big refactor

2025-12-06 07:16:37 +03:00 · 2024-03-23 05:50:22 +03:00 · 2024-03-23 05:50:22 +03:00 · 4fc15d34f1
parent 46793e991d
commit 4fc15d34f1
26 changed files with 988 additions and 1050 deletions
--- a/hosts/dlaptop/apps.nix
+++ b/hosts/dlaptop/apps.nix
@ -1,4 +1,4 @@
-{ pkgs, lib, inputs, stable, ... }:
+{ pkgs, lib, inputs, stable, self, ... }:
 let
  lock-false = {
    Value = false;
@ -9,14 +9,13 @@ let
    Status = "locked";
  };
 in {
  users.users.delta.packages = (with pkgs; [
    git
    chromium
    wl-clipboard
    wl-clipboard-x11
-    (callPackage ../../derivations/audiorelay.nix { })
+    (callPackage "${self}/derivations/audiorelay.nix" { })
-    (callPackage ../../derivations/spotify.nix { })
+    (callPackage "${self}/derivations/spotify.nix" { })
    #(callPackage ../derivations/nu_plugin_dns.nix { })
    xorg.xwininfo
    jq
@ -44,7 +43,9 @@ in {
    vesktop
    localsend
    trayscale
-    # inputs.firefox.packages.${pkgs.system}.firefox-bin
+    fishPlugins.done
    monero-gui
    inputs.telegram-desktop-patched.packages.${pkgs.system}.default
  ]);
  programs.firefox = {
@ -115,4 +116,14 @@ in {
        ];
    };
  };
  programs.thunar.enable = true;
  programs.xfconf.enable = true;
  programs.virt-manager.enable = true;
  programs.steam.enable = true;
  programs.gamemode.enable = true;
  programs.thunar.plugins = with pkgs.xfce; [
    thunar-archive-plugin
    thunar-volman
  ];
 }
--- a/apps/gnome.nix
+++ b/apps/gnome.nix
@ -0,0 +1,189 @@
 { pkgs, lib, inputs, ... }: with lib.gvariant;
 let
 #  wallpaper = pkgs.stdenv.mkDerivation {
 #    name = "wallpaper";
 #    phases = [ "installPhase" ];
 #    installPhase = ''
 #      mkdir -p $out/share/backgrounds
 #      cp ${../wallpaper.png} $out/share/backgrounds/wallpaper.png
 #    '';
 #  };
 in 
 {
  #imports = [
  #  inputs.home-manager.nixosModules.home-manager
  #];
  nixpkgs.overlays = [
    (final: prev: {
      gnome = prev.gnome.overrideScope' (gnomeFinal: gnomePrev: {
        mutter = gnomePrev.mutter.overrideAttrs (old: {
          src = pkgs.fetchgit {
            url = "https://gitlab.gnome.org/vanvugt/mutter.git";
            # GNOME 45: triple-buffering-v4-45
            rev = "0b896518b2028d9c4d6ea44806d093fd33793689";
            sha256 = "sha256-mzNy5GPlB2qkI2KEAErJQzO//uo8yO0kPQUwvGDwR4w=";
          };
        });
      });
    })
  ];
  programs.dconf.enable = true;
  programs.dconf.profiles.user.databases = [
    { 
      settings = {
        "org/gnome/mutter" = {
          experimental-features = [ "scale-monitor-framebuffer" ];
        };
        "org/gnome/settings-daemon/plugins/media-keys" = {
          custom-keybindings = [
            "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
            "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
          ];
        };
        "org/gnome/shell/keybindings" = {
          show-screenshot-ui = [ "<Shift><Super>s" ];
        };
        "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
          binding = "<Alt>Return";
          command = "/etc/profiles/per-user/delta/bin/kitty_wrapped";
          name = "kitty";
        };
        "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
          binding = "<Control><Alt>x";
          command = "/etc/profiles/per-user/delta/bin/keepassxc";
          name = "keepassxc";
        };
        "org/gnome/desktop/sound" = {
          allow-volume-above-100-percent = true;
        };
        "org/gnome/desktop/wm/keybindings" = {
          # close = mkEmptyArray (type.string);
          # switch-input-source = [ "<Shift>Alt_L" ];
          # switch-input-source-backward = [ "<Alt>Shift_L" ];
        };
        "org/gnome/desktop/interface" = {
          icon-theme = "Papirus-Dark";
          color-scheme = "prefer-dark";
          gtk-theme = "adw-gtk3-dark";
        };
        "org/gnome/shell" = {
          favorite-apps = [
            "firefox.desktop" 
            "vesktop.desktop"
            "org.telegram.desktop.desktop" 
            "spotify.desktop" 
            "kitty.desktop" 
            "org.gnome.Nautilus.desktop"
          ];
          disable-user-extensions = false;
          enabled-extensions = [
            "activate-window-by-title@lucaswerkmeister.de" 
            "appindicatorsupport@rgcjonas.gmail.com" 
            "clipboard-indicator@tudmotu.com" 
            "gsconnect@andyholmes.github.io"
            "tailscale@joaophi.github.com"
            "unite@hardpixel.eu" 
            "user-theme@gnome-shell-extensions.gcampax.github.com"
            "pip-on-top@rafostar.github.com"
            "cloudflare-warp-toggle@khaled.is-a.dev"
          ];
        };
        "org/gnome/desktop/input-sources" = {
          mru-sources = [ (mkTuple [ "xkb" "us" ]) ];
          sources = [ (mkTuple [ "xkb" "us" ]) (mkTuple [ "xkb" "ru" ]) ];
          xkb-options = [ "terminate:ctrl_alt_bksp" "lv3:switch" "compose:ralt" ];
        };
        "org/gnome/desktop/screensaver" = {
          lock-enabled = true;
        };
        "org/gnome/desktop/notifications" = {
          show-in-lock-screen = false;
        };
        "org/gnome/desktop/session" = {
          idle-delay = mkUint32 0;
        };
        "org/gnome/shell/extensions/unite" = {
          enable-titlebar-actions = true; 
          extend-left-box = false;
          hide-activities-button = "never";
          hide-app-menu-icon = false;
          notifications-position = "center";
          reduce-panel-spacing = true;
          restrict-to-primary-screen = false;
          show-appmenu-button = true;
          show-desktop-name = false;
          show-legacy-tray = false;
          show-window-buttons = "never";
          show-window-title = "never";
        };
        #"org/gnome/shell/extensions/user-theme" = {
        #  name = "Mojave-Dark-solid-alt";
        #};
        "org/gnome/shell/weather" = {
          automatic-location = true;
        };
        #"org/gnome/desktop/background" = {
        #  picture-uri = "file:///run/current-system/sw/share/backgrounds/wallpaper.png";
        #  picture-uri-dark = "file:///run/current-system/sw/share/backgrounds/wallpaper.png";
        #};
        "org/gnome/desktop/peripherals/touchpad" = {
          tap-to-click = true;
        };
        "org/gnome/settings-daemon/plugins/power" = {
          sleep-inactive-ac-type = "nothing";
        };
        "org/gnome/settings-daemon/plugins/power" = {
          sleep-inactive-battery-timeout = mkUint32 300;
        };
      };
    }
  ];
  environment.systemPackages = with pkgs; [
    gnomeExtensions.appindicator
    gnomeExtensions.activate-window-by-title
    gnomeExtensions.unite
    gnomeExtensions.tailscale-qs
    gnomeExtensions.gsconnect
    gnomeExtensions.clipboard-indicator
    gnomeExtensions.pip-on-top
    gnomeExtensions.cloudflare-warp-toggle
    gnomeExtensions.tiling-assistant
    gnome.gnome-tweaks
    mojave-gtk-theme
    adw-gtk3
    papirus-icon-theme
    #wallpaper
  ];
  environment.gnome.excludePackages = with pkgs.gnome; [
    pkgs.gnome-text-editor
    pkgs.gnome-tour
    pkgs.orca
    epiphany
    geary
    gnome-backgrounds
    gnome-calendar
    gnome-characters
    gnome-clocks
    gnome-contacts
    gnome-font-viewer
    gnome-logs
    gnome-maps
    gnome-music
    gnome-weather
    simple-scan
    sushi
    totem
    yelp
  ];
  services.gnome = {
    gnome-browser-connector.enable = false;
    gnome-initial-setup.enable = false;
    gnome-online-accounts.enable = false;
  };
 }
--- a/hosts/dlaptop/scripts.nix
+++ b/hosts/dlaptop/scripts.nix
@ -76,6 +76,7 @@ let
  keepassxc = pkgs.writeScriptBin "keepassxc" ''
    #!/usr/bin/env bash
    ${pkgs.coreutils}/bin/base64 -d ${config.sops.secrets.qqq.path} | ${pkgs.keepassxc}/bin/keepassxc --pw-stdin ~/Dropbox/pswd.kdbx
    ${pkgs.glib}/bin/gdbus call --session --dest org.gnome.Shell --object-path /de/lucaswerkmeister/ActivateWindowByTitle --method de.lucaswerkmeister.ActivateWindowByTitle.activateByWmClass 'org.keepassxc.KeePassXC'
  '';
  keepassxcDesktopItem = pkgs.makeDesktopItem {
@ -103,6 +104,7 @@ let
    ${pkgs.coreutils}/bin/sleep 5
    ${pkgs.gtk3}/bin/gtk-launch dropbox.desktop
    ${pkgs.gtk3}/bin/gtk-launch org.keepassxc.KeePassXC.desktop
    gsettings set org.gnome.desktop.interface cursor-size 16
    exit 0
  '';
@ -113,14 +115,24 @@ let
    exec = "/etc/profiles/per-user/delta/bin/autostart";
    type = "Application";
  };
  firefoxRussia = pkgs.writeScriptBin "firefox-russia" ''
    #!/usr/bin/env bash
    firejail --blacklist="/var/run/nscd" --ignore="include whitelist-run-common.inc" --net=$(${pkgs.iproute2}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5}') --dns=77.88.8.1 firefox --class firefox-russia --name firefox-russia -P russia -no-remote
  '';
  firefoxRussiaDesktopItem = pkgs.makeDesktopItem {
    name = "firefox-russia";
    desktopName = "Firefox Russia";
    icon = "firefox-developer-edition";
    exec = "firefox-russia";
  };
 in {
-  users.users.delta.packages = with pkgs; [
+  users.users.delta.packages = [
    ephemeralbrowser
    ephemeralbrowserDesktopItem
    keepassxc
    keepassxcDesktopItem
    kitty_wrapped
-    autostart
+    ephemeralbrowser  ephemeralbrowserDesktopItem
-    autostartDesktopItem
+    keepassxc         keepassxcDesktopItem
    autostart         autostartDesktopItem
    firefoxRussia     firefoxRussiaDesktopItem
  ];
 }
--- a/hosts/dlaptop/socks.nix
+++ b/hosts/dlaptop/socks.nix
@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, inputs, ... }:
 let
  socksBuilder = attrs:
    {
@ -22,46 +22,57 @@ let
        script = attrs.script;
        preStart = "while true; do ip addr show dev novpn1 | grep -q 'inet' && break; sleep 1; done";
-        path = with pkgs; [shadowsocks-libev shadowsocks-v2ray-plugin sing-box wireproxy iproute2 ];
+        path = with pkgs; [ shadowsocks-libev shadowsocks-v2ray-plugin sing-box wireproxy iproute2 ];
      };
    };
-  # IP of the proxies is 192.168.150.2
+ # IP of the proxies is 192.168.150.2
  socksed = [
    { name = "singbox-aus"; script = "sing-box run -c /run/secrets/singbox-aus";   } # port 4000
-    #{ name = "socks-warp"; script = "wireproxy -c /etc/wireguard/warp0.conf";     } # port 3333
+    { name = "socks-warp"; script = "wireproxy -c /etc/wireguard/warp0.conf";     } # port 3333
  ];
  delete_rules = pkgs.writeScriptBin "delete_rules" ''
    #!${pkgs.bash}/bin/bash
    default_gateway=$(cat /etc/netns/novpn/default_gateway)
    default_interface=$(cat /etc/netns/novpn/default_interface)
    ip rule del fwmark 150 table 150
    ip rule del from 192.168.150.2 table 150
    ip rule del to 192.168.150.2 table 150
    ip route del default via $default_gateway dev $default_interface table 150
    ip route del 192.168.150.2 via 192.168.150.1 dev novpn0 table 150
    iptables -t nat -D POSTROUTING -o "$default_interface" -j MASQUERADE
  '';
  start_novpn = pkgs.writeScriptBin "start_novpn" ''
    #!${pkgs.bash}/bin/bash
-    configure_rules() {
+    add_rules() {
-      ip rule del fwmark 100 table 150
+      ip rule add fwmark 150 table 150
      ip rule del from 192.168.150.2 table 150
      ip rule del to 192.168.150.2 table 150
      ip route del default via $default_gateway dev $default_interface table 150
      ip route del 192.168.150.2 via 192.168.150.1 dev novpn0 table 150
      ip rule add fwmark 100 table 150
      ip rule add from 192.168.150.2 table 150
      ip rule add to 192.168.150.2 table 150
      ip route add default via $default_gateway dev $default_interface table 150 
      ip route add 192.168.150.2 via 192.168.150.1 dev novpn0 table 150
      iptables -t nat -A POSTROUTING -o "$default_interface" -j MASQUERADE
    }
-    default_gateway=$(ip route | awk '/default/ {print $3}')
+    set_gateway() {
-    default_interface=$(ip route | awk '/default/ {print $5}')
+      default_interface_new=$(ip route | awk '/default/ {print $5}')
      default_gateway_new=$(ip route | awk '/default/ {print $3}')
-    if [[ -z "$default_interface" ]]; then
+      if [[ ! -z "$default_interface_new" && ! -z "$default_gateway_new" ]]; then
-      echo "No default interface"
+        default_interface=$default_interface_new
-      exit 1
+        default_gateway=$default_gateway_new
-    fi
+        echo "$default_gateway" > /etc/netns/novpn/default_gateway
        echo "$default_interface" > /etc/netns/novpn/default_interface
      fi
    }
    mkdir -p /etc/netns/novpn/
    echo "nameserver 1.1.1.1" > /etc/netns/novpn/resolv.conf
    echo "nameserver 1.1.0.1" >> /etc/netns/novpn/resolv.conf
    sysctl -wq net.ipv4.ip_forward=1
    iptables -t nat -A POSTROUTING -o "$default_interface" -j MASQUERADE
    ip link add novpn0 type veth peer name novpn1
    ip link set novpn1 netns novpn
@ -72,21 +83,20 @@ let
    ip netns exec novpn ip link set novpn1 up
    ip netns exec novpn ip route add default via 192.168.150.1
-    configure_rules
+    set_gateway
    if [[ -z "$default_interface" ]]; then
      echo "No default interface"
      exit 1
    fi
    add_rules
    sleep 3
    ip monitor route | while read -r event; do
      case "$event" in
          'local '*)
-            default_interface_new=$(ip route | awk '/default/ {print $5}')
+            ${delete_rules}/bin/delete_rules
-            default_gateway_new=$(ip route | awk '/default/ {print $3}')
+            set_gateway
-
+            add_rules
            if [[ ! -z "$default_interface_new" && ! -z "$default_gateway_new" ]]; then
              default_interface=$default_interface_new
              default_gateway=$default_gateway_new
            fi
            configure_rules
          ;;
      esac
    done
@ -94,22 +104,25 @@ let
  stop_novpn = pkgs.writeScriptBin "stop_novpn" ''
    #!${pkgs.bash}/bin/bash
    ${delete_rules}/bin/delete_rules
    rm -rf /etc/netns/novpn/
    ip rule del fwmark 100 table 150
    ip rule del from 192.168.150.2 table 150
    ip rule del to 192.168.150.2 table 150
    ip link del novpn0
    ip netns del novpn
    rm -rf /var/run/netns/novpn/
    exit 0
  '';
 in {
  users.users.socks = {
    group = "socks";
    isSystemUser = true;
  };
-  novpn = {
+  users.groups.socks = {};
  systemd.services = builtins.listToAttrs (map socksBuilder socksed) // { novpn = {
    enable = true;
    description = "novpn namespace";
    after = [ "network-online.target" ];
    wantedBy = [ "multi-user.target" ];
-    wants = map (s: "${s.name}.service") socksed;
+    wants = map (s: "${s.name}.service") socksed ++ [ "network-online.target"];
    serviceConfig = {
      Restart = "on-failure";
@ -121,20 +134,23 @@ let
    preStart = "${stop_novpn}/bin/stop_novpn && ip netns add novpn";
    path = with pkgs; [ gawk iproute2 iptables sysctl coreutils ];
-  };
+  };};
 in {
  users.users.socks = {
    group = "socks";
    isSystemUser = true;
  };
-  users.groups.socks = {};
+  users.users.delta.packages = [
-  systemd.services = builtins.listToAttrs (map socksBuilder socksed) // { novpn = novpn; };
+    (pkgs.writeScriptBin "nyx" ''sudo -u tor -g tor ${inputs.nixpkgs-2105.legacyPackages."x86_64-linux".nyx}/bin/nyx $@'')
  ];
-  users.users.delta.packages = [ (pkgs.makeDesktopItem {
+  services.tor = {
-   name = "firefox-russia";
+    enable = true;
-   desktopName = "Firefox Russia";
+    client = {
-   icon = "firefox-developer-edition";
+      enable = true;
-   exec = ''firejail --blacklist="/var/run/nscd" --ignore="include whitelist-run-common.inc" --netns=novpn firefox -P russia -no-remote'';
+      socksListenAddress = 9063;
-  }) ];
+    };
    settings = {
      Socks5Proxy = "192.168.150.2:3333";
      ControlPort = 9051;
      CookieAuthentication = true;
    };
  };
 }
--- a/hosts/dlaptop/work.nix
+++ b/hosts/dlaptop/work.nix
@ -308,7 +308,7 @@ let
  };
 in
 {
-  users.users.delta.packages = with pkgs; [
+  users.users.delta.packages = [
    kittyWork
    kittyWorkDesktopItem
    firefoxWork
--- a/firmware/TAS2XXX38BB.bin
+++ b/firmware/TAS2XXX38BB.bin
--- a/firmware/TIAS2781RCA4.bin
+++ b/firmware/TIAS2781RCA4.bin
--- a/firmware/slim7-ssdt
+++ b/firmware/slim7-ssdt
--- a/flake.lock
+++ b/flake.lock
@ -21,61 +21,6 @@
        "type": "github"
      }
    },
    "cachix": {
      "locked": {
        "lastModified": 1635350005,
        "narHash": "sha256-tAMJnUwfaDEB2aa31jGcu7R7bzGELM9noc91L2PbVjg=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "1c1f5649bb9c1b0d98637c8c365228f57126f361",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-20.09",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "firefox": {
      "inputs": {
        "cachix": "cachix",
        "flake-compat": "flake-compat",
        "lib-aggregate": "lib-aggregate",
        "mozilla": "mozilla",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1709209504,
        "narHash": "sha256-szkYp24Xnxb2nsrHgQY3mVvty/humm+1zGXeZ78uA/k=",
        "owner": "nix-community",
        "repo": "flake-firefox-nightly",
        "rev": "9b78672ec1d66f393a7d7923adbbf7f398473dad",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "flake-firefox-nightly",
        "type": "github"
      }
    },
    "flake-compat": {
      "locked": {
        "lastModified": 1688025799,
        "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
        "owner": "nix-community",
        "repo": "flake-compat",
        "rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
@ -101,24 +46,6 @@
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1709126324,
        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_2": {
      "inputs": {
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1710146030,
        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
@ -140,83 +67,48 @@
        ]
      },
      "locked": {
-        "lastModified": 1706981411,
+        "lastModified": 1711133180,
-        "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
+        "narHash": "sha256-WJOahf+6115+GMl3wUfURu8fszuNeJLv9qAWFQl3Vmo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "652fda4ca6dafeb090943422c34ae9145787af37",
+        "rev": "1c2c5e4cabba4c43504ef0f8cc3f3dfa284e2dbb",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-23.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "lib-aggregate": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
        "lastModified": 1709208631,
        "narHash": "sha256-n+SCii/GQR3zjaZzjhGAjrQQlF+xjaGEjWdpDb4wJ3U=",
        "owner": "nix-community",
        "repo": "lib-aggregate",
        "rev": "1f03ac8dc3a54f68f55d36b5e7fc65afc302a3d7",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "lib-aggregate",
        "type": "github"
      }
    },
    "mozilla": {
      "flake": false,
      "locked": {
        "lastModified": 1704373101,
        "narHash": "sha256-+gi59LRWRQmwROrmE1E2b3mtocwueCQqZ60CwLG+gbg=",
        "owner": "mozilla",
        "repo": "nixpkgs-mozilla",
        "rev": "9b11a87c0cc54e308fa83aac5b4ee1816d5418a2",
        "type": "github"
      },
      "original": {
        "owner": "mozilla",
        "repo": "nixpkgs-mozilla",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1709128929,
+        "lastModified": 1710806803,
-        "narHash": "sha256-GWrv9a+AgGhG4/eI/CyVVIIygia7cEy68Huv3P8oyaw=",
+        "narHash": "sha256-qrxvLS888pNJFwJdK+hf1wpRCSQcqA6W5+Ox202NDa0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "c8e74c2f83fe12b4e5a8bd1abbc090575b0f7611",
+        "rev": "b06025f1533a1e07b6db3e75151caa155d1c7eb3",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-23.11",
+        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
-    "nixpkgs-lib": {
+    "nixpkgs-2105": {
      "locked": {
-        "lastModified": 1708821942,
+        "lastModified": 1659914493,
-        "narHash": "sha256-jd+E1SD59qty65pwqad2mftzkT6vW5nNFWVuvayh4Zw=",
+        "narHash": "sha256-lkA5X3VNMKirvA+SUzvEhfA7XquWLci+CGi505YFAIs=",
-        "owner": "nix-community",
+        "owner": "NixOS",
-        "repo": "nixpkgs.lib",
+        "repo": "nixpkgs",
-        "rev": "479831ed8b3c9c7b80533999f880c7d0bf6a491b",
+        "rev": "022caabb5f2265ad4006c1fa5b1ebe69fb0c3faf",
        "type": "github"
      },
      "original": {
-        "owner": "nix-community",
+        "owner": "NixOS",
-        "repo": "nixpkgs.lib",
+        "ref": "nixos-21.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
@ -319,9 +211,9 @@
    "root": {
      "inputs": {
        "anyrun": "anyrun",
        "firefox": "firefox",
        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs",
        "nixpkgs-2105": "nixpkgs-2105",
        "nixpkgs-stable": "nixpkgs-stable",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "secrets": "secrets",
@ -334,17 +226,17 @@
        "sops-nix": "sops-nix"
      },
      "locked": {
-        "lastModified": 1711051538,
+        "lastModified": 1711064484,
-        "narHash": "sha256-/fgXXCdvjvymM/wXivQ09gZI1u/z9Ld79iRg+et08Vo=",
+        "narHash": "sha256-v/o2GSHunWVWtLwcVvaakxXaWDazLfs9n1afjb5cXMA=",
        "ref": "refs/heads/main",
-        "rev": "1ac61646be7e98fb8a0a2722b37b194bb4c33569",
+        "rev": "0da88dbba8f7aa71a1692019825912ac377a5d1b",
-        "revCount": 1,
+        "revCount": 2,
        "type": "git",
-        "url": "ssh://git@github.com/deltathetawastaken/secrets"
+        "url": "ssh://git@github.com/deltathetawastaken/secrets.git"
      },
      "original": {
        "type": "git",
-        "url": "ssh://git@github.com/deltathetawastaken/secrets"
+        "url": "ssh://git@github.com/deltathetawastaken/secrets.git"
      }
    },
    "sops-nix": {
@ -381,24 +273,9 @@
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "telegram-desktop-patched": {
      "inputs": {
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
--- a/flake.nix
+++ b/flake.nix
@ -1,28 +1,29 @@
 {
  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.11";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
-    home-manager.url = "github:nix-community/home-manager/release-23.11";
+    nixpkgs-2105.url = "github:NixOS/nixpkgs/nixos-21.05";
    home-manager.url = "github:nix-community/home-manager";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
    firefox.url = "github:nix-community/flake-firefox-nightly";
    firefox.inputs.nixpkgs.follows = "nixpkgs";
    anyrun.url = "github:Kirottu/anyrun";
    anyrun.inputs.nixpkgs.follows = "nixpkgs-unstable";
    telegram-desktop-patched.url = "github:shwewo/telegram-desktop-patched";
-    secrets.url = "git+ssh://git@github.com/deltathetawastaken/secrets";
+    secrets.url = "git+ssh://git@github.com/deltathetawastaken/secrets.git";
    #agenix.url = "github:ryantm/agenix";
    #agenix.inputs.darwin.follows = "";
    #ragenix = {
    #  url = "github:yaxitech/ragenix";
    #  inputs.flake-utils.follows = "flake-utils";
    #  inputs.nixpkgs.follows = "nixpkgs";
    #};
  };
-  outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixpkgs-unstable, home-manager, firefox, anyrun, ... }: 
+  outputs = inputs @ { self, nixpkgs, home-manager, anyrun, ... }: 
  let
    pkgs = nixpkgs.legacyPackages."x86_64-linux";
    stable = import inputs.nixpkgs-stable { system = "x86_64-linux"; config = { allowUnfree = true; }; };
    unstable = import inputs.nixpkgs-unstable { system = "x86_64-linux"; config = { allowUnfree = true; }; };
    specialArgs = { inherit inputs self stable unstable homeSettings; };
    homeSettings = {
      home-manager.useGlobalPkgs = true;
      home-manager.useUserPackages = true;
      home-manager.users.delta = import ./home/home.nix;
      home-manager.extraSpecialArgs = specialArgs;
    };
  in {
    devShells."x86_64-linux".default = pkgs.mkShell {
      name = "delta";
@ -32,111 +33,20 @@
        pre-commit install &> /dev/null
      '';
    };
-    nixosConfigurations.dlaptop = nixpkgs-unstable.lib.nixosSystem {
+    nixosConfigurations.dlaptop = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
-      specialArgs = {
+      specialArgs = specialArgs;
-        inherit inputs;
+      modules = [ ./hosts/generic.nix ./hosts/dlaptop/system.nix ];
        stable = import nixpkgs-stable {
          system = "x86_64-linux";
          config = { allowUnfree = true; };
        };
        unstable = import nixpkgs-unstable {
          system = "x86_64-linux";
          config = { allowUnfree = true; };
        };
      };
      modules = [
        ./hosts/generic.nix
        ./hosts/dlaptop/configuration.nix
        ./hosts/dlaptop/hardware-configuration.nix
        home-manager.nixosModules.home-manager
        inputs.secrets.nixosModules.dlaptop
        {
          home-manager.useGlobalPkgs = true;
          home-manager.useUserPackages = true;
          home-manager.users.delta = import ./home/home.nix;
          home-manager.extraSpecialArgs = {
            inherit inputs;
            stable = import nixpkgs-stable {
              system = "x86_64-linux";
              config = { allowUnfree = true; };
            };
            unstable = import nixpkgs-unstable {
              system = "x86_64-linux";
              config = { allowUnfree = true; };
            };
          };
        }
      ];
    };
-    nixosConfigurations.intelnuc = nixpkgs-unstable.lib.nixosSystem {
+    nixosConfigurations.intelnuc = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
-      specialArgs = {
+      specialArgs = specialArgs;
-        inherit inputs;
+      modules = [ ./hosts/generic.nix ./hosts/intelnuc/system.nix ];
        stable = import nixpkgs-stable {
          system = "x86_64-linux";
          config = { allowUnfree = true; };
        };
        unstable = import nixpkgs-unstable {
          system = "x86_64-linux";
          config = { allowUnfree = true; };
        };
      };
      modules = [
        ./hosts/generic.nix
        ./hosts/intelnuc/configuration.nix
        ./hosts/intelnuc/hardware-configuration.nix
        inputs.secrets.nixosModules.intelnuc
      ];
    };
-    nixosConfigurations.huanan = nixpkgs-unstable.lib.nixosSystem {
+    nixosConfigurations.huanan = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
-      specialArgs = {
+      specialArgs = specialArgs;
-        inherit inputs;
+      modules = [ ./hosts/generic.nix ./hosts/huanan/system.nix ];
        stable = import nixpkgs-stable {
          system = "x86_64-linux";
          config = { allowUnfree = true; };
        };
        unstable = import nixpkgs-unstable {
          system = "x86_64-linux";
          config = { allowUnfree = true; };
        };
      };
      modules = [
        ./hosts/generic.nix
        ./hosts/huanan/configuration.nix
        ./hosts/huanan/hardware-configuration.nix
        home-manager.nixosModules.home-manager
        {
          home-manager.useGlobalPkgs = true;
          home-manager.useUserPackages = true;
          home-manager.users.delta = import ./home/home.nix;
          home-manager.extraSpecialArgs = {
            inherit inputs;
            stable = import nixpkgs-stable {
              system = "x86_64-linux";
              config = { allowUnfree = true; };
            };
            unstable = import nixpkgs-unstable {
              system = "x86_64-linux";
              config = { allowUnfree = true; };
            };
          };
        }
      ];
    };
  #  devShells = flake-utils.lib.eachDefaultSystem (system: rec {
  #  pkgs = import nixpkgs {
  #    inherit system;
  #    overlays = [  ];
  #  };
  #  default = pkgs.mkShell {
  #    packages = [  ];
  #    # ...
  #  };
  #});
  };
 }
--- a/home/gnome.nix
+++ b/home/gnome.nix
@ -1,40 +0,0 @@
 { inputs, home, config, lib, ... }:
 {
  dconf = {
    enable = true;
    settings = {
      "org/gnome/settings-daemon/plugins/media-keys" = {
        custom-keybindings = [
          "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
          "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
        ];
      };
      "org/gnome/shell/keybindings" = {
        show-screenshot-ui = [ "<Shift><Super>s" ];
      };
      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
        binding = "<Alt>Return";
        command = "/etc/profiles/per-user/delta/bin/kitty_wrapped";
        name = "kitty";
      };
      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
        binding = "<Control><Alt>x";
        command = "/etc/profiles/per-user/delta/bin/keepassxc";
        name = "keepassxc";
      };
      "org/gnome/desktop/sound" = {
        allow-volume-above-100-percent = true;
      };
      "org/gnome/mutter" = {
         experimental-features = [ "scale-monitor-framebuffer" ];
       };
      #"org/gnome/mutter" = {
      #  experimental-features = lib.mkForce [ ];
      #};
      "org/gnome/settings-daemon/plugins/power".sleep-inactive-battery-timeout =
        300;
    };
  };
 }
--- a/home/home.nix
+++ b/home/home.nix
@ -5,22 +5,38 @@
  home.stateVersion = "23.11";
  imports = [ 
    ./programs 
    ./theme.nix
    ./gnome.nix
  ];
  services.blueman-applet.enable = true;
  services.network-manager-applet.enable = true;
  programs.vscode = {
      enable = true;
      package = pkgs.vscodium;
      extensions = with pkgs.vscode-extensions; [
        matklad.rust-analyzer
        jnoortheen.nix-ide
      ];
      enableUpdateCheck = false;
      userSettings = {
        "window.titleBarStyle" = "custom";
        "nix.enableLanguageServer"= true;
        "nix.serverPath" = "${pkgs.nil}/bin/nil";
        "nix.serverSettings" = {
          nil = {
            formatting = {
              command = [ "${pkgs.nixfmt}/bin/nixfmt" ];
            };
          };
        };
      };
    };
  programs.git = {
    enable = true;
-    package = pkgs.vscodium;
+    userName  = "delta";
-    extensions = with pkgs.vscode-extensions; [
+    userEmail = "delta@example.com";
      bbenoist.nix
      brettm12345.nixfmt-vscode
    ];
  };
  #xdg.desktopEntries = {
--- a/home/programs/hypr/hyprland-environment.nix
+++ b/home/programs/hypr/hyprland-environment.nix
@ -1,25 +0,0 @@
 { config, pkgs, ... }:
 {
  home = {
    sessionVariables = {
      #EDITOR = "lvim";
      #BROWSER = "librewolf";
      #TERMINAL = "kitty";
      #GBM_BACKEND= "nvidia-drm";
      #__GLX_VENDOR_LIBRARY_NAME= "nvidia";
      #LIBVA_DRIVER_NAME= "nvidia"; # hardware acceleration
      __GL_VRR_ALLOWED = "1";
      #WLR_NO_HARDWARE_CURSORS = "1";
      #WLR_RENDERER_ALLOW_SOFTWARE = "1";
      CLUTTER_BACKEND = "wayland";
      WLR_RENDERER = "vulkan";
      XDG_CURRENT_DESKTOP = "Hyprland";
      XDG_SESSION_DESKTOP = "Hyprland";
      XDG_SESSION_TYPE = "wayland";
      MOZ_USE_XINPUT2 = "1";
    };
  };
 }
--- a/hosts/dlaptop/apps/gnome.nix
+++ b/hosts/dlaptop/apps/gnome.nix
@ -0,0 +1,191 @@
 { pkgs, lib, inputs, ... }: with lib.gvariant;
 let
 #  wallpaper = pkgs.stdenv.mkDerivation {
 #    name = "wallpaper";
 #    phases = [ "installPhase" ];
 #    installPhase = ''
 #      mkdir -p $out/share/backgrounds
 #      cp ${../wallpaper.png} $out/share/backgrounds/wallpaper.png
 #    '';
 #  };
 in 
 {
  #imports = [
  #  inputs.home-manager.nixosModules.home-manager
  #];
  nixpkgs.overlays = [
    (final: prev: {
      gnome = prev.gnome.overrideScope' (gnomeFinal: gnomePrev: {
        mutter = gnomePrev.mutter.overrideAttrs (old: {
          src = pkgs.fetchgit {
            url = "https://gitlab.gnome.org/vanvugt/mutter.git";
            # GNOME 45: triple-buffering-v4-45
            rev = "0b896518b2028d9c4d6ea44806d093fd33793689";
            sha256 = "sha256-mzNy5GPlB2qkI2KEAErJQzO//uo8yO0kPQUwvGDwR4w=";
          };
        });
      });
    })
  ];
  programs.dconf.enable = true;
  programs.dconf.profiles.user.databases = [
    { 
      settings = {
        "org/gnome/mutter" = {
          experimental-features = [ "scale-monitor-framebuffer" ];
        };
        "org/gnome/settings-daemon/plugins/media-keys" = {
          custom-keybindings = [
            "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
            "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
          ];
        };
        "org/gnome/shell/keybindings" = {
          show-screenshot-ui = [ "<Shift><Super>s" ];
        };
        "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
          binding = "<Alt>Return";
          command = "/etc/profiles/per-user/delta/bin/kitty_wrapped";
          name = "kitty";
        };
        "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
          binding = "<Control><Alt>x";
          command = "/etc/profiles/per-user/delta/bin/keepassxc";
          name = "keepassxc";
        };
        "org/gnome/desktop/sound" = {
          allow-volume-above-100-percent = true;
        };
        "org/gnome/desktop/wm/keybindings" = {
          # close = mkEmptyArray (type.string);
          # switch-input-source = [ "<Shift>Alt_L" ];
          # switch-input-source-backward = [ "<Alt>Shift_L" ];
        };
        "org/gnome/desktop/interface" = {
          icon-theme = "Papirus-Dark";
          color-scheme = "prefer-dark";
          gtk-theme = "adw-gtk3-dark";
        };
        "org/gnome/shell" = {
          favorite-apps = [
            "firefox.desktop" 
            "vesktop.desktop"
            "org.telegram.desktop.desktop" 
            "spotify.desktop" 
            "kitty.desktop" 
            "org.gnome.Nautilus.desktop"
          ];
          disable-user-extensions = false;
          enabled-extensions = [
            "activate-window-by-title@lucaswerkmeister.de" 
            "appindicatorsupport@rgcjonas.gmail.com" 
            "clipboard-indicator@tudmotu.com" 
            "gsconnect@andyholmes.github.io"
            "tailscale@joaophi.github.com"
            "unite@hardpixel.eu" 
            "user-theme@gnome-shell-extensions.gcampax.github.com"
            "pip-on-top@rafostar.github.com"
            "cloudflare-warp-toggle@khaled.is-a.dev"
          ];
        };
        "org/gnome/desktop/input-sources" = {
          mru-sources = [ (mkTuple [ "xkb" "us" ]) ];
          sources = [ (mkTuple [ "xkb" "us" ]) (mkTuple [ "xkb" "ru" ]) ];
          xkb-options = [ "terminate:ctrl_alt_bksp" "lv3:switch" "compose:ralt" ];
        };
        "org/gnome/desktop/screensaver" = {
          lock-enabled = true;
        };
        "org/gnome/desktop/notifications" = {
          show-in-lock-screen = false;
        };
        "org/gnome/desktop/session" = {
          idle-delay = mkUint32 0;
        };
        "org/gnome/shell/extensions/unite" = {
          enable-titlebar-actions = true; 
          extend-left-box = false;
          hide-activities-button = "never";
          hide-app-menu-icon = false;
          notifications-position = "center";
          reduce-panel-spacing = true;
          restrict-to-primary-screen = false;
          show-appmenu-button = true;
          show-desktop-name = false;
          show-legacy-tray = false;
          show-window-buttons = "never";
          show-window-title = "never";
        };
        #"org/gnome/shell/extensions/user-theme" = {
        #  name = "Mojave-Dark-solid-alt";
        #};
        "org/gnome/shell/weather" = {
          automatic-location = true;
        };
        #"org/gnome/desktop/background" = {
        #  picture-uri = "file:///run/current-system/sw/share/backgrounds/wallpaper.png";
        #  picture-uri-dark = "file:///run/current-system/sw/share/backgrounds/wallpaper.png";
        #};
        "org/gnome/desktop/peripherals/touchpad" = {
          tap-to-click = true;
        };
        "org/gnome/settings-daemon/plugins/power" = {
          sleep-inactive-ac-type = "nothing";
        };
        "org/gnome/settings-daemon/plugins/power" = {
          sleep-inactive-battery-timeout = mkUint32 300;
        };
      };
    }
  ];
  environment.systemPackages = with pkgs; [
    gnomeExtensions.appindicator
    gnomeExtensions.activate-window-by-title
    gnomeExtensions.unite
    gnomeExtensions.tailscale-qs
    gnomeExtensions.gsconnect
    gnomeExtensions.clipboard-indicator
    gnomeExtensions.pip-on-top
    gnomeExtensions.cloudflare-warp-toggle
    gnomeExtensions.tiling-assistant
    gnome.gnome-tweaks
    mojave-gtk-theme
    adw-gtk3
    papirus-icon-theme
    #wallpaper
  ];
  environment.gnome.excludePackages = with pkgs.gnome; [
    pkgs.gnome-text-editor
    pkgs.gnome-tour
    pkgs.orca
    epiphany
    geary
    gnome-backgrounds
    gnome-calendar
    gnome-characters
    gnome-clocks
    gnome-contacts
    gnome-font-viewer
    gnome-logs
    gnome-maps
    gnome-music
    gnome-weather
    simple-scan
    sushi
    totem
    yelp
  ];
  services.gnome = {
    gnome-browser-connector.enable = false;
    gnome-initial-setup.enable = false;
    gnome-online-accounts.enable = false;
  };
 }
--- a/hosts/dlaptop/configuration.nix
+++ b/hosts/dlaptop/configuration.nix
@ -1,414 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { inputs, stable, unstable, config, pkgs, age, lib, ... }:
 {
  time.timeZone = "Europe/Moscow";
  i18n.defaultLocale = "en_GB.UTF-8";
  # i18n.extraLocaleSettings = {
  #   #LC_TIME = "ru_RU.UTF-8";
  #   #LC_ALL = "en_GB.UTF-8";
  # };
  # age.rekey = {
  #   hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGGL2UD0frl9F2OPBiPlSQqxDsuACbAVgwH24F0KT14L delta@dlaptop";
  #   #masterIdentities = [ "/home/delta/.ssh/id_ed25519" ];
  #   masterIdentities = [ "/home/delta/.secrets/key.txt" ];
  #   storageMode = "local";
  #   localStorageDir = ../../secrets/rekeyed/${config.networking.hostName};
  # };
  imports = [ 
    ./socks.nix
    ./apps.nix
    ./work.nix
    ./scripts.nix
  ];
  hardware.opengl = {
    enable = true;
    driSupport = true;
    driSupport32Bit = true;
    extraPackages = [ pkgs.amdvlk ];
    extraPackages32 = [ pkgs.driversi686Linux.amdvlk ];
  };
  nixpkgs.overlays = [
    (final: prev: {
      gnome = prev.gnome.overrideScope' (gnomeFinal: gnomePrev: {
        mutter = gnomePrev.mutter.overrideAttrs (old: {
          src = pkgs.fetchgit {
            url = "https://gitlab.gnome.org/vanvugt/mutter.git";
            # GNOME 45: triple-buffering-v4-45
            rev = "0b896518b2028d9c4d6ea44806d093fd33793689";
            sha256 = "sha256-mzNy5GPlB2qkI2KEAErJQzO//uo8yO0kPQUwvGDwR4w=";
          };
        });
      });
    })
  ];
  environment.sessionVariables = {
    QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
    QT_QPA_PLATFORM = "wayland";
    STEAM_FORCE_DESKTOPUI_SCALING = "1";
    NIXOS_OZONE_WL = "1";
    XCURSOR_SIZE = "16";
  };
  #services.dnscrypt-proxy2 = {
  #  enable = true;
  #  settings = {
  #    ipv6_servers = true;
  #    require_dnssec = true;
  #    server_names = [ "cloudflare" ];
  #  };
  #};
  users.groups.no-net = {};
  #services.connman.wifi.backend = "iwd";
  networking = {
    hostName = "dlaptop";
    nameservers = [ "100.92.15.128" "fd7a:115c:a1e0::b21c:f80" ];
    networkmanager.dns = "none"; 
    networkmanager.enable = true;
    #wireless.iwd.enable = true;
    #networkmanager.wifi.backend = "iwd";
    useDHCP = lib.mkDefault true;
    interfaces.wlp1s0.proxyARP = true;
    iproute2.enable = true;
    firewall = {
      enable = true;
      allowedTCPPorts = [
        # qbittorrent
        4780 
        # audiorelay
        59100
        # localsend
        53317
        #syncthing
        22000
      ];
      allowedUDPPorts = [
        # audiorelay
        59100
        59200
        # localsend
        53317
        #syncthing
        22000
        21027
      ];
      allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; # kde connect
      allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
      checkReversePath = "loose";
      extraCommands = ''
        iptables -A OUTPUT -m owner --gid-owner no-net -j REJECT
      '';
    };
  };
  users.groups.cloudflared = { };
  users.users.cloudflared = {
    group = "cloudflared";
    isSystemUser = true;
  };
  users.groups.socks = { };
  services.cloudflared.enable = false;
  services.cloudflared.tunnels = {
    "dlaptop" = {
      default = "http_status:404";
      credentialsFile = "/run/secrets/cloudflared";
    };
  };
  systemd.services.cloudflared-tunnel-dlaptop.serviceConfig.Restart = lib.mkForce "on-failure";
  systemd.services.cloudflared-tunnel-dlaptop.serviceConfig.RestartSec = lib.mkForce 60;
  programs.captive-browser = {
    browser = ''firejail --ignore="include whitelist-run-common.inc" --private --profile=chromium ${pkgs.bash}/bin/bash -c '${pkgs.coreutils}/bin/env XDG_CONFIG_HOME="$PREV_CONFIG_HOME" ${pkgs.chromium}/bin/chromium --user-data-dir=''${XDG_DATA_HOME:-$HOME/.local/share}/chromium-captive --proxy-server="socks5://$PROXY" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost" --no-first-run --new-window --incognito -no-default-browser-check http://cache.nixos.org/' '';
    interface = "wlp1s0";
    enable = true;
  };
  security = {
    sudo.wheelNeedsPassword = false;
    wrappers = {
      firejail = { 
        source = "${pkgs.firejail.out}/bin/firejail"; 
      };
    };
    pam.loginLimits = [{ #needed for swaylock
      domain = "@users";
      item = "rtprio";
      type = "-";
      value = 1;
    }];
    pam.services.swaylock = { };
    rtkit.enable = true;
  };
  powerManagement.enable = true;
  services.power-profiles-daemon.enable = false;
  services.tlp = {
    enable = true;
    settings = {
      CPU_SCALING_GOVERNOR_ON_AC = "powersave";
      CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
      CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
      CPU_ENERGY_PERF_POLICY_ON_AC = "balance_performance";
      CPU_SCALING_MAX_FREQ_ON_AC = 6600000;
      CPU_SCALING_MAX_FREQ_ON_BAT = 1600000;
      PLATFORM_PROFILE_ON_AC = "balanced";
      PLATFORM_PROFILE_ON_BAT = "low-power";
      #Trubo boost control
      CPU_BOOST_ON_AC = 1;
      CPU_BOOST_ON_BAT = 1;
      CPU_HWP_DYN_BOOST_ON_AC = 1;
      CPU_HWP_DYN_BOOST_ON_BAT = 1;
      #Optional helps save long term battery health
      #START_CHARGE_THRESH_BAT0 = 40; # 40 and bellow it starts to charge
      #STOP_CHARGE_THRESH_BAT0 = 80; # 80 and above it stops charging
    };
  };
  services.xserver = {
    enable = true;
    videoDrivers = [ "modesetting" ];
    displayManager = {
      gdm.enable = true;
      autoLogin = {
        enable = false;
        user = "delta";
      };
    };
    desktopManager.gnome.enable = true;
    layout = "us";
    xkbVariant = "";
    excludePackages = [ pkgs.xterm ];
  };
  services.gnome = {
    gnome-browser-connector.enable = false;
    gnome-initial-setup.enable = false;
    gnome-online-accounts.enable = false;
  };
  services.flatpak.enable = true;
  services.printing.enable = true;
  services.pipewire = {
    enable = true;
    wireplumber.enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };
  sound = {
    enable = true;
    extraConfig = "\n";
  };
  hardware.pulseaudio.enable = false;
  services.tailscale.enable = true;
  services.syncthing.enable = true;
  services.blueman.enable = true;
  services.tumbler.enable = true;
  services.gvfs.enable = true;
  services.udev.packages = [ 
    pkgs.gnome.gnome-settings-daemon
    pkgs.android-udev-rules
    pkgs.yubikey-personalization
    ];
  #services.udev.extraRules = ''
  #  #yubikey autostart
  #  ENV{ID_VENDOR}=="Yubico", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0010|0111|0112|0113|0114|0115|0116|0401|0402|0403|0404|0405|0406|0407|0410", SYMLINK+="yubikey", TAG+="systemd"
  #'';
  #systemd.user.services.yubioath = {
  #  enable = true;
  #  description = "Autostart Yubico Authenticator";
  #  after = [ "dev-yubikey.device" ];
  #  unitConfig = {
  #    StopPropagatedFrom="dev-yubikey.device"; #comment to not close app after yubi remove
  #  };
  #  serviceConfig = {
  #    Type = "oneshot";
  #  };
  #  
  #  script = "${pkgs.yubioath-flutter}/bin/yubioath-flutter";
  #};
  programs.thunar.enable = true;
  programs.firejail.enable = true;
  programs.hyprland.enable = true;
  programs.xfconf.enable = true;
  programs.dconf.enable = true;
  programs.virt-manager.enable = true;
  programs.steam.enable = true;
  programs.gamemode.enable = true;
  programs.thunar.plugins = with pkgs.xfce; [
    thunar-archive-plugin
    thunar-volman
  ];
  xdg.portal.extraPortals = with pkgs; [ xdg-desktop-portal-hyprland ];
  environment = {
    gnome.excludePackages = [
      #pkgs.gnome-connections
      #pkgs.gnome-console
      pkgs.gnome-text-editor
      pkgs.gnome-tour
      #pkgs.gnome.adwaita-icon-theme
      pkgs.gnome.epiphany # browser
      #pkgs.gnome.evince # pdf + office files
      #pkgs.gnome.file-roller #archive explorer
      pkgs.gnome.geary
      pkgs.gnome.gnome-backgrounds
      pkgs.gnome.gnome-calendar
      pkgs.gnome.gnome-characters
      pkgs.gnome.gnome-clocks
      pkgs.gnome.gnome-contacts
      pkgs.gnome.gnome-font-viewer
      pkgs.gnome.gnome-logs
      pkgs.gnome.gnome-maps
      pkgs.gnome.gnome-music
      #pkgs.gnome.gnome-themes-extra
      pkgs.gnome.gnome-weather
      #pkgs.gnome.nautilus
      pkgs.gnome.simple-scan
      pkgs.gnome.sushi
      pkgs.gnome.totem
      pkgs.gnome.yelp
      pkgs.orca
    ];
  };
  virtualisation = {
    podman = {
      enable = true;
      dockerCompat = true;
    };
    spiceUSBRedirection.enable = true;
    libvirtd.enable = true;
  };
  environment.systemPackages = with pkgs; [
    gnomeExtensions.appindicator
    gnomeExtensions.activate-window-by-title
    gnomeExtensions.unite
    gnomeExtensions.tailscale-qs
    gnomeExtensions.gsconnect
    gnomeExtensions.clipboard-indicator
    gnomeExtensions.tiling-assistant
    #gnomeExtensions.wintile-windows-10-window-tiling-for-gnome
    gnomeExtensions.cloudflare-warp-toggle
    gnome.gnome-tweaks
    mojave-gtk-theme
    adw-gtk3
    any-nix-shell
    openconnect
    oath-toolkit
    expect
    ffmpegthumbnailer
    webp-pixbuf-loader
    freetype
    poppler
    f3d
    nufraw-thumbnailer
    android-tools
    firefox
    #firefox_nightly
    #inputs.anyrun.packages.${pkgs.system}.anyrun
    inputs.telegram-desktop-patched.packages.${pkgs.system}.default
    # inputs.ragenix.packages.x86_64-linux.default
    sops
    yubikey-manager-qt
    yubico-piv-tool
    yubioath-flutter
    yubikey-personalization
    yubikey-personalization-gui
    (pkgs.writeScriptBin "warp-cli" "${pkgs.cloudflare-warp}/bin/warp-cli $@")
    age-plugin-yubikey
  ];
  services.pcscd.enable = true;
  #users.users.socks = {
  #  group = "socks";
  #  isSystemUser = true;
  #};
  #users.groups.socks = { };
  #systemd.services.singbox-aus = {
  #  enable = true;
  #  description = "avoid censorship";
  #  wantedBy = [ "multi-user.target" ];
  #  serviceConfig = {
  #    Restart = "on-failure";
  #    RestartSec = "15";
  #    User = "socks";
  #    Group = "socks";
  #  };
  #  script = "sing-box run -c /run/secrets/singbox-aus";
  #  path = with unstable; [
  #    shadowsocks-libev
  #    shadowsocks-v2ray-plugin
  #    sing-box
  #  ];
  #};
  systemd.services.cloudflare-warp = {
    enable = true;
    description = "cloudflare warp service";
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      Restart = "on-failure";
      RestartSec = "15";
    };
    script = "${pkgs.cloudflare-warp}/bin/warp-svc";
    postStart = ''
      while true; do
        set -e
        status=$(${pkgs.cloudflare-warp}/bin/warp-cli status || true)
        set +e
        if [[ "$status" != *"Unable to connect to CloudflareWARP daemon"* ]]; then
          ${pkgs.cloudflare-warp}/bin/warp-cli set-custom-endpoint 162.159.193.1:2408
          exit 0
        fi
        sleep 15
      done
    '';
  };
  #config.services.openssh.hostKeys = [ "/home/delta/.ssh/id_ed25519" ];
  systemd.services.NetworkManager-wait-online.enable = false;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.11"; # Did you read the comment?
 }
--- a/hosts/dlaptop/hardware-configuration.nix
+++ b/hosts/dlaptop/hardware-configuration.nix
@ -1,80 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { unstable, config, lib, pkgs, modulesPath, ... }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  hardware.firmware = [
    (pkgs.runCommandNoCC "subwoofer" { } ''
      mkdir -p $out/lib/firmware/
      cp ${../../firmware/TAS2XXX38BB.bin} $out/lib/firmware/TAS2XXX38BB.bin
      cp ${../../firmware/TIAS2781RCA4.bin} $out/lib/firmware/TIAS2781RCA4.bin
    '')
  ];
  boot.loader.systemd-boot.enable = true;
  boot.loader.systemd-boot.extraInstallCommands = ''
    patch_slim7_ssdt=$(
      ${pkgs.coreutils}/bin/cp -f ${
        ../../firmware/slim7-ssdt
      } /boot/EFI/nixos/slim7-ssdt
      for file in /boot/loader/entries/nixos-generation-*.conf; do
        ${pkgs.gnused}/bin/sed -i '0,/^initrd\s/{s/^initrd\s/initrd \/efi\/nixos\/slim7-ssdt\n&/}' "$file"
      done
    )
  '';
  boot.kernelParams = [
    "rtc_cmos.use_acpi_alarm=1"
    "ideapad_laptop.allow_v4_dytc=1"
    "amd_pstate=active"
    "initcall_blacklist=acpi_cpufreq_init"
    "nowatchdog"
    "amd_pstate.shared_mem=1"
  ];
  boot.kernelModules = [ "amd-pstate" "acpi_call" "amdgpu" "kvm-amd" ];
  boot.loader.efi.canTouchEfiVariables = true;
  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelPackages = unstable.linuxPackages_zen;
  boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call cpupower ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/6b2d5c46-92de-42d0-a272-16b7ef7f30af";
    fsType = "ext4";
  };
  boot.initrd.luks.devices."luks-db81e97a-eb4b-43c5-b128-ef838495fc9a".device =
    "/dev/disk/by-uuid/db81e97a-eb4b-43c5-b128-ef838495fc9a";
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/6770-34DC";
    fsType = "vfat";
  };
  swapDevices = [{
    device = "/var/lib/swapfile";
    size = 32 * 1024;
  }];
  hardware.opengl = {
    enable = true;
    driSupport = true;
    driSupport32Bit = true;
    #extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl amdvlk ];
    #extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ];
  };
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode =
    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/dlaptop/hardware.nix
+++ b/hosts/dlaptop/hardware.nix
@ -0,0 +1,95 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { unstable, config, lib, pkgs, modulesPath, self, ... }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot.initrd.prepend = lib.mkOrder 0 [ "${pkgs.fetchurl {
    url = "https://gitlab.freedesktop.org/drm/amd/uploads/9fe228c7aa403b78c61fb1e29b3b35e3/slim7-ssdt";
    sha256 = "sha256-Ef4QTxdjt33OJEPLAPEChvvSIXx3Wd/10RGvLfG5JUs=";
    name = "slim7-ssdt";
  }}" ];
  hardware.firmware = [
    (pkgs.runCommandNoCC "subwoofer" { } ''
      mkdir -p $out/lib/firmware/
      cp ${pkgs.fetchurl {
        url = "https://raw.githubusercontent.com/darinpp/yoga-slim-7/main/lib/firmware/TAS2XXX38BB.bin";
        sha256 = "sha256-qyZxBlnWEnrgbh0crgFf//pKZMTtCqh+CkA+pUNU/+E=";
        name = "TAS2XXX38BB.bin";
      }} $out/lib/firmware/TAS2XXX38BB.bin
      cp ${pkgs.fetchurl {
        url = "https://raw.githubusercontent.com/darinpp/yoga-slim-7/main/lib/firmware/TIAS2781RCA4.bin";
        sha256 = "sha256-Zj7mwS8DsBinZ8BYvcySc753Aq/xid7vAeQOH/oir6Q=";
        name = "TIAS2781RCA4.bin";
      }} $out/lib/firmware/TIAS2781RCA4.bin
    '')
  ];
  boot.loader.systemd-boot.enable = true;
  boot.kernelParams = [
    "rtc_cmos.use_acpi_alarm=1"
    "ideapad_laptop.allow_v4_dytc=1"
    "amd_pstate=active"
    "initcall_blacklist=acpi_cpufreq_init"
    "nowatchdog"
    "amd_pstate.shared_mem=1"
  ];
  boot.kernelModules = [ "amd-pstate" "acpi_call" "amdgpu" "kvm-amd" "vfat" "nls_cp437" "nls_iso8859-1" ];
  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" "vfat" "nls_cp437" "nls_iso8859-1" ];
  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.efi.efiSysMountPoint = "/boot";
  boot.initrd.kernelModules = [ ];
  boot.kernelPackages = unstable.linuxPackages_zen;
  boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call cpupower ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/6b2d5c46-92de-42d0-a272-16b7ef7f30af";
    fsType = "ext4";
  };
  boot.initrd.luks = {
    yubikeySupport = true;
    devices."cryptroot" = {
      device = "/dev/nvme0n1p2";
      yubikey = {
        slot = 2;
        gracePeriod = 7;
        keyLength = 64;
        saltLength = 16;
        twoFactor = false;
        storage = {
          device = "/dev/nvme0n1p1";
          fsType = "vfat";
          path = "/crypt-storage/default";
        };
      };
    };
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/6770-34DC";
    fsType = "vfat";
  };
  swapDevices = [{
    device = "/var/lib/swapfile";
    size = 32 * 1024;
  }];
  hardware.opengl = {
    enable = true;
    driSupport = true;
    driSupport32Bit = true;
    extraPackages = [ pkgs.amdvlk ];
    extraPackages32 = [ pkgs.driversi686Linux.amdvlk ];
  };
  networking.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/dlaptop/services.nix
+++ b/hosts/dlaptop/services.nix
@ -0,0 +1,61 @@
 { pkgs, lib, ... }:
 {
  users.users.delta.packages = [
    (pkgs.writeScriptBin "warp-cli" "${pkgs.cloudflare-warp}/bin/warp-cli $@")
  ];
  systemd.services.cloudflare-warp = {
    enable = true;
    description = "cloudflare warp service";
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      Restart = "on-failure";
      RestartSec = "15";
    };
    script = "${pkgs.cloudflare-warp}/bin/warp-svc";
    postStart = ''
      while true; do
        set -e
        status=$(${pkgs.cloudflare-warp}/bin/warp-cli status || true)
        set +e
        if [[ "$status" != *"Unable to connect to CloudflareWARP daemon"* ]]; then
          ${pkgs.cloudflare-warp}/bin/warp-cli set-custom-endpoint 162.159.193.1:2408
          exit 0
        fi
        sleep 15
      done
    '';
  };
  users.groups.cloudflared = { };
  users.users.cloudflared = {
    group = "cloudflared";
    isSystemUser = true;
  };
  services.cloudflared.enable = false;
  services.cloudflared.tunnels = {
    "dlaptop" = {
      default = "http_status:404";
      credentialsFile = "/run/secrets/cloudflared";
    };
  };
  services.tailscale.enable = true;
  services.syncthing.enable = true;
  services.blueman.enable = true;
  services.tumbler.enable = true;
  services.gvfs.enable = true;
  services.flatpak.enable = true;
  services.printing.enable = true;
  services.pcscd.enable = true;
  services.udev.packages = [ 
    pkgs.gnome.gnome-settings-daemon
    pkgs.android-udev-rules
    pkgs.yubikey-personalization
  ];
  systemd.services.cloudflared-tunnel-dlaptop.serviceConfig.Restart = lib.mkForce "on-failure";
  systemd.services.cloudflared-tunnel-dlaptop.serviceConfig.RestartSec = lib.mkForce 60;
 }
--- a/hosts/dlaptop/system.nix
+++ b/hosts/dlaptop/system.nix
@ -0,0 +1,162 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { pkgs, lib, inputs, self, homeSettings, ... }:
 {
  imports = [
    ./hardware.nix
    ./services.nix
    ./xorg.nix
    "${self}/apps/apps.nix"
    "${self}/apps/socks.nix"
    "${self}/apps/scripts.nix"
    "${self}/apps/work.nix"
    inputs.secrets.nixosModules.dlaptop
    inputs.home-manager.nixosModules.home-manager homeSettings
  ];
  time.timeZone = "Europe/Moscow";
  i18n.defaultLocale = "en_GB.UTF-8";
  networking = {
    hostName = "dlaptop";
    nameservers = [ "100.92.15.128" "fd7a:115c:a1e0::b21c:f80" ];
    networkmanager.dns = "none"; 
    networkmanager.enable = true;
    useDHCP = lib.mkDefault true;
    interfaces.wlp1s0.proxyARP = true;
    iproute2.enable = true;
    firewall = {
      enable = true;
      allowedTCPPorts = [
        # qbittorrent
        4780 
        # audiorelay
        59100
        # localsend
        53317
        #syncthing
        22000
      ];
      allowedUDPPorts = [
        # audiorelay
        59100
        59200
        # localsend
        53317
        #syncthing
        22000
        21027
      ];
      allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; # kde connect
      allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
      checkReversePath = "loose";
    };
  };
  systemd.services.NetworkManager-wait-online.enable = false;
  programs.captive-browser = {
    browser = ''firejail --ignore="include whitelist-run-common.inc" --private --profile=chromium ${pkgs.bash}/bin/bash -c '${pkgs.coreutils}/bin/env XDG_CONFIG_HOME="$PREV_CONFIG_HOME" ${pkgs.chromium}/bin/chromium --user-data-dir=''${XDG_DATA_HOME:-$HOME/.local/share}/chromium-captive --proxy-server="socks5://$PROXY" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost" --no-first-run --new-window --incognito -no-default-browser-check http://cache.nixos.org/' '';
    interface = "wlp1s0";
    enable = true;
  };
  security = {
    sudo.wheelNeedsPassword = false;
    pam.loginLimits = [{ #needed for swaylock
      domain = "@users";
      item = "rtprio";
      type = "-";
      value = 1;
    }];
    pam.services.swaylock = { };
  };
  powerManagement.enable = true;
  services.power-profiles-daemon.enable = false;
  services.tlp = {
    enable = true;
    settings = {
      CPU_SCALING_GOVERNOR_ON_AC = "powersave";
      CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
      CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
      CPU_ENERGY_PERF_POLICY_ON_AC = "balance_performance";
      CPU_SCALING_MAX_FREQ_ON_AC = 6600000;
      CPU_SCALING_MAX_FREQ_ON_BAT = 1600000;
      PLATFORM_PROFILE_ON_AC = "balanced";
      PLATFORM_PROFILE_ON_BAT = "low-power";
      #Trubo boost control
      CPU_BOOST_ON_AC = 1;
      CPU_BOOST_ON_BAT = 1;
      CPU_HWP_DYN_BOOST_ON_AC = 1;
      CPU_HWP_DYN_BOOST_ON_BAT = 1;
      #Optional helps save long term battery health
      #START_CHARGE_THRESH_BAT0 = 40; # 40 and bellow it starts to charge
      #STOP_CHARGE_THRESH_BAT0 = 80; # 80 and above it stops charging
    };
  };
  services.pipewire = {
    enable = true;
    wireplumber.enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  virtualisation = {
    podman = {
      enable = true;
      dockerCompat = true;
    };
    spiceUSBRedirection.enable = true;
    libvirtd.enable = true;
  };
  environment.systemPackages = with pkgs; [
    openvpn
    any-nix-shell
    #work scripts
    openconnect
    oath-toolkit
    expect
    # Thunar stuff
    ffmpegthumbnailer
    webp-pixbuf-loader
    freetype
    poppler
    f3d
    nufraw-thumbnail
    android-tools
    firefox
    tor-browser
    #inputs.anyrun.packages.${pkgs.system}.anyrun
    sops
    yubikey-manager-qt
    yubico-piv-tool
    yubioath-flutter
    yubikey-personalization
    yubikey-personalization-gui
    age-plugin-yubikey
    lua5_4
    nodejs_21
  ];
  system.stateVersion = "23.11"; # Don't forget the comment
 }
--- a/hosts/dlaptop/xorg.nix
+++ b/hosts/dlaptop/xorg.nix
@ -0,0 +1,34 @@
 { lib, pkgs, self, ... }:
 {
  imports = [
    "${self}/apps/gnome.nix"
  ];
  programs.hyprland.enable = true;
  xdg.portal.extraPortals = with pkgs; [ xdg-desktop-portal-hyprland ];
  environment.sessionVariables = {
    QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
    QT_QPA_PLATFORM = "wayland";
    STEAM_FORCE_DESKTOPUI_SCALING = "1";
    NIXOS_OZONE_WL = "1";
    XCURSOR_SIZE = "16";
  };
  services.xserver = {
    enable = true;
    videoDrivers = [ "modesetting" ];
    displayManager = {
      gdm.enable = true;
      autoLogin = {
        enable = false;
        user = "delta";
      };
    };
    desktopManager.gnome.enable = true;
    xkb.layout = "us";
    xkb.variant = "";
    excludePackages = [ pkgs.xterm ];
  };
 }
--- a/hosts/generic.nix
+++ b/hosts/generic.nix
@ -57,10 +57,11 @@ in {
    fishPlugins.grc
    fishPlugins.autopair
    fishPlugins.z
-    #fishPlugins.tide
+    fishPlugins.tide
    #fishPlugins.hydro
    fishPlugins.fzf-fish
    fishPlugins.sponge
    #fishPlugins.async-prompt
    fd
    fzf
    grc
    unstable.nh
@ -68,6 +69,7 @@ in {
    dnsutils
    inetutils
    killall
    (pkgs.writeScriptBin "reboot" ''read -p "Do you REALLY want to reboot? (y/N) " answer; [[ $answer == [Yy]* ]] && ${pkgs.systemd}/bin/reboot'')
  ];
  programs.command-not-found.enable = false;
@ -83,9 +85,21 @@ in {
      set fish_greeting
      #${pkgs.any-nix-shell}/bin/any-nix-shell fish --info-right | source
      any-nix-shell fish --info-right | source 
      tide configure --auto --style=Lean --prompt_colors='16 colors' --show_time=No --lean_prompt_height='Two lines' --prompt_connection=Disconnected --prompt_spacing=Compact --icons='Few icons' --transient=No
    '';
  };
-  users.defaultUserShell = pkgs.fish;
+ 
  programs.tmux.enable = true;
  programs.direnv.enable = true;
  programs.firejail.enable = true;
  security.wrappers = {
    firejail = {
      source = "${pkgs.firejail.out}/bin/firejail";
    };
  };
  users.defaultUserShell = pkgs.fish;
  security.rtkit.enable = true;
  boot.tmp.cleanOnBoot = true;
 }
--- a/hosts/huanan/configuration.nix
+++ b/hosts/huanan/configuration.nix
@ -1,152 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { inputs, unstable, config, pkgs, ... }:
 {
  security = {
    sudo.wheelNeedsPassword = false;
    wrappers = {
      firejail = { 
        source = "${pkgs.firejail.out}/bin/firejail"; 
      };
    };
    pam.loginLimits = [{
      domain = "@users";
      item = "rtprio";
      type = "-";
      value = 1;
    }];
    #pam.services.swaylock = { };
    rtkit.enable = true;
  };
  programs.thunar.enable = true;
  programs.firejail.enable = true;
  programs.hyprland.enable = true;
  programs.xfconf.enable = true;
  programs.dconf.enable = true;
  programs.virt-manager.enable = true;
  programs.steam.enable = true;
  programs.gamemode.enable = true;
  programs.thunar.plugins = with pkgs.xfce; [
    thunar-archive-plugin
    thunar-volman
  ];
  xdg.portal.extraPortals = with pkgs; [ xdg-desktop-portal-hyprland ];
  services.xserver.videoDrivers = ["nvidia"]; 
  hardware.nvidia = {
    modesetting.enable = true;
    powerManagement.enable = false;
    open = false;
    nvidiaSettings = true;
  };
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/nvme0n1";
  boot.loader.grub.useOSProber = true;
  networking.hostName = "huanan";
  networking.networkmanager.enable = true;
  time.timeZone = "Europe/Moscow";
  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ALL = "en_US.UTF-8";
  };
  services.xserver.enable = true;
  services.xserver.displayManager.gdm.enable = true;
  services.xserver.desktopManager.gnome.enable = true;
  services.xserver.displayManager.gdm.wayland = false;
  services.xserver = {
    layout = "us";
    xkbVariant = "";
  };
  services.printing.enable = true;
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };
  environment.systemPackages = with pkgs; [
    gnomeExtensions.appindicator
    gnomeExtensions.activate-window-by-title
    gnomeExtensions.unite
    gnomeExtensions.tailscale-qs
    gnomeExtensions.gsconnect
    gnomeExtensions.clipboard-indicator
    gnomeExtensions.tiling-assistant
    #gnomeExtensions.wintile-windows-10-window-tiling-for-gnome
    gnomeExtensions.advanced-alttab-window-switcher
    gnome.gnome-tweaks
    mojave-gtk-theme
    adw-gtk3
    any-nix-shell
    openconnect
    oath-toolkit
    expect
    ffmpegthumbnailer
    webp-pixbuf-loader
    freetype
    poppler
    f3d
    nufraw-thumbnailer
    curl
    inputs.telegram-desktop-patched.packages.${pkgs.system}.default
  ];
  environment = {
    gnome.excludePackages = [
      #pkgs.gnome-connections
      #pkgs.gnome-console
      pkgs.gnome-text-editor
      pkgs.gnome-tour
      #pkgs.gnome.adwaita-icon-theme
      pkgs.gnome.epiphany # browser
      #pkgs.gnome.evince # pdf + office files
      #pkgs.gnome.file-roller #archive explorer
      pkgs.gnome.geary
      pkgs.gnome.gnome-backgrounds
      pkgs.gnome.gnome-calendar
      pkgs.gnome.gnome-characters
      pkgs.gnome.gnome-clocks
      pkgs.gnome.gnome-contacts
      pkgs.gnome.gnome-font-viewer
      pkgs.gnome.gnome-logs
      pkgs.gnome.gnome-maps
      pkgs.gnome.gnome-music
      #pkgs.gnome.gnome-themes-extra
      pkgs.gnome.gnome-weather
      #pkgs.gnome.nautilus
      pkgs.gnome.simple-scan
      pkgs.gnome.sushi
      pkgs.gnome.totem
      pkgs.gnome.yelp
      pkgs.orca
    ];
  };
  virtualisation = {
    podman = {
      enable = true;
      dockerCompat = true;
    };
    spiceUSBRedirection.enable = true;
    libvirtd.enable = true;
  };
  services.openssh.enable = true;
  networking.firewall.enable = false;
  system.stateVersion = "23.11"; # Did you read the comment?
 }
--- a/hosts/huanan/hardware-configuration.nix
+++ b/hosts/huanan/hardware-configuration.nix
@ -12,7 +12,10 @@
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
-  boot.kernelPackages = unstable.linuxPackages_zen;
+  boot.kernelPackages = pkgs.linuxPackages_zen;
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/nvme0n1";
  boot.loader.grub.useOSProber = true;
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/63db5f65-03bf-455e-ad82-36307c29df79";
--- a/hosts/huanan/system.nix
+++ b/hosts/huanan/system.nix
@ -0,0 +1,53 @@
 { lib, pkgs, inputs, self, ... }:
 {
  imports = [ 
    ./hardware.nix
    "${self}/apps/gnome.nix"
    "${self}/apps/apps.nix"
    inputs.home-manager.nixosModules.home-manager
  ];
  time.timeZone = "Europe/Moscow";
  i18n.defaultLocale = "en_GB.UTF-8";
  services.xserver = {
    enable = true;
    videoDrivers = [ "nvidia" ];
    displayManager = {
      gdm = {
        enable = true;
        wayland = false;
      };
    };
    desktopManager.gnome.enable = true;
    xkb.layout = "us";
    xkb.variant = "";
    excludePackages = [ pkgs.xterm ];
  };
  hardware.nvidia = {
    modesetting.enable = true;
    powerManagement.enable = false;
    open = false;
    nvidiaSettings = true;
  };
  networking = {
    hostName = "huanan";
    networkmanager.enable = true;
    firewall.enable = false;
  };
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };
  services.openssh.enable = true;
  system.stateVersion = "23.11"; # Did you read the comment?
 }
--- a/hosts/intelnuc/hardware-configuration.nix
+++ b/hosts/intelnuc/hardware-configuration.nix
--- a/hosts/intelnuc/configuration.nix
+++ b/hosts/intelnuc/configuration.nix
@ -1,6 +1,11 @@
 { config, pkgs, inputs,... }:
 {
  imports = [
    ./hardware.nix
    inputs.secrets.nixosModules.intelnuc
  ];
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";
  boot.loader.grub.useOSProber = true;