diff --git a/.agenix_config.nix b/.agenix_config.nix
index 7b876a8..8f102d5 100644
Binary files a/.agenix_config.nix and b/.agenix_config.nix differ
diff --git a/machines/default.nix b/machines/default.nix
index fc67ab2..14886ff 100644
--- a/machines/default.nix
+++ b/machines/default.nix
@@ -9,6 +9,7 @@ in
 
     extraModules = [
       ../users/jan
+      ../users/nas
     ];
 
     extraHomeModule = { ... }: {
diff --git a/machines/home/default.nix b/machines/home/default.nix
index 5a0a827..e690b26 100644
--- a/machines/home/default.nix
+++ b/machines/home/default.nix
@@ -41,7 +41,8 @@
     networkmanager.enable = true;
   };
 
-  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "cnijfilter2" ];
+  local.nix.allowUnfreePackages = [ "cnijfilter2" ];
+
   services = {
     avahi = {
       enable = true;
diff --git a/machines/modules/nix.nix b/machines/modules/nix.nix
index bcb19fc..f239a3b 100644
--- a/machines/modules/nix.nix
+++ b/machines/modules/nix.nix
@@ -1,6 +1,9 @@
 { lib, config, ... }:
 
-let cfg = config.local.nix; in
+let
+  inherit (builtins) elem;
+  cfg = config.local.nix;
+in
 {
   options.local.nix = with lib; {
     enableMyRegistry = mkOption {
@@ -8,9 +11,17 @@ let cfg = config.local.nix; in
       default = false;
       description = "Enable my custom nix registry";
     };
+    allowUnfreePackages = mkOption {
+      type = types.listOf types.string;
+      default = [ ];
+    };
   };
 
   config = {
+    nixpkgs.config.allowUnfreePredicate = lib.mkIf
+      (cfg.allowUnfreePackages != [ ])
+      (pkg: elem (lib.getName pkg) cfg.allowUnfreePackages);
+
     nix = {
       settings = {
         auto-optimise-store = true;
diff --git a/notes/users.md b/notes/users.md
new file mode 100644
index 0000000..cc56988
--- /dev/null
+++ b/notes/users.md
@@ -0,0 +1,5 @@
+# How create a password
+
+```sh
+mkpasswd -m sha-512
+```
diff --git a/secrets/users-nas-passfile.age b/secrets/users-nas-passfile.age
new file mode 100644
index 0000000..50a9dfb
Binary files /dev/null and b/secrets/users-nas-passfile.age differ
diff --git a/users/nas/default.nix b/users/nas/default.nix
new file mode 100644
index 0000000..f36127b
--- /dev/null
+++ b/users/nas/default.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, lib, inputs, extraHomeModule ? null, ... }:
+
+{
+  nixpkgs.overlays = lib.mkAfter [
+    inputs.wired.overlays.default
+  ];
+
+  local.nix.allowUnfreePackages = [ "skypeforlinux" ];
+
+  programs.zsh.enable = true;
+
+  users.users.nas = {
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    passwordFile = config.age.secrets.users-nas-passfile.path;
+  };
+
+  home-manager.users.nas = { lib, ... }: {
+    imports = [
+      inputs.wired.homeManagerModules.default
+      ./home.nix
+      extraHomeModule
+    ];
+
+    home.stateVersion = config.system.stateVersion;
+  };
+
+  age.secrets.users-nas-passfile.file = ../../secrets/users-nas-passfile.age;
+}
diff --git a/users/nas/home.nix b/users/nas/home.nix
new file mode 100644
index 0000000..bdf3d11
--- /dev/null
+++ b/users/nas/home.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    ../modules/window_manager
+    ../modules/terminal.nix
+    ../modules/shell.nix
+
+    ../modules/notifications
+
+    ../modules/themes
+    ../modules/themes/catppuccin/frappe.nix
+  ];
+
+  xdg.enable = true;
+
+  home.keyboard = {
+    model = "pc105";
+    layout = "us,ru";
+    options = [ "grp:win_space_toggle" ];
+  };
+
+  home.packages = with pkgs; [
+    skypeforlinux
+    kotatogram-desktop
+    libreoffice
+    image-roll
+
+    # browser
+    (firefox.override {
+      extraNativeMessagingHosts = [ passff-host ];
+    })
+  ];
+}