starred/nix-config
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-05-28 18:39:31 +02:00
Code Issues Packages Projects Releases 10 Wiki Activity

Compare commits

base: starred/nix-config:dma-shell
Branches Tags
starred/nix-config:main starred/nix-config:dma-shell starred/nix-config:i3-kickstarter
starred/nix-config:v0.15.0 starred/nix-config:v0.14.0 starred/nix-config:v0.13.0 starred/nix-config:v0.12.0 starred/nix-config:v0.11.0 starred/nix-config:v0.10.0 starred/nix-config:v0.9.0 starred/nix-config:v0.8.0 starred/nix-config:v0.7.0 starred/nix-config:v0.6.0 starred/nix-config:v0.5.5 starred/nix-config:v0.5.4 starred/nix-config:v0.5.3 starred/nix-config:v0.5.2 starred/nix-config:v0.5.1 starred/nix-config:v0.5.0 starred/nix-config:v0.4.5 starred/nix-config:v0.4.4 starred/nix-config:v0.4.3 starred/nix-config:v0.4.2 starred/nix-config:v0.4.1 starred/nix-config:v0.4.0 starred/nix-config:v0.3.0 starred/nix-config:v0.2.2 starred/nix-config:v0.2.1 starred/nix-config:v0.2.0 starred/nix-config:v0.1.1 starred/nix-config:v0.1.0 starred/nix-config:v0.0.5 starred/nix-config:v0.0.4 starred/nix-config:v0.0.3 starred/nix-config:v0.0.2 starred/nix-config:v0.0.1
..
compare: starred/nix-config:i3-kickstarter
Branches Tags
starred/nix-config:main starred/nix-config:dma-shell starred/nix-config:i3-kickstarter
starred/nix-config:v0.15.0 starred/nix-config:v0.14.0 starred/nix-config:v0.13.0 starred/nix-config:v0.12.0 starred/nix-config:v0.11.0 starred/nix-config:v0.10.0 starred/nix-config:v0.9.0 starred/nix-config:v0.8.0 starred/nix-config:v0.7.0 starred/nix-config:v0.6.0 starred/nix-config:v0.5.5 starred/nix-config:v0.5.4 starred/nix-config:v0.5.3 starred/nix-config:v0.5.2 starred/nix-config:v0.5.1 starred/nix-config:v0.5.0 starred/nix-config:v0.4.5 starred/nix-config:v0.4.4 starred/nix-config:v0.4.3 starred/nix-config:v0.4.2 starred/nix-config:v0.4.1 starred/nix-config:v0.4.0 starred/nix-config:v0.3.0 starred/nix-config:v0.2.2 starred/nix-config:v0.2.1 starred/nix-config:v0.2.0 starred/nix-config:v0.1.1 starred/nix-config:v0.1.0 starred/nix-config:v0.0.5 starred/nix-config:v0.0.4 starred/nix-config:v0.0.3 starred/nix-config:v0.0.2 starred/nix-config:v0.0.1

12 Commits
dma-shell .. i3-kickstarter

Author SHA1 Message Date
Ryan Yin b9c1b10135 fix: issue #202 2025-07-12 15:55:13 +08:00
Ryan Yin d4847c44ce Merge pull request #191 from ryan4yin/i3-kickstarter-nixos-25.05 
feat: upgrade to nixos-25.05
 2025-05-29 12:25:29 +08:00
Ryan Yin 1f0a26524b fix: issues after upgrade nixos 2025-05-29 12:23:29 +08:00
Ryan Yin 7dc769aad2 fix: command in README 2025-05-29 12:14:13 +08:00
Ryan Yin 938cf720fd feat: upgrade to nixos-25.05 2025-05-29 12:04:56 +08:00
Ryan Yin 7a5587d14d fix: typo #190 2025-05-29 12:03:21 +08:00
Ryan Yin d384607345 feat: bump nixos to 24.05 2024-08-16 11:18:35 +08:00
Ryan Yin adc91138c5 feat: multi user 2024-08-16 10:55:54 +08:00
Ryan Yin 42bcfeb47c feat: add gitignore 2024-08-16 10:15:54 +08:00
Ryan Yin 82b65f7753 feat: upgrade to nixos-23.11 2023-12-09 22:58:13 +08:00
Ryan Yin 5237bf31c5 nix.settings.substituters(system-level) & nixConfig.extra-substituers(flake-only) 2023-12-09 16:16:22 +08:00
Ryan Yin abdf6d181b fix: set this variable make i3 failed to start XAUTHORITY 2023-09-11 00:25:03 +08:00
523 changed files with 4840 additions and 124280 deletions
Expand all files Collapse all files
.envrc
-1
View File
@@ -1 +0,0 @@
use flake
.gitattributes
-3
View File
@@ -1,3 +0,0 @@
# https://github.com/github-linguist/linguist/blob/master/docs/overrides.md
home/linux/desktop/i3/conf/polybar/** linguist-vendored
.github/FUNDING.yml
-3
View File
@@ -1,3 +0,0 @@
github: ryan4yin
patreon: ryan4yin
custom: ["https://buymeacoffee.com/ryan4yin"]
.github/workflows/flake_evaltests.yml
-42
View File
@@ -1,42 +0,0 @@
name: Nix Flake Eval Tests
on:
push:
branches:
- main
paths-ignore:
- "scripts/**"
- "**.md"
- "**.nu"
- "Justfile"
pull_request:
branches:
- main
paths-ignore:
- "scripts/**"
- "**.md"
- "**.nu"
- "Justfile"
jobs:
checks:
name: Check expressions
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Install nix
uses: cachix/install-nix-action@v31
with:
install_url: https://nixos.org/nix/install
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
experimental-features = nix-command flakes
- name: Run Nix Flake Eval Tests
run: |
echo 'Flake Eval Tests'
# stack overflow...
# nix eval .#checks --show-trace --print-build-logs --verbose
nix eval .#evalTests --show-trace --print-build-logs --verbose
.github/workflows/mirror_to_gitee.yml
-32
View File
@@ -1,32 +0,0 @@
name: Mirror this repo to Gitee
on:
push:
branches:
- main
tags:
- "*"
jobs:
mirror:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Mirror repo to Gitee
id: mirror-to-gitee
shell: bash
env:
INPUT_SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY_GITEE_MIRROR }}
INPUT_TARGET_REPO_URL: git@gitee.com:ryan_yin/nix-config.git
run: |
set -eu
mkdir -p ~/.ssh
echo "$INPUT_SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
export GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no"
git remote add mirror "$INPUT_TARGET_REPO_URL"
git push --tags --force --prune mirror "refs/remotes/origin/*:refs/heads/*"
.gitignore
-5
View File
@@ -1,11 +1,6 @@
.Trash-1000/
result result
result/ result/
.direnv/ .direnv/
.DS_Store .DS_Store
.pre-commit-config.yaml .pre-commit-config.yaml
logs/ logs/
core*
!core/
!core.nix
!coredns*
.prettierignore
-8
View File
@@ -1,8 +0,0 @@
LICENSE.md
dist
pnpm-lock.yaml
flake.lock
vercel.json
cache
temp
.temp
.prettierrc.yaml
-6
View File
@@ -1,6 +0,0 @@
# https://prettier.io/docs/en/options
semi: false
singleQuote: false
printWidth: 100
proseWrap: always # always change wrapping in markdown text
trailingComma: es5
.typos.toml
-45
View File
@@ -1,45 +0,0 @@
[files]
# Respect .ignore files.
ignore-dot = true
# Respect ignore files.
ignore-files = true
# Typos-specific ignore globs (gitignore syntax).
# NOTE: This setting is ignored when you pass the path directly on the command line, as cachix/git-hooks.nix does.
# To ignore those files, you must also exclude those directories via git-hooks.hooks.typos.settings.exclude.
extend-exclude = [
"data/",
"rime-data/",
]
[default]
# Check binary files as text.
binary = false
# Verify spelling in file names.
check-filename = true
# ignore some special identifiers(sha256, mac address, crypto keys, etc)
extend-ignore-re = [
"iterm2",
"iHgEIBYKACAWIQSizQe9ljFEyyclWmtVhZllwnQrSwUCZZ1T9wIdAAAKCRBVhZll", # crypto keys
"noice", # noice.nvim
"crypted-nixos",
"daed",
# catppuccin theme colors
"11111b",
"1e1e2e",
"313244",
"414356",
"45475a",
"585b70",
"89b4fa",
"94e2d5",
"a6adc8",
"a6e3a1",
"bac2de",
"cdd6f4",
"f38ba8",
"f5c2e7",
"f5e0dc",
"f9e2af",
"fab387",
]
Justfile
-352
View File
@@ -1,352 +0,0 @@
# just is a command runner, Justfile is very similar to Makefile, but simpler.
# Use nushell for shell commands
# To use this justfile, you need to enter a shell with just & nushell installed:
#
# nix shell nixpkgs#just nixpkgs#nushell
set shell := ["nu", "-c"]
utils_nu := absolute_path("utils.nu")
############################################################################
#
# Common commands(suitable for all machines)
#
############################################################################
# List all the just commands
default:
@just --list
# Run eval tests
[group('nix')]
test:
nix eval .#evalTests --show-trace --print-build-logs --verbose
# Update all the flake inputs
[group('nix')]
up:
nix flake update --commit-lock-file
# Update specific input
# Usage: just upp nixpkgs
[group('nix')]
upp input:
nix flake update {{input}} --commit-lock-file
# List all generations of the system profile
[group('nix')]
history:
nix profile history --profile /nix/var/nix/profiles/system
# Open a nix shell with the flake
[group('nix')]
repl:
nix repl -f flake:nixpkgs
# remove all generations older than 7 days
# on darwin, you may need to switch to root user to run this command
[group('nix')]
clean:
# Wipe out NixOS's history
sudo nix profile wipe-history --profile /nix/var/nix/profiles/system --older-than 7d
# Wipe out home-manager's history
nix profile wipe-history --profile $"($env.XDG_STATE_HOME)/nix/profiles/home-manager" --older-than 7d
# Garbage collect all unused nix store entries
[group('nix')]
gc:
# garbage collect all unused nix store entries(system-wide)
sudo nix-collect-garbage --delete-older-than 7d
# garbage collect all unused nix store entries(for the user - home-manager)
# https://github.com/NixOS/nix/issues/8508
nix-collect-garbage --delete-older-than 7d
# Enter a shell session which has all the necessary tools for this flake
[linux]
[group('nix')]
shell:
nix shell nixpkgs#git nixpkgs#neovim nixpkgs#colmena
# Enter a shell session which has all the necessary tools for this flake
[macos]
[group('nix')]
shell:
nix shell nixpkgs#git nixpkgs#neovim
[group('nix')]
fmt:
# format the nix files in this repo
ls **/*.nix | each { |it| nixfmt $it.name }
# Show all the auto gc roots in the nix store
[group('nix')]
gcroot:
ls -al /nix/var/nix/gcroots/auto/
# Verify all the store entries
# Nix Store can contains corrupted entries if the nix store object has been modified unexpectedly.
# This command will verify all the store entries,
# and we need to fix the corrupted entries manually via `sudo nix store delete <store-path-1> <store-path-2> ...`
[group('nix')]
verify-store:
nix store verify --all
# Repair Nix Store Objects
[group('nix')]
repair-store *paths:
nix store repair {{paths}}
# Update all Nixpkgs inputs
[group('nix')]
up-nix:
nix flake update --commit-lock-file nixpkgs-stable nixpkgs-master nixpkgs-darwin nixpkgs-patched
# override nixpkgs's commit hash
[group('nix')]
override-pkgs hash:
nix flake update --commit-lock-file nixpkgs --override-input nixpkgs github:NixOS/nixpkgs/{{hash}}
############################################################################
#
# NixOS Desktop related commands
#
############################################################################
# Deploy the nixosConfiguration by hostname match
[linux]
[group('homelab')]
local mode="default":
#!/usr/bin/env nu
use {{utils_nu}} *;
nixos-switch (hostname) {{mode}}
# Deploy the niri nixosConfiguration by hostname match
[linux]
[group('desktop')]
niri mode="default":
#!/usr/bin/env nu
use {{utils_nu}} *;
nixos-switch $"(hostname)-niri" {{mode}}
############################################################################
#
# Darwin related commands
#
############################################################################
[macos]
[group('desktop')]
darwin-set-proxy:
sudo python3 scripts/darwin_set_proxy.py
sleep 1sec
[macos]
[group('desktop')]
darwin-rollback:
#!/usr/bin/env nu
use {{utils_nu}} *;
darwin-rollback
# Deploy the darwinConfiguration by hostname match
[macos]
[group('desktop')]
local mode="default":
#!/usr/bin/env nu
use {{utils_nu}} *;
darwin-build (hostname) {{mode}};
darwin-switch (hostname) {{mode}}
# Reset launchpad to force it to reindex Applications
[macos]
[group('desktop')]
reset-launchpad:
defaults write com.apple.dock ResetLaunchPad -bool true
killall Dock
############################################################################
#
# Homelab - Kubevirt Cluster related commands
#
############################################################################
# Remote deployment via colmena
[linux]
[group('homelab')]
col tag:
colmena apply --on '@{{tag}}' --verbose --show-trace
# Build and upload a vm image
[linux]
[group('homelab')]
upload-vm name mode="default":
#!/usr/bin/env nu
use {{utils_nu}} *;
upload-vm {{name}} {{mode}}
# Deploy all the KubeVirt nodes(Physical machines running KubeVirt)
[linux]
[group('homelab')]
lab:
colmena apply --on '@virt-*' --verbose --show-trace
[linux]
[group('homelab')]
shoryu:
colmena apply --on '@kubevirt-shoryu' --verbose --show-trace
[linux]
[group('homelab')]
shushou:
colmena apply --on '@kubevirt-shushou' --verbose --show-trace
[linux]
[group('homelab')]
youko:
colmena apply --on '@kubevirt-youko' --verbose --show-trace
############################################################################
#
# Commands for other Virtual Machines
#
############################################################################
# Build and upload a vm image
[linux]
[group('homelab')]
upload-idols mode="default":
#!/usr/bin/env nu
use {{utils_nu}} *;
upload-vm aquamarine {{mode}}
upload-vm ruby {{mode}}
upload-vm kana {{mode}}
[linux]
[group('homelab')]
aqua:
colmena apply --on '@aqua' --verbose --show-trace
[linux]
[group('homelab')]
ruby:
colmena apply --on '@ruby' --verbose --show-trace
[linux]
[group('homelab')]
kana:
colmena apply --on '@kana' --verbose --show-trace
############################################################################
#
# Kubernetes related commands
#
############################################################################
# Build and upload a vm image
[linux]
[group('homelab')]
upload-k3s-prod mode="default":
#!/usr/bin/env nu
use {{utils_nu}} *;
upload-vm k3s-prod-1-master-1 {{mode}};
upload-vm k3s-prod-1-master-2 {{mode}};
upload-vm k3s-prod-1-master-3 {{mode}};
upload-vm k3s-prod-1-worker-1 {{mode}};
upload-vm k3s-prod-1-worker-2 {{mode}};
upload-vm k3s-prod-1-worker-3 {{mode}};
[linux]
[group('homelab')]
upload-k3s-test mode="default":
#!/usr/bin/env nu
use {{utils_nu}} *;
upload-vm k3s-test-1-master-1 {{mode}};
upload-vm k3s-test-1-master-2 {{mode}};
upload-vm k3s-test-1-master-3 {{mode}};
[linux]
[group('homelab')]
k3s-prod:
colmena apply --on '@k3s-prod-*' --verbose --show-trace
[linux]
[group('homelab')]
k3s-test:
colmena apply --on '@k3s-test-*' --verbose --show-trace
# =================================================
#
# Other useful commands
#
# =================================================
[group('common')]
path:
$env.PATH | split row ":"
[group('common')]
trace-access app *args:
strace -f -t -e trace=file {{app}} {{args}} | complete | $in.stderr | lines | find -v -r "(/nix/store|/newroot|/proc)" | parse --regex '"(/.+)"' | sort | uniq
[linux]
[group('common')]
penvof pid:
sudo cat $"/proc/($pid)/environ" | tr '\0' '\n'
# Remove all reflog entries and prune unreachable objects
[group('git')]
ggc:
git reflog expire --expire-unreachable=now --all
git gc --prune=now
# Amend the last commit without changing the commit message
[group('git')]
game:
git commit --amend -a --no-edit
# Delete all failed pods
[group('k8s')]
del-failed:
kubectl delete pod --all-namespaces --field-selector="status.phase==Failed"
[linux]
[group('services')]
list-inactive:
systemctl list-units -all --state=inactive
[linux]
[group('services')]
list-failed:
systemctl list-units -all --state=failed
[linux]
[group('services')]
list-systemd:
systemctl list-units systemd-*
# =================================================
#
# Nixpkgs Review via Github Action
# https://github.com/ryan4yin/nixpkgs-review-gha
#
# =================================================
# Run nixpkgs-review for PR
[linux]
[group('nixpkgs')]
pkg-review pr:
gh workflow run review.yml --repo ryan4yin/nixpkgs-review-gha -f x86_64-darwin=no -f post-result=true -f pr={{pr}}
# Run package tests for PR
[linux]
[group('nixpkgs')]
pkg-test pr pname:
gh workflow run review.yml --repo ryan4yin/nixpkgs-review-gha -f x86_64-darwin=no -f post-result=true -f pr={{pr}} -f extra-args="-p {{pname}}.passthru.tests"
# View the summary of a workflow
[linux]
[group('nixpkgs')]
pkg-summary:
gh workflow view review.yml --repo ryan4yin/nixpkgs-review-gha
LICENSE
-21
View File
@@ -1,21 +0,0 @@
MIT License
Copyright (c) 2023 Ryan Yin
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
README.md
+7 -184
View File
@@ -1,195 +1,18 @@
<h2 align="center">:snowflake: Ryan4Yin's Nix Config :snowflake:</h2> # Nix Configuration
<p align="center"> This repository is home to the nix code that builds my systems.
<img src="https://raw.githubusercontent.com/catppuccin/catppuccin/main/assets/palette/macchiato.png" width="400" />
</p>
<p align="center">
<a href="https://github.com/ryan4yin/nix-config/stargazers">
<img alt="Stargazers" src="https://img.shields.io/github/stars/ryan4yin/nix-config?style=for-the-badge&logo=starship&color=C9CBFF&logoColor=D9E0EE&labelColor=302D41"></a>
<a href="https://nixos.org/">
<img src="https://img.shields.io/badge/NixOS-25.11-informational.svg?style=for-the-badge&logo=nixos&color=F2CDCD&logoColor=D9E0EE&labelColor=302D41"></a>
<a href="https://github.com/ryan4yin/nixos-and-flakes-book">
<img src="https://img.shields.io/badge/Nix%20Flakes-learning-informational.svg?style=for-the-badge&logo=nixos&color=F2CDCD&logoColor=D9E0EE&labelColor=302D41"></a>
</a>
</p>
> My configuration is becoming more and more complex, and **it will be difficult for beginners to ## Why Nix?
> read**. If you are new to NixOS and want to know how I use NixOS, I would recommend you to take a
> look at the [ryan4yin/nix-config/releases](https://github.com/ryan4yin/nix-config/releases) first,
> **check out to some simpler older versions, such as
> [i3-kickstarter](https://github.com/ryan4yin/nix-config/tree/i3-kickstarter), which will be much
> easier to understand**.
This repository is home to the nix code that builds my systems: Nix allows for easy to manage, collaborative, reproducible deployments. This means that once something is setup and configured once, it works forever. If someone else shares their configuration, anyone can make use of it.
1. NixOS Desktops: NixOS with home-manager, niri, agenix, etc.
2. macOS Desktops: nix-darwin with home-manager, share the same home-manager configuration with
NixOS Desktops.
3. NixOS Servers: virtual machines running on Proxmox/KubeVirt, with various services, such as
kubernetes, homepage, prometheus, grafana, etc.
See [./hosts](./hosts) for details of each host. ## How to install Nix and Deploy this Flake?
See [./Virtual-Machine.md](./Virtual-Machine.md) for details of how to create & manage KubeVirt's After installed NixOS with `nix-command` & `flake` enabled, you can deploy this flake with the following command:
Virtual Machine from this flake.
## Why NixOS & Flakes?
Nix allows for easy-to-manage, collaborative, reproducible deployments. This means that once
something is setup and configured once, it works (almost) forever. If someone else shares their
configuration, anyone else can just use it (if you really understand what you're copying/referring
now).
As for Flakes, refer to
[Introduction to Flakes - NixOS & Nix Flakes Book](https://nixos-and-flakes.thiscute.world/nixos-with-flakes/introduction-to-flakes)
**Want to know NixOS & Flakes in detail? Looking for a beginner-friendly tutorial or best practices?
You don't have to go through the pain I've experienced again! Check out my
[NixOS & Nix Flakes Book - 🛠️ ❤️ An unofficial & opinionated :book: for beginners](https://github.com/ryan4yin/nixos-and-flakes-book)!**
> If you're using macOS, check out
> [ryan4yin/nix-darwin-kickstarter](https://github.com/ryan4yin/nix-darwin-kickstarter) for a quick
> start.
## Components
| | NixOS(Wayland) |
| -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- |
| **Window Manager** | [Niri][Niri] |
| **Terminal Emulator** | [Zellij][Zellij] + [foot][foot]/[Kitty][Kitty]/[Alacritty][Alacritty]/[Ghostty][Ghostty] |
| **Status Bar** / **Notifier** / **Launcher** / **lockscreens** | [noctalia-shell][noctalia-shell] |
| **Display Manager** | [tuigreet][tuigreet] |
| **Color Scheme** | [catppuccin-nix][catppuccin-nix] |
| **network management tool** | [NetworkManager][NetworkManager] |
| **Input method framework** | [Fcitx5][Fcitx5] + [rime][rime] + [小鹤音形 flypy][flypy] |
| **System resource monitor** | [Btop][Btop] |
| **File Manager** | [Yazi][Yazi] + [thunar][thunar] |
| **Shell** | [Nushell][Nushell] + [Starship][Starship] |
| **Media Player** | [mpv][mpv] |
| **Text Editor** | [Neovim][Neovim] |
| **Fonts** | [Nerd fonts][Nerd fonts] |
| **Image Viewer** | [imv][imv] |
| **Screenshot Software** | Niri's builtin function |
| **Screen Recording** | [OBS][OBS] |
| **Filesystem & Encryption** | tmpfs as `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] encrypted partition for persistent, unlock via passphrase |
| **Secure Boot** | [lanzaboote][lanzaboote] |
Wallpapers: https://github.com/ryan4yin/wallpapers
## Screenshots
![desktop](./_img/2026-01-05_niri-noctalia_desktop.webp)
![overview](./_img/2026-01-04_niri-noctalia_overview.webp)
![nvim](./_img/2026-01-04_niri-noctalia_nvim.webp)
## Neovim
See [./home/base/tui/editors/neovim/](./home/base/tui/editors/neovim/) for details.
## Secrets Management
See [./secrets](./secrets) for details.
## How to Deploy this Flake?
<!-- prettier-ignore -->
> :red_circle: **IMPORTANT**: **You should NOT deploy this flake directly on your machine :exclamation:
> It will not succeed.** This flake contains my hardware configuration(such as
> [hardware-configuration.nix](hosts/idols-ai/hardware-configuration.nix),
> [Nvidia Support](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols-ai/default.nix#L77-L91),
> etc.) which is not suitable for your hardware, and requires my private secrets repository
> [ryan4yin/nix-secrets](https://github.com/ryan4yin/nix-config/tree/main/secrets) to deploy. You
> may use this repo as a reference to build your own configuration.
For NixOS:
> To deploy this flake from NixOS's official ISO image (purest installation method), please refer to
> [./nixos-installer/](./nixos-installer/)
```bash ```bash
# deploy one of the configuration based on the hostname sudo nixos-rebuild switch --flake .#nixos-test
sudo nixos-rebuild switch --flake .#ai-niri
# Deploy the niri nixosConfiguration by hostname match
just niri
# or we can deploy with details
just niri debug
``` ```
For macOS:
```bash
# If you are deploying for the first time,
# 1. install nix & homebrew manually.
# 2. prepare the deployment environment with essential packages available
nix-shell -p just nushell
# 3. comment home-manager's code in lib/macosSystem.nix to speed up the first deployment.
# 4. comment out the proxy settings in scripts/darwin_set_proxy.py if the proxy is not ready yet.
# Deploy the darwinConfiguration by hostname match
just local
# deploy with details
just local debug
```
> [What y'all will need when Nix drives you to drink.](https://www.youtube.com/watch?v=Eni9PPPPBpg)
> (copy from hlissner's dotfiles, it really matches my feelings when I first started using NixOS...)
## References
Other dotfiles that inspired me:
- Nix Flakes
- [NixOS-CN/NixOS-CN-telegram](https://github.com/NixOS-CN/NixOS-CN-telegram)
- [notusknot/dotfiles-nix](https://github.com/notusknot/dotfiles-nix)
- [xddxdd/nixos-config](https://github.com/xddxdd/nixos-config)
- [bobbbay/dotfiles](https://github.com/bobbbay/dotfiles)
- [gytis-ivaskevicius/nixfiles](https://github.com/gytis-ivaskevicius/nixfiles)
- [davidtwco/veritas](https://github.com/davidtwco/veritas)
- [gvolpe/nix-config](https://github.com/gvolpe/nix-config)
- [Ruixi-rebirth/flakes](https://github.com/Ruixi-rebirth/flakes)
- [fufexan/dotfiles](https://github.com/fufexan/dotfiles): gtk theme, xdg, git, media, etc.
- [nix-community/srvos](https://github.com/nix-community/srvos): a collection of opinionated and
sharable NixOS configurations for servers
- Modularized NixOS Configuration
- [hlissner/dotfiles](https://github.com/hlissner/dotfiles)
- [viperML/dotfiles](https://github.com/viperML/dotfiles)
- Neovim/AstroNvim
- [maxbrunet/dotfiles](https://github.com/maxbrunet/dotfiles): astronvim with nix flakes.
- Misc
- [1amSimp1e/dots](https://github.com/1amSimp1e/dots)
[Niri]: https://github.com/YaLTeR/niri
[Kitty]: https://github.com/kovidgoyal/kitty
[foot]: https://codeberg.org/dnkl/foot
[Alacritty]: https://github.com/alacritty/alacritty
[Ghostty]: https://github.com/ghostty-org/ghostty
[Nushell]: https://github.com/nushell/nushell
[Starship]: https://github.com/starship/starship
[Fcitx5]: https://github.com/fcitx/fcitx5
[rime]: https://wiki.archlinux.org/title/Rime
[flypy]: https://flypy.cc/
[Btop]: https://github.com/aristocratos/btop
[mpv]: https://github.com/mpv-player/mpv
[Zellij]: https://github.com/zellij-org/zellij
[Neovim]: https://github.com/neovim/neovim
[AstroNvim]: https://github.com/AstroNvim/AstroNvim
[imv]: https://sr.ht/~exec64/imv/
[OBS]: https://obsproject.com
[Nerd fonts]: https://github.com/ryanoasis/nerd-fonts
[catppuccin-nix]: https://github.com/catppuccin/nix
[NetworkManager]: https://wiki.gnome.org/Projects/NetworkManager
[wl-clipboard]: https://github.com/bugaevc/wl-clipboard
[tuigreet]: https://github.com/apognu/tuigreet
[thunar]: https://gitlab.xfce.org/xfce/thunar
[Yazi]: https://github.com/sxyazi/yazi
[Catppuccin]: https://github.com/catppuccin/catppuccin
[Btrfs]: https://btrfs.readthedocs.io
[LUKS]: https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system
[lanzaboote]: https://github.com/nix-community/lanzaboote
[noctalia-shell]: https://github.com/noctalia-dev/noctalia-shell
Virtual-Machine.md
-26
View File
@@ -1,26 +0,0 @@
## How to create & managage KubeVirt's Virtual Machine from this flake?
Use `aquamarine` as an example, first build and upload the virtual machine's qcow2 image to the file
server:
```shell
just upload-vm aquamarine
```
Then create the virtual machine by creating a yaml file at
[ryan4yin/k8s-gitops](https://github.com/ryan4yin/k8s-gitops/tree/main/vms), set the
`spec.dataVolumeTemplates[0].source.http.url` to the uploaded file's URL, and fluxcd will
automatically apply the changes, then a virtual machine named `aquamarine` will be created in the
KubeVirt cluster.
Once the virtual machine `aquamarine` is created, we can deploy updates to it with the following
commands:
```shell
just col aquamarine
just col kubevirt-shoryu
just col k3s-test-1-master-1
```
If you're not familiar with remote deployment, please read this tutorial first:
[Remote Deployment - NixOS & Flakes Book](https://nixos-and-flakes.thiscute.world/best-practices/remote-deployment)
_img/12kingdoms-1.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 47 KiB

_img/12kingdoms-Youko-Rakushun.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 24 KiB

_img/2024-02-18_k8s-nodes-overview.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 97 KiB

_img/2024-03-07_orangepi5_suzu.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 61 KiB

_img/2024-03-07_orangepi5plus_rakushun.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 69 KiB

_img/2024-04-02_kubevirt-cluster-nodes.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 116 KiB

_img/2024-04-02_kubevirt-cluster-pods.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 981 KiB

_img/2026-01-04_niri-noctalia_nvim.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 463 KiB

_img/2026-01-04_niri-noctalia_overview.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 581 KiB

_img/2026-01-05_niri-noctalia_desktop.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 588 KiB

_img/astronvim_2023-07-13_00-39.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 249 KiB

_img/emacs-2024-01-07.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 253 KiB

_img/idols-ai.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 60 KiB

_img/idols-famaily.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 243 KiB

_img/myself.jpg
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 13 KiB

_img/nix-distributed-building-log.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 232 KiB

_img/nix-distributed-building.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 841 KiB

_img/nixos-riscv-cluster.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 362 KiB

_img/rolling_girls.webp
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 350 KiB

certs/.gitignore
-2
View File
@@ -1,2 +0,0 @@
*.key
*.csr
certs/README.md
-23
View File
@@ -1,23 +0,0 @@
# My Private PKI / CA
This is my private Private Key Infrastructure (PKI) / Certificate Authority (CA) for my personal
use. It is used to issue certificates for my own servers and services.
## Current Structure
- **ecc-ca.crt** - ECC CA certificate file
- **ecc-ca.srl** - CA serial number file for certificate tracking
- **ecc-csr.conf** - OpenSSL configuration file for certificate signing requests
- **ecc-server.crt** - Server certificate signed by the ECC CA
- **gen-certs.sh** - Shell script to generate certificates automatically
## Security Notes
All private keys (`.key` files) are ignored by git and stored in a private secrets repository. The
public certificates and configuration files are committed to this repository for reference.
## Usage
Run `./gen-certs.sh` to generate new certificates using the ECC CA configuration.
See [../secrets](../secrets/) for the corresponding private key management.
certs/ecc-ca.crt
-10
View File
@@ -1,10 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIBajCB8QIJAIwL98is2nQPMAoGCCqGSM49BAMEMB8xHTAbBgNVBAMMFFJ5YW40
WWluJ3MgUm9vdCBDQSAxMB4XDTI0MDQwMzA4NDgzM1oXDTM0MDQwMTA4NDgzM1ow
HzEdMBsGA1UEAwwUUnlhbjRZaW4ncyBSb290IENBIDEwdjAQBgcqhkjOPQIBBgUr
gQQAIgNiAAQ6ixMbsGZ/u/ZnwzOZ49naVL7rQxm9C74SboGytKcYBH03JjC7tgZ3
DylirxSLcTYHHtCz9ajdamP6+sgiGVpUODtfGSO+WmS+gAbLjCS37T41bkUhkx88
JU4NsGhjPXcwCgYIKoZIzj0EAwQDaAAwZQIwDrGLSdO+p/1uywkzqzdM/OnZs8bp
n60uBhUI7EZzDmrouOFeGx+dXYI5yy5AD/qDAjEA7fTQx+jccyOj4dimq1iU9+71
e/gWYg0rexfy/+9dQY6kvwMzv8Lnm6URaRMbE1Q/
-----END CERTIFICATE-----
certs/ecc-ca.srl
-1
View File
@@ -1 +0,0 @@
C050420A8E5A3C1E
certs/ecc-csr.conf
-22
View File
@@ -1,22 +0,0 @@
[ req ]
prompt = no
req_extensions = v3_ext
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
countryName = US
stateOrProvinceName = NYK
localityName = NYK
organizationName = Ryan4Yin
organizationalUnitName = Ryan4Yin
commonName = writefor.fun # deprecated, use subjectAltName(SAN) instead
emailAddress = rayn4yin@linux.com
[ alt_names ]
DNS.1 = writefor.fun
DNS.2 = *.writefor.fun
[ v3_ext ]
subjectAltName=@alt_names
basicConstraints = CA:false
extendedKeyUsage = serverAuth
certs/ecc-server.crt
-14
View File
@@ -1,14 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICKTCCAa6gAwIBAgIJAMBQQgqOWjweMAoGCCqGSM49BAMEMB8xHTAbBgNVBAMM
FFJ5YW40WWluJ3MgUm9vdCBDQSAxMB4XDTI0MDQwMzA4NDgzM1oXDTM0MDQwMTA4
NDgzM1owgYkxCzAJBgNVBAYTAlVTMQwwCgYDVQQIDANOWUsxDDAKBgNVBAcMA05Z
SzERMA8GA1UECgwIUnlhbjRZaW4xETAPBgNVBAsMCFJ5YW40WWluMRUwEwYDVQQD
DAx3cml0ZWZvci5mdW4xITAfBgkqhkiG9w0BCQEWEnJheW40eWluQGxpbnV4LmNv
bTB2MBAGByqGSM49AgEGBSuBBAAiA2IABCNTYKDq/I99NltQR5eKrrovQXp9BbLV
iuUdYmzFrAh+NC9ikiIqTfDwP+c+7QvDyI3KXu3KI2qPSPdxktZKDUPHK4p2Y2kZ
xKOI2IFTgTqV3uBciyx7ayWPTwBYxsTDmqNLMEkwJwYDVR0RBCAwHoIMd3JpdGVm
b3IuZnVugg4qLndyaXRlZm9yLmZ1bjAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsG
AQUFBwMBMAoGCCqGSM49BAMEA2kAMGYCMQCHw9YkDo15P9mqEObvxSUak8tQmhBB
9wB81Qg4c+JsMCZA1rMUB7GkNJj1Dr9rWLoCMQDSituLzmo/yPLEOrbNV83bj3/I
ikKgobSie3pMXm5ZG7krOXaunyFRR/bIkih2V2Q=
-----END CERTIFICATE-----
certs/gen-certs.sh
-22
View File
@@ -1,22 +0,0 @@
# 1. Generate the private key for Root CA
openssl ecparam -genkey -name secp384r1 -out ecc-ca.key
# 2. Generate the certificate for Root CA with the validity period of 10 years
# using the private key and some basic information
# NOTE: we specify sha512 as the signature algorithm, which is the key point
openssl req -x509 -new -SHA512 -key ecc-ca.key -subj "/CN=Ryan4Yin's Root CA 1" -days 3650 -out ecc-ca.crt
# 3. Generate the private key for web server
openssl ecparam -genkey -name secp384r1 -out ecc-server.key
# 4. Generate the certificate signing request (CSR) for the server certificate
# using the private key and the configuration file ecc-csr.conf
openssl req -new -SHA512 -key ecc-server.key -out ecc-server.csr -config ecc-csr.conf
# 5. Sign the server certificate with the Root CA's certificate and private key
# NOTE: we specify sha512 as the signature algorithm, which is the key point
openssl x509 -req -SHA512 -in ecc-server.csr -CA ecc-ca.crt -CAkey ecc-ca.key \
-CAcreateserial -out ecc-server.crt -days 3650 \
-extensions v3_ext -extfile ecc-csr.conf
# 6. Display the information of the certificates
openssl x509 -noout -text -in ecc-ca.crt
openssl x509 -noout -text -in ecc-server.crt
flake.lock
Generated
+17 -1228
View File
File diff suppressed because it is too large Load Diff
flake.nix
+61 -169
View File
@@ -1,5 +1,5 @@
{ {
description = "Ryan Yin's nix configuration for both NixOS & macOS"; description = "NixOS configuration of Ryan Yin";
################################################################################################################## ##################################################################################################################
# #
@@ -8,189 +8,81 @@
# #
################################################################################################################## ##################################################################################################################
outputs = inputs: import ./outputs inputs;
# the nixConfig here only affects the flake itself, not the system configuration! # the nixConfig here only affects the flake itself, not the system configuration!
# for more information, see:
# https://nixos-and-flakes.thiscute.world/nix-store/add-binary-cache-servers
nixConfig = { nixConfig = {
# substituers will be appended to the default substituters when fetching packages # substituers will be appended to the default substituters when fetching packages
# nix com extra-substituters = [munity's cache server
extra-substituters = [ extra-substituters = [
# "https://nix-gaming.cachix.org" "https://nix-community.cachix.org"
# "https://nixpkgs-wayland.cachix.org"
# "https://install.determinate.systems"
]; ];
extra-trusted-public-keys = [ extra-trusted-public-keys = [
# "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
# "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
# "cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM="
]; ];
}; };
# This is the standard format for flake.nix. `inputs` are the dependencies of the flake,
# Each item in `inputs` will be passed as a parameter to the `outputs` function after being pulled and built.
inputs = { inputs = {
# There are many ways to reference flake inputs. The most widely used is github:owner/name/reference, nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
# which represents the GitHub repository URL + branch/commit-id/tag. home-manager.url = "github:nix-community/home-manager/release-25.05";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
# Official NixOS package source, using nixos's unstable branch by default catppuccin-bat = {
# Find git commit hash with build status here(3 jobs per day): url = "github:catppuccin/bat";
# https://hydra.nixos.org/jobset/nixpkgs/unstable
# update via nix flake update nixpkgs --override-input nixpkgs github:NixOS/nixpkgs/<commit-hash>
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs-2505.url = "github:nixos/nixpkgs/nixos-25.05";
# nixpkgs with some custom patches
nixpkgs-patched.url = "github:ryan4yin/nixpkgs/nixos-unstable-patched";
# get some latest packages from the master branch
nixpkgs-master.url = "github:nixos/nixpkgs/master";
# for macos
# nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-25.11-darwin";
nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-unstable";
nix-darwin = {
url = "github:lnl7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs-darwin";
};
# home-manager, used for managing user configuration
home-manager = {
url = "github:nix-community/home-manager/master";
# url = "github:nix-community/home-manager/release-25.11";
# The `follows` keyword in inputs is used for inheritance.
# Here, `inputs.nixpkgs` of home-manager is kept consistent with the `inputs.nixpkgs` of the current flake,
# to avoid problems caused by different versions of nixpkgs dependencies.
inputs.nixpkgs.follows = "nixpkgs";
};
# https://github.com/catppuccin/nix
catppuccin = {
url = "github:catppuccin/nix";
inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.3";
inputs.nixpkgs.follows = "nixpkgs";
};
preservation = {
url = "github:nix-community/preservation";
};
# generate iso/qcow2/docker/... image from nixos configuration
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
# secrets management
agenix = {
# lock with git commit at May 18, 2025
url = "github:ryantm/agenix/4835b1dc898959d8547a871ef484930675cb47f1";
# replaced with a type-safe reimplementation to get a better error message and less bugs.
# url = "github:ryan4yin/ragenix";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko/v1.11.0";
inputs.nixpkgs.follows = "nixpkgs";
};
# add git hooks to format nix code before commit
pre-commit-hooks = {
url = "github:cachix/git-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nuenv = {
url = "github:DeterminateSystems/nuenv";
inputs.nixpkgs.follows = "nixpkgs";
};
haumea = {
url = "github:nix-community/haumea/v0.2.2";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpak = {
url = "github:nixpak/nixpak";
inputs.nixpkgs.follows = "nixpkgs";
};
ghostty = {
url = "github:ghostty-org/ghostty/tip"; # Latest Continuous Release
};
blender-bin = {
url = "github:edolstra/nix-warez?dir=blender";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-apple-silicon = {
# asahi-6.17.7-2
url = "github:nix-community/nixos-apple-silicon";
inputs.nixpkgs.follows = "nixpkgs";
};
helix = {
# Helix with steel as plugin system
# https://github.com/helix-editor/helix/pull/8675
url = "github:mattwparas/helix/steel-event-system";
inputs.nixpkgs.follows = "nixpkgs";
};
dms = {
url = "github:AvengeMedia/DankMaterialShell/stable";
inputs.nixpkgs.follows = "nixpkgs";
};
# -------------- Gaming ---------------------
nix-gaming = {
url = "github:fufexan/nix-gaming";
inputs.nixpkgs.follows = "nixpkgs";
};
aagl = {
url = "github:ezKEa/aagl-gtk-on-nix/release-25.11";
# inputs.nixpkgs.follows = "nixpkgs";
};
######################## Some non-flake repositories #########################################
nu_scripts = {
url = "github:ryan4yin/nu_scripts";
flake = false; flake = false;
}; };
};
######################## My own repositories ######################################### outputs = inputs @ {
self,
nixpkgs,
home-manager,
...
}: {
nixosConfigurations = {
nixos-test = let
username = "ryan";
specialArgs = {inherit username;};
in
nixpkgs.lib.nixosSystem {
inherit specialArgs;
system = "x86_64-linux";
# my private secrets, it's a private repository, you need to replace it with your own. modules = [
# use ssh protocol to authenticate via ssh-agent/ssh-key, and shallow clone to save time ./hosts/nixos-test
mysecrets = { ./users/${username}/nixos.nix
url = "git+ssh://git@github.com/ryan4yin/nix-secrets.git?shallow=1";
flake = false; home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = inputs // specialArgs;
home-manager.users.${username} = import ./users/${username}/home.nix;
}
];
};
msi-rtx4090 = let
username = "suzi"; # another username for this machine
specialArgs = {inherit username;};
in
nixpkgs.lib.nixosSystem {
inherit specialArgs;
system = "x86_64-linux";
modules = [
./hosts/msi-rtx4090
./users/${username}/nixos.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = inputs // specialArgs;
home-manager.users.${username} = import ./users/${username}/home.nix;
}
];
};
}; };
my-asahi-firmware = {
url = "git+ssh://git@github.com/ryan4yin/asahi-firmware.git?shallow=1";
flake = false;
};
# my wallpapers
wallpapers = {
url = "github:ryan4yin/wallpapers";
flake = false;
};
nur-ryan4yin = {
url = "github:ryan4yin/nur-packages";
inputs.nixpkgs.follows = "nixpkgs";
};
# for waydroid
# nur-ataraxiasjel.url = "github:AtaraxiaSjel/nur";
}; };
} }
hardening/README.md
-115
View File
@@ -1,115 +0,0 @@
# Linux Hardening
> Work in progress.
## Goal
- **System Level**: Protect critical files from being accessed by untrusted applications.
1. Such as browser cookies, SSH keys, etc.
- **Per-App Level**: Prevent untrusted applications(such as closed-source apps) from:
1. Accessing files they shouldn't.
- Such as a malicious application accessing your browser's cookies, SSH Keys, etc.
1. Accessing the network when they don't need to.
1. Accessing hardware devices they don't need.
## Current Structure
### 1. **System Level**
- **AppArmor** (`apparmor/`): AppArmor profiles and configuration
- **Kernel & System Hardening** (`profiles/`): System-wide hardening profiles
### 2. **Per-App Level**
- **Nixpak** (`nixpaks/`): Bubblewrap-based sandboxing for applications
- Firefox configuration
- QQ (Chinese messaging app) configuration
- Modular system with reusable components
- **Firejail** (legacy): SUID-based sandboxing (not used)
- **Bubblewrap** (`bwraps/`): Direct bubblewrap configurations
- WeChat sandboxing configuration
## Current Implementation Status
| Component | Status | Notes |
| ----------------- | --------- | ------------------------------ |
| AppArmor Profiles | 🚧 WIP | Basic structure in place |
| Nixpak Firefox | ✅ Active | Firefox sandboxing via nixpak |
| Nixpak QQ | ✅ Active | QQ application sandboxing |
| Bubblewrap WeChat | ✅ Active | WeChat specific sandboxing |
| System Profiles | 🚧 WIP | Hardened system configurations |
## Directory Structure
```
hardening/
├── README.md
├── apparmor/ # AppArmor security profiles
│ └── default.nix
├── bwraps/ # Direct bubblewrap configurations
│ ├── default.nix
│ └── wechat.nix
├── nixpaks/ # Nixpak application sandboxing
│ ├── default.nix
│ ├── firefox.nix
│ ├── qq.nix
│ └── modules/ # Reusable nixpak modules
│ ├── gui-base.nix
│ └── network.nix
└── profiles/ # System hardening profiles
└── default.nix
```
## Kernel Hardening
- NixOS Kernel Config:
https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/os-specific/linux/kernel/hardened/config.nix
## System Hardening
- NixOS Profile:
https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/profiles/hardened.nix
- Apparmor: [roddhjav/apparmor.d](https://github.com/roddhjav/apparmor.d)
- https://gitlab.com/apparmor/apparmor/-/wikis/Documentation
- AppArmor.d is a set of over 1500 AppArmor profiles whose aim is to confine most Linux based
applications and processes.
- But all the profiles of AppArmor assume a FHS filesystem, which caused all apparmor policies
takes no effect on NixOS.
- Apparmor on NixOS Roadmap:
- https://discourse.nixos.org/t/apparmor-on-nixos-roadmap/57217
- https://github.com/LordGrimmauld/aa-alias-manager
- SELinux: too complex, not recommended for personal use.
## Application Sandboxing
- [Bubblewrap](https://github.com/containers/bubblewrap):
[nixpak](https://github.com/nixpak/nixpak), more secure than firejail, but no batteries included.
- NixOS's FHSEnv is implemented using bubblewrap by default.
- [Firejail](https://github.com/netblue30/firejail/tree/master/etc): A SUID security sandbox with
hundreds of security profiles for many common applications in the default installation.
- https://wiki.nixos.org/wiki/Firejail
- Firejail needs SUID to work, which is considered a security risk -
[Does firejail improve the security of my system?](https://github.com/netblue30/firejail/discussions/4601)
- [Systemd/Hardening](https://wiki.nixos.org/wiki/Systemd/Hardening): Systemd also provides some
sandboxing features.
## NOTE
**Running untrusted code is never safe, kernel hardening & sandboxing cannot change this**.
If you want to run untrusted code, please use a VM & an isolated network environment, which will
provide a much higher level of security.
## References
- [Harden your NixOS workstation - dataswamp](https://dataswamp.org/~solene/2022-01-13-nixos-hardened.html)
- [Linux Insecurities - Madaidans](https://madaidans-insecurities.github.io/linux.html)
- [Sandboxing all programs by default - NixOS Discourse](https://discourse.nixos.org/t/sandboxing-all-programs-by-default/7792)
- [Paranoid NixOS Setup - xeiaso](https://xeiaso.net/blog/paranoid-nixos-2021-07-18/)
- [nix-mineral](https://github.com/cynicsketch/nix-mineral): NixOS module for convenient system
hardening.
- apparmor configs:
- https://github.com/zramctl/dotfiles/blob/4fe177f6984154960942bb47d5a375098ec6ed6a/modules/nixos/security/apparmor.nix#L4
- https://git.grimmauld.de/Grimmauld/grimm-nixos-laptop/src/branch/main/hardening
- Others:
- Directly via `buildFHSUserEnvBubblewrap`:
hardening/apparmor/default.nix
-59
View File
@@ -1,59 +0,0 @@
{
config,
pkgs,
...
}:
{
services.dbus.apparmor = "enabled";
security.apparmor = {
enable = true;
# kill process that are not confined but have apparmor profiles enabled
killUnconfinedConfinables = true;
packages = with pkgs; [
apparmor-utils
apparmor-profiles
];
# apparmor policies
policies = {
"default_deny" = {
enforce = false;
enable = false;
profile = ''
profile default_deny /** { }
'';
};
"sudo" = {
enforce = false;
enable = false;
profile = ''
${pkgs.sudo}/bin/sudo {
file /** rwlkUx,
}
'';
};
"nix" = {
enforce = false;
enable = false;
profile = ''
${config.nix.package}/bin/nix {
unconfined,
}
'';
};
};
};
environment.systemPackages = with pkgs; [
apparmor-bin-utils
apparmor-profiles
apparmor-parser
libapparmor
apparmor-kernel-patches
apparmor-pam
apparmor-utils
];
}
hardening/bwraps/default.nix
-9
View File
@@ -1,9 +0,0 @@
{
nixpkgs.overlays = [
(_: super: {
bwraps = {
wechat = super.callPackage ./wechat.nix { };
};
})
];
}
hardening/bwraps/wechat.nix
-101
View File
@@ -1,101 +0,0 @@
# - wechat's flatpak manifest: https://github.com/flathub/com.tencent.WeChat/blob/master/com.tencent.WeChat.yaml
# Refer:
# - Flatpak manifest's docs:
# - https://docs.flatpak.org/en/latest/manifests.html
# - https://docs.flatpak.org/en/latest/sandbox-permissions.html
#
# TODO Since appimageTools.wrapAppImage do not support overriding, I have to pack this package myself.
# https://github.com/NixOS/nixpkgs/pull/358977
{
appimageTools,
fetchurl,
stdenvNoCC,
}:
let
pname = "wechat";
# https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/we/wechat/package.nix
sources = {
aarch64-linux = {
version = "4.1.0.13";
src = fetchurl {
# url = "https://web.archive.org/web/20251209092116if_/https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_arm64.AppImage";
url = "https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_arm64.AppImage";
hash = "sha256-/d5crM6IGd0k0fSlBSQx4TpIVX/8iib+an0VMkWMNdw=";
};
};
x86_64-linux = {
version = "4.1.0.13";
src = fetchurl {
# url = "https://web.archive.org/web/20251219062558if_/https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_x86_64.AppImage";
url = "https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_x86_64.AppImage";
hash = "sha256-+r5Ebu40GVGG2m2lmCFQ/JkiDsN/u7XEtnLrB98602w=";
};
};
};
inherit (stdenvNoCC.hostPlatform) system;
inherit (sources.${system} or (throw "Unsupported system: ${system}")) version src;
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/we/wechat/linux.nix
appimageContents = appimageTools.extract {
inherit pname version src;
postExtract = ''
patchelf --replace-needed libtiff.so.5 libtiff.so $out/opt/wechat/wechat
'';
};
in
appimageTools.wrapAppImage {
inherit pname version;
src = appimageContents;
extraInstallCommands = ''
mkdir -p $out/share/applications
cp ${appimageContents}/wechat.desktop $out/share/applications/
mkdir -p $out/share/pixmaps
cp ${appimageContents}/wechat.png $out/share/pixmaps/
substituteInPlace $out/share/applications/wechat.desktop --replace-fail AppRun wechat
'';
# Add these root paths to FHS sandbox to prevent WeChat from accessing them by default
# Adapted from https://aur.archlinux.org/cgit/aur.git/tree/wechat-universal.sh?h=wechat-universal-bwrap
extraPreBwrapCmds = ''
XDG_DOCUMENTS_DIR="''${XDG_DOCUMENTS_DIR:-$(xdg-user-dir DOCUMENTS)}"
if [[ -z "''${XDG_DOCUMENTS_DIR}" ]]; then
echo 'Error: Failed to get XDG_DOCUMENTS_DIR, refuse to continue'
exit 1
fi
WECHAT_DATA_DIR="''${XDG_DOCUMENTS_DIR}/WeChat_Data"
# Using ''${WECHAT_DATA_DIR} as Wechat Data folder
WECHAT_HOME_DIR="''${WECHAT_DATA_DIR}/home"
WECHAT_FILES_DIR="''${WECHAT_DATA_DIR}/xwechat_files"
mkdir -p "''${WECHAT_FILES_DIR}"
mkdir -p "''${WECHAT_HOME_DIR}"
ln -snf "''${WECHAT_FILES_DIR}" "''${WECHAT_HOME_DIR}/xwechat_files"
'';
extraBwrapArgs = [
"--tmpfs /home"
"--tmpfs /root"
# format: --bind <host-path> <sandbox-path>
"--bind \${WECHAT_HOME_DIR} \${HOME}"
"--bind \${WECHAT_FILES_DIR} \${WECHAT_FILES_DIR}"
"--chdir \${HOME}"
# wechat-universal only supports xcb
"--setenv QT_QPA_PLATFORM xcb"
"--setenv QT_AUTO_SCREEN_SCALE_FACTOR 1"
# use fcitx as IME
"--setenv QT_IM_MODULE fcitx"
"--setenv GTK_IM_MODULE fcitx"
];
chdirToPwd = false;
unshareNet = false;
unshareIpc = true;
unsharePid = true;
unshareUts = true;
unshareCgroup = true;
privateTmp = true;
}
hardening/nixpaks/default.nix
-31
View File
@@ -1,31 +0,0 @@
{
pkgs,
pkgs-master,
nixpak,
...
}:
let
callArgs = {
mkNixPak = nixpak.lib.nixpak {
inherit (pkgs) lib;
inherit pkgs;
};
safeBind = sloth: realdir: mapdir: [
(sloth.mkdir (sloth.concat' sloth.appDataDir realdir))
(sloth.concat' sloth.homeDir mapdir)
];
};
wrapper = _pkgs: path: (_pkgs.callPackage path callArgs);
in
{
# Add nixpaked Apps into nixpkgs, and reference them in home-manager or other nixos modules
nixpkgs.overlays = [
(_: super: {
nixpaks = {
qq = wrapper pkgs-master ./qq.nix;
telegram-desktop = wrapper super ./telegram-desktop.nix;
firefox = wrapper super ./firefox.nix;
};
})
];
}
hardening/nixpaks/firefox.nix
-127
View File
@@ -1,127 +0,0 @@
# Refer:
# - Flatpak manifest's docs:
# - https://docs.flatpak.org/en/latest/manifests.html
# - https://docs.flatpak.org/en/latest/sandbox-permissions.html
# - Firefox's flatpak manifest: https://hg.mozilla.org/mozilla-central/file/tip/taskcluster/docker/firefox-flatpak/runme.sh#l151
{
lib,
firefox,
mkNixPak,
buildEnv,
makeDesktopItem,
...
}:
let
appId = "org.mozilla.firefox";
wrapped = mkNixPak {
config =
{
config,
sloth,
...
}:
{
app = {
package = firefox;
binPath = "bin/firefox";
};
flatpak.appId = appId;
imports = [
./modules/gui-base.nix
./modules/network.nix
./modules/common.nix
];
bubblewrap = {
# To trace all the home files Firefox accesses, you can use the following nushell command:
# just trace-access firefox
# See the Justfile in the root of this repository for more information.
bind.rw = [
# given the read write permission to the following directories.
# NOTE: sloth.mkdir is used to create the directory if it does not exist!
(sloth.mkdir (sloth.concat' sloth.homeDir "/.mozilla"))
sloth.xdgDocumentsDir
sloth.xdgDownloadDir
sloth.xdgMusicDir
sloth.xdgVideosDir
sloth.xdgPicturesDir
];
bind.ro = [
"/sys/bus/pci"
[
"${config.app.package}/lib/firefox"
"/app/etc/firefox"
]
# ================ for browserpass extension ===============================
"/etc/gnupg"
(sloth.concat' sloth.homeDir "/.gnupg") # gpg's config
(sloth.concat' sloth.homeDir "/.local/share/password-store") # my secrets
(sloth.concat' sloth.runtimeDir "/gnupg") # for access gpg-agent socket
# Unsure
(sloth.concat' sloth.xdgConfigHome "/dconf")
];
sockets = {
x11 = false;
wayland = true;
pipewire = true;
};
};
};
};
exePath = lib.getExe wrapped.config.script;
in
buildEnv {
inherit (wrapped.config.script) name meta passthru;
paths = [
wrapped.config.script
(makeDesktopItem {
name = appId;
desktopName = "Firefox";
genericName = "Firefox Boxed";
comment = "Firefox Browser";
exec = "${exePath} %U";
terminal = false;
icon = "firefox";
startupNotify = true;
startupWMClass = "firefox";
type = "Application";
categories = [
"Network"
"WebBrowser"
];
mimeTypes = [
"text/html"
"text/xml"
"application/xhtml+xml"
"application/vnd.mozilla.xul+xml"
"x-scheme-handler/http"
"x-scheme-handler/https"
];
actions = {
new-private-window = {
name = "New Private Window";
exec = "${exePath} --private-window %U";
};
new-window = {
name = "New Window";
exec = "${exePath} --new-window %U";
};
profile-manager-window = {
name = "Profile Manager";
exec = "${exePath} --ProfileManager";
};
};
extraConfig = {
X-Flatpak = appId;
};
})
];
}
hardening/nixpaks/modules/common.nix
-234
View File
@@ -1,234 +0,0 @@
# https://github.com/mnixry/nixos-config/blob/74913c2b90d06e31170bbbaa0074f915721da224/desktop/packages/nixpaks-common.nix
# https://github.com/Kraftland/portable/blob/09c4a4227538a3f42de208a6ecbdc938ac9c00dd/portable.sh
# https://flatpak.github.io/xdg-desktop-portal/docs/api-reference.html
{
lib,
sloth,
config,
...
}:
let
inherit (config.flatpak) appId;
in
{
config = {
# list all dbus services:
# ls -al /run/current-system/sw/share/dbus-1/services/
# ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
dbus = {
# `--see`: The bus name can be enumerated by the application.
# `--talk`: The application can send messages to, and receive replies and signals from, the bus name.
# `--own`: The application can own the bus name
policies = {
"${appId}" = "own";
"${appId}.*" = "own";
"org.freedesktop.DBus" = "talk";
"ca.desrt.dconf" = "talk";
"org.freedesktop.appearance" = "talk";
"org.freedesktop.appearance.*" = "talk";
}
// (builtins.listToAttrs (
map (id: lib.nameValuePair "org.kde.StatusNotifierItem-${toString id}-1" "own") (
lib.lists.range 2 29
)
))
// {
# --- MPRIS Media Control ---
# Allows the app to register as a media player. These are derived from the appID.
"org.mpris.MediaPlayer2.${appId}" = "own";
"org.mpris.MediaPlayer2.${appId}.*" = "own";
"org.mpris.MediaPlayer2.${lib.lists.last (lib.strings.splitString "." appId)}" = "own";
"org.mpris.MediaPlayer2.${lib.lists.last (lib.strings.splitString "." appId)}.*" = "own";
# --- General Desktop Integration ---
"com.canonical.AppMenu.Registrar" = "talk"; # For Ubuntu AppMenu
"org.freedesktop.FileManager1" = "talk";
"org.freedesktop.Notifications" = "talk";
"org.kde.StatusNotifierWatcher" = "talk";
"org.gnome.Shell.Screencast" = "talk";
# --- Accessibility (a11y) 无障碍服务 ---
"org.a11y.Bus" = "see";
# --- Portal Access ---
# "org.freedesktop.portal.*" = "talk";
"org.freedesktop.portal.Documents" = "talk";
"org.freedesktop.portal.FileTransfer" = "talk";
"org.freedesktop.portal.FileTransfer.*" = "talk";
"org.freedesktop.portal.Notification" = "talk";
"org.freedesktop.portal.OpenURI" = "talk";
"org.freedesktop.portal.OpenURI.OpenFile" = "talk";
"org.freedesktop.portal.OpenURI.OpenURI" = "talk";
"org.freedesktop.portal.Print" = "talk";
"org.freedesktop.portal.Request" = "see";
# --- Input Method Portals ---
"org.freedesktop.portal.Fcitx" = "talk";
"org.freedesktop.portal.Fcitx.*" = "talk";
"org.freedesktop.portal.IBus" = "talk";
"org.freedesktop.portal.IBus.*" = "talk";
};
# '--call' rules permit specific method calls on D-Bus interfaces.
rules.call = {
# --- Accessibility (a11y) 无障碍服务 ---
"org.a11y.Bus" = [
"org.a11y.Bus.GetAddress@/org/a11y/bus"
"org.freedesktop.DBus.Properties.Get@/org/a11y/bus"
];
# --- General Portal Rules ---
"org.freedesktop.FileManager1" = [ "*" ];
"org.freedesktop.Notifications.*" = [ "*" ];
"org.freedesktop.portal.Documents" = [ "*" ];
"org.freedesktop.portal.FileTransfer" = [ "*" ];
"org.freedesktop.portal.FileTransfer.*" = [ "*" ];
"org.freedesktop.portal.Fcitx" = [ "*" ];
"org.freedesktop.portal.Fcitx.*" = [ "*" ];
"org.freedesktop.portal.IBus" = [ "*" ];
"org.freedesktop.portal.IBus.*" = [ "*" ];
"org.freedesktop.portal.Notification" = [ "*" ];
"org.freedesktop.portal.OpenURI" = [ "*" ];
"org.freedesktop.portal.OpenURI.OpenFile" = [ "*" ];
"org.freedesktop.portal.OpenURI.OpenURI" = [ "*" ];
"org.freedesktop.portal.Print" = [ "*" ];
"org.freedesktop.portal.Request" = [ "*" ];
# --- Main Desktop Portal Interface ---
# A comprehensive list of permissions for interacting with the desktop environment.
"org.freedesktop.portal.Desktop" = [
# Properties & Settings
"org.freedesktop.DBus.Properties.GetAll"
"org.freedesktop.DBus.Properties.Get@/org/freedesktop/portal/desktop"
"org.freedesktop.portal.Session.Close"
"org.freedesktop.portal.Settings.ReadAll"
"org.freedesktop.portal.Settings.Read"
"org.freedesktop.portal.Account.GetUserInformation"
# Network & Proxy
"org.freedesktop.portal.NetworkMonitor"
"org.freedesktop.portal.NetworkMonitor.*"
"org.freedesktop.portal.ProxyResolver.Lookup"
"org.freedesktop.portal.ProxyResolver.Lookup.*"
# Screenshot / Screen Capture & Sharing
"org.freedesktop.portal.ScreenCast"
"org.freedesktop.portal.ScreenCast.*"
"org.freedesktop.portal.Screenshot"
"org.freedesktop.portal.Screenshot.Screenshot"
# Device Access(Camera / USB)
"org.freedesktop.portal.Camera"
"org.freedesktop.portal.Camera.*"
"org.freedesktop.portal.Usb"
"org.freedesktop.portal.Usb.*"
# Remote Desktop
"org.freedesktop.portal.RemoteDesktop"
"org.freedesktop.portal.RemoteDesktop.*"
# File Operations
"org.freedesktop.portal.Documents"
"org.freedesktop.portal.Documents.*"
"org.freedesktop.portal.FileChooser"
"org.freedesktop.portal.FileChooser.*"
"org.freedesktop.portal.FileTransfer"
"org.freedesktop.portal.FileTransfer.*"
# Notifications & Printing
"org.freedesktop.portal.Notification"
"org.freedesktop.portal.Notification.*"
"org.freedesktop.portal.Print"
"org.freedesktop.portal.Print.*"
# Open/Launch Handlers
"org.freedesktop.portal.OpenURI"
"org.freedesktop.portal.OpenURI.*"
"org.freedesktop.portal.Email.ComposeEmail"
# Input Methods
"org.freedesktop.portal.Fcitx"
"org.freedesktop.portal.Fcitx.*"
"org.freedesktop.portal.IBus"
"org.freedesktop.portal.IBus.*"
# Secrets (Keyring)
"org.freedesktop.portal.Secret"
"org.freedesktop.portal.Secret.RetrieveSecret"
# Get/Update GlobalShortcuts
# "org.freedesktop.portal.GlobalShortcuts"
# "org.freedesktop.portal.GlobalShortcuts.*"
# -- get the user's location
# "org.freedesktop.portal.Location"
# "org.freedesktop.portal.Location.*"
# -- inhibit the user session from ending, suspending, idling or getting switched away.
"org.freedesktop.portal.Inhibit"
"org.freedesktop.portal.Inhibit.*"
# Generic Request Fallback
"org.freedesktop.portal.Request"
];
};
# 'broadcast' rules permit receiving signals from D-Bus names.
rules.broadcast = {
"org.freedesktop.portal.*" = [ "@/org/freedesktop/portal/*" ];
};
args = [
"--filter"
"--sloppy-names"
"--log"
];
};
etc.sslCertificates.enable = true;
bubblewrap = {
network = lib.mkDefault true;
sockets = {
wayland = true;
pulse = true;
};
bind.rw = with sloth; [
[
(mkdir appDataDir)
xdgDataHome
]
[
(mkdir appConfigDir)
xdgConfigHome
]
[
(mkdir appCacheDir)
xdgCacheHome
]
(sloth.concat [
sloth.runtimeDir
"/"
(sloth.envOr "WAYLAND_DISPLAY" "no")
])
(sloth.concat' sloth.runtimeDir "/at-spi/bus")
(sloth.concat' sloth.runtimeDir "/gvfsd")
(sloth.concat' sloth.runtimeDir "/dconf")
(sloth.concat' sloth.xdgCacheHome "/fontconfig")
(sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache")
(sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache_db")
(sloth.concat' sloth.xdgCacheHome "/radv_builtin_shaders")
];
bind.ro = [
(sloth.concat' sloth.runtimeDir "/doc")
(sloth.concat' sloth.xdgConfigHome "/kdeglobals")
(sloth.concat' sloth.xdgConfigHome "/gtk-2.0")
(sloth.concat' sloth.xdgConfigHome "/gtk-3.0")
(sloth.concat' sloth.xdgConfigHome "/gtk-4.0")
(sloth.concat' sloth.xdgConfigHome "/fontconfig")
(sloth.concat' sloth.xdgConfigHome "/dconf")
];
bind.dev = [ "/dev/shm" ] ++ (map (id: "/dev/video${toString id}") (lib.lists.range 0 9));
};
};
}
hardening/nixpaks/modules/gui-base.nix
-102
View File
@@ -1,102 +0,0 @@
# https://github.com/nixpak/pkgs/blob/master/pkgs/modules/gui-base.nix
{
config,
lib,
pkgs,
sloth,
...
}:
let
envSuffix = envKey: suffix: sloth.concat' (sloth.env envKey) suffix;
# cursor & icon's theme should be the same as the host's one.
cursorTheme = pkgs.bibata-cursors;
iconTheme = pkgs.papirus-icon-theme;
in
{
config = {
dbus.policies = {
"${config.flatpak.appId}" = "own";
# we add other policies in ./common.nix
};
# https://github.com/nixpak/nixpak/blob/master/modules/gpu.nix
# 1. bind readonly - /run/opengl-driver
# 2. bind device - /dev/dri
gpu = {
enable = lib.mkDefault true;
provider = "nixos";
bundlePackage = pkgs.mesa.drivers; # for amd & intel
};
# https://github.com/nixpak/nixpak/blob/master/modules/gui/fonts.nix
# it works not well, bind system's /etc/fonts directly instead
fonts.enable = false;
# https://github.com/nixpak/nixpak/blob/master/modules/locale.nix
locale.enable = true;
bubblewrap = {
network = lib.mkDefault false;
bind.rw = [
[
(envSuffix "HOME" "/.var/app/${config.flatpak.appId}/cache")
sloth.xdgCacheHome
]
(sloth.concat' sloth.xdgCacheHome "/fontconfig")
(sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache")
(sloth.concat [
(sloth.env "XDG_RUNTIME_DIR")
"/"
(sloth.envOr "WAYLAND_DISPLAY" "no")
])
(envSuffix "XDG_RUNTIME_DIR" "/at-spi/bus")
(envSuffix "XDG_RUNTIME_DIR" "/gvfsd")
(envSuffix "XDG_RUNTIME_DIR" "/pulse")
"/run/dbus"
];
bind.ro = [
(envSuffix "XDG_RUNTIME_DIR" "/doc")
(sloth.concat' sloth.xdgConfigHome "/gtk-2.0")
(sloth.concat' sloth.xdgConfigHome "/gtk-3.0")
(sloth.concat' sloth.xdgConfigHome "/gtk-4.0")
(sloth.concat' sloth.xdgConfigHome "/fontconfig")
"/etc/fonts" # for fontconfig
"/etc/localtime" # this is a symlink to /etc/zoneinfo/xxx
"/etc/zoneinfo"
# Fix: libEGL warning: egl: failed to create dri2 screen
"/etc/egl"
"/etc/static/egl"
];
bind.dev = [
"/dev/shm" # Shared Memory
# seems required when using nvidia as primary gpu
"/dev/nvidia0"
"/dev/nvidiactl"
"/dev/nvidia-modeset"
"/dev/nvidia-uvm"
];
tmpfs = [
"/tmp"
];
env = {
XDG_DATA_DIRS = lib.mkForce (
lib.makeSearchPath "share" [
iconTheme
cursorTheme
pkgs.shared-mime-info
]
);
XCURSOR_PATH = lib.mkForce (
lib.concatStringsSep ":" [
"${cursorTheme}/share/icons"
"${cursorTheme}/share/pixmaps"
]
);
};
};
};
}
hardening/nixpaks/modules/network.nix
-8
View File
@@ -1,8 +0,0 @@
# https://github.com/nixpak/pkgs/blob/master/pkgs/modules/network.nix
{
etc.sslCertificates.enable = true;
bubblewrap = {
bind.ro = [ "/etc/resolv.conf" ];
network = true;
};
}
hardening/nixpaks/qq.nix
-79
View File
@@ -1,79 +0,0 @@
# Refer:
# - Flatpak manifest's docs:
# - https://docs.flatpak.org/en/latest/manifests.html
# - https://docs.flatpak.org/en/latest/sandbox-permissions.html
# - QQ's flatpak manifest: https://github.com/flathub/com.qq.QQ/blob/master/com.qq.QQ.yaml
{
lib,
qq,
mkNixPak,
buildEnv,
makeDesktopItem,
...
}:
let
appId = "com.qq.QQ";
wrapped = mkNixPak {
config =
{ sloth, ... }:
{
app = {
package = qq;
binPath = "bin/qq";
};
flatpak.appId = appId;
imports = [
./modules/gui-base.nix
./modules/network.nix
./modules/common.nix
];
bubblewrap = {
# To trace all the home files QQ accesses, you can use the following nushell command:
# just trace-access qq
# See the Justfile in the root of this repository for more information.
bind.rw = [
sloth.xdgDocumentsDir
sloth.xdgDownloadDir
sloth.xdgMusicDir
sloth.xdgVideosDir
sloth.xdgPicturesDir
];
sockets = {
x11 = false;
wayland = true;
pipewire = true;
};
};
};
};
exePath = lib.getExe wrapped.config.script;
in
buildEnv {
inherit (wrapped.config.script) name meta passthru;
paths = [
wrapped.config.script
(makeDesktopItem {
name = appId;
desktopName = "QQ";
genericName = "QQ Boxed";
comment = "Tencent QQ, also known as QQ, is an instant messaging software service and web portal developed by the Chinese technology company Tencent.";
exec = "${exePath} %U";
terminal = false;
icon = "${qq}/share/icons/hicolor/512x512/apps/qq.png";
startupNotify = true;
startupWMClass = "QQ";
type = "Application";
categories = [
"InstantMessaging"
"Network"
];
extraConfig = {
X-Flatpak = appId;
};
})
];
}
hardening/nixpaks/telegram-desktop.nix
-101
View File
@@ -1,101 +0,0 @@
{
lib,
telegram-desktop,
buildEnv,
mkNixPak,
makeDesktopItem,
...
}:
let
appId = "org.telegram.desktop";
wrapped = mkNixPak {
config =
{ sloth, ... }:
{
imports = [
./modules/gui-base.nix
./modules/network.nix
./modules/common.nix
];
app.package = telegram-desktop;
flatpak = {
appId = appId;
};
dbus = {
enable = true;
policies = {
"com.canonical.indicator.application" = "talk";
"org.ayatana.indicator.application" = "talk";
"org.sigxcpu.Feedback" = "talk";
};
};
bubblewrap = {
bind.rw = [
sloth.xdgDocumentsDir
sloth.xdgDownloadDir
sloth.xdgMusicDir
sloth.xdgVideosDir
sloth.xdgPicturesDir
];
sockets = {
x11 = false;
wayland = true;
pipewire = true;
};
};
};
};
exePath = lib.getExe wrapped.config.script;
in
buildEnv {
inherit (wrapped.config.script) name meta passthru;
paths = [
wrapped.config.script
(makeDesktopItem {
name = appId;
desktopName = "Telegram";
comment = "New era of messaging";
tryExec = "${exePath}";
exec = "${exePath} -- %u";
icon = appId;
startupNotify = true;
startupWMClass = appId;
terminal = false;
type = "Application";
categories = [
"Chat"
"Network"
"InstantMessaging"
"Qt"
];
mimeTypes = [
"x-scheme-handler/tg"
"x-scheme-handler/tonsite"
];
keywords = [
"tg"
"chat"
"im"
"messaging"
"messenger"
"sms"
"tdesktop"
];
actions = {
quit = {
name = "Quit Telegram";
exec = "${exePath} -quit";
icon = "application-exit";
};
};
extraConfig = {
X-Flatpak = appId;
DBusActivatable = "true";
SingleMainWindow = "true";
X-GNOME-UsesNotifications = "true";
X-GNOME-SingleWindow = "true";
};
})
];
}
hardening/profiles/default.nix
-10
View File
@@ -1,10 +0,0 @@
{ modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/hardened.nix")
];
# disable coredump that could be exploited later
# and also slow down the system when something crash
systemd.coredump.enable = false;
}
home/README.md
-48
View File
@@ -1,48 +0,0 @@
# Home Manager's Submodules
This directory contains all Home Manager configurations organized by platform and functionality.
## Current Structure
```
home/
├── base/ # Cross-platform home manager configurations
│ ├── core/ # Essential applications and settings
│ │ ├── editors/ # Editor configurations (Neovim, Helix)
│ │ ├── shells/ # Shell configurations (Nushell, Zellij)
│ │ └── ...
│ ├── gui/ # GUI applications and desktop settings
│ │ ├── terminal/ # Terminal emulators (Kitty, Alacritty, etc.)
│ │ └── ...
│ ├── tui/ # Terminal/TUI applications
│ │ ├── editors/ # TUI editors and related tools
│ │ ├── encryption/ # GPG, password-store, etc.
│ │ └── ...
│ └── home.nix # Main home manager entry point
├── linux/ # Linux-specific home manager configurations
│ ├── base/ # Linux base configurations
│ ├── gui/ # Linux GUI applications
│ │ ├── niri/ # Niri window manager
│ │ └── ...
│ ├── editors/ # Linux-specific editors
│ └── ...
└── darwin/ # macOS-specific home manager configurations
├── aerospace/ # macOS window manager
├── proxy/ # Proxy configurations
└── ...
```
## Module Overview
1. **base**: The base module suitable for both Linux and macOS
- Cross-platform applications and settings
- Shared configurations for editors, shells, and essential tools
2. **linux**: Linux-specific configuration
- Desktop environments (Noctalia Shell, Niri compositor)
- Linux-specific GUI applications
- System integration tools
3. **darwin**: macOS-specific configuration
- macOS applications and services
- Platform-specific integrations (Aerospace, Squirrel, etc.)
home/base/README.md
-66
View File
@@ -1,66 +0,0 @@
# Home Manager's Base Submodules
This directory contains cross-platform base configurations that are shared between Linux and Darwin
systems.
## Configuration Structure
### Core System
- **core/**: Essential cross-platform configurations
- **core.nix**: Minimal home-manager configuration
- **shells/**: Shell configurations (bash, zsh, fish, nu)
- **editors/**: Text editor configurations
- **neovim/**: Neovim with custom plugins and settings
- **helix/**: Helix editor configuration
- **btop.nix**: System monitoring tools
- **git.nix**: Git configuration and aliases
- **npm.nix**: Node.js package management
- **pip.nix**: Python package management
- **starship.nix**: Cross-shell prompt configuration
- **theme.nix**: Color schemes and theming
- **yazi.nix**: Terminal file manager configuration
- **zellij/**: Terminal multiplexer with custom layouts
### Desktop Environment
- **gui/**: Cross-platform GUI applications and configurations
- **dev-tools.nix**: Development tools and IDEs
- **media.nix**: Media players and utilities
- **terminal/**: Terminal emulator configurations
- **alacritty/**: Alacritty terminal
- **kitty/**: Kitty terminal
- **foot/**: Foot terminal (Linux)
- **ghostty/**: Ghostty terminal
### Terminal Interface
- **tui/**: Terminal-based interface configurations
- **cloud/**: Cloud development tools (Terraform, etc.)
- **container.nix**: Container tools (Docker, Podman)
- **dev-tools.nix**: Terminal-based development tools
- **editors/**: Terminal editor configurations
- **encryption/**: Encryption and security tools
- **gpg/**: GPG key management
- **password-store/**: Password management with pass
- **shell.nix**: Shell environment configurations
- **ssh/**: SSH configuration and management
- **zellij/**: Terminal workspace management
### System Management
- **home.nix**: Main home manager configuration file
## Platform Compatibility
All configurations in this directory are designed to work across:
- **Linux**: All distributions with Nix and Home Manager
- **macOS**: Darwin systems with Home Manager
- **WSL**: Windows Subsystem for Linux
## Usage
These base configurations provide the foundation for both Linux and Darwin systems, ensuring
consistent environments across different platforms while allowing for platform-specific
customizations.
home/base/core/btop.nix
-9
View File
@@ -1,9 +0,0 @@
{
# replacement of htop/nmon
programs.btop = {
enable = true;
settings = {
theme_background = false; # make btop transparent
};
};
}
home/base/core/core.nix
-99
View File
@@ -1,99 +0,0 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
# nix related
#
# it provides the command `nom` works just like `nix
# with more details log output
nix-output-monitor
hydra-check # check hydra(nix's build farm) for the build status of a package
nix-index # A small utility to index nix store paths
nix-init # generate nix derivation from url
# https://github.com/nix-community/nix-melt
nix-melt # A TUI flake.lock viewer
# https://github.com/utdemir/nix-tree
nix-tree # A TUI to visualize the dependency graph of a nix derivation
# misc
cowsay
gnupg
caddy # A webserver with automatic HTTPS via Let's Encrypt(replacement of nginx)
# A fast and polyglot tool for code searching, linting, rewriting at large scale
# supported languages: only some mainstream languages currently(do not support nix/nginx/yaml/toml/...)
ast-grep
# other core cli tools are installed at system-level
];
# A modern replacement for ls
# useful in bash/zsh prompt, not in nushell.
programs.eza = {
enable = true;
# do not enable aliases in nushell!
enableNushellIntegration = false;
git = true;
icons = "auto";
};
# a cat(1) clone with syntax highlighting and Git integration.
programs.bat = {
enable = true;
config = {
pager = "less -FR";
};
};
# A command-line fuzzy finder
programs.fzf.enable = true;
# very fast version of tldr in Rust
programs.tealdeer = {
enable = true;
enableAutoUpdates = true;
settings = {
display = {
compact = false;
use_pager = true;
};
updates = {
auto_update = false;
auto_update_interval_hours = 720;
};
};
};
# zoxide is a smarter cd command, inspired by z and autojump.
# It remembers which directories you use most frequently,
# so you can "jump" to them in just a few keystrokes.
# zoxide works on all major shells.
#
# z foo # cd into highest ranked directory matching foo
# z foo bar # cd into highest ranked directory matching foo and bar
# z foo / # cd into a subdirectory starting with foo
#
# z ~/foo # z also works like a regular cd command
# z foo/ # cd into relative path
# z .. # cd one level up
# z - # cd into previous directory
#
# zi foo # cd with interactive selection (using fzf)
#
# z foo<SPACE><TAB> # show interactive completions (zoxide v0.8.0+, bash 4.4+/fish/zsh only)
programs.zoxide = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
enableNushellIntegration = true;
};
# Atuin replaces your existing shell history with a SQLite database,
# and records additional context for your commands.
# Additionally, it provides optional and fully encrypted
# synchronisation of your history between machines, via an Atuin server.
programs.atuin = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
enableNushellIntegration = true;
};
}
home/base/core/default.nix
-4
View File
@@ -1,4 +0,0 @@
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}
home/base/core/editors/README.md
-10
View File
@@ -1,10 +0,0 @@
# Editors
This directory contains editor configurations that are shared across different environments.
## Available Editors
- **neovim/**: Neovim configuration with AstroNvim
- **helix/**: Helix editor configuration
These configurations are designed to work across both terminal and GUI environments.
home/base/core/editors/default.nix
-4
View File
@@ -1,4 +0,0 @@
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}
home/base/core/editors/helix/default.nix
-4
View File
@@ -1,4 +0,0 @@
{ pkgs, ... }:
{
programs.helix.enable = true;
}
home/base/core/editors/neovim/default.nix
-11
View File
@@ -1,11 +0,0 @@
{ pkgs, ... }:
{
programs = {
neovim = {
enable = true;
viAlias = true;
vimAlias = true;
};
};
}
home/base/core/git.nix
-128
View File
@@ -1,128 +0,0 @@
{
config,
lib,
pkgs,
myvars,
...
}:
{
# `programs.git` will generate the config file: ~/.config/git/config
# to make git use this config file, `~/.gitconfig` should not exist!
#
# https://git-scm.com/docs/git-config#Documentation/git-config.txt---global
home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore [ "checkLinkTargets" ] ''
rm -f ${config.home.homeDirectory}/.gitconfig
'';
# GitHub CLI tool
# https://cli.github.com/manual/
programs.gh = {
enable = true;
settings = {
git_protocol = "ssh";
prompt = "enabled";
aliases = {
co = "pr checkout";
pv = "pr view";
};
};
hosts = {
"github.com" = {
"users" = {
"ryan4yin" = null;
};
"user" = "ryan4yin";
};
};
};
programs.git = {
enable = true;
lfs.enable = true;
# signing = {
# key = "xxx";
# signByDefault = true;
# };
includes = [
{
# use different email & name for work:
#
# [user]
# email = "xxx@xxx.com"
# name = "Ryan Yin"
path = "~/work/.gitconfig";
condition = "gitdir:~/work/";
}
];
settings = {
user.email = myvars.useremail;
user.name = myvars.userfullname;
init.defaultBranch = "main";
trim.bases = "develop,master,main"; # for git-trim
push.autoSetupRemote = true;
pull.rebase = true;
log.date = "iso"; # use iso format for date
# replace https with ssh
url = {
"ssh://git@github.com/ryan4yin" = {
insteadOf = "https://github.com/ryan4yin";
};
# "ssh://git@bitbucket.com/ryan4yin" = {
# insteadOf = "https://bitbucket.com/ryan4yin";
# };
};
alias = {
# common aliases
br = "branch";
co = "checkout";
st = "status";
ls = "log --pretty=format:\"%C(yellow)%h%Cred%d\\\\ %Creset%s%Cblue\\\\ [%cn]\" --decorate";
ll = "log --pretty=format:\"%C(yellow)%h%Cred%d\\\\ %Creset%s%Cblue\\\\ [%cn]\" --decorate --numstat";
cm = "commit -m"; # commit via `git cm <message>`
ca = "commit -am"; # commit all changes via `git ca <message>`
dc = "diff --cached";
amend = "commit --amend -m"; # amend commit message via `git amend <message>`
unstage = "reset HEAD --"; # unstage file via `git unstage <file>`
merged = "branch --merged"; # list merged(into HEAD) branches via `git merged`
unmerged = "branch --no-merged"; # list unmerged(into HEAD) branches via `git unmerged`
nonexist = "remote prune origin --dry-run"; # list non-exist(remote) branches via `git nonexist`
# delete merged branches except master & dev & staging
# `!` indicates it's a shell script, not a git subcommand
delmerged = ''! git branch --merged | egrep -v "(^\*|main|master|dev|staging)" | xargs git branch -d'';
# delete non-exist(remote) branches
delnonexist = "remote prune origin";
# aliases for submodule
update = "submodule update --init --recursive";
foreach = "submodule foreach";
};
};
};
# A syntax-highlighting pager for git, diff, grep, and blame output
programs.delta = {
enable = true;
enableGitIntegration = true;
options = {
diff-so-fancy = true;
line-numbers = true;
true-color = "always";
# features => named groups of settings, used to keep related settings organized
# features = "";
};
};
# Git terminal UI (written in go).
programs.lazygit.enable = true;
# Yet another Git TUI (written in rust).
programs.gitui.enable = false;
}
home/base/core/npm.nix
-10
View File
@@ -1,10 +0,0 @@
{ config, ... }:
{
# make `npm install -g <pkg>` happey
#
# mainly used to install npm packages that updates frequently
# such as gemini-cli, claude-code, etc.
home.file.".npmrc".text = ''
prefix=${config.home.homeDirectory}/.npm
'';
}
home/base/core/pip.nix
-19
View File
@@ -1,19 +0,0 @@
_: {
# use mirror for pip install
xdg.configFile."pip/pip.conf".text = ''
[global]
index-url = https://mirror.nju.edu.cn/pypi/web/simple
format = columns
'';
# xdg.configFile."pip/pip.conf".text = ''
# [global]
# index-url = https://mirror.nju.edu.cn/pypi/web/simple
# format = columns
# '';
# xdg.configFile."pip/pip.conf".text = ''
# [global]
# index-url = https://mirrors.bfsu.edu.cn/pypi/web/simple
# '';
}
home/base/core/shells/config.nu
-175
View File
@@ -1,175 +0,0 @@
# Based on the default config generated by:
# ```
# config nu --default
# ```
#
# Nushell Config File Documentation
#
# Warning: This file is intended for documentation purposes only and
# is not intended to be used as an actual configuration file as-is.
#
# version = "0.103.0"
#
# A `config.nu` file is used to override default Nushell settings,
# define (or import) custom commands, or run any other startup tasks.
# See https://www.nushell.sh/book/configuration.html
#
# Nushell sets "sensible defaults" for most configuration settings, so
# the user's `config.nu` only needs to override these defaults if
# desired.
#
# This file serves as simple "in-shell" documentation for these
# settings, or you can view a more complete discussion online at:
# https://nushell.sh/book/configuration
#
# You can pretty-print and page this file using:
# config nu --doc | nu-highlight | less -R
# $env.config
# -----------
# The $env.config environment variable is a record containing most Nushell
# configuration settings. Keep in mind that, as a record, setting it to a
# new record will remove any keys which aren't in the new record. Nushell
# will then automatically merge in the internal defaults for missing keys.
#
# The same holds true for keys in the $env.config which are also records
# or lists.
#
# For this reason, settings are typically changed by updating the value of
# a particular key. Merging a new config record is also possible. See the
# Configuration chapter of the book for more information.
$env.config.history.file_format = "sqlite"
$env.config.history.max_size = 5_000_000
# isolation (bool):
# `true`: New history from other currently-open Nushell sessions is not
# seen when scrolling through the history using PrevHistory (typically
# the Up key) or NextHistory (Down key)
# `false`: All commands entered in other Nushell sessions will be mixed with
# those from the current shell.
# Note: Older history items (from before the current shell was started) are
# always shown.
# This setting only applies to SQLite-backed history
$env.config.history.isolation = true
# ----------------------
# Miscellaneous Settings
# ----------------------
# show_banner (bool): Enable or disable the welcome banner at startup
$env.config.show_banner = false
# rm.always_trash (bool):
# true: rm behaves as if the --trash/-t option is specified
# false: rm behaves as if the --permanent/-p option is specified (default)
$env.config.rm.always_trash = true
# recursion_limit (int): how many times a command can call itself recursively
# before an error will be generated.
$env.config.recursion_limit = 50
# ---------------------------
# Commandline Editor Settings
# ---------------------------
# edit_mode (string) "vi" or "emacs" sets the editing behavior of Reedline
$env.config.edit_mode = "vi"
# Command that will be used to edit the current line buffer with Ctrl+O.
# If unset, uses $env.VISUAL and then $env.EDITOR
#
$env.config.buffer_editor = ["nvim", "--clean"]
# cursor_shape_* (string)
# -----------------------
# The following variables accept a string from the following selections:
# "block", "underscore", "line", "blink_block", "blink_underscore", "blink_line", or "inherit"
# "inherit" skips setting cursor shape and uses the current terminal setting.
$env.config.cursor_shape.emacs = "inherit" # Cursor shape in emacs mode
$env.config.cursor_shape.vi_insert = "block" # Cursor shape in vi-insert mode
$env.config.cursor_shape.vi_normal = "underscore" # Cursor shape in normal vi mode
# --------------------
# Terminal Integration
# --------------------
# Nushell can output a number of escape codes to enable advanced features in Terminal Emulators
# that support them. Settings in this section enable or disable these features in Nushell.
# Features aren't supported by your Terminal can be disabled. Features can also be disabled,
# of course, if there is a conflict between the Nushell and Terminal's implementation.
# use_kitty_protocol (bool):
# A keyboard enhancement protocol supported by the Kitty Terminal. Additional keybindings are
# available when using this protocol in a supported terminal. For example, without this protocol,
# Ctrl+I is interpreted as the Tab Key. With this protocol, Ctrl+I and Tab can be mapped separately.
$env.config.use_kitty_protocol = false
# osc2 (bool):
# When true, the current directory and running command are shown in the terminal tab/window title.
# Also abbreviates the directory name by prepending ~ to the home directory and its subdirectories.
$env.config.shell_integration.osc2 = true
# osc7 (bool):
# Nushell will report the current directory to the terminal using OSC 7. This is useful when
# spawning new tabs in the same directory.
$env.config.shell_integration.osc7 = true
# osc9_9 (bool):
# Enables/Disables OSC 9;9 support, originally a ConEmu terminal feature. This is an
# alternative to OSC 7 which also communicates the current path to the terminal.
$env.config.shell_integration.osc9_9 = false
# osc8 (bool):
# When true, the `ls` command will generate clickable links that can be launched in another
# application by the terminal.
# Note: This setting replaces the now deprecated `ls.clickable_links`
$env.config.shell_integration.osc8 = true
# osc133 (bool):
# true/false to enable/disable OSC 133 support, a set of several escape sequences which
# report the (1) starting location of the prompt, (2) ending location of the prompt,
# (3) starting location of the command output, and (4) the exit code of the command.
# originating with Final Term. These sequences report information regarding the prompt
# location as well as command status to the terminal. This enables advanced features in
# some terminals, including the ability to provide separate background colors for the
# command vs. the output, collapsible output, or keybindings to scroll between prompts.
$env.config.shell_integration.osc133 = true
# osc633 (bool):
# true/false to enable/disable OSC 633, an extension to OSC 133 for Visual Studio Code
$env.config.shell_integration.osc633 = true
# NU_LIB_DIRS
# -----------
# Directories in this constant are searched by the
# `use` and `source` commands.
#
# By default, the `scripts` subdirectory of the default configuration
# directory is included:
const NU_LIB_DIRS = [
($nu.default-config-dir | path join 'scripts') # add <nushell-config-dir>/scripts
($nu.data-dir | path join 'completions') # default home for nushell completions
]
# NU_PLUGIN_DIRS
# --------------
# Directories to search for plugin binaries when calling add.
# By default, the `plugins` subdirectory of the default configuration
# directory is included:
const NU_PLUGIN_DIRS = [
($nu.default-config-dir | path join 'plugins') # add <nushell-config-dir>/plugins
]
# As with NU_LIB_DIRS, an $env.NU_PLUGIN_DIRS is searched after the constant version
# The `path add` function from the Standard Library also provides
# a convenience method for prepending to the path:
use std/util "path add"
path add "~/.local/bin"
# You can remove duplicate directories from the path using:
$env.PATH = ($env.PATH | uniq)
home/base/core/shells/default.nix
-33
View File
@@ -1,33 +0,0 @@
{ config, ... }:
let
shellAliases = {
k = "kubectl";
urldecode = "python3 -c 'import sys, urllib.parse as ul; print(ul.unquote_plus(sys.stdin.read()))'";
urlencode = "python3 -c 'import sys, urllib.parse as ul; print(ul.quote_plus(sys.stdin.read()))'";
};
localBin = "${config.home.homeDirectory}/.local/bin";
goBin = "${config.home.homeDirectory}/go/bin";
rustBin = "${config.home.homeDirectory}/.cargo/bin";
npmBin = "${config.home.homeDirectory}/.npm/bin";
in
{
programs.bash = {
enable = true;
enableCompletion = true;
bashrcExtra = ''
export PATH="$PATH:${localBin}:${goBin}:${rustBin}:${npmBin}"
'';
};
# NOTE: only works in bash/zsh, not nushell
home.shellAliases = shellAliases;
# NOTE: nushell will be launched in bash, so it can inherit all the eenvironment variables.
programs.nushell = {
enable = true;
configFile.source = ./config.nu;
inherit shellAliases;
};
}
home/base/core/starship.nix
-29
View File
@@ -1,29 +0,0 @@
{
programs.starship = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
enableNushellIntegration = true;
# https://starship.rs/config/
settings = {
# Get editor completions based on the config schema
"$schema" = "https://starship.rs/config-schema.json";
character = {
success_symbol = "[](bold green)";
error_symbol = "[](bold red)";
};
# I never rely on the defaults, so this module is useless to me—disabled.
# I prefer adding --project, --region to very gcloud/aws command.
aws.disabled = true;
gcloud.disabled = true;
kubernetes = {
symbol = "";
disabled = false;
};
os.disabled = false;
};
};
}
home/base/core/theme.nix
-16
View File
@@ -1,16 +0,0 @@
{ catppuccin, ... }:
{
# https://github.com/catppuccin/nix
imports = [
catppuccin.homeModules.catppuccin
];
catppuccin = {
# The default `enable` value for all available programs.
enable = true;
# one of "latte", "frappe", "macchiato", "mocha"
flavor = "mocha";
# one of "blue", "flamingo", "green", "lavender", "maroon", "mauve", "peach", "pink", "red", "rosewater", "sapphire", "sky", "teal", "yellow"
accent = "pink";
};
}
home/base/core/yazi.nix
-17
View File
@@ -1,17 +0,0 @@
{ pkgs, ... }:
{
# terminal file manager
programs.yazi = {
enable = true;
package = pkgs.yazi;
# Changing working directory when exiting Yazi
enableBashIntegration = true;
enableNushellIntegration = true;
settings = {
mgr = {
show_hidden = true;
sort_dir_first = true;
};
};
};
}
home/base/core/zellij/default.nix
-13
View File
@@ -1,13 +0,0 @@
let
shellAliases = {
"zj" = "zellij";
};
in
{
programs.zellij = {
enable = true;
};
# only works in bash/zsh, not nushell
home.shellAliases = shellAliases;
programs.nushell.shellAliases = shellAliases;
}
home/base/gui/default.nix
-4
View File
@@ -1,4 +0,0 @@
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}
home/base/gui/dev-tools.nix
-19
View File
@@ -1,19 +0,0 @@
{ pkgs, ... }:
{
home.packages =
with pkgs;
[
mitmproxy # http/https proxy tool
wireshark # network analyzer
# IDEs
# jetbrains.idea-community
# AI cli tools
k8sgpt
kubectl-ai # an ai helper opensourced by google
]
++ (lib.optionals pkgs.stdenv.isx86_64 [
insomnia # REST client
]);
}
home/base/gui/media.nix
-16
View File
@@ -1,16 +0,0 @@
{
pkgs,
config,
...
}:
# processing audio/video
{
home.packages = with pkgs; [
ffmpeg-full
# images
viu # Terminal image viewer with native support for iTerm and Kitty
imagemagick
graphviz
];
}
home/base/gui/terminal/README.md
-84
View File
@@ -1,84 +0,0 @@
# Terminal Emulators
I used to spend a lot of time on terminal emulators, to make them match my taste, but now I found
that it's not worth it, **Zellij can provide a user-friendly and unified user experience for all
terminal emulators! without any pain**!
Currently, I only use the most basic features of terminal emulators, such as true color, graphics
protocol, etc. Other features such as tabs, scrollback buffer, select/search/copy, etc, are all
provided by zellij!
My current terminal emulators are:
1. kitty: My main terminal emulator.
1. to select/copy a large mount of text, We should do some tricks via kitty's `scrollback_pager`
with neovim, it's really painful: <https://github.com/kovidgoyal/kitty/issues/719>
2. foot: A fast, lightweight and minimalistic Wayland terminal emulator.
1. foot only do the things a terminal emulator should do, no more, no less.
1. It's really suitable for tiling window manager or zellij users!
3. alacritty: A cross-platform, GPU-accelerated terminal emulator.
1. alacritty is really fast, I use it as a backup terminal emulator on all my desktops.
## 'xterm-kitty': unknown terminal type when `ssh` into a remote host or `sudo xxx`
> https://sw.kovidgoyal.net/kitty/faq/#i-get-errors-about-the-terminal-being-unknown-or-opening-the-terminal-failing-or-functional-keys-like-arrow-keys-don-t-work
> https://wezfurlong.org/wezterm/config/lua/config/term.html
kitty set `TERM` to `xterm-kitty` by default, and TUI apps like `viu`, `yazi`, `curses` will try to
search in the host's [terminfo(terminal capability data base)](https://linux.die.net/man/5/terminfo)
for value of `TERM` to determine the capabilities of the terminal.
But when you `ssh` into a remote host, the remote host is very likely to not have `xterm-kitty` in
its terminfo, so you will get this error:
```
'xterm-kitty': unknown terminal type
```
Or when you `sudo xxx`, `sudo` won't preserve the `TERM` variable, it will be reset to root's
default `TERM` value, which is `xterm` or `xterm-256color` in most linux distributions, so you will
get this error:
```
'xterm-256color': unknown terminal type
```
or
```
Error opening terminal: xterm-kitty.
```
NixOS preserve the `TERMINFO` and `TERMINFO_DIRS` environment variables, for `root` and the `wheel`
group:
[nixpkgs/nixos/modules/config/terminfo.nix](https://github.com/NixOS/nixpkgs/blob/nixos-25.11/nixos/modules/config/terminfo.nix#L18)
For nix-darwin, take a look at <https://github.com/LnL7/nix-darwin/wiki/Terminfo-issues>
### Solutions
Simplest solution, it will automatically copy over the terminfo files and also magically enable
shell integration on the remote machine:
```
kitten ssh user@host
```
Or if you do not care about kitty's features(such as true color & graphics protocol), you can simply
set `TERM` to `xterm-256color`, which is built-in in most linux distributions:
```
export TERM=xterm-256color
```
If you need kitty's features, but do not like the magic of `kitten`, you can manually install
kitty's terminfo on the remote host:
```bash
# install on ubuntu / debian
sudo apt-get install kitty-terminfo
# or copy from local machine
infocmp -a xterm-kitty | ssh myserver tic -x -o \~/.terminfo /dev/stdin
```
home/base/gui/terminal/alacritty/default.nix
-71
View File
@@ -1,71 +0,0 @@
{
pkgs,
...
}:
###########################################################
#
# Alacritty Configuration
#
# Useful Hot Keys for macOS:
# 1. Multi-Window: `command + N`
# 2. Increase Font Size: `command + =` | `command + +`
# 3. Decrease Font Size: `command + -` | `command + _`
# 4. Search Text: `command + F`
# 5. And Other common shortcuts such as Copy, Paste, Cursor Move, etc.
#
# Useful Hot Keys for Linux:
# 1. Increase Font Size: `ctrl + shift + =` | `ctrl + shift + +`
# 2. Decrease Font Size: `ctrl + shift + -` | `ctrl + shift + _`
# 3. Search Text: `ctrl + shift + N`
# 4. And Other common shortcuts such as Copy, Paste, Cursor Move, etc.
#
# Note: Alacritty do not have support for Tabs, and any graphic protocol.
#
###########################################################
{
programs.alacritty = {
enable = true;
# https://alacritty.org/config-alacritty.html
settings = {
window = {
opacity = 0.93;
startup_mode = "Maximized"; # Maximized window
dynamic_title = true;
option_as_alt = "Both"; # Option key acts as Alt on macOS
decorations = "None"; # Show neither borders nor title bar
};
scrolling = {
history = 10000;
};
font = {
bold = {
family = "Maple Mono NF CN";
};
italic = {
family = "Maple Mono NF CN";
};
normal = {
family = "Maple Mono NF CN";
};
bold_italic = {
family = "Maple Mono NF CN";
};
size = 13;
};
terminal = {
# Spawn a nushell in login mode via `bash`
shell = {
program = "${pkgs.bash}/bin/bash";
args = [
"--login"
"-c"
"nu --login --interactive"
];
};
# Controls the ability to write to the system clipboard with the OSC 52 escape sequence.
# It's used by zellij to copy text to the system clipboard.
osc52 = "CopyPaste";
};
};
};
}
home/base/gui/terminal/default.nix
-4
View File
@@ -1,4 +0,0 @@
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}
home/base/gui/terminal/foot.nix
-33
View File
@@ -1,33 +0,0 @@
{ pkgs, ... }:
{
programs.foot = {
# foot is designed only for Linux
enable = pkgs.stdenv.isLinux;
# foot can also be run in a server mode. In this mode, one process hosts multiple windows.
# All Wayland communication, VT parsing and rendering is done in the server process.
# New windows are opened by running footclient, which remains running until the terminal window is closed.
#
# Advantages to run foot in server mode including reduced memory footprint and startup time.
# The downside is a performance penalty. If one window is very busy with, for example, producing output,
# then other windows will suffer. Also, should the server process crash, all windows will be gone.
server.enable = true;
# https://man.archlinux.org/man/foot.ini.5
settings = {
main = {
term = "foot"; # or "xterm-256color" for maximum compatibility
font = "Maple Mono NF CN:size=13";
dpi-aware = "no"; # scale via window manager instead
resize-keep-grid = "no"; # do not resize the window on font resizing
# Spawn a nushell in login mode via `bash`
shell = "${pkgs.bash}/bin/bash --login -c 'nu --login --interactive'";
};
mouse = {
hide-when-typing = "yes";
};
};
};
}
home/base/gui/terminal/ghostty.nix
-40
View File
@@ -1,40 +0,0 @@
{
pkgs,
ghostty,
...
}:
###########################################################
#
# Ghostty Configuration
#
###########################################################
{
programs.ghostty = {
enable = true;
package =
if pkgs.stdenv.isDarwin then
pkgs.hello # pkgs.ghostty is currently broken on darwin
else
pkgs.ghostty; # the stable version
# package = ghostty.packages.${pkgs.stdenv.hostPlatform.system}.default; # the latest version
enableBashIntegration = false;
installBatSyntax = false;
# installVimSyntax = true;
settings = {
font-family = "Maple Mono NF CN";
font-size = 13;
background-opacity = 0.93;
# only supported on macOS;
background-blur-radius = 10;
scrollback-limit = 20000;
# https://ghostty.org/docs/config/reference#command
# To resolve issues:
# 1. https://github.com/ryan4yin/nix-config/issues/26
# 2. https://github.com/ryan4yin/nix-config/issues/8
# Spawn a nushell in login mode via `bash`
command = "${pkgs.bash}/bin/bash --login -c 'nu --login --interactive'";
};
};
}
home/base/gui/terminal/kitty.nix
-50
View File
@@ -1,50 +0,0 @@
{
lib,
pkgs,
...
}:
###########################################################
#
# Kitty Configuration
#
# Useful Hot Keys for Linux(replace `ctrl + shift` with `cmd` on macOS)):
# 1. Increase Font Size: `ctrl + shift + =` | `ctrl + shift + +`
# 2. Decrease Font Size: `ctrl + shift + -` | `ctrl + shift + _`
# 3. And Other common shortcuts such as Copy, Paste, Cursor Move, etc.
#
###########################################################
{
programs.kitty = {
enable = true;
font = {
name = "Maple Mono NF CN";
# use different font size on macOS
size = 13;
};
# consistent with other terminal emulators
keybindings = {
"ctrl+shift+m" = "toggle_maximized";
"ctrl+shift+f" = "show_scrollback"; # search in the current window
};
settings = {
# do not show title bar & window title
hide_window_decorations = "titlebar-and-corners";
macos_show_window_title_in = "none";
background_opacity = "0.93";
macos_option_as_alt = true; # Option key acts as Alt on macOS
enable_audio_bell = false;
tab_bar_edge = "top"; # tab bar on top
# To resolve issues:
# 1. https://github.com/ryan4yin/nix-config/issues/26
# 2. https://github.com/ryan4yin/nix-config/issues/8
# Spawn a nushell in login mode via `bash`
shell = "${pkgs.bash}/bin/bash --login -c 'nu --login --interactive'";
};
# macOS specific settings
darwinLaunchOptions = [ "--start-as=maximized" ];
};
}
home/base/tui/cloud/default.nix
-46
View File
@@ -1,46 +0,0 @@
{
lib,
pkgs,
...
}:
{
# https://developer.hashicorp.com/terraform/cli/config/config-file
home.file.".terraformrc".source = ./terraformrc;
home.packages = with pkgs; [
# infrastructure as code
# pulumi
# pulumictl
# tf2pulumi
# crd2pulumi
# pulumiPackages.pulumi-random
# pulumiPackages.pulumi-command
# pulumiPackages.pulumi-aws-native
# pulumiPackages.pulumi-language-go
# pulumiPackages.pulumi-language-python
# pulumiPackages.pulumi-language-nodejs
# aws
awscli2
ssm-session-manager-plugin # Amazon SSM Session Manager Plugin
aws-iam-authenticator
eksctl
# aliyun
aliyun-cli
# digitalocean
doctl
# google cloud
(google-cloud-sdk.withExtraComponents (
with google-cloud-sdk.components;
[
gke-gcloud-auth-plugin
]
))
# cloud tools that nix do not have cache for.
terraform
terraformer # generate terraform configs from existing cloud resources
packer # machine image builder
];
}
home/base/tui/cloud/terraformrc
-2
View File
@@ -1,2 +0,0 @@
plugin_cache_dir = "$HOME/.terraform.d/plugin-cache"
disable_checkpoint = true
home/base/tui/container.nix
-42
View File
@@ -1,42 +0,0 @@
{
pkgs,
pkgs-2505,
nur-ryan4yin,
...
}:
{
home.packages = with pkgs; [
podman-compose
dive # explore docker layers
lazydocker # Docker terminal UI.
skopeo # copy/sync images between registries and local storage
go-containerregistry # provides `crane` & `gcrane`, it's similar to skopeo
kubectl
kubectx # kubectx & kubens
kubie # same as kubectl-ctx, but per-shell (wont touch kubeconfig).
kubectl-view-secret # kubectl view-secret
kubectl-tree # kubectl tree
kubectl-node-shell # exec into node
kubepug # kubernetes pre upgrade checker
kubectl-cnpg # cloudnative-pg's cli tool
kubebuilder
istioctl
clusterctl # for kubernetes cluster-api
kubevirt # virtctl
pkgs-2505.kubernetes-helm
fluxcd
argocd
ko # build go project to container image
];
programs.k9s.enable = true;
catppuccin.k9s.transparent = true;
programs.kubecolor = {
enable = true;
enableAlias = true;
};
}
home/base/tui/default.nix
-4
View File
@@ -1,4 +0,0 @@
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}
home/base/tui/dev-tools.nix
-63
View File
@@ -1,63 +0,0 @@
{
pkgs,
...
}:
{
#############################################################
#
# Basic settings for development environment
#
# Please avoid to install language specific packages here(globally),
# instead, install them:
# 1. per IDE, such as `programs.neovim.extraPackages`
# 2. per-project, using https://github.com/the-nix-way/dev-templates
#
#############################################################
home.packages = with pkgs; [
colmena # nixos's remote deployment tool
tokei # count lines of code, alternative to cloc
# db related
mycli
pgcli
mongosh
sqlite
# embedded development
minicom
# ai related
python313Packages.huggingface-hub # huggingface-cli
# misc
devbox
bfg-repo-cleaner # remove large files from git history
k6 # load testing tool
# solve coding extercises - learn by doing
exercism
# Automatically trims your branches whose tracking remote refs are merged or gone
# It's really useful when you work on a project for a long time.
git-trim
gitleaks
# need to run `conda-install` before using it
# need to run `conda-shell` before using command `conda`
# conda is not available for MacOS
conda
];
programs = {
direnv = {
enable = true;
nix-direnv.enable = true;
enableZshIntegration = true;
enableBashIntegration = true;
enableNushellIntegration = true;
};
};
}
home/base/tui/editors/Glossary.md
-75
View File
@@ -1,75 +0,0 @@
# Editors Glossary
### LSP - Language Server Protocol
> https://en.wikipedia.org/wiki/Language_Server_Protocol
> https://langserver.org/
The Language Server Protocol (LSP) is an open, JSON-RPC-based protocol for use between source code
editors or integrated development environments (IDEs) and servers that provide programming
language-specific features like:
- motions such as go-to-definition, find-references, hover.
- **code completion**
- **marking of warnings and errors**
- **refactoring routines**
- syntax highlighting (use Tree-sitter instead)
- code formatting (use a dedicated formatter instead)
The goal of the protocol is to allow programming language support to be implemented and distributed
independently of any given editor or IDE.
LSP was originally developed for Microsoft Visual Studio Code and is now an open standard. In the
early 2020s LSP quickly became a "norm" for language intelligence tools providers.
### Tree-sitter
> https://tree-sitter.github.io/tree-sitter/
> https://www.reddit.com/r/neovim/comments/1109wgr/treesitter_vs_lsp_differences_ans_overlap/
Tree-sitter is a parser generator tool and an **incremental parsing** library. It can build a
concrete syntax tree for a source file and efficiently update the syntax tree as the source file is
edited.
It is used by many editors and IDEs to provide:
- **syntax highlighting**
- **indentation**
- **creating foldable code regions**
- **Incremental selection**
- **simple refactoring in a single file**
- such as join/split lines, structural editing, cursor motion, etc.
**Treesitter process each file independently**, and it is not aware of the semantics of your code.
For example, it does not know does a function/variable really exist, or what is the type/return-type
of a variable. This is where LSP comes in.
The LSP server parses the code much more deeply and it **not only parses a single file but your
whole project**. So, the LSP server will know whether a function/variable does exist with the same
type/return-type. If it does not, it will mark it as an error.
**LSP does understand the code semantically, while Treesitter only cares about correct syntax**.
#### LSP vs Tree-sitter
- Tree-sitter: lightweight, fast, but limited knowledge of your code. mainly used for **syntax
highlighting, indentation, and folding/refactoring in a single file**.
- LSP: heavy and slow on large projects, but it has a deep understanding of your code. mainly used
for **code completion, refactoring in the projects, errors/warnings, and other semantic-aware
features**.
### Formatter vs Linter
Linting is distinct from Formatting because:
1. **formatting** only restructures how code appears.
1. `prettier` is a popular formatter.
1. **linting** analyzes how the code runs and detects errors, it may also suggest improvements such
as replace `var` with `let` or `const`.
Formatters and Linters process each file independently, they do not need to know about other files
in the project.
- [ ]
home/base/tui/editors/README.md
-214
View File
@@ -1,214 +0,0 @@
# Editors
My editors:
1. Neovim
2. Helix
And `Zellij` for a smooth and stable terminal experience.
## Tips
1. Many useful keys are already provided by vim, check vim/neovim's docs before you install a new
plugin / reinvent the wheel.
1. After using Emacs/Neovim more skillfully, I strongly recommend that you read the official
documentation of Neovim/vim:
1. <https://vimhelp.org/>: The official vim documentation.
1. <https://neovim.io/doc/user/>: Neovim's official user documentation.
1. Use Zellij for terminal related operations, and use Neovim/Helix for editing.
1. As for Emacs, Use its GUI version & terminal emulator `vterm` for terminal related operations.
1. Two powerful file search & jump tools:
1. Tree-view plugins are beginner-friendly and intuitive, but they're not very efficient.
1. **Search by the file path**: Useful when you're familiar with the project structure, especially
on a large project.
1. **Search by the content**: Useful when you're familiar with the code.
## Tutorial
Type `:tutor`(`:Tutor` in Neovim) to learn the basics usage of vim/neovim.
## VIM's Cheetsheet
> Here only record my commonly used keys, to see **a more comprehensive cheetsheet**:
> <https://vimhelp.org/quickref.txt.html>
Both Emacs-Evil & Neovim are compatible with vim, sothe key-bindings described here are common in
both Emacs-Evil, Neovim & vim.
### Terminal Related
I mainly use Zellij for terminal related operations, here is its terminal shortcuts I use frequently
now:
| Action | Zellij's Shortcut |
| ------------------------- | ----------------- |
| Floating Terminal | `Ctrl + p + w` |
| Horizontal Split Terminal | `Ctrl + p + d` |
| Vertical Split Terminal | `Ctrl + p + n` |
| Execute a command | `!xxx` |
### File Management
> <https://neovim.io/doc/user/usr_22.html>
> <https://vimhelp.org/editing.txt.html>
| Action | |
| ----------------------------------- | ------------------------------------------------ |
| Save selected text to a file | `:w filename` (Will show `:'<,'>w filename`) |
| Save and close the current buffer | `:wq` |
| Save all buffers | `:wa` |
| Save and close all buffers | `:wqa` |
| Edit a file | `:e filename`(or `:e <TAB>` to show a file list) |
| Browse the file list | `:Ex` or `:e .` |
| Discard changes and reread the file | `:e!` |
### Motion
> https://vimhelp.org/motion.txt.html
| Action | Command |
| --------------------------------------------------- | -------------------------------------------------- |
| Move to the start/end of the buffer | `gg`/`G` |
| Move the line number 5 | `5gg` / `5G` |
| Move left/down/up/right | h/j/k/l or `5h`/`5j`/`5k`/`5l` or `Ctr-n`/`Ctrl-p` |
| Move to the matchpairs, default to `()`, `{}`, `[]` | `%` |
| Move to the start/end of the line | `0` / `$` |
| Move a sentence forward/backward | `(` / `)` |
| Move a paragraph forward/backward | `{` / `}` |
| Move a section forward/backward | `[[` / `]]` |
| Jump to various positions | `'` + some other keys(neovim has prompt) |
Text Objects:
- **sentence**: text ending at a '.', '!' or '?' followed by either the end of a line, or by a space
or tab.
- **paragraph**: text ending at a blank line.
- **section**: text starting with a section header and ending at the start of the next section
header (or at the end of the file). - The "`]]`" and "`[[`" commands stop at the '`{`' in the
first column. This is useful to find the start of a function in a C/Go/Java/... program.
### Text Manipulation
Basics:
| Action | |
| --------------------------------------- | -------------------------- |
| Delete the current character | `x` |
| Paste the copied text | `p` |
| Delete the selection | `d` |
| Undo the last word | `CTRL-w`(in insert mode) |
| Undo the last line | `CTRL-u`(in insert mode) |
| Undo the last change | `u` |
| Redo the last change | `Ctrl + r` |
| Inserts the text of the previous insert | `Ctrl + a` |
| Repeat the last command | `.` |
| Toggle text's case | `~` |
| Convert to uppercase | `U` (visual mode) |
| Convert to lowercase | `u` (visual mode) |
| Align the selected content | `:center`/`:left`/`:right` |
Misc:
| Action | Shortcut |
| ----------------------------- | ---------------------------------------- |
| Toggle visual mode | `v` (lower case v) |
| Select the current line | `V` (upper case v) |
| Toggle visual block mode | `<Ctrl> + v` (select a block vertically) |
| Fold the current code block | `zc` |
| Unfold the current code block | `zo` |
| Jump to Definition | `gd` |
| Jump to References | `gD` |
| (Un)Comment the current line | `gcc` |
| Action | |
| ------------------------------------------------------------------------- | -------------- |
| Sort the selected lines | `:sort` |
| Join Selection of Lines With Space | `:join` or `J` |
| Join without spaces | `:join!` |
| Enter Insert mode at the start/end of the line | `I` / `A` |
| Delete from the cursor to the end of the line | `D` |
| Delete from the cursor to the end of the line, and then enter insert mode | `C` |
Advance Techs:
- Add at the end of multiple lines: `:normal A<text>`
- Execublock: `:A<text>`
- visual block mode(ctrl + v)
- Append text at the end of each line in the selected block
- If position exceeds line end, neovim adds spaces automatically
- Delete the last char of multivle lines: `:normal $x`
- Execute `$x` on each line
- visual mode(v)
- `$` moves cursor to the end of line
- `x` deletes the character under the cursor
- Delete the last word of multiple lines: `:normal $bD`
- Execute `$bD` on each line
- visual mode(v)
- `$` moves cursor to the end of line
- `b` moves cursor to the beginning of the last word
### Search
| Action | Command |
| ----------------------------------------------------- | --------- |
| Search forward/backword for a pattern | `/` / `?` |
| Repeat the last search in the same/opposite direction | `n` / `N` |
### Find and Replace
| Action | Command |
| -------------------------------- | ----------------------------------- |
| Replace in selected area | `:s/old/new/g` |
| Replace in current line | Same as above |
| Replace all the lines | `:% s/old/new/g` |
| Replace all the lines with regex | `:% s@\vhttp://(\w+)@https://\1@gc` |
1. `\v` means means that in the regex pattern after it can be used without backslash
escaping(similar to python's raw string).
2. `\1` means the first matched group in the pattern.
### Replace in the specific lines
| Action | Command |
| ----------------------------------------- | -------------------------------------- |
| From the 10th line to the end of the file | `:10,$ s/old/new/g` or `:10,$ s@^@#@g` |
| From the 10th line to the 20th line | `:10,20 s/old/new/g` |
| Remove the trailing spaces | `:% s/\s\+$//g` |
The postfix(flags) in the above commands:
1. `g` means replace all the matched strings in the current line/file.
2. `c` means ask for confirmation before replacing.
3. `i` means ignore case.
### Buffers, Windows and Tabs
> <https://neovim.io/doc/user/usr_08.html>
> <https://vimhelp.org/windows.txt.html>
- A buffer is the in-memory text of a file.
- A window is a viewport on a buffer.
- A tab page is a collection of windows.
| Action | Command |
| ----------------------------------- | ----------------------------------- |
| Split the window horizontally | `:sp[lit]` or `:sp filename` |
| Split the window horizontally | `:vs[plit]` or `:vs filename` |
| Switch to the next/previous window | `Ctrl-w + w` or `Ctrl-w + h/j/k/l` |
| Show all buffers | `:ls` |
| show next/previous buffer | `]b`/`[b` or `:bn[ext]` / `bp[rev]` |
| New Tab(New Workspace in DoomEmacs) | `:tabnew` |
| Next/Previews Tab | `gt`/`gy` |
### History
| Action | Command |
| ------------------------ | ------- |
| Show the command history | `q:` |
| Show the search history | `q/` |
home/base/tui/editors/Structured-Editing.md
-23
View File
@@ -1,23 +0,0 @@
# Structured Editing
## S-expression data(Lisp)
- paredit/[lispy](https://github.com/doomemacs/doomemacs/tree/master/modules/editor/lispy): too
complex.
- [evil-cleverparens](https://github.com/emacs-evil/evil-cleverparens): simple and useful.
- [parinfer(par-in-fer)](https://shaunlebron.github.io/parinfer/): modern, simple, elegant and
useful, but works not well with some other completion plugins...
- to make parinfer works, you should disable sexp & smartparens in any lisp mode.
Some plugins:
- Neovim
- [parinfer-rust](https://github.com/eraserhd/parinfer-rust)
- <https://github.com/Olical/conjure>
- Helix
- [parinfer #4090 - Helix](https://github.com/helix-editor/helix/discussions/4090)
## Other Languages
1. treesitter
1. ...
home/base/tui/editors/default.nix
-4
View File
@@ -1,4 +0,0 @@
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}
home/base/tui/editors/helix/README.md
-64
View File
@@ -1,64 +0,0 @@
# Helix Editor
Neovim is really powerful, and have a very active community. I use it as my main editor, and I'm
very happy with it. I use it for everything, from writing code to writing this document.
But its configuration is a bit complex, and finding the right plugins, writing configurations, and
keeping everything up to date is not easy.
That's why I'm interested in Helix, Helix is similar to Neovim, but it's more opinionated, and it's
batteries included. Whether I'll switch my main editor to Helix or not, it gives me a lot of ideas
on how to improve my Neovim workflow.
## Tutorial
Use `:tutor` in helix to start the tutorial.
## Differences between Neovim and Helixer
1. Selecting first, then action.
1. Helix: delete 2 word: `2w` then `x`. You can always see what you're selecting before you apply
the action.
2. Neovim: delete 2 word: `d`. then `2w`. No visual feedback before you apply the action.
1. Helix - Modern builtin features: LSP, tree-sitter, fuzzy finder, multi cursors, surround and
more.
1. They're all available in Neovim too, but you need to find and use the right plugins manually,
which takes time and effort.
1. Helix is built in Rust from scratch. The result is a much smaller codebase and a modern set of
defaults. No VimScript. No Lua.
1. Neovim contains a lot of VimScript, and lua is too dynamic, it's hard to debug.
1. Personally I'm glad to take a look at a Rust codebase, but not a VimScript/Lua codebase.
1. Neovim have a very activate plugin ecosystem, and it's easy to find plugins for almost
everything.
1. Helix is still new, and it even don't have a stable plugin system yet. A PR to add a plugin
system is still envolving: <https://github.com/helix-editor/helix/pull/8675>
1. Neovim has integrated terminal, and it's very powerful. It's quite similar to VSCode's integrated
terminal. I use it a lot.
1. Helix doesn't have a integrated terminal yet, as it's complicated to implement. Users are
recommended to use tmux/Zellij or Wezterm/Kitty to implement this feature instead.
1. <https://github.com/helix-editor/helix/issues/1976#issuecomment-1091074719>
1. <https://github.com/helix-editor/helix/pull/4649>
1. **My Neovim often gets stuck when I switch to
[toggleterm.nvim](https://github.com/akinsho/toggleterm.nvim), this Helix issue made me
consider to switch from this Neovim plugin to Zellij**.
1. Helix do not have a tree-view panel, it's recommended to use Yazi/ranger/Broot instead, and open
Helix in them.
1. a tree-view plugin may be added after the plugin system is stable, but no one knows when it
will be.
2. and some Helix users stated that they don't need a tree-view plugin, Helix's file picker is
useful and good enough.
1. It seems Helix lacks a global substitution command, you should run it in another window(via wm or
Zellij).
1. <https://github.com/helix-editor/helix/issues/196>
1. Neovim's substitution command allow you to preview the changes before you apply it, and it's
very useful. if I switch to Helix, I'll need to find some other tools with similar
feature(such as https://github.com/ms-jpq/sad).
1. Complexity and Maintenance Costs vs Batteries Included:
<https://github.com/helix-editor/helix/discussions/6356>
I think Use Helix/Neovim within a terminal file manager(Yazi/ranger/Broot) and Zellij is a good
idea. It's quite different from the workflow I migrated from VSCode/JetBrains before, I'm very
interested in it.
In Neovim I can make the workflow similar to VSCode/JetBrains by using some plugins, but Helix
forces me to get out of my comfort zone, and try something new.
home/base/tui/editors/helix/default.nix
-53
View File
@@ -1,53 +0,0 @@
{
config,
pkgs,
helix,
...
}:
let
helixPackages = helix.packages.${pkgs.stdenv.hostPlatform.system};
in
{
# to make steel work, we need to git clone this repo to your home directory.
home.sessionVariables.HELIX_STEEL_CONFIG = "${config.home.homeDirectory}/nix-config/home/base/tui/editors/helix/steel";
home.packages = with pkgs; [
steel
];
programs.helix = {
enable = true;
# enable steel as the plugin system
# https://github.com/helix-editor/helix/pull/8675
# https://github.com/mattwparas/helix/blob/steel-event-system/STEEL.md
package = helixPackages.default.overrideAttrs (prevAttrs: {
cargoBuildFeatures = prevAttrs.cargoBuildFeatures or [ ] ++ [ "steel" ];
});
settings = {
editor = {
line-number = "relative";
cursorline = true;
color-modes = true;
lsp.display-messages = true;
cursor-shape = {
insert = "bar";
normal = "block";
select = "underline";
};
indent-guides.render = true;
};
keys.normal = {
space = {
space = "file_picker";
w = ":w";
q = ":q";
};
esc = [
"collapse_selection"
"keep_primary_selection"
];
};
};
};
}
home/base/tui/editors/helix/steel/helix.scm
-40
View File
@@ -1,40 +0,0 @@
;; The helix.scm module will be loaded first before anything else,
;; the runtime will require this module, and any functions exported
;; will now be available to be used as typed commands, e.g. :git-add :open-helix-scm
(require "helix/editor.scm")
(require (prefix-in helix. "helix/commands.scm"))
(require (prefix-in helix.static. "helix/static.scm"))
(provide shell git-add open-helix-scm open-init-scm)
(define (current-path)
(let* ([focus (editor-focus)]
[focus-doc-id (editor->doc-id focus)])
(editor-document->path focus-doc-id)))
;;@doc
;; Specialized shell implementation, where % is a wildcard for the current file
(define (shell . args)
(helix.run-shell-command
(string-join
;; Replace the % with the current file
(map (lambda (x) (if (equal? x "%") (current-path) x)) args)
" ")))
;;@doc
;; Adds the current file to git
(define (git-add)
(shell "git" "add" "%"))
;;@doc
;; Open the helix.scm file
(define (open-helix-scm)
(helix.open (helix.static.get-helix-scm-path)))
;;@doc
;; Opens the init.scm file
(define (open-init-scm)
(helix.open (helix.static.get-init-scm-path)))
home/base/tui/editors/helix/steel/init.scm
-24
View File
@@ -1,24 +0,0 @@
;; The init.scm file is run at the top level, immediately after the helix.scm module is required.
;; The helix context is available here, so you can interact with the editor.
;; configure the LSP for steel
(require "helix/configuration.scm")
(define-lsp "steel-language-server" (command "steel-language-server") (args '()))
(define-language "scheme"
(language-servers '("steel-language-server")))
;; show splash screen - when you open with no argument
(require "mattwparas-helix-package/splash.scm")
(when (equal? (command-line) '("hx"))
(show-splash))
;; Terminal & shell
(require "steel-pty/term.scm")
(set-default-shell! "nu")
;; File Watcher
(require "helix-file-watcher/file-watcher.scm")
(spawn-watcher)
;; File Tree
(require "mattwparas-helix-package/cogs/file-tree.scm")
home/base/tui/editors/neovim/README.md
-190
View File
@@ -1,190 +0,0 @@
# Neovim Editor
My Neovim config based on [AstroNvim](https://github.com/AstroNvim/AstroNvim). For more details,
visit the [AstroNvim website](https://astronvim.com/).
This document outlines neovim's configuration structure and various shortcuts/commands for efficient
usage.
## Screenshots
![](/_img/astronvim_2023-07-13_00-39.webp) ![](/_img/hyprland_2023-07-29_2.webp)
## Configuration Structure
| Description | Standard Location | My Location |
| ------------------------------------------------- | ------------------------------------------- | ------------------------------------------------------------------------- |
| Neovim's config | `~/.config/nvim` | AstroNvim's github repository, referenced as a flake input in this flake. |
| AstroNvim's user configuration | `$XDG_CONFIG_HOME/astronvim/lua/user` | [./astronvim_user/](./astronvim_user/) |
| Plugins installation directory (lazy.nvim) | `~/.local/share/nvim/` | The same as standard location, generated and managed by lazy.nvim. |
| LSP servers, DAP servers, linters, and formatters | `~/.local/share/nvim/mason/`(by mason.nvim) | [./default.nix](./default.nix), installed by nix. |
## Update/Clean Plugins
Note that lazy.nvim will not automatically update plugins, so you need to update them manually.
```bash
:Lazy update
```
Remove all unused plugins:
```bash
:Lazy clean
```
## Testing
> via `Justfile` located at the root of this repo.
```bash
# testing
just nvim-test
# clear test data
just nvim-clear
```
## Cheetsheet
Here is the cheetsheet related to my Neovim configs. Please read vim's common cheetsheet at
[../README.md](../README.md) before reading the following.
### Incremental Selection
Provided by nvim-treesitter.
| Action | Shortcut |
| ----------------- | -------------- |
| init selection | `<Ctrl-space>` |
| node incremental | `<Ctrl-space>` |
| scope incremental | `<Alt-Space>` |
| node decremental | `Backspace` |
### Search and Jump
Provided by [flash.nvim](https://github.com/folke/flash.nvim), it's a intelligent search and jump
plugin.
1. It enhances the default search and jump behavior of neovim.(search with prefix `/`)
| Action | Shortcut |
| ----------------- | ------------------------------------------------------------------------------------------------------------ |
| Search | `/`(normal search), `s`(disable all code highlight, only highlight matches) |
| Treesitter Search | `yR`,`dR`, `cR`, `vR`, `ctrl+v+R`(around your matches, all the surrounding Treesitter nodes will be labeled) |
| Remote Flash | `yr`, `dr`, `cr`, (around your matches, all the surrounding Treesitter nodes will be labeled) |
### Commands & Shortcuts
| Action | Shortcut |
| ----------------------------- | -------------- |
| Open file explorer | `<Space> + e` |
| Focus Neotree to current file | `<Space> + o` |
| Toggle line wrap | `<Space> + uw` |
| Show line diagnostics | `gl` |
| Show function/variable info | `K` |
| References of a symbol | `gr` |
| Next tab | `]b` |
| Previous tab | `[b` |
### Window Navigation
- Switch between windows: `<Ctrl> + h/j/k/l`
- Resize windows: `<Ctrl> + Up/Down/Left/Right` (`<Ctrl-w> + -/+/</>`)
- Note: On macOS, conflicts with system shortcuts
- Disable in System Preferences -> Keyboard -> Shortcuts -> Mission Control
### Splitting and Buffers
| Action | Shortcut |
| ---------------- | ------------- |
| Horizontal Split | `\` |
| Vertical Split | `\|` |
| Close Buffer | `<Space> + c` |
### Editing and Formatting
| Action | Shortcut |
| ----------------------------------------------------- | -------------- |
| Toggle buffer auto formatting | `<Space> + uf` |
| Format Document | `<Space> + lf` |
| Code Actions | `<Space> + la` |
| Rename | `<Space> + lr` |
| Opening LSP symbols | `<Space> + lS` |
| Comment Line(support multiple lines) | `<Space> + /` |
| Open filepath/URL at cursor(neovim's builtin command) | `gx` |
| Find files by name (fzf) | `<Space> + ff` |
| Find files by name (include hidden files) | `<Space> + fF` |
| Grep string in files (ripgrep) | `<Space> + fw` |
| Grep string in files (include hidden files) | `<Space> + fW` |
### Git
| Action | Shortcut |
| -------------------------- | --------------- |
| Git Commits (repository) | `:<Space> + gc` |
| Git Commits (current file) | `:<Space> + gC` |
| Git Branches | `:<Space> + gb` |
| Git Status | `:<Space> + gt` |
### Sessions
| Action | Shortcut |
| ------------------------------ | -------------- |
| Save Session | `<Space> + Ss` |
| Last Session | `<Space> + Sl` |
| Delete Session | `<Space> + Sd` |
| Search Session | `<Space> + Sf` |
| Load Current Directory Session | `<Space> + S.` |
### Debugging
Press `<Space> + D` to view available bindings and options.
### Search and Replace Globally
| Description | Shortcut |
| ------------------------------------------ | -------------- |
| Open spectre.nvim search and replace panel | `<Space> + ss` |
Search and replace via cli(fd + sad + delta):
```bash
fd "\\.nix$" . | sad '<pattern>' '<replacement>' | delta
```
### Surrounding Characters
Provided by mini.surround plugin.
- Prefix `gz`
| Action | Shortcut | Description |
| ------------------------------ | -------- | ----------------------------------------------- |
| Add surrounding characters | `gzaiw'` | Add `'` around the word under cursor |
| Delete surrounding characters | `gzd'` | Delete `'` around the word under cursor |
| Replace surrounding characters | `gzr'"` | Replace `'` by `"` around the word under cursor |
| Highlight surrounding | `gzh'` | Highlight `'` around the word under cursor |
### Text Manipulation
| Action | |
| -------------------------------------- | ------------- |
| Join with LSP intelligence(treesj) | `<Space> + j` |
| Split Line into Multiple Lines(treesj) | `<Space> + s` |
### Miscellaneous
| Action | |
| --------------------------------- | --------------- |
| Show all Yank History | `:<Space> + yh` |
| Show undo history | `:<Space> + uh` |
| Show the path of the current file | `:!echo $%` |
## Additional Resources
For more detailed information and advanced usage, refer to:
1. [AstroNvim walkthrough](https://astronvim.com/Basic%20Usage/walkthrough)
2. [./astronvim_user/mapping.lua](./astronvim_user/mappings.lua)
3. All the plugins' documentations
home/base/tui/editors/neovim/default.nix
-80
View File
@@ -1,80 +0,0 @@
{
config,
lib,
pkgs,
...
}:
###############################################################################
#
# AstroNvim's configuration and all its dependencies(lsp, formatter, etc.)
#
#e#############################################################################
let
shellAliases = {
v = "nvim";
vdiff = "nvim -d";
};
# the path to nvim directory
# to make this symlink work, we need to git clone this repo to your home directory.
configPath = "${config.home.homeDirectory}/nix-config/home/base/tui/editors/neovim/nvim";
in
{
xdg.configFile."nvim".source = config.lib.file.mkOutOfStoreSymlink configPath;
# Disable catppuccin to avoid conflict with my non-nix config.
catppuccin.nvim.enable = false;
home.shellAliases = shellAliases;
programs.nushell.shellAliases = shellAliases;
programs.neovim = {
enable = true;
package = pkgs.neovim-unwrapped;
# defaultEditor = true; # set EDITOR at system-wide level
viAlias = true;
vimAlias = true;
# These environment variables are needed to build and run binaries
# with external package managers like mason.nvim.
#
# LD_LIBRARY_PATH is also needed to run the non-FHS binaries downloaded by mason.nvim.
# it will be set by nix-ld, so we do not need to set it here again.
extraWrapperArgs = with pkgs; [
# LIBRARY_PATH is used by gcc before compilation to search directories
# containing static and shared libraries that need to be linked to your program.
"--suffix"
"LIBRARY_PATH"
":"
"${lib.makeLibraryPath [
stdenv.cc.cc
zlib
]}"
# PKG_CONFIG_PATH is used by pkg-config before compilation to search directories
# containing .pc files that describe the libraries that need to be linked to your program.
"--suffix"
"PKG_CONFIG_PATH"
":"
"${lib.makeSearchPathOutput "dev" "lib/pkgconfig" [
stdenv.cc.cc
zlib
]}"
];
# Currently we use lazy.nvim as neovim's package manager, so comment this one.
#
# NOTE: These plugins will not be used by astronvim by default!
# We should install packages that will compile locally or download FHS binaries via Nix!
# and use lazy.nvim's `dir` option to specify the package directory in nix store.
# so that these plugins can work on NixOS.
#
# related project:
# https://github.com/b-src/lazy-nix-helper.nvim
plugins = with pkgs.vimPlugins; [
# search all the plugins using https://search.nixos.org/packages
telescope-fzf-native-nvim
nvim-treesitter.withAllGrammars
];
};
}
home/base/tui/editors/neovim/nvim/.neoconf.json
-20
View File
@@ -1,20 +0,0 @@
{
"neodev": {
"library": {
"enabled": true,
"plugins": true
}
},
"neoconf": {
"plugins": {
"lua_ls": {
"enabled": true
}
}
},
"lspconfig": {
"lua_ls": {
"Lua.format.enable": false
}
}
}
home/base/tui/editors/neovim/nvim/.stylua.toml
-7
View File
@@ -1,7 +0,0 @@
column_width = 120
line_endings = "Unix"
indent_type = "Spaces"
indent_width = 2
quote_style = "AutoPreferDouble"
call_parentheses = "None"
collapse_simple_statement = "Always"
home/base/tui/editors/neovim/nvim/init.lua
-19
View File
@@ -1,19 +0,0 @@
-- This file simply bootstraps the installation of Lazy.nvim and then calls other files for execution
-- This file doesn't necessarily need to be touched, BE CAUTIOUS editing this file and proceed at your own risk.
local lazypath = vim.env.LAZY or vim.fn.stdpath "data" .. "/lazy/lazy.nvim"
if not (vim.env.LAZY or (vim.uv or vim.loop).fs_stat(lazypath)) then
-- stylua: ignore
vim.fn.system({ "git", "clone", "--filter=blob:none", "https://github.com/folke/lazy.nvim.git", "--branch=stable", lazypath })
end
vim.opt.rtp:prepend(lazypath)
-- validate that lazy is available
if not pcall(require, "lazy") then
-- stylua: ignore
vim.api.nvim_echo({ { ("Unable to load lazy from: %s\n"):format(lazypath), "ErrorMsg" }, { "Press any key to exit...", "MoreMsg" } }, true, {})
vim.fn.getchar()
vim.cmd.quit()
end
require "lazy_setup"
require "polish"
home/base/tui/editors/neovim/nvim/lazy-lock.json
-141
View File
@@ -1,141 +0,0 @@
{
"AstroNvim": { "branch": "main", "commit": "c5e610f614e74c9dd9bf11760c4d0ad2c98c0abe" },
"Comment.nvim": { "branch": "master", "commit": "e30b7f2008e52442154b66f7c519bfd2f1e32acb" },
"LuaSnip": { "branch": "master", "commit": "458560534a73f7f8d7a11a146c801db00b081df0" },
"aerial.nvim": { "branch": "master", "commit": "3284a2cb858ba009c79da87d5e010ccee3c99c4d" },
"alpha-nvim": { "branch": "main", "commit": "de72250e054e5e691b9736ee30db72c65d560771" },
"astrocommunity": { "branch": "main", "commit": "2db3ee2ce37f9e2bc9e6ea2c3e2e6292ca4d33bf" },
"astrocore": { "branch": "main", "commit": "44a3dc0bf1591022b2a6bc89dccdfac1be17bec9" },
"astrolsp": { "branch": "main", "commit": "909fbe64f3f87d089ff3777751261544557117cc" },
"astrotheme": { "branch": "main", "commit": "f12dcf64b1f9a05839c3ac2146f550f43bae9dab" },
"astroui": { "branch": "main", "commit": "e923a84c488d879a260fc9cfb2dc27dd870fb6ac" },
"autosave.nvim": { "branch": "main", "commit": "348f72cf0241e3e736e3396c4834def2f8ef8d10" },
"avante.nvim": { "branch": "main", "commit": "508cc4c22c78d565d270df8dec5449db07800296" },
"catppuccin": { "branch": "main", "commit": "fa42eb5e26819ef58884257d5ae95dd0552b9a66" },
"clangd_extensions.nvim": {
"branch": "main",
"commit": "db28f29be928d18cbfb86fbfb9f83f584f658feb"
},
"cmake-tools.nvim": { "branch": "master", "commit": "17244215b1a96e4b2a83a16abd6719197f270f96" },
"cmp-buffer": { "branch": "main", "commit": "3022dbc9166796b644a841a02de8dd1cc1d311fa" },
"cmp-conjure": { "branch": "master", "commit": "8c9a88efedc0e5bf3165baa6af8a407afe29daf6" },
"cmp-dap": { "branch": "master", "commit": "ea92773e84c0ad3288c3bc5e452ac91559669087" },
"cmp-nvim-lsp": { "branch": "main", "commit": "99290b3ec1322070bcfb9e846450a46f6efa50f0" },
"cmp-path": { "branch": "main", "commit": "91ff86cd9c29299a64f968ebb45846c485725f23" },
"cmp_luasnip": { "branch": "master", "commit": "98d9cb5c2c38532bd9bdb481067b20fea8f32e90" },
"conjure": { "branch": "main", "commit": "5f15eb0322b5530eefb16457c061e7c2ccd7cf13" },
"crates.nvim": { "branch": "main", "commit": "5d8b1bef686db0fabe5f1bb593744b617e8f1405" },
"deno-nvim": { "branch": "master", "commit": "5a2f9205df5539c4a0696e73893bf8d1b0cae406" },
"dressing.nvim": { "branch": "master", "commit": "3a45525bb182730fe462325c99395529308f431e" },
"flash.nvim": { "branch": "main", "commit": "3c942666f115e2811e959eabbdd361a025db8b63" },
"flit.nvim": { "branch": "main", "commit": "1ef72de6a02458d31b10039372c8a15ab8989e0d" },
"friendly-snippets": { "branch": "main", "commit": "efff286dd74c22f731cdec26a70b46e5b203c619" },
"fzf-lua": { "branch": "main", "commit": "a4404dee0a65d3c2e2b292206d10b16567d088c9" },
"gitsigns.nvim": { "branch": "main", "commit": "7010000889bfb6c26065e0b0f7f1e6aa9163edd9" },
"gopher.nvim": { "branch": "main", "commit": "de585144ebde9f0516fb9b542dd42e90c7835b59" },
"goto-preview": { "branch": "main", "commit": "d1faf6ea992b5bcaaaf2c682e1aba3131a01143e" },
"guess-indent.nvim": { "branch": "main", "commit": "6cd61f7a600bb756e558627cd2e740302c58e32d" },
"heirline.nvim": { "branch": "master", "commit": "fae936abb5e0345b85c3a03ecf38525b0828b992" },
"indent-blankline.nvim": {
"branch": "master",
"commit": "005b56001b2cb30bfa61b7986bc50657816ba4ba"
},
"lazy.nvim": { "branch": "main", "commit": "6c3bda4aca61a13a9c63f1c1d1b16b9d3be90d7a" },
"lazydev.nvim": { "branch": "main", "commit": "f59bd14a852ca43db38e3662395354cb2a9b13e0" },
"leap.nvim": { "branch": "main", "commit": "10c14af4ddfb34dbd7721f0bfb2b4d91f0558907" },
"lsp_signature.nvim": {
"branch": "master",
"commit": "2923666d092300e6d03c8d895991d0bef43f1613"
},
"lspkind.nvim": { "branch": "master", "commit": "d79a1c3299ad0ef94e255d045bed9fa26025dab6" },
"luarocks.nvim": { "branch": "main", "commit": "1db9093915eb16ba2473cfb8d343ace5ee04130a" },
"markdown-preview.nvim": {
"branch": "main",
"commit": "462ce41af003f5cdadab856f3a42dc27e39b89c8"
},
"mason-lspconfig.nvim": {
"branch": "main",
"commit": "1a31f824b9cd5bc6f342fc29e9a53b60d74af245"
},
"mason-null-ls.nvim": { "branch": "main", "commit": "2b8433f76598397fcc97318d410e0c4f7a4bea6a" },
"mason-nvim-dap.nvim": { "branch": "main", "commit": "4c2cdc69d69fe00c15ae8648f7e954d99e5de3ea" },
"mason.nvim": { "branch": "main", "commit": "fc98833b6da5de5a9c5b1446ac541577059555be" },
"mini.ai": { "branch": "main", "commit": "d172ada7b0281044a06cb9a625a862553c457b6f" },
"mini.bufremove": { "branch": "main", "commit": "285bdac9596ee7375db50c0f76ed04336dcd2685" },
"mini.surround": { "branch": "main", "commit": "1a2b59c77a0c4713a5bd8972da322f842f4821b1" },
"neo-tree.nvim": { "branch": "main", "commit": "f481de16a0eb59c985abac8985e3f2e2f75b4875" },
"neoconf.nvim": { "branch": "main", "commit": "f630568a4d04154803886f21ca60923f12709f0f" },
"nfnl": { "branch": "main", "commit": "143b595069d98d47b26b80f0e0375420673de4af" },
"none-ls.nvim": { "branch": "main", "commit": "a117163db44c256d53c3be8717f3e1a2a28e6299" },
"nui.nvim": { "branch": "main", "commit": "a0fd35fcbb4cb479366f1dc5f20145fd718a3733" },
"nvim-autopairs": { "branch": "master", "commit": "68f0e5c3dab23261a945272032ee6700af86227a" },
"nvim-cmp": { "branch": "main", "commit": "1e1900b0769324a9675ef85b38f99cca29e203b3" },
"nvim-colorizer.lua": {
"branch": "master",
"commit": "517df88cf2afb36652830df2c655df2da416a0ae"
},
"nvim-dap": { "branch": "master", "commit": "6a5bba0ddea5d419a783e170c20988046376090d" },
"nvim-dap-go": { "branch": "main", "commit": "8763ced35b19c8dc526e04a70ab07c34e11ad064" },
"nvim-dap-python": { "branch": "master", "commit": "261ce649d05bc455a29f9636dc03f8cdaa7e0e2c" },
"nvim-dap-ui": { "branch": "master", "commit": "bc81f8d3440aede116f821114547a476b082b319" },
"nvim-jdtls": { "branch": "master", "commit": "4d77ff02063cf88963d5cf10683ab1fd15d072de" },
"nvim-lsp-file-operations": {
"branch": "master",
"commit": "9744b738183a5adca0f916527922078a965515ed"
},
"nvim-lspconfig": { "branch": "master", "commit": "185b2af444b27d6541c02d662b5b68190e5cf0c4" },
"nvim-nio": { "branch": "master", "commit": "21f5324bfac14e22ba26553caf69ec76ae8a7662" },
"nvim-notify": { "branch": "master", "commit": "a3020c2cf4dfc4c4f390c4a21e84e35e46cf5d17" },
"nvim-scrollbar": { "branch": "main", "commit": "5b103ef0fd2e8b9b4be3878ed38d224522192c6c" },
"nvim-spectre": { "branch": "master", "commit": "72f56f7585903cd7bf92c665351aa585e150af0f" },
"nvim-spider": { "branch": "main", "commit": "d4bdc45eac425e77108f068bd0706ff3ac20be7f" },
"nvim-treesitter": { "branch": "master", "commit": "f8aaf5ce4e27cd20de917946b2ae5c968a2c2858" },
"nvim-treesitter-textobjects": {
"branch": "master",
"commit": "9937e5e356e5b227ec56d83d0a9d0a0f6bc9cad4"
},
"nvim-ts-autotag": { "branch": "main", "commit": "a1d526af391f6aebb25a8795cbc05351ed3620b5" },
"nvim-ts-context-commentstring": {
"branch": "main",
"commit": "1b212c2eee76d787bbea6aa5e92a2b534e7b4f8f"
},
"nvim-ufo": { "branch": "main", "commit": "61463090a4f55f5d080236ea62f09d1cd8976ff3" },
"nvim-vtsls": { "branch": "main", "commit": "60b493e641d3674c030c660cabe7a2a3f7a914be" },
"nvim-web-devicons": { "branch": "master", "commit": "4c3a5848ee0b09ecdea73adcd2a689190aeb728c" },
"nvim-window-picker": { "branch": "main", "commit": "6382540b2ae5de6c793d4aa2e3fe6dbb518505ec" },
"orgmode": { "branch": "master", "commit": "b6d14eb0a1553a0ef4114346d67605de82d0f7fb" },
"package-info.nvim": { "branch": "master", "commit": "4f1b8287dde221153ec9f2acd46e8237d2d0881e" },
"parinfer-rust": { "branch": "master", "commit": "afe6b1176cd805c000713e23b654fbf4b9f4b156" },
"plenary.nvim": { "branch": "master", "commit": "857c5ac632080dba10aae49dba902ce3abf91b35" },
"presence.nvim": { "branch": "main", "commit": "87c857a56b7703f976d3a5ef15967d80508df6e6" },
"promise-async": { "branch": "main", "commit": "38a4575da9497326badd3995e768b4ccf0bb153e" },
"refactoring.nvim": { "branch": "master", "commit": "74b608dfee827c2372250519d433cc21cb083407" },
"render-markdown.nvim": {
"branch": "main",
"commit": "c809fc129f842a7055c672593d24be6346bcc673"
},
"resession.nvim": { "branch": "master", "commit": "cc819b0489938d03e4f3532a583354f0287c015b" },
"rustaceanvim": { "branch": "master", "commit": "322224d00a731d75eed6b700d38e460fd30f6e3c" },
"schemastore.nvim": { "branch": "main", "commit": "e4f80f37cd11ed58a6e914cc30850749f021b6a7" },
"sentiment.nvim": { "branch": "main", "commit": "54a6db15b630eccfa98c32a76baf90f21c6f1e40" },
"smart-splits.nvim": { "branch": "master", "commit": "ddb23c1a1cf1507bda487cda7f6e4690965ef9f5" },
"telescope-fzf-native.nvim": {
"branch": "main",
"commit": "1f08ed60cafc8f6168b72b80be2b2ea149813e55"
},
"telescope-undo.nvim": { "branch": "main", "commit": "928d0c2dc9606e01e2cc547196f48d2eaecf58e5" },
"telescope.nvim": { "branch": "0.1.x", "commit": "a17d611a0e111836a1db5295f04945df407c5135" },
"todo-comments.nvim": { "branch": "main", "commit": "ae0a2afb47cf7395dc400e5dc4e05274bf4fb9e0" },
"tree-sitter-nu": { "branch": "main", "commit": "d62bb4a0c78e9476a6dd0081761444f6870252ed" },
"treesj": { "branch": "main", "commit": "3b4a2bc42738a63de17e7485d4cc5e49970ddbcc" },
"tsc.nvim": { "branch": "main", "commit": "8c1b4ec6a48d038a79ced8674cb15e7db6dd8ef0" },
"venv-selector.nvim": {
"branch": "regexp",
"commit": "c677caa1030808a9f90092e522de7cc20c1390dd"
},
"vim-illuminate": { "branch": "master", "commit": "19cb21f513fc2b02f0c66be70107741e837516a1" },
"vim-repeat": { "branch": "master", "commit": "65846025c15494983dafe5e3b46c8f88ab2e9635" },
"vim-wakatime": { "branch": "master", "commit": "f39c4a201ae350aaba713b59d4a4fdd88e0811aa" },
"which-key.nvim": { "branch": "main", "commit": "fcbf4eea17cb299c02557d576f0d568878e354a4" },
"yanky.nvim": { "branch": "main", "commit": "04775cc6e10ef038c397c407bc17f00a2f52b378" }
}
home/base/tui/editors/neovim/nvim/lua/community.lua
-55
View File
@@ -1,55 +0,0 @@
-- AstroCommunity: import any community modules here
-- We import this file in `lazy_setup.lua` before the `plugins/` folder.
-- This guarantees that the specs are processed before any user plugins.
---@type LazySpec
return {
"AstroNvim/astrocommunity",
-- Motion
{ import = "astrocommunity.motion.mini-surround" },
-- https://github.com/echasnovski/mini.ai
{ import = "astrocommunity.motion.mini-ai" },
{ import = "astrocommunity.motion.flash-nvim" },
-- Highly experimental plugin that completely replaces
-- the UI for messages, cmdline and the popupmenu.
-- { import = "astrocommunity.utility.noice-nvim" },
{ import = "astrocommunity.media.vim-wakatime" },
{ import = "astrocommunity.motion.leap-nvim" },
{ import = "astrocommunity.motion.flit-nvim" },
{ import = "astrocommunity.scrolling.nvim-scrollbar" },
{ import = "astrocommunity.editing-support.todo-comments-nvim" },
-- Language Support
---- Frontend & NodeJS
{ import = "astrocommunity.pack.typescript-all-in-one" },
{ import = "astrocommunity.pack.tailwindcss" },
{ import = "astrocommunity.pack.html-css" },
{ import = "astrocommunity.pack.prisma" },
{ import = "astrocommunity.pack.vue" },
---- Configuration Language
{ import = "astrocommunity.pack.markdown" },
{ import = "astrocommunity.pack.json" },
{ import = "astrocommunity.pack.yaml" },
{ import = "astrocommunity.pack.toml" },
---- Backend / System
{ import = "astrocommunity.pack.lua" },
{ import = "astrocommunity.pack.go" },
{ import = "astrocommunity.pack.rust" },
{ import = "astrocommunity.pack.python" },
{ import = "astrocommunity.pack.java" },
{ import = "astrocommunity.pack.cmake" },
{ import = "astrocommunity.pack.cpp" },
-- { import = "astrocommunity.pack.nix" }, -- manually add config for nix, comment this one.
{ import = "astrocommunity.pack.proto" },
---- Operation & Cloud Native
{ import = "astrocommunity.pack.terraform" },
{ import = "astrocommunity.pack.bash" },
{ import = "astrocommunity.pack.docker" },
{ import = "astrocommunity.pack.helm" },
-- colorscheme
{ import = "astrocommunity.colorscheme.catppuccin" },
-- Lua implementation of CamelCaseMotion, with extra consideration of punctuation.
{ import = "astrocommunity.motion.nvim-spider" },
}

Some files were not shown because too many files have changed in this diff Show More