feat: remove x86_64-darwin, add new nixos host on macbook pro m2

2026-01-11 20:40:24 +01:00 · 2025-07-12 16:51:48 +08:00
parent 77a792710a
commit db82d2d8c5
38 changed files with 308 additions and 387 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -179,6 +179,21 @@
      }
    },
    "flake-compat_3": {
      "locked": {
        "lastModified": 1688025799,
        "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
        "owner": "nix-community",
        "repo": "flake-compat",
        "rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-compat_4": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
@@ -563,6 +578,28 @@
        "type": "github"
      }
    },
    "nixos-apple-silicon": {
      "inputs": {
        "flake-compat": "flake-compat_3",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1748659443,
        "narHash": "sha256-dav2hzyCmXZ3n6lEZrfZBG51+g6PUhkzRl3d6Ypd9x0=",
        "owner": "nix-community",
        "repo": "nixos-apple-silicon",
        "rev": "3ddc251d2acce5019b0fa770e224d068610a34e4",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-2025-05-30",
        "repo": "nixos-apple-silicon",
        "type": "github"
      }
    },
    "nixos-generators": {
      "inputs": {
        "nixlib": "nixlib",
@@ -584,22 +621,6 @@
        "type": "github"
      }
    },
    "nixos-hardware": {
      "locked": {
        "lastModified": 1752048960,
        "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
        "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "master",
        "repo": "nixos-hardware",
        "type": "github"
      }
    },
    "nixpak": {
      "inputs": {
        "flake-parts": "flake-parts_4",
@@ -805,7 +826,7 @@
    },
    "pre-commit-hooks": {
      "inputs": {
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat_4",
        "gitignore": "gitignore_2",
        "nixpkgs": [
          "nixpkgs"
@@ -881,8 +902,8 @@
        "mysecrets": "mysecrets",
        "nix-darwin": "nix-darwin",
        "nix-gaming": "nix-gaming",
        "nixos-apple-silicon": "nixos-apple-silicon",
        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
        "nixpak": "nixpak",
        "nixpkgs": "nixpkgs_2",
        "nixpkgs-darwin": "nixpkgs-darwin",
--- a/flake.nix
+++ b/flake.nix
@@ -48,7 +48,6 @@
      url = "github:lnl7/nix-darwin";
      inputs.nixpkgs.follows = "nixpkgs-darwin";
    };
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
    # home-manager, used for managing user configuration
    home-manager = {
@@ -138,6 +137,11 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixos-apple-silicon = {
      url = "github:nix-community/nixos-apple-silicon/release-2025-05-30";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    ########################  Some non-flake repositories  #########################################
    polybar-themes = {
--- a/hosts/12kingdoms-shoukei/README.md
+++ b/hosts/12kingdoms-shoukei/README.md
@@ -1,16 +1,8 @@
 # Host - Shoukei
-This is NixOS's configuration for my Macbook Pro 2022 Intel i5, 13.3-inch, 16G RAM + 512G SSD.
+This is NixOS's configuration for my Macbook Pro 2022 M2, 16G RAM.
 Related:
 - [/nixos-installer/README.shoukei.md](/nixos-installer/README.shoukei.md)
- <https://github.com/NixOS/nixos-hardware/tree/master/apple/t2>
+- https://github.com/nix-community/nixos-apple-silicon/blob/main/docs/uefi-standalone.md
 - <https://wiki.t2linux.org/distributions/nixos/installation/>
 TODOs:
 - [ ] Resume from suspend(close the lid) doesn't work
 - [ ] Show battery percentage in i3blocks/waybar
 - [ ] Touchbar unusable some times
  - It works on boot, but after a while it stops working
--- a/hosts/12kingdoms-shoukei/apple-set-os-loader.nix
+++ b/hosts/12kingdoms-shoukei/apple-set-os-loader.nix
@@ -1,61 +0,0 @@
 {
  pkgs,
  config,
  lib,
  ...
 }: let
  t2Cfg = config.hardware.myapple-t2;
  efiPrefix = config.boot.loader.efi.efiSysMountPoint;
  apple-set-os-loader-installer = pkgs.stdenv.mkDerivation rec {
    name = "apple-set-os-loader-installer-1.0";
    src = pkgs.fetchFromGitHub {
      owner = "Redecorating";
      repo = "apple_set_os-loader";
      rev = "r33.9856dc4";
      sha256 = "hvwqfoF989PfDRrwU0BMi69nFjPeOmSaD6vR6jIRK2Y=";
    };
    buildInputs = [pkgs.gnu-efi];
    buildPhase = ''
      substituteInPlace Makefile --replace "/usr" '$(GNU_EFI)'
      export GNU_EFI=${pkgs.gnu-efi}
      make
    '';
    installPhase = ''
      install -D bootx64_silent.efi $out/bootx64.efi
    '';
  };
 in {
  options = {
    hardware.myapple-t2.enableAppleSetOsLoader = lib.mkOption {
      default = false;
      type = lib.types.bool;
      description = "Whether to enable the appleSetOsLoader activation script.";
    };
  };
  config = {
    # Activation script to install apple-set-os-loader in order to unlock the iGPU
    system.activationScripts.myappleSetOsLoader = lib.optionalString t2Cfg.enableAppleSetOsLoader ''
      if [[ -e ${efiPrefix}/efi/boot/bootx64_original.efi ]]; then
        true # It's already installed, no action required
      elif [[ -e ${efiPrefix}/efi/boot/bootx64.efi ]]; then
        # Copy the new bootloader to a temporary location
        cp ${apple-set-os-loader-installer}/bootx64.efi ${efiPrefix}/efi/boot/bootx64_temp.efi
        # Rename the original bootloader
        mv ${efiPrefix}/efi/boot/bootx64.efi ${efiPrefix}/efi/boot/bootx64_original.efi
        # Move the new bootloader to the final destination
        mv ${efiPrefix}/efi/boot/bootx64_temp.efi ${efiPrefix}/efi/boot/bootx64.efi
      else
        echo "Error: ${efiPrefix}/efi/boot/bootx64.efi is missing" >&2
      fi
    '';
    # Enable the iGPU by default if present
    environment.etc."modprobe.d/apple-gmux.conf".text = lib.optionalString t2Cfg.enableAppleSetOsLoader ''
      options apple-gmux force_igd=y
    '';
  };
 }
--- a/hosts/12kingdoms-shoukei/brcm-firmware/default.nix
+++ b/hosts/12kingdoms-shoukei/brcm-firmware/default.nix
@@ -1,10 +0,0 @@
 {pkgs, ...}:
 pkgs.stdenvNoCC.mkDerivation {
  name = "brcm-firmware";
  nativeBuildInputs = with pkgs; [gnutar xz];
  buildCommand = ''
    dir="$out/lib/"
    mkdir -p "$dir"
    tar -axvf ${./firmware.tar.xz} -C "$dir"
  '';
 }
--- a/hosts/12kingdoms-shoukei/brcm-firmware/firmware.tar.xz
+++ b/hosts/12kingdoms-shoukei/brcm-firmware/firmware.tar.xz
--- a/hosts/12kingdoms-shoukei/brcm-firmware/flake.lock
+++ b/hosts/12kingdoms-shoukei/brcm-firmware/flake.lock
@@ -1,27 +0,0 @@
 {
  "nodes": {
    "nixpkgs": {
      "locked": {
        "lastModified": 1703068421,
        "narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "nixpkgs": "nixpkgs"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/hosts/12kingdoms-shoukei/brcm-firmware/flake.nix
+++ b/hosts/12kingdoms-shoukei/brcm-firmware/flake.nix
@@ -1,10 +0,0 @@
 {
  # a flake for testing
  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
  outputs = {nixpkgs, ...}: let
    system = "x86_64-linux";
    pkgs = import nixpkgs {inherit system;};
  in {
    packages."${system}".default = pkgs.callPackage ./default.nix {};
  };
 }
--- a/hosts/12kingdoms-shoukei/default.nix
+++ b/hosts/12kingdoms-shoukei/default.nix
@@ -1,32 +1,21 @@
-{
+{nixos-apple-silicon, ...}:
  nixos-hardware,
  myvars,
  ...
 }:
 #############################################################
 #
-#  Shoukei - NixOS running on Macbook Pro 2020 I5 16G
+#  Shoukei - NixOS running on Macbook Pro 2022 M2 16G
 #   https://github.com/NixOS/nixos-hardware/tree/master/apple/t2
 #
 #############################################################
 let
  hostName = "shoukei"; # Define your hostname.
 in {
  imports = [
-    nixos-hardware.nixosModules.apple-t2
+    nixos-apple-silicon.nixosModules.default
    ./apple-set-os-loader.nix
    {hardware.myapple-t2.enableAppleSetOsLoader = true;}
    ./hardware-configuration.nix
    ../idols-ai/preservation.nix
  ];
  boot.kernelModules = ["kvm-amd"];
  boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
  networking = {
    inherit hostName;
    inherit (myvars.networking) defaultGateway nameservers;
    # configures the network interface(include wireless) via `nmcli` & `nmtui`
    networkmanager.enable = true;
@@ -38,5 +27,5 @@ in {
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "25.05"; # Did you read the comment?
+  system.stateVersion = "25.11"; # Did you read the comment?
 }
--- a/hosts/12kingdoms-shoukei/hardware-configuration.nix
+++ b/hosts/12kingdoms-shoukei/hardware-configuration.nix
@@ -7,28 +7,24 @@
  pkgs,
  modulesPath,
  ...
-}: {
+}: let
  device = "/dev/disk/by-uuid/c2e8b249-240e-4eef-bf4e-81e7dbbf4887";
 in {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
-  hardware.firmware = [
+  # Use the systemd-boot EFI boot loader.
-    (import ./brcm-firmware {inherit pkgs;})
+  boot.loader.systemd-boot.enable = true;
  ];
  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"];
  boot.initrd.kernelModules = [];
  boot.kernelModules = ["kvm-intel"];
  boot.extraModulePackages = [];
  # Use the EFI boot loader.
  boot.loader.efi.canTouchEfiVariables = true;
  # depending on how you configured your disk mounts, change this to /boot or /boot/efi.
  boot.loader.efi.efiSysMountPoint = "/boot";
  boot.loader.systemd-boot.enable = true;
-  # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
+  # For ` to < and ~ to > (for those with US keyboards)
-  boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
+  # boot.extraModprobeConfig = ''
  #   options hid_apple iso_layout=0
  # '';
  # supported file systems, so we can mount any removable disks with these filesystems
  boot.supportedFilesystems = lib.mkForce [
    "ext4"
@@ -45,7 +41,7 @@
  boot.initrd = {
    # unlocked luks devices via a keyfile or prompt a passphrase.
    luks.devices."crypted-nixos" = {
-      device = "/dev/nvme0n1p4";
+      device = "/dev/disk/by-uuid/1c37820e-2501-46e4-bec4-27c28691a5b4";
      # the keyfile(or device partition) that should be used as the decryption key for the encrypted device.
      # if not specified, you will be prompted for a passphrase instead.
      #keyFile = "/root-part.key";
@@ -75,19 +71,19 @@
  };
  fileSystems."/nix" = {
-    device = "/dev/disk/by-uuid/2f4db246-e65d-4808-8ab4-5365f9dea1ef";
+    inherit device;
    fsType = "btrfs";
    options = ["subvol=@nix" "noatime" "compress-force=zstd:1"];
  };
  fileSystems."/tmp" = {
-    device = "/dev/disk/by-uuid/2f4db246-e65d-4808-8ab4-5365f9dea1ef";
+    inherit device;
    fsType = "btrfs";
    options = ["subvol=@tmp" "noatime" "compress-force=zstd:1"];
  };
  fileSystems."/persistent" = {
-    device = "/dev/disk/by-uuid/2f4db246-e65d-4808-8ab4-5365f9dea1ef";
+    inherit device;
    fsType = "btrfs";
    options = ["subvol=@persistent" "noatime" "compress-force=zstd:1"];
    # preservation's data is required for booting.
@@ -95,14 +91,14 @@
  };
  fileSystems."/snapshots" = {
-    device = "/dev/disk/by-uuid/2f4db246-e65d-4808-8ab4-5365f9dea1ef";
+    inherit device;
    fsType = "btrfs";
    options = ["subvol=@snapshots" "noatime" "compress-force=zstd:1"];
  };
  # mount swap subvolume in readonly mode.
  fileSystems."/swap" = {
-    device = "/dev/disk/by-uuid/2f4db246-e65d-4808-8ab4-5365f9dea1ef";
+    inherit device;
    fsType = "btrfs";
    options = ["subvol=@swap" "ro"];
  };
@@ -126,9 +122,7 @@
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp230s0f1u1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp229s0.useDHCP = lib.mkDefault true;
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/darwin-harmonica/default.nix
+++ b/hosts/darwin-harmonica/default.nix
@@ -1,13 +0,0 @@
 _:
 #############################################################
 #
 #  Harmonica - MacBook Pro 2020 13-inch i5 16G, mainly for personal use
 #
 #############################################################
 let
  hostname = "harmonica";
 in {
  networking.hostName = hostname;
  networking.computerName = hostname;
  system.defaults.smb.NetBIOSName = hostname;
 }
--- a/hosts/darwin-harmonica/home.nix
+++ b/hosts/darwin-harmonica/home.nix
@@ -1,2 +0,0 @@
 _: {
 }
--- a/nixos-installer/.gitignore
+++ b/nixos-installer/.gitignore
@@ -1,2 +1,2 @@
-# generate lock file every time
+# ignore flake.lock here, generate a new one every time install a new host
 flake.lock
--- a/nixos-installer/README.shoukei.md
+++ b/nixos-installer/README.shoukei.md
@@ -4,67 +4,118 @@
 > machine :exclamation: Please write your own configuration from scratch, and use my configuration
 > and documentation for reference only.**
 > https://wiki.t2linux.org/distributions/nixos/installation/
 > https://github.com/NixOS/nixos-hardware/tree/master/apple/t2
 This flake prepares a Nix environment for setting my desktop
-[/hosts/12kingdoms_shoukei](/hosts/12kingdoms_shoukei)(in main flake) up on a new machine.
+[/hosts/12kingdoms-shoukei](/hosts/12kingdoms-shoukei)(in main flake) up on a new machine.
 ## Steps to Deploying
-First, create a USB install medium from Apple T2's NixOS installer image:
+### 1. Prepare & boot into the nixos installer
 https://github.com/t2linux/nixos-t2-iso.git
-### 2. Connecting to the Internet
+Just follow this Guide:
-1. configure wifi: <https://wiki.t2linux.org/guides/wifi-bluetooth/#on-macos>
+- https://github.com/nix-community/nixos-apple-silicon/blob/main/docs/uefi-standalone.md
-2. copy wifi firmware to the NixOS installer:
+
 ### 2. Connect to WiFi & SSH
 If you have another machine, configure the new host through a SSH connection will be much
 comfortable than using the raw terminal of the nixos installer. So after booting into the nixos
 installer, let's configure WiFi in the installer using `iwctl` first:
 > This is copied from
 > <https://github.com/nix-community/nixos-apple-silicon/blob/main/docs/uefi-standalone.md#nixos-installation>
 ```bash
-sudo mkdir -p /lib
+nixos# iwctl
-sudo tar -axvf ../hosts/12kingdoms_shoukei/brcm-firmware/firmware.tar.gz -C /lib/
+NetworkConfigurationEnabled: enabled
-sudo modprobe -r brcmfmac && sudo modprobe brcmfmac
+StateDirectory: /var/lib/iwd
-
+Version: 2.4
-# check whether the wifi firmware is loaded
+[iwd]# station wlan0 scan
-dmesg | tail
+[iwd]# station wlan0 connect <SSID>
-
+Type the network passphrase for <SSID> psk.
-# now start wpa_supplicant
+Passphrase: <your passphrase>
-sudo systemctl start wpa_supplicant
+[iwd]# station wlan0 show
 [...]
 [iwd] exit
 ```
-connect to wifi via `wpa_cli`:
+And then set a password for the `root` user:
 ```bash
-wpa_cli -i wlan0
+# Switch to root
-> scan
+[nixos@nixos:~]$ sudo su
-> scan_results
+
-# add a new network, this command returns a network ID, which is 0 in this case.
+# Change the password
-> add_network
+[root@nixos:~]# passwd
-# associate the network with the network ID we just got
+New password:
-# NOTE: the quotes are required!
+Retype new password:
-> set_network 0 ssid "<wifi_name>"
+passwd: password updated successfully
-# for a WPA2 network, set the passphrase
+
-# NOTE: the quotes are required!
+# Get the IP address
-> set_network 0 psk "xxx"
+[root@nixos:~]# ip addr show wlan0
-# enable the network
+2: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
-> enable_network 0
+    link/ether 9c:3e:53:6e:ef:8d brd ff:ff:ff:ff:ff:ff
-# save the configuration file
+    inet 192.168.5.13/24 brd 192.168.5.255 scope global dynamic noprefixroute wlan0
-> save_config
+
-# show the status
+# Change default router(if need)
-> status
+ip route del default via 192.168.5.1
 ip route add default via 192.168.5.178
 ```
-### 2. Encrypting with LUKS(everything except ESP)
+The nixos installer has sshd service enabled by default, so we can now connect to it via ssh
 directly.
 ### 3. Encrypting with LUKS(everything except ESP)
 Disk layout before installation:
-1. `/dev/nvme0n1p1`: EFI system partition, 300MB, contains macOS's bootloader.
+```bash
-2. `/dev/nvme0n1p2`: macOS's root partition.
+[root@nixos:~]# sudo parted /dev/nvme0n1 print free
-3. `/dev/nvme0n1p3`: transfer area, 10GB, used to transfer files between macOS and NixOS.
+Model: APPLE SSD AP0256Z (nvme)
-4. `/dev/nvme0n1p4`: Empty partition, used to install NixOS.
+Disk /dev/nvme0n1: 251GB
 Sector size (logical/physical): 4096B/4096B
 Partition Table: gpt
 Disk Flags:
-Now let's recreate the 4th partition via `fdisk`, and then encrypting the root partition:
+Number  Start   End     Size    File system  Name                  Flags
 1      24.6kB  524MB   524MB                iBootSystemContainer
 2      524MB   66.2GB  65.7GB
 3      66.2GB  68.7GB  2500MB
 4      68.7GB  69.2GB  500MB   fat32                              boot, esp
        69.2GB  246GB   176GB   Free Space
 5      246GB   251GB   5369MB               RecoveryOSContainer
 ```
 1. `/dev/nvme0n1p1`: "iBootSystemContainer" - system-wide boot data
 2. `/dev/nvme0n1p2`: macOS's root partition.
 3. `/dev/nvme0n1p4`: The EFI partition for NixOS.
 4. `/dev/nvme0n1p5`: "RecoveryOSContainer" - System RecoveryOS
 Now let's recreate the root partition via `sgdisk`:
 ```bash
 # Create the root partition to fill up the free space
 # --new=partnum:start:end - 0 means calculate it automatically
 [root@nixos:~]# sgdisk /dev/nvme0n1 --new=0:0:0 --change-name=0:"NixOS rootfs"
 The operation has completed successfully.
 [root@nixos:~]# sudo parted /dev/nvme0n1 print free
 Model: APPLE SSD AP0256Z (nvme)
 Disk /dev/nvme0n1: 251GB
 Sector size (logical/physical): 4096B/4096B
 Partition Table: gpt
 Disk Flags:
 Number  Start   End     Size    File system  Name                  Flags
 1      24.6kB  524MB   524MB                iBootSystemContainer
 2      524MB   66.2GB  65.7GB
 3      66.2GB  68.7GB  2500MB
 4      68.7GB  69.2GB  500MB   fat32                              boot, esp
 6      69.2GB  246GB   176GB                NixOS rootfs
 5      246GB   251GB   5369MB               RecoveryOSContainer
 ```
 And then encrypting the new partition via LUKS:
 ```bash
 lsblk
@@ -73,13 +124,13 @@ cryptsetup --help
 # NOTE: `cat shoukei.md | grep luks > format.sh` to generate this script
 # encrypt the root partition with luks2 and argon2id, will prompt for a passphrase, which will be used to unlock the partition.
-cryptsetup luksFormat --type luks2 --cipher aes-xts-plain64 --hash sha512 --iter-time 5000 --key-size 256 --pbkdf argon2id --use-random --verify-passphrase /dev/nvme0n1p4
+cryptsetup luksFormat --type luks2 --cipher aes-xts-plain64 --hash sha512 --iter-time 5000 --key-size 256 --pbkdf argon2id --use-random --verify-passphrase /dev/nvme0n1p6
 # show status
-cryptsetup luksDump /dev/nvme0n1p4
+cryptsetup luksDump /dev/nvme0n1p6
 # open(unlock) the device with the passphrase you just set
-cryptsetup luksOpen /dev/nvme0n1p4 crypted-nixos
+cryptsetup luksOpen /dev/nvme0n1p6 crypted-nixos
 # show disk status
 lsblk
@@ -88,9 +139,13 @@ lsblk
 Formatting the root partition:
 ```bash
 # If btrfs is not included in the liveos, run this before formatting
 nix-shell -p btrfs-progs
 # NOTE: `cat shoukei.md | egrep "create-btrfs"  > create-btrfs.sh` to generate this script
 # format the root partition with btrfs and label it
-mkfs.btrfs -L crypted-nixos /dev/mapper/crypted-nixos  # create-btrfs
+# set sectorsize to match the CPU page size
 mkfs.btrfs --sectorsize 16384 -L crypted-nixos /dev/mapper/crypted-nixos  # create-btrfs
 # mount the root partition and create subvolumes
 mount /dev/mapper/crypted-nixos /mnt  # create-btrfs
 btrfs subvolume create /mnt/@nix  # create-btrfs
@@ -114,12 +169,13 @@ mount -o compress-force=zstd:1,subvol=@tmp /dev/mapper/crypted-nixos /mnt/tmp
 mount -o subvol=@swap /dev/mapper/crypted-nixos /mnt/swap  # mount-1
 mount -o compress-force=zstd:1,noatime,subvol=@persistent /dev/mapper/crypted-nixos /mnt/persistent   # mount-1
 mount -o compress-force=zstd:1,noatime,subvol=@snapshots /dev/mapper/crypted-nixos /mnt/snapshots     # mount-1
-mount /dev/nvme0n1p1 /mnt/boot  # mount-1
+
 mount /dev/nvme0n1p4 /mnt/boot  # mount-1
 # create a swapfile on btrfs file system
 # This command will disable CoW / compression on the swap subvolume and then create a swapfile.
 # because the linux kernel requires that swapfile must not be compressed or have copy-on-write(CoW) enabled.
-btrfs filesystem mkswapfile --size 96g --uuid clear /mnt/swap/swapfile  # mount-1
+btrfs filesystem mkswapfile --size 16g --uuid clear /mnt/swap/swapfile  # mount-1
 # check whether the swap subvolume has CoW disabled
 # the output of `lsattr` for the swap subvolume should be:
@@ -128,27 +184,37 @@ btrfs filesystem mkswapfile --size 96g --uuid clear /mnt/swap/swapfile  # mount-
 lsattr /mnt/swap
 # mount the swapfile as swap area
-swapon /mnt/swap/swapfile  # mount-1
+swapon /mnt/swap/swapfile --fixpgsz  # mount-1
 ```
 Now, the disk status should be:
 ```bash
 # show disk status
-$ lsblk
+[nix-shell:~]# lsblk
-nvme0n1           259:0    0   1.8T  0 disk
+NAME              MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
-├─nvme0n1p1       259:2    0   600M  0 part  /mnt/boot
+loop0               7:0    0 302.1M  1 loop  /nix/.ro-store
-└─nvme0n1p4       259:3    0   1.8T  0 part
+sda                 8:0    1     0B  0 disk
-  └─crypted-nixos 254:0    0   1.8T  0 crypt /mnt/swap
+sdb                 8:16   1  58.2G  0 disk  /iso
 nvme0n1           259:0    0 233.8G  0 disk
 ├─nvme0n1p1       259:1    0   500M  0 part
 ├─nvme0n1p2       259:2    0  61.2G  0 part
 ├─nvme0n1p3       259:3    0   2.3G  0 part
 ├─nvme0n1p4       259:4    0   477M  0 part  /mnt/boot
 ├─nvme0n1p5       259:5    0     5G  0 part
 └─nvme0n1p6       259:14   0 164.3G  0 part
  └─crypted-nixos 252:0    0 164.3G  0 crypt /mnt/snapshots
                                             /mnt/persistent
-                                             /mnt/snapshots
+                                             /mnt/swap
                                             /mnt/nix
                                             /mnt/tmp
                                             /mnt/nix
 nvme0n2           259:6    0     3M  0 disk
 nvme0n3           259:7    0   128M  0 disk
 # show swap status
-$ swapon -s
+[nix-shell:~]# swapon -s
-Filename				Type		Size		Used		Priority
+Filename                                Type            Size            Used            Priority
-/swap/swapfile                          file		100663292	0		-2
+/mnt/swap/swapfile                      file            16777200        0               -2
 ```
 ### 3. Generating the NixOS Configuration and Installing NixOS
@@ -157,7 +223,7 @@ Clone this repository:
 ```bash
 # enter an shell with git/vim/ssh-agent/gnumake available
-nix-shell -p git vim gnumake
+nix-shell -p git neovim just --option substituters "https://mirrors.ustc.edu.cn/nix-channels/store"
 # clone this repository
 git clone https://github.com/ryan4yin/nix-config.git
@@ -171,13 +237,13 @@ nixos-generate-config --root /mnt
 # we need to update our filesystem configs in old hardware-configuration.nix according to the generated one.
 cp /etc/nixos/hardware-configuration.nix ./nix-config/hosts/12kingdoms_shoukei/hardware-configuration-new.nix
-vim .
+vim ./nix-config
 ```
 Then, Install NixOS:
 ```bash
-cd ~/nix-config/hosts/12kingdoms_shoukei/nixos-installer/
+cd ~/nix-config/nixos-installer/
 # run this command if you're retrying to run nixos-install
 rm -rf /mnt/etc
@@ -188,7 +254,7 @@ nixos-install --root /mnt --flake .#shoukei --no-root-password --show-trace --ve
 # if you want to use a cache mirror, run this command instead
 # replace the mirror url with your own
-nixos-install --root /mnt --flake .#shoukei --no-root-password --show-trace --verbose --option substituters "https://mirror.ustc.edu.cn/nix-channels/store" # install-2
+nixos-install --root /mnt --flake .#shoukei --no-root-password --show-trace --verbose --option substituters "https://mirrors.ustc.edu.cn/nix-channels/store" # install-2
 # enter into the installed system, check password & users
 # `su ryan` => `sudo -i` => enter ryan's password => successfully login
@@ -235,7 +301,7 @@ that the new machine can pull my private secrets repo:
 ```bash
 # 1. Generate a new SSH key with a strong passphrase
-ssh-keygen -t ed25519 -a 256 -C "ryan@idols-ai" -f ~/.ssh/shoukei
+ssh-keygen -t ed25519 -a 256 -C "ryan@shoukei" -f ~/.ssh/shoukei
 # 2. Add the ssh key to the ssh-agent, so that nixos-rebuild can use it to pull my private secrets repo.
 ssh-add ~/.ssh/shoukei
 ```
--- a/nixos-installer/configuration.nix
+++ b/nixos-installer/configuration.nix
@@ -16,7 +16,6 @@
  networking = {
    # configures the network interface(include wireless) via `nmcli` & `nmtui`
    networkmanager.enable = true;
    defaultGateway = "192.168.5.101";
  };
-  system.stateVersion = "25.05";
+  system.stateVersion = "25.11";
 }
--- a/nixos-installer/flake.nix
+++ b/nixos-installer/flake.nix
@@ -4,25 +4,23 @@
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
    preservation.url = "github:nix-community/preservation";
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
    nuenv.url = "github:DeterminateSystems/nuenv";
  };
-  outputs = inputs @ {
+  outputs = inputs @ {nixpkgs, ...}: let
-    nixpkgs,
+    inherit (inputs.nixpkgs) lib;
-    nixos-hardware,
+    mylib = import ../lib {inherit lib;};
-    nuenv,
+    myvars = import ../vars {inherit lib;};
-    ...
+  in {
  }: {
    nixosConfigurations = {
      ai = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs =
          inputs
          // {
-            myvars.username = "ryan";
+            inherit mylib myvars;
            myvars.userfullname = "Ryan Yin";
          };
        modules = [
          {networking.hostName = "ai";}
@@ -39,22 +37,14 @@
      };
      shoukei = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
+        system = "aarch64-linux";
        specialArgs =
          inputs
          // {
-            myvars.username = "ryan";
+            inherit mylib myvars;
            myvars.userfullname = "Ryan Yin";
          };
        modules = [
-          # Building on a USB installer is buggy, lack of disk space, memory, trublesome to setup substituteers, etc.
+          {networking.hostName = "shoukei";}
          # so we disable apple-t2 module here to avoid build kernel during the initial installation, and enable it after the first boot.
          # nixos-hardware.nixosModules.apple-t2
          ({pkgs, ...}: {
            networking.hostName = "shoukei";
            boot.kernelPackages = pkgs.linuxPackages_latest; # Use latest kernel for the initial installation.
            # hardware.apple-t2.enableAppleSetOsLoader = true;
          })
          ./configuration.nix
--- a/outputs/aarch64-darwin/tests/home-manager/expected.nix
+++ b/outputs/aarch64-darwin/tests/home-manager/expected.nix
@@ -5,6 +5,7 @@
  username = myvars.username;
  hosts = [
    "fern"
    "frieren"
  ];
 in
  lib.genAttrs hosts (_: "/Users/${username}")
--- a/outputs/aarch64-darwin/tests/home-manager/expr.nix
+++ b/outputs/aarch64-darwin/tests/home-manager/expr.nix
@@ -6,6 +6,7 @@
  username = myvars.username;
  hosts = [
    "fern"
    "frieren"
  ];
 in
  lib.genAttrs
--- a/outputs/aarch64-linux/default.nix
+++ b/outputs/aarch64-linux/default.nix
@@ -0,0 +1,37 @@
 {
  lib,
  inputs,
  ...
 } @ args: let
  inherit (inputs) haumea;
  # Contains all the flake outputs of this system architecture.
  data = haumea.lib.load {
    src = ./src;
    inputs = args;
  };
  # nix file names is redundant, so we remove it.
  dataWithoutPaths = builtins.attrValues data;
  # Merge all the machine's data into a single attribute set.
  outputs = {
    nixosConfigurations = lib.attrsets.mergeAttrsList (map (it: it.nixosConfigurations or {}) dataWithoutPaths);
    packages = lib.attrsets.mergeAttrsList (map (it: it.packages or {}) dataWithoutPaths);
    # colmena contains some meta info, which need to be merged carefully.
    colmenaMeta = {
      nodeNixpkgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeNixpkgs or {}) dataWithoutPaths);
      nodeSpecialArgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeSpecialArgs or {}) dataWithoutPaths);
    };
    colmena = lib.attrsets.mergeAttrsList (map (it: it.colmena or {}) dataWithoutPaths);
  };
 in
  outputs
  // {
    inherit data; # for debugging purposes
    # NixOS's unit tests.
    evalTests = haumea.lib.loadEvalTests {
      src = ./tests;
      inputs = args // {inherit outputs;};
    };
  }
--- a/outputs/aarch64-linux/src/12kingdoms-shoukei.nix
+++ b/outputs/aarch64-linux/src/12kingdoms-shoukei.nix
--- a/outputs/aarch64-linux/tests/home-manager/expected.nix
+++ b/outputs/aarch64-linux/tests/home-manager/expected.nix
@@ -4,7 +4,7 @@
 }: let
  username = myvars.username;
  hosts = [
-    "harmonica"
+    "shoukei-hyprland"
  ];
 in
-  lib.genAttrs hosts (_: "/Users/${username}")
+  lib.genAttrs hosts (_: "/home/${username}")
--- a/outputs/aarch64-linux/tests/home-manager/expr.nix
+++ b/outputs/aarch64-linux/tests/home-manager/expr.nix
@@ -0,0 +1,15 @@
 {
  myvars,
  lib,
  outputs,
 }: let
  username = myvars.username;
  hosts = [
    "shoukei-hyprland"
  ];
 in
  lib.genAttrs
  hosts
  (
    name: outputs.nixosConfigurations.${name}.config.home-manager.users.${username}.home.homeDirectory
  )
--- a/outputs/aarch64-linux/tests/hostname/expected.nix
+++ b/outputs/aarch64-linux/tests/hostname/expected.nix
@@ -0,0 +1,14 @@
 {
  lib,
  outputs,
 }: let
  specialExpected = {
    "shoukei-hyprland" = "shoukei";
  };
  specialHostNames = builtins.attrNames specialExpected;
  otherHosts = builtins.removeAttrs outputs.nixosConfigurations specialHostNames;
  otherHostsNames = builtins.attrNames otherHosts;
  # other hosts's hostName is the same as the nixosConfigurations name
  otherExpected = lib.genAttrs otherHostsNames (name: name);
 in (specialExpected // otherExpected)
--- a/outputs/aarch64-linux/tests/hostname/expr.nix
+++ b/outputs/aarch64-linux/tests/hostname/expr.nix
@@ -0,0 +1,9 @@
 {
  lib,
  outputs,
 }:
 lib.genAttrs
 (builtins.attrNames outputs.nixosConfigurations)
 (
  name: outputs.nixosConfigurations.${name}.config.networking.hostName
 )
--- a/outputs/aarch64-linux/tests/kernel/expected.nix
+++ b/outputs/aarch64-linux/tests/kernel/expected.nix
@@ -0,0 +1,8 @@
 {
  lib,
  outputs,
 }: let
  hostsNames = builtins.attrNames outputs.nixosConfigurations;
  expected = lib.genAttrs hostsNames (_: "aarch64-linux");
 in
  expected
--- a/outputs/aarch64-linux/tests/kernel/expr.nix
+++ b/outputs/aarch64-linux/tests/kernel/expr.nix
@@ -0,0 +1,9 @@
 {
  lib,
  outputs,
 }:
 lib.genAttrs
 (builtins.attrNames outputs.nixosConfigurations)
 (
  name: outputs.nixosConfigurations.${name}.config.boot.kernelPackages.kernel.system
 )
--- a/outputs/default.nix
+++ b/outputs/default.nix
@@ -34,12 +34,11 @@
  # modules for each supported system
  nixosSystems = {
    x86_64-linux = import ./x86_64-linux (args // {system = "x86_64-linux";});
-    # aarch64-linux = import ./aarch64-linux (args // {system = "aarch64-linux";});
+    aarch64-linux = import ./aarch64-linux (args // {system = "aarch64-linux";});
    # riscv64-linux = import ./riscv64-linux (args // {system = "riscv64-linux";});
  };
  darwinSystems = {
    aarch64-darwin = import ./aarch64-darwin (args // {system = "aarch64-darwin";});
    x86_64-darwin = import ./x86_64-darwin (args // {system = "x86_64-darwin";});
  };
  allSystems = nixosSystems // darwinSystems;
  allSystemNames = builtins.attrNames allSystems;
--- a/outputs/x86_64-darwin/default.nix
+++ b/outputs/x86_64-darwin/default.nix
@@ -1,30 +0,0 @@
 {
  lib,
  inputs,
  ...
 } @ args: let
  inherit (inputs) haumea;
  # Contains all the flake outputs of this system architecture.
  data = haumea.lib.load {
    src = ./src;
    inputs = args;
  };
  # nix file names is redundant, so we remove it.
  dataWithoutPaths = builtins.attrValues data;
  # Merge all the machine's data into a single attribute set.
  outputs = {
    darwinConfigurations = lib.attrsets.mergeAttrsList (map (it: it.darwinConfigurations or {}) dataWithoutPaths);
  };
 in
  outputs
  // {
    inherit data; # for debugging purposes
    # NixOS's unit tests.
    evalTests = haumea.lib.loadEvalTests {
      src = ./tests;
      inputs = args // {inherit outputs;};
    };
  }
--- a/outputs/x86_64-darwin/src/harnomica.nix
+++ b/outputs/x86_64-darwin/src/harnomica.nix
@@ -1,36 +0,0 @@
 {
  # NOTE: the args not used in this file CAN NOT be removed!
  # because haumea pass argument lazily,
  # and these arguments are used in the functions like `mylib.nixosSystem`, `mylib.colmenaSystem`, etc.
  inputs,
  lib,
  mylib,
  myvars,
  system,
  genSpecialArgs,
  ...
 } @ args: let
  name = "harmonica";
  modules = {
    darwin-modules =
      (map mylib.relativeToRoot [
        # common
        "secrets/darwin.nix"
        "modules/darwin"
        # host specific
        "hosts/darwin-${name}"
      ])
      ++ [];
    home-modules = map mylib.relativeToRoot [
      "hosts/darwin-${name}/home.nix"
      "home/darwin"
    ];
  };
  systemArgs = modules // args;
 in {
  # macOS's configuration
  darwinConfigurations.${name} = mylib.macosSystem systemArgs;
 }
--- a/outputs/x86_64-darwin/tests/home-manager/expr.nix
+++ b/outputs/x86_64-darwin/tests/home-manager/expr.nix
@@ -1,15 +0,0 @@
 {
  myvars,
  lib,
  outputs,
 }: let
  username = myvars.username;
  hosts = [
    "harmonica"
  ];
 in
  lib.genAttrs
  hosts
  (
    name: outputs.darwinConfigurations.${name}.config.home-manager.users.${username}.home.homeDirectory
  )
--- a/outputs/x86_64-darwin/tests/hostname/expected.nix
+++ b/outputs/x86_64-darwin/tests/hostname/expected.nix
@@ -1,8 +0,0 @@
 {
  lib,
  outputs,
 }: let
  hostsNames = builtins.attrNames outputs.darwinConfigurations;
  expected = lib.genAttrs hostsNames (name: name);
 in
  expected
--- a/outputs/x86_64-darwin/tests/hostname/expr.nix
+++ b/outputs/x86_64-darwin/tests/hostname/expr.nix
@@ -1,9 +0,0 @@
 {
  lib,
  outputs,
 }:
 lib.genAttrs
 (builtins.attrNames outputs.darwinConfigurations)
 (
  name: outputs.darwinConfigurations.${name}.config.networking.hostName
 )
--- a/outputs/x86_64-linux/tests/home-manager/expected.nix
+++ b/outputs/x86_64-linux/tests/home-manager/expected.nix
@@ -5,7 +5,6 @@
  username = myvars.username;
  hosts = [
    "ai-hyprland"
    "shoukei-hyprland"
    "ruby"
    "k3s-prod-1-master-1"
  ];
--- a/outputs/x86_64-linux/tests/home-manager/expr.nix
+++ b/outputs/x86_64-linux/tests/home-manager/expr.nix
@@ -6,7 +6,6 @@
  username = myvars.username;
  hosts = [
    "ai-hyprland"
    "shoukei-hyprland"
    "ruby"
    "k3s-prod-1-master-1"
  ];
--- a/outputs/x86_64-linux/tests/hostname/expected.nix
+++ b/outputs/x86_64-linux/tests/hostname/expected.nix
@@ -4,7 +4,6 @@
 }: let
  specialExpected = {
    "ai-hyprland" = "ai";
    "shoukei-hyprland" = "shoukei";
  };
  specialHostNames = builtins.attrNames specialExpected;
--- a/secrets/README.md
+++ b/secrets/README.md
@@ -56,7 +56,6 @@ let
  # If you do not have this file, you can generate all the host keys by command:
  #    sudo ssh-keygen -A
  idol_ai = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHZtzeaQyXwuRMLzoOAuTu8P9bu5yc5MBwo5LI3iWBV root@ai";
  fern = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMokXUYcUy7tysH4tRR6pevFjyOP4cXMjpBSgBZggm9X root@fern";
  # A key for recovery purpose, generated by `ssh-keygen -t ed25519 -a 256 -C "ryan@agenix-recovery"` with a strong passphrase
  # and keeped it offline in a safe place.
--- a/templates/bevy/flake.nix
+++ b/templates/bevy/flake.nix
@@ -18,7 +18,6 @@
    systems = [
      "x86_64-linux"
      "aarch64-linux"
      "x86_64-darwin"
      "aarch64-darwin"
    ];
    # Helper function to generate a set of attributes for each system
--- a/vars/default.nix
+++ b/vars/default.nix
@@ -19,7 +19,6 @@
  # 2. Or just use hardware security keys like Yubikey/CanoKey.
  mainSshAuthorizedKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKlN+Q/GxvwxDX/OAjJHaNFEznEN4Tw4E4TwqQu/eD6 ryan@idols-ai"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFIznBmtZlMcVUL+uPFltLTNa8Y1J0aT1E36AXQV07su ryan@fern"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDc1PNTXzzvd93E+e9LXvnEzqgUI5gMTEF/IitvzgmL+ ryan@frieren"
  ];
  secondaryAuthorizedKeys = [
`@@ -1,2 +1,2 @@`
	`# generate lock file every time`	`# ignore flake.lock here, generate a new one every time install a new host`
	`flake.lock`	`flake.lock`