Flake update, return vivaldi from nixpkgs

Add yamdex-cloud cli, update home-manager to 25.11
Switch to 25.11
2025-12-05 01:32:30 +03:00 · 2025-12-02 20:42:12 +03:00 · 2025-12-01 02:47:23 +03:00 · 2025-12-01 02:43:59 +03:00 · 2025-11-23 10:20:20 +03:00 · 2025-11-17 14:03:48 +03:00
25 changed files with 615 additions and 132 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -28,15 +28,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1756683562,
+        "lastModified": 1764866045,
-        "narHash": "sha256-3fcIqwm1u+rF3kkgUYYEIcLrs93+Pi+a6AwiEAxdP5g=",
+        "narHash": "sha256-0GsEtXV9OquDQ1VclQfP16cU5VZh7NEVIOjSH4UaJuM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "fccb44df77266a3891939f35197f538dace3442f",
+        "rev": "f63d0fe9d81d36e5fc95497217a72e02b8b7bcab",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-25.11",
        "repo": "home-manager",
        "type": "github"
      }
@@ -75,13 +76,28 @@
        "type": "github"
      }
    },
    "nix-flatpak": {
      "locked": {
        "lastModified": 1754777568,
        "narHash": "sha256-0bBqT+3XncgF8F03RFAamw9vdf0VmaDoIJLTGkjfQZs=",
        "owner": "gmodena",
        "repo": "nix-flatpak",
        "rev": "62f636b87ef6050760a8cb325cadb90674d1e23e",
        "type": "github"
      },
      "original": {
        "owner": "gmodena",
        "repo": "nix-flatpak",
        "type": "github"
      }
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1756750488,
+        "lastModified": 1764440730,
-        "narHash": "sha256-e4ZAu2sjOtGpvbdS5zo+Va5FUUkAnizl4wb0/JlIL2I=",
+        "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "47eb4856cfd01eaeaa7bb5944a0f27db8fb9b94a",
+        "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
        "type": "github"
      },
      "original": {
@@ -93,11 +109,43 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1756542300,
+        "lastModified": 1764677808,
-        "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
+        "narHash": "sha256-H3lC7knbXOBrHI9hITQ7modLuX20mYJVhZORL5ioms0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa",
+        "rev": "1aab89277eb2d87823d5b69bae631a2496cff57a",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-master": {
      "locked": {
        "lastModified": 1764884164,
        "narHash": "sha256-JVBdqcz6O7noXRImADjFh+J7+14wigl+Vkt1hHTr56M=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "953a2e2892dc8e6b9623e233853239984c11dd7c",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "master",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
        "lastModified": 1764667669,
        "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "418468ac9527e799809c900eda37cbff999199b6",
        "type": "github"
      },
      "original": {
@@ -107,22 +155,6 @@
        "type": "github"
      }
    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1756617294,
        "narHash": "sha256-aGnd4AHIYCWQKChAkHPpX+YYCt7pA6y2LFFA/s8q0wQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "b4c2c57c31e68544982226d07e4719a2d86302a8",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "photocatalog": {
      "inputs": {
        "nixpkgs": [
@@ -177,9 +209,11 @@
      "inputs": {
        "disko": "disko",
        "home-manager": "home-manager",
        "nix-flatpak": "nix-flatpak",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs",
-        "nixpkgs-stable": "nixpkgs-stable",
+        "nixpkgs-master": "nixpkgs-master",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "photocatalog": "photocatalog",
        "raspberry-pi-nix": "raspberry-pi-nix"
      }
--- a/flake.nix
+++ b/flake.nix
@@ -2,10 +2,11 @@
  description = "Fxnet system configurations";
  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
-    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixpkgs-master.url = "github:NixOS/nixpkgs/master";
    home-manager = {
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager/release-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    photocatalog = {
@@ -23,13 +24,17 @@
    nixos-hardware = {
      url = "github:NixOS/nixos-hardware/master";
    };
    nix-flatpak = {
      url = "github:gmodena/nix-flatpak";
    };
  };
  outputs =
    {
      self,
      nixpkgs,
-      nixpkgs-stable,
+      nixpkgs-unstable,
      nixpkgs-master,
      ...
    }@inputs:
    let
@@ -51,9 +56,15 @@
          config.allowUnfree = true;
        }
      );
-      pkgsStableSettings =
+      pkgsUnstableSettings =
        system:
-        import nixpkgs-stable {
+        import nixpkgs-unstable {
          inherit system;
          config.allowUnfree = true;
        };
      pkgsMasterSettings =
        system:
        import nixpkgs-master {
          inherit system;
          config.allowUnfree = true;
        };
@@ -78,15 +89,18 @@
                    home.stateVersion = osConfig.system.stateVersion;
                  }
                )
                inputs.nix-flatpak.homeManagerModules.nix-flatpak
              ];
              extraSpecialArgs = {
                inherit inputs;
-                pkgsStable = pkgsStableSettings pkgs.system;
+                pkgsUnstable = pkgsUnstableSettings pkgs.system;
                pkgsMaster = pkgsMasterSettings pkgs.system;
                hosts = hosts;
              };
            };
          }
        )
        inputs.nix-flatpak.nixosModules.nix-flatpak
        inputs.home-manager.nixosModules.home-manager
        inputs.photocatalog.nixosModules.photocatalog
        inputs.disko.nixosModules.disko
@@ -106,7 +120,8 @@
            system = host.system;
            specialArgs = {
              inherit inputs;
-              pkgsStable = pkgsStableSettings host.system;
+              pkgsUnstable = pkgsUnstableSettings host.system;
              pkgsMaster = pkgsMasterSettings host.system;
              hosts = hosts;
              quirks = (quirks: (import ./quirks { inherit quirks; }));
            };
--- a/hosts/fenixbook/default.nix
+++ b/hosts/fenixbook/default.nix
@@ -62,6 +62,7 @@ in
        "wheel"
        "input"
        "audio"
        "users"
      ];
    });
--- a/hosts/fenixbook/fenix.nix
+++ b/hosts/fenixbook/fenix.nix
@@ -15,6 +15,8 @@ in
    username = userName;
    homeDirectory = lib.mkForce "/home/${userName}";
    packages = with pkgs; [
      spotify
      # Games
      prismlauncher
      (bottles.override { removeWarningPopup = true; })
@@ -36,6 +38,8 @@ in
    vscode.enable = true;
    gpg.enable = true;
    neovim.enable = true;
    obsidian.enable = true;
    ssh.enable = true;
    vivaldi = {
      enable = true;
--- a/hosts/fenixpc/default.nix
+++ b/hosts/fenixpc/default.nix
@@ -15,6 +15,7 @@ in
    quirks [
      "development"
      "steam"
      # "yubilock"
    ]
  );
@@ -34,7 +35,7 @@ in
    };
  };
-  systemd.oomd.extraConfig.DefaultMemoryPressureLimit = "15%";
+  systemd.oomd.settings.OOM.DefaultMemoryPressureLimit = "15%";
  services = {
    printing.ricoh.enable = true;
@@ -45,11 +46,16 @@ in
      enable = true;
      user = "fenix";
    };
    lact.enable = true;
  };
  systemd.services.calibre-web.serviceConfig.environment = lib.mkForce "";
  systemd.services.calibre-web.environment.CACHE_DIR = "/var/cache/calibre-web";
  environment.systemPackages = with pkgs; [
    microcode-amd
    openvpn
    cups
  ];
  users = {
@@ -69,6 +75,9 @@ in
        "wheel"
        "input"
        "audio"
        "users"
        "gamemode"
        config.services.kubo.group
      ];
    });
    groups = {
@@ -97,4 +106,44 @@ in
      kwallet.enable = true;
    });
  };
  programs = {
    niri = {
      enable = false;
    };
    gamemode = {
      enable = true;
      settings = {
        general = {
          renice = 10;
          # blacklist = "vlc,firefox";
          # whitelist = "game1,game2";
        };
        cpu = {
          governor = "performance";
          boost = "auto";
        };
        gpu = {
          amd_performance_level = "high";
          apply_gpu_optimizations = 1;
          per_process_gpu_clocks = 1;
        };
        supervisor = {
          # killlist = "tracker-miner-fs,tracker-store";
        };
        custom = {
          start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
          end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
        };
      };
    };
  };
  hardware.graphics = {
    extraPackages = with pkgs; [
      libva
      vulkan-tools
    ];
  };
 }
--- a/hosts/fenixpc/fenix.nix
+++ b/hosts/fenixpc/fenix.nix
@@ -2,32 +2,50 @@
  pkgs,
  lib,
  config,
  osConfig,
  ...
 }:
 let
  userName = "fenix";
 in
 {
  pt.enable = true;
  home = {
    username = userName;
    homeDirectory = lib.mkForce "/home/${userName}";
    packages = with pkgs; [
      calibre
      obsidian
      transmission_4-qt6
      kdePackages.kdenlive
      kdePackages.plasma-sdk
      yandex-music
      krusader
      avidemux
      gimp
      krita
      krita-plugin-gmic
      inkscape
      # Games
      steam
      prismlauncher
      (bottles.override { removeWarningPopup = true; })
-      warzone2100
+      # warzone2100
      sauerbraten
      #Development
      yandex-cloud
      devenv
      direnv
      yaml-language-server
      plantuml
      jetbrains.goland
      jetbrains.rust-rover
      rustup
      gcc
      gnumake
      protobuf
    ];
@@ -39,10 +57,23 @@ in
    vscode.enable = true;
    gpg.enable = true;
    neovim.enable = true;
    ssh.enable = true;
    vivaldi = {
      enable = true;
    };
    firefox = {
      enable = true;
      languagePacks = [
        "ru"
      ];
      nativeMessagingHosts =
        [ ]
        ++ lib.optionals (osConfig.services.desktopManager.plasma6.enable) [
          pkgs.kdePackages.plasma-browser-integration
        ];
    };
    direnv = {
      enableZshIntegration = config.programs.zsh.enable;
    };
@@ -58,5 +89,9 @@ in
      settings.folders.PhotoArchive.enabled = true;
      settings.folders.books.enabled = true;
    };
    yubilock = {
      enable = true;
      autoRestore = true;
    };
  };
 }
--- a/modules/hm/flatpak.nix
+++ b/modules/hm/flatpak.nix
@@ -0,0 +1,25 @@
 {
  osConfig,
  config,
  lib,
  ...
 }:
 {
  services.flatpak = lib.mkIf (osConfig.services.flatpak.enable) {
    enable = true;
    uninstallUnmanaged = true;
    remotes = [
      {
        name = "flathub";
        location = "https://flathub.org/repo/flathub.flatpakrepo";
      }
    ];
    packages = lib.mkIf (config.programs.vivaldi.flatpak) [
      {
        appId = "com.vivaldi.Vivaldi";
        origin = "flathub";
      }
    ];
  };
 }
--- a/modules/hm/git.nix
+++ b/modules/hm/git.nix
@@ -33,6 +33,22 @@
        signByDefault = lib.mkDefault true;
        key = lib.mkDefault "DD89337AFABD013FDD57A0F133445FB510D677DF";
      };
      includes = [
        {
          condition = "gitdir:~/dev/gofonox-org/";
          contents = {
            user = {
              name = "Gofonox";
              email = "gofonox@yandex.ru";
              signingkey = "468075AB62C2BF67B3435BD18E49915B4743363E";
            };
            commit = {
              gpgsign = true;
            };
          };
        }
      ];
    };
  };
 }
--- a/modules/hm/niri.nix
+++ b/modules/hm/niri.nix
@@ -0,0 +1,28 @@
 {
  pkgs,
  osConfig,
  lib,
  ...
 }:
 let
  enable = osConfig.programs.niri.enable;
 in
 {
  programs = lib.mkIf (enable) {
    alacritty.enable = true; # Super+T in the default setting (terminal)
    fuzzel.enable = true; # Super+D in the default setting (app launcher)
    swaylock.enable = true; # Super+Alt+L in the default setting (screen locker)
    waybar.enable = true; # launch on startup in the default setting (bar)
  };
  services = lib.mkIf (enable) {
    mako.enable = true; # notification daemon
    swayidle.enable = true; # idle management daemon
  };
  home.packages =
    with pkgs;
    lib.mkIf (enable) [
      swaybg
    ];
 }
--- a/modules/hm/pt.nix
+++ b/modules/hm/pt.nix
@@ -72,6 +72,9 @@ in
          enabled = true;
          label = "PTDev";
          path = devFolder;
          devices = [
            "nas"
          ];
        };
      };
    };
--- a/modules/hm/ssh.nix
+++ b/modules/hm/ssh.nix
@@ -2,12 +2,13 @@
 {
  programs = {
    ssh = {
      enableDefaultConfig = false;
      matchBlocks = {
        "router" = {
          user = "admin";
          hostname = "192.168.1.1";
          port = 2222;
-          controlPersist = "10m";
+          controlPersist = "no";
          addKeysToAgent = "9h";
          compression = false;
@@ -16,8 +17,15 @@
          serverAliveCountMax = 3;
          hashKnownHosts = false;
          userKnownHostsFile = "~/.ssh/known_hosts";
-          controlMaster = "auto";
+          controlMaster = "no";
-          controlPath = "~/.ssh/master-%r@%n:%p";
+          controlPath = "none";
          extraOptions = {
            KexAlgorithms = "curve25519-sha256@libssh.org,diffie-hellman-group14-sha256";
            WarnWeakCrypto = "no";
            ServerAliveInterval = "30";
            ServerAliveCountMax = "4";
          };
        };
        "aur" = {
          hostname = "aur.archlinux.org";
--- a/modules/hm/syncthing.nix
+++ b/modules/hm/syncthing.nix
@@ -19,6 +19,10 @@
          enabled = lib.mkDefault true;
          label = "Sync";
          path = "~/Sync";
          devices = [
            "nas"
            "s25"
          ];
        };
        "Documents" = {
          id = "ikwrq-ahv5a";
@@ -26,6 +30,9 @@
          enabled = lib.mkDefault false;
          label = "Documents";
          path = "~/Documents";
          devices = [
            "nas"
          ];
        };
        "Music" = {
          id = "6ytyt-ngvta";
@@ -33,6 +40,9 @@
          enabled = lib.mkDefault false;
          label = "Music";
          path = "~/Music";
          devices = [
            "nas"
          ];
        };
        "Obsidian" = {
          id = "hyeaf-ygups";
@@ -40,6 +50,10 @@
          enabled = lib.mkDefault false;
          label = "Obsidian";
          path = "~/Obsidian";
          devices = [
            "nas"
            "s25"
          ];
        };
        "Camera S25" = {
          id = "sm-s938b_9wbf-фото";
@@ -47,14 +61,21 @@
          type = "receiveonly";
          label = "Camera S25";
          path = "~/Photos/S25";
          devices = [
            "nas"
            "s25"
          ];
        };
        "PhotoArchive" = {
          id = "6detn-xjbco";
-          type = "receiveonly";
+          type = "sendreceive";
          enabled = lib.mkDefault false;
          label = "PhotoArchive";
          path = "~/Photos/archive";
          ignorePerms = true;
          devices = [
            "nas"
          ];
        };
        "books" = {
          id = "6st45-t9jej";
@@ -62,6 +83,9 @@
          enabled = lib.mkDefault false;
          label = "Books";
          path = "/mnt/hdd/Books";
          devices = [
            "nas"
          ];
        };
      };
--- a/modules/hm/vivaldi.nix
+++ b/modules/hm/vivaldi.nix
@@ -7,19 +7,25 @@
 }:
 let
  conf = config.programs.vivaldi;
  vivaldiCMD = if conf.flatpak then "flatpak run com.vivaldi.Vivaldi" else "vivaldi";
  vivaldiIcon = if conf.flatpak then "com.vivaldi.Vivaldi" else "vivaldi";
 in
 {
-  config = lib.mkIf conf.enable {
+  options = {
    programs.vivaldi.flatpak = lib.mkEnableOption "Use flatpak verion of Vivaldi";
  };
  config = lib.mkIf (conf.enable || conf.flatpak) {
    home.file.vivaldiKDEScript = {
      target = ".local/bin/vivaldi-kde.sh";
      text = ''
        #!/bin/sh
-        vivaldi --profile-directory=$(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.ActivityName $(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.CurrentActivity)) "$@"
+        ${vivaldiCMD} --profile-directory=$(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.ActivityName $(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.CurrentActivity)) "$@"
      '';
      executable = true;
    };
-    programs.vivaldi = {
+    programs.vivaldi = lib.mkIf (conf.enable) {
      nativeMessagingHosts =
        [ ]
        ++ lib.optionals (osConfig.services.desktopManager.plasma6.enable) [
@@ -46,7 +52,7 @@ in
            exec = "${config.home.file.vivaldiKDEScript.source} --new-window";
          };
        };
-        icon = "vivaldi";
+        icon = "${vivaldiIcon}";
        startupNotify = true;
        categories = [
          "Application"
--- a/modules/hm/yubilock.nix
+++ b/modules/hm/yubilock.nix
@@ -0,0 +1,167 @@
 # Stealed from https://github.com/guttermonk/yubilock
 {
  config,
  lib,
  pkgs,
  ...
 }:
 with lib;
 let
  cfg = config.services.yubilock;
  # Script paths - users should copy scripts to their ~/.config/waybar/scripts/
  yubilockScript = pkgs.writeShellScript "yubilock" ''
    STATE_FILE="$HOME/.cache/yubilock-state"
    LOG_FILE="$HOME/.cache/yubilock.log"
    PID_FILE="$HOME/.cache/yubilock.pid"
    # Function to check if a YubiKey is currently plugged in
    check_yubikey() {
        if ${pkgs.usbutils}/bin/lsusb | ${pkgs.gnugrep}/bin/grep -i "yubikey" > /dev/null; then
            return 0 # device is present
        else
            return 1 # device is not present
        fi
    }
    # Function to lock the screen
    lock_screen() {
        # Using loginctl for systemd-based systems
        ${pkgs.systemd}/bin/loginctl lock-session
        echo "Screen locked at $(date)" >> "$LOG_FILE"
    }
    # Create state file if it doesn't exist
    if [ ! -f "$STATE_FILE" ]; then
        echo "off" > "$STATE_FILE"
    fi
    # Record PID for later termination
    echo "$$" > "$PID_FILE"
    # Main monitoring loop
    echo "YubiKey monitoring started at $(date)" >> "$LOG_FILE"
    while true; do
        # Check if monitoring is still enabled
        if [ "$(cat "$STATE_FILE")" != "on" ]; then
            echo "YubiKey monitoring stopped at $(date)" >> "$LOG_FILE"
            exit 0
        fi
        if check_yubikey; then
            echo "YubiKey detected at $(date)" >> "$LOG_FILE"
            # Wait until the YubiKey is removed
            while check_yubikey && [ "$(cat "$STATE_FILE")" = "on" ]; do
                sleep 1
            done
            # If we exited because service was disabled, exit gracefully
            if [ "$(cat "$STATE_FILE")" != "on" ]; then
                echo "YubiKey monitoring stopped at $(date)" >> "$LOG_FILE"
                exit 0
            fi
            echo "YubiKey removed at $(date)" >> "$LOG_FILE"
            lock_screen
        else
            echo "No YubiKey detected. Checking again in 10 seconds..." >> "$LOG_FILE"
            # Check less frequently to reduce system load
            sleep 10
        fi
    done
  '';
  yubilockRestoreScript = pkgs.writeShellScript "yubilock-restore" ''
    STATE_FILE="$HOME/.cache/yubilock-state"
    LOG_FILE="$HOME/.cache/yubilock-restore.log"
    echo "[$(date)] Checking yubilock state on login" >> "$LOG_FILE"
    # Create state file if it doesn't exist
    if [ ! -f "$STATE_FILE" ]; then
        echo "off" > "$STATE_FILE"
        echo "[$(date)] No state file found, defaulting to off" >> "$LOG_FILE"
        exit 0
    fi
    # Read the saved state
    saved_state=$(cat "$STATE_FILE")
    echo "[$(date)] Saved state: $saved_state" >> "$LOG_FILE"
    # If it was enabled before, re-enable it
    if [ "$saved_state" = "on" ]; then
        if ! ${pkgs.systemd}/bin/systemctl --user is-active yubilock.service > /dev/null 2>&1; then
            echo "[$(date)] Restoring yubilock service" >> "$LOG_FILE"
            ${pkgs.systemd}/bin/systemctl --user start yubilock.service
            echo "[$(date)] Yubilock service restored" >> "$LOG_FILE"
        else
            echo "[$(date)] Yubilock service already running" >> "$LOG_FILE"
        fi
    fi
  '';
 in
 {
  options.services.yubilock = {
    enable = mkEnableOption "YubiKey screen lock monitor";
    autoRestore = mkOption {
      type = types.bool;
      default = true;
      description = ''
        Automatically restore yubilock state on login.
        If enabled, the yubilock service will be restarted on login
        if it was running when you last logged out.
      '';
    };
  };
  config = mkIf cfg.enable {
    # Systemd user service for yubilock
    systemd.user.services.yubilock = {
      Unit = {
        Description = "YubiKey lock screen monitor";
        After = [ "graphical-session.target" ];
        PartOf = [ "graphical-session.target" ];
      };
      Service = {
        Type = "simple";
        ExecStart = "${yubilockScript}";
        Restart = "on-failure";
        RestartSec = "5s";
        # Ensure state persists
        ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p %h/.cache";
        # Clean state on stop
        ExecStopPost = "${pkgs.bash}/bin/bash -c 'echo off > %h/.cache/yubilock-state'";
      };
      Install = {
        WantedBy = [ "graphical-session.target" ];
      };
    };
    # Systemd user service to restore yubilock state on login
    systemd.user.services.yubilock-restore = mkIf cfg.autoRestore {
      Unit = {
        Description = "Restore YubiKey monitor state on login";
        After = [ "graphical-session.target" ];
      };
      Service = {
        Type = "oneshot";
        ExecStart = "${yubilockRestoreScript}";
        RemainAfterExit = false;
      };
      Install = {
        WantedBy = [ "graphical-session.target" ];
      };
    };
    # Ensure required packages are available
    home.packages = with pkgs; [
      usbutils # for lsusb command
    ];
  };
 }
--- a/modules/hm/zsh.nix
+++ b/modules/hm/zsh.nix
@@ -1,5 +1,13 @@
 { lib, ... }:
 {
  lib,
  pkgs,
  config,
  ...
 }:
 {
  home.packages = lib.mkIf config.programs.zsh.enable (with pkgs; [ zsh-powerlevel10k ]);
  programs.zsh = {
    autosuggestion = {
      enable = true;
@@ -48,11 +56,15 @@
        "aliases"
        "alias-finder"
        "rsync"
        "z"
      ];
-      theme = lib.mkDefault "agnoster";
+      # theme = lib.mkDefault "powerlevel10k/powerlevel10k";
    };
    initContent = ''
      source ${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k/powerlevel10k.zsh-theme
      source ~/.p10k.zsh
      zstyle ':omz:plugins:alias-finder' autoload yes
      zstyle ':omz:plugins:alias-finder' longer no
      zstyle ':omz:plugins:alias-finder' exact yes
--- a/modules/sys/calibre-web.nix
+++ b/modules/sys/calibre-web.nix
@@ -1,10 +1,10 @@
-{ pkgsStable, lib, ... }:
+{ pkgs, lib, ... }:
 {
  services = {
    calibre-web = {
      listen.port = lib.mkDefault 8091;
      listen.ip = lib.mkDefault "0.0.0.0";
-      package = pkgsStable.calibre-web;
+      package = pkgs.calibre-web;
      options = {
        enableBookUploading = true;
        enableBookConversion = true;
--- a/modules/sys/ssl.nix
+++ b/modules/sys/ssl.nix
@@ -0,0 +1,78 @@
 { ... }:
 let
  ptCerts = [
    ''
      -----BEGIN CERTIFICATE-----
      MIIFQTCCAymgAwIBAgIUT8eE7Aogt5TTKlrupxEqywtRr6QwDQYJKoZIhvcNAQEL
      BQAwKDEmMCQGA1UEAxMdUG9zaXRpdmUgVGVjaG5vbG9naWVzIFJvb3QgQ0EwHhcN
      MjUwODI5MDczNzM1WhcNNDUwODI0MDczODAzWjAoMSYwJAYDVQQDEx1Qb3NpdGl2
      ZSBUZWNobm9sb2dpZXMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
      AgoCggIBAL1LiFhVl9aVW+l6/JQzEBfpiNGu/JPh16vLJCLntC6c8JW4JlPC3s26
      Z7qPchhown/Ml50iJPZI6Pq6DZspcvbxdBEKVofZfodFNJYuXAkRK8HxEstIAKfJ
      QgOejEQwgELgt1VwkfEL05LjhunD3isGBQabmi6z8UpVnN6+mF4+tR9G+YUXls25
      g9i7S7gASSXugRn0qTawpFUScGWlrOW5h/7CzVH2UALRWlandCqb8HWT/bN4rabL
      fz350HdWOrrI3ZjHpbXFCvKHGUMjmAhGIfeEBHqPGrY4Wlbkm9YOAAyflYqRbieu
      IJNld6kcShh/YM8UH/bz7i051TaAclhseMKsQk7UY5P+GlfdmQW8apaFtFfAtK+M
      Sr0KBxWpS0rKNfKP2emCKhZeiD4BqE15phvcXW5Gom1HkrVFRzg+1zF7VN+Na6O6
      ZQQW/OdtdsZpHhanSEXd6DjO+p58MFLkGPVjLvylGMRlMa1WAFXZ92PJYSHUxyLy
      jUUWP8D2LRXQBCZm7I+UbQfV2m2tzjRnQ+2POq7qDBZJiqD0x6PdFc/sSUokZ1tV
      j8+zRgwTQmsLl4CvKaPD7dlFlEEN+xDXff5PVM6YUrfR6u5zrgLB3RDGgJHzFSkz
      ia+z9u062RwiYpkOXPRclHrYGTgB7tMMJ8G2RmMUbgt3tV2Dgfo5AgMBAAGjYzBh
      MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSUbzie
      n/0Ax/XCgNn9OoJLxt3VszAfBgNVHSMEGDAWgBSUbzien/0Ax/XCgNn9OoJLxt3V
      szANBgkqhkiG9w0BAQsFAAOCAgEAOjTCj1f5FpNitawusbb/nFvDEGzmqtiobJdJ
      smiDSpQeCVb/JIlPLO9fc8L4MbSPuD3ykf1ElJrcHsMB4oLP9SVYF9ElKzCwfaCq
      FJa1C/tIFAYUvjlo331z0/PU0RgxjMoru0Fq9XiOeCAS0mNp+yzfir5QUd8hBoCm
      k+Z9AwZfq0QVFS+EE7V4eV+SoEf8rXHwhMTHytAN/8RnORo/k26hX/OzoLBc18Wq
      fcNDEQOeHnyuR0G8G8gu4Mh4/xDng6ni9EesYgWof6AxRcoS0m7JlC1OUvi75Qh3
      K/w4pvn+EU/MVI0d1wK4E45j+nnZeS/09pdKxbN5espOfBYf6+9OS8+04+RJv3B6
      zOKZ/hN3cgYQW85TZxlKG0LvKTEItP6l0GrKUVmB+6Nu7drAMlRFaHtO/kAaazS7
      KwP+tlQtc3EBlA3QZaxZodEhwoF+nwUebDx2JuaGZ6d6lNCSRn3O8gsKRdYu/N8e
      A0lRzFVSje7aBtSbiUZ74lnuAPb+VsehZcqX1LiM2fr4UFWhVRQSqEvjsf7UPVrk
      2+iaWxF61t8ouzT6vWUUqezpaoGhTa1+oxv2Apff6SkWSPNlbpW9hHHgUjRtxjEr
      DgO8seiNvec86NbRapWItivwT71msFuIsw45IJ2kn0LTL/FAUyfmJebnqhlfaN7A
      F+9Ss+M=
      -----END CERTIFICATE-----
    ''
    ''
      -----BEGIN CERTIFICATE-----
      MIIGATCCA+mgAwIBAgIUNBc0VV8DVSdlFBEDmd4Hf7Vwoj0wDQYJKoZIhvcNAQEL
      BQAwKDEmMCQGA1UEAxMdUG9zaXRpdmUgVGVjaG5vbG9naWVzIFJvb3QgQ0EwHhcN
      MjUwODI5MDczNzQxWhcNMzUwODI3MDczODExWjAqMSgwJgYDVQQDEx9Qb3NpdGl2
      ZSBUZWNobm9sb2dpZXMgSXNzdWVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
      MIICCgKCAgEA34P9u1zG7cjKgX0XnpFYetAnAiUMWfUyT5dZlG1UUyl7QusZuGKa
      QesnSe9YMdutdfGf5UH3y40aFyIbbfNJjHYQOJpWSWx8f5qGR2JvpoeeT5LgURmS
      WRaL3nhKZ/fH9ts5VlMWIOcOSo7bqrG4lAnQGh/hmH7sfOO0nKwfp1MGBrbz8e/3
      KbhF4QprVvV00wV1ByfPgsvP4aoeYxMFZ16Sxb+XuIwgVKsyNh/AP5fMgi7G94sY
      TZSj4BW9Wy/YXX1LsxzXekB8w1yzi/c2neBU2XX1WnVLuRVVFWGVkXNFRrZW42EA
      kL72vi4FsON7nWLF9qi4kTrQh8P0E6bpWLgn0HulgDH1EmP24hdY2eyj7M9eIeoG
      NDyele4ectiTnPDM58VlvabLDRqJs69AWWr3Us1JSvccGp38WIRRiHcvrqPHhE9w
      kd5kWB44/pwN6amT745raqL+bVAH6CXyPiLg+X2m/Ig9s5r51Tz2UJBrIdesUAez
      qOazinjjxJZ4CmW5/W+in5BUBc4SaJBBjdPqqfkAHvsTs3ibwpwZpwJZKjdqwhPP
      eRuoL7t2AvzgIc2LjqcqA0ekMXJ+fBzbO7a2eTzYaSh9ZkTOT4Tw+JCvLo50HGUm
      vUcf8J67Hy6DbiOGng8jfqwV//8A7fFrMpXh2zkmXSpVcuNb7bcRf8kCAwEAAaOC
      AR8wggEbMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
      BBRbB9XM59NmtPkwsY+MVVmVM8pjpDAfBgNVHSMEGDAWgBSUbzien/0Ax/XCgNn9
      OoJLxt3VszB8BggrBgEFBQcBAQRwMG4wNgYIKwYBBQUHMAGGKmh0dHA6Ly9wa2ku
      cHRzZWN1cml0eS5jb20vdjEvcGtpX3Jvb3Qvb2NzcDA0BggrBgEFBQcwAoYoaHR0
      cDovL3BraS5wdHNlY3VyaXR5LmNvbS92MS9wa2lfcm9vdC9jYTA6BgNVHR8EMzAx
      MC+gLaArhilodHRwOi8vcGtpLnB0c2VjdXJpdHkuY29tL3YxL3BraV9yb290L2Ny
      bDANBgkqhkiG9w0BAQsFAAOCAgEAm5Z+vg6nBg2oR/1ukDARctEIvZj5ntaE92bh
      laFd+nLFU3javVIDhWQCbgpXw0bemT009HfF2yulFFiIonEYcmEdF2xrmWOI7mko
      Z/dTw8dGGSoW3e+XZwpdIbTQNPGGp7EpSh6USu/kp15Q9lgvUAcbfCk3i9i3ENYi
      m05WHbQQem+sKJwsfpcv+xsDNUVNNvXKWg6SA78r6Wv1bNr4AalwPlbCkZompsDW
      ayLUGietrbMiUdEi/Tdfo9LwpEKAlJkGSJSKO/lGIUkGe8iJotGX8nfjt9kY2AfE
      NLCVku4imJwJPNGw+tfTyeiNjsU7Gx+jkTrUAk6FmkR9n7u6cnRXO4rAreftbDBr
      pV9YSGFcTEWSjQeF2Y1kZuxtPmS0m9gdstcrWtPdbpP6qWYjhl6T5vs4So4A9xzt
      0F4DHiQb4UGV+LUK98Gbx9mTVZOZLckW2xU27kyvGqLaTRXCrU/ij9q46nJTGicl
      ZPmtQ45pMlmIjp5xv9vQ5d7ULjb/B683SJGeKrk8HyUUFY/ZCP3QNN9z1oD2oD/w
      T8qiuPJE+vh07y92SUDEQKaEh2AXbjptzZJH57TKlEC932HaJZcvTdEfaGH6Emzu
      7DjYj0+4SuTN629SwU7DwEvrWtZXTCwg7ubpQRr+Bv4A1k/zNLAWk8PXmh5cE/ki
      CnRHY8o=
      -----END CERTIFICATE-----
    ''
  ];
 in
 {
  security.pki.certificates = ptCerts;
 }
--- a/nix.nix
+++ b/nix.nix
@@ -25,6 +25,7 @@
        "nix-command"
        "flakes"
      ];
      download-buffer-size = 524288000;
      log-lines = 30;
      min-free = mkDefault "${toString (5 * 1024 * 1024 * 1024)}";
      max-free = mkDefault "${toString (10 * 1024 * 1024 * 1024)}";
--- a/options.nix
+++ b/options.nix
@@ -5,10 +5,5 @@
      type = lib.types.int;
      default = 10;
    };
    hm = lib.mkOption {
      type = lib.types.attrsOf lib.types.anything;
      default = { };
    };
  };
 }
--- a/quirks/steam.nix
+++ b/quirks/steam.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ pkgs, ... }:
 {
  imports = [
    ./32bit.nix
@@ -7,4 +7,8 @@
  hardware = {
    steam-hardware.enable = true;
  };
  environment.systemPackages = [
    pkgs.steam-devices-udev-rules
  ];
 }
--- a/roles/default.nix
+++ b/roles/default.nix
@@ -10,7 +10,7 @@
      enable = true;
      enableUserSlices = lib.mkDefault true;
      enableSystemSlice = lib.mkDefault true;
-      extraConfig = {
+      settings.OOM = {
        DefaultMemoryPressureDurationSec = lib.mkDefault "20s";
        DefaultMemoryPressureLimit = lib.mkDefault "50%";
      };
@@ -39,6 +39,16 @@
  };
  services = {
    kubo = {
      enable = lib.mkDefault true;
      enableGC = lib.mkDefault true;
      settings = {
        Addresses = {
          API = "/ip4/127.0.0.1/tcp/5001";
        };
      };
    };
    openssh = {
      enable = lib.mkDefault true;
      settings = {
--- a/roles/desktop.nix
+++ b/roles/desktop.nix
@@ -82,8 +82,13 @@ in
    };
    pam = {
-      yubico.enable = true;
+      u2f = {
-      yubico.mode = "challenge-response";
+        enable = true;
        settings = {
          cue = true;
        };
      };
      services.sddm.u2fAuth = true;
    };
  };
@@ -100,7 +105,22 @@ in
    };
    pipewire = {
-      wireplumber.enable = true;
+      wireplumber = {
        enable = true;
        extraConfig."99-disable-suspend" = {
          "monitor.alsa.rules" = [
            {
              matches = [
                { "node.name" = "~alsa_input.*"; }
                { "node.name" = "~alsa_output.*"; }
              ];
              actions.update-props = {
                "session.suspend-timeout-seconds" = 0;
              };
            }
          ];
        };
      };
      audio.enable = true;
      enable = true;
@@ -114,7 +134,9 @@ in
    btrfs.autoScrub.interval = "weekly";
-    flatpak.enable = true;
+    flatpak = {
      enable = true;
    };
    printing = {
      enable = lib.mkDefault true;
@@ -145,20 +167,17 @@ in
  environment.systemPackages = with pkgs; [
    mesa
    wl-clipboard
    steam-run
    pam_u2f
    fuse
    obsidian
    telegram-desktop
    keepassxc
    gimp
    mpv
    ffmpeg
    yt-dlp
    avidemux
    krita
    krita-plugin-gmic
    # onlyoffice-desktopeditors
    libreoffice-qt-fresh
    thunderbird-latest
@@ -168,6 +187,11 @@ in
  ];
  programs = {
    appimage = {
      enable = true;
      binfmt = true;
    };
    nix-ld = {
      enable = true;
      libraries = [
--- a/roles/steamos.nix
+++ b/roles/steamos.nix
@@ -12,6 +12,10 @@
        type = lib.types.bool;
        default = false;
      };
      displayName = lib.mkOption {
        type = lib.types.str;
        default = "DP-1";
      };
    };
  };
@@ -31,7 +35,6 @@
    services.xserver.enable = false;
    # Современные видеодрайверы
    hardware = {
      graphics = {
        enable = true;
@@ -53,11 +56,12 @@
        enable = true;
        gamescopeSession.enable = true;
-        remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+        remotePlay.openFirewall = true;
-        dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+        dedicatedServer.openFirewall = true;
        localNetworkGameTransfers.openFirewall = true;
      };
    };
    services.getty.autologinUser = "steam";
    environment = {
      loginShellInit = ''
@@ -69,6 +73,7 @@
      home.file."gs.sh" = {
        text = ''
          #!/usr/bin/env bash
          set -xeuo pipefail
          gamescopeArgs=(
@@ -76,7 +81,7 @@
              --hdr-enabled
              --rt
              --steam
-              -S DP-1
+              -S ${config.steamos.displayName}
          )
          steamArgs=(
              -pipewire-dmabuf
--- a/specialisations/default.nix
+++ b/specialisations/default.nix
@@ -21,7 +21,7 @@
    spectacle
    elisa
    dolphin-plugins
-    xwaylandvideobridge
+    kgpg
  ];
  programs = {
--- a/specialisations/gnome.nix
+++ b/specialisations/gnome.nix
@@ -1,61 +0,0 @@
 { pkgs, lib, ... }:
 {
  specialisation.gnome.configuration = {
    system.nixos.tags = [ "gnome" ];
    services = {
      displayManager = {
        defaultSession = lib.mkForce "gnome";
        sddm.enable = lib.mkForce false;
        gdm = {
          enable = true;
          wayland = true;
          autoSuspend = true;
          banner = ''
            Оставь надежду
            Всяк сюда входящий
          '';
        };
      };
      desktopManager = {
        plasma6.enable = lib.mkForce false;
        gnome.enable = true;
      };
      hardware.bolt.enable = true;
      gnome = {
        core-os-services.enable = true;
        gnome-keyring.enable = true;
        gnome-settings-daemon.enable = true;
        core-shell.enable = true;
      };
    };
    programs.evolution = {
      enable = true;
      plugins = [ pkgs.evolution-ews ];
    };
    environment = {
      variables = {
        XCURSOR_THEME = "Adwaita";
      };
      gnome.excludePackages = with pkgs; [
        geary
        epiphany
        gnome-calendar
      ];
    };
    xdg.portal = {
      config.common = {
        default = lib.mkForce [
          "gnome"
        ];
      };
      extraPortals = lib.mkForce [
        pkgs.xdg-desktop-portal-gnome
      ];
    };
  };
 }
Author	SHA1	Message	Date
derfenix	82f1a5b92d	Flake update, return vivaldi from nixpkgs	2025-12-05 01:32:30 +03:00
derfenix	cb686c36ec	Add yamdex-cloud cli, update home-manager to 25.11	2025-12-02 20:42:12 +03:00
derfenix	9864dbd348	Switch to 25.11	2025-12-01 02:47:23 +03:00
derfenix	76389b1902	Add niri module, flake update	2025-12-01 02:43:59 +03:00
derfenix	658a645080	Use flatpacked vivaldi, flake update	2025-11-23 10:20:20 +03:00
derfenix	b1f5a9fd6b	Flake update	2025-11-17 14:03:48 +03:00
derfenix	0316fb2b6c	Use clever yubilock	2025-11-16 02:29:56 +03:00
derfenix	b4afe2581e	Add appimage support and fuse package	2025-11-16 00:34:23 +03:00
derfenix	c50b7355ee	Flake update	2025-11-14 00:03:59 +03:00
derfenix	517b9b7957	Yubilock conflict with keepassxc+yubikey	2025-11-14 00:03:49 +03:00
derfenix	8a99abdca9	Enable ipfs web ui	2025-11-11 23:43:49 +03:00
derfenix	528c1b4063	Flake update	2025-11-11 23:09:14 +03:00
derfenix	72d5e80d44	Add cups package for lpr	2025-11-11 23:08:07 +03:00
derfenix	c319570c30	Add yubilock quirk and enable kubo service	2025-11-09 12:28:22 +03:00
derfenix	06e871c578	Flake update	2025-11-08 17:36:47 +03:00
derfenix	6dd62ba2f5	Add git include	2025-11-07 09:16:17 +03:00
derfenix	d732a2ff44	Flake update	2025-11-06 16:04:01 +03:00
derfenix	0bb28c7644	Cleanup	2025-11-06 14:06:07 +03:00
derfenix	3da1db7631	Flake update, cleanup	2025-11-05 17:24:23 +03:00
derfenix	f59e7aa05c	Packages refactoring	2025-11-04 23:04:22 +03:00
derfenix	41d99f6f33	Steamos role refactoring	2025-11-04 22:58:08 +03:00
derfenix	bb59ec35e6	Enable u2f auth	2025-11-04 22:57:47 +03:00
derfenix	b66a6cb1cd	Flake update	2025-11-04 01:11:10 +03:00
derfenix	636847dd30	Add firefox, fix ssh config, flake update	2025-11-02 14:28:39 +03:00
derfenix	ce07587897	Flake update	2025-10-23 10:26:49 +03:00
derfenix	9d8a66facd	Flake update, use goland and rust from stable, add kdenlive for fenix@fenixpc	2025-10-14 18:02:42 +03:00
derfenix	9b71a9e223	Flake update, update oom config, disable avidemux and remove gnome specialization (due to cmake)	2025-10-07 18:30:06 +03:00
derfenix	35924eebcf	Flake update	2025-10-07 18:14:21 +03:00
derfenix	50acaee3ef	Flake update	2025-10-05 19:43:34 +03:00
derfenix	1cf25bbb1d	Flake update	2025-09-25 13:27:43 +03:00
derfenix	1576279891	Flake update	2025-09-21 11:42:30 +03:00
derfenix	ed23362da1	Flake update	2025-09-19 18:27:46 +03:00
derfenix	33658c20eb	Refactoring and fixing	2025-09-16 19:51:36 +03:00
derfenix	c5320ce825	Enable prgrams.ssh, add software	2025-09-12 07:39:36 +03:00
derfenix	9af0b2d108	Use obsidian hm program	2025-09-10 08:47:57 +03:00
derfenix	6932e9e184	Flake update	2025-09-10 08:47:24 +03:00
derfenix	11c2e2fa9f	Calibre-web workaround	2025-09-10 08:47:13 +03:00
derfenix	355e3c9ef9	Add inkscape	2025-09-09 22:39:29 +03:00
derfenix	cc4b113642	Add pt certificates	2025-09-09 17:44:45 +03:00
derfenix	464feaff9c	Try to disable sound cards auto suspend	2025-09-08 12:35:03 +03:00
derfenix	f4402561a9	Add rust development	2025-09-04 11:53:13 +03:00
derfenix	7301ecb77e	Join users group	2025-09-03 22:12:34 +03:00
derfenix	02200a1a7d	Add calibre and transmission client	2025-09-03 22:12:17 +03:00
derfenix	6e02ce3b15	Add steam-devices-udev-rules for steam quirk	2025-09-02 22:59:31 +03:00