diff --git a/flake.lock b/flake.lock
index 061d91c..1c6e92c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -302,22 +302,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-for-kernel": {
-      "locked": {
-        "lastModified": 1708680708,
-        "narHash": "sha256-K2SxCGk13nLOFMeNG1RjzFDrh513VtzFzFhp0NsnJRY=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "593000b7d1e21cd84c7ecd965a64916b0982b202",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "593000b7d1e21cd84c7ecd965a64916b0982b202",
-        "type": "github"
-      }
-    },
     "nixpkgs-stable": {
       "locked": {
         "lastModified": 1711460390,
@@ -376,7 +360,6 @@
         "home-manager": "home-manager_2",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs_2",
-        "nixpkgs-for-kernel": "nixpkgs-for-kernel",
         "nur": "nur",
         "srvos": "srvos"
       }
diff --git a/flake.nix b/flake.nix
index 1df1785..7be1bff 100644
--- a/flake.nix
+++ b/flake.nix
@@ -11,8 +11,6 @@
     flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
 
     nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
-    # contains kernel 6.7.5, do not update
-    nixpkgs-for-kernel.url = "github:NixOS/nixpkgs/593000b7d1e21cd84c7ecd965a64916b0982b202";
 
     nixos-hardware.url = "github:NixOS/nixos-hardware";
     nur.url = "github:nix-community/NUR";
diff --git a/hosts/epyc.nix b/hosts/epyc.nix
index 3c48294..593bebc 100644
--- a/hosts/epyc.nix
+++ b/hosts/epyc.nix
@@ -2,9 +2,6 @@
 let
   gcc-system-features = arch: lib.optionals (arch != null) ([ "gccarch-${arch}" ]
   ++ map (x: "gccarch-${x}") lib.systems.architectures.inferiors.${arch});
-  pkgsForKernel = import inputs.nixpkgs-for-kernel {
-    system = "x86_64-linux";
-  };
 in
 {
   imports = [
@@ -12,7 +9,6 @@ in
     ../modules/hardware/supermicro-H12SSL-i.nix
     ../modules/iperf-server.nix
     ../modules/hypervisor.nix
-    ../modules/hydra/coordinator.nix
     ../modules/android-cache.nix
     ../modules/garage.nix
     ../modules/users/friends.nix
@@ -21,17 +17,13 @@ in
 
   networking.hostName = "epyc";
 
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "epyc@lahfa.xyz";
+
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  virtualisation.docker = {
-    enable = true;
-    rootless.enable = true;
-  };
-
-  # TODO: there's a critical bug on 6.8+ where btrfs won't mount the rootfs at all.
-  # Do not upgrade until it is fixed. Ping Raito when needed.
-  boot.kernelPackages = pkgsForKernel.linuxPackages_6_7;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
 
   # Open public access to our PostgreSQL.
   services.postgresql.enable = true;
diff --git a/modules/buildbot/default.nix b/modules/buildbot/default.nix
index 99c7387..7e83eb3 100644
--- a/modules/buildbot/default.nix
+++ b/modules/buildbot/default.nix
@@ -34,7 +34,6 @@ in
       pkgs.gh
       pkgs.nix
       pkgs.nix-output-monitor
-      inputs.attic.packages.x86_64-linux.attic
     ];
     environment.PYTHONPATH = "${python.withPackages (_: [package])}/${python.sitePackages}";
     environment.MASTER_URL = ''TCP:2a01\\:e34\\:ec2a\\:8e60\\:8ec7\\:b5d2\\:f663\\:a67a:9989'';
diff --git a/modules/hardware/supermicro-H12SSL-i.nix b/modules/hardware/supermicro-H12SSL-i.nix
index 68ffc38..b9a896f 100644
--- a/modules/hardware/supermicro-H12SSL-i.nix
+++ b/modules/hardware/supermicro-H12SSL-i.nix
@@ -14,33 +14,43 @@
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
-  boot.initrd.extraUtilsCommands = ''
-    copy_bin_and_libs ${pkgs.nvme-cli}/bin/nvme
-    copy_bin_and_libs ${pkgs.util-linux}/bin/blkzone
-    copy_bin_and_libs ${pkgs.util-linux}/bin/lsblk
-  '';
+  boot.initrd.services.lvm.enable = true;
+  boot.initrd.systemd.enable = true;
 
-  boot.initrd.systemd.enable = lib.mkForce false;
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/3a81ba8f-f5bb-446c-89a3-ad77e354dae0";
-      fsType = "btrfs";
+  fileSystems."/experiments" =
+    { device = "/dev/disk/by-uuid/40ef7d25-91c5-41e4-a40f-b0fb93658ffe";
+      fsType = "ext4";
     };
 
-  boot.initrd.luks.devices."nixroot" = {
-   device = "/dev/disk/by-uuid/c10d2822-cb83-4666-98f8-0aa04be259bc";
-   keyFile = "/dev/zero";
-   keyFileSize = 1;
-  };
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/53cc33a3-1488-44c4-8f5d-a2bc67914274";
+      fsType = "xfs";
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/cee7b903-53f6-4967-b95d-654d34ccd460";
+      fsType = "xfs";
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/5625935d-579b-41e4-be35-03df8437bc2c";
+      fsType = "xfs";
+    };
+
+  fileSystems."/var" =
+    { device = "/dev/disk/by-uuid/33bf7f4e-37f5-4121-84ac-70d06964ea21";
+      fsType = "xfs";
+    };
 
   fileSystems."/boot" =
     { device = "/dev/disk/by-uuid/AFF2-3149";
       fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
     };
 
   swapDevices =
     [ { device = "/dev/disk/by-uuid/93e251e1-1bfc-4bd4-8585-ea2eae7795bf"; }
-  ];
+    ];
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
diff --git a/modules/packages.nix b/modules/packages.nix
index 46b2825..1aecc12 100644
--- a/modules/packages.nix
+++ b/modules/packages.nix
@@ -6,7 +6,6 @@
     whois
 
     nix-output-monitor
-    inputs.attic.packages.x86_64-linux.attic
     jq
     psmisc
     libarchive