diff --git a/tongfang/nixos/flake.lock b/tongfang/nixos/flake.lock
index d5e603d..2803852 100644
--- a/tongfang/nixos/flake.lock
+++ b/tongfang/nixos/flake.lock
@@ -14,11 +14,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1730200266,
-        "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
+        "lastModified": 1733940404,
+        "narHash": "sha256-Pj39hSoUA86ZePPF/UXiYHHM7hMIkios8TYG29kQT4g=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
+        "rev": "5d67ea6b4b63378b9c13be21e2ec9d1afc921713",
         "type": "github"
       },
       "original": {
@@ -39,11 +39,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1730432151,
-        "narHash": "sha256-2eQ6AIvqorTZuvLl6VQzFyuFMIMMp8qmzQkdGjozQwc=",
+        "lastModified": 1734232136,
+        "narHash": "sha256-rQd9jiPTGVchefiwJhx1xUlCLcnOCWQ7KlQ+Pkio9zU=",
         "owner": "0xc000022070",
         "repo": "zen-browser-flake",
-        "rev": "df7a5519a9c24419a56dd6903abcc72679978be6",
+        "rev": "6acd5e9515e0d53347b7883ac02ac7ab4bd03a2c",
         "type": "github"
       },
       "original": {
diff --git a/tongfang/nixos/users.nix b/tongfang/nixos/users.nix
index c2c7ddc..809111f 100644
--- a/tongfang/nixos/users.nix
+++ b/tongfang/nixos/users.nix
@@ -4,7 +4,7 @@
   users.users.bart = {
     isNormalUser = true;
     description = "Bart van der Braak";
-    extraGroups = [ "networkmanager" "wheel" "docker" ];
+    extraGroups = [ "networkmanager" "wheel" "libvirtd" "docker" ];
     packages = with pkgs; [
       vscodium
       thunderbird
@@ -18,12 +18,13 @@
       python3
       gnumake
       gccgo
-      _1password-gui
       # nodejs_22
       # corepack_22
       azure-cli
       sops
       blender
+      inkscape
+      gimp
       nixfmt-rfc-style
     ];
   };
@@ -36,6 +37,14 @@
     "electron-27.3.11"
   ];
 
+  programs._1password.enable = true;
+  programs._1password-gui = {
+    enable = true;
+    # Certain features, including CLI integration and system authentication support,
+    # require enabling PolKit integration on some desktop environments (e.g. Plasma).
+    polkitPolicyOwners = [ "bart" ];
+  };
+
   # SSH agent configuration
   programs.ssh.startAgent = true;
   programs.ssh.extraConfig = ''
@@ -49,6 +58,10 @@
   programs.gnupg.agent.enable = true;
   programs.gnupg.dirmngr.enable = true;
 
+  # Add KVM support
+  virtualisation.libvirtd.enable = true;
+  programs.virt-manager.enable = true;
+
   # Add Docker support
   virtualisation.docker.enable = true;
   virtualisation.docker.rootless = {