diff --git a/nixos/configuration.nix b/nixos/configuration.nix
index 5ebf214..dd2b524 100644
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -5,7 +5,6 @@
 { config, pkgs, ... }:
 
 let
-  fsOptions = [ "noatime" "ssd" "space_cache" "compress=zstd" ];
   unstable = import <nixos-unstable> {};
 
 in
@@ -19,22 +18,6 @@ in
       <home-manager/nixos>
     ];
 
-  # encrypted partitions
-  boot.initrd.luks =
-    {
-      devices =
-        {
-          "system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef";
-          "cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa";
-        };
-      reusePassphrases = true;
-    };
-
-  fileSystems."/".options = fsOptions ++ [ "subvol=nixos_root" "noatime" ];
-  fileSystems."/home".options = fsOptions ++ [ "subvol=home" "relatime" ];
-  boot.tmpOnTmpfs = true;
-  fileSystems."/tmp".fsType = "tmpfs";
-
   services.davfs2.enable = true;
 
   # try newer kernels
@@ -71,8 +54,6 @@ in
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  boot.kernelParams = [ "iwlwifi.fw_monitor=1" ]; # enable iwlwifi debugging
-
   networking.hostName = "thinknix";
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
 
@@ -93,6 +74,11 @@ in
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.
   programs.bash.enableCompletion = true;
+  programs.wireshark =
+    {
+      enable = true;
+      package = pkgs.wireshark-qt;
+    };
   # programs.mtr.enable = true;
   # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
 
@@ -101,7 +87,7 @@ in
   # Enable the OpenSSH daemon.
   # services.openssh.enable = true;
 
-  programs.ssh.startAgent = true;
+  #programs.ssh.startAgent = true;
 
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];
@@ -127,10 +113,6 @@ in
       enable = true;
       extraBackends = [ pkgs.hplip ];
     };
-  #  nixpkgs.config.allowUnfreePredicate = (
-  #    pkg:
-  #      pkg.name == pkgs.hplipWithPlugin.name
-  #  );
 
   # Enable sound.
   sound.enable = true;
@@ -164,7 +146,7 @@ in
   xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ];
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.extraUsers.spiollinux = {
+  users.users.spiollinux = {
     isNormalUser = true;
     uid = 1000;
     extraGroups = [ "vboxusers" "wheel" "networkmanager" "scanner" "lp" "wireshark" "dialout" "cdrom" "input" ];
@@ -176,21 +158,13 @@ in
   virtualisation.virtualbox.host.enable = true;
   users.extraGroups.vboxusers.members = [ "spiollinux" ];
 
-  # wireshark noroot gropu
-  users.groups.wireshark.gid = 500;
-  security.wrappers.dumpcap = {
-    source = "${pkgs.wireshark}/bin/dumpcap";
-    permissions = "u+xs,g+x";
-    owner = "root";
-    group = "wireshark";
-  };
-
   programs.zsh =
     {
       enable = true;
       autosuggestions.enable = true;
     };
 
+  # profile sync daemon
   services.psd.enable = true;
 
   services.smartd =
diff --git a/nixos/hardware-configuration.nix b/nixos/hardware-configuration.nix
index 9ed069c..a745282 100644
--- a/nixos/hardware-configuration.nix
+++ b/nixos/hardware-configuration.nix
@@ -1,5 +1,9 @@
 { config, lib, pkgs, ... }:
 
+
+let
+  fsOptions = [ "noatime" "ssd" "space_cache" "compress=zstd" ];
+in
 {
   imports =
     [
@@ -16,10 +20,23 @@
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [];
 
+  # encrypted partitions
+  boot.initrd.luks =
+    {
+      devices =
+        {
+          "system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef";
+          "cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa";
+          "ssd2".device = "/dev/disk/by-uuid/cadd4e1f-3642-4faa-8d4e-37dd85465df1";
+        };
+      reusePassphrases = true;
+    };
+
   fileSystems."/" =
     {
       device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4";
       fsType = "btrfs";
+      options = fsOptions ++ [ "subvol=nixos_root" ];
     };
 
   fileSystems."/boot" =
@@ -33,8 +50,33 @@
     {
       device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4";
       fsType = "btrfs";
+      options = fsOptions ++ [ "subvol=home" ];
     };
 
+    fileSystems."/var/tmp" =
+      {
+        device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
+        fsType = "btrfs";
+        options = fsOptions ++ [ "subvol=vartmp" ];
+      };
+
+    fileSystems."/var/log" =
+      {
+        device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
+        fsType = "btrfs";
+        options = fsOptions ++ [ "subvol=varlog" ];
+      };
+
+    fileSystems."/var/cache" =
+      {
+        device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
+        fsType = "btrfs";
+        options = fsOptions ++ [ "subvol=varcache" ];
+      };
+
+    boot.tmpOnTmpfs = true;
+    fileSystems."/tmp".fsType = "tmpfs";
+
   swapDevices =
     [
       { device = "/dev/disk/by-uuid/bf928178-4e92-4e7e-8df2-18fbd658eecf"; }
diff --git a/nixos/packages.nix b/nixos/packages.nix
index aa8ea80..97ebe04 100644
--- a/nixos/packages.nix
+++ b/nixos/packages.nix
@@ -71,8 +71,8 @@
     #kmailtransport
     #kmbox
     #kmime
-    kontact
-    kontactinterface
+    #kontact
+    #kontactinterface
     #korganizer
     #kpimtextedit
     #libkdepim