big refactor

2025-12-06 07:16:37 +03:00 · 2024-03-23 05:50:22 +03:00 · 2024-03-23 05:50:22 +03:00 · 4fc15d34f1
parent 46793e991d
commit 4fc15d34f1
26 changed files with 988 additions and 1050 deletions
--- a/hosts/dlaptop/apps.nix
+++ b/hosts/dlaptop/apps.nix
@ -1,4 +1,4 @@
-{ pkgs, lib, inputs, stable, ... }:
+{ pkgs, lib, inputs, stable, self, ... }:
 let
  lock-false = {
    Value = false;
@ -9,14 +9,13 @@ let
    Status = "locked";
  };
 in {
  users.users.delta.packages = (with pkgs; [
    git
    chromium
    wl-clipboard
    wl-clipboard-x11
-    (callPackage ../../derivations/audiorelay.nix { })
+    (callPackage "${self}/derivations/audiorelay.nix" { })
-    (callPackage ../../derivations/spotify.nix { })
+    (callPackage "${self}/derivations/spotify.nix" { })
    #(callPackage ../derivations/nu_plugin_dns.nix { })
    xorg.xwininfo
    jq
@ -44,7 +43,9 @@ in {
    vesktop
    localsend
    trayscale
-    # inputs.firefox.packages.${pkgs.system}.firefox-bin
+    fishPlugins.done
    monero-gui
    inputs.telegram-desktop-patched.packages.${pkgs.system}.default
  ]);
  programs.firefox = {
@ -115,4 +116,14 @@ in {
        ];
    };
  };
  programs.thunar.enable = true;
  programs.xfconf.enable = true;
  programs.virt-manager.enable = true;
  programs.steam.enable = true;
  programs.gamemode.enable = true;
  programs.thunar.plugins = with pkgs.xfce; [
    thunar-archive-plugin
    thunar-volman
  ];
 }
--- a/apps/gnome.nix
+++ b/apps/gnome.nix
@ -0,0 +1,189 @@
 { pkgs, lib, inputs, ... }: with lib.gvariant;
 let
 #  wallpaper = pkgs.stdenv.mkDerivation {
 #    name = "wallpaper";
 #    phases = [ "installPhase" ];
 #    installPhase = ''
 #      mkdir -p $out/share/backgrounds
 #      cp ${../wallpaper.png} $out/share/backgrounds/wallpaper.png
 #    '';
 #  };
 in 
 {
  #imports = [
  #  inputs.home-manager.nixosModules.home-manager
  #];
  nixpkgs.overlays = [
    (final: prev: {
      gnome = prev.gnome.overrideScope' (gnomeFinal: gnomePrev: {
        mutter = gnomePrev.mutter.overrideAttrs (old: {
          src = pkgs.fetchgit {
            url = "https://gitlab.gnome.org/vanvugt/mutter.git";
            # GNOME 45: triple-buffering-v4-45
            rev = "0b896518b2028d9c4d6ea44806d093fd33793689";
            sha256 = "sha256-mzNy5GPlB2qkI2KEAErJQzO//uo8yO0kPQUwvGDwR4w=";
          };
        });
      });
    })
  ];
  programs.dconf.enable = true;
  programs.dconf.profiles.user.databases = [
    { 
      settings = {
        "org/gnome/mutter" = {
          experimental-features = [ "scale-monitor-framebuffer" ];
        };
        "org/gnome/settings-daemon/plugins/media-keys" = {
          custom-keybindings = [
            "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
            "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
          ];
        };
        "org/gnome/shell/keybindings" = {
          show-screenshot-ui = [ "<Shift><Super>s" ];
        };
        "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
          binding = "<Alt>Return";
          command = "/etc/profiles/per-user/delta/bin/kitty_wrapped";
          name = "kitty";
        };
        "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
          binding = "<Control><Alt>x";
          command = "/etc/profiles/per-user/delta/bin/keepassxc";
          name = "keepassxc";
        };
        "org/gnome/desktop/sound" = {
          allow-volume-above-100-percent = true;
        };
        "org/gnome/desktop/wm/keybindings" = {
          # close = mkEmptyArray (type.string);
          # switch-input-source = [ "<Shift>Alt_L" ];
          # switch-input-source-backward = [ "<Alt>Shift_L" ];
        };
        "org/gnome/desktop/interface" = {
          icon-theme = "Papirus-Dark";
          color-scheme = "prefer-dark";
          gtk-theme = "adw-gtk3-dark";
        };
        "org/gnome/shell" = {
          favorite-apps = [
            "firefox.desktop" 
            "vesktop.desktop"
            "org.telegram.desktop.desktop" 
            "spotify.desktop" 
            "kitty.desktop" 
            "org.gnome.Nautilus.desktop"
          ];
          disable-user-extensions = false;
          enabled-extensions = [
            "activate-window-by-title@lucaswerkmeister.de" 
            "appindicatorsupport@rgcjonas.gmail.com" 
            "clipboard-indicator@tudmotu.com" 
            "gsconnect@andyholmes.github.io"
            "tailscale@joaophi.github.com"
            "unite@hardpixel.eu" 
            "user-theme@gnome-shell-extensions.gcampax.github.com"
            "pip-on-top@rafostar.github.com"
            "cloudflare-warp-toggle@khaled.is-a.dev"
          ];
        };
        "org/gnome/desktop/input-sources" = {
          mru-sources = [ (mkTuple [ "xkb" "us" ]) ];
          sources = [ (mkTuple [ "xkb" "us" ]) (mkTuple [ "xkb" "ru" ]) ];
          xkb-options = [ "terminate:ctrl_alt_bksp" "lv3:switch" "compose:ralt" ];
        };
        "org/gnome/desktop/screensaver" = {
          lock-enabled = true;
        };
        "org/gnome/desktop/notifications" = {
          show-in-lock-screen = false;
        };
        "org/gnome/desktop/session" = {
          idle-delay = mkUint32 0;
        };
        "org/gnome/shell/extensions/unite" = {
          enable-titlebar-actions = true; 
          extend-left-box = false;
          hide-activities-button = "never";
          hide-app-menu-icon = false;
          notifications-position = "center";
          reduce-panel-spacing = true;
          restrict-to-primary-screen = false;
          show-appmenu-button = true;
          show-desktop-name = false;
          show-legacy-tray = false;
          show-window-buttons = "never";
          show-window-title = "never";
        };
        #"org/gnome/shell/extensions/user-theme" = {
        #  name = "Mojave-Dark-solid-alt";
        #};
        "org/gnome/shell/weather" = {
          automatic-location = true;
        };
        #"org/gnome/desktop/background" = {
        #  picture-uri = "file:///run/current-system/sw/share/backgrounds/wallpaper.png";
        #  picture-uri-dark = "file:///run/current-system/sw/share/backgrounds/wallpaper.png";
        #};
        "org/gnome/desktop/peripherals/touchpad" = {
          tap-to-click = true;
        };
        "org/gnome/settings-daemon/plugins/power" = {
          sleep-inactive-ac-type = "nothing";
        };
        "org/gnome/settings-daemon/plugins/power" = {
          sleep-inactive-battery-timeout = mkUint32 300;
        };
      };
    }
  ];
  environment.systemPackages = with pkgs; [
    gnomeExtensions.appindicator
    gnomeExtensions.activate-window-by-title
    gnomeExtensions.unite
    gnomeExtensions.tailscale-qs
    gnomeExtensions.gsconnect
    gnomeExtensions.clipboard-indicator
    gnomeExtensions.pip-on-top
    gnomeExtensions.cloudflare-warp-toggle
    gnomeExtensions.tiling-assistant
    gnome.gnome-tweaks
    mojave-gtk-theme
    adw-gtk3
    papirus-icon-theme
    #wallpaper
  ];
  environment.gnome.excludePackages = with pkgs.gnome; [
    pkgs.gnome-text-editor
    pkgs.gnome-tour
    pkgs.orca
    epiphany
    geary
    gnome-backgrounds
    gnome-calendar
    gnome-characters
    gnome-clocks
    gnome-contacts
    gnome-font-viewer
    gnome-logs
    gnome-maps
    gnome-music
    gnome-weather
    simple-scan
    sushi
    totem
    yelp
  ];
  services.gnome = {
    gnome-browser-connector.enable = false;
    gnome-initial-setup.enable = false;
    gnome-online-accounts.enable = false;
  };
 }
--- a/hosts/dlaptop/scripts.nix
+++ b/hosts/dlaptop/scripts.nix
@ -76,6 +76,7 @@ let
  keepassxc = pkgs.writeScriptBin "keepassxc" ''
    #!/usr/bin/env bash
    ${pkgs.coreutils}/bin/base64 -d ${config.sops.secrets.qqq.path} | ${pkgs.keepassxc}/bin/keepassxc --pw-stdin ~/Dropbox/pswd.kdbx
    ${pkgs.glib}/bin/gdbus call --session --dest org.gnome.Shell --object-path /de/lucaswerkmeister/ActivateWindowByTitle --method de.lucaswerkmeister.ActivateWindowByTitle.activateByWmClass 'org.keepassxc.KeePassXC'
  '';
  keepassxcDesktopItem = pkgs.makeDesktopItem {
@ -103,6 +104,7 @@ let
    ${pkgs.coreutils}/bin/sleep 5
    ${pkgs.gtk3}/bin/gtk-launch dropbox.desktop
    ${pkgs.gtk3}/bin/gtk-launch org.keepassxc.KeePassXC.desktop
    gsettings set org.gnome.desktop.interface cursor-size 16
    exit 0
  '';
@ -113,14 +115,24 @@ let
    exec = "/etc/profiles/per-user/delta/bin/autostart";
    type = "Application";
  };
  firefoxRussia = pkgs.writeScriptBin "firefox-russia" ''
    #!/usr/bin/env bash
    firejail --blacklist="/var/run/nscd" --ignore="include whitelist-run-common.inc" --net=$(${pkgs.iproute2}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5}') --dns=77.88.8.1 firefox --class firefox-russia --name firefox-russia -P russia -no-remote
  '';
  firefoxRussiaDesktopItem = pkgs.makeDesktopItem {
    name = "firefox-russia";
    desktopName = "Firefox Russia";
    icon = "firefox-developer-edition";
    exec = "firefox-russia";
  };
 in {
-  users.users.delta.packages = with pkgs; [
+  users.users.delta.packages = [
    ephemeralbrowser
    ephemeralbrowserDesktopItem
    keepassxc
    keepassxcDesktopItem
    kitty_wrapped
-    autostart
+    ephemeralbrowser  ephemeralbrowserDesktopItem
-    autostartDesktopItem
+    keepassxc         keepassxcDesktopItem
    autostart         autostartDesktopItem
    firefoxRussia     firefoxRussiaDesktopItem
  ];
 }
--- a/hosts/dlaptop/socks.nix
+++ b/hosts/dlaptop/socks.nix
@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, inputs, ... }:
 let
  socksBuilder = attrs:
    {
@ -30,38 +30,49 @@ let
  socksed = [
    { name = "singbox-aus"; script = "sing-box run -c /run/secrets/singbox-aus";   } # port 4000
-    #{ name = "socks-warp"; script = "wireproxy -c /etc/wireguard/warp0.conf";     } # port 3333
+    { name = "socks-warp"; script = "wireproxy -c /etc/wireguard/warp0.conf";     } # port 3333
  ];
-  start_novpn = pkgs.writeScriptBin "start_novpn" ''
+  delete_rules = pkgs.writeScriptBin "delete_rules" ''
    #!${pkgs.bash}/bin/bash
-    configure_rules() {
+    default_gateway=$(cat /etc/netns/novpn/default_gateway)
-      ip rule del fwmark 100 table 150
+    default_interface=$(cat /etc/netns/novpn/default_interface)
    ip rule del fwmark 150 table 150
    ip rule del from 192.168.150.2 table 150
    ip rule del to 192.168.150.2 table 150
    ip route del default via $default_gateway dev $default_interface table 150
    ip route del 192.168.150.2 via 192.168.150.1 dev novpn0 table 150
    iptables -t nat -D POSTROUTING -o "$default_interface" -j MASQUERADE
  '';
-      ip rule add fwmark 100 table 150
+  start_novpn = pkgs.writeScriptBin "start_novpn" ''
    #!${pkgs.bash}/bin/bash
    add_rules() {
      ip rule add fwmark 150 table 150
      ip rule add from 192.168.150.2 table 150
      ip rule add to 192.168.150.2 table 150
      ip route add default via $default_gateway dev $default_interface table 150 
      ip route add 192.168.150.2 via 192.168.150.1 dev novpn0 table 150
      iptables -t nat -A POSTROUTING -o "$default_interface" -j MASQUERADE
    }
-    default_gateway=$(ip route | awk '/default/ {print $3}')
+    set_gateway() {
-    default_interface=$(ip route | awk '/default/ {print $5}')
+      default_interface_new=$(ip route | awk '/default/ {print $5}')
      default_gateway_new=$(ip route | awk '/default/ {print $3}')
-    if [[ -z "$default_interface" ]]; then
+      if [[ ! -z "$default_interface_new" && ! -z "$default_gateway_new" ]]; then
-      echo "No default interface"
+        default_interface=$default_interface_new
-      exit 1
+        default_gateway=$default_gateway_new
        echo "$default_gateway" > /etc/netns/novpn/default_gateway
        echo "$default_interface" > /etc/netns/novpn/default_interface
      fi
    }
    mkdir -p /etc/netns/novpn/
    echo "nameserver 1.1.1.1" > /etc/netns/novpn/resolv.conf
    echo "nameserver 1.1.0.1" >> /etc/netns/novpn/resolv.conf
    sysctl -wq net.ipv4.ip_forward=1
    iptables -t nat -A POSTROUTING -o "$default_interface" -j MASQUERADE
    ip link add novpn0 type veth peer name novpn1
    ip link set novpn1 netns novpn
@ -72,21 +83,20 @@ let
    ip netns exec novpn ip link set novpn1 up
    ip netns exec novpn ip route add default via 192.168.150.1
-    configure_rules
+    set_gateway
    if [[ -z "$default_interface" ]]; then
      echo "No default interface"
      exit 1
    fi
    add_rules
    sleep 3
    ip monitor route | while read -r event; do
      case "$event" in
          'local '*)
-            default_interface_new=$(ip route | awk '/default/ {print $5}')
+            ${delete_rules}/bin/delete_rules
-            default_gateway_new=$(ip route | awk '/default/ {print $3}')
+            set_gateway
-
+            add_rules
            if [[ ! -z "$default_interface_new" && ! -z "$default_gateway_new" ]]; then
              default_interface=$default_interface_new
              default_gateway=$default_gateway_new
            fi
            configure_rules
          ;;
      esac
    done
@ -94,22 +104,25 @@ let
  stop_novpn = pkgs.writeScriptBin "stop_novpn" ''
    #!${pkgs.bash}/bin/bash
    ${delete_rules}/bin/delete_rules
    rm -rf /etc/netns/novpn/
    ip rule del fwmark 100 table 150
    ip rule del from 192.168.150.2 table 150
    ip rule del to 192.168.150.2 table 150
    ip link del novpn0
    ip netns del novpn
    rm -rf /var/run/netns/novpn/
    exit 0
  '';
 in {
  users.users.socks = {
    group = "socks";
    isSystemUser = true;
  };
-  novpn = {
+  users.groups.socks = {};
  systemd.services = builtins.listToAttrs (map socksBuilder socksed) // { novpn = {
    enable = true;
    description = "novpn namespace";
    after = [ "network-online.target" ];
    wantedBy = [ "multi-user.target" ];
-    wants = map (s: "${s.name}.service") socksed;
+    wants = map (s: "${s.name}.service") socksed ++ [ "network-online.target"];
    serviceConfig = {
      Restart = "on-failure";
@ -121,20 +134,23 @@ let
    preStart = "${stop_novpn}/bin/stop_novpn && ip netns add novpn";
    path = with pkgs; [ gawk iproute2 iptables sysctl coreutils ];
-  };
+  };};
 in {
  users.users.socks = {
    group = "socks";
    isSystemUser = true;
  };
-  users.groups.socks = {};
+  users.users.delta.packages = [
-  systemd.services = builtins.listToAttrs (map socksBuilder socksed) // { novpn = novpn; };
+    (pkgs.writeScriptBin "nyx" ''sudo -u tor -g tor ${inputs.nixpkgs-2105.legacyPackages."x86_64-linux".nyx}/bin/nyx $@'')
  ];
-  users.users.delta.packages = [ (pkgs.makeDesktopItem {
+  services.tor = {
-   name = "firefox-russia";
+    enable = true;
-   desktopName = "Firefox Russia";
+    client = {
-   icon = "firefox-developer-edition";
+      enable = true;
-   exec = ''firejail --blacklist="/var/run/nscd" --ignore="include whitelist-run-common.inc" --netns=novpn firefox -P russia -no-remote'';
+      socksListenAddress = 9063;
-  }) ];
+    };
    settings = {
      Socks5Proxy = "192.168.150.2:3333";
      ControlPort = 9051;
      CookieAuthentication = true;
    };
  };
 }
--- a/hosts/dlaptop/work.nix
+++ b/hosts/dlaptop/work.nix
@ -308,7 +308,7 @@ let
  };
 in
 {
-  users.users.delta.packages = with pkgs; [
+  users.users.delta.packages = [
    kittyWork
    kittyWorkDesktopItem
    firefoxWork
--- a/firmware/TAS2XXX38BB.bin
+++ b/firmware/TAS2XXX38BB.bin
--- a/firmware/TIAS2781RCA4.bin
+++ b/firmware/TIAS2781RCA4.bin
--- a/firmware/slim7-ssdt
+++ b/firmware/slim7-ssdt
--- a/flake.lock
+++ b/flake.lock
@ -21,61 +21,6 @@
        "type": "github"
      }
    },
    "cachix": {
      "locked": {
        "lastModified": 1635350005,
        "narHash": "sha256-tAMJnUwfaDEB2aa31jGcu7R7bzGELM9noc91L2PbVjg=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "1c1f5649bb9c1b0d98637c8c365228f57126f361",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-20.09",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "firefox": {
      "inputs": {
        "cachix": "cachix",
        "flake-compat": "flake-compat",
        "lib-aggregate": "lib-aggregate",
        "mozilla": "mozilla",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1709209504,
        "narHash": "sha256-szkYp24Xnxb2nsrHgQY3mVvty/humm+1zGXeZ78uA/k=",
        "owner": "nix-community",
        "repo": "flake-firefox-nightly",
        "rev": "9b78672ec1d66f393a7d7923adbbf7f398473dad",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "flake-firefox-nightly",
        "type": "github"
      }
    },
    "flake-compat": {
      "locked": {
        "lastModified": 1688025799,
        "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
        "owner": "nix-community",
        "repo": "flake-compat",
        "rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
@ -101,24 +46,6 @@
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1709126324,
        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_2": {
      "inputs": {
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1710146030,
        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
@ -140,83 +67,48 @@
        ]
      },
      "locked": {
-        "lastModified": 1706981411,
+        "lastModified": 1711133180,
-        "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
+        "narHash": "sha256-WJOahf+6115+GMl3wUfURu8fszuNeJLv9qAWFQl3Vmo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "652fda4ca6dafeb090943422c34ae9145787af37",
+        "rev": "1c2c5e4cabba4c43504ef0f8cc3f3dfa284e2dbb",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-23.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "lib-aggregate": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
        "lastModified": 1709208631,
        "narHash": "sha256-n+SCii/GQR3zjaZzjhGAjrQQlF+xjaGEjWdpDb4wJ3U=",
        "owner": "nix-community",
        "repo": "lib-aggregate",
        "rev": "1f03ac8dc3a54f68f55d36b5e7fc65afc302a3d7",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "lib-aggregate",
        "type": "github"
      }
    },
    "mozilla": {
      "flake": false,
      "locked": {
        "lastModified": 1704373101,
        "narHash": "sha256-+gi59LRWRQmwROrmE1E2b3mtocwueCQqZ60CwLG+gbg=",
        "owner": "mozilla",
        "repo": "nixpkgs-mozilla",
        "rev": "9b11a87c0cc54e308fa83aac5b4ee1816d5418a2",
        "type": "github"
      },
      "original": {
        "owner": "mozilla",
        "repo": "nixpkgs-mozilla",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1709128929,
+        "lastModified": 1710806803,
-        "narHash": "sha256-GWrv9a+AgGhG4/eI/CyVVIIygia7cEy68Huv3P8oyaw=",
+        "narHash": "sha256-qrxvLS888pNJFwJdK+hf1wpRCSQcqA6W5+Ox202NDa0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "c8e74c2f83fe12b4e5a8bd1abbc090575b0f7611",
+        "rev": "b06025f1533a1e07b6db3e75151caa155d1c7eb3",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-23.11",
+        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
-    "nixpkgs-lib": {
+    "nixpkgs-2105": {
      "locked": {
-        "lastModified": 1708821942,
+        "lastModified": 1659914493,
-        "narHash": "sha256-jd+E1SD59qty65pwqad2mftzkT6vW5nNFWVuvayh4Zw=",
+        "narHash": "sha256-lkA5X3VNMKirvA+SUzvEhfA7XquWLci+CGi505YFAIs=",
-        "owner": "nix-community",
+        "owner": "NixOS",
-        "repo": "nixpkgs.lib",
+        "repo": "nixpkgs",
-        "rev": "479831ed8b3c9c7b80533999f880c7d0bf6a491b",
+        "rev": "022caabb5f2265ad4006c1fa5b1ebe69fb0c3faf",
        "type": "github"
      },
      "original": {
-        "owner": "nix-community",
+        "owner": "NixOS",
-        "repo": "nixpkgs.lib",
+        "ref": "nixos-21.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
@ -319,9 +211,9 @@
    "root": {
      "inputs": {
        "anyrun": "anyrun",
        "firefox": "firefox",
        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs",
        "nixpkgs-2105": "nixpkgs-2105",
        "nixpkgs-stable": "nixpkgs-stable",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "secrets": "secrets",
@ -334,17 +226,17 @@
        "sops-nix": "sops-nix"
      },
      "locked": {
-        "lastModified": 1711051538,
+        "lastModified": 1711064484,
-        "narHash": "sha256-/fgXXCdvjvymM/wXivQ09gZI1u/z9Ld79iRg+et08Vo=",
+        "narHash": "sha256-v/o2GSHunWVWtLwcVvaakxXaWDazLfs9n1afjb5cXMA=",
        "ref": "refs/heads/main",
-        "rev": "1ac61646be7e98fb8a0a2722b37b194bb4c33569",
+        "rev": "0da88dbba8f7aa71a1692019825912ac377a5d1b",
-        "revCount": 1,
+        "revCount": 2,
        "type": "git",
-        "url": "ssh://git@github.com/deltathetawastaken/secrets"
+        "url": "ssh://git@github.com/deltathetawastaken/secrets.git"
      },
      "original": {
        "type": "git",
-        "url": "ssh://git@github.com/deltathetawastaken/secrets"
+        "url": "ssh://git@github.com/deltathetawastaken/secrets.git"
      }
    },
    "sops-nix": {
@ -381,24 +273,9 @@
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "telegram-desktop-patched": {
      "inputs": {
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
--- a/flake.nix
+++ b/flake.nix
@ -1,28 +1,29 @@
 {
  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.11";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
-    home-manager.url = "github:nix-community/home-manager/release-23.11";
+    nixpkgs-2105.url = "github:NixOS/nixpkgs/nixos-21.05";
    home-manager.url = "github:nix-community/home-manager";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
    firefox.url = "github:nix-community/flake-firefox-nightly";
    firefox.inputs.nixpkgs.follows = "nixpkgs";
    anyrun.url = "github:Kirottu/anyrun";
    anyrun.inputs.nixpkgs.follows = "nixpkgs-unstable";
    telegram-desktop-patched.url = "github:shwewo/telegram-desktop-patched";
-    secrets.url = "git+ssh://git@github.com/deltathetawastaken/secrets";
+    secrets.url = "git+ssh://git@github.com/deltathetawastaken/secrets.git";
    #agenix.url = "github:ryantm/agenix";
    #agenix.inputs.darwin.follows = "";
    #ragenix = {
    #  url = "github:yaxitech/ragenix";
    #  inputs.flake-utils.follows = "flake-utils";
    #  inputs.nixpkgs.follows = "nixpkgs";
    #};
  };
-  outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixpkgs-unstable, home-manager, firefox, anyrun, ... }: 
+  outputs = inputs @ { self, nixpkgs, home-manager, anyrun, ... }: 
  let
    pkgs = nixpkgs.legacyPackages."x86_64-linux";
    stable = import inputs.nixpkgs-stable { system = "x86_64-linux"; config = { allowUnfree = true; }; };
    unstable = import inputs.nixpkgs-unstable { system = "x86_64-linux"; config = { allowUnfree = true; }; };
    specialArgs = { inherit inputs self stable unstable homeSettings; };
    homeSettings = {
      home-manager.useGlobalPkgs = true;
      home-manager.useUserPackages = true;
      home-manager.users.delta = import ./home/home.nix;
      home-manager.extraSpecialArgs = specialArgs;
    };
  in {
    devShells."x86_64-linux".default = pkgs.mkShell {
      name = "delta";
@ -32,111 +33,20 @@
        pre-commit install &> /dev/null
      '';
    };
-    nixosConfigurations.dlaptop = nixpkgs-unstable.lib.nixosSystem {
+    nixosConfigurations.dlaptop = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
-      specialArgs = {
+      specialArgs = specialArgs;
-        inherit inputs;
+      modules = [ ./hosts/generic.nix ./hosts/dlaptop/system.nix ];
        stable = import nixpkgs-stable {
          system = "x86_64-linux";
          config = { allowUnfree = true; };
    };
-        unstable = import nixpkgs-unstable {
+    nixosConfigurations.intelnuc = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
-          config = { allowUnfree = true; };
+      specialArgs = specialArgs;
      modules = [ ./hosts/generic.nix ./hosts/intelnuc/system.nix ];
    };
-      };
+    nixosConfigurations.huanan = nixpkgs.lib.nixosSystem {
      modules = [
        ./hosts/generic.nix
        ./hosts/dlaptop/configuration.nix
        ./hosts/dlaptop/hardware-configuration.nix
        home-manager.nixosModules.home-manager
        inputs.secrets.nixosModules.dlaptop
        {
          home-manager.useGlobalPkgs = true;
          home-manager.useUserPackages = true;
          home-manager.users.delta = import ./home/home.nix;
          home-manager.extraSpecialArgs = {
            inherit inputs;
            stable = import nixpkgs-stable {
      system = "x86_64-linux";
-              config = { allowUnfree = true; };
+      specialArgs = specialArgs;
-            };
+      modules = [ ./hosts/generic.nix ./hosts/huanan/system.nix ];
            unstable = import nixpkgs-unstable {
              system = "x86_64-linux";
              config = { allowUnfree = true; };
    };
  };
 }
      ];
    };
    nixosConfigurations.intelnuc = nixpkgs-unstable.lib.nixosSystem {
      system = "x86_64-linux";
      specialArgs = {
        inherit inputs;
        stable = import nixpkgs-stable {
          system = "x86_64-linux";
          config = { allowUnfree = true; };
        };
        unstable = import nixpkgs-unstable {
          system = "x86_64-linux";
          config = { allowUnfree = true; };
        };
      };
      modules = [
        ./hosts/generic.nix
        ./hosts/intelnuc/configuration.nix
        ./hosts/intelnuc/hardware-configuration.nix
        inputs.secrets.nixosModules.intelnuc
      ];
    };
    nixosConfigurations.huanan = nixpkgs-unstable.lib.nixosSystem {
      system = "x86_64-linux";
      specialArgs = {
        inherit inputs;
        stable = import nixpkgs-stable {
          system = "x86_64-linux";
          config = { allowUnfree = true; };
        };
        unstable = import nixpkgs-unstable {
          system = "x86_64-linux";
          config = { allowUnfree = true; };
        };
      };
      modules = [
        ./hosts/generic.nix
        ./hosts/huanan/configuration.nix
        ./hosts/huanan/hardware-configuration.nix
        home-manager.nixosModules.home-manager
        {
          home-manager.useGlobalPkgs = true;
          home-manager.useUserPackages = true;
          home-manager.users.delta = import ./home/home.nix;
          home-manager.extraSpecialArgs = {
            inherit inputs;
            stable = import nixpkgs-stable {
              system = "x86_64-linux";
              config = { allowUnfree = true; };
            };
            unstable = import nixpkgs-unstable {
              system = "x86_64-linux";
              config = { allowUnfree = true; };
            };
          };
        }
      ];
    };
  #  devShells = flake-utils.lib.eachDefaultSystem (system: rec {
  #  pkgs = import nixpkgs {
  #    inherit system;
  #    overlays = [  ];
  #  };
  #  default = pkgs.mkShell {
  #    packages = [  ];
  #    # ...
  #  };
  #});
  };
 }
--- a/home/gnome.nix
+++ b/home/gnome.nix
@ -1,40 +0,0 @@
 { inputs, home, config, lib, ... }:
 {
  dconf = {
    enable = true;
    settings = {
      "org/gnome/settings-daemon/plugins/media-keys" = {
        custom-keybindings = [
          "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
          "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
        ];
      };
      "org/gnome/shell/keybindings" = {
        show-screenshot-ui = [ "<Shift><Super>s" ];
      };
      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
        binding = "<Alt>Return";
        command = "/etc/profiles/per-user/delta/bin/kitty_wrapped";
        name = "kitty";
      };
      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
        binding = "<Control><Alt>x";
        command = "/etc/profiles/per-user/delta/bin/keepassxc";
        name = "keepassxc";
      };
      "org/gnome/desktop/sound" = {
        allow-volume-above-100-percent = true;
      };
      "org/gnome/mutter" = {
         experimental-features = [ "scale-monitor-framebuffer" ];
       };
      #"org/gnome/mutter" = {
      #  experimental-features = lib.mkForce [ ];
      #};
      "org/gnome/settings-daemon/plugins/power".sleep-inactive-battery-timeout =
        300;
    };
  };
 }
--- a/home/home.nix
+++ b/home/home.nix
@ -5,22 +5,38 @@
  home.stateVersion = "23.11";
  imports = [ 
    ./programs 
    ./theme.nix
    ./gnome.nix
  ];
  services.blueman-applet.enable = true;
  services.network-manager-applet.enable = true;
  programs.vscode = {
      enable = true;
      package = pkgs.vscodium;
      extensions = with pkgs.vscode-extensions; [
-      bbenoist.nix
+        matklad.rust-analyzer
-      brettm12345.nixfmt-vscode
+        jnoortheen.nix-ide
      ];
      enableUpdateCheck = false;
      userSettings = {
        "window.titleBarStyle" = "custom";
        "nix.enableLanguageServer"= true;
        "nix.serverPath" = "${pkgs.nil}/bin/nil";
        "nix.serverSettings" = {
          nil = {
            formatting = {
              command = [ "${pkgs.nixfmt}/bin/nixfmt" ];
            };
          };
        };
      };
    };
  programs.git = {
    enable = true;
    userName  = "delta";
    userEmail = "delta@example.com";
  };
  #xdg.desktopEntries = {
--- a/home/programs/hypr/hyprland-environment.nix
+++ b/home/programs/hypr/hyprland-environment.nix
@ -1,25 +0,0 @@
 { config, pkgs, ... }:
 {
  home = {
    sessionVariables = {
      #EDITOR = "lvim";
      #BROWSER = "librewolf";
      #TERMINAL = "kitty";
      #GBM_BACKEND= "nvidia-drm";
      #__GLX_VENDOR_LIBRARY_NAME= "nvidia";
      #LIBVA_DRIVER_NAME= "nvidia"; # hardware acceleration
      __GL_VRR_ALLOWED = "1";
      #WLR_NO_HARDWARE_CURSORS = "1";
      #WLR_RENDERER_ALLOW_SOFTWARE = "1";
      CLUTTER_BACKEND = "wayland";
      WLR_RENDERER = "vulkan";
      XDG_CURRENT_DESKTOP = "Hyprland";
      XDG_SESSION_DESKTOP = "Hyprland";
      XDG_SESSION_TYPE = "wayland";
      MOZ_USE_XINPUT2 = "1";
    };
  };
 }
--- a/hosts/dlaptop/apps/gnome.nix
+++ b/hosts/dlaptop/apps/gnome.nix
@ -0,0 +1,191 @@
 { pkgs, lib, inputs, ... }: with lib.gvariant;
 let
 #  wallpaper = pkgs.stdenv.mkDerivation {
 #    name = "wallpaper";
 #    phases = [ "installPhase" ];
 #    installPhase = ''
 #      mkdir -p $out/share/backgrounds
 #      cp ${../wallpaper.png} $out/share/backgrounds/wallpaper.png
 #    '';
 #  };
 in 
 {
  #imports = [
  #  inputs.home-manager.nixosModules.home-manager
  #];
  nixpkgs.overlays = [
    (final: prev: {
      gnome = prev.gnome.overrideScope' (gnomeFinal: gnomePrev: {
        mutter = gnomePrev.mutter.overrideAttrs (old: {
          src = pkgs.fetchgit {
            url = "https://gitlab.gnome.org/vanvugt/mutter.git";
            # GNOME 45: triple-buffering-v4-45
            rev = "0b896518b2028d9c4d6ea44806d093fd33793689";
            sha256 = "sha256-mzNy5GPlB2qkI2KEAErJQzO//uo8yO0kPQUwvGDwR4w=";
          };
        });
      });
    })
  ];
  programs.dconf.enable = true;
  programs.dconf.profiles.user.databases = [
    { 
      settings = {
        "org/gnome/mutter" = {
          experimental-features = [ "scale-monitor-framebuffer" ];
        };
        "org/gnome/settings-daemon/plugins/media-keys" = {
          custom-keybindings = [
            "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
            "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
          ];
        };
        "org/gnome/shell/keybindings" = {
          show-screenshot-ui = [ "<Shift><Super>s" ];
        };
        "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
          binding = "<Alt>Return";
          command = "/etc/profiles/per-user/delta/bin/kitty_wrapped";
          name = "kitty";
        };
        "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
          binding = "<Control><Alt>x";
          command = "/etc/profiles/per-user/delta/bin/keepassxc";
          name = "keepassxc";
        };
        "org/gnome/desktop/sound" = {
          allow-volume-above-100-percent = true;
        };
        "org/gnome/desktop/wm/keybindings" = {
          # close = mkEmptyArray (type.string);
          # switch-input-source = [ "<Shift>Alt_L" ];
          # switch-input-source-backward = [ "<Alt>Shift_L" ];
        };
        "org/gnome/desktop/interface" = {
          icon-theme = "Papirus-Dark";
          color-scheme = "prefer-dark";
          gtk-theme = "adw-gtk3-dark";
        };
        "org/gnome/shell" = {
          favorite-apps = [
            "firefox.desktop" 
            "vesktop.desktop"
            "org.telegram.desktop.desktop" 
            "spotify.desktop" 
            "kitty.desktop" 
            "org.gnome.Nautilus.desktop"
          ];
          disable-user-extensions = false;
          enabled-extensions = [
            "activate-window-by-title@lucaswerkmeister.de" 
            "appindicatorsupport@rgcjonas.gmail.com" 
            "clipboard-indicator@tudmotu.com" 
            "gsconnect@andyholmes.github.io"
            "tailscale@joaophi.github.com"
            "unite@hardpixel.eu" 
            "user-theme@gnome-shell-extensions.gcampax.github.com"
            "pip-on-top@rafostar.github.com"
            "cloudflare-warp-toggle@khaled.is-a.dev"
          ];
        };
        "org/gnome/desktop/input-sources" = {
          mru-sources = [ (mkTuple [ "xkb" "us" ]) ];
          sources = [ (mkTuple [ "xkb" "us" ]) (mkTuple [ "xkb" "ru" ]) ];
          xkb-options = [ "terminate:ctrl_alt_bksp" "lv3:switch" "compose:ralt" ];
        };
        "org/gnome/desktop/screensaver" = {
          lock-enabled = true;
        };
        "org/gnome/desktop/notifications" = {
          show-in-lock-screen = false;
        };
        "org/gnome/desktop/session" = {
          idle-delay = mkUint32 0;
        };
        "org/gnome/shell/extensions/unite" = {
          enable-titlebar-actions = true; 
          extend-left-box = false;
          hide-activities-button = "never";
          hide-app-menu-icon = false;
          notifications-position = "center";
          reduce-panel-spacing = true;
          restrict-to-primary-screen = false;
          show-appmenu-button = true;
          show-desktop-name = false;
          show-legacy-tray = false;
          show-window-buttons = "never";
          show-window-title = "never";
        };
        #"org/gnome/shell/extensions/user-theme" = {
        #  name = "Mojave-Dark-solid-alt";
        #};
        "org/gnome/shell/weather" = {
          automatic-location = true;
        };
        #"org/gnome/desktop/background" = {
        #  picture-uri = "file:///run/current-system/sw/share/backgrounds/wallpaper.png";
        #  picture-uri-dark = "file:///run/current-system/sw/share/backgrounds/wallpaper.png";
        #};
        "org/gnome/desktop/peripherals/touchpad" = {
          tap-to-click = true;
        };
        "org/gnome/settings-daemon/plugins/power" = {
          sleep-inactive-ac-type = "nothing";
        };
        "org/gnome/settings-daemon/plugins/power" = {
          sleep-inactive-battery-timeout = mkUint32 300;
        };
      };
    }
  ];
  environment.systemPackages = with pkgs; [
    gnomeExtensions.appindicator
    gnomeExtensions.activate-window-by-title
    gnomeExtensions.unite
    gnomeExtensions.tailscale-qs
    gnomeExtensions.gsconnect
    gnomeExtensions.clipboard-indicator
    gnomeExtensions.pip-on-top
    gnomeExtensions.cloudflare-warp-toggle
    gnomeExtensions.tiling-assistant
    gnome.gnome-tweaks
    mojave-gtk-theme
    adw-gtk3
    papirus-icon-theme
    #wallpaper
  ];
  environment.gnome.excludePackages = with pkgs.gnome; [
    pkgs.gnome-text-editor
    pkgs.gnome-tour
    pkgs.orca
    epiphany
    geary
    gnome-backgrounds
    gnome-calendar
    gnome-characters
    gnome-clocks
    gnome-contacts
    gnome-font-viewer
    gnome-logs
    gnome-maps
    gnome-music
    gnome-weather
    simple-scan
    sushi
    totem
    yelp
  ];
  services.gnome = {
    gnome-browser-connector.enable = false;
    gnome-initial-setup.enable = false;
    gnome-online-accounts.enable = false;
  };
 }
--- a/hosts/dlaptop/configuration.nix
+++ b/hosts/dlaptop/configuration.nix
@ -1,414 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { inputs, stable, unstable, config, pkgs, age, lib, ... }:
 {
  time.timeZone = "Europe/Moscow";
  i18n.defaultLocale = "en_GB.UTF-8";
  # i18n.extraLocaleSettings = {
  #   #LC_TIME = "ru_RU.UTF-8";
  #   #LC_ALL = "en_GB.UTF-8";
  # };
  # age.rekey = {
  #   hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGGL2UD0frl9F2OPBiPlSQqxDsuACbAVgwH24F0KT14L delta@dlaptop";
  #   #masterIdentities = [ "/home/delta/.ssh/id_ed25519" ];
  #   masterIdentities = [ "/home/delta/.secrets/key.txt" ];
  #   storageMode = "local";
  #   localStorageDir = ../../secrets/rekeyed/${config.networking.hostName};
  # };
  imports = [ 
    ./socks.nix
    ./apps.nix
    ./work.nix
    ./scripts.nix
  ];
  hardware.opengl = {
    enable = true;
    driSupport = true;
    driSupport32Bit = true;
    extraPackages = [ pkgs.amdvlk ];
    extraPackages32 = [ pkgs.driversi686Linux.amdvlk ];
  };
  nixpkgs.overlays = [
    (final: prev: {
      gnome = prev.gnome.overrideScope' (gnomeFinal: gnomePrev: {
        mutter = gnomePrev.mutter.overrideAttrs (old: {
          src = pkgs.fetchgit {
            url = "https://gitlab.gnome.org/vanvugt/mutter.git";
            # GNOME 45: triple-buffering-v4-45
            rev = "0b896518b2028d9c4d6ea44806d093fd33793689";
            sha256 = "sha256-mzNy5GPlB2qkI2KEAErJQzO//uo8yO0kPQUwvGDwR4w=";
          };
        });
      });
    })
  ];
  environment.sessionVariables = {
    QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
    QT_QPA_PLATFORM = "wayland";
    STEAM_FORCE_DESKTOPUI_SCALING = "1";
    NIXOS_OZONE_WL = "1";
    XCURSOR_SIZE = "16";
  };
  #services.dnscrypt-proxy2 = {
  #  enable = true;
  #  settings = {
  #    ipv6_servers = true;
  #    require_dnssec = true;
  #    server_names = [ "cloudflare" ];
  #  };
  #};
  users.groups.no-net = {};
  #services.connman.wifi.backend = "iwd";
  networking = {
    hostName = "dlaptop";
    nameservers = [ "100.92.15.128" "fd7a:115c:a1e0::b21c:f80" ];
    networkmanager.dns = "none"; 
    networkmanager.enable = true;
    #wireless.iwd.enable = true;
    #networkmanager.wifi.backend = "iwd";
    useDHCP = lib.mkDefault true;
    interfaces.wlp1s0.proxyARP = true;
    iproute2.enable = true;
    firewall = {
      enable = true;
      allowedTCPPorts = [
        # qbittorrent
        4780 
        # audiorelay
        59100
        # localsend
        53317
        #syncthing
        22000
      ];
      allowedUDPPorts = [
        # audiorelay
        59100
        59200
        # localsend
        53317
        #syncthing
        22000
        21027
      ];
      allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; # kde connect
      allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
      checkReversePath = "loose";
      extraCommands = ''
        iptables -A OUTPUT -m owner --gid-owner no-net -j REJECT
      '';
    };
  };
  users.groups.cloudflared = { };
  users.users.cloudflared = {
    group = "cloudflared";
    isSystemUser = true;
  };
  users.groups.socks = { };
  services.cloudflared.enable = false;
  services.cloudflared.tunnels = {
    "dlaptop" = {
      default = "http_status:404";
      credentialsFile = "/run/secrets/cloudflared";
    };
  };
  systemd.services.cloudflared-tunnel-dlaptop.serviceConfig.Restart = lib.mkForce "on-failure";
  systemd.services.cloudflared-tunnel-dlaptop.serviceConfig.RestartSec = lib.mkForce 60;
  programs.captive-browser = {
    browser = ''firejail --ignore="include whitelist-run-common.inc" --private --profile=chromium ${pkgs.bash}/bin/bash -c '${pkgs.coreutils}/bin/env XDG_CONFIG_HOME="$PREV_CONFIG_HOME" ${pkgs.chromium}/bin/chromium --user-data-dir=''${XDG_DATA_HOME:-$HOME/.local/share}/chromium-captive --proxy-server="socks5://$PROXY" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost" --no-first-run --new-window --incognito -no-default-browser-check http://cache.nixos.org/' '';
    interface = "wlp1s0";
    enable = true;
  };
  security = {
    sudo.wheelNeedsPassword = false;
    wrappers = {
      firejail = { 
        source = "${pkgs.firejail.out}/bin/firejail"; 
      };
    };
    pam.loginLimits = [{ #needed for swaylock
      domain = "@users";
      item = "rtprio";
      type = "-";
      value = 1;
    }];
    pam.services.swaylock = { };
    rtkit.enable = true;
  };
  powerManagement.enable = true;
  services.power-profiles-daemon.enable = false;
  services.tlp = {
    enable = true;
    settings = {
      CPU_SCALING_GOVERNOR_ON_AC = "powersave";
      CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
      CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
      CPU_ENERGY_PERF_POLICY_ON_AC = "balance_performance";
      CPU_SCALING_MAX_FREQ_ON_AC = 6600000;
      CPU_SCALING_MAX_FREQ_ON_BAT = 1600000;
      PLATFORM_PROFILE_ON_AC = "balanced";
      PLATFORM_PROFILE_ON_BAT = "low-power";
      #Trubo boost control
      CPU_BOOST_ON_AC = 1;
      CPU_BOOST_ON_BAT = 1;
      CPU_HWP_DYN_BOOST_ON_AC = 1;
      CPU_HWP_DYN_BOOST_ON_BAT = 1;
      #Optional helps save long term battery health
      #START_CHARGE_THRESH_BAT0 = 40; # 40 and bellow it starts to charge
      #STOP_CHARGE_THRESH_BAT0 = 80; # 80 and above it stops charging
    };
  };
  services.xserver = {
    enable = true;
    videoDrivers = [ "modesetting" ];
    displayManager = {
      gdm.enable = true;
      autoLogin = {
        enable = false;
        user = "delta";
      };
    };
    desktopManager.gnome.enable = true;
    layout = "us";
    xkbVariant = "";
    excludePackages = [ pkgs.xterm ];
  };
  services.gnome = {
    gnome-browser-connector.enable = false;
    gnome-initial-setup.enable = false;
    gnome-online-accounts.enable = false;
  };
  services.flatpak.enable = true;
  services.printing.enable = true;
  services.pipewire = {
    enable = true;
    wireplumber.enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };
  sound = {
    enable = true;
    extraConfig = "\n";
  };
  hardware.pulseaudio.enable = false;
  services.tailscale.enable = true;
  services.syncthing.enable = true;
  services.blueman.enable = true;
  services.tumbler.enable = true;
  services.gvfs.enable = true;
  services.udev.packages = [ 
    pkgs.gnome.gnome-settings-daemon
    pkgs.android-udev-rules
    pkgs.yubikey-personalization
    ];
  #services.udev.extraRules = ''
  #  #yubikey autostart
  #  ENV{ID_VENDOR}=="Yubico", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0010|0111|0112|0113|0114|0115|0116|0401|0402|0403|0404|0405|0406|0407|0410", SYMLINK+="yubikey", TAG+="systemd"
  #'';
  #systemd.user.services.yubioath = {
  #  enable = true;
  #  description = "Autostart Yubico Authenticator";
  #  after = [ "dev-yubikey.device" ];
  #  unitConfig = {
  #    StopPropagatedFrom="dev-yubikey.device"; #comment to not close app after yubi remove
  #  };
  #  serviceConfig = {
  #    Type = "oneshot";
  #  };
  #  
  #  script = "${pkgs.yubioath-flutter}/bin/yubioath-flutter";
  #};
  programs.thunar.enable = true;
  programs.firejail.enable = true;
  programs.hyprland.enable = true;
  programs.xfconf.enable = true;
  programs.dconf.enable = true;
  programs.virt-manager.enable = true;
  programs.steam.enable = true;
  programs.gamemode.enable = true;
  programs.thunar.plugins = with pkgs.xfce; [
    thunar-archive-plugin
    thunar-volman
  ];
  xdg.portal.extraPortals = with pkgs; [ xdg-desktop-portal-hyprland ];
  environment = {
    gnome.excludePackages = [
      #pkgs.gnome-connections
      #pkgs.gnome-console
      pkgs.gnome-text-editor
      pkgs.gnome-tour
      #pkgs.gnome.adwaita-icon-theme
      pkgs.gnome.epiphany # browser
      #pkgs.gnome.evince # pdf + office files
      #pkgs.gnome.file-roller #archive explorer
      pkgs.gnome.geary
      pkgs.gnome.gnome-backgrounds
      pkgs.gnome.gnome-calendar
      pkgs.gnome.gnome-characters
      pkgs.gnome.gnome-clocks
      pkgs.gnome.gnome-contacts
      pkgs.gnome.gnome-font-viewer
      pkgs.gnome.gnome-logs
      pkgs.gnome.gnome-maps
      pkgs.gnome.gnome-music
      #pkgs.gnome.gnome-themes-extra
      pkgs.gnome.gnome-weather
      #pkgs.gnome.nautilus
      pkgs.gnome.simple-scan
      pkgs.gnome.sushi
      pkgs.gnome.totem
      pkgs.gnome.yelp
      pkgs.orca
    ];
  };
  virtualisation = {
    podman = {
      enable = true;
      dockerCompat = true;
    };
    spiceUSBRedirection.enable = true;
    libvirtd.enable = true;
  };
  environment.systemPackages = with pkgs; [
    gnomeExtensions.appindicator
    gnomeExtensions.activate-window-by-title
    gnomeExtensions.unite
    gnomeExtensions.tailscale-qs
    gnomeExtensions.gsconnect
    gnomeExtensions.clipboard-indicator
    gnomeExtensions.tiling-assistant
    #gnomeExtensions.wintile-windows-10-window-tiling-for-gnome
    gnomeExtensions.cloudflare-warp-toggle
    gnome.gnome-tweaks
    mojave-gtk-theme
    adw-gtk3
    any-nix-shell
    openconnect
    oath-toolkit
    expect
    ffmpegthumbnailer
    webp-pixbuf-loader
    freetype
    poppler
    f3d
    nufraw-thumbnailer
    android-tools
    firefox
    #firefox_nightly
    #inputs.anyrun.packages.${pkgs.system}.anyrun
    inputs.telegram-desktop-patched.packages.${pkgs.system}.default
    # inputs.ragenix.packages.x86_64-linux.default
    sops
    yubikey-manager-qt
    yubico-piv-tool
    yubioath-flutter
    yubikey-personalization
    yubikey-personalization-gui
    (pkgs.writeScriptBin "warp-cli" "${pkgs.cloudflare-warp}/bin/warp-cli $@")
    age-plugin-yubikey
  ];
  services.pcscd.enable = true;
  #users.users.socks = {
  #  group = "socks";
  #  isSystemUser = true;
  #};
  #users.groups.socks = { };
  #systemd.services.singbox-aus = {
  #  enable = true;
  #  description = "avoid censorship";
  #  wantedBy = [ "multi-user.target" ];
  #  serviceConfig = {
  #    Restart = "on-failure";
  #    RestartSec = "15";
  #    User = "socks";
  #    Group = "socks";
  #  };
  #  script = "sing-box run -c /run/secrets/singbox-aus";
  #  path = with unstable; [
  #    shadowsocks-libev
  #    shadowsocks-v2ray-plugin
  #    sing-box
  #  ];
  #};
  systemd.services.cloudflare-warp = {
    enable = true;
    description = "cloudflare warp service";
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      Restart = "on-failure";
      RestartSec = "15";
    };
    script = "${pkgs.cloudflare-warp}/bin/warp-svc";
    postStart = ''
      while true; do
        set -e
        status=$(${pkgs.cloudflare-warp}/bin/warp-cli status || true)
        set +e
        if [[ "$status" != *"Unable to connect to CloudflareWARP daemon"* ]]; then
          ${pkgs.cloudflare-warp}/bin/warp-cli set-custom-endpoint 162.159.193.1:2408
          exit 0
        fi
        sleep 15
      done
    '';
  };
  #config.services.openssh.hostKeys = [ "/home/delta/.ssh/id_ed25519" ];
  systemd.services.NetworkManager-wait-online.enable = false;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.11"; # Did you read the comment?
 }
--- a/hosts/dlaptop/hardware-configuration.nix
+++ b/hosts/dlaptop/hardware-configuration.nix
@ -1,80 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { unstable, config, lib, pkgs, modulesPath, ... }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  hardware.firmware = [
    (pkgs.runCommandNoCC "subwoofer" { } ''
      mkdir -p $out/lib/firmware/
      cp ${../../firmware/TAS2XXX38BB.bin} $out/lib/firmware/TAS2XXX38BB.bin
      cp ${../../firmware/TIAS2781RCA4.bin} $out/lib/firmware/TIAS2781RCA4.bin
    '')
  ];
  boot.loader.systemd-boot.enable = true;
  boot.loader.systemd-boot.extraInstallCommands = ''
    patch_slim7_ssdt=$(
      ${pkgs.coreutils}/bin/cp -f ${
        ../../firmware/slim7-ssdt
      } /boot/EFI/nixos/slim7-ssdt
      for file in /boot/loader/entries/nixos-generation-*.conf; do
        ${pkgs.gnused}/bin/sed -i '0,/^initrd\s/{s/^initrd\s/initrd \/efi\/nixos\/slim7-ssdt\n&/}' "$file"
      done
    )
  '';
  boot.kernelParams = [
    "rtc_cmos.use_acpi_alarm=1"
    "ideapad_laptop.allow_v4_dytc=1"
    "amd_pstate=active"
    "initcall_blacklist=acpi_cpufreq_init"
    "nowatchdog"
    "amd_pstate.shared_mem=1"
  ];
  boot.kernelModules = [ "amd-pstate" "acpi_call" "amdgpu" "kvm-amd" ];
  boot.loader.efi.canTouchEfiVariables = true;
  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelPackages = unstable.linuxPackages_zen;
  boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call cpupower ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/6b2d5c46-92de-42d0-a272-16b7ef7f30af";
    fsType = "ext4";
  };
  boot.initrd.luks.devices."luks-db81e97a-eb4b-43c5-b128-ef838495fc9a".device =
    "/dev/disk/by-uuid/db81e97a-eb4b-43c5-b128-ef838495fc9a";
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/6770-34DC";
    fsType = "vfat";
  };
  swapDevices = [{
    device = "/var/lib/swapfile";
    size = 32 * 1024;
  }];
  hardware.opengl = {
    enable = true;
    driSupport = true;
    driSupport32Bit = true;
    #extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl amdvlk ];
    #extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ];
  };
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode =
    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/dlaptop/hardware.nix
+++ b/hosts/dlaptop/hardware.nix
@ -0,0 +1,95 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { unstable, config, lib, pkgs, modulesPath, self, ... }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot.initrd.prepend = lib.mkOrder 0 [ "${pkgs.fetchurl {
    url = "https://gitlab.freedesktop.org/drm/amd/uploads/9fe228c7aa403b78c61fb1e29b3b35e3/slim7-ssdt";
    sha256 = "sha256-Ef4QTxdjt33OJEPLAPEChvvSIXx3Wd/10RGvLfG5JUs=";
    name = "slim7-ssdt";
  }}" ];
  hardware.firmware = [
    (pkgs.runCommandNoCC "subwoofer" { } ''
      mkdir -p $out/lib/firmware/
      cp ${pkgs.fetchurl {
        url = "https://raw.githubusercontent.com/darinpp/yoga-slim-7/main/lib/firmware/TAS2XXX38BB.bin";
        sha256 = "sha256-qyZxBlnWEnrgbh0crgFf//pKZMTtCqh+CkA+pUNU/+E=";
        name = "TAS2XXX38BB.bin";
      }} $out/lib/firmware/TAS2XXX38BB.bin
      cp ${pkgs.fetchurl {
        url = "https://raw.githubusercontent.com/darinpp/yoga-slim-7/main/lib/firmware/TIAS2781RCA4.bin";
        sha256 = "sha256-Zj7mwS8DsBinZ8BYvcySc753Aq/xid7vAeQOH/oir6Q=";
        name = "TIAS2781RCA4.bin";
      }} $out/lib/firmware/TIAS2781RCA4.bin
    '')
  ];
  boot.loader.systemd-boot.enable = true;
  boot.kernelParams = [
    "rtc_cmos.use_acpi_alarm=1"
    "ideapad_laptop.allow_v4_dytc=1"
    "amd_pstate=active"
    "initcall_blacklist=acpi_cpufreq_init"
    "nowatchdog"
    "amd_pstate.shared_mem=1"
  ];
  boot.kernelModules = [ "amd-pstate" "acpi_call" "amdgpu" "kvm-amd" "vfat" "nls_cp437" "nls_iso8859-1" ];
  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" "vfat" "nls_cp437" "nls_iso8859-1" ];
  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.efi.efiSysMountPoint = "/boot";
  boot.initrd.kernelModules = [ ];
  boot.kernelPackages = unstable.linuxPackages_zen;
  boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call cpupower ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/6b2d5c46-92de-42d0-a272-16b7ef7f30af";
    fsType = "ext4";
  };
  boot.initrd.luks = {
    yubikeySupport = true;
    devices."cryptroot" = {
      device = "/dev/nvme0n1p2";
      yubikey = {
        slot = 2;
        gracePeriod = 7;
        keyLength = 64;
        saltLength = 16;
        twoFactor = false;
        storage = {
          device = "/dev/nvme0n1p1";
          fsType = "vfat";
          path = "/crypt-storage/default";
        };
      };
    };
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/6770-34DC";
    fsType = "vfat";
  };
  swapDevices = [{
    device = "/var/lib/swapfile";
    size = 32 * 1024;
  }];
  hardware.opengl = {
    enable = true;
    driSupport = true;
    driSupport32Bit = true;
    extraPackages = [ pkgs.amdvlk ];
    extraPackages32 = [ pkgs.driversi686Linux.amdvlk ];
  };
  networking.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/dlaptop/services.nix
+++ b/hosts/dlaptop/services.nix
@ -0,0 +1,61 @@
 { pkgs, lib, ... }:
 {
  users.users.delta.packages = [
    (pkgs.writeScriptBin "warp-cli" "${pkgs.cloudflare-warp}/bin/warp-cli $@")
  ];
  systemd.services.cloudflare-warp = {
    enable = true;
    description = "cloudflare warp service";
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      Restart = "on-failure";
      RestartSec = "15";
    };
    script = "${pkgs.cloudflare-warp}/bin/warp-svc";
    postStart = ''
      while true; do
        set -e
        status=$(${pkgs.cloudflare-warp}/bin/warp-cli status || true)
        set +e
        if [[ "$status" != *"Unable to connect to CloudflareWARP daemon"* ]]; then
          ${pkgs.cloudflare-warp}/bin/warp-cli set-custom-endpoint 162.159.193.1:2408
          exit 0
        fi
        sleep 15
      done
    '';
  };
  users.groups.cloudflared = { };
  users.users.cloudflared = {
    group = "cloudflared";
    isSystemUser = true;
  };
  services.cloudflared.enable = false;
  services.cloudflared.tunnels = {
    "dlaptop" = {
      default = "http_status:404";
      credentialsFile = "/run/secrets/cloudflared";
    };
  };
  services.tailscale.enable = true;
  services.syncthing.enable = true;
  services.blueman.enable = true;
  services.tumbler.enable = true;
  services.gvfs.enable = true;
  services.flatpak.enable = true;
  services.printing.enable = true;
  services.pcscd.enable = true;
  services.udev.packages = [ 
    pkgs.gnome.gnome-settings-daemon
    pkgs.android-udev-rules
    pkgs.yubikey-personalization
  ];
  systemd.services.cloudflared-tunnel-dlaptop.serviceConfig.Restart = lib.mkForce "on-failure";
  systemd.services.cloudflared-tunnel-dlaptop.serviceConfig.RestartSec = lib.mkForce 60;
 }
--- a/hosts/dlaptop/system.nix
+++ b/hosts/dlaptop/system.nix
@ -0,0 +1,162 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { pkgs, lib, inputs, self, homeSettings, ... }:
 {
  imports = [
    ./hardware.nix
    ./services.nix
    ./xorg.nix
    "${self}/apps/apps.nix"
    "${self}/apps/socks.nix"
    "${self}/apps/scripts.nix"
    "${self}/apps/work.nix"
    inputs.secrets.nixosModules.dlaptop
    inputs.home-manager.nixosModules.home-manager homeSettings
  ];
  time.timeZone = "Europe/Moscow";
  i18n.defaultLocale = "en_GB.UTF-8";
  networking = {
    hostName = "dlaptop";
    nameservers = [ "100.92.15.128" "fd7a:115c:a1e0::b21c:f80" ];
    networkmanager.dns = "none"; 
    networkmanager.enable = true;
    useDHCP = lib.mkDefault true;
    interfaces.wlp1s0.proxyARP = true;
    iproute2.enable = true;
    firewall = {
      enable = true;
      allowedTCPPorts = [
        # qbittorrent
        4780 
        # audiorelay
        59100
        # localsend
        53317
        #syncthing
        22000
      ];
      allowedUDPPorts = [
        # audiorelay
        59100
        59200
        # localsend
        53317
        #syncthing
        22000
        21027
      ];
      allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; # kde connect
      allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
      checkReversePath = "loose";
    };
  };
  systemd.services.NetworkManager-wait-online.enable = false;
  programs.captive-browser = {
    browser = ''firejail --ignore="include whitelist-run-common.inc" --private --profile=chromium ${pkgs.bash}/bin/bash -c '${pkgs.coreutils}/bin/env XDG_CONFIG_HOME="$PREV_CONFIG_HOME" ${pkgs.chromium}/bin/chromium --user-data-dir=''${XDG_DATA_HOME:-$HOME/.local/share}/chromium-captive --proxy-server="socks5://$PROXY" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost" --no-first-run --new-window --incognito -no-default-browser-check http://cache.nixos.org/' '';
    interface = "wlp1s0";
    enable = true;
  };
  security = {
    sudo.wheelNeedsPassword = false;
    pam.loginLimits = [{ #needed for swaylock
      domain = "@users";
      item = "rtprio";
      type = "-";
      value = 1;
    }];
    pam.services.swaylock = { };
  };
  powerManagement.enable = true;
  services.power-profiles-daemon.enable = false;
  services.tlp = {
    enable = true;
    settings = {
      CPU_SCALING_GOVERNOR_ON_AC = "powersave";
      CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
      CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
      CPU_ENERGY_PERF_POLICY_ON_AC = "balance_performance";
      CPU_SCALING_MAX_FREQ_ON_AC = 6600000;
      CPU_SCALING_MAX_FREQ_ON_BAT = 1600000;
      PLATFORM_PROFILE_ON_AC = "balanced";
      PLATFORM_PROFILE_ON_BAT = "low-power";
      #Trubo boost control
      CPU_BOOST_ON_AC = 1;
      CPU_BOOST_ON_BAT = 1;
      CPU_HWP_DYN_BOOST_ON_AC = 1;
      CPU_HWP_DYN_BOOST_ON_BAT = 1;
      #Optional helps save long term battery health
      #START_CHARGE_THRESH_BAT0 = 40; # 40 and bellow it starts to charge
      #STOP_CHARGE_THRESH_BAT0 = 80; # 80 and above it stops charging
    };
  };
  services.pipewire = {
    enable = true;
    wireplumber.enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  virtualisation = {
    podman = {
      enable = true;
      dockerCompat = true;
    };
    spiceUSBRedirection.enable = true;
    libvirtd.enable = true;
  };
  environment.systemPackages = with pkgs; [
    openvpn
    any-nix-shell
    #work scripts
    openconnect
    oath-toolkit
    expect
    # Thunar stuff
    ffmpegthumbnailer
    webp-pixbuf-loader
    freetype
    poppler
    f3d
    nufraw-thumbnail
    android-tools
    firefox
    tor-browser
    #inputs.anyrun.packages.${pkgs.system}.anyrun
    sops
    yubikey-manager-qt
    yubico-piv-tool
    yubioath-flutter
    yubikey-personalization
    yubikey-personalization-gui
    age-plugin-yubikey
    lua5_4
    nodejs_21
  ];
  system.stateVersion = "23.11"; # Don't forget the comment
 }
--- a/hosts/dlaptop/xorg.nix
+++ b/hosts/dlaptop/xorg.nix
@ -0,0 +1,34 @@
 { lib, pkgs, self, ... }:
 {
  imports = [
    "${self}/apps/gnome.nix"
  ];
  programs.hyprland.enable = true;
  xdg.portal.extraPortals = with pkgs; [ xdg-desktop-portal-hyprland ];
  environment.sessionVariables = {
    QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
    QT_QPA_PLATFORM = "wayland";
    STEAM_FORCE_DESKTOPUI_SCALING = "1";
    NIXOS_OZONE_WL = "1";
    XCURSOR_SIZE = "16";
  };
  services.xserver = {
    enable = true;
    videoDrivers = [ "modesetting" ];
    displayManager = {
      gdm.enable = true;
      autoLogin = {
        enable = false;
        user = "delta";
      };
    };
    desktopManager.gnome.enable = true;
    xkb.layout = "us";
    xkb.variant = "";
    excludePackages = [ pkgs.xterm ];
  };
 }
--- a/hosts/generic.nix
+++ b/hosts/generic.nix
@ -57,10 +57,11 @@ in {
    fishPlugins.grc
    fishPlugins.autopair
    fishPlugins.z
-    #fishPlugins.tide
+    fishPlugins.tide
    #fishPlugins.hydro
    fishPlugins.fzf-fish
    fishPlugins.sponge
    #fishPlugins.async-prompt
    fd
    fzf
    grc
    unstable.nh
@ -68,6 +69,7 @@ in {
    dnsutils
    inetutils
    killall
    (pkgs.writeScriptBin "reboot" ''read -p "Do you REALLY want to reboot? (y/N) " answer; [[ $answer == [Yy]* ]] && ${pkgs.systemd}/bin/reboot'')
  ];
  programs.command-not-found.enable = false;
@ -83,9 +85,21 @@ in {
      set fish_greeting
      #${pkgs.any-nix-shell}/bin/any-nix-shell fish --info-right | source
      any-nix-shell fish --info-right | source 
      tide configure --auto --style=Lean --prompt_colors='16 colors' --show_time=No --lean_prompt_height='Two lines' --prompt_connection=Disconnected --prompt_spacing=Compact --icons='Few icons' --transient=No
    '';
  };
-  users.defaultUserShell = pkgs.fish;
+ 
  programs.tmux.enable = true;
  programs.direnv.enable = true;
  programs.firejail.enable = true;
  security.wrappers = {
    firejail = {
      source = "${pkgs.firejail.out}/bin/firejail";
    };
  };
  users.defaultUserShell = pkgs.fish;
  security.rtkit.enable = true;
  boot.tmp.cleanOnBoot = true;
 }
--- a/hosts/huanan/configuration.nix
+++ b/hosts/huanan/configuration.nix
@ -1,152 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { inputs, unstable, config, pkgs, ... }:
 {
  security = {
    sudo.wheelNeedsPassword = false;
    wrappers = {
      firejail = { 
        source = "${pkgs.firejail.out}/bin/firejail"; 
      };
    };
    pam.loginLimits = [{
      domain = "@users";
      item = "rtprio";
      type = "-";
      value = 1;
    }];
    #pam.services.swaylock = { };
    rtkit.enable = true;
  };
  programs.thunar.enable = true;
  programs.firejail.enable = true;
  programs.hyprland.enable = true;
  programs.xfconf.enable = true;
  programs.dconf.enable = true;
  programs.virt-manager.enable = true;
  programs.steam.enable = true;
  programs.gamemode.enable = true;
  programs.thunar.plugins = with pkgs.xfce; [
    thunar-archive-plugin
    thunar-volman
  ];
  xdg.portal.extraPortals = with pkgs; [ xdg-desktop-portal-hyprland ];
  services.xserver.videoDrivers = ["nvidia"]; 
  hardware.nvidia = {
    modesetting.enable = true;
    powerManagement.enable = false;
    open = false;
    nvidiaSettings = true;
  };
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/nvme0n1";
  boot.loader.grub.useOSProber = true;
  networking.hostName = "huanan";
  networking.networkmanager.enable = true;
  time.timeZone = "Europe/Moscow";
  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ALL = "en_US.UTF-8";
  };
  services.xserver.enable = true;
  services.xserver.displayManager.gdm.enable = true;
  services.xserver.desktopManager.gnome.enable = true;
  services.xserver.displayManager.gdm.wayland = false;
  services.xserver = {
    layout = "us";
    xkbVariant = "";
  };
  services.printing.enable = true;
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };
  environment.systemPackages = with pkgs; [
    gnomeExtensions.appindicator
    gnomeExtensions.activate-window-by-title
    gnomeExtensions.unite
    gnomeExtensions.tailscale-qs
    gnomeExtensions.gsconnect
    gnomeExtensions.clipboard-indicator
    gnomeExtensions.tiling-assistant
    #gnomeExtensions.wintile-windows-10-window-tiling-for-gnome
    gnomeExtensions.advanced-alttab-window-switcher
    gnome.gnome-tweaks
    mojave-gtk-theme
    adw-gtk3
    any-nix-shell
    openconnect
    oath-toolkit
    expect
    ffmpegthumbnailer
    webp-pixbuf-loader
    freetype
    poppler
    f3d
    nufraw-thumbnailer
    curl
    inputs.telegram-desktop-patched.packages.${pkgs.system}.default
  ];
  environment = {
    gnome.excludePackages = [
      #pkgs.gnome-connections
      #pkgs.gnome-console
      pkgs.gnome-text-editor
      pkgs.gnome-tour
      #pkgs.gnome.adwaita-icon-theme
      pkgs.gnome.epiphany # browser
      #pkgs.gnome.evince # pdf + office files
      #pkgs.gnome.file-roller #archive explorer
      pkgs.gnome.geary
      pkgs.gnome.gnome-backgrounds
      pkgs.gnome.gnome-calendar
      pkgs.gnome.gnome-characters
      pkgs.gnome.gnome-clocks
      pkgs.gnome.gnome-contacts
      pkgs.gnome.gnome-font-viewer
      pkgs.gnome.gnome-logs
      pkgs.gnome.gnome-maps
      pkgs.gnome.gnome-music
      #pkgs.gnome.gnome-themes-extra
      pkgs.gnome.gnome-weather
      #pkgs.gnome.nautilus
      pkgs.gnome.simple-scan
      pkgs.gnome.sushi
      pkgs.gnome.totem
      pkgs.gnome.yelp
      pkgs.orca
    ];
  };
  virtualisation = {
    podman = {
      enable = true;
      dockerCompat = true;
    };
    spiceUSBRedirection.enable = true;
    libvirtd.enable = true;
  };
  services.openssh.enable = true;
  networking.firewall.enable = false;
  system.stateVersion = "23.11"; # Did you read the comment?
 }
--- a/hosts/huanan/hardware-configuration.nix
+++ b/hosts/huanan/hardware-configuration.nix
@ -12,7 +12,10 @@
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
-  boot.kernelPackages = unstable.linuxPackages_zen;
+  boot.kernelPackages = pkgs.linuxPackages_zen;
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/nvme0n1";
  boot.loader.grub.useOSProber = true;
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/63db5f65-03bf-455e-ad82-36307c29df79";
--- a/hosts/huanan/system.nix
+++ b/hosts/huanan/system.nix
@ -0,0 +1,53 @@
 { lib, pkgs, inputs, self, ... }:
 {
  imports = [ 
    ./hardware.nix
    "${self}/apps/gnome.nix"
    "${self}/apps/apps.nix"
    inputs.home-manager.nixosModules.home-manager
  ];
  time.timeZone = "Europe/Moscow";
  i18n.defaultLocale = "en_GB.UTF-8";
  services.xserver = {
    enable = true;
    videoDrivers = [ "nvidia" ];
    displayManager = {
      gdm = {
        enable = true;
        wayland = false;
      };
    };
    desktopManager.gnome.enable = true;
    xkb.layout = "us";
    xkb.variant = "";
    excludePackages = [ pkgs.xterm ];
  };
  hardware.nvidia = {
    modesetting.enable = true;
    powerManagement.enable = false;
    open = false;
    nvidiaSettings = true;
  };
  networking = {
    hostName = "huanan";
    networkmanager.enable = true;
    firewall.enable = false;
  };
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };
  services.openssh.enable = true;
  system.stateVersion = "23.11"; # Did you read the comment?
 }
--- a/hosts/intelnuc/hardware-configuration.nix
+++ b/hosts/intelnuc/hardware-configuration.nix
--- a/hosts/intelnuc/configuration.nix
+++ b/hosts/intelnuc/configuration.nix
@ -1,6 +1,11 @@
 { config, pkgs, inputs,... }:
 {
  imports = [
    ./hardware.nix
    inputs.secrets.nixosModules.intelnuc
  ];
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";
  boot.loader.grub.useOSProber = true;