feat: refactor, hyprland - greet with autologin

home/linux/hyprland/default.nix

@@ -1,4 +1,7 @@
 {
+  lib,
+  pkgs,
+  hyprland,
   catppuccin-hyprland,
   ...
 }: {
@@ -7,12 +10,35 @@
     ./wayland-apps.nix
   ];
 
-  # hyprland configs, based on https://github.com/notwidow/hyprland
-  xdg.configFile."hypr" = {
-    source = ./hypr-conf;
-    recursive = true;
+  # NOTE:
+  #   (Required) NixOS Module: enables critical components needed to run Hyprland properly
+  #   (Optional) Home-manager module: lets you declaratively configure Hyprland
+  wayland.windowManager.hyprland = {
+    enable = true;
+    package = hyprland.packages.${pkgs.system}.hyprland;
+    settings = lib.mkForce {};
+    extraConfig = builtins.readFile ./hypr-conf/hyprland.conf;
+    # programs.grammastep need this to be enabled.
+    systemd.enable = true;
   };
 
+  # hyprland configs, based on https://github.com/notwidow/hyprland
+  xdg.configFile."hypr/mako" = {
+    source = ./hypr-conf/mako;
+    recursive = true;
+  };
+  xdg.configFile."hypr/scripts" = {
+    source = ./hypr-conf/scripts;
+    recursive = true;
+  };
+  xdg.configFile."hypr/waybar" = {
+    source = ./hypr-conf/waybar;
+    recursive = true;
+  };
+  xdg.configFile."hypr/wlogout" = {
+    source = ./hypr-conf/wlogout;
+    recursive = true;
+  };
   xdg.configFile."hypr/themes" = {
     source = "${catppuccin-hyprland}/themes";
     recursive = true;

hosts/12kingdoms/suzu/default.nix

@@ -20,9 +20,7 @@
     # import the rk3588 module, which contains the configuration for bootloader/kernel/firmware
     (nixos-rk3588 + "/modules/boards/orangepi5.nix")
 
-    # core-riscv64 only the core packages, it's suitable for aarch64 too.
-    ../../../modules/nixos/core-riscv64.nix
-    ../../../modules/nixos/user-group.nix
+    ../../../modules/nixos/server-riscv64.nix
   ];
 
   users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys;

hosts/idols/ai/default.nix

@@ -13,12 +13,6 @@
     ./impermanence.nix
     ./secureboot.nix
 
-    # ../../../modules/nixos/fhs-fonts.nix
-    ../../../modules/nixos/libvirt.nix
-    ../../../modules/nixos/core-desktop.nix
-    ../../../modules/nixos/remote-building.nix
-    ../../../modules/nixos/user-group.nix
-
     ../../../secrets/nixos.nix
   ];
 
@@ -60,8 +54,8 @@
     # Optionally, you may need to select the appropriate driver version for your specific GPU.
     # package = config.boot.kernelPackages.nvidiaPackages.stable;
 
-    modesetting.enable = false;
-
+    # required by most wayland compositors!
+    modesetting.enable = true;
     powerManagement.enable = true;
   };
   virtualisation.docker.enableNvidia = true; # for nvidia-docker

hosts/idols/ai/impermanence.nix

@@ -43,7 +43,7 @@
       "/var/log"
       "/var/lib"
 
-      # created by modules/nixos/fhs-fonts.nix
+      # created by modules/nixos/misc/fhs-fonts.nix
       # for flatpak apps
       # "/usr/share/fonts"
       # "/usr/share/icons"

hosts/idols/aquamarine/default.nix

@@ -8,8 +8,7 @@
   imports = [
     ../../../modules/nixos/proxmox-hardware-configuration.nix
 
-    ../../../modules/nixos/core-server.nix
-    ../../../modules/nixos/user-group.nix
+    ../../../modules/nixos/server.nix
   ];
 
   nixpkgs.overlays = import ../../../overlays args;

hosts/idols/kana/default.nix

@@ -8,8 +8,7 @@
   imports = [
     ../../../modules/nixos/proxmox-hardware-configuration.nix
 
-    ../../../modules/nixos/core-server.nix
-    ../../../modules/nixos/user-group.nix
+    ../../../modules/nixos/server.nix
   ];
 
   nixpkgs.overlays = import ../../../overlays args;

hosts/idols/ruby/default.nix

@@ -8,8 +8,7 @@
   imports = [
     ../../../modules/nixos/proxmox-hardware-configuration.nix
 
-    ../../../modules/nixos/core-server.nix
-    ../../../modules/nixos/user-group.nix
+    ../../../modules/nixos/server.nix
   ];
 
   nixpkgs.overlays = import ../../../overlays args;

hosts/rolling_girls/chiaya/default.nix

@@ -22,8 +22,7 @@
 
     # TODO
 
-    ../../../modules/nixos/core-riscv64.nix
-    ../../../modules/nixos/user-group.nix
+    ../../../modules/nixos/server-riscv64.nix
   ];
 
   users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys;

hosts/rolling_girls/nozomi/default.nix

@@ -23,8 +23,7 @@
     # import the sd-image module, which contains the fileSystems & kernel parameters for booting from sd card.
     (nixos-licheepi4a + "/modules/sd-image/sd-image-lp4a.nix")
 
-    ../../../modules/nixos/core-riscv64.nix
-    ../../../modules/nixos/user-group.nix
+    ../../../modules/nixos/server-riscv64.nix
   ];
 
   users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys;

hosts/rolling_girls/yukina/default.nix

@@ -23,8 +23,7 @@
     # import the sd-image module, which contains the fileSystems & kernel parameters for booting from sd card.
     (nixos-licheepi4a + "/modules/sd-image/sd-image-lp4a.nix")
 
-    ../../../modules/nixos/core-riscv64.nix
-    ../../../modules/nixos/user-group.nix
+    ../../../modules/nixos/server-riscv64.nix
   ];
 
   users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys;

modules/darwin/default.nix

@@ -1,6 +1,6 @@
 {
   imports = [
-    ../common.nix
+    ../base.nix
     ./nix-core.nix
 
     ./apps.nix

modules/nixos/base/i18n.nix

@@ -0,0 +1,19 @@
+{
+  # Set your time zone.
+  time.timeZone = "Asia/Shanghai";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "zh_CN.UTF-8";
+    LC_IDENTIFICATION = "zh_CN.UTF-8";
+    LC_MEASUREMENT = "zh_CN.UTF-8";
+    LC_MONETARY = "zh_CN.UTF-8";
+    LC_NAME = "zh_CN.UTF-8";
+    LC_NUMERIC = "zh_CN.UTF-8";
+    LC_PAPER = "zh_CN.UTF-8";
+    LC_TELEPHONE = "zh_CN.UTF-8";
+    LC_TIME = "zh_CN.UTF-8";
+  };
+}

modules/nixos/base/misc.nix

@@ -9,9 +9,8 @@
   #
   ###################################################################################
 
-  imports = [
-    ../common.nix
-  ];
+  # to install chrome, you need to enable unfree packages
+  nixpkgs.config.allowUnfree = true;
 
   # for nix server, we do not need to keep too much generations
   boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
@@ -20,39 +19,6 @@
   # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store
   nix.settings.auto-optimise-store = true;
 
-  # Set your time zone.
-  time.timeZone = "Asia/Shanghai";
-
-  # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.UTF-8";
-
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "zh_CN.UTF-8";
-    LC_IDENTIFICATION = "zh_CN.UTF-8";
-    LC_MEASUREMENT = "zh_CN.UTF-8";
-    LC_MONETARY = "zh_CN.UTF-8";
-    LC_NAME = "zh_CN.UTF-8";
-    LC_NUMERIC = "zh_CN.UTF-8";
-    LC_PAPER = "zh_CN.UTF-8";
-    LC_TELEPHONE = "zh_CN.UTF-8";
-    LC_TIME = "zh_CN.UTF-8";
-  };
-
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  networking.firewall.enable = lib.mkDefault false;
-
-  # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    settings = {
-      X11Forwarding = true;
-      PermitRootLogin = "no"; # disable root login
-      PasswordAuthentication = false; # disable password login
-    };
-    openFirewall = true;
-  };
   # for power management
   services = {
     power-profiles-daemon = {
@@ -64,6 +30,8 @@
   # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [
+    parted
+    psmisc # killall/pstree/prtstat/fuser/...
     neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
     wget
     curl
@@ -89,17 +57,4 @@
 
   # replace default editor with neovim
   environment.variables.EDITOR = "nvim";
-
-  virtualisation.docker = {
-    enable = true;
-    daemon.settings = {
-      # enables pulling using containerd, which supports restarting from a partial pull
-      # https://docs.docker.com/storage/containerd/
-      "features" =  {"containerd-snapshotter" =  true; };
-    };
-
-    # start dockerd on boot.
-    # This is required for containers which are created with the `--restart=always` flag to work.
-    enableOnBoot = true;
-  };
 }

modules/nixos/base/networking.nix

@@ -0,0 +1,17 @@
+{lib, ...}: {
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = lib.mkDefault false;
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    settings = {
+      X11Forwarding = true;
+      PermitRootLogin = "no"; # disable root login
+      PasswordAuthentication = false; # disable password login
+    };
+    openFirewall = true;
+  };
+}

modules/nixos/base/visualisation.nix

@@ -0,0 +1,25 @@
+{pkgs, ...}: {
+  ###################################################################################
+  #
+  #  Visualisation - Libvirt(QEMU/KVM) / Docker / LXD / WayDroid
+  #
+  ###################################################################################
+
+  virtualisation = {
+    docker = {
+      enable = true;
+      daemon.settings = {
+        # enables pulling using containerd, which supports restarting from a partial pull
+        # https://docs.docker.com/storage/containerd/
+        "features" = {"containerd-snapshotter" = true;};
+      };
+
+      # start dockerd on boot.
+      # This is required for containers which are created with the `--restart=always` flag to work.
+      enableOnBoot = true;
+    };
+
+    waydroid.enable = true;
+    lxd.enable = true;
+  };
+}

modules/nixos/core-desktop.nix

@@ -1,229 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  pkgs-unstable,
-  ...
-}: {
-  ###################################################################################
-  #
-  #  NixOS's core configuration suitable for my desktop computer
-  #
-  ###################################################################################
-
-  imports = [
-    ./core-server.nix
-  ];
-
-  # to install chrome, you need to enable unfree packages
-  nixpkgs.config.allowUnfree = lib.mkForce true;
-
-  # add user's shell into /etc/shells
-  environment.shells = with pkgs; [
-    bash
-    nushell
-  ];
-  # set user's default shell system-wide
-  users.defaultUserShell = pkgs.nushell;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    parted
-    ventoy
-    gnumake
-
-    psmisc  # killall/pstree/prtstat/fuser/...
-    colmena  # nixos's remote deployment tool
-    pulseaudio  # provides `pactl`, which is required by some apps(e.g. sonic-pi)
-  ];
-
-  programs = {
-    # android development tools, this will install adb/fastboot and other android tools and udev rules
-    # see https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/programs/adb.nix
-    adb.enable = true;
-    # The OpenSSH agent remembers private keys for you
-    # so that you don’t have to type in passphrases every time you make an SSH connection.
-    # Use `ssh-add` to add a key to the agent.
-    ssh.startAgent = true;
-    # dconf is a low-level configuration system.
-    dconf.enable = true;
-  };
-
-  # A key remapping daemon for linux.
-  # https://github.com/rvaiya/keyd
-  services.keyd = {
-    enable = true;
-    keyboards = {
-      default = {
-        settings = {
-          main = {
-            # overloads the capslock key to function as both escape (when tapped) and control (when held)
-            capslock = "overload(control, esc)";
-          };
-        };
-      };
-    };
-  };
-
-  # PipeWire is a new low-level multimedia framework.
-  # It aims to offer capture and playback for both audio and video with minimal latency.
-  # It support for PulseAudio-, JACK-, ALSA- and GStreamer-based applications.
-  # PipeWire has a great bluetooth support, it can be a good alternative to PulseAudio.
-  #     https://nixos.wiki/wiki/PipeWire
-  services.pipewire = {
-    enable = true;
-    # package = pkgs-unstable.pipewire;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-    # If you want to use JACK applications, uncomment this
-    jack.enable = true;
-    wireplumber.enable = true;
-  };
-  # rtkit is optional but recommended
-  security.rtkit.enable = true;
-  # Remove sound.enable or turn it off if you had it set previously, it seems to cause conflicts with pipewire
-  sound.enable = false;
-  # Disable pulseaudio, it conflicts with pipewire too.
-  hardware.pulseaudio.enable = false;
-
-  # enable bluetooth & gui paring tools - blueman
-  # or you can use cli:
-  # $ bluetoothctl
-  # [bluetooth] # power on
-  # [bluetooth] # agent on
-  # [bluetooth] # default-agent
-  # [bluetooth] # scan on
-  # ...put device in pairing mode and wait [hex-address] to appear here...
-  # [bluetooth] # pair [hex-address]
-  # [bluetooth] # connect [hex-address]
-  # Bluetooth devices automatically connect with bluetoothctl as well:
-  # [bluetooth] # trust [hex-address]
-  hardware.bluetooth.enable = true;
-  services.blueman.enable = true;
-
-  # security with polkit
-  services.power-profiles-daemon = {
-    enable = true;
-  };
-  security.polkit.enable = true;
-  # security with gnome-kering
-  services.gnome.gnome-keyring.enable = true;
-  security.pam.services.greetd.enableGnomeKeyring = true;
-  
-  services = {
-    # Enable CUPS to print documents.
-    printing.enable = true;
-
-    # https://flatpak.org/setup/NixOS
-    flatpak.enable = false;
-
-    dbus.packages = [pkgs.gcr];
-    geoclue2.enable = true;
-
-    udev.packages = with pkgs; [
-      gnome.gnome-settings-daemon
-      platformio # udev rules for platformio
-      openocd # required by paltformio, see https://github.com/NixOS/nixpkgs/issues/224895
-      android-udev-rules
-      openfpgaloader
-    ];
-  };
-
-
-  xdg.portal = {
-    enable = true;
-
-    config = {
-      common = {
-        # Use xdg-desktop-portal-gtk for every portal interface...
-        default = [
-          "gtk"
-        ];
-        # except for the secret portal, which is handled by gnome-keyring
-        "org.freedesktop.impl.portal.Secret" = [
-          "gnome-keyring"
-        ];
-      };
-    };
-
-    # Sets environment variable NIXOS_XDG_OPEN_USE_PORTAL to 1
-    # This will make xdg-open use the portal to open programs,
-    # which resolves bugs involving programs opening inside FHS envs or with unexpected env vars set from wrappers.
-    # xdg-open is used by almost all programs to open a unknown file/uri
-    # alacritty as an example, it use xdg-open as default, but you can also custom this behavior
-    # and vscode has open like `External Uri Openers`
-    xdgOpenUsePortal = false;
-    extraPortals = with pkgs; [
-      xdg-desktop-portal-gtk # for gtk
-      # xdg-desktop-portal-kde  # for kde
-    ];
-  };
-
-  # all fonts are linked to /nix/var/nix/profiles/system/sw/share/X11/fonts
-  fonts = {
-    # use fonts specified by user rather than default ones
-    enableDefaultPackages = false;
-    fontDir.enable = true;
-
-    packages = with pkgs; [
-      # icon fonts
-      material-design-icons
-      font-awesome
-
-      # Noto 系列字体是 Google 主导的，名字的含义是「没有豆腐」（no tofu），因为缺字时显示的方框或者方框被叫作 tofu
-      # Noto 系列字族名只支持英文，命名规则是 Noto + Sans 或 Serif + 文字名称。
-      # 其中汉字部分叫 Noto Sans/Serif CJK SC/TC/HK/JP/KR，最后一个词是地区变种。
-      noto-fonts # 大部分文字的常见样式，不包含汉字
-      noto-fonts-cjk # 汉字部分
-      noto-fonts-emoji # 彩色的表情符号字体
-      noto-fonts-extra # 提供额外的字重和宽度变种
-
-      # 思源系列字体是 Adobe 主导的。其中汉字部分被称为「思源黑体」和「思源宋体」，是由 Adobe + Google 共同开发的
-      source-sans # 无衬线字体，不含汉字。字族名叫 Source Sans 3 和 Source Sans Pro，以及带字重的变体，加上 Source Sans 3 VF
-      source-serif # 衬线字体，不含汉字。字族名叫 Source Code Pro，以及带字重的变体
-      source-han-sans # 思源黑体
-      source-han-serif # 思源宋体
-
-      # nerdfonts
-      (nerdfonts.override {
-        fonts = [
-          "FiraCode"
-          "JetBrainsMono"
-          "Iosevka"
-        ];
-      })
-
-      (pkgs.callPackage ../../fonts/icomoon-feather-icon-font.nix {})
-    ];
-
-    # user defined fonts
-    # the reason there's Noto Color Emoji everywhere is to override DejaVu's
-    # B&W emojis that would sometimes show instead of some Color emojis
-    fontconfig.defaultFonts = {
-      serif = ["Noto Serif CJK SC" "Noto Serif CJK TC" "Noto Serif CJK JP" "Noto Color Emoji"];
-      sansSerif = ["Noto Sans CJK SC" "Noto Sans CJK TC" "Noto Sans CJK JP" "Noto Color Emoji"];
-      monospace = ["JetBrainsMono Nerd Font" "Noto Color Emoji"];
-      emoji = ["Noto Color Emoji"];
-    };
-  };
-
-  services.kmscon = {
-    # Use kmscon as the virtual console instead of gettys. 
-    # kmscon is a kms/dri-based userspace virtual terminal implementation. 
-    # It supports a richer feature set than the standard linux console VT, 
-    # including full unicode support, and when the video card supports drm should be much faster.
-    enable = true;
-    fonts = [ { name = "Source Code Pro"; package = pkgs.source-code-pro; } ];
-    extraOptions = "--term xterm-256color";
-    extraConfig = "font-size=12";
-    # Whether to use 3D hardware acceleration to render the console.
-    hwRender = true;
-  };
-
-  environment.variables = {
-    # fix https://github.com/NixOS/nixpkgs/issues/238025
-    TZ = "${config.time.timeZone}";
-  };
-}

modules/nixos/desktop/default.nix

@@ -0,0 +1,10 @@
+{
+  imports = [
+    ./fonts.nix
+    ./graphic.nix
+    ./misc.nix
+    ./peripherals.nix
+    ./security.nix
+    ./visualisation.nix
+  ];
+}

modules/nixos/desktop/fonts.nix

@@ -0,0 +1,69 @@
+{pkgs, ...}: {
+  # all fonts are linked to /nix/var/nix/profiles/system/sw/share/X11/fonts
+  fonts = {
+    # use fonts specified by user rather than default ones
+    enableDefaultPackages = false;
+    fontDir.enable = true;
+
+    packages = with pkgs; [
+      # icon fonts
+      material-design-icons
+      font-awesome
+
+      # Noto 系列字体是 Google 主导的，名字的含义是「没有豆腐」（no tofu），因为缺字时显示的方框或者方框被叫作 tofu
+      # Noto 系列字族名只支持英文，命名规则是 Noto + Sans 或 Serif + 文字名称。
+      # 其中汉字部分叫 Noto Sans/Serif CJK SC/TC/HK/JP/KR，最后一个词是地区变种。
+      noto-fonts # 大部分文字的常见样式，不包含汉字
+      noto-fonts-cjk # 汉字部分
+      noto-fonts-emoji # 彩色的表情符号字体
+      noto-fonts-extra # 提供额外的字重和宽度变种
+
+      # 思源系列字体是 Adobe 主导的。其中汉字部分被称为「思源黑体」和「思源宋体」，是由 Adobe + Google 共同开发的
+      source-sans # 无衬线字体，不含汉字。字族名叫 Source Sans 3 和 Source Sans Pro，以及带字重的变体，加上 Source Sans 3 VF
+      source-serif # 衬线字体，不含汉字。字族名叫 Source Code Pro，以及带字重的变体
+      source-han-sans # 思源黑体
+      source-han-serif # 思源宋体
+
+      # nerdfonts
+      (nerdfonts.override {
+        fonts = [
+          "FiraCode"
+          "JetBrainsMono"
+          "Iosevka"
+        ];
+      })
+
+      # added by my custom overlays, custom icon font for hyprland/i3's tray/bar
+      icomoon-feather-icon-font
+    ];
+
+    # user defined fonts
+    # the reason there's Noto Color Emoji everywhere is to override DejaVu's
+    # B&W emojis that would sometimes show instead of some Color emojis
+    fontconfig.defaultFonts = {
+      serif = ["Noto Serif CJK SC" "Noto Serif CJK TC" "Noto Serif CJK JP" "Noto Color Emoji"];
+      sansSerif = ["Noto Sans CJK SC" "Noto Sans CJK TC" "Noto Sans CJK JP" "Noto Color Emoji"];
+      monospace = ["JetBrainsMono Nerd Font" "Noto Color Emoji"];
+      emoji = ["Noto Color Emoji"];
+    };
+  };
+
+  # https://wiki.archlinux.org/title/KMSCON
+  services.kmscon = {
+    # Use kmscon as the virtual console instead of gettys.
+    # kmscon is a kms/dri-based userspace virtual terminal implementation.
+    # It supports a richer feature set than the standard linux console VT,
+    # including full unicode support, and when the video card supports drm should be much faster.
+    enable = true;
+    fonts = [
+      {
+        name = "Source Code Pro";
+        package = pkgs.source-code-pro;
+      }
+    ];
+    extraOptions = "--term xterm-256color";
+    extraConfig = "font-size=12";
+    # Whether to use 3D hardware acceleration to render the console.
+    hwRender = true;
+  };
+}

modules/nixos/desktop/graphic.nix

@@ -0,0 +1,30 @@
+{pkgs, ...}: {
+  xdg.portal = {
+    enable = true;
+
+    config = {
+      common = {
+        # Use xdg-desktop-portal-gtk for every portal interface...
+        default = [
+          "gtk"
+        ];
+        # except for the secret portal, which is handled by gnome-keyring
+        "org.freedesktop.impl.portal.Secret" = [
+          "gnome-keyring"
+        ];
+      };
+    };
+
+    # Sets environment variable NIXOS_XDG_OPEN_USE_PORTAL to 1
+    # This will make xdg-open use the portal to open programs,
+    # which resolves bugs involving programs opening inside FHS envs or with unexpected env vars set from wrappers.
+    # xdg-open is used by almost all programs to open a unknown file/uri
+    # alacritty as an example, it use xdg-open as default, but you can also custom this behavior
+    # and vscode has open like `External Uri Openers`
+    xdgOpenUsePortal = false;
+    extraPortals = with pkgs; [
+      xdg-desktop-portal-gtk # for gtk
+      # xdg-desktop-portal-kde  # for kde
+    ];
+  };
+}

modules/nixos/desktop/misc.nix

@@ -0,0 +1,51 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  # add user's shell into /etc/shells
+  environment.shells = with pkgs; [
+    bash
+    nushell
+  ];
+  # set user's default shell system-wide
+  users.defaultUserShell = pkgs.nushell;
+
+  environment.variables = {
+    # fix https://github.com/NixOS/nixpkgs/issues/238025
+    TZ = "${config.time.timeZone}";
+  };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    ventoy
+    gnumake
+
+    colmena # nixos's remote deployment tool
+  ];
+
+  services = {
+    gvfs.enable = true; # Mount, trash, and other functionalities
+    tumbler.enable = true; # Thumbnail support for images
+  };
+
+  programs = {
+    # The OpenSSH agent remembers private keys for you
+    # so that you don’t have to type in passphrases every time you make an SSH connection.
+    # Use `ssh-add` to add a key to the agent.
+    ssh.startAgent = true;
+    # dconf is a low-level configuration system.
+    dconf.enable = true;
+
+    # thunar file manager(part of xfce) related options
+    thunar = {
+      enable = true;
+      plugins = with pkgs.xfce; [
+        thunar-archive-plugin
+        thunar-volman
+      ];
+    };
+  };
+}

modules/nixos/desktop/peripherals.nix

@@ -0,0 +1,75 @@
+{pkgs, ...}: {
+  #============================= Audio(PipeWire) =======================
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    pulseaudio # provides `pactl`, which is required by some apps(e.g. sonic-pi)
+  ];
+
+  # PipeWire is a new low-level multimedia framework.
+  # It aims to offer capture and playback for both audio and video with minimal latency.
+  # It support for PulseAudio-, JACK-, ALSA- and GStreamer-based applications.
+  # PipeWire has a great bluetooth support, it can be a good alternative to PulseAudio.
+  #     https://nixos.wiki/wiki/PipeWire
+  services.pipewire = {
+    enable = true;
+    # package = pkgs-unstable.pipewire;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    jack.enable = true;
+    wireplumber.enable = true;
+  };
+  # rtkit is optional but recommended
+  security.rtkit.enable = true;
+  # Remove sound.enable or turn it off if you had it set previously, it seems to cause conflicts with pipewire
+  sound.enable = false;
+  # Disable pulseaudio, it conflicts with pipewire too.
+  hardware.pulseaudio.enable = false;
+
+  #============================= Bluetooth =============================
+
+  # enable bluetooth & gui paring tools - blueman
+  # or you can use cli:
+  # $ bluetoothctl
+  # [bluetooth] # power on
+  # [bluetooth] # agent on
+  # [bluetooth] # default-agent
+  # [bluetooth] # scan on
+  # ...put device in pairing mode and wait [hex-address] to appear here...
+  # [bluetooth] # pair [hex-address]
+  # [bluetooth] # connect [hex-address]
+  # Bluetooth devices automatically connect with bluetoothctl as well:
+  # [bluetooth] # trust [hex-address]
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true;
+
+  #================================= Misc =================================
+
+  services = {
+    printing.enable = true; # Enable CUPS to print documents.
+    geoclue2.enable = true; # Enable geolocation services.
+
+    udev.packages = with pkgs; [
+      gnome.gnome-settings-daemon
+      platformio # udev rules for platformio
+      openocd # required by paltformio, see https://github.com/NixOS/nixpkgs/issues/224895
+      android-udev-rules # required by adb
+      openfpgaloader
+    ];
+
+    # A key remapping daemon for linux.
+    # https://github.com/rvaiya/keyd
+    keyd = {
+      enable = true;
+      keyboards.default.settings = {
+        main = {
+          # overloads the capslock key to function as both escape (when tapped) and control (when held)
+          capslock = "overload(control, esc)";
+        };
+      };
+    };
+  };
+}

modules/nixos/desktop/security.nix

@@ -0,0 +1,10 @@
+{
+  # security with polkit
+  services.power-profiles-daemon = {
+    enable = true;
+  };
+  security.polkit.enable = true;
+  # security with gnome-kering
+  services.gnome.gnome-keyring.enable = true;
+  security.pam.services.greetd.enableGnomeKeyring = true;
+}

modules/nixos/desktop/visualisation.nix

@@ -1,14 +1,15 @@
-{
-  lib,
-  pkgs,
-  ...
-}: {
+{pkgs, ...}: {
   ###################################################################################
   #
-  #  Enable Libvirt(QEMU/KVM), install qemu-system-riscv64/qemu-system-loongarch64/...)
+  #  Visualisation - Libvirt(QEMU/KVM) / Docker / LXD / WayDroid
   #
   ###################################################################################
 
+  boot.kernelModules = ["kvm-amd" "kvm-intel" "vfio-pci"];
+  # Enable nested virsualization, required by security containers and nested vm.
+  boot.extraModprobeConfig = "options kvm_intel nested=1"; # for intel cpu
+  # boot.extraModprobeConfig = "options kvm_amd nested=1";  # for amd cpu
+
   virtualisation = {
     libvirtd = {
       enable = true;
@@ -16,8 +17,10 @@
       # To fix these, manually change ownership of affected files in /var/lib/libvirt/qemu to qemu-libvirtd.
       qemu.runAsRoot = true;
     };
+    waydroid.enable = true;
+    lxd.enable = true;
   };
-  programs.dconf.enable = true;
+
   environment.systemPackages = with pkgs; [
     # Need to add [File (in the menu bar) -> Add connection] when start for the first time
     virt-manager
@@ -37,14 +40,4 @@
     #   ......
     qemu_full
   ];
-
-  boot.kernelModules = ["kvm-amd" "kvm-intel" "vfio-pci"];
-  # Enable nested virsualization, required by security containers and nested vm.
-  boot.extraModprobeConfig = "options kvm_intel nested=1"; # for intel cpu
-  # boot.extraModprobeConfig = "options kvm_amd nested=1";  # for amd cpu
-
-  virtualisation = {
-    waydroid.enable = true;
-    lxd.enable = true;
-  };
 }

modules/nixos/hyprland.nix

@@ -1,4 +1,4 @@
-{pkgs, hyprland, ...}: {
+{pkgs, ...}: {
   ##########################################################################################################
   #
   #  NixOS's Configuration for Wayland based Window Manager
@@ -7,6 +7,18 @@
   #
   ##########################################################################################################
 
+  imports = [
+    ./base/i18n.nix
+    ./base/misc.nix
+    ./base/networking.nix
+    ./base/remote-building.nix
+    ./base/user-group.nix
+    ./base/visualisation.nix
+
+    ./desktop
+    ../base.nix
+  ];
+
   xdg.portal = {
     enable = true;
     wlr.enable = true;
@@ -15,48 +27,21 @@
     ];
   };
 
-  environment.pathsToLink = ["/libexec"]; # links /libexec from derivations to /run/current-system/sw
   services = {
-    gvfs.enable = true; # Mount, trash, and other functionalities
-    tumbler.enable = true; # Thumbnail support for images
-    xserver = {
+    xserver.enable = false;
+    # https://wiki.archlinux.org/title/Greetd
+    greetd = {
       enable = true;
-
-      desktopManager = {
-        xterm.enable = false;
-      };
-
-      displayManager = {
-        defaultSession = "hyprland";
-        lightdm.enable = false;
-        gdm = {
-          enable = true;
-          wayland = true;
+      settings = {
+        default_session = {
+           user = "ryan";  # Hyprland is installed only for user ryan via home-manager!
+           command = "Hyprland";  # start Hyprland directly without a login manager
+           # command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd Hyprland";  # start Hyprland with a TUI login manager
         };
       };
     };
   };
 
-  programs = {
-    hyprland = {
-      enable = true;
-      package = hyprland.packages.${pkgs.system}.hyprland.override {
-        enableXWayland = true; # whether to enable XWayland
-        legacyRenderer = false; # whether to use the legacy renderer (for old GPUs)
-        withSystemd = true; # whether to build with systemd support
-      };
-    };
-
-    # thunar file manager(part of xfce) related options
-    thunar = {
-      enable = true;
-      plugins = with pkgs.xfce; [
-        thunar-archive-plugin
-        thunar-volman
-      ];
-    };
-  };
-
   # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [

modules/nixos/i3.nix

@@ -5,31 +5,25 @@
   #
   ####################################################################
 
-  programs = {
-    # thunar file manager(part of xfce) related options
-    thunar = {
-      enable = true;
-      plugins = with pkgs.xfce; [
-        thunar-archive-plugin
-        thunar-volman
-      ];
-    };
-  };
+  imports = [
+    ./base/i18n.nix
+    ./base/misc.nix
+    ./base/networking.nix
+    ./base/remote-building.nix
+    ./base/user-group.nix
+    ./base/visualisation.nix
+
+    ./desktop
+    ../base.nix
+  ];
 
   # i3 related options
   services = {
     gvfs.enable = true; # Mount, trash, and other functionalities
     tumbler.enable = true; # Thumbnail support for images
+
     xserver = {
       enable = true;
-
-      # Configure keymap in X11
-      xkb.layout = "us";
-
-      desktopManager = {
-        xterm.enable = false;
-      };
-
       displayManager = {
         lightdm.enable = true;
         autoLogin = {
@@ -38,6 +32,8 @@
         };
         defaultSession = "none+i3";
       };
+      # Configure keymap in X11
+      xkb.layout = "us";
 
       windowManager.i3 = {
         enable = true;

modules/nixos/server-riscv64.nix

@@ -1,4 +1,4 @@
-{config, pkgs, nixpkgs, ...}: {
+{pkgs, ...}: {
 
   # =========================================================================
   #      Base NixOS Configuration

modules/nixos/server.nix

@@ -0,0 +1,13 @@
+{
+  imports = [
+    ./base/i18n.nix
+    ./base/misc.nix
+    ./base/networking.nix
+    ./base/peripherals.nix
+    ./base/remote-building.nix
+    ./base/user-group.nix
+    ./base/visualisation.nix
+
+    ../base.nix
+  ];
+}

overlays/fonts/default.nix

@@ -0,0 +1,3 @@
+{...}: (self: super: {
+  icomoon-feather-icon-font = super.callPackage ./icomoon-feather-icon-font.nix {};
+})

overlays/fonts/icomoon-feather-icon-font.nix

@@ -4,7 +4,7 @@
   fetchgit,
 }:
 stdenvNoCC.mkDerivation rec {
-  pname = "icomoon-feather-font";
+  pname = "icomoon-feather-icon-font";
   version = "2023-05-06";
 
   # 参考 https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=ttf-icomoon-feather