  config = mkIf cfg.enable {
-    base = {
-      defaultPackages.enable = mkDefault true;
-      defaultLocale.enable = mkDefault true;
-      documentation.enable = mkDefault true;
-      nix-settings.enable = mkDefault true;
-    };
-
-    programs = {
-      bash.enable = true;
-      zsh.enable = true;
-    };
-
-    services.nix-daemon.enable = true;
-  };
-}
diff --git a/parts/modules/darwin/base/nix.nix b/parts/modules/darwin/base/nix.nix
deleted file mode 100644
index c853650..0000000
--- a/parts/modules/darwin/base/nix.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-  config,
-  lib,
-  inputs,
-  ...
-}: let
-  inherit (builtins) attrNames map;
-  inherit (lib) mkIf;
-  cfg = config.base.nix-settings;
-
-  channelPath = i: "${inputs.${i}.outPath}";
-
-  mapInputs = fn: map fn (attrNames inputs);
-in {
-  config = mkIf cfg.enable {
-    nix.nixPath = mapInputs (i: "${i}=${channelPath i}");
-  };
-}
diff --git a/parts/modules/darwin/base/packages.nix b/parts/modules/darwin/base/packages.nix
deleted file mode 100644
index 97fb77c..0000000
--- a/parts/modules/darwin/base/packages.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.base.defaultPackages;
-  inherit (lib) mkIf;
-in {
-  config = mkIf cfg.enable {
-    programs.vim.enable = true;
-  };
-}
diff --git a/parts/modules/darwin/default.nix b/parts/modules/darwin/default.nix
deleted file mode 100644
index ed9c7e1..0000000
--- a/parts/modules/darwin/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-_: {
-  imports = [
-    ./base
-    ./desktop
-  ];
-}
diff --git a/parts/modules/darwin/desktop/default.nix b/parts/modules/darwin/desktop/default.nix
deleted file mode 100644
index 1f71642..0000000
--- a/parts/modules/darwin/desktop/default.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  cfg = config.desktop;
-  inherit (lib) mkDefault mkEnableOption mkIf;
-in {
-  options.desktop = {
-    enable = mkEnableOption "enable desktop darwin support";
-    gpg.enable = mkEnableOption "enable gpg";
-  };
-
-  imports = [
-    ./homebrew.nix
-  ];
-
-  config = mkIf cfg.enable {
-    fonts.fonts = with pkgs;
-      mkDefault [
-        (nerdfonts.override {fonts = ["FiraCode"];})
-      ];
-
-    programs.gnupg.agent.enable = cfg.gpg.enable;
-  };
-}
diff --git a/parts/modules/darwin/desktop/homebrew.nix b/parts/modules/darwin/desktop/homebrew.nix
deleted file mode 100644
index a5f705e..0000000
--- a/parts/modules/darwin/desktop/homebrew.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.desktop.homebrew;
-  inherit (lib) mkDefault mkEnableOption mkIf;
-in {
-  options.desktop.homebrew.enable = mkEnableOption "enable homebrew support";
-
-  config = mkIf cfg.enable {
-    homebrew = {
-      enable = mkDefault true;
-      caskArgs.require_sha = true;
-      onActivation = mkDefault {
-        autoUpdate = true;
-        cleanup = "uninstall";
-        upgrade = true;
-      };
-
-      casks = let
-        # thanks @nekowinston :p
-        skipSha = name: {
-          inherit name;
-          args = {require_sha = false;};
-        };
-        noQuarantine = name: {
-          inherit name;
-          args = {no_quarantine = true;};
-        };
-      in [
-        (lib.recursiveUpdate (noQuarantine "chromium") (skipSha "chromium"))
-      ];
-    };
-  };
-}
diff --git a/parts/modules/default.nix b/parts/modules/default.nix
deleted file mode 100644
index 4b3dddb..0000000
--- a/parts/modules/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  flake = {
-    nixosModules.default = import ../modules/nixos;
-    darwinModules.default = import ../modules/darwin;
-  };
-}
diff --git a/parts/modules/nixos/base/default.nix b/parts/modules/nixos/base/default.nix
deleted file mode 100644
index ed0fb23..0000000
--- a/parts/modules/nixos/base/default.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.base;
-  inherit (lib) mkDefault mkEnableOption mkIf;
-in {
-  options.base.enable = mkEnableOption "base nixos module";
-
-  imports = [
-    ../../shared
-    ./documentation.nix
-    ./locale.nix
-    ./network.nix
-    ./nix.nix
-    ./packages.nix
-    ./root.nix
-    ./security.nix
-    ./systemd.nix
-    ./upgrade-diff.nix
-  ];
-
-  config = mkIf cfg.enable {
-    base = {
-      defaultPackages.enable = mkDefault true;
-      defaultLocale.enable = mkDefault true;
-      defaultRoot.enable = mkDefault true;
-      documentation.enable = mkDefault true;
-      networking.enable = mkDefault true;
-      nix-settings.enable = mkDefault true;
-    };
-  };
-}
diff --git a/parts/modules/nixos/base/documentation.nix b/parts/modules/nixos/base/documentation.nix
deleted file mode 100644
index 68a194f..0000000
--- a/parts/modules/nixos/base/documentation.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  cfg = config.base.documentation;
-  inherit (lib) mkIf;
-in {
-  config = mkIf cfg.enable {
-    environment.systemPackages = with pkgs; [man-pages man-pages-posix];
-    documentation = {
-      man = {
-        generateCaches = true;
-        man-db.enable = true;
-      };
-
-      dev.enable = true;
-    };
-  };
-}
diff --git a/parts/modules/nixos/base/locale.nix b/parts/modules/nixos/base/locale.nix
deleted file mode 100644
index 7259ef2..0000000
--- a/parts/modules/nixos/base/locale.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.base.defaultLocale;
-  inherit (lib) mkIf;
-in {
-  config = mkIf cfg.enable {
-    i18n = {
-      supportedLocales = [
-        "en_US.UTF-8/UTF-8"
-      ];
-
-      defaultLocale = "en_US.UTF-8";
-    };
-  };
-}
diff --git a/parts/modules/nixos/base/network.nix b/parts/modules/nixos/base/network.nix
deleted file mode 100644
index 5bc90d1..0000000
--- a/parts/modules/nixos/base/network.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.base.networking;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.base.networking.enable = mkEnableOption "networking";
-
-  config = mkIf cfg.enable {
-    networking.networkmanager = {
-      enable = true;
-      dns = "systemd-resolved";
-    };
-    services.resolved = {
-      enable = lib.mkDefault true;
-      dnssec = "allow-downgrade";
-      extraConfig = ''
-        [Resolve]
-        DNS=1.1.1.1 1.0.0.1
-        DNSOverTLS=yes
-      '';
-    };
-  };
-}
diff --git a/parts/modules/nixos/base/nix.nix b/parts/modules/nixos/base/nix.nix
deleted file mode 100644
index 3dcac11..0000000
--- a/parts/modules/nixos/base/nix.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{
-  config,
-  lib,
-  inputs,
-  ...
-}: let
-  inherit (builtins) attrNames map;
-  inherit (lib) mkDefault mkIf;
-  cfg = config.base.nix-settings;
-
-  channelPath = i: "/etc/nix/channels/${i}";
-
-  mapInputs = fn: map fn (attrNames inputs);
-in {
-  config = mkIf cfg.enable {
-    nix = {
-      nixPath = mapInputs (i: "${i}=${channelPath i}");
-      gc.dates = mkDefault "weekly";
-    };
-
-    systemd.tmpfiles.rules =
-      mapInputs (i: "L+ ${channelPath i}     - - - - ${inputs.${i}.outPath}");
-  };
-}
diff --git a/parts/modules/nixos/base/packages.nix b/parts/modules/nixos/base/packages.nix
deleted file mode 100644
index 7390a40..0000000
--- a/parts/modules/nixos/base/packages.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.base.defaultPackages;
-  inherit (lib) mkIf;
-in {
-  config = mkIf cfg.enable {
-    programs = {
-      git.enable = true;
-      vim.defaultEditor = true;
-    };
-  };
-}
diff --git a/parts/modules/nixos/base/root.nix b/parts/modules/nixos/base/root.nix
deleted file mode 100644
index ecc5203..0000000
--- a/parts/modules/nixos/base/root.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.base.defaultRoot;
-  inherit (lib) mkDefault mkEnableOption mkIf;
-
-  # yes this is a bad way to detect which option should be used (or exists)
-  # but i'm lazy. please do not copy this
-  passwordFile =
-    if lib.versionAtLeast config.system.stateVersion "23.11"
-    then "hashedPasswordFile"
-    else "passwordFile";
-in {
-  options.base.defaultRoot.enable = mkEnableOption "default root user";
-
-  config = mkIf cfg.enable {
-    users.users.root = {
-      home = mkDefault "/root";
-      uid = mkDefault config.ids.uids.root;
-      group = mkDefault "root";
-      "${passwordFile}" = mkDefault config.age.secrets.rootPassword.path;
-    };
-  };
-}
diff --git a/parts/modules/nixos/base/security.nix b/parts/modules/nixos/base/security.nix
deleted file mode 100644
index e13d1c7..0000000
--- a/parts/modules/nixos/base/security.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-  lib,
-  pkgs,
-  ...
-}: let
-  inherit (lib) mkDefault;
-in {
-  security = {
-    apparmor.enable = mkDefault true;
-    audit.enable = mkDefault true;
-    auditd.enable = mkDefault true;
-    polkit.enable = mkDefault true;
-    rtkit.enable = mkDefault true;
-    sudo.execWheelOnly = true;
-  };
-
-  services.dbus.apparmor = mkDefault "enabled";
-
-  users = {
-    defaultUserShell = pkgs.bash;
-    mutableUsers = false;
-  };
-
-  nix.settings = {
-    trusted-users = ["root" "@wheel"];
-  };
-}
diff --git a/parts/modules/nixos/base/systemd.nix b/parts/modules/nixos/base/systemd.nix
deleted file mode 100644
index 2888c0b..0000000
--- a/parts/modules/nixos/base/systemd.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-_: {
-  services = {
-    journald.extraConfig = ''
-      MaxRetentionSec=1w
-    '';
-  };
-}
diff --git a/parts/modules/nixos/base/upgrade-diff.nix b/parts/modules/nixos/base/upgrade-diff.nix
deleted file mode 100644
index 68be9af..0000000
--- a/parts/modules/nixos/base/upgrade-diff.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
-  system.activationScripts."upgrade-diff" = {
-    supportsDryActivation = true;
-    text = ''
-      ${pkgs.nvd}/bin/nvd --nix-bin-dir=${config.nix.package}/bin diff /run/current-system "$systemConfig"
-    '';
-  };
-}
diff --git a/parts/modules/nixos/default.nix b/parts/modules/nixos/default.nix
deleted file mode 100644
index 3ae2f08..0000000
--- a/parts/modules/nixos/default.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-_: {
-  imports = [
-    ./base
-    ./desktop
-    ./hardware
-  ];
-}
diff --git a/parts/modules/nixos/desktop/audio.nix b/parts/modules/nixos/desktop/audio.nix
deleted file mode 100644
index c601563..0000000
--- a/parts/modules/nixos/desktop/audio.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.desktop.audio;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.desktop.audio.enable = mkEnableOption "audio support";
-
-  config = mkIf cfg.enable {
-    services = {
-      pipewire = {
-        enable = true;
-        wireplumber.enable = true;
-        alsa.enable = true;
-        jack.enable = true;
-        pulse.enable = true;
-      };
-    };
-    hardware.pulseaudio.enable = false;
-  };
-}
diff --git a/parts/modules/nixos/desktop/budgie/default.nix b/parts/modules/nixos/desktop/budgie/default.nix
deleted file mode 100644
index 4605eb1..0000000
--- a/parts/modules/nixos/desktop/budgie/default.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
-  cfg = config.desktop.budgie;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.desktop.budgie.enable = mkEnableOption "enable budgie";
-
-  config = mkIf cfg.enable {
-    desktop.enable = true;
-
-    services.xserver = {
-      displayManager.lightdm.greeters.slick = {
-        theme = {
-          name = "Materia-dark";
-          package = pkgs.materia-theme;
-        };
-        iconTheme = {
-          name = "Papirus-Dark";
-          package = pkgs.papirus-icon-theme;
-        };
-        cursorTheme = {
-          name = "Breeze-gtk";
-          package = pkgs.libsForQt5.breeze-gtk;
-        };
-      };
-
-      desktopManager.budgie = {
-        enable = true;
-        extraGSettingsOverrides = ''
-          [org.gnome.desktop.interface:Budgie]
-          gtk-theme="Materia-dark"
-          icon-theme="Papirus-Dark"
-          cursor-theme="Breeze-gtk"
-          font-name="Noto Sans 10"
-          document-font-name="Noto Sans 10"
-          monospace-font-name="Fira Code 10"
-          enable-hot-corners=true
-        '';
-      };
-    };
-
-    environment.budgie.excludePackages = with pkgs; [
-      qogir-theme
-      qogir-icon-theme
-    ];
-
-    environment.systemPackages = with pkgs; [
-      alacritty
-      breeze-gtk
-      materia-theme
-      papirus-icon-theme
-    ];
-  };
-}
diff --git a/parts/modules/nixos/desktop/default.nix b/parts/modules/nixos/desktop/default.nix
deleted file mode 100644
index f0ab74c..0000000
--- a/parts/modules/nixos/desktop/default.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  cfg = config.desktop;
-  inherit (lib) mkDefault mkEnableOption mkIf;
-in {
-  imports = [
-    ./audio.nix
-    ./budgie
-    ./fonts.nix
-    ./gnome
-    ./plasma
-  ];
-
-  options.desktop.enable = mkEnableOption "desktop module";
-
-  config = mkIf cfg.enable {
-    base.enable = true;
-    desktop = {
-      audio.enable = mkDefault true;
-      fonts.enable = mkDefault true;
-    };
-
-    environment = {
-      noXlibs = lib.mkForce false;
-      systemPackages = with pkgs; [wl-clipboard xclip];
-    };
-
-    programs = {
-      dconf.enable = true;
-      firefox.enable = true;
-      xwayland.enable = true;
-    };
-
-    services.xserver.enable = true;
-    xdg.portal.enable = true;
-  };
-}
diff --git a/parts/modules/nixos/desktop/fonts.nix b/parts/modules/nixos/desktop/fonts.nix
deleted file mode 100644
index feedf07..0000000
--- a/parts/modules/nixos/desktop/fonts.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
-  cfg = config.desktop.fonts;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.desktop.fonts.enable = mkEnableOption "enable default fonts";
-
-  config = mkIf cfg.enable {
-    fonts = {
-      enableDefaultPackages = true;
-
-      packages = with pkgs; [
-        corefonts
-        fira-code
-        (nerdfonts.override {fonts = ["FiraCode"];})
-        noto-fonts
-        noto-fonts-extra
-        noto-fonts-emoji
-        noto-fonts-cjk-sans
-      ];
-
-      fontconfig = {
-        enable = true;
-        defaultFonts = {
-          serif = ["Noto Serif"];
-          sansSerif = ["Noto Sans"];
-          emoji = ["Noto Color Emoji"];
-          monospace = ["Fira Code"];
-        };
-      };
-    };
-  };
-}
diff --git a/parts/modules/nixos/desktop/gnome/default.nix b/parts/modules/nixos/desktop/gnome/default.nix
deleted file mode 100644
index bfe3d20..0000000
--- a/parts/modules/nixos/desktop/gnome/default.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
-  cfg = config.desktop.gnome;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.desktop.gnome.enable = mkEnableOption "enable gnome";
-
-  config = mkIf cfg.enable {
-    desktop.enable = true;
-
-    environment = {
-      gnome.excludePackages = with pkgs; [
-        gnome-tour
-      ];
-
-      sessionVariables = {
-        NIXOS_OZONE_WL = "1";
-      };
-
-      systemPackages = with pkgs; [
-        adw-gtk3
-        blackbox-terminal
-      ];
-    };
-
-    services.xserver = {
-      displayManager.gdm = {
-        enable = true;
-        wayland = lib.mkForce true;
-      };
-      desktopManager.gnome.enable = true;
-    };
-  };
-}
diff --git a/parts/modules/nixos/desktop/plasma/default.nix b/parts/modules/nixos/desktop/plasma/default.nix
deleted file mode 100644
index 2034802..0000000
--- a/parts/modules/nixos/desktop/plasma/default.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  cfg = config.desktop.plasma;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.desktop.plasma.enable = mkEnableOption "enable plasma";
-
-  config = mkIf cfg.enable {
-    desktop.enable = true;
-
-    environment = {
-      plasma5.excludePackages = with pkgs.libsForQt5; [
-        khelpcenter
-        plasma-browser-integration
-        print-manager
-      ];
-    };
-
-    services.xserver = {
-      displayManager.sddm.enable = true;
-      desktopManager.plasma5 = {
-        enable = true;
-        useQtScaling = true;
-      };
-    };
-  };
-}
diff --git a/parts/modules/nixos/hardware/default.nix b/parts/modules/nixos/hardware/default.nix
deleted file mode 100644
index 1217b5a..0000000
--- a/parts/modules/nixos/hardware/default.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.hardware;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.hardware.enable = mkEnableOption "hardware module";
-
-  imports = [
-    ./ssd.nix
-    ./nvidia.nix
-  ];
-
-  config = mkIf cfg.enable {
-    hardware.enableAllFirmware = true;
-  };
-}
diff --git a/parts/modules/nixos/server/acme.nix b/parts/modules/nixos/server/acme.nix
deleted file mode 100644
index 69e02ac..0000000
--- a/parts/modules/nixos/server/acme.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-  config,
-  lib,
-  self,
-  ...
-}: let
-  cfg = config.server.acme;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.server.acme = {
-    enable = mkEnableOption "acme";
-  };
-
-  config = mkIf cfg.enable {
-    age.secrets.cloudflareApiKey.file = "${self}/parts/secrets/systems/${config.networking.hostName}/cloudflareApiKey.age";
-
-    security.acme = {
-      acceptTerms = true;
-      defaults = {
-        email = "[email protected]";
-        dnsProvider = "cloudflare";
-        credentialsFile = config.age.secrets.cloudflareApiKey.path;
-      };
-    };
-  };
-}
diff --git a/parts/modules/nixos/server/default.nix b/parts/modules/nixos/server/default.nix
deleted file mode 100644
index acab4fc..0000000
--- a/parts/modules/nixos/server/default.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  inputs,
-  ...
-}: let
-  cfg = config.server;
-  inherit (lib) mkDefault mkEnableOption mkIf;
-in {
-  options.server.enable = mkEnableOption "enable server configuration";
-
-  imports = [
-    ./acme.nix
-    ./secrets.nix
-    ./services
-  ];
-
-  config = mkIf cfg.enable {
-    _module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system};
-
-    base = {
-      enable = true;
-      documentation.enable = false;
-      defaultPackages.enable = false;
-      networking.enable = false;
-    };
-
-    nix = {
-      gc = {
-        dates = "*-*-1,5,9,13,17,21,25,29 00:00:00";
-        options = "-d --delete-older-than 2d";
-      };
-
-      settings.allowed-users = [config.networking.hostName];
-    };
-
-    programs = {
-      git.enable = mkDefault true;
-      vim.defaultEditor = mkDefault true;
-    };
-
-    security = {
-      pam.enableSSHAgentAuth = mkDefault true;
-    };
-  };
-}
diff --git a/parts/modules/nixos/server/secrets.nix b/parts/modules/nixos/server/secrets.nix
deleted file mode 100644
index 2dc6083..0000000
--- a/parts/modules/nixos/server/secrets.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{
-  config,
-  lib,
-  self,
-  ...
-}: let
-  cfg = config.server.secrets;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.server.secrets = {
-    enable = mkEnableOption "enable secret management";
-  };
-
-  config.age = let
-    baseDir = "${self}/parts/secrets/systems/${config.networking.hostName}";
-  in
-    mkIf cfg.enable {
-      identityPaths = ["/etc/age/key"];
-
-      secrets = {
-        rootPassword.file = "${baseDir}/rootPassword.age";
-        userPassword.file = "${baseDir}/userPassword.age";
-      };
-    };
-}
diff --git a/parts/modules/shared/base/default.nix b/parts/modules/shared/base/default.nix
deleted file mode 100644
index e18de58..0000000
--- a/parts/modules/shared/base/default.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-_: {
-  imports = [
-    ./documentation.nix
-    ./locale.nix
-    ./nix.nix
-    ./packages.nix
-  ];
-}
diff --git a/parts/modules/shared/base/documentation.nix b/parts/modules/shared/base/documentation.nix
deleted file mode 100644
index ecc5813..0000000
--- a/parts/modules/shared/base/documentation.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.base.documentation;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.base.documentation.enable = mkEnableOption "base module documentation";
-
-  config = mkIf cfg.enable {
-    documentation.man.enable = true;
-  };
-}
diff --git a/parts/modules/shared/base/locale.nix b/parts/modules/shared/base/locale.nix
deleted file mode 100644
index ecae786..0000000
--- a/parts/modules/shared/base/locale.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.base.defaultLocale;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.base.defaultLocale.enable = mkEnableOption "default locale";
-
-  config = mkIf cfg.enable {
-    time.timeZone = "America/New_York";
-  };
-}
diff --git a/parts/modules/shared/base/nix.nix b/parts/modules/shared/base/nix.nix
deleted file mode 100644
index 2c95933..0000000
--- a/parts/modules/shared/base/nix.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{
-  config,
-  inputs,
-  lib,
-  pkgs,
-  ...
-}: let
-  cfg = config.base.nix-settings;
-  inherit (lib) mkDefault mkEnableOption mkIf;
-  inherit (pkgs.stdenv) isLinux;
-in {
-  options.base.nix-settings.enable = mkEnableOption "base nix settings";
-
-  config = mkIf cfg.enable {
-    nix = {
-      registry =
-        {
-          n.flake = mkDefault inputs.nixpkgs;
-        }
-        // (builtins.mapAttrs (_: flake: {inherit flake;})
-          (inputs.nixpkgs.lib.filterAttrs (n: _: n != "nixpkgs") inputs));
-
-      settings = {
-        auto-optimise-store = isLinux;
-        experimental-features = ["nix-command" "flakes" "auto-allocate-uids" "repl-flake"];
-
-        trusted-substituters = ["https://cache.garnix.io"];
-        trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="];
-      };
-
-      gc = {
-        automatic = mkDefault true;
-        options = mkDefault "--delete-older-than 7d";
-      };
-    };
-
-    nixpkgs = {
-      overlays = with inputs; [nur.overlay getchoo.overlays.default self.overlays.default];
-      config.allowUnfree = true;
-    };
-  };
-}
diff --git a/parts/modules/shared/base/packages.nix b/parts/modules/shared/base/packages.nix
deleted file mode 100644
index 38cd6e7..0000000
--- a/parts/modules/shared/base/packages.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  cfg = config.base.defaultPackages;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.base.defaultPackages.enable = mkEnableOption "base module default packages";
-
-  config = mkIf cfg.enable {
-    environment.systemPackages = with pkgs; [
-      python311
-    ];
-
-    programs = {
-      gnupg.agent.enable = true;
-    };
-  };
-}
diff --git a/parts/modules/shared/default.nix b/parts/modules/shared/default.nix
deleted file mode 100644
index 0199860..0000000
--- a/parts/modules/shared/default.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-_: {
-  imports = [
-    ./base
-  ];
-}
diff --git a/parts/systems/default.nix b/parts/systems/default.nix
deleted file mode 100644
index e9ef9ba..0000000
--- a/parts/systems/default.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{
-  inputs,
-  self,
-  withSystem,
-  ...
-}: {
-  flake = let
-    inherit (self.lib.configs) mapSystems;
-    profiles = import ./profiles.nix {inherit self inputs;};
-  in {
-    darwinConfigurations = mapSystems {
-      caroline = {
-        system = "x86_64-darwin";
-        profile = profiles.personal-darwin;
-      };
-    };
-
-    nixosConfigurations = mapSystems {
-      glados = {
-        modules = with inputs; [
-          lanzaboote.nixosModules.lanzaboote
-        ];
-        profile = profiles.personal;
-      };
-
-      glados-wsl = {
-        modules = [inputs.nixos-wsl.nixosModules.wsl];
-        profile = profiles.personal;
-      };
-
-      atlas = {
-        modules = [inputs.guzzle_api.nixosModules.default];
-        system = "aarch64-linux";
-        profile = profiles.server;
-      };
-    };
-
-    openwrtConfigurations.turret = withSystem "x86_64-linux" ({pkgs, ...}:
-      pkgs.callPackage ./turret {
-        inherit (inputs) openwrt-imagebuilder;
-      });
-  };
-
-  perSystem = {system, ...}: {
-    apps = (inputs.nixinate.nixinate.${system} self).nixinate;
-  };
-}
diff --git a/parts/systems/profiles.nix b/parts/systems/profiles.nix
deleted file mode 100644
index eada9ac..0000000
--- a/parts/systems/profiles.nix
+++ /dev/null
@@ -1,102 +0,0 @@
-{
-  inputs,
-  self,
-  ...
-}: let
-  specialArgs = {inherit inputs self;};
-in {
-  personal = {
-    system = "x86_64-linux";
-    builder = inputs.nixpkgs.lib.nixosSystem;
-    inherit specialArgs;
-
-    modules = with inputs; [
-      agenix.nixosModules.default
-      catppuccin.nixosModules.catppuccin
-      hm.nixosModules.home-manager
-      nur.nixosModules.nur
-      self.nixosModules.default
-
-      ../users/seth/system.nix
-
-      {
-        age = {
-          identityPaths = ["/etc/age/key"];
-          secrets = let
-            baseDir = "${self}/parts/secrets/shared";
-          in {
-            rootPassword.file = "${baseDir}/rootPassword.age";
-            sethPassword.file = "${baseDir}/sethPassword.age";
-          };
-        };
-
-        base.enable = true;
-        system.stateVersion = "23.11";
-
-        home-manager = {
-          useGlobalPkgs = true;
-          useUserPackages = true;
-          extraSpecialArgs = specialArgs;
-        };
-      }
-    ];
-  };
-
-  personal-darwin = {
-    builder = inputs.darwin.lib.darwinSystem;
-    inherit specialArgs;
-    modules = with inputs; [
-      hm.darwinModules.home-manager
-      self.darwinModules.default
-
-      ../users/seth/system.nix
-
-      {
-        base.enable = true;
-        desktop.enable = true;
-        system.stateVersion = 4;
-
-        home-manager = {
-          useGlobalPkgs = true;
-          useUserPackages = true;
-          extraSpecialArgs = specialArgs;
-
-          users.seth = {
-            imports = [
-              ../users/seth/darwin.nix
-            ];
-
-            getchoo.desktop.enable = false;
-          };
-        };
-      }
-    ];
-  };
-
-  server = {
-    builder = inputs.nixpkgs-stable.lib.nixosSystem;
-    inherit specialArgs;
-
-    modules = with inputs; [
-      agenix.nixosModules.default
-      ../modules/nixos/base
-      ../modules/nixos/server
-      ../modules/nixos/features/tailscale.nix
-
-      {
-        features.tailscale = {
-          enable = true;
-          ssh.enable = true;
-        };
-
-        server = {
-          enable = true;
-          secrets.enable = true;
-        };
-
-        nix.registry.n.flake = nixpkgs-stable;
-        system.stateVersion = "23.05";
-      }
-    ];
-  };
-}
diff --git a/parts/users/default.nix b/parts/users/default.nix
deleted file mode 100644
index a639abe..0000000
--- a/parts/users/default.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{
-  lib,
-  config,
-  inputs,
-  self,
-  ...
-}: let
-  inherit (self.lib.configs) mapHMUsers;
-  inherit (inputs) nixpkgs;
-
-  pkgsFor = lib.genAttrs config.systems (
-    system:
-      import nixpkgs {
-        system = "x86_64-linux";
-        overlays = with inputs; [nur.overlay getchoo.overlays.default];
-      }
-  );
-in {
-  flake.homeConfigurations = mapHMUsers {
-    seth.pkgs = pkgsFor."x86_64-linux";
-  };
-}
diff --git a/parts/users/seth/darwin.nix b/parts/users/seth/darwin.nix
deleted file mode 100644
index 74e6489..0000000
--- a/parts/users/seth/darwin.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{pkgs, ...}: {
-  home.packages = with pkgs; [
-    discord
-    iterm2
-    #prismlauncher
-    #spotify
-  ];
-}
diff --git a/parts/users/seth/desktop/default.nix b/parts/users/seth/desktop/default.nix
deleted file mode 100644
index bdcef3d..0000000
--- a/parts/users/seth/desktop/default.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  osConfig,
-  ...
-}: let
-  cfg = config.getchoo.desktop;
-  desktops = ["budgie" "gnome" "plasma"];
-  inherit (lib) mkEnableOption mkIf;
-in {
-  imports = [
-    ./budgie
-    ./gnome
-    ./plasma
-  ];
-
-  options.getchoo.desktop =
-    {
-      enable = mkEnableOption "desktop configuration" // {default = osConfig.desktop.enable or false;};
-    }
-    // lib.genAttrs desktops (desktop: {
-      enable =
-        mkEnableOption desktop
-        // {default = osConfig.desktop.${desktop}.enable or false;};
-    });
-
-  config = mkIf cfg.enable {
-    home.packages = with pkgs; [
-      discord
-      element-desktop
-      spotify
-      steam
-      prismlauncher
-    ];
-
-    getchoo.programs = {
-      chromium.enable = true;
-      firefox.enable = true;
-      mangohud.enable = true;
-    };
-  };
-}
diff --git a/parts/users/seth/home.nix b/parts/users/seth/home.nix
deleted file mode 100644
index a3d9cce..0000000
--- a/parts/users/seth/home.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  lib,
-  pkgs,
-  ...
-}: {
-  imports = [./.];
-
-  home = let
-    username = "seth";
-    inherit (pkgs.stdenv) isLinux isDarwin;
-    optionalLinuxDarwin = lib.optionalString (isLinux || isDarwin);
-  in {
-    inherit username;
-    homeDirectory = optionalLinuxDarwin (
-      if isLinux
-      then "/home/${username}"
-      else "/Users/${username}"
-    );
-  };
-}
diff --git a/parts/users/seth/programs/chromium.nix b/parts/users/seth/programs/chromium.nix
deleted file mode 100644
index e313235..0000000
--- a/parts/users/seth/programs/chromium.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.getchoo.programs.chromium;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.getchoo.programs.chromium.enable = mkEnableOption "chromium" // {default = config.getchoo.desktop.enable;};
-
-  config = mkIf cfg.enable {
-    programs.chromium = {
-      enable = true;
-      # hw accel support
-      commandLineArgs = [
-        "--ignore-gpu-blocklist"
-        "--enable-gpu-rasterization"
-        "--enable-gpu-compositing"
-        #"--enable-native-gpu-memory-buffers"
-        "--enable-zero-copy"
-        "--enable-features=VaapiVideoDecoder,VaapiVideoEncoder,CanvasOopRasterization,RawDraw,WebRTCPipeWireCapturer,Vulkan,WaylandWindowDecorations,WebUIDarkMode"
-        "--enable-features=WebRTCPipeWireCapturer,WaylandWindowDecorations,WebUIDarkMode"
-        "--force-dark-mode"
-      ];
-    };
-  };
-}
diff --git a/parts/users/seth/programs/default.nix b/parts/users/seth/programs/default.nix
deleted file mode 100644
index 03dfa1b..0000000
--- a/parts/users/seth/programs/default.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  cfg = config.getchoo.programs.defaultPrograms;
-  inherit (lib) mkDefault mkEnableOption mkIf;
-in {
-  options.getchoo.programs.defaultPrograms.enable = mkEnableOption "default programs" // {default = true;};
-
-  imports = [
-    ./chromium.nix
-    ./firefox
-    ./git.nix
-    ./gpg.nix
-    ./mangohud.nix
-    ./neovim
-    ./ssh.nix
-    ./vim.nix
-  ];
-
-  config = mkIf cfg.enable {
-    home.packages = with pkgs; [
-      fd
-      nix-your-shell
-      nurl
-      rclone
-      restic
-    ];
-
-    catppuccin.flavour = mkDefault "mocha";
-
-    programs = {
-      btop = {
-        enable = mkDefault true;
-        catppuccin.enable = mkDefault true;
-      };
-
-      direnv = {
-        enable = mkDefault true;
-        nix-direnv.enable = mkDefault true;
-      };
-
-      ripgrep.enable = mkDefault true;
-
-      nix-index-database.comma.enable = mkDefault true;
-    };
-
-    xdg.enable = mkDefault true;
-  };
-}
diff --git a/parts/users/seth/programs/firefox/default.nix b/parts/users/seth/programs/firefox/default.nix
deleted file mode 100644
index 82ba80d..0000000
--- a/parts/users/seth/programs/firefox/default.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  cfg = config.getchoo.programs.firefox;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.getchoo.programs.firefox.enable = mkEnableOption "firefox" // {default = config.getchoo.desktop.enable;};
-
-  imports = [
-    ./arkenfox.nix
-  ];
-
-  config = mkIf cfg.enable {
-    home.sessionVariables = {
-      MOZ_ENABLE_WAYLAND = "1";
-    };
-
-    programs.firefox = {
-      enable = true;
-      profiles.arkenfox = {
-        extensions = with pkgs.nur.repos.rycee.firefox-addons; [
-          bitwarden
-          floccus
-          private-relay
-          ublock-origin
-        ];
-
-        isDefault = true;
-
-        settings = {
-          # disable firefox accounts & pocket
-          "extensions.pocket.enabled" = false;
-          "identity.fxaccounts.enabled" = false;
-
-          "gfx.webrender.all" = true;
-          "fission.autostart" = true;
-
-          # hw accel
-          "media.ffmpeg.vaapi.enabled" = true;
-
-          # widevine drm
-          "media.gmp-widevinecdm.enabled" = true;
-        };
-      };
-    };
-  };
-}
diff --git a/parts/users/seth/programs/git.nix b/parts/users/seth/programs/git.nix
deleted file mode 100644
index ec92f8d..0000000
--- a/parts/users/seth/programs/git.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.getchoo.programs.git;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.getchoo.programs.git.enable = mkEnableOption "git" // {default = true;};
-
-  config = mkIf cfg.enable {
-    programs = {
-      gh = {
-        enable = true;
-        settings = {
-          git_protocol = "https";
-          editor = "nvim";
-          prompt = "enabled";
-        };
-
-        gitCredentialHelper = {
-          enable = true;
-          hosts = ["https://github.com" "https://github.example.com"];
-        };
-      };
-
-      git = {
-        enable = true;
-
-        delta = {
-          enable = true;
-          options = {
-            syntax-theme = "catppuccin";
-          };
-        };
-
-        extraConfig = {
-          init = {defaultBranch = "main";};
-        };
-
-        signing = {
-          key = "D31BD0D494BBEE86";
-          signByDefault = true;
-        };
-
-        userEmail = "[email protected]";
-        userName = "seth";
-      };
-    };
-  };
-}
diff --git a/parts/users/seth/programs/gpg.nix b/parts/users/seth/programs/gpg.nix
deleted file mode 100644
index f4f1a33..0000000
--- a/parts/users/seth/programs/gpg.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  osConfig,
-  ...
-}: let
-  cfg = config.getchoo.programs.gpg;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.getchoo.programs.gpg.enable = mkEnableOption "gpg" // {default = true;};
-
-  config = mkIf cfg.enable {
-    programs.gpg.enable = true;
-
-    services.gpg-agent = lib.mkIf pkgs.stdenv.isLinux {
-      enable = true;
-
-      enableBashIntegration = config.programs.bash.enable;
-      enableFishIntegration = config.programs.fish.enable;
-      enableZshIntegration = config.programs.zsh.enable;
-
-      pinentryFlavor =
-        if osConfig ? programs
-        then osConfig.programs.gnupg.agent.pinentryFlavor or "curses"
-        else "curses";
-    };
-  };
-}
diff --git a/parts/users/seth/programs/mangohud.nix b/parts/users/seth/programs/mangohud.nix
deleted file mode 100644
index 1ab8bb0..0000000
--- a/parts/users/seth/programs/mangohud.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.getchoo.programs.mangohud;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.getchoo.programs.mangohud.enable =
-    mkEnableOption "mangohud"
-    // {default = config.getchoo.desktop.enable;};
-
-  config = mkIf cfg.enable {
-    programs.mangohud = {
-      enable = true;
-      settings = {
-        legacy_layout = false;
-        cpu_stats = true;
-        cpu_temp = true;
-        gpu_stats = true;
-        gpu_temp = true;
-        fps = true;
-        frametime = true;
-        media_player = true;
-        media_player_name = "spotify";
-      };
-    };
-  };
-}
diff --git a/parts/users/seth/programs/neovim/.luarc.json b/parts/users/seth/programs/neovim/.luarc.json
deleted file mode 100644
index 23b9ee2..0000000
--- a/parts/users/seth/programs/neovim/.luarc.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-    "workspace.checkThirdParty": false
-}
\ No newline at end of file
diff --git a/parts/users/seth/programs/neovim/default.nix b/parts/users/seth/programs/neovim/default.nix
deleted file mode 100644
index f02935a..0000000
--- a/parts/users/seth/programs/neovim/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  inputs,
-  ...
-}: let
-  cfg = config.getchoo.programs.neovim;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.getchoo.programs.neovim.enable = mkEnableOption "neovim" // {default = true;};
-
-  config = mkIf cfg.enable {
-    home.packages = [
-      inputs.getchvim.packages.${pkgs.stdenv.hostPlatform.system}.default
-    ];
-  };
-}
diff --git a/parts/users/seth/programs/ssh.nix b/parts/users/seth/programs/ssh.nix
deleted file mode 100644
index 080a60e..0000000
--- a/parts/users/seth/programs/ssh.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  cfg = config.getchoo.programs.ssh;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.getchoo.programs.ssh.enable = mkEnableOption "ssh" // {default = true;};
-
-  config = mkIf cfg.enable {
-    programs.ssh = {
-      enable = true;
-      package = pkgs.openssh;
-
-      matchBlocks = let
-        sshDir = "${config.home.homeDirectory}/.ssh";
-      in {
-        # git forges
-        "codeberg.org" = {
-          identityFile = "${sshDir}/codeberg";
-          user = "git";
-        };
-
-        # linux packaging
-        "aur.archlinux.org" = {
-          identityFile = "${sshDir}/aur";
-          user = "aur";
-        };
-
-        "pagure.io" = {
-          identityFile = "${sshDir}/copr";
-          user = "git";
-        };
-
-        # router
-        "192.168.1.1" = {
-          identityFile = "${sshDir}/openwrt";
-          user = "root";
-        };
-
-        # servers
-        "atlas".user = "atlas";
-      };
-    };
-
-    services.ssh-agent.enable = pkgs.stdenv.isLinux;
-  };
-}
diff --git a/parts/users/seth/programs/vim.nix b/parts/users/seth/programs/vim.nix
deleted file mode 100644
index 0f81cfb..0000000
--- a/parts/users/seth/programs/vim.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  cfg = config.getchoo.programs.vim;
-  inherit (lib) mkEnableOption mkIf;
-in {
-  options.getchoo.programs.vim.enable = mkEnableOption "vim" // {default = true;};
-
-  config = mkIf cfg.enable {
-    programs.vim = {
-      enable = true;
-      packageConfigurable = pkgs.vim;
-      settings = {
-        expandtab = false;
-        shiftwidth = 2;
-        tabstop = 2;
-      };
-      extraConfig = ''
-        " https://wiki.archlinux.org/title/XDG_Base_Directory
-        set runtimepath^=$XDG_CONFIG_HOME/vim
-        set runtimepath+=$XDG_DATA_HOME/vim
-        set runtimepath+=$XDG_CONFIG_HOME/vim/after
-
-        set packpath^=$XDG_DATA_HOME/vim,$XDG_CONFIG_HOME/vim
-        set packpath+=$XDG_CONFIG_HOME/vim/after,$XDG_DATA_HOME/vim/after
-        set packpath^=$XDG_DATA_HOME/vim,$XDG_CONFIG_HOME/vim
-        set packpath+=$XDG_CONFIG_HOME/vim/after,$XDG_DATA_HOME/vim/after
-
-        let g:netrw_home = $XDG_DATA_HOME."/vim"
-        call mkdir($XDG_DATA_HOME."/vim/spell", 'p')
-
-        set backupdir=$XDG_STATE_HOME/vim/backup | call mkdir(&backupdir, 'p')
-        set directory=$XDG_STATE_HOME/vim/swap   | call mkdir(&directory, 'p')
-        set undodir=$XDG_STATE_HOME/vim/undo     | call mkdir(&undodir,   'p')
-        set viewdir=$XDG_STATE_HOME/vim/view     | call mkdir(&viewdir,   'p')
-        set viminfofile=$XDG_STATE_HOME/vim/viminfo
-      '';
-    };
-  };
-}
diff --git a/parts/users/seth/shell/default.nix b/parts/users/seth/shell/default.nix
deleted file mode 100644
index 0b09bf6..0000000
--- a/parts/users/seth/shell/default.nix
+++ /dev/null
@@ -1,64 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
-  imports = [
-    ./bash.nix
-    ./fish.nix
-  ];
-
-  programs = {
-    bat = {
-      enable = true;
-      catppuccin.enable = true;
-    };
-
-    eza = {
-      enable = true;
-      enableAliases = true;
-      icons = true;
-    };
-
-    starship = {
-      enable = true;
-      enableBashIntegration = false;
-      enableZshIntegration = false;
-      settings =
-        {
-          format = "$all";
-          palette = "catppuccin_mocha";
-          command_timeout = 250;
-        }
-        // fromTOML (builtins.readFile ./starship.toml)
-        // fromTOML (builtins.readFile
-          (pkgs.fetchFromGitHub {
-              owner = "catppuccin";
-              repo = "starship";
-              rev = "5629d2356f62a9f2f8efad3ff37476c19969bd4f";
-              hash = "sha256-nsRuxQFKbQkyEI4TXgvAjcroVdG+heKX5Pauq/4Ota0=";
-            }
-            + "/palettes/mocha.toml"));
-    };
-  };
-
-  home = {
-    sessionVariables = let
-      inherit (config.xdg) configHome dataHome stateHome;
-    in {
-      EDITOR = "nvim";
-      VISUAL = "$EDITOR";
-      GPG_TTY = "$(tty)";
-      CARGO_HOME = "${dataHome}/cargo";
-      RUSTUP_HOME = "${dataHome}/rustup";
-      LESSHISTFILE = "${stateHome}/less/history";
-      NPM_CONFIG_USERCONFIG = "${configHome}/npm/npmrc";
-    };
-
-    shellAliases = {
-      diff = "diff --color=auto";
-      g = "git";
-      gs = "g status";
-    };
-  };
-}
diff --git a/parts/secrets/secrets.nix b/secrets/secrets.nix
index 7ebc07a..7ebc07a 100644
--- a/parts/secrets/secrets.nix
+++ b/secrets/secrets.nix
diff --git a/parts/secrets/shared/rootPassword.age b/secrets/shared/rootPassword.age
index 3770a2d..3770a2d 100644
--- a/parts/secrets/shared/rootPassword.age
+++ b/secrets/shared/rootPassword.age
diff --git a/parts/secrets/shared/sethPassword.age b/secrets/shared/sethPassword.age
index 4015d60..4015d60 100644
--- a/parts/secrets/shared/sethPassword.age
+++ b/secrets/shared/sethPassword.age
diff --git a/parts/secrets/systems/atlas/binaryCache.age b/secrets/systems/atlas/binaryCache.age
index 4a5a4b8..4a5a4b8 100644
--- a/parts/secrets/systems/atlas/binaryCache.age
+++ b/secrets/systems/atlas/binaryCache.age
diff --git a/parts/secrets/systems/atlas/cloudflareApiKey.age b/secrets/systems/atlas/cloudflareApiKey.age
index e26a8a1..e26a8a1 100644
--- a/parts/secrets/systems/atlas/cloudflareApiKey.age
+++ b/secrets/systems/atlas/cloudflareApiKey.age
diff --git a/parts/secrets/systems/atlas/cloudflaredCreds.age b/secrets/systems/atlas/cloudflaredCreds.age
index 800dd96..800dd96 100644
--- a/parts/secrets/systems/atlas/cloudflaredCreds.age
+++ b/secrets/systems/atlas/cloudflaredCreds.age
diff --git a/parts/secrets/systems/atlas/clusterToken.age b/secrets/systems/atlas/clusterToken.age
index 5ca3074..5ca3074 100644
--- a/parts/secrets/systems/atlas/clusterToken.age
+++ b/secrets/systems/atlas/clusterToken.age
diff --git a/parts/secrets/systems/atlas/miniflux.age b/secrets/systems/atlas/miniflux.age
index 0be7920..0be7920 100644
--- a/parts/secrets/systems/atlas/miniflux.age
+++ b/secrets/systems/atlas/miniflux.age
diff --git a/parts/secrets/systems/atlas/rootPassword.age b/secrets/systems/atlas/rootPassword.age
index 9609bfa..9609bfa 100644
--- a/parts/secrets/systems/atlas/rootPassword.age
+++ b/secrets/systems/atlas/rootPassword.age
diff --git a/parts/secrets/systems/atlas/secretsJson.age b/secrets/systems/atlas/secretsJson.age
index c5fdf34..c5fdf34 100644
--- a/parts/secrets/systems/atlas/secretsJson.age
+++ b/secrets/systems/atlas/secretsJson.age
diff --git a/parts/secrets/systems/atlas/tailscaleAuthKey.age b/secrets/systems/atlas/tailscaleAuthKey.age
index 45758a1..45758a1 100644
--- a/parts/secrets/systems/atlas/tailscaleAuthKey.age
+++ b/secrets/systems/atlas/tailscaleAuthKey.age
diff --git a/parts/secrets/systems/atlas/userPassword.age b/secrets/systems/atlas/userPassword.age
index 3e658ba..3e658ba 100644
--- a/parts/secrets/systems/atlas/userPassword.age
+++ b/secrets/systems/atlas/userPassword.age
diff --git a/parts/systems/atlas/default.nix b/systems/atlas/default.nix
index 24cb139..00bfab4 100644
--- a/parts/systems/atlas/default.nix
+++ b/systems/atlas/default.nix
@@ -26,6 +26,7 @@
   networking = {
     domain = "mydadleft.me";
     hostName = "atlas";
+    networkmanager.enable = false;
   };
 
   services = {
@@ -38,6 +39,8 @@
         addSSL = true;
       };
     };
+
+    resolved.enable = false;
   };
 
   users.users.atlas = {
diff --git a/parts/systems/atlas/hardware-configuration.nix b/systems/atlas/hardware-configuration.nix
index 00c6cd8..00c6cd8 100644
--- a/parts/systems/atlas/hardware-configuration.nix
+++ b/systems/atlas/hardware-configuration.nix
diff --git a/parts/systems/atlas/miniflux.nix b/systems/atlas/miniflux.nix
index 5ed5d40..df1c761 100644
--- a/parts/systems/atlas/miniflux.nix
+++ b/systems/atlas/miniflux.nix
@@ -1,11 +1,7 @@
-{
-  config,
-  self,
-  ...
-}: {
+{config, ...}: {
   config = {
     age.secrets = {
-      miniflux.file = "${self}/parts/secrets/systems/${config.networking.hostName}/miniflux.age";
+      miniflux.file = ../../secrets/systems/${config.networking.hostName}/miniflux.age;
     };
 
     services.miniflux = {
diff --git a/parts/systems/atlas/nginx.nix b/systems/atlas/nginx.nix
index cdf483d..6cdd793 100644
--- a/parts/systems/atlas/nginx.nix
+++ b/systems/atlas/nginx.nix
@@ -1,16 +1,30 @@
 {
   config,
-  self,
+  lib,
   ...
 }: let
   inherit (config.networking) domain;
-  inherit (self.lib.utils.nginx) mkVHosts mkProxy;
-in {
-  server = {
-    acme.enable = true;
-    services.cloudflared.enable = true;
+
+  mkProxy = endpoint: port: {
+    "${endpoint}" = {
+      proxyPass = "http://localhost:${toString port}";
+      proxyWebsockets = true;
+    };
   };
 
+  mkVHosts = let
+    commonSettings = {
+      enableACME = true;
+      # workaround for https://github.com/NixOS/nixpkgs/issues/210807
+      acmeRoot = null;
+
+      addSSL = true;
+    };
+  in
+    lib.mapAttrs (_: lib.recursiveUpdate commonSettings);
+in {
+  server.services.cloudflared.enable = true;
+
   services.nginx = {
     enable = true;
 
diff --git a/parts/systems/caroline/default.nix b/systems/caroline/default.nix
index 3ec2dd2..ae09dca 100644
--- a/parts/systems/caroline/default.nix
+++ b/systems/caroline/default.nix
@@ -1,9 +1,4 @@
-_: {
-  desktop = {
-    homebrew.enable = true;
-    gpg.enable = true;
-  };
-
+{
   homebrew.casks = ["altserver"];
 
   networking = rec {
diff --git a/systems/common.nix b/systems/common.nix
new file mode 100644
index 0000000..8bd29cb
--- /dev/null
+++ b/systems/common.nix
@@ -0,0 +1,78 @@
+{
+  inputs,
+  self,
+}: let
+  hmSetup = {
+    imports = [
+      ../users/seth/system.nix
+    ];
+
+    home-manager = {
+      useGlobalPkgs = true;
+      useUserPackages = true;
+      extraSpecialArgs = {inherit inputs self;};
+    };
+  };
+in {
+  nixos =
+    (with inputs; [
+      agenix.nixosModules.default
+      catppuccin.nixosModules.catppuccin
+      hm.nixosModules.home-manager
+      nur.nixosModules.nur
+    ])
+    ++ [
+      self.nixosModules.default
+      self.nixosModules.hardware
+
+      hmSetup
+
+      {
+        age = {
+          identityPaths = ["/etc/age/key"];
+          secrets = let
+            baseDir = ../secrets/shared;
+          in {
+            rootPassword.file = "${baseDir}/rootPassword.age";
+            sethPassword.file = "${baseDir}/sethPassword.age";
+          };
+        };
+
+        system.stateVersion = "23.11";
+      }
+    ];
+
+  darwin = [
+    inputs.hm.darwinModules.home-manager
+    self.darwinModules.default
+    self.darwinModules.desktop
+
+    hmSetup
+
+    {
+      home-manager.users.seth = {
+        desktop.enable = true;
+      };
+
+      system.stateVersion = 4;
+    }
+  ];
+
+  server = [
+    inputs.agenix.nixosModules.default
+    self.nixosModules.default
+    self.nixosModules.server
+    self.nixosModules.services
+    ../modules/nixos/features/tailscale.nix
+
+    {
+      features.tailscale = {
+        enable = true;
+        ssh.enable = true;
+      };
+
+      nix.registry.n.flake = inputs.nixpkgs-stable;
+      system.stateVersion = "23.05";
+    }
+  ];
+}
diff --git a/systems/default.nix b/systems/default.nix
new file mode 100644
index 0000000..6807a71
--- /dev/null
+++ b/systems/default.nix
@@ -0,0 +1,73 @@
+{
+  lib,
+  inputs,
+  self,
+  withSystem,
+  ...
+}: let
+  /*
+  basic nixosSystem/darwinSystem wrapper; can override
+  the exact builder by supplying an argument
+  */
+  mapSystems = builder:
+    lib.mapAttrs (name: args:
+      (args.builder or builder) (
+        (lib.filterAttrs (n: _: n != "builder") args) # use builder but don't include it in output
+        // {
+          modules = args.modules ++ [./${name}];
+          specialArgs = {inherit inputs self;};
+        }
+      ));
+
+  mapDarwin = mapSystems inputs.darwin.lib.darwinSystem;
+  mapNixOS = mapSystems inputs.nixpkgs.lib.nixosSystem;
+  inherit (import ./common.nix {inherit inputs self;}) darwin nixos server;
+in {
+  flake = {
+    darwinConfigurations = mapDarwin {
+      caroline = {
+        system = "x86_64-darwin";
+        modules = darwin;
+      };
+    };
+
+    nixosConfigurations = mapNixOS {
+      glados = {
+        system = "x86_64-linux";
+        modules =
+          [
+            inputs.lanzaboote.nixosModules.lanzaboote
+          ]
+          ++ nixos;
+      };
+
+      glados-wsl = {
+        system = "x86_64-linux";
+        modules =
+          [
+            inputs.nixos-wsl.nixosModules.wsl
+          ]
+          ++ nixos;
+      };
+
+      atlas = {
+        builder = inputs.nixpkgs-stable.lib.nixosSystem;
+        system = "aarch64-linux";
+        modules =
+          [
+            inputs.guzzle_api.nixosModules.default
+          ]
+          ++ server;
+      };
+    };
+
+    openwrtConfigurations.turret = withSystem "x86_64-linux" ({pkgs, ...}:
+      pkgs.callPackage ./turret {
+        inherit (inputs) openwrt-imagebuilder;
+      });
+  };
+
+  perSystem = {system, ...}: {
+    apps = (inputs.nixinate.nixinate.${system} self).nixinate;
+  };
+}
diff --git a/parts/systems/glados-wsl/default.nix b/systems/glados-wsl/default.nix
index 98b57ed..910e65d 100644
--- a/parts/systems/glados-wsl/default.nix
+++ b/systems/glados-wsl/default.nix
@@ -1,4 +1,5 @@
 {
+  lib,
   modulesPath,
   pkgs,
   ...
@@ -8,11 +9,13 @@
     ../../modules/nixos/features/tailscale.nix
   ];
 
-  environment.systemPackages = with pkgs; [
-    wslu
-  ];
+  environment = {
+    noXlibs = lib.mkForce false;
+    systemPackages = with pkgs; [
+      wslu
+    ];
+  };
 
-  base.networking.enable = false;
   features.tailscale.enable = true;
 
   wsl = {
@@ -29,11 +32,16 @@
 
   services.dbus.apparmor = "disabled";
 
-  networking.hostName = "glados-wsl";
+  networking = {
+    hostName = "glados-wsl";
+    networkmanager.enable = false;
+  };
 
   security = {
     apparmor.enable = false;
     audit.enable = false;
     auditd.enable = false;
   };
+
+  services.resolved.enable = false;
 }
diff --git a/parts/systems/glados/boot.nix b/systems/glados/boot.nix
index 4a9af4e..4a9af4e 100644
--- a/parts/systems/glados/boot.nix
+++ b/systems/glados/boot.nix
diff --git a/parts/systems/glados/default.nix b/systems/glados/default.nix
index de2c1d5..e5a275a 100644
--- a/parts/systems/glados/default.nix
+++ b/systems/glados/default.nix
@@ -1,9 +1,15 @@
-{lib, ...}: {
+{
+  lib,
+  self,
+  ...
+}: {
   imports = [
     ./boot.nix
     ./hardware-configuration.nix
     ../../modules/nixos/features/tailscale.nix
     ../../modules/nixos/features/virtualisation.nix
+    self.nixosModules.desktop
+    self.nixosModules.gnome
   ];
 
   boot = {
@@ -16,8 +22,6 @@
     };
   };
 
-  desktop.gnome.enable = true;
-
   features = {
     tailscale.enable = true;
     virtualisation.enable = true;
@@ -28,6 +32,10 @@
     ssd.enable = true;
   };
 
+  home-manager.users.seth = {
+    desktop.enable = true;
+  };
+
   networking.hostName = "glados";
 
   security.tpm2 = {
diff --git a/parts/systems/glados/hardware-configuration.nix b/systems/glados/hardware-configuration.nix
index a7ff9e9..a7ff9e9 100644
--- a/parts/systems/glados/hardware-configuration.nix
+++ b/systems/glados/hardware-configuration.nix
diff --git a/parts/systems/turret/default.nix b/systems/turret/default.nix
index faac3d2..faac3d2 100644
--- a/parts/systems/turret/default.nix
+++ b/systems/turret/default.nix
diff --git a/parts/systems/turret/files/etc/config/dhcp b/systems/turret/files/etc/config/dhcp
index 4a471cf..4a471cf 100644
--- a/parts/systems/turret/files/etc/config/dhcp
+++ b/systems/turret/files/etc/config/dhcp
diff --git a/parts/systems/turret/files/etc/config/dropbear b/systems/turret/files/etc/config/dropbear
index 2139ba0..2139ba0 100644
--- a/parts/systems/turret/files/etc/config/dropbear
+++ b/systems/turret/files/etc/config/dropbear
diff --git a/parts/systems/turret/files/etc/config/firewall b/systems/turret/files/etc/config/firewall
index b9a4647..b9a4647 100644
--- a/parts/systems/turret/files/etc/config/firewall
+++ b/systems/turret/files/etc/config/firewall
diff --git a/parts/systems/turret/files/etc/config/https-dns-proxy b/systems/turret/files/etc/config/https-dns-proxy
index e5623ad..e5623ad 100644
--- a/parts/systems/turret/files/etc/config/https-dns-proxy
+++ b/systems/turret/files/etc/config/https-dns-proxy
diff --git a/parts/systems/turret/files/etc/config/luci b/systems/turret/files/etc/config/luci
index 8eb8a9b..8eb8a9b 100644
--- a/parts/systems/turret/files/etc/config/luci
+++ b/systems/turret/files/etc/config/luci
diff --git a/parts/systems/turret/files/etc/config/network b/systems/turret/files/etc/config/network
index c71cf98..c71cf98 100644
--- a/parts/systems/turret/files/etc/config/network
+++ b/systems/turret/files/etc/config/network
diff --git a/parts/systems/turret/files/etc/config/rpcd b/systems/turret/files/etc/config/rpcd
index 176c643..176c643 100644
--- a/parts/systems/turret/files/etc/config/rpcd
+++ b/systems/turret/files/etc/config/rpcd
diff --git a/parts/systems/turret/files/etc/config/system b/systems/turret/files/etc/config/system
index ee3415f..ee3415f 100644
--- a/parts/systems/turret/files/etc/config/system
+++ b/systems/turret/files/etc/config/system
diff --git a/parts/systems/turret/files/etc/config/ucitrack b/systems/turret/files/etc/config/ucitrack
index bb4cdbc..bb4cdbc 100644
--- a/parts/systems/turret/files/etc/config/ucitrack
+++ b/systems/turret/files/etc/config/ucitrack
diff --git a/parts/systems/turret/files/etc/config/uhttpd b/systems/turret/files/etc/config/uhttpd
index cb2ff71..cb2ff71 100644
--- a/parts/systems/turret/files/etc/config/uhttpd
+++ b/systems/turret/files/etc/config/uhttpd
diff --git a/parts/systems/turret/files/etc/config/wireless b/systems/turret/files/etc/config/wireless
index c8bb9d7..c8bb9d7 100644
--- a/parts/systems/turret/files/etc/config/wireless
+++ b/systems/turret/files/etc/config/wireless
diff --git a/parts/systems/turret/files/etc/dropbear/authorized_keys b/systems/turret/files/etc/dropbear/authorized_keys
index 495c605..495c605 100644
--- a/parts/systems/turret/files/etc/dropbear/authorized_keys
+++ b/systems/turret/files/etc/dropbear/authorized_keys
diff --git a/users/default.nix b/users/default.nix
new file mode 100644
index 0000000..9209724
--- /dev/null
+++ b/users/default.nix
@@ -0,0 +1,36 @@
+{
+  lib,
+  inputs,
+  self,
+  ...
+}: let
+  inherit (inputs.hm.lib) homeManagerConfiguration;
+
+  /*
+  basic homeManagerConfiguration wrapper. defaults to x86_64-linux
+  and gives basic, nice defaults
+  */
+  mapUsers = lib.mapAttrs (
+    name: args:
+      homeManagerConfiguration (args
+        // {
+          modules =
+            [
+              ./${name}/home.nix
+
+              {
+                _module.args.osConfig = {};
+                programs.home-manager.enable = true;
+              }
+            ]
+            ++ (args.modules or []);
+
+          extraSpecialArgs = {inherit inputs self;};
+          pkgs = args.pkgs or inputs.nixpkgs.legacyPackages."x86_64-linux";
+        })
+  );
+in {
+  flake.homeConfigurations = mapUsers {
+    seth = {};
+  };
+}
diff --git a/parts/users/seth/default.nix b/users/seth/default.nix
index 123e20f..f5a1be2 100644
--- a/parts/users/seth/default.nix
+++ b/users/seth/default.nix
@@ -1,8 +1,8 @@
 {inputs, ...}: {
   imports = with inputs; [
-    ./desktop
     ./programs
     ./shell
+
     arkenfox.hmModules.arkenfox
     catppuccin.homeManagerModules.catppuccin
     nix-index-database.hmModules.nix-index
diff --git a/parts/users/seth/desktop/budgie/default.nix b/users/seth/desktop/budgie/default.nix
index 7eced2b..2544edf 100644
--- a/parts/users/seth/desktop/budgie/default.nix
+++ b/users/seth/desktop/budgie/default.nix
@@ -1,20 +1,20 @@
 {
-  config,
   lib,
   pkgs,
+  osConfig,
   ...
 }: let
-  cfg = config.getchoo.desktop.budgie;
-  inherit (lib) mkIf;
+  cfg = osConfig.services.xserver.desktopManager.budgie or {enable = false;};
+
   fromYaml = file: let
     json = with pkgs;
       runCommand "converted.json" {} ''
         ${yj}/bin/yj < ${file} > $out
       '';
   in
-    with builtins; fromJSON (readFile json);
+    builtins.fromJSON (builtins.readFile json);
 in {
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     programs.alacritty = {
       enable = true;
       settings = let
diff --git a/users/seth/desktop/default.nix b/users/seth/desktop/default.nix
new file mode 100644
index 0000000..6815ab2
--- /dev/null
+++ b/users/seth/desktop/default.nix
@@ -0,0 +1,30 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  options.desktop.enable = lib.mkEnableOption "desktop";
+
+  imports = [
+    ./budgie
+    ./gnome
+    ./plasma
+  ];
+
+  config = lib.mkIf config.desktop.enable {
+    home.packages = with pkgs;
+      [
+        discord
+        element-desktop
+        spotify
+        prismlauncher
+      ]
+      ++ lib.optionals stdenv.isDarwin [
+        iterm2
+      ]
+      ++ lib.optionals stdenv.isLinux [
+        steam
+      ];
+  };
+}
diff --git a/parts/users/seth/desktop/gnome/default.nix b/users/seth/desktop/gnome/default.nix
index 82a4708..8e5ef4c 100644
--- a/parts/users/seth/desktop/gnome/default.nix
+++ b/users/seth/desktop/gnome/default.nix
@@ -1,13 +1,12 @@
 {
-  config,
   lib,
   pkgs,
+  osConfig,
   ...
 }: let
-  cfg = config.getchoo.desktop.gnome;
-  inherit (lib) mkIf;
+  cfg = osConfig.services.xserver.desktopManager.gnome or {enable = false;};
 in {
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     home.packages = with pkgs;
       [
         adw-gtk3
diff --git a/parts/users/seth/desktop/plasma/default.nix b/users/seth/desktop/plasma/default.nix
index 4f59528..453ea65 100644
--- a/parts/users/seth/desktop/plasma/default.nix
+++ b/users/seth/desktop/plasma/default.nix
@@ -2,12 +2,13 @@
   config,
   lib,
   pkgs,
+  osConfig,
   ...
 }: let
-  cfg = config.getchoo.desktop.plasma;
-  inherit (lib) mkIf;
+  cfg = osConfig.services.xserver.desktopManager.plasma5 or {enable = false;};
+  themeDir = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}";
 in {
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     home.packages = with pkgs; [
       catppuccin-cursors
       (catppuccin-kde.override
@@ -27,9 +28,7 @@ in {
     ];
 
     xdg = {
-      configFile = let
-        themeDir = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}";
-      in {
+      configFile = {
         "gtk-4.0/gtk.css".source = "${themeDir}/gtk-4.0/gtk.css";
         "gtk-4.0/gtk-dark.css".source = "${themeDir}/gtk-4.0/gtk-dark.css";
       };
diff --git a/users/seth/home.nix b/users/seth/home.nix
new file mode 100644
index 0000000..5dfc062
--- /dev/null
+++ b/users/seth/home.nix
@@ -0,0 +1,17 @@
+{
+  pkgs,
+  inputs,
+  ...
+}: {
+  imports = [./.];
+
+  home = rec {
+    username = "seth";
+    homeDirectory =
+      if pkgs.stdenv.isDarwin
+      then "/Users/${username}"
+      else "/home/${username}";
+  };
+
+  nixpkgs.overlays = with inputs; [nur.overlay getchoo.overlays.default];
+}
diff --git a/users/seth/programs/bat.nix b/users/seth/programs/bat.nix
new file mode 100644
index 0000000..e772849
--- /dev/null
+++ b/users/seth/programs/bat.nix
@@ -0,0 +1,6 @@
+{
+  programs.bat = {
+    enable = true;
+    catppuccin.enable = true;
+  };
+}
diff --git a/users/seth/programs/chromium.nix b/users/seth/programs/chromium.nix
new file mode 100644
index 0000000..37ca0da
--- /dev/null
+++ b/users/seth/programs/chromium.nix
@@ -0,0 +1,16 @@
+{config, ...}: {
+  programs.chromium = {
+    inherit (config.desktop) enable;
+    # hw accel support
+    commandLineArgs = [
+      "--ignore-gpu-blocklist"
+      "--enable-gpu-rasterization"
+      "--enable-gpu-compositing"
+      #"--enable-native-gpu-memory-buffers"
+      "--enable-zero-copy"
+      "--enable-features=VaapiVideoDecoder,VaapiVideoEncoder,CanvasOopRasterization,RawDraw,WebRTCPipeWireCapturer,Vulkan,WaylandWindowDecorations,WebUIDarkMode"
+      "--enable-features=WebRTCPipeWireCapturer,WaylandWindowDecorations,WebUIDarkMode"
+      "--force-dark-mode"
+    ];
+  };
+}
diff --git a/users/seth/programs/default.nix b/users/seth/programs/default.nix
new file mode 100644
index 0000000..f60db17
--- /dev/null
+++ b/users/seth/programs/default.nix
@@ -0,0 +1,44 @@
+{
+  pkgs,
+  inputs,
+  ...
+}: {
+  imports = [
+    ./bat.nix
+    ./eza.nix
+    ./git.nix
+    ./gpg.nix
+    ./ssh.nix
+    ./starship
+    ./vim.nix
+  ];
+
+  home.packages = with pkgs; [
+    fd
+    nix-your-shell
+    nurl
+    rclone
+    restic
+    inputs.getchvim.packages.${pkgs.stdenv.hostPlatform.system}.default
+  ];
+
+  catppuccin.flavour = "mocha";
+
+  programs = {
+    btop = {
+      enable = true;
+      catppuccin.enable = true;
+    };
+
+    direnv = {
+      enable = true;
+      nix-direnv.enable = true;
+    };
+
+    ripgrep.enable = true;
+
+    nix-index-database.comma.enable = true;
+  };
+
+  xdg.enable = true;
+}
diff --git a/users/seth/programs/eza.nix b/users/seth/programs/eza.nix
new file mode 100644
index 0000000..0b63d54
--- /dev/null
+++ b/users/seth/programs/eza.nix
@@ -0,0 +1,7 @@
+{
+  programs.eza = {
+    enable = true;
+    enableAliases = true;
+    icons = true;
+  };
+}
diff --git a/parts/users/seth/programs/firefox/arkenfox.nix b/users/seth/programs/firefox/arkenfox.nix
index fbe9a5c..e3005a6 100644
--- a/parts/users/seth/programs/firefox/arkenfox.nix
+++ b/users/seth/programs/firefox/arkenfox.nix
@@ -1,24 +1,14 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.getchoo.programs.firefox;
-  inherit (lib) genAttrs mkEnableOption mkIf recursiveUpdate;
-
-  enableSections = sections: genAttrs sections (_: {enable = true;});
-in {
-  options.getchoo.programs.firefox.arkenfoxConfig.enable =
-    mkEnableOption "default arkenfox config" // {default = true;};
-
-  config.programs.firefox = mkIf (cfg.enable && cfg.arkenfoxConfig.enable) {
+{lib, ...}: {
+  programs.firefox = {
     arkenfox = {
       enable = true;
       version = "118.0";
     };
 
-    profiles.arkenfox.arkenfox =
-      recursiveUpdate {
+    profiles.arkenfox.arkenfox = let
+      enableSections = sections: lib.genAttrs sections (_: {enable = true;});
+    in
+      lib.recursiveUpdate {
         enable = true;
 
         # enable safe browsing
diff --git a/users/seth/programs/firefox/default.nix b/users/seth/programs/firefox/default.nix
new file mode 100644
index 0000000..cb27bf7
--- /dev/null
+++ b/users/seth/programs/firefox/default.nix
@@ -0,0 +1,42 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ./arkenfox.nix
+  ];
+
+  home.sessionVariables = {
+    MOZ_ENABLE_WAYLAND = "1";
+  };
+
+  programs.firefox = {
+    inherit (config.desktop) enable;
+    profiles.arkenfox = {
+      extensions = with pkgs.nur.repos.rycee.firefox-addons; [
+        bitwarden
+        floccus
+        private-relay
+        ublock-origin
+      ];
+
+      isDefault = true;
+
+      settings = {
+        # disable firefox accounts & pocket
+        "extensions.pocket.enabled" = false;
+        "identity.fxaccounts.enabled" = false;
+
+        "gfx.webrender.all" = true;
+        "fission.autostart" = true;
+
+        # hw accel
+        "media.ffmpeg.vaapi.enabled" = true;
+
+        # widevine drm
+        "media.gmp-widevinecdm.enabled" = true;
+      };
+    };
+  };
+}
diff --git a/users/seth/programs/git.nix b/users/seth/programs/git.nix
new file mode 100644
index 0000000..34e8202
--- /dev/null
+++ b/users/seth/programs/git.nix
@@ -0,0 +1,40 @@
+{
+  programs = {
+    gh = {
+      enable = true;
+      settings = {
+        git_protocol = "https";
+        editor = "nvim";
+        prompt = "enabled";
+      };
+
+      gitCredentialHelper = {
+        enable = true;
+        hosts = ["https://github.com" "https://github.example.com"];
+      };
+    };
+
+    git = {
+      enable = true;
+
+      delta = {
+        enable = true;
+        options = {
+          syntax-theme = "Catppuccin-mocha";
+        };
+      };
+
+      extraConfig = {
+        init = {defaultBranch = "main";};
+      };
+
+      signing = {
+        key = "D31BD0D494BBEE86";
+        signByDefault = true;
+      };
+
+      userEmail = "[email protected]";
+      userName = "seth";
+    };
+  };
+}
diff --git a/users/seth/programs/gpg.nix b/users/seth/programs/gpg.nix
new file mode 100644
index 0000000..3fba0d3
--- /dev/null
+++ b/users/seth/programs/gpg.nix
@@ -0,0 +1,22 @@
+{
+  config,
+  lib,
+  pkgs,
+  osConfig,
+  ...
+}: {
+  programs.gpg.enable = true;
+
+  services.gpg-agent = lib.mkIf pkgs.stdenv.isLinux {
+    enable = true;
+
+    enableBashIntegration = config.programs.bash.enable;
+    enableFishIntegration = config.programs.fish.enable;
+    enableZshIntegration = config.programs.zsh.enable;
+
+    pinentryFlavor =
+      if osConfig ? programs
+      then osConfig.programs.gnupg.agent.pinentryFlavor or "curses"
+      else "curses";
+  };
+}
diff --git a/users/seth/programs/mangohud.nix b/users/seth/programs/mangohud.nix
new file mode 100644
index 0000000..fcdad87
--- /dev/null
+++ b/users/seth/programs/mangohud.nix
@@ -0,0 +1,16 @@
+{config, ...}: {
+  programs.mangohud = {
+    inherit (config.desktop) enable;
+    settings = {
+      legacy_layout = false;
+      cpu_stats = true;
+      cpu_temp = true;
+      gpu_stats = true;
+      gpu_temp = true;
+      fps = true;
+      frametime = true;
+      media_player = true;
+      media_player_name = "spotify";
+    };
+  };
+}
diff --git a/users/seth/programs/ssh.nix b/users/seth/programs/ssh.nix
new file mode 100644
index 0000000..627453e
--- /dev/null
+++ b/users/seth/programs/ssh.nix
@@ -0,0 +1,42 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  programs.ssh = {
+    enable = true;
+    package = pkgs.openssh;
+
+    matchBlocks = let
+      sshDir = "${config.home.homeDirectory}/.ssh";
+    in {
+      # git forges
+      "codeberg.org" = {
+        identityFile = "${sshDir}/codeberg";
+        user = "git";
+      };
+
+      # linux packaging
+      "aur.archlinux.org" = {
+        identityFile = "${sshDir}/aur";
+        user = "aur";
+      };
+
+      "pagure.io" = {
+        identityFile = "${sshDir}/copr";
+        user = "git";
+      };
+
+      # router
+      "192.168.1.1" = {
+        identityFile = "${sshDir}/openwrt";
+        user = "root";
+      };
+
+      # servers
+      "atlas".user = "atlas";
+    };
+  };
+
+  services.ssh-agent.enable = pkgs.stdenv.isLinux;
+}
diff --git a/users/seth/programs/starship/default.nix b/users/seth/programs/starship/default.nix
new file mode 100644
index 0000000..76f528e
--- /dev/null
+++ b/users/seth/programs/starship/default.nix
@@ -0,0 +1,22 @@
+{pkgs, ...}: {
+  programs.starship = {
+    enable = true;
+    enableBashIntegration = false;
+    enableZshIntegration = false;
+    settings =
+      {
+        format = "$all";
+        palette = "catppuccin_mocha";
+        command_timeout = 250;
+      }
+      // fromTOML (builtins.readFile ./starship.toml)
+      // fromTOML (builtins.readFile
+        (pkgs.fetchFromGitHub {
+            owner = "catppuccin";
+            repo = "starship";
+            rev = "5629d2356f62a9f2f8efad3ff37476c19969bd4f";
+            hash = "sha256-nsRuxQFKbQkyEI4TXgvAjcroVdG+heKX5Pauq/4Ota0=";
+          }
+          + "/palettes/mocha.toml"));
+  };
+}
diff --git a/parts/users/seth/shell/starship.toml b/users/seth/programs/starship/starship.toml
index 94a2922..94a2922 100644
--- a/parts/users/seth/shell/starship.toml
+++ b/users/seth/programs/starship/starship.toml
diff --git a/users/seth/programs/vim.nix b/users/seth/programs/vim.nix
new file mode 100644
index 0000000..409e225
--- /dev/null
+++ b/users/seth/programs/vim.nix
@@ -0,0 +1,30 @@
+{
+  programs.vim = {
+    enable = true;
+    settings = {
+      expandtab = false;
+      shiftwidth = 2;
+      tabstop = 2;
+    };
+    extraConfig = ''
+      " https://wiki.archlinux.org/title/XDG_Base_Directory
+      set runtimepath^=$XDG_CONFIG_HOME/vim
+      set runtimepath+=$XDG_DATA_HOME/vim
+      set runtimepath+=$XDG_CONFIG_HOME/vim/after
+
+      set packpath^=$XDG_DATA_HOME/vim,$XDG_CONFIG_HOME/vim
+      set packpath+=$XDG_CONFIG_HOME/vim/after,$XDG_DATA_HOME/vim/after
+      set packpath^=$XDG_DATA_HOME/vim,$XDG_CONFIG_HOME/vim
+      set packpath+=$XDG_CONFIG_HOME/vim/after,$XDG_DATA_HOME/vim/after
+
+      let g:netrw_home = $XDG_DATA_HOME."/vim"
+      call mkdir($XDG_DATA_HOME."/vim/spell", 'p')
+
+      set backupdir=$XDG_STATE_HOME/vim/backup | call mkdir(&backupdir, 'p')
+      set directory=$XDG_STATE_HOME/vim/swap   | call mkdir(&directory, 'p')
+      set undodir=$XDG_STATE_HOME/vim/undo     | call mkdir(&undodir,   'p')
+      set viewdir=$XDG_STATE_HOME/vim/view     | call mkdir(&viewdir,   'p')
+      set viminfofile=$XDG_STATE_HOME/vim/viminfo
+    '';
+  };
+}
diff --git a/parts/users/seth/shell/bash.nix b/users/seth/shell/bash.nix
index f9a1afa..f9a1afa 100644
--- a/parts/users/seth/shell/bash.nix
+++ b/users/seth/shell/bash.nix
diff --git a/users/seth/shell/default.nix b/users/seth/shell/default.nix
new file mode 100644
index 0000000..6ca9e3e
--- /dev/null
+++ b/users/seth/shell/default.nix
@@ -0,0 +1,26 @@
+{config, ...}: {
+  imports = [
+    ./bash.nix
+    ./fish.nix
+  ];
+
+  home = {
+    sessionVariables = let
+      inherit (config.xdg) configHome dataHome stateHome;
+    in {
+      EDITOR = "nvim";
+      VISUAL = "$EDITOR";
+      GPG_TTY = "$(tty)";
+      CARGO_HOME = "${dataHome}/cargo";
+      RUSTUP_HOME = "${dataHome}/rustup";
+      LESSHISTFILE = "${stateHome}/less/history";
+      NPM_CONFIG_USERCONFIG = "${configHome}/npm/npmrc";
+    };
+
+    shellAliases = {
+      diff = "diff --color=auto";
+      g = "git";
+      gs = "g status";
+    };
+  };
+}
diff --git a/parts/users/seth/shell/fish.nix b/users/seth/shell/fish.nix
index fc241d0..fc241d0 100644
--- a/parts/users/seth/shell/fish.nix
+++ b/users/seth/shell/fish.nix
diff --git a/parts/users/seth/shell/zsh.nix b/users/seth/shell/zsh.nix
index 23d5813..23d5813 100644
--- a/parts/users/seth/shell/zsh.nix
+++ b/users/seth/shell/zsh.nix
diff --git a/parts/users/seth/system.nix b/users/seth/system.nix
index f3957c7..6d9d213 100644
--- a/parts/users/seth/system.nix
+++ b/users/seth/system.nix
@@ -4,27 +4,34 @@
   pkgs,
   ...
 }: {
-  users.users.seth = let
-    inherit (pkgs.stdenv.hostPlatform) isLinux isDarwin;
-  in
-    lib.recursiveUpdate
+  users.users.seth =
     {
       shell = pkgs.fish;
       home =
-        if isDarwin
+        if pkgs.stdenv.isDarwin
         then "/Users/seth"
         else "/home/seth";
     }
-    (lib.optionalAttrs isLinux {
+    // lib.optionalAttrs pkgs.stdenv.isLinux {
       extraGroups = ["wheel"];
       isNormalUser = true;
       hashedPasswordFile = config.age.secrets.sethPassword.path;
-    });
+    };
 
   programs.fish.enable = true;
 
   home-manager.users.seth = {
-    imports = [./.];
+    imports =
+      [
+        ./.
+        ./desktop
+      ]
+      ++ lib.optionals pkgs.stdenv.isLinux [
+        ./programs/chromium.nix
+        ./programs/firefox
+        ./programs/mangohud.nix
+      ];
+
     nixpkgs.overlays = config.nixpkgs.overlays;
   };
 }