diff --git a/common/default.nix b/common/default.nix
index f6c8c0a..bc3cc10 100644
--- a/common/default.nix
+++ b/common/default.nix
@@ -5,6 +5,7 @@
     ./environment.nix
     ./home-manager.nix
     ./nginx.nix
+    ./nixpkgs.nix
     ./openssh.nix
     ./security.nix
   ];
diff --git a/common/home-manager.nix b/common/home-manager.nix
index e4d7106..6740dbc 100644
--- a/common/home-manager.nix
+++ b/common/home-manager.nix
@@ -1,13 +1,18 @@
 { config, lib, pkgs, ... }:
 
 {
-  home-manager.users = {
-    qenya = { config, lib, pkgs, osConfig, ... }: {
-      home.homeDirectory = osConfig.users.users.qenya.home;
+  home-manager = {
+    useUserPackages = true;
+    useGlobalPkgs = true;
 
-      imports = [
-        ../home/qenya
-      ];
+    users = {
+      qenya = { config, lib, pkgs, osConfig, ... }: {
+        home.homeDirectory = osConfig.users.users.qenya.home;
+
+        imports = [
+          ../home/qenya
+        ];
+      };
     };
   };
 }
diff --git a/common/nixpkgs.nix b/common/nixpkgs.nix
new file mode 100644
index 0000000..b11cac9
--- /dev/null
+++ b/common/nixpkgs.nix
@@ -0,0 +1,14 @@
+{ config, lib, pkgs, inputs, ... }:
+
+{
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+      packageOverrides = pkgs: {
+        agenix = inputs.agenix.packages.${config.nixpkgs.hostPlatform.system}.default;
+      };
+    };
+
+    overlays = [ inputs.nur.overlay ];
+  };
+}
diff --git a/flake.nix b/flake.nix
index 3e5ffdb..de114b3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -27,24 +27,15 @@
         nodeNixpkgs = {
           kalessin = import nixpkgs { system = "aarch64-linux"; }; # TODO: this should be generated from the host config somehow
         };
+        specialArgs = {
+          inherit inputs;
+        };
       };
 
-      defaults = { name, nodes, config, ... }: {
+      defaults = { name, nodes, ... }: {
         networking.hostName = name;
 
         nix.settings.experimental-features = "nix-command flakes";
-        nix.nixPath = [ "nixpkgs=flake:nixpkgs" ];
-        nixpkgs.config.allowUnfree = true;
-
-        nixpkgs.config.packageOverrides = pkgs: {
-          agenix = inputs.agenix.packages.${config.nixpkgs.hostPlatform.system}.default;
-        };
-        nixpkgs.overlays = [ inputs.nur.overlay ];
-
-        home-manager = {
-          useUserPackages = true;
-          useGlobalPkgs = true;
-        };
 
         imports = [
           home-manager.nixosModules.home-manager
@@ -56,7 +47,7 @@
         ];
       };
 
-      kilgharrah.imports = [ ./hosts/kilgharrah ];
+      kilgharrah.imports = [ ./hosts/kilgharrah ] ;
       tohru.imports = [ ./hosts/tohru ];
 
       yevaud = { name, nodes, ... }: {
diff --git a/home/qenya/default.nix b/home/qenya/default.nix
index 4923dcb..e3197ef 100644
--- a/home/qenya/default.nix
+++ b/home/qenya/default.nix
@@ -2,7 +2,6 @@
   imports = [
     ./dconf
     ./cli.nix
-    ./firefox.nix
     ./git.nix
     ./tmux.nix
     ./vscode.nix
diff --git a/home/qenya/firefox.nix b/home/qenya/firefox.nix
deleted file mode 100644
index ebfd2ca..0000000
--- a/home/qenya/firefox.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  programs.firefox = {
-    # coming in 24.11
-    # languagePacks = [ "en-GB" ];
-
-    profiles.default = {
-      extensions = with pkgs.nur.repos.rycee.firefox-addons; [
-        bitwarden
-        ublock-origin
-      ];
-
-      settings = {
-        "browser.startup.page" = 3; # resume previous session
-        "browser.newtabpage.activity-stream.showSponsored" = false;
-        "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
-
-        # disable telemetry
-        "datareporting.healthreport.uploadEnabled" = false;
-        "app.shield.optoutstudies.enabled" = false;
-        "browser.crashReports.unsubmittedCheck.autoSubmit2" = false;
-
-        # disable prefetch?
-
-        # DNS over HTTPS
-        "network.trr.custom_uri" = "https://base.dns.mullvad.net/dns-query";
-        "network.trr.excluded-domains" = "detectportal.firefox.com";
-        "network.trr.mode" = 3;
-        "network.trr.uri" = "https://base.dns.mullvad.net/dns-query";
-
-        "browser.search.suggest.enabled" = false;
-        "browser.urlbar.suggest.searches" = false;
-
-        "dom.security.https_only_mode" = true;
-        "browser.contentblocking.category" = "strict"; # Enhanced Tracking Protection
-        # I think these are implied by the above
-        # "privacy.donottrackheader.enabled" = true;
-        # "privacy.trackingprotection.enabled" = true;
-        # "privacy.trackingprotection.emailtracking.enabled" = true;
-        # "privacy.trackingprotection.socialtracking.enabled" = true;
-
-        "privacy.sanitize.sanitizeOnShutdown" = true;
-        "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = false;
-
-        "dom.private-attribution.submission.enabled" = false; # disable "Privacy-Preserving Attribution for Advertising"
-        "extensions.autoDisableScopes" = 0; # automatically enable extensions installed through nix
-      };
-    };
-  };
-}
diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix
index 2ebda52..4fdeb48 100644
--- a/hosts/tohru/home.nix
+++ b/hosts/tohru/home.nix
@@ -4,7 +4,7 @@
   dconf.enable = true;
 
   programs = {
-    firefox.enable = true;
+    firefox.enable = true; # TODO: config is not yet nix-ified
     vscode.enable = true;
   };