Flake update, return vivaldi from nixpkgs

devenv.lock

@@ -3,10 +3,10 @@
     "devenv": {
       "locked": {
         "dir": "src/modules",
-        "lastModified": 1755355634,
+        "lastModified": 1756732270,
         "owner": "cachix",
         "repo": "devenv",
-        "rev": "85e78cbe26467a2c23c9d34869235740132d749f",
+        "rev": "1d5c772e984c5e29935ca3fa6b09f888dae04215",
         "type": "github"
       },
       "original": {
@@ -40,10 +40,10 @@
         ]
       },
       "locked": {
-        "lastModified": 1754416808,
+        "lastModified": 1755960406,
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864",
+        "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2",
         "type": "github"
       },
       "original": {
@@ -74,10 +74,10 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1754299112,
+        "lastModified": 1755783167,
         "owner": "cachix",
         "repo": "devenv-nixpkgs",
-        "rev": "16c21c9f5c6fb978466e91182a248dd8ca1112ac",
+        "rev": "4a880fb247d24fbca57269af672e8f78935b0328",
         "type": "github"
       },
       "original": {

devenv.nix

@@ -1,7 +1,4 @@
-{
-  pkgs,
-  ...
-}:
+{ pkgs, ... }:
 
 {
   packages = [
@@ -17,21 +14,18 @@
     nil --version
   '';
 
-  # https://devenv.sh/tasks/
   tasks = {
 
   };
 
-  # https://devenv.sh/tests/
   enterTest = ''
     echo "Running tests"
-    git --version | grep --color=auto "${pkgs.git.version}"
+    nixos-rebuild dry-build --flake .#fenixpc
+    nixos-rebuild dry-build --flake .#fenixbook
   '';
 
   git-hooks.hooks = {
     nil.enable = true;
     nixfmt-rfc-style.enable = true;
   };
-
-  # See full reference at https://devenv.sh/reference/options/
 }

flake.lock

@@ -1,5 +1,26 @@
 {
   "nodes": {
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1746728054,
+        "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "ff442f5d1425feb86344c028298548024f21256d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "latest",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -7,26 +28,124 @@
         ]
       },
       "locked": {
-        "lastModified": 1756683562,
-        "narHash": "sha256-3fcIqwm1u+rF3kkgUYYEIcLrs93+Pi+a6AwiEAxdP5g=",
+        "lastModified": 1764866045,
+        "narHash": "sha256-0GsEtXV9OquDQ1VclQfP16cU5VZh7NEVIOjSH4UaJuM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "fccb44df77266a3891939f35197f538dace3442f",
+        "rev": "f63d0fe9d81d36e5fc95497217a72e02b8b7bcab",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
+        "ref": "release-25.11",
         "repo": "home-manager",
         "type": "github"
       }
     },
+    "libcamera-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1725630279,
+        "narHash": "sha256-KH30jmHfxXq4j2CL7kv18DYECJRp9ECuWNPnqPZajPA=",
+        "owner": "raspberrypi",
+        "repo": "libcamera",
+        "rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "repo": "libcamera",
+        "rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
+        "type": "github"
+      }
+    },
+    "libpisp-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1724944683,
+        "narHash": "sha256-Fo2UJmQHS855YSSKKmGrsQnJzXog1cdpkIOO72yYAM4=",
+        "owner": "raspberrypi",
+        "repo": "libpisp",
+        "rev": "28196ed6edcfeda88d23cc5f213d51aa6fa17bb3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "ref": "v1.0.7",
+        "repo": "libpisp",
+        "type": "github"
+      }
+    },
+    "nix-flatpak": {
+      "locked": {
+        "lastModified": 1754777568,
+        "narHash": "sha256-0bBqT+3XncgF8F03RFAamw9vdf0VmaDoIJLTGkjfQZs=",
+        "owner": "gmodena",
+        "repo": "nix-flatpak",
+        "rev": "62f636b87ef6050760a8cb325cadb90674d1e23e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "gmodena",
+        "repo": "nix-flatpak",
+        "type": "github"
+      }
+    },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1764440730,
+        "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1756542300,
-        "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
+        "lastModified": 1764677808,
+        "narHash": "sha256-H3lC7knbXOBrHI9hITQ7modLuX20mYJVhZORL5ioms0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa",
+        "rev": "1aab89277eb2d87823d5b69bae631a2496cff57a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-master": {
+      "locked": {
+        "lastModified": 1764884164,
+        "narHash": "sha256-JVBdqcz6O7noXRImADjFh+J7+14wigl+Vkt1hHTr56M=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "953a2e2892dc8e6b9623e233853239984c11dd7c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1764667669,
+        "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "418468ac9527e799809c900eda37cbff999199b6",
         "type": "github"
       },
       "original": {
@@ -36,22 +155,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1756617294,
-        "narHash": "sha256-aGnd4AHIYCWQKChAkHPpX+YYCt7pA6y2LFFA/s8q0wQ=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "b4c2c57c31e68544982226d07e4719a2d86302a8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-25.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "photocatalog": {
       "inputs": {
         "nixpkgs": [
@@ -72,12 +175,166 @@
         "type": "github"
       }
     },
+    "raspberry-pi-nix": {
+      "inputs": {
+        "libcamera-src": "libcamera-src",
+        "libpisp-src": "libpisp-src",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "rpi-bluez-firmware-src": "rpi-bluez-firmware-src",
+        "rpi-firmware-nonfree-src": "rpi-firmware-nonfree-src",
+        "rpi-firmware-src": "rpi-firmware-src",
+        "rpi-linux-6_12_17-src": "rpi-linux-6_12_17-src",
+        "rpi-linux-6_6_78-src": "rpi-linux-6_6_78-src",
+        "rpi-linux-stable-src": "rpi-linux-stable-src",
+        "rpicam-apps-src": "rpicam-apps-src"
+      },
+      "locked": {
+        "lastModified": 1742223591,
+        "narHash": "sha256-ZNTz8r5jlJ1jvpqf5+aUYgpnYJSVX0iP14doOc1Hm0E=",
+        "owner": "nix-community",
+        "repo": "raspberry-pi-nix",
+        "rev": "3e8100d5e976a6a2be363015cb33463af9ef441a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "master",
+        "repo": "raspberry-pi-nix",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
+        "disko": "disko",
         "home-manager": "home-manager",
+        "nix-flatpak": "nix-flatpak",
+        "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
-        "nixpkgs-stable": "nixpkgs-stable",
-        "photocatalog": "photocatalog"
+        "nixpkgs-master": "nixpkgs-master",
+        "nixpkgs-unstable": "nixpkgs-unstable",
+        "photocatalog": "photocatalog",
+        "raspberry-pi-nix": "raspberry-pi-nix"
+      }
+    },
+    "rpi-bluez-firmware-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1708969706,
+        "narHash": "sha256-KakKnOBeWxh0exu44beZ7cbr5ni4RA9vkWYb9sGMb8Q=",
+        "owner": "RPi-Distro",
+        "repo": "bluez-firmware",
+        "rev": "78d6a07730e2d20c035899521ab67726dc028e1c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "RPi-Distro",
+        "ref": "bookworm",
+        "repo": "bluez-firmware",
+        "type": "github"
+      }
+    },
+    "rpi-firmware-nonfree-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1723266537,
+        "narHash": "sha256-T7eTKXqY9cxEMdab8Snda4CEOrEihy5uOhA6Fy+Mhnw=",
+        "owner": "RPi-Distro",
+        "repo": "firmware-nonfree",
+        "rev": "4b356e134e8333d073bd3802d767a825adec3807",
+        "type": "github"
+      },
+      "original": {
+        "owner": "RPi-Distro",
+        "ref": "bookworm",
+        "repo": "firmware-nonfree",
+        "type": "github"
+      }
+    },
+    "rpi-firmware-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1728405098,
+        "narHash": "sha256-4gnK0KbqFnjBmWia9Jt2gveVWftmHrprpwBqYVqE/k0=",
+        "owner": "raspberrypi",
+        "repo": "firmware",
+        "rev": "7bbb5f80d20a2335066a8781459c9f33e5eebc64",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "ref": "1.20241008",
+        "repo": "firmware",
+        "type": "github"
+      }
+    },
+    "rpi-linux-6_12_17-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1740765145,
+        "narHash": "sha256-hoCsGc4+RC/2LmxDtswLBL5ZhWlw4vSiL4Vkl39r2MU=",
+        "owner": "raspberrypi",
+        "repo": "linux",
+        "rev": "5985ce32e511f4e8279a841a1b06a8c7d972b386",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "ref": "rpi-6.12.y",
+        "repo": "linux",
+        "type": "github"
+      }
+    },
+    "rpi-linux-6_6_78-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1740503700,
+        "narHash": "sha256-Y8+ot4Yi3UKwlZK3ap15rZZ16VZDvmeFkD46+6Ku7bE=",
+        "owner": "raspberrypi",
+        "repo": "linux",
+        "rev": "2e071057fded90e789c0101498e45a1778be93fe",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "ref": "rpi-6.6.y",
+        "repo": "linux",
+        "type": "github"
+      }
+    },
+    "rpi-linux-stable-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1728403745,
+        "narHash": "sha256-phCxkuO+jUGZkfzSrBq6yErQeO2Td+inIGHxctXbD5U=",
+        "owner": "raspberrypi",
+        "repo": "linux",
+        "rev": "5aeecea9f4a45248bcf564dec924965e066a7bfd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "ref": "stable_20241008",
+        "repo": "linux",
+        "type": "github"
+      }
+    },
+    "rpicam-apps-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1727515047,
+        "narHash": "sha256-qCYGrcibOeGztxf+sd44lD6VAOGoUNwRqZDdAmcTa/U=",
+        "owner": "raspberrypi",
+        "repo": "rpicam-apps",
+        "rev": "a8ccf9f3cd9df49875dfb834a2b490d41d226031",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "ref": "v1.5.2",
+        "repo": "rpicam-apps",
+        "type": "github"
       }
     }
   },

flake.nix

@@ -2,10 +2,11 @@
   description = "Fxnet system configurations";
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs-master.url = "github:NixOS/nixpkgs/master";
     home-manager = {
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager/release-25.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     photocatalog = {
@@ -16,14 +17,24 @@
       url = "github:nix-community/disko/latest";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    raspberry-pi-nix = {
+      url = "github:nix-community/raspberry-pi-nix/master";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nixos-hardware = {
+      url = "github:NixOS/nixos-hardware/master";
+    };
+    nix-flatpak = {
+      url = "github:gmodena/nix-flatpak";
+    };
   };
 
   outputs =
     {
       self,
       nixpkgs,
-      nixpkgs-stable,
-      disko,
+      nixpkgs-unstable,
+      nixpkgs-master,
       ...
     }@inputs:
     let
@@ -45,9 +56,15 @@
           config.allowUnfree = true;
         }
       );
-      pkgsStableSettings =
+      pkgsUnstableSettings =
         system:
-        import nixpkgs-stable {
+        import nixpkgs-unstable {
+          inherit system;
+          config.allowUnfree = true;
+        };
+      pkgsMasterSettings =
+        system:
+        import nixpkgs-master {
           inherit system;
           config.allowUnfree = true;
         };
@@ -72,18 +89,21 @@
                     home.stateVersion = osConfig.system.stateVersion;
                   }
                 )
+                inputs.nix-flatpak.homeManagerModules.nix-flatpak
               ];
               extraSpecialArgs = {
                 inherit inputs;
-                pkgsStable = pkgsStableSettings pkgs.system;
+                pkgsUnstable = pkgsUnstableSettings pkgs.system;
+                pkgsMaster = pkgsMasterSettings pkgs.system;
                 hosts = hosts;
               };
             };
           }
         )
+        inputs.nix-flatpak.nixosModules.nix-flatpak
         inputs.home-manager.nixosModules.home-manager
         inputs.photocatalog.nixosModules.photocatalog
-        disko.nixosModules.disko
+        inputs.disko.nixosModules.disko
         ./options.nix
         ./nix.nix
       ]
@@ -100,9 +120,10 @@
             system = host.system;
             specialArgs = {
               inherit inputs;
-              pkgsStable = pkgsStableSettings host.system;
+              pkgsUnstable = pkgsUnstableSettings host.system;
+              pkgsMaster = pkgsMasterSettings host.system;
               hosts = hosts;
-              ip = host.ip;
+              quirks = (quirks: (import ./quirks { inherit quirks; }));
             };
             pkgs = pkgsSettings host.system;
             modules = commonModules ++ [

hosts/fenixbook/default.nix

@@ -2,6 +2,8 @@
   config,
   lib,
   pkgs,
+  inputs,
+  quirks,
   ...
 }:
 let
@@ -10,13 +12,13 @@ let
   ];
 in
 {
-  imports = (
-    import ../../quirks {
-      quirks = [
+  imports =
+    (quirks [
       "development"
+    ])
+    ++ [
+      inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1
     ];
-    }
-  );
 
   home-manager = {
     users = lib.genAttrs users (user: import ./${user}.nix);
@@ -34,10 +36,6 @@ in
     };
   };
 
-  programs = {
-    zsh.enable = true;
-  };
-
   services = {
 
   };
@@ -62,15 +60,13 @@ in
         "video"
         "pipewire"
         "wheel"
+        "input"
+        "audio"
+        "users"
       ];
     });
 
-    groups = {
-      i2c = {
-        members = users;
-      };
-    }
-    // lib.genAttrs users (user: {
+    groups = lib.genAttrs users (user: {
       members = [
         user
       ];

hosts/fenixbook/fenix.nix

@@ -15,6 +15,8 @@ in
     username = userName;
     homeDirectory = lib.mkForce "/home/${userName}";
     packages = with pkgs; [
+      spotify
+
       # Games
       prismlauncher
       (bottles.override { removeWarningPopup = true; })
@@ -36,6 +38,8 @@ in
     vscode.enable = true;
     gpg.enable = true;
     neovim.enable = true;
+    obsidian.enable = true;
+    ssh.enable = true;
 
     vivaldi = {
       enable = true;

hosts/fenixbook/hardware-configuration.nix

@@ -4,6 +4,7 @@
 
   boot = {
     resumeDevice = "/dev/disk/by-uuid/56ad966f-3268-4b59-999a-48a082bb8052";
+    plymouth.enable = true;
 
     initrd = {
       verbose = true;
@@ -37,6 +38,7 @@
     kernelParams = [
       "usbcore.autosuspend=-1"
       "quiet"
+      "splash"
       "modeset"
     ];
   };

hosts/fenixpc/default.nix

@@ -2,7 +2,7 @@
   config,
   lib,
   pkgs,
-  pkgsStable,
+  quirks,
   ...
 }:
 let
@@ -12,13 +12,11 @@ let
 in
 {
   imports = (
-    import ../../quirks {
-      quirks = [
+    quirks [
       "development"
       "steam"
-        "32bit"
-      ];
-    }
+      # "yubilock"
+    ]
   );
 
   home-manager = {
@@ -37,30 +35,27 @@ in
     };
   };
 
-  systemd.oomd.extraConfig.DefaultMemoryPressureLimit = "15%";
-
-  programs = {
-    zsh.enable = true;
-  };
+  systemd.oomd.settings.OOM.DefaultMemoryPressureLimit = "15%";
 
   services = {
     printing.ricoh.enable = true;
+    printing.enable = false;
+    printing.cups-pdf.enable = false;
+
     calibre-web = {
       enable = true;
-      listen.port = 8091;
-      listen.ip = "0.0.0.0";
-      package = pkgsStable.calibre-web;
-      options = {
-        enableBookUploading = true;
-        enableBookConversion = true;
-      };
       user = "fenix";
     };
+    lact.enable = true;
   };
 
+  systemd.services.calibre-web.serviceConfig.environment = lib.mkForce "";
+  systemd.services.calibre-web.environment.CACHE_DIR = "/var/cache/calibre-web";
+
   environment.systemPackages = with pkgs; [
     microcode-amd
     openvpn
+    cups
   ];
 
   users = {
@@ -78,6 +73,11 @@ in
         "video"
         "pipewire"
         "wheel"
+        "input"
+        "audio"
+        "users"
+        "gamemode"
+        config.services.kubo.group
       ];
     });
     groups = {
@@ -106,4 +106,44 @@ in
       kwallet.enable = true;
     });
   };
+
+  programs = {
+    niri = {
+      enable = false;
+    };
+
+    gamemode = {
+      enable = true;
+      settings = {
+        general = {
+          renice = 10;
+          # blacklist = "vlc,firefox";
+          # whitelist = "game1,game2";
+        };
+        cpu = {
+          governor = "performance";
+          boost = "auto";
+        };
+        gpu = {
+          amd_performance_level = "high";
+          apply_gpu_optimizations = 1;
+          per_process_gpu_clocks = 1;
+        };
+        supervisor = {
+          # killlist = "tracker-miner-fs,tracker-store";
+        };
+        custom = {
+          start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
+          end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
+        };
+      };
+    };
+  };
+
+  hardware.graphics = {
+    extraPackages = with pkgs; [
+      libva
+      vulkan-tools
+    ];
+  };
 }

hosts/fenixpc/fenix.nix

@@ -2,32 +2,50 @@
   pkgs,
   lib,
   config,
+  osConfig,
   ...
 }:
 let
   userName = "fenix";
 in
 {
-
   pt.enable = true;
 
   home = {
     username = userName;
     homeDirectory = lib.mkForce "/home/${userName}";
     packages = with pkgs; [
+      calibre
+      obsidian
+      transmission_4-qt6
+      kdePackages.kdenlive
+      kdePackages.plasma-sdk
+      yandex-music
+      krusader
+
+      avidemux
+      gimp
+      krita
+      krita-plugin-gmic
+      inkscape
+
       # Games
       steam
       prismlauncher
       (bottles.override { removeWarningPopup = true; })
-      warzone2100
+      # warzone2100
       sauerbraten
 
       #Development
+      yandex-cloud
       devenv
       direnv
       yaml-language-server
       plantuml
       jetbrains.goland
+      jetbrains.rust-rover
+      rustup
+      gcc
       gnumake
       protobuf
     ];
@@ -39,10 +57,23 @@ in
     vscode.enable = true;
     gpg.enable = true;
     neovim.enable = true;
+    ssh.enable = true;
 
     vivaldi = {
       enable = true;
     };
+
+    firefox = {
+      enable = true;
+      languagePacks = [
+        "ru"
+      ];
+      nativeMessagingHosts =
+        [ ]
+        ++ lib.optionals (osConfig.services.desktopManager.plasma6.enable) [
+          pkgs.kdePackages.plasma-browser-integration
+        ];
+    };
     direnv = {
       enableZshIntegration = config.programs.zsh.enable;
     };
@@ -58,5 +89,9 @@ in
       settings.folders.PhotoArchive.enabled = true;
       settings.folders.books.enabled = true;
     };
+    yubilock = {
+      enable = true;
+      autoRestore = true;
+    };
   };
 }

hosts/fenixpc/hardware-configuration.nix

@@ -5,6 +5,7 @@
   boot = {
     binfmt.emulatedSystems = [ "aarch64-linux" ];
     resumeDevice = "/dev/disk/by-uuid/56ad966f-3268-4b59-999a-48a082bb8052";
+    plymouth.enable = true;
 
     initrd = {
       verbose = true;
@@ -35,6 +36,7 @@
     kernelParams = [
       "usbcore.autosuspend=-1"
       "quiet"
+      "splash"
       "modeset"
     ];
   };
@@ -150,4 +152,5 @@
     }
   ];
 
+  hardware.amdgpu.initrd.enable = true;
 }

modules/hm/flatpak.nix

@@ -0,0 +1,25 @@
+{
+  osConfig,
+  config,
+  lib,
+  ...
+}:
+{
+  services.flatpak = lib.mkIf (osConfig.services.flatpak.enable) {
+    enable = true;
+    uninstallUnmanaged = true;
+
+    remotes = [
+      {
+        name = "flathub";
+        location = "https://flathub.org/repo/flathub.flatpakrepo";
+      }
+    ];
+    packages = lib.mkIf (config.programs.vivaldi.flatpak) [
+      {
+        appId = "com.vivaldi.Vivaldi";
+        origin = "flathub";
+      }
+    ];
+  };
+}

modules/hm/git.nix

@@ -33,6 +33,22 @@
         signByDefault = lib.mkDefault true;
         key = lib.mkDefault "DD89337AFABD013FDD57A0F133445FB510D677DF";
       };
+
+      includes = [
+        {
+          condition = "gitdir:~/dev/gofonox-org/";
+          contents = {
+            user = {
+              name = "Gofonox";
+              email = "gofonox@yandex.ru";
+              signingkey = "468075AB62C2BF67B3435BD18E49915B4743363E";
+            };
+            commit = {
+              gpgsign = true;
+            };
+          };
+        }
+      ];
     };
   };
 }

modules/hm/niri.nix

@@ -0,0 +1,28 @@
+{
+  pkgs,
+  osConfig,
+  lib,
+  ...
+}:
+let
+  enable = osConfig.programs.niri.enable;
+in
+{
+
+  programs = lib.mkIf (enable) {
+    alacritty.enable = true; # Super+T in the default setting (terminal)
+    fuzzel.enable = true; # Super+D in the default setting (app launcher)
+    swaylock.enable = true; # Super+Alt+L in the default setting (screen locker)
+    waybar.enable = true; # launch on startup in the default setting (bar)
+  };
+  services = lib.mkIf (enable) {
+    mako.enable = true; # notification daemon
+    swayidle.enable = true; # idle management daemon
+  };
+
+  home.packages =
+    with pkgs;
+    lib.mkIf (enable) [
+      swaybg
+    ];
+}

modules/hm/pt.nix

@@ -5,7 +5,7 @@
   ...
 }:
 let
-  devFolder = "~/dev/PT";
+  devFolder = "~/dev/PT/";
   conf = config.pt;
 in
 {
@@ -55,10 +55,12 @@ in
 
     home.file.ptDevStIgnore = {
       enable = true;
-      target = lib.removePrefix "~/" (devFolder + "/.stignore");
+      target = lib.removePrefix "~/" (devFolder + ".stignore");
       text = ''
         **/.devenv/
         **/.direnv/
+        **/.volumes
+        **/*.qcow2
       '';
     };
 
@@ -70,6 +72,9 @@ in
           enabled = true;
           label = "PTDev";
           path = devFolder;
+          devices = [
+            "nas"
+          ];
         };
       };
     };

modules/hm/ssh.nix

@@ -2,12 +2,13 @@
 {
   programs = {
     ssh = {
+      enableDefaultConfig = false;
       matchBlocks = {
         "router" = {
           user = "admin";
           hostname = "192.168.1.1";
           port = 2222;
-          controlPersist = "10m";
+          controlPersist = "no";
           addKeysToAgent = "9h";
           compression = false;
 
@@ -16,8 +17,15 @@
           serverAliveCountMax = 3;
           hashKnownHosts = false;
           userKnownHostsFile = "~/.ssh/known_hosts";
-          controlMaster = "auto";
-          controlPath = "~/.ssh/master-%r@%n:%p";
+          controlMaster = "no";
+          controlPath = "none";
+
+          extraOptions = {
+            KexAlgorithms = "curve25519-sha256@libssh.org,diffie-hellman-group14-sha256";
+            WarnWeakCrypto = "no";
+            ServerAliveInterval = "30";
+            ServerAliveCountMax = "4";
+          };
         };
         "aur" = {
           hostname = "aur.archlinux.org";

modules/hm/syncthing.nix

@@ -19,6 +19,10 @@
           enabled = lib.mkDefault true;
           label = "Sync";
           path = "~/Sync";
+          devices = [
+            "nas"
+            "s25"
+          ];
         };
         "Documents" = {
           id = "ikwrq-ahv5a";
@@ -26,6 +30,9 @@
           enabled = lib.mkDefault false;
           label = "Documents";
           path = "~/Documents";
+          devices = [
+            "nas"
+          ];
         };
         "Music" = {
           id = "6ytyt-ngvta";
@@ -33,6 +40,9 @@
           enabled = lib.mkDefault false;
           label = "Music";
           path = "~/Music";
+          devices = [
+            "nas"
+          ];
         };
         "Obsidian" = {
           id = "hyeaf-ygups";
@@ -40,6 +50,10 @@
           enabled = lib.mkDefault false;
           label = "Obsidian";
           path = "~/Obsidian";
+          devices = [
+            "nas"
+            "s25"
+          ];
         };
         "Camera S25" = {
           id = "sm-s938b_9wbf-фото";
@@ -47,14 +61,21 @@
           type = "receiveonly";
           label = "Camera S25";
           path = "~/Photos/S25";
+          devices = [
+            "nas"
+            "s25"
+          ];
         };
         "PhotoArchive" = {
           id = "6detn-xjbco";
-          type = "receiveonly";
+          type = "sendreceive";
           enabled = lib.mkDefault false;
           label = "PhotoArchive";
           path = "~/Photos/archive";
           ignorePerms = true;
+          devices = [
+            "nas"
+          ];
         };
         "books" = {
           id = "6st45-t9jej";
@@ -62,6 +83,9 @@
           enabled = lib.mkDefault false;
           label = "Books";
           path = "/mnt/hdd/Books";
+          devices = [
+            "nas"
+          ];
         };
       };
 

modules/hm/vivaldi.nix

@@ -7,19 +7,25 @@
 }:
 let
   conf = config.programs.vivaldi;
+  vivaldiCMD = if conf.flatpak then "flatpak run com.vivaldi.Vivaldi" else "vivaldi";
+  vivaldiIcon = if conf.flatpak then "com.vivaldi.Vivaldi" else "vivaldi";
 in
 {
-  config = lib.mkIf conf.enable {
+  options = {
+    programs.vivaldi.flatpak = lib.mkEnableOption "Use flatpak verion of Vivaldi";
+  };
+
+  config = lib.mkIf (conf.enable || conf.flatpak) {
     home.file.vivaldiKDEScript = {
       target = ".local/bin/vivaldi-kde.sh";
       text = ''
         #!/bin/sh
-        vivaldi --profile-directory=$(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.ActivityName $(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.CurrentActivity)) "$@"
+        ${vivaldiCMD} --profile-directory=$(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.ActivityName $(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.CurrentActivity)) "$@"
       '';
       executable = true;
     };
 
-    programs.vivaldi = {
+    programs.vivaldi = lib.mkIf (conf.enable) {
       nativeMessagingHosts =
         [ ]
         ++ lib.optionals (osConfig.services.desktopManager.plasma6.enable) [
@@ -46,7 +52,7 @@ in
             exec = "${config.home.file.vivaldiKDEScript.source} --new-window";
           };
         };
-        icon = "vivaldi";
+        icon = "${vivaldiIcon}";
         startupNotify = true;
         categories = [
           "Application"

modules/hm/yubilock.nix

@@ -0,0 +1,167 @@
+# Stealed from https://github.com/guttermonk/yubilock
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+with lib;
+
+let
+  cfg = config.services.yubilock;
+
+  # Script paths - users should copy scripts to their ~/.config/waybar/scripts/
+  yubilockScript = pkgs.writeShellScript "yubilock" ''
+    STATE_FILE="$HOME/.cache/yubilock-state"
+    LOG_FILE="$HOME/.cache/yubilock.log"
+    PID_FILE="$HOME/.cache/yubilock.pid"
+
+    # Function to check if a YubiKey is currently plugged in
+    check_yubikey() {
+        if ${pkgs.usbutils}/bin/lsusb | ${pkgs.gnugrep}/bin/grep -i "yubikey" > /dev/null; then
+            return 0 # device is present
+        else
+            return 1 # device is not present
+        fi
+    }
+
+    # Function to lock the screen
+    lock_screen() {
+        # Using loginctl for systemd-based systems
+        ${pkgs.systemd}/bin/loginctl lock-session
+        echo "Screen locked at $(date)" >> "$LOG_FILE"
+    }
+
+    # Create state file if it doesn't exist
+    if [ ! -f "$STATE_FILE" ]; then
+        echo "off" > "$STATE_FILE"
+    fi
+
+    # Record PID for later termination
+    echo "$$" > "$PID_FILE"
+
+    # Main monitoring loop
+    echo "YubiKey monitoring started at $(date)" >> "$LOG_FILE"
+
+    while true; do
+        # Check if monitoring is still enabled
+        if [ "$(cat "$STATE_FILE")" != "on" ]; then
+            echo "YubiKey monitoring stopped at $(date)" >> "$LOG_FILE"
+            exit 0
+        fi
+
+        if check_yubikey; then
+            echo "YubiKey detected at $(date)" >> "$LOG_FILE"
+
+            # Wait until the YubiKey is removed
+            while check_yubikey && [ "$(cat "$STATE_FILE")" = "on" ]; do
+                sleep 1
+            done
+
+            # If we exited because service was disabled, exit gracefully
+            if [ "$(cat "$STATE_FILE")" != "on" ]; then
+                echo "YubiKey monitoring stopped at $(date)" >> "$LOG_FILE"
+                exit 0
+            fi
+
+            echo "YubiKey removed at $(date)" >> "$LOG_FILE"
+            lock_screen
+        else
+            echo "No YubiKey detected. Checking again in 10 seconds..." >> "$LOG_FILE"
+            # Check less frequently to reduce system load
+            sleep 10
+        fi
+    done
+  '';
+
+  yubilockRestoreScript = pkgs.writeShellScript "yubilock-restore" ''
+    STATE_FILE="$HOME/.cache/yubilock-state"
+    LOG_FILE="$HOME/.cache/yubilock-restore.log"
+
+    echo "[$(date)] Checking yubilock state on login" >> "$LOG_FILE"
+
+    # Create state file if it doesn't exist
+    if [ ! -f "$STATE_FILE" ]; then
+        echo "off" > "$STATE_FILE"
+        echo "[$(date)] No state file found, defaulting to off" >> "$LOG_FILE"
+        exit 0
+    fi
+
+    # Read the saved state
+    saved_state=$(cat "$STATE_FILE")
+    echo "[$(date)] Saved state: $saved_state" >> "$LOG_FILE"
+
+    # If it was enabled before, re-enable it
+    if [ "$saved_state" = "on" ]; then
+        if ! ${pkgs.systemd}/bin/systemctl --user is-active yubilock.service > /dev/null 2>&1; then
+            echo "[$(date)] Restoring yubilock service" >> "$LOG_FILE"
+            ${pkgs.systemd}/bin/systemctl --user start yubilock.service
+            echo "[$(date)] Yubilock service restored" >> "$LOG_FILE"
+        else
+            echo "[$(date)] Yubilock service already running" >> "$LOG_FILE"
+        fi
+    fi
+  '';
+
+in
+{
+  options.services.yubilock = {
+    enable = mkEnableOption "YubiKey screen lock monitor";
+
+    autoRestore = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Automatically restore yubilock state on login.
+        If enabled, the yubilock service will be restarted on login
+        if it was running when you last logged out.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Systemd user service for yubilock
+    systemd.user.services.yubilock = {
+      Unit = {
+        Description = "YubiKey lock screen monitor";
+        After = [ "graphical-session.target" ];
+        PartOf = [ "graphical-session.target" ];
+      };
+      Service = {
+        Type = "simple";
+        ExecStart = "${yubilockScript}";
+        Restart = "on-failure";
+        RestartSec = "5s";
+        # Ensure state persists
+        ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p %h/.cache";
+        # Clean state on stop
+        ExecStopPost = "${pkgs.bash}/bin/bash -c 'echo off > %h/.cache/yubilock-state'";
+      };
+      Install = {
+        WantedBy = [ "graphical-session.target" ];
+      };
+    };
+
+    # Systemd user service to restore yubilock state on login
+    systemd.user.services.yubilock-restore = mkIf cfg.autoRestore {
+      Unit = {
+        Description = "Restore YubiKey monitor state on login";
+        After = [ "graphical-session.target" ];
+      };
+      Service = {
+        Type = "oneshot";
+        ExecStart = "${yubilockRestoreScript}";
+        RemainAfterExit = false;
+      };
+      Install = {
+        WantedBy = [ "graphical-session.target" ];
+      };
+    };
+
+    # Ensure required packages are available
+    home.packages = with pkgs; [
+      usbutils # for lsusb command
+    ];
+  };
+}

modules/hm/zsh.nix

@@ -1,5 +1,13 @@
-{ lib, ... }:
 {
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+{
+
+  home.packages = lib.mkIf config.programs.zsh.enable (with pkgs; [ zsh-powerlevel10k ]);
+
   programs.zsh = {
     autosuggestion = {
       enable = true;
@@ -48,11 +56,15 @@
         "aliases"
         "alias-finder"
         "rsync"
+        "z"
       ];
-      theme = lib.mkDefault "agnoster";
+      # theme = lib.mkDefault "powerlevel10k/powerlevel10k";
     };
 
     initContent = ''
+      source ${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k/powerlevel10k.zsh-theme
+      source ~/.p10k.zsh
+
       zstyle ':omz:plugins:alias-finder' autoload yes
       zstyle ':omz:plugins:alias-finder' longer no
       zstyle ':omz:plugins:alias-finder' exact yes

modules/sys/calibre-web.nix

@@ -0,0 +1,15 @@
+{ pkgs, lib, ... }:
+{
+  services = {
+    calibre-web = {
+      listen.port = lib.mkDefault 8091;
+      listen.ip = lib.mkDefault "0.0.0.0";
+      package = pkgs.calibre-web;
+      options = {
+        enableBookUploading = true;
+        enableBookConversion = true;
+      };
+      user = lib.mkDefault "books";
+    };
+  };
+}

modules/sys/printing/default.nix

@@ -13,7 +13,7 @@
     };
   };
 
-  config = lib.mkIf config.services.printing.enable {
+  config = {
     virtualisation.oci-containers.containers = lib.mkIf config.services.printing.ricoh.enable {
       ricoh = {
         image = "ricoh-cups:latest";

modules/sys/ssl.nix

@@ -0,0 +1,78 @@
+{ ... }:
+let
+  ptCerts = [
+    ''
+      -----BEGIN CERTIFICATE-----
+      MIIFQTCCAymgAwIBAgIUT8eE7Aogt5TTKlrupxEqywtRr6QwDQYJKoZIhvcNAQEL
+      BQAwKDEmMCQGA1UEAxMdUG9zaXRpdmUgVGVjaG5vbG9naWVzIFJvb3QgQ0EwHhcN
+      MjUwODI5MDczNzM1WhcNNDUwODI0MDczODAzWjAoMSYwJAYDVQQDEx1Qb3NpdGl2
+      ZSBUZWNobm9sb2dpZXMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+      AgoCggIBAL1LiFhVl9aVW+l6/JQzEBfpiNGu/JPh16vLJCLntC6c8JW4JlPC3s26
+      Z7qPchhown/Ml50iJPZI6Pq6DZspcvbxdBEKVofZfodFNJYuXAkRK8HxEstIAKfJ
+      QgOejEQwgELgt1VwkfEL05LjhunD3isGBQabmi6z8UpVnN6+mF4+tR9G+YUXls25
+      g9i7S7gASSXugRn0qTawpFUScGWlrOW5h/7CzVH2UALRWlandCqb8HWT/bN4rabL
+      fz350HdWOrrI3ZjHpbXFCvKHGUMjmAhGIfeEBHqPGrY4Wlbkm9YOAAyflYqRbieu
+      IJNld6kcShh/YM8UH/bz7i051TaAclhseMKsQk7UY5P+GlfdmQW8apaFtFfAtK+M
+      Sr0KBxWpS0rKNfKP2emCKhZeiD4BqE15phvcXW5Gom1HkrVFRzg+1zF7VN+Na6O6
+      ZQQW/OdtdsZpHhanSEXd6DjO+p58MFLkGPVjLvylGMRlMa1WAFXZ92PJYSHUxyLy
+      jUUWP8D2LRXQBCZm7I+UbQfV2m2tzjRnQ+2POq7qDBZJiqD0x6PdFc/sSUokZ1tV
+      j8+zRgwTQmsLl4CvKaPD7dlFlEEN+xDXff5PVM6YUrfR6u5zrgLB3RDGgJHzFSkz
+      ia+z9u062RwiYpkOXPRclHrYGTgB7tMMJ8G2RmMUbgt3tV2Dgfo5AgMBAAGjYzBh
+      MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSUbzie
+      n/0Ax/XCgNn9OoJLxt3VszAfBgNVHSMEGDAWgBSUbzien/0Ax/XCgNn9OoJLxt3V
+      szANBgkqhkiG9w0BAQsFAAOCAgEAOjTCj1f5FpNitawusbb/nFvDEGzmqtiobJdJ
+      smiDSpQeCVb/JIlPLO9fc8L4MbSPuD3ykf1ElJrcHsMB4oLP9SVYF9ElKzCwfaCq
+      FJa1C/tIFAYUvjlo331z0/PU0RgxjMoru0Fq9XiOeCAS0mNp+yzfir5QUd8hBoCm
+      k+Z9AwZfq0QVFS+EE7V4eV+SoEf8rXHwhMTHytAN/8RnORo/k26hX/OzoLBc18Wq
+      fcNDEQOeHnyuR0G8G8gu4Mh4/xDng6ni9EesYgWof6AxRcoS0m7JlC1OUvi75Qh3
+      K/w4pvn+EU/MVI0d1wK4E45j+nnZeS/09pdKxbN5espOfBYf6+9OS8+04+RJv3B6
+      zOKZ/hN3cgYQW85TZxlKG0LvKTEItP6l0GrKUVmB+6Nu7drAMlRFaHtO/kAaazS7
+      KwP+tlQtc3EBlA3QZaxZodEhwoF+nwUebDx2JuaGZ6d6lNCSRn3O8gsKRdYu/N8e
+      A0lRzFVSje7aBtSbiUZ74lnuAPb+VsehZcqX1LiM2fr4UFWhVRQSqEvjsf7UPVrk
+      2+iaWxF61t8ouzT6vWUUqezpaoGhTa1+oxv2Apff6SkWSPNlbpW9hHHgUjRtxjEr
+      DgO8seiNvec86NbRapWItivwT71msFuIsw45IJ2kn0LTL/FAUyfmJebnqhlfaN7A
+      F+9Ss+M=
+      -----END CERTIFICATE-----
+    ''
+    ''
+      -----BEGIN CERTIFICATE-----
+      MIIGATCCA+mgAwIBAgIUNBc0VV8DVSdlFBEDmd4Hf7Vwoj0wDQYJKoZIhvcNAQEL
+      BQAwKDEmMCQGA1UEAxMdUG9zaXRpdmUgVGVjaG5vbG9naWVzIFJvb3QgQ0EwHhcN
+      MjUwODI5MDczNzQxWhcNMzUwODI3MDczODExWjAqMSgwJgYDVQQDEx9Qb3NpdGl2
+      ZSBUZWNobm9sb2dpZXMgSXNzdWVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+      MIICCgKCAgEA34P9u1zG7cjKgX0XnpFYetAnAiUMWfUyT5dZlG1UUyl7QusZuGKa
+      QesnSe9YMdutdfGf5UH3y40aFyIbbfNJjHYQOJpWSWx8f5qGR2JvpoeeT5LgURmS
+      WRaL3nhKZ/fH9ts5VlMWIOcOSo7bqrG4lAnQGh/hmH7sfOO0nKwfp1MGBrbz8e/3
+      KbhF4QprVvV00wV1ByfPgsvP4aoeYxMFZ16Sxb+XuIwgVKsyNh/AP5fMgi7G94sY
+      TZSj4BW9Wy/YXX1LsxzXekB8w1yzi/c2neBU2XX1WnVLuRVVFWGVkXNFRrZW42EA
+      kL72vi4FsON7nWLF9qi4kTrQh8P0E6bpWLgn0HulgDH1EmP24hdY2eyj7M9eIeoG
+      NDyele4ectiTnPDM58VlvabLDRqJs69AWWr3Us1JSvccGp38WIRRiHcvrqPHhE9w
+      kd5kWB44/pwN6amT745raqL+bVAH6CXyPiLg+X2m/Ig9s5r51Tz2UJBrIdesUAez
+      qOazinjjxJZ4CmW5/W+in5BUBc4SaJBBjdPqqfkAHvsTs3ibwpwZpwJZKjdqwhPP
+      eRuoL7t2AvzgIc2LjqcqA0ekMXJ+fBzbO7a2eTzYaSh9ZkTOT4Tw+JCvLo50HGUm
+      vUcf8J67Hy6DbiOGng8jfqwV//8A7fFrMpXh2zkmXSpVcuNb7bcRf8kCAwEAAaOC
+      AR8wggEbMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+      BBRbB9XM59NmtPkwsY+MVVmVM8pjpDAfBgNVHSMEGDAWgBSUbzien/0Ax/XCgNn9
+      OoJLxt3VszB8BggrBgEFBQcBAQRwMG4wNgYIKwYBBQUHMAGGKmh0dHA6Ly9wa2ku
+      cHRzZWN1cml0eS5jb20vdjEvcGtpX3Jvb3Qvb2NzcDA0BggrBgEFBQcwAoYoaHR0
+      cDovL3BraS5wdHNlY3VyaXR5LmNvbS92MS9wa2lfcm9vdC9jYTA6BgNVHR8EMzAx
+      MC+gLaArhilodHRwOi8vcGtpLnB0c2VjdXJpdHkuY29tL3YxL3BraV9yb290L2Ny
+      bDANBgkqhkiG9w0BAQsFAAOCAgEAm5Z+vg6nBg2oR/1ukDARctEIvZj5ntaE92bh
+      laFd+nLFU3javVIDhWQCbgpXw0bemT009HfF2yulFFiIonEYcmEdF2xrmWOI7mko
+      Z/dTw8dGGSoW3e+XZwpdIbTQNPGGp7EpSh6USu/kp15Q9lgvUAcbfCk3i9i3ENYi
+      m05WHbQQem+sKJwsfpcv+xsDNUVNNvXKWg6SA78r6Wv1bNr4AalwPlbCkZompsDW
+      ayLUGietrbMiUdEi/Tdfo9LwpEKAlJkGSJSKO/lGIUkGe8iJotGX8nfjt9kY2AfE
+      NLCVku4imJwJPNGw+tfTyeiNjsU7Gx+jkTrUAk6FmkR9n7u6cnRXO4rAreftbDBr
+      pV9YSGFcTEWSjQeF2Y1kZuxtPmS0m9gdstcrWtPdbpP6qWYjhl6T5vs4So4A9xzt
+      0F4DHiQb4UGV+LUK98Gbx9mTVZOZLckW2xU27kyvGqLaTRXCrU/ij9q46nJTGicl
+      ZPmtQ45pMlmIjp5xv9vQ5d7ULjb/B683SJGeKrk8HyUUFY/ZCP3QNN9z1oD2oD/w
+      T8qiuPJE+vh07y92SUDEQKaEh2AXbjptzZJH57TKlEC932HaJZcvTdEfaGH6Emzu
+      7DjYj0+4SuTN629SwU7DwEvrWtZXTCwg7ubpQRr+Bv4A1k/zNLAWk8PXmh5cE/ki
+      CnRHY8o=
+      -----END CERTIFICATE-----
+    ''
+  ];
+in
+{
+  security.pki.certificates = ptCerts;
+}

nix.nix

@@ -25,6 +25,7 @@
         "nix-command"
         "flakes"
       ];
+      download-buffer-size = 524288000;
       log-lines = 30;
       min-free = mkDefault "${toString (5 * 1024 * 1024 * 1024)}";
       max-free = mkDefault "${toString (10 * 1024 * 1024 * 1024)}";

options.nix

@@ -5,10 +5,5 @@
       type = lib.types.int;
       default = 10;
     };
-
-    hm = lib.mkOption {
-      type = lib.types.attrsOf lib.types.anything;
-      default = { };
-    };
   };
 }

quirks/32bit.nix

@@ -5,4 +5,7 @@
       enable32Bit = true;
     };
   };
+
+  fonts.fontconfig.cache32Bit = true;
+  services.pipewire.alsa.support32Bit = true;
 }

quirks/rpi5.nix

@@ -0,0 +1,124 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  ...
+}:
+{
+  imports = [
+    inputs.raspberry-pi-nix.nixosModules.raspberry-pi
+    inputs.nixos-hardware.nixosModules.raspberry-pi-5
+  ];
+
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+  boot = {
+    kernelPackages = lib.mkForce pkgs.linuxKernel.packages.linux_rpi4;
+
+    initrd.kernelModules = [
+      "zstd"
+      "btrfs"
+      "nvme"
+    ];
+    tmp = {
+      tmpfsSize = lib.mkForce "25%";
+    };
+  };
+
+  zramSwap = {
+    enable = true;
+    memoryPercent = 50;
+    algorithm = "zstd";
+  };
+
+  powerManagement.cpuFreqGovernor = "ondemand";
+
+  raspberry-pi-nix = {
+    board = "bcm2712";
+    # kernel-version = "v6_10_12";
+    libcamera-overlay = {
+      enable = false;
+    };
+    uboot = {
+      enable = false;
+    };
+  };
+
+  hardware = {
+    raspberry-pi = {
+      config = {
+        all = {
+          base-dt-params = {
+            BOOT_UART = {
+              enable = false;
+              value = 1;
+            };
+            uart_2ndstage = {
+              enable = false;
+              value = 1;
+            };
+            audio = {
+              enable = true;
+              value = "off";
+            };
+            sd_poll_once = {
+              enable = true;
+            };
+
+            # NVME disk access
+            pciex1 = {
+              enable = true;
+            };
+            pciex1_gen = {
+              enable = true;
+              value = 3;
+            };
+            nvme = {
+              enable = true;
+            };
+
+          };
+          dt-overlays = {
+            vc4-kms-v3d-pi5 = {
+              enable = true;
+              params = { };
+            };
+          };
+          options = {
+            hdmi_blanking = {
+              enable = true;
+              value = 1;
+            };
+            disable_overscan = {
+              enable = true;
+              value = 1;
+            };
+            gpu_mem_256 = {
+              enable = true;
+              value = 76;
+            };
+            gpu_mem_512 = {
+              enable = true;
+              value = 76;
+            };
+            gpu_mem_1024 = {
+              enable = true;
+              value = 76;
+            };
+            disable_splash = {
+              enable = true;
+              value = 1;
+            };
+            temp_limit = {
+              enable = true;
+              value = 75;
+            };
+            initial_turbo = {
+              enable = true;
+              value = 20;
+            };
+          };
+        };
+      };
+    };
+  };
+}

quirks/steam.nix

@@ -1,6 +1,14 @@
-{ ... }:
+{ pkgs, ... }:
 {
+  imports = [
+    ./32bit.nix
+  ];
+
   hardware = {
     steam-hardware.enable = true;
   };
+
+  environment.systemPackages = [
+    pkgs.steam-devices-udev-rules
+  ];
 }

roles/default.nix

@@ -10,7 +10,7 @@
       enable = true;
       enableUserSlices = lib.mkDefault true;
       enableSystemSlice = lib.mkDefault true;
-      extraConfig = {
+      settings.OOM = {
         DefaultMemoryPressureDurationSec = lib.mkDefault "20s";
         DefaultMemoryPressureLimit = lib.mkDefault "50%";
       };
@@ -39,6 +39,16 @@
   };
 
   services = {
+    kubo = {
+      enable = lib.mkDefault true;
+      enableGC = lib.mkDefault true;
+      settings = {
+        Addresses = {
+          API = "/ip4/127.0.0.1/tcp/5001";
+        };
+      };
+    };
+
     openssh = {
       enable = lib.mkDefault true;
       settings = {

roles/desktop.nix

@@ -82,8 +82,13 @@ in
     };
 
     pam = {
-      yubico.enable = true;
-      yubico.mode = "challenge-response";
+      u2f = {
+        enable = true;
+        settings = {
+          cue = true;
+        };
+      };
+      services.sddm.u2fAuth = true;
     };
   };
 
@@ -100,7 +105,22 @@ in
     };
 
     pipewire = {
-      wireplumber.enable = true;
+      wireplumber = {
+        enable = true;
+        extraConfig."99-disable-suspend" = {
+          "monitor.alsa.rules" = [
+            {
+              matches = [
+                { "node.name" = "~alsa_input.*"; }
+                { "node.name" = "~alsa_output.*"; }
+              ];
+              actions.update-props = {
+                "session.suspend-timeout-seconds" = 0;
+              };
+            }
+          ];
+        };
+      };
       audio.enable = true;
 
       enable = true;
@@ -114,7 +134,9 @@ in
 
     btrfs.autoScrub.interval = "weekly";
 
-    flatpak.enable = true;
+    flatpak = {
+      enable = true;
+    };
 
     printing = {
       enable = lib.mkDefault true;
@@ -122,7 +144,7 @@ in
       drivers = with pkgs; [
         gutenprint
       ];
-      cups-pdf.enable = true;
+      cups-pdf.enable = lib.mkDefault true;
       browsing = lib.mkDefault true;
     };
 
@@ -145,20 +167,17 @@ in
 
   environment.systemPackages = with pkgs; [
     mesa
+    wl-clipboard
     steam-run
+    pam_u2f
+    fuse
 
-    obsidian
     telegram-desktop
     keepassxc
-    gimp
     mpv
     ffmpeg
     yt-dlp
-    avidemux
-    krita
-    krita-plugin-gmic
 
-    # onlyoffice-desktopeditors
     libreoffice-qt-fresh
     thunderbird-latest
 
@@ -168,6 +187,11 @@ in
   ];
 
   programs = {
+    appimage = {
+      enable = true;
+      binfmt = true;
+    };
+
     nix-ld = {
       enable = true;
       libraries = [
@@ -192,5 +216,9 @@ in
     };
   };
 
-  xdg.portal.enable = true;
+  xdg.portal.enable = lib.mkDefault true;
+  xdg.portal.extraPortals = lib.mkDefault [
+    pkgs.kdePackages.xdg-desktop-portal-kde
+    pkgs.xdg-desktop-portal-gnome
+  ];
 }

roles/steamos.nix

@@ -0,0 +1,98 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+
+{
+  options = {
+    steamos = {
+      amdvlk = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+      };
+      displayName = lib.mkOption {
+        type = lib.types.str;
+        default = "DP-1";
+      };
+    };
+  };
+
+  config = {
+    users.users.steam = {
+      isNormalUser = true;
+      uid = 1010;
+      password = "steam";
+      extraGroups = [
+        "video"
+        "input"
+        "audio"
+        "networkmanager"
+      ];
+      shell = pkgs.bash;
+    };
+
+    services.xserver.enable = false;
+
+    hardware = {
+      graphics = {
+        enable = true;
+        enable32Bit = true;
+      };
+
+      amdgpu.amdvlk = lib.mkIf config.steamos.amdvlk {
+        enable = true;
+        support32Bit.enable = true;
+      };
+    };
+
+    programs = {
+      gamescope = {
+        enable = true;
+        capSysNice = true;
+      };
+      steam = {
+        enable = true;
+        gamescopeSession.enable = true;
+
+        remotePlay.openFirewall = true;
+        dedicatedServer.openFirewall = true;
+        localNetworkGameTransfers.openFirewall = true;
+      };
+    };
+
+    services.getty.autologinUser = "steam";
+    environment = {
+      loginShellInit = ''
+        [[ "$(tty)" = "/dev/tty1" ]] && ./gs.sh
+      '';
+    };
+
+    home-manager.users.steam = {
+      home.file."gs.sh" = {
+        text = ''
+          #!/usr/bin/env bash
+
+          set -xeuo pipefail
+
+          gamescopeArgs=(
+              --adaptive-sync # VRR support
+              --hdr-enabled
+              --rt
+              --steam
+              -S ${config.steamos.displayName}
+          )
+          steamArgs=(
+              -pipewire-dmabuf
+              -tenfoot
+              --console
+          )
+
+          exec gamescope "$${gamescopeArgs[@]}" -- steam "$${steamArgs[@]}"
+        '';
+        executable = true;
+      };
+    };
+  };
+}

specialisations/default.nix

@@ -21,7 +21,7 @@
     spectacle
     elisa
     dolphin-plugins
-    xwaylandvideobridge
+    kgpg
   ];
 
   programs = {

specialisations/gnome.nix

@@ -1,61 +0,0 @@
-{ pkgs, lib, ... }:
-{
-  specialisation.gnome.configuration = {
-    system.nixos.tags = [ "gnome" ];
-    services = {
-      displayManager = {
-        defaultSession = lib.mkForce "gnome";
-        sddm.enable = lib.mkForce false;
-
-        gdm = {
-          enable = true;
-          wayland = true;
-          autoSuspend = true;
-          banner = ''
-            Оставь надежду
-            Всяк сюда входящий
-          '';
-        };
-      };
-      desktopManager = {
-        plasma6.enable = lib.mkForce false;
-        gnome.enable = true;
-      };
-
-      hardware.bolt.enable = true;
-      gnome = {
-        core-os-services.enable = true;
-        gnome-keyring.enable = true;
-        gnome-settings-daemon.enable = true;
-        core-shell.enable = true;
-      };
-    };
-
-    programs.evolution = {
-      enable = true;
-      plugins = [ pkgs.evolution-ews ];
-    };
-
-    environment = {
-      variables = {
-        XCURSOR_THEME = "Adwaita";
-      };
-      gnome.excludePackages = with pkgs; [
-        geary
-        epiphany
-        gnome-calendar
-      ];
-    };
-
-    xdg.portal = {
-      config.common = {
-        default = lib.mkForce [
-          "gnome"
-        ];
-      };
-      extraPortals = lib.mkForce [
-        pkgs.kdePackages.xdg-desktop-portal-kde
-      ];
-    };
-  };
-}