diff --git a/flake.nix b/flake.nix
index 9cbbbde..4ec2e5a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -15,9 +15,12 @@
     lib = pkgs.lib;
     vmixLib = import ./lib { inherit pkgs lib system; };
   in {
-    overlays.default = import ./overlay.nix;
+    overlays.default = final: prev: { inherit vmixLib; };
 
-    nixosModules.default = import ./module.nix;
+    nixosModules.default = { config, pkgs, lib, ... }: {
+      imports = [ ./nixos/default.nix ];
+      config.nixpkgs.overlays = [ self.overlays.default ];
+    };
 
     lib.${system} = vmixLib;
 
diff --git a/lib/images/windows/helpers/customizeImage.nix b/lib/images/windows/helpers/customizeImage.nix
index 79dc155..19758b9 100644
--- a/lib/images/windows/helpers/customizeImage.nix
+++ b/lib/images/windows/helpers/customizeImage.nix
@@ -25,6 +25,10 @@
     smp ? 4,
     memSize ? 4096,
     nicModel ? null,
+    # Flatten COW chain into a standalone qcow2 (removes backing file dependency)
+    compact ? false,
+    # QEMU timeout in seconds (default 30 min, increase for Windows Update)
+    qemuTimeout ? 1800,
   }:
   let
     originalImageName = lib.strings.removeSuffix "-vmix" (lib.strings.removeSuffix ".qcow2" originalImage.name);
@@ -107,11 +111,11 @@
         ${cdromArgs} \
         -nic user,model=${if nicModel != null then nicModel else if isAHCI then "e1000" else "virtio-net-pci"}"
 
-      timeout 1800 qemu-system-x86_64 $VMIX_DISPLAY $QEMU_ARGS || \
+      timeout ${toString qemuTimeout} qemu-system-x86_64 $VMIX_DISPLAY $QEMU_ARGS || \
         if [[ "$VMIX_DISPLAY" == "-display sdl" ]]; then
           echo "=== vmix: SDL failed, retrying headless ==="
           cp ${pkgs.OVMF.fd}/FV/OVMF_VARS.fd vars.fd && chmod +w vars.fd
-          timeout 1800 qemu-system-x86_64 -nographic $QEMU_ARGS
+          timeout ${toString qemuTimeout} qemu-system-x86_64 -nographic $QEMU_ARGS
         else
           exit 1
         fi
@@ -125,6 +129,11 @@
       [ -n "${diskSize}" ] && qemu-img resize ${resultImg} ${diskSize}
       ${virtWinRegMerge}
       ${auditBootCommands}
+      ${lib.optionalString compact ''
+      echo "=== vmix: compacting image ==="
+      qemu-img convert -O qcow2 ${resultImg} compact.qcow2
+      mv compact.qcow2 ${resultImg}
+      ''}
       mv ${resultImg} $out
     '';
   builtImage = pkgs.runCommand customImageName ({
diff --git a/lib/images/windows/templates/generalize.nix b/lib/images/windows/templates/generalize.nix
index 0caa5b9..cf1f2e2 100644
--- a/lib/images/windows/templates/generalize.nix
+++ b/lib/images/windows/templates/generalize.nix
@@ -81,9 +81,16 @@ in
     powershell -Command "Get-AppxPackage *MicrosoftEdgeDevToolsClient* | Remove-AppxPackage -ErrorAction SilentlyContinue"
 
 
-    :: Activate Windows using HWID method
+    :: Re-install product key and licenses to restore activation IDs after sysprep
+    cscript //nologo C:\Windows\System32\slmgr.vbs /ipk M7XTQ-FN8P6-TTKYV-9D4CC-J462D
+    cscript //nologo C:\Windows\System32\slmgr.vbs /rilc
+    :: Restart SPP service and wait for it to settle
+    net stop sppsvc /y 2>nul
+    net start sppsvc
+    ping -n 10 127.0.0.1 >nul
+    :: Activate Windows using TSforge
     if exist C:\MAS_AIO.cmd (
-      echo. | call C:\MAS_AIO.cmd /HWID
+      echo. | call C:\MAS_AIO.cmd /Z-Windows
     )
     :: Activate Office using Ohook method (if Office is installed)
     if exist "C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE" (
diff --git a/module.nix b/module.nix
deleted file mode 100644
index 1f26736..0000000
--- a/module.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ ... }:
-{
-  imports = [
-    ./nixos/default.nix
-  ];
-}
\ No newline at end of file
diff --git a/nixos/default.nix b/nixos/default.nix
index 2944e04..75dce49 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -1,7 +1,7 @@
 { config, pkgs, lib, ... }:
 with lib;
 let
-  vmixLib = import ./../lib {inherit pkgs lib; };
+  vmixLib = pkgs.vmixLib;
   args = { inherit config pkgs lib vmixLib; };
 in
 {
@@ -15,6 +15,4 @@ in
       (types.submodule (import ./namespaceSubmoduleOptions.nix args));
     default = {};
   };
-
-  config.nixpkgs.overlays = [ (import ../overlay.nix) ];
-}
\ No newline at end of file
+}
diff --git a/nixos/networks/config.nix b/nixos/networks/config.nix
index faaafba..37bf6a9 100644
--- a/nixos/networks/config.nix
+++ b/nixos/networks/config.nix
@@ -286,5 +286,6 @@ in
 {
   config.systemd.services = namespaceGlobalService // networkServices;
   config.systemd.targets = networkTargets;
-  config.boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault 1;
+  config.boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkForce 1;
+  config.boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = lib.mkForce true;
 }
diff --git a/overlay.nix b/overlay.nix
deleted file mode 100644
index 0f26929..0000000
--- a/overlay.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-final: prev:
-let
-  # Pin vmixLib to nixpkgs 25-11 so all VM images are built with a consistent toolchain
-  vmixPkgs = prev.v25-11 or prev;
-in {
-  vmixLib = vmixPkgs.callPackage ./lib {};
-}
\ No newline at end of file