diff --git a/README.md b/README.md
index 8797600..3dc0cf9 100755
--- a/README.md
+++ b/README.md
@@ -12,17 +12,10 @@ run `rg /etc/secrets/` to see where you need to add secret files when deploying
 
 unfortunately, as a consequence of this secret method, you need to do impure builds
 
-## hosts
-
-each host should have these files:
-
-  - `default.nix`, contains everything relating to the basic system
-  - `hardware.nix`, hardware-specific configuration
-  - `meta.nix`, extra things passed thru to `mkHost`
-
 ## todo
 
   - find a better way to do cloudflare ips
+  - per-host architecture selection, atm it is hardcoded to `aarch64`
   - swap back to hardened kernel
   - wtaf is going on w/ our user management??
   - Jellyfin... yea,,,
diff --git a/flake.lock b/flake.lock
index 921ec4f..3d21d9c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -21,7 +21,7 @@
     },
     "flake-utils": {
       "inputs": {
-        "systems": "systems_3"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1681202837,
@@ -124,7 +124,6 @@
         "hardware": "hardware",
         "home-manager": "home-manager",
         "nixpkgs": "nixpkgs_2",
-        "systems": "systems_2",
         "vscode-server": "vscode-server"
       }
     },
@@ -144,21 +143,6 @@
       }
     },
     "systems_2": {
-      "locked": {
-        "lastModified": 1689347949,
-        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "type": "github"
-      }
-    },
-    "systems_3": {
       "locked": {
         "lastModified": 1681028828,
         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
diff --git a/flake.nix b/flake.nix
index 326f4cd..ee33fb5 100755
--- a/flake.nix
+++ b/flake.nix
@@ -3,7 +3,6 @@
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    systems.url = "github:nix-systems/default-linux";
 
     home-manager.url = "github:nix-community/home-manager";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
@@ -15,50 +14,41 @@
     vscode-server.url = "github:nix-community/nixos-vscode-server";
   };
 
-  outputs = inputs @ { self, nixpkgs, systems, ... }:
+  outputs = inputs @ { self, nixpkgs, ... }:
     let
       inherit (lib.my) mapModules mapModulesRec mapHosts;
-      eachSystem = nixpkgs.lib.genAttrs (import systems);
+      system = "aarch64-linux";
 
-      lib = nixpkgs.lib.extend (final: prev: {
-        my = import ./lib {
-          inherit inputs;
-          lib = final;
-          pkgs = null;
-        };
-      });
-
-      mkPkgs = system: pkgs: extraOverlays:
+      mkPkgs = pkgs: extraOverlays:
         import pkgs {
           inherit system;
           config.allowUnfree = true;
           config.allowAliases = true;
           overlays = extraOverlays ++ (lib.attrValues self.overlays);
         };
+      pkgs = mkPkgs nixpkgs [ self.overlays.default ];
 
-      pkgsFor = eachSystem (system:
-        mkPkgs system nixpkgs [
-          self.overlays.default
-          inputs.niri.overlays.niri
-        ]
-      );
+      lib = nixpkgs.lib.extend (final: prev: {
+        my = import ./lib {
+          inherit pkgs inputs;
+          lib = final;
+        };
+      });
     in {
       lib = lib.my;
 
-      overlays = (mapModules ./overlays import) // {
-        default = final: prev: {
-          my = self.packages.${final.stdenv.hostPlatform.system};
+      overlays =
+        (mapModules ./overlays import)
+        // {
+          default = final: prev: {
+            my = self.packages.${system};
+          };
         };
-      };
 
-      packages = eachSystem (system: let
-        pkgs = pkgsFor.${system};
-      in
-        mapModules ./packages (p: pkgs.callPackage p {})
-      );
+      packages."${system}" = mapModules ./packages (p: pkgs.callPackage p {});
 
       nixosModules = mapModulesRec ./modules import;
 
-      nixosConfigurations = mapHosts ./hosts { inherit pkgsFor; };
+      nixosConfigurations = mapHosts ./hosts {};
     };
 }
diff --git a/hosts/nixos-server-reid/hardware.nix b/hosts/nixos-server-reid/hardware.nix
index cca53b4..bfaaec9 100755
--- a/hosts/nixos-server-reid/hardware.nix
+++ b/hosts/nixos-server-reid/hardware.nix
@@ -25,7 +25,7 @@
 
   # needed for initial framebuffer logs to appear on raspberry pi
   # i think. this fixes it but idk if they are all required
-  boot.kernelParams = [
+  boot.kernelParams = [ 
     "8250.nr_uarts=1"
     "cma=128M"
     "console=tty0"
@@ -44,4 +44,6 @@
   networking.useDHCP = lib.mkDefault true;
   # networking.interfaces.end0.useDHCP = lib.mkDefault true;
   # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
 }
diff --git a/hosts/nixos-server-reid/meta.nix b/hosts/nixos-server-reid/meta.nix
deleted file mode 100644
index 38187ab..0000000
--- a/hosts/nixos-server-reid/meta.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  system = "aarch64-linux";
-}
diff --git a/lib/attrs.nix b/lib/attrs.nix
index 4c2d488..e5890b4 100644
--- a/lib/attrs.nix
+++ b/lib/attrs.nix
@@ -4,7 +4,7 @@
 in rec {
   # attrsToList
   attrsToList = attrs:
-    mapAttrsToList (name: value: { inherit name value; }) attrs;
+    mapAttrsToList (name: value: {inherit name value;}) attrs;
 
   # mapFilterAttrs ::
   #   (name -> value -> bool)
diff --git a/lib/nixos.nix b/lib/nixos.nix
index af1c8c1..e39e809 100755
--- a/lib/nixos.nix
+++ b/lib/nixos.nix
@@ -1,42 +1,35 @@
 {
   inputs,
   lib,
+  pkgs,
   self,
   ...
 }: let
   inherit (inputs.nixpkgs.lib) nixosSystem;
+  inherit (builtins) baseNameOf elem;
+  inherit (lib.attrsets) filterAttrs;
   inherit (lib.modules) mkDefault;
   inherit (lib.strings) removeSuffix;
   inherit (self.modules) mapModules;
 in rec {
-  mkHost = path: {
-    system,
-    pkgsFor,
-    ...
-  }:
+  mkHost = path: attrs @ {system ? "aarch64-linux", ...}:
     nixosSystem {
       inherit system;
 
-      specialArgs = { inherit lib inputs system; };
+      specialArgs = {inherit lib inputs system;};
 
       modules = [
         {
-          nixpkgs.pkgs = pkgsFor.${system};
-          nixpkgs.hostPlatform = lib.mkDefault system;
+          nixpkgs.pkgs = pkgs;
           networking.hostName =
             mkDefault (removeSuffix ".nix" (baseNameOf path));
         }
+        (filterAttrs (n: v: !elem n ["system"]) attrs)
         ../. # /default.nix
         (import path)
       ];
     };
 
-  mapHosts = dir: attrs:
-    mapModules dir (hostPath:
-      let
-        metaPath = "${hostPath}/meta.nix";
-        meta = import metaPath;
-      in
-        mkHost hostPath (attrs // meta)
-      );
+  mapHosts = dir: attrs @ {system ? system, ...}:
+    mapModules dir (hostPath: mkHost hostPath attrs);
 }
diff --git a/lib/options.nix b/lib/options.nix
deleted file mode 100644
index 98579ea..0000000
--- a/lib/options.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{lib, ...}: let
-  inherit (lib.options) mkOption;
-in {
-  mkOpt = type: default: mkOption { inherit type default; };
-
-  mkOpt' = type: default: description: mkOption { inherit type default description; };
-}
diff --git a/modules/security.nix b/modules/security.nix
index c951fb9..8cd180b 100755
--- a/modules/security.nix
+++ b/modules/security.nix
@@ -59,8 +59,6 @@ in {
 
     # while this is on by default, i am going to explicitly specify this
     networking.firewall.enable = true;
-
-    services.fwupd.enable = true;
   } // (mkIf cfg.useDoas {
     security.sudo.enable = false;
     security.doas.enable = true;