fix: regenerate flake inputs for deploy

flk
fix(hosts): restore user home-manager wiring and refresh pi-harness deps hash
2026-03-29 18:17:27 +00:00 · 2026-03-29 18:17:27 +00:00 · 2026-03-29 18:17:27 +00:00 · 2026-03-29 18:17:27 +00:00 · 2026-03-29 18:17:27 +00:00 · 2026-03-29 18:17:27 +00:00
68 changed files with 1437 additions and 1108 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -5,7 +5,7 @@
 ### Local Development
 ```bash
 nix run .#build               # Build current host config
-nix run .#build -- <hostname> # Build specific host (chidi, jason, michael, tahani)
+nix run .#build -- <hostname> # Build specific host (chidi, janet, michael, tahani)
 nix run .#apply               # Build and apply locally (darwin-rebuild/nixos-rebuild switch)
 nix flake check               # Validate flake
 ```
@@ -62,7 +62,7 @@ alejandra .                   # Format all Nix files
 **Imports**: Auto-imported by import-tree; underscore-prefixed dirs (`_lib/`, `_darwin/`, etc.) are excluded from auto-import
-**Deployment**: deploy-rs for NixOS hosts (michael, tahani); darwin hosts (chidi, jason) are local-only
+**Deployment**: deploy-rs for NixOS hosts (michael, tahani); darwin hosts (chidi, janet) are local-only
 ### Nix Language Conventions
@@ -70,7 +70,7 @@ alejandra .                   # Format all Nix files
 ```nix
 {inputs, pkgs, lib, ...}:
 ```
-Destructure arguments on separate lines. Use `...` to capture remaining args.
+Use `...` to capture remaining args. Let Alejandra control the exact layout.
 **Attribute Sets**:
 ```nix
@@ -111,7 +111,6 @@ in {
  };
 }
 ```
 - Destructure args on separate lines
 - Use `with lib;` for brevity with NixOS lib functions
 - Define `cfg` for config options
 - Use `mkIf`, `mkForce`, `mkDefault` appropriately
@@ -129,7 +128,7 @@ in {
 ### Naming Conventions
 - **Aspect names**: `den.aspects.<name>.<class>` for feature configuration
- **Hostnames**: Lowercase, descriptive (e.g., `michael`, `tahani`, `chidi`, `jason`)
+- **Hostnames**: Lowercase, descriptive (e.g., `michael`, `tahani`, `chidi`, `janet`)
 - **Module files**: Descriptive, lowercase with hyphens (e.g., `neovim-config.nix`)
 ### Secrets Management
--- a/README.md
+++ b/README.md
@@ -5,15 +5,16 @@ Personal Nix flake for four machines:
 - `michael` - x86_64 Linux server
 - `tahani` - x86_64 Linux home server / workstation
 - `chidi` - aarch64 Darwin work laptop
- `jason` - aarch64 Darwin personal laptop
+- `janet` - aarch64 Darwin personal laptop
 ## Repository Map
 - `modules/` - flake-parts modules, auto-imported via `import-tree`
 - `modules/hosts/` - per-host composition modules
- `modules/hosts/_parts/` - host-private leaf modules like hardware, disks, and services
+- `modules/hosts/_parts/` - host-private leaf modules like hardware, disks, and literal networking
 - `modules/profiles/` - shared host and user profile bundles
 - `modules/_lib/` - local helper functions
 - `modules/_notability/`, `modules/_paperless/` - feature-owned scripts and templates
 - `apps/` - Nushell apps exposed through the flake
 - `secrets/` - SOPS-encrypted secrets
 - `flake.nix` - generated flake entrypoint
@@ -27,7 +28,8 @@ This repo uses `den` and organizes configuration around aspects instead of putti
 - the machine inventory lives in `modules/inventory.nix`
 - shared bundles live in `modules/profiles/{host,user}/`
 - host composition happens in `modules/hosts/<host>.nix`
- host-private imports live in `modules/hosts/_parts/<host>/`
+- host-private imports live in `modules/hosts/_parts/<host>/` and stay limited to true machine leaf files
 - feature-owned services live in top-level modules like `modules/gitea.nix`, `modules/notability.nix`, and `modules/paperless.nix`
 - user-level config mostly lives in Home Manager aspects
 Common examples:
@@ -35,6 +37,8 @@ Common examples:
 - `modules/core.nix` - shared Nix and shell foundation
 - `modules/dev-tools.nix` - VCS, language, and developer tooling
 - `modules/network.nix` - SSH, fail2ban, and tailscale aspects
 - `modules/gitea.nix` - Gitea, Litestream, and backup stack for `michael`
 - `modules/notability.nix` - Notability ingest services and user tooling for `tahani`
 - `modules/profiles/user/workstation.nix` - shared developer workstation user bundle
 - `modules/hosts/michael.nix` - server composition for `michael`
 - `modules/hosts/tahani.nix` - server/workstation composition for `tahani`
--- a/apps/aarch64-darwin/build
+++ b/apps/aarch64-darwin/build
@@ -3,17 +3,5 @@
 use ../common.nu *
 def main [hostname?: string, ...rest: string] {
-    let host = if ($hostname | is-empty) {
+	build-config "darwin" $hostname ...$rest
        try { scutil --get LocalHostName | str trim } catch { hostname -s | str trim }
    } else { $hostname }
    print_info $"Building configuration for ($host)"
    nix build $".#darwinConfigurations.($host).system" --show-trace ...$rest
    if ("./result" | path exists) {
        rm ./result
    }
    print_success "Build completed successfully"
 }
--- a/apps/aarch64-darwin/update
+++ b/apps/aarch64-darwin/update
@@ -1,21 +0,0 @@
 #!/usr/bin/env nu
 use ../common.nu *
 def main [...inputs: string] {
 	if ($inputs | is-empty) {
 		print_info "Updating all flake inputs"
 		nix flake update
 	} else {
 		print_info $"Updating flake inputs: ($inputs | str join ', ')"
 		nix flake update ...$inputs
 	}
 	print_info "Regenerating flake.nix"
 	nix run .#write-flake
 	print_info "Formatting"
 	alejandra .
 	print_success "Flake updated"
 }
--- a/apps/apply
+++ b/apps/apply
@@ -2,18 +2,8 @@
 use ./common.nu *
 def get-hostname [] {
 	if $nu.os-info.name == "macos" {
 		try { ^scutil --get LocalHostName | str trim } catch { ^hostname -s | str trim }
 	} else {
 		^hostname | str trim
 	}
 }
 def main [hostname?: string, ...rest: string] {
-	let host = if ($hostname | is-empty) {
+	let host = resolve-host $hostname
 		get-hostname
 	} else { $hostname }
 	print_info $"Applying configuration for ($host)"
--- a/apps/common.nu
+++ b/apps/common.nu
@@ -15,3 +15,58 @@ export def print_error [msg: string] {
 export def print_warning [msg: string] {
    print $"(ansi yellow)[WARN](ansi reset) ($msg)"
 }
 export def get-hostname [] {
 	if $nu.os-info.name == "macos" {
 		try { ^scutil --get LocalHostName | str trim } catch { ^hostname -s | str trim }
 	} else {
 		^hostname | str trim
 	}
 }
 export def resolve-host [hostname?: string] {
 	if ($hostname | is-empty) {
 		get-hostname
 	} else {
 		$hostname
 	}
 }
 export def cleanup-result-link [] {
 	if ("./result" | path exists) {
 		rm ./result
 	}
 }
 export def build-config [kind: string, hostname?: string, ...rest: string] {
 	let host = resolve-host $hostname
 	print_info $"Building configuration for ($host)"
 	if $kind == "darwin" {
 		nix build $".#darwinConfigurations.($host).system" --show-trace ...$rest
 	} else {
 		nix build $".#nixosConfigurations.($host).config.system.build.toplevel" --show-trace ...$rest
 	}
 	cleanup-result-link
 	print_success "Build completed successfully"
 }
 export def update-flake [inputs: list<string>] {
 	if ($inputs | is-empty) {
 		print_info "Updating all flake inputs"
 		nix flake update
 	} else {
 		print_info $"Updating flake inputs: ($inputs | str join ', ')"
 		nix flake update ...$inputs
 	}
 	print_info "Regenerating flake.nix"
 	nix run .#write-flake
 	print_info "Formatting"
 	alejandra .
 	print_success "Flake updated"
 }
--- a/apps/update
+++ b/apps/update
@@ -0,0 +1,7 @@
 #!/usr/bin/env nu
 use ./common.nu *
 def main [...inputs: string] {
 	update-flake $inputs
 }
--- a/apps/x86_64-linux/build
+++ b/apps/x86_64-linux/build
@@ -3,17 +3,5 @@
 use ../common.nu *
 def main [hostname?: string, ...rest: string] {
-    let host = if ($hostname | is-empty) {
+	build-config "nixos" $hostname ...$rest
        hostname | str trim
    } else { $hostname }
    print_info $"Building configuration for ($host)"
    nix build $".#nixosConfigurations.($host).config.system.build.toplevel" --show-trace ...$rest
    if ("./result" | path exists) {
        rm ./result
    }
    print_success "Build completed successfully"
 }
--- a/apps/x86_64-linux/update
+++ b/apps/x86_64-linux/update
@@ -1,21 +0,0 @@
 #!/usr/bin/env nu
 use ../common.nu *
 def main [...inputs: string] {
 	if ($inputs | is-empty) {
 		print_info "Updating all flake inputs"
 		nix flake update
 	} else {
 		print_info $"Updating flake inputs: ($inputs | str join ', ')"
 		nix flake update ...$inputs
 	}
 	print_info "Regenerating flake.nix"
 	nix run .#write-flake
 	print_info "Formatting"
 	alejandra .
 	print_success "Flake updated"
 }
--- a/flake.lock
+++ b/flake.lock
@@ -28,16 +28,16 @@
    "brew-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1769363988,
+        "lastModified": 1774235677,
-        "narHash": "sha256-BiGPeulrDVetXP+tjxhMcGLUROZAtZIhU5m4MqawCfM=",
+        "narHash": "sha256-0ryNYmzDAeRlrzPTAgmzGH/Cgc8iv/LBN6jWGUANvIk=",
        "owner": "Homebrew",
        "repo": "brew",
-        "rev": "d01011cac6d72032c75fd2cd9489909e95d9faf2",
+        "rev": "894a3d23ac0c8aaf561b9874b528b9cb2e839201",
        "type": "github"
      },
      "original": {
        "owner": "Homebrew",
-        "ref": "5.0.12",
+        "ref": "5.1.1",
        "repo": "brew",
        "type": "github"
      }
@@ -130,11 +130,11 @@
    },
    "den": {
      "locked": {
-        "lastModified": 1774498900,
+        "lastModified": 1774806415,
-        "narHash": "sha256-THw/ly8KvXGQ0EI+Nhu/Eo9w8w7wtgHhAeWpteNiz/Q=",
+        "narHash": "sha256-39wLrZ36BJrj31TF04RzdYkOk+8BYbw5+XKnY6p1bN8=",
        "owner": "vic",
        "repo": "den",
-        "rev": "eb92bbfdefd22b76fa5781e8adbeff42c4fe429e",
+        "rev": "25b8303f45d719f7052473d98907091bae9dd679",
        "type": "github"
      },
      "original": {
@@ -191,11 +191,11 @@
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
-        "lastModified": 1774510107,
+        "lastModified": 1774768700,
-        "narHash": "sha256-UDNmYHtwG73aNs48ng7x0i3BWv6lkSn5KHxkNi1ivbU=",
+        "narHash": "sha256-kc8QmtrXY6VyBS6Uayt1M9hzPXR7TfKng8r5WRH8Iw4=",
        "owner": "nix-community",
        "repo": "fenix",
-        "rev": "620b63b95c258486d2d381bc174fa7e73adf6462",
+        "rev": "6ccc56115c2c6901e40c1cd7a64c84ddbe09060a",
        "type": "github"
      },
      "original": {
@@ -282,11 +282,11 @@
    },
    "flake-file": {
      "locked": {
-        "lastModified": 1773637821,
+        "lastModified": 1774666175,
-        "narHash": "sha256-Cp1x/5/97iNjXOI5hLCA51BwR6hc1dWJiZp4VPogkTw=",
+        "narHash": "sha256-WaZxvtOvVNikiNTen2Emhds2RvzFCWIb7KU9C0eWrNA=",
        "owner": "vic",
        "repo": "flake-file",
-        "rev": "bb9fbe00ba6a1945fbdd6973c2585ab770f404b0",
+        "rev": "953d01f3ae5ba50869c5e1248062198f73e971bf",
        "type": "github"
      },
      "original": {
@@ -459,11 +459,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1774379316,
+        "lastModified": 1774738535,
-        "narHash": "sha256-0nGNxWDUH2Hzlj/R3Zf4FEK6fsFNB/dvewuboSRZqiI=",
+        "narHash": "sha256-2jfBEZUC67IlnxO5KItFCAd7Oc+1TvyV/jQlR+2ykGQ=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "1eb0549a1ab3fe3f5acf86668249be15fa0e64f7",
+        "rev": "769e07ef8f4cf7b1ec3b96ef015abec9bc6b1e2a",
        "type": "github"
      },
      "original": {
@@ -475,11 +475,11 @@
    "homebrew-cask": {
      "flake": false,
      "locked": {
-        "lastModified": 1774511321,
+        "lastModified": 1774803484,
-        "narHash": "sha256-W8rHd4rxUT7gwxLZ0i0VQbvIrosyau+H6Fa3nzXQAhA=",
+        "narHash": "sha256-D9rjYsI9pvWYMXUG4HcF2zxLSpwDUl5YVRSEwQGs8z4=",
        "owner": "homebrew",
        "repo": "homebrew-cask",
-        "rev": "58f83e03c227201b3eaa28a1f0413eb3cd8cbd98",
+        "rev": "2d36600de3dfb5da1c88bae7c2130615033f605e",
        "type": "github"
      },
      "original": {
@@ -491,11 +491,11 @@
    "homebrew-core": {
      "flake": false,
      "locked": {
-        "lastModified": 1774507765,
+        "lastModified": 1774806566,
-        "narHash": "sha256-YnUOneN3De1NdT0BhpZoLr1ROfphMQQ2ogpgG8ThfdQ=",
+        "narHash": "sha256-8tEiyTqJGcmR1wHsfkZReqMl/Vk+Uz0NdpsOPoeS/o4=",
        "owner": "homebrew",
        "repo": "homebrew-core",
-        "rev": "dc21b19f04878fb04b9ed3a3fa1deb203162ece7",
+        "rev": "0215c9b45ea483da06e0c026fa54d81c59001f6d",
        "type": "github"
      },
      "original": {
@@ -611,11 +611,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1774495900,
+        "lastModified": 1774806813,
-        "narHash": "sha256-3nR7HKulLSib37PWcWrfELuSrikFLiTqAqX2HQ9dV7g=",
+        "narHash": "sha256-fTa4qUu/ARkL+1aH8JYGe6l3LByzTNDJDACKcbTRnIk=",
        "owner": "numtide",
        "repo": "llm-agents.nix",
-        "rev": "3e06fd5f99381f8101c8e7b5a1473154dd0095cd",
+        "rev": "defffa94a67a4cdbc18ae5650f0b69e4b92391c8",
        "type": "github"
      },
      "original": {
@@ -655,11 +655,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1774483626,
+        "lastModified": 1774742707,
-        "narHash": "sha256-8VAX9GXNfv4eBj0qBEf/Rc2/E6G0SBEpuo2A5plw34I=",
+        "narHash": "sha256-a3FjZJxDOn0t18VwtIAgpNuUNaIEl6T+Awu5tXifQQw=",
        "owner": "nix-community",
        "repo": "neovim-nightly-overlay",
-        "rev": "5deaa19e80e1c0695f7fa8a16e13a704fd08f96e",
+        "rev": "7966a9c203276bea3b7e8dd2e125fd2b4c8b6753",
        "type": "github"
      },
      "original": {
@@ -671,11 +671,11 @@
    "neovim-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1774472446,
+        "lastModified": 1774725909,
-        "narHash": "sha256-Hp4A0llEmBvvNuw5uKOz+BA86X7TmXZ1vUK0StiMdVs=",
+        "narHash": "sha256-aOiiQCmjCrvo+jAUDO2oMa377FvOtU97aqvTm74ZRGU=",
        "owner": "neovim",
        "repo": "neovim",
-        "rev": "c9e961994b16ed841be43541ef550bf3d3f043ec",
+        "rev": "d5516daf121aa718e79bcd423ee24c24492893c0",
        "type": "github"
      },
      "original": {
@@ -689,11 +689,11 @@
        "brew-src": "brew-src"
      },
      "locked": {
-        "lastModified": 1769437432,
+        "lastModified": 1774720267,
-        "narHash": "sha256-8d7KnCpT2LweRvSzZYEGd9IM3eFX+A78opcnDM0+ndk=",
+        "narHash": "sha256-YYftFe8jyfpQI649yfr0E+dqEXE2jznZNcYvy/lKV1U=",
        "owner": "zhaofengli-wip",
        "repo": "nix-homebrew",
-        "rev": "a5409abd0d5013d79775d3419bcac10eacb9d8c5",
+        "rev": "a7760a3a83f7609f742861afb5732210fdc437ed",
        "type": "github"
      },
      "original": {
@@ -752,11 +752,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1773840656,
+        "lastModified": 1774610258,
-        "narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=",
+        "narHash": "sha256-HaThtroVD9wRdx7KQk0B75JmFcXlMUoEdDFNOMOlsOs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512",
+        "rev": "832efc09b4caf6b4569fbf9dc01bec3082a00611",
        "type": "github"
      },
      "original": {
@@ -768,11 +768,11 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1774511072,
+        "lastModified": 1774807110,
-        "narHash": "sha256-I3/ioUvXgXppizwI2rfmcZU8w7PHmU2tNz27tZTOib8=",
+        "narHash": "sha256-YR+T4/iT/UYB8dZ38Hb9n+qCBlYYx3wGSSiue6DFcRQ=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "11f32dd3f0be2df8c88fc539c627805bf3a9ff26",
+        "rev": "f39098836a87b4c554137aa462759762a6de6d86",
        "type": "github"
      },
      "original": {
@@ -837,11 +837,11 @@
        "systems": "systems_4"
      },
      "locked": {
-        "lastModified": 1774309640,
+        "lastModified": 1774802402,
-        "narHash": "sha256-8oWL7YLwElBY9ebYri1LlSlhf/gd1Qoqj0nbBwG2yso=",
+        "narHash": "sha256-L1UJ/zxKTyyaGGmytH6OYlgQ0HGSMhvPkvU+iz4Mkb8=",
        "owner": "nix-community",
        "repo": "nixvim",
-        "rev": "28c58bf023bf537354f78d6e496a349d7a0ed554",
+        "rev": "cbd8536a05d1aae2593cb5c9ace1010c8c5845cb",
        "type": "github"
      },
      "original": {
@@ -885,11 +885,11 @@
    "pi-harness": {
      "flake": false,
      "locked": {
-        "lastModified": 1774378950,
+        "lastModified": 1774794426,
-        "narHash": "sha256-TATerZDCk4mHCYxTf11jKPW9yPVvUDQP40RyvvoE5c8=",
+        "narHash": "sha256-pm1pfWAzDgRbgkdZwMMUOrlTXdcyRu/bUMrFeToPNEA=",
        "owner": "aliou",
        "repo": "pi-harness",
-        "rev": "9a55e78b0650f63d368208d16e0d0fd7ba1e64a3",
+        "rev": "5f4836a60ae6f562fe1f0b69c2ab5a8edc1bdc0b",
        "type": "github"
      },
      "original": {
@@ -901,16 +901,15 @@
    "pi-mcp-adapter": {
      "flake": false,
      "locked": {
-        "lastModified": 1773642170,
+        "lastModified": 1774247177,
-        "narHash": "sha256-E6Kf+OyTN/pF8pKADJO0B1+buAPqNcXnZl9ssZwSP8U=",
+        "narHash": "sha256-HTexm+b+UUbJD4qwIqlNcVPhF/G7/MtBtXa0AdeztbY=",
        "owner": "nicobailon",
        "repo": "pi-mcp-adapter",
-        "rev": "01ba9a4e86bd16d895db319b913d73754a473acb",
+        "rev": "c0919a29d263c2058c302641ddb04769c21be262",
        "type": "github"
      },
      "original": {
        "owner": "nicobailon",
        "ref": "v2.2.0",
        "repo": "pi-mcp-adapter",
        "type": "github"
      }
@@ -953,11 +952,11 @@
        "nixpkgs": "nixpkgs_7"
      },
      "locked": {
-        "lastModified": 1773490238,
+        "lastModified": 1774742449,
-        "narHash": "sha256-13jhDU2wt4/SNR8oblwP6URr4SEVgMS6roiOpQEWQiY=",
+        "narHash": "sha256-x6+O8KX2LVqL49MLZsvyENITC5pY+IiTrI59OSwxurU=",
        "owner": "tobi",
        "repo": "qmd",
-        "rev": "2b8f329d7e4419af736a50e917057f685ad41110",
+        "rev": "1fb2e2819e4024045203b4ea550ec793683baf2b",
        "type": "github"
      },
      "original": {
@@ -1008,11 +1007,11 @@
    "rust-analyzer-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1774454876,
+        "lastModified": 1774569884,
-        "narHash": "sha256-bwkM8HseUs/22x+hy6FWvJMP6q/2CKBrm4sYxz9rMY8=",
+        "narHash": "sha256-E8iWEPzg7OnE0XXXjo75CX7xFauqzJuGZ5wSO9KS8Ek=",
        "owner": "rust-lang",
        "repo": "rust-analyzer",
-        "rev": "9253d39eab8b9c9da3c1412fc94764e01d55a02b",
+        "rev": "443ddcddd0c73b07b799d052f5ef3b448c2f3508",
        "type": "github"
      },
      "original": {
@@ -1084,11 +1083,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1774303811,
+        "lastModified": 1774760784,
-        "narHash": "sha256-fhG4JAcLgjKwt+XHbjs8brpWnyKUfU4LikLm3s0Q/ic=",
+        "narHash": "sha256-D+tgywBHldTc0klWCIC49+6Zlp57Y4GGwxP1CqfxZrY=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "614e256310e0a4f8a9ccae3fa80c11844fba7042",
+        "rev": "8adb84861fe70e131d44e1e33c426a51e2e0bfa5",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -81,7 +81,7 @@
 			flake = false;
 		};
 		pi-mcp-adapter = {
-			url = "github:nicobailon/pi-mcp-adapter/v2.2.0";
+			url = "github:nicobailon/pi-mcp-adapter";
 			flake = false;
 		};
 		pi-rose-pine = {
--- a/modules/_darwin/dock.nix
+++ b/modules/_darwin/dock.nix
@@ -6,7 +6,9 @@
 }:
 with lib; let
 	cfg = config.local.dock;
-	inherit (pkgs) stdenv dockutil;
+	inherit (pkgs) dockutil stdenv;
 	local = import ../_lib/local.nix;
 	userHome = "/Users/${local.user.name}";
 in {
 	options = {
 		local.dock = {
@@ -37,7 +39,7 @@ in {
 								};
 							});
 					default = [
-						{path = "/Applications/Helium.app/";}
+						{path = "/Applications/Safari.app/";}
 						{path = "/Applications/Ghostty.app/";}
 						{path = "/System/Applications/Calendar.app/";}
 						{path = "/System/Applications/Mail.app/";}
@@ -45,7 +47,7 @@ in {
 						{path = "/System/Applications/Music.app/";}
 						{path = "/System/Applications/System Settings.app/";}
 						{
-							path = "/Users/cschmatzler/Downloads";
+							path = "${userHome}/Downloads";
 							section = "others";
 							options = "--sort name --view grid --display stack";
 						}
@@ -56,7 +58,7 @@ in {
 				mkOption {
 					description = "Username to apply the dock settings to";
 					type = types.str;
-					default = "cschmatzler";
+					default = local.user.name;
 				};
 		};
 	};
--- a/modules/_lib/caddy.nix
+++ b/modules/_lib/caddy.nix
@@ -0,0 +1,19 @@
 let
 	local = import ./local.nix;
 in {
 	inherit (local) tailscaleHost;
 	mkTailscaleVHost = {
 		name,
 		configText,
 	}: {
 		"${local.tailscaleHost name}" = {
 			extraConfig = ''
 				tls {
 					get_certificate tailscale
 				}
 				${configText}
 			'';
 		};
 	};
 }
--- a/modules/_lib/hosts.nix
+++ b/modules/_lib/hosts.nix
@@ -0,0 +1,37 @@
 {
 	den,
 	lib,
 }: let
 	merge = lib.recursiveUpdate;
 in {
 	mkUserHost = {
 		system,
 		host,
 		user,
 		userAspect ? "${host}-${user}",
 		includes ? [],
 		homeManager ? null,
 	}:
 		merge
 		(lib.setAttrByPath ["den" "hosts" system host "users" user "aspect"] userAspect)
 		(lib.setAttrByPath ["den" "aspects" userAspect] ({inherit includes;}
 				// lib.optionalAttrs (homeManager != null) {
 					inherit homeManager;
 				}));
 	mkPerHostAspect = {
 		host,
 		includes ? [],
 		darwin ? null,
 		nixos ? null,
 	}:
 		lib.setAttrByPath ["den" "aspects" host "includes"] [
 			(den.lib.perHost ({inherit includes;}
 					// lib.optionalAttrs (darwin != null) {
 						inherit darwin;
 					}
 					// lib.optionalAttrs (nixos != null) {
 						inherit nixos;
 					}))
 		];
 }
--- a/modules/_lib/local.nix
+++ b/modules/_lib/local.nix
@@ -0,0 +1,33 @@
 rec {
 	user = {
 		name = "cschmatzler";
 		fullName = "Christoph Schmatzler";
 		emails = {
 			personal = "christoph@schmatzler.com";
 			work = "christoph@tuist.dev";
 			icloud = "christoph.schmatzler@icloud.com";
 		};
 	};
 	secretPath = name: "/run/secrets/${name}";
 	mkHome = system:
 		if builtins.match ".*-darwin" system != null
 		then "/Users/${user.name}"
 		else "/home/${user.name}";
 	mkHost = system: {
 		inherit system;
 		home = mkHome system;
 	};
 	hosts = {
 		chidi = mkHost "aarch64-darwin";
 		janet = mkHost "aarch64-darwin";
 		michael = mkHost "x86_64-linux";
 		tahani = mkHost "x86_64-linux";
 	};
 	tailscaleDomain = "manticore-hippocampus.ts.net";
 	tailscaleHost = name: "${name}.${tailscaleDomain}";
 }
--- a/modules/_lib/secrets.nix
+++ b/modules/_lib/secrets.nix
@@ -0,0 +1,44 @@
 {lib}: let
 	local = import ./local.nix;
 in rec {
 	mkBinarySecret = {
 		name,
 		sopsFile,
 		owner ? null,
 		group ? null,
 		path ? local.secretPath name,
 	}:
 		{
 			inherit path sopsFile;
 			format = "binary";
 		}
 		// lib.optionalAttrs (owner != null) {
 			inherit owner;
 		}
 		// lib.optionalAttrs (group != null) {
 			inherit group;
 		};
 	mkUserBinarySecret = {
 		name,
 		sopsFile,
 		owner ? local.user.name,
 		path ? local.secretPath name,
 	}:
 		mkBinarySecret {
 			inherit name owner path sopsFile;
 		};
 	mkServiceBinarySecret = {
 		name,
 		sopsFile,
 		serviceUser,
 		serviceGroup ? serviceUser,
 		path ? local.secretPath name,
 	}:
 		mkBinarySecret {
 			inherit name path sopsFile;
 			group = serviceGroup;
 			owner = serviceUser;
 		};
 }
--- a/modules/_lib/theme.nix
+++ b/modules/_lib/theme.nix
@@ -0,0 +1,46 @@
 {
 	rosePineDawn = {
 		slug = "rose-pine-dawn";
 		displayName = "Rosé Pine Dawn";
 		ghosttyName = "Rose Pine Dawn";
 		hex = {
 			love = "#b4637a";
 			gold = "#ea9d34";
 			rose = "#d7827e";
 			pine = "#286983";
 			foam = "#56949f";
 			iris = "#907aa9";
 			leaf = "#6d8f89";
 			text = "#575279";
 			subtle = "#797593";
 			muted = "#9893a5";
 			highlightHigh = "#cecacd";
 			highlightMed = "#dfdad9";
 			highlightLow = "#f4ede8";
 			overlay = "#f2e9e1";
 			surface = "#fffaf3";
 			base = "#faf4ed";
 		};
 		rgb = {
 			love = "180 99 122";
 			gold = "234 157 52";
 			rose = "215 130 126";
 			pine = "40 105 131";
 			foam = "86 148 159";
 			iris = "144 122 169";
 			leaf = "109 143 137";
 			text = "87 82 121";
 			subtle = "121 117 147";
 			muted = "152 147 165";
 			highlightHigh = "206 202 205";
 			highlightMed = "223 218 217";
 			highlightLow = "244 237 232";
 			overlay = "242 233 225";
 			surface = "255 250 243";
 			base = "250 244 237";
 			black = "0 0 0";
 		};
 	};
 }
--- a/modules/hosts/_parts/tahani/notability/jobs.nu
+++ b/modules/hosts/_parts/tahani/notability/jobs.nu
--- a/modules/hosts/_parts/tahani/notability/lib.nu
+++ b/modules/hosts/_parts/tahani/notability/lib.nu
--- a/modules/hosts/_parts/tahani/notability/reconcile.nu
+++ b/modules/hosts/_parts/tahani/notability/reconcile.nu
--- a/modules/hosts/_parts/tahani/notability/reingest.nu
+++ b/modules/hosts/_parts/tahani/notability/reingest.nu
--- a/modules/hosts/_parts/tahani/notability/status.nu
+++ b/modules/hosts/_parts/tahani/notability/status.nu
--- a/modules/hosts/_parts/tahani/notability/watch.nu
+++ b/modules/hosts/_parts/tahani/notability/watch.nu
--- a/modules/hosts/_parts/tahani/notability/webdav.nu
+++ b/modules/hosts/_parts/tahani/notability/webdav.nu
--- a/modules/hosts/_parts/tahani/notability/worker.nu
+++ b/modules/hosts/_parts/tahani/notability/worker.nu
--- a/modules/_overlays/pi-harness.nix
+++ b/modules/_overlays/pi-harness.nix
@@ -12,7 +12,7 @@
 					src = inputs.pi-harness;
 					pnpm = prev.pnpm_10;
 					fetcherVersion = 1;
-					hash = "sha256-WLbMkXERpInK/cUoRqUewwd1R6uXC/ZFDtg5wPSQJd0=";
+					hash = "sha256-l85j3MH/uott+6Cbo9r3w8jojdlikjGf26l4Q1qa43g=";
 				};
 			nativeBuildInputs = [
--- a/modules/_overlays/qmd-package-lock.json
+++ b/modules/_overlays/qmd-package-lock.json
@@ -15,6 +15,7 @@
        "node-llama-cpp": "^3.17.1",
        "picomatch": "^4.0.0",
        "sqlite-vec": "^0.1.7-alpha.2",
        "web-tree-sitter": "0.26.7",
        "yaml": "^2.8.2",
        "zod": "4.2.1"
      },
@@ -34,7 +35,11 @@
        "sqlite-vec-darwin-x64": "^0.1.7-alpha.2",
        "sqlite-vec-linux-arm64": "^0.1.7-alpha.2",
        "sqlite-vec-linux-x64": "^0.1.7-alpha.2",
-        "sqlite-vec-windows-x64": "^0.1.7-alpha.2"
+        "sqlite-vec-windows-x64": "^0.1.7-alpha.2",
        "tree-sitter-go": "0.23.4",
        "tree-sitter-python": "0.23.4",
        "tree-sitter-rust": "0.24.0",
        "tree-sitter-typescript": "0.23.2"
      },
      "peerDependencies": {
        "typescript": "^5.9.3"
@@ -538,9 +543,9 @@
      "license": "MIT"
    },
    "node_modules/@modelcontextprotocol/sdk": {
-      "version": "1.27.1",
+      "version": "1.28.0",
-      "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.27.1.tgz",
+      "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.28.0.tgz",
-      "integrity": "sha512-sr6GbP+4edBwFndLbM60gf07z0FQ79gaExpnsjMGePXqFcSSb7t6iscpjk9DhFhwd+mTEQrzNafGP8/iGGFYaA==",
+      "integrity": "sha512-gmloF+i+flI8ouQK7MWW4mOwuMh4RePBuPFAEPC6+pdqyWOUMDOixb6qZ69owLJpz6XmyllCouc4t8YWO+E2Nw==",
      "license": "MIT",
      "dependencies": {
        "@hono/node-server": "^1.19.9",
@@ -3298,9 +3303,9 @@
      }
    },
    "node_modules/node-addon-api": {
-      "version": "8.6.0",
+      "version": "8.7.0",
-      "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-8.6.0.tgz",
+      "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-8.7.0.tgz",
-      "integrity": "sha512-gBVjCaqDlRUk0EwoPNKzIr9KkS9041G/q31IBShPs1Xz6UTA+EXdZADbzqAJQrpDRq71CIMnOP5VMut3SL0z5Q==",
+      "integrity": "sha512-9MdFxmkKaOYVTV+XVRG8ArDwwQ77XIgIPyKASB1k3JPq3M8fGQQQE3YpMOrKm6g//Ktx8ivZr8xo1Qmtqub+GA==",
      "license": "MIT",
      "engines": {
        "node": "^18 || ^20 || >= 21"
@@ -3312,6 +3317,18 @@
      "integrity": "sha512-jfnmiKWjRAGbdD1yQS28bknFM1tbHC1oucyuMPjmkEs+kpiu76aRs40WlTmBmyEgzDM76ge1DQ7XJ3R5deiVjQ==",
      "license": "MIT"
    },
    "node_modules/node-gyp-build": {
      "version": "4.8.4",
      "resolved": "https://registry.npmjs.org/node-gyp-build/-/node-gyp-build-4.8.4.tgz",
      "integrity": "sha512-LA4ZjwlnUblHVgq0oBF3Jl/6h/Nvs5fzBLwdEF4nuxnFdsfajde4WfxtJr3CaiH+F6ewcIB/q4jQ4UzPyid+CQ==",
      "license": "MIT",
      "optional": true,
      "bin": {
        "node-gyp-build": "bin.js",
        "node-gyp-build-optional": "optional.js",
        "node-gyp-build-test": "build-test.js"
      }
    },
    "node_modules/node-llama-cpp": {
      "version": "3.18.1",
      "resolved": "https://registry.npmjs.org/node-llama-cpp/-/node-llama-cpp-3.18.1.tgz",
@@ -3529,9 +3546,9 @@
      }
    },
    "node_modules/path-to-regexp": {
-      "version": "8.3.0",
+      "version": "8.4.0",
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.3.0.tgz",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.4.0.tgz",
-      "integrity": "sha512-7jdwVIRtsP8MYpdXSwOS0YdD0Du+qOoF/AEPIt88PcCFrZCzx41oxku1jD88hZBwbNUIEfpqvuhjFaMAqMTWnA==",
+      "integrity": "sha512-PuseHIvAnz3bjrM2rGJtSgo1zjgxapTLZ7x2pjhzWwlp4SJQgK3f3iZIQwkpEnBaKz6seKBADpM4B4ySkuYypg==",
      "license": "MIT",
      "funding": {
        "type": "opencollective",
@@ -4619,6 +4636,107 @@
        "node": ">=0.6"
      }
    },
    "node_modules/tree-sitter-go": {
      "version": "0.23.4",
      "resolved": "https://registry.npmjs.org/tree-sitter-go/-/tree-sitter-go-0.23.4.tgz",
      "integrity": "sha512-iQaHEs4yMa/hMo/ZCGqLfG61F0miinULU1fFh+GZreCRtKylFLtvn798ocCZjO2r/ungNZgAY1s1hPFyAwkc7w==",
      "hasInstallScript": true,
      "license": "MIT",
      "optional": true,
      "dependencies": {
        "node-addon-api": "^8.2.1",
        "node-gyp-build": "^4.8.2"
      },
      "peerDependencies": {
        "tree-sitter": "^0.21.1"
      },
      "peerDependenciesMeta": {
        "tree-sitter": {
          "optional": true
        }
      }
    },
    "node_modules/tree-sitter-javascript": {
      "version": "0.23.1",
      "resolved": "https://registry.npmjs.org/tree-sitter-javascript/-/tree-sitter-javascript-0.23.1.tgz",
      "integrity": "sha512-/bnhbrTD9frUYHQTiYnPcxyHORIw157ERBa6dqzaKxvR/x3PC4Yzd+D1pZIMS6zNg2v3a8BZ0oK7jHqsQo9fWA==",
      "hasInstallScript": true,
      "license": "MIT",
      "optional": true,
      "dependencies": {
        "node-addon-api": "^8.2.2",
        "node-gyp-build": "^4.8.2"
      },
      "peerDependencies": {
        "tree-sitter": "^0.21.1"
      },
      "peerDependenciesMeta": {
        "tree-sitter": {
          "optional": true
        }
      }
    },
    "node_modules/tree-sitter-python": {
      "version": "0.23.4",
      "resolved": "https://registry.npmjs.org/tree-sitter-python/-/tree-sitter-python-0.23.4.tgz",
      "integrity": "sha512-MbmUAl7y5UCUWqHscHke7DdRDwQnVNMNKQYQc4Gq2p09j+fgPxaU8JVsuOI/0HD3BSEEe5k9j3xmdtIWbDtDgw==",
      "hasInstallScript": true,
      "license": "MIT",
      "optional": true,
      "dependencies": {
        "node-addon-api": "^8.2.1",
        "node-gyp-build": "^4.8.2"
      },
      "peerDependencies": {
        "tree-sitter": "^0.21.1"
      },
      "peerDependenciesMeta": {
        "tree-sitter": {
          "optional": true
        }
      }
    },
    "node_modules/tree-sitter-rust": {
      "version": "0.24.0",
      "resolved": "https://registry.npmjs.org/tree-sitter-rust/-/tree-sitter-rust-0.24.0.tgz",
      "integrity": "sha512-NWemUDf629Tfc90Y0Z55zuwPCAHkLxWnMf2RznYu4iBkkrQl2o/CHGB7Cr52TyN5F1DAx8FmUnDtCy9iUkXZEQ==",
      "hasInstallScript": true,
      "license": "MIT",
      "optional": true,
      "dependencies": {
        "node-addon-api": "^8.2.2",
        "node-gyp-build": "^4.8.4"
      },
      "peerDependencies": {
        "tree-sitter": "^0.22.1"
      },
      "peerDependenciesMeta": {
        "tree-sitter": {
          "optional": true
        }
      }
    },
    "node_modules/tree-sitter-typescript": {
      "version": "0.23.2",
      "resolved": "https://registry.npmjs.org/tree-sitter-typescript/-/tree-sitter-typescript-0.23.2.tgz",
      "integrity": "sha512-e04JUUKxTT53/x3Uq1zIL45DoYKVfHH4CZqwgZhPg5qYROl5nQjV+85ruFzFGZxu+QeFVbRTPDRnqL9UbU4VeA==",
      "hasInstallScript": true,
      "license": "MIT",
      "optional": true,
      "dependencies": {
        "node-addon-api": "^8.2.2",
        "node-gyp-build": "^4.8.2",
        "tree-sitter-javascript": "^0.23.1"
      },
      "peerDependencies": {
        "tree-sitter": "^0.21.0"
      },
      "peerDependenciesMeta": {
        "tree-sitter": {
          "optional": true
        }
      }
    },
    "node_modules/tsx": {
      "version": "4.21.0",
      "resolved": "https://registry.npmjs.org/tsx/-/tsx-4.21.0.tgz",
@@ -4905,6 +5023,12 @@
        }
      }
    },
    "node_modules/web-tree-sitter": {
      "version": "0.26.7",
      "resolved": "https://registry.npmjs.org/web-tree-sitter/-/web-tree-sitter-0.26.7.tgz",
      "integrity": "sha512-KiZhelTvBA/ziUHEO7Emb75cGVAq8iGZNabYaZm53Zpy50NsXyOW+xSHlwHt5CVg/TRPZBfeVLTTobF0LjFJ1w==",
      "license": "MIT"
    },
    "node_modules/which": {
      "version": "2.0.2",
      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
@@ -5145,12 +5269,12 @@
      }
    },
    "node_modules/zod-to-json-schema": {
-      "version": "3.25.1",
+      "version": "3.25.2",
-      "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.25.1.tgz",
+      "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.25.2.tgz",
-      "integrity": "sha512-pM/SU9d3YAggzi6MtR4h7ruuQlqKtad8e9S0fmxcMi+ueAK5Korys/aWcV9LIIHTVbj01NdzxcnXSN+O74ZIVA==",
+      "integrity": "sha512-O/PgfnpT1xKSDeQYSCfRI5Gy3hPf91mKVDuYLUHZJMiDFptvP41MSnWofm8dnCm0256ZNfZIM7DSzuSMAFnjHA==",
      "license": "ISC",
      "peerDependencies": {
-        "zod": "^3.25 || ^4"
+        "zod": "^3.25.28 || ^4"
      }
    }
  }
--- a/modules/_overlays/qmd.nix
+++ b/modules/_overlays/qmd.nix
@@ -4,7 +4,8 @@
 			pname = "qmd";
 			version = "2.0.1";
 			src = inputs.qmd;
-			npmDepsHash = "sha256-ODpDkCQwkjqf9X5EfKmnCP4z4AjC6O/lS/zJKBs/46I=";
+			npmDepsFetcherVersion = 2;
 			npmDepsHash = "sha256-sAyCG43p3JELQ2lazwRrsdmW9Q4cOy45X6ZagBmitGU=";
 			nativeBuildInputs = [
 				prev.makeWrapper
--- a/modules/hosts/_parts/tahani/paperless-gpt-prompts/tag_prompt.tmpl
+++ b/modules/hosts/_parts/tahani/paperless-gpt-prompts/tag_prompt.tmpl
--- a/modules/hosts/_parts/tahani/paperless-gpt-prompts/title_prompt.tmpl
+++ b/modules/hosts/_parts/tahani/paperless-gpt-prompts/title_prompt.tmpl
--- a/modules/adguardhome.nix
+++ b/modules/adguardhome.nix
@@ -0,0 +1,62 @@
 {...}: let
 	caddyLib = import ./_lib/caddy.nix;
 in {
 	den.aspects.adguardhome.nixos = {config, ...}: {
 		services.adguardhome = {
 			enable = true;
 			host = "127.0.0.1";
 			port = 10000;
 			settings = {
 				dhcp.enabled = false;
 				dns.upstream_dns = [
 					"1.1.1.1"
 					"1.0.0.1"
 				];
 				filtering = {
 					protection_enabled = true;
 					filtering_enabled = true;
 					safe_search.enabled = false;
 					safebrowsing_enabled = true;
 					blocked_response_ttl = 10;
 					filters_update_interval = 24;
 					blocked_services.ids = [
 						"reddit"
 						"twitter"
 					];
 				};
 				filters = [
 					{
 						enabled = true;
 						url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/pro.txt";
 						name = "HaGeZi Multi PRO";
 						id = 1;
 					}
 					{
 						enabled = true;
 						url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/tif.txt";
 						name = "HaGeZi Threat Intelligence Feeds";
 						id = 2;
 					}
 					{
 						enabled = true;
 						url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/gambling.txt";
 						name = "HaGeZi Gambling";
 						id = 3;
 					}
 					{
 						enabled = true;
 						url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/nsfw.txt";
 						name = "HaGeZi NSFW";
 						id = 4;
 					}
 				];
 			};
 		};
 		services.caddy.virtualHosts =
 			caddyLib.mkTailscaleVHost {
 				name = "adguard";
 				configText = "reverse_proxy localhost:${toString config.services.adguardhome.port}";
 			};
 	};
 }
--- a/modules/ai-tools.nix
+++ b/modules/ai-tools.nix
@@ -1,12 +1,14 @@
-{inputs, ...}: {
+{inputs, ...}: let
 	local = import ./_lib/local.nix;
 	inherit (local) secretPath;
 	opencodeSecretPath = secretPath "opencode-api-key";
 in {
 	den.aspects.ai-tools.homeManager = {
 		lib,
 		pkgs,
 		inputs',
 		...
-	}: let
+	}: {
 		opencodeSecretPath = "/run/secrets/opencode-api-key";
 	in {
 		home.packages = [
 			inputs'.llm-agents.packages.pi
 			pkgs.cog-cli
@@ -35,7 +37,7 @@
 			".pi/agent/extensions/review.ts".source = ./_ai-tools/extensions/review.ts;
 			".pi/agent/extensions/session-name.ts".source = ./_ai-tools/extensions/session-name.ts;
 			".pi/agent/notability" = {
-				source = ./hosts/_parts/tahani/notability;
+				source = ./_notability;
 				recursive = true;
 			};
 			".pi/agent/skills/elixir-dev" = {
--- a/modules/apps.nix
+++ b/modules/apps.nix
@@ -26,8 +26,8 @@
 				'')}/bin/${name}";
 			meta.description = descriptions.${name};
 		};
-		platformAppNames = ["build" "rollback" "update"];
+		platformAppNames = ["build" "rollback"];
-		sharedAppNames = ["apply"];
+		sharedAppNames = ["apply" "update"];
 	in {
 		apps =
 			pkgs.lib.genAttrs platformAppNames mkPlatformApp
--- a/modules/cache.nix
+++ b/modules/cache.nix
@@ -0,0 +1,11 @@
 {...}: let
 	caddyLib = import ./_lib/caddy.nix;
 in {
 	den.aspects.cache.nixos = {
 		services.caddy.virtualHosts =
 			caddyLib.mkTailscaleVHost {
 				name = "cache";
 				configText = "reverse_proxy localhost:32843";
 			};
 	};
 }
--- a/modules/darwin.nix
+++ b/modules/darwin.nix
@@ -1,4 +1,7 @@
-{inputs, ...}: {
+{inputs, ...}: let
 	local = import ./_lib/local.nix;
 	userHome = "/Users/${local.user.name}";
 in {
 	den.aspects.darwin-system.darwin = {pkgs, ...}: {
 		imports = [
 			inputs.nix-homebrew.darwinModules.nix-homebrew
@@ -6,7 +9,7 @@
 			./_darwin/dock.nix
 		];
-		system.primaryUser = "cschmatzler";
+		system.primaryUser = local.user.name;
 		# Darwin system utilities
 		environment.systemPackages = with pkgs; [
@@ -111,7 +114,7 @@
 		};
 		nix = {
-			settings.trusted-users = ["cschmatzler"];
+			settings.trusted-users = [local.user.name];
 			gc.interval = {
 				Weekday = 0;
 				Hour = 2;
@@ -119,18 +122,16 @@
 			};
 		};
-		users.users.cschmatzler = {
+		users.users.${local.user.name} = {
-			name = "cschmatzler";
+			name = local.user.name;
-			home = "/Users/cschmatzler";
+			home = userHome;
 			isHidden = false;
 			shell = pkgs.nushell;
 		};
 		home-manager.useGlobalPkgs = true;
 		nix-homebrew = {
 			enable = true;
-			user = "cschmatzler";
+			user = local.user.name;
 			mutableTaps = true;
 			taps = {
 				"homebrew/homebrew-core" = inputs.homebrew-core;
@@ -150,10 +151,12 @@
 				"alcove"
 				"aqua-voice"
 				"ghostty@tip"
 				"helium-browser"
 				"raycast"
 				"spotify"
 			];
 			masApps = {
 				"Wipr 2" = 1662217862;
 			};
 		};
 	};
 }
--- a/modules/defaults.nix
+++ b/modules/defaults.nix
@@ -25,8 +25,19 @@
 		flake.flakeModules = {
 			# Shared system foundations
 			core = ./core.nix;
 			darwin = ./darwin.nix;
 			network = ./network.nix;
 			nixos-system = ./nixos-system.nix;
 			overlays = ./overlays.nix;
 			secrets = ./secrets.nix;
 			# Shared host features
 			adguardhome = ./adguardhome.nix;
 			cache = ./cache.nix;
 			gitea = ./gitea.nix;
 			notability = ./notability.nix;
 			opencode = ./opencode.nix;
 			paperless = ./paperless.nix;
 			# User environment
 			ai-tools = ./ai-tools.nix;
@@ -34,7 +45,6 @@
 			desktop = ./desktop.nix;
 			dev-tools = ./dev-tools.nix;
 			email = ./email.nix;
 			finance = ./finance.nix;
 			neovim = ./neovim.nix;
 			shell = ./shell.nix;
 			ssh-client = ./ssh-client.nix;
@@ -44,7 +54,12 @@
 		};
 		den.default.nixos.system.stateVersion = "25.11";
 		den.default.darwin.system.stateVersion = 6;
-		den.default.homeManager.home.stateVersion = "25.11";
+		den.default.homeManager = {
 			home.stateVersion = "25.11";
 			programs.home-manager.enable = true;
 		};
 		den.default.nixos.home-manager.useGlobalPkgs = true;
 		den.default.darwin.home-manager.useGlobalPkgs = true;
 		den.default.includes = [
 			den.provides.define-user
--- a/modules/dendritic.nix
+++ b/modules/dendritic.nix
@@ -71,7 +71,7 @@
 			flake = false;
 		};
 		pi-mcp-adapter = {
-			url = "github:nicobailon/pi-mcp-adapter/v2.2.0";
+			url = "github:nicobailon/pi-mcp-adapter";
 			flake = false;
 		};
 		qmd.url = "github:tobi/qmd";
--- a/modules/deploy.nix
+++ b/modules/deploy.nix
@@ -2,23 +2,35 @@
 	inputs,
 	config,
 	...
 }: let
 	local = import ./_lib/local.nix;
 	acceptNewHostKeys = [
 		"-o"
 		"StrictHostKeyChecking=accept-new"
 	];
 	mkSystemNode = {
 		hostname,
 		host,
 	}: {
 		inherit hostname;
 		sshUser = local.user.name;
 		sshOpts = acceptNewHostKeys;
 		profiles.system = {
 			user = "root";
 			path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos config.flake.nixosConfigurations.${host};
 		};
 	};
 in {
 	flake.deploy.nodes = {
-		michael = {
+		michael =
-			hostname = "michael";
+			mkSystemNode {
-			sshUser = "cschmatzler";
+				hostname = "git.schmatzler.com";
-			profiles.system = {
+				host = "michael";
 				user = "root";
 				path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos config.flake.nixosConfigurations.michael;
 			};
 		};
 		tahani = {
 			hostname = "tahani";
 			sshUser = "cschmatzler";
 			profiles.system = {
 				user = "root";
 				path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos config.flake.nixosConfigurations.tahani;
 			};
 		tahani =
 			mkSystemNode {
 				hostname = "127.0.0.1";
 				host = "tahani";
 			};
 	};
--- a/modules/desktop.nix
+++ b/modules/desktop.nix
@@ -56,7 +56,7 @@
 					}
 					{
 						"if" = {
-							"app-id" = "net.imput.helium";
+							"app-id" = "com.apple.Safari";
 						};
 						run = "move-node-to-workspace 2";
 					}
--- a/modules/dev-tools.nix
+++ b/modules/dev-tools.nix
@@ -1,10 +1,13 @@
-{...}: {
+{...}: let
 	local = import ./_lib/local.nix;
 	palette = (import ./_lib/theme.nix).rosePineDawn.hex;
 in {
 	den.aspects.dev-tools.homeManager = {
 		pkgs,
 		lib,
 		...
 	}: let
-		name = "Christoph Schmatzler";
+		name = local.user.fullName;
 	in {
 		home.packages = with pkgs;
 			[
@@ -85,7 +88,7 @@
 			settings = {
 				user = {
 					name = name;
-					email = "christoph@schmatzler.com";
+					email = local.user.emails.personal;
 				};
 				git = {
 					sign-on-push = true;
@@ -117,7 +120,7 @@
 				revset-aliases = {
 					"closest_bookmark(to)" = "heads(::to & bookmarks())";
 					"closest_pushable(to)" = "heads(::to & mutable() & ~description(exact:\"\") & (~empty() | merges()))";
-					"mine()" = "author(\"christoph@schmatzler.com\")";
+					"mine()" = "author(\"${local.user.emails.personal}\")";
 					"wip()" = "mine() ~ immutable()";
 					"open()" = "mine() ~ ::trunk()";
 					"current()" = "@:: & mutable()";
@@ -143,76 +146,76 @@
 		programs.jjui = {
 			enable = true;
 			settings.ui.colors = {
-				text = {fg = "#575279";};
+				text = {fg = palette.text;};
-				dimmed = {fg = "#9893a5";};
+				dimmed = {fg = palette.muted;};
 				selected = {
-					bg = "#f2e9e1";
+					bg = palette.overlay;
-					fg = "#575279";
+					fg = palette.text;
 					bold = true;
 				};
-				border = {fg = "#9893a5";};
+				border = {fg = palette.muted;};
 				title = {
-					fg = "#907aa9";
+					fg = palette.iris;
 					bold = true;
 				};
 				shortcut = {
-					fg = "#286983";
+					fg = palette.pine;
 					bold = true;
 				};
 				matched = {
-					fg = "#ea9d34";
+					fg = palette.gold;
 					bold = true;
 				};
 				"revisions selected" = {
-					bg = "#f2e9e1";
+					bg = palette.overlay;
-					fg = "#575279";
+					fg = palette.text;
 					bold = true;
 				};
-				"status" = {bg = "#f2e9e1";};
+				"status" = {bg = palette.overlay;};
 				"status title" = {
-					bg = "#907aa9";
+					bg = palette.iris;
-					fg = "#faf4ed";
+					fg = palette.base;
 					bold = true;
 				};
-				"status shortcut" = {fg = "#286983";};
+				"status shortcut" = {fg = palette.pine;};
-				"status dimmed" = {fg = "#9893a5";};
+				"status dimmed" = {fg = palette.muted;};
-				"menu" = {bg = "#faf4ed";};
+				"menu" = {bg = palette.base;};
 				"menu selected" = {
-					bg = "#f2e9e1";
+					bg = palette.overlay;
-					fg = "#575279";
+					fg = palette.text;
 					bold = true;
 				};
-				"menu border" = {fg = "#9893a5";};
+				"menu border" = {fg = palette.muted;};
 				"menu title" = {
-					fg = "#907aa9";
+					fg = palette.iris;
 					bold = true;
 				};
-				"menu shortcut" = {fg = "#286983";};
+				"menu shortcut" = {fg = palette.pine;};
 				"menu matched" = {
-					fg = "#ea9d34";
+					fg = palette.gold;
 					bold = true;
 				};
-				"preview border" = {fg = "#9893a5";};
+				"preview border" = {fg = palette.muted;};
-				"help" = {bg = "#faf4ed";};
+				"help" = {bg = palette.base;};
-				"help border" = {fg = "#9893a5";};
+				"help border" = {fg = palette.muted;};
 				"help title" = {
-					fg = "#907aa9";
+					fg = palette.iris;
 					bold = true;
 				};
-				"confirmation" = {bg = "#faf4ed";};
+				"confirmation" = {bg = palette.base;};
-				"confirmation border" = {fg = "#9893a5";};
+				"confirmation border" = {fg = palette.muted;};
 				"confirmation selected" = {
-					bg = "#f2e9e1";
+					bg = palette.overlay;
-					fg = "#575279";
+					fg = palette.text;
 					bold = true;
 				};
-				"confirmation dimmed" = {fg = "#9893a5";};
+				"confirmation dimmed" = {fg = palette.muted;};
 				source_marker = {
-					fg = "#56949f";
+					fg = palette.foam;
 					bold = true;
 				};
 				target_marker = {
-					fg = "#d7827e";
+					fg = palette.rose;
 					bold = true;
 				};
 			};
--- a/modules/email.nix
+++ b/modules/email.nix
@@ -1,4 +1,6 @@
-{...}: {
+{...}: let
 	local = import ./_lib/local.nix;
 in {
 	den.aspects.email.homeManager = {pkgs, ...}: {
 		programs.himalaya = {
 			enable = true;
@@ -19,13 +21,13 @@
 		};
 		accounts.email = {
-			accounts."christoph@schmatzler.com" = {
+			accounts.${local.user.emails.personal} = {
 				primary = true;
-				maildir.path = "christoph@schmatzler.com";
+				maildir.path = local.user.emails.personal;
-				address = "christoph@schmatzler.com";
+				address = local.user.emails.personal;
-				userName = "christoph.schmatzler@icloud.com";
+				userName = local.user.emails.icloud;
-				realName = "Christoph Schmatzler";
+				realName = local.user.fullName;
-				passwordCommand = ["${pkgs.coreutils}/bin/cat" "/run/secrets/tahani-email-password"];
+				passwordCommand = ["${pkgs.coreutils}/bin/cat" (local.secretPath "tahani-email-password")];
 				folders = {
 					inbox = "INBOX";
 					drafts = "Drafts";
--- a/modules/finance.nix
+++ b/modules/finance.nix
@@ -1,5 +0,0 @@
 {...}: {
 	den.aspects.finance.homeManager = {pkgs, ...}: {
 		home.packages = [pkgs.hledger];
 	};
 }
--- a/modules/gitea.nix
+++ b/modules/gitea.nix
@@ -0,0 +1,166 @@
 {lib, ...}: let
 	secretLib = import ./_lib/secrets.nix {inherit lib;};
 in {
 	den.aspects.gitea.nixos = {
 		config,
 		lib,
 		pkgs,
 		...
 	}: {
 		sops.secrets = {
 			michael-gitea-litestream =
 				secretLib.mkServiceBinarySecret {
 					name = "michael-gitea-litestream";
 					serviceUser = "gitea";
 					sopsFile = ../secrets/michael-gitea-litestream;
 				};
 			michael-gitea-restic-password =
 				secretLib.mkServiceBinarySecret {
 					name = "michael-gitea-restic-password";
 					serviceUser = "gitea";
 					sopsFile = ../secrets/michael-gitea-restic-password;
 				};
 			michael-gitea-restic-env =
 				secretLib.mkServiceBinarySecret {
 					name = "michael-gitea-restic-env";
 					serviceUser = "gitea";
 					sopsFile = ../secrets/michael-gitea-restic-env;
 				};
 		};
 		networking.firewall.allowedTCPPorts = [80 443];
 		services.redis.servers.gitea = {
 			enable = true;
 			port = 6380;
 			bind = "127.0.0.1";
 			settings = {
 				maxmemory = "64mb";
 				maxmemory-policy = "allkeys-lru";
 			};
 		};
 		services.gitea = {
 			enable = true;
 			database = {
 				type = "sqlite3";
 				path = "/var/lib/gitea/data/gitea.db";
 			};
 			settings = {
 				server = {
 					ROOT_URL = "https://git.schmatzler.com/";
 					DOMAIN = "git.schmatzler.com";
 					HTTP_ADDR = "127.0.0.1";
 					HTTP_PORT = 3000;
 					LANDING_PAGE = "explore";
 				};
 				service.DISABLE_REGISTRATION = true;
 				security.INSTALL_LOCK = true;
 				cache = {
 					ADAPTER = "redis";
 					HOST = "redis://127.0.0.1:6380/0?pool_size=100&idle_timeout=180s";
 					ITEM_TTL = "16h";
 				};
 				"cache.last_commit" = {
 					ITEM_TTL = "8760h";
 					COMMITS_COUNT = 100;
 				};
 				session = {
 					PROVIDER = "redis";
 					PROVIDER_CONFIG = "redis://127.0.0.1:6380/1?pool_size=100&idle_timeout=180s";
 					COOKIE_SECURE = true;
 					SAME_SITE = "strict";
 				};
 				api.ENABLE_SWAGGER = false;
 			};
 		};
 		services.litestream = {
 			enable = true;
 			environmentFile = config.sops.secrets.michael-gitea-litestream.path;
 			settings.dbs = [
 				{
 					path = "/var/lib/gitea/data/gitea.db";
 					replicas = [
 						{
 							type = "s3";
 							bucket = "michael-gitea-litestream";
 							path = "gitea";
 							endpoint = "s3.eu-central-003.backblazeb2.com";
 						}
 					];
 				}
 			];
 		};
 		systemd.services.litestream.serviceConfig = {
 			User = lib.mkForce "gitea";
 			Group = lib.mkForce "gitea";
 		};
 		services.caddy = {
 			enable = true;
 			virtualHosts."git.schmatzler.com".extraConfig = ''
 				header {
 					Strict-Transport-Security "max-age=31536000; includeSubDomains"
 					X-Content-Type-Options "nosniff"
 					X-Frame-Options "DENY"
 					Referrer-Policy "strict-origin-when-cross-origin"
 				}
 				reverse_proxy localhost:3000
 			'';
 		};
 		services.restic.backups.gitea = {
 			repository = "s3:s3.eu-central-003.backblazeb2.com/michael-gitea-repositories";
 			paths = ["/var/lib/gitea"];
 			exclude = [
 				"/var/lib/gitea/log"
 				"/var/lib/gitea/data/gitea.db"
 				"/var/lib/gitea/data/gitea.db-shm"
 				"/var/lib/gitea/data/gitea.db-wal"
 			];
 			passwordFile = config.sops.secrets.michael-gitea-restic-password.path;
 			environmentFile = config.sops.secrets.michael-gitea-restic-env.path;
 			pruneOpts = [
 				"--keep-daily 7"
 				"--keep-weekly 4"
 				"--keep-monthly 6"
 			];
 			timerConfig = {
 				OnCalendar = "daily";
 				Persistent = true;
 				RandomizedDelaySec = "1h";
 			};
 		};
 		systemd.services.restic-backups-gitea = {
 			wants = ["restic-init-gitea.service"];
 			after = ["restic-init-gitea.service"];
 			serviceConfig = {
 				User = lib.mkForce "gitea";
 				Group = lib.mkForce "gitea";
 			};
 		};
 		systemd.services.restic-init-gitea = {
 			description = "Initialize Restic repository for Gitea backups";
 			wantedBy = ["multi-user.target"];
 			after = ["network-online.target"];
 			wants = ["network-online.target"];
 			path = [pkgs.restic];
 			serviceConfig = {
 				Type = "oneshot";
 				User = "gitea";
 				Group = "gitea";
 				RemainAfterExit = true;
 				EnvironmentFile = config.sops.secrets.michael-gitea-restic-env.path;
 			};
 			script = ''
 				export RESTIC_PASSWORD=$(cat ${config.sops.secrets.michael-gitea-restic-password.path})
 				restic -r s3:s3.eu-central-003.backblazeb2.com/michael-gitea-repositories snapshots &>/dev/null || \
 					restic -r s3:s3.eu-central-003.backblazeb2.com/michael-gitea-repositories init
 			'';
 		};
 	};
 }
--- a/modules/hosts/_parts/michael/backups.nix
+++ b/modules/hosts/_parts/michael/backups.nix
@@ -1,58 +0,0 @@
 {
 	config,
 	lib,
 	pkgs,
 	...
 }: {
 	services.restic.backups.gitea = {
 		repository = "s3:s3.eu-central-003.backblazeb2.com/michael-gitea-repositories";
 		paths = ["/var/lib/gitea"];
 		exclude = [
 			"/var/lib/gitea/log"
 			"/var/lib/gitea/data/gitea.db"
 			"/var/lib/gitea/data/gitea.db-shm"
 			"/var/lib/gitea/data/gitea.db-wal"
 		];
 		passwordFile = config.sops.secrets.michael-gitea-restic-password.path;
 		environmentFile = config.sops.secrets.michael-gitea-restic-env.path;
 		pruneOpts = [
 			"--keep-daily 7"
 			"--keep-weekly 4"
 			"--keep-monthly 6"
 		];
 		timerConfig = {
 			OnCalendar = "daily";
 			Persistent = true;
 			RandomizedDelaySec = "1h";
 		};
 	};
 	systemd.services.restic-backups-gitea = {
 		wants = ["restic-init-gitea.service"];
 		after = ["restic-init-gitea.service"];
 		serviceConfig = {
 			User = lib.mkForce "gitea";
 			Group = lib.mkForce "gitea";
 		};
 	};
 	systemd.services.restic-init-gitea = {
 		description = "Initialize Restic repository for Gitea backups";
 		wantedBy = ["multi-user.target"];
 		after = ["network-online.target"];
 		wants = ["network-online.target"];
 		path = [pkgs.restic];
 		serviceConfig = {
 			Type = "oneshot";
 			User = "gitea";
 			Group = "gitea";
 			RemainAfterExit = true;
 			EnvironmentFile = config.sops.secrets.michael-gitea-restic-env.path;
 		};
 		script = ''
 			export RESTIC_PASSWORD=$(cat ${config.sops.secrets.michael-gitea-restic-password.path})
 			restic -r s3:s3.eu-central-003.backblazeb2.com/michael-gitea-repositories snapshots &>/dev/null || \
 				restic -r s3:s3.eu-central-003.backblazeb2.com/michael-gitea-repositories init
 		'';
 	};
 }
--- a/modules/hosts/_parts/michael/gitea.nix
+++ b/modules/hosts/_parts/michael/gitea.nix
@@ -1,114 +0,0 @@
 {
 	config,
 	lib,
 	...
 }: {
 	sops.secrets = {
 		michael-gitea-litestream = {
 			sopsFile = ../../../../secrets/michael-gitea-litestream;
 			format = "binary";
 			owner = "gitea";
 			group = "gitea";
 			path = "/run/secrets/michael-gitea-litestream";
 		};
 		michael-gitea-restic-password = {
 			sopsFile = ../../../../secrets/michael-gitea-restic-password;
 			format = "binary";
 			owner = "gitea";
 			group = "gitea";
 			path = "/run/secrets/michael-gitea-restic-password";
 		};
 		michael-gitea-restic-env = {
 			sopsFile = ../../../../secrets/michael-gitea-restic-env;
 			format = "binary";
 			owner = "gitea";
 			group = "gitea";
 			path = "/run/secrets/michael-gitea-restic-env";
 		};
 	};
 	networking.firewall.allowedTCPPorts = [80 443];
 	services.redis.servers.gitea = {
 		enable = true;
 		port = 6380;
 		bind = "127.0.0.1";
 		settings = {
 			maxmemory = "64mb";
 			maxmemory-policy = "allkeys-lru";
 		};
 	};
 	services.gitea = {
 		enable = true;
 		database = {
 			type = "sqlite3";
 			path = "/var/lib/gitea/data/gitea.db";
 		};
 		settings = {
 			server = {
 				ROOT_URL = "https://git.schmatzler.com/";
 				DOMAIN = "git.schmatzler.com";
 				HTTP_ADDR = "127.0.0.1";
 				HTTP_PORT = 3000;
 				LANDING_PAGE = "explore";
 			};
 			service.DISABLE_REGISTRATION = true;
 			security.INSTALL_LOCK = true;
 			cache = {
 				ADAPTER = "redis";
 				HOST = "redis://127.0.0.1:6380/0?pool_size=100&idle_timeout=180s";
 				ITEM_TTL = "16h";
 			};
 			"cache.last_commit" = {
 				ITEM_TTL = "8760h";
 				COMMITS_COUNT = 100;
 			};
 			session = {
 				PROVIDER = "redis";
 				PROVIDER_CONFIG = "redis://127.0.0.1:6380/1?pool_size=100&idle_timeout=180s";
 				COOKIE_SECURE = true;
 				SAME_SITE = "strict";
 			};
 			api.ENABLE_SWAGGER = false;
 		};
 	};
 	services.litestream = {
 		enable = true;
 		environmentFile = config.sops.secrets.michael-gitea-litestream.path;
 		settings = {
 			dbs = [
 				{
 					path = "/var/lib/gitea/data/gitea.db";
 					replicas = [
 						{
 							type = "s3";
 							bucket = "michael-gitea-litestream";
 							path = "gitea";
 							endpoint = "s3.eu-central-003.backblazeb2.com";
 						}
 					];
 				}
 			];
 		};
 	};
 	systemd.services.litestream.serviceConfig = {
 		User = lib.mkForce "gitea";
 		Group = lib.mkForce "gitea";
 	};
 	services.caddy = {
 		enable = true;
 		virtualHosts."git.schmatzler.com".extraConfig = ''
 			header {
 				Strict-Transport-Security "max-age=31536000; includeSubDomains"
 				X-Content-Type-Options "nosniff"
 				X-Frame-Options "DENY"
 				Referrer-Policy "strict-origin-when-cross-origin"
 			}
 			reverse_proxy localhost:3000
 		'';
 	};
 }
--- a/modules/hosts/_parts/tahani/adguardhome.nix
+++ b/modules/hosts/_parts/tahani/adguardhome.nix
@@ -1,69 +0,0 @@
 {config, ...}: {
 	services.adguardhome = {
 		enable = true;
 		host = "127.0.0.1";
 		port = 10000;
 		settings = {
 			dhcp = {
 				enabled = false;
 			};
 			dns = {
 				upstream_dns = [
 					"1.1.1.1"
 					"1.0.0.1"
 				];
 			};
 			filtering = {
 				protection_enabled = true;
 				filtering_enabled = true;
 				safe_search = {
 					enabled = false;
 				};
 				safebrowsing_enabled = true;
 				blocked_response_ttl = 10;
 				filters_update_interval = 24;
 				blocked_services = {
 					ids = [
 						"reddit"
 						"twitter"
 					];
 				};
 			};
 			filters = [
 				{
 					enabled = true;
 					url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/pro.txt";
 					name = "HaGeZi Multi PRO";
 					id = 1;
 				}
 				{
 					enabled = true;
 					url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/tif.txt";
 					name = "HaGeZi Threat Intelligence Feeds";
 					id = 2;
 				}
 				{
 					enabled = true;
 					url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/gambling.txt";
 					name = "HaGeZi Gambling";
 					id = 3;
 				}
 				{
 					enabled = true;
 					url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/nsfw.txt";
 					name = "HaGeZi NSFW";
 					id = 4;
 				}
 			];
 		};
 	};
 	services.caddy.virtualHosts."adguard.manticore-hippocampus.ts.net" = {
 		extraConfig = ''
 			tls {
 				get_certificate tailscale
 			}
 			reverse_proxy localhost:${toString config.services.adguardhome.port}
 		'';
 	};
 }
--- a/modules/hosts/_parts/tahani/cache.nix
+++ b/modules/hosts/_parts/tahani/cache.nix
@@ -1,10 +0,0 @@
 {...}: {
 	services.caddy.virtualHosts."cache.manticore-hippocampus.ts.net" = {
 		extraConfig = ''
 			tls {
 				get_certificate tailscale
 			}
 			reverse_proxy localhost:32843
 		'';
 	};
 }
--- a/modules/hosts/_parts/tahani/notability.nix
+++ b/modules/hosts/_parts/tahani/notability.nix
@@ -1,128 +0,0 @@
 {
 	config,
 	inputs',
 	pkgs,
 	...
 }: let
 	homeDir = "/home/cschmatzler";
 	notabilityScripts = ./notability;
 	dataRoot = "${homeDir}/.local/share/notability-ingest";
 	stateRoot = "${homeDir}/.local/state/notability-ingest";
 	notesRoot = "${homeDir}/Notes";
 	webdavRoot = "${dataRoot}/webdav-root";
 	userPackages = with pkgs; [
 		qmd
 		poppler-utils
 		rclone
 		sqlite
 		zk
 	];
 	commonPath = with pkgs;
 		[
 			inputs'.llm-agents.packages.pi
 			coreutils
 			inotify-tools
 			nushell
 			util-linux
 		]
 		++ userPackages;
 	commonEnvironment = {
 		HOME = homeDir;
 		NOTABILITY_ARCHIVE_ROOT = "${dataRoot}/archive";
 		NOTABILITY_DATA_ROOT = dataRoot;
 		NOTABILITY_DB_PATH = "${stateRoot}/db.sqlite";
 		NOTABILITY_NOTES_DIR = notesRoot;
 		NOTABILITY_RENDER_ROOT = "${dataRoot}/rendered-pages";
 		NOTABILITY_SESSIONS_ROOT = "${stateRoot}/sessions";
 		NOTABILITY_STATE_ROOT = stateRoot;
 		NOTABILITY_TRANSCRIPT_ROOT = "${stateRoot}/transcripts";
 		NOTABILITY_WEBDAV_ROOT = webdavRoot;
 		XDG_CONFIG_HOME = "${homeDir}/.config";
 	};
 	mkTmpDirRule = path: "d ${path} 0755 cschmatzler users -";
 	mkNotabilityService = {
 		description,
 		script,
 		after ? [],
 		requires ? [],
 		environment ? {},
 	}: {
 		inherit after description requires;
 		wantedBy = ["multi-user.target"];
 		path = commonPath;
 		environment = commonEnvironment // environment;
 		serviceConfig = {
 			ExecStart = "${pkgs.nushell}/bin/nu ${notabilityScripts}/${script}";
 			Group = "users";
 			Restart = "always";
 			RestartSec = 5;
 			User = "cschmatzler";
 			WorkingDirectory = homeDir;
 		};
 	};
 in {
 	sops.secrets.tahani-notability-webdav-password = {
 		sopsFile = ../../../../secrets/tahani-notability-webdav-password;
 		format = "binary";
 		owner = "cschmatzler";
 		path = "/run/secrets/tahani-notability-webdav-password";
 	};
 	home-manager.users.cschmatzler = {
 		home.packages = userPackages;
 		home.file.".config/qmd/index.yml".text = ''
 			collections:
 			  notes:
 			    path: ${notesRoot}
 			    pattern: "**/*.md"
 		'';
 	};
 	systemd.tmpfiles.rules =
 		builtins.map mkTmpDirRule [
 			notesRoot
 			dataRoot
 			webdavRoot
 			"${dataRoot}/archive"
 			"${dataRoot}/rendered-pages"
 			stateRoot
 			"${stateRoot}/jobs"
 			"${stateRoot}/jobs/queued"
 			"${stateRoot}/jobs/running"
 			"${stateRoot}/jobs/failed"
 			"${stateRoot}/jobs/done"
 			"${stateRoot}/jobs/results"
 			"${stateRoot}/sessions"
 			"${stateRoot}/transcripts"
 		];
 	services.caddy.virtualHosts."tahani.manticore-hippocampus.ts.net".extraConfig = ''
 		tls {
 			get_certificate tailscale
 		}
 		handle /notability* {
 			reverse_proxy 127.0.0.1:9980
 		}
 	'';
 	systemd.services.notability-webdav =
 		mkNotabilityService {
 			description = "Notability WebDAV landing zone";
 			script = "webdav.nu";
 			after = ["network.target"];
 			environment = {
 				NOTABILITY_WEBDAV_ADDR = "127.0.0.1:9980";
 				NOTABILITY_WEBDAV_BASEURL = "/notability";
 				NOTABILITY_WEBDAV_PASSWORD_FILE = config.sops.secrets.tahani-notability-webdav-password.path;
 				NOTABILITY_WEBDAV_USER = "notability";
 			};
 		};
 	systemd.services.notability-watch =
 		mkNotabilityService {
 			description = "Watch and ingest Notability WebDAV uploads";
 			script = "watch.nu";
 			after = ["notability-webdav.service"];
 			requires = ["notability-webdav.service"];
 		};
 }
--- a/modules/hosts/_parts/tahani/paperless.nix
+++ b/modules/hosts/_parts/tahani/paperless.nix
@@ -1,87 +0,0 @@
 {config, ...}: {
 	services.caddy = {
 		enable = true;
 		enableReload = false;
 		globalConfig = ''
 			admin off
 		'';
 		virtualHosts."docs.manticore-hippocampus.ts.net" = {
 			extraConfig = ''
 				tls {
 					get_certificate tailscale
 				}
 				reverse_proxy localhost:${toString config.services.paperless.port}
 			'';
 		};
 		virtualHosts."docs-ai.manticore-hippocampus.ts.net" = {
 			extraConfig = ''
 				tls {
 					get_certificate tailscale
 				}
 				reverse_proxy localhost:8081
 			'';
 		};
 	};
 	virtualisation.oci-containers = {
 		backend = "docker";
 		containers.paperless-gpt = {
 			image = "icereed/paperless-gpt:latest";
 			autoStart = true;
 			ports = [
 				"127.0.0.1:8081:8080"
 			];
 			volumes = [
 				"paperless-gpt-data:/app/data"
 				"paperless-gpt-prompts:/app/prompts"
 				"${./paperless-gpt-prompts/tag_prompt.tmpl}:/app/prompts/tag_prompt.tmpl:ro"
 				"${./paperless-gpt-prompts/title_prompt.tmpl}:/app/prompts/title_prompt.tmpl:ro"
 			];
 			environment = {
 				PAPERLESS_BASE_URL = "http://host.docker.internal:${toString config.services.paperless.port}";
 				LLM_PROVIDER = "openai";
 				LLM_MODEL = "gpt-5.4";
 				LLM_LANGUAGE = "German";
 				VISION_LLM_PROVIDER = "openai";
 				VISION_LLM_MODEL = "gpt-5.4";
 				LOG_LEVEL = "info";
 			};
 			environmentFiles = [
 				config.sops.secrets.tahani-paperless-gpt-env.path
 			];
 			extraOptions = [
 				"--add-host=host.docker.internal:host-gateway"
 			];
 		};
 	};
 	services.redis.servers.paperless = {
 		enable = true;
 		port = 6379;
 		bind = "127.0.0.1";
 		settings = {
 			maxmemory = "256mb";
 			maxmemory-policy = "allkeys-lru";
 		};
 	};
 	services.paperless = {
 		enable = true;
 		address = "0.0.0.0";
 		consumptionDir = "/var/lib/paperless/consume";
 		passwordFile = config.sops.secrets.tahani-paperless-password.path;
 		settings = {
 			PAPERLESS_DBENGINE = "sqlite";
 			PAPERLESS_REDIS = "redis://127.0.0.1:6379";
 			PAPERLESS_CONSUMER_IGNORE_PATTERN = [
 				".DS_STORE/*"
 				"desktop.ini"
 			];
 			PAPERLESS_CONSUMER_POLLING = 30;
 			PAPERLESS_CONSUMER_RECURSIVE = true;
 			PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS = true;
 			PAPERLESS_OCR_LANGUAGE = "deu+eng";
 			PAPERLESS_CSRF_TRUSTED_ORIGINS = "https://docs.manticore-hippocampus.ts.net";
 		};
 	};
 }
--- a/modules/hosts/chidi.nix
+++ b/modules/hosts/chidi.nix
@@ -1,33 +1,35 @@
-{den, ...}: {
+{
-	den.hosts.aarch64-darwin.chidi.users.cschmatzler.aspect = "chidi-cschmatzler";
+	den,
-
+	lib,
-	den.aspects.chidi-cschmatzler = {
+	...
 }: let
 	hostLib = import ../_lib/hosts.nix {inherit den lib;};
 	local = import ../_lib/local.nix;
 	host = "chidi";
 	hostMeta = local.hosts.chidi;
 in
 	lib.recursiveUpdate
 	(hostLib.mkUserHost {
 			system = hostMeta.system;
 			inherit host;
 			user = local.user.name;
 			includes = [den.aspects.user-darwin-laptop];
 			homeManager = {...}: {
-			programs.git.settings.user.email = "christoph@tuist.dev";
+				programs.git.settings.user.email = local.user.emails.work;
 			};
-	};
+		})
-
+	(hostLib.mkPerHostAspect {
-	den.aspects.chidi.includes = [
+			inherit host;
-		(den.lib.perHost {
+			includes = [
-				includes = [den.aspects.host-darwin-base];
+				den.aspects.host-darwin-base
-
+				den.aspects.opencode-api-key
 			];
 			darwin = {...}: {
-					networking.hostName = "chidi";
+				networking.hostName = host;
-					networking.computerName = "chidi";
+				networking.computerName = host;
 					sops.secrets.opencode-api-key = {
 						sopsFile = ../../secrets/opencode-api-key;
 						format = "binary";
 						owner = "cschmatzler";
 						path = "/run/secrets/opencode-api-key";
 					};
 				homebrew.casks = [
 					"slack"
 				];
 			};
 		})
 	];
 }
--- a/modules/hosts/janet.nix
+++ b/modules/hosts/janet.nix
@@ -0,0 +1,31 @@
 {
 	den,
 	lib,
 	...
 }: let
 	hostLib = import ../_lib/hosts.nix {inherit den lib;};
 	local = import ../_lib/local.nix;
 	host = "janet";
 	hostMeta = local.hosts.janet;
 in
 	lib.recursiveUpdate
 	(hostLib.mkUserHost {
 			system = hostMeta.system;
 			inherit host;
 			user = local.user.name;
 			includes = [
 				den.aspects.user-darwin-laptop
 				den.aspects.user-personal
 			];
 		})
 	(hostLib.mkPerHostAspect {
 			inherit host;
 			includes = [
 				den.aspects.host-darwin-base
 				den.aspects.opencode-api-key
 			];
 			darwin = {...}: {
 				networking.hostName = host;
 				networking.computerName = host;
 			};
 		})
--- a/modules/hosts/jason.nix
+++ b/modules/hosts/jason.nix
@@ -1,28 +0,0 @@
 {den, ...}: {
 	den.hosts.aarch64-darwin.jason.users.cschmatzler.aspect = "jason-cschmatzler";
 	den.aspects.jason-cschmatzler = {
 		includes = [
 			den.aspects.user-darwin-laptop
 			den.aspects.user-personal
 		];
 	};
 	den.aspects.jason.includes = [
 		(den.lib.perHost {
 				includes = [den.aspects.host-darwin-base];
 				darwin = {...}: {
 					networking.hostName = "jason";
 					networking.computerName = "jason";
 					sops.secrets.opencode-api-key = {
 						sopsFile = ../../secrets/opencode-api-key;
 						format = "binary";
 						owner = "cschmatzler";
 						path = "/run/secrets/opencode-api-key";
 					};
 				};
 			})
 	];
 }
--- a/modules/hosts/michael.nix
+++ b/modules/hosts/michael.nix
@@ -1,30 +1,35 @@
 {
 	den,
 	inputs,
 	lib,
 	...
-}: {
+}: let
-	den.hosts.x86_64-linux.michael.users.cschmatzler.aspect = "michael-cschmatzler";
+	hostLib = import ../_lib/hosts.nix {inherit den lib;};
-
+	local = import ../_lib/local.nix;
-	den.aspects.michael-cschmatzler = {
+	host = "michael";
 	hostMeta = local.hosts.michael;
 in
 	lib.recursiveUpdate
 	(hostLib.mkUserHost {
 			system = hostMeta.system;
 			inherit host;
 			user = local.user.name;
 			includes = [den.aspects.user-minimal];
-	};
+		})
-
+	(hostLib.mkPerHostAspect {
-	den.aspects.michael.includes = [
+			inherit host;
-		(den.lib.perHost {
+			includes = [
-				includes = [den.aspects.host-public-server];
+				den.aspects.host-public-server
-
+				den.aspects.gitea
 			];
 			nixos = {modulesPath, ...}: {
 				imports = [
 					(modulesPath + "/installer/scan/not-detected.nix")
 						./_parts/michael/backups.nix
 					./_parts/michael/disk-config.nix
 						./_parts/michael/gitea.nix
 					./_parts/michael/hardware-configuration.nix
 					inputs.disko.nixosModules.default
 				];
-					networking.hostName = "michael";
+				networking.hostName = host;
 			};
 		})
 	];
 }
--- a/modules/hosts/tahani.nix
+++ b/modules/hosts/tahani.nix
@@ -1,13 +1,24 @@
-{den, ...}: {
+{
-	den.hosts.x86_64-linux.tahani.users.cschmatzler.aspect = "tahani-cschmatzler";
+	den,
-
+	lib,
-	den.aspects.tahani-cschmatzler = {
+	...
 }: let
 	hostLib = import ../_lib/hosts.nix {inherit den lib;};
 	local = import ../_lib/local.nix;
 	secretLib = import ../_lib/secrets.nix {inherit lib;};
 	host = "tahani";
 	hostMeta = local.hosts.tahani;
 in
 	lib.recursiveUpdate
 	(hostLib.mkUserHost {
 			system = hostMeta.system;
 			inherit host;
 			user = local.user.name;
 			includes = [
 				den.aspects.user-workstation
 				den.aspects.user-personal
 				den.aspects.email
 			];
 			homeManager = {
 				programs.nushell.extraConfig = ''
 					if $nu.is-interactive and ('SSH_CONNECTION' in ($env | columns)) and ('ZELLIJ' not-in ($env | columns)) {
@@ -20,49 +31,35 @@
 					}
 				'';
 			};
-	};
+		})
-
+	(hostLib.mkPerHostAspect {
-	den.aspects.tahani.includes = [
+			inherit host;
-		(den.lib.perHost {
+			includes = [
-				includes = [den.aspects.host-nixos-base];
+				den.aspects.host-nixos-base
-
+				den.aspects.opencode-api-key
 				den.aspects.adguardhome
 				den.aspects.cache
 				den.aspects.notability
 				den.aspects.paperless
 			];
 			nixos = {...}: {
 				imports = [
 						./_parts/tahani/adguardhome.nix
 						./_parts/tahani/cache.nix
 					./_parts/tahani/networking.nix
 						./_parts/tahani/notability.nix
 						./_parts/tahani/paperless.nix
 				];
-					networking.hostName = "tahani";
+				networking.hostName = host;
-					sops.secrets = {
+				sops.secrets.tahani-email-password =
-						opencode-api-key = {
+					secretLib.mkUserBinarySecret {
-							sopsFile = ../../secrets/opencode-api-key;
+						name = "tahani-email-password";
 							format = "binary";
 							owner = "cschmatzler";
 							path = "/run/secrets/opencode-api-key";
 						};
 						tahani-paperless-password = {
 							sopsFile = ../../secrets/tahani-paperless-password;
 							format = "binary";
 							path = "/run/secrets/tahani-paperless-password";
 						};
 						tahani-paperless-gpt-env = {
 							sopsFile = ../../secrets/tahani-paperless-gpt-env;
 							format = "binary";
 							path = "/run/secrets/tahani-paperless-gpt-env";
 						};
 						tahani-email-password = {
 						sopsFile = ../../secrets/tahani-email-password;
 							format = "binary";
 							owner = "cschmatzler";
 							path = "/run/secrets/tahani-email-password";
 						};
 					};
 				virtualisation.docker.enable = true;
-					users.users.cschmatzler.extraGroups = ["docker" "paperless"];
+				users.users.${local.user.name}.extraGroups = [
 					"docker"
 					"paperless"
 				];
 				systemd.tmpfiles.rules = [
 					"d /var/lib/paperless/consume 2775 paperless paperless -"
@@ -76,5 +73,3 @@
 				];
 			};
 		})
 	];
 }
--- a/modules/inventory.nix
+++ b/modules/inventory.nix
@@ -1,6 +1,10 @@
-{...}: {
+{lib, ...}: let
-	den.hosts.aarch64-darwin.chidi.users.cschmatzler = {};
+	local = import ./_lib/local.nix;
-	den.hosts.aarch64-darwin.jason.users.cschmatzler = {};
+in
-	den.hosts.x86_64-linux.michael.users.cschmatzler = {};
+	lib.foldl' lib.recursiveUpdate {} (
-	den.hosts.x86_64-linux.tahani.users.cschmatzler = {};
+		lib.mapAttrsToList (
-}
+			host: hostMeta:
 				lib.setAttrByPath ["den" "hosts" hostMeta.system host "users" local.user.name] {}
 		)
 		local.hosts
 	)
--- a/modules/network.nix
+++ b/modules/network.nix
@@ -21,16 +21,13 @@
 				overalljails = true;
 			};
 			jails = {
-				sshd = {
+				sshd.settings = {
 					settings = {
 					enabled = true;
 					port = "ssh";
 					filter = "sshd";
 					maxretry = 3;
 				};
-				};
+				gitea.settings = {
 				gitea = {
 					settings = {
 					enabled = true;
 					filter = "gitea";
 					logpath = "/var/lib/gitea/log/gitea.log";
@@ -41,7 +38,6 @@
 				};
 			};
 		};
 		};
 		environment.etc."fail2ban/filter.d/gitea.local".text = ''
 			[Definition]
@@ -60,23 +56,6 @@
 	};
 	den.aspects.tailscale.darwin = {
-		services.tailscale = {
+		services.tailscale.enable = true;
 			enable = true;
 		};
 	};
 	# Network tools
 	den.aspects.network.homeManager = {
 		pkgs,
 		lib,
 		...
 	}: {
 		home.packages = with pkgs;
 			[
 				dig
 			]
 			++ lib.optionals stdenv.isDarwin [
 				tailscale
 			];
 	};
 }
--- a/modules/nixos-system.nix
+++ b/modules/nixos-system.nix
@@ -1,11 +1,14 @@
-{inputs, ...}: {
+{inputs, ...}: let
 	local = import ./_lib/local.nix;
 	userHome = "/home/${local.user.name}";
 in {
 	den.aspects.nixos-system.nixos = {pkgs, ...}: {
 		imports = [inputs.home-manager.nixosModules.home-manager];
 		security.sudo.enable = true;
 		security.sudo.extraRules = [
 			{
-				users = ["cschmatzler"];
+				users = [local.user.name];
 				commands = [
 					{
 						command = "/run/current-system/sw/bin/nix-env";
@@ -46,9 +49,9 @@
 		time.timeZone = "UTC";
 		nix = {
-			settings.trusted-users = ["cschmatzler"];
+			settings.trusted-users = [local.user.name];
 			gc.dates = "weekly";
-			nixPath = ["nixos-config=/home/cschmatzler/.local/share/src/nixos-config:/etc/nixos"];
+			nixPath = ["nixos-config=${userHome}/.local/share/src/nixos-config:/etc/nixos"];
 		};
 		boot = {
@@ -71,9 +74,9 @@
 		};
 		users.users = {
-			cschmatzler = {
+			${local.user.name} = {
 				isNormalUser = true;
-				home = "/home/cschmatzler";
+				home = userHome;
 				extraGroups = [
 					"wheel"
 					"sudo"
@@ -93,7 +96,5 @@
 				];
 			};
 		};
 		home-manager.useGlobalPkgs = true;
 	};
 }
--- a/modules/notability.nix
+++ b/modules/notability.nix
@@ -0,0 +1,136 @@
 {lib, ...}: let
 	caddyLib = import ./_lib/caddy.nix;
 	local = import ./_lib/local.nix;
 	secretLib = import ./_lib/secrets.nix {inherit lib;};
 	inherit (local) user;
 	notabilityScripts = ./_notability;
 	tahani = local.hosts.tahani;
 in {
 	den.aspects.notability.nixos = {
 		config,
 		inputs',
 		pkgs,
 		...
 	}: let
 		homeDir = tahani.home;
 		dataRoot = "${homeDir}/.local/share/notability-ingest";
 		stateRoot = "${homeDir}/.local/state/notability-ingest";
 		notesRoot = "${homeDir}/Notes";
 		webdavRoot = "${dataRoot}/webdav-root";
 		userPackages = with pkgs; [
 			qmd
 			poppler-utils
 			rclone
 			sqlite
 			zk
 		];
 		commonPath = with pkgs;
 			[
 				inputs'.llm-agents.packages.pi
 				coreutils
 				inotify-tools
 				nushell
 				util-linux
 			]
 			++ userPackages;
 		commonEnvironment = {
 			HOME = homeDir;
 			NOTABILITY_ARCHIVE_ROOT = "${dataRoot}/archive";
 			NOTABILITY_DATA_ROOT = dataRoot;
 			NOTABILITY_DB_PATH = "${stateRoot}/db.sqlite";
 			NOTABILITY_NOTES_DIR = notesRoot;
 			NOTABILITY_RENDER_ROOT = "${dataRoot}/rendered-pages";
 			NOTABILITY_SESSIONS_ROOT = "${stateRoot}/sessions";
 			NOTABILITY_STATE_ROOT = stateRoot;
 			NOTABILITY_TRANSCRIPT_ROOT = "${stateRoot}/transcripts";
 			NOTABILITY_WEBDAV_ROOT = webdavRoot;
 			XDG_CONFIG_HOME = "${homeDir}/.config";
 		};
 		mkTmpDirRule = path: "d ${path} 0755 ${user.name} users -";
 		mkNotabilityService = {
 			description,
 			script,
 			after ? [],
 			requires ? [],
 			environment ? {},
 		}: {
 			inherit after description requires;
 			wantedBy = ["multi-user.target"];
 			path = commonPath;
 			environment = commonEnvironment // environment;
 			serviceConfig = {
 				ExecStart = "${pkgs.nushell}/bin/nu ${notabilityScripts}/${script}";
 				Group = "users";
 				Restart = "always";
 				RestartSec = 5;
 				User = user.name;
 				WorkingDirectory = homeDir;
 			};
 		};
 	in {
 		sops.secrets.tahani-notability-webdav-password =
 			secretLib.mkUserBinarySecret {
 				name = "tahani-notability-webdav-password";
 				sopsFile = ../secrets/tahani-notability-webdav-password;
 			};
 		home-manager.users.${user.name} = {
 			home.packages = userPackages;
 			home.file.".config/qmd/index.yml".text = ''
 				collections:
 				  notes:
 				    path: ${notesRoot}
 				    pattern: "**/*.md"
 			'';
 		};
 		systemd.tmpfiles.rules =
 			builtins.map mkTmpDirRule [
 				notesRoot
 				dataRoot
 				webdavRoot
 				"${dataRoot}/archive"
 				"${dataRoot}/rendered-pages"
 				stateRoot
 				"${stateRoot}/jobs"
 				"${stateRoot}/jobs/queued"
 				"${stateRoot}/jobs/running"
 				"${stateRoot}/jobs/failed"
 				"${stateRoot}/jobs/done"
 				"${stateRoot}/jobs/results"
 				"${stateRoot}/sessions"
 				"${stateRoot}/transcripts"
 			];
 		services.caddy.virtualHosts =
 			caddyLib.mkTailscaleVHost {
 				name = "tahani";
 				configText = ''
 					handle /notability* {
 						reverse_proxy 127.0.0.1:9980
 					}
 				'';
 			};
 		systemd.services.notability-webdav =
 			mkNotabilityService {
 				description = "Notability WebDAV landing zone";
 				script = "webdav.nu";
 				after = ["network.target"];
 				environment = {
 					NOTABILITY_WEBDAV_ADDR = "127.0.0.1:9980";
 					NOTABILITY_WEBDAV_BASEURL = "/notability";
 					NOTABILITY_WEBDAV_PASSWORD_FILE = config.sops.secrets.tahani-notability-webdav-password.path;
 					NOTABILITY_WEBDAV_USER = "notability";
 				};
 			};
 		systemd.services.notability-watch =
 			mkNotabilityService {
 				description = "Watch and ingest Notability WebDAV uploads";
 				script = "watch.nu";
 				after = ["notability-webdav.service"];
 				requires = ["notability-webdav.service"];
 			};
 	};
 }
--- a/modules/opencode.nix
+++ b/modules/opencode.nix
@@ -0,0 +1,11 @@
 {lib, ...}: let
 	secretLib = import ./_lib/secrets.nix {inherit lib;};
 in {
 	den.aspects.opencode-api-key.os = {
 		sops.secrets.opencode-api-key =
 			secretLib.mkUserBinarySecret {
 				name = "opencode-api-key";
 				sopsFile = ../secrets/opencode-api-key;
 			};
 	};
 }
--- a/modules/paperless.nix
+++ b/modules/paperless.nix
@@ -0,0 +1,100 @@
 {lib, ...}: let
 	caddyLib = import ./_lib/caddy.nix;
 	local = import ./_lib/local.nix;
 	secretLib = import ./_lib/secrets.nix {inherit lib;};
 	paperlessPrompts = ./_paperless;
 in {
 	den.aspects.paperless.nixos = {config, ...}: {
 		sops.secrets = {
 			tahani-paperless-password =
 				secretLib.mkBinarySecret {
 					name = "tahani-paperless-password";
 					sopsFile = ../secrets/tahani-paperless-password;
 				};
 			tahani-paperless-gpt-env =
 				secretLib.mkBinarySecret {
 					name = "tahani-paperless-gpt-env";
 					sopsFile = ../secrets/tahani-paperless-gpt-env;
 				};
 		};
 		services.caddy = {
 			enable = true;
 			enableReload = false;
 			globalConfig = ''
 				admin off
 			'';
 			virtualHosts =
 				caddyLib.mkTailscaleVHost {
 					name = "docs";
 					configText = "reverse_proxy localhost:${toString config.services.paperless.port}";
 				}
 				// caddyLib.mkTailscaleVHost {
 					name = "docs-ai";
 					configText = "reverse_proxy localhost:8081";
 				};
 		};
 		virtualisation.oci-containers = {
 			backend = "docker";
 			containers.paperless-gpt = {
 				image = "icereed/paperless-gpt:latest";
 				autoStart = true;
 				ports = [
 					"127.0.0.1:8081:8080"
 				];
 				volumes = [
 					"paperless-gpt-data:/app/data"
 					"paperless-gpt-prompts:/app/prompts"
 					"${paperlessPrompts}/tag_prompt.tmpl:/app/prompts/tag_prompt.tmpl:ro"
 					"${paperlessPrompts}/title_prompt.tmpl:/app/prompts/title_prompt.tmpl:ro"
 				];
 				environment = {
 					PAPERLESS_BASE_URL = "http://host.docker.internal:${toString config.services.paperless.port}";
 					LLM_PROVIDER = "openai";
 					LLM_MODEL = "gpt-5.4";
 					LLM_LANGUAGE = "German";
 					VISION_LLM_PROVIDER = "openai";
 					VISION_LLM_MODEL = "gpt-5.4";
 					LOG_LEVEL = "info";
 				};
 				environmentFiles = [
 					config.sops.secrets.tahani-paperless-gpt-env.path
 				];
 				extraOptions = [
 					"--add-host=host.docker.internal:host-gateway"
 				];
 			};
 		};
 		services.redis.servers.paperless = {
 			enable = true;
 			port = 6379;
 			bind = "127.0.0.1";
 			settings = {
 				maxmemory = "256mb";
 				maxmemory-policy = "allkeys-lru";
 			};
 		};
 		services.paperless = {
 			enable = true;
 			address = "0.0.0.0";
 			consumptionDir = "/var/lib/paperless/consume";
 			passwordFile = config.sops.secrets.tahani-paperless-password.path;
 			settings = {
 				PAPERLESS_DBENGINE = "sqlite";
 				PAPERLESS_REDIS = "redis://127.0.0.1:6379";
 				PAPERLESS_CONSUMER_IGNORE_PATTERN = [
 					".DS_STORE/*"
 					"desktop.ini"
 				];
 				PAPERLESS_CONSUMER_POLLING = 30;
 				PAPERLESS_CONSUMER_RECURSIVE = true;
 				PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS = true;
 				PAPERLESS_OCR_LANGUAGE = "deu+eng";
 				PAPERLESS_CSRF_TRUSTED_ORIGINS = "https://${local.tailscaleHost "docs"}";
 			};
 		};
 	};
 }
--- a/modules/profiles/user/base.nix
+++ b/modules/profiles/user/base.nix
@@ -1,6 +1,5 @@
 {den, ...}: {
-	den.aspects.user-base = {
+	den.aspects.user-base.includes = [
 		includes = [
 		den.aspects.shell
 		den.aspects.ssh-client
 		den.aspects.terminal
@@ -9,9 +8,4 @@
 		den.aspects.zellij
 		den.aspects.zk
 	];
 		homeManager = {
 			programs.home-manager.enable = true;
 		};
 	};
 }
--- a/modules/profiles/user/minimal.nix
+++ b/modules/profiles/user/minimal.nix
@@ -1,11 +1,5 @@
 {den, ...}: {
-	den.aspects.user-minimal = {
+	den.aspects.user-minimal.includes = [
 		includes = [
 		den.aspects.shell
 	];
 		homeManager = {
 			programs.home-manager.enable = true;
 		};
 	};
 }
--- a/modules/profiles/user/personal.nix
+++ b/modules/profiles/user/personal.nix
@@ -1,5 +1,7 @@
-{...}: {
+{...}: let
 	local = import ../../_lib/local.nix;
 in {
 	den.aspects.user-personal.homeManager = {
-		programs.git.settings.user.email = "christoph@schmatzler.com";
+		programs.git.settings.user.email = local.user.emails.personal;
 	};
 }
--- a/modules/secrets.nix
+++ b/modules/secrets.nix
@@ -1,4 +1,6 @@
-{inputs, ...}: {
+{inputs, ...}: let
 	local = import ./_lib/local.nix;
 in {
 	# Import sops-nix modules into den.default per-class
 	den.default.nixos.imports = [inputs.sops-nix.nixosModules.sops];
 	den.default.darwin.imports = [inputs.sops-nix.darwinModules.sops];
@@ -8,7 +10,7 @@
 	# Configure Darwin SOPS defaults
 	den.default.darwin = {
-		sops.age.keyFile = "/Users/cschmatzler/.config/sops/age/keys.txt";
+		sops.age.keyFile = "/Users/${local.user.name}/.config/sops/age/keys.txt";
 		sops.age.sshKeyPaths = [];
 		sops.gnupg.sshKeyPaths = [];
 	};
--- a/modules/shell.nix
+++ b/modules/shell.nix
@@ -1,4 +1,9 @@
-{...}: {
+{...}: let
 	local = import ./_lib/local.nix;
 	theme = (import ./_lib/theme.nix).rosePineDawn;
 	palette = theme.hex;
 	pineAnsi = builtins.replaceStrings [" "] [";"] theme.rgb.pine;
 in {
 	den.aspects.shell.homeManager = {
 		lib,
 		pkgs,
@@ -32,7 +37,7 @@
 			extraEnv =
 				''
-					$env.LS_COLORS = (${pkgs.vivid}/bin/vivid generate rose-pine-dawn)
+					$env.LS_COLORS = (${pkgs.vivid}/bin/vivid generate ${theme.slug})
 				''
 				+ lib.optionalString pkgs.stdenv.isDarwin ''
 					# Nushell on Darwin doesn't source /etc/zprofile or path_helper,
@@ -43,22 +48,22 @@
 			extraConfig = ''
 				# --- Rosé Pine Dawn Theme ---
 				let theme = {
-					love: "#b4637a"
+					love: "${palette.love}"
-					gold: "#ea9d34"
+					gold: "${palette.gold}"
-					rose: "#d7827e"
+					rose: "${palette.rose}"
-					pine: "#286983"
+					pine: "${palette.pine}"
-					foam: "#56949f"
+					foam: "${palette.foam}"
-					iris: "#907aa9"
+					iris: "${palette.iris}"
-					leaf: "#6d8f89"
+					leaf: "${palette.leaf}"
-					text: "#575279"
+					text: "${palette.text}"
-					subtle: "#797593"
+					subtle: "${palette.subtle}"
-					muted: "#9893a5"
+					muted: "${palette.muted}"
-					highlight_high: "#cecacd"
+					highlight_high: "${palette.highlightHigh}"
-					highlight_med: "#dfdad9"
+					highlight_med: "${palette.highlightMed}"
-					highlight_low: "#f4ede8"
+					highlight_low: "${palette.highlightLow}"
-					overlay: "#f2e9e1"
+					overlay: "${palette.overlay}"
-					surface: "#fffaf3"
+					surface: "${palette.surface}"
-					base: "#faf4ed"
+					base: "${palette.base}"
 				}
 				let scheme = {
@@ -231,7 +236,7 @@
 				# Vi mode indicators — Starship handles the character (green/red for
 				# success/error), nushell adds a dot for normal mode.
 				$env.PROMPT_INDICATOR_VI_INSERT = "· "
-				$env.PROMPT_INDICATOR_VI_NORMAL = "\e[1;38;2;40;105;131m·\e[0m "
+				$env.PROMPT_INDICATOR_VI_NORMAL = "\e[1;38;2;${pineAnsi}m·\e[0m "
 			'';
 		};
@@ -270,7 +275,7 @@
 				};
 				custom.scm = {
 					when = "jj-starship detect";
-					shell = ["jj-starship" "--strip-bookmark-prefix" "cschmatzler/" "--truncate-name" "20" "--bookmarks-display-limit" "1"];
+					shell = ["jj-starship" "--strip-bookmark-prefix" "${local.user.name}/" "--truncate-name" "20" "--bookmarks-display-limit" "1"];
 					format = "$output ";
 				};
 				lua = {
--- a/modules/ssh-client.nix
+++ b/modules/ssh-client.nix
@@ -1,27 +1,17 @@
 {...}: {
-	den.aspects.ssh-client.homeManager = {
+	den.aspects.ssh-client.homeManager = {config, ...}: {
 		config,
 		pkgs,
 		...
 	}: let
 		homeDir = "${
 			if pkgs.stdenv.hostPlatform.isDarwin
 			then "/Users"
 			else "/home"
 		}/${config.home.username}";
 	in {
 		programs.ssh = {
 			enable = true;
 			enableDefaultConfig = false;
 			includes = [
-				"${homeDir}/.ssh/config_external"
+				"${config.home.homeDirectory}/.ssh/config_external"
 			];
 			matchBlocks = {
 				"*" = {};
 				"github.com" = {
 					identitiesOnly = true;
 					identityFile = [
-						"${homeDir}/.ssh/id_ed25519"
+						"${config.home.homeDirectory}/.ssh/id_ed25519"
 					];
 				};
 			};
--- a/modules/terminal.nix
+++ b/modules/terminal.nix
@@ -1,4 +1,7 @@
-{...}: {
+{...}: let
 	theme = (import ./_lib/theme.nix).rosePineDawn;
 	palette = theme.hex;
 in {
 	den.aspects.terminal.darwin = {pkgs, ...}: {
 		fonts.packages = [
 			pkgs.nerd-fonts.iosevka
@@ -40,17 +43,17 @@
 				--preview-window='border-rounded' --prompt='  ' --marker=' ' --pointer=' '
 				--separator='─' --scrollbar='┃' --layout='reverse'
-				--color=bg+:#f2e9e1,bg:#faf4ed,spinner:#ea9d34,hl:#d7827e
+				--color=bg+:${palette.overlay},bg:${palette.base},spinner:${palette.gold},hl:${palette.rose}
-				--color=fg:#797593,header:#286983,info:#56949f,pointer:#907aa9
+				--color=fg:${palette.subtle},header:${palette.pine},info:${palette.foam},pointer:${palette.iris}
-				--color=marker:#b4637a,fg+:#575279,prompt:#797593,hl+:#d7827e
+				--color=marker:${palette.love},fg+:${palette.text},prompt:${palette.subtle},hl+:${palette.rose}
-				--color=selected-bg:#f2e9e1
+				--color=selected-bg:${palette.overlay}
-				--color=border:#dfdad9,label:#575279
+				--color=border:${palette.highlightMed},label:${palette.text}
 			'';
 		};
 		xdg.configFile."ghostty/config".text = ''
 			command = ${pkgs.nushell}/bin/nu
-			theme = Rose Pine Dawn
+			theme = ${theme.ghosttyName}
 			window-padding-x = 12
 			window-padding-y = 3
 			window-padding-balance = true
@@ -69,7 +72,7 @@
 			"glow/glow.yml".text =
 				lib.concatStringsSep "\n" [
 					"# style name or JSON path (default \"auto\")"
-					"style: \"${config.xdg.configHome}/glow/rose-pine-dawn.json\""
+					"style: \"${config.xdg.configHome}/glow/${theme.slug}.json\""
 					"# mouse support (TUI-mode only)"
 					"mouse: false"
 					"# use pager to display markdown"
@@ -80,17 +83,17 @@
 					"all: false"
 					""
 				];
-			"glow/rose-pine-dawn.json".source = ./_terminal/rose-pine-dawn-glow.json;
+			"glow/${theme.slug}.json".source = ./_terminal/rose-pine-dawn-glow.json;
 		};
 		programs.bat = {
 			enable = true;
 			config = {
-				theme = "Rosé Pine Dawn";
+				theme = theme.displayName;
 				pager = "ov";
 			};
 			themes = {
-				"Rosé Pine Dawn" = {
+				"${theme.displayName}" = {
 					src =
 						pkgs.fetchFromGitHub {
 							owner = "rose-pine";
@@ -98,7 +101,7 @@
 							rev = "23bb25b9c421cdc9ea89ff3ad3825840cd19d65d";
 							hash = "sha256-GUFdv5V5OZ2PG+gfsbiohMT23LWsrZda34ReHBr2Xy0=";
 						};
-					file = "dist/rose-pine-dawn.tmTheme";
+					file = "dist/${theme.slug}.tmTheme";
 				};
 			};
 		};
--- a/modules/zellij.nix
+++ b/modules/zellij.nix
@@ -1,4 +1,8 @@
-{...}: {
+{...}: let
 	theme = (import ./_lib/theme.nix).rosePineDawn;
 	palette = theme.hex;
 	rgb = theme.rgb;
 in {
 	den.aspects.zellij.homeManager = {pkgs, ...}: {
 		programs.zellij.enable = true;
@@ -8,125 +12,125 @@
 			pane_frames false
 			show_release_notes false
 			show_startup_tips false
-			theme "rose-pine-dawn"
+			theme "${theme.slug}"
 			themes {
-			  rose-pine-dawn {
+			  ${theme.slug} {
 			    text_unselected {
-			      base 87 82 121
+			      base ${rgb.text}
-			      background 244 237 232
+			      background ${rgb.highlightLow}
-			      emphasis_0 215 130 126
+			      emphasis_0 ${rgb.rose}
-			      emphasis_1 86 148 159
+			      emphasis_1 ${rgb.foam}
-			      emphasis_2 40 105 131
+			      emphasis_2 ${rgb.pine}
-			      emphasis_3 144 122 169
+			      emphasis_3 ${rgb.iris}
 			    }
 			    text_selected {
-			      base 87 82 121
+			      base ${rgb.text}
-			      background 223 218 217
+			      background ${rgb.highlightMed}
-			      emphasis_0 215 130 126
+			      emphasis_0 ${rgb.rose}
-			      emphasis_1 86 148 159
+			      emphasis_1 ${rgb.foam}
-			      emphasis_2 40 105 131
+			      emphasis_2 ${rgb.pine}
-			      emphasis_3 144 122 169
+			      emphasis_3 ${rgb.iris}
 			    }
 			    ribbon_selected {
-			      base 244 237 232
+			      base ${rgb.highlightLow}
-			      background 40 105 131
+			      background ${rgb.pine}
-			      emphasis_0 234 157 52
+			      emphasis_0 ${rgb.gold}
-			      emphasis_1 215 130 126
+			      emphasis_1 ${rgb.rose}
-			      emphasis_2 144 122 169
+			      emphasis_2 ${rgb.iris}
-			      emphasis_3 86 148 159
+			      emphasis_3 ${rgb.foam}
 			    }
 			    ribbon_unselected {
-			      base 250 244 237
+			      base ${rgb.base}
-			      background 87 82 121
+			      background ${rgb.text}
-			      emphasis_0 234 157 52
+			      emphasis_0 ${rgb.gold}
-			      emphasis_1 215 130 126
+			      emphasis_1 ${rgb.rose}
-			      emphasis_2 144 122 169
+			      emphasis_2 ${rgb.iris}
-			      emphasis_3 86 148 159
+			      emphasis_3 ${rgb.foam}
 			    }
 			    table_title {
-			      base 40 105 131
+			      base ${rgb.pine}
-			      background 0 0 0
+			      background ${rgb.black}
-			      emphasis_0 215 130 126
+			      emphasis_0 ${rgb.rose}
-			      emphasis_1 86 148 159
+			      emphasis_1 ${rgb.foam}
-			      emphasis_2 40 105 131
+			      emphasis_2 ${rgb.pine}
-			      emphasis_3 144 122 169
+			      emphasis_3 ${rgb.iris}
 			    }
 			    table_cell_selected {
-			      base 87 82 121
+			      base ${rgb.text}
-			      background 223 218 217
+			      background ${rgb.highlightMed}
-			      emphasis_0 215 130 126
+			      emphasis_0 ${rgb.rose}
-			      emphasis_1 86 148 159
+			      emphasis_1 ${rgb.foam}
-			      emphasis_2 40 105 131
+			      emphasis_2 ${rgb.pine}
-			      emphasis_3 144 122 169
+			      emphasis_3 ${rgb.iris}
 			    }
 			    table_cell_unselected {
-			      base 87 82 121
+			      base ${rgb.text}
-			      background 244 237 232
+			      background ${rgb.highlightLow}
-			      emphasis_0 215 130 126
+			      emphasis_0 ${rgb.rose}
-			      emphasis_1 86 148 159
+			      emphasis_1 ${rgb.foam}
-			      emphasis_2 40 105 131
+			      emphasis_2 ${rgb.pine}
-			      emphasis_3 144 122 169
+			      emphasis_3 ${rgb.iris}
 			    }
 			    list_selected {
-			      base 87 82 121
+			      base ${rgb.text}
-			      background 223 218 217
+			      background ${rgb.highlightMed}
-			      emphasis_0 215 130 126
+			      emphasis_0 ${rgb.rose}
-			      emphasis_1 86 148 159
+			      emphasis_1 ${rgb.foam}
-			      emphasis_2 40 105 131
+			      emphasis_2 ${rgb.pine}
-			      emphasis_3 144 122 169
+			      emphasis_3 ${rgb.iris}
 			    }
 			    list_unselected {
-			      base 87 82 121
+			      base ${rgb.text}
-			      background 244 237 232
+			      background ${rgb.highlightLow}
-			      emphasis_0 215 130 126
+			      emphasis_0 ${rgb.rose}
-			      emphasis_1 86 148 159
+			      emphasis_1 ${rgb.foam}
-			      emphasis_2 40 105 131
+			      emphasis_2 ${rgb.pine}
-			      emphasis_3 144 122 169
+			      emphasis_3 ${rgb.iris}
 			    }
 			    frame_selected {
-			      base 40 105 131
+			      base ${rgb.pine}
-			      background 0 0 0
+			      background ${rgb.black}
-			      emphasis_0 215 130 126
+			      emphasis_0 ${rgb.rose}
-			      emphasis_1 86 148 159
+			      emphasis_1 ${rgb.foam}
-			      emphasis_2 144 122 169
+			      emphasis_2 ${rgb.iris}
-			      emphasis_3 0 0 0
+			      emphasis_3 ${rgb.black}
 			    }
 			    frame_highlight {
-			      base 215 130 126
+			      base ${rgb.rose}
-			      background 0 0 0
+			      background ${rgb.black}
-			      emphasis_0 215 130 126
+			      emphasis_0 ${rgb.rose}
-			      emphasis_1 215 130 126
+			      emphasis_1 ${rgb.rose}
-			      emphasis_2 215 130 126
+			      emphasis_2 ${rgb.rose}
-			      emphasis_3 215 130 126
+			      emphasis_3 ${rgb.rose}
 			    }
 			    exit_code_success {
-			      base 40 105 131
+			      base ${rgb.pine}
-			      background 0 0 0
+			      background ${rgb.black}
-			      emphasis_0 86 148 159
+			      emphasis_0 ${rgb.foam}
-			      emphasis_1 244 237 232
+			      emphasis_1 ${rgb.highlightLow}
-			      emphasis_2 144 122 169
+			      emphasis_2 ${rgb.iris}
-			      emphasis_3 40 105 131
+			      emphasis_3 ${rgb.pine}
 			    }
 			    exit_code_error {
-			      base 180 99 122
+			      base ${rgb.love}
-			      background 0 0 0
+			      background ${rgb.black}
-			      emphasis_0 234 157 52
+			      emphasis_0 ${rgb.gold}
-			      emphasis_1 0 0 0
+			      emphasis_1 ${rgb.black}
-			      emphasis_2 0 0 0
+			      emphasis_2 ${rgb.black}
-			      emphasis_3 0 0 0
+			      emphasis_3 ${rgb.black}
 			    }
 			    multiplayer_user_colors {
-			      player_1 144 122 169
+			      player_1 ${rgb.iris}
-			      player_2 40 105 131
+			      player_2 ${rgb.pine}
-			      player_3 215 130 126
+			      player_3 ${rgb.rose}
-			      player_4 234 157 52
+			      player_4 ${rgb.gold}
-			      player_5 86 148 159
+			      player_5 ${rgb.foam}
-			      player_6 180 99 122
+			      player_6 ${rgb.love}
-			      player_7 0 0 0
+			      player_7 ${rgb.black}
-			      player_8 0 0 0
+			      player_8 ${rgb.black}
-			      player_9 0 0 0
+			      player_9 ${rgb.black}
-			      player_10 0 0 0
+			      player_10 ${rgb.black}
 			    }
 			  }
 			}
@@ -143,26 +147,26 @@
 			      plugin location="file:${pkgs.zjstatus}/bin/zjstatus.wasm" {
 			        hide_frame_for_single_pane "true"
-			        format_left  "{mode}#[fg=#286983,bg=#faf4ed,bold] {session}#[bg=#faf4ed] {tabs}"
+			        format_left  "{mode}#[fg=${palette.pine},bg=${palette.base},bold] {session}#[bg=${palette.base}] {tabs}"
 			        format_right "{datetime}"
-			        format_space "#[bg=#faf4ed]"
+			        format_space "#[bg=${palette.base}]"
-			        mode_normal          "#[fg=#faf4ed,bg=#286983] "
+			        mode_normal          "#[fg=${palette.base},bg=${palette.pine}] "
-			        mode_locked          "#[fg=#faf4ed,bg=#ea9d34] L "
+			        mode_locked          "#[fg=${palette.base},bg=${palette.gold}] L "
-			        mode_tab             "#[fg=#faf4ed,bg=#6d8f89] T "
+			        mode_tab             "#[fg=${palette.base},bg=${palette.leaf}] T "
-			        mode_pane            "#[fg=#faf4ed,bg=#907aa9] P "
+			        mode_pane            "#[fg=${palette.base},bg=${palette.iris}] P "
-			        mode_session         "#[fg=#faf4ed,bg=#56949f] S "
+			        mode_session         "#[fg=${palette.base},bg=${palette.foam}] S "
-			        mode_resize          "#[fg=#faf4ed,bg=#ea9d34] R "
+			        mode_resize          "#[fg=${palette.base},bg=${palette.gold}] R "
-			        mode_move            "#[fg=#faf4ed,bg=#d7827e] M "
+			        mode_move            "#[fg=${palette.base},bg=${palette.rose}] M "
-			        mode_search          "#[fg=#faf4ed,bg=#b4637a] S "
+			        mode_search          "#[fg=${palette.base},bg=${palette.love}] S "
-			        tab_normal               "#[fg=#9893a5,bg=#faf4ed] {index} {name} {fullscreen_indicator}{sync_indicator}{floating_indicator}"
+			        tab_normal               "#[fg=${palette.muted},bg=${palette.base}] {index} {name} {fullscreen_indicator}{sync_indicator}{floating_indicator}"
-			        tab_active               "#[fg=#faf4ed,bg=#286983,bold,underline] {index} {name} {fullscreen_indicator}{sync_indicator}{floating_indicator}"
+			        tab_active               "#[fg=${palette.base},bg=${palette.pine},bold,underline] {index} {name} {fullscreen_indicator}{sync_indicator}{floating_indicator}"
 			        tab_fullscreen_indicator "󰊓 "
 			        tab_sync_indicator       "󰓦 "
 			        tab_floating_indicator   "󰉈 "
-			        datetime          "#[fg=#575279,bg=#faf4ed] {format} "
+			        datetime          "#[fg=${palette.text},bg=${palette.base}] {format} "
 			        datetime_format   "%A, %d %b %Y %H:%M"
 			        datetime_timezone "Europe/Berlin"
 			      }
Author	SHA1	Message	Date
Christoph Schmatzler	724abba247	fix: regenerate flake inputs for deploy	2026-03-29 18:17:27 +00:00
Christoph Schmatzler	9239e8dc6d	flk	2026-03-29 18:17:27 +00:00
Christoph Schmatzler	11c816b2c2	fix(hosts): restore user home-manager wiring and refresh pi-harness deps hash	2026-03-29 18:17:27 +00:00
Christoph Schmatzler	901059d0cd	fix: update qmd deps and deploy hosts	2026-03-29 18:17:27 +00:00
Christoph Schmatzler	4c69dddcd3	flk	2026-03-29 18:17:27 +00:00
Christoph Schmatzler	447d7f1dd7	refactor: dedupe theme values and app helpers	2026-03-29 18:17:27 +00:00
Christoph Schmatzler	a8b07b0c30	up	2026-03-29 18:17:27 +00:00
Christoph Schmatzler	94baea90d6	refactor(modules): reduce host repetition	2026-03-29 18:17:27 +00:00
Christoph Schmatzler	1bb97448a4	refactor(hosts): rename jason to janet	2026-03-29 18:17:27 +00:00
Christoph Schmatzler	3ede8cd2c2	flk	2026-03-29 18:17:27 +00:00