feat: redesign the project structure

modules/nixos/core-desktop.nix

@@ -0,0 +1,179 @@
+{ config, pkgs, devenv, ... }:
+
+{
+  # enable flakes globally
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # Set your time zone.
+  time.timeZone = "Asia/Shanghai";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "zh_CN.UTF-8";
+    LC_IDENTIFICATION = "zh_CN.UTF-8";
+    LC_MEASUREMENT = "zh_CN.UTF-8";
+    LC_MONETARY = "zh_CN.UTF-8";
+    LC_NAME = "zh_CN.UTF-8";
+    LC_NUMERIC = "zh_CN.UTF-8";
+    LC_PAPER = "zh_CN.UTF-8";
+    LC_TELEPHONE = "zh_CN.UTF-8";
+    LC_TIME = "zh_CN.UTF-8";
+  };
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+
+  # all fonts are linked to /nix/var/nix/profiles/system/sw/share/X11/fonts
+  fonts = {
+    # use fonts specified by user rather than default ones
+    enableDefaultFonts = false;
+    fontDir.enable = true;
+
+    fonts = with pkgs; [
+      # icon fonts
+      material-design-icons
+      font-awesome
+
+      # Noto 系列字体是 Google 主导的，名字的含义是「没有豆腐」（no tofu），因为缺字时显示的方框或者方框被叫作 tofu
+      # Noto 系列字族名只支持英文，命名规则是 Noto + Sans 或 Serif + 文字名称。
+      # 其中汉字部分叫 Noto Sans/Serif CJK SC/TC/HK/JP/KR，最后一个词是地区变种。
+      noto-fonts        # 大部分文字的常见样式，不包含汉字
+      noto-fonts-cjk    # 汉字部分
+      noto-fonts-emoji  # 彩色的表情符号字体
+      noto-fonts-extra  # 提供额外的字重和宽度变种
+
+      # 思源系列字体是 Adobe 主导的。其中汉字部分被称为「思源黑体」和「思源宋体」，是由 Adobe + Google 共同开发的
+      source-sans       # 无衬线字体，不含汉字。字族名叫 Source Sans 3 和 Source Sans Pro，以及带字重的变体，加上 Source Sans 3 VF
+      source-serif      # 衬线字体，不含汉字。字族名叫 Source Code Pro，以及带字重的变体
+      source-han-sans   # 思源黑体
+      source-han-serif  # 思源宋体
+
+      # nerdfonts
+      (nerdfonts.override { fonts = [
+        "FiraCode"
+        "JetBrainsMono"
+        "Iosevka"
+      ];})
+
+      (pkgs.callPackage ../../fonts/icomoon-feather-icon-font.nix { })
+
+      # arch linux icon, used temporarily in waybar
+      (pkgs.callPackage ../../fonts/archcraft-icon-font.nix { })
+
+    ];
+
+    # user defined fonts
+    # the reason there's Noto Color Emoji everywhere is to override DejaVu's
+    # B&W emojis that would sometimes show instead of some Color emojis
+    fontconfig.defaultFonts = {
+      serif = [ "Noto Serif" "Noto Color Emoji" ];
+      sansSerif = [ "Noto Sans" "Noto Color Emoji" ];
+      monospace = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" ];
+      emoji = [ "Noto Color Emoji" ];
+    };
+  };
+
+  programs.dconf.enable = true;
+
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = false;
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    settings = {
+      X11Forwarding = true;
+      PermitRootLogin = "no";         # disable root login
+      PasswordAuthentication = false; # disable password login
+    };
+    openFirewall = true;
+  };
+
+  # The OpenSSH agent remembers private keys for you
+  # so that you don’t have to type in passphrases every time you make an SSH connection. 
+  # Use `ssh-add` to add a key to the agent.
+  programs.ssh.startAgent = true;
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    wget
+    curl
+    git      # used by nix flakes
+    git-lfs  # used by huggingface models
+
+    devenv.packages."${pkgs.system}".devenv
+  ];
+
+  # replace default editor with neovim
+  environment.variables.EDITOR = "nvim";
+
+  # Enable sound with pipewire.
+  sound.enable = true;
+  hardware.pulseaudio.enable = false;
+
+  # https://flatpak.org/setup/NixOS
+  services.flatpak.enable = true;
+
+  # security with polkit
+  services.power-profiles-daemon = {
+    enable = true;
+  };
+  security.polkit.enable = true;
+  # security with gnome-kering
+  services.gnome.gnome-keyring.enable = true;
+  security.pam.services.greetd.enableGnomeKeyring = true;
+
+  services = {
+    dbus.packages = [ pkgs.gcr ];
+
+    geoclue2.enable = true;
+
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+      # If you want to use JACK applications, uncomment this
+      jack.enable = true;
+
+      # use the example session manager (no others are packaged yet so this is enabled by default,
+      # no need to redefine it in your config for now)
+      #media-session.enable = true;
+    };
+
+    udev.packages = with pkgs; [ 
+      gnome.gnome-settings-daemon
+      platformio  # udev rules for platformio
+      android-udev-rules
+    ];
+  };
+
+  # android development tools, this will install adb/fastboot and other android tools and udev rules
+  # see https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/programs/adb.nix
+  programs.adb.enable = true;
+
+
+  xdg.portal = {
+    enable = true;
+    wlr.enable = true;
+    xdgOpenUsePortal = true;
+    extraPortals = with pkgs; [
+      xdg-desktop-portal-wlr  # for wlroots based compositors
+      xdg-desktop-portal-gtk  # for gtk
+      # xdg-desktop-portal-kde  # for kde
+    ];
+  };
+
+  # for power management
+  services.upower.enable = true;
+}

modules/nixos/core-server.nix

@@ -0,0 +1,96 @@
+{ config, pkgs, devenv, ... }:
+
+{
+  # enable flakes globally
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # Set your time zone.
+  time.timeZone = "Asia/Shanghai";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "zh_CN.UTF-8";
+    LC_IDENTIFICATION = "zh_CN.UTF-8";
+    LC_MEASUREMENT = "zh_CN.UTF-8";
+    LC_MONETARY = "zh_CN.UTF-8";
+    LC_NAME = "zh_CN.UTF-8";
+    LC_NUMERIC = "zh_CN.UTF-8";
+    LC_PAPER = "zh_CN.UTF-8";
+    LC_TELEPHONE = "zh_CN.UTF-8";
+    LC_TIME = "zh_CN.UTF-8";
+  };
+
+  # all fonts are linked to /nix/var/nix/profiles/system/sw/share/X11/fonts
+  fonts = {
+    # use fonts specified by user rather than default ones
+    enableDefaultFonts = false;
+    fontDir.enable = true;
+
+    fonts = with pkgs; [
+      # icon fonts
+      material-design-icons
+      font-awesome
+
+      # 思源系列字体是 Adobe 主导的。其中汉字部分被称为「思源黑体」和「思源宋体」，是由 Adobe + Google 共同开发的
+      source-sans       # 无衬线字体，不含汉字。字族名叫 Source Sans 3 和 Source Sans Pro，以及带字重的变体，加上 Source Sans 3 VF
+      source-han-sans   # 思源黑体
+
+      # nerdfonts
+      (nerdfonts.override { fonts = [
+        "FiraCode"
+        "JetBrainsMono"
+        "Iosevka"
+      ];})
+    ];
+
+    # user defined fonts
+    # the reason there's Noto Color Emoji everywhere is to override DejaVu's
+    # B&W emojis that would sometimes show instead of some Color emojis
+    fontconfig.defaultFonts = {
+      sansSerif = [ "Noto Sans" "Noto Color Emoji" ];
+      monospace = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" ];
+      emoji = [ "Noto Color Emoji" ];
+    };
+  };
+
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = false;
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    settings = {
+      X11Forwarding = true;
+      PermitRootLogin = "no";         # disable root login
+      PasswordAuthentication = false; # disable password login
+    };
+    openFirewall = true;
+  };
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    wget
+    curl
+    aria2
+    git      # used by nix flakes
+    git-lfs  # used by huggingface models
+  ];
+
+  # replace default editor with neovim
+  environment.variables.EDITOR = "nvim";
+
+  # for power management
+  services.power-profiles-daemon = {
+    enable = true;
+  };
+  services.upower.enable = true;
+}

modules/nixos/fhs-fonts.nix

@@ -0,0 +1,26 @@
+# copy from https://github.com/NixOS/nixpkgs/issues/119433#issuecomment-1326957279
+# mainly for flatpak
+# bindfs resolves all symlink, 
+# allowing all fonts to be accessed at `/usr/share/fonts`
+# without letting /nix into the sandbox.
+{ config, pkgs, ... }:
+
+{
+  system.fsPackages = [ pkgs.bindfs ];
+  fileSystems = let
+    mkRoSymBind = path: {
+      device = path;
+      fsType = "fuse.bindfs";
+      options = [ "ro" "resolve-symlinks" "x-gvfs-hide" ];
+    };
+    aggregatedFonts = pkgs.buildEnv {
+      name = "system-fonts";
+      paths = config.fonts.fonts;
+      pathsToLink = [ "/share/fonts" ];
+    };
+  in {
+    # Create an FHS mount to support flatpak host icons/fonts
+    "/usr/share/icons" = mkRoSymBind (config.system.path + "/share/icons");
+    "/usr/share/fonts" = mkRoSymBind (aggregatedFonts + "/share/fonts");
+  };
+}

modules/nixos/gui-apps.nix

@@ -0,0 +1,17 @@
+{ config, pkgs, ... }:
+
+{
+  # this params has problem with home-manager,
+  # so defined as NixOS Module here.
+  nixpkgs.config.permittedInsecurePackages = [
+    "electron-19.0.7"  # required by wechat-uos, and it's already EOL
+    "openssl-1.1.1t"   # OpenSSL 1.1 is reaching its end of life on 2023/09/11
+  ];
+
+  environment.systemPackages = with config.nur.repos.xddxdd; [
+    # packages from nur-xddxdd
+    wechat-uos
+  ];
+
+  # flatpack is recommended to install other apps such as netease-cloud-music/qqmusic/...
+}

modules/nixos/hyprland.nix

@@ -0,0 +1,76 @@
+{pkgs, ...}:
+
+
+{
+  # i3wm: old and stable, only support X11
+  # sway: compatible with i3wm, support Wayland. do not support Nvidia GPU officially.
+  # hyprland: project starts from 2022, support Wayland, envolving fast, good looking, support Nvidia GPU.
+
+  environment.pathsToLink = [ "/libexec" ]; # links /libexec from derivations to /run/current-system/sw
+  services.xserver = {
+    enable = true;
+
+    desktopManager = {
+      xterm.enable = false;
+    };
+
+    displayManager = {
+      defaultSession = "hyprland";
+      lightdm.enable = false;
+      gdm = {
+        enable = true;
+        wayland = true;
+      };
+    };
+  };
+
+  programs.hyprland = {
+    enable = true;
+
+    xwayland = {
+      enable = true;
+      hidpi = true;
+    };
+
+    nvidiaPatches = true;
+  };
+  programs.light.enable = true;     # monitor backlight control
+
+
+  # thunar file manager(part of xfce) related options
+  programs.thunar.plugins = with pkgs.xfce; [
+    thunar-archive-plugin
+    thunar-volman
+  ];
+  services.gvfs.enable = true; # Mount, trash, and other functionalities
+  services.tumbler.enable = true; # Thumbnail support for images
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    waybar        # the status bar
+    swaybg        # the wallpaper
+    swayidle      # the idle timeout
+    swaylock      # locking the screen
+    wlogout       # logout menu
+    wl-clipboard  # copying and pasting
+
+    wf-recorder   # creen recording
+    grim      # taking screenshots
+    slurp     # selecting a region to screenshot
+    # TODO replace by `flameshot gui --raw | wl-copy`
+
+    wofi      # A rofi inspired launcher for wlroots compositors such as sway/hyprland
+    mako      # the notification daemon, the same as dunst
+
+    yad      # a fork of zenity, for creating dialogs
+
+    # 用于播放系统音效
+    mpd      # for playing system sounds
+    mpc-cli  # command-line mpd client
+    ncmpcpp  # a mpd client with a UI
+    networkmanagerapplet  # provide GUI app: nm-connection-editor 
+
+    xfce.thunar  # xfce4's file manager
+  ];
+}

modules/nixos/i3.nix

@@ -0,0 +1,58 @@
+{pkgs, ...}:
+
+
+{
+
+  # i3 related options
+  environment.pathsToLink = [ "/libexec" ]; # links /libexec from derivations to /run/current-system/sw
+  services.xserver = {
+    enable = true;
+
+    desktopManager = {
+      xterm.enable = false;
+    };
+
+    displayManager = {
+      defaultSession = "none+i3";
+      lightdm.enable = false;
+      gdm.enable = true;
+    };
+
+    windowManager.i3 = {
+      enable = true;
+      extraPackages = with pkgs; [
+        rofi          # application launcher, the same as dmenu
+        dunst         # notification daemon
+        i3blocks      # status bar
+        i3lock        # default i3 screen locker
+        xautolock     # lock screen after some time
+        i3status      # provide information to i3bar
+        i3-gaps       # i3 with gaps
+        picom         # transparency and shadows
+        feh           # set wallpaper
+        acpi          # battery information
+        arandr        # screen layout manager
+        dex           # autostart applications
+        xbindkeys     # bind keys to commands
+        xorg.xbacklight  # control screen brightness, the same as light
+        xorg.xdpyinfo      # get screen information
+        scrot    # minimal screen capture tool, used by i3 blur lock to take a screenshot
+        sysstat       # get system information
+
+        xfce.thunar  # xfce4's file manager
+     ];
+    };
+
+    # Configure keymap in X11
+    layout = "us";
+    xkbVariant = "";
+  };
+
+  # thunar file manager(part of xfce) related options
+  programs.thunar.plugins = with pkgs.xfce; [
+    thunar-archive-plugin
+    thunar-volman
+  ];
+  services.gvfs.enable = true; # Mount, trash, and other functionalities
+  services.tumbler.enable = true; # Thumbnail support for images
+}

modules/nixos/user_group.nix

@@ -0,0 +1,18 @@
+{config, pkgs, ...}:
+
+{
+  users.groups = {
+    ryan = {};
+    docker = {};
+    wireshark = {};
+  };
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.ryan = {
+    isNormalUser = true;
+    description = "ryan";
+    extraGroups = [ "ryan" "users" "networkmanager" "wheel" "docker" "wireshark" "adbusers" ];
+    openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJx3Sk20pLL1b2PPKZey2oTyioODrErq83xG78YpFBoj"
+    ];
+  };
+}