diff --git a/flake.lock b/flake.lock
index d11401b..e41b5f2 100644
--- a/flake.lock
+++ b/flake.lock
@@ -117,11 +117,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1693208669,
-        "narHash": "sha256-hHFaaUsZ860wvppPeiu7nJn/nXZjJfnqAQEu9SPFE9I=",
+        "lastModified": 1692099905,
+        "narHash": "sha256-/pSusGhmIdSdAaywQRFA5dVbfdIzlWQTecM+E46+cJ0=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c",
+        "rev": "2a6679aa9cc3872c29ba2a57fe1b71b3e3c5649f",
         "type": "github"
       },
       "original": {
@@ -174,11 +174,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1692952286,
-        "narHash": "sha256-TsrtPv3+Q1KR0avZxpiJH+b6fX/R/hEQVHbjl1ebotY=",
+        "lastModified": 1692373088,
+        "narHash": "sha256-EPgCecdc9I8aTdmDNoO1l7R72r2WPhZRcesV4nzxBj8=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "817e297fc3352fadc15f2c5306909aa9192d7d97",
+        "rev": "7f1836531b126cfcf584e7d7d71bf8758bb58969",
         "type": "github"
       },
       "original": {
@@ -190,11 +190,11 @@
     },
     "nixos-unstable": {
       "locked": {
-        "lastModified": 1693158576,
-        "narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=",
+        "lastModified": 1692447944,
+        "narHash": "sha256-fkJGNjEmTPvqBs215EQU4r9ivecV5Qge5cF/QDLVn3U=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a999c1cc0c9eb2095729d5aa03e0d8f7ed256780",
+        "rev": "d680ded26da5cf104dd2735a51e88d2d8f487b4d",
         "type": "github"
       },
       "original": {
@@ -238,11 +238,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1693183237,
-        "narHash": "sha256-c7OtyBkZ/vZE/WosBpRGRtkbWZjDHGJP7fg1FyB9Dsc=",
+        "lastModified": 1692525914,
+        "narHash": "sha256-MUgZ9/9mE/EbEQA6JPdcQHkjoR5fgvaKhpy6UO67uEc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ea5234e7073d5f44728c499192544a84244bf35a",
+        "rev": "475d5ae2c4cb87b904545bdb547af05681198fcc",
         "type": "github"
       },
       "original": {
@@ -254,11 +254,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1693241161,
-        "narHash": "sha256-MRJHIKBn2vhX6eslfyKj+H9nb2gj56k80OO8vE0Poy8=",
+        "lastModified": 1692698578,
+        "narHash": "sha256-sNiNKomooOWb19XXIcDcJoXmhlBAseYNfgV7UC1dO+0=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "931c534a5d7ee0cf576c1e114cfef7d4f53212c8",
+        "rev": "005dbfacdbf783079ea727d3fc4c09d715224cd2",
         "type": "github"
       },
       "original": {
diff --git a/home/home.nix b/home/home.nix
index bf84f77..428805e 100644
--- a/home/home.nix
+++ b/home/home.nix
@@ -30,6 +30,8 @@ let
     (tor-browser-bundle-bin.override {
       mediaSupport = true;
       pulseaudioSupport = true;
+      # prevent segfault on Intel graphics systems
+      useHardenedMalloc = false;
     })
     pdfpc
     quaternion
diff --git a/nixos/configuration.nix b/nixos/configuration.nix
index 20c09c3..f6c8c3b 100644
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -14,8 +14,7 @@ in
     [
       # Include the results of the hardware scan.
       ./hardware-configuration.nix
-      ./modules/packages.nix
-      ./modules/nitrokey.nix
+      ./packages.nix
     ];
 
   services.davfs2.enable = true;
@@ -46,16 +45,16 @@ in
   environment.systemPackages = [
     pkgs.sbctl
   ];
-  # Lanzaboote currently replaces the systemd-boot module.
-  # This setting is usually set to true in configuration.nix
-  # generated at installation time. So we force it to false
-  # for now.
-  boot.loader.systemd-boot.enable = lib.mkForce false;
+   # Lanzaboote currently replaces the systemd-boot module.
+   # This setting is usually set to true in configuration.nix
+   # generated at installation time. So we force it to false
+   # for now.
+   boot.loader.systemd-boot.enable = lib.mkForce false;
 
-  boot.lanzaboote = {
-    enable = true;
-    pkiBundle = "/etc/secureboot";
-  };
+   boot.lanzaboote = {
+     enable = true;
+     pkiBundle = "/etc/secureboot";
+   };
 
   # make the boot look good
   boot.plymouth.enable = true;
@@ -144,6 +143,8 @@ in
     package = pkgs.pulseaudioFull;
   };
 
+  # Nitrokey support
+  services.udev.packages = [ pkgs.nitrokey-udev-rules ];
 
   # Enable the X11 windowing system.
   services.xserver.enable = true;
diff --git a/nixos/modules/nitrokey.nix b/nixos/modules/nitrokey.nix
deleted file mode 100644
index dc6ed75..0000000
--- a/nixos/modules/nitrokey.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ pkgs, lib, ...}:
-{
-hardware.nitrokey.enable = true;
-environment.systemPackages = [ pkgs.pynitrokey ];
-nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
-   "nrfutil"
-   "pc-ble-driver-py"
-   "pc-ble-driver"
-   "pypemicro"
-];
-}
diff --git a/nixos/modules/packages.nix b/nixos/packages.nix
similarity index 100%
rename from nixos/modules/packages.nix
rename to nixos/packages.nix