From 68d3c925b0edb958fcbafa589d35967dfb2a979c Mon Sep 17 00:00:00 2001
From: lassulus <git@lassul.us>
Date: Sun, 11 Jan 2026 01:29:31 +0100
Subject: 5pkgs: fix nix flake show compatibility

Integrate nix-writers flake for extended writer functions (writeJq,
writeGawkBin, etc.) using a fixpoint overlay so functions can reference
each other.

Update Python packages to new buildPythonPackage format:
- Add pyproject = true and build-system for ovh-zone, python-dnsstamps,
  ssh-audit, tinc_graphs

Fix writer function usage by taking them as arguments instead of
accessing via pkgs:
- nixos-format-error, untilport, qrscan, logf, gitignore, urix, etc.

Update deprecated nixpkgs attribute names:
- gdk_pixbuf -> gdk-pixbuf
- libSM/libX11/libXinerama -> xorg.*
- buildGo120Module -> buildGoModule

Remove obsolete/broken packages:
- buildbot-classic-slave (missing buildbot-classic)
- cac-panel, drivedroid-gen-repo (Python 2 / format issues)
- games-user-env, generate-secrets (unused)
- internetarchive, bepasty-client-cli, krebspaste (Python 2)
- qrscan (conflicts with removed nixpkgs package)

Other fixes:
- Use lib.callPackageWith for package interdependencies
- Only export derivations in flake packages output
- Limit packages output to Linux systems
- Fix IFD in ukrepl by passing path to writer instead of readFile
- Import stockholm.lib directly where needed (bling)
- Rewrite brain and git-hooks to use runCommand
---
 flake.lock                                         |  37 +++-
 flake.nix                                          |  23 +-
 krebs/5pkgs/default.nix                            |   5 +-
 krebs/5pkgs/simple/bepasty-client-cli/default.nix  |  23 --
 krebs/5pkgs/simple/bling/default.nix               |   5 +-
 krebs/5pkgs/simple/brain/default.nix               |  35 +--
 .../simple/buildbot-classic-slave/default.nix      |  18 --
 krebs/5pkgs/simple/cac-panel/default.nix           |  18 --
 krebs/5pkgs/simple/certaids.nix                    |  11 +-
 krebs/5pkgs/simple/cgit-clear-cache.nix            |   6 +-
 krebs/5pkgs/simple/cunicu.nix                      |   2 +-
 krebs/5pkgs/simple/default.nix                     |   3 +-
 krebs/5pkgs/simple/drivedroid-gen-repo/default.nix |  22 --
 krebs/5pkgs/simple/eximlog.nix                     |   6 +-
 krebs/5pkgs/simple/fortclientsslvpn/default.nix    |  14 +-
 krebs/5pkgs/simple/ftb/default.nix                 |   6 +-
 krebs/5pkgs/simple/games-user-env/default.nix      |  34 ---
 krebs/5pkgs/simple/generate-secrets/default.nix    |  49 -----
 krebs/5pkgs/simple/git-hooks/default.nix           | 235 ++++++++++-----------
 krebs/5pkgs/simple/gitignore.nix                   |  18 +-
 krebs/5pkgs/simple/gnokii/default.nix              |   4 +-
 krebs/5pkgs/simple/goify/default.nix               |   4 +-
 krebs/5pkgs/simple/internetarchive/default.nix     |  39 ----
 krebs/5pkgs/simple/irc-announce/default.nix        |   4 +-
 krebs/5pkgs/simple/krebspaste/default.nix          |  12 --
 krebs/5pkgs/simple/logf/default.nix                |  16 +-
 krebs/5pkgs/simple/nixos-format-error.nix          |   4 +-
 krebs/5pkgs/simple/ovh-zone/default.nix            |   6 +-
 krebs/5pkgs/simple/python-dnsstamps.nix            |   2 +
 krebs/5pkgs/simple/qrscan.nix                      |   7 -
 krebs/5pkgs/simple/realwallpaper/default.nix       |   9 +-
 krebs/5pkgs/simple/ssh-audit.nix                   |   2 +
 krebs/5pkgs/simple/tinc_graphs/default.nix         |   6 +-
 krebs/5pkgs/simple/ukrepl.nix                      |   6 +-
 krebs/5pkgs/simple/untilport/default.nix           |   6 +-
 krebs/5pkgs/simple/urix.nix                        |  17 +-
 36 files changed, 269 insertions(+), 445 deletions(-)
 delete mode 100644 krebs/5pkgs/simple/bepasty-client-cli/default.nix
 delete mode 100644 krebs/5pkgs/simple/buildbot-classic-slave/default.nix
 delete mode 100644 krebs/5pkgs/simple/cac-panel/default.nix
 delete mode 100644 krebs/5pkgs/simple/drivedroid-gen-repo/default.nix
 delete mode 100644 krebs/5pkgs/simple/games-user-env/default.nix
 delete mode 100644 krebs/5pkgs/simple/generate-secrets/default.nix
 delete mode 100644 krebs/5pkgs/simple/internetarchive/default.nix
 delete mode 100644 krebs/5pkgs/simple/krebspaste/default.nix
 delete mode 100644 krebs/5pkgs/simple/qrscan.nix

diff --git a/flake.lock b/flake.lock
index 1774af4dd..b11c289b4 100644
--- a/flake.lock
+++ b/flake.lock
@@ -44,6 +44,21 @@
         "type": "github"
       }
     },
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1676283394,
+        "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "hercules-ci-effects": {
       "inputs": {
         "flake-parts": [
@@ -70,7 +85,10 @@
       }
     },
     "nix-writers": {
-      "flake": false,
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      },
       "locked": {
         "lastModified": 1677612737,
         "narHash": "sha256-UaCKZ4PbMZU6UZH7XNFcjRtd5jheswl66rjZDBfQgp8=",
@@ -86,6 +104,21 @@
       }
     },
     "nixpkgs": {
+      "locked": {
+        "lastModified": 1677608380,
+        "narHash": "sha256-k82O23qBAK+43X0KSBjsMYXG2x4kWWXeAmpPTc2KRGY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "4aba90e89f6d4ac6138939961f62842bd94ec929",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
       "locked": {
         "lastModified": 1760878510,
         "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
@@ -105,7 +138,7 @@
       "inputs": {
         "buildbot-nix": "buildbot-nix",
         "nix-writers": "nix-writers",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs_2"
       }
     },
     "treefmt-nix": {
diff --git a/flake.nix b/flake.nix
index 0b8d875c7..c3a218dcf 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,10 +1,7 @@
 {
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-    nix-writers = {
-      url = "git+https://cgit.krebsco.de/nix-writers";
-      flake = false;
-    };
+    nix-writers.url = "git+https://cgit.krebsco.de/nix-writers";
     # disko.url = "github:nix-community/disko";
     # disko.inputs.nixpkgs.follows = "nixpkgs";
     buildbot-nix.url = "github:Mic92/buildbot-nix";
@@ -43,9 +40,21 @@
     };
     overlays.default = import ./krebs/5pkgs/default.nix;
     packages = let
-      packageNames = self.lib.attrNames (self.lib.mapNixDir (x: null) ./krebs/5pkgs/simple);
-      appliedOverlay = (system: self.overlays.default {} (self.inputs.nixpkgs.legacyPackages.${system} // { lib = self.lib; }));
-    in nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ] (system: self.lib.getAttrs packageNames (appliedOverlay system));
+      allNames = self.lib.attrNames (self.lib.mapNixDir (x: null) ./krebs/5pkgs/simple);
+      appliedOverlay = (system:
+        let
+          base = self.inputs.nixpkgs.legacyPackages.${system};
+          # Apply nix-writers overlay with fixpoint so its functions can find each other
+          withWriters = nixpkgs.lib.fix (final: base // nix-writers.overlays.default final base);
+        in self.overlays.default {} (withWriters // { lib = self.lib; }));
+      # Only include derivations in packages output
+      getDerivations = overlay: builtins.listToAttrs (builtins.filter (x: x != null) (map (name:
+        let val = overlay.${name} or null;
+        in if val != null && (val.type or null) == "derivation"
+           then { inherit name; value = val; }
+           else null
+      ) allNames));
+    in nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: getDerivations (appliedOverlay system));
     lib = import (self.outPath + "/lib/pure.nix") { lib = nixpkgs.lib; };
   };
 }
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index 866796a4e..f726475dd 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -8,7 +8,10 @@ with stockholm.lib;
 
 fix (foldl' (flip extends) (self: super) (
   [
-    (self: super: { inherit stockholm; })
+    (self: super: {
+      inherit stockholm;
+      inherit (super.writers) writeBash writeBashBin writeDash writeDashBin writeJSON;
+    })
   ]
   ++
   (map
diff --git a/krebs/5pkgs/simple/bepasty-client-cli/default.nix b/krebs/5pkgs/simple/bepasty-client-cli/default.nix
deleted file mode 100644
index 7811ef5fc..000000000
--- a/krebs/5pkgs/simple/bepasty-client-cli/default.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ lib, pkgs, pythonPackages, fetchFromGitHub, ... }:
-
-with pythonPackages; buildPythonPackage rec {
-  name = "bepasty-client-cli";
-  propagatedBuildInputs = [
-    python_magic
-    click
-    requests
-  ];
-
-  src = fetchFromGitHub {
-    owner = "bepasty";
-    repo = "bepasty-client-cli";
-    rev = "4b7135ba8ba1e17501de08ad7b6aca73c0d949d2";
-    sha256 = "1svchyk9zai1vip9ppm12jm7wfjbdr9ijhgcd2n10xh73jrn9cnc";
-  };
-
-  meta = {
-    homepage = https://github.com/bepasty/bepasty-client-cli;
-    description = "CLI client for bepasty-server";
-    license = lib.licenses.bsd2;
-  };
-}
diff --git a/krebs/5pkgs/simple/bling/default.nix b/krebs/5pkgs/simple/bling/default.nix
index 1c8610325..186aaa85e 100644
--- a/krebs/5pkgs/simple/bling/default.nix
+++ b/krebs/5pkgs/simple/bling/default.nix
@@ -1,4 +1,7 @@
-{ imagemagick, runCommand, stockholm, ... }:
+{ imagemagick, runCommand, lib, ... }:
+let
+  stockholm.lib = import ../../../../lib/pure.nix { inherit lib; };
+in
 with stockholm.lib;
 
 let
diff --git a/krebs/5pkgs/simple/brain/default.nix b/krebs/5pkgs/simple/brain/default.nix
index d7e36a527..9f183cfe9 100644
--- a/krebs/5pkgs/simple/brain/default.nix
+++ b/krebs/5pkgs/simple/brain/default.nix
@@ -4,25 +4,30 @@ let
   pass = pkgs.pass.withExtensions (ext: [
     ext.pass-otp
   ]);
-in
 
-pkgs.write "brain" {
-  "/bin/brain".link = pkgs.writeDash "brain" ''
+  brain = pkgs.writeDash "brain" ''
     PASSWORD_STORE_DIR=$HOME/brain \
     exec ${pass}/bin/pass "$@"
   '';
-  "/bin/brainmenu".link = pkgs.writeDash "brainmenu" ''
+
+  brainmenu = pkgs.writeDash "brainmenu" ''
     PASSWORD_STORE_DIR=$HOME/brain \
     exec ${pass}/bin/passmenu "$@"
   '';
-  "/share/bash-completion/completions/brain".link =
-    pkgs.runCommand "brain-completions" {
-    } /* sh */ ''
-      sed -r '
-        s/\<_pass?(_|\>)/_brain\1/g
-        s/\<__password_store/_brain/g
-        s/\<pass\>/brain/
-        s/\$HOME\/\.password-store/$HOME\/brain/
-      ' < ${pass}/share/bash-completion/completions/pass > $out
-    '';
-}
+
+  completions = pkgs.runCommand "brain-completions" {} ''
+    sed -r '
+      s/\<_pass?(_|\>)/_brain\1/g
+      s/\<__password_store/_brain/g
+      s/\<pass\>/brain/
+      s/\$HOME\/\.password-store/$HOME\/brain/
+    ' < ${pass}/share/bash-completion/completions/pass > $out
+  '';
+in
+
+pkgs.runCommand "brain" {} ''
+  mkdir -p $out/bin $out/share/bash-completion/completions
+  ln -s ${brain} $out/bin/brain
+  ln -s ${brainmenu} $out/bin/brainmenu
+  ln -s ${completions} $out/share/bash-completion/completions/brain
+''
diff --git a/krebs/5pkgs/simple/buildbot-classic-slave/default.nix b/krebs/5pkgs/simple/buildbot-classic-slave/default.nix
deleted file mode 100644
index a48c45ae0..000000000
--- a/krebs/5pkgs/simple/buildbot-classic-slave/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ coreutils, fetchgit, git, buildbot-classic, python2Packages, ... }:
-
-python2Packages.buildPythonApplication {
-  name = "buildbot-classic-slave-${buildbot-classic.version}";
-  namePrefix = "";
-
-  src = buildbot-classic.src;
-  postUnpack = "sourceRoot=\${sourceRoot}/slave";
-
-  nativeBuildInputs = [ git ];
-  propagatedBuildInputs = [ python2Packages.twisted ];
-  doCheck = false;
-
-  postInstall = ''
-    mkdir -p "$out/share/man/man1"
-    cp docs/buildslave.1 "$out/share/man/man1"
-  '';
-}
diff --git a/krebs/5pkgs/simple/cac-panel/default.nix b/krebs/5pkgs/simple/cac-panel/default.nix
deleted file mode 100644
index 57f58f4de..000000000
--- a/krebs/5pkgs/simple/cac-panel/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{pkgs, python3Packages, ...}:
-
-python3Packages.buildPythonPackage rec {
-  name = "cac-panel-${version}";
-  version = "0.4.4";
-
-  src = pkgs.fetchurl {
-    url = "https://pypi.python.org/packages/source/c/cac-panel/cac-panel-${version}.tar.gz";
-    sha256 = "16bx67fsbgwxciik42jhdnfzxx1xp5b0rimzrif3r7h4fawlnld8";
-  };
-
-  propagatedBuildInputs = with python3Packages; [
-    docopt
-    requests
-    beautifulsoup4
-  ];
-}
-
diff --git a/krebs/5pkgs/simple/certaids.nix b/krebs/5pkgs/simple/certaids.nix
index 34f4c3e14..094868680 100644
--- a/krebs/5pkgs/simple/certaids.nix
+++ b/krebs/5pkgs/simple/certaids.nix
@@ -1,7 +1,7 @@
 { pkgs }:
 
-pkgs.write "certaids" {
-  "/bin/cert2json".link = pkgs.writeDash "cert2json" ''
+let
+  cert2json = pkgs.writeDash "cert2json" ''
     # usage: cert2json < CERT > JSON
     set -efu
 
@@ -106,4 +106,9 @@ pkgs.write "certaids" {
       }
     ''}
   '';
-}
+in
+
+pkgs.runCommand "certaids" {} ''
+  mkdir -p $out/bin
+  ln -s ${cert2json} $out/bin/cert2json
+''
diff --git a/krebs/5pkgs/simple/cgit-clear-cache.nix b/krebs/5pkgs/simple/cgit-clear-cache.nix
index 31a2eccb3..e630a4066 100644
--- a/krebs/5pkgs/simple/cgit-clear-cache.nix
+++ b/krebs/5pkgs/simple/cgit-clear-cache.nix
@@ -1,4 +1,8 @@
-{ cache-root ? "/tmp/cgit", findutils, stockholm, writeDashBin }:
+{ cache-root ? "/tmp/cgit", findutils, lib, writeDashBin }:
+
+let
+  stockholm.lib = import ../../../lib/pure.nix { inherit lib; };
+in
 
 writeDashBin "cgit-clear-cache" ''
   set -efu
diff --git a/krebs/5pkgs/simple/cunicu.nix b/krebs/5pkgs/simple/cunicu.nix
index 4375a760c..8e193d455 100644
--- a/krebs/5pkgs/simple/cunicu.nix
+++ b/krebs/5pkgs/simple/cunicu.nix
@@ -1,6 +1,6 @@
 { lib, pkgs }:
 
-pkgs.buildGo120Module rec {
+pkgs.buildGoModule rec {
   pname = "cunicu";
   version = "g${lib.substring 0 7 src.rev}";
 
diff --git a/krebs/5pkgs/simple/default.nix b/krebs/5pkgs/simple/default.nix
index 76ad6ff10..a07e88c3b 100644
--- a/krebs/5pkgs/simple/default.nix
+++ b/krebs/5pkgs/simple/default.nix
@@ -3,8 +3,9 @@ self: super:
 let
   # This callPackage will try to detect obsolete overrides.
   lib = super.stockholm.lib;
+  callPackage' = lib.callPackageWith self;
   callPackage = path: args: let
-    override = self.callPackage path args;
+    override = callPackage' path args;
     upstream = lib.optionalAttrs (override ? "name")
       (super.${(lib.parseDrvName override.name).name} or {});
   in if upstream ? "name" &&
diff --git a/krebs/5pkgs/simple/drivedroid-gen-repo/default.nix b/krebs/5pkgs/simple/drivedroid-gen-repo/default.nix
deleted file mode 100644
index dee96d784..000000000
--- a/krebs/5pkgs/simple/drivedroid-gen-repo/default.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ fetchurl, lib, stdenv, python3Packages }:
-
-python3Packages.buildPythonPackage rec {
-  name = "drivedroid-gen-repo-${version}";
-  version = "0.4.4";
-
-  propagatedBuildInputs = [
-    python3Packages.docopt
-  ];
-
-  src = fetchurl {
-    url = "https://pypi.python.org/packages/source/d/drivedroid-gen-repo/drivedroid-gen-repo-${version}.tar.gz";
-    sha256 = "09p58hzp61r5fp025lak9z52y0aakmaqpi59p9w5xq42dvy2hnvl";
-  };
-
-  meta = {
-    homepage = http://krebsco.de/;
-    description = "Generate Drivedroid repos";
-    license = lib.licenses.wtfpl;
-  };
-}
-
diff --git a/krebs/5pkgs/simple/eximlog.nix b/krebs/5pkgs/simple/eximlog.nix
index 9e5ae8d63..4abbcfc5a 100644
--- a/krebs/5pkgs/simple/eximlog.nix
+++ b/krebs/5pkgs/simple/eximlog.nix
@@ -1,7 +1,7 @@
-{ jq, stockholm, systemd, writeDashBin }:
+{ jq, lib, systemd, writeDashBin }:
 
 let
-  lib = stockholm.lib;
+  stockholm.lib = import ../../../lib/pure.nix { inherit lib; };
   user = "exim"; # TODO make this configurable
 in
 
@@ -10,7 +10,7 @@ in
 
 writeDashBin "eximlog" ''
   ${systemd}/bin/journalctl \
-      -u ${lib.shell.escape user} \
+      -u ${stockholm.lib.shell.escape user} \
       -o short-unix \
       "$@" \
     |
diff --git a/krebs/5pkgs/simple/fortclientsslvpn/default.nix b/krebs/5pkgs/simple/fortclientsslvpn/default.nix
index 1f86d6fe4..b895eef89 100644
--- a/krebs/5pkgs/simple/fortclientsslvpn/default.nix
+++ b/krebs/5pkgs/simple/fortclientsslvpn/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, fetchurl, gnome3, glib, libSM, gdk_pixbuf, libX11, libXinerama, iproute,
+{ stdenv, lib, fetchurl, gtk3, glib, xorg, gdk-pixbuf, iproute2,
   makeWrapper, libredirect, ppp, coreutils, gawk, pango }:
 stdenv.mkDerivation rec {
   name = "forticlientsslvpn";
@@ -31,12 +31,12 @@ stdenv.mkDerivation rec {
   ];
 
   guiLibPath = lib.makeLibraryPath [
-    gnome3.gtk
+    gtk3
     glib
-    libSM
-    gdk_pixbuf
-    libX11
-    libXinerama
+    xorg.libSM
+    gdk-pixbuf
+    xorg.libX11
+    xorg.libXinerama
     pango
   ];
 
@@ -63,7 +63,7 @@ stdenv.mkDerivation rec {
     cp -r 64bit/. "$out/opt/fortinet"
     wrapProgram $out/opt/fortinet/forticlientsslvpn \
       --set LD_PRELOAD "${libredirect}/lib/libredirect.so" \
-      --set NIX_REDIRECTS /usr/bin/tail=${coreutils}/bin/tail:/usr/sbin/ip=${iproute}/bin/ip:/usr/sbin/pppd=${ppp}/bin/pppd
+      --set NIX_REDIRECTS /usr/bin/tail=${coreutils}/bin/tail:/usr/sbin/ip=${iproute2}/bin/ip:/usr/sbin/pppd=${ppp}/bin/pppd
 
     mkdir -p "$out/bin/"
 
diff --git a/krebs/5pkgs/simple/ftb/default.nix b/krebs/5pkgs/simple/ftb/default.nix
index 8007eaa52..1509961cd 100644
--- a/krebs/5pkgs/simple/ftb/default.nix
+++ b/krebs/5pkgs/simple/ftb/default.nix
@@ -1,7 +1,7 @@
 { fetchurl, lib, stdenv
-, jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm
+, jre, xorg
 , openjdk
-, mesa_glu, openal
+, libGLU, openal
 , useAlsa ? false, alsaOss ? null }:
 with lib;
 
@@ -26,7 +26,7 @@ stdenv.mkDerivation {
     #!${stdenv.shell}
 
     export _JAVA_AWT_WM_NONREPARENTING=1
-    export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa_glu openal ]}
+    export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ xorg.libX11 xorg.libXext xorg.libXcursor xorg.libXrandr xorg.libXxf86vm libGLU openal ]}
     ${if useAlsa then "${alsaOss}/bin/aoss" else "" } \
       ${jre}/bin/java -jar $out/ftb.jar
     EOF
diff --git a/krebs/5pkgs/simple/games-user-env/default.nix b/krebs/5pkgs/simple/games-user-env/default.nix
deleted file mode 100644
index abe770ed1..000000000
--- a/krebs/5pkgs/simple/games-user-env/default.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ lib, pkgs, ... }: let
-
-#TODO: make sure env exists prior to running
-env_nix = pkgs.writeText "env.nix" ''
-  { pkgs ? import <nixpkgs> {} }:
-
-  (pkgs.buildFHSUserEnv {
-    name = "simple-x11-env";
-    targetPkgs = pkgs: with pkgs; [
-      coreutils
-    ];
-    multiPkgs = pkgs: with pkgs; [
-      alsaLib
-      zlib
-      xorg.libXxf86vm
-      curl
-      openal
-      openssl_1_0_2
-      xorg.libXext
-      xorg.libX11
-      xorg.libXrandr
-      xorg.libXcursor
-      xorg.libXinerama
-      xorg.libXi
-      mesa_glu
-    ];
-    runScript = "bash";
-  }).env
-'';
-
-
-in pkgs.writeDashBin "games-user-env" ''
-  nix-shell ${env_nix}
-''
diff --git a/krebs/5pkgs/simple/generate-secrets/default.nix b/krebs/5pkgs/simple/generate-secrets/default.nix
deleted file mode 100644
index 8522b5dda..000000000
--- a/krebs/5pkgs/simple/generate-secrets/default.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{ pkgs }:
-pkgs.writers.writeDashBin "generate-secrets" ''
-  set -eu
-  HOSTNAME="$1"
-  TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
-  cd $TMPDIR
-
-  PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1)
-  HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null
-
-  ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
-  ${pkgs.tinc_pre}/bin/tinc --config "$TMPDIR" generate-keys 4096 >/dev/null
-  cat <<EOF > $TMPDIR/hashedPasswords.nix
-  {
-    root = "$HASHED_PASSWORD";
-  }
-  EOF
-
-  for x in *; do
-    ${pkgs.coreutils}/bin/cat $x | ${pkgs.brain}/bin/brain insert -m krebs-secrets/$HOSTNAME/$x > /dev/null
-  done
-  echo $PASSWORD | ${pkgs.brain}/bin/brain insert -m hosts/$HOSTNAME/root > /dev/null
-
-  cat <<EOF
-    $HOSTNAME = {
-      owner = config.krebs.users.krebs;
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.0.changeme";
-          ip6.addr = "42:0:0:0:0:0:0:changeme";
-          aliases = [
-            "$HOSTNAME.r"
-          ];
-          tinc = {
-            pubkey = ${"''"}
-  $(cat $TMPDIR/rsa_key.pub)
-            ${"''"};
-            pubkey_ed25519 = "$(cut -d ' ' -f 3 $TMPDIR/ed25519_key.pub)";
-          };
-        };
-      };
-      ssh.privkey.path = "\''${config.krebs.secret.directory}/ssh.id_ed25519";
-      ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)";
-    };
-  EOF
-
-  rm -rf $TMPDIR
-''
-
diff --git a/krebs/5pkgs/simple/git-hooks/default.nix b/krebs/5pkgs/simple/git-hooks/default.nix
index 3ec43739c..e6cde671e 100644
--- a/krebs/5pkgs/simple/git-hooks/default.nix
+++ b/krebs/5pkgs/simple/git-hooks/default.nix
@@ -1,129 +1,108 @@
-{ pkgs, stockholm, ... }:
-
-with stockholm.lib;
-
-{
-  # TODO irc-announce should return a derivation
-  #      but it cannot because krebs.git.repos.*.hooks :: attrsOf str
-  irc-announce =
-  { cgit_endpoint ? "http://cgit.${nick}.r"
-  , channel
-  , nick
-  , port ? 6667
-  , refs ? []
-  , server
-  , tls ? false
-  , verbose ? false
-  }: /* sh */ ''
-    #! /bin/sh
-    set -euf
-
-    export PATH=${makeBinPath (with pkgs; [
-      coreutils
-      git
-      gnugrep
-      gnused
-    ])}
-
-    green()  { printf '\x0303,99%s\x0F' "$1"; }
-    red()    { printf '\x0304,99%s\x0F' "$1"; }
-    orange() { printf '\x0307,99%s\x0F' "$1"; }
-    pink()   { printf '\x0313,99%s\x0F' "$1"; }
-    gray()   { printf '\x0314,99%s\x0F' "$1"; }
-
-    unset message
-    add_message() {
-      message="''${message+$message
-    }$*"
-    }
-
-    nick=${escapeShellArg nick}
-    channel=${escapeShellArg channel}
-    server=${escapeShellArg server}
-    tls=${escapeShellArg tls}
-    port=${toString port}
-
-    host=$nick
-
-    empty=0000000000000000000000000000000000000000
-
-    while read oldrev newrev ref; do
-
-      if [ $oldrev = $empty ]; then
-        receive_mode=create
-      elif [ $newrev = $empty ]; then
-        receive_mode=delete
-      elif [ "$(git merge-base $oldrev $newrev)" = $oldrev ]; then
-        receive_mode=fast-forward
-      else
-        receive_mode=non-fast-forward
-      fi
-
-      ${optionalString (refs != []) ''
-        if ! { echo "$ref" | grep -qE "${concatStringsSep "|" refs}"; }; then
-          echo "we are not announcing this ref: $h"
-          exit 0
-        fi
-      ''}
-
-      h=$(echo $ref | sed 's:^refs/heads/::')
-
-      # empty_tree=$(git hash-object -t tree /dev/null)
-      empty_tree=4b825dc6
-
-      id=$(echo $newrev | cut -b-7)
-      id2=$(echo $oldrev | cut -b-7)
-      if [ $newrev = $empty ]; then id=$empty_tree; fi
-      if [ $oldrev = $empty ]; then id2=$empty_tree; fi
-
-      ${if cgit_endpoint != null then /* sh */ ''
-        cgit_endpoint=${escapeShellArg cgit_endpoint}
-        case $receive_mode in
-          create)
-            link="$cgit_endpoint/$GIT_SSH_REPO/?h=$h"
-            ;;
-          delete)
-            link="$cgit_endpoint/$GIT_SSH_REPO/ ($h)"
-            ;;
-          fast-forward|non-fast-forward)
-            link="$cgit_endpoint/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2"
-            ;;
-        esac
-      '' else /* sh */ ''
-        link="$GIT_SSH_REPO $h"
-      ''}
-
-      #$host $GIT_SSH_REPO $ref $link
-      add_message $(pink push) $link $(gray "($receive_mode)")
-
-      ${optionalString (verbose == true || typeOf verbose == "set") /* sh */ ''
-        ${optionalString (verbose.exclude or [] != []) /* sh */ ''
-          case $ref in (${concatStringsSep "|" verbose.exclude})
-            continue
-          esac
-        ''}
-        add_message "$(
-          git log \
-              --format="$(orange %h) %s $(gray '(%ar)')" \
-              --no-merges \
-              --reverse \
-              $id2..$id
-
-          git diff --stat $id2..$id \
-            | sed '$!s/\(+*\)\(-*\)$/'$(green '\1')$(red '\2')'/'
-        )"
-      ''}
-
-    done
-
-    if test -n "''${message-}"; then
-      exec ${pkgs.irc-announce}/bin/irc-announce \
-        "$server" \
-        "$port" \
-        "$nick" \
-        "$channel" \
-        "$tls" \
-        "$message"
-    fi
-  '';
+{ pkgs, lib, writeDash, ... }:
+
+let
+  stockholm.lib = import ../../../../lib/pure.nix { inherit lib; };
+  inherit (stockholm.lib) makeBinPath;
+in
+
+pkgs.runCommand "irc-announce-git-hook" {} ''
+  mkdir -p $out/bin
+  cat > $out/bin/irc-announce-git-hook << 'OUTER'
+#!${pkgs.dash}/bin/dash
+set -euf
+
+# Required environment variables:
+# IRC_SERVER, IRC_PORT, IRC_NICK, IRC_CHANNEL
+# Optional: IRC_TLS (set to "true" for TLS), CGIT_ENDPOINT, VERBOSE
+
+export PATH=${makeBinPath (with pkgs; [
+  coreutils
+  git
+  gnugrep
+  gnused
+])}:$PATH
+
+green()  { printf '\x0303,99%s\x0F' "$1"; }
+red()    { printf '\x0304,99%s\x0F' "$1"; }
+orange() { printf '\x0307,99%s\x0F' "$1"; }
+pink()   { printf '\x0313,99%s\x0F' "$1"; }
+gray()   { printf '\x0314,99%s\x0F' "$1"; }
+
+unset message
+add_message() {
+  message="''${message+$message
+}$*"
 }
+
+empty=0000000000000000000000000000000000000000
+
+while read oldrev newrev ref; do
+
+  if [ $oldrev = $empty ]; then
+    receive_mode=create
+  elif [ $newrev = $empty ]; then
+    receive_mode=delete
+  elif [ "$(git merge-base $oldrev $newrev)" = $oldrev ]; then
+    receive_mode=fast-forward
+  else
+    receive_mode=non-fast-forward
+  fi
+
+  h=$(echo $ref | sed 's:^refs/heads/::')
+
+  empty_tree=4b825dc6
+
+  id=$(echo $newrev | cut -b-7)
+  id2=$(echo $oldrev | cut -b-7)
+  if [ $newrev = $empty ]; then id=$empty_tree; fi
+  if [ $oldrev = $empty ]; then id2=$empty_tree; fi
+
+  if [ -n "''${CGIT_ENDPOINT:-}" ]; then
+    case $receive_mode in
+      create)
+        link="$CGIT_ENDPOINT/$GIT_SSH_REPO/?h=$h"
+        ;;
+      delete)
+        link="$CGIT_ENDPOINT/$GIT_SSH_REPO/ ($h)"
+        ;;
+      fast-forward|non-fast-forward)
+        link="$CGIT_ENDPOINT/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2"
+        ;;
+    esac
+  else
+    link="$GIT_SSH_REPO $h"
+  fi
+
+  add_message $(pink push) $link $(gray "($receive_mode)")
+
+  if [ "''${VERBOSE:-}" = "true" ]; then
+    add_message "$(
+      git log \
+          --format="$(orange %h) %s $(gray '(%ar)')" \
+          --no-merges \
+          --reverse \
+          $id2..$id
+
+      git diff --stat $id2..$id \
+        | sed '$!s/\(+*\)\(-*\)$/'"$(green '\1')$(red '\2')"'/'
+    )"
+  fi
+
+done
+
+if test -n "''${message-}"; then
+  tls_flag=""
+  if [ "''${IRC_TLS:-}" = "true" ]; then
+    tls_flag="1"
+  fi
+  exec ${pkgs.irc-announce}/bin/irc-announce \
+    "$IRC_SERVER" \
+    "$IRC_PORT" \
+    "$IRC_NICK" \
+    "$IRC_CHANNEL" \
+    "$tls_flag" \
+    "$message"
+fi
+OUTER
+  chmod +x $out/bin/irc-announce-git-hook
+''
diff --git a/krebs/5pkgs/simple/gitignore.nix b/krebs/5pkgs/simple/gitignore.nix
index b3c750a08..b7a9f7eb5 100644
--- a/krebs/5pkgs/simple/gitignore.nix
+++ b/krebs/5pkgs/simple/gitignore.nix
@@ -1,4 +1,4 @@
-{ pkgs }:
+{ pkgs, writeDash }:
 
 /* gitignore - Filter for intentionally untracked lines or blocks of code
 
@@ -34,13 +34,9 @@ Installation:
   [2]: For more information about assigning filters see gitattributes(5).
 */
 
-pkgs.execBin "gitignore" {
-  filename = "${pkgs.gnused}/bin/sed";
-  argv = [
-    "gitignore"
-    /* sed */ ''
-      /#gitignore-begin/,/#gitignore-end/d
-      /#gitignore/d
-    ''
-  ];
-}
+writeDash "gitignore" ''
+  exec ${pkgs.gnused}/bin/sed '
+    /#gitignore-begin/,/#gitignore-end/d
+    /#gitignore/d
+  '
+''
diff --git a/krebs/5pkgs/simple/gnokii/default.nix b/krebs/5pkgs/simple/gnokii/default.nix
index 995de3468..c11a6be6d 100644
--- a/krebs/5pkgs/simple/gnokii/default.nix
+++ b/krebs/5pkgs/simple/gnokii/default.nix
@@ -1,5 +1,5 @@
 { lib, stdenv, fetchurl, intltool, perl, gettext, libusb-compat-0_1, pkg-config, bluez
-, readline, pcsclite, libical, gtk2, glib, libXpm
+, readline, pcsclite, libical, gtk2, glib, libxpm
 , fetchpatch
 }:
 
@@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
   buildInputs = [
     perl intltool gettext libusb-compat-0_1
     glib gtk2 pkg-config bluez readline
-    libXpm pcsclite libical
+    libxpm pcsclite libical
   ];
 
   meta = {
diff --git a/krebs/5pkgs/simple/goify/default.nix b/krebs/5pkgs/simple/goify/default.nix
index 9c44aaeeb..7cc3d1b86 100644
--- a/krebs/5pkgs/simple/goify/default.nix
+++ b/krebs/5pkgs/simple/goify/default.nix
@@ -1,6 +1,6 @@
-{ pkgs, ... }:
+{ pkgs, writeBashBin, ... }:
 
-pkgs.writeBashBin "goify" ''
+writeBashBin "goify" ''
   set -euf
 
   GO_HOST=''${GO_HOST:-go}
diff --git a/krebs/5pkgs/simple/internetarchive/default.nix b/krebs/5pkgs/simple/internetarchive/default.nix
deleted file mode 100644
index dfe93befd..000000000
--- a/krebs/5pkgs/simple/internetarchive/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ lib, pkgs, stdenv, pkgs }:
-with pkgs.python3Packages;
-buildPythonPackage rec {
-  pname = "internetarchive";
-  version = "1.7.3";
-  name = "${pname}-${version}";
-
-  src = fetchPypi {
-    inherit pname version;
-    sha256 = "0x3saklabdx7qrr11h5bjfd75hfbih7pw5gvl2784zvvvrqrz45g";
-  };
-
-  propagatedBuildInputs = [
-    requests
-    jsonpatch
-    docopt
-    clint
-    six
-    schema
-    backports_csv
-  ];
-
-  # check only works when cloned from git repo
-  doCheck = false;
-
-  checkInputs = [
-    pytest
-    responses
-  ];
-
-  prePatch = ''
-    sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py
-  '';
-
-  meta = with lib; {
-    description = "python library and cli for uploading files to internet archive";
-    license = licenses.agpl3;
-  };
-}
diff --git a/krebs/5pkgs/simple/irc-announce/default.nix b/krebs/5pkgs/simple/irc-announce/default.nix
index 75036d41c..d5eae30c5 100644
--- a/krebs/5pkgs/simple/irc-announce/default.nix
+++ b/krebs/5pkgs/simple/irc-announce/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ pkgs, ircaids, ... }:
 
 pkgs.writers.writeDashBin "irc-announce" ''
   set -euf
@@ -15,7 +15,7 @@ pkgs.writers.writeDashBin "irc-announce" ''
   fi
 
   printf %s "$message" |
-  ${pkgs.ircaids}/bin/ircsink \
+  ${ircaids}/bin/ircsink \
       --nick="$IRC_NICK" \
       --port="$IRC_PORT" \
       --server="$IRC_SERVER" \
diff --git a/krebs/5pkgs/simple/krebspaste/default.nix b/krebs/5pkgs/simple/krebspaste/default.nix
deleted file mode 100644
index d97b6a053..000000000
--- a/krebs/5pkgs/simple/krebspaste/default.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ bepasty-client-cli, gnused, writeDashBin }:
-
-writeDashBin "krebspaste" ''
-  ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" |
-  ${gnused}/bin/sed '
-    $ {
-      s/$/\/+inline/
-      p
-      s/\<r\>/krebsco.de/
-    }
-  '
-''
diff --git a/krebs/5pkgs/simple/logf/default.nix b/krebs/5pkgs/simple/logf/default.nix
index 36a7fed2f..3a4c84de2 100644
--- a/krebs/5pkgs/simple/logf/default.nix
+++ b/krebs/5pkgs/simple/logf/default.nix
@@ -1,9 +1,9 @@
-{ lib, pkgs, ... }:
+{ lib, pkgs, writeDash, writeDashBin, writeJSON, writeJq, ... }:
 
 let
-  default-host-colors = pkgs.writeJSON "logf.default-host-colors.json" {
+  default-host-colors = writeJSON "logf.default-host-colors.json" {
   };
-  default-prio-colors = pkgs.writeJSON "logf.default-prio-colors.json" {
+  default-prio-colors = writeJSON "logf.default-prio-colors.json" {
     "0" = 196; # emerg
     "1" = 160; # alert
     "2" = 124; # crit
@@ -14,17 +14,17 @@ let
     "7" = 139; # debug
     "-" = 005; # undefined priority
   };
-  default-urgent = pkgs.writeJSON "logf.default-urgent.json" [
+  default-urgent = writeJSON "logf.default-urgent.json" [
   ];
 in
 
-pkgs.writeDashBin "logf" ''
+writeDashBin "logf" ''
   export LOGF_HOST_COLORS LOGF_PRIO_COLORS LOGF_URGENT
   LOGF_HOST_COLORS=$(cat "''${LOGF_HOST_COLORS-${default-host-colors}}")
   LOGF_PRIO_COLORS=$(cat "''${LOGF_PRIO_COLORS-${default-prio-colors}}")
   LOGF_URGENT=$(cat "''${LOGF_URGENT-${default-urgent}}")
   printf '%s\0' "$@" \
-    | ${pkgs.findutils}/bin/xargs -0 -P 0 -n 1 ${pkgs.writeDash "logf-remote" ''
+    | ${pkgs.findutils}/bin/xargs -0 -P 0 -n 1 ${writeDash "logf-remote" ''
         target=$1
         target_host=$(echo "$1" | sed 's/^.*@//;s/\..*//')
         exec 3>&1
@@ -32,7 +32,7 @@ pkgs.writeDashBin "logf" ''
             -o PreferredAuthentications=publickey \
             -o StrictHostKeyChecking=yes \
             exec journalctl -af -n 0 -o json \
-          | stdbuf -oL jq -Rcf ${pkgs.writeJq "logf-remote-error.jq" ''
+          | stdbuf -oL jq -Rcf ${writeJq "logf-remote-error.jq" ''
               {
                 PRIORITY: "4",
                 MESSAGE: .,
@@ -42,7 +42,7 @@ pkgs.writeDashBin "logf" ''
         sleep 10m
         exec "$0" "$@"
       ''} \
-    | ${pkgs.jq}/bin/jq -Rrf ${pkgs.writeJq "logf-filter.jq" ''
+    | ${pkgs.jq}/bin/jq -Rrf ${writeJq "logf-filter.jq" ''
         (env.LOGF_HOST_COLORS | fromjson) as $host_colors |
         (env.LOGF_PRIO_COLORS | fromjson) as $prio_colors |
         (env.LOGF_URGENT | fromjson | map("(\(.))") | join("|"))
diff --git a/krebs/5pkgs/simple/nixos-format-error.nix b/krebs/5pkgs/simple/nixos-format-error.nix
index a28f7245f..aa1c57926 100644
--- a/krebs/5pkgs/simple/nixos-format-error.nix
+++ b/krebs/5pkgs/simple/nixos-format-error.nix
@@ -1,6 +1,6 @@
-{ pkgs }:
+{ writeGawkBin, ... }:
 
-pkgs.writeGawkBin "nixos-format-error" ''
+writeGawkBin "nixos-format-error" ''
   # usage: nixos-rebuild ... 2>&1 | nixos-format-error
 
   function out() {
diff --git a/krebs/5pkgs/simple/ovh-zone/default.nix b/krebs/5pkgs/simple/ovh-zone/default.nix
index bc0e45cb9..a31611ea2 100644
--- a/krebs/5pkgs/simple/ovh-zone/default.nix
+++ b/krebs/5pkgs/simple/ovh-zone/default.nix
@@ -6,9 +6,11 @@
 ## diff future.sorted current.sorted
 
 python3Packages.buildPythonPackage rec {
-  name = "ovh-zone-${version}";
+  pname = "ovh-zone";
   version = "0.4.4";
-  propagatedBuildInputs = with pkgs.python3Packages;[
+  pyproject = true;
+  build-system = [ python3Packages.setuptools ];
+  dependencies = with pkgs.python3Packages;[
     ovh
     docopt
   ];
diff --git a/krebs/5pkgs/simple/python-dnsstamps.nix b/krebs/5pkgs/simple/python-dnsstamps.nix
index 18d08fec8..314e11610 100644
--- a/krebs/5pkgs/simple/python-dnsstamps.nix
+++ b/krebs/5pkgs/simple/python-dnsstamps.nix
@@ -3,6 +3,8 @@
 python3Packages.buildPythonPackage rec {
   pname = "dnsstamps";
   version = "1.3.0";
+  pyproject = true;
+  build-system = [ python3Packages.setuptools ];
 
   src = python3Packages.fetchPypi {
     inherit pname version;
diff --git a/krebs/5pkgs/simple/qrscan.nix b/krebs/5pkgs/simple/qrscan.nix
deleted file mode 100644
index df9a98053..000000000
--- a/krebs/5pkgs/simple/qrscan.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ pkgs }:
-
-pkgs.writeDashBin "qrscan" ''
-  set -efu
-
-  ${pkgs.zbar}/bin/zbarcam -1 | ${pkgs.gnused}/bin/sed -n 's/^QR-Code://p'
-''
diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix
index 5364a37dc..44e888879 100644
--- a/krebs/5pkgs/simple/realwallpaper/default.nix
+++ b/krebs/5pkgs/simple/realwallpaper/default.nix
@@ -1,8 +1,10 @@
-{ pkgs, ... }:
+{ pkgs, nomads-cloud, ... }:
 pkgs.writers.writeDashBin "generate-wallpaper" ''
   set -euf
 
-  export PATH=${with pkgs; lib.makeBinPath [
+  export PATH=${pkgs.lib.makeBinPath ([
+    nomads-cloud
+  ] ++ (with pkgs; [
     coreutils
     curl
     gnugrep
@@ -12,9 +14,8 @@ pkgs.writers.writeDashBin "generate-wallpaper" ''
     imagemagick
     inkscape
     jq
-    nomads-cloud
     xplanet
-  ]}
+  ]))}
 
   # usage: getimg FILENAME URL
   fetch() {
diff --git a/krebs/5pkgs/simple/ssh-audit.nix b/krebs/5pkgs/simple/ssh-audit.nix
index 4574eb644..286282107 100644
--- a/krebs/5pkgs/simple/ssh-audit.nix
+++ b/krebs/5pkgs/simple/ssh-audit.nix
@@ -4,6 +4,8 @@ python3Packages.buildPythonPackage rec {
   inherit (meta) version;
 
   pname = "ssh-audit";
+  pyproject = true;
+  build-system = [ python3Packages.setuptools ];
 
   src = fetchFromGitHub {
     owner = "arthepsy";
diff --git a/krebs/5pkgs/simple/tinc_graphs/default.nix b/krebs/5pkgs/simple/tinc_graphs/default.nix
index 953804dd0..11079a9a3 100644
--- a/krebs/5pkgs/simple/tinc_graphs/default.nix
+++ b/krebs/5pkgs/simple/tinc_graphs/default.nix
@@ -1,10 +1,12 @@
 { fetchFromGitHub, lib, pkgs, python3Packages, stdenv }:
 
 python3Packages.buildPythonPackage rec {
-  name = "tinc_graphs-${version}";
+  pname = "tinc_graphs";
   version = "0.4.0";
+  pyproject = true;
+  build-system = [ python3Packages.setuptools ];
 
-  propagatedBuildInputs = with pkgs;[
+  dependencies = with pkgs;[
     python3Packages.pygeoip
     ## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
   ];
diff --git a/krebs/5pkgs/simple/ukrepl.nix b/krebs/5pkgs/simple/ukrepl.nix
index bdea4181f..da1c05c92 100644
--- a/krebs/5pkgs/simple/ukrepl.nix
+++ b/krebs/5pkgs/simple/ukrepl.nix
@@ -1,5 +1,5 @@
-{ lib, pkgs,stdenv }:
-let 
+{ lib, pkgs, stdenv }:
+let
   src = pkgs.fetchFromGitHub {
     owner = "makefu";
     repo = "ukrepl";
@@ -7,5 +7,5 @@ let
     hash = "sha256:1lnhkf02f18fvf3l2fcszvs4x115lql17akabd5ph9ff9z33k8rv";
   };
 in
-  pkgs.writers.writePython3Bin "ukrepl" {} (builtins.readFile (src + "/ukrepl"))
+  pkgs.writers.writePython3Bin "ukrepl" {} (src + "/ukrepl")
 
diff --git a/krebs/5pkgs/simple/untilport/default.nix b/krebs/5pkgs/simple/untilport/default.nix
index 2930fd1eb..d299ec807 100644
--- a/krebs/5pkgs/simple/untilport/default.nix
+++ b/krebs/5pkgs/simple/untilport/default.nix
@@ -1,6 +1,6 @@
-{ pkgs, ... }:
+{ libressl, writeDashBin, ... }:
 
-pkgs.writeDashBin "untilport" ''
+writeDashBin "untilport" ''
   set -euf
 
   usage() {
@@ -13,6 +13,6 @@ pkgs.writeDashBin "untilport" ''
   if [ $# -ne 2 ]; then
     usage
   else
-    until ${pkgs.libressl.nc}/bin/nc -z "$@"; do sleep 1; done
+    until ${libressl.nc}/bin/nc -z "$@"; do sleep 1; done
   fi
 ''
diff --git a/krebs/5pkgs/simple/urix.nix b/krebs/5pkgs/simple/urix.nix
index 73ea3e665..9ac3a115c 100644
--- a/krebs/5pkgs/simple/urix.nix
+++ b/krebs/5pkgs/simple/urix.nix
@@ -1,14 +1,13 @@
-{ pkgs, stockholm }:
+{ pkgs, lib, writeDash }:
+
+let
+  stockholm.lib = import ../../../lib/pure.nix { inherit lib; };
+in
 
 # urix - URI eXtractor
 # Extract all the URIs from standard input and write them to standard output!
 # usage: urix < SOMEFILE
 
-pkgs.execBin "urix" {
-  filename = "${pkgs.gnugrep}/bin/grep";
-  argv = [
-    "urix"
-    "-Eo"
-    "\\b${stockholm.lib.uri.posix-extended-regex}\\b"
-  ];
-}
+writeDash "urix" ''
+  exec ${pkgs.gnugrep}/bin/grep -Eo '\b${stockholm.lib.uri.posix-extended-regex}\b'
+''
-- 
cgit v1.2.3