diff --git a/default.nix b/default.nix
index 94b3186..60d9cec 100644
--- a/default.nix
+++ b/default.nix
@@ -21,9 +21,20 @@
   ...
 }:
 
-with lib;
-
 let
+  inherit (lib)
+    literalExpression
+    literalMD
+    mkDefault
+    mkEnableOption
+    mkOption
+    mkOptionType
+    mkRemovedOptionModule
+    mkRenamedOptionModule
+    types
+    warn
+    ;
+
   cfg = config.mailserver;
 in
 {
@@ -269,7 +280,7 @@ in
       tlsCAFile = mkOption {
         type = types.path;
         default = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
-        defaultText = lib.literalMD "see [source](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/blob/master/default.nix)";
+        defaultText = literalMD "see [source](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/blob/master/default.nix)";
         description = ''
           Certifificate trust anchors used to verify the LDAP server certificate.
         '';
@@ -1064,7 +1075,7 @@ in
         type = types.str;
         # read the default from nixos' redis module
         default = config.services.redis.servers.rspamd.unixSocket;
-        defaultText = lib.literalExpression "config.services.redis.servers.rspamd.unixSocket";
+        defaultText = literalExpression "config.services.redis.servers.rspamd.unixSocket";
         description = ''
           Path, IP address or hostname that Rspamd should use to contact Redis.
         '';
@@ -1073,7 +1084,7 @@ in
       port = mkOption {
         type = with types; nullOr port;
         default = null;
-        example = lib.literalExpression "config.services.redis.servers.rspamd.port";
+        example = literalExpression "config.services.redis.servers.rspamd.port";
         description = ''
           Port that Rspamd should use to contact Redis.
         '';
@@ -1082,7 +1093,7 @@ in
       password = mkOption {
         type = types.nullOr types.str;
         default = config.services.redis.servers.rspamd.requirePass;
-        defaultText = lib.literalExpression "config.services.redis.servers.rspamd.requirePass";
+        defaultText = literalExpression "config.services.redis.servers.rspamd.requirePass";
         description = ''
           Password that rspamd should use to contact redis, or null if not required.
         '';
@@ -1102,7 +1113,7 @@ in
     sendingFqdn = mkOption {
       type = types.str;
       default = cfg.fqdn;
-      defaultText = lib.literalMD "{option}`mailserver.fqdn`";
+      defaultText = literalMD "{option}`mailserver.fqdn`";
       example = "myserver.example.com";
       description = ''
         The fully qualified domain name of the mail server used to
@@ -1178,7 +1189,7 @@ in
                 start program = "${pkgs.systemd}/bin/systemctl start rspamd"
                 stop program = "${pkgs.systemd}/bin/systemctl stop rspamd"
         '';
-        defaultText = lib.literalMD "see [source](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/blob/master/default.nix)";
+        defaultText = literalMD "see [source](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/blob/master/default.nix)";
         description = ''
           The configuration used for monitoring via monit.
           Use a mail address that you actively check and set it via 'set alert ...'.
@@ -1287,7 +1298,7 @@ in
       locations = mkOption {
         type = types.listOf types.path;
         default = [ cfg.mailDirectory ];
-        defaultText = lib.literalExpression "[ config.mailserver.mailDirectory ]";
+        defaultText = literalExpression "[ config.mailserver.mailDirectory ]";
         description = "The locations that are to be backed up by borg.";
       };
 
@@ -1388,29 +1399,29 @@ in
   };
 
   imports = [
-    (lib.mkRemovedOptionModule [ "mailserver" "fullTextSearch" "maintenance" "enable" ] ''
+    (mkRemovedOptionModule [ "mailserver" "fullTextSearch" "maintenance" "enable" ] ''
       This option is not needed for fts-flatcurve
     '')
-    (lib.mkRemovedOptionModule [ "mailserver" "fullTextSearch" "maintenance" "onCalendar" ] ''
+    (mkRemovedOptionModule [ "mailserver" "fullTextSearch" "maintenance" "onCalendar" ] ''
       This option is not needed for fts-flatcurve
     '')
-    (lib.mkRemovedOptionModule [ "mailserver" "fullTextSearch" "maintenance" "randomizedDelaySec" ] ''
+    (mkRemovedOptionModule [ "mailserver" "fullTextSearch" "maintenance" "randomizedDelaySec" ] ''
       This option is not needed for fts-flatcurve
     '')
-    (lib.mkRemovedOptionModule [ "mailserver" "fullTextSearch" "minSize" ] ''
+    (mkRemovedOptionModule [ "mailserver" "fullTextSearch" "minSize" ] ''
       This option is not supported by fts-flatcurve
     '')
-    (lib.mkRemovedOptionModule [ "mailserver" "fullTextSearch" "maxSize" ] ''
+    (mkRemovedOptionModule [ "mailserver" "fullTextSearch" "maxSize" ] ''
       This option is not needed since fts-xapian 1.8.3
     '')
-    (lib.mkRemovedOptionModule [ "mailserver" "fullTextSearch" "indexAttachments" ] ''
+    (mkRemovedOptionModule [ "mailserver" "fullTextSearch" "indexAttachments" ] ''
       Text attachments are always indexed since fts-xapian 1.4.8
     '')
-    (lib.mkRenamedOptionModule
+    (mkRenamedOptionModule
       [ "mailserver" "rebootAfterKernelUpgrade" "enable" ]
       [ "system" "autoUpgrade" "allowReboot" ]
     )
-    (lib.mkRemovedOptionModule [ "mailserver" "rebootAfterKernelUpgrade" "method" ] ''
+    (mkRemovedOptionModule [ "mailserver" "rebootAfterKernelUpgrade" "method" ] ''
       Use `system.autoUpgrade` instead.
     '')
     ./mail-server/assertions.nix
@@ -1427,17 +1438,17 @@ in
     ./mail-server/rspamd.nix
     ./mail-server/nginx.nix
     ./mail-server/kresd.nix
-    (lib.mkRemovedOptionModule [ "mailserver" "policydSPFExtraConfig" ] ''
+    (mkRemovedOptionModule [ "mailserver" "policydSPFExtraConfig" ] ''
       SPF checking has been migrated to Rspamd, which makes this config redundant. Please look into the rspamd config to migrate your settings.
       It may be that they are redundant and are already configured in rspamd like for skip_addresses.
     '')
-    (lib.mkRemovedOptionModule [ "mailserver" "dkimHeaderCanonicalization" ] ''
+    (mkRemovedOptionModule [ "mailserver" "dkimHeaderCanonicalization" ] ''
       DKIM signing has been migrated to Rspamd, which always uses relaxed canonicalization.
     '')
-    (lib.mkRemovedOptionModule [ "mailserver" "dkimBodyCanonicalization" ] ''
+    (mkRemovedOptionModule [ "mailserver" "dkimBodyCanonicalization" ] ''
       DKIM signing has been migrated to Rspamd, which always uses relaxed canonicalization.
     '')
-    (lib.mkRemovedOptionModule [ "mailserver" "smtpdForbidBareNewline" ] ''
+    (mkRemovedOptionModule [ "mailserver" "smtpdForbidBareNewline" ] ''
       The workaround for the SMTP Smuggling attack is default enabled in Postfix >3.9. Use `services.postfix.config.smtpd_forbid_bare_newline` if you need to deviate from its default.
     '')
   ];
diff --git a/mail-server/rsnapshot.nix b/mail-server/rsnapshot.nix
index de4f13e..f01ff8d 100644
--- a/mail-server/rsnapshot.nix
+++ b/mail-server/rsnapshot.nix
@@ -21,9 +21,12 @@
   ...
 }:
 
-with lib;
-
 let
+  inherit (lib)
+    optionalString
+    mkIf
+    ;
+
   cfg = config.mailserver;
 
   preexecDefined = cfg.backup.cmdPreexec != null;