diff --git a/hosts/algiz/default.nix b/hosts/algiz/default.nix
index 40f1f78..2f8279f 100644
--- a/hosts/algiz/default.nix
+++ b/hosts/algiz/default.nix
@@ -1,17 +1,14 @@
-{ enabled, ... }:
+{
+  enabled,
+  enableAttrs,
+  pipeList,
+  ...
+}:
 {
   oizys = {
-    languages = [
-      "nim"
-      "node" # for docker langservers
-      "python"
-      "nushell"
-    ];
     rune.motd = enabled;
-    docker = enabled;
-    backups = enabled;
-    nix-ld = enabled;
-  };
+    languages = "nim|node|python|nushell" |> pipeList;
+  } // ("docker|backups|nix-ld" |> pipeList |> enableAttrs);
 
   services.restic.backups.gdrive = {
     # directories created by gitea and soft-serve aren't world readable
@@ -27,15 +24,6 @@
     ];
   };
 
-  security.sudo.wheelNeedsPassword = false;
-
-  users.users = {
-    daylin = {
-      extraGroups = [ "docker" ];
-    };
-
-    git = {
-      isNormalUser = true;
-    };
-  };
+  # git user handles the forgjo ssh authentication
+  users.users.git.isNormalUser = true;
 }
diff --git a/hosts/algiz/system.nix b/hosts/algiz/system.nix
index f028554..a20877a 100644
--- a/hosts/algiz/system.nix
+++ b/hosts/algiz/system.nix
@@ -1,9 +1,10 @@
 { enabled, ... }:
 {
+
+  security.sudo.wheelNeedsPassword = false;
   services.resolved = enabled;
 
-  services.fail2ban = {
-    enable = true;
+  services.fail2ban = enabled // {
     maxretry = 5;
     bantime = "24h";
   };
@@ -26,8 +27,9 @@
   # users.mutableUsers = false;
 
   # Use the GRUB 2 boot loader.
-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+  boot.loader.grub = enabled // {
+    device = "/dev/sda"; # or "nodev" for efi only
+  };
 
   # don't delete this you foo bar
   system.stateVersion = "23.11"; # Did you read the comment?
diff --git a/hosts/mannaz/default.nix b/hosts/mannaz/default.nix
index cdddcf8..dee4421 100644
--- a/hosts/mannaz/default.nix
+++ b/hosts/mannaz/default.nix
@@ -4,14 +4,13 @@
     desktop = enabled;
     nix-ld = enabled;
     rune.motd = enabled;
+    docker = enabled;
   };
 
   # Enable the X11 windowing system.
-  services.xserver = {
-    enable = true;
-    displayManager.startx.enable = true;
-    windowManager.qtile.enable = true;
+  services.xserver = enabled // {
+    displayManager.startx = enabled;
+    windowManager.qtile = enabled;
   };
 
-  users.users.daylin.extraGroups = [ "docker" ];
 }
diff --git a/hosts/othalan/default.nix b/hosts/othalan/default.nix
index ade5b61..7152689 100644
--- a/hosts/othalan/default.nix
+++ b/hosts/othalan/default.nix
@@ -1,39 +1,17 @@
-{ enabled, config, ... }:
+{
+  lib,
+  config,
+  enabled,
+  enableAttrs,
+  pipeList,
+  ...
+}:
 {
   oizys = {
-    vpn = enabled;
-    desktop = enabled;
-    hyprland = enabled;
-    chrome = enabled;
-    docker = enabled;
     nix-ld = enabled // {
       overkill = enabled;
     };
-    vbox = enabled;
-    backups = enabled;
-    hp-scanner = enabled;
-    languages = [
-      "misc"
-      "nim"
-      "node"
-      "nushell"
-      "python"
-      "roc"
-      "tex"
-      "zig"
-    ];
-    llm = enabled;
-  };
+    languages = "misc|nim|node|nushell|python|roc|tex|zig" |> pipeList;
+  } // ("vpn|desktop|hyprland|chrome|docker|vbox|backups|hp-scanner|llm" |> pipeList |> enableAttrs);
 
-  services.restic.backups.gdrive = {
-    user = "daylin";
-    repository = "rclone:g:archives/othalan";
-    passwordFile = "/home/daylin/.config/restic/othalan-pass";
-    paths = [
-      "/home/daylin/stuff/"
-      "/home/daylin/dev/"
-    ];
-  };
-
-  users.users.${config.oizys.user}.extraGroups = [ "audio" ];
 }
diff --git a/hosts/othalan/services.nix b/hosts/othalan/services.nix
index a6392fc..f7ba100 100644
--- a/hosts/othalan/services.nix
+++ b/hosts/othalan/services.nix
@@ -3,6 +3,16 @@ let
   notes-git = ''${pkgs.git}/bin/git -C /home/daylin/stuff/notes'';
 in
 {
+  services.restic.backups.gdrive = {
+    user = "daylin";
+    repository = "rclone:g:archives/othalan";
+    passwordFile = "/home/daylin/.config/restic/othalan-pass";
+    paths = [
+      "/home/daylin/stuff/"
+      "/home/daylin/dev/"
+    ];
+  };
+
   systemd.services.notes-bot = {
     description = "auto commit changes to notes";
     serviceConfig = {
diff --git a/hosts/othalan/system.nix b/hosts/othalan/system.nix
index 97997cd..4d1af6b 100644
--- a/hosts/othalan/system.nix
+++ b/hosts/othalan/system.nix
@@ -1,4 +1,9 @@
-{ pkgs, enabled, ... }:
+{
+  config,
+  pkgs,
+  enabled,
+  ...
+}:
 {
   networking.networkmanager = enabled;
   services.fwupd = enabled;
@@ -21,7 +26,7 @@
       support32Bit = true;
     };
   };
-
+  users.users.${config.oizys.user}.extraGroups = [ "audio" ];
   environment.systemPackages = with pkgs; [ pamixer ];
 
   # catppuccin/tty move to "module"
diff --git a/lib/extended.nix b/lib/extended.nix
index 8d1d7db..a69a425 100644
--- a/lib/extended.nix
+++ b/lib/extended.nix
@@ -1,6 +1,11 @@
 inputs: final: prev:
 let
-  inherit (builtins) listToAttrs substring filter;
+  inherit (builtins)
+    listToAttrs
+    substring
+    filter
+    replaceStrings
+    ;
   inherit (final)
     concatStringsSep
     hasSuffix
@@ -8,6 +13,7 @@ let
     mkIf
     mkOption
     types
+    splitString
     ;
   inherit (final.filesystem) listFilesRecursive;
 in
@@ -20,6 +26,9 @@ let
     enable = false;
   };
 
+  # "opt1|opt2" |> pipeList -> ["opt1" "opt2"]
+  pipeList = s: s |> replaceStrings [ "\n" ] [ "|" ] |> splitString "|" |> filter (s': s' != "");
+
   # ["a" "b"] -> {a.enable = true; b.enable = true;}
   enableAttrs =
     attrs:
@@ -70,11 +79,9 @@ let
   isNixFile = p: p |> hasSuffix ".nix";
   isDefaultNixFile = p: p |> hasSuffix "default.nix";
   # filterNotDefaultNixFile = paths: filter (p: !(isDefaultNixFile p) && (isNixFile p)) paths;
-  filterNotDefaultNixFile = paths: 
-    paths |> filter (p: !(isDefaultNixFile p) && (isNixFile p));
+  filterNotDefaultNixFile = paths: paths |> filter (p: !(isDefaultNixFile p) && (isNixFile p));
   # listNixFilesRecursive = dir: filterNotDefaultNixFile (listFilesRecursive dir);
-  listNixFilesRecursive = dir:
-    dir |> listFilesRecursive |> filterNotDefaultNixFile;
+  listNixFilesRecursive = dir: dir |> listFilesRecursive |> filterNotDefaultNixFile;
 
   # defaultLinuxPackage = flake: flake.packages.x86_64-linux.default;
   # defaultPackageGeneric = system: flake: "${flake}.packages.${system}.default";
@@ -87,9 +94,6 @@ let
     pkg = pkgFromSystem system;
   };
 
-  functional = {
-    filterF = list: f: builtins.filter f list;
-  };
 in
 {
   inherit
@@ -108,6 +112,6 @@ in
     pkgFromSystem
     overlayFrom
     flakeFromSystem
-    functional
+    pipeList
     ;
 }
diff --git a/lib/generators.nix b/lib/generators.nix
index 7cec610..73024bc 100644
--- a/lib/generators.nix
+++ b/lib/generators.nix
@@ -14,6 +14,7 @@ let
     enableAttrs
     isNixFile
     flakeFromSystem
+    pipeList
     ;
   inherit (lib.filesystem) listFilesRecursive;
 
@@ -58,6 +59,7 @@ let
         inherit
           mkDefaultOizysModule
           mkOizysModule
+          pipeList
           enableAttrs
           hostName
           flake