diff --git a/NixOS-configuration-restructuring/configuration-diagram-2023-08.pum b/NixOS-configuration-restructuring/configuration-diagram-2023-08.pum
new file mode 100644
index 0000000..eb15c65
--- /dev/null
+++ b/NixOS-configuration-restructuring/configuration-diagram-2023-08.pum
@@ -0,0 +1,204 @@
+@startuml
+
+/'
+ ' left to right direction
+ '/
+/'
+ ' skin rose
+ '/
+
+
+
+cloud "overlay\ncommit @ git.selfprivacy.org" as overlay {
+ node "selfprivacy-graphql-api" as selfprivacy_graphql_api
+}
+
+cloud "selfprivacy-rest-api\ncommit @ git.selfprivacy.org" as selfprivacy_rest_api_commit {
+ component "python app" as selfprivacy_api_app
+}
+control "client app" as client_app
+:user: .. client_app
+selfprivacy_api_app . client_app
+selfprivacy_graphql_api <<-- selfprivacy_rest_api_commit
+
+
+file "hardware-configuration.nix" as hardware_configuration #lightcyan
+card "grub.device" as hw_grub_device
+card "initrd.kernelModules" as hw_kernelModules
+card "fileSystems" as hw_fileSystems
+
+hardware_configuration <-- hw_grub_device
+hardware_configuration <-- hw_kernelModules
+hardware_configuration <-- hw_fileSystems
+note top of hardware_configuration : generated by\nnixos-infect
+
+note bottom of hw_fileSystems : always the same?
+
+note "hosting dependant" as note_hosting
+
+hw_grub_device <<.. note_hosting
+hw_kernelModules <<.. note_hosting
+
+file "api.nix\napi-module.nix" as api
+file files [
+ files.nix
+ ---
+ ""systemd.tmpfiles.rules""
+ ""systemd.activationScripts""
+ ""/var/lib/nextcloud""
+ ""/var/lib/cloudflare""
+ ""/var/lib/pleroma""
+ ""/var/lib/bitwarden""
+ ""/root/.config/rclone""
+]
+file "volumes.nix" as volumes {
+ card "fileSystems" as fileSystems_from_userdata
+}
+file "users.nix" as users {
+ card "users.users" as users_from_userdata
+}
+file "variables.nix\nvariables-module.nix" as variables
+file "letsencrypt/acme.nix\nletsencrypt/resolve.nix" as acme
+/'
+ ' file "backup/restic.nix" as restic
+ ' file "gitea.nix" as gitea
+ ' file "mailserver/system/mailserver.nix" as mailserver
+ ' file "nextcloud.nix" as nextcloud
+ ' file "passmgr/bitwarden.nix" as bitwarden
+ ' file "limits.nix" as limits
+ ' file "pleroma.nix" as pleroma
+ ' file "jitsi.nix" as jitsi
+ ' file "vpn/ocserv.nix" as ocserv
+ ' file "webserver/nginx.nix" as nginx
+ ' file "webserver/memcached.nix" as memcached
+ '/
+collections "<>" as some_service
+cloud " nixpkgs\ncommit @ github.com (?)" as nixpkgs
+
+
+folder """/etc/nixos/userdata/""" as userdata_folder {
+ /'
+ ' file "schema.json\n(who uses?)" as schema
+ ' file "tokens_schema.json\n(who uses?)" as tokens_schema
+ '/
+ file "tokens.json" as tokens
+ file "userdata.json" as userdata
+}
+ /'
+ ' note left of userdata : first generated by\nnixos-infect
+ '/
+selfprivacy_api_app <|.... tokens
+selfprivacy_api_app ....|> userdata_folder : writes
+
+file "configuration.nix" as configuration
+nixpkgs -->> configuration
+configuration <<-l- hardware_configuration
+/'
+ ' configuration <<-- overlay
+ '/
+overlay -->> configuration
+configuration <<-- variables : ...\nstateVersion\n...
+
+configuration <<-- files
+userdata -[dotted]->> files
+files <|-- userdata : secrets\nby ""jq"" and ""sed"" in\n""activationScripts""\n!!!
+variables <<-- userdata : values extraction\nfrom JSON
+
+configuration <<-- volumes
+userdata -[dotted]->> fileSystems_from_userdata : volumes
+
+configuration <<-- users
+userdata -[dotted]->> users_from_userdata : users
+
+configuration <<-- api
+api <<-[dotted]- userdata : Swagger,\nb2Bucket
+api <-[dotted]- selfprivacy_graphql_api
+
+configuration <<-- acme
+userdata -[dotted]->> acme : username,\ndomain
+
+configuration <<-- some_service
+userdata -[dotted]->> some_service : enable,\nsettings
+
+/'
+ ' configuration <<-- mailserver
+ ' userdata -[dotted]->> mailserver
+ '
+ ' configuration <<-- ocserv
+ ' userdata -[dotted]->> ocserv
+
+ ' configuration <<-- pleroma
+ ' userdata -[dotted]->> pleroma
+ '
+ ' configuration <<-- restic
+ ' userdata -[dotted]-->> restic
+ '
+ ' configuration <<-- bitwarden
+ ' userdata -[dotted]-->> bitwarden
+ '
+ ' configuration <<-- nginx
+ ' userdata -[dotted]->> nginx : domain
+ '
+ ' configuration <<-- memcached
+ '
+ ' configuration <<-- nextcloud
+ ' userdata -[dotted]-->> nextcloud : enable,\ndomain
+ '
+ ' configuration <<-- jitsi
+ ' userdata -[dotted]-->> jitsi : enable,\ndomain
+ '
+ ' configuration <<-- gitea
+ ' userdata -[dotted]-->> gitea : enable,\ndomain
+ '/
+
+/'
+ ' memcached --->> configuration
+ '/
+
+/'
+ ' folder api as api_folder
+ ' folder backup as backup_folder
+ ' folder git as git_folder
+ ' folder letsencrypt as letsencrypt_folder
+ ' folder "mailserver/system" as mailserver_folder
+ ' folder nextcloud as nextcloud_folder
+ ' folder passmgr as passmgr_folder
+ ' folder resources as resources_folder
+ ' folder social as social_folder
+ ' folder videomeet as videomeet_folder
+ ' folder vpn as vpn_folder
+ ' folder webserver as webserver_folder
+ '/
+
+/'
+ ' api_folder -- api_module
+ ' api_folder -- api
+ ' backup_folder -- restic
+ ' git_folder -- gitea
+ ' letsencrypt_folder -- acme
+ ' letsencrypt_folder -- resolve
+ ' mailserver_folder -- mailserver
+ ' nextcloud_folder -- nextcloud
+ ' passmgr_folder -- bitwarden
+ ' resources_folder -- limits
+ ' social_folder -- pleroma
+ ' videomeet_folder -- jitsi
+ ' vpn_folder -- ocserv
+ ' webserver_folder -- memcached
+ ' webserver_folder -- nginx
+ '/
+
+
+
+@enduml
diff --git a/NixOS-configuration-restructuring/configuration-inputs-outputs-impure.pum b/NixOS-configuration-restructuring/configuration-inputs-outputs-impure.pum
new file mode 100644
index 0000000..4be4437
--- /dev/null
+++ b/NixOS-configuration-restructuring/configuration-inputs-outputs-impure.pum
@@ -0,0 +1,95 @@
+@startuml
+
+left to right direction
+
+
+
+
+node "NixOS machine" as machine {
+ file "hardware-configuration.nix" as hardware_configuration #lightcyan
+ folder """userdata/""" as userdata_folder {
+ /'
+ ' file "schema.json\n(who uses?)" as schema
+ ' file "tokens_schema.json\n(who uses?)" as tokens_schema
+ '/
+ file "tokens.json" as tokens
+ file "userdata.json" as userdata
+ }
+ collections "/nix/store/*" as nix_store
+ /'
+ ' file local_flake [
+ ' flake.nix
+ ' ===
+ ' inputs = {
+ ' selfprivacy-nixos-config.url = ...;
+ ' };
+ ' outputs = {
+ ' nixosConfigurations =
+ ' selfprivacy-nixos-config.outputs.nixosConfigurations-fun userdata;
+ ' };
+ ' ]
+ '/
+}
+
+folder "configuration repo" as config_repo {
+ /'
+ ' file "flake.nix" as flake_nix {
+ ' card "input: nixpkgs.url"
+ ' card "input: selfprivacy-overlay.url"
+ ' }
+ '/
+ file flake_nix [
+ flake.nix
+ ===
+ inputs = {
+ nixpkgs.url = ...;
+ selfprivacy-overlay.url = ...;
+ };
+ ]
+ file flake_lock [
+ flake.lock
+ ]
+ flake_lock - flake_nix
+ note top of flake_lock : pinning with hashes
+
+ file "configuration.nix" as configuration
+
+ collections "pure imports" as pure_imports
+}
+
+cloud "overlay\ncommit @ git.selfprivacy.org" as overlay {
+ node "selfprivacy-graphql-api" as selfprivacy_graphql_api
+}
+
+cloud "selfprivacy-rest-api\ncommit @ git.selfprivacy.org" as selfprivacy_rest_api_commit {
+ component "python app" as selfprivacy_api_app
+}
+
+cloud " nixpkgs\ncommit @ github.com (?)" as nixpkgs
+nixpkgs --> flake_lock
+overlay --> flake_lock
+
+configuration <-- userdata : impure!
+configuration <-- hardware_configuration : impure!
+
+
+selfprivacy_rest_api_commit -->> selfprivacy_graphql_api
+flake_nix --> configuration
+flake_lock --> configuration
+
+configuration -[bold]-|> nix_store : nixos-rebuild
+configuration <-l- pure_imports
+
+
+@enduml
diff --git a/NixOS-configuration-restructuring/configuration-inputs-outputs-override.pum b/NixOS-configuration-restructuring/configuration-inputs-outputs-override.pum
new file mode 100644
index 0000000..c9e4261
--- /dev/null
+++ b/NixOS-configuration-restructuring/configuration-inputs-outputs-override.pum
@@ -0,0 +1,102 @@
+@startuml
+
+left to right direction
+
+
+
+
+folder "configuration repo" as config_repo {
+ /'
+ ' file "flake.nix" as flake_nix {
+ ' card "input: nixpkgs.url"
+ ' card "input: selfprivacy-overlay.url"
+ ' }
+ '/
+ file flake_nix [
+ flake.nix
+ ===
+ inputs = {
+ nixpkgs.url = ...;
+ selfprivacy-overlay.url = ...;
+ userdata-json.flake = false;
+ hardware-configuration-nix.flake = false;
+ };
+ outputs = { ... }: {
+ nixosConfigurations = ... {
+ specialArgs = { ... userdata; };
+ modules = [
+ { nixpkgs.overlays = [ selfprivacy-overlay ]; }
+ hardware-configuration
+ ./configuration.nix
+ ];
+ };
+ };
+ ]
+ file flake_lock [
+ flake.lock
+ ]
+ flake_lock - flake_nix
+ note top of flake_lock : pinning with hashes
+
+ file "configuration.nix" as configuration
+
+ collections "nix modules" as pure_imports
+}
+
+node "NixOS machine" as machine {
+ file "hardware-configuration.nix" as hardware_configuration #lightcyan
+ folder """userdata/""" as userdata_folder {
+ /'
+ ' file "schema.json\n(who uses?)" as schema
+ ' file "tokens_schema.json\n(who uses?)" as tokens_schema
+ '/
+ file "tokens.json" as tokens
+ file "userdata.json" as userdata
+ tokens -l[hidden]- userdata
+ }
+ collections "/nix/store/*" as nix_store
+ control "nixos-rebuild" as nixos_rebuild
+}
+
+cloud "overlay\ncommit @ git.selfprivacy.org" as overlay {
+ node "selfprivacy-graphql-api" as selfprivacy_graphql_api
+}
+
+cloud "selfprivacy-rest-api\ncommit @ git.selfprivacy.org" as selfprivacy_rest_api_commit {
+ component "python app" as selfprivacy_api_app
+}
+
+cloud " nixpkgs\ncommit @ github.com (?)" as nixpkgs
+nixpkgs --> flake_lock
+overlay --> flake_lock
+
+
+nixos_rebuild <- userdata : --override-input
+nixos_rebuild <-l- hardware_configuration : --override-input
+
+selfprivacy_rest_api_commit ->> selfprivacy_graphql_api
+flake_nix --> configuration
+flake_lock --> configuration
+
+configuration -d-> nixos_rebuild
+nixos_rebuild -[bold]-|> nix_store
+configuration <-l- pure_imports
+
+
+footer %date("yyyy-MM-dd'T'HH:mmZ")
+
+@enduml
diff --git a/NixOS-configuration-restructuring/configuration-inputs-outputs.pum b/NixOS-configuration-restructuring/configuration-inputs-outputs.pum
new file mode 100644
index 0000000..568dca5
--- /dev/null
+++ b/NixOS-configuration-restructuring/configuration-inputs-outputs.pum
@@ -0,0 +1,107 @@
+@startuml
+
+left to right direction
+
+
+
+
+node "NixOS machine" as machine {
+ file "hardware-configuration.nix" as hardware_configuration #lightcyan
+ folder """userdata/""" as userdata_folder {
+ /'
+ ' file "schema.json\n(who uses?)" as schema
+ ' file "tokens_schema.json\n(who uses?)" as tokens_schema
+ '/
+ file "tokens.json" as tokens
+ file "userdata.json" as userdata
+ tokens -l[hidden]- userdata
+ }
+ collections "/nix/store/*" as nix_store
+ file local_flake_nix [
+ flake.nix
+ ===
+ inputs = {
+ selfprivacy-nixos-config.url = ...;
+ };
+ outputs = {
+ nixosConfigurations =
+ selfprivacy-nixos-config.outputs.nixosConfigurations-fun
+ hardware-configuration userdata;
+ };
+ ]
+ /'
+ ' file local_flake_lock as "flake.lock"
+ ' local_flake_nix -l- local_flake_lock
+ '/
+}
+
+folder "configuration repo" as config_repo {
+ /'
+ ' file "flake.nix" as flake_nix {
+ ' card "input: nixpkgs.url"
+ ' card "input: selfprivacy-overlay.url"
+ ' }
+ '/
+ file flake_nix [
+ flake.nix
+ ===
+ inputs = {
+ nixpkgs.url = ...;
+ selfprivacy-overlay.url = ...;
+ };
+ outputs = {
+ nixosConfigurations-fun =
+ hardware-configuration: userdata:
+ ...;
+ };
+ ]
+ file flake_lock [
+ flake.lock
+ ]
+ flake_lock - flake_nix
+ note top of flake_lock : pinning with hashes
+
+ file "configuration.nix" as configuration
+
+ collections "pure imports" as pure_imports
+}
+
+cloud "overlay\ncommit @ git.selfprivacy.org" as overlay {
+ node "selfprivacy-graphql-api" as selfprivacy_graphql_api
+}
+
+cloud "selfprivacy-rest-api\ncommit @ git.selfprivacy.org" as selfprivacy_rest_api_commit {
+ component "python app" as selfprivacy_api_app
+}
+
+cloud " nixpkgs\ncommit @ github.com (?)" as nixpkgs
+nixpkgs --> flake_lock
+overlay --> flake_lock
+
+local_flake_nix <-r- userdata
+local_flake_nix <-l- hardware_configuration
+
+
+selfprivacy_rest_api_commit -->> selfprivacy_graphql_api
+flake_nix --> configuration
+flake_lock --> configuration
+configuration --> local_flake_nix
+
+local_flake_nix -[bold]-|> nix_store : nixos-rebuild
+configuration <-l- pure_imports
+
+
+footer %date("yyyy-MM-dd'T'HH:mmZ")
+
+@enduml