Flake update, return vivaldi from nixpkgs

flake.lock

@@ -28,15 +28,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1757475826,
+        "lastModified": 1764866045,
-        "narHash": "sha256-x6x30IzUOxKmOtE0KzQu9UxLrxg0HLurd5rpak62OL0=",
+        "narHash": "sha256-0GsEtXV9OquDQ1VclQfP16cU5VZh7NEVIOjSH4UaJuM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a60021a8c99bf5a28919c0a9fbb6b04422a6a8da",
+        "rev": "f63d0fe9d81d36e5fc95497217a72e02b8b7bcab",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
+        "ref": "release-25.11",
         "repo": "home-manager",
         "type": "github"
       }
@@ -75,13 +76,28 @@
         "type": "github"
       }
     },
+    "nix-flatpak": {
+      "locked": {
+        "lastModified": 1754777568,
+        "narHash": "sha256-0bBqT+3XncgF8F03RFAamw9vdf0VmaDoIJLTGkjfQZs=",
+        "owner": "gmodena",
+        "repo": "nix-flatpak",
+        "rev": "62f636b87ef6050760a8cb325cadb90674d1e23e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "gmodena",
+        "repo": "nix-flatpak",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1757103352,
+        "lastModified": 1764440730,
-        "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=",
+        "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "11b2a10c7be726321bb854403fdeec391e798bf0",
+        "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
         "type": "github"
       },
       "original": {
@@ -93,11 +109,43 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1757347588,
+        "lastModified": 1764677808,
-        "narHash": "sha256-tLdkkC6XnsY9EOZW9TlpesTclELy8W7lL2ClL+nma8o=",
+        "narHash": "sha256-H3lC7knbXOBrHI9hITQ7modLuX20mYJVhZORL5ioms0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b599843bad24621dcaa5ab60dac98f9b0eb1cabe",
+        "rev": "1aab89277eb2d87823d5b69bae631a2496cff57a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-master": {
+      "locked": {
+        "lastModified": 1764884164,
+        "narHash": "sha256-JVBdqcz6O7noXRImADjFh+J7+14wigl+Vkt1hHTr56M=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "953a2e2892dc8e6b9623e233853239984c11dd7c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1764667669,
+        "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "418468ac9527e799809c900eda37cbff999199b6",
         "type": "github"
       },
       "original": {
@@ -107,22 +155,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1757408970,
-        "narHash": "sha256-aSgK4BLNFFGvDTNKPeB28lVXYqVn8RdyXDNAvgGq+k0=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "d179d77c139e0a3f5c416477f7747e9d6b7ec315",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-25.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "photocatalog": {
       "inputs": {
         "nixpkgs": [
@@ -177,9 +209,11 @@
       "inputs": {
         "disko": "disko",
         "home-manager": "home-manager",
+        "nix-flatpak": "nix-flatpak",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
-        "nixpkgs-stable": "nixpkgs-stable",
+        "nixpkgs-master": "nixpkgs-master",
+        "nixpkgs-unstable": "nixpkgs-unstable",
         "photocatalog": "photocatalog",
         "raspberry-pi-nix": "raspberry-pi-nix"
       }

flake.nix

@@ -2,10 +2,11 @@
   description = "Fxnet system configurations";
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
-    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs-master.url = "github:NixOS/nixpkgs/master";
     home-manager = {
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager/release-25.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     photocatalog = {
@@ -23,13 +24,17 @@
     nixos-hardware = {
       url = "github:NixOS/nixos-hardware/master";
     };
+    nix-flatpak = {
+      url = "github:gmodena/nix-flatpak";
+    };
   };
 
   outputs =
     {
       self,
       nixpkgs,
-      nixpkgs-stable,
+      nixpkgs-unstable,
+      nixpkgs-master,
       ...
     }@inputs:
     let
@@ -51,9 +56,15 @@
           config.allowUnfree = true;
         }
       );
-      pkgsStableSettings =
+      pkgsUnstableSettings =
         system:
-        import nixpkgs-stable {
+        import nixpkgs-unstable {
+          inherit system;
+          config.allowUnfree = true;
+        };
+      pkgsMasterSettings =
+        system:
+        import nixpkgs-master {
           inherit system;
           config.allowUnfree = true;
         };
@@ -78,15 +89,18 @@
                     home.stateVersion = osConfig.system.stateVersion;
                   }
                 )
+                inputs.nix-flatpak.homeManagerModules.nix-flatpak
               ];
               extraSpecialArgs = {
                 inherit inputs;
-                pkgsStable = pkgsStableSettings pkgs.system;
+                pkgsUnstable = pkgsUnstableSettings pkgs.system;
+                pkgsMaster = pkgsMasterSettings pkgs.system;
                 hosts = hosts;
               };
             };
           }
         )
+        inputs.nix-flatpak.nixosModules.nix-flatpak
         inputs.home-manager.nixosModules.home-manager
         inputs.photocatalog.nixosModules.photocatalog
         inputs.disko.nixosModules.disko
@@ -106,7 +120,8 @@
             system = host.system;
             specialArgs = {
               inherit inputs;
-              pkgsStable = pkgsStableSettings host.system;
+              pkgsUnstable = pkgsUnstableSettings host.system;
+              pkgsMaster = pkgsMasterSettings host.system;
               hosts = hosts;
               quirks = (quirks: (import ./quirks { inherit quirks; }));
             };

hosts/fenixbook/fenix.nix

@@ -15,6 +15,8 @@ in
     username = userName;
     homeDirectory = lib.mkForce "/home/${userName}";
     packages = with pkgs; [
+      spotify
+
       # Games
       prismlauncher
       (bottles.override { removeWarningPopup = true; })
@@ -37,6 +39,7 @@ in
     gpg.enable = true;
     neovim.enable = true;
     obsidian.enable = true;
+    ssh.enable = true;
 
     vivaldi = {
       enable = true;

hosts/fenixpc/default.nix

@@ -15,6 +15,7 @@ in
     quirks [
       "development"
       "steam"
+      # "yubilock"
     ]
   );
 
@@ -34,7 +35,7 @@ in
     };
   };
 
-  systemd.oomd.extraConfig.DefaultMemoryPressureLimit = "15%";
+  systemd.oomd.settings.OOM.DefaultMemoryPressureLimit = "15%";
 
   services = {
     printing.ricoh.enable = true;
@@ -45,13 +46,16 @@ in
       enable = true;
       user = "fenix";
     };
+    lact.enable = true;
   };
+
   systemd.services.calibre-web.serviceConfig.environment = lib.mkForce "";
   systemd.services.calibre-web.environment.CACHE_DIR = "/var/cache/calibre-web";
 
   environment.systemPackages = with pkgs; [
     microcode-amd
     openvpn
+    cups
   ];
 
   users = {
@@ -72,6 +76,8 @@ in
         "input"
         "audio"
         "users"
+        "gamemode"
+        config.services.kubo.group
       ];
     });
     groups = {
@@ -100,4 +106,44 @@ in
       kwallet.enable = true;
     });
   };
+
+  programs = {
+    niri = {
+      enable = false;
+    };
+
+    gamemode = {
+      enable = true;
+      settings = {
+        general = {
+          renice = 10;
+          # blacklist = "vlc,firefox";
+          # whitelist = "game1,game2";
+        };
+        cpu = {
+          governor = "performance";
+          boost = "auto";
+        };
+        gpu = {
+          amd_performance_level = "high";
+          apply_gpu_optimizations = 1;
+          per_process_gpu_clocks = 1;
+        };
+        supervisor = {
+          # killlist = "tracker-miner-fs,tracker-store";
+        };
+        custom = {
+          start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
+          end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
+        };
+      };
+    };
+  };
+
+  hardware.graphics = {
+    extraPackages = with pkgs; [
+      libva
+      vulkan-tools
+    ];
+  };
 }

hosts/fenixpc/fenix.nix

@@ -2,6 +2,7 @@
   pkgs,
   lib,
   config,
+  osConfig,
   ...
 }:
 let
@@ -15,16 +16,28 @@ in
     homeDirectory = lib.mkForce "/home/${userName}";
     packages = with pkgs; [
       calibre
+      obsidian
       transmission_4-qt6
+      kdePackages.kdenlive
+      kdePackages.plasma-sdk
+      yandex-music
+      krusader
+
+      avidemux
+      gimp
+      krita
+      krita-plugin-gmic
+      inkscape
 
       # Games
       steam
       prismlauncher
       (bottles.override { removeWarningPopup = true; })
-      warzone2100
+      # warzone2100
       sauerbraten
 
       #Development
+      yandex-cloud
       devenv
       direnv
       yaml-language-server
@@ -44,11 +57,23 @@ in
     vscode.enable = true;
     gpg.enable = true;
     neovim.enable = true;
-    obsidian.enable = true;
+    ssh.enable = true;
 
     vivaldi = {
       enable = true;
     };
+
+    firefox = {
+      enable = true;
+      languagePacks = [
+        "ru"
+      ];
+      nativeMessagingHosts =
+        [ ]
+        ++ lib.optionals (osConfig.services.desktopManager.plasma6.enable) [
+          pkgs.kdePackages.plasma-browser-integration
+        ];
+    };
     direnv = {
       enableZshIntegration = config.programs.zsh.enable;
     };
@@ -64,5 +89,9 @@ in
       settings.folders.PhotoArchive.enabled = true;
       settings.folders.books.enabled = true;
     };
+    yubilock = {
+      enable = true;
+      autoRestore = true;
+    };
   };
 }

modules/hm/flatpak.nix

@@ -0,0 +1,25 @@
+{
+  osConfig,
+  config,
+  lib,
+  ...
+}:
+{
+  services.flatpak = lib.mkIf (osConfig.services.flatpak.enable) {
+    enable = true;
+    uninstallUnmanaged = true;
+
+    remotes = [
+      {
+        name = "flathub";
+        location = "https://flathub.org/repo/flathub.flatpakrepo";
+      }
+    ];
+    packages = lib.mkIf (config.programs.vivaldi.flatpak) [
+      {
+        appId = "com.vivaldi.Vivaldi";
+        origin = "flathub";
+      }
+    ];
+  };
+}

modules/hm/git.nix

@@ -33,6 +33,22 @@
         signByDefault = lib.mkDefault true;
         key = lib.mkDefault "DD89337AFABD013FDD57A0F133445FB510D677DF";
       };
+
+      includes = [
+        {
+          condition = "gitdir:~/dev/gofonox-org/";
+          contents = {
+            user = {
+              name = "Gofonox";
+              email = "gofonox@yandex.ru";
+              signingkey = "468075AB62C2BF67B3435BD18E49915B4743363E";
+            };
+            commit = {
+              gpgsign = true;
+            };
+          };
+        }
+      ];
     };
   };
 }

modules/hm/niri.nix

@@ -0,0 +1,28 @@
+{
+  pkgs,
+  osConfig,
+  lib,
+  ...
+}:
+let
+  enable = osConfig.programs.niri.enable;
+in
+{
+
+  programs = lib.mkIf (enable) {
+    alacritty.enable = true; # Super+T in the default setting (terminal)
+    fuzzel.enable = true; # Super+D in the default setting (app launcher)
+    swaylock.enable = true; # Super+Alt+L in the default setting (screen locker)
+    waybar.enable = true; # launch on startup in the default setting (bar)
+  };
+  services = lib.mkIf (enable) {
+    mako.enable = true; # notification daemon
+    swayidle.enable = true; # idle management daemon
+  };
+
+  home.packages =
+    with pkgs;
+    lib.mkIf (enable) [
+      swaybg
+    ];
+}

modules/hm/pt.nix

@@ -72,6 +72,9 @@ in
           enabled = true;
           label = "PTDev";
           path = devFolder;
+          devices = [
+            "nas"
+          ];
         };
       };
     };

modules/hm/ssh.nix

@@ -2,12 +2,13 @@
 {
   programs = {
     ssh = {
+      enableDefaultConfig = false;
       matchBlocks = {
         "router" = {
           user = "admin";
           hostname = "192.168.1.1";
           port = 2222;
-          controlPersist = "10m";
+          controlPersist = "no";
           addKeysToAgent = "9h";
           compression = false;
 
@@ -16,8 +17,15 @@
           serverAliveCountMax = 3;
           hashKnownHosts = false;
           userKnownHostsFile = "~/.ssh/known_hosts";
-          controlMaster = "auto";
+          controlMaster = "no";
-          controlPath = "~/.ssh/master-%r@%n:%p";
+          controlPath = "none";
+
+          extraOptions = {
+            KexAlgorithms = "curve25519-sha256@libssh.org,diffie-hellman-group14-sha256";
+            WarnWeakCrypto = "no";
+            ServerAliveInterval = "30";
+            ServerAliveCountMax = "4";
+          };
         };
         "aur" = {
           hostname = "aur.archlinux.org";

modules/hm/syncthing.nix

@@ -19,6 +19,10 @@
           enabled = lib.mkDefault true;
           label = "Sync";
           path = "~/Sync";
+          devices = [
+            "nas"
+            "s25"
+          ];
         };
         "Documents" = {
           id = "ikwrq-ahv5a";
@@ -26,6 +30,9 @@
           enabled = lib.mkDefault false;
           label = "Documents";
           path = "~/Documents";
+          devices = [
+            "nas"
+          ];
         };
         "Music" = {
           id = "6ytyt-ngvta";
@@ -33,6 +40,9 @@
           enabled = lib.mkDefault false;
           label = "Music";
           path = "~/Music";
+          devices = [
+            "nas"
+          ];
         };
         "Obsidian" = {
           id = "hyeaf-ygups";
@@ -40,6 +50,10 @@
           enabled = lib.mkDefault false;
           label = "Obsidian";
           path = "~/Obsidian";
+          devices = [
+            "nas"
+            "s25"
+          ];
         };
         "Camera S25" = {
           id = "sm-s938b_9wbf-фото";
@@ -47,14 +61,21 @@
           type = "receiveonly";
           label = "Camera S25";
           path = "~/Photos/S25";
+          devices = [
+            "nas"
+            "s25"
+          ];
         };
         "PhotoArchive" = {
           id = "6detn-xjbco";
-          type = "receiveonly";
+          type = "sendreceive";
           enabled = lib.mkDefault false;
           label = "PhotoArchive";
           path = "~/Photos/archive";
           ignorePerms = true;
+          devices = [
+            "nas"
+          ];
         };
         "books" = {
           id = "6st45-t9jej";
@@ -62,6 +83,9 @@
           enabled = lib.mkDefault false;
           label = "Books";
           path = "/mnt/hdd/Books";
+          devices = [
+            "nas"
+          ];
         };
       };
 

modules/hm/vivaldi.nix

@@ -7,19 +7,25 @@
 }:
 let
   conf = config.programs.vivaldi;
+  vivaldiCMD = if conf.flatpak then "flatpak run com.vivaldi.Vivaldi" else "vivaldi";
+  vivaldiIcon = if conf.flatpak then "com.vivaldi.Vivaldi" else "vivaldi";
 in
 {
-  config = lib.mkIf conf.enable {
+  options = {
+    programs.vivaldi.flatpak = lib.mkEnableOption "Use flatpak verion of Vivaldi";
+  };
+
+  config = lib.mkIf (conf.enable || conf.flatpak) {
     home.file.vivaldiKDEScript = {
       target = ".local/bin/vivaldi-kde.sh";
       text = ''
         #!/bin/sh
-        vivaldi --profile-directory=$(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.ActivityName $(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.CurrentActivity)) "$@"
+        ${vivaldiCMD} --profile-directory=$(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.ActivityName $(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.CurrentActivity)) "$@"
       '';
       executable = true;
     };
 
-    programs.vivaldi = {
+    programs.vivaldi = lib.mkIf (conf.enable) {
       nativeMessagingHosts =
         [ ]
         ++ lib.optionals (osConfig.services.desktopManager.plasma6.enable) [
@@ -46,7 +52,7 @@ in
             exec = "${config.home.file.vivaldiKDEScript.source} --new-window";
           };
         };
-        icon = "vivaldi";
+        icon = "${vivaldiIcon}";
         startupNotify = true;
         categories = [
           "Application"

modules/hm/yubilock.nix

@@ -0,0 +1,167 @@
+# Stealed from https://github.com/guttermonk/yubilock
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+with lib;
+
+let
+  cfg = config.services.yubilock;
+
+  # Script paths - users should copy scripts to their ~/.config/waybar/scripts/
+  yubilockScript = pkgs.writeShellScript "yubilock" ''
+    STATE_FILE="$HOME/.cache/yubilock-state"
+    LOG_FILE="$HOME/.cache/yubilock.log"
+    PID_FILE="$HOME/.cache/yubilock.pid"
+
+    # Function to check if a YubiKey is currently plugged in
+    check_yubikey() {
+        if ${pkgs.usbutils}/bin/lsusb | ${pkgs.gnugrep}/bin/grep -i "yubikey" > /dev/null; then
+            return 0 # device is present
+        else
+            return 1 # device is not present
+        fi
+    }
+
+    # Function to lock the screen
+    lock_screen() {
+        # Using loginctl for systemd-based systems
+        ${pkgs.systemd}/bin/loginctl lock-session
+        echo "Screen locked at $(date)" >> "$LOG_FILE"
+    }
+
+    # Create state file if it doesn't exist
+    if [ ! -f "$STATE_FILE" ]; then
+        echo "off" > "$STATE_FILE"
+    fi
+
+    # Record PID for later termination
+    echo "$$" > "$PID_FILE"
+
+    # Main monitoring loop
+    echo "YubiKey monitoring started at $(date)" >> "$LOG_FILE"
+
+    while true; do
+        # Check if monitoring is still enabled
+        if [ "$(cat "$STATE_FILE")" != "on" ]; then
+            echo "YubiKey monitoring stopped at $(date)" >> "$LOG_FILE"
+            exit 0
+        fi
+
+        if check_yubikey; then
+            echo "YubiKey detected at $(date)" >> "$LOG_FILE"
+
+            # Wait until the YubiKey is removed
+            while check_yubikey && [ "$(cat "$STATE_FILE")" = "on" ]; do
+                sleep 1
+            done
+
+            # If we exited because service was disabled, exit gracefully
+            if [ "$(cat "$STATE_FILE")" != "on" ]; then
+                echo "YubiKey monitoring stopped at $(date)" >> "$LOG_FILE"
+                exit 0
+            fi
+
+            echo "YubiKey removed at $(date)" >> "$LOG_FILE"
+            lock_screen
+        else
+            echo "No YubiKey detected. Checking again in 10 seconds..." >> "$LOG_FILE"
+            # Check less frequently to reduce system load
+            sleep 10
+        fi
+    done
+  '';
+
+  yubilockRestoreScript = pkgs.writeShellScript "yubilock-restore" ''
+    STATE_FILE="$HOME/.cache/yubilock-state"
+    LOG_FILE="$HOME/.cache/yubilock-restore.log"
+
+    echo "[$(date)] Checking yubilock state on login" >> "$LOG_FILE"
+
+    # Create state file if it doesn't exist
+    if [ ! -f "$STATE_FILE" ]; then
+        echo "off" > "$STATE_FILE"
+        echo "[$(date)] No state file found, defaulting to off" >> "$LOG_FILE"
+        exit 0
+    fi
+
+    # Read the saved state
+    saved_state=$(cat "$STATE_FILE")
+    echo "[$(date)] Saved state: $saved_state" >> "$LOG_FILE"
+
+    # If it was enabled before, re-enable it
+    if [ "$saved_state" = "on" ]; then
+        if ! ${pkgs.systemd}/bin/systemctl --user is-active yubilock.service > /dev/null 2>&1; then
+            echo "[$(date)] Restoring yubilock service" >> "$LOG_FILE"
+            ${pkgs.systemd}/bin/systemctl --user start yubilock.service
+            echo "[$(date)] Yubilock service restored" >> "$LOG_FILE"
+        else
+            echo "[$(date)] Yubilock service already running" >> "$LOG_FILE"
+        fi
+    fi
+  '';
+
+in
+{
+  options.services.yubilock = {
+    enable = mkEnableOption "YubiKey screen lock monitor";
+
+    autoRestore = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Automatically restore yubilock state on login.
+        If enabled, the yubilock service will be restarted on login
+        if it was running when you last logged out.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Systemd user service for yubilock
+    systemd.user.services.yubilock = {
+      Unit = {
+        Description = "YubiKey lock screen monitor";
+        After = [ "graphical-session.target" ];
+        PartOf = [ "graphical-session.target" ];
+      };
+      Service = {
+        Type = "simple";
+        ExecStart = "${yubilockScript}";
+        Restart = "on-failure";
+        RestartSec = "5s";
+        # Ensure state persists
+        ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p %h/.cache";
+        # Clean state on stop
+        ExecStopPost = "${pkgs.bash}/bin/bash -c 'echo off > %h/.cache/yubilock-state'";
+      };
+      Install = {
+        WantedBy = [ "graphical-session.target" ];
+      };
+    };
+
+    # Systemd user service to restore yubilock state on login
+    systemd.user.services.yubilock-restore = mkIf cfg.autoRestore {
+      Unit = {
+        Description = "Restore YubiKey monitor state on login";
+        After = [ "graphical-session.target" ];
+      };
+      Service = {
+        Type = "oneshot";
+        ExecStart = "${yubilockRestoreScript}";
+        RemainAfterExit = false;
+      };
+      Install = {
+        WantedBy = [ "graphical-session.target" ];
+      };
+    };
+
+    # Ensure required packages are available
+    home.packages = with pkgs; [
+      usbutils # for lsusb command
+    ];
+  };
+}

modules/hm/zsh.nix

@@ -1,5 +1,13 @@
-{ lib, ... }:
 {
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+{
+
+  home.packages = lib.mkIf config.programs.zsh.enable (with pkgs; [ zsh-powerlevel10k ]);
+
   programs.zsh = {
     autosuggestion = {
       enable = true;
@@ -48,11 +56,15 @@
         "aliases"
         "alias-finder"
         "rsync"
+        "z"
       ];
-      theme = lib.mkDefault "agnoster";
+      # theme = lib.mkDefault "powerlevel10k/powerlevel10k";
     };
 
     initContent = ''
+      source ${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k/powerlevel10k.zsh-theme
+      source ~/.p10k.zsh
+
       zstyle ':omz:plugins:alias-finder' autoload yes
       zstyle ':omz:plugins:alias-finder' longer no
       zstyle ':omz:plugins:alias-finder' exact yes

modules/sys/calibre-web.nix

@@ -1,10 +1,10 @@
-{ pkgsStable, lib, ... }:
+{ pkgs, lib, ... }:
 {
   services = {
     calibre-web = {
       listen.port = lib.mkDefault 8091;
       listen.ip = lib.mkDefault "0.0.0.0";
-      package = pkgsStable.calibre-web;
+      package = pkgs.calibre-web;
       options = {
         enableBookUploading = true;
         enableBookConversion = true;

nix.nix

@@ -25,6 +25,7 @@
         "nix-command"
         "flakes"
       ];
+      download-buffer-size = 524288000;
       log-lines = 30;
       min-free = mkDefault "${toString (5 * 1024 * 1024 * 1024)}";
       max-free = mkDefault "${toString (10 * 1024 * 1024 * 1024)}";

options.nix

@@ -5,10 +5,5 @@
       type = lib.types.int;
       default = 10;
     };
-
-    hm = lib.mkOption {
-      type = lib.types.attrsOf lib.types.anything;
-      default = { };
-    };
   };
 }

quirks/steam.nix

@@ -7,6 +7,7 @@
   hardware = {
     steam-hardware.enable = true;
   };
+
   environment.systemPackages = [
     pkgs.steam-devices-udev-rules
   ];

roles/default.nix

@@ -10,7 +10,7 @@
       enable = true;
       enableUserSlices = lib.mkDefault true;
       enableSystemSlice = lib.mkDefault true;
-      extraConfig = {
+      settings.OOM = {
         DefaultMemoryPressureDurationSec = lib.mkDefault "20s";
         DefaultMemoryPressureLimit = lib.mkDefault "50%";
       };
@@ -39,6 +39,16 @@
   };
 
   services = {
+    kubo = {
+      enable = lib.mkDefault true;
+      enableGC = lib.mkDefault true;
+      settings = {
+        Addresses = {
+          API = "/ip4/127.0.0.1/tcp/5001";
+        };
+      };
+    };
+
     openssh = {
       enable = lib.mkDefault true;
       settings = {

roles/desktop.nix

@@ -82,8 +82,13 @@ in
     };
 
     pam = {
-      yubico.enable = true;
+      u2f = {
-      yubico.mode = "challenge-response";
+        enable = true;
+        settings = {
+          cue = true;
+        };
+      };
+      services.sddm.u2fAuth = true;
     };
   };
 
@@ -129,7 +134,9 @@ in
 
     btrfs.autoScrub.interval = "weekly";
 
-    flatpak.enable = true;
+    flatpak = {
+      enable = true;
+    };
 
     printing = {
       enable = lib.mkDefault true;
@@ -160,20 +167,17 @@ in
 
   environment.systemPackages = with pkgs; [
     mesa
+    wl-clipboard
     steam-run
+    pam_u2f
+    fuse
 
     telegram-desktop
     keepassxc
-    gimp
     mpv
     ffmpeg
     yt-dlp
-    avidemux
-    krita
-    krita-plugin-gmic
-    inkscape
 
-    # onlyoffice-desktopeditors
     libreoffice-qt-fresh
     thunderbird-latest
 
@@ -183,6 +187,11 @@ in
   ];
 
   programs = {
+    appimage = {
+      enable = true;
+      binfmt = true;
+    };
+
     nix-ld = {
       enable = true;
       libraries = [

roles/steamos.nix

@@ -12,6 +12,10 @@
         type = lib.types.bool;
         default = false;
       };
+      displayName = lib.mkOption {
+        type = lib.types.str;
+        default = "DP-1";
+      };
     };
   };
 
@@ -31,7 +35,6 @@
 
     services.xserver.enable = false;
 
-    # Современные видеодрайверы
     hardware = {
       graphics = {
         enable = true;
@@ -53,11 +56,12 @@
         enable = true;
         gamescopeSession.enable = true;
 
-        remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+        remotePlay.openFirewall = true;
-        dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+        dedicatedServer.openFirewall = true;
         localNetworkGameTransfers.openFirewall = true;
       };
     };
+
     services.getty.autologinUser = "steam";
     environment = {
       loginShellInit = ''
@@ -69,6 +73,7 @@
       home.file."gs.sh" = {
         text = ''
           #!/usr/bin/env bash
+
           set -xeuo pipefail
 
           gamescopeArgs=(
@@ -76,7 +81,7 @@
               --hdr-enabled
               --rt
               --steam
-              -S DP-1
+              -S ${config.steamos.displayName}
           )
           steamArgs=(
               -pipewire-dmabuf

specialisations/default.nix

@@ -21,7 +21,7 @@
     spectacle
     elisa
     dolphin-plugins
-    xwaylandvideobridge
+    kgpg
   ];
 
   programs = {

specialisations/gnome.nix

@@ -1,61 +0,0 @@
-{ pkgs, lib, ... }:
-{
-  specialisation.gnome.configuration = {
-    system.nixos.tags = [ "gnome" ];
-    services = {
-      displayManager = {
-        defaultSession = lib.mkForce "gnome";
-        sddm.enable = lib.mkForce false;
-
-        gdm = {
-          enable = true;
-          wayland = true;
-          autoSuspend = true;
-          banner = ''
-            Оставь надежду
-            Всяк сюда входящий
-          '';
-        };
-      };
-      desktopManager = {
-        plasma6.enable = lib.mkForce false;
-        gnome.enable = true;
-      };
-
-      hardware.bolt.enable = true;
-      gnome = {
-        core-os-services.enable = true;
-        gnome-keyring.enable = true;
-        gnome-settings-daemon.enable = true;
-        core-shell.enable = true;
-      };
-    };
-
-    programs.evolution = {
-      enable = true;
-      plugins = [ pkgs.evolution-ews ];
-    };
-
-    environment = {
-      variables = {
-        XCURSOR_THEME = "Adwaita";
-      };
-      gnome.excludePackages = with pkgs; [
-        geary
-        epiphany
-        gnome-calendar
-      ];
-    };
-
-    xdg.portal = {
-      config.common = {
-        default = lib.mkForce [
-          "gnome"
-        ];
-      };
-      extraPortals = lib.mkForce [
-        pkgs.xdg-desktop-portal-gnome
-      ];
-    };
-  };
-}