Flake update, return vivaldi from nixpkgs

flake.lock

@@ -28,15 +28,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1762787259,
+        "lastModified": 1764866045,
-        "narHash": "sha256-t2U/GLLXHa2+kJkwnFNRVc2fEJ/lUfyZXBE5iKzJdcs=",
+        "narHash": "sha256-0GsEtXV9OquDQ1VclQfP16cU5VZh7NEVIOjSH4UaJuM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "37a3d97f2873e0f68711117c34d04b7c7ead8f4e",
+        "rev": "f63d0fe9d81d36e5fc95497217a72e02b8b7bcab",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
+        "ref": "release-25.11",
         "repo": "home-manager",
         "type": "github"
       }
@@ -75,13 +76,28 @@
         "type": "github"
       }
     },
+    "nix-flatpak": {
+      "locked": {
+        "lastModified": 1754777568,
+        "narHash": "sha256-0bBqT+3XncgF8F03RFAamw9vdf0VmaDoIJLTGkjfQZs=",
+        "owner": "gmodena",
+        "repo": "nix-flatpak",
+        "rev": "62f636b87ef6050760a8cb325cadb90674d1e23e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "gmodena",
+        "repo": "nix-flatpak",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1762847253,
+        "lastModified": 1764440730,
-        "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=",
+        "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9",
+        "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
         "type": "github"
       },
       "original": {
@@ -93,27 +109,27 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1762596750,
+        "lastModified": 1764677808,
-        "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=",
+        "narHash": "sha256-H3lC7knbXOBrHI9hITQ7modLuX20mYJVhZORL5ioms0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e",
+        "rev": "1aab89277eb2d87823d5b69bae631a2496cff57a",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-unstable",
+        "ref": "nixos-25.11",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1762890560,
+        "lastModified": 1764884164,
-        "narHash": "sha256-oe+c26Q+hZiAh7ILVXgW/m+lOZhUY4KyxqnePUTRH2Y=",
+        "narHash": "sha256-JVBdqcz6O7noXRImADjFh+J7+14wigl+Vkt1hHTr56M=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "7a7849f5f075f6cfa8d6607c65048b7a22479bcb",
+        "rev": "953a2e2892dc8e6b9623e233853239984c11dd7c",
         "type": "github"
       },
       "original": {
@@ -123,18 +139,18 @@
         "type": "github"
       }
     },
-    "nixpkgs-stable": {
+    "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1762756533,
+        "lastModified": 1764667669,
-        "narHash": "sha256-HiRDeUOD1VLklHeOmaKDzf+8Hb7vSWPVFcWwaTrpm+U=",
+        "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c2448301fb856e351aab33e64c33a3fc8bcf637d",
+        "rev": "418468ac9527e799809c900eda37cbff999199b6",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-25.05",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -193,10 +209,11 @@
       "inputs": {
         "disko": "disko",
         "home-manager": "home-manager",
+        "nix-flatpak": "nix-flatpak",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "nixpkgs-master": "nixpkgs-master",
-        "nixpkgs-stable": "nixpkgs-stable",
+        "nixpkgs-unstable": "nixpkgs-unstable",
         "photocatalog": "photocatalog",
         "raspberry-pi-nix": "raspberry-pi-nix"
       }

flake.nix

@@ -2,11 +2,11 @@
   description = "Fxnet system configurations";
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
-    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
     nixpkgs-master.url = "github:NixOS/nixpkgs/master";
     home-manager = {
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager/release-25.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     photocatalog = {
@@ -24,13 +24,16 @@
     nixos-hardware = {
       url = "github:NixOS/nixos-hardware/master";
     };
+    nix-flatpak = {
+      url = "github:gmodena/nix-flatpak";
+    };
   };
 
   outputs =
     {
       self,
       nixpkgs,
-      nixpkgs-stable,
+      nixpkgs-unstable,
       nixpkgs-master,
       ...
     }@inputs:
@@ -53,9 +56,9 @@
           config.allowUnfree = true;
         }
       );
-      pkgsStableSettings =
+      pkgsUnstableSettings =
         system:
-        import nixpkgs-stable {
+        import nixpkgs-unstable {
           inherit system;
           config.allowUnfree = true;
         };
@@ -86,16 +89,18 @@
                     home.stateVersion = osConfig.system.stateVersion;
                   }
                 )
+                inputs.nix-flatpak.homeManagerModules.nix-flatpak
               ];
               extraSpecialArgs = {
                 inherit inputs;
-                pkgsStable = pkgsStableSettings pkgs.system;
+                pkgsUnstable = pkgsUnstableSettings pkgs.system;
                 pkgsMaster = pkgsMasterSettings pkgs.system;
                 hosts = hosts;
               };
             };
           }
         )
+        inputs.nix-flatpak.nixosModules.nix-flatpak
         inputs.home-manager.nixosModules.home-manager
         inputs.photocatalog.nixosModules.photocatalog
         inputs.disko.nixosModules.disko
@@ -115,7 +120,7 @@
             system = host.system;
             specialArgs = {
               inherit inputs;
-              pkgsStable = pkgsStableSettings host.system;
+              pkgsUnstable = pkgsUnstableSettings host.system;
               pkgsMaster = pkgsMasterSettings host.system;
               hosts = hosts;
               quirks = (quirks: (import ./quirks { inherit quirks; }));

hosts/fenixpc/default.nix

@@ -15,7 +15,7 @@ in
     quirks [
       "development"
       "steam"
-      "yubilock"
+      # "yubilock"
     ]
   );
 
@@ -108,6 +108,10 @@ in
   };
 
   programs = {
+    niri = {
+      enable = false;
+    };
+
     gamemode = {
       enable = true;
       settings = {

hosts/fenixpc/fenix.nix

@@ -21,6 +21,7 @@ in
       kdePackages.kdenlive
       kdePackages.plasma-sdk
       yandex-music
+      krusader
 
       avidemux
       gimp
@@ -36,6 +37,7 @@ in
       sauerbraten
 
       #Development
+      yandex-cloud
       devenv
       direnv
       yaml-language-server
@@ -87,5 +89,9 @@ in
       settings.folders.PhotoArchive.enabled = true;
       settings.folders.books.enabled = true;
     };
+    yubilock = {
+      enable = true;
+      autoRestore = true;
+    };
   };
 }

modules/hm/flatpak.nix

@@ -0,0 +1,25 @@
+{
+  osConfig,
+  config,
+  lib,
+  ...
+}:
+{
+  services.flatpak = lib.mkIf (osConfig.services.flatpak.enable) {
+    enable = true;
+    uninstallUnmanaged = true;
+
+    remotes = [
+      {
+        name = "flathub";
+        location = "https://flathub.org/repo/flathub.flatpakrepo";
+      }
+    ];
+    packages = lib.mkIf (config.programs.vivaldi.flatpak) [
+      {
+        appId = "com.vivaldi.Vivaldi";
+        origin = "flathub";
+      }
+    ];
+  };
+}

modules/hm/niri.nix

@@ -0,0 +1,28 @@
+{
+  pkgs,
+  osConfig,
+  lib,
+  ...
+}:
+let
+  enable = osConfig.programs.niri.enable;
+in
+{
+
+  programs = lib.mkIf (enable) {
+    alacritty.enable = true; # Super+T in the default setting (terminal)
+    fuzzel.enable = true; # Super+D in the default setting (app launcher)
+    swaylock.enable = true; # Super+Alt+L in the default setting (screen locker)
+    waybar.enable = true; # launch on startup in the default setting (bar)
+  };
+  services = lib.mkIf (enable) {
+    mako.enable = true; # notification daemon
+    swayidle.enable = true; # idle management daemon
+  };
+
+  home.packages =
+    with pkgs;
+    lib.mkIf (enable) [
+      swaybg
+    ];
+}

modules/hm/vivaldi.nix

@@ -7,19 +7,25 @@
 }:
 let
   conf = config.programs.vivaldi;
+  vivaldiCMD = if conf.flatpak then "flatpak run com.vivaldi.Vivaldi" else "vivaldi";
+  vivaldiIcon = if conf.flatpak then "com.vivaldi.Vivaldi" else "vivaldi";
 in
 {
-  config = lib.mkIf conf.enable {
+  options = {
+    programs.vivaldi.flatpak = lib.mkEnableOption "Use flatpak verion of Vivaldi";
+  };
+
+  config = lib.mkIf (conf.enable || conf.flatpak) {
     home.file.vivaldiKDEScript = {
       target = ".local/bin/vivaldi-kde.sh";
       text = ''
         #!/bin/sh
-        vivaldi --profile-directory=$(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.ActivityName $(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.CurrentActivity)) "$@"
+        ${vivaldiCMD} --profile-directory=$(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.ActivityName $(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.CurrentActivity)) "$@"
       '';
       executable = true;
     };
 
-    programs.vivaldi = {
+    programs.vivaldi = lib.mkIf (conf.enable) {
       nativeMessagingHosts =
         [ ]
         ++ lib.optionals (osConfig.services.desktopManager.plasma6.enable) [
@@ -46,7 +52,7 @@ in
             exec = "${config.home.file.vivaldiKDEScript.source} --new-window";
           };
         };
-        icon = "vivaldi";
+        icon = "${vivaldiIcon}";
         startupNotify = true;
         categories = [
           "Application"

modules/hm/yubilock.nix

@@ -0,0 +1,167 @@
+# Stealed from https://github.com/guttermonk/yubilock
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+with lib;
+
+let
+  cfg = config.services.yubilock;
+
+  # Script paths - users should copy scripts to their ~/.config/waybar/scripts/
+  yubilockScript = pkgs.writeShellScript "yubilock" ''
+    STATE_FILE="$HOME/.cache/yubilock-state"
+    LOG_FILE="$HOME/.cache/yubilock.log"
+    PID_FILE="$HOME/.cache/yubilock.pid"
+
+    # Function to check if a YubiKey is currently plugged in
+    check_yubikey() {
+        if ${pkgs.usbutils}/bin/lsusb | ${pkgs.gnugrep}/bin/grep -i "yubikey" > /dev/null; then
+            return 0 # device is present
+        else
+            return 1 # device is not present
+        fi
+    }
+
+    # Function to lock the screen
+    lock_screen() {
+        # Using loginctl for systemd-based systems
+        ${pkgs.systemd}/bin/loginctl lock-session
+        echo "Screen locked at $(date)" >> "$LOG_FILE"
+    }
+
+    # Create state file if it doesn't exist
+    if [ ! -f "$STATE_FILE" ]; then
+        echo "off" > "$STATE_FILE"
+    fi
+
+    # Record PID for later termination
+    echo "$$" > "$PID_FILE"
+
+    # Main monitoring loop
+    echo "YubiKey monitoring started at $(date)" >> "$LOG_FILE"
+
+    while true; do
+        # Check if monitoring is still enabled
+        if [ "$(cat "$STATE_FILE")" != "on" ]; then
+            echo "YubiKey monitoring stopped at $(date)" >> "$LOG_FILE"
+            exit 0
+        fi
+
+        if check_yubikey; then
+            echo "YubiKey detected at $(date)" >> "$LOG_FILE"
+
+            # Wait until the YubiKey is removed
+            while check_yubikey && [ "$(cat "$STATE_FILE")" = "on" ]; do
+                sleep 1
+            done
+
+            # If we exited because service was disabled, exit gracefully
+            if [ "$(cat "$STATE_FILE")" != "on" ]; then
+                echo "YubiKey monitoring stopped at $(date)" >> "$LOG_FILE"
+                exit 0
+            fi
+
+            echo "YubiKey removed at $(date)" >> "$LOG_FILE"
+            lock_screen
+        else
+            echo "No YubiKey detected. Checking again in 10 seconds..." >> "$LOG_FILE"
+            # Check less frequently to reduce system load
+            sleep 10
+        fi
+    done
+  '';
+
+  yubilockRestoreScript = pkgs.writeShellScript "yubilock-restore" ''
+    STATE_FILE="$HOME/.cache/yubilock-state"
+    LOG_FILE="$HOME/.cache/yubilock-restore.log"
+
+    echo "[$(date)] Checking yubilock state on login" >> "$LOG_FILE"
+
+    # Create state file if it doesn't exist
+    if [ ! -f "$STATE_FILE" ]; then
+        echo "off" > "$STATE_FILE"
+        echo "[$(date)] No state file found, defaulting to off" >> "$LOG_FILE"
+        exit 0
+    fi
+
+    # Read the saved state
+    saved_state=$(cat "$STATE_FILE")
+    echo "[$(date)] Saved state: $saved_state" >> "$LOG_FILE"
+
+    # If it was enabled before, re-enable it
+    if [ "$saved_state" = "on" ]; then
+        if ! ${pkgs.systemd}/bin/systemctl --user is-active yubilock.service > /dev/null 2>&1; then
+            echo "[$(date)] Restoring yubilock service" >> "$LOG_FILE"
+            ${pkgs.systemd}/bin/systemctl --user start yubilock.service
+            echo "[$(date)] Yubilock service restored" >> "$LOG_FILE"
+        else
+            echo "[$(date)] Yubilock service already running" >> "$LOG_FILE"
+        fi
+    fi
+  '';
+
+in
+{
+  options.services.yubilock = {
+    enable = mkEnableOption "YubiKey screen lock monitor";
+
+    autoRestore = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Automatically restore yubilock state on login.
+        If enabled, the yubilock service will be restarted on login
+        if it was running when you last logged out.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Systemd user service for yubilock
+    systemd.user.services.yubilock = {
+      Unit = {
+        Description = "YubiKey lock screen monitor";
+        After = [ "graphical-session.target" ];
+        PartOf = [ "graphical-session.target" ];
+      };
+      Service = {
+        Type = "simple";
+        ExecStart = "${yubilockScript}";
+        Restart = "on-failure";
+        RestartSec = "5s";
+        # Ensure state persists
+        ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p %h/.cache";
+        # Clean state on stop
+        ExecStopPost = "${pkgs.bash}/bin/bash -c 'echo off > %h/.cache/yubilock-state'";
+      };
+      Install = {
+        WantedBy = [ "graphical-session.target" ];
+      };
+    };
+
+    # Systemd user service to restore yubilock state on login
+    systemd.user.services.yubilock-restore = mkIf cfg.autoRestore {
+      Unit = {
+        Description = "Restore YubiKey monitor state on login";
+        After = [ "graphical-session.target" ];
+      };
+      Service = {
+        Type = "oneshot";
+        ExecStart = "${yubilockRestoreScript}";
+        RemainAfterExit = false;
+      };
+      Install = {
+        WantedBy = [ "graphical-session.target" ];
+      };
+    };
+
+    # Ensure required packages are available
+    home.packages = with pkgs; [
+      usbutils # for lsusb command
+    ];
+  };
+}

quirks/yubilock.nix

@@ -1,11 +0,0 @@
-{ pkgs, ... }:
-{
-  services.udev.extraRules = ''
-    ACTION=="remove",\
-    ENV{ID_BUS}=="usb",\
-    ENV{ID_MODEL_ID}=="0407",\
-    ENV{ID_VENDOR_ID}=="1050",\
-    ENV{ID_VENDOR}=="Yubico",\
-    RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
-  '';
-}

roles/desktop.nix

@@ -134,7 +134,9 @@ in
 
     btrfs.autoScrub.interval = "weekly";
 
-    flatpak.enable = true;
+    flatpak = {
+      enable = true;
+    };
 
     printing = {
       enable = lib.mkDefault true;
@@ -168,6 +170,7 @@ in
     wl-clipboard
     steam-run
     pam_u2f
+    fuse
 
     telegram-desktop
     keepassxc
@@ -184,6 +187,11 @@ in
   ];
 
   programs = {
+    appimage = {
+      enable = true;
+      binfmt = true;
+    };
+
     nix-ld = {
       enable = true;
       libraries = [