diff --git a/Justfile b/Justfile
index 18b7c37..e26cd24 100755
--- a/Justfile
+++ b/Justfile
@@ -6,9 +6,14 @@ _device action dir +moreargs="":
 	set -ex
 	sudo $(set -x; nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A {{action}} --argstr dir {{dir}} {{moreargs}})
 
-_rebuild-device dir rebuildarg="dry-activate" +moreargs="":
+_render_templates:
 	#!/usr/bin/env bash
+	set -ex
 	nix/scripts/pre-eval-fixed.sh nix/home-manager/profiles/dotfiles/vcsh{.tmpl,}.nix
+
+_rebuild-device dir rebuildarg="dry-activate" +moreargs="": _render_templates
+	#!/usr/bin/env bash
+	set -ex
 	just -v _device rebuild {{dir}} --argstr rebuildarg {{rebuildarg}} {{moreargs}}
 
 # Rebulid this device's NixOS
@@ -73,29 +78,9 @@ hm-iterate-qtile:
 	wait $!
 	kill ${XEPHYR_PID}
 
-# Sorry, this is a manual step for now. Please see nix/os/modules/encryptedDisk.nix for the layout
-disk-prepare:
-	echo NOT IMPLEMENTED
-	# GPT partition table
-	# part1: size: 1MiB 	type: 4 BIOS BOOT
-	# part2: size: 512MiB label: 2-DISKID		(36 char limit?)
-	# part3: size: * 			label: 3-DISKID		(36 char limit?)
-	# cryptsetup format part3
-	# vgcreate DISKID part3
-	# lvcreate DISKID -L 8G -n swap
-	# lvcreate DISKID -l 100%FREE -n root
-	# sudo mkfs.vfat -F32 part2
-	# sudo mkfs.btrfs /dev/DISKID/root
-	# sudo mkswap /dev/DISKID/swap
-	# sudo mount /dev/DISKID/root /mnt
-	# sudo btrfs subvolume create nixos
-	# sudo btrfs subvolume create home
-	# sudo mount /dev/disk/by-partlabel/3-DISKID /mnt/DISKID-root
-	# pushd /dev/disk/by-partlabel/3-DISKID /mnt/DISKID-root
-	# sudo btrfs subvolume create nixos
-	# sudo mkdir nixos/{boot,home}
-	# sudo btrfs subvolume create home
-	# 
+# !!! DANGERIOUS !!! This wipes the disk which is configured for the given device.
+disk-prepare dir:
+	just -v _device diskPrepare {{dir}} --argstr rebuildarg "dummy"
 
 # Mount the target disk specified by device configuration directory. The 'dir' argument points to a device configuration, e.g. 'nix/os/devices/steveej-live-mmc-SL32G_0x259093f6'
 disk-mount dir:
@@ -105,6 +90,6 @@ disk-mount dir:
 disk-umount dir:
 	just -v _device diskUmount {{dir}} --argstr rebuildarg "dummy"
 
-# Perform an offline installation on the mounted the target disk, specified by device configuration directory
-disk-install dir:
+# Perform an offline installation on the mounted target disk, specified by device configuration directory
+disk-install dir: _render_templates
 	just -v _device diskInstall {{dir}} --argstr rebuildarg "dummy"
diff --git a/README.md b/README.md
index 69a5680..0e2c277 100644
--- a/README.md
+++ b/README.md
@@ -9,34 +9,32 @@ In the unlikely case that you actually read this and have any questions please d
 - All graphical systems (incl. install media) must have
   - [x] Full-disk encryption by default
   - [x] Yubikey support with SSH auth
-- [ ] Migrate all devices to new structure
+- [x] Migrate all devices to new structure
   - [x] Encrypted Install media
   - [x] steveej-laptop
-  - [ ] steveej-laptop-work
+  - [x] steveej-laptop-work
 - [ ] Migrate home environment to new structure
   - [x] home-manager
   - [x] pkgs-configuration
   - [ ] development environments
 - [ ] (Semi-) automatic synchronization of important repositories
-  - [ ] Modification strategy
-  - [ ] dotfiles
+  - [x] Modification strategy
+  - [x] dotfiles
   - [ ] password-store
   - [ ] this repo
-- [ ] Toplevel Justfile for simple actions
+- [x] Toplevel Justfile for simple actions
   - [x] mount/umount disks
   - [x] install to mounted disk
   - [x] rebuild running system
   - [x] update running system
   - [x] annotate recipes with some documentation
   - [x] declare shell.nix with runtime deps
-  - [ ] partition/encrypt/format disks
+  - [x] partition/encrypt/format disks
 - [ ] Document bootstrap process
   - [ ] a new machine
   - [ ] an install media
 - [ ] Design disaster recovery
-- [ ] Automatic backups
-  - [ ] tracked dotfiles
-  - [ ] detect new and untracked dotfiles?
+- [ ] Automatic synchronization of other state files - see https://gitlab.com/steveeJ/nix-expressions/issues/2
 - [ ] Recycle *\_archived*
 - [ ] Maybe make this a nix-overlay
 
diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix
index 701971c..967d92b 100644
--- a/nix/home-manager/configuration/graphical-fullblown.nix
+++ b/nix/home-manager/configuration/graphical-fullblown.nix
@@ -196,6 +196,7 @@ in {
       wireshark
 
       # Code Editors
+      unstablepkgs.atom
       xclip
       xsel
       unstablepkgs.vscode
@@ -214,8 +215,6 @@ in {
       #   ];
       # })
 
-      unstablepkgs.atom
-
       # Image/Graphic/Design Tools
       gnome3.eog
       gimp
diff --git a/nix/home-manager/configuration/graphical-removable.nix b/nix/home-manager/configuration/graphical-removable.nix
index 2396faa..aade69f 100644
--- a/nix/home-manager/configuration/graphical-removable.nix
+++ b/nix/home-manager/configuration/graphical-removable.nix
@@ -124,7 +124,7 @@ in {
       cdrtools
 
       # Document Processing and Management
-      unstablepkgs.zathura
+      zathura
 
       # File Synchronzation
       rsync
diff --git a/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix b/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix
index fe99c8d..16a5d80 100644
--- a/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix
+++ b/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix
@@ -27,7 +27,7 @@ in pkgs.writeScript "activation-script" ''
 
     if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then
       echo Cloning dotfiles for $HOST...
-      ${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} 
+      ${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} dotfiles
       set_remotes ${repoHttps} ${repoSsh}
     else
       set_remotes ${repoBareLocal} ${repoSsh}
diff --git a/nix/os/devices/default.nix b/nix/os/devices/default.nix
index 7c620af..aef8f58 100644
--- a/nix/os/devices/default.nix
+++ b/nix/os/devices/default.nix
@@ -1,21 +1,22 @@
 { pkgs ? import <nixpkgs> {}
+, ownLib ? import ../lib/default.nix { }
 , dir
 , rebuildarg
 , moreargs ? ""
+, diskId ? (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.encryptedDisk.diskId
+, gitRoot ? "$(git rev-parse --show-toplevel)"
 }:
 
 let
-  diskId = (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.encryptedDisk.diskId;
-  GIT_ROOT=''''$(git rev-parse --show-toplevel)'';
+  mntRootVol="/mnt/${diskId}-root";
 
-in {
+in rec {
   rebuild = pkgs.writeScript "script" ''
     #!/usr/bin/env bash
     set -xe
 
-    pushd ${GIT_ROOT}/${dir}
+    pushd ${gitRoot}/${dir}
     export NIXOS_CONFIG="$PWD"/configuration.nix
-    export INSTALL_ROOT="/mnt/$ID-root"
 
     [[ -e "''${NIXOS_CONFIG}" ]]
 
@@ -28,39 +29,106 @@ in {
   diskMount = pkgs.writeScript "script" ''
     #!/usr/bin/env bash
     set -xe
-    ID=${diskId}
-    echo Mounting $ID
-    set -xe
-    cryptsetup luksOpen /dev/disk/by-id/$ID-part3 $ID-part3
-    vgchange -ay $ID
-    mkdir -p /mnt/$ID-root
-    mount /dev/$ID/root /mnt/$ID-root -o subvol=nixos
-    mount /dev/$ID/root /mnt/$ID-root/home -o subvol=home
-    mount /dev/disk/by-id/$ID-part2 /mnt/$ID-root/boot
+    echo Mounting ${diskId}
+    cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
+    vgchange -ay ${ownLib.disk.volumeGroup diskId}
+    mkdir -p /mnt
+    mkdir ${mntRootVol}
+    mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}
+    mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}/nixos/home -o subvol=home
+    mount ${ownLib.disk.bootFsDevice diskId} ${mntRootVol}/nixos/boot
   '';
 
   diskUmount = pkgs.writeScript "script" ''
     #!/usr/bin/env bash
     set -xe
-      ID=${diskId}
-    umount -R /mnt/$ID-root
-    rmdir /mnt/$ID-root
-    vgchange -an $ID
-    cryptsetup luksClose $ID-part3
+    umount -R ${mntRootVol}
+    rmdir ${mntRootVol}
+    vgchange -an ${ownLib.disk.volumeGroup diskId}
+    cryptsetup luksClose ${ownLib.disk.luksName diskId}
     sync
   '';
 
   diskInstall = pkgs.writeScript "script" ''
     #!/usr/bin/env bash
     set -xe
-    ID=${diskId}
-    pushd ${GIT_ROOT}/${dir}
+    pushd ${gitRoot}/${dir}
     export NIXOS_CONFIG="$PWD"/configuration.nix
-    export INSTALL_ROOT="/mnt/$ID-root"
 
     [[ -e "''${NIXOS_CONFIG}" ]]
-    [[ -e "''${INSTALL_ROOT}" ]]
+    [[ -e "${mntRootVol}/nixos" ]]
 
-    nixos-install --max-jobs 5 --cores 4  --no-channel-copy --no-root-passwd --root "''${INSTALL_ROOT}"
+    nixos-install --max-jobs 5 --cores 4  --no-root-passwd --root ${mntRootVol}/nixos
+  '';
+
+  diskPrepare = pkgs.writeScript "script" ''
+    #!/usr/bin/env bash
+    set -xe
+
+    read -p "Continue to format ${ownLib.disk.bootGrubDevice diskId} (YES/n)?" choice
+    case "$choice" in
+      YES ) echo "Continuing in 3 seconds..."; sleep 3;;
+      n|N ) echo "Exiting..."; exit 0;;
+      * ) echo "Exiting..."; exit 1;;
+    esac
+
+    # Partition
+    sync
+    {
+    fdisk -w always -W always ${ownLib.disk.bootGrubDevice diskId} <<EOF
+    g
+    n
+    1
+   
+    +1M
+    n
+    2
+   
+    +512M
+    n
+    3
+   
+   
+    t
+    1
+    4
+    x
+    n
+    2
+    2-${diskId}
+    n
+    3
+    3-${diskId}
+    r
+    w
+    EOF
+    } || {
+      sync
+      partprobe  ${ownLib.disk.bootGrubDevice diskId}
+    }
+
+    # Encrypt
+    cryptsetup luksFormat ${ownLib.disk.bootLuksDevice diskId} -
+    cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
+
+    # LVM
+    vgcreate ${ownLib.disk.volumeGroup diskId} ${ownLib.disk.luksPhysicalVolume diskId}
+    lvcreate ${ownLib.disk.volumeGroup diskId} -L 2G -n swap
+    lvcreate ${ownLib.disk.volumeGroup diskId} -l 100%FREE -n root
+
+    # Filesystem
+    mkfs.vfat -F32 ${ownLib.disk.bootFsDevice diskId}
+    mkfs.btrfs ${ownLib.disk.rootFsDevice diskId}
+    mkswap ${ownLib.disk.swapFsDevice diskId}
+
+    # Subvolume and FS hierharchy
+    mkdir -p /mnt
+    mkdir ${mntRootVol}
+    mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}
+    btrfs subvolume create ${mntRootVol}/nixos
+    btrfs subvolume create ${mntRootVol}/home
+    mkdir ${mntRootVol}/nixos/{boot,home}
+
+    ${diskUmount}
   '';
 }
diff --git a/nix/os/devices/steveej-rmvbl-sduusb3128g/configuration.nix b/nix/os/devices/steveej-rmvbl-sduusb3128g/configuration.nix
new file mode 100644
index 0000000..87284bc
--- /dev/null
+++ b/nix/os/devices/steveej-rmvbl-sduusb3128g/configuration.nix
@@ -0,0 +1,12 @@
+{ ... }:
+
+{
+  imports = [
+    ../../profiles/common/configuration.nix
+    ../../profiles/graphical/configuration.nix
+    ../../profiles/removable-medium/configuration.nix
+
+    ./system.nix
+    ./hw.nix
+  ];
+}
diff --git a/nix/os/devices/steveej-rmvbl-sduusb3128g/hw.nix b/nix/os/devices/steveej-rmvbl-sduusb3128g/hw.nix
new file mode 100644
index 0000000..0cc84ec
--- /dev/null
+++ b/nix/os/devices/steveej-rmvbl-sduusb3128g/hw.nix
@@ -0,0 +1,9 @@
+{ ... }:
+
+{
+  # TASK: new device
+  hardware.encryptedDisk = {
+    enable = true;
+    diskId = "usb-SanDisk_Ultra_USB_3.0_4C530001280509108321-0:0";
+  };
+}
diff --git a/nix/os/devices/steveej-rmvbl-sduusb3128g/system.nix b/nix/os/devices/steveej-rmvbl-sduusb3128g/system.nix
new file mode 100644
index 0000000..2d68b50
--- /dev/null
+++ b/nix/os/devices/steveej-rmvbl-sduusb3128g/system.nix
@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  networking.hostName = "steveej-rmvbl-sduusb3128g"; # Define your hostname.
+}
diff --git a/nix/os/lib/default.nix b/nix/os/lib/default.nix
index 0334c1d..48aeb39 100644
--- a/nix/os/lib/default.nix
+++ b/nix/os/lib/default.nix
@@ -1,5 +1,5 @@
 { keys ?  import ../../variables/keys.nix
-, passwords ? import ../../variables/passwords.crypt.nix 
+, passwords ? import ../../variables/passwords.crypt.nix
 }:
 
 {
@@ -25,4 +25,27 @@
     ];
     openssh.authorizedKeys.keys = keys.users.steveej.openssh;
   } // args;
+
+  disk = rec {
+    # TODO: verify the GPT PARTLABEL cap at 36 chars
+    shortenGptPartlabel = partlabel: (builtins.substring 0 36 partlabel);
+
+    # LVM doesn't allow most characters in VG names
+    # TODO: replace this with a whitelist for: [a-zA-Z0-9.-_+]
+    volumeGroup = diskId: builtins.replaceStrings [ ":" ] [ "" ] diskId;
+
+    # This is important at install-time
+    bootGrubDevice = diskId: "/dev/disk/by-id/" + diskId;
+
+    # These are guaranteed by LVM
+    rootFsDevice = diskId: "/dev/" + (volumeGroup diskId) + "/root";
+    swapFsDevice = diskId: "/dev/" + (volumeGroup diskId) + "/swap";
+
+    # Cannot use the disk ID here because might be different at install vs. runtime.
+    # Example: MMC card which is used in the internal reader vs. USB reader
+    bootFsDevice = diskId: "/dev/disk/by-partlabel/" + (shortenGptPartlabel ("2-"+diskId));
+    bootLuksDevice = diskId: "/dev/disk/by-partlabel/" + (shortenGptPartlabel ("3-"+diskId));
+    luksName = diskId: (volumeGroup diskId)+"pv";
+    luksPhysicalVolume = diskId: "/dev/mapper/" + (luksName diskId);
+  };
 }
diff --git a/nix/os/modules/encryptedDisk.nix b/nix/os/modules/encryptedDisk.nix
index 961a99c..98b0093 100644
--- a/nix/os/modules/encryptedDisk.nix
+++ b/nix/os/modules/encryptedDisk.nix
@@ -1,28 +1,11 @@
 { lib
 , config
 , ... }:
-with lib;                      
+with lib;                     
 
 let
   cfg = config.hardware.encryptedDisk;
-
-
-  volumeGroup = cfg.diskId;
-
-  # This is important at install-time
-  bootGrubDevice = lib.concatStrings [ "/dev/disk/by-id/" cfg.diskId ];
-
-  # These are guaranteed by LVM
-  rootFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/root" ];
-  swapFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/swap" ];
-
-  # TODO: verify the GPT PARTLABEL cap at 36 chars
-  shortenPartlabel = name: (builtins.substring 0 36 name);
-  # Cannot use the disk ID here because might be different at install vs. runtime.
-  # Example: MMC card which is used in the internal reader vs. USB reader
-  bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("2-"+cfg.diskId))];
-  bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("3-"+cfg.diskId))];
-
+  ownLib = import ../lib/default.nix { };
 in {
   options.hardware.encryptedDisk = {
     enable = mkEnableOption "Enable encrypted filesystem layout";
@@ -32,39 +15,39 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
-    fileSystems."/boot" = { 
-      device = bootFsDevice;
+    fileSystems."/boot" = {
+      device = (ownLib.disk.bootFsDevice cfg.diskId);
       fsType = "vfat";
     };
 
     fileSystems."/" = {
-      device = rootFsDevice;
+      device = (ownLib.disk.rootFsDevice cfg.diskId);
       fsType = "btrfs";
       options = [ "subvol=nixos" ];
     };
 
     fileSystems."/home" = {
-      device = rootFsDevice;
+      device = (ownLib.disk.rootFsDevice cfg.diskId);
       fsType = "btrfs";
       options = [ "subvol=home" ];
     };
 
-    swapDevices = [ { device = swapFsDevice; } ];
+    swapDevices = [ { device = (ownLib.disk.swapFsDevice cfg.diskId); } ];
 
     boot.loader.grub = {
-      device = bootGrubDevice;
+      device = (ownLib.disk.bootGrubDevice cfg.diskId);
       enableCryptodisk = true;
     };
 
-    boot.initrd.luks.devices = [ 
+    boot.initrd.luks.devices = [
       {
-        name = 
-          let 
-            splitstring = builtins.split "/" bootLuksDevice;
+        name =
+          let
+            splitstring = builtins.split "/" (ownLib.disk.bootLuksDevice cfg.diskId);
             lastelem = (builtins.length splitstring)-1;
-          in 
-            builtins.elemAt splitstring lastelem; 
-        device = bootLuksDevice;
+          in
+            builtins.elemAt splitstring lastelem;
+        device = (ownLib.disk.bootLuksDevice cfg.diskId);
         preLVM = true;
         allowDiscards = true;
       }
diff --git a/nix/os/profiles/common/user.nix b/nix/os/profiles/common/user.nix
index 6d47e9e..97294ee 100644
--- a/nix/os/profiles/common/user.nix
+++ b/nix/os/profiles/common/user.nix
@@ -2,9 +2,8 @@
 , pkgs
 , ... }:
 
-let 
+let
   passwords = import ../../../variables/passwords.crypt.nix;
-  libinfraos = import ../../lib/default.nix { };
   inherit (import ../../lib/default.nix { }) mkUser mkRoot;
 in {
   users.mutableUsers = false;
diff --git a/nix/os/profiles/removable-medium/system.nix b/nix/os/profiles/removable-medium/system.nix
index 6af50cc..92fc62c 100644
--- a/nix/os/profiles/removable-medium/system.nix
+++ b/nix/os/profiles/removable-medium/system.nix
@@ -8,6 +8,9 @@ in {
     enable = false;
   };
 
+  services.spice-vdagentd.enable = true;
+  services.qemuGuest.enable = true;
+
   virtualisation = {
     libvirtd.enable = false;
     virtualbox.host.enable = false;
diff --git a/nix/pkgs/duplicacy/.envrc b/nix/pkgs/duplicacy/.envrc
new file mode 100644
index 0000000..1d953f4
--- /dev/null
+++ b/nix/pkgs/duplicacy/.envrc
@@ -0,0 +1 @@
+use nix
diff --git a/nix/pkgs/duplicacy/default.nix b/nix/pkgs/duplicacy/default.nix
new file mode 100644
index 0000000..9aed9df
--- /dev/null
+++ b/nix/pkgs/duplicacy/default.nix
@@ -0,0 +1,19 @@
+{ buildGoPackage
+, fetchFromGitHub
+}:
+
+buildGoPackage rec {
+  name = "duplicay-${version}";
+  version = "2.1.2";
+
+  goPackagePath = "github.com/gilbertchen/duplicacy";
+
+  src = fetchFromGitHub {
+    "owner" = "gilbertchen";
+    "repo" = "duplicacy";
+    "rev" = "v2.1.2";
+    "sha256" = "0v3rk4da4b6dhqq8zsr4z27wd8p7crxapkn265kwpsaa99xszzbv";
+  };
+
+  goDeps = ./deps.nix;
+}
diff --git a/nix/pkgs/duplicacy/deps.nix b/nix/pkgs/duplicacy/deps.nix
new file mode 100644
index 0000000..5511b2e
--- /dev/null
+++ b/nix/pkgs/duplicacy/deps.nix
@@ -0,0 +1,336 @@
+# file generated from Gopkg.lock using dep2nix (https://github.com/nixcloud/dep2nix)
+[
+  {
+    goPackagePath  = "cloud.google.com/go";
+    fetch = {
+      type = "git";
+      url = "https://code.googlesource.com/gocloud";
+      rev =  "2d3a6656c17a60b0815b7e06ab0be04eacb6e613";
+      sha256 = "0fi3qj9fvc4bxbrwa1m5sxsb8yhvawiwigaddvmmizjykxbq5csq";
+    };
+  }
+  {
+    goPackagePath  = "github.com/Azure/azure-sdk-for-go";
+    fetch = {
+      type = "git";
+      url = "https://github.com/Azure/azure-sdk-for-go";
+      rev =  "b7fadebe0e7f5c5720986080a01495bd8d27be37";
+      sha256 = "11zcmd17206byxhgz2a75qascilydlzjbz73l2mrqng3yyr20yk1";
+    };
+  }
+  {
+    goPackagePath  = "github.com/Azure/go-autorest";
+    fetch = {
+      type = "git";
+      url = "https://github.com/Azure/go-autorest";
+      rev =  "0ae36a9e544696de46fdadb7b0d5fb38af48c063";
+      sha256 = "0f2qcv24l9bx3jys2m9ycyy77vqlx7dbfa3frxlk19wnrwiv3p6g";
+    };
+  }
+  {
+    goPackagePath  = "github.com/aryann/difflib";
+    fetch = {
+      type = "git";
+      url = "https://github.com/aryann/difflib";
+      rev =  "e206f873d14a916d3d26c40ab667bca123f365a3";
+      sha256 = "00zb9sx6l6b2zq614x45zlyshl20zjhwfj8r5krw4f9y0mx3n2dm";
+    };
+  }
+  {
+    goPackagePath  = "github.com/aws/aws-sdk-go";
+    fetch = {
+      type = "git";
+      url = "https://github.com/aws/aws-sdk-go";
+      rev =  "a32b1dcd091264b5dee7b386149b6cc3823395c9";
+      sha256 = "1yicb7l6m4hs3mi724hz74wn8305qvx6g73mjqafaaqvh6dyn86m";
+    };
+  }
+  {
+    goPackagePath  = "github.com/bkaradzic/go-lz4";
+    fetch = {
+      type = "git";
+      url = "https://github.com/bkaradzic/go-lz4";
+      rev =  "74ddf82598bc4745b965729e9c6a463bedd33049";
+      sha256 = "1vdid8v0c2v2qhrg9rzn3l7ya1h34jirrxfnir7gv7w6s4ivdvc1";
+    };
+  }
+  {
+    goPackagePath  = "github.com/dgrijalva/jwt-go";
+    fetch = {
+      type = "git";
+      url = "https://github.com/dgrijalva/jwt-go";
+      rev =  "dbeaa9332f19a944acb5736b4456cfcc02140e29";
+      sha256 = "0zk6l6kzsjdijfn7c4h0aywdjx5j2hjwi67vy1k6wr46hc8ks2hs";
+    };
+  }
+  {
+    goPackagePath  = "github.com/gilbertchen/azure-sdk-for-go";
+    fetch = {
+      type = "git";
+      url = "https://github.com/gilbertchen/azure-sdk-for-go";
+      rev =  "bbf89bd4d716c184f158d1e1428c2dbef4a18307";
+      sha256 = "14563izc2y05k8s20fmhanvjydbcq8k5adp4cgw91d9bs52qivx7";
+    };
+  }
+  {
+    goPackagePath  = "github.com/gilbertchen/cli";
+    fetch = {
+      type = "git";
+      url = "https://github.com/gilbertchen/cli";
+      rev =  "1de0a1836ce9c3ae1bf737a0869c4f04f28a7f98";
+      sha256 = "00vbyjsn009cqg24sxcizq10rgicnmrv0f8jg3fa1fw6yp5gqdl5";
+    };
+  }
+  {
+    goPackagePath  = "github.com/gilbertchen/go-dropbox";
+    fetch = {
+      type = "git";
+      url = "https://github.com/gilbertchen/go-dropbox";
+      rev =  "90711b603312b1f973f3a5da3793ac4f1e5c2f2a";
+      sha256 = "0y2ydl3mjbkfbqyygrwq7vqig9hjh7cxvzsn2gxc1851haqp4h19";
+    };
+  }
+  {
+    goPackagePath  = "github.com/gilbertchen/go-ole";
+    fetch = {
+      type = "git";
+      url = "https://github.com/gilbertchen/go-ole";
+      rev =  "0e87ea779d9deb219633b828a023b32e1244dd57";
+      sha256 = "1d937b4i9mrwfgs1s17qhbd78dcd97wwm8zsajkarky8d55rz1bw";
+    };
+  }
+  {
+    goPackagePath  = "github.com/gilbertchen/go.dbus";
+    fetch = {
+      type = "git";
+      url = "https://github.com/gilbertchen/go.dbus";
+      rev =  "9e442e6378618c083fd3b85b703ffd202721fb17";
+      sha256 = "0q8ld38gnr4adzw5287lw5f5l14yp8slxsz1za5ryrkprh04bhkv";
+    };
+  }
+  {
+    goPackagePath  = "github.com/gilbertchen/goamz";
+    fetch = {
+      type = "git";
+      url = "https://github.com/gilbertchen/goamz";
+      rev =  "eada9f4e8cc2a45db775dee08a2c37597ce4760a";
+      sha256 = "0v6i4jdly06wixmm58ygxh284hnlbfxczvcwxvywiyy9bp5qyaid";
+    };
+  }
+  {
+    goPackagePath  = "github.com/gilbertchen/gopass";
+    fetch = {
+      type = "git";
+      url = "https://github.com/gilbertchen/gopass";
+      rev =  "bf9dde6d0d2c004a008c27aaee91170c786f6db8";
+      sha256 = "1jxzyfnqi0h1fzlsvlkn10bncic803bfhslyijcxk55mgh297g45";
+    };
+  }
+  {
+    goPackagePath  = "github.com/gilbertchen/keyring";
+    fetch = {
+      type = "git";
+      url = "https://github.com/gilbertchen/keyring";
+      rev =  "8855f5632086e51468cd7ce91056f8da69687ef6";
+      sha256 = "1ja623dqnhkr1cvynrcai10s8kn2aiq53cvd8yxr47bb8i2a2q1m";
+    };
+  }
+  {
+    goPackagePath  = "github.com/gilbertchen/xattr";
+    fetch = {
+      type = "git";
+      url = "https://github.com/gilbertchen/xattr";
+      rev =  "68e7a6806b0137a396d7d05601d7403ae1abac58";
+      sha256 = "120lq8vasc5yh0ajczsdpi8cfzgi4ymrnphgqdfcar3b9rsvx80b";
+    };
+  }
+  {
+    goPackagePath  = "github.com/go-ini/ini";
+    fetch = {
+      type = "git";
+      url = "https://github.com/go-ini/ini";
+      rev =  "32e4c1e6bc4e7d0d8451aa6b75200d19e37a536a";
+      sha256 = "0mhgxw5q6b0pryhikx3k4wby7g32rwjjljzihi47lwn34kw5y1qn";
+    };
+  }
+  {
+    goPackagePath  = "github.com/golang/protobuf";
+    fetch = {
+      type = "git";
+      url = "https://github.com/golang/protobuf";
+      rev =  "1e59b77b52bf8e4b449a57e6f79f21226d571845";
+      sha256 = "19bkh81wnp6njg3931wky6hsnnl2d1ig20vfjxpv450sd3k6yys8";
+    };
+  }
+  {
+    goPackagePath  = "github.com/googleapis/gax-go";
+    fetch = {
+      type = "git";
+      url = "https://github.com/googleapis/gax-go";
+      rev =  "317e0006254c44a0ac427cc52a0e083ff0b9622f";
+      sha256 = "0h92x579vbrv2fka8q2ddy1kq6a63qbqa8zc09ygl6skzn9gw1dh";
+    };
+  }
+  {
+    goPackagePath  = "github.com/jmespath/go-jmespath";
+    fetch = {
+      type = "git";
+      url = "https://github.com/jmespath/go-jmespath";
+      rev =  "0b12d6b5";
+      sha256 = "1vv6hph8j6xgv7gwl9vvhlsaaqsm22sxxqmgmldi4v11783pc1ld";
+    };
+  }
+  {
+    goPackagePath  = "github.com/kr/fs";
+    fetch = {
+      type = "git";
+      url = "https://github.com/kr/fs";
+      rev =  "2788f0dbd16903de03cb8186e5c7d97b69ad387b";
+      sha256 = "1c0fipl4rsh0v5liq1ska1dl83v3llab4k6lm8mvrx9c4dyp71ly";
+    };
+  }
+  {
+    goPackagePath  = "github.com/marstr/guid";
+    fetch = {
+      type = "git";
+      url = "https://github.com/marstr/guid";
+      rev =  "8bd9a64bf37eb297b492a4101fb28e80ac0b290f";
+      sha256 = "081qrar6wwpmb2pq3swv4byh73r9riyhl2dwv0902d8jg3kwricm";
+    };
+  }
+  {
+    goPackagePath  = "github.com/minio/blake2b-simd";
+    fetch = {
+      type = "git";
+      url = "https://github.com/minio/blake2b-simd";
+      rev =  "3f5f724cb5b182a5c278d6d3d55b40e7f8c2efb4";
+      sha256 = "0b6jbnj62c0gmmfd4zdmh8xbg01p80f13yygir9xprqkzk6fikmd";
+    };
+  }
+  {
+    goPackagePath  = "github.com/ncw/swift";
+    fetch = {
+      type = "git";
+      url = "https://github.com/ncw/swift";
+      rev =  "ae9f0ea1605b9aa6434ed5c731ca35d83ba67c55";
+      sha256 = "0a0iwynhgxsl3czabl7ajnxpyw6x0dzbiqz6il8aw7kn10ld1rvl";
+    };
+  }
+  {
+    goPackagePath  = "github.com/pkg/errors";
+    fetch = {
+      type = "git";
+      url = "https://github.com/pkg/errors";
+      rev =  "645ef00459ed84a119197bfb8d8205042c6df63d";
+      sha256 = "001i6n71ghp2l6kdl3qq1v2vmghcz3kicv9a5wgcihrzigm75pp5";
+    };
+  }
+  {
+    goPackagePath  = "github.com/pkg/sftp";
+    fetch = {
+      type = "git";
+      url = "https://github.com/pkg/sftp";
+      rev =  "98203f5a8333288eb3163b7c667d4260fe1333e9";
+      sha256 = "09wxyrhwwh20rzpzb06vsj8k2bmw52cjlx7j4115zhky27528sx9";
+    };
+  }
+  {
+    goPackagePath  = "github.com/satori/go.uuid";
+    fetch = {
+      type = "git";
+      url = "https://github.com/satori/go.uuid";
+      rev =  "f58768cc1a7a7e77a3bd49e98cdd21419399b6a3";
+      sha256 = "1j4s5pfg2ldm35y8ls8jah4dya2grfnx2drb4jcbjsyrp4cm5yfb";
+    };
+  }
+  {
+    goPackagePath  = "github.com/vaughan0/go-ini";
+    fetch = {
+      type = "git";
+      url = "https://github.com/vaughan0/go-ini";
+      rev =  "a98ad7ee00ec53921f08832bc06ecf7fd600e6a1";
+      sha256 = "1l1isi3czis009d9k5awsj4xdxgbxn4n9yqjc1ac7f724x6jacfa";
+    };
+  }
+  {
+    goPackagePath  = "golang.org/x/crypto";
+    fetch = {
+      type = "git";
+      url = "https://go.googlesource.com/crypto";
+      rev =  "9f005a07e0d31d45e6656d241bb5c0f2efd4bc94";
+      sha256 = "1mhmr6ljzl3iafsz4qy8vval7rmr828wh59dlqqqjqx6sqmcs1dv";
+    };
+  }
+  {
+    goPackagePath  = "golang.org/x/net";
+    fetch = {
+      type = "git";
+      url = "https://go.googlesource.com/net";
+      rev =  "9dfe39835686865bff950a07b394c12a98ddc811";
+      sha256 = "0z8mnl4mi88syafrgqys2ak2gg3yrbna25hpz88y3anl8x4jhg1a";
+    };
+  }
+  {
+    goPackagePath  = "golang.org/x/oauth2";
+    fetch = {
+      type = "git";
+      url = "https://go.googlesource.com/oauth2";
+      rev =  "f95fa95eaa936d9d87489b15d1d18b97c1ba9c28";
+      sha256 = "0p9kis69wvhv8a2qbcjxvn9ggpdh81cbfjpq5pjga7n8k6d065fh";
+    };
+  }
+  {
+    goPackagePath  = "golang.org/x/sys";
+    fetch = {
+      type = "git";
+      url = "https://go.googlesource.com/sys";
+      rev =  "82aafbf43bf885069dc71b7e7c2f9d7a614d47da";
+      sha256 = "1jvngpvy0q40f7krkgmwf5bbjzhv449297awcr0y78kzn0cyawi2";
+    };
+  }
+  {
+    goPackagePath  = "golang.org/x/text";
+    fetch = {
+      type = "git";
+      url = "https://go.googlesource.com/text";
+      rev =  "88f656faf3f37f690df1a32515b479415e1a6769";
+      sha256 = "0zakmgg6dlwnkhignwjajn0dckzqq18zxvnmmg0fq6455x7fs673";
+    };
+  }
+  {
+    goPackagePath  = "google.golang.org/api";
+    fetch = {
+      type = "git";
+      url = "https://code.googlesource.com/google-api-go-client";
+      rev =  "17b5f22a248d6d3913171c1a557552ace0d9c806";
+      sha256 = "0gs78qsxfg89kpiiray1x9jiv6bh328jmjkwd3ghnygf3l98kc8c";
+    };
+  }
+  {
+    goPackagePath  = "google.golang.org/appengine";
+    fetch = {
+      type = "git";
+      url = "https://github.com/golang/appengine";
+      rev =  "150dc57a1b433e64154302bdc40b6bb8aefa313a";
+      sha256 = "0w3knznv39k8bm85ri62f83czcrxknql7dv6p9hk1a5jx3xljgxq";
+    };
+  }
+  {
+    goPackagePath  = "google.golang.org/genproto";
+    fetch = {
+      type = "git";
+      url = "https://github.com/google/go-genproto";
+      rev =  "891aceb7c239e72692819142dfca057bdcbfcb96";
+      sha256 = "1axim84fqzsp6iialk6zl4fsbfpx658vssc6ccakn4yy1xc9h854";
+    };
+  }
+  {
+    goPackagePath  = "google.golang.org/grpc";
+    fetch = {
+      type = "git";
+      url = "https://github.com/grpc/grpc-go";
+      rev =  "5a9f7b402fe85096d2e1d0383435ee1876e863d0";
+      sha256 = "1hlirgvmzb929jpb1dvh930646ih5ffg3b6pmlilqr7ffdkl5z3j";
+    };
+  }
+]
\ No newline at end of file
diff --git a/nix/pkgs/duplicacy/shell.nix b/nix/pkgs/duplicacy/shell.nix
new file mode 100644
index 0000000..72c40b1
--- /dev/null
+++ b/nix/pkgs/duplicacy/shell.nix
@@ -0,0 +1,12 @@
+with import <nixpkgs> {};
+stdenv.mkDerivation {
+  name = "env";
+  buildInputs = [
+    zsh
+    go
+    go2nix
+    dep2nix
+    nix-prefetch-github
+    (callPackage ./default.nix {})
+  ];
+}