feat: start clash-verge on login

feat: use mainGateway for idols-ai, rename defaultGateway to proxyGateway
feat: install clash verge on all nixos desktop hosts
2026-05-28 18:39:31 +02:00 · 2025-08-11 00:42:10 +08:00 · 2025-08-11 00:32:08 +08:00 · 2025-08-11 00:18:29 +08:00 · 2025-08-10 13:27:20 +08:00 · 2025-08-10 13:23:56 +08:00
236 changed files with 2438 additions and 1833 deletions
@@ -77,7 +77,7 @@ shell:
 [group('nix')]
 fmt:
  # format the nix files in this repo
-  nix fmt
+  ls **/*.nix | each { |it| nixfmt $it.name }

 # Show all the auto gc roots in the nix store
 [group('nix')]
@@ -133,10 +133,10 @@ nix-shell -p just nushell
 # 4. comment out the proxy settings in scripts/darwin_set_proxy.py if the proxy is not ready yet.

 # deploy fern's configuration(Apple Silicon)
-just fe
+just fr

 # deploy with details
-just fe debug
+just fr debug
 ```

 > [What y'all will need when Nix drives you to drink.](https://www.youtube.com/watch?v=Eni9PPPPBpg)
@@ -54,11 +54,11 @@
      },
      "locked": {
        "dir": "blender",
-        "lastModified": 1746378999,
-        "narHash": "sha256-aF+uC/aYR4I7VxN9s0gQG1WRDTE0Re3jAMd0qBkWjV4=",
+        "lastModified": 1752701743,
+        "narHash": "sha256-cQeX9PP5F7fgsuv0CrL16GtlU6MS0i9LLnkkITu8jA8=",
        "owner": "edolstra",
        "repo": "nix-warez",
-        "rev": "85d76721132cc6631bbaa8c950d4d0f3aa4003fd",
+        "rev": "69acfebb3740542936f71775bcdf322dc328a655",
        "type": "github"
      },
      "original": {
@@ -75,11 +75,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752227483,
-        "narHash": "sha256-eetITGJfURryoHY5gfuE9/4sEV9aSgzhPxgsQgofNa8=",
+        "lastModified": 1753702336,
+        "narHash": "sha256-IVFUQV6egGQHnm+I183OT+4ct/ka1IWA5u/0A9I/YV4=",
        "owner": "catppuccin",
        "repo": "nix",
-        "rev": "5f431aac1a4038c385e6de2d2384d943e4802d61",
+        "rev": "b32de96c3c5384c83b0f4d741ec58a7f97c9ab11",
        "type": "github"
      },
      "original": {
@@ -256,11 +256,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1751413152,
-        "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
+        "lastModified": 1753121425,
+        "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
+        "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e",
        "type": "github"
      },
      "original": {
@@ -277,11 +277,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751413152,
-        "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
+        "lastModified": 1753121425,
+        "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
+        "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e",
        "type": "github"
      },
      "original": {
@@ -335,11 +335,11 @@
        "zon2nix": "zon2nix"
      },
      "locked": {
-        "lastModified": 1752207706,
-        "narHash": "sha256-6Fiy+icid2rKXL9oKcRd3zuITSwtdnShqCPp0Evt3fM=",
+        "lastModified": 1753722074,
+        "narHash": "sha256-yGQ28k8iz2tGrj5oo/HBkn0ihWA5uUZ1ZErkMtegzTw=",
        "owner": "ghostty-org",
        "repo": "ghostty",
-        "rev": "4aa28988a6ddd9aa8b3402e4bab05ad02a0c12c6",
+        "rev": "92c1f4b0b9c6fde6d8f79109de71bf4e30831e86",
        "type": "github"
      },
      "original": {
@@ -424,11 +424,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748000383,
-        "narHash": "sha256-EaAJhwfJGBncgIV/0NlJviid2DP93cTMc9h0q6P6xXk=",
+        "lastModified": 1752595130,
+        "narHash": "sha256-CNBgr4OZSuklGtNOa9CnTNo9+Xceqn/EDAC1Tc43fH8=",
        "owner": "hercules-ci",
        "repo": "hercules-ci-effects",
-        "rev": "231726642197817d20310b9d39dd4afb9e899489",
+        "rev": "5f2e09654b2e70ba643e41609d9f9b6640f22113",
        "type": "github"
      },
      "original": {
@@ -465,11 +465,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752202894,
-        "narHash": "sha256-knafgng4gCjZIUMyAEWjxxdols6n/swkYnbWr+oF+1w=",
+        "lastModified": 1753807879,
+        "narHash": "sha256-d8nxwjUxnRyLWc5G/CpGVsqcSU3ZolS/QYWm9L+/CG0=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "fab659b346c0d4252208434c3c4b3983a4b38fec",
+        "rev": "25deca893974aae98c9be151fb47d6284c053470",
        "type": "github"
      },
      "original": {
@@ -567,11 +567,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752199489,
-        "narHash": "sha256-p2zkn8fdLvZ19MgAA5CdiuQWQ/gE3YNg1Nhbm4EAflI=",
+        "lastModified": 1753582293,
+        "narHash": "sha256-CimzlksXOfuPcLr4ye/s4hwZhHk98f0gnXB6Dq9RhZo=",
        "owner": "fufexan",
        "repo": "nix-gaming",
-        "rev": "62f976ed47de88323770646a9a92e4912d33585f",
+        "rev": "ceb9d44f09b0db02332873247a50210a486959ff",
        "type": "github"
      },
      "original": {
@@ -647,11 +647,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752113924,
-        "narHash": "sha256-mbAHO0rZDBdSosV4LIk9s/3IH1ZhQY9ELixieo+iEns=",
+        "lastModified": 1753324041,
+        "narHash": "sha256-2JZ82g01Lo3f0SNP2WSDZ0ER1FnAN2WicULZkoEsRx0=",
        "owner": "nixpak",
        "repo": "nixpak",
-        "rev": "19942ded45bd73c74dbb44642406da0569f639a8",
+        "rev": "fedd4b59b7c8f18be508dee9d89985a8501982d0",
        "type": "github"
      },
      "original": {
@@ -675,11 +675,11 @@
    },
    "nixpkgs-darwin": {
      "locked": {
-        "lastModified": 1751949589,
-        "narHash": "sha256-mgFxAPLWw0Kq+C8P3dRrZrOYEQXOtKuYVlo9xvPntt8=",
+        "lastModified": 1753722563,
+        "narHash": "sha256-FK8iq76wlacriq3u0kFCehsRYTAqjA9nfprpiSWRWIc=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "9b008d60392981ad674e04016d25619281550a9d",
+        "rev": "648f70160c03151bc2121d179291337ad6bc564b",
        "type": "github"
      },
      "original": {
@@ -706,11 +706,11 @@
    },
    "nixpkgs-ollama": {
      "locked": {
-        "lastModified": 1751984180,
-        "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
+        "lastModified": 1753694789,
+        "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
+        "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
        "type": "github"
      },
      "original": {
@@ -738,11 +738,11 @@
    },
    "nixpkgs-stable_2": {
      "locked": {
-        "lastModified": 1751943650,
-        "narHash": "sha256-7orTnNqkGGru8Je6Un6mq1T8YVVU/O5kyW4+f9C1mZQ=",
+        "lastModified": 1753489912,
+        "narHash": "sha256-uDCFHeXdRIgJpYmtcUxGEsZ+hYlLPBhR83fdU+vbC1s=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "88983d4b665fb491861005137ce2b11a9f89f203",
+        "rev": "13e8d35b7d6028b7198f8186bc0347c6abaa2701",
        "type": "github"
      },
      "original": {
@@ -754,11 +754,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1751984180,
-        "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
+        "lastModified": 1753694789,
+        "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
+        "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
        "type": "github"
      },
      "original": {
@@ -770,11 +770,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1751984180,
-        "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
+        "lastModified": 1753694789,
+        "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
+        "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
        "type": "github"
      },
      "original": {
@@ -828,11 +828,11 @@
    "polybar-themes": {
      "flake": false,
      "locked": {
-        "lastModified": 1750950071,
-        "narHash": "sha256-Hanx8zEueKvI4jBrcUQIo6GnkzcS2TgsixBLS8V9ZKM=",
+        "lastModified": 1753542051,
+        "narHash": "sha256-f/54m7RJnqNW6eC/75IrnFxmSWTY+zd5epm6TQsYeYA=",
        "owner": "adi1090x",
        "repo": "polybar-themes",
-        "rev": "ccf23ef328f1e988650487c40678c6953038e2b2",
+        "rev": "e6326ff356b296256b7fac9c5bcc42a1ef4a4d5b",
        "type": "github"
      },
      "original": {
@@ -853,13 +853,13 @@
        "lastModified": 1750779888,
        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
+        "repo": "git-hooks.nix",
        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
+        "repo": "git-hooks.nix",
        "type": "github"
      }
    },
@@ -1058,7 +1058,8 @@
    "zig": {
      "inputs": {
        "flake-compat": [
-          "ghostty"
+          "ghostty",
+          "flake-compat"
        ],
        "flake-utils": [
          "ghostty",
@@ -1104,8 +1105,8 @@
      },
      "original": {
        "owner": "jcollie",
-        "ref": "56c159be489cc6c0e73c3930bd908ddc6fe89613",
        "repo": "zon2nix",
+        "rev": "56c159be489cc6c0e73c3930bd908ddc6fe89613",
        "type": "github"
      }
    }
@@ -109,7 +109,7 @@

    # add git hooks to format nix code before commit
    pre-commit-hooks = {
-      url = "github:cachix/pre-commit-hooks.nix";
+      url = "github:cachix/git-hooks.nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

@@ -2,7 +2,8 @@
  config,
  pkgs,
  ...
-}: {
+}:
+{
  services.dbus.apparmor = "enabled";
  security.apparmor = {
    enable = true;
@@ -2,7 +2,7 @@
  nixpkgs.overlays = [
    (_: super: {
      bwraps = {
-        wechat = super.callPackage ./wechat.nix {};
+        wechat = super.callPackage ./wechat.nix { };
      };
    })
  ];
@@ -10,7 +10,8 @@
  appimageTools,
  fetchurl,
  stdenvNoCC,
-}: let
+}:
+let
  pname = "wechat";
  # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/we/wechat/package.nix
  sources = {
@@ -41,58 +42,58 @@
    '';
  };
 in
-  appimageTools.wrapAppImage {
-    inherit pname version;
+appimageTools.wrapAppImage {
+  inherit pname version;

-    src = appimageContents;
+  src = appimageContents;

-    extraInstallCommands = ''
-      mkdir -p $out/share/applications
-      cp ${appimageContents}/wechat.desktop $out/share/applications/
-      mkdir -p $out/share/pixmaps
-      cp ${appimageContents}/wechat.png $out/share/pixmaps/
+  extraInstallCommands = ''
+    mkdir -p $out/share/applications
+    cp ${appimageContents}/wechat.desktop $out/share/applications/
+    mkdir -p $out/share/pixmaps
+    cp ${appimageContents}/wechat.png $out/share/pixmaps/

-      substituteInPlace $out/share/applications/wechat.desktop --replace-fail AppRun wechat
-    '';
+    substituteInPlace $out/share/applications/wechat.desktop --replace-fail AppRun wechat
+  '';

-    # Add these root paths to FHS sandbox to prevent WeChat from accessing them by default
-    # Adapted from https://aur.archlinux.org/cgit/aur.git/tree/wechat-universal.sh?h=wechat-universal-bwrap
-    extraPreBwrapCmds = ''
-      XDG_DOCUMENTS_DIR="''${XDG_DOCUMENTS_DIR:-$(xdg-user-dir DOCUMENTS)}"
-      if [[ -z "''${XDG_DOCUMENTS_DIR}" ]]; then
-          echo 'Error: Failed to get XDG_DOCUMENTS_DIR, refuse to continue'
-          exit 1
-      fi
+  # Add these root paths to FHS sandbox to prevent WeChat from accessing them by default
+  # Adapted from https://aur.archlinux.org/cgit/aur.git/tree/wechat-universal.sh?h=wechat-universal-bwrap
+  extraPreBwrapCmds = ''
+    XDG_DOCUMENTS_DIR="''${XDG_DOCUMENTS_DIR:-$(xdg-user-dir DOCUMENTS)}"
+    if [[ -z "''${XDG_DOCUMENTS_DIR}" ]]; then
+        echo 'Error: Failed to get XDG_DOCUMENTS_DIR, refuse to continue'
+        exit 1
+    fi

-      WECHAT_DATA_DIR="''${XDG_DOCUMENTS_DIR}/WeChat_Data"
+    WECHAT_DATA_DIR="''${XDG_DOCUMENTS_DIR}/WeChat_Data"

-      # Using ''${WECHAT_DATA_DIR} as Wechat Data folder
-      WECHAT_HOME_DIR="''${WECHAT_DATA_DIR}/home"
-      WECHAT_FILES_DIR="''${WECHAT_DATA_DIR}/xwechat_files"
+    # Using ''${WECHAT_DATA_DIR} as Wechat Data folder
+    WECHAT_HOME_DIR="''${WECHAT_DATA_DIR}/home"
+    WECHAT_FILES_DIR="''${WECHAT_DATA_DIR}/xwechat_files"

-      mkdir -p "''${WECHAT_FILES_DIR}"
-      mkdir -p "''${WECHAT_HOME_DIR}"
-      ln -snf "''${WECHAT_FILES_DIR}" "''${WECHAT_HOME_DIR}/xwechat_files"
-    '';
-    extraBwrapArgs = [
-      "--tmpfs /home"
-      "--tmpfs /root"
-      # format: --bind <host-path> <sandbox-path>
-      "--bind \${WECHAT_HOME_DIR} \${HOME}"
-      "--bind \${WECHAT_FILES_DIR} \${WECHAT_FILES_DIR}"
-      "--chdir \${HOME}"
-      # wechat-universal only supports xcb
-      "--setenv QT_QPA_PLATFORM xcb"
-      "--setenv QT_AUTO_SCREEN_SCALE_FACTOR 1"
-      # use fcitx as IME
-      "--setenv QT_IM_MODULE fcitx"
-      "--setenv GTK_IM_MODULE fcitx"
-    ];
-    chdirToPwd = false;
-    unshareNet = false;
-    unshareIpc = true;
-    unsharePid = true;
-    unshareUts = true;
-    unshareCgroup = true;
-    privateTmp = true;
-  }
+    mkdir -p "''${WECHAT_FILES_DIR}"
+    mkdir -p "''${WECHAT_HOME_DIR}"
+    ln -snf "''${WECHAT_FILES_DIR}" "''${WECHAT_HOME_DIR}/xwechat_files"
+  '';
+  extraBwrapArgs = [
+    "--tmpfs /home"
+    "--tmpfs /root"
+    # format: --bind <host-path> <sandbox-path>
+    "--bind \${WECHAT_HOME_DIR} \${HOME}"
+    "--bind \${WECHAT_FILES_DIR} \${WECHAT_FILES_DIR}"
+    "--chdir \${HOME}"
+    # wechat-universal only supports xcb
+    "--setenv QT_QPA_PLATFORM xcb"
+    "--setenv QT_AUTO_SCREEN_SCALE_FACTOR 1"
+    # use fcitx as IME
+    "--setenv QT_IM_MODULE fcitx"
+    "--setenv GTK_IM_MODULE fcitx"
+  ];
+  chdirToPwd = false;
+  unshareNet = false;
+  unshareIpc = true;
+  unsharePid = true;
+  unshareUts = true;
+  unshareCgroup = true;
+  privateTmp = true;
+}
@@ -2,7 +2,8 @@
  pkgs,
  nixpak,
  ...
-}: let
+}:
+let
  callArgs = {
    mkNixPak = nixpak.lib.nixpak {
      inherit (pkgs) lib;
@@ -14,19 +15,20 @@
    ];
  };
  wrapper = _pkgs: path: (_pkgs.callPackage path callArgs).config.script;
-in {
+in
+{
  # Add nixpaked Apps into nixpkgs, and reference them in home-manager or other nixos modules
  nixpkgs.overlays = [
    (_: super: {
      nixpaks = {
        qq = wrapper super ./qq.nix;
-        qq-desktop-item = super.callPackage ./qq-desktop-item.nix {};
+        qq-desktop-item = super.callPackage ./qq-desktop-item.nix { };

        wechat = wrapper super ./wechat.nix;
-        wechat-desktop-item = super.callPackage ./wechat-desktop-item.nix {};
+        wechat-desktop-item = super.callPackage ./wechat-desktop-item.nix { };

        firefox = wrapper super ./firefox.nix;
-        firefox-desktop-item = super.callPackage ./firefox-desktop-item.nix {};
+        firefox-desktop-item = super.callPackage ./firefox-desktop-item.nix { };
      };
    })
  ];
@@ -1,4 +1,4 @@
-{makeDesktopItem}:
+{ makeDesktopItem }:
 makeDesktopItem {
  name = "firefox";
  desktopName = "firefox";
@@ -6,6 +6,6 @@ makeDesktopItem {
  terminal = false;
  icon = "firefox";
  type = "Application";
-  categories = ["Network"];
+  categories = [ "Network" ];
  comment = "firefox boxed";
 }
@@ -10,74 +10,79 @@
  ...
 }:
 mkNixPak {
-  config = {
-    config,
-    sloth,
-    ...
-  }: {
-    app = {
-      package = pkgs.firefox-wayland;
-      binPath = "bin/firefox";
-    };
-    flatpak.appId = "org.mozilla.firefox";
+  config =
+    {
+      config,
+      sloth,
+      ...
+    }:
+    {
+      app = {
+        package = pkgs.firefox-wayland;
+        binPath = "bin/firefox";
+      };
+      flatpak.appId = "org.mozilla.firefox";

-    imports = [
-      ./modules/gui-base.nix
-      ./modules/network.nix
-    ];
-
-    # list all dbus services:
-    #   ls -al /run/current-system/sw/share/dbus-1/services/
-    #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
-    dbus.policies = {
-      "org.mozilla.firefox.*" = "own"; # firefox
-      "org.mozilla.firefox_beta.*" = "own"; # firefox beta
-      "org.mpris.MediaPlayer2.firefox.*" = "own";
-      "org.freedesktop.NetworkManager" = "talk";
-
-      "org.gnome.Shell.Screencast" = "talk";
-      # System tray icon
-      "org.freedesktop.Notifications" = "talk";
-      "org.kde.StatusNotifierWatcher" = "talk";
-      # File Manager
-      "org.freedesktop.FileManager1" = "talk";
-      # Uses legacy StatusNotifier implementation
-      "org.kde.*" = "own";
-    };
-
-    bubblewrap = {
-      # To trace all the home files QQ accesses, you can use the following nushell command:
-      #   just trace-access firefox
-      # See the Justfile in the root of this repository for more information.
-      bind.rw = [
-        # given the read write permission to the following directories.
-        # NOTE: sloth.mkdir is used to create the directory if it does not exist!
-        (sloth.mkdir (sloth.concat' sloth.homeDir "/.mozilla"))
-
-        sloth.xdgDocumentsDir
-        sloth.xdgDownloadDir
-        sloth.xdgMusicDir
-        sloth.xdgVideosDir
-      ];
-      bind.ro = [
-        "/sys/bus/pci"
-        ["${config.app.package}/lib/firefox" "/app/etc/firefox"]
-
-        # ================ for browserpass extension ===============================
-        "/etc/gnupg"
-        (sloth.concat' sloth.homeDir "/.gnupg") # gpg's config
-        (sloth.concat' sloth.homeDir "/.local/share/password-store") # my secrets
-        (sloth.concat' sloth.runtimeDir "/gnupg") # for access gpg-agent socket
-
-        # Unsure
-        (sloth.concat' sloth.xdgConfigHome "/dconf")
+      imports = [
+        ./modules/gui-base.nix
+        ./modules/network.nix
      ];

-      sockets = {
-        x11 = false;
-        wayland = true;
-        pipewire = true;
+      # list all dbus services:
+      #   ls -al /run/current-system/sw/share/dbus-1/services/
+      #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
+      dbus.policies = {
+        "org.mozilla.firefox.*" = "own"; # firefox
+        "org.mozilla.firefox_beta.*" = "own"; # firefox beta
+        "org.mpris.MediaPlayer2.firefox.*" = "own";
+        "org.freedesktop.NetworkManager" = "talk";
+
+        "org.gnome.Shell.Screencast" = "talk";
+        # System tray icon
+        "org.freedesktop.Notifications" = "talk";
+        "org.kde.StatusNotifierWatcher" = "talk";
+        # File Manager
+        "org.freedesktop.FileManager1" = "talk";
+        # Uses legacy StatusNotifier implementation
+        "org.kde.*" = "own";
+      };
+
+      bubblewrap = {
+        # To trace all the home files QQ accesses, you can use the following nushell command:
+        #   just trace-access firefox
+        # See the Justfile in the root of this repository for more information.
+        bind.rw = [
+          # given the read write permission to the following directories.
+          # NOTE: sloth.mkdir is used to create the directory if it does not exist!
+          (sloth.mkdir (sloth.concat' sloth.homeDir "/.mozilla"))
+
+          sloth.xdgDocumentsDir
+          sloth.xdgDownloadDir
+          sloth.xdgMusicDir
+          sloth.xdgVideosDir
+        ];
+        bind.ro = [
+          "/sys/bus/pci"
+          [
+            "${config.app.package}/lib/firefox"
+            "/app/etc/firefox"
+          ]
+
+          # ================ for browserpass extension ===============================
+          "/etc/gnupg"
+          (sloth.concat' sloth.homeDir "/.gnupg") # gpg's config
+          (sloth.concat' sloth.homeDir "/.local/share/password-store") # my secrets
+          (sloth.concat' sloth.runtimeDir "/gnupg") # for access gpg-agent socket
+
+          # Unsure
+          (sloth.concat' sloth.xdgConfigHome "/dconf")
+        ];
+
+        sockets = {
+          x11 = false;
+          wayland = true;
+          pipewire = true;
+        };
      };
    };
-  };
 }
@@ -5,12 +5,14 @@
  pkgs,
  sloth,
  ...
-}: let
+}:
+let
  envSuffix = envKey: suffix: sloth.concat' (sloth.env envKey) suffix;
  # cursor & icon's theme should be the same as the host's one.
  cursorTheme = pkgs.bibata-cursors;
  iconTheme = pkgs.papirus-icon-theme;
-in {
+in
+{
  config = {
    dbus.policies = {
      "${config.flatpak.appId}" = "own";
@@ -89,15 +91,19 @@ in {
      ];

      env = {
-        XDG_DATA_DIRS = lib.mkForce (lib.makeSearchPath "share" [
-          iconTheme
-          cursorTheme
-          pkgs.shared-mime-info
-        ]);
-        XCURSOR_PATH = lib.mkForce (lib.concatStringsSep ":" [
-          "${cursorTheme}/share/icons"
-          "${cursorTheme}/share/pixmaps"
-        ]);
+        XDG_DATA_DIRS = lib.mkForce (
+          lib.makeSearchPath "share" [
+            iconTheme
+            cursorTheme
+            pkgs.shared-mime-info
+          ]
+        );
+        XCURSOR_PATH = lib.mkForce (
+          lib.concatStringsSep ":" [
+            "${cursorTheme}/share/icons"
+            "${cursorTheme}/share/pixmaps"
+          ]
+        );
      };
    };
  };
@@ -2,7 +2,7 @@
 {
  etc.sslCertificates.enable = true;
  bubblewrap = {
-    bind.ro = ["/etc/resolv.conf"];
+    bind.ro = [ "/etc/resolv.conf" ];
    network = true;
  };
 }
@@ -12,6 +12,6 @@ makeDesktopItem {
  #   tree $"($p)/share/icons"
  icon = "${qq}/share/icons/hicolor/512x512/apps/qq.png";
  type = "Application";
-  categories = ["Network"];
+  categories = [ "Network" ];
  comment = "QQ boxed";
 }
@@ -10,53 +10,60 @@
  ...
 }:
 mkNixPak {
-  config = {sloth, ...}: {
-    app = {
-      package = pkgs.qq.override {
-        # fix fcitx5 input method
-        commandLineArgs = lib.concatStringsSep " " ["--enable-wayland-ime"];
+  config =
+    { sloth, ... }:
+    {
+      app = {
+        package = pkgs.qq.override {
+          # fix fcitx5 input method
+          commandLineArgs = lib.concatStringsSep " " [ "--enable-wayland-ime" ];
+        };
+        binPath = "bin/qq";
      };
-      binPath = "bin/qq";
-    };
-    flatpak.appId = "com.tencent.qq";
+      flatpak.appId = "com.tencent.qq";

-    imports = [
-      ./modules/gui-base.nix
-      ./modules/network.nix
-    ];
-
-    # list all dbus services:
-    #   ls -al /run/current-system/sw/share/dbus-1/services/
-    #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
-    dbus.policies = {
-      "org.gnome.Shell.Screencast" = "talk";
-      # System tray icon
-      "org.freedesktop.Notifications" = "talk";
-      "org.kde.StatusNotifierWatcher" = "talk";
-      # File Manager
-      "org.freedesktop.FileManager1" = "talk";
-      # Uses legacy StatusNotifier implementation
-      "org.kde.*" = "own";
-    };
-    bubblewrap = {
-      # To trace all the home files QQ accesses, you can use the following nushell command:
-      #   just trace-access qq
-      # See the Justfile in the root of this repository for more information.
-      bind.rw = [
-        # given the read write permission to the following directories.
-        # NOTE: sloth.mkdir is used to create the directory if it does not exist!
-        (sloth.mkdir (sloth.concat [sloth.xdgConfigHome "/QQ"]))
-
-        sloth.xdgDocumentsDir
-        sloth.xdgDownloadDir
-        sloth.xdgMusicDir
-        sloth.xdgVideosDir
+      imports = [
+        ./modules/gui-base.nix
+        ./modules/network.nix
      ];
-      sockets = {
-        x11 = false;
-        wayland = true;
-        pipewire = true;
+
+      # list all dbus services:
+      #   ls -al /run/current-system/sw/share/dbus-1/services/
+      #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
+      dbus.policies = {
+        "org.gnome.Shell.Screencast" = "talk";
+        # System tray icon
+        "org.freedesktop.Notifications" = "talk";
+        "org.kde.StatusNotifierWatcher" = "talk";
+        # File Manager
+        "org.freedesktop.FileManager1" = "talk";
+        # Uses legacy StatusNotifier implementation
+        "org.kde.*" = "own";
+      };
+      bubblewrap = {
+        # To trace all the home files QQ accesses, you can use the following nushell command:
+        #   just trace-access qq
+        # See the Justfile in the root of this repository for more information.
+        bind.rw = [
+          # given the read write permission to the following directories.
+          # NOTE: sloth.mkdir is used to create the directory if it does not exist!
+          (sloth.mkdir (
+            sloth.concat [
+              sloth.xdgConfigHome
+              "/QQ"
+            ]
+          ))
+
+          sloth.xdgDocumentsDir
+          sloth.xdgDownloadDir
+          sloth.xdgMusicDir
+          sloth.xdgVideosDir
+        ];
+        sockets = {
+          x11 = false;
+          wayland = true;
+          pipewire = true;
+        };
      };
    };
-  };
 }
@@ -1,4 +1,5 @@
-{modulesPath, ...}: {
+{ modulesPath, ... }:
+{
  imports = [
    (modulesPath + "/profiles/hardened.nix")
  ];
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  home.packages = with pkgs; [
    # Misc
    cowsay
@@ -12,7 +13,7 @@
    # search for files by name, faster than find
    fd
    # search for files by its content, replacement of grep
-    (ripgrep.override {withPCRE2 = true;})
+    (ripgrep.override { withPCRE2 = true; })

    # A fast and polyglot tool for code searching, linting, rewriting at large scale
    # supported languages: only some mainstream languages currently(do not support nix/nginx/yaml/toml/...)
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
  imports = mylib.scanPaths ./.;
 }
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
  imports = mylib.scanPaths ./.;
 }
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  programs.helix = {
    enable = true;
  };
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  programs = {
    neovim = {
      enable = true;
@@ -4,12 +4,13 @@
  pkgs,
  myvars,
  ...
-}: {
+}:
+{
  # `programs.git` will generate the config file: ~/.config/git/config
  # to make git use this config file, `~/.gitconfig` should not exist!
  #
  #    https://git-scm.com/docs/git-config#Documentation/git-config.txt---global
-  home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore ["checkLinkTargets"] ''
+  home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore [ "checkLinkTargets" ] ''
    rm -f ${config.home.homeDirectory}/.gitconfig
  '';

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
  # make `npm install -g <pkg>` happey
  #
  # mainly used to install npm packages that updates frequently
@@ -1,4 +1,5 @@
-{config, ...}: let
+{ config, ... }:
+let
  shellAliases = {
    k = "kubectl";

@@ -10,7 +11,8 @@
  goBin = "${config.home.homeDirectory}/go/bin";
  rustBin = "${config.home.homeDirectory}/.cargo/bin";
  npmBin = "${config.home.homeDirectory}/.npm/bin";
-in {
+in
+{
  programs.bash = {
    enable = true;
    enableCompletion = true;
@@ -1,4 +1,5 @@
-{catppuccin, ...}: {
+{ catppuccin, ... }:
+{
  # https://github.com/catppuccin/nix
  imports = [
    catppuccin.homeModules.catppuccin
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  # terminal file manager
  programs.yazi = {
    enable = true;
@@ -2,7 +2,8 @@ let
  shellAliases = {
    "zj" = "zellij";
  };
-in {
+in
+{
  programs.zellij = {
    enable = true;
  };
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
  imports = mylib.scanPaths ./.;
 }
@@ -1,5 +1,7 @@
-{pkgs, ...}: {
-  home.packages = with pkgs;
+{ pkgs, ... }:
+{
+  home.packages =
+    with pkgs;
    [
      mitmproxy # http/https proxy tool
      wireshark # network analyzer
@@ -52,10 +52,7 @@
        bold_italic = {
          family = "Maple Mono NF CN";
        };
-        size =
-          if pkgs.stdenv.isDarwin
-          then 14
-          else 13;
+        size = if pkgs.stdenv.isDarwin then 14 else 13;
      };
      terminal = {
        # Spawn a nushell in login mode via `bash`
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
  imports = mylib.scanPaths ./.;
 }
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  programs.foot = {
    # foot is designed only for Linux
    enable = pkgs.stdenv.isLinux;
@@ -12,9 +12,10 @@
  programs.ghostty = {
    enable = true;
    package =
-      if pkgs.stdenv.isDarwin
-      then pkgs.hello # pkgs.ghostty is currently broken on darwin
-      else pkgs.ghostty; # the stable version
+      if pkgs.stdenv.isDarwin then
+        pkgs.hello # pkgs.ghostty is currently broken on darwin
+      else
+        pkgs.ghostty; # the stable version
    # package = ghostty.packages.${pkgs.system}.default; # the latest version
    enableBashIntegration = false;
    installBatSyntax = false;
@@ -19,10 +19,7 @@
    font = {
      name = "Maple Mono NF CN";
      # use different font size on macOS
-      size =
-        if pkgs.stdenv.isDarwin
-        then 14
-        else 13;
+      size = if pkgs.stdenv.isDarwin then 14 else 13;
    };

    # consistent with other terminal emulators
@@ -48,6 +45,6 @@
    };

    # macOS specific settings
-    darwinLaunchOptions = ["--start-as=maximized"];
+    darwinLaunchOptions = [ "--start-as=maximized" ];
  };
 }
@@ -1,4 +1,5 @@
-{myvars, ...}: {
+{ myvars, ... }:
+{
  # Home Manager needs a bit of information about you and the
  # paths it should manage.
  home = {
@@ -2,7 +2,8 @@
  lib,
  pkgs,
  ...
-}: {
+}:
+{
  # https://developer.hashicorp.com/terraform/cli/config/config-file
  home.file.".terraformrc".source = ./terraformrc;

@@ -30,9 +31,12 @@
    # digitalocean
    doctl
    # google cloud
-    (google-cloud-sdk.withExtraComponents (with google-cloud-sdk.components; [
-      gke-gcloud-auth-plugin
-    ]))
+    (google-cloud-sdk.withExtraComponents (
+      with google-cloud-sdk.components;
+      [
+        gke-gcloud-auth-plugin
+      ]
+    ))

    # cloud tools that nix do not have cache for.
    terraform
@@ -3,7 +3,8 @@
  pkgs-unstable,
  nur-ryan4yin,
  ...
-}: {
+}:
+{
  home.packages = with pkgs; [
    podman-compose
    dive # explore docker layers
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
  imports = mylib.scanPaths ./.;
 }
@@ -2,7 +2,8 @@
  pkgs,
  pkgs-unstable,
  ...
-}: {
+}:
+{
  #############################################################
  #
  #  Basic settings for development environment
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
  imports = mylib.scanPaths ./.;
 }
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  programs.helix = {
    enable = true;
    package = pkgs.helix;
@@ -18,7 +18,8 @@ let
  # the path to nvim directory
  # to make this symlink work, we need to git clone this repo to your home directory.
  configPath = "${config.home.homeDirectory}/nix-config/home/base/tui/editors/neovim/nvim";
-in {
+in
+{
  xdg.configFile."nvim".source = config.lib.file.mkOutOfStoreSymlink configPath;
  # Disable catppuccin to avoid conflict with my non-nix config.
  catppuccin.nvim.enable = false;
@@ -52,7 +52,8 @@ return {
      "terraformls", -- terraform hcl
      "marksman", -- markdown ls
      "nickel_ls", -- nickel language server
-      "nil_ls", -- nix language server
+      -- "nil_ls", -- nix language server
+      "nixd", -- another nix language server
      "buf_ls", -- protocol buffer language server
      "dockerls", -- dockerfile
      "cmake", -- cmake language server
@@ -39,7 +39,7 @@ return {
      formatting.shfmt, -- Shell formatter
      formatting.terraform_fmt, -- Terraform formatter
      formatting.stylua, -- Lua formatter
-      formatting.alejandra, -- Nix formatter
+      -- formatting.alejandra, -- Nix formatter
      formatting.sqlfluff.with { -- SQL formatter
        extra_args = { "--dialect", "postgres" }, -- change to your dialect
      },
@@ -2,154 +2,155 @@
  pkgs,
  pkgs-unstable,
  ...
-}: {
-  home.packages = with pkgs; (
-    # -*- Data & Configuration Languages -*-#
-    [
-      #-- nix
-      nil
-      # rnix-lsp
-      # nixd
-      statix # Lints and suggestions for the nix programming language
-      deadnix # Find and remove unused code in .nix source files
-      alejandra # Nix Code Formatter
+}:
+{
+  home.packages =
+    with pkgs;
+    (
+      # -*- Data & Configuration Languages -*-#
+      [
+        #-- nix
+        nil
+        nixd
+        statix # Lints and suggestions for the nix programming language
+        deadnix # Find and remove unused code in .nix source files
+        nixfmt # Nix Code Formatter

-      #-- nickel lang
-      nickel
+        #-- nickel lang
+        nickel

-      #-- json like
-      # terraform  # install via brew on macOS
-      terraform-ls
-      jsonnet
-      jsonnet-language-server
-      taplo # TOML language server / formatter / validator
-      nodePackages.yaml-language-server
-      actionlint # GitHub Actions linter
+        #-- json like
+        # terraform  # install via brew on macOS
+        terraform-ls
+        jsonnet
+        jsonnet-language-server
+        taplo # TOML language server / formatter / validator
+        nodePackages.yaml-language-server
+        actionlint # GitHub Actions linter

-      #-- dockerfile
-      hadolint # Dockerfile linter
-      nodePackages.dockerfile-language-server-nodejs
+        #-- dockerfile
+        hadolint # Dockerfile linter
+        nodePackages.dockerfile-language-server-nodejs

-      #-- markdown
-      marksman # language server for markdown
-      glow # markdown previewer
-      pandoc # document converter
-      pkgs-unstable.hugo # static site generator
+        #-- markdown
+        marksman # language server for markdown
+        glow # markdown previewer
+        pandoc # document converter
+        pkgs-unstable.hugo # static site generator

-      #-- sql
-      sqlfluff
+        #-- sql
+        sqlfluff

-      #-- protocol buffer
-      buf # linting and formatting
-    ]
-    ++
-    #-*- General Purpose Languages -*-#
-    [
-      #-- c/c++
-      cmake
-      cmake-language-server
-      gnumake
-      checkmake
-      # c/c++ compiler, required by nvim-treesitter!
-      gcc
-      gdb
-      # c/c++ tools with clang-tools, the unwrapped version won't
-      # add alias like `cc` and `c++`, so that it won't conflict with gcc
-      # llvmPackages.clang-unwrapped
-      clang-tools
-      lldb
-      vscode-extensions.vadimcn.vscode-lldb.adapter # codelldb - debugger
+        #-- protocol buffer
+        buf # linting and formatting
+      ]
+      ++
+        #-*- General Purpose Languages -*-#
+        [
+          #-- c/c++
+          cmake
+          cmake-language-server
+          gnumake
+          checkmake
+          # c/c++ compiler, required by nvim-treesitter!
+          gcc
+          gdb
+          # c/c++ tools with clang-tools, the unwrapped version won't
+          # add alias like `cc` and `c++`, so that it won't conflict with gcc
+          # llvmPackages.clang-unwrapped
+          clang-tools
+          lldb
+          vscode-extensions.vadimcn.vscode-lldb.adapter # codelldb - debugger

-      #-- python
-      pipx # Install and Run Python Applications in Isolated Environments
-      uv # python project package manager
-      pyright # python language server
-      (python313.withPackages (
-        ps:
-          with ps; [
-            ruff
-            black # python formatter
-            # debugpy
+          #-- python
+          pipx # Install and Run Python Applications in Isolated Environments
+          uv # python project package manager
+          pyright # python language server
+          (python313.withPackages (
+            ps: with ps; [
+              ruff
+              black # python formatter
+              # debugpy

-            # my commonly used python packages
-            jupyter
-            ipython
-            pandas
-            requests
-            pyquery
-            pyyaml
-            boto3
-          ]
-      ))
+              # my commonly used python packages
+              jupyter
+              ipython
+              pandas
+              requests
+              pyquery
+              pyyaml
+              boto3
+            ]
+          ))

-      #-- rust
-      # we'd better use the rust-overlays for rust development
-      pkgs-unstable.rustc
-      pkgs-unstable.rust-analyzer
-      pkgs-unstable.cargo # rust package manager
-      pkgs-unstable.rustfmt
-      pkgs-unstable.clippy # rust linter
+          #-- rust
+          # we'd better use the rust-overlays for rust development
+          pkgs-unstable.rustc
+          pkgs-unstable.rust-analyzer
+          pkgs-unstable.cargo # rust package manager
+          pkgs-unstable.rustfmt
+          pkgs-unstable.clippy # rust linter

-      #-- golang
-      go
-      gomodifytags
-      iferr # generate error handling code for go
-      impl # generate function implementation for go
-      gotools # contains tools like: godoc, goimports, etc.
-      gopls # go language server
-      delve # go debugger
+          #-- golang
+          go
+          gomodifytags
+          iferr # generate error handling code for go
+          impl # generate function implementation for go
+          gotools # contains tools like: godoc, goimports, etc.
+          gopls # go language server
+          delve # go debugger

-      # -- java
-      jdk17
-      gradle
-      maven
-      spring-boot-cli
-      jdt-language-server
+          # -- java
+          jdk17
+          gradle
+          maven
+          spring-boot-cli
+          jdt-language-server

-      #-- zig
-      zls
+          #-- zig
+          zls

-      #-- lua
-      stylua
-      lua-language-server
+          #-- lua
+          stylua
+          lua-language-server

-      #-- bash
-      nodePackages.bash-language-server
-      shellcheck
-      shfmt
-    ]
-    #-*- Web Development -*-#
-    ++ [
-      nodePackages.nodejs
-      nodePackages.typescript
-      nodePackages.typescript-language-server
-      # HTML/CSS/JSON/ESLint language servers extracted from vscode
-      nodePackages.vscode-langservers-extracted
-      nodePackages."@tailwindcss/language-server"
-      emmet-ls
-    ]
-    # -*- Lisp like Languages -*-#
-    # ++ [
-    #   guile
-    #   racket-minimal
-    #   fnlfmt # fennel
-    #   (
-    #     if pkgs.stdenv.isLinux && pkgs.stdenv.isx86
-    #     then pkgs-unstable.akkuPackages.scheme-langserver
-    #     else pkgs.emptyDirectory
-    #   )
-    # ]
-    ++ [
-      proselint # English prose linter
+          #-- bash
+          nodePackages.bash-language-server
+          shellcheck
+          shfmt
+        ]
+      #-*- Web Development -*-#
+      ++ [
+        nodePackages.nodejs
+        nodePackages.typescript
+        nodePackages.typescript-language-server
+        # HTML/CSS/JSON/ESLint language servers extracted from vscode
+        nodePackages.vscode-langservers-extracted
+        nodePackages."@tailwindcss/language-server"
+        emmet-ls
+      ]
+      # -*- Lisp like Languages -*-#
+      # ++ [
+      #   guile
+      #   racket-minimal
+      #   fnlfmt # fennel
+      #   (
+      #     if pkgs.stdenv.isLinux && pkgs.stdenv.isx86
+      #     then pkgs-unstable.akkuPackages.scheme-langserver
+      #     else pkgs.emptyDirectory
+      #   )
+      # ]
+      ++ [
+        proselint # English prose linter

-      #-- verilog / systemverilog
-      verible
+        #-- verilog / systemverilog
+        verible

-      #-- Optional Requirements:
-      nodePackages.prettier # common code formatter
-      fzf
-      gdu # disk usage analyzer, required by AstroNvim
-      (ripgrep.override {withPCRE2 = true;}) # recursively searches directories for a regex pattern
-    ]
-  );
+        #-- Optional Requirements:
+        nodePackages.prettier # common code formatter
+        fzf
+        gdu # disk usage analyzer, required by AstroNvim
+        (ripgrep.override { withPCRE2 = true; }) # recursively searches directories for a regex pattern
+      ]
+    );
 }
@@ -2,7 +2,8 @@
  pkgs,
  pkgs-unstable,
  ...
-}: {
+}:
+{
  home.packages = with pkgs; [
    age
    sops
@@ -2,7 +2,8 @@
  config,
  mysecrets,
  ...
-}: {
+}:
+{
  programs.gpg = {
    enable = true;
    homedir = "${config.home.homeDirectory}/.gnupg";
@@ -3,9 +3,11 @@
  config,
  lib,
  ...
-}: let
+}:
+let
  passwordStoreDir = "${config.xdg.dataHome}/password-store";
-in {
+in
+{
  programs.password-store = {
    enable = true;
    package = pkgs.pass.withExtensions (exts: [
@@ -2,9 +2,11 @@
  config,
  pkgs-unstable,
  ...
-}: let
+}:
+let
  inherit (pkgs-unstable) nu_scripts;
-in {
+in
+{
  programs.nushell = {
    # load the alias file for work
    # the file must exist, otherwise nushell will complain about it!
@@ -38,7 +40,7 @@ in {
      # use custom-completions/zoxide/zoxide-completions.nu *

      # alias
-      use aliases/git/git-aliases.nu *
+      # use aliases/git/git-aliases.nu *
      use aliases/eza/eza-aliases.nu *
      use aliases/bat/bat-aliases.nu *

@@ -2,7 +2,8 @@
  config,
  mysecrets,
  ...
-}: {
+}:
+{
  home.file.".ssh/romantic.pub".source = "${mysecrets}/public/romantic.pub";

  programs.ssh = {
@@ -1,8 +1,10 @@
-{pkgs, ...}: let
+{ pkgs, ... }:
+let
  shellAliases = {
    "zj" = "zellij";
  };
-in {
+in
+{
  programs.zellij = {
    enable = true;
    package = pkgs.zellij;
@@ -1,5 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
  home.file.".aerospace.toml".source =
-    config.lib.file.mkOutOfStoreSymlink
-    "${config.home.homeDirectory}/nix-config/home/darwin/aerospace/aerospace.toml";
+    config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-config/home/darwin/aerospace/aerospace.toml";
 }
@@ -2,16 +2,15 @@
  mylib,
  myvars,
  ...
-}: {
+}:
+{
  home.homeDirectory = "/Users/${myvars.username}";
-  imports =
-    (mylib.scanPaths ./.)
-    ++ [
-      ../base/core
-      ../base/tui
-      ../base/gui
-      ../base/home.nix
-    ];
+  imports = (mylib.scanPaths ./.) ++ [
+    ../base/core
+    ../base/tui
+    ../base/gui
+    ../base/home.nix
+  ];

  # enable management of XDG base directories on macOS.
  xdg.enable = true;
@@ -2,12 +2,12 @@
  config,
  pkgs,
  ...
-}: {
+}:
+{
  home.packages = with pkgs; [
    clash-meta
  ];

  home.file.".proxychains/proxychains.conf".source =
-    config.lib.file.mkOutOfStoreSymlink
-    "${config.home.homeDirectory}/nix-config/home/darwin/proxy/proxychains.conf";
+    config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-config/home/darwin/proxy/proxychains.conf";
 }
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  # Squirrel Input Method
  home.file."Library/Rime" = {
    # my custom squirrel data (flypy input method)
@@ -1,4 +1,5 @@
-{lib, ...}: let
+{ lib, ... }:
+let
  envExtra = ''
    export PATH="$PATH:/opt/homebrew/bin:/usr/local/bin"
  '';
@@ -20,7 +21,8 @@
      true
    fi
  '';
-in {
+in
+{
  # Homebrew's default install location:
  #   /opt/homebrew for Apple Silicon
  #   /usr/local for macOS Intel
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
  imports = mylib.scanPaths ./.;
 }
@@ -2,11 +2,13 @@
  config,
  myvars,
  ...
-}: let
+}:
+let
  d = config.xdg.dataHome;
  c = config.xdg.configHome;
  cache = config.xdg.cacheHome;
-in rec {
+in
+rec {
  home.homeDirectory = "/home/${myvars.username}";

  # environment variables that always set at login
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  # Linux Only Packages, not available on Darwin
  home.packages = with pkgs; [
    # misc
@@ -6,8 +6,10 @@
  nur-ryan4yin,
  blender-bin,
  ...
-}: {
-  home.packages = with pkgs;
+}:
+{
+  home.packages =
+    with pkgs;
    [
      # creative
      # gimp      # image editing, I prefer using figma in browser instead of this one
@@ -41,7 +43,8 @@
    # live streaming
    obs-studio = {
      enable = pkgs.stdenv.isx86_64;
-      plugins = with pkgs.obs-studio-plugins;
+      plugins =
+        with pkgs.obs-studio-plugins;
        [
          # screen capture
          wlrobs
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
  imports = mylib.scanPaths ./.;
 }
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  home.packages = with pkgs; [
    android-tools
  ];
@@ -2,7 +2,8 @@
  pkgs,
  lib,
  ...
-}: {
+}:
+{
  # Adjust the color temperature(& brightness) of your screen according to
  # your surroundings. This may help your eyes hurt less if you are
  # working in front of the screen at night.
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  xdg.configFile = {
    "fcitx5/profile" = {
      source = ./profile;
@@ -2,7 +2,8 @@
  pkgs,
  nix-gaming,
  ...
-}: {
+}:
+{
  home.packages = with pkgs; [
    # nix-gaming.packages.${pkgs.system}.osu-laser-bin
    gamescope # SteamOS session compositing window manager
@@ -2,7 +2,8 @@
  pkgs,
  config,
  ...
-}: {
+}:
+{
  # If your themes for mouse cursor, icons or windows don’t load correctly,
  # try setting them with home.pointerCursor and gtk.theme,
  # which enable a bunch of compatibility options that should make the themes load in all situations.
@@ -16,7 +16,8 @@
 #  TODO not used yet, need to test it.
 #
 ##############################################################################################
-with lib; let
+with lib;
+let
  cfg = config.home.immutable-file;
  immutableFileOpts = _: {
    options = {
@@ -42,24 +43,25 @@ with lib; let
    sudo cp $2 $1
    sudo chattr +i $1
  '';
-in {
+in
+{
  options.home.immutable-file = mkOption {
    type = with types; attrsOf (submodule immutableFileOpts);
-    default = {};
+    default = { };
  };

-  config = mkIf (cfg != {}) {
-    home.activation =
-      mapAttrs'
-      (name: {
+  config = mkIf (cfg != { }) {
+    home.activation = mapAttrs' (
+      name:
+      {
        src,
        dst,
      }:
-        nameValuePair
-        "make-immutable-${name}"
-        (lib.hm.dag.entryAfter ["writeBoundary"] ''
+      nameValuePair "make-immutable-${name}" (
+        lib.hm.dag.entryAfter [ "writeBoundary" ] ''
          ${mkImmutableFile} ${dst} ${src}
-        ''))
-      cfg;
+        ''
+      )
+    ) cfg;
  };
 }
@@ -6,7 +6,8 @@
 }:
 # media - control and enjoy audio/video
 {
-  home.packages = with pkgs;
+  home.packages =
+    with pkgs;
    [
      # audio control
      pavucontrol
@@ -22,13 +23,13 @@
      nvitop
    ]
    ++ (lib.optionals pkgs.stdenv.isx86_64 [
-      (zoom-us.override {hyprlandXdgDesktopPortalSupport = true;})
+      (zoom-us.override { hyprlandXdgDesktopPortalSupport = true; })
    ]);

  programs.mpv = {
    enable = true;
-    defaultProfiles = ["gpu-hq"];
-    scripts = [pkgs.mpvScripts.mpris];
+    defaultProfiles = [ "gpu-hq" ];
+    scripts = [ pkgs.mpvScripts.mpris ];
  };

  services = {
@@ -2,7 +2,8 @@
  pkgs,
  pkgs-unstable,
  ...
-}: {
+}:
+{
  home.packages = with pkgs; [
    # GUI apps
    # e-book viewer(.epub/.mobi/...)
@@ -1,7 +1,10 @@
-{pkgs, ...}: {
-  home.packages = with pkgs; (lib.optionals pkgs.stdenv.isx86_64 [
-    # https://joplinapp.org/help/
-    joplin # joplin-cli
-    joplin-desktop
-  ]);
+{ pkgs, ... }:
+{
+  home.packages =
+    with pkgs;
+    (lib.optionals pkgs.stdenv.isx86_64 [
+      # https://joplinapp.org/help/
+      joplin # joplin-cli
+      joplin-desktop
+    ]);
 }
@@ -4,26 +4,37 @@
  lib,
  wallpapers,
  ...
-}: {
+}:
+{
  systemd.user.services.wallpaper = {
    Unit = {
      Description = "Wallpaper Switcher daemon";
-      After = ["graphical-session-pre.target" "xdg-desktop-autostart.target"];
-      Wants = ["graphical-session-pre.target"];
+      After = [
+        "graphical-session-pre.target"
+        "xdg-desktop-autostart.target"
+      ];
+      Wants = [ "graphical-session-pre.target" ];
    };
-    Install.WantedBy = ["graphical-session.target"];
+    Install.WantedBy = [ "graphical-session.target" ];
    Service = {
-      ExecStart = lib.getExe (pkgs.writeShellApplication {
-        name = "wallpaper";
-        runtimeInputs = with pkgs; [procps feh swaybg python3];
-        text = ''
-          export WALLPAPERS_DIR="${wallpapers}"
-          export WALLPAPERS_STATE_FILEPATH="${config.xdg.stateHome}/wallpaper-switcher/switcher_state"
-          export WALLPAPER_WAIT_MIN=60
-          export WALLPAPER_WAIT_MAX=180
-          exec ${./wallpaper-switcher.py}
-        '';
-      });
+      ExecStart = lib.getExe (
+        pkgs.writeShellApplication {
+          name = "wallpaper";
+          runtimeInputs = with pkgs; [
+            procps
+            feh
+            swaybg
+            python3
+          ];
+          text = ''
+            export WALLPAPERS_DIR="${wallpapers}"
+            export WALLPAPERS_STATE_FILEPATH="${config.xdg.stateHome}/wallpaper-switcher/switcher_state"
+            export WALLPAPER_WAIT_MIN=60
+            export WALLPAPER_WAIT_MAX=180
+            exec ${./wallpaper-switcher.py}
+          '';
+        }
+      );
      RestartSec = 3;
      Restart = "on-failure";
    };
@@ -6,7 +6,8 @@
  config,
  pkgs,
  ...
-}: {
+}:
+{
  home.packages = with pkgs; [
    xdg-utils # provides cli tools such as `xdg-mime` `xdg-open`
    xdg-user-dirs
@@ -31,53 +32,63 @@
    mimeApps = {
      enable = true;
      # let `xdg-open` to open the url with the correct application.
-      defaultApplications = let
-        browser = ["google-chrome.desktop" "firefox.desktop"];
-        editor = ["nvim.desktop" "Helix.desktop" "code.desktop" "code-insiders.desktop"];
-      in {
-        "application/json" = browser;
-        "application/pdf" = browser; # TODO: pdf viewer
+      defaultApplications =
+        let
+          browser = [
+            "google-chrome.desktop"
+            "firefox.desktop"
+          ];
+          editor = [
+            "nvim.desktop"
+            "Helix.desktop"
+            "code.desktop"
+            "code-insiders.desktop"
+          ];
+        in
+        {
+          "application/json" = browser;
+          "application/pdf" = browser; # TODO: pdf viewer

-        "text/html" = browser;
-        "text/xml" = browser;
-        "text/plain" = editor;
-        "application/xml" = browser;
-        "application/xhtml+xml" = browser;
-        "application/xhtml_xml" = browser;
-        "application/rdf+xml" = browser;
-        "application/rss+xml" = browser;
-        "application/x-extension-htm" = browser;
-        "application/x-extension-html" = browser;
-        "application/x-extension-shtml" = browser;
-        "application/x-extension-xht" = browser;
-        "application/x-extension-xhtml" = browser;
-        "application/x-wine-extension-ini" = editor;
+          "text/html" = browser;
+          "text/xml" = browser;
+          "text/plain" = editor;
+          "application/xml" = browser;
+          "application/xhtml+xml" = browser;
+          "application/xhtml_xml" = browser;
+          "application/rdf+xml" = browser;
+          "application/rss+xml" = browser;
+          "application/x-extension-htm" = browser;
+          "application/x-extension-html" = browser;
+          "application/x-extension-shtml" = browser;
+          "application/x-extension-xht" = browser;
+          "application/x-extension-xhtml" = browser;
+          "application/x-wine-extension-ini" = editor;

-        # define default applications for some url schemes.
-        "x-scheme-handler/about" = browser; # open `about:` url with `browser`
-        "x-scheme-handler/ftp" = browser; # open `ftp:` url with `browser`
-        "x-scheme-handler/http" = browser;
-        "x-scheme-handler/https" = browser;
-        # https://github.com/microsoft/vscode/issues/146408
-        "x-scheme-handler/vscode" = ["code-url-handler.desktop"]; # open `vscode://` url with `code-url-handler.desktop`
-        "x-scheme-handler/vscode-insiders" = ["code-insiders-url-handler.desktop"]; # open `vscode-insiders://` url with `code-insiders-url-handler.desktop`
-        "x-scheme-handler/zoommtg" = ["Zoom.desktop"];
+          # define default applications for some url schemes.
+          "x-scheme-handler/about" = browser; # open `about:` url with `browser`
+          "x-scheme-handler/ftp" = browser; # open `ftp:` url with `browser`
+          "x-scheme-handler/http" = browser;
+          "x-scheme-handler/https" = browser;
+          # https://github.com/microsoft/vscode/issues/146408
+          "x-scheme-handler/vscode" = [ "code-url-handler.desktop" ]; # open `vscode://` url with `code-url-handler.desktop`
+          "x-scheme-handler/vscode-insiders" = [ "code-insiders-url-handler.desktop" ]; # open `vscode-insiders://` url with `code-insiders-url-handler.desktop`
+          "x-scheme-handler/zoommtg" = [ "Zoom.desktop" ];

-        # all other unknown schemes will be opened by this default application.
-        # "x-scheme-handler/unknown" = editor;
+          # all other unknown schemes will be opened by this default application.
+          # "x-scheme-handler/unknown" = editor;

-        "x-scheme-handler/tg" = ["org.telegram.desktop.desktop "];
+          "x-scheme-handler/tg" = [ "org.telegram.desktop.desktop " ];

-        "audio/*" = ["mpv.desktop"];
-        "video/*" = ["mpv.desktop"];
-        "image/*" = ["imv-dir.desktop"];
-        "image/gif" = ["imv-dir.desktop"];
-        "image/jpeg" = ["imv-dir.desktop"];
-        "image/png" = ["imv-dir.desktop"];
-        "image/webp" = ["imv-dir.desktop"];
+          "audio/*" = [ "mpv.desktop" ];
+          "video/*" = [ "mpv.desktop" ];
+          "image/*" = [ "imv-dir.desktop" ];
+          "image/gif" = [ "imv-dir.desktop" ];
+          "image/jpeg" = [ "imv-dir.desktop" ];
+          "image/png" = [ "imv-dir.desktop" ];
+          "image/webp" = [ "imv-dir.desktop" ];

-        "inode/directory" = ["yazi.desktop"];
-      };
+          "inode/directory" = [ "yazi.desktop" ];
+        };

      associations.removed = {
        # ......
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
  imports = mylib.scanPaths ./.;
 }
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  home.packages = with pkgs; [
    zed-editor
    code-cursor
@@ -7,11 +7,14 @@ exec-once = ln -s "$XDG_RUNTIME_DIR/hypr" /tmp/hypr
 # Terminals
 exec-once = foot
 exec-once = alacritty
+# Network
+exec-once = clash-verge &
 # Browsers
 exec-once = firefox
 exec-once = google-chrome-stable
+exec-once = chromium-browser
 # Chat
-exec-once = telegram-desktop
+exec-once = Telegram


 # Switch to Terminals & Browsers
@@ -134,6 +134,6 @@ bind =   $mod,       Print,  exec,  hyprshot -m window  -o ~/Pictures/Screenshot
 bind =   CTRL,       Print,  exec,  hyprshot -m region -o ~/Pictures/Screenshots

 # -- Others --
-bind =   CTRL ALT,   l,      exec,  hyprlock
+bind =   CTRL ALT,   l,      exec,  swaylock
 bind =   $mod SHIFT, x,      exec,  wlogout
 bind =   $mod,       n,      exec,  nm-connection-editor  # need install network-manager-applet
@@ -123,11 +123,13 @@ input {

    natural_scroll=0
    touchpad {
-        disable_while_typing = true
        natural_scroll = 1
        clickfinger_behavior = true
-        tap-to-click = true
-        tap-and-drag = true
+        disable_while_typing = true # seems useless...
+        # tap - 轻触触摸板, click - 点击触摸板
+        # disable tap related features to avoid palm rejection.
+        tap-to-click = false
+        tap-and-drag = false

    }
 	force_no_accel=0
@@ -14,6 +14,7 @@ windowrulev2   =   workspace 3,     class:^(Zoom Workplace)$
 # Browsers
 windowrulev2   =   workspace 4,     class:^(firefox)$
 windowrulev2   =   workspace 5,     class:^(google-chrome)$
+windowrulev2   =   workspace 5,     class:^(chromium-browser)$
 # Chat
 windowrulev2   =   workspace 6,     class:^(QQ)$
 windowrulev2   =   workspace 6,     class:^(wechat)$
@@ -28,6 +29,7 @@ windowrulev2   =   workspace 9,     class:^(code)$ # VS Code
 windowrulev2   =   workspace 9,     class:^(cursor)$ # Cursor AI Editor
 # Other
 windowrulev2   =   workspace 10,     class:^(org.wireshark.Wireshark)$
+windowrulev2   =   workspace 10,     class:^(clash-verge)$


 # Float             RULE               WINDOW
@@ -1,6 +1,6 @@

 general {
-    lock_cmd = pidof hyprlock || hyprlock              # avoid starting multiple instances
+    lock_cmd = pidof swaylock || swaylock              # avoid starting multiple instances
    before_sleep_cmd = loginctl lock-session          # lock before suspend
    after_sleep_cmd = hyprctl dispatch dpms on        # resume dpms after suspend
    ignore_dbus_inhibit = false                       # whether to ignore dbus-sent idle-inhibit requests
@@ -21,7 +21,7 @@ general {

 listener {
    timeout = 1200                                     # 20 minutes
-    on-timeout = pidof hyprlock || hyprlock           # lock screen
+    on-timeout = pidof swaylock || swaylock           # lock screen
    on-resume = hyprctl dispatch dpms on              # monitor wake up
 }

@@ -6,10 +6,10 @@
  "modules-center": ["custom/playerctl"],
  "modules-right": [
    "pulseaudio",
-    "battery",
    "memory",
    "cpu",
    "network",
+    "battery",
    "clock",
    "idle_inhibitor",
    "custom/powermenu",
@@ -91,12 +91,12 @@
  "network": {
    "interval": 5,
    "format": "{ifname}",
-    "format-wifi": " {essid} ({signalStrength}%)  Up: {bandwidthUpBits} Down: {bandwidthDownBits}",
-    "format-ethernet": "  {ifname} Up: {bandwidthUpBits} Down: {bandwidthDownBits}",
+    "format-wifi": "  {signalStrength}% Down: {bandwidthDownBytes} Up: {bandwidthUpBytes} {essid}",
+    "format-ethernet": "  {ifname} Down: {bandwidthDownBytes} Up: {bandwidthUpBytes}",
    "format-disconnected": "Disconnected ⚠",
    "tooltip-format": " {ifname} via {gwaddri}",
-    "tooltip-format-wifi": "  {ifname} @ {essid}\nIP: {ipaddr}\nStrength: {signalStrength}%\nFreq: {frequency}MHz\nUp: {bandwidthUpBits} Down: {bandwidthDownBits}",
-    "tooltip-format-ethernet": " {ifname}\nIP: {ipaddr}\n up: {bandwidthUpBits} down: {bandwidthDownBits}",
+    "tooltip-format-wifi": "  {ifname} @ {essid}\nIP: {ipaddr}\nStrength: {signalStrength}%\nFreq: {frequency}MHz\nDown: {bandwidthDownBytes} Up: {bandwidthUpBytes}",
+    "tooltip-format-ethernet": " {ifname}\nIP: {ipaddr}\n Down: {bandwidthDownBytes} Up: {bandwidthUpBytes}",
    "tooltip-format-disconnected": "Disconnected",
    "max-length": 50,
    "on-click-middle": "nm-connection-editor",
@@ -122,7 +122,7 @@
    "scroll-step": 5.0,
    // Commands to execute on events
    "on-click": "amixer set Master toggle",
-    "on-click-right": "pavucontrol",
+    "on-click-right": "GSK_RENDERER=opengl pavucontrol",
    "smooth-scrolling-threshold": 1,
  },
  "temperature": {
@@ -138,8 +138,6 @@
    "spacing": 5,
  },
  "battery": {
-    "bat": "BAT0",
-    "adapter": "ADP0",
    "interval": 60,
    "states": {
      "warning": 30,
@@ -4,10 +4,12 @@
  lib,
  anyrun,
  ...
-} @ args:
-with lib; let
+}@args:
+with lib;
+let
  cfg = config.modules.desktop.hyprland;
-in {
+in
+{
  imports = [
    # anyrun.homeManagerModules.default # the module is already in hm now.
    ./options
@@ -16,32 +18,36 @@ in {
  options.modules.desktop.hyprland = {
    enable = mkEnableOption "hyprland compositor";
    settings = lib.mkOption {
-      type = with lib.types; let
-        valueType =
-          nullOr (oneOf [
-            bool
-            int
-            float
-            str
-            path
-            (attrsOf valueType)
-            (listOf valueType)
-          ])
-          // {
-            description = "Hyprland configuration value";
-          };
-      in
+      type =
+        with lib.types;
+        let
+          valueType =
+            nullOr (oneOf [
+              bool
+              int
+              float
+              str
+              path
+              (attrsOf valueType)
+              (listOf valueType)
+            ])
+            // {
+              description = "Hyprland configuration value";
+            };
+        in
        valueType;
-      default = {};
+      default = { };
    };
  };

  config = mkIf cfg.enable (
-    mkMerge ([
+    mkMerge (
+      [
        {
          wayland.windowManager.hyprland.settings = cfg.settings;
        }
      ]
-      ++ (import ./values args))
+      ++ (import ./values args)
+    )
  );
 }
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
  imports = mylib.scanPaths ./.;
 }
@@ -3,9 +3,11 @@
  lib,
  ...
 }:
-with lib; let
+with lib;
+let
  cfg = config.modules.desktop.hyprland;
-in {
+in
+{
  options.modules.desktop.hyprland = {
    nvidia = mkEnableOption "whether nvidia GPU is used";
  };
@@ -2,7 +2,8 @@
  pkgs,
  anyrun,
  ...
-}: {
+}:
+{
  programs.anyrun = {
    enable = true;
    config = {
@@ -1,4 +1 @@
-{mylib, ...} @ args:
-map
-(path: import path args)
-(mylib.scanPaths ./.)
+{ mylib, ... }@args: map (path: import path args) (mylib.scanPaths ./.)
@@ -1,20 +1,25 @@
 {
  pkgs,
+  pkgs-stable,
  config,
  ...
-}: let
+}:
+let
  package = pkgs.hyprland;
-in {
-  xdg.configFile = let
-    mkSymlink = config.lib.file.mkOutOfStoreSymlink;
-    hyprPath = "${config.home.homeDirectory}/nix-config/home/linux/gui/hyprland/conf";
-  in {
-    "mako".source = mkSymlink "${hyprPath}/mako";
-    "waybar".source = mkSymlink "${hyprPath}/waybar";
-    "wlogout".source = mkSymlink "${hyprPath}/wlogout";
-    "hypr/hypridle.conf".source = mkSymlink "${hyprPath}/hypridle.conf";
-    "hypr/configs".source = mkSymlink "${hyprPath}/configs";
-  };
+in
+{
+  xdg.configFile =
+    let
+      mkSymlink = config.lib.file.mkOutOfStoreSymlink;
+      hyprPath = "${config.home.homeDirectory}/nix-config/home/linux/gui/hyprland/conf";
+    in
+    {
+      "mako".source = mkSymlink "${hyprPath}/mako";
+      "waybar".source = mkSymlink "${hyprPath}/waybar";
+      "wlogout".source = mkSymlink "${hyprPath}/wlogout";
+      "hypr/hypridle.conf".source = mkSymlink "${hyprPath}/hypridle.conf";
+      "hypr/configs".source = mkSymlink "${hyprPath}/configs";
+    };

  # status bar
  programs.waybar = {
@@ -25,7 +30,7 @@ in {
  catppuccin.waybar.enable = false;

  # screen locker
-  programs.hyprlock.enable = true;
+  programs.swaylock.enable = true;

  # Logout Menu
  programs.wlogout.enable = true;
@@ -46,15 +51,17 @@ in {
    inherit package;
    enable = true;
    settings = {
-      source = let
-        configPath = "${config.home.homeDirectory}/.config/hypr/configs";
-      in [
-        "${configPath}/exec.conf"
-        "${configPath}/fcitx5.conf"
-        "${configPath}/keybindings.conf"
-        "${configPath}/settings.conf"
-        "${configPath}/windowrules.conf"
-      ];
+      source =
+        let
+          configPath = "${config.home.homeDirectory}/.config/hypr/configs";
+        in
+        [
+          "${configPath}/exec.conf"
+          "${configPath}/fcitx5.conf"
+          "${configPath}/keybindings.conf"
+          "${configPath}/settings.conf"
+          "${configPath}/windowrules.conf"
+        ];
      env = [
        "NIXOS_OZONE_WL,1" # for any ozone-based browser & electron apps to run on wayland
        "MOZ_ENABLE_WAYLAND,1" # for firefox to run on wayland
@@ -71,7 +78,7 @@ in {
    # gammastep/wallpaper-switcher need this to be enabled.
    systemd = {
      enable = true;
-      variables = ["--all"];
+      variables = [ "--all" ];
    };
  };

@@ -1,8 +1,8 @@
 {
  pkgs,
  ...
-}: {
-
+}:
+{

  home.packages = with pkgs; [
    swaybg # the wallpaper
@@ -1,8 +1,8 @@
 {
  pkgs,
-  pkgs-stable,
  ...
-}: {
+}:
+{
  home.packages = with pkgs; [
    # firefox-wayland
    nixpaks.firefox
@@ -12,8 +12,8 @@
  programs = {
    # source code: https://github.com/nix-community/home-manager/blob/master/modules/programs/chromium.nix
    google-chrome = {
-      enable = pkgs.stdenv.isx86_64;
-      package = pkgs-stable.google-chrome;
+      enable = true;
+      package = if pkgs.stdenv.isAarch64 then pkgs.chromium else pkgs.google-chrome;

      # https://wiki.archlinux.org/title/Chromium#Native_Wayland_support
      commandLineArgs = [
@@ -32,25 +32,23 @@

    vscode = {
      enable = true;
-      package =
-        pkgs.vscode.override
-        {
-          isInsiders = false;
-          # https://wiki.archlinux.org/title/Wayland#Electron
-          commandLineArgs = [
-            "--ozone-platform-hint=auto"
-            "--ozone-platform=wayland"
-            # make it use GTK_IM_MODULE if it runs with Gtk4, so fcitx5 can work with it.
-            # (only supported by chromium/chrome at this time, not electron)
-            "--gtk-version=4"
-            # make it use text-input-v1, which works for kwin 5.27 and weston
-            "--enable-wayland-ime"
+      package = pkgs.vscode.override {
+        isInsiders = false;
+        # https://wiki.archlinux.org/title/Wayland#Electron
+        commandLineArgs = [
+          "--ozone-platform-hint=auto"
+          "--ozone-platform=wayland"
+          # make it use GTK_IM_MODULE if it runs with Gtk4, so fcitx5 can work with it.
+          # (only supported by chromium/chrome at this time, not electron)
+          "--gtk-version=4"
+          # make it use text-input-v1, which works for kwin 5.27 and weston
+          "--enable-wayland-ime"

-            # TODO: fix https://github.com/microsoft/vscode/issues/187436
-            # still not works...
-            "--password-store=gnome" # use gnome-keyring as password store
-          ];
-        };
+          # TODO: fix https://github.com/microsoft/vscode/issues/187436
+          # still not works...
+          "--password-store=gnome" # use gnome-keyring as password store
+        ];
+      };
    };
  };
 }
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  xdg.portal = {
    enable = true;

@@ -0,0 +1,216 @@
+{
+  pkgs-unstable,
+  nixos-apple-silicon,
+  my-asahi-firmware,
+  ...
+}:
+{
+  imports = [
+    nixos-apple-silicon.nixosModules.default
+  ];
+
+  networking.wireless.iwd = {
+    enable = true;
+    settings.General.EnableNetworkConfiguration = true;
+  };
+  # configures the network interface(include wireless) via `nmcli` & `nmtui`
+  networking.networkmanager.enable = true;
+
+  # Specify path to peripheral firmware files.
+  hardware.asahi = {
+    enable = true;
+    peripheralFirmwareDirectory = "${my-asahi-firmware}/macbook-pro-m2-a2338";
+
+    # build the Asahi Linux Kernel with Rust support
+    withRust = true;
+    # use apple-silicon's GPU instead of CPU
+    useExperimentalGPUDriver = true;
+    # How to install the Asahi Mesa driver
+    experimentalGPUInstallMode = "driver"; # driver / replace(for non-flakes) / overlay
+  };
+
+  # After adding this snippet, you need to restart the system for the touchbar to work.
+  hardware.apple.touchBar = {
+    enable = true;
+    package = pkgs-unstable.tiny-dfr;
+    # https://github.com/WhatAmISupposedToPutHere/tiny-dfr/blob/master/share/tiny-dfr/config.toml
+    settings = {
+      # F{number} keys are shown when Fn is not pressed by default.
+      # Set this to true if you want the media keys to be shown without Fn pressed
+      MediaLayerDefault = true;
+
+      # Set this to false if you want to hide the button outline,
+      # leaving only the text/logo
+      ShowButtonOutlines = true;
+
+      # Set this to true to slowly shift the entire screen contents.
+      # In theory this helps with screen longevity, but macos does not bother doing it
+      # Disabling ShowButtonOutlines will make this effect less noticeable to the eye
+      EnablePixelShift = true;
+
+      # This key defines the contents of the primary layer
+      # (the one with F{number} keys)
+      # You can change the individual buttons, add, or remove them
+      # Any number of keys that is greater than 0 is allowed
+      # however rendering will start to break around 24 keys
+      # Buttons can be made larger by setting the optional Stretch field
+      # to a number greater than 1 (which means the button will take up
+      # that many button spaces).
+      PrimaryLayerKeys = [
+        # Action defines the key code to send when the button is pressed
+        # Text defines the button label
+        # Icon specifies the icon to be used for the button.
+        # Theme specifies the XDG icons theme.
+        # Stretch specifies how many button spaces the button should take up
+        # and defaults to 1
+        # Icons can either be svgs or pngs, with svgs being preferred
+        # For best results with pngs, they should be 48x48
+        # Do not include the extension in the file name.
+        # If a Theme is set, icons are looked up in XDG_DATA_DIRS.
+        # Otherwise, they are first looked up in /etc/tiny-dfr, and then in /usr/share/tiny-dfr.
+        # Time can be either 24hr, or 12hr. Locale is optional and will default to POSIX.
+        # Only one of Text, Icon or Time is allowed,
+        # if both are present, the behavior is undefined.
+        # For the list of supported key codes see
+        # https://docs.rs/input-linux/latest/input_linux/enum.Key.html
+        # Note that the escape key is not specified here, as it is added
+        # automatically on Macs without a physical one
+        {
+          Text = "F1";
+          Action = "F1";
+        }
+        {
+          Text = "F2";
+          Action = "F2";
+        }
+        {
+          Text = "F3";
+          Action = "F3";
+        }
+        {
+          Text = "F4";
+          Action = "F4";
+        }
+        {
+          Text = "F5";
+          Action = "F5";
+        }
+        {
+          Text = "F6";
+          Action = "F6";
+        }
+        {
+          Text = "F7";
+          Action = "F7";
+        }
+        {
+          Text = "F8";
+          Action = "F8";
+        }
+        {
+          Text = "F9";
+          Action = "F9";
+        }
+        {
+          Text = "F10";
+          Action = "F10";
+        }
+        {
+          Text = "F11";
+          Action = "F11";
+        }
+        {
+          Text = "F12";
+          Action = "F12";
+        }
+
+        {
+          Text = "Home";
+          Action = "Home";
+        }
+        {
+          Text = "End";
+          Action = "End";
+        }
+
+        # for screenshot shortcut
+        {
+          Text = "Print";
+          Action = "Print";
+        }
+      ];
+
+      # This key defines the contents of the media key layer
+      MediaLayerKeys = [
+        {
+          Icon = "brightness_low";
+          Action = "BrightnessDown";
+        }
+        {
+          Icon = "brightness_high";
+          Action = "BrightnessUp";
+        }
+        {
+          Icon = "mic_off";
+          Action = "MicMute";
+        }
+        {
+          Icon = "search";
+          Action = "Search";
+        }
+        {
+          Icon = "backlight_low";
+          Action = "IllumDown";
+        }
+        {
+          Icon = "backlight_high";
+          Action = "IllumUp";
+        }
+        {
+          Icon = "fast_rewind";
+          Action = "PreviousSong";
+        }
+        {
+          Icon = "play_pause";
+          Action = "PlayPause";
+        }
+        {
+          Icon = "fast_forward";
+          Action = "NextSong";
+        }
+        {
+          Icon = "volume_off";
+          Action = "Mute";
+        }
+        {
+          Icon = "volume_down";
+          Action = "VolumeDown";
+        }
+        {
+          Icon = "volume_up";
+          Action = "VolumeUp";
+        }
+
+        {
+          Text = "Home";
+          Action = "Home";
+        }
+        {
+          Text = "End";
+          Action = "End";
+        }
+
+        # for screenshot shortcut
+        {
+          Text = "Print";
+          Action = "Print";
+        }
+      ];
+    };
+  };
+
+  # For ` to < and ~ to > (for those with US keyboards)
+  # boot.extraModprobeConfig = ''
+  #   options hid_apple iso_layout=0
+  # '';
+}
@@ -1,4 +1,8 @@
-{myvars, ...}:
+{
+  lib,
+  myvars,
+  ...
+}:
 #############################################################
 #
 #  Shoukei - NixOS running on Macbook Pro 2022 M2 16G
@@ -12,12 +16,11 @@ in {
    ../idols-ai/preservation.nix
  ];

+  services.sunshine.enable = lib.mkForce false;
+
  networking = {
    inherit hostName;
    inherit (myvars.networking) nameservers;
-
-    # configures the network interface(include wireless) via `nmcli` & `nmtui`
-    networkmanager.enable = true;
  };

  # This value determines the NixOS release from which the default
@@ -6,46 +6,28 @@
  lib,
  pkgs,
  modulesPath,
-  nixos-apple-silicon,
-  my-asahi-firmware,
  ...
-}: let
+}:
+let
  device = "/dev/disk/by-uuid/c2e8b249-240e-4eef-bf4e-81e7dbbf4887";
-in {
+in
+{
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
-    nixos-apple-silicon.nixosModules.default
+    ./apple-silicon.nix
  ];

-  # Specify path to peripheral firmware files.
-  hardware.asahi = {
-    enable = true;
-    peripheralFirmwareDirectory = "${my-asahi-firmware}/macbook-pro-m2-a2338";
-
-    # build the Asahi Linux Kernel with Rust support
-    withRust = true;
-    # use apple-silicon's GPU instead of CPU
-    useExperimentalGPUDriver = true;
-    # How to install the Asahi Mesa driver
-    experimentalGPUInstallMode = "driver"; # driver / replace(for non-flakes) / overlay
-  };
-
-  networking.wireless.iwd = {
-    enable = true;
-    settings.General.EnableNetworkConfiguration = true;
-  };
-
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = false;
  # depending on how you configured your disk mounts, change this to /boot or /boot/efi.
  boot.loader.efi.efiSysMountPoint = "/boot";

-  # For ` to < and ~ to > (for those with US keyboards)
-  # boot.extraModprobeConfig = ''
-  #   options hid_apple iso_layout=0
-  # '';
-
+  # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
+  boot.binfmt.emulatedSystems = [
+    "x86_64-linux"
+    "riscv64-linux"
+  ];
  # supported file systems, so we can mount any removable disks with these filesystems
  boot.supportedFilesystems = lib.mkForce [
    "ext4"
@@ -153,7 +135,7 @@ in {
  # remount swapfile in read-write mode
  fileSystems."/swap/swapfile" = {
    # the swapfile is located in /swap subvolume, so we need to mount /swap first.
-    depends = ["/swap"];
+    depends = [ "/swap" ];

    device = "/swap/swapfile";
    fsType = "none";
@@ -164,7 +146,7 @@ in {
  };

  swapDevices = [
-    {device = "/swap/swapfile";}
+    { device = "/swap/swapfile"; }
  ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@@ -3,7 +3,7 @@
 # Configure your Display resolution, offset, scale and Monitors here, use `hyprctl monitors` to get the info.
 #   highres:      get the best possible resolution
 #   auto:         position automatically
-#   1.25:          scale to 1.25 times
+#   1.33:          scale to 1.33 times
 #   bitdepth,10:  enable 10 bit support
-monitor=eDP-1,      highres@highrr,  0x0,         1.25,  bitdepth,10
+monitor=eDP-1,      highres@highrr,  0x0,         1.33,  bitdepth,10

@@ -6,7 +6,8 @@ _:
 #############################################################
 let
  hostname = "fern";
-in {
+in
+{
  networking.hostName = hostname;
  networking.computerName = hostname;
  system.defaults.smb.NetBIOSName = hostname;
@@ -1,5 +1,8 @@
-{config, ...}: let
+{ config, ... }:
+let
  hostName = "fern";
-in {
-  programs.ssh.matchBlocks."github.com".identityFile = "${config.home.homeDirectory}/.ssh/${hostName}";
+in
+{
+  programs.ssh.matchBlocks."github.com".identityFile =
+    "${config.home.homeDirectory}/.ssh/${hostName}";
 }
@@ -6,7 +6,8 @@ _:
 #############################################################
 let
  hostname = "frieren";
-in {
+in
+{
  networking.hostName = hostname;
  networking.computerName = hostname;
  system.defaults.smb.NetBIOSName = hostname;
@@ -1,5 +1,8 @@
-{config, ...}: let
+{ config, ... }:
+let
  hostName = "frieren";
-in {
-  programs.ssh.matchBlocks."github.com".identityFile = "${config.home.homeDirectory}/.ssh/${hostName}";
+in
+{
+  programs.ssh.matchBlocks."github.com".identityFile =
+    "${config.home.homeDirectory}/.ssh/${hostName}";
 }
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
  imports = mylib.scanPaths ./.;
 }
@@ -2,13 +2,15 @@
  pkgs,
  nixpkgs-ollama,
  ...
-}: let
+}:
+let
  pkgs-ollama = import nixpkgs-ollama {
    inherit (pkgs) system;
    # To use cuda, we need to allow the installation of non-free software
    config.allowUnfree = true;
  };
-in {
+in
+{
  services.ollama = rec {
    enable = true;
    package = pkgs-ollama.ollama;
@@ -7,7 +7,7 @@
 let
  hostName = "ai"; # Define your hostname.

-  inherit (myvars.networking) defaultGateway defaultGateway6 nameservers;
+  inherit (myvars.networking) mainGateway mainGateway6 nameservers;
  inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4 ipv6;
  ipv4WithMask = "${ipv4}/24";
  ipv6WithMask = "${ipv6}/64";
@@ -17,6 +17,7 @@ in {
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
    ./nvidia.nix
+    ./ai

    ./preservation.nix
    ./secureboot.nix
@@ -36,7 +37,10 @@ in {
  systemd.network.networks."10-${iface}" = {
    matchConfig.Name = [iface];
    networkConfig = {
-      Address = [ipv4WithMask ipv6WithMask];
+      Address = [
+        ipv4WithMask
+        ipv6WithMask
+      ];
      DNS = nameservers;
      DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
      IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)
@@ -45,11 +49,11 @@ in {
    routes = [
      {
        Destination = "0.0.0.0/0";
-        Gateway = defaultGateway;
+        Gateway = mainGateway;
      }
      {
        Destination = "::/0";
-        Gateway = defaultGateway6;
+        Gateway = mainGateway6;
        GatewayOnLink = true; # it's a gateway on local link.
      }
    ];
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
  imports = mylib.scanPaths ./.;
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Ryan Yin	f9368749b5	feat: start clash-verge on login	2025-08-11 00:42:10 +08:00
Ryan Yin	3c409bd83a	feat: use mainGateway for idols-ai, rename defaultGateway to proxyGateway	2025-08-11 00:32:08 +08:00
Ryan Yin	01448b6e0e	feat: install clash verge on all nixos desktop hosts	2025-08-11 00:18:29 +08:00
Ryan Yin	e54af73cb2	feat: shoukei - scale monitor to 1.33 times	2025-08-10 13:27:20 +08:00
Ryan Yin	7da0b208e6	feat: waybar network - use bytes instead of bits	2025-08-10 13:23:56 +08:00
Ryan Yin	0fe704c32a	chore: shoukei - disable sunshine for security	2025-08-09 13:47:04 +08:00
Ryan Yin	273bfd2ac8	feat: shoukei - add clash verge rev	2025-08-06 15:54:02 +08:00
Ryan Yin	09a01ff947	fix: hyprlock is broken on asahi kernel, replace it with swaylock	2025-08-06 14:11:48 +08:00
Ryan Yin	1ef015cb16	fix: comment out git-aliases.nu	2025-08-02 13:10:21 +08:00
Ryan Yin	52dfcea713	fix: hyprland - disable tap related features to avoid palm rejection.	2025-07-30 12:24:24 +08:00
Ryan Yin	863f124b08	Merge pull request #209 from ryan4yin/nixfmt nixfmt	2025-07-30 12:20:52 +08:00
Ryan Yin	7a78b1831c	feat: justfile - format nix files	2025-07-30 12:19:15 +08:00
Ryan Yin	13bb77108c	feat: format via 'ls */.nix \| each { \|it\| nixfmt $it.name }'	2025-07-30 12:17:24 +08:00
Ryan Yin	d10b30b06b	chore: remove platformio - not used currently	2025-07-30 10:57:05 +08:00
Ryan Yin	4d218e314c	chore: install ai stuff(ollama) & games(steam) only on idols-ai	2025-07-30 10:57:05 +08:00
Ryan Yin	87229f9a31	chore: rename pre-commit-hooks.nix to git-hooks.nix	2025-07-30 10:57:05 +08:00
Ryan Yin	bc163b8157	feat: replace alejandra with nixfmt(rfc-style) 1.0.0	2025-07-30 10:57:05 +08:00
Ryan Yin	30fefb0f5f	flake.lock: Update Flake lock file updates: • Updated input 'blender-bin': 'github:edolstra/nix-warez/85d76721132cc6631bbaa8c950d4d0f3aa4003fd?dir=blender' (2025-05-04) → 'github:edolstra/nix-warez/69acfebb3740542936f71775bcdf322dc328a655?dir=blender' (2025-07-16) • Updated input 'catppuccin': 'github:catppuccin/nix/5f431aac1a4038c385e6de2d2384d943e4802d61' (2025-07-11) → 'github:catppuccin/nix/b32de96c3c5384c83b0f4d741ec58a7f97c9ab11' (2025-07-28) • Updated input 'ghostty': 'github:ghostty-org/ghostty/4aa28988a6ddd9aa8b3402e4bab05ad02a0c12c6' (2025-07-11) → 'github:ghostty-org/ghostty/92c1f4b0b9c6fde6d8f79109de71bf4e30831e86' (2025-07-28) • Updated input 'ghostty/zig/flake-compat': follows 'ghostty' → follows 'ghostty/flake-compat' • Updated input 'home-manager': 'github:nix-community/home-manager/fab659b346c0d4252208434c3c4b3983a4b38fec' (2025-07-11) → 'github:nix-community/home-manager/25deca893974aae98c9be151fb47d6284c053470' (2025-07-29) • Updated input 'nix-gaming': 'github:fufexan/nix-gaming/62f976ed47de88323770646a9a92e4912d33585f' (2025-07-11) → 'github:fufexan/nix-gaming/ceb9d44f09b0db02332873247a50210a486959ff' (2025-07-27) • Updated input 'nix-gaming/flake-parts': 'github:hercules-ci/flake-parts/77826244401ea9de6e3bac47c2db46005e1f30b5' (2025-07-01) → 'github:hercules-ci/flake-parts/644e0fc48951a860279da645ba77fe4a6e814c5e' (2025-07-21) • Updated input 'nixpak': 'github:nixpak/nixpak/19942ded45bd73c74dbb44642406da0569f639a8' (2025-07-10) → 'github:nixpak/nixpak/fedd4b59b7c8f18be508dee9d89985a8501982d0' (2025-07-24) • Updated input 'nixpak/flake-parts': 'github:hercules-ci/flake-parts/77826244401ea9de6e3bac47c2db46005e1f30b5' (2025-07-01) → 'github:hercules-ci/flake-parts/644e0fc48951a860279da645ba77fe4a6e814c5e' (2025-07-21) • Updated input 'nixpak/hercules-ci-effects': 'github:hercules-ci/hercules-ci-effects/231726642197817d20310b9d39dd4afb9e899489' (2025-05-23) → 'github:hercules-ci/hercules-ci-effects/5f2e09654b2e70ba643e41609d9f9b6640f22113' (2025-07-15) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/9807714d6944a957c2e036f84b0ff8caf9930bc0' (2025-07-08) → 'github:nixos/nixpkgs/dc9637876d0dcc8c9e5e22986b857632effeb727' (2025-07-28) • Updated input 'nixpkgs-darwin': 'github:nixos/nixpkgs/9b008d60392981ad674e04016d25619281550a9d' (2025-07-08) → 'github:nixos/nixpkgs/648f70160c03151bc2121d179291337ad6bc564b' (2025-07-28) • Updated input 'nixpkgs-ollama': 'github:nixos/nixpkgs/9807714d6944a957c2e036f84b0ff8caf9930bc0' (2025-07-08) → 'github:nixos/nixpkgs/dc9637876d0dcc8c9e5e22986b857632effeb727' (2025-07-28) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/88983d4b665fb491861005137ce2b11a9f89f203' (2025-07-08) → 'github:nixos/nixpkgs/13e8d35b7d6028b7198f8186bc0347c6abaa2701' (2025-07-26) • Updated input 'nixpkgs-unstable': 'github:nixos/nixpkgs/fc02ee70efb805d3b2865908a13ddd4474557ecf' (2025-07-23) → 'github:nixos/nixpkgs/dc9637876d0dcc8c9e5e22986b857632effeb727' (2025-07-28) • Updated input 'polybar-themes': 'github:adi1090x/polybar-themes/ccf23ef328f1e988650487c40678c6953038e2b2' (2025-06-26) → 'github:adi1090x/polybar-themes/e6326ff356b296256b7fac9c5bcc42a1ef4a4d5b' (2025-07-26)	2025-07-30 10:57:05 +08:00
Ryan Yin	8124b9ffa9	feat: neovim - use nixd as nix lsp	2025-07-30 10:57:05 +08:00
Ryan Yin	77c9514b88	feat: gnome-keyring - add gui app	2025-07-29 13:47:14 +08:00
Ryan Yin	bc2523302d	fix: waybar - network & battery	2025-07-28 19:59:58 +08:00
Ryan Yin	31c1139dbd	feat: replace cppnix with lix	2025-07-28 14:26:09 +08:00
Ryan Yin	32fa706f9f	feat: apple touchbar - add keys	2025-07-26 17:03:29 +08:00
Ryan Yin	18cabc994c	feat: shoukei - add x64 support via binfmt	2025-07-26 17:03:29 +08:00
Ryan Yin	4bb92855e7	fix: aarch64-linux - start chromium & telegram on startup	2025-07-26 17:03:29 +08:00
Ryan Yin	fa7bfabf48	doc: apple touchbar	2025-07-25 22:49:53 +08:00
Ryan Yin	9bd5c5b727	fix: apple silicon (#205 ) * fix: pavucontrol on apple-silicon * fix: apple-silicon - touchbar	2025-07-25 22:37:50 +08:00
Ryan Yin	88f85bb5d7	feat: hyprland - use chromium on aarch64-linux	2025-07-25 13:55:31 +08:00
Ryan Yin	70154b0652	feat: use chromium on aarch64-linux	2025-07-25 13:53:19 +08:00
Ryan Yin	e226d4b28f	chore: add static ip for shoukei	2025-07-25 13:48:04 +08:00
Ryan Yin	58dc1d49f6	docs: README - minor changes	2025-07-25 12:32:00 +08:00
Ryan Yin	90f36202a9	docs: mkpasswd - add link to man page	2025-07-17 23:09:16 +08:00
Ryan Yin	9548fef641	docs: mkpasswd	2025-07-17 23:07:33 +08:00
Ryan Yin	e0fe69b887	feat: add security tools	2025-07-17 22:42:21 +08:00
Ryan Yin	d3c4fd6aa3	feat: preservation - add nix cache to reduce ram usage	2025-07-17 20:21:38 +08:00