diff --git a/.envrc b/.envrc
index 75c0044..6a92ae0 100644
--- a/.envrc
+++ b/.envrc
@@ -9,11 +9,6 @@ if ! test -s .direnv/pull-date || test "$now" != "$(cat .direnv/pull-date)"; the
   git pull --rebase --autostash
   grep -q "^=======" flake.lock && { git reset flake.lock; rm flake.lock; }
   nix flake update
-  #nix flake lock \
-  #  --update-input nixpkgs \
-  #  --update-input unstable \
-  #  --update-input home-manager \
-  #  --update-input nixos-hardware
   echo "$now" > .direnv/pull-date
 fi
 
diff --git a/.remoteenv b/.remoteenv
index de5456b..52053e8 100644
--- a/.remoteenv
+++ b/.remoteenv
@@ -1,3 +1,4 @@
 #!/usr/bin/env bash
+export HOST_SHELL="$(command -v "$SHELL")"
 eval "$(nix print-dev-env .#remoteenv)"
-echo Entered $(hostname --fqdn)
+echo Entered "$(hostname --fqdn)"
diff --git a/base.nix b/base.nix
index 8a9ada9..d77c4a6 100644
--- a/base.nix
+++ b/base.nix
@@ -49,7 +49,7 @@
   nix.settings.trusted-users = [ "root" "@wheel" ];
   nix.settings.keep-derivations = true; # great with nix-diff
   nix.settings.auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
-  #nix.optimize.automatic = true;           # periodic optimization
+  #nix.optimize.automatic = true; # periodic optimization
   nix.gc.automatic = true;
   nix.gc.dates     = "weekly";
   nix.gc.options   = "--delete-older-than 15d";
diff --git a/flake.nix b/flake.nix
index 515b89a..3cad599 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,6 +4,7 @@
   inputs = {
     # https://github.com/nixos/nixpkgs
     nixpkgs-edge.url = "github:NixOS/nixpkgs/nixos-unstable"; # "edge" is four letters
+    nixpkgs-2405.url = "github:NixOS/nixpkgs/nixos-24.05";
     nixpkgs-2311.url = "github:NixOS/nixpkgs/nixos-23.11";
     nixpkgs-2305.url = "github:NixOS/nixpkgs/nixos-23.05";
     nixpkgs-2211.url = "github:NixOS/nixpkgs/nixos-22.11"; # for old docs
@@ -18,6 +19,8 @@
     # https://github.com/nix-community/home-manager
     home-manager-edge.url = "github:nix-community/home-manager/master";
     home-manager-edge.inputs.nixpkgs.follows = "nixpkgs-edge";
+    home-manager-2405.url = "github:nix-community/home-manager/release-24.05";
+    home-manager-2405.inputs.nixpkgs.follows = "nixpkgs-2405";
     home-manager-2311.url = "github:nix-community/home-manager/release-23.11";
     home-manager-2311.inputs.nixpkgs.follows = "nixpkgs-2311";
     home-manager-2305.url = "github:nix-community/home-manager/release-23.05";
@@ -35,8 +38,8 @@
     nixos-nspawn.flake = false; # we don't use it /shrug
 
     # https://github.com/wamserma/flake-programs-sqlite
-    flake-programs-sqlite-2311.url = "github:wamserma/flake-programs-sqlite";
-    flake-programs-sqlite-2311.inputs.nixpkgs.follows = "nixpkgs-2311";
+    #flake-programs-sqlite-2311.url = "github:wamserma/flake-programs-sqlite";
+    #flake-programs-sqlite-2311.inputs.nixpkgs.follows = "nixpkgs-2311";
 
     # https://github.com/nix-community/nixos-generators
     nixos-generators-2311.url = "github:nix-community/nixos-generators";
@@ -46,6 +49,8 @@
     sops-nix-edge.url = "github:Mic92/sops-nix";
     sops-nix-edge.inputs.nixpkgs.follows = "nixpkgs-edge";
     sops-nix-edge.inputs.nixpkgs-stable.follows = "nixpkgs-2311";
+    sops-nix-2405.url = "github:Mic92/sops-nix";
+    sops-nix-2405.inputs.nixpkgs.follows = "nixpkgs-2405";
     sops-nix-2311.url = "github:Mic92/sops-nix";
     sops-nix-2311.inputs.nixpkgs.follows = "nixpkgs-2311";
     sops-nix-2311.inputs.nixpkgs-stable.follows = "nixpkgs-2311";
@@ -105,9 +110,15 @@
       home-manager = inputs'.home-manager-edge;
       sops-nix = inputs'.sops-nix-edge;
     };
+    inputs-2405 = inputs' // {
+      nixpkgs = inputs'.nixpkgs-2405;
+      unstable = inputs'.nixpkgs-edge;
+      home-manager = inputs'.home-manager-2405;
+      sops-nix = inputs'.sops-nix-2405;
+    };
     inputs-2311 = inputs' // {
       nixpkgs = inputs'.nixpkgs-2311;
-      unstable = inputs'.nixpkgs-edge;
+      unstable = inputs'.nixpkgs-2405;
       home-manager = inputs'.home-manager-2311;
       sops-nix = inputs'.sops-nix-2311;
     };
@@ -162,8 +173,7 @@
       ] ++ modules ++ extra-modules;
       #++ inputs.flake-programs-sqlite.nixosModules.programs-sqlite; # TODO: make work
 
-      sops.defaultSopsFile = lib.mkIf (builtins.pathExists ./secrets/${hostname}.yaml)
-          ./secrets/${hostname}.yaml;
+      sops.defaultSopsFile = lib.mkIf (builtins.pathExists ./secrets/${hostname}.yaml) ./secrets/${hostname}.yaml;
       sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
       sops.age.keyFile = "/var/lib/sops-nix/key.txt";
       sops.age.generateKey = true;
@@ -192,18 +202,9 @@
       # and 'nix-shell -p hello' use the same channel as system was built with
       nix.registry.nixpkgs.flake = inputs.nixpkgs;
       nix.registry.nixpkgs-unstable.flake = inputs.unstable;
-      nix.registry.nixpkgs-git = {
-        from.id = "nixpkgs-git";
-        from.type = "indirect";
-        to.type = "github";
-        to.owner = "NixOS";
-        to.repo = "nixpkgs";
-        to.ref = "nixos-unstable-small";
-      };
       nix.nixPath = [
         "nixpkgs=${inputs.nixpkgs}"
         "nixpkgs-unstable=${inputs.unstable}"
-        "nixpkgs-git=github:NixOS/nixpkgs/refs/tags/nixos-unstable-small" # is this right?
       ];
     });
     mkConfig = extra-modules: domain: system: inputs: stateVersion: modules: hostname: inputs.nixpkgs.lib.nixosSystem {
@@ -280,7 +281,7 @@
       nord        = mk "pbsds.net" "x86_64-linux"  inputs-2311 "23.11" [ au intel-novga hw.common-cpu-intel-sandy-bridge rocm hidpi ];
       sopp        = mk "pbsds.net" "x86_64-linux"  inputs-2311 "23.11" [ au nixld intel cuda p1005 ];
       bjarte      = mk "pbsds.net" "x86_64-linux"  inputs-2311 "23.11" [    nixld intel hw.lenovo-thinkpad-x1-7th-gen ];
-      bolle       = mk "pbsds.net" "x86_64-linux"  inputs-2311 "23.11" [ au dns64 intel ];
+      bolle       = mk "pbsds.net" "x86_64-linux"  inputs-2405 "23.11" [ au dns64 intel ];
       eple        = mk "pbsds.net" "x86_64-linux"  inputs-2311 "23.11" [ au dns64 intel rocm ];
       garp        = mk "pbsds.net" "x86_64-linux"  inputs-2311 "23.11" [ au dns64 intel-novga cuda ];
       hasselknippe= mk "pbsds.net" "aarch64-linux" inputs-2311 "23.11" [    hw.pine64-pinebook-pro ];
diff --git a/profiles/auto-upgrade.nix b/profiles/auto-upgrade.nix
index 560b18b..c52b2f0 100644
--- a/profiles/auto-upgrade.nix
+++ b/profiles/auto-upgrade.nix
@@ -1,20 +1,29 @@
 { config, pkgs, lib, inputs, ... }:
+
+# TODO: make /etc/nixos a symlink to the in-store flake? - bad idea, horrible error recovery
+# TODO: make /etc/nixos a writeable checkout of repo?
+
 {
 
   system.autoUpgrade.enable = true;
   #system.autoUpgrade.allowReboot = true; # reboot after a kernel (module) or initrd upgrade, consider also setting `rebootWindow`
 
-  # TODO: make /etc/nixos a symlink to the in-store flake? - bad idea, horrible error recovery
-  # TODO: make /etc/nixos a writeable checkout of repo?
   environment.etc."current-system-flake".source = inputs.self; # the plan was to allow me to locate the new flake.lock, but alas https://github.com/NixOS/nix/issues/6895
 
-  system.autoUpgrade.flake = inputs.self.outPath; # a nix store path
+  #system.autoUpgrade.flake = inputs.self.outPath; # a nix store path
   #system.autoUpgrade.flake = "github:pbsds/nix-config"; # TODO: use this instead?
+  system.autoUpgrade.flake = "git+https://gitea.noximilien.pbsds.net/pbsds/config.git";
 
   system.autoUpgrade.flags = [
-    "--recreate-lock-file" # fetch new inputs
+    "-L" # print build logs
     "--no-write-lock-file" # no write new flakelock, as the in-store flake is read-only
-    "-L"                   # print build logs
+    # fetch new inputs
+    #"--recreate-lock-file" # update all
+    "--update-input" "nixpkgs-edge" "--update-input" "home-manager-edge"
+    "--update-input" "nixpkgs-2405" "--update-input" "home-manager-2405"
+    "--update-input" "nixpkgs-2311" "--update-input" "home-manager-2311"
+    "--update-input" "nix-index-database"
+    "--update-input" "nixos-hardware"
   ];
 
 }
diff --git a/users/pbsds/home/default.nix b/users/pbsds/home/default.nix
index 611ed71..ba6a4e8 100644
--- a/users/pbsds/home/default.nix
+++ b/users/pbsds/home/default.nix
@@ -138,6 +138,8 @@
     denix = "sed -E 's@/nix/store/[^ /]+@@g'";
   };
 
+  home.enableNixpkgsReleaseCheck = true;
+
   xdg.enable = true;
   #TODO: xdg.desktopEntries
 
diff --git a/users/pbsds/home/profiles/git.nix b/users/pbsds/home/profiles/git.nix
index e37f919..a55c46c 100644
--- a/users/pbsds/home/profiles/git.nix
+++ b/users/pbsds/home/profiles/git.nix
@@ -43,6 +43,7 @@
     "result-lib"
     "__pycache__"
     "*.pyc"
+    #".envrc"
   ];
   programs.git.iniContent.init.defaultBranch = "main";
 
diff --git a/users/pbsds/home/profiles/shell.nix b/users/pbsds/home/profiles/shell.nix
index 5fb050c..4288a8d 100644
--- a/users/pbsds/home/profiles/shell.nix
+++ b/users/pbsds/home/profiles/shell.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 {
   # TODO: "bind -s 'set completion-ignore-case on'"
   programs.bash.enable = true;
@@ -39,7 +39,7 @@
   programs.fzf.enable = true; # TODO: does this conflict with system-wide setup?
 
   programs.eza.enable = true;
-  programs.eza.enableAliases = true;
+  programs.eza.enableAliases = lib.mkIf (lib.versionOlder config.home.version.release "24.05") true;
 
   #programs.zoxide.enable = true;
   #programs.zoxide.options = [ "--cmd cd --cmd dc" ];
@@ -56,7 +56,6 @@
   programs.tealdeer.enable = true;
   programs.tealdeer.settings.updates.auto_update = true;
 
-
   # just use ncdu lol
   home.shellAliases.dush = "du -shc * | sort -h";
   home.shellAliases.dushd = "du -shc * .[!.]?* | sort -h";