diff --git a/configuration.nix b/configuration.nix
index 841ef65..ea9bf73 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -254,7 +254,14 @@ in
 
   # настройки Nix
   nixpkgs.config.allowUnfree = true;
-  nix.settings.auto-optimise-store = true;
+  nix.settings = {
+    substituters = [
+       "https://cache.nixos.org"
+       "http://10.0.174.12:5000"
+    ];
+    trusted-public-keys = ["kafpi.local:PttR9S1eDyint3v0LCp5zfBGG+xfxzQ+cxKAQARNpyw="];
+    auto-optimise-store = true;
+  };
   nix.extraOptions = ''
     experimental-features = nix-command flakes
   '';
@@ -304,9 +311,12 @@ in
         '')+"/uuid");
     enable = true;
     nssmdns4 = true;
+    openFirewall = true;
     publish = {
       enable = true;
       hinfo = true;
+      workstation = true;
+      domain = true;
       addresses = true;
     };
   };
@@ -320,7 +330,17 @@ in
   networking.nameservers = [ serverIP ];
   
   # каждый компьютер знает, что kafpi.local - это адрес нашего сервера
-  networking.hosts."${serverIP}" = [ "kafpi.local" ];
+  networking.hosts."${serverIP}" = [ "kafpi.local" "hydra.kafpi.local" ];
+  security.pki.certificateFiles = [
+    (builtins.fetchurl {
+       url = "http://10.0.174.12/server.crt";
+       sha256 = "sha256:0qx4acdhiciffvk1l7wkxyzapjwjy9zisq0mwyl727x97zrmi5ds";
+    })
+    (builtins.fetchurl {
+       url = "http://10.0.174.12/hydra.crt";
+       sha256 = "sha256:1l5cvsikb5dnf49ajjjmz50avfkxm28jy65vnb9xidlv5vapi1zp";
+    })
+  ];
   
   #### ЛОКАЛИЗАЦИЯ #####