chore: remove mihomo-party

feat: add netbird for homelab, keep tailscale for work (#225 )
refactor: grafana - add more datasources, rewrite in nix
2026-05-28 18:39:31 +02:00 · 2025-10-02 11:50:46 +08:00 · 2025-10-02 11:49:05 +08:00 · 2025-09-26 23:46:54 +08:00 · 2025-09-26 21:37:23 +08:00 · 2025-09-26 19:12:45 +08:00
196 changed files with 22166 additions and 5922 deletions
@@ -25,9 +25,9 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Install nix
-        uses: cachix/install-nix-action@v24
+        uses: cachix/install-nix-action@v31
        with:
          install_url: https://nixos.org/nix/install
          extra_nix_config: |
@@ -8,3 +8,4 @@ logs/
 core*
 !core/
 !core.nix
 !coredns*
@@ -1,10 +1,21 @@
 [files]
 # Respect .ignore files.
 ignore-dot = true
 # Respect ignore files.
 ignore-files = true
-extend-exclude = ["themes/", "data/", "static-surprises/", "resources/"]
+# Typos-specific ignore globs (gitignore syntax).
 # NOTE: This setting is ignored when you pass the path directly on the command line, as cachix/git-hooks.nix does.
 # To ignore those files, you must also exclude those directories via git-hooks.hooks.typos.settings.exclude.
 extend-exclude = [
  "data/",
  "rime-data/",
 ]
 [default]
 # Check binary files as text.
 binary = false
 # Verify spelling in file names.
 check-filename = true
 # ignore some special identifiers(sha256, mac address, crypto keys, etc)
 extend-ignore-re = [
  "iterm2",
@@ -108,19 +108,29 @@ up-nix:
 #
 ############################################################################
 # Deploy the nixosConfiguration by hostname match
 [linux]
 [group('homelab')]
 local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *;
  nixos-switch (hostname) {{mode}}
 # Deploy the hyprland nixosConfiguration by hostname match
 [linux]
 [group('desktop')]
 hypr mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *;
-  nixos-switch ai-hyprland {{mode}}
+  nixos-switch $"(hostname)-hyprland" {{mode}}
 # Deploy the niri nixosConfiguration by hostname match
 [linux]
 [group('desktop')]
-s-hypr mode="default":
+niri mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *;
-  nixos-switch shoukei-hyprland {{mode}}
+  nixos-switch $"(hostname)-niri" {{mode}}
 ############################################################################
 #
@@ -141,23 +151,15 @@ darwin-rollback:
  use {{utils_nu}} *;
  darwin-rollback
-# Depoly to fern(macOS host)
+# Deploy the darwinConfiguration by hostname match
 [macos]
 [group('desktop')]
-fe mode="default": 
+local mode="default": 
  #!/usr/bin/env nu
  use {{utils_nu}} *;
-  darwin-build "fern" {{mode}};
+  darwin-build (hostname) {{mode}};
-  darwin-switch "fern" {{mode}}
+  darwin-switch (hostname) {{mode}}
 # Depoly to frieren(macOS host)
 [macos]
 [group('desktop')]
 fr mode="default": 
  #!/usr/bin/env nu
  use {{utils_nu}} *;
  darwin-build "frieren" {{mode}};
  darwin-switch "frieren" {{mode}}
 # Reset launchpad to force it to reindex Applications
 [macos]
@@ -178,13 +180,6 @@ reset-launchpad:
 col tag:
  colmena apply --on '@{{tag}}' --verbose --show-trace
 [linux]
 [group('homelab')]
 local name mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *;
  nixos-switch {{name}} {{mode}}
 # Build and upload a vm image
 [linux]
 [group('homelab')]
@@ -204,37 +199,16 @@ lab:
 shoryu:
  colmena apply --on '@kubevirt-shoryu' --verbose --show-trace
 [linux]
 [group('homelab')]
 shoryu-local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch kubevirt-shoryu {{mode}}
 [linux]
 [group('homelab')]
 shushou:
  colmena apply --on '@kubevirt-shushou' --verbose --show-trace
 [linux]
 [group('homelab')]
 shushou-local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch kubevirt-shushou {{mode}}
 [linux]
 [group('homelab')]
 youko:
  colmena apply --on '@kubevirt-youko' --verbose --show-trace
 [linux]
 [group('homelab')]
 youko-local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch kubevirt-youko {{mode}}
 ############################################################################
 #
 # Commands for other Virtual Machines
@@ -256,37 +230,16 @@ upload-idols mode="default":
 aqua:
  colmena apply --on '@aqua' --verbose --show-trace
 [linux]
 [group('homelab')]
 aqua-local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch aquamarine {{mode}}
 [linux]
 [group('homelab')]
 ruby:
  colmena apply --on '@ruby' --verbose --show-trace
 [linux]
 [group('homelab')]
 ruby-local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch ruby {{mode}}
 [linux]
 [group('homelab')]
 kana:
  colmena apply --on '@kana' --verbose --show-trace
 [linux]
 [group('homelab')]
 kana-local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch kana {{mode}}
 ############################################################################
 #
 # Kubernetes related commands
@@ -56,15 +56,15 @@ You don't have to go through the pain I've experienced again! Check out my
 |                             | NixOS(Wayland)                                                                                                      |
 | --------------------------- | ------------------------------------------------------------------------------------------------------------------- |
-| **Window Manager**          | [Hyprland][Hyprland]                                                                                                |
+| **Window Manager**          | [Hyprland][Hyprland] / [Niri][Niri]                                                                                 |
-| **Terminal Emulator**       | [Zellij][Zellij] + [Kitty][Kitty]                                                                                   |
+| **Terminal Emulator**       | [Zellij][Zellij] + [foot][foot]/[Kitty][Kitty]/[Alacritty][Alacritty]/[Ghostty][Ghostty]                            |
 | **Bar**                     | [Waybar][Waybar]                                                                                                    |
 | **Application Launcher**    | [anyrun][anyrun]                                                                                                    |
 | **Notification Daemon**     | [Mako][Mako]                                                                                                        |
-| **Display Manager**         | [GDM][GDM]                                                                                                          |
+| **Display Manager**         | [tuigreet][tuigreet]                                                                                                |
-| **Color Scheme**            | [Catppuccin][Catppuccin]                                                                                            |
+| **Color Scheme**            | [catppuccin-nix][catppuccin-nix]                                                                                    |
 | **network management tool** | [NetworkManager][NetworkManager]                                                                                    |
-| **Input method framework**  | [Fcitx5][Fcitx5]                                                                                                    |
+| **Input method framework**  | [Fcitx5][Fcitx5] + [rime][rime] + [小鹤音形 flypy][flypy]                                                           |
 | **System resource monitor** | [Btop][Btop]                                                                                                        |
 | **File Manager**            | [Yazi][Yazi] + [thunar][thunar]                                                                                     |
 | **Shell**                   | [Nushell][Nushell] + [Starship][Starship]                                                                           |
@@ -74,7 +74,7 @@ You don't have to go through the pain I've experienced again! Check out my
 | **Image Viewer**            | [imv][imv]                                                                                                          |
 | **Screenshot Software**     | [hyprshot][hyprshot]                                                                                                |
 | **Screen Recording**        | [OBS][OBS]                                                                                                          |
-| **Filesystem & Encryption** | tmpfs on `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] encrypted partition for persistent, unlock via passphrase |
+| **Filesystem & Encryption** | tmpfs as `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] encrypted partition for persistent, unlock via passphrase |
 | **Secure Boot**             | [lanzaboote][lanzaboote]                                                                                            |
 Wallpapers: https://github.com/ryan4yin/wallpapers
@@ -109,14 +109,16 @@ For NixOS:
 > To deploy this flake from NixOS's official ISO image (purest installation method), please refer to
 > [./nixos-installer/](./nixos-installer/)
 > Need to restart the machine when switching between `wayland` and `xorg`.
 ```bash
 # deploy one of the configuration based on the hostname
 sudo nixos-rebuild switch --flake .#ai-hyprland
 # deploy via `just`(a command runner with similar syntax to make) & Justfile
-just hypr  # deploy my pc with hyprland compositor
+# Deploy the hyprland nixosConfiguration by hostname match
 just hypr
 # Deploy the niri nixosConfiguration by hostname match
 just niri
 # or we can deploy with details
 just hypr debug
@@ -132,11 +134,11 @@ nix-shell -p just nushell
 # 3. comment home-manager's code in lib/macosSystem.nix to speed up the first deployment.
 # 4. comment out the proxy settings in scripts/darwin_set_proxy.py if the proxy is not ready yet.
-# deploy fern's configuration(Apple Silicon)
+# Deploy the darwinConfiguration by hostname match
-just fr
+just local
 # deploy with details
-just fr debug
+just local debug
 ```
 > [What y'all will need when Nix drives you to drink.](https://www.youtube.com/watch?v=Eni9PPPPBpg)
@@ -175,7 +177,11 @@ Other dotfiles that inspired me:
  - [1amSimp1e/dots](https://github.com/1amSimp1e/dots)
 [Hyprland]: https://github.com/hyprwm/Hyprland
 [Niri]: https://github.com/YaLTeR/niri
 [Kitty]: https://github.com/kovidgoyal/kitty
 [foot]: https://codeberg.org/dnkl/foot
 [Alacritty]: https://github.com/alacritty/alacritty
 [Ghostty]: https://github.com/ghostty-org/ghostty
 [Nushell]: https://github.com/nushell/nushell
 [Starship]: https://github.com/starship/starship
 [Waybar]: https://github.com/Alexays/Waybar
@@ -184,6 +190,8 @@ Other dotfiles that inspired me:
 [anyrun]: https://github.com/Kirottu/anyrun
 [Dunst]: https://github.com/dunst-project/dunst
 [Fcitx5]: https://github.com/fcitx/fcitx5
 [rime]: https://wiki.archlinux.org/title/Rime
 [flypy]: https://flypy.cc/
 [Btop]: https://github.com/aristocratos/btop
 [mpv]: https://github.com/mpv-player/mpv
 [Zellij]: https://github.com/zellij-org/zellij
@@ -194,10 +202,10 @@ Other dotfiles that inspired me:
 [OBS]: https://obsproject.com
 [Mako]: https://github.com/emersion/mako
 [Nerd fonts]: https://github.com/ryanoasis/nerd-fonts
-[catppuccin]: https://github.com/catppuccin/catppuccin
+[catppuccin-nix]: https://github.com/catppuccin/nix
 [NetworkManager]: https://wiki.gnome.org/Projects/NetworkManager
 [wl-clipboard]: https://github.com/bugaevc/wl-clipboard
-[GDM]: https://wiki.archlinux.org/title/GDM
+[tuigreet]: https://github.com/apognu/tuigreet
 [thunar]: https://gitlab.xfce.org/xfce/thunar
 [Yazi]: https://github.com/sxyazi/yazi
 [Catppuccin]: https://github.com/catppuccin/catppuccin
@@ -3,5 +3,21 @@
 This is my private Private Key Infrastructure (PKI) / Certificate Authority (CA) for my personal
 use. It is used to issue certificates for my own servers and services.
-All the private keys are ignored by git, and will be stored in my private secrets repo
+## Current Structure
-[../secrets](../secrets/)
+
 - **ecc-ca.crt** - ECC CA certificate file
 - **ecc-ca.srl** - CA serial number file for certificate tracking
 - **ecc-csr.conf** - OpenSSL configuration file for certificate signing requests
 - **ecc-server.crt** - Server certificate signed by the ECC CA
 - **gen-certs.sh** - Shell script to generate certificates automatically
 ## Security Notes
 All private keys (`.key` files) are ignored by git and stored in a private secrets repository. The
 public certificates and configuration files are committed to this repository for reference.
 ## Usage
 Run `./gen-certs.sh` to generate new certificates using the ECC CA configuration.
 See [../secrets](../secrets/) for the corresponding private key management.
@@ -16,14 +16,14 @@
  nixConfig = {
    # substituers will be appended to the default substituters when fetching packages
    extra-substituters = [
      "https://anyrun.cachix.org"
      # "https://nix-gaming.cachix.org"
      # "https://nixpkgs-wayland.cachix.org"
      # "https://install.determinate.systems"
    ];
    extra-trusted-public-keys = [
      "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
      # "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
      # "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
      # "cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM="
    ];
  };
@@ -41,6 +41,8 @@
    nixpkgs-ollama.url = "github:nixos/nixpkgs/nixos-unstable";
    nixpkgs-patched.url = "github:ryan4yin/nixpkgs/nixos-unstable-patched";
    # for macos
    # nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-25.05-darwin";
    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-unstable";
@@ -60,6 +62,8 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*";
    # https://github.com/catppuccin/nix
    catppuccin = {
      url = "github:catppuccin/nix";
@@ -77,9 +81,10 @@
    # community wayland nixpkgs
    # nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
    # anyrun - a wayland launcher
    anyrun = {
-      url = "github:Kirottu/anyrun";
+      url = "github:/anyrun-org/anyrun/v25.9.0";
      inputs.nixpkgs.follows = "nixpkgs";
    };
@@ -97,11 +102,6 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nix-gaming = {
      url = "github:fufexan/nix-gaming";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    disko = {
      url = "github:nix-community/disko/v1.11.0";
      inputs.nixpkgs.follows = "nixpkgs";
@@ -138,8 +138,21 @@
    };
    nixos-apple-silicon = {
-      # 2025-07-04
+      # 2025-08-25 asahi-6.15.10-3
-      url = "github:nix-community/nixos-apple-silicon/eba4b40c816e5aff8951ae231ac237e8aab8ec1d";
+      url = "github:nix-community/nixos-apple-silicon/b99bf9bf7445416fe55da09034fc4a6cd733805c";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    niri.url = "github:sodiboo/niri-flake";
    # -------------- Gaming ---------------------
    nix-gaming = {
      url = "github:fufexan/nix-gaming";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    aagl = {
      url = "github:ezKEa/aagl-gtk-on-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
@@ -12,14 +12,53 @@
  1. Accessing the network when they don't need to.
  1. Accessing hardware devices they don't need.
-## Current Status
+## Current Structure
-1. **System Level**:
+### 1. **System Level**
-   - [ ] AppArmor
+
-   - [ ] Kernel & System Hardening
+- **AppArmor** (`apparmor/`): AppArmor profiles and configuration
-1. **Per-App Level**:
+- **Kernel & System Hardening** (`profiles/`): System-wide hardening profiles
-   - Nixpak (Bubblewrap, running at user-level)
+
-   - Firejail (a SUID program, meaning it's running as root)
+### 2. **Per-App Level**
 - **Nixpak** (`nixpaks/`): Bubblewrap-based sandboxing for applications
  - Firefox configuration
  - QQ (Chinese messaging app) configuration
  - Modular system with reusable components
 - **Firejail** (legacy): SUID-based sandboxing (not used)
 - **Bubblewrap** (`bwraps/`): Direct bubblewrap configurations
  - WeChat sandboxing configuration
 ## Current Implementation Status
 | Component         | Status    | Notes                          |
 | ----------------- | --------- | ------------------------------ |
 | AppArmor Profiles | 🚧 WIP    | Basic structure in place       |
 | Nixpak Firefox    | ✅ Active | Firefox sandboxing via nixpak  |
 | Nixpak QQ         | ✅ Active | QQ application sandboxing      |
 | Bubblewrap WeChat | ✅ Active | WeChat specific sandboxing     |
 | System Profiles   | 🚧 WIP    | Hardened system configurations |
 ## Directory Structure
 ```
 hardening/
 ├── README.md
 ├── apparmor/           # AppArmor security profiles
 │   └── default.nix
 ├── bwraps/            # Direct bubblewrap configurations
 │   ├── default.nix
 │   └── wechat.nix
 ├── nixpaks/           # Nixpak application sandboxing
 │   ├── default.nix
 │   ├── firefox.nix
 │   ├── qq.nix
 │   └── modules/       # Reusable nixpak modules
 │       ├── gui-base.nix
 │       └── network.nix
 └── profiles/          # System hardening profiles
    └── default.nix
 ```
 ## Kernel Hardening
@@ -69,13 +108,6 @@ provide a much higher level of security.
 - [Paranoid NixOS Setup - xeiaso](https://xeiaso.net/blog/paranoid-nixos-2021-07-18/)
 - [nix-mineral](https://github.com/cynicsketch/nix-mineral): NixOS module for convenient system
  hardening.
 - nixpak configs:
  - https://github.com/pokon548/OysterOS/tree/b97604d89953373d6316286b96f6a964af2c398d/desktop/application
  - https://github.com/segment-tree/my-nixos/tree/ceb6041f73bd9edcb78a8818b27a28f7c629193b/hm/me/apps/nixpak
  - https://github.com/Keksgesicht/nixos-config/tree/91cc77d8d6b598da7c4dbed143e0009c2dea6940/packages/nixpak
  - https://github.com/bluskript/nix-config/blob/7ecb6a7254c1ac4969072f4c4febdc19f8b83b30/pkgs/nixpak/default.nix
 - firejail configs:
  - https://github.com/stelcodes/nixos-config/blob/f8967c82a5e5f3d128eb1aaf7498b5f918f719ec/packages/overlay.nix#L261
 - apparmor configs:
  - https://github.com/zramctl/dotfiles/blob/4fe177f6984154960942bb47d5a375098ec6ed6a/modules/nixos/security/apparmor.nix#L4
  - https://git.grimmauld.de/Grimmauld/grimm-nixos-laptop/src/branch/main/hardening
@@ -1,5 +1,6 @@
 {
  pkgs,
  pkgs-patched,
  nixpak,
  ...
 }:
@@ -14,21 +15,17 @@ let
      (sloth.concat' sloth.homeDir mapdir)
    ];
  };
-  wrapper = _pkgs: path: (_pkgs.callPackage path callArgs).config.script;
+  wrapper = _pkgs: path: (_pkgs.callPackage path callArgs);
 in
 {
  # Add nixpaked Apps into nixpkgs, and reference them in home-manager or other nixos modules
  nixpkgs.overlays = [
    (_: super: {
      nixpaks = {
-        qq = wrapper super ./qq.nix;
+        qq = wrapper pkgs-patched ./qq.nix;
        qq-desktop-item = super.callPackage ./qq-desktop-item.nix { };
        wechat = wrapper super ./wechat.nix;
-        wechat-desktop-item = super.callPackage ./wechat-desktop-item.nix { };
+        telegram-desktop = wrapper super ./telegram-desktop.nix;
        firefox = wrapper super ./firefox.nix;
        firefox-desktop-item = super.callPackage ./firefox-desktop-item.nix { };
      };
    })
  ];
@@ -1,11 +0,0 @@
 { makeDesktopItem }:
 makeDesktopItem {
  name = "firefox";
  desktopName = "firefox";
  exec = "firefox %U";
  terminal = false;
  icon = "firefox";
  type = "Application";
  categories = [ "Network" ];
  comment = "firefox boxed";
 }
@@ -5,11 +5,16 @@
 # - Firefox's flatpak manifest: https://hg.mozilla.org/mozilla-central/file/tip/taskcluster/docker/firefox-flatpak/runme.sh#l151
 {
  lib,
-  pkgs,
+  firefox-wayland,
  mkNixPak,
  buildEnv,
  makeDesktopItem,
  ...
 }:
-mkNixPak {
+
 let
  appId = "org.mozilla.firefox";
  wrapped = mkNixPak {
    config =
      {
        config,
@@ -18,14 +23,15 @@ mkNixPak {
      }:
      {
        app = {
-        package = pkgs.firefox-wayland;
+          package = firefox-wayland;
          binPath = "bin/firefox";
        };
-      flatpak.appId = "org.mozilla.firefox";
+        flatpak.appId = appId;
        imports = [
          ./modules/gui-base.nix
          ./modules/network.nix
          ./modules/common.nix
        ];
        # list all dbus services:
@@ -35,20 +41,15 @@ mkNixPak {
          "org.mozilla.firefox.*" = "own"; # firefox
          "org.mozilla.firefox_beta.*" = "own"; # firefox beta
          "org.mpris.MediaPlayer2.firefox.*" = "own";
        "org.freedesktop.NetworkManager" = "talk";
          "org.gnome.Shell.Screencast" = "talk";
          # System tray icon
          "org.freedesktop.Notifications" = "talk";
          "org.kde.StatusNotifierWatcher" = "talk";
        # File Manager
        "org.freedesktop.FileManager1" = "talk";
        # Uses legacy StatusNotifier implementation
        "org.kde.*" = "own";
        };
        bubblewrap = {
-        # To trace all the home files QQ accesses, you can use the following nushell command:
+          # To trace all the home files Firefox accesses, you can use the following nushell command:
          #   just trace-access firefox
          # See the Justfile in the root of this repository for more information.
          bind.rw = [
@@ -85,4 +86,55 @@ mkNixPak {
          };
        };
      };
  };
  exePath = lib.getExe wrapped.config.script;
 in
 buildEnv {
  inherit (wrapped.config.script) name meta passthru;
  paths = [
    wrapped.config.script
    (makeDesktopItem {
      name = appId;
      desktopName = "Firefox";
      genericName = "Firefox Boxed";
      comment = "Firefox Browser";
      exec = "${exePath} %U";
      terminal = false;
      icon = "firefox";
      startupNotify = true;
      startupWMClass = "firefox";
      type = "Application";
      categories = [
        "Network"
        "WebBrowser"
      ];
      mimeTypes = [
        "text/html"
        "text/xml"
        "application/xhtml+xml"
        "application/vnd.mozilla.xul+xml"
        "x-scheme-handler/http"
        "x-scheme-handler/https"
      ];
      actions = {
        new-private-window = {
          name = "New Private Window";
          exec = "${exePath} --private-window %U";
        };
        new-window = {
          name = "New Window";
          exec = "${exePath} --new-window %U";
        };
        profile-manager-window = {
          name = "Profile Manager";
          exec = "${exePath} --ProfileManager";
        };
      };
      extraConfig = {
        X-Flatpak = appId;
      };
    })
  ];
 }
@@ -0,0 +1,236 @@
 {
  lib,
  pkgs,
  sloth,
  config,
  ...
 }:
 {
  config = {
    dbus =
      let
        inherit (config.flatpak) appId;
      in
      {
        policies = {
          "${appId}" = "own";
          "${appId}.*" = "own";
          "org.freedesktop.DBus" = "talk";
          "org.gtk.vfs.*" = "talk";
          "org.gtk.vfs" = "talk";
          "ca.desrt.dconf" = "talk";
          "org.freedesktop.portal.*" = "talk";
          "org.a11y.Bus" = "talk";
          "org.freedesktop.appearance" = "talk";
          "org.freedesktop.appearance.*" = "talk";
        }
        // (builtins.listToAttrs (
          map (id: lib.nameValuePair "org.kde.StatusNotifierItem-${toString id}-1" "own") (
            lib.lists.range 2 11
          )
        ))
        // {
          # --- MPRIS Media Control ---
          # Allows the app to register as a media player. These are derived from the appID.
          "org.mpris.MediaPlayer2.${appId}" = "own";
          "org.mpris.MediaPlayer2.${appId}.*" = "own";
          "org.mpris.MediaPlayer2.${lib.lists.last (lib.strings.splitString "." appId)}" = "own";
          "org.mpris.MediaPlayer2.${lib.lists.last (lib.strings.splitString "." appId)}.*" = "own";
          # Conditionally allows a custom, friendlier MPRIS name if 'mprisName' is set.
          #       "org.mpris.MediaPlayer2.${mprisName}" = "own";
          #       "org.mpris.MediaPlayer2.${mprisName}.*" = "own";
          # --- General Desktop Integration ---
          "com.canonical.AppMenu.Registrar" = "talk"; # For Ubuntu AppMenu
          "org.freedesktop.FileManager1" = "talk";
          "org.freedesktop.Notifications" = "talk";
          # --- Accessibility (a11y) ---
          "org.a11y.Bus" = "see";
          # --- Portal Access ---
          "org.freedesktop.portal.Documents" = "talk";
          "org.freedesktop.portal.FileTransfer" = "talk";
          "org.freedesktop.portal.FileTransfer.*" = "talk";
          "org.freedesktop.portal.Notification" = "talk";
          "org.freedesktop.portal.OpenURI" = "talk";
          "org.freedesktop.portal.OpenURI.OpenFile" = "talk";
          "org.freedesktop.portal.OpenURI.OpenURI" = "talk";
          "org.freedesktop.portal.Print" = "talk";
          "org.freedesktop.portal.Request" = "see";
          # --- Input Method Portals ---
          "org.freedesktop.portal.Fcitx" = "talk";
          "org.freedesktop.portal.Fcitx.*" = "talk";
          "org.freedesktop.portal.IBus" = "talk";
          "org.freedesktop.portal.IBus.*" = "talk";
        };
        rules = {
          # 'call' rules permit specific method calls on D-Bus interfaces.
          call = {
            # --- Accessibility ---
            "org.a11y.Bus" = [
              "org.a11y.Bus.GetAddress@/org/a11y/bus"
              "org.freedesktop.DBus.Properties.Get@/org/a11y/bus"
            ];
            # --- General Portal Rules ---
            "org.freedesktop.FileManager1" = [ "*" ];
            "org.freedesktop.Notifications.*" = [ "*" ];
            "org.freedesktop.portal.Documents" = [ "*" ];
            "org.freedesktop.portal.FileTransfer" = [ "*" ];
            "org.freedesktop.portal.FileTransfer.*" = [ "*" ];
            "org.freedesktop.portal.Fcitx" = [ "*" ];
            "org.freedesktop.portal.Fcitx.*" = [ "*" ];
            "org.freedesktop.portal.IBus" = [ "*" ];
            "org.freedesktop.portal.IBus.*" = [ "*" ];
            "org.freedesktop.portal.Notification" = [ "*" ];
            "org.freedesktop.portal.OpenURI" = [ "*" ];
            "org.freedesktop.portal.OpenURI.OpenFile" = [ "*" ];
            "org.freedesktop.portal.OpenURI.OpenURI" = [ "*" ];
            "org.freedesktop.portal.Print" = [ "*" ];
            "org.freedesktop.portal.Request" = [ "*" ];
            # --- Main Desktop Portal Interface ---
            # A comprehensive list of permissions for interacting with the desktop environment.
            "org.freedesktop.portal.Desktop" = [
              # Device Access
              "org.freedesktop.portal.Camera"
              "org.freedesktop.portal.Camera.*"
              "org.freedesktop.portal.Usb"
              "org.freedesktop.portal.Usb.*"
              # File Chooser & Documents
              "org.freedesktop.portal.Documents"
              "org.freedesktop.portal.Documents.*"
              "org.freedesktop.portal.FileChooser"
              "org.freedesktop.portal.FileChooser.*"
              "org.freedesktop.portal.FileTransfer"
              "org.freedesktop.portal.FileTransfer.*"
              # Input Methods
              "org.freedesktop.portal.Fcitx"
              "org.freedesktop.portal.Fcitx.*"
              "org.freedesktop.portal.IBus"
              "org.freedesktop.portal.IBus.*"
              # Notifications & Printing
              "org.freedesktop.portal.Notification"
              "org.freedesktop.portal.Notification.*"
              "org.freedesktop.portal.Print"
              "org.freedesktop.portal.Print.*"
              # Open/Launch Handlers
              "org.freedesktop.portal.Email.ComposeEmail"
              "org.freedesktop.portal.OpenURI"
              "org.freedesktop.portal.OpenURI.*"
              # Properties & Session Management
              "org.freedesktop.DBus.Properties.GetAll"
              "org.freedesktop.DBus.Properties.Get@/org/freedesktop/portal/desktop"
              "org.freedesktop.portal.Session.Close"
              # Screen Capture & Sharing
              "org.freedesktop.portal.RemoteDesktop"
              "org.freedesktop.portal.RemoteDesktop.*"
              "org.freedesktop.portal.ScreenCast"
              "org.freedesktop.portal.ScreenCast.*"
              "org.freedesktop.portal.Screenshot"
              "org.freedesktop.portal.Screenshot.Screenshot"
              # Secrets (Keyring)
              "org.freedesktop.portal.Secret"
              "org.freedesktop.portal.Secret.RetrieveSecret"
              # Settings
              "org.freedesktop.portal.Settings.Read"
              "org.freedesktop.portal.Settings.ReadAll"
              # System Information
              "org.freedesktop.portal.Account.GetUserInformation"
              "org.freedesktop.portal.NetworkMonitor"
              "org.freedesktop.portal.NetworkMonitor.*"
              "org.freedesktop.portal.ProxyResolver.Lookup"
              "org.freedesktop.portal.ProxyResolver.Lookup.*"
              # Generic Request Fallback
              "org.freedesktop.portal.Request"
              # --- Conditional Portal Rules ---
              # These would be enabled based on config flags in a real implementation.
              # Enabled if 'allowGlobalShortcuts = true'
              "org.freedesktop.portal.GlobalShortcuts"
              "org.freedesktop.portal.GlobalShortcuts.*"
              # Enabled if 'allowInhibit = true'
              "org.freedesktop.portal.Inhibit"
              "org.freedesktop.portal.Inhibit.*"
              # Enabled if 'XDG_CURRENT_DESKTOP = "GNOME"'
              "org.freedesktop.portal.Location"
              "org.freedesktop.portal.Location.*"
            ];
          };
          # 'broadcast' rules permit receiving signals from D-Bus names.
          broadcast = {
            "org.freedesktop.portal.*" = [ "@/org/freedesktop/portal/*" ];
          };
        };
        args = [
          "--filter"
          "--sloppy-names"
          "--log"
        ];
      };
    etc.sslCertificates.enable = true;
    bubblewrap = {
      network = lib.mkDefault true;
      sockets = {
        wayland = true;
        pulse = true;
      };
      bind.rw = with sloth; [
        [
          (mkdir appDataDir)
          xdgDataHome
        ]
        [
          (mkdir appConfigDir)
          xdgConfigHome
        ]
        [
          (mkdir appCacheDir)
          xdgCacheHome
        ]
        (sloth.concat [
          sloth.runtimeDir
          "/"
          (sloth.envOr "WAYLAND_DISPLAY" "no")
        ])
        (sloth.concat' sloth.runtimeDir "/at-spi/bus")
        (sloth.concat' sloth.runtimeDir "/gvfsd")
        (sloth.concat' sloth.runtimeDir "/dconf")
        (sloth.concat' sloth.xdgCacheHome "/fontconfig")
        (sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache")
        (sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache_db")
        (sloth.concat' sloth.xdgCacheHome "/radv_builtin_shaders")
      ];
      bind.ro = [
        (sloth.concat' sloth.runtimeDir "/doc")
        (sloth.concat' sloth.xdgConfigHome "/kdeglobals")
        (sloth.concat' sloth.xdgConfigHome "/gtk-2.0")
        (sloth.concat' sloth.xdgConfigHome "/gtk-3.0")
        (sloth.concat' sloth.xdgConfigHome "/gtk-4.0")
        (sloth.concat' sloth.xdgConfigHome "/fontconfig")
        (sloth.concat' sloth.xdgConfigHome "/dconf")
      ];
      bind.dev = [ "/dev/shm" ] ++ (map (id: "/dev/video${toString id}") (lib.lists.range 0 9));
    };
  };
 }
@@ -16,15 +16,7 @@ in
  config = {
    dbus.policies = {
      "${config.flatpak.appId}" = "own";
-      "org.freedesktop.DBus" = "talk";
+      # we add other policies in ./common.nix
      "org.gtk.vfs.*" = "talk";
      "org.gtk.vfs" = "talk";
      "ca.desrt.dconf" = "talk";
      "org.a11y.Bus" = "talk";
      # for default portal & gtk/hyprland's portal
      "org.freedesktop.portal.*" = "talk";
      "org.freedesktop.impl.portal.desktop.*" = "talk";
    };
    # https://github.com/nixpak/nixpak/blob/master/modules/gpu.nix
    # 1. bind readonly - /run/opengl-driver
@@ -69,8 +61,8 @@ in
        (sloth.concat' sloth.xdgConfigHome "/fontconfig")
        "/etc/fonts" # for fontconfig
-        "/etc/machine-id"
+        "/etc/localtime" # this is a symlink to /etc/zoneinfo/xxx
-        "/etc/localtime"
+        "/etc/zoneinfo"
        # Fix: libEGL warning: egl: failed to create dri2 screen
        "/etc/egl"
@@ -1,17 +0,0 @@
 {
  makeDesktopItem,
  qq,
 }:
 makeDesktopItem {
  name = "qq";
  desktopName = "QQ";
  exec = "${qq}/bin/qq %U";
  terminal = false;
  # To find the icon name(nushell):
  #   let p = NIXPKGS_ALLOW_UNFREE=1 nix eval --impure nixpkgs#qq.outPath | str trim --char '"'
  #   tree $"($p)/share/icons"
  icon = "${qq}/share/icons/hicolor/512x512/apps/qq.png";
  type = "Application";
  categories = [ "Network" ];
  comment = "QQ boxed";
 }
@@ -5,26 +5,30 @@
 # - QQ's flatpak manifest: https://github.com/flathub/com.qq.QQ/blob/master/com.qq.QQ.yaml
 {
  lib,
-  pkgs,
+  qq,
  mkNixPak,
  buildEnv,
  makeDesktopItem,
  ...
 }:
-mkNixPak {
+
 let
  appId = "com.qq.QQ";
  wrapped = mkNixPak {
    config =
      { sloth, ... }:
      {
        app = {
-        package = pkgs.qq.override {
+          package = qq;
          # fix fcitx5 input method
          commandLineArgs = lib.concatStringsSep " " [ "--enable-wayland-ime" ];
        };
          binPath = "bin/qq";
        };
-      flatpak.appId = "com.tencent.qq";
+        flatpak.appId = appId;
        imports = [
          ./modules/gui-base.nix
          ./modules/network.nix
          ./modules/common.nix
        ];
        # list all dbus services:
@@ -45,15 +49,6 @@ mkNixPak {
          #   just trace-access qq
          # See the Justfile in the root of this repository for more information.
          bind.rw = [
          # given the read write permission to the following directories.
          # NOTE: sloth.mkdir is used to create the directory if it does not exist!
          (sloth.mkdir (
            sloth.concat [
              sloth.xdgConfigHome
              "/QQ"
            ]
          ))
            sloth.xdgDocumentsDir
            sloth.xdgDownloadDir
            sloth.xdgMusicDir
@@ -66,4 +61,31 @@ mkNixPak {
          };
        };
      };
  };
  exePath = lib.getExe wrapped.config.script;
 in
 buildEnv {
  inherit (wrapped.config.script) name meta passthru;
  paths = [
    wrapped.config.script
    (makeDesktopItem {
      name = appId;
      desktopName = "QQ";
      genericName = "QQ Boxed";
      comment = "Tencent QQ, also known as QQ, is an instant messaging software service and web portal developed by the Chinese technology company Tencent.";
      exec = "${exePath} %U";
      terminal = false;
      icon = "${qq}/share/icons/hicolor/512x512/apps/qq.png";
      startupNotify = true;
      startupWMClass = "QQ";
      type = "Application";
      categories = [
        "InstantMessaging"
        "Network"
      ];
      extraConfig = {
        X-Flatpak = appId;
      };
    })
  ];
 }
@@ -0,0 +1,104 @@
 {
  lib,
  telegram-desktop,
  buildEnv,
  mkNixPak,
  makeDesktopItem,
  ...
 }:
 let
  appId = "org.telegram.desktop";
  wrapped = mkNixPak {
    config =
      { sloth, ... }:
      {
        imports = [
          ./modules/gui-base.nix
          ./modules/network.nix
          ./modules/common.nix
        ];
        app.package = telegram-desktop;
        flatpak = {
          appId = appId;
        };
        dbus = {
          enable = true;
          policies = {
            "org.gnome.Mutter.IdleMonitor" = "talk";
            "org.freedesktop.Notifications" = "talk";
            "org.kde.StatusNotifierWatcher" = "talk";
            "com.canonical.AppMenu.Registrar" = "talk";
            "com.canonical.indicator.application" = "talk";
            "org.ayatana.indicator.application" = "talk";
            "org.sigxcpu.Feedback" = "talk";
          };
        };
        bubblewrap = {
          bind.rw = [
            sloth.xdgDocumentsDir
            sloth.xdgDownloadDir
            sloth.xdgMusicDir
            sloth.xdgVideosDir
          ];
          sockets = {
            x11 = false;
            wayland = true;
            pipewire = true;
          };
        };
      };
  };
  exePath = lib.getExe wrapped.config.script;
 in
 buildEnv {
  inherit (wrapped.config.script) name meta passthru;
  paths = [
    wrapped.config.script
    (makeDesktopItem {
      name = appId;
      desktopName = "Telegram";
      comment = "New era of messaging";
      tryExec = "${exePath}";
      exec = "${exePath} -- %u";
      icon = appId;
      startupNotify = true;
      startupWMClass = appId;
      terminal = false;
      type = "Application";
      categories = [
        "Chat"
        "Network"
        "InstantMessaging"
        "Qt"
      ];
      mimeTypes = [
        "x-scheme-handler/tg"
        "x-scheme-handler/tonsite"
      ];
      keywords = [
        "tg"
        "chat"
        "im"
        "messaging"
        "messenger"
        "sms"
        "tdesktop"
      ];
      actions = {
        quit = {
          name = "Quit Telegram";
          exec = "${exePath} -quit";
          icon = "application-exit";
        };
      };
      extraConfig = {
        X-Flatpak = appId;
        DBusActivatable = "true";
        SingleMainWindow = "true";
        X-GNOME-UsesNotifications = "true";
        X-GNOME-SingleWindow = "true";
      };
    })
  ];
 }
@@ -1,5 +1,49 @@
 # Home Manager's Submodules
-1. `base`: The base module that is suitable for both Linux and macOS.
+This directory contains all Home Manager configurations organized by platform and functionality.
-2. `linux`: Linux-specific configuration.
+
-3. `darwin`: macOS-specific configuration.
+## Current Structure
 ```
 home/
 ├── base/              # Cross-platform home manager configurations
 │   ├── core/          # Essential applications and settings
 │   │   ├── editors/   # Editor configurations (Neovim, Helix)
 │   │   ├── shells/    # Shell configurations (Nushell, Zellij)
 │   │   └── ...
 │   ├── gui/           # GUI applications and desktop settings
 │   │   ├── terminal/  # Terminal emulators (Kitty, Alacritty, etc.)
 │   │   └── ...
 │   ├── tui/           # Terminal/TUI applications
 │   │   ├── editors/   # TUI editors and related tools
 │   │   ├── encryption/ # GPG, password-store, etc.
 │   │   └── ...
 │   └── home.nix       # Main home manager entry point
 ├── linux/             # Linux-specific home manager configurations
 │   ├── base/          # Linux base configurations
 │   ├── gui/           # Linux GUI applications
 │   │   ├── hyprland/  # Hyprland window manager
 │   │   ├── niri/      # Niri window manager
 │   │   └── ...
 │   ├── editors/       # Linux-specific editors
 │   └── ...
 └── darwin/            # macOS-specific home manager configurations
    ├── aerospace/     # macOS window manager
    ├── proxy/         # Proxy configurations
    └── ...
 ```
 ## Module Overview
 1. **base**: The base module suitable for both Linux and macOS
   - Cross-platform applications and settings
   - Shared configurations for editors, shells, and essential tools
 2. **linux**: Linux-specific configuration
   - Desktop environments (Hyprland, Niri)
   - Linux-specific GUI applications
   - System integration tools
 3. **darwin**: macOS-specific configuration
   - macOS applications and services
   - Platform-specific integrations (Aerospace, Squirrel, etc.)
@@ -1,5 +1,66 @@
 # Home Manager's Base Submodules
-1. `server`: Configuration which is suitable for both servers and desktops.
+This directory contains cross-platform base configurations that are shared between Linux and Darwin
-1. `desktop`: Configuration for desktop environments, such as Hyprland, I3, etc.
+systems.
-1. `core.nix`: Minimal home-manager's config
+
 ## Configuration Structure
 ### Core System
 - **core/**: Essential cross-platform configurations
  - **core.nix**: Minimal home-manager configuration
  - **shells/**: Shell configurations (bash, zsh, fish, nu)
  - **editors/**: Text editor configurations
    - **neovim/**: Neovim with custom plugins and settings
    - **helix/**: Helix editor configuration
  - **btop.nix**: System monitoring tools
  - **git.nix**: Git configuration and aliases
  - **npm.nix**: Node.js package management
  - **pip.nix**: Python package management
  - **starship.nix**: Cross-shell prompt configuration
  - **theme.nix**: Color schemes and theming
  - **yazi.nix**: Terminal file manager configuration
  - **zellij/**: Terminal multiplexer with custom layouts
 ### Desktop Environment
 - **gui/**: Cross-platform GUI applications and configurations
  - **dev-tools.nix**: Development tools and IDEs
  - **media.nix**: Media players and utilities
  - **terminal/**: Terminal emulator configurations
    - **alacritty/**: Alacritty terminal
    - **kitty/**: Kitty terminal
    - **foot/**: Foot terminal (Linux)
    - **ghostty/**: Ghostty terminal
 ### Terminal Interface
 - **tui/**: Terminal-based interface configurations
  - **cloud/**: Cloud development tools (Terraform, etc.)
  - **container.nix**: Container tools (Docker, Podman)
  - **dev-tools.nix**: Terminal-based development tools
  - **editors/**: Terminal editor configurations
  - **encryption/**: Encryption and security tools
  - **gpg/**: GPG key management
  - **password-store/**: Password management with pass
  - **shell.nix**: Shell environment configurations
  - **ssh/**: SSH configuration and management
  - **zellij/**: Terminal workspace management
 ### System Management
 - **home.nix**: Main home manager configuration file
 ## Platform Compatibility
 All configurations in this directory are designed to work across:
 - **Linux**: All distributions with Nix and Home Manager
 - **macOS**: Darwin systems with Home Manager
 - **WSL**: Windows Subsystem for Linux
 ## Usage
 These base configurations provide the foundation for both Linux and Darwin systems, ensuring
 consistent environments across different platforms while allowing for platform-specific
 customizations.
@@ -1,3 +1,10 @@
 # Editors
-See [desktop/editors/](../../desktop/editors/) for more details.
+This directory contains editor configurations that are shared across different environments.
 ## Available Editors
 - **neovim/**: Neovim configuration with AstroNvim
 - **helix/**: Helix editor configuration
 These configurations are designed to work across both terminal and GUI environments.
@@ -6,20 +6,24 @@
    enableZshIntegration = true;
    enableNushellIntegration = true;
    # https://starship.rs/config/
    settings = {
      # Get editor completions based on the config schema
      "$schema" = "https://starship.rs/config-schema.json";
      character = {
-        success_symbol = "[›](bold green)";
+        success_symbol = "[➜](bold green)";
-        error_symbol = "[›](bold red)";
+        error_symbol = "[➜](bold red)";
      };
-      aws = {
+      # I never rely on the defaults, so this module is useless to me—disabled.
-        symbol = "🅰 ";
+      # I prefer adding --project, --region to very gcloud/aws command.
-      };
+      aws.disabled = true;
-      gcloud = {
+      gcloud.disabled = true;
-        # do not show the account/project's info
+
-        # to avoid the leak of sensitive information when sharing the terminal
+      kubernetes = {
-        format = "on [$symbol$active(\($region\))]($style) ";
+        symbol = "⛵";
-        symbol = "🅶 ️";
+        disabled = false;
      };
      os.disabled = false;
    };
  };
 }
@@ -1,6 +1,6 @@
 {
  pkgs,
-  pkgs-unstable,
+  pkgs-stable,
  nur-ryan4yin,
  ...
 }:
@@ -14,16 +14,18 @@
    kubectl
    kubectx # kubectx & kubens
    kubie # same as kubectl-ctx, but per-shell (won’t touch kubeconfig).
    kubectl-view-secret # kubectl view-secret
    kubectl-tree # kubectl tree
    kubectl-node-shell # exec into node
    kubepug # kubernetes pre upgrade checker
    kubectl-cnpg # cloudnative-pg's cli tool
    kubebuilder
    istioctl
    clusterctl # for kubernetes cluster-api
    kubevirt # virtctl
-    kubernetes-helm
+    pkgs-stable.kubernetes-helm
    fluxcd
    argocd
@@ -18,6 +18,8 @@
  home.packages = with pkgs; [
    colmena # nixos's remote deployment tool
    tokei # count lines of code, alternative to cloc
    # db related
    mycli
    pgcli
@@ -34,7 +36,6 @@
    devbox
    bfg-repo-cleaner # remove large files from git history
    k6 # load testing tool
    protobuf # protocol buffer compiler
    # solve coding extercises - learn by doing
    exercism
@@ -30,7 +30,7 @@
        #-- dockerfile
        hadolint # Dockerfile linter
-        nodePackages.dockerfile-language-server-nodejs
+        dockerfile-language-server
        #-- markdown
        marksman # language server for markdown
@@ -63,14 +63,15 @@
          vscode-extensions.vadimcn.vscode-lldb.adapter # codelldb - debugger
          #-- python
          pipx # Install and Run Python Applications in Isolated Environments
          uv # python project package manager
          pyright # python language server
          (python313.withPackages (
            ps: with ps; [
              # python language server
              pyright
              ruff
              pipx # Install and Run Python Applications in Isolated Environments
              black # python formatter
-              # debugpy
+              uv # python project package manager
              # my commonly used python packages
              jupyter
@@ -80,6 +81,10 @@
              pyquery
              pyyaml
              boto3
              # misc
              protobuf # protocol buffer compiler
              numpy
            ]
          ))
@@ -9,8 +9,21 @@
  programs.ssh = {
    enable = true;
    # default config
    enableDefaultConfig = false;
    matchBlocks."*" = {
      forwardAgent = false;
      # "a private key that is used during authentication will be added to ssh-agent if it is running"
      addKeysToAgent = "yes";
      compression = true;
      serverAliveInterval = 0;
      serverAliveCountMax = 3;
      hashKnownHosts = false;
      userKnownHostsFile = "~/.ssh/known_hosts";
      controlMaster = "no";
      controlPath = "~/.ssh/master-%r@%n:%p";
      controlPersist = "no";
    };
    matchBlocks = {
      "github.com" = {
@@ -1,6 +1,33 @@
 # Home Manager's Darwin Submodules
-1. `core.nix`: some basic configuration.
+This directory contains macOS-specific Home Manager configurations for Darwin systems.
-2. `shell.nix`: shell related.
+
-3. `rime-squirrel.nix`: [rime-squirrel](https://github.com/rime/squirrel)'s configuration.
+## Configuration Modules
-4. `default.nix`: the entrypoint of darwin's configuration, it import all the submodules above.
+
 ### Core Configurations
 - **default.nix**: Entry point that imports all Darwin configurations
 - **shell.nix**: Shell configurations and environment settings
 - **rime-squirrel.nix**: [Rime Squirrel](https://github.com/rime/squirrel) input method
  configuration
 ### Window Management
 - **aerospace/**: [Aerospace](https://github.com/nikitabobko/AeroSpace) tiling window manager
  configuration
  - Custom keybindings and workspace management
  - Application-specific window rules
 ### Network Configuration
 - **proxy/**: Network proxy configurations
  - `proxychains.conf`: Proxy chains configuration for network routing
  - Proxy settings for development tools and applications
 ## Features
 - macOS-specific package installations and configurations
 - Native macOS applications and utilities
 - Touch ID and system integration
 - Homebrew integration for additional packages
 - macOS-specific shell configurations and aliases
@@ -1,10 +1,34 @@
 # Home Manager's Linux Submodules
-1. `base`: The base module that is suitable for any NixOS environment.
+This directory contains Linux-specific Home Manager configurations organized for different use
-2. `desktop`: Configuration for desktop environments, such as Hyprland, I3, etc.
+cases.
-3. `server.nix`: Configuration which is suitable for both servers and desktops. It import only
+
-   `base` as its submodule.
+## Configuration Modules
-   1. used by all my nixos servers.
+
-4. `desktop.nix`: the entrypoint of desktop's configuration, it import both `base` and `desktop` as
+### Core Configurations
-   its submodules.
+
-   1. used by all my nixos desktops.
+- **core.nix**: Essential Linux-specific configurations and settings
 - **base/**: Base Linux configurations including shell, tools, and utilities
  - `shell.nix`: Shell configurations and aliases
  - `tools.nix`: Essential command-line tools and utilities
 ### Desktop Configurations
 - **gui/**: Desktop environment configurations
  - **hyprland/**: Hyprland window manager with custom keybindings and settings
  - **niri/**: Niri compositor configuration
  - **base/**: Common desktop applications and services
  - **editors/**: Text editor configurations for desktop environments
 ### Available Entry Points
 - **core.nix**: Core Linux configuration, suitable for basic setups
 - **tui.nix**: Terminal-based interface configuration for lightweight environments
 - **gui.nix**: Graphical user interface configuration entry point, imports desktop environments
 ## Usage
 - **Lightweight/Terminal**: Use `core.nix` or `tui.nix` for terminal-focused setups
 - **Desktops**: Use `gui.nix` for full desktop environments with window managers like Hyprland or
  Niri
 - **Custom**: Mix and match configurations as needed for your specific use case
@@ -1,17 +1,49 @@
-# Desktop Related
+# Desktop Environment Configurations
-3. `base`: all common configurations for all desktops.
+This directory contains desktop environment and window manager configurations managed by Home
-4. `hyprland`: Hyprland's configuration.
+Manager.
-## Why install I3/Hyprland in Home Manager instead of a NixOS Module?
+## Available Configurations
-1. I3 & Hyprland's configuration file is located in `~/.config`, which can be easily managed by Home
+### Window Managers
-   Manager.
+
-2. I have many user-specific systemd services, such gammastep, wallpaper-switcher, etc. Which can be
+- **hyprland**: Hyprland compositor configuration with custom keybindings, settings, and window
-   easily managed by Home Manager, but if we add i3/hyprland in a NixOS Module, those user-level
+  rules
-   services may failed to start automatically. With i3/hyprland in a Home Manager Module, we can
+- **niri**: Niri compositor configuration with custom settings, keybindings, spawn-at-startup rules,
-   control their systemd service's dependent order more easily, so we can avoid issues like this.
+  and window rules
-3. By install packages as less as possible in NixOS Module, we can:
+
-   1. Make the NixOS system more secure and stable.
+### Base Desktop Environment
-   2. Make this flake more portable to other non-NixOS systems, as home-manager can be installed on
+
-      any Linux system.
+- **base**: Common desktop configurations shared across all environments, including:
  - Desktop applications (anyrun, mako, waybar, wlogout)
  - Creative tools and media applications
  - Development tools
  - Eye protection utilities (gammastep)
  - Fcitx5 input method framework
  - Games and gaming utilities
  - GTK theme configurations
  - Immutable file handling
  - Note-taking applications
  - Wallpaper management with auto-switcher
  - Wayland applications
  - XDG desktop configurations
 ### Editor Configurations
 - **editors**: Text editor configurations and integrations
 ## Why install Desktop Environments in Home Manager instead of NixOS Module?
 1. **Configuration Location**: Desktop environment configuration files are located in `~/.config`,
   which can be easily managed by Home Manager.
 2. **User-specific Services**: Many user-specific systemd services (gammastep, wallpaper-switcher,
   etc.) can be easily managed by Home Manager. If desktop environments were configured via NixOS
   Module, these user-level services might fail to start automatically. With Home Manager modules,
   we can control systemd service dependency order more effectively.
 3. **System Benefits**: By minimizing package installation through NixOS Module:
   - Makes the NixOS system more secure and stable
   - Increases portability to non-NixOS systems, as Home Manager can be installed on any Linux
     system
   - Allows for easier switching between different window managers without system-level changes
@@ -32,10 +32,10 @@
      ldtk # A modern, versatile 2D level editor
      # fpga
-      python313Packages.apycula # gowin fpga
+      # python313Packages.apycula # gowin fpga
-      yosys # fpga synthesis
+      # yosys # fpga synthesis
-      nextpnr # fpga place and route
+      # nextpnr # fpga place and route
-      openfpgaloader # fpga programming
+      # openfpgaloader # fpga programming
      # nur-ryan4yin.packages.${pkgs.system}.gowin-eda-edu-ide # app: `gowin-env` => `gw_ide` / `gw_pack` / ...
    ]);
@@ -0,0 +1,66 @@
 {
  pkgs,
  anyrun,
  ...
 }:
 let
  anyrunPackages = anyrun.packages.${pkgs.system};
 in
 {
  imports = [
    (
      { modulesPath, ... }:
      {
        # Important! We disable home-manager's module to avoid option
        # definition collisions
        disabledModules = [ "${modulesPath}/programs/anyrun.nix" ];
      }
    )
    anyrun.homeManagerModules.default
  ];
  programs.anyrun = {
    enable = true;
    # The package should come from the same flake as all the plugins to avoid breakage.
    package = anyrunPackages.anyrun;
    config = {
      # The horizontal position.
      # when using `fraction`, it sets a fraction of the width or height of the screen
      x.fraction = 0.5; # at the middle of the screen
      # The vertical position.
      y.fraction = 0.05; # at the top of the screen
      # The width of the runner.
      width.fraction = 0.3; # 30% of the screen
      hideIcons = false;
      ignoreExclusiveZones = false;
      layer = "overlay";
      hidePluginInfo = false;
      closeOnClick = true;
      showResultsImmediately = true;
      maxEntries = null;
      # https://github.com/anyrun-org/anyrun/tree/master/plugins
      plugins = with anyrunPackages; [
        applications # Launch applications
        dictionary # Look up word definitions using the Free Dictionary API.
        nix-run # search & run graphical apps from nixpkgs via `nix run`, without installing it.
        # randr         # quickly change monitor configurations on the fly
        rink # A simple calculator plugin
        symbols # Look up unicode symbols and custom user defined symbols.
        translate # ":zh <text to translate>" Quickly translate text using the Google Translate API.
        niri-focus # Search for & focus the window via title/appid on Niri
      ];
    };
    extraConfigFiles = {
      "symbols.ron".source = ./conf/anyrun/symbols.ron;
      "applications.ron".source = ./conf/anyrun/applications.ron;
    };
  };
  # https://github.com/anyrun-org/anyrun/discussions/179
  xdg.configFile."anyrun/style.css".source = ./conf/anyrun/style.css;
 }
@@ -0,0 +1,16 @@
 Config(
  // Also show the Desktop Actions defined in the desktop files, e.g. "New Window" from LibreWolf
  desktop_actions: true,
  max_entries: 5,
  // The terminal used for running terminal based desktop entries, if left as `None` a static list of terminals is used
  // to determine what terminal to use.
  terminal: Some(Terminal(
    // The main terminal command
    command: "alacritty",
    // What arguments should be passed to the terminal process to run the command correctly
    // {} is replaced with the command in the desktop entry
    args: "-e {}",
  )),
 )
@@ -0,0 +1,101 @@
 /* ===== Color variables ===== */
 :root {
  --bg-color: #313244;
  --fg-color: #cdd6f4;
  --primary-color: #89b4fa;
  --secondary-color: #cba6f7;
  --border-color: var(--primary-color);
  --selected-bg-color: var(--primary-color);
  --selected-fg-color: var(--bg-color);
 }
 /* ===== Global reset ===== */
 * {
  all: unset;
  font-family: "JetBrainsMono Nerd Font", monospace;
 }
 /* ===== Transparent window ===== */
 window {
  background: transparent;
 }
 /* ===== Main container ===== */
 box.main {
  border-radius: 16px;
  background-color: color-mix(in srgb, var(--bg-color) 80%, transparent);
  border: 0.5px solid color-mix(in srgb, var(--fg-color) 25%, transparent);
  padding: 12px; /* add uniform padding around the whole box */
 }
 /* ===== Input field ===== */
 text {
  font-size: 1.3rem;
  background: transparent;
  border: 1px solid var(--border-color);
  border-radius: 16px;
  margin-bottom: 12px;
  padding: 5px 10px;
  min-height: 44px;
  caret-color: var(--primary-color);
 }
 /* ===== List container ===== */
 .matches {
  background-color: transparent;
 }
 /* ===== Single match row ===== */
 .match {
  font-size: 1.1rem;
  padding: 4px 10px; /* tight vertical spacing */
  border-radius: 6px;
 }
 /* Remove default label margins */
 .match * {
  margin: 0;
  padding: 0;
  line-height: 1;
 }
 /* Selected / hover state */
 .match:selected,
 .match:hover {
  background-color: var(--selected-bg-color);
  color: var(--selected-fg-color);
 }
 .match:selected label.plugin.info,
 .match:hover label.plugin.info {
  color: var(--selected-fg-color);
 }
 .match:selected label.match.description,
 .match:hover label.match.description {
  color: color-mix(in srgb, var(--selected-fg-color) 90%, transparent);
 }
 /* ===== Plugin info label ===== */
 label.plugin.info {
  color: var(--fg-color);
  font-size: 1rem;
  min-width: 160px;
  text-align: left;
 }
 /* ===== Description label ===== */
 label.match.description {
  font-size: 0rem;
  color: var(--fg-color);
 }
 /* ===== Fade-in animation ===== */
@keyframes fade {
  0% {
    opacity: 0;
  }
  100% {
    opacity: 1;
  }
 }
@@ -0,0 +1,10 @@
 Config(
  // The prefix that the search needs to begin with to yield symbol results
  prefix: "",
  // Custom user defined symbols to be included along the unicode symbols
  symbols: {
    // "name": "text to be copied"
    "shrug": "¯\\_(ツ)_/¯",
  },
  max_entries: 3,
 )
@@ -1,4 +1,3 @@
 general {
    lock_cmd = pidof swaylock || swaylock              # avoid starting multiple instances
    before_sleep_cmd = loginctl lock-session          # lock before suspend
@@ -6,12 +5,13 @@ general {
    ignore_dbus_inhibit = false                       # whether to ignore dbus-sent idle-inhibit requests
 }
-# turn off keyboard backlight, comment out this section if you dont have a keyboard backlight.
+listener { 
-# listener { 
+    timeout = 180                                                      # 3 minutes
-#     timeout = 180                                          # 3 minutes
+    # List devices: brightnessctl --list
-#     on-timeout = brightnessctl -sd rgb:kbd_backlight set 0 # turn off keyboard backlight.
+    # Adjust keyboard backlight: brightnessctl -d kbd_backlight set 50%
-#     on-resume = brightnessctl -rd rgb:kbd_backlight        # turn on keyboard backlight.
+    on-timeout = brightnessctl --save --device=kbd_backlight set 0     # turn off keyboard backlight.
-# }
+    on-resume = brightnessctl --restore --device=kbd_backlight         # turn on keyboard backlight.
 }
 # listener {
 #     timeout = 600                                # 10min.
@@ -20,13 +20,13 @@ general {
 # }
 listener {
-    timeout = 1200                                     # 20 minutes
+    timeout = 1600                                     # 20 minutes
    on-timeout = pidof swaylock || swaylock           # lock screen
    on-resume = hyprctl dispatch dpms on              # monitor wake up
 }
 listener {
-    timeout = 1260                                             # 21 minutes
+    timeout = 1660                                             # 31 minutes
    on-timeout = hyprctl dispatch dpms off                     # screen off
    on-resume = hyprctl dispatch dpms on && brightnessctl -r   # monitor wake up & screen on
 }
@@ -0,0 +1,73 @@
 {
  config,
  pkgs,
  ...
 }:
 {
  imports = [
    ./anyrun.nix
    ./nvidia.nix
  ];
  # wayland related
  home.sessionVariables = {
    "NIXOS_OZONE_WL" = "1"; # for any ozone-based browser & electron apps to run on wayland
    "MOZ_ENABLE_WAYLAND" = "1"; # for firefox to run on wayland
    "MOZ_WEBRENDER" = "1";
    # enable native Wayland support for most Electron apps
    "ELECTRON_OZONE_PLATFORM_HINT" = "auto";
    # misc
    "_JAVA_AWT_WM_NONREPARENTING" = "1";
    "QT_WAYLAND_DISABLE_WINDOWDECORATION" = "1";
    "QT_QPA_PLATFORM" = "wayland";
    "SDL_VIDEODRIVER" = "wayland";
    "GDK_BACKEND" = "wayland";
    "XDG_SESSION_TYPE" = "wayland";
  };
  home.packages = with pkgs; [
    swaybg # the wallpaper
    wl-clipboard # copying and pasting
    hyprpicker # color picker
    brightnessctl
    hyprshot # screen shot
    wf-recorder # screen recording
    # audio
    alsa-utils # provides amixer/alsamixer/...
    networkmanagerapplet # provide GUI app: nm-connection-editor
  ];
  xdg.configFile =
    let
      mkSymlink = config.lib.file.mkOutOfStoreSymlink;
      confPath = "${config.home.homeDirectory}/nix-config/home/linux/gui/base/desktop/conf";
    in
    {
      "mako".source = mkSymlink "${confPath}/mako";
      "waybar".source = mkSymlink "${confPath}/waybar";
      "wlogout".source = mkSymlink "${confPath}/wlogout";
      "hypr/hypridle.conf".source = mkSymlink "${confPath}/hypridle.conf";
    };
  # status bar
  programs.waybar = {
    enable = true;
    systemd.enable = true;
  };
  # Disable catppuccin to avoid conflict with my non-nix config.
  catppuccin.waybar.enable = false;
  # screen locker
  programs.swaylock.enable = true;
  # Logout Menu
  programs.wlogout.enable = true;
  catppuccin.wlogout.enable = false;
  # Hyprland idle daemon
  services.hypridle.enable = true;
  # notification daemon, the same as dunst
  services.mako.enable = true;
  catppuccin.mako.enable = false;
 }
@@ -0,0 +1,26 @@
 {
  config,
  lib,
  ...
 }:
 with lib;
 let
  cfg = config.modules.desktop.nvidia;
 in
 {
  options.modules.desktop.nvidia = {
    enable = mkEnableOption "whether nvidia GPU is used";
  };
  config = mkIf (cfg.enable && cfg.enable) {
    home.sessionVariables = {
      # for hyprland with nvidia gpu" = " ref https://wiki.hyprland.org/Nvidia/
      "LIBVA_DRIVER_NAME" = "nvidia";
      "__GLX_VENDOR_LIBRARY_NAME" = "nvidia";
      # VA-API hardware video acceleration
      "NVD_BACKEND" = "direct";
      "GBM_BACKEND" = "nvidia-drm";
    };
  };
 }
@@ -18,7 +18,7 @@
      fcitx5-rime
      # needed enable rime using configtool after installed
      fcitx5-configtool
-      fcitx5-chinese-addons
+      # fcitx5-chinese-addons # we use rime instead
      # fcitx5-mozc    # japanese input method
      fcitx5-gtk # gtk im module
    ];
@@ -1,13 +0,0 @@
 {
  pkgs,
  nix-gaming,
  ...
 }:
 {
  home.packages = with pkgs; [
    # nix-gaming.packages.${pkgs.system}.osu-laser-bin
    gamescope # SteamOS session compositing window manager
    prismlauncher # A free, open source launcher for Minecraft
    winetricks # A script to install DLLs needed to work around problems in Wine
  ];
 }
@@ -0,0 +1,71 @@
 {
  pkgs,
  pkgs-x64,
  osConfig,
  config,
  lib,
  ...
 }:
 with lib;
 let
  cfg = config.modules.desktop.gaming;
 in
 {
  options.modules.desktop = {
    gaming = {
      enable = mkEnableOption "Install Game Suite(steam, lutris, etc)";
    };
  };
  config = mkIf cfg.enable {
    # ==========================================================================
    # Other Optimizations
    # Usage:
    #  Lutris - enable advanced options, go to the System options -> Command prefix, add: `mangohud`
    #  Steam  - add this as a launch option: `mangohud %command%` / `gamemoderun %command%`
    # ==========================================================================
    home.packages =
      (with pkgs; [
        # https://github.com/flightlessmango/MangoHud
        # a simple overlay program for monitoring FPS, temperature, CPU and GPU load, and more.
        mangohud
        # GUI for installing custom Proton versions like GE_Proton
        # proton - a Wine distribution aimed at gaming
        protonplus
        # Script to install various redistributable runtime libraries in Wine.
        winetricks
        # https://github.com/Open-Wine-Components/umu-launcher
        # a unified launcher for Windows games on Linux
        umu-launcher
      ])
      ++ (with pkgs-x64; [
        # a game launcher - great for epic games and gog games
        (heroic.override {
          extraPkgs = _pkgs: [
            pkgs.gamescope # aarch64
          ];
        })
      ]);
    # a GUI game launcher for Steam/GoG/Epic
    programs.lutris = {
      enable = true;
      defaultWinePackage = pkgs-x64.proton-ge-bin;
      steamPackage = osConfig.programs.steam.package;
      protonPackages = [ pkgs-x64.proton-ge-bin ];
      winePackages = with pkgs-x64; [
        wineWow64Packages.full
        wineWowPackages.stagingFull
      ];
      extraPackages = with pkgs; [
        winetricks
        gamescope
        gamemode
        mangohud
        umu-launcher
      ];
    };
  };
 }
@@ -38,10 +38,5 @@
    };
    gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
    iconTheme = {
      name = "Papirus-Dark";
      package = pkgs.papirus-icon-theme;
    };
  };
 }
@@ -1,5 +1,6 @@
 {
  pkgs,
  pkgs-x64,
  pkgs-unstable,
  nur-ryan4yin,
  ...
@@ -21,10 +22,8 @@
      vulkan-tools
      glxinfo
      nvitop
-    ]
+      (pkgs-x64.zoom-us.override { hyprlandXdgDesktopPortalSupport = true; })
-    ++ (lib.optionals pkgs.stdenv.isx86_64 [
+    ];
      (zoom-us.override { hyprlandXdgDesktopPortalSupport = true; })
    ]);
  programs.mpv = {
    enable = true;
@@ -10,19 +10,16 @@
    # do not support .pdf
    foliate
    # instant messaging
    telegram-desktop
    # discord # update too frequently, use the web version instead
    # remote desktop(rdp connect)
    remmina
    freerdp # required by remmina
    # my custom hardened packages
    pkgs.nixpaks.qq
-    pkgs.nixpaks.qq-desktop-item
+    pkgs.nixpaks.telegram-desktop
    # qqmusic
    pkgs.bwraps.wechat
    # discord # update too frequently, use the web version instead
  ];
  # allow fontconfig to discover fonts and configurations installed through home.packages
@@ -10,8 +10,7 @@
    Unit = {
      Description = "Wallpaper Switcher daemon";
      After = [
-        "graphical-session-pre.target"
+        "graphical-session.target"
        "xdg-desktop-autostart.target"
      ];
      Wants = [ "graphical-session-pre.target" ];
    };
@@ -6,7 +6,6 @@
  home.packages = with pkgs; [
    # firefox-wayland
    nixpaks.firefox
    nixpaks.firefox-desktop-item
  ];
  programs = {
@@ -40,7 +40,6 @@ bind  =  ,    XF86AudioPlay,          exec,        playerctl play-pause
 bind  =  ,    XF86AudioNext,          exec,        playerctl next
 bind  =  ,    XF86AudioPrev,          exec,        playerctl previous
 bind  =  ,    XF86Search,             exec,        anyrun
 bind  =  ,    XF86PowerOff,           exec,        shutdown -h now
 # WORKSPACES
 # ============================================================================
@@ -2,21 +2,14 @@
  pkgs,
  config,
  lib,
  anyrun,
  ...
 }@args:
 with lib;
 let
  cfg = config.modules.desktop.hyprland;
 in
 {
  imports = [
    # anyrun.homeManagerModules.default # the module is already in hm now.
    ./options
  ];
  options.modules.desktop.hyprland = {
-    enable = mkEnableOption "hyprland compositor";
+    enable = lib.mkEnableOption "hyprland compositor";
    settings = lib.mkOption {
      type =
        with lib.types;
@@ -40,14 +33,13 @@ in
    };
  };
-  config = mkIf cfg.enable (
+  config = lib.mkIf cfg.enable (
-    mkMerge (
+    lib.mkMerge [
      [
      {
        wayland.windowManager.hyprland.settings = cfg.settings;
      }
      (import ./hyprland.nix args)
      (import ./xdg.nix args)
    ]
      ++ (import ./values args)
    )
  );
 }
@@ -1,6 +1,5 @@
 {
  pkgs,
  pkgs-stable,
  config,
  ...
 }:
@@ -11,38 +10,12 @@ in
  xdg.configFile =
    let
      mkSymlink = config.lib.file.mkOutOfStoreSymlink;
-      hyprPath = "${config.home.homeDirectory}/nix-config/home/linux/gui/hyprland/conf";
+      confPath = "${config.home.homeDirectory}/nix-config/home/linux/gui/hyprland/conf";
    in
    {
-      "mako".source = mkSymlink "${hyprPath}/mako";
+      "hypr/configs".source = mkSymlink confPath;
      "waybar".source = mkSymlink "${hyprPath}/waybar";
      "wlogout".source = mkSymlink "${hyprPath}/wlogout";
      "hypr/hypridle.conf".source = mkSymlink "${hyprPath}/hypridle.conf";
      "hypr/configs".source = mkSymlink "${hyprPath}/configs";
    };
  # status bar
  programs.waybar = {
    enable = true;
    systemd.enable = true;
  };
  # Disable catppuccin to avoid conflict with my non-nix config.
  catppuccin.waybar.enable = false;
  # screen locker
  programs.swaylock.enable = true;
  # Logout Menu
  programs.wlogout.enable = true;
  catppuccin.wlogout.enable = false;
  # Hyprland idle daemon
  services.hypridle.enable = true;
  # notification daemon, the same as dunst
  services.mako.enable = true;
  catppuccin.mako.enable = false;
  # NOTE:
  # We have to enable hyprland/i3's systemd user service in home-manager,
  # so that gammastep/wallpaper-switcher's user service can be start correctly!
@@ -63,16 +36,7 @@ in
          "${configPath}/windowrules.conf"
        ];
      env = [
-        "NIXOS_OZONE_WL,1" # for any ozone-based browser & electron apps to run on wayland
+
        "MOZ_ENABLE_WAYLAND,1" # for firefox to run on wayland
        "MOZ_WEBRENDER,1"
        # misc
        "_JAVA_AWT_WM_NONREPARENTING,1"
        "QT_WAYLAND_DISABLE_WINDOWDECORATION,1"
        "QT_QPA_PLATFORM,wayland"
        "SDL_VIDEODRIVER,wayland"
        "GDK_BACKEND,wayland"
        "XDG_SESSION_TYPE,wayland"
      ];
    };
    # gammastep/wallpaper-switcher need this to be enabled.
@@ -1,28 +0,0 @@
 {
  config,
  lib,
  ...
 }:
 with lib;
 let
  cfg = config.modules.desktop.hyprland;
 in
 {
  options.modules.desktop.hyprland = {
    nvidia = mkEnableOption "whether nvidia GPU is used";
  };
  config = mkIf (cfg.enable && cfg.nvidia) {
    wayland.windowManager.hyprland.settings.env = [
      # for hyprland with nvidia gpu, ref https://wiki.hyprland.org/Nvidia/
      "LIBVA_DRIVER_NAME,nvidia"
      "__GLX_VENDOR_LIBRARY_NAME,nvidia"
      # enable native Wayland support for most Electron apps
      "ELECTRON_OZONE_PLATFORM_HINT,auto"
      # VA-API hardware video acceleration
      "NVD_BACKEND,direct"
      "GBM_BACKEND,nvidia-drm"
    ];
  };
 }
@@ -1,85 +0,0 @@
 {
  pkgs,
  anyrun,
  ...
 }:
 {
  programs.anyrun = {
    enable = true;
    config = {
      plugins = with anyrun.packages.${pkgs.system}; [
        applications
        randr
        rink
        shell
        symbols
        translate
      ];
      width.fraction = 0.3;
      y.absolute = 15;
      hidePluginInfo = true;
      closeOnClick = true;
    };
    # custom css for anyrun, based on catppuccin-mocha
    extraCss = ''
      @define-color bg-col  rgba(30, 30, 46, 0.7);
      @define-color bg-col-light rgba(150, 220, 235, 0.7);
      @define-color border-col rgba(30, 30, 46, 0.7);
      @define-color selected-col rgba(150, 205, 251, 0.7);
      @define-color fg-col #D9E0EE;
      @define-color fg-col2 #F28FAD;
      * {
        transition: 200ms ease;
        font-family: "Maple Mono NF CN";
        font-size: 1.3rem;
      }
      #window {
        background: transparent;
      }
      #plugin,
      #main {
        border: 3px solid @border-col;
        color: @fg-col;
        background-color: @bg-col;
      }
      /* anyrun's input window - Text */
      #entry {
        color: @fg-col;
        background-color: @bg-col;
      }
      /* anyrun's output matches entries - Base */
      #match {
        color: @fg-col;
        background: @bg-col;
      }
      /* anyrun's selected entry - Red */
      #match:selected {
        color: @fg-col2;
        background: @selected-col;
      }
      #match {
        padding: 3px;
        border-radius: 16px;
      }
      #entry, #plugin:hover {
        border-radius: 16px;
      }
      box#main {
        background: rgba(30, 30, 46, 0.7);
        border: 1px solid @border-col;
        border-radius: 15px;
        padding: 5px;
      }
    '';
  };
 }
@@ -1 +0,0 @@
 { mylib, ... }@args: map (path: import path args) (mylib.scanPaths ./.)
@@ -1,20 +0,0 @@
 {
  pkgs,
  ...
 }:
 {
  home.packages = with pkgs; [
    swaybg # the wallpaper
    wl-clipboard # copying and pasting
    hyprpicker # color picker
    brightnessctl
    hyprshot # screen shot
    wf-recorder # screen recording
    # audio
    alsa-utils # provides amixer/alsamixer/...
    networkmanagerapplet # provide GUI app: nm-connection-editor
  ];
 }
@@ -0,0 +1,66 @@
 {
  pkgs,
  config,
  lib,
  niri,
  ...
 }@args:
 let
  cfg = config.modules.desktop.niri;
 in
 {
  options.modules.desktop.niri = {
    enable = lib.mkEnableOption "niri compositor";
    settings = lib.mkOption {
      type =
        with lib.types;
        let
          valueType =
            nullOr (oneOf [
              bool
              int
              float
              str
              path
              (attrsOf valueType)
              (listOf valueType)
            ])
            // {
              description = "niri configuration value";
            };
        in
        valueType;
      default = { };
    };
  };
  config = lib.mkIf cfg.enable (
    lib.mkMerge [
      {
        home.packages = with pkgs; [
          # Niri v25.08 will create X11 sockets on disk, export $DISPLAY, and spawn `xwayland-satellite` on-demand when an X11 client connects
          xwayland-satellite
        ];
        programs.niri.config = cfg.settings;
        # NOTE: this executable is used by greetd to start a wayland session when system boot up
        # with such a vendor-no-locking script, we can switch to another wayland compositor without modifying greetd's config in NixOS module
        home.file.".wayland-session" = {
          source = pkgs.writeScript "init-session" ''
            # trying to stop a previous niri session
            systemctl --user is-active niri.service && systemctl --user stop niri.service
            # and then we start a new one
            /run/current-system/sw/bin/niri-session
          '';
          executable = true;
        };
      }
      (import ./settings.nix niri)
      (import ./keybindings.nix niri)
      (import ./spawn-at-startup.nix niri)
      (import ./windowrules.nix niri)
    ]
  );
 }
@@ -0,0 +1,214 @@
 niri: {
  programs.niri.config =
    let
      inherit (niri.lib.kdl)
        node
        plain
        leaf
        flag
        ;
    in
    [
      (plain "binds" [
        # Keys consist of modifiers separated by + signs, followed by an XKB key name
        # in the end. To find an XKB name for a particular key, you may use a program
        # like wev.
        #
        # "Mod" is a special modifier equal to Super when running on a TTY, and to Alt
        # when running as a winit window.
        #
        # Most actions that you can bind here can also be invoked programmatically with
        # `niri msg action do-something`.
        # Mod-Shift-/, which is usually the same as Mod-?,
        # shows a list of important hotkeys.
        (plain "Mod+Shift+Slash" [ (flag "show-hotkey-overlay") ])
        # Suggested binds for running programs: terminal, app launcher, screen locker.
        (plain "Mod+Return" [ (leaf "spawn" [ "foot" ]) ])
        (plain "Mod+Shift+Return" [ (leaf "spawn" [ "alacritty" ]) ])
        (plain "Mod+D" [ (leaf "spawn" [ "anyrun" ]) ])
        (plain "CTRL+Alt+L" [ (leaf "spawn" [ "swaylock" ]) ])
        # You can also use a shell:
        # (plain "Mod+T" [(leaf "spawn" [ "bash" "-c" "notify-send hello && exec alacritty" ])])
        # Example volume keys mappings for PipeWire & WirePlumber.
        (plain "XF86AudioRaiseVolume" [
          (leaf "spawn" [
            "wpctl"
            "set-volume"
            "@DEFAULT_AUDIO_SINK@"
            "0.1+"
          ])
        ])
        (plain "XF86AudioLowerVolume" [
          (leaf "spawn" [
            "wpctl"
            "set-volume"
            "@DEFAULT_AUDIO_SINK@"
            "0.1-"
          ])
        ])
        (plain "Mod+Q" [ (flag "close-window") ])
        (plain "Mod+Left" [ (flag "focus-column-left") ])
        (plain "Mod+Down" [ (flag "focus-window-down") ])
        (plain "Mod+Up" [ (flag "focus-window-up") ])
        (plain "Mod+Right" [ (flag "focus-column-right") ])
        (plain "Mod+H" [ (flag "focus-column-left") ])
        (plain "Mod+J" [ (flag "focus-window-down") ])
        (plain "Mod+K" [ (flag "focus-window-up") ])
        (plain "Mod+L" [ (flag "focus-column-right") ])
        (plain "Mod+Ctrl+Left" [ (flag "move-column-left") ])
        (plain "Mod+Ctrl+Down" [ (flag "move-window-down") ])
        (plain "Mod+Ctrl+Up" [ (flag "move-window-up") ])
        (plain "Mod+Ctrl+Right" [ (flag "move-column-right") ])
        (plain "Mod+Ctrl+H" [ (flag "move-column-left") ])
        (plain "Mod+Ctrl+J" [ (flag "move-window-down") ])
        (plain "Mod+Ctrl+K" [ (flag "move-window-up") ])
        (plain "Mod+Ctrl+L" [ (flag "move-column-right") ])
        # Alternative commands that move across workspaces when reaching
        # the first or last window in a column.
        # (plain "Mod+J"      [(flag "focus-window-or-workspace-down")])
        # (plain "Mod+K"      [(flag "focus-window-or-workspace-up")])
        # (plain "Mod+Ctrl+J" [(flag "move-window-down-or-to-workspace-down")])
        # (plain "Mod+Ctrl+K" [(flag "move-window-up-or-to-workspace-up")])
        (plain "Mod+Home" [ (flag "focus-column-first") ])
        (plain "Mod+End" [ (flag "focus-column-last") ])
        (plain "Mod+Ctrl+Home" [ (flag "move-column-to-first") ])
        (plain "Mod+Ctrl+End" [ (flag "move-column-to-last") ])
        (plain "Mod+Shift+Left" [ (flag "focus-monitor-left") ])
        (plain "Mod+Shift+Down" [ (flag "focus-monitor-down") ])
        (plain "Mod+Shift+Up" [ (flag "focus-monitor-up") ])
        (plain "Mod+Shift+Right" [ (flag "focus-monitor-right") ])
        (plain "Mod+Shift+H" [ (flag "focus-monitor-left") ])
        (plain "Mod+Shift+J" [ (flag "focus-monitor-down") ])
        (plain "Mod+Shift+K" [ (flag "focus-monitor-up") ])
        (plain "Mod+Shift+L" [ (flag "focus-monitor-right") ])
        (plain "Mod+Shift+Ctrl+Left" [ (flag "move-column-to-monitor-left") ])
        (plain "Mod+Shift+Ctrl+Down" [ (flag "move-column-to-monitor-down") ])
        (plain "Mod+Shift+Ctrl+Up" [ (flag "move-column-to-monitor-up") ])
        (plain "Mod+Shift+Ctrl+Right" [ (flag "move-column-to-monitor-right") ])
        (plain "Mod+Shift+Ctrl+H" [ (flag "move-column-to-monitor-left") ])
        (plain "Mod+Shift+Ctrl+J" [ (flag "move-column-to-monitor-down") ])
        (plain "Mod+Shift+Ctrl+K" [ (flag "move-column-to-monitor-up") ])
        (plain "Mod+Shift+Ctrl+L" [ (flag "move-column-to-monitor-right") ])
        # Alternatively, there are commands to move just a single window:
        # (plain "Mod+Shift+Ctrl+Left" [(flag "move-window-to-monitor-left")])
        # ...
        # And you can also move a whole workspace to another monitor:
        # (plain "Mod+Shift+Ctrl+Left" [(flag "move-workspace-to-monitor-left")])
        # ...
        (plain "Mod+Page_Down" [ (flag "focus-workspace-down") ])
        (plain "Mod+Page_Up" [ (flag "focus-workspace-up") ])
        (plain "Mod+U" [ (flag "focus-workspace-down") ])
        (plain "Mod+I" [ (flag "focus-workspace-up") ])
        (plain "Mod+Ctrl+Page_Down" [ (flag "move-column-to-workspace-down") ])
        (plain "Mod+Ctrl+Page_Up" [ (flag "move-column-to-workspace-up") ])
        (plain "Mod+Ctrl+U" [ (flag "move-column-to-workspace-down") ])
        (plain "Mod+Ctrl+I" [ (flag "move-column-to-workspace-up") ])
        # Alternatively, there are commands to move just a single window:
        # (plain "Mod+Ctrl+Page_Down" [(flag "move-window-to-workspace-down")])
        # ...
        (plain "Mod+Shift+Page_Down" [ (flag "move-workspace-down") ])
        (plain "Mod+Shift+Page_Up" [ (flag "move-workspace-up") ])
        (plain "Mod+Shift+U" [ (flag "move-workspace-down") ])
        (plain "Mod+Shift+I" [ (flag "move-workspace-up") ])
        # You can refer to workspaces by index. However, keep in mind that
        # niri is a dynamic workspace system, so these commands are kind of
        # "best effort". Trying to refer to a workspace index bigger than
        # the current workspace count will instead refer to the bottommost
        # (empty) workspace.
        #
        # For example, with 2 workspaces + 1 empty, indices 3, 4, 5 and so on
        # will all refer to the 3rd workspace.
        (plain "Mod+1" [ (leaf "focus-workspace" "1terminal") ])
        (plain "Mod+2" [ (leaf "focus-workspace" "2browser") ])
        (plain "Mod+3" [ (leaf "focus-workspace" "3chat") ])
        (plain "Mod+4" [ (leaf "focus-workspace" "4music") ])
        (plain "Mod+5" [ (leaf "focus-workspace" "5mail") ])
        (plain "Mod+6" [ (leaf "focus-workspace" "6file") ])
        (plain "Mod+7" [ (leaf "focus-workspace" 7) ])
        (plain "Mod+8" [ (leaf "focus-workspace" 8) ])
        (plain "Mod+9" [ (leaf "focus-workspace" 9) ])
        (plain "Mod+0" [ (leaf "focus-workspace" "0other") ])
        (plain "Mod+Ctrl+1" [ (leaf "move-column-to-workspace" "1terminal") ])
        (plain "Mod+Ctrl+2" [ (leaf "move-column-to-workspace" "2browser") ])
        (plain "Mod+Ctrl+3" [ (leaf "move-column-to-workspace" "3chat") ])
        (plain "Mod+Ctrl+4" [ (leaf "move-column-to-workspace" "4music") ])
        (plain "Mod+Ctrl+5" [ (leaf "move-column-to-workspace" "5mail") ])
        (plain "Mod+Ctrl+6" [ (leaf "move-column-to-workspace" "6file") ])
        (plain "Mod+Ctrl+7" [ (leaf "move-column-to-workspace" 7) ])
        (plain "Mod+Ctrl+8" [ (leaf "move-column-to-workspace" 8) ])
        (plain "Mod+Ctrl+9" [ (leaf "move-column-to-workspace" 9) ])
        (plain "Mod+Ctrl+0" [ (leaf "move-column-to-workspace" "0other") ])
        # Alternatively, there are commands to move just a single window:
        # (plain "Mod+Ctrl+1" [(leaf "move-window-to-workspace" 1)])
        (plain "Mod+Comma" [ (flag "consume-window-into-column") ])
        (plain "Mod+Period" [ (flag "expel-window-from-column") ])
        # There are also commands that consume or expel a single window to the side.
        # (plain "Mod+BracketLeft"  [(flag "consume-or-expel-window-left")])
        # (plain "Mod+BracketRight" [(flag "consume-or-expel-window-right")])
        (plain "Mod+R" [ (flag "switch-preset-column-width") ])
        (plain "Mod+F" [ (flag "maximize-column") ])
        (plain "Mod+Shift+F" [ (flag "fullscreen-window") ])
        (plain "Mod+C" [ (flag "center-column") ])
        # Finer width adjustments.
        # This command can also:
        # * set width in pixels: "1000"
        # * adjust width in pixels: "-5" or "+5"
        # * set width as a percentage of screen width: "25%"
        # * adjust width as a percentage of screen width: "-10%" or "+10%"
        # Pixel sizes use logical, or scaled, pixels. I.e. on an output with scale 2.0,
        # (leaf "set-column-width" "100") will make the column occupy 200 physical screen pixels.
        (plain "Mod+Minus" [ (leaf "set-column-width" "-10%") ])
        (plain "Mod+Equal" [ (leaf "set-column-width" "+10%") ])
        # Finer height adjustments when in column with other windows.
        (plain "Mod+Shift+Minus" [ (leaf "set-window-height" "-10%") ])
        (plain "Mod+Shift+Equal" [ (leaf "set-window-height" "+10%") ])
        # Actions to switch layouts.
        # Note: if you uncomment these, make sure you do NOT have
        # a matching layout switch hotkey configured in xkb options above.
        # Having both at once on the same hotkey will break the switching,
        # since it will switch twice upon pressing the hotkey (once by xkb, once by niri).
        # (plain "Mod+Space"       [(leaf "switch-layout" "next")])
        # (plain "Mod+Shift+Space" [(leaf "switch-layout" "prev")])
        # Take an area screenshot. Select the area to screenshot with mouse
        (plain "Print" [ (flag "screenshot") ])
        # Take a screenshot of the focused monitor
        (plain "Ctrl+Print" [ (flag "screenshot-screen") ])
        # Take a screenshot of the focused window
        (plain "Alt+Print" [ (flag "screenshot-window") ])
        (plain "Mod+Shift+E" [ (leaf "spawn" [ "wlogout" ]) ])
        (plain "Mod+Shift+P" [ (flag "power-off-monitors") ])
        # This debug bind will tint all surfaces green, unless they are being
        # directly scanned out. It's therefore useful to check if direct scanout
        # is working.
        # (plain "Mod+Shift+Ctrl+T" [(flag "toggle-debug-tint")])
      ])
    ];
 }
@@ -0,0 +1,276 @@
 niri: {
  programs.niri.config =
    let
      inherit (niri.lib.kdl)
        node
        plain
        leaf
        flag
        ;
    in
    [
      (plain "input" [
        (plain "keyboard" [
          (plain "xkb" [
            # You can set rules, model, layout, variant and options.
            # For more information, see xkeyboard-config(7).
            # For example:
            # (leaf "layout" "us,ru")
            # (leaf "options" "grp:win_space_toggle,compose:ralt,ctrl:nocaps")
          ])
          # You can set the keyboard repeat parameters. The defaults match wlroots and sway.
          # Delay is in milliseconds before the repeat starts. Rate is in characters per second.
          # (leaf "repeat-delay" 600)
          # (leaf "repeat-rate" 25)
          # Niri can remember the keyboard layout globally (the default) or per-window.
          # - "global" - layout change is global for all windows.
          # - "window" - layout is tracked for each window individually.
          # (leaf "track-layout" "global")
        ])
        # Next sections include libinput settings.
        # Omitting settings disables them, or leaves them at their default values.
        (plain "touchpad" [
          # (flag "tap")  # tap-to-click
          (flag "dwt") # disable-when-typing.
          # (flag "dwtp") # disable-when-trackpointing.
          (flag "natural-scroll") # inverts the scrolling direction.
          # (leaf "accel-speed" 0.2)
          # (leaf "accel-profile" "flat")
          # (leaf "tap-button-map" "left-middle-right")
        ])
        (plain "mouse" [
          # (flag "natural-scroll") # inverts the scrolling direction.
          # (leaf "accel-speed" 0.2)
          # (leaf "accel-profile" "flat")
        ])
        # By default, niri will take over the power button to make it sleep
        # instead of power off.
        # Uncomment this if you would like to configure the power button elsewhere
        # (i.e. logind.conf).
        # (flag "disable-power-key-handling")
      ])
      (plain "layout" [
        # By default focus ring and border are rendered as a solid background rectangle
        # behind windows. That is, they will show up through semitransparent windows.
        # This is because windows using client-side decorations can have an arbitrary shape.
        #
        # If you don't like that, you should uncomment `prefer-no-csd` below.
        # Niri will draw focus ring and border *around* windows that agree to omit their
        # client-side decorations.
        # You can change how the focus ring looks.
        (plain "focus-ring" [
          # Uncomment this line to disable the focus ring.
          # (flag "off")
          # How many logical pixels the ring extends out from the windows.
          (leaf "width" 4)
          # Colors can be set in a variety of ways:
          # - CSS named colors: "red"
          # - RGB hex: "#rgb", "#rgba", "#rrggbb", "#rrggbbaa"
          # - CSS-like notation: "rgb(255, 127, 0)", rgba(), hsl() and a few others.
          # Color of the ring on the active monitor.
          (leaf "active-color" "#7fc8ff")
          # Color of the ring on inactive monitors.
          (leaf "inactive-color" "#505050")
          # Additionally, there's a legacy RGBA syntax:
          # (leaf "active-color" [ 127 200 255 255 ])
          # You can also use gradients. They take precedence over solid colors.
          # Gradients are rendered the same as CSS linear-gradient(angle, from, to).
          # The angle is the same as in linear-gradient, and is optional,
          # defaulting to 180 (top-to-bottom gradient).
          # You can use any CSS linear-gradient tool on the web to set these up.
          #
          # (leaf "active-gradient" { from="#80c8ff"; to="#bbddff"; angle=45; })
          # You can also color the gradient relative to the entire view
          # of the workspace, rather than relative to just the window itself.
          # To do that, set relative-to="workspace-view";
          #
          # (leaf "inactive-gradient" { from="#505050"; to="#808080"; angle=45; relative-to="workspace-view"; })
        ])
        # You can also add a border. It's similar to the focus ring, but always visible.
        (plain "border" [
          # The settings are the same as for the focus ring.
          # If you enable the border, you probably want to disable the focus ring.
          (flag "off")
          (leaf "width" 4)
          (leaf "active-color" "#ffc87f")
          (leaf "inactive-color" "#505050")
          # (leaf "active-gradient" { from="#ffbb66"; to="#ffc880"; angle=45; relative-to="workspace-view"; })
          # (leaf "inactive-gradient" { from="#505050"; to="#808080"; angle=45; relative-to="workspace-view"; })
        ])
        # You can customize the widths that "switch-preset-column-width" (Mod+R) toggles between.
        (plain "preset-column-widths" [
          # Proportion sets the width as a fraction of the output width, taking gaps into account.
          # For example, you can perfectly fit four windows sized "proportion 0.25" on an output.
          # The default preset widths are 1/3, 1/2 and 2/3 of the output.
          (leaf "proportion" (1.0 / 3.0))
          (leaf "proportion" (1.0 / 2.0))
          (leaf "proportion" (2.0 / 3.0))
          # Fixed sets the width in logical pixels exactly.
          # (leaf "fixed" 1920)
        ])
        # You can change the default width of the new windows.
        (plain "default-column-width" [
          (leaf "proportion" 0.5)
        ])
        # If you leave the children empty, the windows themselves will decide their initial width.
        # (plain "default-column-width" [])
        # Set gaps around windows in logical pixels.
        (leaf "gaps" 8)
        # Struts shrink the area occupied by windows, similarly to layer-shell panels.
        # You can think of them as a kind of outer gaps. They are set in logical pixels.
        # Left and right struts will cause the next window to the side to always be visible.
        # Top and bottom struts will simply add outer gaps in addition to the area occupied by
        # layer-shell panels and regular gaps.
        (plain "struts" [
          # (leaf "left" 64)
          # (leaf "right" 64)
          # (leaf "top" 64)
          # (leaf "bottom" 64)
        ])
        # When to center a column when changing focus, options are:
        # - "never", default behavior, focusing an off-screen column will keep at the left
        #   or right edge of the screen.
        # - "on-overflow", focusing a column will center it if it doesn't fit
        #   together with the previously focused column.
        # - "always", the focused column will always be centered.
        (leaf "center-focused-column" "never")
      ])
      (plain "cursor" [
        # Change the theme and size of the cursor as well as set the
        # `XCURSOR_THEME` and `XCURSOR_SIZE` env variables.
        # (leaf "xcursor-theme" "default")
        # (leaf "xcursor-size" 24)
      ])
      # Uncomment this line to ask the clients to omit their client-side decorations if possible.
      # If the client will specifically ask for CSD, the request will be honored.
      # Additionally, clients will be informed that they are tiled, removing some rounded corners.
      # (flag "prefer-no-csd")
      # You can change the path where screenshots are saved.
      # A ~ at the front will be expanded to the home directory.
      # The path is formatted with strftime(3) to give you the screenshot date and time.
      (leaf "screenshot-path" "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png")
      # You can also set this to null to disable saving screenshots to disk.
      # (leaf "screenshot-path" null)
      # Settings for the "Important Hotkeys" overlay.
      (plain "hotkey-overlay" [
        # Uncomment this line if you don't want to see the hotkey help at niri startup.
        # (flag "skip-at-startup")
      ])
      (plain "layer-rule" [
        (leaf "match" { namespace = "waybar"; })
        (leaf "opacity" 0.8)
      ])
      # Animation settings.
      (plain "animations" [
        # Uncomment to turn off all animations.
        # (flag "off")
        # Slow down all animations by this factor. Values below 1 speed them up instead.
        # (leaf "slowdown" 3.0)
        # You can configure all individual animations.
        # Available settings are the same for all of them.
        # - off disables the animation.
        #
        # Niri supports two animation types: easing and spring.
        # You can set properties for only ONE of them.
        #
        # Easing has the following settings:
        # - duration-ms sets the duration of the animation in milliseconds.
        # - curve sets the easing curve. Currently, available curves
        #   are "ease-out-cubic" and "ease-out-expo".
        #
        # Spring animations work better with touchpad gestures, because they
        # take into account the velocity of your fingers as you release the swipe.
        # The parameters are less obvious and generally should be tuned
        # with trial and error. Notably, you cannot directly set the duration.
        # You can use this app to help visualize how the spring parameters
        # change the animation: https://flathub.org/apps/app.drey.Elastic
        #
        # A spring animation is configured like this:
        # - (leaf "spring" { damping-ratio=1.0; stiffness=1000; epsilon=0.0001; })
        #
        # The damping ratio goes from 0.1 to 10.0 and has the following properties:
        # - below 1.0: underdamped spring, will oscillate in the end.
        # - above 1.0: overdamped spring, won't oscillate.
        # - 1.0: critically damped spring, comes to rest in minimum possible time
        #    without oscillations.
        #
        # However, even with damping ratio = 1.0 the spring animation may oscillate
        # if "launched" with enough velocity from a touchpad swipe.
        #
        # Lower stiffness will result in a slower animation more prone to oscillation.
        #
        # Set epsilon to a lower value if the animation "jumps" in the end.
        #
        # The spring mass is hardcoded to 1.0 and cannot be changed. Instead, change
        # stiffness proportionally. E.g. increasing mass by 2x is the same as
        # decreasing stiffness by 2x.
        # Animation when switching workspaces up and down,
        # including after the touchpad gesture.
        (plain "workspace-switch" [
          # (flag "off")
          # (leaf "spring" { damping-ratio=1.0; stiffness=1000; epsilon=0.0001; })
        ])
        # All horizontal camera view movement:
        # - When a window off-screen is focused and the camera scrolls to it.
        # - When a new window appears off-screen and the camera scrolls to it.
        # - When a window resizes bigger and the camera scrolls to show it in full.
        # - And so on.
        (plain "horizontal-view-movement" [
          # (flag "off")
          # (leaf "spring" { damping-ratio=1.0; stiffness=800; epsilon=0.0001; })
        ])
        # Window opening animation. Note that this one has different defaults.
        (plain "window-open" [
          # (flag "off")
          # (leaf "duration-ms" 150)
          # (leaf "curve" "ease-out-expo")
          # Example for a slightly bouncy window opening:
          # (leaf "spring" { damping-ratio=0.8; stiffness=1000; epsilon=0.0001; })
        ])
        # Config parse error and new default config creation notification
        # open/close animation.
        (plain "config-notification-open-close" [
          # (flag "off")
          # (leaf "spring" { damping-ratio=0.6; stiffness=1000; epsilon=0.001; })
        ])
      ])
    ];
 }
@@ -0,0 +1,28 @@
 niri: {
  programs.niri.config =
    let
      inherit (niri.lib.kdl)
        node
        plain
        leaf
        flag
        ;
    in
    [
      # Add lines like this to spawn processes at startup.
      # Note that running niri as a session supports xdg-desktop-autostart,
      # which may be more convenient to use.
      # --------------- Terminal ---------------
      (leaf "spawn-at-startup" [ "foot" ])
      (leaf "spawn-at-startup" [ "alacritty" ])
      (leaf "spawn-at-startup" [ "ghostty" ])
      # --------------- Networking ---------------
      (leaf "spawn-at-startup" [ "clash-verge" ])
      # --------------- Browser ---------------
      (leaf "spawn-at-startup" [ "firefox" ])
      (leaf "spawn-at-startup" [ "google-chrome-stable" ])
      (leaf "spawn-at-startup" [ "chromium-browser" ])
      # --------------- Chatting ---------------
      (leaf "spawn-at-startup" [ "Telegram" ])
    ];
 }
@@ -0,0 +1,122 @@
 niri: {
  programs.niri.config =
    let
      inherit (niri.lib.kdl)
        node
        plain
        leaf
        flag
        ;
    in
    [
      # ============= Window Rules =============
      # Get all the window's information via:
      #   niri msg windows
      # --------------- 1Terminal ---------------
      (plain "window-rule" [
        (leaf "match" { app-id = "foot"; })
        (leaf "open-on-workspace" "1terminal")
        (leaf "open-maximized" true)
      ])
      (plain "window-rule" [
        (leaf "match" { app-id = "Alacritty"; })
        (leaf "open-on-workspace" "1terminal")
        (leaf "open-maximized" true)
      ])
      (plain "window-rule" [
        (leaf "match" { app-id = "com.mitchellh.ghostty"; })
        (leaf "open-on-workspace" "1terminal")
        (leaf "open-maximized" true)
      ])
      # --------------- 2Browser ---------------
      (plain "window-rule" [
        (leaf "match" { app-id = "firefox"; })
        (leaf "open-on-workspace" "2browser")
        (leaf "open-maximized" true)
      ])
      (plain "window-rule" [
        (leaf "match" { app-id = "google-chrome"; })
        (leaf "open-on-workspace" "2browser")
        (leaf "open-maximized" true)
      ])
      (plain "window-rule" [
        (leaf "match" { app-id = "chromium-browser"; })
        (leaf "open-on-workspace" "2browser")
        (leaf "open-maximized" true)
      ])
      # --------------- 3Chatting ---------------
      (plain "window-rule" [
        (leaf "match" { app-id = "org.telegram.desktop"; })
        (leaf "open-on-workspace" "3chat")
      ])
      (plain "window-rule" [
        (leaf "match" { app-id = "wechat"; })
        (leaf "open-on-workspace" "3chat")
      ])
      (plain "window-rule" [
        (leaf "match" { app-id = "QQ"; })
        (leaf "open-on-workspace" "3chat")
      ])
      # --------------- 4Gaming ---------------
      (plain "window-rule" [
        (leaf "match" { app-id = "steam"; })
        (leaf "open-on-workspace" "4gaming")
      ])
      (plain "window-rule" [
        (leaf "match" { app-id = "steam_app_default"; })
        (leaf "open-on-workspace" "4gaming")
      ])
      (plain "window-rule" [
        (leaf "match" { app-id = "heroic"; })
        (leaf "open-on-workspace" "4gaming")
      ])
      (plain "window-rule" [
        (leaf "match" { app-id = "net.lutris.Lutris"; })
        (leaf "open-on-workspace" "4gaming")
      ])
      (plain "window-rule" [
        (leaf "match" { app-id = "com.vysp3r.ProtonPlus"; })
        (leaf "open-on-workspace" "4gaming")
      ])
      (plain "window-rule" [
        # Run anime games on Linux
        (leaf "match" { app-id = "^moe.launcher"; })
        (leaf "open-on-workspace" "4gaming")
      ])
      (plain "window-rule" [
        # All *.exe (Windows APPs)
        (leaf "match" { app-id = "\.exe$"; })
        (leaf "open-on-workspace" "4gaming")
      ])
      # --------------- 6File ---------------
      (plain "window-rule" [
        (leaf "match" { app-id = "com.github.johnfactotum.Foliate"; })
        (leaf "open-on-workspace" "6file")
      ])
      (plain "window-rule" [
        (leaf "match" { app-id = "thunar"; })
        (leaf "open-on-workspace" "6file")
      ])
      # --------------- 0Other ---------------
      (plain "window-rule" [
        (leaf "match" { app-id = "clash-verge"; })
        (leaf "open-on-workspace" "0other")
      ])
      (plain "window-rule" [
        (leaf "match" { app-id = "Zoom Workplace"; })
        (leaf "open-on-workspace" "0other")
      ])
    ];
 }
@@ -4,5 +4,6 @@ This is NixOS's configuration for my Macbook Pro 2022 M2, 16G RAM.
 Related:
 - [M2 Series Feature Support - Asahi Linux](https://asahilinux.org/docs/platform/feature-support/m2/)
 - [/nixos-installer/README.shoukei.md](/nixos-installer/README.shoukei.md)
- https://github.com/nix-community/nixos-apple-silicon/blob/main/docs/uefi-standalone.md
+- [nixos-apple-silicon - UEFI Boot Standalone NixOS](https://github.com/nix-community/nixos-apple-silicon/blob/main/docs/uefi-standalone.md)
@@ -9,6 +9,13 @@
    nixos-apple-silicon.nixosModules.default
  ];
  environment.systemPackages = with pkgs-unstable; [
    box64 # Linux Userspace x86 and x86_64 Emulator, run x86_64 apps(such as games, gui apps) on aarch64.
    # https://asahilinux.org/2024/12/muvm-x11-bridging/
    # https://github.com/nix-community/nixos-apple-silicon/issues/237
    muvm # run x86_64 Apps/Games in a microVM, used as a workaround of apple silicon's 16k page size.
  ];
  networking.wireless.iwd = {
    enable = true;
    settings.General.EnableNetworkConfiguration = true;
@@ -21,14 +28,32 @@
    enable = true;
    peripheralFirmwareDirectory = "${my-asahi-firmware}/macbook-pro-m2-a2338";
-    # build the Asahi Linux Kernel with Rust support
+    # since mesa 25.1(already in nixpkgs), support for asahi is enabled by default.
    withRust = true;
    # use apple-silicon's GPU instead of CPU
    useExperimentalGPUDriver = true;
    # How to install the Asahi Mesa driver
    experimentalGPUInstallMode = "driver"; # driver / replace(for non-flakes) / overlay
  };
  # Lid & PowerKey settings
  #
  # Suspend: Store system state to RAM - fast, requires minimal power to maintain RAM.
  # Hibernate: Store system state & RAM to Disk, and then poweroff the system.
  #
  # NOTE: Hibernate is not supported by Asahi Linux.
  services.logind.settings.Login = {
    lidSwitch = "suspend";
    lidSwitchExternalPower = "lock";
    # 'Docked' means: more than one display is connected or the system is inserted in a docking station
    lidSwitchDocked = "ignore";
    powerKey = "suspend";
    powerKeyLongPress = "poweroff";
  };
  systemd.targets.sleep.enable = true;
  systemd.sleep.extraConfig = ''
    AllowSuspend=yes
    AllowHibernate=no
    AllowSuspendThenHibernate=no
    HibernateDelaySec=5min
  '';
  # After adding this snippet, you need to restart the system for the touchbar to work.
  hardware.apple.touchBar = {
    enable = true;
@@ -10,12 +10,14 @@
 #############################################################
 let
  hostName = "shoukei"; # Define your hostname.
-in {
+in
 {
  imports = [
    ./hardware-configuration.nix
    ../idols-ai/preservation.nix
  ];
  # disable sunshine for securrity
  services.sunshine.enable = lib.mkForce false;
  networking = {
@@ -28,6 +28,30 @@ in
    "x86_64-linux"
    "riscv64-linux"
  ];
  # This enables the kernel to preload the emulator binaries when the binfmt registrations are added,
  # obviating the need to make the emulator binaries available inside chroots and chroot-like sandboxes.
  boot.binfmt.preferStaticEmulators = true; # required to work with podman
  nixpkgs.overlays = [
    (final: previous: {
      # https://github.com/NixOS/nixpkgs/issues/392673
      # aarch64-unknown-linux-musl-ld: (.text+0x484): warning: too many GOT entries for -fpic, please recompile with -fPIC
      nettle = previous.nettle.overrideAttrs (
        lib.optionalAttrs final.stdenv.hostPlatform.isStatic {
          CCPIC = "-fPIC";
        }
      );
    })
    # https://github.com/NixOS/nixpkgs/issues/366902
    (final: prev: {
      qemu-user = prev.qemu-user.overrideAttrs (
        old:
        lib.optionalAttrs final.stdenv.hostPlatform.isStatic {
          configureFlags = old.configureFlags ++ [ "--disable-pie" ];
        }
      );
    })
  ];
  # supported file systems, so we can mount any removable disks with these filesystems
  boot.supportedFilesystems = lib.mkForce [
    "ext4"
@@ -157,4 +181,5 @@ in
  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
 }
@@ -1,15 +1,54 @@
-{ config, ... }:
+{ config, niri, ... }:
 let
  hostName = "shoukei"; # Define your hostname.
 in
 {
-  modules.desktop.hyprland = {
+  programs.ssh.matchBlocks."github.com".identityFile =
-    nvidia = false;
+    "${config.home.homeDirectory}/.ssh/${hostName}";
-    settings.source = [
+
  modules.desktop.nvidia.enable = false;
  modules.desktop.hyprland.settings.source = [
    "${config.home.homeDirectory}/nix-config/hosts/12kingdoms-shoukei/hypr-hardware.conf"
  ];
  modules.desktop.niri = {
    settings =
      let
        inherit (niri.lib.kdl)
          node
          plain
          leaf
          flag
          ;
      in
      [
        (node "output" "eDP-1" [
          (leaf "scale" 1.5)
          (leaf "transform" "normal")
          (leaf "mode" "2560x1600@60")
          (leaf "position" {
            x = 0;
            y = 0;
          })
        ])
        # ============= Named Workspaces =============
        (node "workspace" "1terminal" [ (leaf "open-on-output" "eDP-1") ])
        (node "workspace" "2browser" [ (leaf "open-on-output" "eDP-1") ])
        (node "workspace" "3chat" [ (leaf "open-on-output" "eDP-1") ])
        (node "workspace" "4music" [ (leaf "open-on-output" "eDP-1") ])
        (node "workspace" "5mail" [ (leaf "open-on-output" "eDP-1") ])
        (node "workspace" "6file" [ (leaf "open-on-output" "eDP-1") ])
        (node "workspace" "0other" [ (leaf "open-on-output" "eDP-1") ])
        # Settings for debugging. Not meant for normal use.
        # These can change or stop working at any point with little notice.
        (plain "debug" [
          # Override the DRM device that niri will use for all rendering.
          # Fix: niri fails to correctly detect the primary render device
          (leaf "render-drm-device" "/dev/dri/renderD128")
        ])
      ];
  };
  programs.ssh.matchBlocks."github.com".identityFile =
    "${config.home.homeDirectory}/.ssh/${hostName}";
 }
@@ -6,4 +6,3 @@
 #   1.33:          scale to 1.33 times
 #   bitdepth,10:  enable 10 bit support
 monitor=eDP-1,      highres@highrr,  0x0,         1.33,  bitdepth,10
@@ -1,22 +1,79 @@
 # Hosts
-1. `idols`
+This directory contains all host-specific configurations for my NixOS and macOS systems.
-   1. `ai`: My main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use.
+
-   2. `aquamarine`: Kubevirt Virtual Machine.
+## Current Host Inventory
-      - Monitoring(prometheus, grafana, exporters), CI/CD(gitea, runner), homepage, file browser,
+
-        and other services.
+### Physical Machines
-   3. `ruby`: Not used now.
+
-   4. `kana`: Not used now.
+#### `idols` - Main Workstations
-1. `k8s`: My Kubevirt & Kubernetes Clusters
+
-1. `darwin`(macOS)
+Named after characters from "Oshi no Ko":
-   1. `fern`: MacBook Pro 2022 13-inch M2 16G, mainly for personal use.
+
-   1. `frieren`: MacBook Pro 2024 14-inch M4Pro 48G, mainly for work.
+| Host         | Platform    | Hardware              | Purpose               | Status      |
-1. `12kingdoms`:
+| ------------ | ----------- | --------------------- | --------------------- | ----------- |
-   1. `shoukei`: NixOS on MacBook Pro 2022 M2.
+| `ai`         | NixOS       | i5-13600KF + RTX 4090 | Gaming & Daily Use    | ✅ Active   |
-1. Other aarch64/riscv64 SBCs:
+| `aquamarine` | KubeVirt VM | Virtual               | Monitoring & Services | ✅ Active   |
 | `kana`       | NixOS       | Virtual               | Reserved              | ⚪ Not Used |
 | `ruby`       | NixOS       | Virtual               | Reserved              | ⚪ Not Used |
 #### `darwin` - macOS Systems
 Named after characters from "Frieren: Beyond Journey's End":
 | Host      | Platform | Hardware                   | Purpose      | Status    |
 | --------- | -------- | -------------------------- | ------------ | --------- |
 | `fern`    | macOS    | MacBook Pro M2 13" 16GB    | Personal Use | ✅ Active |
 | `frieren` | macOS    | MacBook Pro M4Pro 14" 48GB | Work Use     | ✅ Active |
 #### `12kingdoms` - Homelab Servers & Apple Silicon Linux
 Named after "Twelve Kingdoms":
 | Host      | Platform | Hardware                               | Purpose                    | Status    |
 | --------- | -------- | -------------------------------------- | -------------------------- | --------- |
 | `shoukei` | NixOS    | MacBook Pro M2                         | NixOS on Apple Silicon     | ✅ Active |
 | `shoryu`  | NixOS    | MoreFine S500Plus (AMD Ryzen 9 5900HX) | KubeVirt Host & K3s Master | ✅ Active |
 | `shushou` | NixOS    | MinisForum UM560 (AMD Ryzen 5 5625U)   | KubeVirt Host & K3s Master | ✅ Active |
 | `youko`   | NixOS    | MinisForum HX99G (AMD Ryzen 9 6900HX)  | KubeVirt Host & K3s Master | ✅ Active |
 ### Virtual Machines & Clusters
 #### `k8s` - Kubernetes Infrastructure
 - **KubeVirt Cluster**: 3 physical mini PCs (shoryu, shushou, youko) running all VMs
 - **K3s Production**: 3 masters + 3 workers for production workloads
 - **K3s Testing**: 3 masters for testing and development
 ### External Systems
 - **SBCs**: aarch64/riscv64 single-board computers managed in
  [ryan4yin/nixos-config-sbc](https://github.com/ryan4yin/nixos-config-sbc)
-## How to add a new host
+All my riscv64 hosts:
 ![](/_img/nixos-riscv-cluster.webp)
 ## Naming Conventions
 - **idols**: Characters from "Oshi no Ko" anime/manga
 - **12kingdoms**: Characters from "Twelve Kingdoms" anime/novel series
 - **darwin**: Characters from "Frieren: Beyond Journey's End" anime/manga
 - **k8s**: Kubernetes-related systems follow standard naming patterns
 ## How to Add a New Host
 The easiest way to add a new host is to copy and adapt an existing similar configuration. All host
 configurations follow similar patterns but are customized for specific hardware and use cases.
 ### General Process
 1. **Identify a similar existing host** from the directory structure above
 2. **Copy the entire directory** and rename it for your new host
 3. **Adapt the configuration files** for your specific hardware and requirements
 4. **Update references** in the flake outputs and networking configuration
 ### Essential Steps
 1. Under `hosts/`
   1. Create a new folder under `hosts/` with the name of the new host.
@@ -36,15 +93,20 @@
   1. Add the new host's static IP address.
   1. Skip this step if the new host is not in the local network or is a mobile device.
-## idols - Oshi no Ko
+### File Templates
-These four servers are named after the four main characters of the mange/anime Oshi no Ko.
+Use existing hosts as templates. The key files typically include:
-## rolling girls
+- `default.nix` - Main host configuration
 - `hardware-configuration.nix` - Auto-generated hardware settings
 - Platform-specific files (e.g., `nvidia.nix`, `apple-silicon.nix`, etc.)
-My All RISCV64 hosts.
+### Examples to Reference
-![](/_img/nixos-riscv-cluster.webp)
+- **Desktop systems**: See `idols-ai/` for gaming/workstation setup
 - **Server systems**: See `kubevirt-shoryu/` for K8s/KubeVirt hosts
 - **macOS systems**: See `darwin-fern/` for macOS configurations
 - **Apple Silicon**: See `12kingdoms-shoukei/` for ARM Linux setup
 ## Distributed Building
@@ -1,4 +1,4 @@
-{myvars, ...}:
+{ myvars, lib, ... }:
 #############################################################
 #
 #  Ai - my main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use.
@@ -11,7 +11,8 @@ let
  inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4 ipv6;
  ipv4WithMask = "${ipv4}/24";
  ipv6WithMask = "${ipv6}/64";
-in {
+in
 {
  imports = [
    ./netdev-mount.nix
    # Include the results of the hardware scan.
@@ -23,6 +24,8 @@ in {
    ./secureboot.nix
  ];
  services.sunshine.enable = lib.mkForce true;
  networking = {
    inherit hostName;
@@ -35,7 +38,7 @@ in {
  systemd.network.enable = true;
  systemd.network.networks."10-${iface}" = {
-    matchConfig.Name = [iface];
+    matchConfig.Name = [ iface ];
    networkConfig = {
      Address = [
        ipv4WithMask
@@ -1,62 +0,0 @@
 # https://github.com/fufexan/dotfiles/blob/483680e121b73db8ed24173ac9adbcc718cbbc6e/system/programs/gamemode.nix
 {
  config,
  pkgs,
  nix-gaming,
  lib,
  ...
 }:
 let
  programs = lib.makeBinPath [
    config.programs.hyprland.package
    pkgs.coreutils
    pkgs.power-profiles-daemon
  ];
  startscript = pkgs.writeShellScript "gamemode-start" ''
    export PATH=$PATH:${programs}
    export HYPRLAND_INSTANCE_SIGNATURE=$(ls -1 /tmp/hypr | tail -1)
    hyprctl --batch 'keyword decoration:blur 0 ; keyword animations:enabled 0 ; keyword misc:vfr 0'
    powerprofilesctl set performance
  '';
  endscript = pkgs.writeShellScript "gamemode-end" ''
    export PATH=$PATH:${programs}
    export HYPRLAND_INSTANCE_SIGNATURE=$(ls -1 /tmp/hypr | tail -1)
    hyprctl --batch 'keyword decoration:blur 1 ; keyword animations:enabled 1 ; keyword misc:vfr 1'
    powerprofilesctl set power-saver
  '';
 in
 {
  # Optimise Linux system performance on demand
  # https://github.com/FeralInteractive/GameMode
  # https://wiki.archlinux.org/title/Gamemode
  #
  # Usage:
  #   1. For games/launchers which integrate GameMode support:
  #      https://github.com/FeralInteractive/GameMode#apps-with-gamemode-integration
  #      simply running the game will automatically activate GameMode.
  #   2. For others, launching the game through gamemoderun: `gamemoderun ./game`
  #   3. For steam: `gamemoderun steam-runtime`
  programs.gamemode = {
    enable = pkgs.stdenv.isx86_64;
    settings = {
      general = {
        softrealtime = "auto";
        renice = 15;
      };
      custom = {
        start = startscript.outPath;
        end = endscript.outPath;
      };
    };
  };
  # see https://github.com/fufexan/nix-gaming/#pipewire-low-latency
  services.pipewire.lowLatency.enable = true;
  programs.steam.platformOptimizations.enable = true;
  imports = with nix-gaming.nixosModules; [
    pipewireLowLatency
    platformOptimizations
  ];
 }
@@ -1,58 +0,0 @@
 # https://github.com/fufexan/dotfiles/blob/483680e/system/programs/steam.nix
 { pkgs, ... }:
 {
  # https://wiki.archlinux.org/title/steam
  # Games installed by Steam works fine on NixOS, no other configuration needed.
  programs.steam = {
    # Some location that should be persistent:
    #   ~/.local/share/Steam - The default Steam install location
    #   ~/.local/share/Steam/steamapps/common - The default Game install location
    #   ~/.steam/root        - A symlink to ~/.local/share/Steam
    #   ~/.steam             - Some Symlinks & user info
    enable = pkgs.stdenv.isx86_64;
    # https://github.com/ValveSoftware/gamescope
    # enables features such as resolution upscaling and stretched aspect ratios (such as 4:3)
    gamescopeSession.enable = true;
    # fix gamescope inside steam
    package = pkgs.steam.override {
      extraPkgs =
        pkgs: with pkgs; [
          xorg.libXcursor
          xorg.libXi
          xorg.libXinerama
          xorg.libXScrnSaver
          libpng
          libpulseaudio
          libvorbis
          stdenv.cc.cc.lib
          libkrb5
          keyutils
          # fix CJK fonts
          source-sans
          source-serif
          source-han-sans
          source-han-serif
          # audio
          pipewire
          # other common
          udev
          alsa-lib
          vulkan-loader
          xorg.libX11
          xorg.libXcursor
          xorg.libXi
          xorg.libXrandr # To use the x11 feature
          libxkbcommon
          wayland # To use the wayland feature
        ];
    };
  };
  fonts.packages = with pkgs; [
    wqy_zenhei # Need by steam for Chinese
  ];
 }
@@ -19,6 +19,7 @@
  boot.loader.efi.efiSysMountPoint = "/boot";
  boot.loader.systemd-boot.enable = true;
  # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/top-level/linux-kernels.nix
  boot.kernelPackages = pkgs.linuxPackages_latest;
  # boot.kernelPackages = pkgs.linuxPackages_xanmod_latest;
@@ -42,6 +43,10 @@
    "aarch64-linux"
    "riscv64-linux"
  ];
  # This enables the kernel to preload the emulator binaries when the binfmt registrations are added,
  # obviating the need to make the emulator binaries available inside chroots and chroot-like sandboxes.
  boot.binfmt.preferStaticEmulators = true; # required to work with podman
  # supported file systems, so we can mount any removable disks with these filesystems
  boot.supportedFilesystems = [
    "ext4"
--- a/Show More
+++ b/Show More
		`@@ -1 +0,0 @@`
			`{ mylib, ... }@args: map (path: import path args) (mylib.scanPaths ./.)`