diff --git a/flake.lock b/flake.lock
index 19527f2..3b9dee1 100644
--- a/flake.lock
+++ b/flake.lock
@@ -250,21 +250,6 @@
         "type": "github"
       }
     },
-    "flakey-profile": {
-      "locked": {
-        "lastModified": 1712898590,
-        "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
-        "owner": "lf-",
-        "repo": "flakey-profile",
-        "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "lf-",
-        "repo": "flakey-profile",
-        "type": "github"
-      }
-    },
     "gitignore": {
       "inputs": {
         "nixpkgs": [
@@ -328,43 +313,6 @@
         "type": "github"
       }
     },
-    "lix": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1751235704,
-        "narHash": "sha256-J4ycLoXHPsoBoQtEXFCelL4xlq5pT8U9tNWNKm43+YI=",
-        "rev": "1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6",
-        "type": "tarball",
-        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6.tar.gz?rev=1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz"
-      }
-    },
-    "lix-module": {
-      "inputs": {
-        "flake-utils": [
-          "flake-utils"
-        ],
-        "flakey-profile": "flakey-profile",
-        "lix": "lix",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1751240025,
-        "narHash": "sha256-SXUAlxpjPRkArRMHy5+Hdi+PiC+ND9yzzIjiaHmTvQU=",
-        "rev": "8b1094356f4723d6e89d3f8a95b333ee16d9ab02",
-        "type": "tarball",
-        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/8b1094356f4723d6e89d3f8a95b333ee16d9ab02.tar.gz?rev=8b1094356f4723d6e89d3f8a95b333ee16d9ab02"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.2-1.tar.gz"
-      }
-    },
     "matrix-appservices": {
       "inputs": {
         "devshell": "devshell",
@@ -520,7 +468,6 @@
         "flake-parts": "flake-parts",
         "flake-utils": "flake-utils",
         "home-manager": "home-manager_2",
-        "lix-module": "lix-module",
         "matrix-appservices": "matrix-appservices",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
diff --git a/flake.nix b/flake.nix
index dafa3ba..cf2c29e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -19,12 +19,6 @@ rec {
 
     nixos-hardware.url = "github:NixOS/nixos-hardware";
 
-    lix-module = {
-      url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.2-1.tar.gz";
-      inputs.nixpkgs.follows = "nixpkgs";
-      inputs.flake-utils.follows = "flake-utils";
-    };
-
     disko = {
       url = "github:nix-community/disko/latest";
       inputs.nixpkgs.follows = "nixpkgs";
diff --git a/home/flake-module.nix b/home/flake-module.nix
index 2849f00..7d46de3 100644
--- a/home/flake-module.nix
+++ b/home/flake-module.nix
@@ -21,7 +21,8 @@ let
           home.username = user;
           home.homeDirectory = "/home/${user}";
         }
-      ] ++ modules;
+      ]
+      ++ modules;
     };
 in
 {
diff --git a/home/modules/firefox/mkFirefoxModuleCompat.nix b/home/modules/firefox/mkFirefoxModuleCompat.nix
index e3cf8ea..3345953 100644
--- a/home/modules/firefox/mkFirefoxModuleCompat.nix
+++ b/home/modules/firefox/mkFirefoxModuleCompat.nix
@@ -29,7 +29,8 @@ let
       configPath = [
         "config"
         "content" # due to mkIf
-      ] ++ modulePath;
+      ]
+      ++ modulePath;
     in
     lib.updateManyAttrsByPath
       [
diff --git a/home/modules/firefox/mkFirefoxProfileBinModule.nix b/home/modules/firefox/mkFirefoxProfileBinModule.nix
index ebae797..4c3ff5a 100644
--- a/home/modules/firefox/mkFirefoxProfileBinModule.nix
+++ b/home/modules/firefox/mkFirefoxProfileBinModule.nix
@@ -33,7 +33,8 @@ let
         categories = [
           "Network"
           "WebBrowser"
-        ] ++ lib.optional isSecure "Security";
+        ]
+        ++ lib.optional isSecure "Security";
       };
     in
     pkgs.runCommand pname { } ''
diff --git a/lib/createUser.nix b/lib/createUser.nix
index 56f68d3..18c8ce3 100644
--- a/lib/createUser.nix
+++ b/lib/createUser.nix
@@ -35,7 +35,8 @@
             count = 60000000;
           }
         ];
-      } // user;
+      }
+      // user;
 
       home-manager = {
         useGlobalPkgs = true;
diff --git a/lib/openwrt.nix b/lib/openwrt.nix
index 271aba7..ee761ac 100644
--- a/lib/openwrt.nix
+++ b/lib/openwrt.nix
@@ -30,7 +30,8 @@ in
           "luci-ssl"
           "nextdns"
           "tailscale"
-        ] ++ packages;
+        ]
+        ++ packages;
 
         # TODO set up SSH config (register public keys, disable password login, ...)
         files = pkgs.runCommand "image-files" { } ''
diff --git a/modules/systemdNotify.nix b/modules/systemdNotify.nix
index 6a4c1d0..a4c3273 100644
--- a/modules/systemdNotify.nix
+++ b/modules/systemdNotify.nix
@@ -85,34 +85,32 @@ in
       }
     ];
 
-    systemd.services."notify@" =
-      {
-        onFailure = lib.mkForce [ ];
-      }
-      // optionalAttrs (cfg.method == "libnotify") {
-        description = "Desktop notifications for %i service failure";
-        environment = {
-          DBUS_SESSION_BUS_ADDRESS = "unix:path=/run/user/${
-            toString config.users.users.${cfg.libnotify.user}.uid
-          }/bus";
-          INSTANCE = "%i";
-        };
-        script = ''
-          ${pkgs.libnotify}/bin/notify-send --urgency=critical \
-            "Service '$INSTANCE' failed" \
-            "$(journalctl -n 6 -o cat -u $INSTANCE)"
-        '';
-        serviceConfig = {
-          Type = "oneshot";
-          User = cfg.libnotify.user;
-        };
-      }
-      // optionalAttrs (cfg.method == "email") {
-        description = "E-Mail notifications for %i service failure";
-        serviceConfig = {
-          ExecStart = "${sendmail} %i";
-          Type = "oneshot";
-        };
+    systemd.services."notify@" = {
+      onFailure = lib.mkForce [ ];
+    }
+    // optionalAttrs (cfg.method == "libnotify") {
+      description = "Desktop notifications for %i service failure";
+      environment = {
+        DISPLAY = ":0";
+        INSTANCE = "%i";
       };
+      script = ''
+        export DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(id -u '${cfg.libnotify.user}')/bus"
+        ${pkgs.libnotify}/bin/notify-send --app-name="$INSTANCE" --urgency=critical \
+          "Service '$INSTANCE' failed" \
+          "$(journalctl -n 6 -o cat -u $INSTANCE)"
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+        User = cfg.libnotify.user;
+      };
+    }
+    // optionalAttrs (cfg.method == "email") {
+      description = "E-Mail notifications for %i service failure";
+      serviceConfig = {
+        ExecStart = "${sendmail} %i";
+        Type = "oneshot";
+      };
+    };
   };
 }
diff --git a/services/restic/lib.nix b/services/restic/lib.nix
index 727b856..7b53de6 100644
--- a/services/restic/lib.nix
+++ b/services/restic/lib.nix
@@ -53,7 +53,8 @@ in
         # reduce download bandwidth
         "--max-unused 10%"
         "--repack-cacheable-only"
-      ] ++ extraPruneOpts;
+      ]
+      ++ extraPruneOpts;
     }
     // (removeAttrs args [
       "name"
diff --git a/system/nix.nix b/system/nix.nix
index 335dc93..ea9c489 100644
--- a/system/nix.nix
+++ b/system/nix.nix
@@ -10,15 +10,22 @@ let
   inherit (inputs.self.outputs) nixConfig;
 in
 {
-  imports = [
-    # TODO switch to lixFromNixpkgs once 2.93.2 is available
-    inputs.lix-module.nixosModules.default
-    # inputs.lix-module.nixosModules.lixFromNixpkgs
-  ];
-
   nixpkgs.config.allowUnfree = true;
 
+  nixpkgs.overlays = [
+    (final: prev: {
+      inherit (final.lixPackageSets.stable)
+        nixpkgs-review
+        nix-direnv
+        nix-eval-jobs
+        nix-fast-build
+        colmena
+        ;
+    })
+  ];
+
   nix = {
+    package = pkgs.lixPackageSets.stable.lix;
     settings = {
       trusted-users = [ "@wheel" ];
       substituters = nixConfig.extra-substituters;
diff --git a/system/vpn.nix b/system/vpn.nix
index 753708c..4b0e459 100644
--- a/system/vpn.nix
+++ b/system/vpn.nix
@@ -89,21 +89,20 @@ in
     wants = [ "tailscaled.service" ];
     wantedBy = [ "multi-user.target" ];
     serviceConfig.Type = "oneshot";
-    script =
-      ''
-        status=$(${config.systemd.package}/bin/systemctl show -P StatusText tailscaled.service)
-        if [[ $status != Connected* ]]; then
-          ${cfg.package}/bin/tailscale up
-        fi
+    script = ''
+      status=$(${config.systemd.package}/bin/systemctl show -P StatusText tailscaled.service)
+      if [[ $status != Connected* ]]; then
+        ${cfg.package}/bin/tailscale up
+      fi
 
-        # some options cannot be set immediately
-        ${cfg.package}/bin/tailscale up ${lib.escapeShellArgs cfg.extraUpFlags}
+      # some options cannot be set immediately
+      ${cfg.package}/bin/tailscale up ${lib.escapeShellArgs cfg.extraUpFlags}
 
-        ${cfg.package}/bin/tailscale cert ${tailnetHost}
-      ''
-      + lib.optionalString config.services.nginx.enable ''
-        chown nginx:nginx /var/lib/tailscale/certs/${tailnetHost}.{key,crt}
-      '';
+      ${cfg.package}/bin/tailscale cert ${tailnetHost}
+    ''
+    + lib.optionalString config.services.nginx.enable ''
+      chown nginx:nginx /var/lib/tailscale/certs/${tailnetHost}.{key,crt}
+    '';
   };
 
   services.nginx.virtualHosts.${tailnetHost} = {