From 2388205a248f8c86ce267b2eaddd8348d6a59249 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Sun, 18 May 2025 16:26:46 +0200
Subject: [PATCH 01/10] chore(home): remove teams-for-linux

---
 home/felschr.nix | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/home/felschr.nix b/home/felschr.nix
index f5ee504..81884fd 100644
--- a/home/felschr.nix
+++ b/home/felschr.nix
@@ -56,9 +56,6 @@
     tabbed
     curtail
 
-    # work
-    teams-for-linux
-
     # dev & admin
     pods
     # gaphor

From b012eb8a6a639ebb321fe8b16b6183ac09e9f8ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Sun, 18 May 2025 16:27:26 +0200
Subject: [PATCH 02/10] feat(home): replace yubikey-manager-qt with
 yubioath-flutter

---
 home/felschr.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/home/felschr.nix b/home/felschr.nix
index 81884fd..d71d143 100644
--- a/home/felschr.nix
+++ b/home/felschr.nix
@@ -79,8 +79,7 @@
     raider
     gnome-obfuscate
     yubikey-manager
-    yubikey-manager-qt
-    # yubioath-flutter # TODO conflicts with fluffychat
+    yubioath-flutter
     magic-wormhole-rs
     warp
     # onionshare-gui

From 1ace6186cfcac08c06bf82e5456360751432661f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Sun, 18 May 2025 16:27:49 +0200
Subject: [PATCH 03/10] feat(home): replace warp with localsend &
 onionshare-gui

---
 home/felschr.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/home/felschr.nix b/home/felschr.nix
index d71d143..4654366 100644
--- a/home/felschr.nix
+++ b/home/felschr.nix
@@ -81,8 +81,8 @@
     yubikey-manager
     yubioath-flutter
     magic-wormhole-rs
-    warp
-    # onionshare-gui
+    localsend
+    onionshare-gui
     transmission_4-gtk
     unstable.qbittorrent
     fragments

From 418fc173e634dde00afa5866df186a13c8d843c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Sun, 18 May 2025 17:07:53 +0200
Subject: [PATCH 04/10] chore: upgrade to NixOS 25.05

---
 flake.lock                        |  16 ++---
 flake.nix                         |   4 +-
 home/browsers/firefox.nix         |   7 +-
 home/browsers/mullvad-browser.nix | 116 +++++++++++++++++-------------
 home/desktop/mimeapps.nix         |   4 +-
 home/felschr-server.nix           |   6 +-
 home/felschr-work.nix             |   6 +-
 home/felschr.nix                  |   6 +-
 home/shell/zellij.nix             |   5 +-
 home/shell/zsh.nix                |   2 +-
 home/signal.nix                   |   2 +-
 services/authelia.nix             |   3 +-
 system/fonts.nix                  |   2 +-
 system/sound.nix                  |   2 +-
 14 files changed, 99 insertions(+), 82 deletions(-)

diff --git a/flake.lock b/flake.lock
index cb3b0a6..e11f71c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -294,16 +294,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1747331121,
-        "narHash": "sha256-3MmiUN/jOHBHQUnjqzg6qKArc17j2OS6jisEppDY4g8=",
+        "lastModified": 1747556831,
+        "narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "1eec32f0efe3b830927989767a9e6ece0d82d608",
+        "rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-24.11",
+        "ref": "release-25.05",
         "repo": "home-manager",
         "type": "github"
       }
@@ -386,16 +386,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1747335874,
-        "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=",
+        "lastModified": 1747428706,
+        "narHash": "sha256-XVds9FkRrY59xRNNq14FNsFGqDiexXX/mlHcX4hPyyk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858",
+        "rev": "2e1496bf8652ff4af4e4d4737277f71e4a4f5cb2",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-24.11",
+        "ref": "nixos-25.05",
         "repo": "nixpkgs",
         "type": "github"
       }
diff --git a/flake.nix b/flake.nix
index 7d68912..7262eb3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -15,7 +15,7 @@ rec {
   };
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
 
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
 
@@ -29,7 +29,7 @@ rec {
     flake-utils.url = "github:numtide/flake-utils";
 
     home-manager = {
-      url = "github:nix-community/home-manager/release-24.11";
+      url = "github:nix-community/home-manager/release-25.05";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
diff --git a/home/browsers/firefox.nix b/home/browsers/firefox.nix
index 2b1dd05..7f551a3 100644
--- a/home/browsers/firefox.nix
+++ b/home/browsers/firefox.nix
@@ -65,15 +65,16 @@ in
       private = {
         id = 0;
         extraConfig = sharedExtraConfig;
-        extensions = commonExtensions;
+        extensions.packages = commonExtensions;
       };
       work = {
         id = 1;
         extraConfig = sharedExtraConfig;
-        extensions =
+        extensions.packages =
           commonExtensions
           ++ (with firefox-addons; [
-            bitwarden
+            # dashlane
+            # bitwarden
             react-devtools
             reduxdevtools
           ]);
diff --git a/home/browsers/mullvad-browser.nix b/home/browsers/mullvad-browser.nix
index d5d5bf2..f5614c7 100644
--- a/home/browsers/mullvad-browser.nix
+++ b/home/browsers/mullvad-browser.nix
@@ -50,124 +50,145 @@ let
   commonSearch = {
     force = true;
     # TODO defaults don't work
-    default = "Qwant";
-    privateDefault = "Qwant";
+    default = "qwant";
+    privateDefault = "qwant";
     order = [
-      "Qwant"
-      "Ecosia"
-      "DuckDuckGo"
-      "Startpage"
+      "qwant"
+      "ecosia"
+      "ddg"
+      "startpage"
       "kagi"
     ];
     engines = {
       # builtin
-      "Startpage".metaData.alias = "@s";
-      "DuckDuckGo".metaData.alias = "@d";
+      startpage.metaData.alias = "@s";
+      ddg.metaData.alias = "@d";
 
       # extra
-      "Qwant" = {
+      qwant = {
+        name = "Qwant";
         urls = [ { template = "https://www.qwant.com/?q={searchTerms}"; } ];
-        iconURL = "https://www.qwant.com/favicon.ico";
+        iconMapObj."16" = "https://www.qwant.com/favicon.ico";
         definedAliases = [ "@q" ];
       };
-      "Ecosia" = {
+      ecosia = {
+        name = "Ecosia";
         urls = [ { template = "https://www.ecosia.org/search?q={searchTerms}"; } ];
-        iconURL = "https://www.ecosia.org/favicon.ico";
+        iconMapObj."16" = "https://www.ecosia.org/favicon.ico";
         definedAliases = [ "@e" ];
       };
-      "kagi" = {
+      kagi = {
+        name = "Kagi";
         urls = [ { template = "https://kagi.com/search?q={searchTerms}"; } ];
-        iconURL = "https://kagi.com/favicon.ico";
+        iconMapObj."16" = "https://kagi.com/favicon.ico";
         definedAliases = [ "@k" ];
       };
-      "GitHub" = {
+      github = {
+        name = "GitHub";
         urls = [ { template = "https://github.com/search?q={searchTerms}"; } ];
-        iconURL = "https://github.com/favicon.ico";
+        iconMapObj."16" = "https://github.com/favicon.ico";
         definedAliases = [ "@gh" ];
       };
-      "GitLab" = {
+      gitlab = {
+        name = "GitLab";
         urls = [ { template = "https://gitlab.com/search?search={searchTerms}"; } ];
-        iconURL = "https://gitlab.com/favicon.ico";
+        iconMapObj."16" = "https://gitlab.com/favicon.ico";
         definedAliases = [ "@gl" ];
       };
-      "Codeberg" = {
+      codeberg = {
+        name = "Codeberg";
         urls = [ { template = "https://codeberg.org/explore/repos?q={searchTerms}"; } ];
-        iconURL = "https://codeberg.org/favicon.ico";
+        iconMapObj."16" = "https://codeberg.org/favicon.ico";
         definedAliases = [ "@cb" ];
       };
-      "Nix Packages" = {
+      nix-packages = {
+        name = "Nix Packages";
         urls = [ { template = "https://search.nixos.org/packages?query={searchTerms}"; } ];
         icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
         definedAliases = [ "@np" ];
       };
-      "NixOS Options" = {
+      nixos-options = {
+        name = "NixOS Options";
         urls = [ { template = "https://search.nixos.org/options?query={searchTerms}"; } ];
         icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
         definedAliases = [ "@no" ];
       };
-      "Nix Flakes: Packages" = {
+      nix-flakes-packages = {
+        name = "Nix Flakes: Packages";
         urls = [ { template = "https://search.nixos.org/flakes?type=packages&query={searchTerms}"; } ];
         icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
         definedAliases = [ "@nfp" ];
       };
-      "Nix Flakes: Options" = {
+      nix-flakes-options = {
+        name = "Nix Flakes: Options";
         urls = [ { template = "https://search.nixos.org/flakes?type=options&query={searchTerms}"; } ];
         icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
         definedAliases = [ "@nfo" ];
       };
-      "NixOS Wiki" = {
+      nixos-wiki = {
+        name = "NixOS Wiki";
         urls = [ { template = "https://wiki.nixos.org/w/index.php?search={searchTerms}"; } ];
         icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
         definedAliases = [ "@nw" ];
       };
-      "Crates.io" = {
+      crates-io = {
+        name = "Crates.io";
         urls = [ { template = "https://crates.io/search?q={searchTerms}"; } ];
-        iconURL = "https://crates.io/favicon.ico";
+        iconMapObj."16" = "https://crates.io/favicon.ico";
         definedAliases = [ "@rc" ];
       };
-      "Docs.rs" = {
+      docs-rs = {
+        name = "Docs.rs";
         urls = [ { template = "https://docs.rs/releases/search?query={searchTerms}"; } ];
-        iconURL = "https://docs.rs/favicon.ico";
+        iconMapObj."16" = "https://docs.rs/favicon.ico";
         definedAliases = [ "@rd" ];
       };
-      "Rust Book" = {
+      rust-book = {
+        name = "Rust Book";
         urls = [ { template = "https://doc.rust-lang.org/book/?search={searchTerms}"; } ];
-        iconURL = "https://doc.rust-lang.org/book/favicon.svg";
+        iconMapObj."16" = "https://doc.rust-lang.org/book/favicon.svg";
         definedAliases = [ "@rb" ];
       };
-      "Rust std" = {
+      rust-std = {
+        name = "Rust std";
         urls = [ { template = "https://doc.rust-lang.org/stable/std/?search={searchTerms}"; } ];
-        iconURL = "https://www.rust-lang.org/static/images/favicon.svg";
+        iconMapObj."16" = "https://www.rust-lang.org/static/images/favicon.svg";
         definedAliases = [ "@rs" ];
       };
-      "npm" = {
+      npm = {
+        name = "npm";
         urls = [ { template = "https://www.npmjs.com/search?q={searchTerms}"; } ];
-        iconURL = "https://static-production.npmjs.com/da3ab40fb0861d15c83854c29f5f2962.png";
+        iconMapObj."16" = "https://static-production.npmjs.com/da3ab40fb0861d15c83854c29f5f2962.png";
         definedAliases = [ "@npm" ];
       };
-      "PyPI" = {
+      pypi = {
+        name = "PyPI";
         urls = [ { template = "https://pypi.org/search/?q={searchTerms}"; } ];
-        iconURL = "https://pypi.org/favicon.ico";
+        iconMapObj."16" = "https://pypi.org/favicon.ico";
         definedAliases = [ "@pypi" ];
       };
-      "Stack Overflow" = {
+      stack-overflow = {
+        name = "Stack Overflow";
         urls = [ { template = "https://stackoverflow.com/search?q={searchTerms}"; } ];
-        iconURL = "https://cdn.sstatic.net/Sites/stackoverflow/Img/favicon.ico";
+        iconMapObj."16" = "https://cdn.sstatic.net/Sites/stackoverflow/Img/favicon.ico";
         definedAliases = [ "@so" ];
       };
-      "Wikipedia" = {
+      wikipedia = {
+        name = "Wikipedia";
         urls = [ { template = "https://en.wikipedia.org/wiki/{searchTerms}"; } ];
-        iconURL = "https://en.wikipedia.org/favicon.ico";
+        iconMapObj."16" = "https://en.wikipedia.org/favicon.ico";
         definedAliases = [ "@w" ];
       };
-      "Wolfram Alpha" = {
+      wolfram-alpha = {
+        name = "Wolfram Alpha";
         urls = [ { template = "https://www.wolframalpha.com/input?i={searchTerms}"; } ];
-        iconURL = "https://www.wolframalpha.com/_next/static/images/favicon_1zbE9hjk.ico";
+        iconMapObj."16" = "https://www.wolframalpha.com/_next/static/images/favicon_1zbE9hjk.ico";
         definedAliases = [ "@wa" ];
       };
-      "Reddit" = {
+      reddit = {
+        name = "Reddit";
         urls = [ { template = "https://www.reddit.com/search/?q={searchTerms}"; } ];
-        iconURL = "https://www.reddit.com/favicon.ico";
+        iconMapObj."16" = "https://www.reddit.com/favicon.ico";
         definedAliases = [ "@r" ];
       };
     };
@@ -191,13 +212,12 @@ in
         id = 0;
         settings = commonSettings;
         search = commonSearch;
-        extensions = commonExtensions;
+        extensions.packages = commonExtensions;
       };
       work = {
         id = 1;
         settings = commonSettings;
-        search = commonSearch;
-        extensions =
+        extensions.packages =
           commonExtensions
           ++ (with firefox-addons; [
             bitwarden
diff --git a/home/desktop/mimeapps.nix b/home/desktop/mimeapps.nix
index 901b0f1..d974caf 100644
--- a/home/desktop/mimeapps.nix
+++ b/home/desktop/mimeapps.nix
@@ -26,7 +26,7 @@ let
     pdf = [ "re.sonny.Junction.desktop" ] ++ browsers;
     ebook = [ "com.github.johnfactotum.Foliate.desktop" ];
     magnet = [ "transmission-gtk.desktop" ];
-    signal = [ "signal-desktop.desktop" ];
+    signal = [ "signal.desktop" ];
   };
 
   mimeMap = {
@@ -89,7 +89,7 @@ let
     pdf = [ "application/pdf" ];
     ebook = [ "application/epub+zip" ];
     magnet = [ "x-scheme-handler/magnet" ];
-    signal = [ "signal-desktop.desktop" ];
+    signal = [ "signal.desktop" ];
   };
 
   associations =
diff --git a/home/felschr-server.nix b/home/felschr-server.nix
index 068d8fb..fbaeeb2 100644
--- a/home/felschr-server.nix
+++ b/home/felschr-server.nix
@@ -26,9 +26,9 @@
     sshKeys = [ "3C48489F3B0FBB44E72180D4B1D7541C201C9987" ];
     defaultCacheTtl = 600;
     defaultCacheTtlSsh = 600;
-    pinentryPackage = pkgs.pinentry-curses;
+    pinentry.package = pkgs.pinentry-curses;
   };
-  programs.zsh.initExtra = ''
+  programs.zsh.initContent = ''
     export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh
   '';
 
@@ -44,5 +44,5 @@
     }
   '';
 
-  home.stateVersion = "24.11";
+  home.stateVersion = "25.05";
 }
diff --git a/home/felschr-work.nix b/home/felschr-work.nix
index 6d7011e..db68ce4 100644
--- a/home/felschr-work.nix
+++ b/home/felschr-work.nix
@@ -28,9 +28,9 @@ with pkgs;
     sshKeys = [ "8A6213DCDAF86BD3A63549FCFDF71B2C92DAE02C" ];
     defaultCacheTtl = 600;
     defaultCacheTtlSsh = 600;
-    pinentryPackage = pkgs.pinentry-gnome3;
+    pinentry.package = pkgs.pinentry-gnome3;
   };
-  programs.zsh.initExtra = ''
+  programs.zsh.initContent = ''
     export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh
   '';
 
@@ -75,5 +75,5 @@ with pkgs;
     emblem
   ];
 
-  home.stateVersion = "24.11";
+  home.stateVersion = "25.05";
 }
diff --git a/home/felschr.nix b/home/felschr.nix
index 4654366..b9b43b2 100644
--- a/home/felschr.nix
+++ b/home/felschr.nix
@@ -28,9 +28,9 @@
     ];
     defaultCacheTtl = 600;
     defaultCacheTtlSsh = 600;
-    pinentryPackage = pkgs.pinentry-gnome3;
+    pinentry.package = pkgs.pinentry-gnome3;
   };
-  programs.zsh.initExtra = ''
+  programs.zsh.initContent = ''
     export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh
   '';
 
@@ -96,5 +96,5 @@
     emblem
   ];
 
-  home.stateVersion = "24.11";
+  home.stateVersion = "25.05";
 }
diff --git a/home/shell/zellij.nix b/home/shell/zellij.nix
index 1555ef8..03c1740 100644
--- a/home/shell/zellij.nix
+++ b/home/shell/zellij.nix
@@ -4,6 +4,7 @@
   programs.zellij.enable = true;
   programs.zellij.package = pkgs.unstable.zellij;
   programs.zellij.enableZshIntegration = true;
+  programs.zellij.exitShellOnExit = true;
   programs.zellij.settings = {
     default_layout = "compact"; # or default
     default_mode = "normal";
@@ -17,8 +18,4 @@
       strider.path = "strider";
     };
   };
-
-  home.sessionVariables = {
-    ZELLIJ_AUTO_EXIT = "true";
-  };
 }
diff --git a/home/shell/zsh.nix b/home/shell/zsh.nix
index d997075..acd0cb2 100644
--- a/home/shell/zsh.nix
+++ b/home/shell/zsh.nix
@@ -29,7 +29,7 @@ in
         file = "share/zsh-history-substring-search/zsh-history-substring-search.zsh";
       }
     ];
-    initExtra = ''
+    initContent = ''
       export KEYTIMEOUT=1
 
       ZSH_AUTOSUGGEST_USE_ASYNC=1
diff --git a/home/signal.nix b/home/signal.nix
index 265d6f4..d355c37 100644
--- a/home/signal.nix
+++ b/home/signal.nix
@@ -4,7 +4,7 @@
   home.packages = with pkgs; [
     signal-desktop
     (makeAutostartItem {
-      name = "signal-desktop";
+      name = "signal";
       package = signal-desktop;
       prependExtraArgs = [ "--start-in-tray" ];
     })
diff --git a/services/authelia.nix b/services/authelia.nix
index ff8e4c3..011bfb1 100644
--- a/services/authelia.nix
+++ b/services/authelia.nix
@@ -100,8 +100,7 @@ in
     settings = {
       theme = "dark";
       server = {
-        host = "::1";
-        inherit port;
+        address = "tcp://[::1]:${toString port}";
       };
       default_2fa_method = "webauthn";
       default_redirection_url = "https://${domain}";
diff --git a/system/fonts.nix b/system/fonts.nix
index 496155b..b3fbb75 100644
--- a/system/fonts.nix
+++ b/system/fonts.nix
@@ -6,7 +6,7 @@
     noto-fonts-extra
     noto-fonts-cjk-sans
     noto-fonts-emoji
-    (nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
+    nerd-fonts.symbols-only
     fira-code
   ];
   fonts.fontconfig.defaultFonts = {
diff --git a/system/sound.nix b/system/sound.nix
index 75a1b7b..d9ef316 100644
--- a/system/sound.nix
+++ b/system/sound.nix
@@ -6,8 +6,8 @@
 }:
 
 {
-  hardware.pulseaudio.enable = false;
   security.rtkit.enable = true;
+  services.pulseaudio.enable = false;
   services.pipewire = {
     enable = true;
     alsa.enable = true;

From e34e0cae221f8abb2462151abe0894ecff73f54b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Sun, 18 May 2025 17:18:53 +0200
Subject: [PATCH 05/10] refactor(desktop): migrate from cosmic-nix to upstream
 NixOS module

---
 desktop/cosmic.nix |  6 ++--
 flake.lock         | 79 +---------------------------------------------
 flake.nix          |  7 ----
 3 files changed, 3 insertions(+), 89 deletions(-)

diff --git a/desktop/cosmic.nix b/desktop/cosmic.nix
index 6a8a1c0..335fe10 100644
--- a/desktop/cosmic.nix
+++ b/desktop/cosmic.nix
@@ -1,10 +1,8 @@
-{ inputs, lib, ... }:
+{ pkgs, lib, ... }:
 
 {
-  imports = [ inputs.nixos-cosmic.nixosModules.default ];
+  services.desktopManager.cosmic.enable = true;
 
-  # TODO at the moment COSMIC cannot be used alongside Gnome
-  # https://github.com/lilyinstarlight/nixos-cosmic/issues/17
   specialisation = {
     cosmic.configuration = {
       services.xserver.displayManager.gdm.enable = lib.mkForce false;
diff --git a/flake.lock b/flake.lock
index e11f71c..6e0a257 100644
--- a/flake.lock
+++ b/flake.lock
@@ -155,22 +155,6 @@
       }
     },
     "flake-compat_3": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1746162366,
-        "narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=",
-        "owner": "nix-community",
-        "repo": "flake-compat",
-        "rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-compat_4": {
       "flake": false,
       "locked": {
         "lastModified": 1696426674,
@@ -346,29 +330,6 @@
         "type": "github"
       }
     },
-    "nixos-cosmic": {
-      "inputs": {
-        "flake-compat": "flake-compat_3",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "nixpkgs-stable": "nixpkgs-stable",
-        "rust-overlay": "rust-overlay"
-      },
-      "locked": {
-        "lastModified": 1747566515,
-        "narHash": "sha256-mBT3EypUn1HZ5iRGDmZQPtVNYxQxnkIsasggSCndYjw=",
-        "owner": "lilyinstarlight",
-        "repo": "nixos-cosmic",
-        "rev": "93f3add95306179d15f8a6b1cfc87bfdc1702a33",
-        "type": "github"
-      },
-      "original": {
-        "owner": "lilyinstarlight",
-        "repo": "nixos-cosmic",
-        "type": "github"
-      }
-    },
     "nixos-hardware": {
       "locked": {
         "lastModified": 1747129300,
@@ -400,22 +361,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1747335874,
-        "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixpkgs-unstable": {
       "locked": {
         "lastModified": 1747327360,
@@ -472,7 +417,7 @@
     },
     "pre-commit-hooks": {
       "inputs": {
-        "flake-compat": "flake-compat_4",
+        "flake-compat": "flake-compat_3",
         "gitignore": "gitignore",
         "nixpkgs": [
           "nixpkgs"
@@ -502,7 +447,6 @@
         "flake-utils": "flake-utils",
         "home-manager": "home-manager_2",
         "matrix-appservices": "matrix-appservices",
-        "nixos-cosmic": "nixos-cosmic",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "nixpkgs-unstable": "nixpkgs-unstable",
@@ -511,27 +455,6 @@
         "pre-commit-hooks": "pre-commit-hooks"
       }
     },
-    "rust-overlay": {
-      "inputs": {
-        "nixpkgs": [
-          "nixos-cosmic",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1747535902,
-        "narHash": "sha256-rKWBtLcqQeu8PpfKIBn1ORXS2udSH/MwnQFwfSpFOLg=",
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "rev": "b7a99615d26b82c39b73ccc9026545c3f3403b71",
-        "type": "github"
-      },
-      "original": {
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "type": "github"
-      }
-    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,
diff --git a/flake.nix b/flake.nix
index 7262eb3..e7a3933 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,12 +4,10 @@ rec {
   nixConfig = {
     extra-substituters = [
       "https://nix-community.cachix.org"
-      "https://cosmic.cachix.org/"
       "https://felschr.cachix.org"
     ];
     extra-trusted-public-keys = [
       "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-      "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
       "felschr.cachix.org-1:raomy5XA2tsVkBoG6wo70ARIn+V24IXhWaSe3QZo12A="
     ];
   };
@@ -69,11 +67,6 @@ rec {
       flake = false;
     };
 
-    nixos-cosmic = {
-      url = "github:lilyinstarlight/nixos-cosmic";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     openwrt-imagebuilder = {
       url = "github:astro/nix-openwrt-imagebuilder";
       inputs.nixpkgs.follows = "nixpkgs";

From a04fca65d8aace5c0355fbfec9489b9115028a01 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Sun, 18 May 2025 17:24:44 +0200
Subject: [PATCH 06/10] feat(home): use home-manager's new flake module

---
 home/flake-module.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/home/flake-module.nix b/home/flake-module.nix
index 6722451..763fe14 100644
--- a/home/flake-module.nix
+++ b/home/flake-module.nix
@@ -17,6 +17,8 @@ let
     );
 in
 {
+  imports = [ inputs.home-manager.flakeModules.home-manager ];
+
   flake = {
     homeModules = {
       git = import ./modules/git.nix;

From f25ca7a488fc7735d9fb113d2060fff73723a5fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Sun, 18 May 2025 19:30:30 +0200
Subject: [PATCH 07/10] fix: share pkgs & overlays with home-manager

---
 flake.nix                     | 14 ++---------
 home/felschr-server.nix       |  6 -----
 home/felschr-work.nix         |  6 -----
 home/felschr.nix              |  6 -----
 home/flake-module.nix         | 47 ++++++++++++++++++++++++-----------
 home/modules/nixpkgs.nix      | 11 ++++++++
 hosts/home-pc/default.nix     |  2 --
 hosts/home-server/default.nix |  2 --
 overlays.nix                  | 14 -----------
 overlays/flake-module.nix     | 27 ++++++++++++++++++++
 system/nix.nix                |  2 ++
 11 files changed, 74 insertions(+), 63 deletions(-)
 create mode 100644 home/modules/nixpkgs.nix
 delete mode 100644 overlays.nix
 create mode 100644 overlays/flake-module.nix

diff --git a/flake.nix b/flake.nix
index e7a3933..c897492 100644
--- a/flake.nix
+++ b/flake.nix
@@ -75,12 +75,7 @@ rec {
   };
 
   outputs =
-    {
-      self,
-      nixpkgs,
-      nixpkgs-unstable,
-      ...
-    }@inputs:
+    inputs:
     inputs.flake-parts.lib.mkFlake { inherit inputs; } {
       systems = [
         "x86_64-linux"
@@ -91,7 +86,7 @@ rec {
         ./lib/flake-module.nix
         ./hosts/flake-module.nix
         ./home/flake-module.nix
-        ./overlays.nix
+        ./overlays/flake-module.nix
       ];
       flake = {
         inherit nixConfig;
@@ -110,11 +105,6 @@ rec {
           ...
         }:
         {
-          _module.args.pkgs = import nixpkgs {
-            inherit system;
-            config.allowUnfree = true;
-          };
-
           devShells.default = pkgs.mkShell { inherit (config.checks.pre-commit) shellHook; };
 
           checks = {
diff --git a/home/felschr-server.nix b/home/felschr-server.nix
index fbaeeb2..82c0de5 100644
--- a/home/felschr-server.nix
+++ b/home/felschr-server.nix
@@ -38,11 +38,5 @@
 
   programs.git.defaultProfile = "private";
 
-  xdg.configFile."nixpkgs/config.nix".text = ''
-    {
-      allowUnfree = true;
-    }
-  '';
-
   home.stateVersion = "25.05";
 }
diff --git a/home/felschr-work.nix b/home/felschr-work.nix
index db68ce4..43fd5e1 100644
--- a/home/felschr-work.nix
+++ b/home/felschr-work.nix
@@ -40,12 +40,6 @@ with pkgs;
     defaultProfile = "work";
   };
 
-  xdg.configFile."nixpkgs/config.nix".text = ''
-    {
-      allowUnfree = true;
-    }
-  '';
-
   home.packages = with pkgs; [
     fh
 
diff --git a/home/felschr.nix b/home/felschr.nix
index b9b43b2..49eb332 100644
--- a/home/felschr.nix
+++ b/home/felschr.nix
@@ -38,12 +38,6 @@
 
   programs.git.defaultProfile = "private";
 
-  xdg.configFile."nixpkgs/config.nix".text = ''
-    {
-      allowUnfree = true;
-    }
-  '';
-
   home.packages = with pkgs; [
     # system
     gparted
diff --git a/home/flake-module.nix b/home/flake-module.nix
index 763fe14..f6b54ac 100644
--- a/home/flake-module.nix
+++ b/home/flake-module.nix
@@ -1,26 +1,38 @@
 {
   self,
   inputs,
-  pkgs,
+  lib,
   ...
 }:
 
 let
-  createHomeConfig =
-    name: args:
-    inputs.home-manager.lib.homeManagerConfiguration (
-      {
-        inherit pkgs;
-        extraSpecialArgs = { inherit inputs; };
-      }
-      // args
-    );
+  mkHomeConfiguration =
+    {
+      user,
+      system,
+      modules,
+    }:
+    inputs.home-manager.lib.homeManagerConfiguration {
+      pkgs = self.pkgsFor system;
+      extraSpecialArgs = { inherit inputs; };
+
+      modules =
+        (with self.homeModules; [ nixpkgs ])
+        ++ [
+          {
+            home.username = user;
+            home.homeDirectory = "/home/${user}";
+          }
+        ]
+        ++ modules;
+    };
 in
 {
   imports = [ inputs.home-manager.flakeModules.home-manager ];
 
   flake = {
     homeModules = {
+      nixpkgs = import ./modules/nixpkgs.nix;
       git = import ./modules/git.nix;
       firefox = import ./modules/firefox/firefox.nix;
       tor-browser = import ./modules/firefox/tor-browser.nix;
@@ -32,26 +44,31 @@ in
       felschr-work = import ./felschr-work.nix;
     };
     homeConfigurations = {
-      felschr = createHomeConfig {
+      felschr = mkHomeConfiguration {
+        user = "felschr";
+        system = "x86_64-linux";
         modules = [
           self.homeModules.git
           self.homeModules.felschr
         ];
       };
-      felschr-server = createHomeConfig {
+      felschr-server = mkHomeConfiguration {
+        user = "felschr";
+        system = "x86_64-linux";
         modules = [
           self.homeModules.git
           self.homeModules.felschr-server
         ];
       };
-      felschr-work = createHomeConfig {
+      felschr-work = mkHomeConfiguration {
+        user = "felschr";
+        system = "x86_64-linux";
         modules = [
           self.homeModules.git
           self.homeModules.felschr-work
         ];
       };
     };
-    # HINT alias for deprecated output
-    homeManagerModules = self.homeModules;
+    homeManagerModules = lib.warn "`homeManagerModules` is deprecated. Use `homeModules` instead." self.homeModules;
   };
 }
diff --git a/home/modules/nixpkgs.nix b/home/modules/nixpkgs.nix
new file mode 100644
index 0000000..de2d9c2
--- /dev/null
+++ b/home/modules/nixpkgs.nix
@@ -0,0 +1,11 @@
+_:
+
+{
+  nixpkgs.config.allowUnfree = true;
+
+  xdg.configFile."nixpkgs/config.nix".text = ''
+    {
+      allowUnfree = true;
+    }
+  '';
+}
diff --git a/hosts/home-pc/default.nix b/hosts/home-pc/default.nix
index 7ff949f..2a26cfd 100644
--- a/hosts/home-pc/default.nix
+++ b/hosts/home-pc/default.nix
@@ -22,8 +22,6 @@
     ../../services/open-webui.nix
   ];
 
-  nixpkgs.config.allowUnfree = true;
-
   boot.loader.systemd-boot.memtest86.enable = true;
 
   # running binaries for other architectures
diff --git a/hosts/home-server/default.nix b/hosts/home-server/default.nix
index e8a4eda..e947b56 100644
--- a/hosts/home-server/default.nix
+++ b/hosts/home-server/default.nix
@@ -50,8 +50,6 @@ in
   age.secrets.cloudflare.file = ../../secrets/cloudflare.age;
   age.secrets.hostKey.file = ../../secrets/home-server/hostKey.age;
 
-  nixpkgs.config.allowUnfree = true;
-
   networking.domain = "home.felschr.com";
 
   networking.firewall.allowedTCPPorts = [
diff --git a/overlays.nix b/overlays.nix
deleted file mode 100644
index a317b32..0000000
--- a/overlays.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ inputs, ... }:
-
-{
-  flake = {
-    overlays.default = final: prev: {
-      unstable = import inputs.nixpkgs-unstable {
-        inherit (prev) system;
-        config.allowUnfree = true;
-      };
-      inherit (inputs.self.packages.${prev.system}) deconz brlaser;
-      vimPlugins = prev.vimPlugins // final.callPackage ./pkgs/vim-plugins { inherit inputs; };
-    };
-  };
-}
diff --git a/overlays/flake-module.nix b/overlays/flake-module.nix
new file mode 100644
index 0000000..93e5b19
--- /dev/null
+++ b/overlays/flake-module.nix
@@ -0,0 +1,27 @@
+{ self, inputs, ... }:
+
+{
+  flake = {
+    overlays.default = final: prev: {
+      unstable = import inputs.nixpkgs-unstable {
+        inherit (prev) system;
+        config.allowUnfree = true;
+      };
+      inherit (inputs.self.packages.${prev.system}) deconz brlaser;
+      vimPlugins = prev.vimPlugins // final.callPackage ../pkgs/vim-plugins { inherit inputs; };
+    };
+    pkgsFor =
+      system:
+      import inputs.nixpkgs {
+        inherit system;
+        overlays = [ self.overlays.default ];
+        config.allowUnfree = true;
+      };
+  };
+
+  perSystem =
+    { system, ... }:
+    {
+      _module.args.pkgs = self.pkgsFor system;
+    };
+}
diff --git a/system/nix.nix b/system/nix.nix
index 6cdf0c9..3a8a7f5 100644
--- a/system/nix.nix
+++ b/system/nix.nix
@@ -4,6 +4,8 @@ let
   inherit (inputs.self.outputs) nixConfig;
 in
 {
+  nixpkgs.config.allowUnfree = true;
+
   nix.gc = {
     automatic = true;
     dates = "04:00";

From cf42ef54d8acf25e4177fe4b8a58dec1c05f40ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Sun, 18 May 2025 19:42:46 +0200
Subject: [PATCH 08/10] chore: remove custom brlaser

NixOS 25.05 has switched to Owl-Maintain's fork of brlaser with the
latest release that includes the fix for my duplex printing issues.
---
 overlays/flake-module.nix |   2 +-
 pkgs/brlaser/default.nix  | 119 --------------------------------------
 pkgs/flake-module.nix     |   1 -
 3 files changed, 1 insertion(+), 121 deletions(-)
 delete mode 100644 pkgs/brlaser/default.nix

diff --git a/overlays/flake-module.nix b/overlays/flake-module.nix
index 93e5b19..8eabafb 100644
--- a/overlays/flake-module.nix
+++ b/overlays/flake-module.nix
@@ -7,7 +7,7 @@
         inherit (prev) system;
         config.allowUnfree = true;
       };
-      inherit (inputs.self.packages.${prev.system}) deconz brlaser;
+      inherit (inputs.self.packages.${prev.system}) deconz;
       vimPlugins = prev.vimPlugins // final.callPackage ../pkgs/vim-plugins { inherit inputs; };
     };
     pkgsFor =
diff --git a/pkgs/brlaser/default.nix b/pkgs/brlaser/default.nix
deleted file mode 100644
index 5b98d51..0000000
--- a/pkgs/brlaser/default.nix
+++ /dev/null
@@ -1,119 +0,0 @@
-{
-  lib,
-  stdenv,
-  fetchFromGitHub,
-  cmake,
-  zlib,
-  cups,
-  ...
-}:
-
-# maintained fork of brlaser with newer drivers (including Brother HL-L2370DN)
-stdenv.mkDerivation (finalAttrs: {
-  pname = "brlaser";
-  version = "6.2.6";
-
-  src = fetchFromGitHub {
-    owner = "Owl-Maintain";
-    repo = "brlaser";
-    rev = "v${finalAttrs.version}";
-    hash = "sha256-+W84s3Nulj0kz2h1WE7/QGysVylKkN/xNqcNvrQz6D8=";
-  };
-
-  nativeBuildInputs = [ cmake ];
-  buildInputs = [
-    zlib
-    cups
-  ];
-
-  cmakeFlags = [
-    "-DCUPS_SERVER_BIN=lib/cups"
-    "-DCUPS_DATA_DIR=share/cups"
-  ];
-
-  meta = with lib; {
-    description = "A CUPS driver for Brother laser printers";
-    longDescription = ''
-      While most Brother printers can use standard printer languages like PCL or PostScript, some models do not. If you have a monochrome Brother laser printer (or multi-function device) and the other open-source drivers are not working, brlaser might be able to help. Additionally, there have been reports of some non-Brother printers working with this driver.
-
-      The following printers have been reported to work with this driver:
-
-          Brother DCP-1510 series
-          Brother DCP-1600 series
-          Brother DCP-1610W series
-          Brother DCP-7020
-          Brother DCP-7030
-          Brother DCP-7040
-          Brother DCP-7055
-          Brother DCP-7055W
-          Brother DCP-7060D
-          Brother DCP-7065DN
-          Brother DCP-7070DW
-          Brother DCP-7080
-          Brother DCP-7080D
-          Brother DCP-8065DN
-          Brother DCP-L2500D series
-          Brother DCP-L2510D series
-          Brother DCP-L2520D series
-          Brother DCP-L2520DW series
-          Brother DCP-L2537DW
-          Brother DCP-L2540DW series
-          Brother DCP-L2550DW series
-          Brother FAX-2820
-          Brother FAX-2840
-          Brother HL-1110 series
-          Brother HL-1200 series
-          Brother HL-2030 series
-          Brother HL-2130 series
-          Brother HL-2140 series
-          Brother HL-2220 series
-          Brother HL-2230 series
-          Brother HL-2240D series
-          Brother HL-2250DN series
-          Brother HL-2260
-          Brother HL-2270DW series
-          Brother HL-2280DW
-          Brother HL-5030 series
-          Brother HL-5040 series
-          Brother HL-L2300D series
-          Brother HL-L2305 series
-          Brother HL-L2310D series
-          Brother HL-L2320D series
-          Brother HL-L2335D series
-          Brother HL-L2340D series
-          Brother HL-L2350DW series
-          Brother HL-L2360D series
-          Brother HL-L2370DN series
-          Brother HL-L2375DW series
-          Brother HL-L2380DW series
-          Brother HL-L2390DW
-          Brother HL-L5000D series
-          Brother MFC-1810 series
-          Brother MFC-1910W series
-          Brother MFC-7240
-          Brother MFC-7320
-          Brother MFC-7340
-          Brother MFC-7360N
-          Brother MFC-7365DN
-          Brother MFC-7420
-          Brother MFC-7440N
-          Brother MFC-7460DN
-          Brother MFC-7860DW
-          Brother MFC-8710DW
-          Brother MFC-8860DN
-          Brother MFC-9160
-          Brother MFC-L2700DN series
-          Brother MFC-L2700DW series
-          Brother MFC-L2710DN series
-          Brother MFC-L2710DW series
-          Brother MFC-L2750DW series
-          Fuji Xerox DocuPrint P265 dw
-          Lenovo LJ2650DN
-    '';
-    homepage = "https://github.com/Owl-Maintain/brlaser";
-    license = licenses.gpl2;
-    platforms = platforms.linux;
-    maintainers = with maintainers; [ felschr ];
-    changelog = "https://github.com/Owl-Maintain/brlaser/releases/tag/${finalAttrs.src.rStijnDWev}";
-  };
-})
diff --git a/pkgs/flake-module.nix b/pkgs/flake-module.nix
index 4dabd8b..b97b0fd 100644
--- a/pkgs/flake-module.nix
+++ b/pkgs/flake-module.nix
@@ -4,7 +4,6 @@
     { self', pkgs, ... }:
     {
       packages = {
-        brlaser = pkgs.callPackage ./brlaser { };
         deconz = pkgs.qt5.callPackage ./deconz { };
       };
 

From 3e711ad9981e54b5f261d334bc544abaaf93a722 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Sun, 18 May 2025 19:50:24 +0200
Subject: [PATCH 09/10] fix: ignore .envrc for shellcheck

---
 flake.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/flake.nix b/flake.nix
index c897492..30a3d2f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -112,7 +112,10 @@ rec {
               src = ./.;
               hooks = {
                 nixfmt-rfc-style.enable = true;
-                shellcheck.enable = true;
+                shellcheck = {
+                  enable = true;
+                  excludes = [ ".envrc" ];
+                };
               };
             };
           };

From 67fa717ca2b1f777269e326f2348e3e135225b7a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Sun, 18 May 2025 20:23:46 +0200
Subject: [PATCH 10/10] feat(scripts): improve create-gpg-key

---
 scripts/create-gpg-key | 42 ++++++++++++++++++++++++++++++------------
 1 file changed, 30 insertions(+), 12 deletions(-)

diff --git a/scripts/create-gpg-key b/scripts/create-gpg-key
index eac9946..31aeb09 100755
--- a/scripts/create-gpg-key
+++ b/scripts/create-gpg-key
@@ -1,21 +1,39 @@
-#! /usr/bin/env nix-shell
-#! nix-shell -i bash -p bash gnupg
+#! /usr/bin/env bash
 # shellcheck shell=bash
 
 set -euo pipefail
 
-EMAIL=$0
+read -rp 'enter email address: ' email
 
-# create master key
-gpg2 --quick-gen-key "Felix Schröter <$EMAIL>" ed25519 sign 1y
+echo "$email"
+
+# create main key
+gpg2 --quick-gen-key "Felix Schröter <$email>" ed25519 sign 1y || true
+
+keyid=$(gpg2 --list-keys --with-colons "$email" | grep "^pub:" | cut -d: -f5)
+fpr=$(gpg2 --list-keys --with-colons "$email" | grep "^fpr:" | cut -d: -f10)
 
 # create subkeys
-gpg2 --quick-add-key KEYID cv25519 encr 1y
-gpg2 --quick-add-key KEYID ed25519 auth 1y
-gpg2 --quick-add-key KEYID ed25519 sign 1y
+gpg2 --quick-add-key "$fpr" cv25519 encr 1y
+gpg2 --quick-add-key "$fpr" ed25519 auth 1y
+gpg2 --quick-add-key "$fpr" ed25519 sign 1y
 
-# for signing git commits use the sign subkey
-# and add the public sign subkey to GitHub/GitLab
+echo "created keys:"
+gpg2 --list-keys --with-subkey-fingerprint "$keyid"
 
-# show info
-gpg2 --list-keys --with-subkey-fingerprint
+sign=$(gpg2 --list-keys --with-colons "$email" | grep "::s::" -A 1)
+sign_keyid=$(echo "$sign" | grep "^sub:" | cut -d: -f5)
+
+auth=$(gpg2 --list-keys --with-colons "$email" | grep "::a::" -A 1)
+auth_keyid=$(echo "$auth" | grep "^sub:" | cut -d: -f5)
+
+pub_sign=$(gpg2 --armor --export "$sign_keyid!")
+pub_ssh=$(gpg2 --export-ssh-key "$auth_keyid")
+
+echo "public PGP key with signing subkey:"
+echo "$pub_sign"
+echo ""
+
+echo "public SSH key for authenticating with git forges:"
+echo "$pub_ssh"
+echo ""