feat: noctalia - use directory for configuration instead of single file (#243)

Flake lock file updates:

• Updated input 'nixpkgs-master':
    'github:nixos/nixpkgs/2fd271ae7a341a2b2f3728f9d22f6890822f4888?narHash=sha256-FWOxiKWAk8HpIb5SHg0XfLZ3DrtWuGnb2GBeJY02no0%3D' (2026-01-04)
  → 'github:nixos/nixpkgs/c60ea51bdca90fd46d39f5be1b0436652713b4d2?narHash=sha256-4mqh9WJFKuSbDOEcMc4FerCGVoBl6dPQ%2BPiRFxybync%3D' (2026-01-15)

.github/FUNDING.yml

@@ -1,2 +1,3 @@
+github: ryan4yin
 patreon: ryan4yin
-custom:  ['https://buymeacoffee.com/ryan4yin', 'https://afdian.net/a/ryan4yin']
+custom: ["https://buymeacoffee.com/ryan4yin"]

.github/workflows/flake_check.yml

@@ -1,24 +0,0 @@
-name: Nix Flake Check
-
-on: [push, pull_request, workflow_dispatch]
-
-jobs:
-  checks:
-    name: Check expressions
-    runs-on: ubuntu-latest
-
-    steps:
-      # - name: Checkout repository
-      #   uses: actions/checkout@v4
-      # - name: Install nix
-      #   uses: cachix/install-nix-action@v24
-      #   with:
-      #     install_url: https://nixos.org/nix/install
-      #     extra_nix_config: |
-      #       access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
-      #       experimental-features = nix-command flakes
-
-      - name: Run Nix Flake Check
-        run: |
-          echo 'TODO: nix flake check'
-          # nix flake check

.github/workflows/flake_evaltests.yml

@@ -0,0 +1,42 @@
+name: Nix Flake Eval Tests
+
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - "scripts/**"
+      - "**.md"
+      - "**.nu"
+      - "Justfile"
+  pull_request:
+    branches:
+      - main
+    paths-ignore:
+      - "scripts/**"
+      - "**.md"
+      - "**.nu"
+      - "Justfile"
+
+jobs:
+  checks:
+    name: Check expressions
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+      - name: Install nix
+        uses: cachix/install-nix-action@v31
+        with:
+          install_url: https://nixos.org/nix/install
+          extra_nix_config: |
+            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+            experimental-features = nix-command flakes
+
+      - name: Run Nix Flake Eval Tests
+        run: |
+          echo 'Flake Eval Tests'
+          # stack overflow...
+          # nix eval .#checks --show-trace --print-build-logs --verbose
+          nix eval .#evalTests --show-trace --print-build-logs --verbose

.github/workflows/mirror_to_gitee.yml

@@ -1,7 +1,11 @@
 name: Mirror this repo to Gitee
 on:
-  workflow_dispatch: {}
-  push: {}
+  push:
+    branches:
+      - main
+    tags:
+      - "*"
+
 jobs:
   mirror:
     runs-on: ubuntu-latest
@@ -26,4 +30,3 @@ jobs:
           export GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no"
           git remote add mirror "$INPUT_TARGET_REPO_URL"
           git push --tags --force --prune mirror "refs/remotes/origin/*:refs/heads/*"
-

.gitignore

@@ -1,5 +1,11 @@
+.Trash-1000/
 result
 result/
 .direnv/
 .DS_Store
 .pre-commit-config.yaml
+logs/
+core*
+!core/
+!core.nix
+!coredns*

.prettierignore

@@ -0,0 +1,8 @@
+LICENSE.md
+dist
+pnpm-lock.yaml
+flake.lock
+vercel.json
+cache
+temp
+.temp

.prettierrc.yaml

@@ -0,0 +1,6 @@
+# https://prettier.io/docs/en/options
+semi: false
+singleQuote: false
+printWidth: 100
+proseWrap: always # always change wrapping in markdown text
+trailingComma: es5

.typos.toml

@@ -0,0 +1,45 @@
+[files]
+# Respect .ignore files.
+ignore-dot = true
+# Respect ignore files.
+ignore-files = true
+# Typos-specific ignore globs (gitignore syntax).
+# NOTE: This setting is ignored when you pass the path directly on the command line, as cachix/git-hooks.nix does.
+# To ignore those files, you must also exclude those directories via git-hooks.hooks.typos.settings.exclude.
+extend-exclude = [
+  "data/",
+  "rime-data/",
+]
+
+[default]
+# Check binary files as text.
+binary = false
+# Verify spelling in file names.
+check-filename = true
+# ignore some special identifiers(sha256, mac address, crypto keys, etc)
+extend-ignore-re = [
+  "iterm2",
+  "iHgEIBYKACAWIQSizQe9ljFEyyclWmtVhZllwnQrSwUCZZ1T9wIdAAAKCRBVhZll", # crypto keys
+  "noice",                                                            # noice.nvim
+  "crypted-nixos",
+  "daed",
+
+  # catppuccin theme colors
+  "11111b",
+  "1e1e2e",
+  "313244",
+  "414356",
+  "45475a",
+  "585b70",
+  "89b4fa",
+  "94e2d5",
+  "a6adc8",
+  "a6e3a1",
+  "bac2de",
+  "cdd6f4",
+  "f38ba8",
+  "f5c2e7",
+  "f5e0dc",
+  "f9e2af",
+  "fab387",
+]

Justfile

@@ -1,199 +1,357 @@
 # just is a command runner, Justfile is very similar to Makefile, but simpler.
 
-# use nushell for shell commands
+# Use nushell for shell commands
+# To use this justfile, you need to enter a shell with just & nushell installed:
+# 
+#   nix shell nixpkgs#just nixpkgs#nushell
 set shell := ["nu", "-c"]
 
+utils_nu := absolute_path("utils.nu")
+
 ############################################################################
 #
-#  Nix commands related to the local machine
+#  Common commands(suitable for all machines)
 #
 ############################################################################
 
-i3 mode="default":
-  use utils.nu *; \
-  nixos-switch ai_i3 {{mode}}
-
-hypr mode="default":
-  use utils.nu *; \
-  nixos-switch ai_hyprland {{mode}}
-
-
-s-i3 mode="default":
-  use utils.nu *; \
-  nixos-switch shoukei_i3 {{mode}}
-
-
-s-hypr mode="default":
-  use utils.nu *; \
-  nixos-switch shoukei_hyprland {{mode}}
+# List all the just commands
+default:
+    @just --list
 
+# Run eval tests
+[group('nix')]
+test:
+  nix eval .#evalTests --show-trace --print-build-logs --verbose
 
+# Update all the flake inputs
+[group('nix')]
 up:
-  nix flake update
+  nix flake update --commit-lock-file
 
 # Update specific input
 # Usage: just upp nixpkgs
+[group('nix')]
 upp input:
-  nix flake lock --update-input {{input}}
+  nix flake update {{input}} --commit-lock-file
 
+# List all generations of the system profile
+[group('nix')]
 history:
   nix profile history --profile /nix/var/nix/profiles/system
 
+# Open a nix shell with the flake
+[group('nix')]
 repl:
   nix repl -f flake:nixpkgs
 
+# remove all generations older than 7 days
+# on darwin, you may need to switch to root user to run this command
+[group('nix')]
 clean:
-  # remove all generations older than 7 days
+  # Wipe out NixOS's history
   sudo nix profile wipe-history --profile /nix/var/nix/profiles/system  --older-than 7d
+  # Wipe out home-manager's history
+  nix profile wipe-history --profile $"($env.XDG_STATE_HOME)/nix/profiles/home-manager" --older-than 7d
 
+# Garbage collect all unused nix store entries
+[group('nix')]
 gc:
-  # garbage collect all unused nix store entries
-  sudo nix store gc --debug
-  sudo nix-collect-garbage --delete-old
+  # garbage collect all unused nix store entries(system-wide)
+  sudo nix-collect-garbage --delete-older-than 7d
+  # garbage collect all unused nix store entries(for the user - home-manager)
+  # https://github.com/NixOS/nix/issues/8508
+  nix-collect-garbage --delete-older-than 7d
+
+# Enter a shell session which has all the necessary tools for this flake
+[linux]
+[group('nix')]
+shell:
+  nix shell nixpkgs#git nixpkgs#neovim nixpkgs#colmena
+
+# Enter a shell session which has all the necessary tools for this flake
+[macos]
+[group('nix')]
+shell:
+  nix shell nixpkgs#git nixpkgs#neovim
+
+[group('nix')]
+fmt:
+  # format the nix files in this repo
+  ls **/*.nix | each { |it| nixfmt $it.name }
+
+# Show all the auto gc roots in the nix store
+[group('nix')]
+gcroot:
+  ls -al /nix/var/nix/gcroots/auto/
+
+# Verify all the store entries
+# Nix Store can contains corrupted entries if the nix store object has been modified unexpectedly.
+# This command will verify all the store entries,
+# and we need to fix the corrupted entries manually via `sudo nix store delete <store-path-1> <store-path-2> ...`
+[group('nix')]
+verify-store:
+  nix store verify --all
+
+# Repair Nix Store Objects
+[group('nix')]
+repair-store *paths:
+  nix store repair {{paths}}
+
+# Update all Nixpkgs inputs
+[group('nix')]
+up-nix:
+  nix flake update --commit-lock-file nixpkgs-stable nixpkgs-master nixpkgs-darwin nixpkgs-patched
+
+# override nixpkgs's commit hash
+[group('nix')]
+override-pkgs hash:
+  nix flake update --commit-lock-file nixpkgs --override-input nixpkgs github:NixOS/nixpkgs/{{hash}}
 
 ############################################################################
 #
-#  Darwin related commands, harmonica is my macbook pro's hostname
+#  NixOS Desktop related commands
 #
 ############################################################################
 
+# Deploy the nixosConfiguration by hostname match
+[linux]
+[group('homelab')]
+local mode="default":
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
+  nixos-switch (hostname) {{mode}}
+
+# Deploy the niri nixosConfiguration by hostname match
+[linux]
+[group('desktop')]
+niri mode="default":
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
+  nixos-switch $"(hostname)-niri" {{mode}}
+
+############################################################################
+#
+#  Darwin related commands
+#
+############################################################################
+
+[macos]
+[group('desktop')]
 darwin-set-proxy:
   sudo python3 scripts/darwin_set_proxy.py
   sleep 1sec
 
+[macos]
+[group('desktop')]
 darwin-rollback:
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
   darwin-rollback
 
-ha mode="default":
-  use utils.nu *; \
-  darwin-build "harmonica" {{mode}}; \
-  darwin-switch "harmonica" {{mode}}
+# Deploy the darwinConfiguration by hostname match
+[macos]
+[group('desktop')]
+local mode="default": 
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
+  darwin-build (hostname) {{mode}};
+  darwin-switch (hostname) {{mode}}
 
-fe mode="default": darwin-set-proxy
-  use utils.nu *; \
-  darwin-build "fern" {{mode}}; \
-  darwin-switch "fern" {{mode}}
+
+# Reset launchpad to force it to reindex Applications
+[macos]
+[group('desktop')]
+reset-launchpad:
+  defaults write com.apple.dock ResetLaunchPad -bool true
+  killall Dock
 
 ############################################################################
 #
-#  Idols, Commands related to my remote distributed building cluster
+#  Homelab - Kubevirt Cluster related commands
 #
 ############################################################################
 
-idols-ssh-key:
-  ssh-add ~/.ssh/ai-idols
+# Remote deployment via colmena
+[linux]
+[group('homelab')]
+col tag:
+  colmena apply --on '@{{tag}}' --verbose --show-trace
 
-idols: idols-ssh-key
-  colmena apply --on '@dist-build'
+# Build and upload a vm image
+[linux]
+[group('homelab')]
+upload-vm name mode="default":
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
+  upload-vm {{name}} {{mode}}
 
+# Deploy all the KubeVirt nodes(Physical machines running KubeVirt)
+[linux]
+[group('homelab')]
+lab:
+  colmena apply --on '@virt-*' --verbose --show-trace
+
+[linux]
+[group('homelab')]
+shoryu:
+  colmena apply --on '@kubevirt-shoryu' --verbose --show-trace
+
+[linux]
+[group('homelab')]
+shushou:
+  colmena apply --on '@kubevirt-shushou' --verbose --show-trace
+
+[linux]
+[group('homelab')]
+youko:
+  colmena apply --on '@kubevirt-youko' --verbose --show-trace
+
+############################################################################
+#
+# Commands for other Virtual Machines
+#
+############################################################################
+
+# Build and upload a vm image
+[linux]
+[group('homelab')]
+upload-idols mode="default":
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
+  upload-vm aquamarine {{mode}}
+  upload-vm ruby {{mode}}
+  upload-vm kana {{mode}}
+
+[linux]
+[group('homelab')]
 aqua:
-  colmena apply --on '@aqua'
+  colmena apply --on '@aqua' --verbose --show-trace
 
+[linux]
+[group('homelab')]
 ruby:
-  colmena apply --on '@ruby'
+  colmena apply --on '@ruby' --verbose --show-trace
 
+[linux]
+[group('homelab')]
 kana:
-  colmena apply --on '@kana'
-
-idols-debug: idols-ssh-key
-  colmena apply --on '@dist-build' --verbose --show-trace
-
-# only used once to setup the virtual machines
-idols-image:
-  # take image for idols, and upload the image to proxmox nodes.
-  nom build .#aquamarine
-  scp result root@gtr5:/var/lib/vz/dump/vzdump-qemu-aquamarine.vma.zst
-
-  nom build .#ruby
-  scp result root@s500plus:/var/lib/vz/dump/vzdump-qemu-ruby.vma.zst
-
-  nom build .#kana
-  scp result root@um560:/var/lib/vz/dump/vzdump-qemu-kana.vma.zst
-
+  colmena apply --on '@kana' --verbose --show-trace
 
 ############################################################################
 #
-#  RISC-V related commands
+# Kubernetes related commands
 #
 ############################################################################
 
-roll: idols-ssh-key
-  colmena apply --on '@riscv'
+# Build and upload a vm image
+[linux]
+[group('homelab')]
+upload-k3s-prod mode="default":
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
+  upload-vm k3s-prod-1-master-1 {{mode}}; 
+  upload-vm k3s-prod-1-master-2 {{mode}}; 
+  upload-vm k3s-prod-1-master-3 {{mode}}; 
+  upload-vm k3s-prod-1-worker-1 {{mode}}; 
+  upload-vm k3s-prod-1-worker-2 {{mode}}; 
+  upload-vm k3s-prod-1-worker-3 {{mode}};
 
-roll-debug: idols-ssh-key
-  colmena apply --on '@dist-build' --verbose --show-trace
+[linux]
+[group('homelab')]
+upload-k3s-test mode="default":
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
+  upload-vm k3s-test-1-master-1 {{mode}}; 
+  upload-vm k3s-test-1-master-2 {{mode}}; 
+  upload-vm k3s-test-1-master-3 {{mode}};
 
-nozomi:
-  colmena apply --on '@nozomi'
+[linux]
+[group('homelab')]
+k3s-prod:
+  colmena apply --on '@k3s-prod-*' --verbose --show-trace
 
-yukina:
-  colmena apply --on '@yukina'
-
-############################################################################
-#
-# Aarch64 related commands
-#
-############################################################################
-
-aarch:
-  colmena apply --on '@aarch'
-
-suzu:
-  colmena apply --on '@suzu'
-
-suzu-debug:
-  colmena apply --on '@suzu' --verbose --show-trace
-
-############################################################################
-#
-#  Misc, other useful commands
-#
-############################################################################
-
-fmt:
-  # format the nix files in this repo
-  nix fmt
-
-nvim-test:
-  rm -rf $"($env.HOME)/.config/astronvim/lua/user"
-  rsync -avz --copy-links --chmod=D2755,F744 home/base/desktop/editors/neovim/astronvim_user/ $"($env.HOME)/.config/astronvim/lua/user"
-
-nvim-clean:
-  rm -rf $"($env.HOME)/.config/astronvim/lua/user"
+[linux]
+[group('homelab')]
+k3s-test:
+  colmena apply --on '@k3s-test-*' --verbose --show-trace
 
 # =================================================
-# Emacs related commands
+#
+# Other useful commands
+#
 # =================================================
 
-emacs-plist-path := "~/Library/LaunchAgents/org.nix-community.home.emacs.plist"
+[group('common')]
+path:
+   $env.PATH | split row ":"
 
-reload-emacs-cmd := if os() == "macos" {
-    "launchctl unload " + emacs-plist-path
-    + "\n"
-    + "launchctl load " + emacs-plist-path
-    + "\n"
-    + "tail -f ~/Library/Logs/emacs-daemon.stderr.log"
-  } else {
-    "systemctl --user restart emacs.service"
-    + "\n"
-    + "systemctl --user status emacs.service"
-  }
+[group('common')]
+trace-access app *args:
+  strace -f -t -e trace=file {{app}} {{args}} | complete | $in.stderr | lines | find -v -r "(/nix/store|/newroot|/proc)" | parse --regex '"(/.+)"' | sort | uniq
 
-emacs-test:
-  rm -rf $"($env.HOME)/.config/doom"
-  rsync -avz --copy-links --chmod=D2755,F744 home/base/desktop/editors/emacs/doom/ $"($env.HOME)/.config/doom"
-  doom clean
-  doom sync
+[linux]
+[group('common')]
+penvof pid:
+  sudo cat $"/proc/($pid)/environ" | tr '\0' '\n'
 
-emacs-clean:
-  rm -rf $"($env.HOME)/.config/doom/"
+# Remove all reflog entries and prune unreachable objects
+[group('git')]
+ggc:
+  git reflog expire --expire-unreachable=now --all
+  git gc --prune=now
 
-emacs-purge:
-  doom purge
-  doom clean
-  doom sync
+# Amend the last commit without changing the commit message
+[group('git')]
+game:
+  git commit --amend -a --no-edit
 
-emacs-reload:
-  doom sync
-  {{reload-emacs-cmd}}
+# Delete all failed pods
+[group('k8s')]
+del-failed:
+  kubectl delete pod --all-namespaces --field-selector="status.phase==Failed"
+
+[linux]
+[group('services')]
+list-inactive:
+  systemctl list-units -all --state=inactive
+
+[linux]
+[group('services')]
+list-failed:
+  systemctl list-units -all --state=failed
+
+[linux]
+[group('services')]
+list-systemd:
+  systemctl list-units systemd-*
+
+
+# =================================================
+#
+# Nixpkgs Review via Github Action
+# https://github.com/ryan4yin/nixpkgs-review-gha
+#
+# =================================================
+
+[linux]
+[group('nixpkgs')]
+gh-login:
+  gh auth login -h github.com --skip-ssh-key --git-protocol ssh --web
+
+# Run nixpkgs-review for PR
+[linux]
+[group('nixpkgs')]
+pkg-review pr:
+  gh workflow run review.yml --repo ryan4yin/nixpkgs-review-gha -f x86_64-darwin=no -f post-result=true -f pr={{pr}}
+
+# Run package tests for PR
+[linux]
+[group('nixpkgs')]
+pkg-test pr pname:
+  gh workflow run review.yml --repo ryan4yin/nixpkgs-review-gha -f x86_64-darwin=no -f post-result=true -f pr={{pr}} -f extra-args="-p {{pname}}.passthru.tests"
+
+# View the summary of a workflow
+[linux]
+[group('nixpkgs')]
+pkg-summary:
+  gh workflow view review.yml --repo ryan4yin/nixpkgs-review-gha

README.md

@@ -8,76 +8,86 @@
 	<a href="https://github.com/ryan4yin/nix-config/stargazers">
 		<img alt="Stargazers" src="https://img.shields.io/github/stars/ryan4yin/nix-config?style=for-the-badge&logo=starship&color=C9CBFF&logoColor=D9E0EE&labelColor=302D41"></a>
     <a href="https://nixos.org/">
-        <img src="https://img.shields.io/badge/NixOS-23.05-informational.svg?style=for-the-badge&logo=nixos&color=F2CDCD&logoColor=D9E0EE&labelColor=302D41"></a>
+        <img src="https://img.shields.io/badge/NixOS-25.11-informational.svg?style=for-the-badge&logo=nixos&color=F2CDCD&logoColor=D9E0EE&labelColor=302D41"></a>
     <a href="https://github.com/ryan4yin/nixos-and-flakes-book">
-        <img src="https://img.shields.io/static/v1?label=Nix Flakes&message=learning&style=for-the-badge&logo=nixos&color=DDB6F2&logoColor=D9E0EE&labelColor=302D41"></a>
+        <img src="https://img.shields.io/badge/Nix%20Flakes-learning-informational.svg?style=for-the-badge&logo=nixos&color=F2CDCD&logoColor=D9E0EE&labelColor=302D41"></a>
   </a>
 </p>
 
-This repository is home to the nix code that builds my systems.
+> My configuration is becoming more and more complex, and **it will be difficult for beginners to
+> read**. If you are new to NixOS and want to know how I use NixOS, I would recommend you to take a
+> look at the [ryan4yin/nix-config/releases](https://github.com/ryan4yin/nix-config/releases) first,
+> **check out to some simpler older versions, such as
+> [i3-kickstarter](https://github.com/ryan4yin/nix-config/tree/i3-kickstarter), which will be much
+> easier to understand**.
+
+This repository is home to the nix code that builds my systems:
+
+1. NixOS Desktops: NixOS with home-manager, niri, agenix, etc.
+2. macOS Desktops: nix-darwin with home-manager, share the same home-manager configuration with
+   NixOS Desktops.
+3. NixOS Servers: virtual machines running on Proxmox/KubeVirt, with various services, such as
+   kubernetes, homepage, prometheus, grafana, etc.
+
+See [./hosts](./hosts) for details of each host.
+
+See [./Virtual-Machine.md](./Virtual-Machine.md) for details of how to create & manage KubeVirt's
+Virtual Machine from this flake.
 
 ## Why NixOS & Flakes?
 
-Nix allows for easy-to-manage, collaborative, reproducible deployments. This means that once something is setup and configured once, it works (almost) forever. If someone else shares their configuration, anyone else can just use it (if you really understand what you're copying/refering now).
+Nix allows for easy-to-manage, collaborative, reproducible deployments. This means that once
+something is setup and configured once, it works (almost) forever. If someone else shares their
+configuration, anyone else can just use it (if you really understand what you're copying/referring
+now).
 
-As for Flakes, refer to [Introduction to Flakes - NixOS & Nix Flakes Book](https://nixos-and-flakes.thiscute.world/nixos-with-flakes/introduction-to-flakes)
+As for Flakes, refer to
+[Introduction to Flakes - NixOS & Nix Flakes Book](https://nixos-and-flakes.thiscute.world/nixos-with-flakes/introduction-to-flakes)
 
-**Want to know NixOS & Flaks in detail? Looking for a beginner-friendly tutorial or best practices? You don't have to go through the pain I've experienced again! Check out my [NixOS & Nix Flakes Book - 🛠️ ❤️ An unofficial & opinionated :book: for beginners](https://github.com/ryan4yin/nixos-and-flakes-book)!**
+**Want to know NixOS & Flakes in detail? Looking for a beginner-friendly tutorial or best practices?
+You don't have to go through the pain I've experienced again! Check out my
+[NixOS & Nix Flakes Book - 🛠️ ❤️ An unofficial & opinionated :book: for beginners](https://github.com/ryan4yin/nixos-and-flakes-book)!**
 
-> If you're using macOS, check out [ryan4yin/nix-darwin-kickstarter](https://github.com/ryan4yin/nix-darwin-kickstarter) for a quick start.
+> If you're using macOS, check out
+> [ryan4yin/nix-darwin-kickstarter](https://github.com/ryan4yin/nix-darwin-kickstarter) for a quick
+> start.
 
 ## Components
 
-|                             | NixOS(Wayland)                                                                                                    | NixOS(Xorg)                                                                                                       |
-| --------------------------- | :---------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------- |
-| **Window Manager**          | [Hyprland][Hyprland]                                                                                              | [i3][i3]                                                                                                          |
-| **Terminal Emulator**       | [Zellij][Zellij] + [Kitty][Kitty]                                                                                 | [Zellij][Zellij] + [Kitty][Kitty]                                                                                 |
-| **Bar**                     | [Waybar][Waybar]                                                                                                  | [polybar][polybar]                                                                                                |
-| **Application Launcher**    | [anyrun][anyrun]                                                                                                  | [rofi][rofi]                                                                                                      |
-| **Notification Daemon**     | [Mako][Mako]                                                                                                      | [Dunst][Dunst]                                                                                                    |
-| **Display Manager**         | [GDM][GDM]                                                                                                        | [GDM][GDM]                                                                                                        |
-| **Color Scheme**            | [Catppuccin][Catppuccin]                                                                                          | [Catppuccin][Catppuccin]                                                                                          |
-| **network management tool** | [NetworkManager][NetworkManager]                                                                                  | [NetworkManager][NetworkManager]                                                                                  |
-| **Input method framework**  | [Fcitx5][Fcitx5]                                                                                                  | [Fcitx5][Fcitx5]                                                                                                  |
-| **System resource monitor** | [Btop][Btop]                                                                                                      | [Btop][Btop]                                                                                                      |
-| **File Manager**            | [Yazi][Yazi] + [thunar][thunar]                                                                                   | [Yazi][Yazi] + [thunar][thunar]                                                                                   |
-| **Shell**                   | [Nushell][Nushell] + [Starship][Starship]                                                                         | [Nushell][Nushell] + [Starship][Starship]                                                                         |
-| **Music Player**            | [mpd][mpd], [ncmpcpp][ncmpcpp], [mpc][mpc], [Netease-cloud-music-gtk][netease-cloud-music-gtk]                    | [Netease-cloud-music-gtk][netease-cloud-music-gtk]                                                                |
-| **Media Player**            | [mpv][mpv]                                                                                                        | [mpv][mpv]                                                                                                        |
-| **Text Editor**             | [Neovim][Neovim] + [DoomEmacs][DoomEmacs]                                                                         | [Neovim][Neovim] + [DoomEmacs][DoomEmacs]                                                                         |
-| **Fonts**                   | [Nerd fonts][Nerd fonts]                                                                                          | [Nerd fonts][Nerd fonts]                                                                                          |
-| **Image Viewer**            | [imv][imv]                                                                                                        | [imv][imv]                                                                                                        |
-| **Screenshot Software**     | [grim][grim]                                                                                                      | [flameshot](https://github.com/flameshot-org/flameshot)                                                           |
-| **Screen Recording**        | [OBS][OBS]                                                                                                        | [OBS][OBS]                                                                                                        |
-| **Filesystem & Encryption** | tmpfs on `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] crypted partition for persistent, unlock via passphrase | tmpfs on `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] crypted partition for persistent, unlock via passphrase |
-| **Secure Boot**             | [lanzaboote][lanzaboote]                                                                                          | [lanzaboote][lanzaboote]                                                                                          |
+|                                                                | NixOS(Wayland)                                                                                                      |
+| -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- |
+| **Window Manager**                                             | [Niri][Niri]                                                                                                        |
+| **Terminal Emulator**                                          | [Zellij][Zellij] + [foot][foot]/[Kitty][Kitty]/[Alacritty][Alacritty]/[Ghostty][Ghostty]                            |
+| **Status Bar** / **Notifier** / **Launcher** / **lockscreens** | [noctalia-shell][noctalia-shell]                                                                                    |
+| **Display Manager**                                            | [tuigreet][tuigreet]                                                                                                |
+| **Color Scheme**                                               | [catppuccin-nix][catppuccin-nix]                                                                                    |
+| **network management tool**                                    | [NetworkManager][NetworkManager]                                                                                    |
+| **Input method framework**                                     | [Fcitx5][Fcitx5] + [rime][rime] + [小鹤音形 flypy][flypy]                                                           |
+| **System resource monitor**                                    | [Btop][Btop]                                                                                                        |
+| **File Manager**                                               | [Yazi][Yazi] + [thunar][thunar]                                                                                     |
+| **Shell**                                                      | [Nushell][Nushell] + [Starship][Starship]                                                                           |
+| **Media Player**                                               | [mpv][mpv]                                                                                                          |
+| **Text Editor**                                                | [Neovim][Neovim]                                                                                                    |
+| **Fonts**                                                      | [Nerd fonts][Nerd fonts]                                                                                            |
+| **Image Viewer**                                               | [imv][imv]                                                                                                          |
+| **Screenshot Software**                                        | Niri's builtin function                                                                                             |
+| **Screen Recording**                                           | [OBS][OBS]                                                                                                          |
+| **Filesystem & Encryption**                                    | tmpfs as `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] encrypted partition for persistent, unlock via passphrase |
+| **Secure Boot**                                                | [lanzaboote][lanzaboote]                                                                                            |
 
 Wallpapers: https://github.com/ryan4yin/wallpapers
 
-## Hyprland + AstroNvim + DoomEmacs
+## Screenshots
 
-![](./_img/hyprland_2023-07-29_1.webp)
+![desktop](./_img/2026-01-05_niri-noctalia_desktop.webp)
 
-![](./_img/hyprland_2023-07-29_2.webp)
+![overview](./_img/2026-01-04_niri-noctalia_overview.webp)
 
-![](./_img/emacs-2024-01-07.webp)
-
-## I3 + AstroNvim
-
-![](./_img/i3_2023-07-29_1.webp)
-![](./_img/i3_2023-07-29_2.webp)
+![nvim](./_img/2026-01-04_niri-noctalia_nvim.webp)
 
 ## Neovim
 
-See [./home/base/desktop/editors/neovim/](./home/base/desktop/editors/neovim/) for details.
-
-## Emacs
-
-See [./home/base/desktop/editors/emacs/](./home/base/desktop/editors/emacs/) for details.
-
-## Hosts
-
-See [./hosts](./hosts) for details.
+See [./home/base/tui/editors/neovim/](./home/base/tui/editors/neovim/) for details.
 
 ## Secrets Management
 
@@ -85,71 +95,50 @@ See [./secrets](./secrets) for details.
 
 ## How to Deploy this Flake?
 
-> :red_circle: **IMPORTANT**: **You should NOT deploy this flake directly on your machine:exclamation: It will not succeed.** this flake contains my hardware configuration(such as [hardware-configuration.nix](hosts/idols/ai/hardware-configuration.nix), [cifs-mount.nix](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols/ai/cifs-mount.nix), [Nvidia Support](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols/ai/default.nix#L77-L91), etc.) which is not suitable for your hardware, and my private secrets repository [ryan4yin/nix-secrets](https://github.com/ryan4yin/nix-config/tree/main/secrets) that only I have access to. You may use this repo as a reference to build your own configuration.
+<!-- prettier-ignore -->
+> :red_circle: **IMPORTANT**: **You should NOT deploy this flake directly on your machine :exclamation:
+> It will not succeed.** This flake contains my hardware configuration(such as
+> [hardware-configuration.nix](hosts/idols-ai/hardware-configuration.nix),
+> [Nvidia Support](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols-ai/default.nix#L77-L91),
+> etc.) which is not suitable for your hardware, and requires my private secrets repository
+> [ryan4yin/nix-secrets](https://github.com/ryan4yin/nix-config/tree/main/secrets) to deploy. You
+> may use this repo as a reference to build your own configuration.
 
 For NixOS:
 
-> To deploy this flake from NixOS's official ISO image(purest installation method), please refer to [./nixos-installer/](./nixos-installer/)
-
-> Need to restart the machine when switching between `wayland` and `xorg`.
+> To deploy this flake from NixOS's official ISO image (purest installation method), please refer to
+> [./nixos-installer/](./nixos-installer/)
 
 ```bash
 # deploy one of the configuration based on the hostname
-sudo nixos-rebuild switch --flake .#ai_i3
-# sudo nixos-rebuild switch --flake .#ai_hyprland
+sudo nixos-rebuild switch --flake .#ai-niri
 
-# deploy via `just`(a command runner with similar syntax to make) & Justfile
-just i3    # deploy my pc with i3 window manager
-# just hypr  # deploy my pc with hyprland compositor
+# Deploy the niri nixosConfiguration by hostname match
+just niri
 
 # or we can deploy with details
-just i3 debug
-# just hypr-debug
+just niri debug
 ```
 
 For macOS:
 
 ```bash
-# deploy harmonicia's configuration(macOS Intel)
-just ha
+# If you are deploying for the first time,
+# 1. install nix & homebrew manually.
+# 2. prepare the deployment environment with essential packages available
+nix-shell -p just nushell
+# 3. comment home-manager's code in lib/macosSystem.nix to speed up the first deployment.
+# 4. comment out the proxy settings in scripts/darwin_set_proxy.py if the proxy is not ready yet.
 
-# deploy fern's configuration(Apple Silicon)
-just fe
+# Deploy the darwinConfiguration by hostname match
+just local
 
 # deploy with details
-just ha debug
-# just fe debug
+just local debug
 ```
 
-> [What y'all will need when Nix drives you to drink.](https://www.youtube.com/watch?v=Eni9PPPPBpg) (copy from hlissner's dotfiles, it really matches my feelings when I first started using NixOS...)
-
-## How to create & managage VM from this flake?
-
-use `aquamarine` as an example, we can create a virtual machine with the following command:
-
-```shell
-# 1. generate a proxmox vma image file
-nom build .#aquamarine  # `nom`(nix-output-monitor) can be replaced by the standard command `nix`
-
-# 2. upload the genereated image to proxmox server's backup directory `/var/lib/vz/dump`
-#    please replace the vma file name with the one you generated in step 1.
-scp result/vzdump-qemu-aquamarine-nixos-23.11.20230603.dd49825.vma.zst root@192.168.5.174:/var/lib/vz/dump
-
-# 3. the image we uploaded will be listed in proxmox web ui's this page: [storage 'local'] -> [backups], we can restore a vm from it via the web ui now.
-```
-
-Once the virtual machine `aquamarine` is created, we can deploy updates to it with the following commands:
-
-```shell
-# 1. add the ssh key to ssh-agent
-ssh-add ~/.ssh/ai-idols
-
-# 2. deploy the configuration to all the remote host with tag `@dist-build`
-# using the ssh key we added in step 1
-colmena apply --on '@dist-build' --show-trace
-```
-
-If you're not familiar with remote deployment, please read this tutorial first: [Remote Deployment - NixOS & Flakes Book](https://nixos-and-flakes.thiscute.world/best-practices/remote-deployment)
+> [What y'all will need when Nix drives you to drink.](https://www.youtube.com/watch?v=Eni9PPPPBpg)
+> (copy from hlissner's dotfiles, it really matches my feelings when I first started using NixOS...)
 
 ## References
 
@@ -164,56 +153,43 @@ Other dotfiles that inspired me:
   - [davidtwco/veritas](https://github.com/davidtwco/veritas)
   - [gvolpe/nix-config](https://github.com/gvolpe/nix-config)
   - [Ruixi-rebirth/flakes](https://github.com/Ruixi-rebirth/flakes)
-  - [fufexan/dotfiles](https://github.com/fufexan/dotfiles): gtk theme, xdg, git, media, anyrun, etc.
+  - [fufexan/dotfiles](https://github.com/fufexan/dotfiles): gtk theme, xdg, git, media, etc.
+  - [nix-community/srvos](https://github.com/nix-community/srvos): a collection of opinionated and
+    sharable NixOS configurations for servers
 - Modularized NixOS Configuration
   - [hlissner/dotfiles](https://github.com/hlissner/dotfiles)
   - [viperML/dotfiles](https://github.com/viperML/dotfiles)
-- Hyprland(wayland)
-  - [notwidow/hyprland](https://github.com/notwidow/hyprland): This is where I start my hyprland journey.
-  - [HeinzDev/Hyprland-dotfiles](https://github.com/HeinzDev/Hyprland-dotfiles): Refer to the waybar configuration here.
-  - [linuxmobile/kaku](https://github.com/linuxmobile/kaku)
-- I3 Window Manager
-  - [endeavouros-i3wm-setup](https://github.com/endeavouros-team/endeavouros-i3wm-setup): I started using i3 here, and my i3 configuration is also based on it, but made a lot of changes.
-  - [denisse-dev/dotfiles](https://github.com/denisse-dev/dotfiles)
 - Neovim/AstroNvim
   - [maxbrunet/dotfiles](https://github.com/maxbrunet/dotfiles): astronvim with nix flakes.
 - Misc
   - [1amSimp1e/dots](https://github.com/1amSimp1e/dots)
 
-[Hyprland]: https://github.com/hyprwm/Hyprland
-[i3]: https://github.com/i3/i3
+[Niri]: https://github.com/YaLTeR/niri
 [Kitty]: https://github.com/kovidgoyal/kitty
+[foot]: https://codeberg.org/dnkl/foot
+[Alacritty]: https://github.com/alacritty/alacritty
+[Ghostty]: https://github.com/ghostty-org/ghostty
 [Nushell]: https://github.com/nushell/nushell
 [Starship]: https://github.com/starship/starship
-[Waybar]: https://github.com/Alexays/Waybar
-[polybar]: https://github.com/polybar/polybar
-[rofi]: https://github.com/davatorium/rofi
-[anyrun]: https://github.com/Kirottu/anyrun
-[Dunst]: https://github.com/dunst-project/dunst
 [Fcitx5]: https://github.com/fcitx/fcitx5
+[rime]: https://wiki.archlinux.org/title/Rime
+[flypy]: https://flypy.cc/
 [Btop]: https://github.com/aristocratos/btop
 [mpv]: https://github.com/mpv-player/mpv
 [Zellij]: https://github.com/zellij-org/zellij
 [Neovim]: https://github.com/neovim/neovim
 [AstroNvim]: https://github.com/AstroNvim/AstroNvim
-[DoomEmacs]: https://github.com/doomemacs/doomemacs
-[flameshot]: https://github.com/flameshot-org/flameshot
-[grim]: https://github.com/emersion/grim
 [imv]: https://sr.ht/~exec64/imv/
 [OBS]: https://obsproject.com
-[Mako]: https://github.com/emersion/mako
 [Nerd fonts]: https://github.com/ryanoasis/nerd-fonts
-[catppuccin]: https://github.com/catppuccin/catppuccin
-[mpd]: https://github.com/MusicPlayerDaemon/MPD
-[ncmpcpp]: https://github.com/ncmpcpp/ncmpcpp
-[mpc]: https://github.com/MusicPlayerDaemon/mpc
-[Netease-cloud-music-gtk]: https://github.com/gmg137/netease-cloud-music-gtk
+[catppuccin-nix]: https://github.com/catppuccin/nix
 [NetworkManager]: https://wiki.gnome.org/Projects/NetworkManager
 [wl-clipboard]: https://github.com/bugaevc/wl-clipboard
-[GDM]: https://wiki.archlinux.org/title/GDM
+[tuigreet]: https://github.com/apognu/tuigreet
 [thunar]: https://gitlab.xfce.org/xfce/thunar
 [Yazi]: https://github.com/sxyazi/yazi
 [Catppuccin]: https://github.com/catppuccin/catppuccin
 [Btrfs]: https://btrfs.readthedocs.io
 [LUKS]: https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system
 [lanzaboote]: https://github.com/nix-community/lanzaboote
+[noctalia-shell]: https://github.com/noctalia-dev/noctalia-shell

Virtual-Machine.md

@@ -0,0 +1,26 @@
+## How to create & managage KubeVirt's Virtual Machine from this flake?
+
+Use `aquamarine` as an example, first build and upload the virtual machine's qcow2 image to the file
+server:
+
+```shell
+just upload-vm aquamarine
+```
+
+Then create the virtual machine by creating a yaml file at
+[ryan4yin/k8s-gitops](https://github.com/ryan4yin/k8s-gitops/tree/main/vms), set the
+`spec.dataVolumeTemplates[0].source.http.url` to the uploaded file's URL, and fluxcd will
+automatically apply the changes, then a virtual machine named `aquamarine` will be created in the
+KubeVirt cluster.
+
+Once the virtual machine `aquamarine` is created, we can deploy updates to it with the following
+commands:
+
+```shell
+just col aquamarine
+just col kubevirt-shoryu
+just col k3s-test-1-master-1
+```
+
+If you're not familiar with remote deployment, please read this tutorial first:
+[Remote Deployment - NixOS & Flakes Book](https://nixos-and-flakes.thiscute.world/best-practices/remote-deployment)

certs/.gitignore

@@ -0,0 +1,2 @@
+*.key
+*.csr

certs/README.md

@@ -0,0 +1,23 @@
+# My Private PKI / CA
+
+This is my private Private Key Infrastructure (PKI) / Certificate Authority (CA) for my personal
+use. It is used to issue certificates for my own servers and services.
+
+## Current Structure
+
+- **ecc-ca.crt** - ECC CA certificate file
+- **ecc-ca.srl** - CA serial number file for certificate tracking
+- **ecc-csr.conf** - OpenSSL configuration file for certificate signing requests
+- **ecc-server.crt** - Server certificate signed by the ECC CA
+- **gen-certs.sh** - Shell script to generate certificates automatically
+
+## Security Notes
+
+All private keys (`.key` files) are ignored by git and stored in a private secrets repository. The
+public certificates and configuration files are committed to this repository for reference.
+
+## Usage
+
+Run `./gen-certs.sh` to generate new certificates using the ECC CA configuration.
+
+See [../secrets](../secrets/) for the corresponding private key management.

certs/ecc-ca.crt

@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBajCB8QIJAIwL98is2nQPMAoGCCqGSM49BAMEMB8xHTAbBgNVBAMMFFJ5YW40
+WWluJ3MgUm9vdCBDQSAxMB4XDTI0MDQwMzA4NDgzM1oXDTM0MDQwMTA4NDgzM1ow
+HzEdMBsGA1UEAwwUUnlhbjRZaW4ncyBSb290IENBIDEwdjAQBgcqhkjOPQIBBgUr
+gQQAIgNiAAQ6ixMbsGZ/u/ZnwzOZ49naVL7rQxm9C74SboGytKcYBH03JjC7tgZ3
+DylirxSLcTYHHtCz9ajdamP6+sgiGVpUODtfGSO+WmS+gAbLjCS37T41bkUhkx88
+JU4NsGhjPXcwCgYIKoZIzj0EAwQDaAAwZQIwDrGLSdO+p/1uywkzqzdM/OnZs8bp
+n60uBhUI7EZzDmrouOFeGx+dXYI5yy5AD/qDAjEA7fTQx+jccyOj4dimq1iU9+71
+e/gWYg0rexfy/+9dQY6kvwMzv8Lnm6URaRMbE1Q/
+-----END CERTIFICATE-----

certs/ecc-ca.srl

@@ -0,0 +1 @@
+C050420A8E5A3C1E

certs/ecc-csr.conf

@@ -0,0 +1,22 @@
+[ req ]
+prompt = no
+req_extensions = v3_ext
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name ]
+countryName            = US
+stateOrProvinceName    = NYK
+localityName           = NYK
+organizationName       = Ryan4Yin
+organizationalUnitName = Ryan4Yin
+commonName             = writefor.fun # deprecated, use subjectAltName(SAN) instead
+emailAddress           = rayn4yin@linux.com
+
+[ alt_names ]
+DNS.1 = writefor.fun
+DNS.2 = *.writefor.fun
+
+[ v3_ext ]
+subjectAltName=@alt_names
+basicConstraints       = CA:false
+extendedKeyUsage       = serverAuth

certs/ecc-server.crt

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICKTCCAa6gAwIBAgIJAMBQQgqOWjweMAoGCCqGSM49BAMEMB8xHTAbBgNVBAMM
+FFJ5YW40WWluJ3MgUm9vdCBDQSAxMB4XDTI0MDQwMzA4NDgzM1oXDTM0MDQwMTA4
+NDgzM1owgYkxCzAJBgNVBAYTAlVTMQwwCgYDVQQIDANOWUsxDDAKBgNVBAcMA05Z
+SzERMA8GA1UECgwIUnlhbjRZaW4xETAPBgNVBAsMCFJ5YW40WWluMRUwEwYDVQQD
+DAx3cml0ZWZvci5mdW4xITAfBgkqhkiG9w0BCQEWEnJheW40eWluQGxpbnV4LmNv
+bTB2MBAGByqGSM49AgEGBSuBBAAiA2IABCNTYKDq/I99NltQR5eKrrovQXp9BbLV
+iuUdYmzFrAh+NC9ikiIqTfDwP+c+7QvDyI3KXu3KI2qPSPdxktZKDUPHK4p2Y2kZ
+xKOI2IFTgTqV3uBciyx7ayWPTwBYxsTDmqNLMEkwJwYDVR0RBCAwHoIMd3JpdGVm
+b3IuZnVugg4qLndyaXRlZm9yLmZ1bjAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMAoGCCqGSM49BAMEA2kAMGYCMQCHw9YkDo15P9mqEObvxSUak8tQmhBB
+9wB81Qg4c+JsMCZA1rMUB7GkNJj1Dr9rWLoCMQDSituLzmo/yPLEOrbNV83bj3/I
+ikKgobSie3pMXm5ZG7krOXaunyFRR/bIkih2V2Q=
+-----END CERTIFICATE-----

certs/gen-certs.sh

@@ -0,0 +1,22 @@
+# 1. Generate the private key for Root CA
+openssl ecparam -genkey -name secp384r1 -out ecc-ca.key
+# 2. Generate the certificate for Root CA with the validity period of 10 years
+# using the private key and some basic information
+# NOTE: we specify sha512 as the signature algorithm, which is the key point
+openssl req -x509 -new -SHA512 -key ecc-ca.key -subj "/CN=Ryan4Yin's Root CA 1" -days 3650 -out ecc-ca.crt
+
+# 3. Generate the private key for web server
+openssl ecparam -genkey -name secp384r1 -out ecc-server.key
+# 4. Generate the certificate signing request (CSR) for the server certificate
+# using the private key and the configuration file ecc-csr.conf
+openssl req -new -SHA512 -key ecc-server.key -out ecc-server.csr -config ecc-csr.conf
+# 5. Sign the server certificate with the Root CA's certificate and private key
+# NOTE: we specify sha512 as the signature algorithm, which is the key point
+openssl x509 -req -SHA512 -in ecc-server.csr -CA ecc-ca.crt -CAkey ecc-ca.key \
+  -CAcreateserial -out ecc-server.crt -days 3650 \
+  -extensions v3_ext -extfile ecc-csr.conf
+
+# 6. Display the information of the certificates
+openssl x509 -noout -text -in ecc-ca.crt
+openssl x509 -noout -text -in ecc-server.crt
+

constants.nix

@@ -1,17 +0,0 @@
-rec {
-  # user information
-  username = "ryan";
-  userfullname = "Ryan Yin";
-  useremail = "xiaoyin_c@qq.com";
-
-  allSystemAttrs = {
-    # linux systems
-    x64_system = "x86_64-linux";
-    riscv64_system = "riscv64-linux";
-    aarch64_system = "aarch64-linux";
-    #darwin systems
-    x64_darwin = "x86_64-darwin";
-    aarch64_darwin = "aarch64-darwin";
-  };
-  allSystems = builtins.attrValues allSystemAttrs;
-}

flake.nix

@@ -1,5 +1,5 @@
 {
-  description = "NixOS & macOS configuration of Ryan Yin";
+  description = "Ryan Yin's nix configuration for both NixOS & macOS";
 
   ##################################################################################################################
   #
@@ -8,79 +8,22 @@
   #
   ##################################################################################################################
 
-  # The `outputs` function will return all the build results of the flake.
-  # A flake can have many use cases and different types of outputs,
-  # parameters in `outputs` are defined in `inputs` and can be referenced by their names.
-  # However, `self` is an exception, this special parameter points to the `outputs` itself (self-reference)
-  # The `@` syntax here is used to alias the attribute set of the inputs's parameter, making it convenient to use inside the function.
-  outputs = inputs @ {
-    self,
-    nixpkgs,
-    pre-commit-hooks,
-    ...
-  }: let
-    constants = import ./constants.nix;
-
-    # `lib.genAttrs [ "foo" "bar" ] (name: "x_" + name)` => `{ foo = "x_foo"; bar = "x_bar"; }`
-    forEachSystem = func: (nixpkgs.lib.genAttrs constants.allSystems func);
-
-    allSystemConfigurations = import ./systems {inherit self inputs constants;};
-  in
-    allSystemConfigurations
-    // {
-      # format the nix code in this flake
-      # alejandra is a nix formatter with a beautiful output
-      formatter = forEachSystem (
-        system: nixpkgs.legacyPackages.${system}.alejandra
-      );
-
-      # pre-commit hooks for nix code
-      checks = forEachSystem (
-        system: {
-          pre-commit-check = pre-commit-hooks.lib.${system}.run {
-            src = ./.;
-            hooks = {
-              alejandra.enable = true; # formatter
-              # deadnix.enable = true; # detect unused variable bindings in `*.nix`
-              statix.enable = true; # lints and suggestions for Nix code(auto suggestions)
-              prettier = {
-                enable = true;
-                excludes = [".js" ".md" ".ts"];
-              };
-            };
-          };
-        }
-      );
-      devShells = forEachSystem (
-        system: {
-          default = nixpkgs.legacyPackages.${system}.mkShell {
-            packages = [
-              # fix https://discourse.nixos.org/t/non-interactive-bash-errors-from-flake-nix-mkshell/33310
-              nixpkgs.legacyPackages.${system}.bashInteractive
-            ];
-            name = "dots";
-            shellHook = ''
-              ${self.checks.${system}.pre-commit-check.shellHook}
-            '';
-          };
-        }
-      );
-    };
+  outputs = inputs: import ./outputs inputs;
 
   # the nixConfig here only affects the flake itself, not the system configuration!
   # for more information, see:
-  #     https://nixos-and-flakes.thiscute.world/nixos-with-flakes/add-custom-cache-servers
+  #     https://nixos-and-flakes.thiscute.world/nix-store/add-binary-cache-servers
   nixConfig = {
     # substituers will be appended to the default substituters when fetching packages
     extra-substituters = [
-      "https://anyrun.cachix.org"
-      "https://hyprland.cachix.org"
+      # "https://nix-gaming.cachix.org"
       # "https://nixpkgs-wayland.cachix.org"
+      # "https://install.determinate.systems"
     ];
     extra-trusted-public-keys = [
-      "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
-      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+      # "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
       # "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
+      # "cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM="
     ];
   };
 
@@ -90,23 +33,31 @@
     # There are many ways to reference flake inputs. The most widely used is github:owner/name/reference,
     # which represents the GitHub repository URL + branch/commit-id/tag.
 
-    # Official NixOS package source, using nixos's stable branch by default
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
-    # nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+    # Official NixOS package source, using nixos's unstable branch by default
+    # Find git commit hash with build status here(3 jobs per day):
+    # https://hydra.nixos.org/jobset/nixpkgs/unstable
+    # update via nix flake update nixpkgs --override-input nixpkgs github:NixOS/nixpkgs/<commit-hash>
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11";
+    nixpkgs-2505.url = "github:nixos/nixpkgs/nixos-25.05";
+
+    # nixpkgs with some custom patches
+    nixpkgs-patched.url = "github:ryan4yin/nixpkgs/nixos-unstable-patched";
+    # get some latest packages from the master branch
+    nixpkgs-master.url = "github:nixos/nixpkgs/master";
 
     # for macos
-    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-23.11-darwin";
+    # nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-25.11-darwin";
+    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-unstable";
     nix-darwin = {
       url = "github:lnl7/nix-darwin";
       inputs.nixpkgs.follows = "nixpkgs-darwin";
     };
-    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
 
     # home-manager, used for managing user configuration
     home-manager = {
-      url = "github:nix-community/home-manager/release-23.11";
-      # url = "github:nix-community/home-manager/master";
+      url = "github:nix-community/home-manager/master";
+      # url = "github:nix-community/home-manager/release-25.11";
 
       # The `follows` keyword in inputs is used for inheritance.
       # Here, `inputs.nixpkgs` of home-manager is kept consistent with the `inputs.nixpkgs` of the current flake,
@@ -114,24 +65,19 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    # https://github.com/catppuccin/nix
+    catppuccin = {
+      url = "github:catppuccin/nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     lanzaboote = {
-      url = "github:nix-community/lanzaboote/v0.3.0";
+      url = "github:nix-community/lanzaboote/v0.4.3";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    impermanence.url = "github:nix-community/impermanence";
-
-    hyprland = {
-      url = "github:hyprwm/Hyprland/v0.33.1";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    # community wayland nixpkgs
-    # nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
-    # anyrun - a wayland launcher
-    anyrun = {
-      url = "github:Kirottu/anyrun";
-      inputs.nixpkgs.follows = "nixpkgs";
+    preservation = {
+      url = "github:nix-community/preservation";
     };
 
     # generate iso/qcow2/docker/... image from nixos configuration
@@ -141,36 +87,76 @@
     };
     # secrets management
     agenix = {
-      # lock with git commit at 0.14.0
-      url = "github:ryantm/agenix/54693c91d923fecb4cf04c4535e3d84f8dec7919";
+      # lock with git commit at May 18, 2025
+      url = "github:ryantm/agenix/4835b1dc898959d8547a871ef484930675cb47f1";
       # replaced with a type-safe reimplementation to get a better error message and less bugs.
       # url = "github:ryan4yin/ragenix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    # add git hooks to format nix code before commit
-    pre-commit-hooks = {
-      url = "github:cachix/pre-commit-hooks.nix";
+    disko = {
+      url = "github:nix-community/disko/v1.11.0";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    nuenv.url = "github:DeterminateSystems/nuenv";
+    # add git hooks to format nix code before commit
+    pre-commit-hooks = {
+      url = "github:cachix/git-hooks.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    nuenv = {
+      url = "github:DeterminateSystems/nuenv";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    haumea = {
+      url = "github:nix-community/haumea/v0.2.2";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    nixpak = {
+      url = "github:nixpak/nixpak";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    ghostty = {
+      url = "github:ghostty-org/ghostty/tip"; # Latest Continuous Release
+    };
+
+    blender-bin = {
+      url = "github:edolstra/nix-warez?dir=blender";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    nixos-apple-silicon = {
+      # asahi-6.17.7-2
+      url = "github:nix-community/nixos-apple-silicon";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    helix = {
+      # Helix with steel as plugin system
+      # https://github.com/helix-editor/helix/pull/8675
+      url = "github:mattwparas/helix/steel-event-system";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    # -------------- Gaming ---------------------
+
+    nix-gaming = {
+      url = "github:fufexan/nix-gaming";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    aagl = {
+      url = "github:ezKEa/aagl-gtk-on-nix/release-25.11";
+      # inputs.nixpkgs.follows = "nixpkgs";
+    };
 
     ########################  Some non-flake repositories  #########################################
 
-    # AstroNvim is an aesthetic and feature-rich neovim config.
-    astronvim = {
-      url = "github:AstroNvim/AstroNvim/v3.40.3";
-      flake = false;
-    };
-    # doom-emacs is a configuration framework for GNU Emacs.
-    doomemacs = {
-      url = "github:doomemacs/doomemacs";
-      flake = false;
-    };
-
-    polybar-themes = {
-      url = "github:adi1090x/polybar-themes";
+    nu_scripts = {
+      url = "github:ryan4yin/nu_scripts";
       flake = false;
     };
 
@@ -183,6 +169,11 @@
       flake = false;
     };
 
+    my-asahi-firmware = {
+      url = "git+ssh://git@github.com/ryan4yin/asahi-firmware.git?shallow=1";
+      flake = false;
+    };
+
     # my wallpapers
     wallpapers = {
       url = "github:ryan4yin/wallpapers";
@@ -191,14 +182,10 @@
 
     nur-ryan4yin = {
       url = "github:ryan4yin/nur-packages";
-      # inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    # riscv64 SBCs
-    nixos-licheepi4a.url = "github:ryan4yin/nixos-licheepi4a";
-    # nixos-jh7110.url = "github:ryan4yin/nixos-jh7110";
-
-    # aarch64 SBCs
-    nixos-rk3588.url = "github:ryan4yin/nixos-rk3588";
+    # for waydroid
+    # nur-ataraxiasjel.url = "github:AtaraxiaSjel/nur";
   };
 }

hardening/README.md

@@ -0,0 +1,115 @@
+# Linux Hardening
+
+> Work in progress.
+
+## Goal
+
+- **System Level**: Protect critical files from being accessed by untrusted applications.
+  1. Such as browser cookies, SSH keys, etc.
+- **Per-App Level**: Prevent untrusted applications(such as closed-source apps) from:
+  1. Accessing files they shouldn't.
+     - Such as a malicious application accessing your browser's cookies, SSH Keys, etc.
+  1. Accessing the network when they don't need to.
+  1. Accessing hardware devices they don't need.
+
+## Current Structure
+
+### 1. **System Level**
+
+- **AppArmor** (`apparmor/`): AppArmor profiles and configuration
+- **Kernel & System Hardening** (`profiles/`): System-wide hardening profiles
+
+### 2. **Per-App Level**
+
+- **Nixpak** (`nixpaks/`): Bubblewrap-based sandboxing for applications
+  - Firefox configuration
+  - QQ (Chinese messaging app) configuration
+  - Modular system with reusable components
+- **Firejail** (legacy): SUID-based sandboxing (not used)
+- **Bubblewrap** (`bwraps/`): Direct bubblewrap configurations
+  - WeChat sandboxing configuration
+
+## Current Implementation Status
+
+| Component         | Status    | Notes                          |
+| ----------------- | --------- | ------------------------------ |
+| AppArmor Profiles | 🚧 WIP    | Basic structure in place       |
+| Nixpak Firefox    | ✅ Active | Firefox sandboxing via nixpak  |
+| Nixpak QQ         | ✅ Active | QQ application sandboxing      |
+| Bubblewrap WeChat | ✅ Active | WeChat specific sandboxing     |
+| System Profiles   | 🚧 WIP    | Hardened system configurations |
+
+## Directory Structure
+
+```
+hardening/
+├── README.md
+├── apparmor/           # AppArmor security profiles
+│   └── default.nix
+├── bwraps/            # Direct bubblewrap configurations
+│   ├── default.nix
+│   └── wechat.nix
+├── nixpaks/           # Nixpak application sandboxing
+│   ├── default.nix
+│   ├── firefox.nix
+│   ├── qq.nix
+│   └── modules/       # Reusable nixpak modules
+│       ├── gui-base.nix
+│       └── network.nix
+└── profiles/          # System hardening profiles
+    └── default.nix
+```
+
+## Kernel Hardening
+
+- NixOS Kernel Config:
+  https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/os-specific/linux/kernel/hardened/config.nix
+
+## System Hardening
+
+- NixOS Profile:
+  https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/profiles/hardened.nix
+- Apparmor: [roddhjav/apparmor.d](https://github.com/roddhjav/apparmor.d)
+  - https://gitlab.com/apparmor/apparmor/-/wikis/Documentation
+  - AppArmor.d is a set of over 1500 AppArmor profiles whose aim is to confine most Linux based
+    applications and processes.
+  - But all the profiles of AppArmor assume a FHS filesystem, which caused all apparmor policies
+    takes no effect on NixOS.
+  - Apparmor on NixOS Roadmap:
+    - https://discourse.nixos.org/t/apparmor-on-nixos-roadmap/57217
+    - https://github.com/LordGrimmauld/aa-alias-manager
+- SELinux: too complex, not recommended for personal use.
+
+## Application Sandboxing
+
+- [Bubblewrap](https://github.com/containers/bubblewrap):
+  [nixpak](https://github.com/nixpak/nixpak), more secure than firejail, but no batteries included.
+  - NixOS's FHSEnv is implemented using bubblewrap by default.
+- [Firejail](https://github.com/netblue30/firejail/tree/master/etc): A SUID security sandbox with
+  hundreds of security profiles for many common applications in the default installation.
+  - https://wiki.nixos.org/wiki/Firejail
+  - Firejail needs SUID to work, which is considered a security risk -
+    [Does firejail improve the security of my system?](https://github.com/netblue30/firejail/discussions/4601)
+- [Systemd/Hardening](https://wiki.nixos.org/wiki/Systemd/Hardening): Systemd also provides some
+  sandboxing features.
+
+## NOTE
+
+**Running untrusted code is never safe, kernel hardening & sandboxing cannot change this**.
+
+If you want to run untrusted code, please use a VM & an isolated network environment, which will
+provide a much higher level of security.
+
+## References
+
+- [Harden your NixOS workstation - dataswamp](https://dataswamp.org/~solene/2022-01-13-nixos-hardened.html)
+- [Linux Insecurities - Madaidans](https://madaidans-insecurities.github.io/linux.html)
+- [Sandboxing all programs by default - NixOS Discourse](https://discourse.nixos.org/t/sandboxing-all-programs-by-default/7792)
+- [Paranoid NixOS Setup - xeiaso](https://xeiaso.net/blog/paranoid-nixos-2021-07-18/)
+- [nix-mineral](https://github.com/cynicsketch/nix-mineral): NixOS module for convenient system
+  hardening.
+- apparmor configs:
+  - https://github.com/zramctl/dotfiles/blob/4fe177f6984154960942bb47d5a375098ec6ed6a/modules/nixos/security/apparmor.nix#L4
+  - https://git.grimmauld.de/Grimmauld/grimm-nixos-laptop/src/branch/main/hardening
+- Others:
+  - Directly via `buildFHSUserEnvBubblewrap`:

hardening/apparmor/default.nix

@@ -0,0 +1,59 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+{
+  services.dbus.apparmor = "enabled";
+  security.apparmor = {
+    enable = true;
+
+    # kill process that are not confined but have apparmor profiles enabled
+    killUnconfinedConfinables = true;
+    packages = with pkgs; [
+      apparmor-utils
+      apparmor-profiles
+    ];
+
+    # apparmor policies
+    policies = {
+      "default_deny" = {
+        enforce = false;
+        enable = false;
+        profile = ''
+          profile default_deny /** { }
+        '';
+      };
+
+      "sudo" = {
+        enforce = false;
+        enable = false;
+        profile = ''
+          ${pkgs.sudo}/bin/sudo {
+            file /** rwlkUx,
+          }
+        '';
+      };
+
+      "nix" = {
+        enforce = false;
+        enable = false;
+        profile = ''
+          ${config.nix.package}/bin/nix {
+            unconfined,
+          }
+        '';
+      };
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    apparmor-bin-utils
+    apparmor-profiles
+    apparmor-parser
+    libapparmor
+    apparmor-kernel-patches
+    apparmor-pam
+    apparmor-utils
+  ];
+}

hardening/bwraps/default.nix

@@ -0,0 +1,9 @@
+{
+  nixpkgs.overlays = [
+    (_: super: {
+      bwraps = {
+        wechat = super.callPackage ./wechat.nix { };
+      };
+    })
+  ];
+}

hardening/bwraps/wechat.nix

@@ -0,0 +1,101 @@
+# - wechat's flatpak manifest: https://github.com/flathub/com.tencent.WeChat/blob/master/com.tencent.WeChat.yaml
+# Refer:
+# - Flatpak manifest's docs:
+#   - https://docs.flatpak.org/en/latest/manifests.html
+#   - https://docs.flatpak.org/en/latest/sandbox-permissions.html
+#
+# TODO Since appimageTools.wrapAppImage do not support overriding, I have to pack this package myself.
+# https://github.com/NixOS/nixpkgs/pull/358977
+{
+  appimageTools,
+  fetchurl,
+  stdenvNoCC,
+}:
+let
+  pname = "wechat";
+  # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/we/wechat/package.nix
+  sources = {
+    aarch64-linux = {
+      version = "4.1.0.13";
+      src = fetchurl {
+        # url = "https://web.archive.org/web/20251209092116if_/https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_arm64.AppImage";
+        url = "https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_arm64.AppImage";
+        hash = "sha256-/d5crM6IGd0k0fSlBSQx4TpIVX/8iib+an0VMkWMNdw=";
+      };
+    };
+    x86_64-linux = {
+      version = "4.1.0.13";
+      src = fetchurl {
+        # url = "https://web.archive.org/web/20251219062558if_/https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_x86_64.AppImage";
+        url = "https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_x86_64.AppImage";
+        hash = "sha256-+r5Ebu40GVGG2m2lmCFQ/JkiDsN/u7XEtnLrB98602w=";
+      };
+    };
+  };
+
+  inherit (stdenvNoCC.hostPlatform) system;
+  inherit (sources.${system} or (throw "Unsupported system: ${system}")) version src;
+
+  # https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/we/wechat/linux.nix
+  appimageContents = appimageTools.extract {
+    inherit pname version src;
+    postExtract = ''
+      patchelf --replace-needed libtiff.so.5 libtiff.so $out/opt/wechat/wechat
+    '';
+  };
+in
+appimageTools.wrapAppImage {
+  inherit pname version;
+
+  src = appimageContents;
+
+  extraInstallCommands = ''
+    mkdir -p $out/share/applications
+    cp ${appimageContents}/wechat.desktop $out/share/applications/
+    mkdir -p $out/share/pixmaps
+    cp ${appimageContents}/wechat.png $out/share/pixmaps/
+
+    substituteInPlace $out/share/applications/wechat.desktop --replace-fail AppRun wechat
+  '';
+
+  # Add these root paths to FHS sandbox to prevent WeChat from accessing them by default
+  # Adapted from https://aur.archlinux.org/cgit/aur.git/tree/wechat-universal.sh?h=wechat-universal-bwrap
+  extraPreBwrapCmds = ''
+    XDG_DOCUMENTS_DIR="''${XDG_DOCUMENTS_DIR:-$(xdg-user-dir DOCUMENTS)}"
+    if [[ -z "''${XDG_DOCUMENTS_DIR}" ]]; then
+        echo 'Error: Failed to get XDG_DOCUMENTS_DIR, refuse to continue'
+        exit 1
+    fi
+
+    WECHAT_DATA_DIR="''${XDG_DOCUMENTS_DIR}/WeChat_Data"
+
+    # Using ''${WECHAT_DATA_DIR} as Wechat Data folder
+    WECHAT_HOME_DIR="''${WECHAT_DATA_DIR}/home"
+    WECHAT_FILES_DIR="''${WECHAT_DATA_DIR}/xwechat_files"
+
+    mkdir -p "''${WECHAT_FILES_DIR}"
+    mkdir -p "''${WECHAT_HOME_DIR}"
+    ln -snf "''${WECHAT_FILES_DIR}" "''${WECHAT_HOME_DIR}/xwechat_files"
+  '';
+  extraBwrapArgs = [
+    "--tmpfs /home"
+    "--tmpfs /root"
+    # format: --bind <host-path> <sandbox-path>
+    "--bind \${WECHAT_HOME_DIR} \${HOME}"
+    "--bind \${WECHAT_FILES_DIR} \${WECHAT_FILES_DIR}"
+    "--chdir \${HOME}"
+    # wechat-universal only supports xcb
+    "--setenv QT_QPA_PLATFORM xcb"
+    "--setenv QT_AUTO_SCREEN_SCALE_FACTOR 1"
+    # use fcitx as IME
+    "--setenv QT_IM_MODULE fcitx"
+    "--setenv GTK_IM_MODULE fcitx"
+  ];
+  chdirToPwd = false;
+  unshareNet = false;
+  unshareIpc = true;
+  unsharePid = true;
+  unshareUts = true;
+  unshareCgroup = true;
+  privateTmp = true;
+}

hardening/nixpaks/default.nix

@@ -0,0 +1,31 @@
+{
+  pkgs,
+  pkgs-master,
+  nixpak,
+  ...
+}:
+let
+  callArgs = {
+    mkNixPak = nixpak.lib.nixpak {
+      inherit (pkgs) lib;
+      inherit pkgs;
+    };
+    safeBind = sloth: realdir: mapdir: [
+      (sloth.mkdir (sloth.concat' sloth.appDataDir realdir))
+      (sloth.concat' sloth.homeDir mapdir)
+    ];
+  };
+  wrapper = _pkgs: path: (_pkgs.callPackage path callArgs);
+in
+{
+  # Add nixpaked Apps into nixpkgs, and reference them in home-manager or other nixos modules
+  nixpkgs.overlays = [
+    (_: super: {
+      nixpaks = {
+        qq = wrapper pkgs-master ./qq.nix;
+        telegram-desktop = wrapper super ./telegram-desktop.nix;
+        firefox = wrapper super ./firefox.nix;
+      };
+    })
+  ];
+}

hardening/nixpaks/firefox.nix

@@ -0,0 +1,127 @@
+# Refer:
+# - Flatpak manifest's docs:
+#   - https://docs.flatpak.org/en/latest/manifests.html
+#   - https://docs.flatpak.org/en/latest/sandbox-permissions.html
+# - Firefox's flatpak manifest: https://hg.mozilla.org/mozilla-central/file/tip/taskcluster/docker/firefox-flatpak/runme.sh#l151
+{
+  lib,
+  firefox,
+  mkNixPak,
+  buildEnv,
+  makeDesktopItem,
+  ...
+}:
+
+let
+  appId = "org.mozilla.firefox";
+  wrapped = mkNixPak {
+    config =
+      {
+        config,
+        sloth,
+        ...
+      }:
+      {
+        app = {
+          package = firefox;
+          binPath = "bin/firefox";
+        };
+        flatpak.appId = appId;
+
+        imports = [
+          ./modules/gui-base.nix
+          ./modules/network.nix
+          ./modules/common.nix
+        ];
+
+        bubblewrap = {
+          # To trace all the home files Firefox accesses, you can use the following nushell command:
+          #   just trace-access firefox
+          # See the Justfile in the root of this repository for more information.
+          bind.rw = [
+            # given the read write permission to the following directories.
+            # NOTE: sloth.mkdir is used to create the directory if it does not exist!
+            (sloth.mkdir (sloth.concat' sloth.homeDir "/.mozilla"))
+
+            sloth.xdgDocumentsDir
+            sloth.xdgDownloadDir
+            sloth.xdgMusicDir
+            sloth.xdgVideosDir
+            sloth.xdgPicturesDir
+          ];
+          bind.ro = [
+            "/sys/bus/pci"
+            [
+              "${config.app.package}/lib/firefox"
+              "/app/etc/firefox"
+            ]
+
+            # ================ for browserpass extension ===============================
+            "/etc/gnupg"
+            (sloth.concat' sloth.homeDir "/.gnupg") # gpg's config
+            (sloth.concat' sloth.homeDir "/.local/share/password-store") # my secrets
+            (sloth.concat' sloth.runtimeDir "/gnupg") # for access gpg-agent socket
+
+            # Unsure
+            (sloth.concat' sloth.xdgConfigHome "/dconf")
+          ];
+
+          sockets = {
+            x11 = false;
+            wayland = true;
+            pipewire = true;
+          };
+        };
+      };
+  };
+  exePath = lib.getExe wrapped.config.script;
+in
+buildEnv {
+  inherit (wrapped.config.script) name meta passthru;
+  paths = [
+    wrapped.config.script
+    (makeDesktopItem {
+      name = appId;
+      desktopName = "Firefox";
+      genericName = "Firefox Boxed";
+      comment = "Firefox Browser";
+      exec = "${exePath} %U";
+      terminal = false;
+      icon = "firefox";
+      startupNotify = true;
+      startupWMClass = "firefox";
+      type = "Application";
+      categories = [
+        "Network"
+        "WebBrowser"
+      ];
+      mimeTypes = [
+        "text/html"
+        "text/xml"
+        "application/xhtml+xml"
+        "application/vnd.mozilla.xul+xml"
+        "x-scheme-handler/http"
+        "x-scheme-handler/https"
+      ];
+
+      actions = {
+        new-private-window = {
+          name = "New Private Window";
+          exec = "${exePath} --private-window %U";
+        };
+        new-window = {
+          name = "New Window";
+          exec = "${exePath} --new-window %U";
+        };
+        profile-manager-window = {
+          name = "Profile Manager";
+          exec = "${exePath} --ProfileManager";
+        };
+      };
+
+      extraConfig = {
+        X-Flatpak = appId;
+      };
+    })
+  ];
+}

hardening/nixpaks/modules/common.nix

@@ -0,0 +1,234 @@
+# https://github.com/mnixry/nixos-config/blob/74913c2b90d06e31170bbbaa0074f915721da224/desktop/packages/nixpaks-common.nix
+# https://github.com/Kraftland/portable/blob/09c4a4227538a3f42de208a6ecbdc938ac9c00dd/portable.sh
+# https://flatpak.github.io/xdg-desktop-portal/docs/api-reference.html
+{
+  lib,
+  sloth,
+  config,
+  ...
+}:
+let
+  inherit (config.flatpak) appId;
+in
+{
+  config = {
+    # list all dbus services:
+    #   ls -al /run/current-system/sw/share/dbus-1/services/
+    #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
+    dbus = {
+      # `--see`: The bus name can be enumerated by the application.
+      # `--talk`: The application can send messages to, and receive replies and signals from, the bus name.
+      # `--own`: The application can own the bus name
+      policies = {
+        "${appId}" = "own";
+        "${appId}.*" = "own";
+        "org.freedesktop.DBus" = "talk";
+        "ca.desrt.dconf" = "talk";
+        "org.freedesktop.appearance" = "talk";
+        "org.freedesktop.appearance.*" = "talk";
+      }
+      // (builtins.listToAttrs (
+        map (id: lib.nameValuePair "org.kde.StatusNotifierItem-${toString id}-1" "own") (
+          lib.lists.range 2 29
+        )
+      ))
+      // {
+        # --- MPRIS Media Control ---
+        # Allows the app to register as a media player. These are derived from the appID.
+        "org.mpris.MediaPlayer2.${appId}" = "own";
+        "org.mpris.MediaPlayer2.${appId}.*" = "own";
+        "org.mpris.MediaPlayer2.${lib.lists.last (lib.strings.splitString "." appId)}" = "own";
+        "org.mpris.MediaPlayer2.${lib.lists.last (lib.strings.splitString "." appId)}.*" = "own";
+
+        # --- General Desktop Integration ---
+        "com.canonical.AppMenu.Registrar" = "talk"; # For Ubuntu AppMenu
+        "org.freedesktop.FileManager1" = "talk";
+        "org.freedesktop.Notifications" = "talk";
+        "org.kde.StatusNotifierWatcher" = "talk";
+        "org.gnome.Shell.Screencast" = "talk";
+
+        # --- Accessibility (a11y) 无障碍服务 ---
+        "org.a11y.Bus" = "see";
+
+        # --- Portal Access ---
+        # "org.freedesktop.portal.*" = "talk";
+        "org.freedesktop.portal.Documents" = "talk";
+        "org.freedesktop.portal.FileTransfer" = "talk";
+        "org.freedesktop.portal.FileTransfer.*" = "talk";
+        "org.freedesktop.portal.Notification" = "talk";
+        "org.freedesktop.portal.OpenURI" = "talk";
+        "org.freedesktop.portal.OpenURI.OpenFile" = "talk";
+        "org.freedesktop.portal.OpenURI.OpenURI" = "talk";
+        "org.freedesktop.portal.Print" = "talk";
+        "org.freedesktop.portal.Request" = "see";
+
+        # --- Input Method Portals ---
+        "org.freedesktop.portal.Fcitx" = "talk";
+        "org.freedesktop.portal.Fcitx.*" = "talk";
+        "org.freedesktop.portal.IBus" = "talk";
+        "org.freedesktop.portal.IBus.*" = "talk";
+      };
+      # '--call' rules permit specific method calls on D-Bus interfaces.
+      rules.call = {
+        # --- Accessibility (a11y) 无障碍服务 ---
+        "org.a11y.Bus" = [
+          "org.a11y.Bus.GetAddress@/org/a11y/bus"
+          "org.freedesktop.DBus.Properties.Get@/org/a11y/bus"
+        ];
+
+        # --- General Portal Rules ---
+        "org.freedesktop.FileManager1" = [ "*" ];
+        "org.freedesktop.Notifications.*" = [ "*" ];
+        "org.freedesktop.portal.Documents" = [ "*" ];
+        "org.freedesktop.portal.FileTransfer" = [ "*" ];
+        "org.freedesktop.portal.FileTransfer.*" = [ "*" ];
+        "org.freedesktop.portal.Fcitx" = [ "*" ];
+        "org.freedesktop.portal.Fcitx.*" = [ "*" ];
+        "org.freedesktop.portal.IBus" = [ "*" ];
+        "org.freedesktop.portal.IBus.*" = [ "*" ];
+        "org.freedesktop.portal.Notification" = [ "*" ];
+        "org.freedesktop.portal.OpenURI" = [ "*" ];
+        "org.freedesktop.portal.OpenURI.OpenFile" = [ "*" ];
+        "org.freedesktop.portal.OpenURI.OpenURI" = [ "*" ];
+        "org.freedesktop.portal.Print" = [ "*" ];
+        "org.freedesktop.portal.Request" = [ "*" ];
+
+        # --- Main Desktop Portal Interface ---
+        # A comprehensive list of permissions for interacting with the desktop environment.
+        "org.freedesktop.portal.Desktop" = [
+          # Properties & Settings
+          "org.freedesktop.DBus.Properties.GetAll"
+          "org.freedesktop.DBus.Properties.Get@/org/freedesktop/portal/desktop"
+          "org.freedesktop.portal.Session.Close"
+          "org.freedesktop.portal.Settings.ReadAll"
+          "org.freedesktop.portal.Settings.Read"
+          "org.freedesktop.portal.Account.GetUserInformation"
+
+          # Network & Proxy
+          "org.freedesktop.portal.NetworkMonitor"
+          "org.freedesktop.portal.NetworkMonitor.*"
+          "org.freedesktop.portal.ProxyResolver.Lookup"
+          "org.freedesktop.portal.ProxyResolver.Lookup.*"
+
+          # Screenshot / Screen Capture & Sharing
+          "org.freedesktop.portal.ScreenCast"
+          "org.freedesktop.portal.ScreenCast.*"
+          "org.freedesktop.portal.Screenshot"
+          "org.freedesktop.portal.Screenshot.Screenshot"
+
+          # Device Access(Camera / USB)
+          "org.freedesktop.portal.Camera"
+          "org.freedesktop.portal.Camera.*"
+          "org.freedesktop.portal.Usb"
+          "org.freedesktop.portal.Usb.*"
+
+          # Remote Desktop
+          "org.freedesktop.portal.RemoteDesktop"
+          "org.freedesktop.portal.RemoteDesktop.*"
+
+          # File Operations
+          "org.freedesktop.portal.Documents"
+          "org.freedesktop.portal.Documents.*"
+          "org.freedesktop.portal.FileChooser"
+          "org.freedesktop.portal.FileChooser.*"
+          "org.freedesktop.portal.FileTransfer"
+          "org.freedesktop.portal.FileTransfer.*"
+
+          # Notifications & Printing
+          "org.freedesktop.portal.Notification"
+          "org.freedesktop.portal.Notification.*"
+          "org.freedesktop.portal.Print"
+          "org.freedesktop.portal.Print.*"
+
+          # Open/Launch Handlers
+          "org.freedesktop.portal.OpenURI"
+          "org.freedesktop.portal.OpenURI.*"
+          "org.freedesktop.portal.Email.ComposeEmail"
+
+          # Input Methods
+          "org.freedesktop.portal.Fcitx"
+          "org.freedesktop.portal.Fcitx.*"
+          "org.freedesktop.portal.IBus"
+          "org.freedesktop.portal.IBus.*"
+
+          # Secrets (Keyring)
+          "org.freedesktop.portal.Secret"
+          "org.freedesktop.portal.Secret.RetrieveSecret"
+
+          # Get/Update GlobalShortcuts
+          # "org.freedesktop.portal.GlobalShortcuts"
+          # "org.freedesktop.portal.GlobalShortcuts.*"
+
+          # -- get the user's location
+          # "org.freedesktop.portal.Location"
+          # "org.freedesktop.portal.Location.*"
+
+          # -- inhibit the user session from ending, suspending, idling or getting switched away.
+          "org.freedesktop.portal.Inhibit"
+          "org.freedesktop.portal.Inhibit.*"
+
+          # Generic Request Fallback
+          "org.freedesktop.portal.Request"
+        ];
+      };
+
+      # 'broadcast' rules permit receiving signals from D-Bus names.
+      rules.broadcast = {
+        "org.freedesktop.portal.*" = [ "@/org/freedesktop/portal/*" ];
+      };
+      args = [
+        "--filter"
+        "--sloppy-names"
+        "--log"
+      ];
+    };
+
+    etc.sslCertificates.enable = true;
+    bubblewrap = {
+      network = lib.mkDefault true;
+      sockets = {
+        wayland = true;
+        pulse = true;
+      };
+
+      bind.rw = with sloth; [
+        [
+          (mkdir appDataDir)
+          xdgDataHome
+        ]
+        [
+          (mkdir appConfigDir)
+          xdgConfigHome
+        ]
+        [
+          (mkdir appCacheDir)
+          xdgCacheHome
+        ]
+
+        (sloth.concat [
+          sloth.runtimeDir
+          "/"
+          (sloth.envOr "WAYLAND_DISPLAY" "no")
+        ])
+        (sloth.concat' sloth.runtimeDir "/at-spi/bus")
+        (sloth.concat' sloth.runtimeDir "/gvfsd")
+        (sloth.concat' sloth.runtimeDir "/dconf")
+
+        (sloth.concat' sloth.xdgCacheHome "/fontconfig")
+        (sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache")
+        (sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache_db")
+        (sloth.concat' sloth.xdgCacheHome "/radv_builtin_shaders")
+      ];
+      bind.ro = [
+        (sloth.concat' sloth.runtimeDir "/doc")
+        (sloth.concat' sloth.xdgConfigHome "/kdeglobals")
+        (sloth.concat' sloth.xdgConfigHome "/gtk-2.0")
+        (sloth.concat' sloth.xdgConfigHome "/gtk-3.0")
+        (sloth.concat' sloth.xdgConfigHome "/gtk-4.0")
+        (sloth.concat' sloth.xdgConfigHome "/fontconfig")
+        (sloth.concat' sloth.xdgConfigHome "/dconf")
+      ];
+      bind.dev = [ "/dev/shm" ] ++ (map (id: "/dev/video${toString id}") (lib.lists.range 0 9));
+    };
+  };
+}

hardening/nixpaks/modules/gui-base.nix

@@ -0,0 +1,102 @@
+# https://github.com/nixpak/pkgs/blob/master/pkgs/modules/gui-base.nix
+{
+  config,
+  lib,
+  pkgs,
+  sloth,
+  ...
+}:
+let
+  envSuffix = envKey: suffix: sloth.concat' (sloth.env envKey) suffix;
+  # cursor & icon's theme should be the same as the host's one.
+  cursorTheme = pkgs.bibata-cursors;
+  iconTheme = pkgs.papirus-icon-theme;
+in
+{
+  config = {
+    dbus.policies = {
+      "${config.flatpak.appId}" = "own";
+      # we add other policies in ./common.nix
+    };
+    # https://github.com/nixpak/nixpak/blob/master/modules/gpu.nix
+    # 1. bind readonly - /run/opengl-driver
+    # 2. bind device   - /dev/dri
+    gpu = {
+      enable = lib.mkDefault true;
+      provider = "nixos";
+      bundlePackage = pkgs.mesa.drivers; # for amd & intel
+    };
+    # https://github.com/nixpak/nixpak/blob/master/modules/gui/fonts.nix
+    # it works not well, bind system's /etc/fonts directly instead
+    fonts.enable = false;
+    # https://github.com/nixpak/nixpak/blob/master/modules/locale.nix
+    locale.enable = true;
+    bubblewrap = {
+      network = lib.mkDefault false;
+      bind.rw = [
+        [
+          (envSuffix "HOME" "/.var/app/${config.flatpak.appId}/cache")
+          sloth.xdgCacheHome
+        ]
+        (sloth.concat' sloth.xdgCacheHome "/fontconfig")
+        (sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache")
+
+        (sloth.concat [
+          (sloth.env "XDG_RUNTIME_DIR")
+          "/"
+          (sloth.envOr "WAYLAND_DISPLAY" "no")
+        ])
+
+        (envSuffix "XDG_RUNTIME_DIR" "/at-spi/bus")
+        (envSuffix "XDG_RUNTIME_DIR" "/gvfsd")
+        (envSuffix "XDG_RUNTIME_DIR" "/pulse")
+
+        "/run/dbus"
+      ];
+      bind.ro = [
+        (envSuffix "XDG_RUNTIME_DIR" "/doc")
+        (sloth.concat' sloth.xdgConfigHome "/gtk-2.0")
+        (sloth.concat' sloth.xdgConfigHome "/gtk-3.0")
+        (sloth.concat' sloth.xdgConfigHome "/gtk-4.0")
+        (sloth.concat' sloth.xdgConfigHome "/fontconfig")
+
+        "/etc/fonts" # for fontconfig
+        "/etc/localtime" # this is a symlink to /etc/zoneinfo/xxx
+        "/etc/zoneinfo"
+
+        # Fix: libEGL warning: egl: failed to create dri2 screen
+        "/etc/egl"
+        "/etc/static/egl"
+      ];
+      bind.dev = [
+        "/dev/shm" # Shared Memory
+
+        # seems required when using nvidia as primary gpu
+        "/dev/nvidia0"
+        "/dev/nvidiactl"
+        "/dev/nvidia-modeset"
+        "/dev/nvidia-uvm"
+      ];
+
+      tmpfs = [
+        "/tmp"
+      ];
+
+      env = {
+        XDG_DATA_DIRS = lib.mkForce (
+          lib.makeSearchPath "share" [
+            iconTheme
+            cursorTheme
+            pkgs.shared-mime-info
+          ]
+        );
+        XCURSOR_PATH = lib.mkForce (
+          lib.concatStringsSep ":" [
+            "${cursorTheme}/share/icons"
+            "${cursorTheme}/share/pixmaps"
+          ]
+        );
+      };
+    };
+  };
+}

hardening/nixpaks/modules/network.nix

@@ -0,0 +1,8 @@
+# https://github.com/nixpak/pkgs/blob/master/pkgs/modules/network.nix
+{
+  etc.sslCertificates.enable = true;
+  bubblewrap = {
+    bind.ro = [ "/etc/resolv.conf" ];
+    network = true;
+  };
+}

hardening/nixpaks/qq.nix

@@ -0,0 +1,79 @@
+# Refer:
+# - Flatpak manifest's docs:
+#   - https://docs.flatpak.org/en/latest/manifests.html
+#   - https://docs.flatpak.org/en/latest/sandbox-permissions.html
+# - QQ's flatpak manifest: https://github.com/flathub/com.qq.QQ/blob/master/com.qq.QQ.yaml
+{
+  lib,
+  qq,
+  mkNixPak,
+  buildEnv,
+  makeDesktopItem,
+  ...
+}:
+
+let
+  appId = "com.qq.QQ";
+
+  wrapped = mkNixPak {
+    config =
+      { sloth, ... }:
+      {
+        app = {
+          package = qq;
+          binPath = "bin/qq";
+        };
+        flatpak.appId = appId;
+
+        imports = [
+          ./modules/gui-base.nix
+          ./modules/network.nix
+          ./modules/common.nix
+        ];
+
+        bubblewrap = {
+          # To trace all the home files QQ accesses, you can use the following nushell command:
+          #   just trace-access qq
+          # See the Justfile in the root of this repository for more information.
+          bind.rw = [
+            sloth.xdgDocumentsDir
+            sloth.xdgDownloadDir
+            sloth.xdgMusicDir
+            sloth.xdgVideosDir
+            sloth.xdgPicturesDir
+          ];
+          sockets = {
+            x11 = false;
+            wayland = true;
+            pipewire = true;
+          };
+        };
+      };
+  };
+  exePath = lib.getExe wrapped.config.script;
+in
+buildEnv {
+  inherit (wrapped.config.script) name meta passthru;
+  paths = [
+    wrapped.config.script
+    (makeDesktopItem {
+      name = appId;
+      desktopName = "QQ";
+      genericName = "QQ Boxed";
+      comment = "Tencent QQ, also known as QQ, is an instant messaging software service and web portal developed by the Chinese technology company Tencent.";
+      exec = "${exePath} %U";
+      terminal = false;
+      icon = "${qq}/share/icons/hicolor/512x512/apps/qq.png";
+      startupNotify = true;
+      startupWMClass = "QQ";
+      type = "Application";
+      categories = [
+        "InstantMessaging"
+        "Network"
+      ];
+      extraConfig = {
+        X-Flatpak = appId;
+      };
+    })
+  ];
+}

hardening/nixpaks/telegram-desktop.nix

@@ -0,0 +1,101 @@
+{
+  lib,
+  telegram-desktop,
+  buildEnv,
+  mkNixPak,
+  makeDesktopItem,
+  ...
+}:
+let
+  appId = "org.telegram.desktop";
+  wrapped = mkNixPak {
+    config =
+      { sloth, ... }:
+      {
+        imports = [
+          ./modules/gui-base.nix
+          ./modules/network.nix
+          ./modules/common.nix
+        ];
+        app.package = telegram-desktop;
+        flatpak = {
+          appId = appId;
+        };
+        dbus = {
+          enable = true;
+          policies = {
+            "com.canonical.indicator.application" = "talk";
+            "org.ayatana.indicator.application" = "talk";
+            "org.sigxcpu.Feedback" = "talk";
+          };
+        };
+
+        bubblewrap = {
+          bind.rw = [
+            sloth.xdgDocumentsDir
+            sloth.xdgDownloadDir
+            sloth.xdgMusicDir
+            sloth.xdgVideosDir
+            sloth.xdgPicturesDir
+          ];
+          sockets = {
+            x11 = false;
+            wayland = true;
+            pipewire = true;
+          };
+        };
+      };
+  };
+  exePath = lib.getExe wrapped.config.script;
+in
+buildEnv {
+  inherit (wrapped.config.script) name meta passthru;
+  paths = [
+    wrapped.config.script
+    (makeDesktopItem {
+      name = appId;
+      desktopName = "Telegram";
+      comment = "New era of messaging";
+      tryExec = "${exePath}";
+      exec = "${exePath} -- %u";
+      icon = appId;
+      startupNotify = true;
+      startupWMClass = appId;
+      terminal = false;
+      type = "Application";
+      categories = [
+        "Chat"
+        "Network"
+        "InstantMessaging"
+        "Qt"
+      ];
+      mimeTypes = [
+        "x-scheme-handler/tg"
+        "x-scheme-handler/tonsite"
+      ];
+      keywords = [
+        "tg"
+        "chat"
+        "im"
+        "messaging"
+        "messenger"
+        "sms"
+        "tdesktop"
+      ];
+      actions = {
+        quit = {
+          name = "Quit Telegram";
+          exec = "${exePath} -quit";
+          icon = "application-exit";
+        };
+      };
+      extraConfig = {
+        X-Flatpak = appId;
+        DBusActivatable = "true";
+        SingleMainWindow = "true";
+        X-GNOME-UsesNotifications = "true";
+        X-GNOME-SingleWindow = "true";
+      };
+    })
+  ];
+}

hardening/profiles/default.nix

@@ -0,0 +1,10 @@
+{ modulesPath, ... }:
+{
+  imports = [
+    (modulesPath + "/profiles/hardened.nix")
+  ];
+
+  # disable coredump that could be exploited later
+  # and also slow down the system when something crash
+  systemd.coredump.enable = false;
+}

home/README.md

@@ -1,6 +1,48 @@
 # Home Manager's Submodules
 
-1. `base`: The base module that is suitable for both Linux and macOS.
-2. `linux`: Linux-specific configuration.
-3. `darwin`: macOS-specific configuration.
+This directory contains all Home Manager configurations organized by platform and functionality.
 
+## Current Structure
+
+```
+home/
+├── base/              # Cross-platform home manager configurations
+│   ├── core/          # Essential applications and settings
+│   │   ├── editors/   # Editor configurations (Neovim, Helix)
+│   │   ├── shells/    # Shell configurations (Nushell, Zellij)
+│   │   └── ...
+│   ├── gui/           # GUI applications and desktop settings
+│   │   ├── terminal/  # Terminal emulators (Kitty, Alacritty, etc.)
+│   │   └── ...
+│   ├── tui/           # Terminal/TUI applications
+│   │   ├── editors/   # TUI editors and related tools
+│   │   ├── encryption/ # GPG, password-store, etc.
+│   │   └── ...
+│   └── home.nix       # Main home manager entry point
+├── linux/             # Linux-specific home manager configurations
+│   ├── base/          # Linux base configurations
+│   ├── gui/           # Linux GUI applications
+│   │   ├── niri/      # Niri window manager
+│   │   └── ...
+│   ├── editors/       # Linux-specific editors
+│   └── ...
+└── darwin/            # macOS-specific home manager configurations
+    ├── aerospace/     # macOS window manager
+    ├── proxy/         # Proxy configurations
+    └── ...
+```
+
+## Module Overview
+
+1. **base**: The base module suitable for both Linux and macOS
+   - Cross-platform applications and settings
+   - Shared configurations for editors, shells, and essential tools
+
+2. **linux**: Linux-specific configuration
+   - Desktop environments (Noctalia Shell, Niri compositor)
+   - Linux-specific GUI applications
+   - System integration tools
+
+3. **darwin**: macOS-specific configuration
+   - macOS applications and services
+   - Platform-specific integrations (Aerospace, Squirrel, etc.)

home/base/README.md

@@ -1,6 +1,66 @@
 # Home Manager's Base Submodules
 
-1. `server`: Configuration which is suitable for both servers and desktops.
-1. `desktop`: Configuration for desktop environments, such as Hyprland, I3, etc.
-1. `core.nix`: Minimal home-manager's config
+This directory contains cross-platform base configurations that are shared between Linux and Darwin
+systems.
 
+## Configuration Structure
+
+### Core System
+
+- **core/**: Essential cross-platform configurations
+  - **core.nix**: Minimal home-manager configuration
+  - **shells/**: Shell configurations (bash, zsh, fish, nu)
+  - **editors/**: Text editor configurations
+    - **neovim/**: Neovim with custom plugins and settings
+    - **helix/**: Helix editor configuration
+  - **btop.nix**: System monitoring tools
+  - **git.nix**: Git configuration and aliases
+  - **npm.nix**: Node.js package management
+  - **pip.nix**: Python package management
+  - **starship.nix**: Cross-shell prompt configuration
+  - **theme.nix**: Color schemes and theming
+  - **yazi.nix**: Terminal file manager configuration
+  - **zellij/**: Terminal multiplexer with custom layouts
+
+### Desktop Environment
+
+- **gui/**: Cross-platform GUI applications and configurations
+  - **dev-tools.nix**: Development tools and IDEs
+  - **media.nix**: Media players and utilities
+  - **terminal/**: Terminal emulator configurations
+    - **alacritty/**: Alacritty terminal
+    - **kitty/**: Kitty terminal
+    - **foot/**: Foot terminal (Linux)
+    - **ghostty/**: Ghostty terminal
+
+### Terminal Interface
+
+- **tui/**: Terminal-based interface configurations
+  - **cloud/**: Cloud development tools (Terraform, etc.)
+  - **container.nix**: Container tools (Docker, Podman)
+  - **dev-tools.nix**: Terminal-based development tools
+  - **editors/**: Terminal editor configurations
+  - **encryption/**: Encryption and security tools
+  - **gpg/**: GPG key management
+  - **password-store/**: Password management with pass
+  - **shell.nix**: Shell environment configurations
+  - **ssh/**: SSH configuration and management
+  - **zellij/**: Terminal workspace management
+
+### System Management
+
+- **home.nix**: Main home manager configuration file
+
+## Platform Compatibility
+
+All configurations in this directory are designed to work across:
+
+- **Linux**: All distributions with Nix and Home Manager
+- **macOS**: Darwin systems with Home Manager
+- **WSL**: Windows Subsystem for Linux
+
+## Usage
+
+These base configurations provide the foundation for both Linux and Darwin systems, ensuring
+consistent environments across different platforms while allowing for platform-specific
+customizations.

home/base/core/btop.nix

@@ -0,0 +1,9 @@
+{
+  # replacement of htop/nmon
+  programs.btop = {
+    enable = true;
+    settings = {
+      theme_background = false; # make btop transparent
+    };
+  };
+}

home/base/core/core.nix

@@ -0,0 +1,99 @@
+{ pkgs, ... }:
+{
+  home.packages = with pkgs; [
+    # nix related
+    #
+    # it provides the command `nom` works just like `nix
+    # with more details log output
+    nix-output-monitor
+    hydra-check # check hydra(nix's build farm) for the build status of a package
+    nix-index # A small utility to index nix store paths
+    nix-init # generate nix derivation from url
+    # https://github.com/nix-community/nix-melt
+    nix-melt # A TUI flake.lock viewer
+    # https://github.com/utdemir/nix-tree
+    nix-tree # A TUI to visualize the dependency graph of a nix derivation
+
+    # misc
+    cowsay
+    gnupg
+    caddy # A webserver with automatic HTTPS via Let's Encrypt(replacement of nginx)
+    # A fast and polyglot tool for code searching, linting, rewriting at large scale
+    # supported languages: only some mainstream languages currently(do not support nix/nginx/yaml/toml/...)
+    ast-grep
+
+    # other core cli tools are installed at system-level
+  ];
+
+  # A modern replacement for ‘ls’
+  # useful in bash/zsh prompt, not in nushell.
+  programs.eza = {
+    enable = true;
+    # do not enable aliases in nushell!
+    enableNushellIntegration = false;
+    git = true;
+    icons = "auto";
+  };
+
+  # a cat(1) clone with syntax highlighting and Git integration.
+  programs.bat = {
+    enable = true;
+    config = {
+      pager = "less -FR";
+    };
+  };
+
+  # A command-line fuzzy finder
+  programs.fzf.enable = true;
+
+  # very fast version of tldr in Rust
+  programs.tealdeer = {
+    enable = true;
+    enableAutoUpdates = true;
+    settings = {
+      display = {
+        compact = false;
+        use_pager = true;
+      };
+      updates = {
+        auto_update = false;
+        auto_update_interval_hours = 720;
+      };
+    };
+  };
+
+  # zoxide is a smarter cd command, inspired by z and autojump.
+  # It remembers which directories you use most frequently,
+  # so you can "jump" to them in just a few keystrokes.
+  # zoxide works on all major shells.
+  #
+  #   z foo              # cd into highest ranked directory matching foo
+  #   z foo bar          # cd into highest ranked directory matching foo and bar
+  #   z foo /            # cd into a subdirectory starting with foo
+  #
+  #   z ~/foo            # z also works like a regular cd command
+  #   z foo/             # cd into relative path
+  #   z ..               # cd one level up
+  #   z -                # cd into previous directory
+  #
+  #   zi foo             # cd with interactive selection (using fzf)
+  #
+  #   z foo<SPACE><TAB>  # show interactive completions (zoxide v0.8.0+, bash 4.4+/fish/zsh only)
+  programs.zoxide = {
+    enable = true;
+    enableBashIntegration = true;
+    enableZshIntegration = true;
+    enableNushellIntegration = true;
+  };
+
+  # Atuin replaces your existing shell history with a SQLite database,
+  # and records additional context for your commands.
+  # Additionally, it provides optional and fully encrypted
+  # synchronisation of your history between machines, via an Atuin server.
+  programs.atuin = {
+    enable = true;
+    enableBashIntegration = true;
+    enableZshIntegration = true;
+    enableNushellIntegration = true;
+  };
+}

home/base/core/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/core/editors/README.md

@@ -0,0 +1,10 @@
+# Editors
+
+This directory contains editor configurations that are shared across different environments.
+
+## Available Editors
+
+- **neovim/**: Neovim configuration with AstroNvim
+- **helix/**: Helix editor configuration
+
+These configurations are designed to work across both terminal and GUI environments.

home/base/core/editors/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/core/editors/helix/default.nix

@@ -0,0 +1,4 @@
+{ pkgs, ... }:
+{
+  programs.helix.enable = true;
+}

home/base/core/editors/neovim/default.nix

@@ -1,9 +1,9 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs = {
     neovim = {
       enable = true;
 
-      defaultEditor = true;
       viAlias = true;
       vimAlias = true;
     };

home/base/core/git.nix

@@ -0,0 +1,128 @@
+{
+  config,
+  lib,
+  pkgs,
+  myvars,
+  ...
+}:
+{
+  # `programs.git` will generate the config file: ~/.config/git/config
+  # to make git use this config file, `~/.gitconfig` should not exist!
+  #
+  #    https://git-scm.com/docs/git-config#Documentation/git-config.txt---global
+  home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore [ "checkLinkTargets" ] ''
+    rm -f ${config.home.homeDirectory}/.gitconfig
+  '';
+
+  # GitHub CLI tool
+  # https://cli.github.com/manual/
+  programs.gh = {
+    enable = true;
+    settings = {
+      git_protocol = "ssh";
+      prompt = "enabled";
+      aliases = {
+        co = "pr checkout";
+        pv = "pr view";
+      };
+    };
+    hosts = {
+      "github.com" = {
+        "users" = {
+          "ryan4yin" = null;
+        };
+        "user" = "ryan4yin";
+      };
+    };
+  };
+
+  programs.git = {
+    enable = true;
+    lfs.enable = true;
+
+    # signing = {
+    #   key = "xxx";
+    #   signByDefault = true;
+    # };
+
+    includes = [
+      {
+        # use different email & name for work:
+        #
+        # [user]
+        #   email = "xxx@xxx.com"
+        #   name = "Ryan Yin"
+        path = "~/work/.gitconfig";
+        condition = "gitdir:~/work/";
+      }
+    ];
+
+    settings = {
+      user.email = myvars.useremail;
+      user.name = myvars.userfullname;
+
+      init.defaultBranch = "main";
+      trim.bases = "develop,master,main"; # for git-trim
+      push.autoSetupRemote = true;
+      pull.rebase = true;
+      log.date = "iso"; # use iso format for date
+
+      # replace https with ssh
+      url = {
+        "ssh://git@github.com/ryan4yin" = {
+          insteadOf = "https://github.com/ryan4yin";
+        };
+        # "ssh://git@bitbucket.com/ryan4yin" = {
+        #   insteadOf = "https://bitbucket.com/ryan4yin";
+        # };
+      };
+
+      alias = {
+        # common aliases
+        br = "branch";
+        co = "checkout";
+        st = "status";
+        ls = "log --pretty=format:\"%C(yellow)%h%Cred%d\\\\ %Creset%s%Cblue\\\\ [%cn]\" --decorate";
+        ll = "log --pretty=format:\"%C(yellow)%h%Cred%d\\\\ %Creset%s%Cblue\\\\ [%cn]\" --decorate --numstat";
+        cm = "commit -m"; # commit via `git cm <message>`
+        ca = "commit -am"; # commit all changes via `git ca <message>`
+        dc = "diff --cached";
+
+        amend = "commit --amend -m"; # amend commit message via `git amend <message>`
+        unstage = "reset HEAD --"; # unstage file via `git unstage <file>`
+        merged = "branch --merged"; # list merged(into HEAD) branches via `git merged`
+        unmerged = "branch --no-merged"; # list unmerged(into HEAD) branches via `git unmerged`
+        nonexist = "remote prune origin --dry-run"; # list non-exist(remote) branches via `git nonexist`
+
+        # delete merged branches except master & dev & staging
+        #  `!` indicates it's a shell script, not a git subcommand
+        delmerged = ''! git branch --merged | egrep -v "(^\*|main|master|dev|staging)" | xargs git branch -d'';
+        # delete non-exist(remote) branches
+        delnonexist = "remote prune origin";
+
+        # aliases for submodule
+        update = "submodule update --init --recursive";
+        foreach = "submodule foreach";
+      };
+    };
+  };
+
+  # A syntax-highlighting pager for git, diff, grep, and blame output
+  programs.delta = {
+    enable = true;
+    enableGitIntegration = true;
+    options = {
+      diff-so-fancy = true;
+      line-numbers = true;
+      true-color = "always";
+      # features => named groups of settings, used to keep related settings organized
+      # features = "";
+    };
+  };
+
+  # Git terminal UI (written in go).
+  programs.lazygit.enable = true;
+
+  # Yet another Git TUI (written in rust).
+  programs.gitui.enable = false;
+}

home/base/core/npm.nix

@@ -0,0 +1,10 @@
+{ config, ... }:
+{
+  # make `npm install -g <pkg>` happey
+  #
+  # mainly used to install npm packages that updates frequently
+  # such as gemini-cli, claude-code, etc.
+  home.file.".npmrc".text = ''
+    prefix=${config.home.homeDirectory}/.npm
+  '';
+}

home/base/core/pip.nix

@@ -0,0 +1,19 @@
+_: {
+  # use mirror for pip install
+  xdg.configFile."pip/pip.conf".text = ''
+    [global]
+    index-url = https://mirror.nju.edu.cn/pypi/web/simple
+    format = columns
+  '';
+
+  # xdg.configFile."pip/pip.conf".text = ''
+  #   [global]
+  #   index-url = https://mirror.nju.edu.cn/pypi/web/simple
+  #   format = columns
+  # '';
+
+  # xdg.configFile."pip/pip.conf".text = ''
+  #   [global]
+  #   index-url = https://mirrors.bfsu.edu.cn/pypi/web/simple
+  # '';
+}

home/base/core/shells/config.nu

@@ -0,0 +1,175 @@
+# Based on the default config generated by:
+#    ```
+#    config nu --default
+#    ```
+#
+# Nushell Config File Documentation
+#
+# Warning: This file is intended for documentation purposes only and
+# is not intended to be used as an actual configuration file as-is.
+#
+# version = "0.103.0"
+#
+# A `config.nu` file is used to override default Nushell settings,
+# define (or import) custom commands, or run any other startup tasks.
+# See https://www.nushell.sh/book/configuration.html
+#
+# Nushell sets "sensible defaults" for most configuration settings, so
+# the user's `config.nu` only needs to override these defaults if
+# desired.
+#
+# This file serves as simple "in-shell" documentation for these
+# settings, or you can view a more complete discussion online at:
+# https://nushell.sh/book/configuration
+#
+# You can pretty-print and page this file using:
+# config nu --doc | nu-highlight | less -R
+
+# $env.config
+# -----------
+# The $env.config environment variable is a record containing most Nushell
+# configuration settings. Keep in mind that, as a record, setting it to a
+# new record will remove any keys which aren't in the new record. Nushell
+# will then automatically merge in the internal defaults for missing keys.
+#
+# The same holds true for keys in the $env.config which are also records
+# or lists.
+#
+# For this reason, settings are typically changed by updating the value of
+# a particular key. Merging a new config record is also possible. See the
+# Configuration chapter of the book for more information.
+
+
+$env.config.history.file_format = "sqlite"
+$env.config.history.max_size = 5_000_000
+
+# isolation (bool):
+# `true`: New history from other currently-open Nushell sessions is not
+# seen when scrolling through the history using PrevHistory (typically
+# the Up key) or NextHistory (Down key)
+# `false`: All commands entered in other Nushell sessions will be mixed with
+# those from the current shell.
+# Note: Older history items (from before the current shell was started) are
+# always shown.
+# This setting only applies to SQLite-backed history
+$env.config.history.isolation = true
+
+# ----------------------
+# Miscellaneous Settings
+# ----------------------
+
+# show_banner (bool): Enable or disable the welcome banner at startup
+$env.config.show_banner = false
+
+# rm.always_trash (bool):
+# true: rm behaves as if the --trash/-t option is specified
+# false: rm behaves as if the --permanent/-p option is specified (default)
+$env.config.rm.always_trash = true
+
+# recursion_limit (int): how many times a command can call itself recursively
+# before an error will be generated.
+$env.config.recursion_limit = 50
+
+# ---------------------------
+# Commandline Editor Settings
+# ---------------------------
+
+# edit_mode (string) "vi" or "emacs" sets the editing behavior of Reedline
+$env.config.edit_mode = "vi"
+
+# Command that will be used to edit the current line buffer with Ctrl+O.
+# If unset, uses $env.VISUAL and then $env.EDITOR
+#
+$env.config.buffer_editor = ["nvim", "--clean"]
+
+# cursor_shape_* (string)
+# -----------------------
+# The following variables accept a string from the following selections:
+# "block", "underscore", "line", "blink_block", "blink_underscore", "blink_line", or "inherit"
+# "inherit" skips setting cursor shape and uses the current terminal setting.
+$env.config.cursor_shape.emacs = "inherit"         # Cursor shape in emacs mode
+$env.config.cursor_shape.vi_insert = "block"       # Cursor shape in vi-insert mode
+$env.config.cursor_shape.vi_normal = "underscore"  # Cursor shape in normal vi mode
+
+# --------------------
+# Terminal Integration
+# --------------------
+# Nushell can output a number of escape codes to enable advanced features in Terminal Emulators
+# that support them. Settings in this section enable or disable these features in Nushell.
+# Features aren't supported by your Terminal can be disabled. Features can also be disabled,
+#  of course, if there is a conflict between the Nushell and Terminal's implementation.
+
+# use_kitty_protocol (bool):
+# A keyboard enhancement protocol supported by the Kitty Terminal. Additional keybindings are
+# available when using this protocol in a supported terminal. For example, without this protocol,
+# Ctrl+I is interpreted as the Tab Key. With this protocol, Ctrl+I and Tab can be mapped separately.
+$env.config.use_kitty_protocol = false
+
+# osc2 (bool):
+# When true, the current directory and running command are shown in the terminal tab/window title.
+# Also abbreviates the directory name by prepending ~ to the home directory and its subdirectories.
+$env.config.shell_integration.osc2 = true
+
+# osc7 (bool):
+# Nushell will report the current directory to the terminal using OSC 7. This is useful when
+# spawning new tabs in the same directory.
+$env.config.shell_integration.osc7 = true
+
+# osc9_9 (bool):
+# Enables/Disables OSC 9;9 support, originally a ConEmu terminal feature. This is an
+# alternative to OSC 7 which also communicates the current path to the terminal.
+$env.config.shell_integration.osc9_9 = false
+
+# osc8 (bool):
+# When true, the `ls` command will generate clickable links that can be launched in another
+# application by the terminal.
+# Note: This setting replaces the now deprecated `ls.clickable_links`
+$env.config.shell_integration.osc8 = true
+
+# osc133 (bool):
+# true/false to enable/disable OSC 133 support, a set of several escape sequences which
+# report the (1) starting location of the prompt, (2) ending location of the prompt,
+# (3) starting location of the command output, and (4) the exit code of the command.
+
+# originating with Final Term. These sequences report information regarding the prompt
+# location as well as command status to the terminal. This enables advanced features in
+# some terminals, including the ability to provide separate background colors for the
+# command vs. the output, collapsible output, or keybindings to scroll between prompts.
+$env.config.shell_integration.osc133 = true
+
+# osc633 (bool):
+# true/false to enable/disable OSC 633, an extension to OSC 133 for Visual Studio Code
+$env.config.shell_integration.osc633 = true
+
+# NU_LIB_DIRS
+# -----------
+# Directories in this constant are searched by the
+# `use` and `source` commands.
+#
+# By default, the `scripts` subdirectory of the default configuration
+# directory is included:
+const NU_LIB_DIRS = [
+    ($nu.default-config-dir | path join 'scripts') # add <nushell-config-dir>/scripts
+    ($nu.data-dir | path join 'completions') # default home for nushell completions
+]
+
+# NU_PLUGIN_DIRS
+# --------------
+# Directories to search for plugin binaries when calling add.
+
+# By default, the `plugins` subdirectory of the default configuration
+# directory is included:
+const NU_PLUGIN_DIRS = [
+    ($nu.default-config-dir | path join 'plugins') # add <nushell-config-dir>/plugins
+]
+
+# As with NU_LIB_DIRS, an $env.NU_PLUGIN_DIRS is searched after the constant version
+
+# The `path add` function from the Standard Library also provides
+# a convenience method for prepending to the path:
+use std/util "path add"
+path add "~/.local/bin"
+
+# You can remove duplicate directories from the path using:
+$env.PATH = ($env.PATH | uniq)
+

home/base/core/shells/default.nix

@@ -1,3 +1,4 @@
+{ config, ... }:
 let
   shellAliases = {
     k = "kubectl";
@@ -5,21 +6,28 @@ let
     urldecode = "python3 -c 'import sys, urllib.parse as ul; print(ul.unquote_plus(sys.stdin.read()))'";
     urlencode = "python3 -c 'import sys, urllib.parse as ul; print(ul.quote_plus(sys.stdin.read()))'";
   };
-in {
-  # only works in bash/zsh, not nushell
-  home.shellAliases = shellAliases;
-
-  programs.nushell = {
-    enable = true;
-    configFile.source = ./config.nu;
-    shellAliases = shellAliases;
-  };
 
+  localBin = "${config.home.homeDirectory}/.local/bin";
+  goBin = "${config.home.homeDirectory}/go/bin";
+  rustBin = "${config.home.homeDirectory}/.cargo/bin";
+  npmBin = "${config.home.homeDirectory}/.npm/bin";
+in
+{
   programs.bash = {
     enable = true;
     enableCompletion = true;
     bashrcExtra = ''
-      export PATH="$HOME/.local/bin:$HOME/go/bin:$PATH"
+      export PATH="$PATH:${localBin}:${goBin}:${rustBin}:${npmBin}"
     '';
   };
+
+  # NOTE: only works in bash/zsh, not nushell
+  home.shellAliases = shellAliases;
+
+  # NOTE: nushell will be launched in bash, so it can inherit all the eenvironment variables.
+  programs.nushell = {
+    enable = true;
+    configFile.source = ./config.nu;
+    inherit shellAliases;
+  };
 }

home/base/core/starship.nix

@@ -0,0 +1,29 @@
+{
+  programs.starship = {
+    enable = true;
+
+    enableBashIntegration = true;
+    enableZshIntegration = true;
+    enableNushellIntegration = true;
+
+    # https://starship.rs/config/
+    settings = {
+      # Get editor completions based on the config schema
+      "$schema" = "https://starship.rs/config-schema.json";
+      character = {
+        success_symbol = "[➜](bold green)";
+        error_symbol = "[➜](bold red)";
+      };
+      # I never rely on the defaults, so this module is useless to me—disabled.
+      # I prefer adding --project, --region to very gcloud/aws command.
+      aws.disabled = true;
+      gcloud.disabled = true;
+
+      kubernetes = {
+        symbol = "⛵";
+        disabled = false;
+      };
+      os.disabled = false;
+    };
+  };
+}

home/base/core/theme.nix

@@ -0,0 +1,16 @@
+{ catppuccin, ... }:
+{
+  # https://github.com/catppuccin/nix
+  imports = [
+    catppuccin.homeModules.catppuccin
+  ];
+
+  catppuccin = {
+    # The default `enable` value for all available programs.
+    enable = true;
+    # one of "latte", "frappe", "macchiato", "mocha"
+    flavor = "mocha";
+    # one of "blue", "flamingo", "green", "lavender", "maroon", "mauve", "peach", "pink", "red", "rosewater", "sapphire", "sky", "teal", "yellow"
+    accent = "pink";
+  };
+}

home/base/core/yazi.nix

@@ -0,0 +1,17 @@
+{ pkgs, ... }:
+{
+  # terminal file manager
+  programs.yazi = {
+    enable = true;
+    package = pkgs.yazi;
+    # Changing working directory when exiting Yazi
+    enableBashIntegration = true;
+    enableNushellIntegration = true;
+    settings = {
+      mgr = {
+        show_hidden = true;
+        sort_dir_first = true;
+      };
+    };
+  };
+}

home/base/core/zellij/default.nix

@@ -2,7 +2,8 @@ let
   shellAliases = {
     "zj" = "zellij";
   };
-in {
+in
+{
   programs.zellij = {
     enable = true;
   };

home/base/desktop/cloud/default.nix

@@ -1,28 +0,0 @@
-{pkgs, ...}: {
-  home.packages = with pkgs;
-    [
-      # general tools
-      pulumi
-      pulumictl
-      packer # machine image builder
-
-      # aws
-      awscli2
-      ssm-session-manager-plugin # Amazon SSM Session Manager Plugin
-      aws-iam-authenticator
-      eksctl
-      istioctl
-
-      # aliyun
-      aliyun-cli
-    ]
-    ++ (
-      if pkgs.stdenv.isLinux
-      then [
-        # cloud tools that nix do not have cache for.
-        terraform
-        terraformer # generate terraform configs from existing cloud resources
-      ]
-      else []
-    );
-}

home/base/desktop/container/container.nix

@@ -1,14 +0,0 @@
-{
-  pkgs,
-  pkgs-unstable,
-  ...
-}: {
-  home.packages = with pkgs; [
-    skopeo
-    docker-compose
-    dive # explore docker layers
-  ];
-
-  programs = {
-  };
-}

home/base/desktop/container/kubernetes.nix

@@ -1,30 +0,0 @@
-{
-  pkgs,
-  nur-ryan4yin,
-  ...
-}: {
-  home.packages = with pkgs; [
-    kubectl
-    kubernetes-helm
-  ];
-
-  programs = {
-    k9s = {
-      enable = true;
-      skin = let
-        skin_file = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-k9s}/dist/mocha.yml"; # theme - catppuccin mocha
-        skin_attr = builtins.fromJSON (
-          builtins.readFile
-          # replace 'base: &base "#1e1e2e"' with 'base: &base "default"'
-          # to make fg/bg color transparent. "default" means transparent in k9s skin.
-          (pkgs.runCommandNoCC "get-skin-json" {} ''
-            cat ${skin_file} \
-              |  sed -E 's@(base: &base ).+@\1 "default"@g' \
-              | ${pkgs.yj}/bin/yj > $out
-          '')
-        );
-      in
-        skin_attr;
-    };
-  };
-}

home/base/desktop/dev-tools.nix

@@ -1,71 +0,0 @@
-{
-  pkgs,
-  pkgs-unstable,
-  ...
-}: {
-  #############################################################
-  #
-  #  Basic settings for development environment
-  #
-  #  Please avoid to install language specific packages here(globally),
-  #  instead, install them:
-  #     1. per IDE, such as `programs.neovim.extraPackages`
-  #     2. per-project, using https://github.com/the-nix-way/dev-templates
-  #
-  #############################################################
-
-  home.packages = with pkgs;
-    [
-      # db related
-      dbeaver
-      mycli
-      pgcli
-      mongosh
-      sqlite
-
-      # embedded development
-      minicom
-
-      # ai related
-      python311Packages.huggingface-hub # huggingface-cli
-
-      # misc
-      pkgs-unstable.devbox
-      glow # markdown previewer
-      fzf
-      gdu # disk usage analyzer, required by AstroNvim
-      bfg-repo-cleaner # remove large files from git history
-      k6 # load testing tool
-      protobuf # protocol buffer compiler
-      nix-init # generate nix package from url
-    ]
-    ++ (
-      if pkgs.stdenv.isLinux
-      then [
-        # Automatically trims your branches whose tracking remote refs are merged or gone
-        # It's really useful when you work on a project for a long time.
-        git-trim
-
-        # need to run `conda-install` before using it
-        # need to run `conda-shell` before using command `conda`
-        # conda is not available for MacOS
-        conda
-
-        mitmproxy # http/https proxy tool
-        insomnia # REST client
-        wireshark # network analyzer
-      ]
-      else []
-    );
-
-  programs = {
-    direnv = {
-      enable = true;
-      nix-direnv.enable = true;
-
-      enableZshIntegration = true;
-      enableBashIntegration = true;
-      enableNushellIntegration = true;
-    };
-  };
-}

home/base/desktop/editors/README.md

@@ -1,150 +0,0 @@
-# Editors
-
-My editors:
-
-1. Neovim
-2. Emacs
-3. Helix
-
-And `Zellij` for a smooth and stable terminal experience.
-
-## Tutorial
-
-Type `:tutor`(`:Tutor` in Neovim) to learn the basics usage of vim/neovim.
-
-## VIM's Cheetsheet
-
-> Here only record my commonly used keyboard keys, to see **a more comprehensive cheetsheet**: <https://github.com/rtorr/vim-cheat-sheet>
-
-Both Emacs-Evil & Neovim are compatible with vim, sothe key-bindings described here are common in both Emacs-Evil, Neovim & vim.
-
-### Terminal Related
-
-I mainly use Zellij for terminal related operations, here is its terminal shortcuts I use frequently now:
-
-| Action                    | Zellij's Shortcut |
-| ------------------------- | ----------------- |
-| Floating Terminal         | `Ctrl + p + w`    |
-| Horizontal Split Terminal | `Ctrl + p + d`    |
-| Vertical Split Terminal   | `Ctrl + p + n`    |
-
-### File Management
-
-| Action                            |                                              |
-| --------------------------------- | -------------------------------------------- |
-| Save selected text to a file      | `:w filename` (Will show `:'<,'>w filename`) |
-| Save and close the current buffer | `:wq`                                        |
-| Save all buffers                  | `:wa`                                        |
-| Save and close all buffers        | `:wqa`                                       |
-
-### Text Manipulation
-
-Basics:
-
-| Action                                              |                                |
-| --------------------------------------------------- | ------------------------------ |
-| Move to the start/end of the buffer                 | `gg`/`G`                       |
-| Move the line number 5                              | `5gg` / `5G`                   |
-| Move left/down/up/right                             | h/j/k/l or `5h`/`5j`/`5k`/`5l` |
-| Move to the matchpairs, default to `()`, `{}`, `[]` | `%`                            |
-| Delete the current character                        | `x`                            |
-| Delete the selection                                | `d`                            |
-| Undo the last change                                | `u`                            |
-| Redo the last change                                | `Ctrl + r`                     |
-
-Convert Text Cases:
-
-| Toggle text's case | `~` |
-| Convert to uppercase | `U` |
-| Convert to lowercase | `u` |
-
-Misc:
-
-| Action                        | Shortcut                                 |
-| ----------------------------- | ---------------------------------------- |
-| Toggle visual mode            | `v` (lower case v)                       |
-| Select the current line       | `V` (upper case v)                       |
-| Toggle visual block mode      | `<Ctrl> + v` (select a block vertically) |
-| Fold the current code block   | `zc`                                     |
-| Unfold the current code block | `zo`                                     |
-| Jump to Definition            | `gd`                                     |
-| Jump to References            | `gD`                                     |
-| (Un)Comment the current line  | `gcc`                                    |
-
-| Action                                                                    |                |
-| ------------------------------------------------------------------------- | -------------- |
-| Join Selection of Lines With Space                                        | `:join` or `J` |
-| Join without spaces                                                       | `:join!`       |
-| Move to the start/end of the line                                         | `0` / `$`      |
-| Enter Insert mode at the start/end of the line                            | `I` / `A`      |
-| Delete from the cursor to the end of the line                             | `D`            |
-| Delete from the cursor to the end of the line, and then enter insert mode | `C`            |
-
-Advance Techs:
-
-- Add at the end of multiple lines: `:normal A<text>`
-
-  - Execublock: `:A<text>`
-  - visual block mode(ctrl + v)
-  - Append text at the end of each line in the selected block
-  - If position exceeds line end, neovim adds spaces automatically
-
-- Delete the last char of multivle lines: `:normal $x`
-
-  - Execute `$x` on each line
-  - visual mode(v)
-  - `$` moves cursor to the end of line
-  - `x` deletes the character under the cursor
-
-- Delete the last word of multiple lines: `:normal $bD`
-  - Execute `$bD` on each line
-  - visual mode(v)
-  - `$` moves cursor to the end of line
-  - `b` moves cursor to the beginning of the last word
-
-### Search
-
-| Action                                                | Command   |
-| ----------------------------------------------------- | --------- |
-| Search forward/backword for a pattern                 | `/` / `?` |
-| Repeat the last search in the same/opposite direction | `n` / `N` |
-
-### Find and Replace
-
-| Action                   | Command                             |
-| ------------------------ | ----------------------------------- |
-| Replace in selected area | `:s/old/new/g`                      |
-| Replace in current line  | Same as above                       |
-| Replace in whole file    | `:% s/old/new/g`                    |
-| Replace with regex       | `:% s@\vhttp://(\w+)@https://\1@gc` |
-
-1. `\v` means means that in the regex pattern after it can be used without backslash escaping(similar to python's raw string).
-2. `\1` means the first matched group in the pattern.
-
-### Replace in the specific lines
-
-| Action                                    | Command                                |
-| ----------------------------------------- | -------------------------------------- |
-| From the 10th line to the end of the file | `:10,$ s/old/new/g` or `:10,$ s@^@#@g` |
-| From the 10th line to the 20th line       | `:10,20 s/old/new/g`                   |
-
-The postfix(flags) in the above commands:
-
-1. `g` means replace all the matched strings in the current line/file.
-2. `c` means ask for confirmation before replacing.
-3. `i` means ignore case.
-
-### Buffers, Windows and Tabs
-
-- A buffer is the in-memory text of a file.
-- A window is a viewport on a buffer.
-- A tab page is a collection of windows.
-
-| Action                              | Command                             |
-| ----------------------------------- | ----------------------------------- |
-| Show all buffers                    | `:ls`                               |
-| show next/previous buffer           | `]b`/`[b` or `:bn[ext]` / `bp[rev]` |
-| Split the window horizontally       | `:sp[lit]`                               |
-| Split the window horizontally       | `:vs[plit]`                              |
-| New Tab(New Workspace in DoomEmacs) | `:tabnew`                           |
-| Next/Previews Tab                   | `gt`/`gT`                           |

home/base/desktop/editors/Structured-Editing.md

@@ -1,24 +0,0 @@
-# Structured Editing
-
-## S-expression data(Lisp)
-
-- paredit/[lispy](https://github.com/doomemacs/doomemacs/tree/master/modules/editor/lispy): too complex.
-- [evil-cleverparens](https://github.com/emacs-evil/evil-cleverparens): simple and useful.
-- [parinfer(par-in-fer)](https://shaunlebron.github.io/parinfer/): morden, simple, elegant and useful, but works not well with some other completion plugins...
-    - to make parinfer works, you should disable sexp & smartparens in any lisp mode.
-
-Some plugins:
-
-- Emacs
-    - [parinfer-rust-mode](https://github.com/justinbarclay/parinfer-rust-mode)
-- Neovim
-    - [parinfer-rust](https://github.com/eraserhd/parinfer-rust)
-    - <https://github.com/Olical/conjure>
-- Helix
-    - [parinfer #4090 - Helix](https://github.com/helix-editor/helix/discussions/4090)
-
-## Other Languages
-
-1. treesitter
-1. ...
-

home/base/desktop/editors/emacs/README.md

@@ -1,172 +0,0 @@
-# Emacs Editor
-
-## Why emacs?
-
-1. Explore the unknown, just for fun!
-2. Org Mode
-3. Lisp Coding
-4. A top-level tutorial for Emacs(Chinese): <https://nyk.ma/tags/emacs/>
-5. A Beginner's Guide to Emacs(Chinese): <https://github.com/emacs-tw/emacs-101-beginner-survival-guide>
-
-## Screenshot
-
-![](/_img/emacs-2024-01-07.webp)
-
-## Usefull Links
-
-- Framework: <https://github.com/doomemacs/doomemacs>
-  - key bindings:
-    - source code: <https://github.com/doomemacs/doomemacs/blob/master/modules/config/default/%2Bevil-bindings.el>
-    - docs: <https://github.com/doomemacs/doomemacs/blob/master/modules/editor/evil/README.org>
-  - module index: <https://github.com/doomemacs/doomemacs/blob/master/docs/modules.org>
-- LSP Client: <https://github.com/manateelazycat/lsp-bridge>
-- Emacs Wiki: <https://www.emacswiki.org/emacs/SiteMap>
-- Awesome Emacs: <https://github.com/emacs-tw/awesome-emacs#lsp-client>
-- Chinese(rime) support: <https://github.com/DogLooksGood/emacs-rime>
-- modal editing:
-  - <https://github.com/emacs-evil/evil>: evil mode, enabled by default in doom-emacs.
-  - <https://github.com/meow-edit/meow>
-
-## Install or Update
-
-After deploying this nix flake, run the following command to install or update emacs:
-
-```bash
-doom sync
-```
-
-when in doubt, run `doom sync`!
-
-## Testing
-
-> via `Justfile` located at the root of this repo.
-
-```bash
-# testing
-just emacs-test
-jsut emacs-purge
-just emacs-reload
-
-# clear test data
-just emacs-clear
-```
-
-## Cheetsheet
-
-Here is the cheetsheet related to my DoomEmacs configs. Please read vim's common cheetsheet at [../README.md](../README.md) before reading the following.
-
-### Basics
-
-> Terminal(vterm) is useful in GUI mode, I use Zellij instead in terminal mode.
-
-| Action                 | Shortcut                                          |
-| ---------------------- | ------------------------------------------------- |
-| Popup Terminal(vterm)  | `SPC + o + t`                                     |
-| Open Terminal          | `SPC + o + T`                                     |
-| Open file tree sidebar | `SPC + o + p`                                     |
-| Exit                   | `M-x C-c`                                         |
-| Execute Command        | `M-x`(hold on `Alt`/`option`, and then press `x`) |
-| Eval Lisp Code         | `M-:`(hold on `Alt`/`option`, and then press `:`) |
-
-### Window Navigation
-
-| Action                                     | Shortcut                                                              |
-| ------------------------------------------ | --------------------------------------------------------------------- |
-| Split a window vertically and horizontally | `SPC w v/s`                                                           |
-| Move to a window in a specific direction   | `Ctrl-w + h/j/k/l`                                                    |
-| Move a window to a specific direction      | `Ctrl-w + H/J/K/L`                                                    |
-| Move to the next window                    | `SPC w w`                                                             |
-| Close the current window                   | `SPC w q`                                                             |
-| Rebalance all windows                      | `SPC w =`                                                             |
-| Set window's width(columns)                | `80 SPC w \|` (the Vertical line is escaped due to markdown's limits) |
-| Set window's height                        | `30 SPC w _ `                                                         |
-
-### File Tree
-
-- treemacs: <https://github.com/Alexander-Miller/treemacs/blob/master/src/elisp/treemacs-mode.el>
-- treemacs-evil: <https://github.com/Alexander-Miller/treemacs/blob/master/src/extra/treemacs-evil.el>
-
-| Action                                | Shortcut  |
-| ------------------------------------- | --------- |
-| Resize Treemacs's window              | `>` & `<` |
-| Extra Wide Window                     | `W`       |
-| Rename                                | `R`       |
-| Delete File/Direcoty                  | `d`       |
-| New File                              | `cf`      |
-| New Directory                         | `cd`      |
-| Go to parent                          | `u`       |
-| Run shell command in for current node | `!`       |
-| Refresh file tree                     | `gr`      |
-| Copy project-path into pasteboard     | `yp`      |
-| Copy absolute-path into pasteboard    | `ya`      |
-| Copy relative-path into pasteboard    | `yr`      |
-| Copy file to another location         | `yf`      |
-| Move file to another location         | `m`       |
-| quit                                  | `q`       |
-
-And bookmarks:
-
-- Add bookmarks in treemacs: `b`
-- Show Bookmark List: `SPC s m`
-
-### Splitting and Buffers
-
-| Action                  | Shortcut          |
-| ----------------------- | ----------------- |
-| Buffer List             | `<Space> + ,`     |
-| Save all buffers(Tab)   | `<Space> + b + S` |
-| Kill the current buffer | `<Space> + b + k` |
-| Kill all buffers        | `<Space> + b + K` |
-
-### Editing and Formatting
-
-| Action                                     | Shortcut            |
-| ------------------------------------------ | ------------------- |
-| Format Document                            | `<Space> + cf`      |
-| Code Actions                               | `<Space> + ca`      |
-| Rename                                     | `<Space> + cr`      |
-| Opening LSP symbols                        | `<Space> + cS`      |
-| Show all LSP Errors                        | `<Space> + c + x/X` |
-| Show infinite undo history(really useful!) | `<Space> + s + u`   |
-| Open filepath/URL at cursor                | `gf`                |
-| Find files by keyword in path              | `<Space> + <Space>` |
-| Grep string in files (vertico + ripgrep)   | `<Space> + sd`      |
-
-### Image Preview(GUI mode only)
-
-Use `-`, `+` to resize the image, `r` to rotate the image.
-
-### Search & replace
-
-```bash
-SPC s p foo C-; E C-c C-p :%s/foo/bar/g RET Z Z
-```
-
-1. `SPC s p`: search in project
-1. `foo`: the keyword to search
-1. `C-; E`: exports what you’re looking at into a new buffer in grep-mode
-1. `C-c C-p` to run wgrep-change-to-wgrep-mode to make the search results writable.
-1. `:%s/foo/bar/g RET`: replace in the current buffer(just like neovim/vim)
-1. `Z Z`: to write all the changes to their respective files
-
-### Projects
-
-> easily switch between projects without exit emacs!
-
-| Action                     |               |
-| -------------------------- | ------------- |
-| Switch between projects    | `SPC + p + p` |
-| Browse the current project | `SPC + p + .` |
-| Add new project            | `SPC + p + a` |
-
-### Workspaces
-
-> Very useful when run emacs in daemon/client modes
-
-| Action                      |                             |
-| --------------------------- | --------------------------- |
-| Switch between workspaces   | `M-1/2/3/...`(Alt-1/2/3/..) |
-| New Workspace               | `SPC + TAB + n`             |
-| New Named Workspace         | `SPC + TAB + N`             |
-| Delete Workspace            | `SPC + TAB + d`             |
-| Display Workspaces bar blow | `SPC + TAB + TAB`           |

home/base/desktop/editors/emacs/default.nix

@@ -1,139 +0,0 @@
-# ==============================================
-# Based on doomemacs's auther's config:
-#   https://github.com/hlissner/dotfiles/blob/master/modules/editors/emacs.nix
-#
-# Emacs Tutorials:
-#  1. Official: <https://www.gnu.org/software/emacs/tour/index.html>
-#  2. Doom Emacs: <https://github.com/doomemacs/doomemacs/blob/master/docs/index.org>
-#
-{
-  config,
-  lib,
-  pkgs,
-  doomemacs,
-  ...
-}:
-with lib; let
-  cfg = config.modules.editors.emacs;
-  envExtra = ''
-    export PATH="${config.xdg.configHome}/emacs/bin:$PATH"
-  '';
-  shellAliases = {
-    e = "emacsclient --create-frame"; # gui
-    et = "emacsclient --create-frame --tty"; # termimal
-  };
-  librime-dir = "${config.xdg.dataHome}/emacs/librime";
-  parinfer-rust-lib-dir = "${config.xdg.dataHome}/emacs/parinfer-rust";
-  myEmacsPackagesFor = emacs: ((pkgs.emacsPackagesFor emacs).emacsWithPackages (epkgs: [
-    epkgs.vterm
-  ]));
-in {
-  options.modules.editors.emacs = {
-    enable = mkEnableOption "Emacs Editor";
-  };
-
-  config = mkIf cfg.enable (mkMerge [
-    {
-      home.packages = with pkgs; [
-        ## Doom dependencies
-        git
-        (ripgrep.override {withPCRE2 = true;})
-        gnutls # for TLS connectivity
-
-        ## Optional dependencies
-        fd # faster projectile indexing
-        imagemagick # for image-dired
-        zstd # for undo-fu-session/undo-tree compression
-
-        # go-mode
-        gocode
-
-        ## Module dependencies
-        # :checkers spell
-        (aspellWithDicts (ds: with ds; [en en-computers en-science]))
-        # :tools editorconfig
-        editorconfig-core-c # per-project style config
-        # :tools lookup & :lang org +roam
-        sqlite
-        # :lang latex & :lang org (latex previews)
-        texlive.combined.scheme-medium
-      ];
-
-      programs.bash.bashrcExtra = envExtra;
-      programs.zsh.envExtra = envExtra;
-      home.shellAliases = shellAliases;
-      programs.nushell.shellAliases = shellAliases;
-
-      # allow fontconfig to discover fonts and configurations installed through `home.packages`
-      fonts.fontconfig.enable = true;
-
-      xdg.configFile."doom" = {
-        source = ./doom;
-        force = true;
-      };
-
-      xdg.configFile."emacs/lsp-bridge-user-langserver" = {
-        source = ./lsp-bridge-user-langserver;
-        force = true;
-      };
-
-      home.activation.installDoomEmacs = lib.hm.dag.entryAfter ["writeBoundary"] ''
-        ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F744 ${doomemacs}/ ${config.xdg.configHome}/emacs/
-
-        # librime for emacs-rime
-        mkdir -p ${librime-dir}
-        ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F744 ${pkgs.librime}/ ${librime-dir}/
-
-        # libparinfer_rust for emacs' parinfer-rust-mode
-        mkdir -p ${parinfer-rust-lib-dir}
-        ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F744  ${pkgs.vimPlugins.parinfer-rust}/lib/libparinfer_rust.* ${parinfer-rust-lib-dir}/parinfer-rust.so
-      '';
-    }
-
-    (mkIf pkgs.stdenv.isLinux (
-      let
-        # Do not use emacs-nox here, which makes the mouse wheel work abnormally in terminal mode.
-        # pgtk (pure gtk) build add native support for wayland.
-        # https://www.gnu.org/savannah-checkouts/gnu/emacs/emacs.html#Releases
-        emacsPkg = myEmacsPackagesFor pkgs.emacs29-pgtk;
-      in {
-        home.packages = [emacsPkg];
-        services.emacs = {
-          enable = true;
-          package = emacsPkg;
-          client = {
-            enable = true;
-            arguments = [" --create-frame"];
-          };
-          startWithUserSession = true;
-        };
-      }
-    ))
-
-    (mkIf pkgs.stdenv.isDarwin (
-      let
-        # macport adds some native features based on GNU Emacs 29
-        # https://bitbucket.org/mituharu/emacs-mac/src/master/README-mac
-        emacsPkg = myEmacsPackagesFor pkgs.emacs29;
-      in {
-        home.packages = [emacsPkg];
-        launchd.enable = true;
-        launchd.agents.emacs = {
-          enable = true;
-          config = {
-            ProgramArguments = [
-              "${pkgs.bash}/bin/bash"
-              "-l"
-              "-c"
-              "${emacsPkg}/bin/emacs --fg-daemon"
-            ];
-            StandardErrorPath = "${config.home.homeDirectory}/Library/Logs/emacs-daemon.stderr.log";
-            StandardOutPath = "${config.home.homeDirectory}/Library/Logs/emacs-daemon.stdout.log";
-            RunAtLoad = true;
-            KeepAlive = true;
-          };
-        };
-      }
-    ))
-  ]);
-}

home/base/desktop/editors/emacs/doom/config.el

@@ -1,179 +0,0 @@
-;;; $DOOMDIR/config.el -*- lexical-binding: t; -*-
-
-;; Place your private configuration here! Remember, you do not need to run 'doom
-;; sync' after modifying this file!
-
-
-;; Some functionality uses this to identify you, e.g. GPG configuration, email
-;; clients, file templates and snippets. It is optional.
-;; (setq user-full-name "John Doe"
-;;       user-mail-address "john@doe.com")
-
-;; Doom exposes five (optional) variables for controlling fonts in Doom:
-;;
-;; - `doom-font' -- the primary font to use
-;; - `doom-variable-pitch-font' -- a non-monospace font (where applicable)
-;; - `doom-big-font' -- used for `doom-big-font-mode'; use this for
-;;   presentations or streaming.
-;; - `doom-symbol-font' -- for symbols
-;; - `doom-serif-font' -- for the `fixed-pitch-serif' face
-;;
-;; See 'C-h v doom-font' for documentation and more examples of what they
-;; accept. For example:
-;;
-(setq doom-font (font-spec :family "JetBrainsMono Nerd Font" :size 18)
-      doom-variable-pitch-font (font-spec :family "DejaVu Sans")
-      doom-symbol-font (font-spec :family "Symbols Nerd Font Mono")
-      doom-big-font (font-spec :family "JetBrainsMono Nerd Font" :size 28))
-
-;; Users should inject their own font logic in `after-setting-font-hook'
-;; Add font for CJK charset
-(defun init-cjk-fonts()
-  (dolist (charset '(kana han cjk-misc bopomofo))
-    (set-fontset-font (frame-parameter nil 'font)
-                      charset (font-spec :family "Source Han Sans SC"))))
-(add-hook 'after-setting-font-hook 'init-cjk-fonts)
-
-
-;; If you or Emacs can't find your font, use 'M-x describe-font' to look them
-;; up, `M-x eval-region' to execute elisp code, and 'M-x doom/reload-font' to
-;; refresh your font settings. If Emacs still can't find your font, it likely
-;; wasn't installed correctly. Font issues are rarely Doom issues!
-
-;; There are two ways to load a theme. Both assume the theme is installed and
-;; available. You can either set `doom-theme' or manually load a theme with the
-;; `load-theme' function. This is the default:
-;; other doom's official themes:
-;;   https://github.com/doomemacs/themes
-(setq doom-theme 'doom-dracula) ;; doom-one doom-dracula doom-nord
-(if (eq system-type 'darwin)
-    ;; Transparent Backgroud - for macOS
-    ;;(set-frame-parameter (selected-frame) 'alpha '(<active> . <inactive>))
-    ;;(set-frame-parameter (selected-frame) 'alpha <both>)
-    (progn
-      (set-frame-parameter (selected-frame) 'alpha '(85 . 70))
-      (add-to-list 'default-frame-alist '(alpha . (85 . 70))))
-  ;; Transparent Background - for Linux Xorg/Wayland
-  (set-frame-parameter nil 'alpha-background 93) ; For current frame
-  (add-to-list 'default-frame-alist '(alpha-background . 93))); For all new frames henceforth
-
-;; This determines the style of line numbers in effect. If set to `nil', line
-;; numbers are disabled. For relative line numbers, set this to `relative'.
-(setq display-line-numbers-type t)
-(setq warning-minimum-level :error)
-;; If you use `org' and don't want your org files in the default location below,
-;; change `org-directory'. It must be set before org loads!
-(setq org-directory "~/org/")
-;; Whenever you reconfigure a package, make sure to wrap your config in an
-;; `after!' block, otherwise Doom's defaults may override your settings. E.g.
-;;
-;;   (after! PACKAGE
-;;     (setq x y))
-;;
-;; The exceptions to this rule:
-;;
-;;   - Setting file/directory variables (like `org-directory')
-;;   - Setting variables which explicitly tell you to set them before their
-;;     package is loaded (see 'C-h v VARIABLE' to look up their documentation).
-;;   - Setting doom variables (which start with 'doom-' or '+').
-;;
-;; Here are some additional functions/macros that will help you configure Doom.
-;;
-;; - `load!' for loading external *.el files relative to this one
-;; - `use-package!' for configuring packages
-;; - `after!' for running code after a package has loaded
-;; - `add-load-path!' for adding directories to the `load-path', relative to
-;;   this file. Emacs searches the `load-path' when you load packages with
-;;   `require' or `use-package'.
-;; - `map!' for binding new keys
-;;
-;; To get information about any of these functions/macros, move the cursor over
-;; the highlighted symbol at press 'K' (non-evil users must press 'C-c c k').
-;; This will open documentation for it, including demos of how they are used.
-;; Alternatively, use `C-h o' to look up a symbol (functions, variables, faces,
-;; etc).
-;;
-;; You can also try 'gd' (or 'C-c c d') to jump to their definition and see how
-;; they are implemented.
-
-;; fix vterm's color
-(set-face-attribute 'vterm-color-default nil :foreground fg)                            
-(set-face-attribute 'vterm-color-black nil   :background base0   :foreground base0)     
-(set-face-attribute 'vterm-color-red nil     :background red     :foreground red)       
-(set-face-attribute 'vterm-color-green nil   :background green   :foreground green)     
-(set-face-attribute 'vterm-color-yellow nil  :background yellow  :foreground yellow)    
-(set-face-attribute 'vterm-color-blue nil    :background blue    :foreground blue)      
-(set-face-attribute 'vterm-color-magenta nil :background magenta :foreground magenta)   
-(set-face-attribute 'vterm-color-cyan nil    :background cyan    :foreground cyan)      
-(set-face-attribute 'vterm-color-white nil   :background base8   :foreground base8)     
-
-(after! vterm
-  (setq vterm-shell "nu")) ; use nushell by defualt
-
-(use-package! lsp-bridge
-  :config
-  (setq lsp-bridge-enable-log nil)  ;; disabled for performance
-  ;; for user's custom langserver file
-  (setq lsp-bridge-user-langserver-dir "~/.config/emacs/lsp-bridge-user-langserver")
-  (setq lsp-bridge-enable-auto-format-code 1)
-  (global-lsp-bridge-mode))
-
-(use-package! wakatime-mode :ensure t)
-;; fully enable tree-sitter highlighting
-(after! tree-sitter
-  (setq +tree-sitter-hl-enabled-modes t))
-;; fix: https://github.com/jrblevin/markdown-mode/issues/380
-;; even add this one, editing a large markdown table is still very slow.
-;; so avoid editing large markdown file in emacs, use neovim instead...
-(after! markdown-mode
-  (global-font-lock-mode 0))
-
-;; use alejandra to format nix files
-;; (use-package! lsp-nix
-;;   :ensure lsp-mode
-;;   :after
-;;   (lsp-mode)
-;;   :demand t
-;;   :custom
-;;   (lsp-nix-nil-formatter
-;;    ["alejandra"]))
-(use-package! nushell-mode
-  :config
-  (setq nushell-enable-auto-indent 1))
-
-;; emacs-rime
-(use-package! rime
-  :custom
-  (default-input-method "rime")
-  (rime-librime-root "~/.local/share/emacs/librime"))
-
-;; use parinfer for lisp editing
-(use-package! parinfer-rust-mode
-  :hook ((emacs-lisp-mode
-          clojure-mode
-          scheme-mode
-          lisp-mode
-          racket-mode
-          fennel-mode
-          hy-mode) . parinfer-rust-mode)
-  :init
-  ;; parinfer-rust library do not provide a apple silicon binary.
-  ;; fix: https://github.com/doomemacs/doomemacs/issues/6163
-  (setq parinfer-rust-auto-download 0)
-  ;; we need to download it manually and put it in this path
-  (setq parinfer-rust-library "~/.local/share/emacs/parinfer-rust/parinfer-rust.so")
-  :config
-  (map! :map parinfer-rust-mode-map
-        :localleader
-        "p" #'parinfer-rust-switch-mode
-        "P" #'parinfer-rust-toggle-disable))
-
-;; disable smatparens-mode here to void conflict with parinfer
-;; https://discourse.doomemacs.org/t/disable-smartparens-or-parenthesis-completion/134
-(add-hook 'clojure-mode-hook        #'turn-off-smartparens-mode)
-(add-hook 'scheme-mode-hook         #'turn-off-smartparens-mode)
-(add-hook 'lisp-mode-hook           #'turn-off-smartparens-mode)
-(add-hook 'racket-mode-hook         #'turn-off-smartparens-mode)
-(add-hook 'fennel-mode-hook         #'turn-off-smartparens-mode)
-(add-hook 'hy-mode-hook             #'turn-off-smartparens-mode)
-

home/base/desktop/editors/emacs/doom/init.el

@@ -1,211 +0,0 @@
-;;; init.el -*- lexical-binding: t; -*-
-
-;; This file controls what Doom modules are enabled and what order they load
-;; in. Remember to run 'doom sync' after modifying it!
-
-;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
-;;      documentation. There you'll find a link to Doom's Module Index where all
-;;      of our modules are listed, including what flags they support.
-
-;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
-;;      'C-c c k' for non-vim users) to view its documentation. This works on
-;;      flags as well (those symbols that start with a plus).
-;;
-;;      Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
-;;      directory (for easy access to its source code).
-
-
-(doom! :input
-       ;;bidi              ; (tfel ot) thgir etirw uoy gnipleh
-       chinese
-       ;;japanese
-       ;;layout            ; auie,ctsrnm is the superior home row
-
-       :completion
-       ;; (company +childframe)  ; conflict with lsp-bridge
-                                        ; the ultimate code completion backend
-       ;;helm              ; the *other* search engine for love and life
-       ;;ido               ; the other *other* search engine...
-       ;;ivy               ; a search engine for love and life
-       vertico                          ; the search engine of the future
-
-       :ui
-       ;;deft              ; notational velocity for Emacs
-       doom                             ; what makes DOOM look the way it does
-       doom-dashboard                   ; a nifty splash screen for Emacs
-       ;;doom-quit         ; DOOM quit-message prompts when you quit Emacs
-       ;; (emoji +unicode) ; Emacs 29 provides native support for inserting Unicode emojis.
-                                        ; 🙂
-       hl-todo            ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
-       indent-guides      ; highlighted indent columns
-       ligatures          ; ligatures and symbols to make your code pretty again
-       modeline           ; snazzy, Atom-inspired modeline, plus API
-       ophints            ; highlight the region an operation acts on
-       (popup +defaults)
-                                        ; tame sudden yet inevitable temporary windows
-       tabs                             ; a tab bar for Emacs
-       treemacs                 ; a project drawer, like neotree but cooler
-       unicode                  ; extended unicode support for various languages
-       (vc-gutter +pretty)
-                                        ; vcs diff in the fringe
-       vi-tilde-fringe                  ; fringe tildes to mark beyond EOB
-       ;;window-select     ; visually switch windows
-       workspaces       ; tab emulation, persistence & separate workspaces
-       ;;zen               ; distraction-free coding or writing
-
-       :editor
-       (evil +everywhere)
-                                        ; come to the dark side, we have cookies
-       file-templates                   ; auto-snippets for empty files
-       fold                             ; (nigh) universal code folding
-       (format +onsave)
-                                        ; automated prettiness
-       ;; multiple-cursors  ; editing in many places at once
-       ;; objed             ; text object editing for the innocent
-       parinfer          ; turn lisp into python, sort of, conflict with copilot/objed/smartparens
-       ;;rotate-text       ; cycle region at point between text candidates
-       snippets   ; my elves. They type so I don't have to
-       word-wrap         ; soft wrapping with language-aware indent
-
-       :emacs
-       dired             ; making dired pretty [functional]
-       electric          ; smarter, keyword-based electric-indent
-       ibuffer         ; interactive buffer management
-       undo              ; persistent, smarter undo for your inevitable mistakes
-       vc                ; version-control and Emacs, sitting in a tree
-
-       :term
-       ;;eshell            ; the elisp shell that works everywhere
-       ;;shell             ; simple shell REPL for Emacs
-       ;;term              ; basic terminal emulator for Emacs
-       vterm                            ; the best terminal emulation in Emacs
-
-       :checkers
-       syntax                        ; tasing you for every semicolon you forget
-       (spell +flyspell)
-                                        ; tasing you for misspelling mispelling
-       grammar                          ; tasing grammar mistake every you make
-
-       :tools
-       ;;ansible
-       ;;biblio            ; Writes a PhD for you (citation needed)
-       ;;collab            ; buffers with friends
-       ;;debugger          ; FIXME stepping through code, to help you add bugs
-       ;;direnv
-       (docker)
-       editorconfig      ; let someone else argue about tabs vs spaces
-       ;;ein               ; tame Jupyter notebooks with emacs
-       (eval +overlay)
-                                        ; run code, run (also, repls)
-       lookup                   ; navigate your code and its documentation
-       ;; lsp    ; lsp-mode, conflict with lsp-bridge
-       magit                    ; a git porcelain for Emacs
-       ;;make              ; run make tasks from Emacs
-       ;;pass              ; password manager for nerds
-       pdf                              ; pdf enhancements
-       ;;prodigy           ; FIXME managing external services & code builders
-       (terraform)
-                                        ; infrastructure as code
-       tree-sitter                    ; syntax and parsing, sitting in a tree...
-       ;;upload            ; map local to remote projects via ssh/ftp
-
-       :os
-       (:if IS-MAC macos)
-                                        ; improve compatibility with macOS
-       tty                              ; improve the terminal Emacs experience
-
-       :lang
-       ;;agda              ; types of types of types of types...
-       ;;beancount         ; mind the GAAP
-       (cc +tree-sitter)
-                                        ; C > C++ == 1
-       ;;clojure           ; java with a lisp
-       ;;common-lisp       ; if you've seen one lisp, you've seen them all
-       ;;coq               ; proofs-as-programs
-       ;;crystal           ; ruby at the speed of c
-       ;;csharp            ; unity, .NET, and mono shenanigans
-       data                     ; config/data formats
-       ;;(dart +flutter)   ; paint ui and not much else
-       ;;dhall
-       ;;elixir            ; erlang done right
-       ;;elm               ; care for a cup of TEA?
-       emacs-lisp                       ; drown in parentheses
-       ;;erlang            ; an elegant language for a more civilized age
-       ;;ess               ; emacs speaks statistics
-       ;;factor
-       ;;faust             ; dsp, but you get to keep your soul
-       ;;fortran           ; in FORTRAN, GOD is REAL (unless declared INTEGER)
-       ;;fsharp            ; ML stands for Microsoft's Language
-       ;;fstar             ; (dependent) types and (monadic) effects and Z3
-       ;;gdscript          ; the language you waited for
-       (go +tree-sitter)  ;; disable go-mode, use lsp-bridge instead
-                                        ; the hipster dialect
-       ;;(graphql)    ; Give queries a REST
-       ;;(haskell)    ; a language that's lazier than I am
-       ;;hy                ; readability of scheme w/ speed of python
-       ;;idris             ; a language you can depend on
-       (json +tree-sitter)
-                                        ; At least it ain't XML
-       (java +tree-sitter)
-                                        ; the poster child for carpal tunnel syndrome
-       (javascript +tree-sitter)
-                                        ; all(hope(abandon(ye(who(enter(here))))))
-       ;;julia             ; a better, faster MATLAB
-       ;;kotlin            ; a better, slicker Java(Script)
-       (latex)
-                                        ; writing papers in Emacs has never been so fun
-       ;;lean              ; for folks with too much to prove
-       ;;ledger            ; be audit you can be
-       (lua +tree-sitter)
-                                        ; one-based indices? one-based indices
-       (markdown +grip)
-                                        ; writing docs for people to ignore
-       ;;nim               ; python + lisp at the speed of c
-       (nix +tree-sitter)
-                                        ; I hereby declare "nix geht mehr!"
-       ;;ocaml             ; an objective camel
-       org              ; organize your plain life in plain text
-       ;;php               ; perl's insecure younger brother
-       ;;plantuml          ; diagrams for confusing people more
-       ;;purescript        ; javascript, but functional
-       (python +tree-sitter +pyright)
-                                        ; beautiful is better than ugly
-       ;;qt                ; the 'cutest' gui framework ever
-       racket           ; a DSL for DSLs
-       ;;raku              ; the artist formerly known as perl6
-       ;;rest              ; Emacs as a REST client
-       ;;rst               ; ReST in peace
-       ;;(ruby +rails)     ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
-       (rust +tree-sitter)
-                                        ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
-       ;;scala             ; java, but good
-       (scheme +guile)
-                                        ; a fully conniving family of lisps
-       (sh +tree-sitter)
-                                        ; she sells {ba,z,fi}sh shells on the C xor
-       ;;sml
-       ;;solidity          ; do you need a blockchain? No.
-       ;;swift             ; who asked for emoji variables?
-       ;;terra             ; Earth and Moon in alignment for performance.
-       (web +tree-sitter)
-                                        ; support for various web languages, including HTML5, CSS, SASS/SCSS, Pug/Jade/Slim, and more
-       (yaml +tree-sitter)
-                                        ; JSON, but readable
-       ;;zig               ; C, but simpler
-
-       :email
-       ;;(mu4e +org +gmail)
-       ;;notmuch
-       ;;(wanderlust +gmail)
-
-       :app
-       ;;calendar
-       ;;emms
-       ;;everywhere        ; *leave* Emacs!? You must be joking
-       ;;irc               ; how neckbeards socialize
-       ;;(rss +org)        ; emacs as an RSS reader
-       ;;twitter           ; twitter client https://twitter.com/vnought
-
-       :config
-       ;;literate
-       (default +bindings +smartparens))

home/base/desktop/editors/emacs/doom/packages.el

@@ -1,69 +0,0 @@
-;; -*- no-byte-compile: t; -*-
-;;; $DOOMDIR/packages.el
-
-;; To install a package with Doom you must declare them here and run 'doom sync'
-;; on the command line, then restart Emacs for the changes to take effect -- or
-;; use 'M-x doom/reload'.
-
-(package! nerd-icons)
-(package! rime)
-(package! wakatime-mode
-  :recipe
-  (:host github :repo "wakatime/wakatime-mode" :files
-         ("*.el" "dist")))
-
-(package! nushell-mode :recipe
-  (:host github :repo "mrkkrp/nushell-mode"))
-
-(when (package! lsp-bridge
-        :recipe (:host github
-                 :repo "manateelazycat/lsp-bridge"
-                 :branch "master"
-                 :files ("*.el" "*.py" "acm" "core" "langserver" "multiserver" "resources")
-                 ;; do not perform byte compilation or native compilation for lsp-bridge
-                 :build (:not compile)))
-  (package! markdown-mode)
-  (package! yasnippet))
-
-;; To install SOME-PACKAGE from MELPA, ELPA or emacsmirror:
-;; (package! some-package)
-
-;; To install a package directly from a remote git repo, you must specify a
-;; `:recipe'. You'll find documentation on what `:recipe' accepts here:
-;; https://github.com/radian-software/straight.el#the-recipe-format
-;; (package! another-package
-;;   :recipe (:host github :repo "username/repo"))
-
-;; If the package you are trying to install does not contain a PACKAGENAME.el
-;; file, or is located in a subdirectory of the repo, you'll need to specify
-;; `:files' in the `:recipe':
-;; (package! this-package
-;;   :recipe (:host github :repo "username/repo"
-;;            :files ("some-file.el" "src/lisp/*.el")))
-
-;; If you'd like to disable a package included with Doom, you can do so here
-;; with the `:disable' property:
-;; (package! builtin-package :disable t)
-
-;; You can override the recipe of a built in package without having to specify
-;; all the properties for `:recipe'. These will inherit the rest of its recipe
-;; from Doom or MELPA/ELPA/Emacsmirror:
-;; (package! builtin-package :recipe (:nonrecursive t))
-;; (package! builtin-package-2 :recipe (:repo "myfork/package"))
-
-;; Specify a `:branch' to install a package from a particular branch or tag.
-;; This is required for some packages whose default branch isn't 'master' (which
-;; our package manager can't deal with; see radian-software/straight.el#279)
-;; (package! builtin-package :recipe (:branch "develop"))
-
-;; Use `:pin' to specify a particular commit to install.
-;; (package! builtin-package :pin "1a2b3c4d5e")
-
-
-;; Doom's packages are pinned to a specific commit and updated from release to
-;; release. The `unpin!' macro allows you to unpin single packages...
-;; (unpin! pinned-package)
-;; ...or multiple packages
-;; (unpin! pinned-package another-pinned-package)
-;; ...Or *all* packages (NOT RECOMMENDED; will likely break things)
-;; (unpin! t)

home/base/desktop/editors/emacs/lsp-bridge-user-langserver/nil.json

@@ -1,10 +0,0 @@
-{
-  "name": "nil",
-  "languageId": "nix",
-  "command": ["nil"],
-  "settings": {
-    "nil": {
-      "formatting": { "command": ["alejandra"] }
-    }
-  }
-}

home/base/desktop/editors/helix/README.md

@@ -1,29 +0,0 @@
-# Helix Editor
-
-Neovim is really powerful, and have a very active community. I use it as my main editor, and I'm very happy with it. I use it for everything, from writing code to writing this document.
-
-But its configuration is a bit complex, and finding the right plugins, writing configurations, and keeping everything up to date is not easy.
-
-That's why I'm interested in Helix, Helix is similar to Neovim, but it's more opinionated, and it's batteries included.
-Whether I'll switch my main editor to Helix or not, it gives me a lot of ideas on how to improve my Neovim workflow.
-
-## Differences between Neovim and Helixer
-
-1. Neovim have a very activate plugin ecosystem, and it's easy to find plugins for almost everything.
-    1. Helix is still new, and it even do have a stable plugin system yet. A PR to add a plugin system is still envolving: <https://github.com/helix-editor/helix/pull/8675>
-2. Neovim has intergrated terminal, and it's very powerful. It's quite similar to VSCode's intergrated terminal. I use it a lot.
-    1. Helix doesn't have a intergrated terminal yet, as it's complicated to implement. Users are recommended to use tmux/Zellij or Wezterm/Kitty to implement this feature instead.
-    1. <https://github.com/helix-editor/helix/issues/1976#issuecomment-1091074719>
-    1. <https://github.com/helix-editor/helix/pull/4649>
-    1. **My Neovim often gets stuck when I switch to [toggleterm.nvim](https://github.com/akinsho/toggleterm.nvim), this Helix issue made me consider to switch from this Neovim plugin to Zellij**.
-1. Helix do not have a tree-view panel, it's recommended to use Yazi/ranger/Broot instead, and open Helix in them.
-    1. a tree-view plugin may be added after the plugin system is stable, but no one knows when it will be.
-    2. and some Helix users stated that they don't need a tree-view plugin, Helix's file picker is useful and good enough.
-1. It seems Helix lacks a substitution command, you should run it in another window(via wm or Zellij).
-    1. Neovim's substitution command allow you to preview the changes before you apply it, and it's very useful. if I switch to Helix, I'll need to find some other tools with similar feature(such as https://github.com/ms-jpq/sad).
-    2. The downside of Neovim's substitution command is that it's unable to save the command we just typed. If I made some things wrong, I have to type the whole substitution command again.
-
-I think Use Helix/Neovim within a terminal file manager(Yazi/ranger/Broot) and Zellij is a good idea. 
-It's quite different from the workflow I migrated from VSCode/JetBrains before, I'm very interested in it.
-
-In Neovim I can make the workflow similar to VSCode/JetBrains by using some plugins, but Helix forces me to get out of my comfort zone, and try something new.

home/base/desktop/editors/helix/default.nix

@@ -1,36 +0,0 @@
-{
-  pkgs,
-  nur-ryan4yin,
-  ...
-}: {
-  # https://github.com/catppuccin/helix
-  xdg.configFile."helix/themes".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-helix}/themes/default";
-
-  programs.helix = {
-    enable = true;
-    package = pkgs.helix;
-    settings = {
-      theme = "catppuccin_mocha";
-      editor = {
-        line-number = "relative";
-        cursorline = true;
-        color-modes = true;
-        lsp.display-messages = true;
-        cursor-shape = {
-          insert = "bar";
-          normal = "block";
-          select = "underline";
-        };
-        indent-guides.render = true;
-      };
-      keys.normal = {
-        space = {
-          space = "file_picker";
-          w = ":w";
-          q = ":q";
-        };
-        esc = ["collapse_selection" "keep_primary_selection"];
-      };
-    };
-  };
-}

home/base/desktop/editors/neovim/astronvim_user/.gitignore

@@ -1,2 +0,0 @@
-.clj-kondo/
-.nrepl-port

home/base/desktop/editors/neovim/astronvim_user/.nfnl.fnl

@@ -1 +0,0 @@
-{:source-file-patterns ["*.fnl" "**/*.fnl"]}

home/base/desktop/editors/neovim/astronvim_user/init.lua

@@ -1,579 +0,0 @@
-return {
-  colorscheme = "catppuccin",
-
-  options = {
-    opt = {
-      relativenumber = true, -- Show relative numberline
-      signcolumn = "auto", -- Show sign column when used only
-      spell = false,      -- Spell checking
-      swapfile = false,   -- Swapfile
-      smartindent = false, -- fix https://github.com/ryan4yin/nix-config/issues/4
-      title = true,       -- Set the title of window to `filename [+=-] (path) - NVIM`
-      -- The percentage of 'columns' to use for the title
-      -- When the title is longer, only the end of the path name is shown.
-      titlelen = 20,
-    },
-  },
-
-  plugins = {
-    "AstroNvim/astrocommunity",
-    -- Motion
-    { import = "astrocommunity.motion.mini-surround" },
-    -- https://github.com/echasnovski/mini.ai
-    { import = "astrocommunity.motion.mini-ai" },
-    { import = "astrocommunity.motion.flash-nvim" },
-    -- diable toggleterm.nvim, zellij's terminal is far better than neovim's one
-    { "akinsho/toggleterm.nvim",                                   enabled = false },
-    { "folke/flash.nvim",                                          vscode = false },
-    -- Highly experimental plugin that completely replaces
-    -- the UI for messages, cmdline and the popupmenu.
-    -- { import = "astrocommunity.utility.noice-nvim" },
-    -- Fully featured & enhanced replacement for copilot.vim
-    -- <Tab> work with both auto completion in cmp and copilot
-    { import = "astrocommunity.media.vim-wakatime" },
-    { import = "astrocommunity.motion.leap-nvim" },
-    { import = "astrocommunity.motion.flit-nvim" },
-    { import = "astrocommunity.scrolling.nvim-scrollbar" },
-    { import = "astrocommunity.editing-support.todo-comments-nvim" },
-    -- Language Support
-    ---- Frontend & NodeJS
-    { import = "astrocommunity.pack.typescript-all-in-one" },
-    { import = "astrocommunity.pack.tailwindcss" },
-    { import = "astrocommunity.pack.html-css" },
-    { import = "astrocommunity.pack.prisma" },
-    { import = "astrocommunity.pack.vue" },
-    ---- Configuration Language
-    { import = "astrocommunity.pack.markdown" },
-    { import = "astrocommunity.pack.json" },
-    { import = "astrocommunity.pack.yaml" },
-    { import = "astrocommunity.pack.toml" },
-    ---- Backend / System
-    { import = "astrocommunity.pack.lua" },
-    { import = "astrocommunity.pack.go" },
-    { import = "astrocommunity.pack.rust" },
-    { import = "astrocommunity.pack.python" },
-    { import = "astrocommunity.pack.java" },
-    { import = "astrocommunity.pack.cmake" },
-    { import = "astrocommunity.pack.cpp" },
-    -- { import = "astrocommunity.pack.nix" },  -- manually add config for nix, comment this one.
-    { import = "astrocommunity.pack.proto" },
-
-    ---- Operation & Cloud Native
-    { import = "astrocommunity.pack.terraform" },
-    { import = "astrocommunity.pack.bash" },
-    { import = "astrocommunity.pack.docker" },
-    { import = "astrocommunity.pack.helm" },
-
-    -- colorscheme
-    { import = "astrocommunity.colorscheme.catppuccin" },
-    {
-      "catppuccin/nvim",
-      name = "catppuccin",
-      opts = function(_, opts)
-        opts.flavour = "mocha"              -- latte, frappe, macchiato, mocha
-        opts.transparent_background = true -- setting the background color.
-      end,
-    },
-    -- Language Parser for syntax highlighting / indentation / folding / Incremental selection
-    {
-      "nvim-treesitter/nvim-treesitter",
-      opts = function(_, opts)
-        local utils = require("astronvim.utils")
-        opts.incremental_selection = {
-          enable = true,
-          keymaps = {
-            init_selection = "<C-space>", -- Ctrl + Space
-            node_incremental = "<C-space>",
-            scope_incremental = "<A-space>", -- Alt + Space
-            node_decremental = "<bs>", -- Backspace
-          },
-        }
-        opts.ignore_install = { "gotmpl" }
-        opts.ensure_installed = utils.list_insert_unique(opts.ensure_installed, {
-          -- neovim
-          "vim",
-          "lua",
-          -- operation & cloud native
-          "dockerfile",
-          "hcl",
-          "jsonnet",
-          "regex",
-          "terraform",
-          "nix",
-          "csv",
-          -- other programming language
-          "diff",
-          "gitignore",
-          "gitcommit",
-          "latex",
-          "sql",
-          -- Lisp like
-          "fennel",
-          "clojure",
-          "commonlisp",
-          -- customized languages:
-          "scheme",
-        })
-
-        -- add support for scheme
-        local parser_config = require("nvim-treesitter.parsers").get_parser_configs()
-        parser_config.scheme = {
-          install_info = {
-            url = "https://github.com/6cdh/tree-sitter-scheme", -- local path or git repo
-            files = { "src/parser.c" },
-            -- optional entries:
-            branch = "main",                  -- default branch in case of git repo if different from master
-            generate_requires_npm = false,    -- if stand-alone parser without npm dependencies
-            requires_generate_from_grammar = false, -- if folder contains pre-generated src/parser.c
-          },
-        }
-        -- use scheme parser for filetypes: scm
-        vim.treesitter.language.register("scheme", "scm")
-      end,
-    },
-    {
-      "eraserhd/parinfer-rust",
-      build = "cargo build --release",
-      ft = { "scm", "scheme" },
-    },
-    { "Olical/nfnl",                                       ft = "fennel" },
-    {
-      "Olical/conjure",
-      ft = { "clojure", "fennel", "python", "scheme" }, -- etc
-      -- [Optional] cmp-conjure for cmp
-      dependencies = {
-        {
-          "PaterJason/cmp-conjure",
-          config = function()
-            local cmp = require("cmp")
-            local config = cmp.get_config()
-            table.insert(config.sources, {
-              name = "buffer",
-              option = {
-                sources = {
-                  { name = "conjure" },
-                },
-              },
-            })
-            cmp.setup(config)
-          end,
-        },
-      },
-      config = function(_, opts)
-        require("conjure.main").main()
-        require("conjure.mapping")["on-filetype"]()
-      end,
-      init = function()
-        -- Set configuration options here
-        vim.g["conjure#debug"] = true
-      end,
-    },
-    {
-      "nvim-orgmode/orgmode",
-      dependencies = {
-        { "nvim-treesitter/nvim-treesitter", lazy = true },
-      },
-      event = "VeryLazy",
-      config = function()
-        -- Load treesitter grammar for org
-        require("orgmode").setup_ts_grammar()
-
-        -- Setup treesitter
-        require("nvim-treesitter.configs").setup({
-          highlight = {
-            enable = true,
-            additional_vim_regex_highlighting = { "org" },
-          },
-          ensure_installed = { "org" },
-        })
-
-        -- Setup orgmode
-        require("orgmode").setup({
-          org_agenda_files = "~/org/**/*",
-          org_default_notes_file = "~/org/refile.org",
-        })
-      end,
-    },
-
-    -- Lua implementation of CamelCaseMotion, with extra consideration of punctuation.
-    { import = "astrocommunity.motion.nvim-spider" },
-    -- AI Assistant
-    { import = "astrocommunity.completion.copilot-lua-cmp" },
-    -- Custom copilot-lua to enable filtypes: markdown
-    {
-      "zbirenbaum/copilot.lua",
-      opts = function(_, opts)
-        opts.filetypes = {
-          yaml = true,
-          markdown = true,
-        }
-      end,
-    },
-
-    {
-      "0x00-ketsu/autosave.nvim",
-      -- lazy-loading on events
-      event = { "InsertLeave", "TextChanged" },
-      opts = function(_, opts)
-        opts.prompt_style = "stdout" -- notify or stdout
-      end,
-    },
-
-    -- markdown preview
-    {
-      "0x00-ketsu/markdown-preview.nvim",
-      ft = { "md", "markdown", "mkd", "mkdn", "mdwn", "mdown", "mdtxt", "mdtext", "rmd", "wiki" },
-      config = function()
-        require("markdown-preview").setup({
-          -- your configuration comes here
-          -- or leave it empty to use the default settings
-          -- refer to the setup section below
-        })
-      end,
-    },
-
-    -- clipboard manager
-    {
-      "gbprod/yanky.nvim",
-      opts = function()
-        local mapping = require("yanky.telescope.mapping")
-        local mappings = mapping.get_defaults()
-        mappings.i["<c-p>"] = nil
-        return {
-          highlight = { timer = 200 },
-          picker = {
-            telescope = {
-              use_default_mappings = false,
-              mappings = mappings,
-            },
-          },
-        }
-      end,
-      keys = {
-        {
-          "y",
-          "<Plug>(YankyYank)",
-          mode = { "n", "x" },
-          desc = "Yank text",
-        },
-        {
-          "p",
-          "<Plug>(YankyPutAfter)",
-          mode = { "n", "x" },
-          desc = "Put yanked text after cursor",
-        },
-        {
-          "P",
-          "<Plug>(YankyPutBefore)",
-          mode = { "n", "x" },
-          desc = "Put yanked text before cursor",
-        },
-        {
-          "gp",
-          "<Plug>(YankyGPutAfter)",
-          mode = { "n", "x" },
-          desc = "Put yanked text after selection",
-        },
-        {
-          "gP",
-          "<Plug>(YankyGPutBefore)",
-          mode = { "n", "x" },
-          desc = "Put yanked text before selection",
-        },
-        { "[y", "<Plug>(YankyCycleForward)",              desc = "Cycle forward through yank history" },
-        { "]y", "<Plug>(YankyCycleBackward)",             desc = "Cycle backward through yank history" },
-        { "]p", "<Plug>(YankyPutIndentAfterLinewise)",    desc = "Put indented after cursor (linewise)" },
-        { "[p", "<Plug>(YankyPutIndentBeforeLinewise)",   desc = "Put indented before cursor (linewise)" },
-        { "]P", "<Plug>(YankyPutIndentAfterLinewise)",    desc = "Put indented after cursor (linewise)" },
-        { "[P", "<Plug>(YankyPutIndentBeforeLinewise)",   desc = "Put indented before cursor (linewise)" },
-        { ">p", "<Plug>(YankyPutIndentAfterShiftRight)",  desc = "Put and indent right" },
-        { "<p", "<Plug>(YankyPutIndentAfterShiftLeft)",   desc = "Put and indent left" },
-        { ">P", "<Plug>(YankyPutIndentBeforeShiftRight)", desc = "Put before and indent right" },
-        { "<P", "<Plug>(YankyPutIndentBeforeShiftLeft)",  desc = "Put before and indent left" },
-        { "=p", "<Plug>(YankyPutAfterFilter)",            desc = "Put after applying a filter" },
-        { "=P", "<Plug>(YankyPutBeforeFilter)",           desc = "Put before applying a filter" },
-      },
-    },
-
-    -- Enhanced matchparen.vim plugin for Neovim to highlight the outer pair.
-    {
-      "utilyre/sentiment.nvim",
-      version = "*",
-      event = "VeryLazy", -- keep for lazy loading
-      opts = {
-        -- config
-      },
-      init = function()
-        -- `matchparen.vim` needs to be disabled manually in case of lazy loading
-        vim.g.loaded_matchparen = 1
-      end,
-    },
-
-    -- joining blocks of code into oneline, or splitting one line into multiple lines.
-    {
-      "Wansmer/treesj",
-      keys = { "<space>m", "<space>j", "<space>s" },
-      dependencies = { "nvim-treesitter/nvim-treesitter" },
-      config = function()
-        require("treesj").setup({ --[[ your config ]]
-        })
-      end,
-    },
-
-    -- File explorer(Custom configs)
-    {
-      "nvim-neo-tree/neo-tree.nvim",
-      opts = {
-        filesystem = {
-          filtered_items = {
-            visible = true, -- visible by default
-            hide_dotfiles = false,
-            hide_gitignored = false,
-          },
-        },
-      },
-    },
-    -- The plugin offers the alibity to refactor code.
-    {
-      "ThePrimeagen/refactoring.nvim",
-      dependencies = {
-        { "nvim-lua/plenary.nvim" },
-        { "nvim-treesitter/nvim-treesitter" },
-      },
-    },
-    -- The plugin offers the abilibty to search and replace.
-    {
-      "nvim-pack/nvim-spectre",
-      dependencies = {
-        { "nvim-lua/plenary.nvim" },
-      },
-    },
-
-    -- full signature help, docs and completion for the nvim lua API.
-    { "folke/neodev.nvim",     opts = {} },
-    -- automatically highlighting other uses of the word under the cursor using either LSP, Tree-sitter, or regex matching.
-    { "RRethy/vim-illuminate", config = function() end },
-    -- implementation/definition preview
-    {
-      "rmagatti/goto-preview",
-      config = function()
-        require("goto-preview").setup({})
-      end,
-    },
-
-    -- Undo tree
-    { "debugloop/telescope-undo.nvim" },
-
-    -- Install lsp, formmatter and others via home manager instead of Mason.nvim
-    -- LSP installations
-    {
-      "williamboman/mason-lspconfig.nvim",
-      -- mason is unusable on NixOS, disable it.
-      -- ensure_installed nothing
-      opts = function(_, opts)
-        opts.ensure_installed = nil
-        opts.automatic_installation = false
-      end,
-    },
-    -- Formatters/Linter installation
-    {
-      "jay-babu/mason-null-ls.nvim",
-      -- mason is unusable on NixOS, disable it.
-      -- ensure_installed nothing
-      opts = function(_, opts)
-        opts.ensure_installed = nil
-        opts.automatic_installation = false
-      end,
-    },
-    -- Debugger installation
-    {
-      "jay-babu/mason-nvim-dap.nvim",
-      -- mason is unusable on NixOS, disable it.
-      -- ensure_installed nothing
-      opts = function(_, opts)
-        opts.ensure_installed = nil
-        opts.automatic_installation = false
-      end,
-    },
-
-    {
-      "jose-elias-alvarez/null-ls.nvim",
-      opts = function(_, opts)
-        local null_ls = require("null-ls")
-        local code_actions = null_ls.builtins.code_actions
-        local diagnostics = null_ls.builtins.diagnostics
-        local formatting = null_ls.builtins.formatting
-        local hover = null_ls.builtins.hover
-        local completion = null_ls.builtins.completion
-        -- https://github.com/jose-elias-alvarez/null-ls.nvim/blob/main/doc/BUILTINS.md
-        if type(opts.sources) == "table" then
-          vim.list_extend(opts.sources, {
-            -- Common Code Actions
-            code_actions.gitsigns,
-            -- common refactoring actions based off the Refactoring book by Martin Fowler
-            code_actions.refactoring,
-            code_actions.gomodifytags, -- Go - modify struct field tags
-            code_actions.impl,   -- Go - generate interface method stubs
-            code_actions.shellcheck,
-            code_actions.proselint, -- English prose linter
-            code_actions.statix, -- Lints and suggestions for Nix.
-
-            -- Diagnostic
-            diagnostics.actionlint, -- GitHub Actions workflow syntax checking
-            diagnostics.buf,  -- check text in current buffer
-            diagnostics.checkmake, -- check Makefiles
-            diagnostics.deadnix, -- Scan Nix files for dead code.
-
-            -- Formatting
-            formatting.prettier,                 -- js/ts/vue/css/html/json/... formatter
-            diagnostics.hadolint,                -- Dockerfile linter
-            formatting.black,                    -- Python formatter
-            formatting.ruff,                     -- extremely fast Python linter
-            formatting.goimports,                -- Go formatter
-            formatting.shfmt,                    -- Shell formatter
-            formatting.rustfmt,                  -- Rust formatter
-            formatting.taplo,                    -- TOML formatteautoindentr
-            formatting.terraform_fmt,            -- Terraform formatter
-            formatting.stylua,                   -- Lua formatter
-            formatting.alejandra,                -- Nix formatter
-            formatting.sqlfluff.with({           -- SQL formatter
-              extra_args = { "--dialect", "postgres" }, -- change to your dialect
-            }),
-            formatting.nginx_beautifier,         -- Nginx formatter
-            formatting.verible_verilog_format,   -- Verilog formatter
-            formatting.emacs_scheme_mode,        -- using emacs in batch mode to format scheme files.
-            formatting.fnlfmt,                   -- Format Fennel code
-          })
-        end
-      end,
-    },
-
-    {
-      "nvim-telescope/telescope.nvim",
-      branch = "0.1.x",
-      dependencies = { "nvim-lua/plenary.nvim" },
-      init = function()
-        -- 1. Disable highlighting for certain filetypes
-        -- 2. Ignore files larger than a certain filesize
-        local previewers = require("telescope.previewers")
-
-        local _bad = { ".*%.csv", ".*%.min.js" } -- Put all filetypes that slow you down in this array
-        local filesize_threshold = 300 * 1024 -- 300KB
-        local bad_files = function(filepath)
-          for _, v in ipairs(_bad) do
-            if filepath:match(v) then
-              return false
-            end
-          end
-          return true
-        end
-
-        local new_maker = function(filepath, bufnr, opts)
-          opts = opts or {}
-          if opts.use_ft_detect == nil then
-            opts.use_ft_detect = true
-          end
-
-          -- 1. Check if the file is in the bad_files array, and if so, don't highlight it
-          opts.use_ft_detect = opts.use_ft_detect == false and false or bad_files(filepath)
-
-          -- 2. Check the file size, and ignore it if it's too big(preview nothing).
-          filepath = vim.fn.expand(filepath)
-          vim.loop.fs_stat(filepath, function(_, stat)
-            if not stat then
-              return
-            end
-            if stat.size > filesize_threshold then
-              return
-            else
-              previewers.buffer_previewer_maker(filepath, bufnr, opts)
-            end
-          end)
-        end
-
-        require("telescope").setup({
-          defaults = {
-            buffer_previewer_maker = new_maker,
-          },
-        })
-      end,
-    },
-  },
-
-  -- Configure require("lazy").setup() options
-  lazy = {
-    defaults = { lazy = true },
-    performance = {
-      rtp = {
-        -- customize default disabled vim plugins
-        disabled_plugins = {},
-      },
-    },
-  },
-
-  -- https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md
-  lsp = {
-    config = {
-      -- the offset_enconding of clangd will confilicts whit null-ls
-      -- so we need to manually set it to utf-8
-      clangd = {
-        capabilities = {
-          offsetEncoding = "utf-8",
-        },
-      },
-      scheme_langserver = {
-        filetypes = { "scheme", "scm" },
-        single_file_support = true,
-      },
-    },
-    -- enable servers that installed by home-manager instead of mason
-    servers = {
-      ---- Frontend & NodeJS
-      "tsserver",       -- typescript/javascript language server
-      "tailwindcss",    -- tailwindcss language server
-      "html",           -- html language server
-      "cssls",          -- css language server
-      "prismals",       -- prisma language server
-      "volar",          -- vue language server
-      ---- Configuration Language
-      "marksman",       -- markdown ls
-      "jsonls",         -- json language server
-      "yamlls",         -- yaml language server
-      "taplo",          -- toml language server
-      ---- Backend
-      "lua_ls",         -- lua
-      "gopls",          -- go
-      "rust_analyzer",  -- rust
-      "pyright",        -- python
-      "ruff_lsp",       -- extremely fast Python linter and code transformation
-      "jdtls",          -- java
-      "nil_ls",         -- nix language server
-      "bufls",          -- protocol buffer language server
-      "zls",            -- zig language server
-      ---- HDL
-      "verible",        -- verilog language server
-      ---- Operation & Cloud Nativautoindente
-      "bashls",         -- bash
-      "cmake",          -- cmake language server
-      "clangd",         -- c/c++
-      "dockerls",       -- dockerfile
-      "jsonnet_ls",     -- jsonnet language server
-      "terraformls",    -- terraform hcl
-      "nushell",        -- nushell language server
-      "scheme_langserver", -- scheme language server
-    },
-    formatting = {
-      disabled = {},
-      format_on_save = {
-        enabled = true,
-        allow_filetypes = {
-          "go",
-          "jsonnet",
-          "rust",
-          "terraform",
-          "nu",
-        },
-      },
-    },
-  },
-}

home/base/desktop/editors/neovim/astronvim_user/mappings.lua

@@ -1,66 +0,0 @@
--- Mapping data with "desc" stored directly by vim.keymap.set().
---
--- Please use this mappings table to set keyboard mapping since this is the
--- lower level configuration and more robust one. (which-key will
--- automatically pick-up stored data by this setting.)
-local utils = require "astronvim.utils"
-
-require("telescope").load_extension("refactoring")
-require("telescope").load_extension("yank_history")
-require("telescope").load_extension("undo")
-
-return {
-  -- normal mode
-  n = {
-    -- second key is the lefthand side of the map
-    -- mappings seen under group name "Buffer"
-    ["<leader>bn"] = { "<cmd>tabnew<cr>", desc = "New tab" },
-    -- quick save
-    ["<C-s>"] = { ":w!<cr>", desc = "Save File" },  -- change description but the same command
-
-    -- Terminal
-    -- NOTE: https://neovim.io/doc/user/builtin.html#jobstart()
-    --   1. If {cmd} is a List it runs directly (no 'shell')
-    --   2. If {cmd} is a String it runs in the 'shell'
-    -- search and replace globally
-    ['<leader>ss'] = {'<cmd>lua require("spectre").toggle()<CR>', desc = "Toggle Spectre" },
-    ['<leader>sw'] = {'<cmd>lua require("spectre").open_visual({select_word=true})<CR>', desc = "Search current word" },
-    ['<leader>sp'] ={'<cmd>lua require("spectre").open_file_search({select_word=true})<CR>', desc = "Search on current file" },
-
-    -- refactoring
-    ["<leader>ri"] = { function() require('refactoring').refactor('Inline Variable') end, desc = "Inverse of extract variable" },
-    ["<leader>rb"] = { function() require('refactoring').refactor('Extract Block') end, desc = "Extract Block" },
-    ["<leader>rbf"] = { function() require('refactoring').refactor('Extract Block To File') end, desc = "Extract Block To File" },
-    ["<leader>rr"] = { function() require('telescope').extensions.refactoring.refactors() end, desc = "Prompt for a refactor to apply" },
-    ["<leader>rp"] = { function() require('refactoring').debug.printf({below = false}) end, desc = "Insert print statement to mark the calling of a function" },
-    ["<leader>rv"] = { function() require('refactoring').debug.print_var() end, desc = "Insert print statement to print a variable" },
-    ["<leader>rc"] = { function() require('refactoring').debug.cleanup({}) end, desc = "Cleanup of all generated print statements" },
-
-    -- yank_history
-    ["<leader>yh"] = { function() require("telescope").extensions.yank_history.yank_history() end, desc = "Preview Yank History" },
-
-    -- undo history
-    ["<leader>uh"] = {"<cmd>Telescope undo<cr>", desc="Telescope undo" },
-
-    -- implementation/definition preview
-    ["gpd"] = { "<cmd>lua require('goto-preview').goto_preview_definition()<CR>", desc="goto_preview_definition" },
-    ["gpt"] = { "<cmd>lua require('goto-preview').goto_preview_type_definition()<CR>", desc="goto_preview_type_definition" },
-    ["gpi"] = { "<cmd>lua require('goto-preview').goto_preview_implementation()<CR>", desc="goto_preview_implementation" },
-    ["gP" ] = {  "<cmd>lua require('goto-preview').close_all_win()<CR>", desc="close_all_win" },
-    ["gpr"] = { "<cmd>lua require('goto-preview').goto_preview_references()<CR>", desc="goto_preview_references" },
-  },
-  -- Visual mode
-  v = {
-    -- search and replace globally
-    ['<leader>sw'] =  {'<esc><cmd>lua require("spectre").open_visual()<CR>', desc = "Search current word" },
-  },
-  -- visual mode(what's the difference between v and x???)
-  x = {
-    -- refactoring
-    ["<leader>ri"] = { function() require('refactoring').refactor('Inline Variable') end, desc = "Inverse of extract variable" },
-    ["<leader>re"] = { function() require('refactoring').refactor('Extract Function') end, desc = "Extracts the selected code to a separate function" },
-    ["<leader>rf"] = { function() require('refactoring').refactor('Extract Function To File') end, desc = "Extract Function To File" },
-    ["<leader>rv"] = { function() require('refactoring').refactor('Extract Variable') end, desc = "Extracts occurrences of a selected expression to its own variable" },
-    ["<leader>rr"] = { function() require('telescope').extensions.refactoring.refactors() end, desc = "Prompt for a refactor to apply" },
-  },
-}

home/base/desktop/editors/neovim/default.nix

@@ -1,62 +0,0 @@
-{
-  pkgs,
-  astronvim,
-  ...
-}:
-###############################################################################
-#
-#  AstroNvim's configuration and all its dependencies(lsp, formatter, etc.)
-#
-#e#############################################################################
-let
-  shellAliases = {
-    v = "nvim";
-    vdiff = "nvim -d";
-  };
-in {
-  xdg.configFile = {
-    # astronvim's config
-    "nvim" = {
-      source = astronvim;
-      force = true;
-    };
-
-    # my custom astronvim config, astronvim will load it after base config
-    # https://github.com/AstroNvim/AstroNvim/blob/v3.32.0/lua/astronvim/bootstrap.lua#L15-L16
-    "astronvim/lua/user" = {
-      source = ./astronvim_user;
-      force = true;
-    };
-  };
-
-  home.shellAliases = shellAliases;
-  programs.nushell.shellAliases = shellAliases;
-
-  nixpkgs.config = {
-    programs.npm.npmrc = ''
-      prefix = ''${HOME}/.npm-global
-    '';
-  };
-
-  programs = {
-    neovim = {
-      enable = true;
-
-      defaultEditor = true;
-      viAlias = true;
-      vimAlias = true;
-
-      # currently we use lazy.nvim as neovim's package manager, so comment this one.
-      # Install packages that will compile locally or download FHS binaries via Nix!
-      # and use lazy.nvim's `dir` option to specify the package directory in nix store.
-      # so that these plugins can work on NixOS.
-      #
-      # related project:
-      #  https://github.com/b-src/lazy-nix-helper.nvim
-      plugins = with pkgs.vimPlugins; [
-        # search all the plugins using https://search.nixos.org/packages
-        telescope-fzf-native-nvim
-      ];
-    };
-  };
-}

home/base/desktop/editors/packages.nix

@@ -1,130 +0,0 @@
-{pkgs, ...}: {
-  home.packages = with pkgs;
-    [
-      #-- c/c++
-      cmake
-      cmake-language-server
-      gnumake
-      checkmake
-      llvmPackages.clang-unwrapped # c/c++ tools with clang-tools such as clanvimPlugins.nvim-treesitter-parsers.vuegd
-      lldb
-      # c/c++ compiler, required by nvim-treesitter!
-      # to avoid conflicts, you can comment clang-unwrapped first to compile all nvim-treesitter-parsers.
-      gcc
-
-      #-- python
-      nodePackages.pyright # python language server
-      (python310.withPackages (
-        ps:
-          with ps; [
-            ruff-lsp
-            black # python formatter
-
-            ipython
-            pandas
-            requests
-            pyquery
-            pyyaml
-
-            ## emacs's lsp-bridge dependenciesge
-            epc
-            orjson
-            sexpdata
-            six
-            setuptools
-            paramiko
-            rapidfuzz
-          ]
-      ))
-
-      #-- rust
-      rust-analyzer
-      cargo # rust package manager
-      rustfmt
-
-      #-- zig
-      zls
-
-      #-- nix
-      nil
-      rnix-lsp
-      # nixd
-      statix # Lints and suggestions for the nix programming language
-      deadnix # Find and remove unused code in .nix source files
-      alejandra # Nix Code Formatter
-
-      #-- golang
-      go
-      gomodifytags
-      iferr # generate error handling code for go
-      impl # generate function implementation for go
-      gotools # contains tools like: godoc, goimports, etc.
-      gopls # go language server
-      delve # go debugger
-
-      # -- java
-      jdk17
-      gradle
-      maven
-      spring-boot-cli
-
-      #-- lua
-      stylua
-      lua-language-server
-
-      #-- bash
-      nodePackages.bash-language-server
-      shellcheck
-      shfmt
-
-      #-- javascript/typescript --#
-      nodePackages.nodejs
-      nodePackages.typescript
-      nodePackages.typescript-language-server
-      # HTML/CSS/JSON/ESLint language servers extracted from vscode
-      nodePackages.vscode-langservers-extracted
-      nodePackages."@tailwindcss/language-server"
-      emmet-ls
-
-      #-- CloudNative
-      nodePackages.dockerfile-language-server-nodejs
-      # terraform  # install via brew on macOS
-      terraform-ls
-      jsonnet
-      jsonnet-language-server
-      hadolint # Dockerfile linter
-
-      # -- Lisp like Languages
-      guile
-      racket-minimal
-      fnlfmt # fennel
-
-      #-- Others
-      taplo # TOML language server / formatter / validator
-      nodePackages.yaml-language-server
-      sqlfluff # SQL linter
-      actionlint # GitHub Actions linter
-      buf # protoc plugin for linting and formatting
-      proselint # English prose linter
-
-      #-- Misc
-      tree-sitter # common language parser/highlighter
-      nodePackages.prettier # common code formatter
-      marksman # language server for markdown
-      glow # markdown previewer
-      fzf
-
-      #-- Optional Requirements:
-      gdu # disk usage analyzer, required by AstroNvim
-      (ripgrep.override {withPCRE2 = true;}) # recursively searches directories for a regex pattern
-    ]
-    ++ (
-      if pkgs.stdenv.isDarwin
-      then []
-      else [
-        #-- verilog / systemverilog
-        verible
-        gdb
-      ]
-    );
-}

home/base/desktop/shell.nix

@@ -1,39 +0,0 @@
-{pkgs-unstable, ...}: let
-  nu_scripts = pkgs-unstable.nu_scripts;
-in {
-  programs.bash = {
-    # load the alias file for work
-    bashrcExtra = ''
-      alias_for_work=/etc/agenix/alias-for-work.bash
-      if [ -f $alias_for_work ]; then
-        . $alias_for_work
-      else
-        echo "No alias file found for work"
-      fi
-    '';
-  };
-
-  programs.nushell = {
-    # load the alias file for work
-    # the file must exist, otherwise nushell will complain about it!
-    #
-    # currently, nushell does not support conditional sourcing of files
-    # https://github.com/nushell/nushell/issues/8214
-    extraConfig = ''
-      source /etc/agenix/alias-for-work.nushell
-      # completion
-      use ${nu_scripts}/share/nu_scripts/custom-completions/git/git-completions.nu *
-      use ${nu_scripts}/share/nu_scripts/custom-completions/glow/glow-completions.nu *
-      use ${nu_scripts}/share/nu_scripts/custom-completions/just/just-completions.nu *
-      use ${nu_scripts}/share/nu_scripts/custom-completions/make/make-completions.nu *
-      use ${nu_scripts}/share/nu_scripts/custom-completions/man/man-completions.nu *
-      use ${nu_scripts}/share/nu_scripts/custom-completions/nix/nix-completions.nu *
-      use ${nu_scripts}/share/nu_scripts/custom-completions/cargo/cargo-completions.nu *
-      use ${nu_scripts}/share/nu_scripts/custom-completions/zellij/zellij-completions.nu *
-      # alias
-      use ${nu_scripts}/share/nu_scripts/aliases/git/git-aliases.nu *
-      use ${nu_scripts}/share/nu_scripts/aliases/eza/eza-aliases.nu *
-      # use ${nu_scripts}/share/nu_scripts/aliases/bat/bat-aliases.nu *
-    '';
-  };
-}

home/base/desktop/ssh.nix

@@ -1,53 +0,0 @@
-{mysecrets, ...}: {
-  home.file.".ssh/romantic.pub".source = "${mysecrets}/public/romantic.pub";
-
-  programs.ssh = {
-    enable = true;
-
-    # all my ssh private key are generated by `ssh-keygen -t ed25519 -C "ryan@nickname"`
-    # the config's format:
-    #   Host —  given the pattern used to match against the host name given on the command line.
-    #   HostName — specify nickname or abbreviation for host
-    #   IdentityFile — the location of your SSH key authentication file for the account.
-    # format in details:
-    #   https://www.ssh.com/academy/ssh/config
-    extraConfig = ''
-      # a private key that is used during authentication will be added to ssh-agent if it is running
-      AddKeysToAgent yes
-
-      Host 192.168.*
-        # allow to securely use local SSH agent to authenticate on the remote machine.
-        # It has the same effect as adding cli option `ssh -A user@host`
-        ForwardAgent yes
-        # romantic holds my homelab~
-        IdentityFile /etc/agenix/ssh-key-romantic
-        # Specifies that ssh should only use the identity file explicitly configured above
-        # required to prevent sending default identity files first.
-        IdentitiesOnly yes
-
-      Host gtr5
-        HostName 192.168.5.172
-        Port 22
-
-      Host um560
-        HostName 192.168.5.173
-        Port 22
-
-      Host s500plus
-        HostName 192.168.5.174
-        Port 22
-
-      Host k8s-main
-        HostName 192.168.5.181
-        ForwardAgent yes
-
-      Host k8s-data1
-        HostName 192.168.5.182
-        ForwardAgent yes
-
-      Host k8s-data2
-        HostName 192.168.5.183
-        ForwardAgent yes
-    '';
-  };
-}

home/base/desktop/terminal/README.md

@@ -1,73 +0,0 @@
-# Termianl Emulators
-
-I used to spend a lot of time on terminal emulators, to make them match my taste, 
-but now I found that it's not worth it, **Zellij can provide a user-friendly and unified user experience for all terminal emulators! without any pain**!
-
-Currently, I only use the most basic features of terminal emulators, such as true color, graphics protocol, etc.
-Other features such as tabs, scrollback buffer, select/search/copy, etc, are all provided by zellij!
-
-My current terminal emulators are:
-
-1. kitty: My main terminal emulator.
-    1. to select/copy a large mount of text, We should do some tricks via kitty's `scrollback_pager` with neovim, it's really painful: <https://github.com/kovidgoyal/kitty/issues/719>
-2. wezterm: My secondary terminal emulator.
-    1. its search ability is very basic, and it's not easy to use.
-    1. its scrollback buffer's copy mode is very like vim, which is nice, but zellij's even better, it can use neovim as its default scrollback buffer's editor without any pain!
-3. foot: a fast, lightweight and minimalistic Wayland terminal emulator.
-    1. foot only do the things a terminal emulator should do, no more, no less.
-    1. It's really suitable for tiling window manager or zellij users!
-
-## 'xterm-kitty': unknown terminal type when `ssh` into a remote host or `sudo xxx`
-
-> https://sw.kovidgoyal.net/kitty/faq/#i-get-errors-about-the-terminal-being-unknown-or-opening-the-terminal-failing-or-functional-keys-like-arrow-keys-don-t-work
-
-> https://wezfurlong.org/wezterm/config/lua/config/term.html
-
-kitty set `TERM` to `xterm-kitty` by default, and TUI apps like `viu`, `yazi`, `curses` will try to search in the host's [terminfo(terminal capability data base)](https://linux.die.net/man/5/terminfo) for value of `TERM` to determine the capabilities of the terminal.
-
-But when you `ssh` into a remote host, the remote host is very likely to not have `xterm-kitty` in its terminfo, so you will get this error:
-
-```
-'xterm-kitty': unknown terminal type
-```
-
-Or when you `sudo xxx`, `sudo` won't preserve the `TERM` variable, it will be reset to root's default `TERM` value, which is `xterm` or `xterm-256color` in most linux distributions, so you will get this error:
-
-```
-'xterm-256color': unknown terminal type
-```
-
-or 
-
-```
-Error opening terminal: xterm-kitty.
-```
-
-NixOS preserve the `TERMINFO` and `TERMINFO_DIRS` environment variables, for `root` and the `wheel` group: [nixpkgs/nixos/modules/config/terminfo.nix](https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/config/terminfo.nix#L18)
-
-For nix-darwin, take a look at <https://github.com/LnL7/nix-darwin/wiki/Terminfo-issues>
-
-### Solutions
-
-Simplest solution, it will automatically copy over the terminfo files and also magically enable shell integration on the remote machine: 
-
-```
-kitten ssh user@host
-```
-
-Or if you do not care about kitty's features(such as true color & graphics protocol), you can simply set `TERM` to `xterm-256color`, which is built-in in most linux distributions:
-
-```
-export TERM=xterm-256color
-```
-
-If you need kitty's features, but do not like the magic of `kitten`, you can manually install kitty's terminfo on the remote host:
-
-```bash
-# install on ubuntu / debian
-sudo apt-get install kitty-terminfo
-
-# or copy from local machine
-infocmp -a xterm-kitty | ssh myserver tic -x -o \~/.terminfo /dev/stdin
-```
-

home/base/desktop/terminal/wezterm.nix

@@ -1,110 +0,0 @@
-{pkgs, ...}:
-###########################################################
-#
-# Wezterm Configuration
-#
-# Useful Hot Keys for Linux(replace `ctrl + shift` with `cmd` on macOS)):
-#   1. Increase Font Size: `ctrl + shift + =` | `ctrl + shift + +`
-#   2. Decrease Font Size: `ctrl + shift + -` | `ctrl + shift + _`
-#   3. And Other common shortcuts such as Copy, Paste, Cursor Move, etc.
-#
-# Default Keybindings: https://wezfurlong.org/wezterm/config/default-keys.html
-#
-###########################################################
-{
-  # wezterm has catppuccin theme built-in,
-  # it's not necessary to install it separately.
-
-  # we can add wezterm as a flake input once this PR is merged:
-  #    https://github.com/wez/wezterm/pull/3547
-
-  programs.wezterm =
-    {
-      enable = false; # disable
-
-      # TODO: Fix: https://github.com/wez/wezterm/issues/4483
-      # package = pkgs.wezterm.override { };
-
-      extraConfig = let
-        fontsize =
-          if pkgs.stdenv.isDarwin
-          then "14.0"
-          else "13.0";
-      in ''
-        -- Pull in the wezterm API
-        local wezterm = require 'wezterm'
-
-        -- This table will hold the configuration.
-        local config = {}
-
-        -- In newer versions of wezterm, use the config_builder which will
-        -- help provide clearer error messages
-        if wezterm.config_builder then
-          config = wezterm.config_builder()
-        end
-
-        wezterm.on('toggle-opacity', function(window, pane)
-          local overrides = window:get_config_overrides() or {}
-          if not overrides.window_background_opacity then
-            overrides.window_background_opacity = 0.93
-          else
-            overrides.window_background_opacity = nil
-          end
-          window:set_config_overrides(overrides)
-        end)
-
-        wezterm.on('toggle-maximize', function(window, pane)
-          window:maximize()
-        end)
-
-        -- This is where you actually apply your config choices
-        config.color_scheme = "Catppuccin Mocha"
-        config.font = wezterm.font_with_fallback {
-          "JetBrainsMono Nerd Font",
-          "FiraCode Nerd Font",
-
-          -- To avoid 'Chinese characters displayed as variant (Japanese) glyphs'
-          "Source Han Sans SC",
-          "Source Han Sans TC"
-        }
-
-        config.hide_tab_bar_if_only_one_tab = true
-        config.scrollback_lines = 10000
-        config.enable_scroll_bar = true
-        config.term = 'wezterm'
-
-        config.keys = {
-          -- toggle opacity(CTRL + SHIFT + B)
-          {
-            key = 'B',
-            mods = 'CTRL',
-            action = wezterm.action.EmitEvent 'toggle-opacity',
-          },
-          {
-            key = 'M',
-            mods = 'CTRL',
-            action = wezterm.action.EmitEvent 'toggle-maximize',
-          },
-        }
-        config.font_size = ${fontsize}
-
-        -- To resolve issues:
-        --   1. https://github.com/ryan4yin/nix-config/issues/26
-        --   2. https://github.com/ryan4yin/nix-config/issues/8
-        -- Spawn a nushell in login mode via `bash`
-        config.default_prog = { '${pkgs.bash}/bin/bash', '--login', '-c', 'nu --login --interactive' }
-
-        return config
-      '';
-    }
-    // (
-      if pkgs.stdenv.isDarwin
-      then {
-        # install wezterm via homebrew on macOS to avoid compilation, dummy package here.
-        # package = pkgs.hello;
-        enableBashIntegration = false;
-        enableZshIntegration = false;
-      }
-      else {}
-    );
-}

home/base/desktop/zellij/README.md

@@ -1,39 +0,0 @@
-# Zellij - A workspace lives in your terminal
-
-Zellij is a terminal workspace with batteries included.
-At its core, it is a terminal multiplexer (similar to tmux and screen), but this is merely its infrastructure layer.
-
-Zellij is very user-friendly and easy to use, with a step-by-step hint system that will help you get to know the keybindings, which is very like the Neovim or helix.
-
-> By contrast, tmux's key design is counterintuitive, there is no prompt system, and the plug-in performance is rubbish. It's really a pain to use.
-> tmux's inital release was in 2007, it's too old, I would recommend any users that do not have a experience with multiplexer to use zellij instead of tmux.
-
-## Why use zellij as the detault terminal environment?
-
-By auto start zellij on shell login, and exit the shell session on zellij exit, we can use zellij as the default terminal environment.
-
-By this way, We will only use the most basic features of the terminal emulator(kitty/alacritty/wezterm/...),
-while most of the functions of terminal are provided by zellij.
-Thus we can easily switch to any terminal emulator without losing any key functions,
-and do not need to take care of the differences between different terminal emulators.
-
-And Zellij can be used not only locally, but also on any remote server, which is very convenient. Learn once and use everywhere!
-
-> Yeah, you didn't misread it, zellij is very suitable for not only remotely, but also locally!
-
-Some features such as search/copy/scrollback in different terminal emulators are implemented in different ways, and has different user experience.
-For example, Wezterm's default search function is very basic, and it's not easy to use. Kitty's scrollback search/copy is really tricky to use.
-As for some Editor such as Neovim, its intergrated terminal is really useful, but zellij is more powerful and useful than it, and more stable!
-Zellij overcomes these problems, and provides a unified user experience for all terminal emulators!
-
-Teminal emulators should only be responsible for displaying characters.
-
-## Passthrough mode(Lock Mode)
-
-`Ctrl + g` lock the outer zellij interface, and all keys will be sent to the focused pane.
-
-It's extremely useful when you want to:
-
-1. Use zellij locally for daily work, and use a remote zellij via ssh to do some work on the remote server.
-1. To avoid the key conflicts between zellij and the program running in the terminal, such as vim, tmux, etc.
-

home/base/gui/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/gui/dev-tools.nix

@@ -0,0 +1,19 @@
+{ pkgs, ... }:
+{
+  home.packages =
+    with pkgs;
+    [
+      mitmproxy # http/https proxy tool
+      wireshark # network analyzer
+
+      # IDEs
+      # jetbrains.idea-community
+
+      # AI cli tools
+      k8sgpt
+      kubectl-ai # an ai helper opensourced by google
+    ]
+    ++ (lib.optionals pkgs.stdenv.isx86_64 [
+      insomnia # REST client
+    ]);
+}

home/base/gui/terminal/README.md

@@ -0,0 +1,84 @@
+# Terminal Emulators
+
+I used to spend a lot of time on terminal emulators, to make them match my taste, but now I found
+that it's not worth it, **Zellij can provide a user-friendly and unified user experience for all
+terminal emulators! without any pain**!
+
+Currently, I only use the most basic features of terminal emulators, such as true color, graphics
+protocol, etc. Other features such as tabs, scrollback buffer, select/search/copy, etc, are all
+provided by zellij!
+
+My current terminal emulators are:
+
+1. kitty: My main terminal emulator.
+   1. to select/copy a large mount of text, We should do some tricks via kitty's `scrollback_pager`
+      with neovim, it's really painful: <https://github.com/kovidgoyal/kitty/issues/719>
+2. foot: A fast, lightweight and minimalistic Wayland terminal emulator.
+   1. foot only do the things a terminal emulator should do, no more, no less.
+   1. It's really suitable for tiling window manager or zellij users!
+3. alacritty: A cross-platform, GPU-accelerated terminal emulator.
+   1. alacritty is really fast, I use it as a backup terminal emulator on all my desktops.
+
+## 'xterm-kitty': unknown terminal type when `ssh` into a remote host or `sudo xxx`
+
+> https://sw.kovidgoyal.net/kitty/faq/#i-get-errors-about-the-terminal-being-unknown-or-opening-the-terminal-failing-or-functional-keys-like-arrow-keys-don-t-work
+
+> https://wezfurlong.org/wezterm/config/lua/config/term.html
+
+kitty set `TERM` to `xterm-kitty` by default, and TUI apps like `viu`, `yazi`, `curses` will try to
+search in the host's [terminfo(terminal capability data base)](https://linux.die.net/man/5/terminfo)
+for value of `TERM` to determine the capabilities of the terminal.
+
+But when you `ssh` into a remote host, the remote host is very likely to not have `xterm-kitty` in
+its terminfo, so you will get this error:
+
+```
+'xterm-kitty': unknown terminal type
+```
+
+Or when you `sudo xxx`, `sudo` won't preserve the `TERM` variable, it will be reset to root's
+default `TERM` value, which is `xterm` or `xterm-256color` in most linux distributions, so you will
+get this error:
+
+```
+'xterm-256color': unknown terminal type
+```
+
+or
+
+```
+Error opening terminal: xterm-kitty.
+```
+
+NixOS preserve the `TERMINFO` and `TERMINFO_DIRS` environment variables, for `root` and the `wheel`
+group:
+[nixpkgs/nixos/modules/config/terminfo.nix](https://github.com/NixOS/nixpkgs/blob/nixos-25.11/nixos/modules/config/terminfo.nix#L18)
+
+For nix-darwin, take a look at <https://github.com/LnL7/nix-darwin/wiki/Terminfo-issues>
+
+### Solutions
+
+Simplest solution, it will automatically copy over the terminfo files and also magically enable
+shell integration on the remote machine:
+
+```
+kitten ssh user@host
+```
+
+Or if you do not care about kitty's features(such as true color & graphics protocol), you can simply
+set `TERM` to `xterm-256color`, which is built-in in most linux distributions:
+
+```
+export TERM=xterm-256color
+```
+
+If you need kitty's features, but do not like the magic of `kitten`, you can manually install
+kitty's terminfo on the remote host:
+
+```bash
+# install on ubuntu / debian
+sudo apt-get install kitty-terminfo
+
+# or copy from local machine
+infocmp -a xterm-kitty | ssh myserver tic -x -o \~/.terminfo /dev/stdin
+```

home/base/gui/terminal/alacritty/default.nix

@@ -0,0 +1,71 @@
+{
+  pkgs,
+  ...
+}:
+###########################################################
+#
+# Alacritty Configuration
+#
+# Useful Hot Keys for macOS:
+#   1. Multi-Window: `command + N`
+#   2. Increase Font Size: `command + =` | `command + +`
+#   3. Decrease Font Size: `command + -` | `command + _`
+#   4. Search Text: `command + F`
+#   5. And Other common shortcuts such as Copy, Paste, Cursor Move, etc.
+#
+# Useful Hot Keys for Linux:
+#   1. Increase Font Size: `ctrl + shift + =` | `ctrl + shift + +`
+#   2. Decrease Font Size: `ctrl + shift + -` | `ctrl + shift + _`
+#   3. Search Text: `ctrl + shift + N`
+#   4. And Other common shortcuts such as Copy, Paste, Cursor Move, etc.
+#
+# Note: Alacritty do not have support for Tabs, and any graphic protocol.
+#
+###########################################################
+{
+  programs.alacritty = {
+    enable = true;
+    # https://alacritty.org/config-alacritty.html
+    settings = {
+      window = {
+        opacity = 0.93;
+        startup_mode = "Maximized"; # Maximized window
+        dynamic_title = true;
+        option_as_alt = "Both"; # Option key acts as Alt on macOS
+        decorations = "None"; # Show neither borders nor title bar
+      };
+      scrolling = {
+        history = 10000;
+      };
+      font = {
+        bold = {
+          family = "Maple Mono NF CN";
+        };
+        italic = {
+          family = "Maple Mono NF CN";
+        };
+        normal = {
+          family = "Maple Mono NF CN";
+        };
+        bold_italic = {
+          family = "Maple Mono NF CN";
+        };
+        size = 13;
+      };
+      terminal = {
+        # Spawn a nushell in login mode via `bash`
+        shell = {
+          program = "${pkgs.bash}/bin/bash";
+          args = [
+            "--login"
+            "-c"
+            "nu --login --interactive"
+          ];
+        };
+        # Controls the ability to write to the system clipboard with the OSC 52 escape sequence.
+        # It's used by zellij to copy text to the system clipboard.
+        osc52 = "CopyPaste";
+      };
+    };
+  };
+}

home/base/gui/terminal/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/gui/terminal/foot.nix

@@ -0,0 +1,33 @@
+{ pkgs, ... }:
+{
+  programs.foot = {
+    # foot is designed only for Linux
+    enable = pkgs.stdenv.isLinux;
+
+    # foot can also be run in a server mode. In this mode, one process hosts multiple windows.
+    # All Wayland communication, VT parsing and rendering is done in the server process.
+    # New windows are opened by running footclient, which remains running until the terminal window is closed.
+    #
+    # Advantages to run foot in server mode including reduced memory footprint and startup time.
+    # The downside is a performance penalty. If one window is very busy with, for example, producing output,
+    # then other windows will suffer. Also, should the server process crash, all windows will be gone.
+    server.enable = true;
+
+    # https://man.archlinux.org/man/foot.ini.5
+    settings = {
+      main = {
+        term = "foot"; # or "xterm-256color" for maximum compatibility
+        font = "Maple Mono NF CN:size=13";
+        dpi-aware = "no"; # scale via window manager instead
+        resize-keep-grid = "no"; # do not resize the window on font resizing
+
+        # Spawn a nushell in login mode via `bash`
+        shell = "${pkgs.bash}/bin/bash --login -c 'nu --login --interactive'";
+      };
+
+      mouse = {
+        hide-when-typing = "yes";
+      };
+    };
+  };
+}

home/base/gui/terminal/ghostty.nix

@@ -0,0 +1,40 @@
+{
+  pkgs,
+  ghostty,
+  ...
+}:
+###########################################################
+#
+# Ghostty Configuration
+#
+###########################################################
+{
+  programs.ghostty = {
+    enable = true;
+    package =
+      if pkgs.stdenv.isDarwin then
+        pkgs.hello # pkgs.ghostty is currently broken on darwin
+      else
+        pkgs.ghostty; # the stable version
+    # package = ghostty.packages.${pkgs.stdenv.hostPlatform.system}.default; # the latest version
+    enableBashIntegration = false;
+    installBatSyntax = false;
+    # installVimSyntax = true;
+    settings = {
+      font-family = "Maple Mono NF CN";
+      font-size = 13;
+
+      background-opacity = 0.93;
+      # only supported on macOS;
+      background-blur-radius = 10;
+      scrollback-limit = 20000;
+
+      # https://ghostty.org/docs/config/reference#command
+      #  To resolve issues:
+      #    1. https://github.com/ryan4yin/nix-config/issues/26
+      #    2. https://github.com/ryan4yin/nix-config/issues/8
+      #  Spawn a nushell in login mode via `bash`
+      command = "${pkgs.bash}/bin/bash --login -c 'nu --login --interactive'";
+    };
+  };
+}

home/base/gui/terminal/kitty.nix

@@ -16,26 +16,23 @@
 {
   programs.kitty = {
     enable = true;
-    # kitty has catppuccin theme built-in,
-    # all the built-in themes are packaged into an extra package named `kitty-themes`
-    # and it's installed by home-manager if `theme` is specified.
-    theme = "Catppuccin-Mocha";
     font = {
-      name = "JetBrainsMono Nerd Font";
+      name = "Maple Mono NF CN";
       # use different font size on macOS
-      size =
-        if pkgs.stdenv.isDarwin
-        then 14
-        else 13;
+      size = 13;
     };
 
-    # consistent with wezterm
+    # consistent with other terminal emulators
     keybindings = {
       "ctrl+shift+m" = "toggle_maximized";
       "ctrl+shift+f" = "show_scrollback"; # search in the current window
     };
 
     settings = {
+      # do not show title bar & window title
+      hide_window_decorations = "titlebar-and-corners";
+      macos_show_window_title_in = "none";
+
       background_opacity = "0.93";
       macos_option_as_alt = true; # Option key acts as Alt on macOS
       enable_audio_bell = false;
@@ -48,6 +45,6 @@
     };
 
     # macOS specific settings
-    darwinLaunchOptions = ["--start-as=maximized"];
+    darwinLaunchOptions = [ "--start-as=maximized" ];
   };
 }

home/base/home.nix

@@ -1,8 +1,9 @@
-{username, ...}: {
+{ myvars, ... }:
+{
   # Home Manager needs a bit of information about you and the
   # paths it should manage.
   home = {
-    inherit username;
+    inherit (myvars) username;
 
     # This value determines the Home Manager release that your
     # configuration is compatible with. This helps avoid breakage
@@ -12,9 +13,6 @@
     # You can update Home Manager without changing this value. See
     # the Home Manager release notes for a list of state version
     # changes in each release.
-    stateVersion = "23.11";
+    stateVersion = "24.11";
   };
-
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
 }

home/base/server/bat.nix

@@ -1,21 +0,0 @@
-{
-  pkgs,
-  nur-ryan4yin,
-  ...
-}: {
-  # a cat(1) clone with syntax highlighting and Git integration.
-  programs.bat = {
-    enable = true;
-    config = {
-      pager = "less -FR";
-      theme = "catppuccin-mocha";
-    };
-    themes = {
-      # https://raw.githubusercontent.com/catppuccin/bat/main/Catppuccin-mocha.tmTheme
-      catppuccin-mocha = {
-        src = nur-ryan4yin.packages.${pkgs.system}.catppuccin-bat;
-        file = "Catppuccin-mocha.tmTheme";
-      };
-    };
-  };
-}