diff --git a/README.md b/README.md
index 5b60ad4..d576527 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,6 @@ Apple Silicon hosts require additional `--impure` flag for firmware installation
 - celerrime (MacBook Air M2) (coding)
 - vetus (iMac 27" 2017) (gaming)
 - stella (Random Ryzen 3 3250U laptop) (lite web surfing client)
-- celerrime-x (MacBook Air M2 under Darwin) - Needs unifying + doesn't work - Nix daemon gets in "boot loop"
 - rubusidaeus (Raspberry Pi 4B) (small services)
 - periculo (StarFive VisionFive2) (as router) - WIP + untested
 
@@ -71,7 +70,7 @@ curl https://iva.bz/nix | sh
   - [x] iva.bz (proxying not-Nix env)
   - [x] ивабус.рф (proxying not-Nix env)
 - Setup "secret" roles (I need them)
-- Setup router (in progress with `periculo`)
+- Setup router (in progress with `periculo`, aughhhhhhhhh it seems like I need to crosscompile it for 30 days straight, so no fast progress)
 - Setup dotfiles properly with home-manager
 
 ## Copyright
diff --git a/common/base.nix b/common/base.nix
index ebb17dc..720bff5 100644
--- a/common/base.nix
+++ b/common/base.nix
@@ -11,6 +11,8 @@ in {
     '';
     settings = {
       sandbox = true;
+      trusted-users = [ "root" "ivabus" ];
+      allowed-users = [ "root" "ivabus" ];
     };
     gc = {
       automatic = true;
@@ -22,16 +24,21 @@ in {
     doc.enable = false;
     info.enable = false;
     man.enable = true;
+    nixos.enable = false;
   };
 
-  environment.systemPackages = with pkgs;
-    [ wget curl git git-crypt neovim python3Full ]
-    ++ lib.optionals pkgs.stdenv.isLinux [
-      usbutils
-      pciutils
-      coreutils
-      killall
-    ];
+  environment.systemPackages = with pkgs; [
+    wget
+    curl
+    git
+    git-crypt
+    neovim
+    python3
+    usbutils
+    pciutils
+    coreutils
+    killall
+  ];
   # Inject secrets through module arguments while evaluating configs.
   _module.args.secrets = secrets;
 }
diff --git a/common/default.nix b/common/default.nix
index 722056a..a214c5f 100644
--- a/common/default.nix
+++ b/common/default.nix
@@ -1,6 +1,7 @@
 {
   imports = [
     ./base.nix
+    # ./dotfiles.nix unfinished yet
     ./git.nix
     ./laptop.nix
     ./locale.nix
diff --git a/common/user.nix b/common/user.nix
index 0ff6f8c..20bc5f6 100644
--- a/common/user.nix
+++ b/common/user.nix
@@ -3,11 +3,8 @@
 let
   cfg = config.my.users;
   keys = [
-    # celerrime-x
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6HY6er37FUz2tPQnwq5SUQZ5KHmMpGQA5yNlxPOyoCV+uvdx/cU8KF7jlFoyBC9xf2FvNyB8H1MZ6t2eUs4m/pVMpoBbNSTZLSxlvv2n4HuxL2Sg3qPdioJOyxDfnXA4OIZ+Tc+z4zM3ZnPJm1ccGW7W+YPhZ7GhBpl5wlMw+m06dCt8wfdDA4fuf4brnLt1ZMs4aOtVM8u4ZEtMs3IVXVUgtRH5m0RXZ94s7RkrUHhl2UOkOclhkQOiQop9RuJMjpi+iYkDYCniuGCKcKPrmi1+qicKM8KyrYGqR7FkUvzr+H8XtJXu++Kvmjcn54jDYqM4sq/MNL2rf8QaIUGLwiq2ljH2dGamElvElWZoXQBGPp4L80IEbaMVISIcvcNj+8cKW3rPvEUK5iT8jCkIOUwm1oo70YawS5VXTPLDsZif12QduTcJhVJekEaP0ZSifO52zeJksj0adwiEMJPqm7bIk5Y+9dCbQH7PtkWY4Tw3bdGNsYnTXC80MeEfrIKE= ivabus@celerrime-x"
-
     # Celerrime
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgZJjP2BRycxcR53sriaityzT24f+umMO8iz/xUvWRUJpgwA4WJyqgKwxuIhKYPUZ7e3H/vVPrt3ZqAaqoFM7OildtcXyRskwinuAxE6lhOEE69s1M3iqCXbrTM9YluMlrvf7yd4edInH0jdlCTwuZOY+yisrGU+nOpSSuJgcwlme2fv1pQtKgTQpqz1GflIaXm5415Do4okanNlfuAJXix7ic0PkaLN0gTtONqwJR1W3hkF8hnlHV49t8QvrJHgQptbVdDgd9f96+a6OL6y/6rixnEU23yuC29lWxSwrixwC0xY+/CjhMlDzXqvePG55vC4K5UQypKcvMOCLV/0z9s5m0ca5mvS9eqPDcUj2+9r7VFaL0IdZl4i7eG9JJSS4h/22Or7CdU9Dv0kiMYP3HLiihjS/lrQVEEYpEMr3DmhSnij5DeGZFmMRM2UN5ZqR7/QhkslhQg340ik6ZENjpxuQ9rQino5XRK52DoUiLHleKI/ibBHQ4LiREvX9muyM= ivabus@celerrime"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0GX4/09I5B7nVeU3EKw58VyKNsbwpi4KzuJrgpoVfR ivabus@celerrime-x"
   ];
 in rec {
   options.my.users = {
diff --git a/flake.nix b/flake.nix
index 2dfd60e..0db7b9e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -6,7 +6,7 @@
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
 
     home-manager = {
-      url = "github:nix-community/home-manager/release-23.05";
+      url = "github:nix-community/home-manager/master";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
@@ -14,11 +14,6 @@
 
     #nixos-vf2 = { url = "path:/root/nixos-vf2"; };
     #nixos-vf2 = { url = "github:Snektron/nixos-vf2"; };
-
-    nix-darwin = {
-      url = "github:LnL7/nix-darwin/master";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
   };
 
   outputs = { self, nixpkgs, home-manager, nix-darwin, apple-silicon-support
@@ -46,6 +41,12 @@
         ];
       };
 
+      # cursor = vm for "running" linux programs on aarch64
+      nixosConfigurations."cursor" = nixpkgs.lib.nixosSystem {
+        system = "aarch64-linux";
+        modules = [ home-manager.nixosModules.home-manager ./machines/cursor ];
+      };
+
       # Raspberry Pi 4B 2GB RAM
       nixosConfigurations."rubusidaeus" = nixpkgs.lib.nixosSystem {
         system = "aarch64-linux";
@@ -67,20 +68,6 @@
         ];
       };
 
-      # Celerrime under macOS
-      darwinConfigurations."celerrime-x" = nix-darwin.lib.darwinSystem {
-        system = "aarch64-darwin";
-        modules =
-          [ home-manager.darwinModules.home-manager ./machines/celerrime-x ];
-      };
-
-      # effundam (Macbook as a Server for a little while) under macOS
-      darwinConfigurations."effundam-x" = nix-darwin.lib.darwinSystem {
-        system = "aarch64-darwin";
-        modules =
-          [ home-manager.darwinModules.home-manager ./machines/effundam-x ];
-      };
-
       # These machines will be configured later.
       /* # Effundam = MacBook Air M1 (server usage). Will not be added to flake.nix until thunderbolt and apfs proper support
          nixosConfigurations."effundam" = nixpkgs.lib.nixosSystem {
diff --git a/machines/celerrime-x/default.nix b/machines/celerrime-x/default.nix
deleted file mode 100644
index 79c1914..0000000
--- a/machines/celerrime-x/default.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-{ pkgs, home, lib, ... }: {
-  # Cannot use "my" for a while. Need to adapt it not to be linux-only
-  imports = [ ../../common/base.nix ];
-
-  nixpkgs.config.allowUnfree = true;
-  environment.systemPackages = with pkgs; [
-    neofetch
-
-    vscode
-    rustc
-    cargo
-    clang
-    llvm
-    lld
-    python3Full
-    gnumake
-    automake
-    autoconf
-    meson
-    ninja
-    picocom
-    screen
-    hyperfine
-  ];
-  security.pam.enableSudoTouchIdAuth = true;
-
-  networking = {
-    dns = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" ];
-    knownNetworkServices = [ "USB 10/100/1000 LAN" "Wi-Fi" "iPhone USB" ];
-
-    hostName = "celerrime-x"; # ugly
-    computerName = "cellerime on X"; # pretty
-  };
-
-  environment.shells = with pkgs; [ zsh ];
-  programs.zsh = {
-    enable = true;
-    promptInit = "";
-  };
-  users.users.ivabus.home = "/Users/ivabus";
-  users.users.ivabus.openssh.authorizedKeys.keys = [
-    # i should somehow reuse it from common/user.nix
-    # celerrime-x
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6HY6er37FUz2tPQnwq5SUQZ5KHmMpGQA5yNlxPOyoCV+uvdx/cU8KF7jlFoyBC9xf2FvNyB8H1MZ6t2eUs4m/pVMpoBbNSTZLSxlvv2n4HuxL2Sg3qPdioJOyxDfnXA4OIZ+Tc+z4zM3ZnPJm1ccGW7W+YPhZ7GhBpl5wlMw+m06dCt8wfdDA4fuf4brnLt1ZMs4aOtVM8u4ZEtMs3IVXVUgtRH5m0RXZ94s7RkrUHhl2UOkOclhkQOiQop9RuJMjpi+iYkDYCniuGCKcKPrmi1+qicKM8KyrYGqR7FkUvzr+H8XtJXu++Kvmjcn54jDYqM4sq/MNL2rf8QaIUGLwiq2ljH2dGamElvElWZoXQBGPp4L80IEbaMVISIcvcNj+8cKW3rPvEUK5iT8jCkIOUwm1oo70YawS5VXTPLDsZif12QduTcJhVJekEaP0ZSifO52zeJksj0adwiEMJPqm7bIk5Y+9dCbQH7PtkWY4Tw3bdGNsYnTXC80MeEfrIKE="
-
-    # Stella
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXWPxd1uVVxEARVezy0s0LZ9fC/Mif6s218oNWDyJNqZMnAiaMwwP/mGHqCy1OXFCb8/5Kv3AM+z6sxY4mIvyXhx3lPW841HoOlJxR+JQ50qgxon/oCXjKFVMZjFptRtexgQLhubhjyINagj7T/K6UjsfC9sIG5DUJdem0O8ZD/8EqvIrkeNGP52klJM3sR4vhXMNwOIPkukNOMq+OLXgAaCXRImc53N+Whi/tCaxxr/Nen5CVGo9raAekRKaiBLKvgboXYnxzNFxiecUe7mqPbyE2bcnJ+rDC7UlwrNYGyIQ/8POjQwbanFxT4UJhS5ib6/hSpia0eYaSiutBqU3fQcIXrmTQWOrGPdrUsLHw5xGMfwnPmoDFMYHdcchU0v6QijbrHrsqVV/bikWoQF4JT7PCwOejfVowOioPghvW2u34gTyMKPkueaMk0w8Jq45V0meneyN5SbobqZX3XFze4Uz3BN8nuiZB6pFRPv0eKLqEqX8+nST9uQDBkqKTvwE= ivabus@stella"
-
-    # Celerrime
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgZJjP2BRycxcR53sriaityzT24f+umMO8iz/xUvWRUJpgwA4WJyqgKwxuIhKYPUZ7e3H/vVPrt3ZqAaqoFM7OildtcXyRskwinuAxE6lhOEE69s1M3iqCXbrTM9YluMlrvf7yd4edInH0jdlCTwuZOY+yisrGU+nOpSSuJgcwlme2fv1pQtKgTQpqz1GflIaXm5415Do4okanNlfuAJXix7ic0PkaLN0gTtONqwJR1W3hkF8hnlHV49t8QvrJHgQptbVdDgd9f96+a6OL6y/6rixnEU23yuC29lWxSwrixwC0xY+/CjhMlDzXqvePG55vC4K5UQypKcvMOCLV/0z9s5m0ca5mvS9eqPDcUj2+9r7VFaL0IdZl4i7eG9JJSS4h/22Or7CdU9Dv0kiMYP3HLiihjS/lrQVEEYpEMr3DmhSnij5DeGZFmMRM2UN5ZqR7/QhkslhQg340ik6ZENjpxuQ9rQino5XRK52DoUiLHleKI/ibBHQ4LiREvX9muyM= ivabus@celerrime"
-  ];
-
-  home-manager.useGlobalPkgs = true;
-  home-manager.useUserPackages = true;
-  services.nix-daemon.enable = true;
-  nix.package = lib.mkForce pkgs.nix;
-  nix.settings.sandbox = lib.mkForce false;
-}
diff --git a/machines/effundam-x/default.nix b/machines/effundam-x/default.nix
deleted file mode 100644
index 2713d6d..0000000
--- a/machines/effundam-x/default.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{ pkgs, home, lib, ... }: {
-  # Cannot use "my" for a while. Need to adapt it not to be linux-only
-  imports = [ ../../common/base.nix ];
-
-  nixpkgs.config.allowUnfree = true;
-  environment.systemPackages = with pkgs; [
-    neofetch
-  ];
-
-  security.pam.enableSudoTouchIdAuth = true;
-
-  networking = {
-    hostName = "effundam-x"; # ugly
-    computerName = "effundam on X"; # pretty
-  };
-
-  /*
-  services.navidrome = {
-    enable = true;
-    settings = {
-      Port = 4544;
-      Address = "0.0.0.0";
-      MusicFolder = "/Users/ivabus/Music";
-    };
-  };*/
-
-  environment.shells = with pkgs; [ zsh ];
-  programs.zsh = {
-    enable = true;
-    promptInit = "";
-  };
-  users.users.ivabus.home = "/Users/ivabus";
-  users.users.ivabus.openssh.authorizedKeys.keys = [
-    # i should somehow reuse it from common/user.nix
-    # celerrime-x
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6HY6er37FUz2tPQnwq5SUQZ5KHmMpGQA5yNlxPOyoCV+uvdx/cU8KF7jlFoyBC9xf2FvNyB8H1MZ6t2eUs4m/pVMpoBbNSTZLSxlvv2n4HuxL2Sg3qPdioJOyxDfnXA4OIZ+Tc+z4zM3ZnPJm1ccGW7W+YPhZ7GhBpl5wlMw+m06dCt8wfdDA4fuf4brnLt1ZMs4aOtVM8u4ZEtMs3IVXVUgtRH5m0RXZ94s7RkrUHhl2UOkOclhkQOiQop9RuJMjpi+iYkDYCniuGCKcKPrmi1+qicKM8KyrYGqR7FkUvzr+H8XtJXu++Kvmjcn54jDYqM4sq/MNL2rf8QaIUGLwiq2ljH2dGamElvElWZoXQBGPp4L80IEbaMVISIcvcNj+8cKW3rPvEUK5iT8jCkIOUwm1oo70YawS5VXTPLDsZif12QduTcJhVJekEaP0ZSifO52zeJksj0adwiEMJPqm7bIk5Y+9dCbQH7PtkWY4Tw3bdGNsYnTXC80MeEfrIKE="
-
-    # Stella
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXWPxd1uVVxEARVezy0s0LZ9fC/Mif6s218oNWDyJNqZMnAiaMwwP/mGHqCy1OXFCb8/5Kv3AM+z6sxY4mIvyXhx3lPW841HoOlJxR+JQ50qgxon/oCXjKFVMZjFptRtexgQLhubhjyINagj7T/K6UjsfC9sIG5DUJdem0O8ZD/8EqvIrkeNGP52klJM3sR4vhXMNwOIPkukNOMq+OLXgAaCXRImc53N+Whi/tCaxxr/Nen5CVGo9raAekRKaiBLKvgboXYnxzNFxiecUe7mqPbyE2bcnJ+rDC7UlwrNYGyIQ/8POjQwbanFxT4UJhS5ib6/hSpia0eYaSiutBqU3fQcIXrmTQWOrGPdrUsLHw5xGMfwnPmoDFMYHdcchU0v6QijbrHrsqVV/bikWoQF4JT7PCwOejfVowOioPghvW2u34gTyMKPkueaMk0w8Jq45V0meneyN5SbobqZX3XFze4Uz3BN8nuiZB6pFRPv0eKLqEqX8+nST9uQDBkqKTvwE= ivabus@stella"
-
-    # Celerrime
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgZJjP2BRycxcR53sriaityzT24f+umMO8iz/xUvWRUJpgwA4WJyqgKwxuIhKYPUZ7e3H/vVPrt3ZqAaqoFM7OildtcXyRskwinuAxE6lhOEE69s1M3iqCXbrTM9YluMlrvf7yd4edInH0jdlCTwuZOY+yisrGU+nOpSSuJgcwlme2fv1pQtKgTQpqz1GflIaXm5415Do4okanNlfuAJXix7ic0PkaLN0gTtONqwJR1W3hkF8hnlHV49t8QvrJHgQptbVdDgd9f96+a6OL6y/6rixnEU23yuC29lWxSwrixwC0xY+/CjhMlDzXqvePG55vC4K5UQypKcvMOCLV/0z9s5m0ca5mvS9eqPDcUj2+9r7VFaL0IdZl4i7eG9JJSS4h/22Or7CdU9Dv0kiMYP3HLiihjS/lrQVEEYpEMr3DmhSnij5DeGZFmMRM2UN5ZqR7/QhkslhQg340ik6ZENjpxuQ9rQino5XRK52DoUiLHleKI/ibBHQ4LiREvX9muyM= ivabus@celerrime"
-  ];
-
-  home-manager.useGlobalPkgs = true;
-  home-manager.useUserPackages = true;
-
-  services.nix-daemon.enable = true;
-}
diff --git a/machines/rubusidaeus/default.nix b/machines/rubusidaeus/default.nix
index 306c0e5..ca0151b 100644
--- a/machines/rubusidaeus/default.nix
+++ b/machines/rubusidaeus/default.nix
@@ -85,7 +85,6 @@ in {
     };
   };
 
-
   hardware.enableRedistributableFirmware = true;
   system.stateVersion = "23.05";
 }