From 5bed1336c05796d2335c7bebedd038591483f105 Mon Sep 17 00:00:00 2001
From: Jelle Spreeuwenberg <mail@jelles.net>
Date: Tue, 21 Apr 2026 00:59:54 +0200
Subject: [PATCH] refactor: move from den based to flake-parts based

---
 AGENTS.md                                 | 130 ++++----
 flake.lock                                | 208 +++---------
 flake.nix                                 |  20 +-
 modules/bundles.nix                       |  50 ---
 modules/defaults.nix                      |  23 --
 modules/den.nix                           |   9 -
 modules/features/_noctalia-config.nix     |  34 +-
 modules/features/audio.nix                |   2 +-
 modules/features/bitwarden.nix            |  33 +-
 modules/features/bluetooth.nix            |   2 +-
 modules/features/clipboard.nix            |   2 +-
 modules/features/desktop-base.nix         |  35 ++
 modules/features/dev-tools.nix            |   2 +-
 modules/features/email.nix                | 165 +++++-----
 modules/features/flatpak.nix              |   4 +-
 modules/features/fonts.nix                |   2 +-
 modules/features/gemini.nix               |  20 +-
 modules/features/git.nix                  |  46 +--
 modules/features/local-apps.nix           |   2 +-
 modules/features/mpv.nix                  |  88 +++--
 modules/features/neovim/default.nix       |  15 +-
 modules/features/networking.nix           |   8 +-
 modules/features/niri.nix                 | 374 ----------------------
 modules/features/niri/_bindings.nix       | 207 ++++++++++++
 modules/features/niri/default.nix         | 103 ++++++
 modules/features/nix.nix                  |  91 +++---
 modules/features/noctalia.nix             |  10 +-
 modules/features/pim.nix                  | 141 ++++----
 modules/features/pinentry.nix             |   7 -
 modules/features/podman.nix               |   8 +-
 modules/features/printing.nix             |   2 +-
 modules/features/qbittorrent-client.nix   |  27 +-
 modules/features/region-nl.nix            |   2 +-
 modules/features/sddm.nix                 |  25 +-
 modules/features/services/actual.nix      |  31 +-
 modules/features/services/caddy.nix       |   7 +-
 modules/features/services/deluge.nix      |  30 +-
 modules/features/services/gitea.nix       |  48 ++-
 modules/features/services/openssh.nix     | 104 ++----
 modules/features/services/qbittorrent.nix |  14 +-
 modules/features/services/radicale.nix    |  46 ++-
 modules/features/services/vaultwarden.nix |  11 +-
 modules/features/shell.nix                | 304 ++++++++----------
 modules/features/sops-password.nix        |  14 -
 modules/features/ssh.nix                  |  39 +--
 modules/features/standard-boot.nix        |  20 ++
 modules/features/steam.nix                |  14 +-
 modules/features/syncthing.nix            |  87 +++--
 modules/features/system-base.nix          |   2 +-
 modules/features/terminal.nix             | 141 ++++----
 modules/features/theme.nix                |  90 +++---
 modules/features/vicinae.nix              | 115 +++----
 modules/features/xdg.nix                  |  83 +++--
 modules/flake-parts.nix                   |  36 +++
 modules/hosts/orion/_disk.nix             |  51 +++
 modules/hosts/orion/_hardware.nix         |  22 ++
 modules/hosts/orion/default.nix           | 103 +++---
 modules/hosts/orion/disk.nix              |  63 ----
 modules/hosts/orion/hardware.nix          |  38 ---
 modules/hosts/polaris/_hardware.nix       |  44 +++
 modules/hosts/polaris/default.nix         | 140 ++++----
 modules/hosts/polaris/hardware.nix        |  50 ---
 modules/hosts/zenith/_hardware.nix        |  36 +++
 modules/hosts/zenith/default.nix          |  92 +++---
 modules/hosts/zenith/hardware.nix         |  46 ---
 modules/infra.nix                         | 109 -------
 modules/schema.nix                        | 135 --------
 modules/secrets/sops.nix                  | 123 +++----
 modules/users.nix                         |  85 +++++
 modules/users/ergon.nix                   |  19 --
 modules/users/kiri.nix                    |  15 -
 71 files changed, 1832 insertions(+), 2472 deletions(-)
 delete mode 100644 modules/bundles.nix
 delete mode 100644 modules/defaults.nix
 delete mode 100644 modules/den.nix
 create mode 100644 modules/features/desktop-base.nix
 delete mode 100644 modules/features/niri.nix
 create mode 100644 modules/features/niri/_bindings.nix
 create mode 100644 modules/features/niri/default.nix
 delete mode 100644 modules/features/pinentry.nix
 delete mode 100644 modules/features/sops-password.nix
 create mode 100644 modules/features/standard-boot.nix
 create mode 100644 modules/flake-parts.nix
 create mode 100644 modules/hosts/orion/_disk.nix
 create mode 100644 modules/hosts/orion/_hardware.nix
 delete mode 100644 modules/hosts/orion/disk.nix
 delete mode 100644 modules/hosts/orion/hardware.nix
 create mode 100644 modules/hosts/polaris/_hardware.nix
 delete mode 100644 modules/hosts/polaris/hardware.nix
 create mode 100644 modules/hosts/zenith/_hardware.nix
 delete mode 100644 modules/hosts/zenith/hardware.nix
 delete mode 100644 modules/infra.nix
 delete mode 100644 modules/schema.nix
 create mode 100644 modules/users.nix
 delete mode 100644 modules/users/ergon.nix
 delete mode 100644 modules/users/kiri.nix

diff --git a/AGENTS.md b/AGENTS.md
index 707b1ea..fac6a34 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -1,101 +1,83 @@
 # Repository Guidelines
 
 ## Project Structure & Module Organization
-This repository is a Den-based NixOS flake. `flake.nix` evaluates `./modules` through `import-tree`, so normal `.nix` files under `modules/` are auto-imported.
+This repository is a simplified `flake-parts` NixOS flake. `flake.nix` imports `./modules` through `import-tree`, so normal `.nix` files under `modules/` are loaded automatically unless their file or directory name starts with `_`.
 
-- `modules/den.nix` imports the Den flake module and the `lux` namespace.
-- `modules/defaults.nix` sets repo-wide Den defaults, enables `den._.mutual-provider`, and configures `den.ctx.hm-host`.
-- `modules/schema.nix` defines the custom Den host and user schema used by this repo.
-- `modules/infra.nix` defines `den.hosts.x86_64-linux.<name>`, each host entity's `users` attrset, and the host/user data attached to those entities.
-- `modules/bundles.nix` defines bundle aspects that group other aspects. A bundle aspect may exist only to compose `includes`; `local-session` is an example.
-- `modules/hosts/` contains host-specific composition and hardware data for `orion`, `polaris`, and `zenith`.
-- `modules/features/` contains reusable aspects. In this repo, "feature" is only a directory label, not a Den primitive.
-- `modules/users/` defines per-user aspects.
-- `modules/secrets/` wires `sops-nix` and stores the encrypted `secrets.yaml`.
-- `.agents/den/` is a local checkout of Den with source, docs, and examples.
+- `modules/flake-parts.nix` defines the `flake-parts` setup, formatter, and the exported `nixosConfigurations`.
+- `modules/hosts/<name>/default.nix` defines one top-level `flake.modules.nixos.<host>` module and assembles that machine by importing reusable features, user modules, and host-local helpers.
+- `modules/hosts/<name>/_*.nix` are private host-local helper modules such as hardware and disk layout files.
+- `modules/users/<name>.nix` defines one reusable NixOS user module and the baseline Home Manager imports for that account.
+- `modules/features/*.nix` contains reusable NixOS and Home Manager feature modules.
+- `modules/features/<feature>/default.nix` is used when a feature needs private helper files, for example `niri/_bindings.nix`.
+- `modules/features/services/*.nix` contains reusable service-oriented NixOS modules.
+- `modules/secrets/sops.nix` wires `sops-nix` for both NixOS and Home Manager.
+- `modules/secrets/secrets.yaml` stores encrypted secrets, with `.sops.yaml` defining SOPS creation rules.
+- `modules/_treefmt.nix` configures repository formatting.
 
-Keep host files thin. Shared behavior belongs in `modules/features/` or `modules/bundles.nix`.
-When Den behavior is unclear, read `.agents/den/modules/` and `.agents/den/nix/lib/` first. Use `.agents/den/templates/ci/` as example code. Use `.agents/den/docs/` only for design rationale, terminology, and usage guidance.
-Do not infer Den behavior from surface symptoms or from where an aspect is included; reason from the actual context pipeline.
+Keep host files thin. Shared behavior belongs in `modules/features/` or `modules/users/`. Host files should mainly compose imports and hold host-only settings such as monitor layouts, hardware quirks, boot tweaks, and machine-local firewall or service choices.
 
-## Den Mental Model
-Den is aspect-first and context-driven.
+## Mental Model
+This repo is direct module composition around `flake.modules`, not the old inventory-driven dendritic design.
 
-- Host, user, and home are entity kinds in Den. This repo defines host and user entities; it does not define standalone home entities under `modules/`.
-- An aspect is the unit of behavior. A single aspect may define `nixos`, `homeManager`, `darwin`, `user`, or other class fragments for one concern.
-- A context stage applies a resolved aspect to a context; Den then follows `into.*` and `provides.*`.
-- `homeManager` is a forwarding class.
+- Reusable building blocks are exposed as `flake.modules.nixos.<name>` and `flake.modules.homeManager.<name>`.
+- Host modules are the composition root. They import the reusable NixOS modules they need, enable Home Manager, and add any host-specific Home Manager imports inline.
+- User modules define the Unix user plus that account’s baseline Home Manager setup.
+- There is no `config.repo`, inventory schema, profiles layer, or attachment builder anymore.
 
 In practice:
 
-- Including an aspect does not by itself create a forwarding path.
-- Parametric matching does not by itself create a forwarding path.
-- A class fragment reaches its final option path only if a context stage or forwarding class actually puts it there.
-- If you cannot name the context stage and forwarding path, treat the claim as unverified.
+- Prefer importing a feature module directly over inventing a repo-local option just to toggle it.
+- Put cross-host reusable behavior in `modules/features/`.
+- Put account-specific defaults in `modules/users/`.
+- Keep private helper files `_`-prefixed so `import-tree` does not expose them as top-level modules.
+- Match the existing split between NixOS composition in host modules and Home Manager composition in user or host modules.
 
-## Den Context Stages And Forwarding Mechanisms
-These are the mechanisms most relevant to the context pipeline in this repo.
+## Current Host Composition
+There are three exported hosts:
 
-- `den.ctx.host`: host context stage; applies `fixedTo { host; } host.aspect`
-- `den.ctx.user`: user context stage from `den.ctx.host.into.user`; applies `fixedTo { host; user; } user.aspect`
-- `den._.mutual-provider`: battery included on `den.ctx.user` in this repo; routes host-to-user and user-to-host through `provides.<name>`, host-to-all-users through `provides.to-users`, user-to-hosts through `provides.to-hosts`, and user-to-other-users on the same host through the same user context pipeline. In Den generally it also has standalone-home behavior, but this repo does not use standalone `den.homes`
-- `den.ctx.hm-host` / `den.ctx.hm-user`: derived home-env context stages
-- `den._.define-user`: battery included by `den.default` in this repo; defines base OS user fields and base `homeManager.home.username` / `home.homeDirectory` fields
-- `homeManager`: forwarding class into `home-manager.users.<name>`
-- `den._.os-user`: framework battery forwarding the `user` class into `users.users.<name>`; useful in Den generally, but not used in this repo today
-- `den._.forward`: battery for custom class/path forwarding
+- `orion`: server-oriented host with `kiri`, SOPS, and service modules such as Caddy, Gitea, Vaultwarden, Radicale, Actual, and OpenSSH.
+- `polaris`: graphical desktop host with `kiri` and `ergon`, hardware imports, Niri, Steam, local desktop features, and host-specific monitor layout.
+- `zenith`: graphical laptop host with `kiri` and `ergon`, Niri, laptop hardware support, firmware updates, and host-specific monitor layout.
 
-## Den Helper Functions
-These are the Den helpers that matter most in this repo.
+When adjusting user-facing software, check whether it belongs in:
 
-- `den.lib.perHost`: exact `{ host }` wrapper
-- `den.lib.perUser`: exact `{ host, user }` wrapper
-- `den.lib.perHome`: exact `{ home }` wrapper; not used by this flake today
-- `den.lib.parametric`: explicit parametric wrapper; default matching is `atLeast`
-- `den.lib.parametric.exactly`: explicit exact-match wrapper
+- a user baseline in `modules/users/<name>.nix`
+- a reusable Home Manager feature in `modules/features/*.nix`
+- a host-local extension inside `modules/hosts/<name>/default.nix`
 
-## Den Forwarding Proof Obligation
-When making or reviewing any Den forwarding change, do not infer behavior from where code is declared or included.
-
-You must identify all four of these explicitly:
-
-1. Source: which aspect actually owns the class fragment?
-2. Context stage: which `den.ctx.*` stage applies it?
-3. Destination: which final evaluated option path should contain the result?
-4. Mechanism: which `into.*` transition reaches the context stage, and which class application, `provides.*`, forwarding class, or `den._.forward` step places it at the destination?
-
-If any of those answers are missing, unclear, or based on analogy, treat the claim as unverified.
-
-Before presenting a forwarding claim as a recommendation or review finding, verify it at the evaluated destination with `nix eval`.
-
-Minimum checks:
-
-- host-selected `homeManager` behavior: inspect `nixosConfigurations.<host>.config.home-manager.users.<user>`
-- OS user forwarding via `user` class: inspect `nixosConfigurations.<host>.config.users.users.<user>`
-- mutual host/user forwarding through `provides.<name>`, `provides.to-users`, or `provides.to-hosts`: inspect the final destination option, not the declaration site
-- custom forwarding through `den._.forward`: inspect the exact target path created by the forwarder
+Be careful not to move host-specific Home Manager imports into a user baseline unless that behavior should apply on every host that imports that user module.
 
 ## Validation And Development Commands
 Run commands from the repository root.
 
-- `nix build --no-link --show-trace .#nixosConfigurations.<host>.config.system.build.toplevel`: baseline validation for one host without activation and without creating a `result` symlink.
-- `nix build --no-link --show-trace .#nixosConfigurations.orion.config.system.build.toplevel .#nixosConfigurations.polaris.config.system.build.toplevel .#nixosConfigurations.zenith.config.system.build.toplevel`: validate all currently defined hosts in one invocation.
-- `nixos-rebuild build --flake .#<host>`: use the standard rebuild path without activation when you specifically want `nixos-rebuild` semantics.
-- `nix fmt`: format Nix files using the flake-provided `nixfmt` formatter.
-- `nix eval .#nixosConfigurations.<host>.config.<option>`: inspect a single option while iterating.
+- `nix build --no-link --show-trace .#nixosConfigurations.<host>.config.system.build.toplevel`: baseline validation for one host.
+- `nix build --no-link --show-trace .#nixosConfigurations.orion.config.system.build.toplevel .#nixosConfigurations.polaris.config.system.build.toplevel .#nixosConfigurations.zenith.config.system.build.toplevel`: validate all defined hosts in one invocation.
+- `nixos-rebuild build --flake .#<host>`: use when you specifically want `nixos-rebuild` semantics without activation.
+- `nix eval --json .#nixosConfigurations.<host>.config.<option>`: inspect a single evaluated option while iterating.
+- `nix fmt`: format the repository using the flake-provided formatter from `modules/_treefmt.nix`.
+- `nix store diff-closures <old> <new>`: compare built system closures when reviewing refactors for parity or regressions.
 
-This repo does not define a `checks` output or a first-party test suite. Treat evaluation and build-only checks as the baseline. `nix flake check` is therefore not the baseline validation command here. `nixos-rebuild dry-activate` is not a baseline validation command either: it is activation-oriented, applies to the target system being rebuilt, and its own help text says the reported change set is not guaranteed to be complete.
-
-For Den context-stage or forwarding changes, use the destination checks above.
+This repo does not define a first-party `checks` output. Validation is primarily host builds plus targeted `nix eval` checks.
 
 ## Coding Style & Naming Conventions
-Use two-space indentation and standard Nix attrset formatting. Prefer small `let` bindings, lowerCamelCase local names, and lowercase file names such as `sops-password.nix`. Match the surrounding module style instead of reformatting unrelated code.
+Use two-space indentation and standard Nix attrset formatting. Prefer small `let` bindings, lowerCamelCase local names, and lowercase file names.
 
-Prefer Den composition through `includes`; avoid host-specific duplication when a reusable aspect or bundle aspect is clearer.
-Keep the configuration aspect-first. When a class fragment must cross context boundaries, express that through an explicit forwarding mechanism instead of relying on implicit host/user propagation.
+- Define reusable modules as `flake.modules.nixos.<name>` or `flake.modules.homeManager.<name>`.
+- Keep one obvious feature per file or directory.
+- Use `default.nix` only when the feature needs private helper files alongside it.
+- Match surrounding style instead of reformatting unrelated code.
+- Prefer explicit host imports over hidden indirection.
 
 ## Commit
-Follow the history style: short imperative subjects, optionally with a conventional prefix, for example `refactor: restructure openssh config`. Keep each commit focused on one concern.
+Follow the existing history style: short imperative subjects, optionally with a conventional prefix, for example `refactor: simplify host composition`.
 
 ## Security & Configuration Tips
-Never commit plaintext secrets. Add or update secrets through `modules/secrets/secrets.yaml` and reference them via `config.sops.secrets.<name>.path`. Be explicit about firewall, SSH, disk, boot, or firmware changes; those are the highest-risk edits here.
+Never commit plaintext secrets. Add or update secrets through `modules/secrets/secrets.yaml` and reference them via `config.sops.secrets.<name>.path`.
+
+Be explicit and cautious with changes to:
+
+- firewall and OpenSSH settings
+- disk layout and boot configuration
+- SOPS key handling and admin user access
+- firmware, hardware, and authentication settings
+- host-vs-user module boundaries, because it is easy to accidentally broaden behavior to the wrong machines
diff --git a/flake.lock b/flake.lock
index 599d3b6..faba67f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,21 +1,5 @@
 {
   "nodes": {
-    "den": {
-      "locked": {
-        "lastModified": 1776133621,
-        "narHash": "sha256-RNbDvS6voiq2GalVHRt6w2EpdlEmmCjUAb6fvPO9PnE=",
-        "owner": "vic",
-        "repo": "den",
-        "rev": "927f4d8e2be40d05c976a91bbec66238c622bbf5",
-        "type": "github"
-      },
-      "original": {
-        "owner": "vic",
-        "ref": "v0.16.0",
-        "repo": "den",
-        "type": "github"
-      }
-    },
     "disko": {
       "inputs": {
         "nixpkgs": "nixpkgs"
@@ -35,22 +19,6 @@
       }
     },
     "flake-compat": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1751685974,
-        "narHash": "sha256-NKw96t+BgHIYzHUjkTK95FqYRVKB8DHpVhefWSz/kTw=",
-        "ref": "refs/heads/main",
-        "rev": "549f2762aebeff29a2e5ece7a7dc0f955281a1d1",
-        "revCount": 92,
-        "type": "git",
-        "url": "https://git.lix.systems/lix-project/flake-compat.git"
-      },
-      "original": {
-        "type": "git",
-        "url": "https://git.lix.systems/lix-project/flake-compat.git"
-      }
-    },
-    "flake-compat_2": {
       "flake": false,
       "locked": {
         "lastModified": 1767039857,
@@ -84,27 +52,6 @@
         "type": "github"
       }
     },
-    "flake-parts_2": {
-      "inputs": {
-        "nixpkgs-lib": [
-          "nvf",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1769996383,
-        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "type": "github"
-      }
-    },
     "home-manager": {
       "inputs": {
         "nixpkgs": "nixpkgs_2"
@@ -157,43 +104,6 @@
         "url": "ssh://gitea@orion/kiri/lux-pkgs"
       }
     },
-    "mnw": {
-      "locked": {
-        "lastModified": 1770419553,
-        "narHash": "sha256-b1XqsH7AtVf2dXmq2iyRr2NC1yG7skY7Z6N2MpWHlK4=",
-        "owner": "Gerg-L",
-        "repo": "mnw",
-        "rev": "2aaffa8030d0b262176146adbb6b0e6374ce2957",
-        "type": "github"
-      },
-      "original": {
-        "owner": "Gerg-L",
-        "repo": "mnw",
-        "type": "github"
-      }
-    },
-    "ndg": {
-      "inputs": {
-        "nixpkgs": [
-          "nvf",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1768214250,
-        "narHash": "sha256-hnBZDQWUxJV3KbtvyGW5BKLO/fAwydrxm5WHCWMQTbw=",
-        "owner": "feel-co",
-        "repo": "ndg",
-        "rev": "a6bd3c1ce2668d096e4fdaaa03ad7f03ba1fbca8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "feel-co",
-        "ref": "refs/tags/v2.6.0",
-        "repo": "ndg",
-        "type": "github"
-      }
-    },
     "niri": {
       "inputs": {
         "niri-stable": "niri-stable",
@@ -331,22 +241,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-stable_2": {
-      "locked": {
-        "lastModified": 1776067740,
-        "narHash": "sha256-B35lpsqnSZwn1Lmz06BpwF7atPgFmUgw1l8KAV3zpVQ=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "7e495b747b51f95ae15e74377c5ce1fe69c1765f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-25.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixpkgs_10": {
       "locked": {
         "lastModified": 1768564909,
@@ -457,22 +351,6 @@
       }
     },
     "nixpkgs_8": {
-      "locked": {
-        "lastModified": 1774386573,
-        "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_9": {
       "locked": {
         "lastModified": 1775888245,
         "narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=",
@@ -488,6 +366,22 @@
         "type": "github"
       }
     },
+    "nixpkgs_9": {
+      "locked": {
+        "lastModified": 1776329215,
+        "narHash": "sha256-a8BYi3mzoJ/AcJP8UldOx8emoPRLeWqALZWu4ZvjPXw=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "b86751bc4085f48661017fa226dee99fab6c651b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "noctalia": {
       "inputs": {
         "nixpkgs": "nixpkgs_7",
@@ -530,33 +424,13 @@
         "type": "github"
       }
     },
-    "nvf": {
-      "inputs": {
-        "flake-compat": "flake-compat",
-        "flake-parts": "flake-parts_2",
-        "mnw": "mnw",
-        "ndg": "ndg",
-        "nixpkgs": "nixpkgs_8",
-        "systems": "systems_2"
-      },
-      "locked": {
-        "lastModified": 1776331518,
-        "narHash": "sha256-Hj6Rqmyv7f2CkQN4f3NLnK0VUJM/ypfHIrkGckA4WQA=",
-        "owner": "notashelf",
-        "repo": "nvf",
-        "rev": "39416a521dbbc3b722de1bb3607cddaa1e698f4a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "notashelf",
-        "repo": "nvf",
-        "type": "github"
-      }
-    },
     "root": {
       "inputs": {
-        "den": "den",
         "disko": "disko",
+        "flake-parts": [
+          "lux-pkgs",
+          "flake-parts"
+        ],
         "home-manager": "home-manager",
         "import-tree": "import-tree",
         "lux-pkgs": "lux-pkgs",
@@ -564,16 +438,15 @@
         "nix-wrapper-modules": "nix-wrapper-modules",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs_6",
-        "nixpkgs-stable": "nixpkgs-stable_2",
         "noctalia": "noctalia",
-        "nvf": "nvf",
         "sops-nix": "sops-nix",
+        "treefmt-nix": "treefmt-nix_2",
         "vicinae-extensions": "vicinae-extensions"
       }
     },
     "sops-nix": {
       "inputs": {
-        "nixpkgs": "nixpkgs_9"
+        "nixpkgs": "nixpkgs_8"
       },
       "locked": {
         "lastModified": 1776119890,
@@ -619,21 +492,6 @@
         "type": "github"
       }
     },
-    "systems_3": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
     "treefmt-nix": {
       "inputs": {
         "nixpkgs": [
@@ -656,6 +514,24 @@
         "type": "github"
       }
     },
+    "treefmt-nix_2": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_9"
+      },
+      "locked": {
+        "lastModified": 1775636079,
+        "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    },
     "vicinae": {
       "inputs": {
         "nixpkgs": [
@@ -683,9 +559,9 @@
     },
     "vicinae-extensions": {
       "inputs": {
-        "flake-compat": "flake-compat_2",
+        "flake-compat": "flake-compat",
         "nixpkgs": "nixpkgs_10",
-        "systems": "systems_3",
+        "systems": "systems_2",
         "vicinae": "vicinae"
       },
       "locked": {
diff --git a/flake.nix b/flake.nix
index 551ab85..167538b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,18 +2,17 @@
   description = "NixOS Configuration";
 
   inputs = {
-    den.url = "github:vic/den/v0.16.0";
     disko.url = "github:nix-community/disko";
+    flake-parts.follows = "lux-pkgs/flake-parts";
     home-manager.url = "github:nix-community/home-manager";
     import-tree.url = "github:vic/import-tree";
     niri.url = "github:sodiboo/niri-flake";
     nix-wrapper-modules.url = "github:BirdeeHub/nix-wrapper-modules";
     nixos-hardware.url = "github:NixOS/nixos-hardware/master";
     nixpkgs.url = "https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz";
-    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
     noctalia.url = "github:noctalia-dev/noctalia-shell";
-    nvf.url = "github:notashelf/nvf";
     sops-nix.url = "github:Mic92/sops-nix";
+    treefmt-nix.url = "github:numtide/treefmt-nix";
 
     #vicinae.url = "github:vicinaehq/vicinae";
     vicinae-extensions.url = "github:vicinaehq/extensions";
@@ -21,18 +20,5 @@
     lux-pkgs.url = "git+ssh://gitea@orion/kiri/lux-pkgs";
   };
 
-  outputs =
-    inputs:
-    let
-      flake = (inputs.nixpkgs.lib.evalModules {
-        modules = [ (inputs.import-tree ./modules) ];
-        specialArgs.inputs = inputs;
-      }).config.flake;
-    in
-    flake
-    // {
-      formatter = inputs.nixpkgs.lib.genAttrs flake.den.systems (
-        system: inputs.nixpkgs.legacyPackages.${system}.nixfmt
-      );
-    };
+  outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } (inputs.import-tree ./modules);
 }
diff --git a/modules/bundles.nix b/modules/bundles.nix
deleted file mode 100644
index f2d3677..0000000
--- a/modules/bundles.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{ den, lux, ... }:
-{
-  lux.bundles._.local-session = {
-    includes = with lux; [
-      nix
-      region-nl
-      sddm
-      niri
-      audio
-      bluetooth
-      clipboard
-      flatpak
-      fonts
-      local-apps
-      networking
-      pinentry
-      printing
-      qbittorrent-client
-      system-base
-      vicinae
-      xdg
-      theme
-      noctalia
-    ];
-  };
-
-  lux.bundles._.local-session-user = {
-    includes = with lux; [
-      nix
-      niri
-      clipboard
-      local-apps
-      pinentry
-      qbittorrent-client
-      vicinae
-      xdg
-      theme
-      noctalia
-    ];
-  };
-
-  lux.bundles._.development = {
-    includes = with lux; [
-      git
-      dev-tools
-      podman
-      gemini
-    ];
-  };
-}
diff --git a/modules/defaults.nix b/modules/defaults.nix
deleted file mode 100644
index 479c11b..0000000
--- a/modules/defaults.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ den, ... }:
-let
-  configState = "24.05";
-in
-{
-  den.default = {
-    includes = [
-      den._.define-user
-      den._.hostname
-    ];
-
-    nixos.system.stateVersion = configState;
-    homeManager.home.stateVersion = configState;
-  };
-
-  den.ctx.user.includes = [ den._.mutual-provider ];
-  _module.args.__findFile = den.lib.__findFile;
-
-  den.ctx.hm-host.nixos.home-manager = {
-    useGlobalPkgs = true;
-    backupFileExtension = "bak";
-  };
-}
diff --git a/modules/den.nix b/modules/den.nix
deleted file mode 100644
index af98da2..0000000
--- a/modules/den.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ inputs, den, ... }:
-{
-  imports = [
-    inputs.den.flakeModule
-    (inputs.den.namespace "lux" true)
-  ];
-
-  flake.den = den;
-}
diff --git a/modules/features/_noctalia-config.nix b/modules/features/_noctalia-config.nix
index 95c23c6..c19f6bc 100644
--- a/modules/features/_noctalia-config.nix
+++ b/modules/features/_noctalia-config.nix
@@ -3,7 +3,7 @@
   bar = {
     barType = "simple";
     position = "top";
-    monitors = [];
+    monitors = [ ];
     density = "default";
     showOutline = false;
     showCapsule = false;
@@ -69,13 +69,13 @@
       ];
       right = [
         {
-          blacklist = [];
+          blacklist = [ ];
           chevronColor = "none";
           colorizeIcons = false;
           drawerEnabled = true;
           hidePassive = false;
           id = "Tray";
-          pinned = [];
+          pinned = [ ];
         }
         {
           displayMode = "onhover";
@@ -95,7 +95,7 @@
         }
       ];
     };
-    screenOverrides = [];
+    screenOverrides = [ ];
   };
   general = {
     avatarImage = "/home/kiri/.face";
@@ -130,7 +130,7 @@
     clockStyle = "custom";
     clockFormat = "hh\\nmm";
     passwordChars = false;
-    lockScreenMonitors = [];
+    lockScreenMonitors = [ ];
     lockScreenBlur = 0;
     lockScreenTint = 0;
     keybinds = {
@@ -210,7 +210,7 @@
     enabled = true;
     overviewEnabled = false;
     directory = "/home/kiri/media/images/wallpapers";
-    monitorDirectories = [];
+    monitorDirectories = [ ];
     enableMultiMonitorDirectories = false;
     showHiddenFiles = false;
     viewMode = "recursive";
@@ -242,7 +242,7 @@
     wallhavenResolutionWidth = "";
     wallhavenResolutionHeight = "";
     sortOrder = "name";
-    favorites = [];
+    favorites = [ ];
   };
   appLauncher = {
     enableClipboardHistory = true;
@@ -252,7 +252,7 @@
     clipboardWatchTextCommand = "wl-paste --type text --watch cliphist store";
     clipboardWatchImageCommand = "wl-paste --type image --watch cliphist store";
     position = "top_center";
-    pinnedApps = [];
+    pinnedApps = [ ];
     useApp2Unit = false;
     sortByMostUsed = true;
     terminalCommand = "kitty -e";
@@ -362,8 +362,8 @@
     floatingRatio = 1;
     size = 1;
     onlySameOutput = true;
-    monitors = [];
-    pinnedApps = [];
+    monitors = [ ];
+    pinnedApps = [ ];
     colorizeIcons = false;
     showLauncherIcon = false;
     launcherPosition = "end";
@@ -454,7 +454,7 @@
     enabled = true;
     enableMarkdown = false;
     density = "default";
-    monitors = [];
+    monitors = [ ];
     location = "top_right";
     overlayLayer = true;
     backgroundOpacity = 1;
@@ -492,14 +492,14 @@
       1
       2
     ];
-    monitors = [];
+    monitors = [ ];
   };
   audio = {
     volumeStep = 5;
     volumeOverdrive = false;
     cavaFrameRate = 30;
     visualizerType = "linear";
-    mprisBlacklist = [];
+    mprisBlacklist = [ ];
     preferredPlayer = "";
     volumeFeedback = false;
     volumeFeedbackSoundFile = "";
@@ -508,7 +508,7 @@
     brightnessStep = 5;
     enforceMinimum = true;
     enableDdcSupport = false;
-    backlightDeviceMappings = [];
+    backlightDeviceMappings = [ ];
   };
   colorSchemes = {
     useWallpaperColors = false;
@@ -521,7 +521,7 @@
     monitorForColors = "";
   };
   templates = {
-    activeTemplates = [];
+    activeTemplates = [ ];
     enableUserTheming = false;
   };
   nightLight = {
@@ -559,6 +559,6 @@
     enabled = false;
     overviewEnabled = true;
     gridSnap = false;
-    monitorWidgets = [];
+    monitorWidgets = [ ];
   };
-}
\ No newline at end of file
+}
diff --git a/modules/features/audio.nix b/modules/features/audio.nix
index 5932fb2..cba7e43 100644
--- a/modules/features/audio.nix
+++ b/modules/features/audio.nix
@@ -1,5 +1,5 @@
 {
-  lux.audio.nixos = {
+  flake.modules.nixos.audio = {
     security.rtkit.enable = true;
     services.pipewire = {
       enable = true;
diff --git a/modules/features/bitwarden.nix b/modules/features/bitwarden.nix
index a4fdc69..95854a1 100644
--- a/modules/features/bitwarden.nix
+++ b/modules/features/bitwarden.nix
@@ -1,25 +1,14 @@
-{ den, lib, ... }:
-let
-  getPrimaryEmail =
-    user:
-    (lib.findFirst (email: email.primary) (throw "Missing primary email for ${user.userName}") (builtins.attrValues user.emails)).address;
-in
+{ ... }:
 {
-  lux.bitwarden = den.lib.parametric {
-    includes = [
-      (
-        { host, user }:
-        {
-          homeManager.programs.rbw.settings = {
-            email = getPrimaryEmail user;
-            base_url = "https://vault.${host.serviceDomain}";
-          };
-        }
-      )
-    ];
-
-    homeManager = {
-      programs.rbw.enable = true;
+  flake.modules.homeManager.bitwarden =
+    { pkgs, ... }:
+    {
+      programs.rbw = {
+        enable = true;
+        settings = {
+          base_url = "https://vault.jelles.net";
+          pinentry = pkgs.pinentry-gnome3;
+        };
+      };
     };
-  };
 }
diff --git a/modules/features/bluetooth.nix b/modules/features/bluetooth.nix
index 6f28412..7b654ac 100644
--- a/modules/features/bluetooth.nix
+++ b/modules/features/bluetooth.nix
@@ -1,5 +1,5 @@
 {
-  lux.bluetooth.nixos = {
+  flake.modules.nixos.bluetooth = {
     hardware.bluetooth.enable = true;
     services.blueman.enable = true;
   };
diff --git a/modules/features/clipboard.nix b/modules/features/clipboard.nix
index b4fa66c..715d33e 100644
--- a/modules/features/clipboard.nix
+++ b/modules/features/clipboard.nix
@@ -1,5 +1,5 @@
 {
-  lux.clipboard.homeManager =
+  flake.modules.homeManager.clipboard =
     { pkgs, ... }:
     {
       home.packages = [ pkgs.wl-clipboard ];
diff --git a/modules/features/desktop-base.nix b/modules/features/desktop-base.nix
new file mode 100644
index 0000000..b5e381e
--- /dev/null
+++ b/modules/features/desktop-base.nix
@@ -0,0 +1,35 @@
+{ inputs, config, ... }:
+let
+  nixosModules = config.flake.modules.nixos;
+in
+{
+  flake.modules.nixos.desktopBase = {
+    imports = [
+      inputs.home-manager.nixosModules.home-manager
+      nixosModules.nix
+      nixosModules.systemBase
+      nixosModules.standardBoot
+      nixosModules.regionNl
+      nixosModules.sddm
+      nixosModules.niri
+      nixosModules.audio
+      nixosModules.bluetooth
+      nixosModules.flatpak
+      nixosModules.fonts
+      nixosModules.networking
+      nixosModules.printing
+      nixosModules.qbittorrentClient
+      nixosModules.sopsHost
+    ];
+
+    home-manager = {
+      useGlobalPkgs = true;
+      backupFileExtension = "bak";
+      extraSpecialArgs = { inherit inputs; };
+    };
+
+    security.sudo.extraConfig = ''
+      Defaults env_keep+=SSH_AUTH_SOCK
+    '';
+  };
+}
diff --git a/modules/features/dev-tools.nix b/modules/features/dev-tools.nix
index e40c026..9bd1bae 100644
--- a/modules/features/dev-tools.nix
+++ b/modules/features/dev-tools.nix
@@ -1,5 +1,5 @@
 {
-  lux.dev-tools.homeManager =
+  flake.modules.homeManager.devTools =
     { config, ... }:
     {
       home.sessionVariables.CARGO_HOME = "${config.xdg.dataHome}/cargo";
diff --git a/modules/features/email.nix b/modules/features/email.nix
index 75cb41a..23f0718 100644
--- a/modules/features/email.nix
+++ b/modules/features/email.nix
@@ -1,84 +1,99 @@
-{ den, lib, ... }:
+{ ... }:
 {
-  lux.email = den.lib.perUser (
-    { user, ... }:
+  flake.modules.homeManager.email =
+    { config, ... }:
     let
-      mkEmailAccount =
-        _: email:
+      realName = "Jelle Spreeuwenberg";
+      mkOffice365Account =
+        {
+          address,
+          primary,
+        }:
         {
           enable = true;
-          address = email.address;
-          primary = email.primary;
-          realName = user.realName;
-          userName = email.address;
-          thunderbird =
-            {
-              enable = true;
-            }
-            // lib.optionalAttrs (email.kind == "office365") {
-              settings = id: {
-                "mail.smtpserver.smtp_${id}.authMethod" = 10;
-                "mail.server.server_${id}.authMethod" = 10;
-              };
-            };
-        }
-        // (
-          if email.kind == "mxrouting" then
-            {
-              imap = {
-                authentication = "plain";
-                host = "taylor.mxrouting.net";
-                port = 993;
-                tls.enable = true;
-              };
-              smtp = {
-                authentication = "plain";
-                host = "taylor.mxrouting.net";
-                port = 465;
-                tls.enable = true;
-              };
-            }
-          else
-            {
-              flavor = "outlook.office365.com";
-            }
-        );
-    in
-    {
-      homeManager = { ... }: {
-          programs.thunderbird = {
+          inherit address primary realName;
+          userName = address;
+          thunderbird = {
             enable = true;
-            profiles.${user.name} = {
-              isDefault = true;
-              withExternalGnupg = true;
-              settings = {
-                # LAYOUT: Force 3-Pane Vertical View (Folders | List | Message)
-                "mail.ui.display.message_pane_vertical" = true;
-
-                # APPEARANCE: Enable "Cards View" (modern multi-line list)
-                # Note: 'cards' is the value for the new view
-                "mail.ui.display.thread_pane_view_type" = "cards";
-
-                # DENSITY: "Compact" is usually cleaner for tech-savvy users
-                "mail.uidensity" = 1; # 0=Default, 1=Compact, 2=Touch
-
-                # PRIVACY & CLEANUP
-                "privacy.donottrackheader.enabled" = true;
-                "mail.server.server2.hidden" = true; # Hide "Local Folders"
-
-                # Start page disable for faster boot
-                "mailnews.start_page.enabled" = false;
-
-                # Disable the "Get a new email address" feature in account manager
-                "mail.provider.enabled" = false;
-
-                "layout.css.devPixelsPerPx" = 0.85;
-              };
+            settings = id: {
+              "mail.smtpserver.smtp_${id}.authMethod" = 10;
+              "mail.server.server_${id}.authMethod" = 10;
             };
           };
-
-          accounts.email.accounts = lib.mapAttrs mkEmailAccount user.emails;
+          flavor = "outlook.office365.com";
         };
-    }
-  );
+      mkMxrouteAccount =
+        {
+          address,
+          primary,
+        }:
+        {
+          enable = true;
+          inherit address primary realName;
+          userName = address;
+          thunderbird.enable = true;
+          imap = {
+            authentication = "plain";
+            host = "taylor.mxrouting.net";
+            port = 993;
+            tls.enable = true;
+          };
+          smtp = {
+            authentication = "plain";
+            host = "taylor.mxrouting.net";
+            port = 465;
+            tls.enable = true;
+          };
+        };
+    in
+    {
+      programs.thunderbird = {
+        enable = true;
+        profiles.${config.home.username} = {
+          isDefault = true;
+          withExternalGnupg = true;
+          settings = {
+            "mail.ui.display.message_pane_vertical" = true;
+            "mail.ui.display.thread_pane_view_type" = "cards";
+            "mail.uidensity" = 1;
+            "privacy.donottrackheader.enabled" = true;
+            "mail.server.server2.hidden" = true;
+            "mailnews.start_page.enabled" = false;
+            "mail.provider.enabled" = false;
+            "layout.css.devPixelsPerPx" = 0.85;
+          };
+        };
+      };
+
+      accounts.email.accounts =
+        if config.home.username == "ergon" then
+          {
+            work = mkOffice365Account {
+              address = "jelle.spreeuwenberg@yookr.org";
+              primary = true;
+            };
+          }
+        else
+          {
+            main = mkMxrouteAccount {
+              address = "mail@jelles.net";
+              primary = true;
+            };
+
+            old = mkMxrouteAccount {
+              address = "mail@jellespreeuwenberg.nl";
+              primary = false;
+            };
+
+            uni = mkOffice365Account {
+              address = "j.spreeuwenberg@student.tue.nl";
+              primary = false;
+            };
+
+            work = mkOffice365Account {
+              address = "jelle.spreeuwenberg@yookr.org";
+              primary = false;
+            };
+          };
+    };
 }
diff --git a/modules/features/flatpak.nix b/modules/features/flatpak.nix
index b6d7a88..3e03f62 100644
--- a/modules/features/flatpak.nix
+++ b/modules/features/flatpak.nix
@@ -1,3 +1,5 @@
 {
-  lux.flatpak.nixos.services.flatpak.enable = true;
+  flake.modules.nixos.flatpak = {
+    services.flatpak.enable = true;
+  };
 }
diff --git a/modules/features/fonts.nix b/modules/features/fonts.nix
index edd78c8..87c9056 100644
--- a/modules/features/fonts.nix
+++ b/modules/features/fonts.nix
@@ -1,5 +1,5 @@
 {
-  lux.fonts.nixos =
+  flake.modules.nixos.fonts =
     { pkgs, ... }:
     {
       fonts = {
diff --git a/modules/features/gemini.nix b/modules/features/gemini.nix
index a7f8245..a365d2d 100644
--- a/modules/features/gemini.nix
+++ b/modules/features/gemini.nix
@@ -1,15 +1,11 @@
 {
-  lux.gemini = {
-    homeManager =
-      { config, ... }:
-      {
-        home.sessionVariables.GEMINI_CONFIG_DIR = "${config.xdg.configHome}/gemini";
+  flake.modules.homeManager.gemini =
+    { config, ... }:
+    {
+      home.sessionVariables.GEMINI_CONFIG_DIR = "${config.xdg.configHome}/gemini";
 
-        programs.gemini-cli.enable = true;
-        programs.opencode.enable = true;
-
-        # Needed for extensions
-        programs.npm.enable = true;
-      };
-  };
+      programs.gemini-cli.enable = true;
+      programs.opencode.enable = true;
+      programs.npm.enable = true;
+    };
 }
diff --git a/modules/features/git.nix b/modules/features/git.nix
index a6230e3..9b25437 100644
--- a/modules/features/git.nix
+++ b/modules/features/git.nix
@@ -1,32 +1,18 @@
-{ den, lib, ... }:
-let
-  getPrimaryEmail =
-    user:
-    (lib.findFirst (email: email.primary) (throw "Missing primary email for ${user.userName}") (
-      builtins.attrValues user.emails
-    )).address;
-in
+{ ... }:
 {
-  lux.git = den.lib.parametric {
-    includes = [
-      (
-        { user, ... }:
-        {
-          homeManager.programs.git = {
-            enable = true;
-            signing.format = "ssh";
-            ignores = [
-              ".claude/"
-              ".codex/"
-            ];
-            settings = {
-              user.name = user.realName;
-              user.email = getPrimaryEmail user;
-              init.defaultBranch = "main";
-            };
-          };
-        }
-      )
-    ];
-  };
+  flake.modules.homeManager.git =
+    { ... }:
+    {
+      programs.git = {
+        enable = true;
+        signing.format = "ssh";
+        ignores = [
+          ".claude/"
+          ".codex/"
+        ];
+        settings = {
+          init.defaultBranch = "main";
+        };
+      };
+    };
 }
diff --git a/modules/features/local-apps.nix b/modules/features/local-apps.nix
index a961d68..80a91d5 100644
--- a/modules/features/local-apps.nix
+++ b/modules/features/local-apps.nix
@@ -1,5 +1,5 @@
 {
-  lux.local-apps.homeManager =
+  flake.modules.homeManager.localApps =
     { pkgs, ... }:
     {
       home.sessionVariables.BROWSER = "vivaldi";
diff --git a/modules/features/mpv.nix b/modules/features/mpv.nix
index 00dc147..b5093c6 100644
--- a/modules/features/mpv.nix
+++ b/modules/features/mpv.nix
@@ -1,49 +1,47 @@
 {
-  lux.mpv = {
-    homeManager =
-      { pkgs, ... }:
-      {
-        programs.mpv = {
-          enable = true;
-          bindings = {
-            D = "cycle deband";
-          };
-          config = {
-            profile = "high-quality";
-
-            osc = "no";
-            border = "no";
-
-            vo = "gpu-next";
-            gpu-api = "vulkan";
-            hwdec = "vulkan";
-
-            demuxer-mkv-subtitle-preroll = "yes";
-            sub-auto = "fuzzy";
-
-            sub-gauss = 1.0;
-            sub-gray = "yes";
-
-            tone-mapping = "bt.2446a";
-
-            keep-open = "yes";
-            save-position-on-quit = "yes";
-
-            volume-max = 150;
-
-            deband = "yes";
-            deband-iterations = 2;
-            deband-threshold = 64;
-            deband-range = 17;
-            deband-grain = 12;
-          };
-          scripts = with pkgs.mpvScripts; [
-            modernz
-            thumbfast
-            mpris
-            autosub
-          ];
+  flake.modules.homeManager.mpv =
+    { pkgs, ... }:
+    {
+      programs.mpv = {
+        enable = true;
+        bindings = {
+          D = "cycle deband";
         };
+        config = {
+          profile = "high-quality";
+
+          osc = "no";
+          border = "no";
+
+          vo = "gpu-next";
+          gpu-api = "vulkan";
+          hwdec = "vulkan";
+
+          demuxer-mkv-subtitle-preroll = "yes";
+          sub-auto = "fuzzy";
+
+          sub-gauss = 1.0;
+          sub-gray = "yes";
+
+          tone-mapping = "bt.2446a";
+
+          keep-open = "yes";
+          save-position-on-quit = "yes";
+
+          volume-max = 150;
+
+          deband = "yes";
+          deband-iterations = 2;
+          deband-threshold = 64;
+          deband-range = 17;
+          deband-grain = 12;
+        };
+        scripts = with pkgs.mpvScripts; [
+          modernz
+          thumbfast
+          mpris
+          autosub
+        ];
       };
-  };
+    };
 }
diff --git a/modules/features/neovim/default.nix b/modules/features/neovim/default.nix
index 23bd200..4f429d0 100644
--- a/modules/features/neovim/default.nix
+++ b/modules/features/neovim/default.nix
@@ -1,10 +1,11 @@
-{ inputs, ... }:
 {
-  lux.neovim.homeManager =
+  flake.modules.homeManager.neovim =
     {
       pkgs,
       lib,
       config,
+      inputs,
+      osConfig,
       ...
     }:
     {
@@ -13,7 +14,6 @@
         VISUAL = "nvim";
       };
 
-
       imports = [
         (inputs.nix-wrapper-modules.lib.mkInstallModule {
           name = "neovim";
@@ -26,7 +26,7 @@
       ];
 
       # Configure sops-nix secret
-      sops.secrets.gemini-api-key-neovim = {};
+      sops.secrets.gemini-api-key-neovim = { };
 
       wrappers.neovim = {
         enable = true;
@@ -117,13 +117,10 @@
         # We put these in `settings` so they appear in require('nix-info').settings
         settings = {
           # Hostname/ConfigDir needed for nixd
-          # NOTE: Adjust these paths to match your actual denful/flake variables
           nixdExtras = {
             nixpkgs = "import ${pkgs.path} {}";
-            # Assuming you have access to the flake path in your config,
-            # otherwise hardcode or pass via specialArgs
-            nixos_options = ''(builtins.getFlake "path://${config.home.homeDirectory}/.config/nixos").nixosConfigurations.polaris.config.networking.hostName}.options'';
-            home_manager_options = ''(builtins.getFlake "path://${config.home.homeDirectory}/.config/nixos").nixosConfigurations.polaris.config.networking.hostName}.options.home-manager.users.type.getSubOptions []'';
+            nixos_options = ''(builtins.getFlake "path://${config.home.homeDirectory}/.config/nixos").nixosConfigurations.${osConfig.networking.hostName}.options'';
+            home_manager_options = ''(builtins.getFlake "path://${config.home.homeDirectory}/.config/nixos").nixosConfigurations.${osConfig.networking.hostName}.options.home-manager.users.type.getSubOptions []'';
           };
 
           # TODO: Put in separate theme file
diff --git a/modules/features/networking.nix b/modules/features/networking.nix
index 77e2e2a..943f9bb 100644
--- a/modules/features/networking.nix
+++ b/modules/features/networking.nix
@@ -1,6 +1,8 @@
 {
-  lux.networking.nixos.networking = {
-    nftables.enable = true;
-    networkmanager.enable = true;
+  flake.modules.nixos.networking = {
+    networking = {
+      nftables.enable = true;
+      networkmanager.enable = true;
+    };
   };
 }
diff --git a/modules/features/niri.nix b/modules/features/niri.nix
deleted file mode 100644
index 75a1043..0000000
--- a/modules/features/niri.nix
+++ /dev/null
@@ -1,374 +0,0 @@
-{ den, inputs, lib, ... }:
-let
-  mkOutputs =
-    host:
-    lib.mapAttrs (
-      _: display:
-      lib.optionalAttrs display.primary {
-        focus-at-startup = true;
-      }
-      // lib.filterAttrs (_: value: value != null) {
-        position = display.position;
-        scale = display.scale;
-        mode = display.mode;
-      }
-    ) host.displays;
-in
-{
-  lux.niri = {
-    includes = [
-      (den.lib.perHost {
-        nixos =
-          { pkgs, ... }:
-          {
-            imports = [ inputs.niri.nixosModules.niri ];
-            nixpkgs.overlays = [ inputs.niri.overlays.niri ];
-
-            programs.niri.enable = true;
-            programs.niri.package = pkgs.niri-unstable;
-            programs.dconf.enable = true;
-
-            # Essential services for Nautilus (Trash, Networking, Disks, Search)
-            services.gvfs.enable = true;
-            services.udisks2.enable = true;
-          };
-      })
-      (den.lib.perUser (
-        { host, ... }:
-        {
-          homeManager =
-            { config, pkgs, ... }:
-            {
-        home.sessionVariables.NIXOS_OZONE_WL = "1";
-
-        dconf.settings = {
-          "org/gnome/desktop/interface" = {
-            color-scheme = "prefer-dark";
-          };
-        };
-
-        home.packages = with pkgs; [
-          playerctl
-          nautilus
-          brightnessctl
-          xwayland-satellite
-        ];
-
-        programs.niri = {
-          settings = {
-            outputs = mkOutputs host;
-            environment = {
-              DISPLAY = ":0";
-            };
-            spawn-at-startup = [
-              { command = [ "xwayland-satellite" ]; }
-              { command = [ "noctalia-shell" ]; }
-              { command = [ "qbittorrent" ]; }
-            ];
-            prefer-no-csd = true;
-            hotkey-overlay.skip-at-startup = true;
-            screenshot-path = "${config.xdg.userDirs.pictures}/screenshots/%Y-%m-%dT%H:%M:%S.png";
-
-            # -----------------------------------------------------------------
-            # Aesthetics & Visuals
-            # -----------------------------------------------------------------
-
-            # Fast, snappy animations
-            animations.slowdown = 0.6;
-
-            cursor = with config.home.pointerCursor; {
-              size = size;
-              theme = name;
-              hide-after-inactive-ms = 3000;
-              hide-when-typing = true;
-            };
-
-            layout = {
-              always-center-single-column = true;
-              gaps = 14;
-
-              focus-ring.enable = false;
-
-              default-column-width = {
-                proportion = 1. / 2.;
-              };
-              # Kanagawa-wave Colorscheme for border
-              border = {
-                enable = true;
-                width = 3;
-                active.color = "#7E9CD8"; # Crystal Blue
-                inactive.color = "#54546D"; # Sumi Ink 4
-                urgent.color = "#E82424"; # Samurai Red
-              };
-            };
-
-            window-rules = [
-              {
-                # Sleek rounded corners
-                geometry-corner-radius =
-                  let
-                    radius = 10.0;
-                  in
-                  {
-                    bottom-left = radius;
-                    bottom-right = radius;
-                    top-left = radius;
-                    top-right = radius;
-                  };
-                clip-to-geometry = true;
-              }
-            ];
-
-            # -----------------------------------------------------------------
-            # System & Input
-            # -----------------------------------------------------------------
-
-            debug = {
-              honor-xdg-activation-with-invalid-serial = true;
-            };
-
-            input = {
-              focus-follows-mouse.enable = true;
-              keyboard = {
-                repeat-delay = 300;
-                repeat-rate = 50;
-                xkb.options = "caps:escape";
-              };
-              mouse.accel-speed = 0.4;
-            };
-
-            # -----------------------------------------------------------------
-            # Keybinds
-            # -----------------------------------------------------------------
-
-            binds = {
-              # --- Applications & Launchers ---
-              "Mod+Return" = {
-                action.spawn = "kitty";
-                hotkey-overlay.title = "Terminal";
-              };
-              "Mod+B" = {
-                action.spawn = "vivaldi";
-                hotkey-overlay.title = "Browser";
-              };
-              "Mod+Space" = {
-                repeat = false;
-                action.spawn = [
-                  "vicinae"
-                  "toggle"
-                ];
-                hotkey-overlay.title = "App Launcher";
-              };
-
-              # --- Media & Brightness Controls ---
-              "XF86AudioPlay" = {
-                action.spawn-sh = "playerctl play-pause";
-                allow-when-locked = true;
-              };
-              "XF86AudioStop" = {
-                action.spawn-sh = "playerctl stop";
-                allow-when-locked = true;
-              };
-              "XF86AudioPrev" = {
-                action.spawn-sh = "playerctl previous";
-                allow-when-locked = true;
-              };
-              "XF86AudioNext" = {
-                action.spawn-sh = "playerctl next";
-                allow-when-locked = true;
-              };
-              "XF86AudioRaiseVolume" = {
-                action.spawn-sh = "wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+";
-                allow-when-locked = true;
-              };
-              "XF86AudioLowerVolume" = {
-                action.spawn-sh = "wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-";
-                allow-when-locked = true;
-              };
-              "XF86AudioMute" = {
-                action.spawn-sh = "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
-                allow-when-locked = true;
-              };
-              "XF86AudioMicMute" = {
-                action.spawn-sh = "wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle";
-                allow-when-locked = true;
-              };
-              "XF86MonBrightnessUp" = {
-                action.spawn-sh = "brightnessctl s 10%+";
-                allow-when-locked = true;
-              };
-              "XF86MonBrightnessDown" = {
-                action.spawn-sh = "brightnessctl s 10%-";
-                allow-when-locked = true;
-              };
-
-              # --- Screenshots ---
-              "Mod+S".action.screenshot = [ ];
-              "Mod+Ctrl+S".action.screenshot-screen = [ ];
-              "Mod+Alt+S".action.screenshot-window = [ ];
-
-              # --- Session & System ---
-              "Mod+Shift+Slash".action.show-hotkey-overlay = [ ];
-              "Mod+Escape" = {
-                action.toggle-keyboard-shortcuts-inhibit = [ ];
-                allow-inhibiting = false;
-              };
-              "Mod+Alt+L" = {
-                action.spawn-sh = "loginctl lock-session";
-                hotkey-overlay.title = "Lock Screen";
-              };
-              "Mod+Shift+E".action.quit = [ ];
-              "Ctrl+Alt+Delete".action.quit = [ ];
-              "Mod+Shift+P".action.power-off-monitors = [ ];
-
-              # --- Overview & Window Management ---
-              "Mod+O" = {
-                action.toggle-overview = [ ];
-                repeat = false;
-              };
-              "Mod+Q" = {
-                action.close-window = [ ];
-                repeat = false;
-              };
-
-              # Focus Movement (Vim-like + Arrows)
-              "Mod+H".action.focus-column-or-monitor-left = [ ];
-              "Mod+J".action.focus-window-down = [ ];
-              "Mod+K".action.focus-window-up = [ ];
-              "Mod+L".action.focus-column-or-monitor-right = [ ];
-
-              # Window Movement
-              "Mod+Ctrl+Left".action.move-column-left = [ ];
-              "Mod+Ctrl+Down".action.move-window-down = [ ];
-              "Mod+Ctrl+Up".action.move-window-up = [ ];
-              "Mod+Ctrl+Right".action.move-column-right = [ ];
-              "Mod+Ctrl+H".action.move-column-left = [ ];
-              "Mod+Ctrl+J".action.move-window-down = [ ];
-              "Mod+Ctrl+K".action.move-window-up = [ ];
-              "Mod+Ctrl+L".action.move-column-right = [ ];
-
-              # Column Focus & Movement
-              "Mod+Home".action.focus-column-first = [ ];
-              "Mod+End".action.focus-column-last = [ ];
-              "Mod+Ctrl+Home".action.move-column-to-first = [ ];
-              "Mod+Ctrl+End".action.move-column-to-last = [ ];
-
-              # Monitor Focus
-              "Mod+Shift+Left".action.focus-monitor-left = [ ];
-              "Mod+Shift+Down".action.focus-monitor-down = [ ];
-              "Mod+Shift+Up".action.focus-monitor-up = [ ];
-              "Mod+Shift+Right".action.focus-monitor-right = [ ];
-              "Mod+Shift+H".action.focus-monitor-left = [ ];
-              "Mod+Shift+J".action.focus-monitor-down = [ ];
-              "Mod+Shift+K".action.focus-monitor-up = [ ];
-              "Mod+Shift+L".action.focus-monitor-right = [ ];
-
-              # Monitor Movement
-              "Mod+Shift+Ctrl+Left".action.move-column-to-monitor-left = [ ];
-              "Mod+Shift+Ctrl+Down".action.move-column-to-monitor-down = [ ];
-              "Mod+Shift+Ctrl+Up".action.move-column-to-monitor-up = [ ];
-              "Mod+Shift+Ctrl+Right".action.move-column-to-monitor-right = [ ];
-              "Mod+Shift+Ctrl+H".action.move-column-to-monitor-left = [ ];
-              "Mod+Shift+Ctrl+J".action.move-column-to-monitor-down = [ ];
-              "Mod+Shift+Ctrl+K".action.move-column-to-monitor-up = [ ];
-              "Mod+Shift+Ctrl+L".action.move-column-to-monitor-right = [ ];
-
-              # Workspace Focus
-              "Mod+Page_Down".action.focus-workspace-down = [ ];
-              "Mod+Page_Up".action.focus-workspace-up = [ ];
-              "Mod+U".action.focus-workspace-down = [ ];
-              "Mod+I".action.focus-workspace-up = [ ];
-
-              # Workspace Movement (Column)
-              "Mod+Ctrl+Page_Down".action.move-column-to-workspace-down = [ ];
-              "Mod+Ctrl+Page_Up".action.move-column-to-workspace-up = [ ];
-              "Mod+Ctrl+U".action.move-column-to-workspace-down = [ ];
-              "Mod+Ctrl+I".action.move-column-to-workspace-up = [ ];
-
-              # Workspace Movement (Entire Workspace)
-              "Mod+Shift+Page_Down".action.move-workspace-down = [ ];
-              "Mod+Shift+Page_Up".action.move-workspace-up = [ ];
-              "Mod+Shift+U".action.move-workspace-down = [ ];
-              "Mod+Shift+I".action.move-workspace-up = [ ];
-
-              # --- Mouse Wheel Scrolling ---
-              "Mod+WheelScrollDown" = {
-                action.focus-workspace-down = [ ];
-                cooldown-ms = 150;
-              };
-              "Mod+WheelScrollUp" = {
-                action.focus-workspace-up = [ ];
-                cooldown-ms = 150;
-              };
-              "Mod+Ctrl+WheelScrollDown" = {
-                action.move-column-to-workspace-down = [ ];
-                cooldown-ms = 150;
-              };
-              "Mod+Ctrl+WheelScrollUp" = {
-                action.move-column-to-workspace-up = [ ];
-                cooldown-ms = 150;
-              };
-
-              "Mod+WheelScrollRight".action.focus-column-right = [ ];
-              "Mod+WheelScrollLeft".action.focus-column-left = [ ];
-              "Mod+Ctrl+WheelScrollRight".action.move-column-right = [ ];
-              "Mod+Ctrl+WheelScrollLeft".action.move-column-left = [ ];
-              "Mod+Shift+WheelScrollDown".action.focus-column-right = [ ];
-              "Mod+Shift+WheelScrollUp".action.focus-column-left = [ ];
-              "Mod+Ctrl+Shift+WheelScrollDown".action.move-column-right = [ ];
-              "Mod+Ctrl+Shift+WheelScrollUp".action.move-column-left = [ ];
-
-              # --- Workspace Indices ---
-              "Mod+1".action.focus-workspace = 1;
-              "Mod+2".action.focus-workspace = 2;
-              "Mod+3".action.focus-workspace = 3;
-              "Mod+4".action.focus-workspace = 4;
-              "Mod+5".action.focus-workspace = 5;
-              "Mod+6".action.focus-workspace = 6;
-              "Mod+7".action.focus-workspace = 7;
-              "Mod+8".action.focus-workspace = 8;
-              "Mod+9".action.focus-workspace = 9;
-
-              "Mod+Ctrl+1".action.move-column-to-workspace = 1;
-              "Mod+Ctrl+2".action.move-column-to-workspace = 2;
-              "Mod+Ctrl+3".action.move-column-to-workspace = 3;
-              "Mod+Ctrl+4".action.move-column-to-workspace = 4;
-              "Mod+Ctrl+5".action.move-column-to-workspace = 5;
-              "Mod+Ctrl+6".action.move-column-to-workspace = 6;
-              "Mod+Ctrl+7".action.move-column-to-workspace = 7;
-              "Mod+Ctrl+8".action.move-column-to-workspace = 8;
-              "Mod+Ctrl+9".action.move-column-to-workspace = 9;
-
-              # --- Column/Window Reshaping & Organization ---
-              "Mod+BracketLeft".action.consume-or-expel-window-left = [ ];
-              "Mod+BracketRight".action.consume-or-expel-window-right = [ ];
-              "Mod+Comma".action.consume-window-into-column = [ ];
-              "Mod+Period".action.expel-window-from-column = [ ];
-
-              "Mod+R".action.switch-preset-column-width = [ ];
-              "Mod+Shift+R".action.switch-preset-window-height = [ ];
-              "Mod+Ctrl+R".action.reset-window-height = [ ];
-              "Mod+F".action.maximize-column = [ ];
-              "Mod+Shift+F".action.fullscreen-window = [ ];
-              "Mod+M".action.maximize-window-to-edges = [ ];
-              "Mod+Ctrl+F".action.expand-column-to-available-width = [ ];
-              "Mod+C".action.center-column = [ ];
-              "Mod+Ctrl+C".action.center-visible-columns = [ ];
-
-              "Mod+Minus".action.set-column-width = "-10%";
-              "Mod+Equal".action.set-column-width = "+10%";
-              "Mod+Shift+Minus".action.set-window-height = "-10%";
-              "Mod+Shift+Equal".action.set-window-height = "+10%";
-
-              "Mod+V".action.toggle-window-floating = [ ];
-              "Mod+Shift+V".action.switch-focus-between-floating-and-tiling = [ ];
-              "Mod+W".action.toggle-column-tabbed-display = [ ];
-            };
-          };
-        };
-            };
-        }
-      ))
-    ];
-  };
-}
diff --git a/modules/features/niri/_bindings.nix b/modules/features/niri/_bindings.nix
new file mode 100644
index 0000000..2d9a72f
--- /dev/null
+++ b/modules/features/niri/_bindings.nix
@@ -0,0 +1,207 @@
+{
+  "Mod+Return" = {
+    action.spawn = "kitty";
+    hotkey-overlay.title = "Terminal";
+  };
+  "Mod+B" = {
+    action.spawn = "vivaldi";
+    hotkey-overlay.title = "Browser";
+  };
+  "Mod+Space" = {
+    repeat = false;
+    action.spawn = [
+      "vicinae"
+      "toggle"
+    ];
+    hotkey-overlay.title = "App Launcher";
+  };
+
+  "XF86AudioPlay" = {
+    action.spawn-sh = "playerctl play-pause";
+    allow-when-locked = true;
+  };
+  "XF86AudioStop" = {
+    action.spawn-sh = "playerctl stop";
+    allow-when-locked = true;
+  };
+  "XF86AudioPrev" = {
+    action.spawn-sh = "playerctl previous";
+    allow-when-locked = true;
+  };
+  "XF86AudioNext" = {
+    action.spawn-sh = "playerctl next";
+    allow-when-locked = true;
+  };
+  "XF86AudioRaiseVolume" = {
+    action.spawn-sh = "wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+";
+    allow-when-locked = true;
+  };
+  "XF86AudioLowerVolume" = {
+    action.spawn-sh = "wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-";
+    allow-when-locked = true;
+  };
+  "XF86AudioMute" = {
+    action.spawn-sh = "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
+    allow-when-locked = true;
+  };
+  "XF86AudioMicMute" = {
+    action.spawn-sh = "wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle";
+    allow-when-locked = true;
+  };
+  "XF86MonBrightnessUp" = {
+    action.spawn-sh = "brightnessctl s 10%+";
+    allow-when-locked = true;
+  };
+  "XF86MonBrightnessDown" = {
+    action.spawn-sh = "brightnessctl s 10%-";
+    allow-when-locked = true;
+  };
+
+  "Mod+S".action.screenshot = [ ];
+  "Mod+Ctrl+S".action.screenshot-screen = [ ];
+  "Mod+Alt+S".action.screenshot-window = [ ];
+
+  "Mod+Shift+Slash".action.show-hotkey-overlay = [ ];
+  "Mod+Escape" = {
+    action.toggle-keyboard-shortcuts-inhibit = [ ];
+    allow-inhibiting = false;
+  };
+  "Mod+Alt+L" = {
+    action.spawn-sh = "loginctl lock-session";
+    hotkey-overlay.title = "Lock Screen";
+  };
+  "Mod+Shift+E".action.quit = [ ];
+  "Ctrl+Alt+Delete".action.quit = [ ];
+  "Mod+Shift+P".action.power-off-monitors = [ ];
+
+  "Mod+O" = {
+    action.toggle-overview = [ ];
+    repeat = false;
+  };
+  "Mod+Q" = {
+    action.close-window = [ ];
+    repeat = false;
+  };
+
+  "Mod+H".action.focus-column-or-monitor-left = [ ];
+  "Mod+J".action.focus-window-down = [ ];
+  "Mod+K".action.focus-window-up = [ ];
+  "Mod+L".action.focus-column-or-monitor-right = [ ];
+
+  "Mod+Ctrl+Left".action.move-column-left = [ ];
+  "Mod+Ctrl+Down".action.move-window-down = [ ];
+  "Mod+Ctrl+Up".action.move-window-up = [ ];
+  "Mod+Ctrl+Right".action.move-column-right = [ ];
+  "Mod+Ctrl+H".action.move-column-left = [ ];
+  "Mod+Ctrl+J".action.move-window-down = [ ];
+  "Mod+Ctrl+K".action.move-window-up = [ ];
+  "Mod+Ctrl+L".action.move-column-right = [ ];
+
+  "Mod+Home".action.focus-column-first = [ ];
+  "Mod+End".action.focus-column-last = [ ];
+  "Mod+Ctrl+Home".action.move-column-to-first = [ ];
+  "Mod+Ctrl+End".action.move-column-to-last = [ ];
+
+  "Mod+Shift+Left".action.focus-monitor-left = [ ];
+  "Mod+Shift+Down".action.focus-monitor-down = [ ];
+  "Mod+Shift+Up".action.focus-monitor-up = [ ];
+  "Mod+Shift+Right".action.focus-monitor-right = [ ];
+  "Mod+Shift+H".action.focus-monitor-left = [ ];
+  "Mod+Shift+J".action.focus-monitor-down = [ ];
+  "Mod+Shift+K".action.focus-monitor-up = [ ];
+  "Mod+Shift+L".action.focus-monitor-right = [ ];
+
+  "Mod+Shift+Ctrl+Left".action.move-column-to-monitor-left = [ ];
+  "Mod+Shift+Ctrl+Down".action.move-column-to-monitor-down = [ ];
+  "Mod+Shift+Ctrl+Up".action.move-column-to-monitor-up = [ ];
+  "Mod+Shift+Ctrl+Right".action.move-column-to-monitor-right = [ ];
+  "Mod+Shift+Ctrl+H".action.move-column-to-monitor-left = [ ];
+  "Mod+Shift+Ctrl+J".action.move-column-to-monitor-down = [ ];
+  "Mod+Shift+Ctrl+K".action.move-column-to-monitor-up = [ ];
+  "Mod+Shift+Ctrl+L".action.move-column-to-monitor-right = [ ];
+
+  "Mod+Page_Down".action.focus-workspace-down = [ ];
+  "Mod+Page_Up".action.focus-workspace-up = [ ];
+  "Mod+U".action.focus-workspace-down = [ ];
+  "Mod+I".action.focus-workspace-up = [ ];
+
+  "Mod+Ctrl+Page_Down".action.move-column-to-workspace-down = [ ];
+  "Mod+Ctrl+Page_Up".action.move-column-to-workspace-up = [ ];
+  "Mod+Ctrl+U".action.move-column-to-workspace-down = [ ];
+  "Mod+Ctrl+I".action.move-column-to-workspace-up = [ ];
+
+  "Mod+Shift+Page_Down".action.move-workspace-down = [ ];
+  "Mod+Shift+Page_Up".action.move-workspace-up = [ ];
+  "Mod+Shift+U".action.move-workspace-down = [ ];
+  "Mod+Shift+I".action.move-workspace-up = [ ];
+
+  "Mod+WheelScrollDown" = {
+    action.focus-workspace-down = [ ];
+    cooldown-ms = 150;
+  };
+  "Mod+WheelScrollUp" = {
+    action.focus-workspace-up = [ ];
+    cooldown-ms = 150;
+  };
+  "Mod+Ctrl+WheelScrollDown" = {
+    action.move-column-to-workspace-down = [ ];
+    cooldown-ms = 150;
+  };
+  "Mod+Ctrl+WheelScrollUp" = {
+    action.move-column-to-workspace-up = [ ];
+    cooldown-ms = 150;
+  };
+
+  "Mod+WheelScrollRight".action.focus-column-right = [ ];
+  "Mod+WheelScrollLeft".action.focus-column-left = [ ];
+  "Mod+Ctrl+WheelScrollRight".action.move-column-right = [ ];
+  "Mod+Ctrl+WheelScrollLeft".action.move-column-left = [ ];
+  "Mod+Shift+WheelScrollDown".action.focus-column-right = [ ];
+  "Mod+Shift+WheelScrollUp".action.focus-column-left = [ ];
+  "Mod+Ctrl+Shift+WheelScrollDown".action.move-column-right = [ ];
+  "Mod+Ctrl+Shift+WheelScrollUp".action.move-column-left = [ ];
+
+  "Mod+1".action.focus-workspace = 1;
+  "Mod+2".action.focus-workspace = 2;
+  "Mod+3".action.focus-workspace = 3;
+  "Mod+4".action.focus-workspace = 4;
+  "Mod+5".action.focus-workspace = 5;
+  "Mod+6".action.focus-workspace = 6;
+  "Mod+7".action.focus-workspace = 7;
+  "Mod+8".action.focus-workspace = 8;
+  "Mod+9".action.focus-workspace = 9;
+
+  "Mod+Ctrl+1".action.move-column-to-workspace = 1;
+  "Mod+Ctrl+2".action.move-column-to-workspace = 2;
+  "Mod+Ctrl+3".action.move-column-to-workspace = 3;
+  "Mod+Ctrl+4".action.move-column-to-workspace = 4;
+  "Mod+Ctrl+5".action.move-column-to-workspace = 5;
+  "Mod+Ctrl+6".action.move-column-to-workspace = 6;
+  "Mod+Ctrl+7".action.move-column-to-workspace = 7;
+  "Mod+Ctrl+8".action.move-column-to-workspace = 8;
+  "Mod+Ctrl+9".action.move-column-to-workspace = 9;
+
+  "Mod+BracketLeft".action.consume-or-expel-window-left = [ ];
+  "Mod+BracketRight".action.consume-or-expel-window-right = [ ];
+  "Mod+Comma".action.consume-window-into-column = [ ];
+  "Mod+Period".action.expel-window-from-column = [ ];
+
+  "Mod+R".action.switch-preset-column-width = [ ];
+  "Mod+Shift+R".action.switch-preset-window-height = [ ];
+  "Mod+Ctrl+R".action.reset-window-height = [ ];
+  "Mod+F".action.maximize-column = [ ];
+  "Mod+Shift+F".action.fullscreen-window = [ ];
+  "Mod+M".action.maximize-window-to-edges = [ ];
+  "Mod+Ctrl+F".action.expand-column-to-available-width = [ ];
+  "Mod+C".action.center-column = [ ];
+  "Mod+Ctrl+C".action.center-visible-columns = [ ];
+
+  "Mod+Minus".action.set-column-width = "-10%";
+  "Mod+Equal".action.set-column-width = "+10%";
+  "Mod+Shift+Minus".action.set-window-height = "-10%";
+  "Mod+Shift+Equal".action.set-window-height = "+10%";
+
+  "Mod+V".action.toggle-window-floating = [ ];
+  "Mod+Shift+V".action.switch-focus-between-floating-and-tiling = [ ];
+  "Mod+W".action.toggle-column-tabbed-display = [ ];
+}
diff --git a/modules/features/niri/default.nix b/modules/features/niri/default.nix
new file mode 100644
index 0000000..89ff5f6
--- /dev/null
+++ b/modules/features/niri/default.nix
@@ -0,0 +1,103 @@
+{ inputs, ... }:
+{
+  flake.modules.nixos.niri =
+    { pkgs, ... }:
+    {
+      imports = [ inputs.niri.nixosModules.niri ];
+      nixpkgs.overlays = [ inputs.niri.overlays.niri ];
+
+      programs.niri.enable = true;
+      programs.niri.package = pkgs.niri-unstable;
+      programs.dconf.enable = true;
+
+      services.gvfs.enable = true;
+      services.udisks2.enable = true;
+      xdg.portal.enable = true;
+    };
+
+  flake.modules.homeManager.niri =
+    { config, pkgs, ... }:
+    {
+      home.sessionVariables.NIXOS_OZONE_WL = "1";
+
+      dconf.settings = {
+        "org/gnome/desktop/interface" = {
+          color-scheme = "prefer-dark";
+        };
+      };
+
+      home.packages = with pkgs; [
+        playerctl
+        nautilus
+        brightnessctl
+        xwayland-satellite
+      ];
+
+      programs.niri.settings = {
+        environment.DISPLAY = ":0";
+        spawn-at-startup = [
+          { command = [ "xwayland-satellite" ]; }
+          { command = [ "noctalia-shell" ]; }
+          { command = [ "qbittorrent" ]; }
+        ];
+        prefer-no-csd = true;
+        hotkey-overlay.skip-at-startup = true;
+        screenshot-path = "${config.xdg.userDirs.pictures}/screenshots/%Y-%m-%dT%H:%M:%S.png";
+
+        animations.slowdown = 0.6;
+
+        cursor = with config.home.pointerCursor; {
+          size = size;
+          theme = name;
+          hide-after-inactive-ms = 3000;
+          hide-when-typing = true;
+        };
+
+        layout = {
+          always-center-single-column = true;
+          gaps = 14;
+          focus-ring.enable = false;
+
+          default-column-width.proportion = 1. / 2.;
+
+          border = {
+            enable = true;
+            width = 3;
+            active.color = "#7E9CD8";
+            inactive.color = "#54546D";
+            urgent.color = "#E82424";
+          };
+        };
+
+        window-rules = [
+          {
+            geometry-corner-radius =
+              let
+                radius = 10.0;
+              in
+              {
+                bottom-left = radius;
+                bottom-right = radius;
+                top-left = radius;
+                top-right = radius;
+              };
+            clip-to-geometry = true;
+          }
+        ];
+
+        debug.honor-xdg-activation-with-invalid-serial = true;
+
+        input = {
+          focus-follows-mouse.enable = true;
+          keyboard = {
+            repeat-delay = 300;
+            repeat-rate = 50;
+            xkb.options = "caps:escape";
+          };
+          mouse.accel-speed = 0.4;
+        };
+
+        binds = import ./_bindings.nix;
+      };
+    };
+}
diff --git a/modules/features/nix.nix b/modules/features/nix.nix
index 34b63d1..e7e888a 100644
--- a/modules/features/nix.nix
+++ b/modules/features/nix.nix
@@ -1,55 +1,50 @@
-{ den, inputs, ... }:
 {
-  lux.nix = {
-    includes = [
-      (den.lib.perHost {
-        nixos = {
-          nixpkgs.config.allowUnfree = true;
+  flake.modules.nixos.nix =
+    { inputs, ... }:
+    {
+      nixpkgs.config.allowUnfree = true;
 
-          nix = {
-            gc.automatic = true;
-            optimise.automatic = true;
-            registry.nixpkgs.flake = inputs.nixpkgs;
-            channel.enable = false;
+      nix = {
+        gc.automatic = true;
+        optimise.automatic = true;
+        registry.nixpkgs.flake = inputs.nixpkgs;
+        channel.enable = false;
 
-            settings = {
-              trusted-users = [ "@wheel" ];
-              use-xdg-base-directories = true;
-              auto-optimise-store = true;
+        settings = {
+          trusted-users = [ "@wheel" ];
+          use-xdg-base-directories = true;
+          auto-optimise-store = true;
 
-              experimental-features = [
-                "nix-command"
-                "flakes"
-              ];
-            };
-          };
-        };
-      })
-    ];
-
-    homeManager =
-      { pkgs, ... }:
-      {
-        home.packages = [
-          (pkgs.writeShellApplication {
-            name = "ns";
-            runtimeInputs = [
-              pkgs.fzf
-              pkgs.nix-search-tv
-            ];
-            text = builtins.readFile "${pkgs.nix-search-tv.src}/nixpkgs.sh";
-          })
-        ];
-
-        programs.television = {
-          enable = true;
-          enableZshIntegration = false;
-        };
-
-        programs.nix-search-tv = {
-          enable = true;
-          enableTelevisionIntegration = true;
+          experimental-features = [
+            "nix-command"
+            "flakes"
+          ];
         };
       };
-  };
+    };
+
+  flake.modules.homeManager.nix =
+    { pkgs, ... }:
+    {
+      home.packages = [
+        (pkgs.writeShellApplication {
+          name = "ns";
+          runtimeInputs = [
+            pkgs.fzf
+            pkgs.nix-search-tv
+          ];
+          text = builtins.readFile "${pkgs.nix-search-tv.src}/nixpkgs.sh";
+        })
+      ];
+
+      programs.television = {
+        enable = true;
+        enableZshIntegration = false;
+      };
+
+      programs.nix-search-tv = {
+        enable = true;
+        enableTelevisionIntegration = true;
+      };
+    };
 }
diff --git a/modules/features/noctalia.nix b/modules/features/noctalia.nix
index 8b7dac9..e7649a0 100644
--- a/modules/features/noctalia.nix
+++ b/modules/features/noctalia.nix
@@ -1,7 +1,11 @@
-{ inputs, ... }:
 {
-  lux.noctalia.homeManager =
-    { lib, pkgs, ... }:
+  flake.modules.homeManager.noctalia =
+    {
+      inputs,
+      lib,
+      pkgs,
+      ...
+    }:
     {
       imports = [ inputs.noctalia.homeModules.default ];
 
diff --git a/modules/features/pim.nix b/modules/features/pim.nix
index 8df8ace..de7fa7f 100644
--- a/modules/features/pim.nix
+++ b/modules/features/pim.nix
@@ -1,86 +1,75 @@
-{ den, ... }:
-let
-  calendarAccount = den.lib.perUser (
-    { host, user }:
+{
+  flake.modules.homeManager.pim =
     {
-      homeManager =
-        { config, ... }:
-        let
-          calendarsPath = "${config.xdg.dataHome}/calendars";
-        in
-        {
-          programs.pimsync.enable = true;
-          services.pimsync.enable = true;
+      config,
+      ...
+    }:
+    let
+      calendarsPath = "${config.xdg.dataHome}/calendars";
+    in
+    {
+      programs.pimsync.enable = true;
+      services.pimsync.enable = true;
 
-          programs.khal = {
-            # FIXME: Temporarily disabled because of bug in nixpkgs-unstable (27-02-26)
-            enable = false;
-            locale = {
-              timeformat = "%H:%M";
-              dateformat = "$m-$d";
-            };
+      programs.khal = {
+        enable = false;
+        locale = {
+          timeformat = "%H:%M";
+          dateformat = "$m-$d";
+        };
+      };
+
+      programs.todoman = {
+        enable = true;
+        glob = "*/*";
+        extraConfig = ''
+          date_format = "%Y-%m-%d"
+          time_format = "%H:%M"
+          default_list = "personal"
+          default_due = 0
+          default_command = "list --sort priority,due"
+          humanize = True
+        '';
+      };
+
+      accounts.calendar = {
+        basePath = calendarsPath;
+        accounts.radicale = {
+          primary = true;
+          primaryCollection = "personal";
+
+          local = {
+            type = "filesystem";
+            fileExt = ".ics";
           };
 
-          programs.todoman = {
+          remote = {
+            url = "https://radicale.jelles.net/";
+            type = "caldav";
+            userName = config.home.username;
+            passwordCommand = [
+              "rbw"
+              "get"
+              "Radicale"
+            ];
+          };
+
+          pimsync = {
             enable = true;
-            glob = "*/*";
-            extraConfig = ''
-              date_format = "%Y-%m-%d"
-              time_format = "%H:%M"
-              default_list = "personal"
-              default_due = 0
-              default_command = "list --sort priority,due"
-              humanize = True
-            '';
+            extraPairDirectives = [
+              {
+                name = "collections";
+                params = [ "from b" ];
+              }
+            ];
           };
 
-          accounts.calendar = {
-            basePath = calendarsPath;
-            accounts = {
-              "radicale" = {
-                primary = true;
-                primaryCollection = "personal";
-
-                local = {
-                  type = "filesystem";
-                  fileExt = ".ics";
-                };
-
-                remote = {
-                  url = "https://radicale.${host.serviceDomain}/";
-                  type = "caldav";
-                  userName = user.userName;
-                  passwordCommand = [
-                    "rbw"
-                    "get"
-                    "Radicale"
-                  ];
-                };
-
-                pimsync = {
-                  enable = true;
-                  extraPairDirectives = [
-                    {
-                      name = "collections";
-                      params = [ "from b" ];
-                    }
-                  ];
-                };
-
-                khal = {
-                  enable = true;
-                  type = "discover";
-                  color = "light blue";
-                };
-              };
-            };
+          khal = {
+            enable = true;
+            type = "discover";
+            color = "light blue";
           };
         };
-    }
-  );
-in
-{
-  lux.pim = {
-    includes = [ calendarAccount ];
-  };
+      };
+    };
 }
diff --git a/modules/features/pinentry.nix b/modules/features/pinentry.nix
deleted file mode 100644
index d93440a..0000000
--- a/modules/features/pinentry.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-  lux.pinentry.homeManager =
-    { pkgs, ... }:
-    {
-      programs.rbw.settings.pinentry = pkgs.pinentry-gnome3;
-    };
-}
diff --git a/modules/features/podman.nix b/modules/features/podman.nix
index 7ea98f8..bf6bc2a 100644
--- a/modules/features/podman.nix
+++ b/modules/features/podman.nix
@@ -1,10 +1,8 @@
 { ... }:
 {
-  lux.podman = {
-    homeManager = {
-      services.podman = {
-        enable = true;
-      };
+  flake.modules.homeManager.podman = {
+    services.podman = {
+      enable = true;
     };
   };
 }
diff --git a/modules/features/printing.nix b/modules/features/printing.nix
index d90af01..215a423 100644
--- a/modules/features/printing.nix
+++ b/modules/features/printing.nix
@@ -1,5 +1,5 @@
 {
-  lux.printing.nixos =
+  flake.modules.nixos.printing =
     { pkgs, ... }:
     {
       services.printing = {
diff --git a/modules/features/qbittorrent-client.nix b/modules/features/qbittorrent-client.nix
index 5985651..c037112 100644
--- a/modules/features/qbittorrent-client.nix
+++ b/modules/features/qbittorrent-client.nix
@@ -1,19 +1,14 @@
-{ den, ... }:
 {
-  lux.qbittorrent-client = {
-    includes = [
-      (den.lib.perHost {
-        nixos.networking.firewall = {
-          allowedTCPPorts = [ 43864 ];
-          allowedUDPPorts = [ 43864 ];
-        };
-      })
-    ];
-
-    homeManager =
-      { pkgs, ... }:
-      {
-        home.packages = [ pkgs.qbittorrent ];
-      };
+  flake.modules.nixos.qbittorrentClient = {
+    networking.firewall = {
+      allowedTCPPorts = [ 43864 ];
+      allowedUDPPorts = [ 43864 ];
+    };
   };
+
+  flake.modules.homeManager.qbittorrentClient =
+    { pkgs, ... }:
+    {
+      home.packages = [ pkgs.qbittorrent ];
+    };
 }
diff --git a/modules/features/region-nl.nix b/modules/features/region-nl.nix
index beff965..3ced96f 100644
--- a/modules/features/region-nl.nix
+++ b/modules/features/region-nl.nix
@@ -1,6 +1,6 @@
 { ... }:
 {
-  lux.region-nl.nixos = {
+  flake.modules.nixos.regionNl = {
     time.timeZone = "Europe/Amsterdam";
 
     i18n.defaultLocale = "en_US.UTF-8";
diff --git a/modules/features/sddm.nix b/modules/features/sddm.nix
index 0252e51..b625fce 100644
--- a/modules/features/sddm.nix
+++ b/modules/features/sddm.nix
@@ -1,17 +1,14 @@
-{ inputs, ... }:
 {
-  lux.sddm = {
-    nixos =
-      { pkgs, ... }:
-      {
-        services.displayManager.sddm = {
-          enable = true;
-          wayland.enable = true;
-          theme = "${pkgs.sddm-astronaut}/share/sddm/themes/sddm-astronaut-theme";
-          extraPackages = with pkgs; [
-            kdePackages.qtmultimedia
-          ];
-        };
+  flake.modules.nixos.sddm =
+    { pkgs, ... }:
+    {
+      services.displayManager.sddm = {
+        enable = true;
+        wayland.enable = true;
+        theme = "${pkgs.sddm-astronaut}/share/sddm/themes/sddm-astronaut-theme";
+        extraPackages = with pkgs; [
+          kdePackages.qtmultimedia
+        ];
       };
-  };
+    };
 }
diff --git a/modules/features/services/actual.nix b/modules/features/services/actual.nix
index 2f40a24..d8aa1cc 100644
--- a/modules/features/services/actual.nix
+++ b/modules/features/services/actual.nix
@@ -1,22 +1,17 @@
-{ den, ... }:
 {
-  lux.services._.actual = den.lib.perHost (
-    { host, ... }:
+  flake.modules.nixos.actual =
+    { config, ... }:
     {
-      nixos =
-        { config, ... }:
-        {
-          services.actual = {
-            enable = true;
-            openFirewall = false;
-            settings = {
-              port = 3000;
-              hostname = "127.0.0.1";
-            };
-          };
-          services.caddy.virtualHosts."finance.${host.serviceDomain}".extraConfig =
-            "reverse_proxy :${toString config.services.actual.settings.port}";
+      services.actual = {
+        enable = true;
+        openFirewall = false;
+        settings = {
+          port = 3000;
+          hostname = "127.0.0.1";
         };
-    }
-  );
+      };
+
+      services.caddy.virtualHosts."finance.jelles.net".extraConfig =
+        "reverse_proxy :${toString config.services.actual.settings.port}";
+    };
 }
diff --git a/modules/features/services/caddy.nix b/modules/features/services/caddy.nix
index d590d81..533fa1d 100644
--- a/modules/features/services/caddy.nix
+++ b/modules/features/services/caddy.nix
@@ -1,10 +1,9 @@
-{ den, ... }:
 {
-  lux.services._.caddy = den.lib.perHost ({ host }: {
-    nixos.services.caddy = {
+  flake.modules.nixos.caddy = {
+    services.caddy = {
       enable = true;
       email = "mail@jelles.net";
       openFirewall = true;
     };
-  });
+  };
 }
diff --git a/modules/features/services/deluge.nix b/modules/features/services/deluge.nix
index 7cc3b99..bbfcad5 100644
--- a/modules/features/services/deluge.nix
+++ b/modules/features/services/deluge.nix
@@ -1,20 +1,18 @@
 {
-  lux.deluge = {
-    nixos =
-      { config, ... }:
-      {
-        sops.secrets.deluge-auth-file = { };
+  flake.modules.nixos.delugeService =
+    { ... }:
+    {
+      sops.secrets.deluge-auth-file = { };
 
-        services.deluge = {
-          enable = true;
-          # For some reason passwords never match??
-          declarative = false;
-        };
+      services.deluge = {
+        enable = true;
+        declarative = false;
       };
-    homeManager =
-      { pkgs, ... }:
-      {
-        home.packages = [ pkgs.deluge ];
-      };
-  };
+    };
+
+  flake.modules.homeManager.delugeClient =
+    { pkgs, ... }:
+    {
+      home.packages = [ pkgs.deluge ];
+    };
 }
diff --git a/modules/features/services/gitea.nix b/modules/features/services/gitea.nix
index ab3c868..3d3011d 100644
--- a/modules/features/services/gitea.nix
+++ b/modules/features/services/gitea.nix
@@ -1,36 +1,28 @@
-{ den, ... }:
 {
-  lux.services._.gitea = den.lib.perHost (
-    { host }:
+  flake.modules.nixos.gitea =
+    { config, ... }:
     {
-      nixos =
-        { config, ... }:
-        {
-          services.gitea = {
-            enable = true;
+      services.gitea = {
+        enable = true;
 
-            settings = {
-              server = {
-                DOMAIN = "git.${host.serviceDomain}";
-                ROOT_URL = "https://git.${host.serviceDomain}/";
-                HTTP_PORT = 3001;
-                HTTP_ADDR = "127.0.0.1";
+        settings = {
+          server = {
+            DOMAIN = "git.jelles.net";
+            ROOT_URL = "https://git.jelles.net/";
+            HTTP_PORT = 3001;
+            HTTP_ADDR = "127.0.0.1";
 
-                START_SSH_SERVER = false;
-                SSH_PORT = 22;
-              };
-
-              service = {
-                DISABLE_REGISTRATION = true;
-              };
-            };
+            START_SSH_SERVER = false;
+            SSH_PORT = 22;
           };
 
-          services.openssh.settings.AllowUsers = [ "gitea" ];
-
-          services.caddy.virtualHosts."git.${host.serviceDomain}".extraConfig =
-            "reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT}";
+          service.DISABLE_REGISTRATION = true;
         };
-    }
-  );
+      };
+
+      services.openssh.settings.AllowUsers = [ "gitea" ];
+
+      services.caddy.virtualHosts."git.jelles.net".extraConfig =
+        "reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT}";
+    };
 }
diff --git a/modules/features/services/openssh.nix b/modules/features/services/openssh.nix
index 635e5cd..8ee7453 100644
--- a/modules/features/services/openssh.nix
+++ b/modules/features/services/openssh.nix
@@ -1,80 +1,28 @@
-{ den, lib, ... }:
-let
-  hostConfig =
-    { host }:
-    {
-      nixos =
-        { config, ... }:
-        {
-          services.openssh = {
-            enable = true;
-            settings = {
-              PermitRootLogin = "no";
-              PasswordAuthentication = false;
-              AllowUsers = lib.attrNames host.users;
-            };
-          };
-
-          users.users = lib.mapAttrs (_: user: {
-            openssh.authorizedKeys.keys = user.authorizedSshKeys;
-          }) host.users;
-
-          assertions = lib.optionals host.requiresSshRecovery (
-            let
-              missingUsers = lib.filter (userName: !(builtins.hasAttr userName host.users)) host.sshRecoveryUsers;
-              usersWithoutKeys = lib.filter (
-                userName:
-                (builtins.hasAttr userName host.users) && host.users.${userName}.authorizedSshKeys == [ ]
-              ) host.sshRecoveryUsers;
-            in
-            [
-              {
-                assertion = config.services.openssh.enable;
-                message = "Hosts with requiresSshRecovery must enable OpenSSH.";
-              }
-              {
-                assertion = config.services.openssh.settings.PasswordAuthentication == false;
-                message = "Hosts with requiresSshRecovery must disable SSH password authentication.";
-              }
-              {
-                assertion =
-                  let
-                    rootLogin = config.services.openssh.settings.PermitRootLogin;
-                  in
-                  rootLogin == false || rootLogin == "no";
-                message = "Hosts with requiresSshRecovery must disable SSH root login.";
-              }
-              {
-                assertion = host.sshRecoveryUsers != [ ];
-                message = "Hosts with requiresSshRecovery must declare at least one sshRecoveryUser.";
-              }
-              {
-                assertion = missingUsers == [ ];
-                message =
-                  "All sshRecoveryUsers must exist on the host. Missing: "
-                  + lib.concatStringsSep ", " missingUsers;
-              }
-              {
-                assertion = usersWithoutKeys == [ ];
-                message =
-                  "All sshRecoveryUsers must have plain authorizedSshKeys. Missing keys for: "
-                  + lib.concatStringsSep ", " usersWithoutKeys;
-              }
-              {
-                assertion = host.sopsHostSshKeyPath != null;
-                message = "Hosts with requiresSshRecovery must set sopsHostSshKeyPath.";
-              }
-              {
-                assertion = config.services.openssh.openFirewall || lib.elem 22 config.networking.firewall.allowedTCPPorts;
-                message = "Hosts with requiresSshRecovery must expose SSH through the firewall.";
-              }
-            ]
-          );
-        };
-    };
-in
+{ ... }:
 {
-  lux.services._.openssh = den.lib.parametric.exactly {
-    includes = [ hostConfig ];
-  };
+  flake.modules.nixos.openssh =
+    {
+      config,
+      lib,
+      host ? {
+        isServer = false;
+      },
+      ...
+    }:
+    let
+      hostUserNames = builtins.attrNames (
+        lib.filterAttrs (_: user: user.isNormalUser or false) config.users.users
+      );
+    in
+    {
+      services.openssh = {
+        enable = true;
+        openFirewall = host.isServer;
+        settings = {
+          PermitRootLogin = "no";
+          PasswordAuthentication = false;
+          AllowUsers = hostUserNames;
+        };
+      };
+    };
 }
diff --git a/modules/features/services/qbittorrent.nix b/modules/features/services/qbittorrent.nix
index f333f18..83cf1f2 100644
--- a/modules/features/services/qbittorrent.nix
+++ b/modules/features/services/qbittorrent.nix
@@ -1,13 +1,11 @@
 { ... }:
 {
-  lux.qbittorrent = {
-    nixos = {
-      services.qbittorrent = {
-        enable = true;
-        openFirewall = true;
-        torrentingPort = 43864;
-        webuiPort = 8123;
-      };
+  flake.modules.nixos.qbittorrent = {
+    services.qbittorrent = {
+      enable = true;
+      openFirewall = true;
+      torrentingPort = 43864;
+      webuiPort = 8123;
     };
   };
 }
diff --git a/modules/features/services/radicale.nix b/modules/features/services/radicale.nix
index 9971fa6..dcac3e6 100644
--- a/modules/features/services/radicale.nix
+++ b/modules/features/services/radicale.nix
@@ -1,33 +1,27 @@
-{ den, ... }:
 {
-  lux.services._.radicale = den.lib.perHost (
-    { host }:
+  flake.modules.nixos.radicale =
+    { ... }:
     {
-      nixos =
-        { config, ... }:
-        {
-          services.radicale = {
-            enable = true;
-            settings = {
-              server.hosts = [ "127.0.0.1:5232" ];
+      services.radicale = {
+        enable = true;
+        settings = {
+          server.hosts = [ "127.0.0.1:5232" ];
 
-              auth = {
-                type = "htpasswd";
-                htpasswd_filename = "/var/lib/radicale/users";
-                htpasswd_encryption = "bcrypt";
-              };
-
-              storage.filesystem_folder = "/var/lib/radicale/collections";
-            };
+          auth = {
+            type = "htpasswd";
+            htpasswd_filename = "/var/lib/radicale/users";
+            htpasswd_encryption = "bcrypt";
           };
 
-          services.caddy.virtualHosts."radicale.${host.serviceDomain}".extraConfig = ''
-            reverse_proxy :5232 {
-               header_up X-Script-Name /
-               header_up X-Forwarded-For {remote}
-               header_up X-Remote-User {http.auth.user.id}
-            }'';
+          storage.filesystem_folder = "/var/lib/radicale/collections";
         };
-    }
-  );
+      };
+
+      services.caddy.virtualHosts."radicale.jelles.net".extraConfig = ''
+        reverse_proxy :5232 {
+           header_up X-Script-Name /
+           header_up X-Forwarded-For {remote}
+           header_up X-Remote-User {http.auth.user.id}
+        }'';
+    };
 }
diff --git a/modules/features/services/vaultwarden.nix b/modules/features/services/vaultwarden.nix
index d224724..4f56f27 100644
--- a/modules/features/services/vaultwarden.nix
+++ b/modules/features/services/vaultwarden.nix
@@ -1,20 +1,19 @@
-{ den, ... }:
 {
-  lux.services._.vaultwarden = den.lib.perHost ({ host }: {
-    nixos = { config, ... }: {
+  flake.modules.nixos.vaultwarden =
+    { config, ... }:
+    {
       services.vaultwarden = {
         enable = true;
         backupDir = "/var/backup/vaultwarden";
         config = {
-          DOMAIN = "https://vault.${host.serviceDomain}";
+          DOMAIN = "https://vault.jelles.net";
           SIGNUPS_ALLOWED = false;
           ROCKET_PORT = 8100;
           ROCKET_LOG = "critical";
         };
       };
 
-      services.caddy.virtualHosts."vault.${host.serviceDomain}".extraConfig =
+      services.caddy.virtualHosts."vault.jelles.net".extraConfig =
         "reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}";
     };
-  });
 }
diff --git a/modules/features/shell.nix b/modules/features/shell.nix
index 0a9959c..8c206a1 100644
--- a/modules/features/shell.nix
+++ b/modules/features/shell.nix
@@ -1,184 +1,154 @@
-{ inputs, ... }:
 {
-  lux.shell = {
-    homeManager =
-      { lib, config, ... }:
-      {
-        home.sessionVariables = {
-          STARSHIP_CACHE = "${config.xdg.cacheHome}/starship";
-        };
+  flake.modules.homeManager.shell =
+    { lib, config, ... }:
+    {
+      home.sessionVariables = {
+        STARSHIP_CACHE = "${config.xdg.cacheHome}/starship";
+      };
 
-        # Delete zcompdump on config switch, so that we regenerate completions
-        home.activation = {
-          clearZshCompDump = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
-            rm -f "${config.programs.zsh.dotDir}"/.zcompdump*
-          '';
-        };
+      home.activation = {
+        clearZshCompDump = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
+          rm -f "${config.programs.zsh.dotDir}"/.zcompdump*
+        '';
+      };
 
-        programs.zsh = {
+      programs.zsh = {
+        enable = true;
+        dotDir = "${config.xdg.configHome}/zsh";
+
+        enableCompletion = true;
+        completionInit = ''
+          autoload -U compinit
+          compinit -C
+
+          ZCOMPDUMP="${config.programs.zsh.dotDir}/.zcompdump"
+          {
+            if [[ -s "$ZCOMPDUMP" && (! -s "''${ZCOMPDUMP}.zwc" || "$ZCOMPDUMP" -nt "''${ZCOMPDUMP}.zwc") ]]; then
+              zcompile "$ZCOMPDUMP"
+            fi
+          } &!
+        '';
+        autosuggestion.enable = true;
+
+        syntaxHighlighting = {
           enable = true;
-          dotDir = "${config.xdg.configHome}/zsh";
+          highlighters = [
+            "main"
+            "brackets"
+            "pattern"
+            "regexp"
+            "root"
+            "line"
+          ];
+        };
 
-          enableCompletion = true;
-          completionInit = ''
-            autoload -U compinit
-            compinit -C
+        historySubstringSearch.enable = true;
 
-            ZCOMPDUMP="${config.programs.zsh.dotDir}/.zcompdump"
-            # Compile it in the background
-            {
-              if [[ -s "$ZCOMPDUMP" && (! -s "''${ZCOMPDUMP}.zwc" || "$ZCOMPDUMP" -nt "''${ZCOMPDUMP}.zwc") ]]; then
-                zcompile "$ZCOMPDUMP"
-              fi
-            } &!
-          '';
-          autosuggestion.enable = true;
+        history = {
+          ignoreDups = true;
+          save = 10000;
+          size = 10000;
+          path = "${config.xdg.dataHome}/zsh_history";
+        };
 
-          syntaxHighlighting = {
-            enable = true;
-            highlighters = [
-              "main"
-              "brackets"
-              "pattern"
-              "regexp"
-              "root"
-              "line"
-            ];
+        profileExtra = lib.optionalString (config.home.sessionPath != [ ]) ''
+          export PATH="$PATH''${PATH:+:}${lib.concatStringsSep ":" config.home.sessionPath}"
+        '';
+
+        initContent = ''
+          bindkey -v
+
+          export KEYTIMEOUT=1
+
+          autoload -U history-search-end
+          zle -N history-beginning-search-backward-end history-search-end
+          zle -N history-beginning-search-forward-end history-search-end
+          bindkey "^[OA" history-beginning-search-backward-end
+          bindkey "^[OB" history-beginning-search-forward-end
+
+          zstyle ':completion:*' completer _extensions _complete _approximate
+          zstyle ':completion:*' use-cache on
+          zstyle ':completion:*' cache-path "$XDG_CACHE_HOME/zsh/.zcompcache"
+          zstyle ':completion:*' complete true
+          zstyle ':completion:*' complete-options true
+          zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=*' 'l:|=* r:|=*'
+          zstyle ':completion:*' keep-prefix true
+          zstyle ':completion:*' menu select
+          zstyle ':completion:*' list-grouped false
+          zstyle ':completion:*' list-separator '''
+          zstyle ':completion:*' group-name '''
+          zstyle ':completion:*' verbose yes
+          zstyle ':completion:*:matches' group 'yes'
+          zstyle ':completion:*:warnings' format '%F{red}%B-- No match for: %d --%b%f'
+          zstyle ':completion:*:messages' format '%d'
+          zstyle ':completion:*:corrections' format '%B%d (errors: %e)%b'
+          zstyle ':completion:*:descriptions' format '[%d]'
+          zstyle ':completion:*' list-colors ''${(s.:.)LS_COLORS}
+          zstyle ':completion:*:*:cd:*' tag-order local-directories directory-stack path-directories
+          zstyle ':completion:*:*:cd:*:directory-stack' menu yes select
+          zstyle ':completion:*:-tilde-:*' group-order 'named-directories' 'path-directories' 'users' 'expand'
+          zstyle ':completion:*:*:-command-:*:*' group-order aliases builtins functions commands
+          zstyle ':completion:*' special-dirs true
+          zstyle ':completion:*' squeeze-slashes true
+          zstyle ':completion:*' sort false
+          zstyle ":completion:*:git-checkout:*" sort false
+          zstyle ':completion:*' file-sort modification
+          zstyle ':completion:*:eza' sort false
+          zstyle ':completion:complete:*:options' sort false
+          zstyle ':completion:files' sort false
+        '';
+      };
+
+      programs.starship = {
+        enable = true;
+        enableZshIntegration = true;
+        settings = {
+          add_newline = true;
+
+          format = lib.concatStrings [
+            "$nix_shell"
+            "$hostname"
+            "$directory"
+            "$git_branch"
+            "$git_state"
+            "$git_status"
+            "$line_break"
+            "$character"
+          ];
+
+          directory = {
+            truncation_length = 99;
+            truncate_to_repo = false;
           };
 
-          historySubstringSearch.enable = true;
-
-          history = {
-            ignoreDups = true;
-            save = 10000;
-            size = 10000;
-            path = "${config.xdg.dataHome}/zsh_history";
+          nix_shell = {
+            format = "[$symbol]($style) ";
+            symbol = "🐚";
+            style = "";
           };
 
-          profileExtra = lib.optionalString (config.home.sessionPath != [ ]) ''
-            export PATH="$PATH''${PATH:+:}${lib.concatStringsSep ":" config.home.sessionPath}"
-          '';
-
-          initContent =
-            # bash
-            ''
-              bindkey -v
-
-              export KEYTIMEOUT=1
-
-              # search history based on what's typed in the prompt
-              autoload -U history-search-end
-              zle -N history-beginning-search-backward-end history-search-end
-              zle -N history-beginning-search-forward-end history-search-end
-              bindkey "^[OA" history-beginning-search-backward-end
-              bindkey "^[OB" history-beginning-search-forward-end
-
-              # General completion behavior
-              zstyle ':completion:*' completer _extensions _complete _approximate
-
-              # Use cache
-              zstyle ':completion:*' use-cache on
-              zstyle ':completion:*' cache-path "$XDG_CACHE_HOME/zsh/.zcompcache"
-
-              # Complete the alias
-              zstyle ':completion:*' complete true
-
-              # Autocomplete options
-              zstyle ':completion:*' complete-options true
-
-              # Completion matching control
-              zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=*' 'l:|=* r:|=*'
-              zstyle ':completion:*' keep-prefix true
-
-              # Group matches and describe
-              zstyle ':completion:*' menu select
-              zstyle ':completion:*' list-grouped false
-              zstyle ':completion:*' list-separator '''
-              zstyle ':completion:*' group-name '''
-              zstyle ':completion:*' verbose yes
-              zstyle ':completion:*:matches' group 'yes'
-              zstyle ':completion:*:warnings' format '%F{red}%B-- No match for: %d --%b%f'
-              zstyle ':completion:*:messages' format '%d'
-              zstyle ':completion:*:corrections' format '%B%d (errors: %e)%b'
-              zstyle ':completion:*:descriptions' format '[%d]'
-
-              # Colors
-              zstyle ':completion:*' list-colors ''${(s.:.)LS_COLORS}
-
-              # case insensitive tab completion
-              zstyle ':completion:*:*:cd:*' tag-order local-directories directory-stack path-directories
-              zstyle ':completion:*:*:cd:*:directory-stack' menu yes select
-              zstyle ':completion:*:-tilde-:*' group-order 'named-directories' 'path-directories' 'users' 'expand'
-              zstyle ':completion:*:*:-command-:*:*' group-order aliases builtins functions commands
-              zstyle ':completion:*' special-dirs true
-              zstyle ':completion:*' squeeze-slashes true
-
-              # Sort
-              zstyle ':completion:*' sort false
-              zstyle ":completion:*:git-checkout:*" sort false
-              zstyle ':completion:*' file-sort modification
-              zstyle ':completion:*:eza' sort false
-              zstyle ':completion:complete:*:options' sort false
-              zstyle ':completion:files' sort false
-            '';
-        };
-
-        programs.starship = {
-          enable = true;
-          enableZshIntegration = true;
-          settings = {
-            add_newline = true;
-
-            format = lib.concatStrings [
-              "$nix_shell"
-              "$hostname"
-              "$directory"
-              "$git_branch"
-              "$git_state"
-              "$git_status"
-              "$line_break"
-              "$character"
-            ];
-
-            directory = {
-              truncation_length = 99;
-              truncate_to_repo = false;
-            };
-
-            nix_shell = {
-              format = "[$symbol]($style) ";
-              symbol = "🐚";
-              style = "";
-            };
-
-            git_status = {
-              format = "[[(*$conflicted$untracked$modified$staged$renamed$deleted)](218)($ahead_behind$stashed)]($style)";
-              style = "cyan";
-              conflicted = "";
-              renamed = "";
-              deleted = "";
-              stashed = "≡";
-            };
-
-            git_state = {
-              format = "([$state( $progress_current/$progress_total)]($style)) ";
-              style = "bright-black";
-            };
-
-            line_break = {
-              disabled = false;
-            };
+          git_status = {
+            format = "[[(*$conflicted$untracked$modified$staged$renamed$deleted)](218)($ahead_behind$stashed)]($style)";
+            style = "cyan";
+            conflicted = "";
+            renamed = "";
+            deleted = "";
+            stashed = "≡";
           };
-        };
 
-        programs.eza = {
-          enable = true;
-        };
+          git_state = {
+            format = "([$state( $progress_current/$progress_total)]($style)) ";
+            style = "bright-black";
+          };
 
-        programs.fzf = {
-          enable = true;
-          enableZshIntegration = true;
+          line_break.disabled = false;
         };
       };
-  };
+
+      programs.eza.enable = true;
+      programs.fzf = {
+        enable = true;
+        enableZshIntegration = true;
+      };
+    };
 }
diff --git a/modules/features/sops-password.nix b/modules/features/sops-password.nix
deleted file mode 100644
index 961cdb8..0000000
--- a/modules/features/sops-password.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ den, ... }:
-{
-  lux.sops-password = den.lib.perUser (
-    { user, ... }:
-    {
-      nixos =
-        { config, ... }:
-        {
-          sops.secrets."hashed-password-${user.userName}".neededForUsers = true;
-          users.users.${user.userName}.hashedPasswordFile = config.sops.secrets."hashed-password-${user.userName}".path;
-        };
-    }
-  );
-}
diff --git a/modules/features/ssh.nix b/modules/features/ssh.nix
index eb647da..312329c 100644
--- a/modules/features/ssh.nix
+++ b/modules/features/ssh.nix
@@ -1,27 +1,20 @@
-{ den, ... }:
 {
-  lux.ssh = {
-    homeManager =
-      { config, ... }:
-      {
-        programs.ssh = {
-          enable = true;
-          enableDefaultConfig = false;
-          includes = [
-            config.sops.templates."ssh-config-orion".path
-          ];
-        };
-
-        sops.secrets."orion-ip" = { };
-        sops.templates."ssh-config-orion".content = ''
-          Host orion
-            HostName ${config.sops.placeholder."orion-ip"}
-            ForwardAgent yes
-        '';
+  flake.modules.homeManager.sshClient =
+    { config, ... }:
+    {
+      programs.ssh = {
+        enable = true;
+        enableDefaultConfig = false;
+        includes = [
+          config.sops.templates."ssh-config-orion".path
+        ];
       };
 
-    nixos.security.sudo.extraConfig = ''
-      Defaults env_keep+=SSH_AUTH_SOCK
-    '';
-  };
+      sops.secrets."orion-ip" = { };
+      sops.templates."ssh-config-orion".content = ''
+        Host orion
+          HostName ${config.sops.placeholder."orion-ip"}
+          ForwardAgent yes
+      '';
+    };
 }
diff --git a/modules/features/standard-boot.nix b/modules/features/standard-boot.nix
new file mode 100644
index 0000000..031b33e
--- /dev/null
+++ b/modules/features/standard-boot.nix
@@ -0,0 +1,20 @@
+{ ... }:
+{
+  flake.modules.nixos.standardBoot =
+    { pkgs, ... }:
+    {
+      boot = {
+        loader = {
+          efi.canTouchEfiVariables = true;
+          systemd-boot = {
+            enable = true;
+            consoleMode = "auto";
+            configurationLimit = 5;
+          };
+        };
+
+        tmp.cleanOnBoot = true;
+        kernelPackages = pkgs.linuxPackages_latest;
+      };
+    };
+}
diff --git a/modules/features/steam.nix b/modules/features/steam.nix
index bc60851..cfeb49d 100644
--- a/modules/features/steam.nix
+++ b/modules/features/steam.nix
@@ -1,13 +1,9 @@
 { ... }:
 {
-  lux.steam = {
-    nixos =
-      { pkgs, ... }:
-      {
-        programs.steam = {
-          enable = true;
-          protontricks.enable = true;
-        };
-      };
+  flake.modules.nixos.steam = {
+    programs.steam = {
+      enable = true;
+      protontricks.enable = true;
+    };
   };
 }
diff --git a/modules/features/syncthing.nix b/modules/features/syncthing.nix
index 5c16ad7..76eeb28 100644
--- a/modules/features/syncthing.nix
+++ b/modules/features/syncthing.nix
@@ -1,56 +1,41 @@
 {
-  den,
-  lib,
-  ...
-}:
-let
-  meshDevices = lib.listToAttrs (
-    lib.concatMap (
-      host:
-      lib.mapAttrsToList (
-        userName: user:
-        let
-          name = "${userName}@${host.name}";
-        in
-        {
-          inherit name;
-          value = {
-            inherit name;
-            id = user.syncthingId;
-          };
-        }
-      ) (lib.filterAttrs (_: u: u.syncthingId != null) host.users)
-    ) (lib.attrValues den.hosts.x86_64-linux)
-  );
-in
-{
-  lux.syncthing = den.lib.perUser (
-    { host, user }:
-    {
-      homeManager = {
-        services.syncthing = {
-          enable = true;
+  flake.modules.homeManager.syncthing =
+    { ... }:
+    let
+      syncthingMesh = {
+        "kiri@orion" = {
+          name = "kiri@orion";
+          id = "NNRNQKZ-OWPHSVA-B6KKBHE-SDYLSTV-7SVHGPR-NEWLKPL-4MWNJG4-G5FHUAI";
+        };
 
-          overrideDevices = true;
-          overrideFolders = true;
-
-          settings = {
-            folders = {
-              sync = {
-                path = "~/sync";
-                label = "sync";
-                devices = lib.attrNames meshDevices;
-              };
-              calibre = {
-                path = "~/calibre";
-                label = "calibre";
-                devices = lib.attrNames meshDevices;
-              };
-            };
-            devices = meshDevices;
-          };
+        "kiri@polaris" = {
+          name = "kiri@polaris";
+          id = "6HBAKXB-DB3B4H2-BODCAXF-KD23H5W-6X5LGLC-ZJHZHLG-7U7YMGO-BB6IXQ3";
         };
       };
-    }
-  );
+    in
+    {
+      services.syncthing = {
+        enable = true;
+
+        overrideDevices = true;
+        overrideFolders = true;
+
+        settings = {
+          folders = {
+            sync = {
+              path = "~/sync";
+              label = "sync";
+              devices = builtins.attrNames syncthingMesh;
+            };
+            calibre = {
+              path = "~/calibre";
+              label = "calibre";
+              devices = builtins.attrNames syncthingMesh;
+            };
+          };
+          devices = syncthingMesh;
+        };
+      };
+    };
 }
diff --git a/modules/features/system-base.nix b/modules/features/system-base.nix
index 2eb6195..f9b4b70 100644
--- a/modules/features/system-base.nix
+++ b/modules/features/system-base.nix
@@ -1,5 +1,5 @@
 {
-  lux.system-base.nixos = {
+  flake.modules.nixos.systemBase = {
     users.mutableUsers = false;
 
     services.dbus.implementation = "broker";
diff --git a/modules/features/terminal.nix b/modules/features/terminal.nix
index 2697259..3d93508 100644
--- a/modules/features/terminal.nix
+++ b/modules/features/terminal.nix
@@ -1,82 +1,65 @@
-{ inputs, ... }:
 {
-  lux.terminal = {
-    homeManager =
-      { pkgs, ... }:
-      {
-        xdg.terminal-exec = {
-          enable = true;
-          settings.default = [ "kitty.desktop" ];
-        };
-
-        programs.kitty = {
-          enable = true;
-          font = {
-            name = "JetBrains Mono";
-            size = 11;
-          };
-          settings = {
-            # Fonts
-            disable_ligatures = "always";
-
-            # Scrollback
-            scrollback_lines = 10000;
-
-            # Terminal bell
-            enable_audio_bell = false;
-
-            # Window layout
-            confirm_os_window_close = 0;
-            window_padding_width = 3;
-
-            # Advanced
-            update_check_interval = 0;
-          };
-          extraConfig = ''
-            ## name: Kanagawa
-            ## license: MIT
-            ## author: Tommaso Laurenzi
-            ## upstream: https://github.com/rebelot/kanagawa.nvim/
-
-            background #1F1F28
-            foreground #DCD7BA
-            selection_background #2D4F67
-            selection_foreground #C8C093
-            url_color #72A7BC
-            cursor #C8C093
-
-            # Tabs
-            active_tab_background #1F1F28
-            active_tab_foreground #C8C093
-            inactive_tab_background #1F1F28
-            inactive_tab_foreground #727169
-            #tab_bar_background #15161E
-
-            # normal
-            color0 #16161D
-            color1 #C34043
-            color2 #76946A
-            color3 #C0A36E
-            color4 #7E9CD8
-            color5 #957FB8
-            color6 #6A9589
-            color7 #C8C093
-
-            # bright
-            color8 #727169
-            color9 #E82424
-            color10 #98BB6C
-            color11 #E6C384
-            color12 #7FB4CA
-            color13 #938AA9
-            color14 #7AA89F
-            color15 #DCD7BA
-
-            # extended colors
-            color16 #FFA066
-            color17 #FF5D62
-          '';
-        };
+  flake.modules.homeManager.terminal =
+    { pkgs, ... }:
+    {
+      xdg.terminal-exec = {
+        enable = true;
+        settings.default = [ "kitty.desktop" ];
       };
-  };
+
+      programs.kitty = {
+        enable = true;
+        font = {
+          name = "JetBrains Mono";
+          size = 11;
+        };
+        settings = {
+          disable_ligatures = "always";
+          scrollback_lines = 10000;
+          enable_audio_bell = false;
+          confirm_os_window_close = 0;
+          window_padding_width = 3;
+          update_check_interval = 0;
+        };
+        extraConfig = ''
+          ## name: Kanagawa
+          ## license: MIT
+          ## author: Tommaso Laurenzi
+          ## upstream: https://github.com/rebelot/kanagawa.nvim/
+
+          background #1F1F28
+          foreground #DCD7BA
+          selection_background #2D4F67
+          selection_foreground #C8C093
+          url_color #72A7BC
+          cursor #C8C093
+
+          active_tab_background #1F1F28
+          active_tab_foreground #C8C093
+          inactive_tab_background #1F1F28
+          inactive_tab_foreground #727169
+
+          color0 #16161D
+          color1 #C34043
+          color2 #76946A
+          color3 #C0A36E
+          color4 #7E9CD8
+          color5 #957FB8
+          color6 #6A9589
+          color7 #C8C093
+
+          color8 #727169
+          color9 #E82424
+          color10 #98BB6C
+          color11 #E6C384
+          color12 #7FB4CA
+          color13 #938AA9
+          color14 #7AA89F
+          color15 #DCD7BA
+
+          color16 #FFA066
+          color17 #FF5D62
+        '';
+      };
+    };
 }
diff --git a/modules/features/theme.nix b/modules/features/theme.nix
index 932e378..915146b 100644
--- a/modules/features/theme.nix
+++ b/modules/features/theme.nix
@@ -1,54 +1,48 @@
 {
-  lux.theme = {
-    homeManager =
-      { config, pkgs, ... }:
-      {
-        home.pointerCursor = {
-          name = "phinger-cursors-light";
-          package = pkgs.phinger-cursors;
-          size = 24;
-          gtk.enable = true;
-        };
+  flake.modules.homeManager.theme =
+    { config, pkgs, ... }:
+    let
+      kanagawaThemeSrc = pkgs.fetchFromGitHub {
+        owner = "Fausto-Korpsvart";
+        repo = "Kanagawa-GKT-Theme";
+        rev = "55ca4ba249eba21f861b9866b71ab41bb8930318";
+        hash = "sha256-UdMoMx2DoovcxSp/zBZ3PRv/Qpj+prd0uPm1gmdak2E=";
+      };
 
-        gtk = {
-          enable = true;
-          gtk3.bookmarks = [
-            "sftp://orion Orion VPS"
-          ];
-          theme = {
-            name = "Kanagawa-BL-LB";
-            # Package in nixpkgs is outdated
-            package = pkgs.kanagawa-gtk-theme.overrideAttrs (oldAttrs: {
-              version = "unstable-2025-10-23";
-              src = pkgs.fetchFromGitHub {
-                owner = "Fausto-Korpsvart";
-                repo = "Kanagawa-GKT-Theme";
-                rev = "55ca4ba249eba21f861b9866b71ab41bb8930318";
-                hash = "sha256-UdMoMx2DoovcxSp/zBZ3PRv/Qpj+prd0uPm1gmdak2E=";
-              };
-            });
-          };
-          gtk4.theme = {
-            inherit (config.gtk.theme) name package;
-          };
-          iconTheme = {
-            name = "Kanagawa";
-            package = pkgs.kanagawa-icon-theme.overrideAttrs (oldAttrs: {
-              version = "unstable-2025-10-23";
-              src = pkgs.fetchFromGitHub {
-                owner = "Fausto-Korpsvart";
-                repo = "Kanagawa-GKT-Theme";
-                rev = "55ca4ba249eba21f861b9866b71ab41bb8930318";
-                hash = "sha256-UdMoMx2DoovcxSp/zBZ3PRv/Qpj+prd0uPm1gmdak2E=";
-              };
-            });
-          };
-        };
+      kanagawaOverride = {
+        version = "unstable-2025-10-23";
+        src = kanagawaThemeSrc;
+      };
+    in
+    {
+      home.pointerCursor = {
+        name = "phinger-cursors-light";
+        package = pkgs.phinger-cursors;
+        size = 24;
+        gtk.enable = true;
+      };
 
-        qt = {
-          enable = true;
-          platformTheme.name = "gtk3";
+      gtk = {
+        enable = true;
+        gtk3.bookmarks = [
+          "sftp://orion Orion VPS"
+        ];
+        theme = {
+          name = "Kanagawa-BL-LB";
+          package = pkgs.kanagawa-gtk-theme.overrideAttrs (_: kanagawaOverride);
+        };
+        gtk4.theme = {
+          inherit (config.gtk.theme) name package;
+        };
+        iconTheme = {
+          name = "Kanagawa";
+          package = pkgs.kanagawa-icon-theme.overrideAttrs (_: kanagawaOverride);
         };
       };
-  };
+
+      qt = {
+        enable = true;
+        platformTheme.name = "gtk3";
+      };
+    };
 }
diff --git a/modules/features/vicinae.nix b/modules/features/vicinae.nix
index f804220..45bc8a4 100644
--- a/modules/features/vicinae.nix
+++ b/modules/features/vicinae.nix
@@ -1,73 +1,60 @@
-{ inputs, ... }:
 {
-  lux.vicinae = {
-    homeManager =
-      { pkgs, ... }:
-      {
-        programs.vicinae = {
-          enable = true;
-          systemd.enable = true;
+  flake.modules.homeManager.vicinae =
+    { pkgs, inputs, ... }:
+    {
+      programs.vicinae = {
+        enable = true;
+        systemd.enable = true;
 
-          themes = {
-            kanagawa-wave = {
-              meta = {
-                version = 1;
-                name = "Kanagawa Wave";
-                description = "A dark theme inspired by the colors of the famous painting by Katsushika Hokusai.";
-                variant = "dark";
-                inherits = "vicinae-dark";
-              };
-              colors = {
-                core = {
-                  background = "#1F1F28";
-                  foreground = "#DCD7BA";
-                  secondary_background = "#16161D";
-                  border = "#2A2A37";
-                  accent = "#7E9CD8";
-                };
-                accents = {
-                  blue = "#7E9CD8";
-                  green = "#98BB6C";
-                  magenta = "#D27E99";
-                  orange = "#FFA066";
-                  purple = "#957FB8";
-                  red = "#E82424";
-                  yellow = "#E6C384";
-                  cyan = "#7AA89F";
-                };
-                input = {
-                  border_focus = "colors.core.accent";
-                };
-              };
-            };
+        themes.kanagawa-wave = {
+          meta = {
+            version = 1;
+            name = "Kanagawa Wave";
+            description = "A dark theme inspired by the colors of the famous painting by Katsushika Hokusai.";
+            variant = "dark";
+            inherits = "vicinae-dark";
           };
-
-          settings = {
-            theme = {
-              light.name = "kanagawa-wave";
-              dark.name = "kanagawa-wave";
+          colors = {
+            core = {
+              background = "#1F1F28";
+              foreground = "#DCD7BA";
+              secondary_background = "#16161D";
+              border = "#2A2A37";
+              accent = "#7E9CD8";
             };
+            accents = {
+              blue = "#7E9CD8";
+              green = "#98BB6C";
+              magenta = "#D27E99";
+              orange = "#FFA066";
+              purple = "#957FB8";
+              red = "#E82424";
+              yellow = "#E6C384";
+              cyan = "#7AA89F";
+            };
+            input.border_focus = "colors.core.accent";
           };
-
-          extensions = with inputs.vicinae-extensions.packages.${pkgs.stdenv.hostPlatform.system}; [
-            agenda
-            #bluetooth
-            brotab
-            #dbus
-            fuzzy-files
-            github
-            it-tools
-            niri
-            nix
-            podman
-            process-manager
-            pulseaudio
-            simple-bookmarks
-            ssh
-            #systemd
-          ];
         };
 
+        settings.theme = {
+          light.name = "kanagawa-wave";
+          dark.name = "kanagawa-wave";
+        };
+
+        extensions = with inputs.vicinae-extensions.packages.${pkgs.stdenv.hostPlatform.system}; [
+          agenda
+          brotab
+          fuzzy-files
+          github
+          it-tools
+          niri
+          nix
+          podman
+          process-manager
+          pulseaudio
+          simple-bookmarks
+          ssh
+        ];
       };
-  };
+    };
 }
diff --git a/modules/features/xdg.nix b/modules/features/xdg.nix
index 4be8305..2a86488 100644
--- a/modules/features/xdg.nix
+++ b/modules/features/xdg.nix
@@ -1,52 +1,45 @@
 {
-  lux.xdg = {
-    homeManager =
-      { config, pkgs, ... }:
-      let
-        homeDir = config.home.homeDirectory;
-        localDir = "${homeDir}/.local";
-        mediaDir = "${homeDir}/media";
-      in
-      {
-        xdg = {
+  flake.modules.homeManager.xdg =
+    { config, pkgs, ... }:
+    let
+      homeDir = config.home.homeDirectory;
+      localDir = "${homeDir}/.local";
+      mediaDir = "${homeDir}/media";
+    in
+    {
+      xdg = {
+        enable = true;
+
+        cacheHome = "${localDir}/cache";
+        configHome = "${homeDir}/.config";
+        dataHome = "${localDir}/share";
+        stateHome = "${localDir}/state";
+
+        userDirs = {
           enable = true;
+          createDirectories = true;
+          setSessionVariables = true;
 
-          cacheHome = "${localDir}/cache";
-          configHome = "${homeDir}/.config";
-          dataHome = "${localDir}/share";
-          stateHome = "${localDir}/state";
-
-          userDirs = {
-            enable = true;
-            createDirectories = true;
-            setSessionVariables = true;
-
-            download = "${homeDir}/downloads";
-            documents = "${homeDir}/documents";
-
-            # Organize into media folder
-            music = "${mediaDir}/music";
-            pictures = "${mediaDir}/images";
-            videos = "${mediaDir}/videos";
-
-            # Hide these
-            desktop = "${localDir}/desktop";
-            publicShare = "${localDir}/public";
-            templates = "${localDir}/templates";
-          };
-
-          mimeApps = {
-            enable = true;
-            defaultApplicationPackages = with pkgs; [
-              sioyek
-              imv
-              vivaldi
-              neovim
-              nautilus
-            ];
-          };
+          download = "${homeDir}/downloads";
+          documents = "${homeDir}/documents";
+          music = "${mediaDir}/music";
+          pictures = "${mediaDir}/images";
+          videos = "${mediaDir}/videos";
+          desktop = "${localDir}/desktop";
+          publicShare = "${localDir}/public";
+          templates = "${localDir}/templates";
+        };
 
+        mimeApps = {
+          enable = true;
+          defaultApplicationPackages = with pkgs; [
+            sioyek
+            imv
+            vivaldi
+            neovim
+            nautilus
+          ];
         };
       };
-  };
+    };
 }
diff --git a/modules/flake-parts.nix b/modules/flake-parts.nix
new file mode 100644
index 0000000..0de2a00
--- /dev/null
+++ b/modules/flake-parts.nix
@@ -0,0 +1,36 @@
+{
+  inputs,
+  config,
+  ...
+}:
+let
+  nixosModules = config.flake.modules.nixos;
+in
+{
+  imports = [ inputs.flake-parts.flakeModules.modules ];
+
+  systems = [ "x86_64-linux" ];
+
+  flake.nixosConfigurations = {
+    orion = inputs.nixpkgs.lib.nixosSystem {
+      specialArgs = { inherit inputs; };
+      modules = [ nixosModules.orion ];
+    };
+
+    polaris = inputs.nixpkgs.lib.nixosSystem {
+      specialArgs = { inherit inputs; };
+      modules = [ nixosModules.polaris ];
+    };
+
+    zenith = inputs.nixpkgs.lib.nixosSystem {
+      specialArgs = { inherit inputs; };
+      modules = [ nixosModules.zenith ];
+    };
+  };
+
+  perSystem =
+    { pkgs, ... }:
+    {
+      formatter = pkgs.nixfmt-tree;
+    };
+}
diff --git a/modules/hosts/orion/_disk.nix b/modules/hosts/orion/_disk.nix
new file mode 100644
index 0000000..f9ddc32
--- /dev/null
+++ b/modules/hosts/orion/_disk.nix
@@ -0,0 +1,51 @@
+{ inputs, lib, ... }:
+{
+  imports = [ inputs.disko.nixosModules.disko ];
+
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "pool";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg.pool = {
+      type = "lvm_vg";
+      lvs.root = {
+        size = "100%FREE";
+        content = {
+          type = "filesystem";
+          format = "ext4";
+          mountpoint = "/";
+          mountOptions = [ "defaults" ];
+        };
+      };
+    };
+  };
+}
diff --git a/modules/hosts/orion/_hardware.nix b/modules/hosts/orion/_hardware.nix
new file mode 100644
index 0000000..f8e495b
--- /dev/null
+++ b/modules/hosts/orion/_hardware.nix
@@ -0,0 +1,22 @@
+{ lib, modulesPath, ... }:
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "virtio_pci"
+    "virtio_scsi"
+    "sd_mod"
+    "sr_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/modules/hosts/orion/default.nix b/modules/hosts/orion/default.nix
index e5b8efd..289de9f 100644
--- a/modules/hosts/orion/default.nix
+++ b/modules/hosts/orion/default.nix
@@ -1,43 +1,70 @@
-{ den, lib, lux, ... }:
+{
+  inputs,
+  config,
+  ...
+}:
 let
-  lingerForUsers = den.lib.perHost (
-    { host, ... }:
-    {
-      nixos.users.users = lib.mapAttrs (_: _: {
-        linger = true;
-      }) host.users;
-    }
-  );
+  nixosModules = config.flake.modules.nixos;
 in
 {
-  den.aspects.orion = {
-    includes = (with lux.services._; [
-      caddy
-      openssh
-      vaultwarden
-      radicale
-      actual
-      gitea
-    ]) ++ [ lingerForUsers ];
-
-    nixos =
-      { pkgs, ... }:
-      {
-        environment.systemPackages = [
-          pkgs.kitty
-        ];
-
-        networking = {
-          firewall.enable = true;
-          firewall.allowPing = false;
-          nftables.enable = true;
-        };
-
-        # Use ssh authorization for sudo instead of password
-        security.pam = {
-          sshAgentAuth.enable = true;
-          services.sudo.sshAgentAuth = true;
-        };
+  flake.modules.nixos.orion =
+    { pkgs, ... }:
+    let
+      host = {
+        isServer = true;
       };
-  };
+    in
+    {
+      _module.args.host = host;
+
+      imports = [
+        inputs.home-manager.nixosModules.home-manager
+        nixosModules.sopsHost
+        nixosModules.caddy
+        nixosModules.openssh
+        nixosModules.vaultwarden
+        nixosModules.radicale
+        nixosModules.actual
+        nixosModules.gitea
+        nixosModules.kiri
+        ./_hardware.nix
+        ./_disk.nix
+      ];
+
+      system.stateVersion = "24.05";
+
+      home-manager = {
+        useGlobalPkgs = true;
+        backupFileExtension = "bak";
+        extraSpecialArgs = { inherit inputs; };
+      };
+
+      networking.hostName = "orion";
+
+      security.sudo.extraConfig = ''
+        Defaults env_keep+=SSH_AUTH_SOCK
+      '';
+
+      users.users.kiri = {
+        linger = true;
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAU2LydkXRTtNFY7oyX8JQURwXLVhB71DeK8XzrXeFX1 openpgp:0xA490D93A"
+        ];
+      };
+
+      environment.systemPackages = [
+        pkgs.kitty
+      ];
+
+      networking = {
+        firewall.enable = true;
+        firewall.allowPing = false;
+        nftables.enable = true;
+      };
+
+      security.pam = {
+        sshAgentAuth.enable = true;
+        services.sudo.sshAgentAuth = true;
+      };
+    };
 }
diff --git a/modules/hosts/orion/disk.nix b/modules/hosts/orion/disk.nix
deleted file mode 100644
index 3a4a64f..0000000
--- a/modules/hosts/orion/disk.nix
+++ /dev/null
@@ -1,63 +0,0 @@
-{ inputs, ... }:
-{
-  den.aspects.orion = {
-    nixos =
-      { lib, ... }:
-      {
-        imports = [ inputs.disko.nixosModules.disko ];
-
-        disko.devices = {
-          disk.disk1 = {
-            device = lib.mkDefault "/dev/sda";
-            type = "disk";
-            content = {
-              type = "gpt";
-              partitions = {
-                boot = {
-                  name = "boot";
-                  size = "1M";
-                  type = "EF02";
-                };
-                esp = {
-                  name = "ESP";
-                  size = "500M";
-                  type = "EF00";
-                  content = {
-                    type = "filesystem";
-                    format = "vfat";
-                    mountpoint = "/boot";
-                  };
-                };
-                root = {
-                  name = "root";
-                  size = "100%";
-                  content = {
-                    type = "lvm_pv";
-                    vg = "pool";
-                  };
-                };
-              };
-            };
-          };
-          lvm_vg = {
-            pool = {
-              type = "lvm_vg";
-              lvs = {
-                root = {
-                  size = "100%FREE";
-                  content = {
-                    type = "filesystem";
-                    format = "ext4";
-                    mountpoint = "/";
-                    mountOptions = [
-                      "defaults"
-                    ];
-                  };
-                };
-              };
-            };
-          };
-        };
-      };
-  };
-}
diff --git a/modules/hosts/orion/hardware.nix b/modules/hosts/orion/hardware.nix
deleted file mode 100644
index 1238734..0000000
--- a/modules/hosts/orion/hardware.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-# Do not modify this file!  It was generated by 'nixos-generate-config'
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/system.nix instead.
-{ ... }:
-{
-  den.aspects.orion = {
-    nixos =
-      {
-        config,
-        lib,
-        pkgs,
-        modulesPath,
-        ...
-      }:
-
-      {
-        imports = [
-          (modulesPath + "/profiles/qemu-guest.nix")
-        ];
-
-        boot.initrd.availableKernelModules = [
-          "ata_piix"
-          "uhci_hcd"
-          "virtio_pci"
-          "virtio_scsi"
-          "sd_mod"
-          "sr_mod"
-        ];
-        boot.initrd.kernelModules = [ ];
-        boot.kernelModules = [ ];
-        boot.extraModulePackages = [ ];
-
-        networking.useDHCP = lib.mkDefault true;
-
-        nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-      };
-  };
-}
diff --git a/modules/hosts/polaris/_hardware.nix b/modules/hosts/polaris/_hardware.nix
new file mode 100644
index 0000000..6eea03a
--- /dev/null
+++ b/modules/hosts/polaris/_hardware.nix
@@ -0,0 +1,44 @@
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "nvme"
+    "xhci_pci"
+    "ahci"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/bda7f8b9-2b3d-4190-8518-baa50490227e";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/26FE-CA37";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [ ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/modules/hosts/polaris/default.nix b/modules/hosts/polaris/default.nix
index fd5294b..77a61b2 100644
--- a/modules/hosts/polaris/default.nix
+++ b/modules/hosts/polaris/default.nix
@@ -1,72 +1,94 @@
-{ inputs, lux, ... }:
 {
-  den.aspects.polaris = {
-    includes = [ lux.bundles._.local-session ];
+  inputs,
+  config,
+  ...
+}:
+let
+  nixosModules = config.flake.modules.nixos;
+  homeModules = config.flake.modules.homeManager;
+in
+{
+  flake.modules.nixos.polaris =
+    {
+      config,
+      pkgs,
+      ...
+    }:
+    let
+      host = {
+        isServer = false;
+      };
+    in
+    {
+      _module.args.host = host;
 
-    provides.kiri = {
-      includes = with lux; [
-        bundles._.local-session-user
+      imports = [
+        nixosModules.desktopBase
+        nixosModules.steam
+        nixosModules.kiri
+        nixosModules.ergon
+        ./_hardware.nix
+      ]
+      ++ (with inputs.nixos-hardware.nixosModules; [
+        common-pc
+        common-pc-ssd
+        common-cpu-amd
+        common-gpu-amd
+      ]);
+
+      system.stateVersion = "24.05";
+
+      networking.hostName = "polaris";
+
+      home-manager.users.kiri.imports = with homeModules; [
+        nix
         bitwarden
         email
         pim
         mpv
-        sops-password
-        steam
+        niri
+        clipboard
+        localApps
+        qbittorrentClient
+        vicinae
+        xdg
+        theme
+        noctalia
       ];
-    };
 
-    provides.ergon = {
-      includes = with lux; [
-        sops-password
-      ];
-    };
-
-    nixos =
-      {
-        config,
-        pkgs,
-        ...
-      }:
-      {
-        imports = with inputs.nixos-hardware.nixosModules; [
-          common-pc
-          common-pc-ssd
-          common-cpu-amd
-          common-gpu-amd
-        ];
-
-        services.hardware.openrgb.enable = true;
-
-        boot = {
-          loader = {
-            efi.canTouchEfiVariables = true;
-            systemd-boot = {
-              enable = true;
-              consoleMode = "auto";
-              configurationLimit = 5;
-
-              # Convert boot entry to a more readable name.
-              extraInstallCommands = ''
-                ENTRIES="${config.boot.loader.efi.efiSysMountPoint}/loader/entries"
-                PROFILES="/nix/var/nix/profiles"
-
-                for file in "$ENTRIES"/nixos-generation-*.conf; do
-                  generation=$(${pkgs.coreutils}/bin/basename "$file" | ${pkgs.gnugrep}/bin/grep -o -E '[0-9]+')
-                  timestamp=$(${pkgs.coreutils}/bin/stat -c %y "$PROFILES/system-$generation-link" 2>/dev/null | ${pkgs.coreutils}/bin/cut -d. -f1)
-
-                  if [ -z "$timestamp" ]; then
-                    timestamp="Unknown Date"
-                  fi
-
-                  ${pkgs.gnused}/bin/sed -i "s/^version .*/version Generation $generation - $timestamp/" "$file"
-                done
-              '';
-            };
+      home-manager.users.kiri.programs.niri.settings.outputs = {
+        "LG Electronics LG ULTRAGEAR 103NTYT8R290" = {
+          "focus-at-startup" = true;
+          position = {
+            x = 0;
+            y = 0;
           };
+        };
 
-          tmp.cleanOnBoot = true;
-          kernelPackages = pkgs.linuxPackages_latest;
+        "LG Electronics LG ULTRAGEAR 103NTJJ8R332" = {
+          position = {
+            x = 2560;
+            y = 0;
+          };
         };
       };
-  };
+
+      services.hardware.openrgb.enable = true;
+
+      boot.loader.systemd-boot.extraInstallCommands = ''
+        ENTRIES="${config.boot.loader.efi.efiSysMountPoint}/loader/entries"
+        PROFILES="/nix/var/nix/profiles"
+
+        for file in "$ENTRIES"/nixos-generation-*.conf; do
+          generation=$(${pkgs.coreutils}/bin/basename "$file" | ${pkgs.gnugrep}/bin/grep -o -E '[0-9]+')
+          timestamp=$(${pkgs.coreutils}/bin/stat -c %y "$PROFILES/system-$generation-link" 2>/dev/null | ${pkgs.coreutils}/bin/cut -d. -f1)
+
+          if [ -z "$timestamp" ]; then
+            timestamp="Unknown Date"
+          fi
+
+          ${pkgs.gnused}/bin/sed -i "s/^version .*/version Generation $generation - $timestamp/" "$file"
+        done
+      '';
+    };
 }
diff --git a/modules/hosts/polaris/hardware.nix b/modules/hosts/polaris/hardware.nix
deleted file mode 100644
index 57d828a..0000000
--- a/modules/hosts/polaris/hardware.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{
-  den.aspects.polaris = {
-    nixos =
-      {
-        config,
-        lib,
-        modulesPath,
-        ...
-      }:
-
-      {
-        imports = [
-          (modulesPath + "/installer/scan/not-detected.nix")
-        ];
-
-        boot.initrd.availableKernelModules = [
-          "nvme"
-          "xhci_pci"
-          "ahci"
-          "usbhid"
-          "usb_storage"
-          "sd_mod"
-        ];
-        boot.initrd.kernelModules = [ ];
-        boot.kernelModules = [ "kvm-amd" ];
-        boot.extraModulePackages = [ ];
-
-        fileSystems."/" = {
-          device = "/dev/disk/by-uuid/bda7f8b9-2b3d-4190-8518-baa50490227e";
-          fsType = "ext4";
-        };
-
-        fileSystems."/boot" = {
-          device = "/dev/disk/by-uuid/26FE-CA37";
-          fsType = "vfat";
-          options = [
-            "fmask=0077"
-            "dmask=0077"
-          ];
-        };
-
-        swapDevices = [ ];
-
-        networking.useDHCP = lib.mkDefault true;
-
-        nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-        hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-      };
-  };
-}
diff --git a/modules/hosts/zenith/_hardware.nix b/modules/hosts/zenith/_hardware.nix
new file mode 100644
index 0000000..86a075e
--- /dev/null
+++ b/modules/hosts/zenith/_hardware.nix
@@ -0,0 +1,36 @@
+{ lib, modulesPath, ... }:
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "nvme"
+    "xhci_pci"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/6d8f6f33-c9d9-4e90-b496-d5b3ef5e9aeb";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/8797-B47E";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [ ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/modules/hosts/zenith/default.nix b/modules/hosts/zenith/default.nix
index f68c0b9..201b76b 100644
--- a/modules/hosts/zenith/default.nix
+++ b/modules/hosts/zenith/default.nix
@@ -1,48 +1,68 @@
-{ inputs, lux, ... }:
 {
-  den.aspects.zenith = {
-    includes = [ lux.bundles._.local-session ];
+  inputs,
+  config,
+  ...
+}:
+let
+  nixosModules = config.flake.modules.nixos;
+  homeModules = config.flake.modules.homeManager;
+in
+{
+  flake.modules.nixos.zenith =
+    { ... }:
+    let
+      host = {
+        isServer = false;
+      };
+    in
+    {
+      _module.args.host = host;
 
-    provides.kiri = {
-      includes = with lux; [
-        bundles._.local-session-user
+      imports = [
+        nixosModules.desktopBase
+        nixosModules.kiri
+        nixosModules.ergon
+        ./_hardware.nix
+        inputs.nixos-hardware.nixosModules.lenovo-yoga-7-14ARH7-amdgpu
+      ];
+
+      system.stateVersion = "24.05";
+
+      networking.hostName = "zenith";
+
+      home-manager.users.kiri.imports = with homeModules; [
+        nix
         bitwarden
         email
         pim
         mpv
-        sops-password
+        niri
+        clipboard
+        localApps
+        qbittorrentClient
+        vicinae
+        xdg
+        theme
+        noctalia
       ];
-    };
 
-    provides.ergon = {
-      includes = with lux; [
-        sops-password
-      ];
-    };
-
-    nixos =
-      { pkgs, ... }:
-      {
-        imports = [
-          inputs.nixos-hardware.nixosModules.lenovo-yoga-7-14ARH7-amdgpu
-        ];
-
-        boot = {
-          loader = {
-            efi.canTouchEfiVariables = true;
-            systemd-boot = {
-              enable = true;
-              consoleMode = "auto";
-              configurationLimit = 5;
-            };
+      home-manager.users.kiri.programs.niri.settings.outputs = {
+        "California Institute of Technology 0x1410 Unknown" = {
+          "focus-at-startup" = true;
+          position = {
+            x = 0;
+            y = 0;
+          };
+          scale = 1.5;
+          mode = {
+            width = 3072;
+            height = 1920;
+            refresh = 120.002;
           };
-
-          tmp.cleanOnBoot = true;
-          kernelPackages = pkgs.linuxPackages_latest;
         };
-
-        hardware.enableRedistributableFirmware = true;
-        services.fwupd.enable = true;
       };
-  };
+
+      hardware.enableRedistributableFirmware = true;
+      services.fwupd.enable = true;
+    };
 }
diff --git a/modules/hosts/zenith/hardware.nix b/modules/hosts/zenith/hardware.nix
deleted file mode 100644
index 508113b..0000000
--- a/modules/hosts/zenith/hardware.nix
+++ /dev/null
@@ -1,46 +0,0 @@
-{
-  den.aspects.zenith = {
-    nixos =
-      {
-        lib,
-        modulesPath,
-        ...
-      }:
-
-      {
-        imports = [
-          (modulesPath + "/installer/scan/not-detected.nix")
-        ];
-
-        boot.initrd.availableKernelModules = [
-          "nvme"
-          "xhci_pci"
-          "usb_storage"
-          "sd_mod"
-        ];
-        boot.initrd.kernelModules = [ ];
-        boot.kernelModules = [ "kvm-amd" ];
-        boot.extraModulePackages = [ ];
-
-        fileSystems."/" = {
-          device = "/dev/disk/by-uuid/6d8f6f33-c9d9-4e90-b496-d5b3ef5e9aeb";
-          fsType = "ext4";
-        };
-
-        fileSystems."/boot" = {
-          device = "/dev/disk/by-uuid/8797-B47E";
-          fsType = "vfat";
-          options = [
-            "fmask=0077"
-            "dmask=0077"
-          ];
-        };
-
-        swapDevices = [ ];
-
-        networking.useDHCP = lib.mkDefault true;
-
-        nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-      };
-  };
-}
diff --git a/modules/infra.nix b/modules/infra.nix
deleted file mode 100644
index 09ec50c..0000000
--- a/modules/infra.nix
+++ /dev/null
@@ -1,109 +0,0 @@
-let
-  serviceDomain = "jelles.net";
-  adminKeyPath = "/var/lib/sops/keys.txt";
-
-  sharedIdentity = {
-    realName = "Jelle Spreeuwenberg";
-    authorizedSshKeys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAU2LydkXRTtNFY7oyX8JQURwXLVhB71DeK8XzrXeFX1 openpgp:0xA490D93A"
-    ];
-  };
-
-  kiriAccount = sharedIdentity // {
-    emails = {
-      main = {
-        address = "mail@jelles.net";
-        primary = true;
-        kind = "mxrouting";
-      };
-      old = {
-        address = "mail@jellespreeuwenberg.nl";
-        kind = "mxrouting";
-      };
-      uni = {
-        address = "j.spreeuwenberg@student.tue.nl";
-        kind = "office365";
-      };
-      work = {
-        address = "jelle.spreeuwenberg@yookr.org";
-        kind = "office365";
-      };
-    };
-  };
-
-  ergonAccount = sharedIdentity // {
-    emails.work = {
-      address = "jelle.spreeuwenberg@yookr.org";
-      primary = true;
-      kind = "office365";
-    };
-  };
-in
-{
-  den.hosts.x86_64-linux = {
-    polaris = {
-      inherit serviceDomain;
-      sopsAdminKeyPath = adminKeyPath;
-      sopsAdminKeyUsers = [
-        "kiri"
-        "ergon"
-      ];
-      displays = {
-        "LG Electronics LG ULTRAGEAR 103NTYT8R290" = {
-          primary = true;
-          position.x = 0;
-          position.y = 0;
-        };
-
-        "LG Electronics LG ULTRAGEAR 103NTJJ8R332" = {
-          position.x = 2560;
-          position.y = 0;
-        };
-      };
-      users = {
-        kiri = kiriAccount // {
-          syncthingId = "6HBAKXB-DB3B4H2-BODCAXF-KD23H5W-6X5LGLC-ZJHZHLG-7U7YMGO-BB6IXQ3";
-        };
-        ergon = ergonAccount;
-      };
-    };
-
-    zenith = {
-      inherit serviceDomain;
-      sopsAdminKeyPath = adminKeyPath;
-      sopsAdminKeyUsers = [
-        "kiri"
-        "ergon"
-      ];
-      displays = {
-        "California Institute of Technology 0x1410 Unknown" = {
-          primary = true;
-          position.x = 0;
-          position.y = 0;
-          scale = 1.5;
-          mode = {
-            width = 3072;
-            height = 1920;
-            refresh = 120.002;
-          };
-        };
-      };
-      users = {
-        kiri = kiriAccount;
-        ergon = ergonAccount;
-      };
-    };
-
-    orion = {
-      inherit serviceDomain;
-      requiresSshRecovery = true;
-      sshRecoveryUsers = [ "kiri" ];
-      sopsHostSshKeyPath = "/etc/ssh/ssh_host_ed25519_key";
-      sopsAdminKeyPath = adminKeyPath;
-      sopsAdminKeyUsers = [ "kiri" ];
-      users.kiri = kiriAccount // {
-        syncthingId = "NNRNQKZ-OWPHSVA-B6KKBHE-SDYLSTV-7SVHGPR-NEWLKPL-4MWNJG4-G5FHUAI";
-      };
-    };
-  };
-}
diff --git a/modules/schema.nix b/modules/schema.nix
deleted file mode 100644
index f39382e..0000000
--- a/modules/schema.nix
+++ /dev/null
@@ -1,135 +0,0 @@
-{ lib, ... }:
-{
-  den.schema = {
-    user =
-      { config, ... }:
-      let
-        primaryEmailCount = builtins.length (lib.filter (email: email.primary) (builtins.attrValues config.emails));
-      in
-      {
-      options = {
-        realName = lib.mkOption {
-          type = lib.types.str;
-        };
-        authorizedSshKeys = lib.mkOption {
-          type = lib.types.listOf lib.types.str;
-          default = [ ];
-        };
-        emails = lib.mkOption {
-          type = lib.types.attrsOf (
-            lib.types.submodule (
-              { ... }:
-              {
-                options = {
-                  address = lib.mkOption {
-                    type = lib.types.str;
-                  };
-                  primary = lib.mkOption {
-                    type = lib.types.bool;
-                    default = false;
-                  };
-                  kind = lib.mkOption {
-                    type = lib.types.enum [
-                      "mxrouting"
-                      "office365"
-                    ];
-                  };
-                };
-              }
-            )
-          );
-          default = { };
-        };
-        syncthingId = lib.mkOption {
-          type = lib.types.nullOr lib.types.str;
-          default = null;
-        };
-      };
-      config = {
-        assertions = [
-          {
-            assertion = primaryEmailCount == 1;
-            message = "Each user must define exactly one primary email.";
-          }
-        ];
-        classes = lib.mkDefault [ "homeManager" ];
-      };
-    };
-    host = {
-      options = {
-        serviceDomain = lib.mkOption {
-          type = lib.types.str;
-        };
-        displays = lib.mkOption {
-          type = lib.types.attrsOf (
-            lib.types.submodule (
-              { ... }:
-              {
-                options = {
-                  position = lib.mkOption {
-                    type = lib.types.submodule {
-                      options = {
-                        x = lib.mkOption { type = lib.types.int; };
-                        y = lib.mkOption { type = lib.types.int; };
-                      };
-                    };
-                  };
-                  scale = lib.mkOption {
-                    type = lib.types.nullOr (lib.types.oneOf [
-                      lib.types.int
-                      lib.types.float
-                    ]);
-                    default = null;
-                  };
-                  primary = lib.mkOption {
-                    type = lib.types.bool;
-                    default = false;
-                  };
-                  mode = lib.mkOption {
-                    type = lib.types.nullOr (
-                      lib.types.submodule (
-                        { ... }:
-                        {
-                          options = {
-                            width = lib.mkOption { type = lib.types.int; };
-                            height = lib.mkOption { type = lib.types.int; };
-                            refresh = lib.mkOption {
-                              type = lib.types.nullOr lib.types.float;
-                              default = null;
-                            };
-                          };
-                        }
-                      )
-                    );
-                    default = null;
-                  };
-                };
-              }
-            )
-          );
-          default = { };
-        };
-        requiresSshRecovery = lib.mkOption {
-          type = lib.types.bool;
-          default = false;
-        };
-        sshRecoveryUsers = lib.mkOption {
-          type = lib.types.listOf lib.types.str;
-          default = [ ];
-        };
-        sopsHostSshKeyPath = lib.mkOption {
-          type = lib.types.nullOr lib.types.str;
-          default = null;
-        };
-        sopsAdminKeyPath = lib.mkOption {
-          type = lib.types.nullOr lib.types.str;
-          default = null;
-        };
-        sopsAdminKeyUsers = lib.mkOption {
-          type = lib.types.listOf lib.types.str;
-          default = [ ];
-        };
-      };
-    };
-  };
-}
diff --git a/modules/secrets/sops.nix b/modules/secrets/sops.nix
index 1cfab4a..3d3f9bb 100644
--- a/modules/secrets/sops.nix
+++ b/modules/secrets/sops.nix
@@ -1,85 +1,58 @@
-{ den, inputs, lib, ... }:
+{
+  inputs,
+  ...
+}:
 let
-  sopsReadersGroup = "sops-users";
+  sopsAdminKeyPath = "/var/lib/sops/keys.txt";
 in
 {
-  den.ctx.host.includes = [
-    (den.lib.perHost (
-      { host, ... }:
-      let
-        missingAdminUsers = lib.filter (userName: !(builtins.hasAttr userName host.users)) host.sopsAdminKeyUsers;
-        hasSharedAdminKey = host.sopsAdminKeyPath != null && host.sopsAdminKeyUsers != [ ];
-        adminKeyDir = if host.sopsAdminKeyPath == null then null else builtins.dirOf host.sopsAdminKeyPath;
-      in
-      {
-        nixos = {
-          imports = [ inputs.sops-nix.nixosModules.sops ];
+  flake.modules.nixos.sopsHost =
+    {
+      lib,
+      host ? {
+        isServer = false;
+      },
+      ...
+    }:
+    let
+      useHostSshKey = host.isServer;
+      useAdminKeyFile = !host.isServer;
+      adminKeyDir = builtins.dirOf sopsAdminKeyPath;
+    in
+    {
+      imports = [ inputs.sops-nix.nixosModules.sops ];
 
-          sops = {
-            defaultSopsFile = ./secrets.yaml;
-            age =
-              if host.sopsHostSshKeyPath != null then
-                {
-                  sshKeyPaths = [ host.sopsHostSshKeyPath ];
-                }
-              else
-                {
-                  keyFile = host.sopsAdminKeyPath;
-                };
+      sops = {
+        defaultSopsFile = ./secrets.yaml;
+        age =
+          lib.optionalAttrs useHostSshKey {
+            sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+          }
+          // lib.optionalAttrs useAdminKeyFile {
+            keyFile = sopsAdminKeyPath;
           };
+      };
 
-          users.groups = lib.optionalAttrs hasSharedAdminKey {
-            ${sopsReadersGroup} = { };
-          };
+      systemd.tmpfiles.rules = lib.optionals useAdminKeyFile [
+        "d ${adminKeyDir} 0750 root wheel -"
+        "z ${sopsAdminKeyPath} 0640 root wheel -"
+      ];
+    };
 
-          users.users = lib.genAttrs host.sopsAdminKeyUsers (_: {
-            extraGroups = [ sopsReadersGroup ];
-          });
+  flake.modules.homeManager.sopsAdmin =
+    {
+      pkgs,
+      ...
+    }:
+    {
+      imports = [ inputs.sops-nix.homeManagerModules.sops ];
 
-          systemd.tmpfiles.rules = lib.optionals hasSharedAdminKey [
-            "d ${adminKeyDir} 0750 root ${sopsReadersGroup} -"
-            "z ${host.sopsAdminKeyPath} 0640 root ${sopsReadersGroup} -"
-          ];
+      sops = {
+        defaultSopsFile = ./secrets.yaml;
+        age.keyFile = sopsAdminKeyPath;
+      };
 
-          assertions = [
-            {
-              assertion = host.sopsAdminKeyUsers == [ ] || host.sopsAdminKeyPath != null;
-              message = "Hosts with sopsAdminKeyUsers must set sopsAdminKeyPath.";
-            }
-            {
-              assertion = missingAdminUsers == [ ];
-              message =
-                "All sopsAdminKeyUsers must exist on the host. Missing: "
-                + lib.concatStringsSep ", " missingAdminUsers;
-            }
-          ];
-        };
-      }
-    ))
-  ];
-
-  den.ctx.user.includes = [
-    (den.lib.perUser (
-      { host, user, ... }:
-      if builtins.elem user.userName host.sopsAdminKeyUsers then
-        {
-          homeManager =
-            { pkgs, ... }:
-            {
-              imports = [ inputs.sops-nix.homeManagerModules.sops ];
-
-              sops = {
-                defaultSopsFile = ./secrets.yaml;
-                age.keyFile = host.sopsAdminKeyPath;
-              };
-
-              home.sessionVariables.SOPS_AGE_KEY_FILE = host.sopsAdminKeyPath;
-
-              home.packages = [ pkgs.sops ];
-            };
-        }
-      else
-        { }
-    ))
-  ];
+      home.sessionVariables.SOPS_AGE_KEY_FILE = sopsAdminKeyPath;
+      home.packages = [ pkgs.sops ];
+    };
 }
diff --git a/modules/users.nix b/modules/users.nix
new file mode 100644
index 0000000..c99fb79
--- /dev/null
+++ b/modules/users.nix
@@ -0,0 +1,85 @@
+{ config, ... }:
+let
+  homeModules = config.flake.modules.homeManager;
+
+  realName = "Jelle Spreeuwenberg";
+
+  accounts = {
+    kiri = {
+      homeDirectory = "/home/kiri";
+      gitEmail = "mail@jelles.net";
+      vaultEmail = "mail@jelles.net";
+      extraHomeImports = with homeModules; [ syncthing ];
+    };
+
+    ergon = {
+      homeDirectory = "/home/ergon";
+      gitEmail = "jelle.spreeuwenberg@yookr.org";
+      vaultEmail = "jelle.spreeuwenberg@yookr.org";
+      extraHomeImports = with homeModules; [ nix ];
+    };
+  };
+
+  mkUser =
+    { accountName }:
+    {
+      config,
+      pkgs,
+      ...
+    }:
+    let
+      account = accounts.${accountName};
+    in
+    {
+      sops.secrets."hashed-password-${accountName}".neededForUsers = true;
+
+      programs.zsh.enable = true;
+
+      users.users.${accountName} = {
+        name = accountName;
+        home = account.homeDirectory;
+        hashedPasswordFile = config.sops.secrets."hashed-password-${accountName}".path;
+        isNormalUser = true;
+        shell = pkgs.zsh;
+        extraGroups = [
+          "wheel"
+          "networkmanager"
+        ];
+      };
+
+      home-manager.users.${accountName} = {
+        home = {
+          username = accountName;
+          homeDirectory = account.homeDirectory;
+          stateVersion = "24.05";
+        };
+
+        imports =
+          with homeModules;
+          [
+            terminal
+            shell
+            neovim
+            sshClient
+            sopsAdmin
+            git
+            devTools
+            podman
+            gemini
+          ]
+          ++ account.extraHomeImports;
+
+        programs.git.settings.user = {
+          name = realName;
+          email = account.gitEmail;
+        };
+
+        programs.rbw.settings.email = account.vaultEmail;
+      };
+    };
+in
+{
+  flake.modules.nixos.kiri = mkUser { accountName = "kiri"; };
+
+  flake.modules.nixos.ergon = mkUser { accountName = "ergon"; };
+}
diff --git a/modules/users/ergon.nix b/modules/users/ergon.nix
deleted file mode 100644
index df1296e..0000000
--- a/modules/users/ergon.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ den, lux, ... }:
-{
-  den.aspects.ergon = {
-    includes = with lux; [
-      (den._.user-shell "zsh")
-      terminal
-      shell
-      neovim
-      ssh
-      bundles._.development
-      ({ user, ... }: {
-        nixos.users.users.${user.userName}.extraGroups = [
-          "wheel"
-          "networkmanager"
-        ];
-      })
-    ];
-  };
-}
diff --git a/modules/users/kiri.nix b/modules/users/kiri.nix
deleted file mode 100644
index 1fce75c..0000000
--- a/modules/users/kiri.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ den, lux, ... }:
-{
-  den.aspects.kiri = {
-    includes = with lux; [
-      den._.primary-user
-      (den._.user-shell "zsh")
-      syncthing
-      terminal
-      shell
-      neovim
-      ssh
-      bundles._.development
-    ];
-  };
-}