chore: niri - hotkey-overlay skip-at-startup

fix: niri keybinding for wlogout
flake.lock: Update
2026-05-28 18:39:31 +02:00 · 2025-12-19 10:09:18 +08:00 · 2025-12-19 10:06:04 +08:00 · 2025-12-19 09:57:01 +08:00 · 2025-12-18 19:56:46 -06:00 · 2025-12-17 19:18:52 +08:00
242 changed files with 22492 additions and 6392 deletions
@@ -25,9 +25,9 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Install nix
-        uses: cachix/install-nix-action@v24
+        uses: cachix/install-nix-action@v31
        with:
          install_url: https://nixos.org/nix/install
          extra_nix_config: |
@@ -8,3 +8,4 @@ logs/
 core*
 !core/
 !core.nix
 !coredns*
@@ -1,10 +1,21 @@
 [files]
 # Respect .ignore files.
 ignore-dot = true
 # Respect ignore files.
 ignore-files = true
-extend-exclude = ["themes/", "data/", "static-surprises/", "resources/"]
+# Typos-specific ignore globs (gitignore syntax).
 # NOTE: This setting is ignored when you pass the path directly on the command line, as cachix/git-hooks.nix does.
 # To ignore those files, you must also exclude those directories via git-hooks.hooks.typos.settings.exclude.
 extend-exclude = [
  "data/",
  "rime-data/",
 ]
 [default]
 # Check binary files as text.
 binary = false
 # Verify spelling in file names.
 check-filename = true
 # ignore some special identifiers(sha256, mac address, crypto keys, etc)
 extend-ignore-re = [
  "iterm2",
@@ -100,7 +100,7 @@ repair-store *paths:
 # Update all Nixpkgs inputs
 [group('nix')]
 up-nix:
-  nix flake update nixpkgs nixpkgs-stable nixpkgs-unstable nixpkgs-darwin nixpkgs-ollama
+  nix flake update nixpkgs nixpkgs-stable nixpkgs-unstable nixpkgs-darwin nixpkgs-patched
 ############################################################################
 #
@@ -108,19 +108,29 @@ up-nix:
 #
 ############################################################################
 # Deploy the nixosConfiguration by hostname match
 [linux]
 [group('homelab')]
 local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *;
  nixos-switch (hostname) {{mode}}
 # Deploy the hyprland nixosConfiguration by hostname match
 [linux]
 [group('desktop')]
 hypr mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *;
-  nixos-switch ai-hyprland {{mode}}
+  nixos-switch $"(hostname)-hyprland" {{mode}}
 # Deploy the niri nixosConfiguration by hostname match
 [linux]
 [group('desktop')]
-s-hypr mode="default":
+niri mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *;
-  nixos-switch shoukei-hyprland {{mode}}
+  nixos-switch $"(hostname)-niri" {{mode}}
 ############################################################################
 #
@@ -141,23 +151,15 @@ darwin-rollback:
  use {{utils_nu}} *;
  darwin-rollback
-# Depoly to fern(macOS host)
+# Deploy the darwinConfiguration by hostname match
 [macos]
 [group('desktop')]
-fe mode="default": 
+local mode="default": 
  #!/usr/bin/env nu
  use {{utils_nu}} *;
-  darwin-build "fern" {{mode}};
+  darwin-build (hostname) {{mode}};
-  darwin-switch "fern" {{mode}}
+  darwin-switch (hostname) {{mode}}
 # Depoly to frieren(macOS host)
 [macos]
 [group('desktop')]
 fr mode="default": 
  #!/usr/bin/env nu
  use {{utils_nu}} *;
  darwin-build "frieren" {{mode}};
  darwin-switch "frieren" {{mode}}
 # Reset launchpad to force it to reindex Applications
 [macos]
@@ -178,13 +180,6 @@ reset-launchpad:
 col tag:
  colmena apply --on '@{{tag}}' --verbose --show-trace
 [linux]
 [group('homelab')]
 local name mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *;
  nixos-switch {{name}} {{mode}}
 # Build and upload a vm image
 [linux]
 [group('homelab')]
@@ -204,37 +199,16 @@ lab:
 shoryu:
  colmena apply --on '@kubevirt-shoryu' --verbose --show-trace
 [linux]
 [group('homelab')]
 shoryu-local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch kubevirt-shoryu {{mode}}
 [linux]
 [group('homelab')]
 shushou:
  colmena apply --on '@kubevirt-shushou' --verbose --show-trace
 [linux]
 [group('homelab')]
 shushou-local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch kubevirt-shushou {{mode}}
 [linux]
 [group('homelab')]
 youko:
  colmena apply --on '@kubevirt-youko' --verbose --show-trace
 [linux]
 [group('homelab')]
 youko-local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch kubevirt-youko {{mode}}
 ############################################################################
 #
 # Commands for other Virtual Machines
@@ -256,37 +230,16 @@ upload-idols mode="default":
 aqua:
  colmena apply --on '@aqua' --verbose --show-trace
 [linux]
 [group('homelab')]
 aqua-local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch aquamarine {{mode}}
 [linux]
 [group('homelab')]
 ruby:
  colmena apply --on '@ruby' --verbose --show-trace
 [linux]
 [group('homelab')]
 ruby-local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch ruby {{mode}}
 [linux]
 [group('homelab')]
 kana:
  colmena apply --on '@kana' --verbose --show-trace
 [linux]
 [group('homelab')]
 kana-local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch kana {{mode}}
 ############################################################################
 #
 # Kubernetes related commands
@@ -8,9 +8,9 @@
 	<a href="https://github.com/ryan4yin/nix-config/stargazers">
 		<img alt="Stargazers" src="https://img.shields.io/github/stars/ryan4yin/nix-config?style=for-the-badge&logo=starship&color=C9CBFF&logoColor=D9E0EE&labelColor=302D41"></a>
    <a href="https://nixos.org/">
-        <img src="https://img.shields.io/badge/NixOS-25.05-informational.svg?style=for-the-badge&logo=nixos&color=F2CDCD&logoColor=D9E0EE&labelColor=302D41"></a>
+        <img src="https://img.shields.io/badge/NixOS-25.11-informational.svg?style=for-the-badge&logo=nixos&color=F2CDCD&logoColor=D9E0EE&labelColor=302D41"></a>
    <a href="https://github.com/ryan4yin/nixos-and-flakes-book">
-        <img src="https://img.shields.io/static/v1?label=Nix Flakes&message=learning&style=for-the-badge&logo=nixos&color=DDB6F2&logoColor=D9E0EE&labelColor=302D41"></a>
+        <img src="https://img.shields.io/badge/Nix%20Flakes-learning-informational.svg?style=for-the-badge&logo=nixos&color=F2CDCD&logoColor=D9E0EE&labelColor=302D41"></a>
  </a>
 </p>
@@ -56,15 +56,15 @@ You don't have to go through the pain I've experienced again! Check out my
 |                             | NixOS(Wayland)                                                                                                      |
 | --------------------------- | ------------------------------------------------------------------------------------------------------------------- |
-| **Window Manager**          | [Hyprland][Hyprland]                                                                                                |
+| **Window Manager**          | [Hyprland][Hyprland] / [Niri][Niri]                                                                                 |
-| **Terminal Emulator**       | [Zellij][Zellij] + [Kitty][Kitty]                                                                                   |
+| **Terminal Emulator**       | [Zellij][Zellij] + [foot][foot]/[Kitty][Kitty]/[Alacritty][Alacritty]/[Ghostty][Ghostty]                            |
 | **Bar**                     | [Waybar][Waybar]                                                                                                    |
 | **Application Launcher**    | [anyrun][anyrun]                                                                                                    |
 | **Notification Daemon**     | [Mako][Mako]                                                                                                        |
-| **Display Manager**         | [GDM][GDM]                                                                                                          |
+| **Display Manager**         | [tuigreet][tuigreet]                                                                                                |
-| **Color Scheme**            | [Catppuccin][Catppuccin]                                                                                            |
+| **Color Scheme**            | [catppuccin-nix][catppuccin-nix]                                                                                    |
 | **network management tool** | [NetworkManager][NetworkManager]                                                                                    |
-| **Input method framework**  | [Fcitx5][Fcitx5]                                                                                                    |
+| **Input method framework**  | [Fcitx5][Fcitx5] + [rime][rime] + [小鹤音形 flypy][flypy]                                                           |
 | **System resource monitor** | [Btop][Btop]                                                                                                        |
 | **File Manager**            | [Yazi][Yazi] + [thunar][thunar]                                                                                     |
 | **Shell**                   | [Nushell][Nushell] + [Starship][Starship]                                                                           |
@@ -74,7 +74,7 @@ You don't have to go through the pain I've experienced again! Check out my
 | **Image Viewer**            | [imv][imv]                                                                                                          |
 | **Screenshot Software**     | [hyprshot][hyprshot]                                                                                                |
 | **Screen Recording**        | [OBS][OBS]                                                                                                          |
-| **Filesystem & Encryption** | tmpfs on `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] encrypted partition for persistent, unlock via passphrase |
+| **Filesystem & Encryption** | tmpfs as `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] encrypted partition for persistent, unlock via passphrase |
 | **Secure Boot**             | [lanzaboote][lanzaboote]                                                                                            |
 Wallpapers: https://github.com/ryan4yin/wallpapers
@@ -109,14 +109,16 @@ For NixOS:
 > To deploy this flake from NixOS's official ISO image (purest installation method), please refer to
 > [./nixos-installer/](./nixos-installer/)
 > Need to restart the machine when switching between `wayland` and `xorg`.
 ```bash
 # deploy one of the configuration based on the hostname
 sudo nixos-rebuild switch --flake .#ai-hyprland
 # deploy via `just`(a command runner with similar syntax to make) & Justfile
-just hypr  # deploy my pc with hyprland compositor
+# Deploy the hyprland nixosConfiguration by hostname match
 just hypr
 # Deploy the niri nixosConfiguration by hostname match
 just niri
 # or we can deploy with details
 just hypr debug
@@ -132,11 +134,11 @@ nix-shell -p just nushell
 # 3. comment home-manager's code in lib/macosSystem.nix to speed up the first deployment.
 # 4. comment out the proxy settings in scripts/darwin_set_proxy.py if the proxy is not ready yet.
-# deploy fern's configuration(Apple Silicon)
+# Deploy the darwinConfiguration by hostname match
-just fr
+just local
 # deploy with details
-just fr debug
+just local debug
 ```
 > [What y'all will need when Nix drives you to drink.](https://www.youtube.com/watch?v=Eni9PPPPBpg)
@@ -175,7 +177,11 @@ Other dotfiles that inspired me:
  - [1amSimp1e/dots](https://github.com/1amSimp1e/dots)
 [Hyprland]: https://github.com/hyprwm/Hyprland
 [Niri]: https://github.com/YaLTeR/niri
 [Kitty]: https://github.com/kovidgoyal/kitty
 [foot]: https://codeberg.org/dnkl/foot
 [Alacritty]: https://github.com/alacritty/alacritty
 [Ghostty]: https://github.com/ghostty-org/ghostty
 [Nushell]: https://github.com/nushell/nushell
 [Starship]: https://github.com/starship/starship
 [Waybar]: https://github.com/Alexays/Waybar
@@ -184,6 +190,8 @@ Other dotfiles that inspired me:
 [anyrun]: https://github.com/Kirottu/anyrun
 [Dunst]: https://github.com/dunst-project/dunst
 [Fcitx5]: https://github.com/fcitx/fcitx5
 [rime]: https://wiki.archlinux.org/title/Rime
 [flypy]: https://flypy.cc/
 [Btop]: https://github.com/aristocratos/btop
 [mpv]: https://github.com/mpv-player/mpv
 [Zellij]: https://github.com/zellij-org/zellij
@@ -194,10 +202,10 @@ Other dotfiles that inspired me:
 [OBS]: https://obsproject.com
 [Mako]: https://github.com/emersion/mako
 [Nerd fonts]: https://github.com/ryanoasis/nerd-fonts
-[catppuccin]: https://github.com/catppuccin/catppuccin
+[catppuccin-nix]: https://github.com/catppuccin/nix
 [NetworkManager]: https://wiki.gnome.org/Projects/NetworkManager
 [wl-clipboard]: https://github.com/bugaevc/wl-clipboard
-[GDM]: https://wiki.archlinux.org/title/GDM
+[tuigreet]: https://github.com/apognu/tuigreet
 [thunar]: https://gitlab.xfce.org/xfce/thunar
 [Yazi]: https://github.com/sxyazi/yazi
 [Catppuccin]: https://github.com/catppuccin/catppuccin
@@ -3,5 +3,21 @@
 This is my private Private Key Infrastructure (PKI) / Certificate Authority (CA) for my personal
 use. It is used to issue certificates for my own servers and services.
-All the private keys are ignored by git, and will be stored in my private secrets repo
+## Current Structure
-[../secrets](../secrets/)
+
 - **ecc-ca.crt** - ECC CA certificate file
 - **ecc-ca.srl** - CA serial number file for certificate tracking
 - **ecc-csr.conf** - OpenSSL configuration file for certificate signing requests
 - **ecc-server.crt** - Server certificate signed by the ECC CA
 - **gen-certs.sh** - Shell script to generate certificates automatically
 ## Security Notes
 All private keys (`.key` files) are ignored by git and stored in a private secrets repository. The
 public certificates and configuration files are committed to this repository for reference.
 ## Usage
 Run `./gen-certs.sh` to generate new certificates using the ECC CA configuration.
 See [../secrets](../secrets/) for the corresponding private key management.
@@ -1,5 +1,26 @@
 {
  "nodes": {
    "aagl": {
      "inputs": {
        "flake-compat": "flake-compat",
        "nixpkgs": "nixpkgs",
        "rust-overlay": "rust-overlay"
      },
      "locked": {
        "lastModified": 1764168798,
        "narHash": "sha256-aB2OhrotdYU8w3uQLio5a/IiyAQvzywOKr81oldqxss=",
        "owner": "ezKEa",
        "repo": "aagl-gtk-on-nix",
        "rev": "e272196d003064dfb177ed9cae6a12021b806048",
        "type": "github"
      },
      "original": {
        "owner": "ezKEa",
        "ref": "release-25.11",
        "repo": "aagl-gtk-on-nix",
        "type": "github"
      }
    },
    "agenix": {
      "inputs": {
        "darwin": "darwin",
@@ -33,15 +54,16 @@
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1748365336,
+        "lastModified": 1758121794,
-        "narHash": "sha256-pg0w4uOZI32dLASD6UbBezeQg5PwOa0GLv7rTwn3VxY=",
+        "narHash": "sha256-IlnFA/a9Clgbt+FuavIKWtauhtH4Fo/rGJIjJDDeYRs=",
-        "owner": "Kirottu",
+        "owner": "anyrun-org",
        "repo": "anyrun",
-        "rev": "25367153f225a59c5ce5746583e39a71ff052f09",
+        "rev": "c787318f590102b68fbd2e5b02ea47e96f4ecb62",
        "type": "github"
      },
      "original": {
-        "owner": "Kirottu",
+        "owner": "anyrun-org",
        "ref": "v25.9.3",
        "repo": "anyrun",
        "type": "github"
      }
@@ -54,11 +76,11 @@
      },
      "locked": {
        "dir": "blender",
-        "lastModified": 1752701743,
+        "lastModified": 1763587309,
-        "narHash": "sha256-cQeX9PP5F7fgsuv0CrL16GtlU6MS0i9LLnkkITu8jA8=",
+        "narHash": "sha256-thH+603iAFvKojLbI+LiJXtrR0WwlikZpyp68C2nD1A=",
        "owner": "edolstra",
        "repo": "nix-warez",
-        "rev": "69acfebb3740542936f71775bcdf322dc328a655",
+        "rev": "9417de2cd97c03c12cd063e01e95eda790177dcb",
        "type": "github"
      },
      "original": {
@@ -75,11 +97,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1753702336,
+        "lastModified": 1763974424,
-        "narHash": "sha256-IVFUQV6egGQHnm+I183OT+4ct/ka1IWA5u/0A9I/YV4=",
+        "narHash": "sha256-jPpxBhrBOAKrXPxdrdXnq4w7x3UIkUZjarNLNYkb7Zo=",
        "owner": "catppuccin",
        "repo": "nix",
-        "rev": "b32de96c3c5384c83b0f4d741ec58a7f97c9ab11",
+        "rev": "931c6465c3eac4709684dbc320bca243252927df",
        "type": "github"
      },
      "original": {
@@ -90,11 +112,11 @@
    },
    "crane": {
      "locked": {
-        "lastModified": 1731098351,
+        "lastModified": 1754269165,
-        "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
+        "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
+        "rev": "444e81206df3f7d92780680e45858e31d2f07a08",
        "type": "github"
      },
      "original": {
@@ -147,6 +169,22 @@
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
        "lastModified": 1761588595,
        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-compat_2": {
      "flake": false,
      "locked": {
        "lastModified": 1747046372,
@@ -162,14 +200,14 @@
        "type": "github"
      }
    },
-    "flake-compat_2": {
+    "flake-compat_3": {
      "flake": false,
      "locked": {
-        "lastModified": 1696426674,
+        "lastModified": 1747046372,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
        "type": "github"
      },
      "original": {
@@ -178,29 +216,29 @@
        "type": "github"
      }
    },
    "flake-compat_3": {
      "locked": {
        "lastModified": 1688025799,
        "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
        "owner": "nix-community",
        "repo": "flake-compat",
        "rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-compat_4": {
      "locked": {
        "lastModified": 1746162366,
        "narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=",
        "owner": "nix-community",
        "repo": "flake-compat",
        "rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-compat_5": {
      "flake": false,
      "locked": {
-        "lastModified": 1696426674,
+        "lastModified": 1761588595,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
        "type": "github"
      },
      "original": {
@@ -217,11 +255,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1743550720,
+        "lastModified": 1754487366,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
        "type": "github"
      },
      "original": {
@@ -238,11 +276,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1730504689,
+        "lastModified": 1754091436,
-        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
+        "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
+        "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd",
        "type": "github"
      },
      "original": {
@@ -256,11 +294,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1753121425,
+        "lastModified": 1763759067,
-        "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=",
+        "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e",
+        "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
        "type": "github"
      },
      "original": {
@@ -277,11 +315,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1753121425,
+        "lastModified": 1762980239,
-        "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=",
+        "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e",
+        "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da",
        "type": "github"
      },
      "original": {
@@ -328,22 +366,23 @@
    },
    "ghostty": {
      "inputs": {
-        "flake-compat": "flake-compat",
+        "flake-compat": "flake-compat_2",
        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_3",
        "zig": "zig",
        "zon2nix": "zon2nix"
      },
      "locked": {
-        "lastModified": 1753722074,
+        "lastModified": 1764166758,
-        "narHash": "sha256-yGQ28k8iz2tGrj5oo/HBkn0ihWA5uUZ1ZErkMtegzTw=",
+        "narHash": "sha256-bTElYF0d4XEGK9pT4I22+XSGZIN26lWEvk5D06cyZak=",
        "owner": "ghostty-org",
        "repo": "ghostty",
-        "rev": "92c1f4b0b9c6fde6d8f79109de71bf4e30831e86",
+        "rev": "d9529947a40e16f8e7efd8a1f680d01ff99f213b",
        "type": "github"
      },
      "original": {
        "owner": "ghostty-org",
        "ref": "tip",
        "repo": "ghostty",
        "type": "github"
      }
@@ -412,6 +451,28 @@
        "type": "github"
      }
    },
    "helix": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ],
        "rust-overlay": "rust-overlay_2"
      },
      "locked": {
        "lastModified": 1763950724,
        "narHash": "sha256-HoGhLWTqiwr2GCUPSen7f20snqxyTGWhcd84VClHmI4=",
        "owner": "mattwparas",
        "repo": "helix",
        "rev": "92bc3db129c639b4133a0a117cc8f3943b840886",
        "type": "github"
      },
      "original": {
        "owner": "mattwparas",
        "ref": "steel-event-system",
        "repo": "helix",
        "type": "github"
      }
    },
    "hercules-ci-effects": {
      "inputs": {
        "flake-parts": [
@@ -424,11 +485,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752595130,
+        "lastModified": 1763182882,
-        "narHash": "sha256-CNBgr4OZSuklGtNOa9CnTNo9+Xceqn/EDAC1Tc43fH8=",
+        "narHash": "sha256-jZi+9yKmeTMsJ4ZNqRei/wL16+QwYGrCl4EJ3QHfoDU=",
        "owner": "hercules-ci",
        "repo": "hercules-ci-effects",
-        "rev": "5f2e09654b2e70ba643e41609d9f9b6640f22113",
+        "rev": "b0585849abe7d02a774a853f7952d07bb910fd9e",
        "type": "github"
      },
      "original": {
@@ -465,11 +526,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1753807879,
+        "lastModified": 1765980955,
-        "narHash": "sha256-d8nxwjUxnRyLWc5G/CpGVsqcSU3ZolS/QYWm9L+/CG0=",
+        "narHash": "sha256-rB45jv4uwC90vM9UZ70plfvY/2Kdygs+zlQ07dGQFk4=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "25deca893974aae98c9be151fb47d6284c053470",
+        "rev": "89c9508bbe9b40d36b3dc206c2483ef176f15173",
        "type": "github"
      },
      "original": {
@@ -482,25 +543,25 @@
    "lanzaboote": {
      "inputs": {
        "crane": "crane",
-        "flake-compat": "flake-compat_2",
+        "flake-compat": "flake-compat_3",
        "flake-parts": "flake-parts_2",
        "nixpkgs": [
          "nixpkgs"
        ],
        "pre-commit-hooks-nix": "pre-commit-hooks-nix",
-        "rust-overlay": "rust-overlay"
+        "rust-overlay": "rust-overlay_3"
      },
      "locked": {
-        "lastModified": 1737639419,
+        "lastModified": 1762205063,
-        "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
+        "narHash": "sha256-If6vQ+KvtKs3ARBO9G3l+4wFSCYtRBrwX1z+I+B61wQ=",
        "owner": "nix-community",
        "repo": "lanzaboote",
-        "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
+        "rev": "88b8a563ff5704f4e8d8e5118fb911fa2110ca05",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "v0.4.2",
+        "ref": "v0.4.3",
        "repo": "lanzaboote",
        "type": "github"
      }
@@ -525,10 +586,10 @@
    "mysecrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1752678564,
+        "lastModified": 1766070008,
-        "narHash": "sha256-x2sbH7Umncbyc9oca5mqX8kMChHVUTytKk+QXEcB4i4=",
+        "narHash": "sha256-DU5ATFeUY5S5Z1ZZAkJLwqDCJXRk15qMp/nLP3Tmoew=",
        "ref": "refs/heads/main",
-        "rev": "a231913597362c15c71fd9212cef5092ae85a64c",
+        "rev": "cfe34c222cf7ee4290438c97e6cc734aa7792346",
        "shallow": true,
        "type": "git",
        "url": "ssh://git@github.com/ryan4yin/nix-secrets.git"
@@ -546,11 +607,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751313918,
+        "lastModified": 1764161084,
-        "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=",
+        "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf",
+        "rev": "e95de00a471d07435e0527ff4db092c84998698e",
        "type": "github"
      },
      "original": {
@@ -567,11 +628,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1753582293,
+        "lastModified": 1764122225,
-        "narHash": "sha256-CimzlksXOfuPcLr4ye/s4hwZhHk98f0gnXB6Dq9RhZo=",
+        "narHash": "sha256-N6DsDLb8oDBWQ+QAq7qKmgk4jhW9AkzHjvXiUiT//Cw=",
        "owner": "fufexan",
        "repo": "nix-gaming",
-        "rev": "ceb9d44f09b0db02332873247a50210a486959ff",
+        "rev": "80e0aed8c6dd00c9fa41f82c808a8972632e3016",
        "type": "github"
      },
      "original": {
@@ -597,23 +658,23 @@
    },
    "nixos-apple-silicon": {
      "inputs": {
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat_4",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1751622568,
+        "lastModified": 1763596466,
-        "narHash": "sha256-EE3NBsej517VRa1x+ylAghrvngftxf1KgfHlE9OYyXE=",
+        "narHash": "sha256-CTSUc4Fk1lHMQZMJ5LczPDYGLq5UjXDFKLSpuA3mKmI=",
        "owner": "nix-community",
        "repo": "nixos-apple-silicon",
-        "rev": "eba4b40c816e5aff8951ae231ac237e8aab8ec1d",
+        "rev": "73b7103c4e3996e3e20868d510b0e8797f279323",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-2025-11-18",
        "repo": "nixos-apple-silicon",
        "rev": "eba4b40c816e5aff8951ae231ac237e8aab8ec1d",
        "type": "github"
      }
    },
@@ -647,11 +708,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1753324041,
+        "lastModified": 1763605982,
-        "narHash": "sha256-2JZ82g01Lo3f0SNP2WSDZ0ER1FnAN2WicULZkoEsRx0=",
+        "narHash": "sha256-gFjePmr09rRoAUfih4eeHX7aU3GTBUeaZvglKV+1ztI=",
        "owner": "nixpak",
        "repo": "nixpak",
-        "rev": "fedd4b59b7c8f18be508dee9d89985a8501982d0",
+        "rev": "fd7e8f5d315158089ffbc34cc20792e43be6e666",
        "type": "github"
      },
      "original": {
@@ -662,24 +723,43 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1748189127,
+        "lastModified": 1764020296,
-        "narHash": "sha256-zRDR+EbbeObu4V2X5QCd2Bk5eltfDlCr5yvhBwUT6pY=",
+        "narHash": "sha256-6zddwDs2n+n01l+1TG6PlyokDdXzu/oBmEejcH5L5+A=",
-        "rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334",
+        "owner": "nixos",
-        "type": "tarball",
+        "repo": "nixpkgs",
-        "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.802491.7c43f080a7f2/nixexprs.tar.xz"
+        "rev": "a320ce8e6e2cc6b4397eef214d202a50a4583829",
        "type": "github"
      },
      "original": {
-        "type": "tarball",
+        "owner": "nixos",
-        "url": "https://channels.nixos.org/nixos-25.05/nixexprs.tar.xz"
+        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-2505": {
      "locked": {
        "lastModified": 1764560356,
        "narHash": "sha256-M5aFEFPppI4UhdOxwdmceJ9bDJC4T6C6CzCK1E2FZyo=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "6c8f0cca84510cc79e09ea99a299c9bc17d03cb6",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-darwin": {
      "locked": {
-        "lastModified": 1753722563,
+        "lastModified": 1764081664,
-        "narHash": "sha256-FK8iq76wlacriq3u0kFCehsRYTAqjA9nfprpiSWRWIc=",
+        "narHash": "sha256-sUoHmPr/EwXzRMpv1u/kH+dXuvJEyyF2Q7muE+t0EU4=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "648f70160c03151bc2121d179291337ad6bc564b",
+        "rev": "dc205f7b4fdb04c8b7877b43edb7b73be7730081",
        "type": "github"
      },
      "original": {
@@ -691,11 +771,11 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1751159883,
+        "lastModified": 1761765539,
-        "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=",
+        "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab",
+        "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc",
        "type": "github"
      },
      "original": {
@@ -704,77 +784,119 @@
        "type": "github"
      }
    },
-    "nixpkgs-ollama": {
+    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1753694789,
+        "lastModified": 1766076739,
-        "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
+        "narHash": "sha256-acPMRCAPgPykzkwATwD1EfF7xgmbraAvIJyCeR6bKxc=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
+        "rev": "e50ab9bb181f9fb3ce00e7a6007c70ddaa007203",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-unstable",
+        "ref": "master",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-mesa": {
      "locked": {
        "lastModified": 1761817761,
        "narHash": "sha256-qAEhDH77SIUUOUQC6DYYR+LGTAK+OctxBJPpo9rGMwc=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "2b1f0ea3ee3952e68b164efa0a1c5e394ef2e781",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "2b1f0ea3ee3952e68b164efa0a1c5e394ef2e781",
        "type": "github"
      }
    },
    "nixpkgs-patched": {
      "locked": {
        "lastModified": 1762844143,
        "narHash": "sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI=",
        "owner": "ryan4yin",
        "repo": "nixpkgs",
        "rev": "9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4",
        "type": "github"
      },
      "original": {
        "owner": "ryan4yin",
        "ref": "nixos-unstable-patched",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1730741070,
+        "lastModified": 1764020296,
-        "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
+        "narHash": "sha256-6zddwDs2n+n01l+1TG6PlyokDdXzu/oBmEejcH5L5+A=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-stable_2": {
      "locked": {
        "lastModified": 1753489912,
        "narHash": "sha256-uDCFHeXdRIgJpYmtcUxGEsZ+hYlLPBhR83fdU+vbC1s=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "13e8d35b7d6028b7198f8186bc0347c6abaa2701",
+        "rev": "a320ce8e6e2cc6b4397eef214d202a50a4583829",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-25.05",
+        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
        "lastModified": 1753694789,
        "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1753694789,
+        "lastModified": 1744536153,
-        "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
+        "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
-        "owner": "nixos",
+        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
+        "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 315532800,
        "narHash": "sha256-sV6pJNzFkiPc6j9Bi9JuHBnWdVhtKB/mHgVmMPvDFlk=",
        "rev": "82c2e0d6dde50b17ae366d2aa36f224dc19af469",
        "type": "tarball",
        "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre877938.82c2e0d6dde5/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
        "url": "https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz"
      }
    },
    "nixpkgs_4": {
      "locked": {
        "lastModified": 1758360447,
        "narHash": "sha256-XDY3A83bclygHDtesRoaRTafUd80Q30D/Daf9KSG6bs=",
        "rev": "8eaee110344796db060382e15d3af0a9fc396e0e",
        "type": "tarball",
        "url": "https://releases.nixos.org/nixos/unstable/nixos-25.11pre864002.8eaee1103447/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
        "url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz"
      }
    },
    "nixpkgs_5": {
      "locked": {
        "lastModified": 1764979303,
        "narHash": "sha256-/US2Ei9JHXHVBAxV4FX49Q7H5s4UNBrIiOA6Xjzgq44=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "0254eab410b90ef2420c1059f908ae777e3b02f9",
        "type": "github"
      },
      "original": {
@@ -784,12 +906,28 @@
        "type": "github"
      }
    },
    "nu_scripts": {
      "flake": false,
      "locked": {
        "lastModified": 1762863367,
        "narHash": "sha256-oxnXzxQkNccCs36j+aMzg4QGHDcX7niJruqxCkeg0LM=",
        "owner": "ryan4yin",
        "repo": "nu_scripts",
        "rev": "ff8092707054ad091d67bd408374a39977e33c1b",
        "type": "github"
      },
      "original": {
        "owner": "ryan4yin",
        "repo": "nu_scripts",
        "type": "github"
      }
    },
    "nuenv": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ],
-        "rust-overlay": "rust-overlay_2"
+        "rust-overlay": "rust-overlay_4"
      },
      "locked": {
        "lastModified": 1731006591,
@@ -812,11 +950,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751086727,
+        "lastModified": 1764057454,
-        "narHash": "sha256-5y9aE/o+KwEg075R5m/13Z1mavtyWv+9DE5uppLdRlo=",
+        "narHash": "sha256-/E/H334pr4qo8bdTLjYahL7Tx3HMMJvKmNHDbhjq3Dc=",
        "owner": "ryan4yin",
        "repo": "nur-packages",
-        "rev": "a41be29389c8503f67b9f5cd47fa8b99a5bb3fe5",
+        "rev": "89e4e49bc0279d5c379526b16360e20ca901e226",
        "type": "github"
      },
      "original": {
@@ -825,36 +963,20 @@
        "type": "github"
      }
    },
    "polybar-themes": {
      "flake": false,
      "locked": {
        "lastModified": 1753542051,
        "narHash": "sha256-f/54m7RJnqNW6eC/75IrnFxmSWTY+zd5epm6TQsYeYA=",
        "owner": "adi1090x",
        "repo": "polybar-themes",
        "rev": "e6326ff356b296256b7fac9c5bcc42a1ef4a4d5b",
        "type": "github"
      },
      "original": {
        "owner": "adi1090x",
        "repo": "polybar-themes",
        "type": "github"
      }
    },
    "pre-commit-hooks": {
      "inputs": {
-        "flake-compat": "flake-compat_4",
+        "flake-compat": "flake-compat_5",
        "gitignore": "gitignore_2",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1750779888,
+        "lastModified": 1763988335,
-        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
+        "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
+        "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce",
        "type": "github"
      },
      "original": {
@@ -873,15 +995,14 @@
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
-        ],
+        ]
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1731363552,
+        "lastModified": 1750779888,
-        "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
+        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
+        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
        "type": "github"
      },
      "original": {
@@ -892,11 +1013,11 @@
    },
    "preservation": {
      "locked": {
-        "lastModified": 1751384068,
+        "lastModified": 1757436102,
-        "narHash": "sha256-xGq+Om1ReXcQy6h57yj9V5nOM84g/GBJ3m6oxe1a3js=",
+        "narHash": "sha256-mMI9IanU+Xw+pVogD2oT0I2kTmvz2Un/Apc5+CwUpEY=",
        "owner": "nix-community",
        "repo": "preservation",
-        "rev": "286737ba485f30c1687c833e66f5901a6c8dc019",
+        "rev": "93416f4614ad2dfed5b0dcf12f27e57d27a5ab11",
        "type": "github"
      },
      "original": {
@@ -907,6 +1028,7 @@
    },
    "root": {
      "inputs": {
        "aagl": "aagl",
        "agenix": "agenix",
        "anyrun": "anyrun",
        "blender-bin": "blender-bin",
@@ -914,6 +1036,7 @@
        "disko": "disko",
        "ghostty": "ghostty",
        "haumea": "haumea",
        "helix": "helix",
        "home-manager": "home-manager_2",
        "lanzaboote": "lanzaboote",
        "my-asahi-firmware": "my-asahi-firmware",
@@ -923,14 +1046,16 @@
        "nixos-apple-silicon": "nixos-apple-silicon",
        "nixos-generators": "nixos-generators",
        "nixpak": "nixpak",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_5",
        "nixpkgs-2505": "nixpkgs-2505",
        "nixpkgs-darwin": "nixpkgs-darwin",
-        "nixpkgs-ollama": "nixpkgs-ollama",
+        "nixpkgs-master": "nixpkgs-master",
-        "nixpkgs-stable": "nixpkgs-stable_2",
+        "nixpkgs-mesa": "nixpkgs-mesa",
-        "nixpkgs-unstable": "nixpkgs-unstable",
+        "nixpkgs-patched": "nixpkgs-patched",
        "nixpkgs-stable": "nixpkgs-stable",
        "nu_scripts": "nu_scripts",
        "nuenv": "nuenv",
        "nur-ryan4yin": "nur-ryan4yin",
        "polybar-themes": "polybar-themes",
        "pre-commit-hooks": "pre-commit-hooks",
        "preservation": "preservation",
        "wallpapers": "wallpapers"
@@ -938,17 +1063,14 @@
    },
    "rust-overlay": {
      "inputs": {
-        "nixpkgs": [
+        "nixpkgs": "nixpkgs_2"
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1731897198,
+        "lastModified": 1764124769,
-        "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
+        "narHash": "sha256-vcoOEy3i8AGJi3Y2C48hrf6CuL2h8W1gLe1gNt72Kxg=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
+        "rev": "5da8c00313b4434f00aed6b4c94cd3b207bafdc5",
        "type": "github"
      },
      "original": {
@@ -958,6 +1080,48 @@
      }
    },
    "rust-overlay_2": {
      "inputs": {
        "nixpkgs": [
          "helix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1759631821,
        "narHash": "sha256-V8A1L0FaU/aSXZ1QNJScxC12uP4hANeRBgI4YdhHeRM=",
        "owner": "oxalica",
        "repo": "rust-overlay",
        "rev": "1d7cbdaad90f8a5255a89a6eddd8af24dc89cafe",
        "type": "github"
      },
      "original": {
        "owner": "oxalica",
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "rust-overlay_3": {
      "inputs": {
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1761791894,
        "narHash": "sha256-myRIDh+PxaREz+z9LzbqBJF+SnTFJwkthKDX9zMyddY=",
        "owner": "oxalica",
        "repo": "rust-overlay",
        "rev": "59c45eb69d9222a4362673141e00ff77842cd219",
        "type": "github"
      },
      "original": {
        "owner": "oxalica",
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "rust-overlay_4": {
      "inputs": {
        "flake-utils": "flake-utils_2",
        "nixpkgs": [
@@ -1071,11 +1235,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748261582,
+        "lastModified": 1760401936,
-        "narHash": "sha256-3i0IL3s18hdDlbsf0/E+5kyPRkZwGPbSFngq5eToiAA=",
+        "narHash": "sha256-/zj5GYO5PKhBWGzbHbqT+ehY8EghuABdQ2WGfCwZpCQ=",
        "owner": "mitchellh",
        "repo": "zig-overlay",
-        "rev": "aafb1b093fb838f7a02613b719e85ec912914221",
+        "rev": "365085b6652259753b598d43b723858184980bbe",
        "type": "github"
      },
      "original": {
@@ -1086,27 +1250,20 @@
    },
    "zon2nix": {
      "inputs": {
-        "flake-utils": [
+        "nixpkgs": "nixpkgs_4"
          "ghostty",
          "flake-utils"
        ],
        "nixpkgs": [
          "ghostty",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1742104771,
+        "lastModified": 1758405547,
-        "narHash": "sha256-LhidlyEA9MP8jGe1rEnyjGFCzLLgCdDpYeWggibayr0=",
+        "narHash": "sha256-WgaDgvIZMPvlZcZrpPMjkaalTBnGF2lTG+62znXctWM=",
        "owner": "jcollie",
        "repo": "zon2nix",
-        "rev": "56c159be489cc6c0e73c3930bd908ddc6fe89613",
+        "rev": "bf983aa90ff169372b9fa8c02e57ea75e0b42245",
        "type": "github"
      },
      "original": {
        "owner": "jcollie",
        "repo": "zon2nix",
-        "rev": "56c159be489cc6c0e73c3930bd908ddc6fe89613",
+        "rev": "bf983aa90ff169372b9fa8c02e57ea75e0b42245",
        "type": "github"
      }
    }
@@ -16,14 +16,14 @@
  nixConfig = {
    # substituers will be appended to the default substituters when fetching packages
    extra-substituters = [
      "https://anyrun.cachix.org"
      # "https://nix-gaming.cachix.org"
      # "https://nixpkgs-wayland.cachix.org"
      # "https://install.determinate.systems"
    ];
    extra-trusted-public-keys = [
      "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
      # "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
      # "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
      # "cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM="
    ];
  };
@@ -35,14 +35,18 @@
    # Official NixOS package source, using nixos's unstable branch by default
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    # nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11";
-    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+    # revert mesa to 25.2.6
-    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05";
+    nixpkgs-mesa.url = "github:nixos/nixpkgs/2b1f0ea3ee3952e68b164efa0a1c5e394ef2e781";
    nixpkgs-2505.url = "github:nixos/nixpkgs/nixos-25.05";
-    nixpkgs-ollama.url = "github:nixos/nixpkgs/nixos-unstable";
+    # nixpkgs with some custom patches
    nixpkgs-patched.url = "github:ryan4yin/nixpkgs/nixos-unstable-patched";
    # get some latest packages from the master branch
    nixpkgs-master.url = "github:nixos/nixpkgs/master";
    # for macos
-    # nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-25.05-darwin";
+    # nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-25.11-darwin";
    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-unstable";
    nix-darwin = {
      url = "github:lnl7/nix-darwin";
@@ -52,7 +56,7 @@
    # home-manager, used for managing user configuration
    home-manager = {
      url = "github:nix-community/home-manager/master";
-      # url = "github:nix-community/home-manager/release-25.05";
+      # url = "github:nix-community/home-manager/release-25.11";
      # The `follows` keyword in inputs is used for inheritance.
      # Here, `inputs.nixpkgs` of home-manager is kept consistent with the `inputs.nixpkgs` of the current flake,
@@ -67,7 +71,7 @@
    };
    lanzaboote = {
-      url = "github:nix-community/lanzaboote/v0.4.2";
+      url = "github:nix-community/lanzaboote/v0.4.3";
      inputs.nixpkgs.follows = "nixpkgs";
    };
@@ -77,9 +81,10 @@
    # community wayland nixpkgs
    # nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
    # anyrun - a wayland launcher
    anyrun = {
-      url = "github:Kirottu/anyrun";
+      url = "github:/anyrun-org/anyrun/v25.9.3";
      inputs.nixpkgs.follows = "nixpkgs";
    };
@@ -97,11 +102,6 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nix-gaming = {
      url = "github:fufexan/nix-gaming";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    disko = {
      url = "github:nix-community/disko/v1.11.0";
      inputs.nixpkgs.follows = "nixpkgs";
@@ -129,7 +129,7 @@
    };
    ghostty = {
-      url = "github:ghostty-org/ghostty";
+      url = "github:ghostty-org/ghostty/tip"; # Latest Continuous Release
    };
    blender-bin = {
@@ -138,15 +138,33 @@
    };
    nixos-apple-silicon = {
-      # 2025-07-04
+      # asahi-6.17.7-2
-      url = "github:nix-community/nixos-apple-silicon/eba4b40c816e5aff8951ae231ac237e8aab8ec1d";
+      url = "github:nix-community/nixos-apple-silicon/release-2025-11-18";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    helix = {
      # Helix with steel as plugin system
      # https://github.com/helix-editor/helix/pull/8675
      url = "github:mattwparas/helix/steel-event-system";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # -------------- Gaming ---------------------
    nix-gaming = {
      url = "github:fufexan/nix-gaming";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    aagl = {
      url = "github:ezKEa/aagl-gtk-on-nix/release-25.11";
      # inputs.nixpkgs.follows = "nixpkgs";
    };
    ########################  Some non-flake repositories  #########################################
-    polybar-themes = {
+    nu_scripts = {
-      url = "github:adi1090x/polybar-themes";
+      url = "github:ryan4yin/nu_scripts";
      flake = false;
    };
@@ -12,14 +12,53 @@
  1. Accessing the network when they don't need to.
  1. Accessing hardware devices they don't need.
-## Current Status
+## Current Structure
-1. **System Level**:
+### 1. **System Level**
-   - [ ] AppArmor
+
-   - [ ] Kernel & System Hardening
+- **AppArmor** (`apparmor/`): AppArmor profiles and configuration
-1. **Per-App Level**:
+- **Kernel & System Hardening** (`profiles/`): System-wide hardening profiles
-   - Nixpak (Bubblewrap, running at user-level)
+
-   - Firejail (a SUID program, meaning it's running as root)
+### 2. **Per-App Level**
 - **Nixpak** (`nixpaks/`): Bubblewrap-based sandboxing for applications
  - Firefox configuration
  - QQ (Chinese messaging app) configuration
  - Modular system with reusable components
 - **Firejail** (legacy): SUID-based sandboxing (not used)
 - **Bubblewrap** (`bwraps/`): Direct bubblewrap configurations
  - WeChat sandboxing configuration
 ## Current Implementation Status
 | Component         | Status    | Notes                          |
 | ----------------- | --------- | ------------------------------ |
 | AppArmor Profiles | 🚧 WIP    | Basic structure in place       |
 | Nixpak Firefox    | ✅ Active | Firefox sandboxing via nixpak  |
 | Nixpak QQ         | ✅ Active | QQ application sandboxing      |
 | Bubblewrap WeChat | ✅ Active | WeChat specific sandboxing     |
 | System Profiles   | 🚧 WIP    | Hardened system configurations |
 ## Directory Structure
 ```
 hardening/
 ├── README.md
 ├── apparmor/           # AppArmor security profiles
 │   └── default.nix
 ├── bwraps/            # Direct bubblewrap configurations
 │   ├── default.nix
 │   └── wechat.nix
 ├── nixpaks/           # Nixpak application sandboxing
 │   ├── default.nix
 │   ├── firefox.nix
 │   ├── qq.nix
 │   └── modules/       # Reusable nixpak modules
 │       ├── gui-base.nix
 │       └── network.nix
 └── profiles/          # System hardening profiles
    └── default.nix
 ```
 ## Kernel Hardening
@@ -69,13 +108,6 @@ provide a much higher level of security.
 - [Paranoid NixOS Setup - xeiaso](https://xeiaso.net/blog/paranoid-nixos-2021-07-18/)
 - [nix-mineral](https://github.com/cynicsketch/nix-mineral): NixOS module for convenient system
  hardening.
 - nixpak configs:
  - https://github.com/pokon548/OysterOS/tree/b97604d89953373d6316286b96f6a964af2c398d/desktop/application
  - https://github.com/segment-tree/my-nixos/tree/ceb6041f73bd9edcb78a8818b27a28f7c629193b/hm/me/apps/nixpak
  - https://github.com/Keksgesicht/nixos-config/tree/91cc77d8d6b598da7c4dbed143e0009c2dea6940/packages/nixpak
  - https://github.com/bluskript/nix-config/blob/7ecb6a7254c1ac4969072f4c4febdc19f8b83b30/pkgs/nixpak/default.nix
 - firejail configs:
  - https://github.com/stelcodes/nixos-config/blob/f8967c82a5e5f3d128eb1aaf7498b5f918f719ec/packages/overlay.nix#L261
 - apparmor configs:
  - https://github.com/zramctl/dotfiles/blob/4fe177f6984154960942bb47d5a375098ec6ed6a/modules/nixos/security/apparmor.nix#L4
  - https://git.grimmauld.de/Grimmauld/grimm-nixos-laptop/src/branch/main/hardening
@@ -1,5 +1,6 @@
 {
  pkgs,
  pkgs-master,
  nixpak,
  ...
 }:
@@ -14,21 +15,17 @@ let
      (sloth.concat' sloth.homeDir mapdir)
    ];
  };
-  wrapper = _pkgs: path: (_pkgs.callPackage path callArgs).config.script;
+  wrapper = _pkgs: path: (_pkgs.callPackage path callArgs);
 in
 {
  # Add nixpaked Apps into nixpkgs, and reference them in home-manager or other nixos modules
  nixpkgs.overlays = [
    (_: super: {
      nixpaks = {
-        qq = wrapper super ./qq.nix;
+        qq = wrapper pkgs-master ./qq.nix;
        qq-desktop-item = super.callPackage ./qq-desktop-item.nix { };
        wechat = wrapper super ./wechat.nix;
-        wechat-desktop-item = super.callPackage ./wechat-desktop-item.nix { };
+        telegram-desktop = wrapper super ./telegram-desktop.nix;
        firefox = wrapper super ./firefox.nix;
        firefox-desktop-item = super.callPackage ./firefox-desktop-item.nix { };
      };
    })
  ];
@@ -1,11 +0,0 @@
 { makeDesktopItem }:
 makeDesktopItem {
  name = "firefox";
  desktopName = "firefox";
  exec = "firefox %U";
  terminal = false;
  icon = "firefox";
  type = "Application";
  categories = [ "Network" ];
  comment = "firefox boxed";
 }
@@ -5,11 +5,16 @@
 # - Firefox's flatpak manifest: https://hg.mozilla.org/mozilla-central/file/tip/taskcluster/docker/firefox-flatpak/runme.sh#l151
 {
  lib,
-  pkgs,
+  firefox,
  mkNixPak,
  buildEnv,
  makeDesktopItem,
  ...
 }:
-mkNixPak {
+
 let
  appId = "org.mozilla.firefox";
  wrapped = mkNixPak {
    config =
      {
        config,
@@ -18,37 +23,19 @@ mkNixPak {
      }:
      {
        app = {
-        package = pkgs.firefox-wayland;
+          package = firefox;
          binPath = "bin/firefox";
        };
-      flatpak.appId = "org.mozilla.firefox";
+        flatpak.appId = appId;
        imports = [
          ./modules/gui-base.nix
          ./modules/network.nix
          ./modules/common.nix
        ];
      # list all dbus services:
      #   ls -al /run/current-system/sw/share/dbus-1/services/
      #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
      dbus.policies = {
        "org.mozilla.firefox.*" = "own"; # firefox
        "org.mozilla.firefox_beta.*" = "own"; # firefox beta
        "org.mpris.MediaPlayer2.firefox.*" = "own";
        "org.freedesktop.NetworkManager" = "talk";
        "org.gnome.Shell.Screencast" = "talk";
        # System tray icon
        "org.freedesktop.Notifications" = "talk";
        "org.kde.StatusNotifierWatcher" = "talk";
        # File Manager
        "org.freedesktop.FileManager1" = "talk";
        # Uses legacy StatusNotifier implementation
        "org.kde.*" = "own";
      };
        bubblewrap = {
-        # To trace all the home files QQ accesses, you can use the following nushell command:
+          # To trace all the home files Firefox accesses, you can use the following nushell command:
          #   just trace-access firefox
          # See the Justfile in the root of this repository for more information.
          bind.rw = [
@@ -60,6 +47,7 @@ mkNixPak {
            sloth.xdgDownloadDir
            sloth.xdgMusicDir
            sloth.xdgVideosDir
            sloth.xdgPicturesDir
          ];
          bind.ro = [
            "/sys/bus/pci"
@@ -85,4 +73,55 @@ mkNixPak {
          };
        };
      };
  };
  exePath = lib.getExe wrapped.config.script;
 in
 buildEnv {
  inherit (wrapped.config.script) name meta passthru;
  paths = [
    wrapped.config.script
    (makeDesktopItem {
      name = appId;
      desktopName = "Firefox";
      genericName = "Firefox Boxed";
      comment = "Firefox Browser";
      exec = "${exePath} %U";
      terminal = false;
      icon = "firefox";
      startupNotify = true;
      startupWMClass = "firefox";
      type = "Application";
      categories = [
        "Network"
        "WebBrowser"
      ];
      mimeTypes = [
        "text/html"
        "text/xml"
        "application/xhtml+xml"
        "application/vnd.mozilla.xul+xml"
        "x-scheme-handler/http"
        "x-scheme-handler/https"
      ];
      actions = {
        new-private-window = {
          name = "New Private Window";
          exec = "${exePath} --private-window %U";
        };
        new-window = {
          name = "New Window";
          exec = "${exePath} --new-window %U";
        };
        profile-manager-window = {
          name = "Profile Manager";
          exec = "${exePath} --ProfileManager";
        };
      };
      extraConfig = {
        X-Flatpak = appId;
      };
    })
  ];
 }
@@ -0,0 +1,234 @@
 # https://github.com/mnixry/nixos-config/blob/74913c2b90d06e31170bbbaa0074f915721da224/desktop/packages/nixpaks-common.nix
 # https://github.com/Kraftland/portable/blob/09c4a4227538a3f42de208a6ecbdc938ac9c00dd/portable.sh
 # https://flatpak.github.io/xdg-desktop-portal/docs/api-reference.html
 {
  lib,
  sloth,
  config,
  ...
 }:
 let
  inherit (config.flatpak) appId;
 in
 {
  config = {
    # list all dbus services:
    #   ls -al /run/current-system/sw/share/dbus-1/services/
    #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
    dbus = {
      # `--see`: The bus name can be enumerated by the application.
      # `--talk`: The application can send messages to, and receive replies and signals from, the bus name.
      # `--own`: The application can own the bus name
      policies = {
        "${appId}" = "own";
        "${appId}.*" = "own";
        "org.freedesktop.DBus" = "talk";
        "ca.desrt.dconf" = "talk";
        "org.freedesktop.appearance" = "talk";
        "org.freedesktop.appearance.*" = "talk";
      }
      // (builtins.listToAttrs (
        map (id: lib.nameValuePair "org.kde.StatusNotifierItem-${toString id}-1" "own") (
          lib.lists.range 2 29
        )
      ))
      // {
        # --- MPRIS Media Control ---
        # Allows the app to register as a media player. These are derived from the appID.
        "org.mpris.MediaPlayer2.${appId}" = "own";
        "org.mpris.MediaPlayer2.${appId}.*" = "own";
        "org.mpris.MediaPlayer2.${lib.lists.last (lib.strings.splitString "." appId)}" = "own";
        "org.mpris.MediaPlayer2.${lib.lists.last (lib.strings.splitString "." appId)}.*" = "own";
        # --- General Desktop Integration ---
        "com.canonical.AppMenu.Registrar" = "talk"; # For Ubuntu AppMenu
        "org.freedesktop.FileManager1" = "talk";
        "org.freedesktop.Notifications" = "talk";
        "org.kde.StatusNotifierWatcher" = "talk";
        "org.gnome.Shell.Screencast" = "talk";
        # --- Accessibility (a11y) 无障碍服务 ---
        "org.a11y.Bus" = "see";
        # --- Portal Access ---
        # "org.freedesktop.portal.*" = "talk";
        "org.freedesktop.portal.Documents" = "talk";
        "org.freedesktop.portal.FileTransfer" = "talk";
        "org.freedesktop.portal.FileTransfer.*" = "talk";
        "org.freedesktop.portal.Notification" = "talk";
        "org.freedesktop.portal.OpenURI" = "talk";
        "org.freedesktop.portal.OpenURI.OpenFile" = "talk";
        "org.freedesktop.portal.OpenURI.OpenURI" = "talk";
        "org.freedesktop.portal.Print" = "talk";
        "org.freedesktop.portal.Request" = "see";
        # --- Input Method Portals ---
        "org.freedesktop.portal.Fcitx" = "talk";
        "org.freedesktop.portal.Fcitx.*" = "talk";
        "org.freedesktop.portal.IBus" = "talk";
        "org.freedesktop.portal.IBus.*" = "talk";
      };
      # '--call' rules permit specific method calls on D-Bus interfaces.
      rules.call = {
        # --- Accessibility (a11y) 无障碍服务 ---
        "org.a11y.Bus" = [
          "org.a11y.Bus.GetAddress@/org/a11y/bus"
          "org.freedesktop.DBus.Properties.Get@/org/a11y/bus"
        ];
        # --- General Portal Rules ---
        "org.freedesktop.FileManager1" = [ "*" ];
        "org.freedesktop.Notifications.*" = [ "*" ];
        "org.freedesktop.portal.Documents" = [ "*" ];
        "org.freedesktop.portal.FileTransfer" = [ "*" ];
        "org.freedesktop.portal.FileTransfer.*" = [ "*" ];
        "org.freedesktop.portal.Fcitx" = [ "*" ];
        "org.freedesktop.portal.Fcitx.*" = [ "*" ];
        "org.freedesktop.portal.IBus" = [ "*" ];
        "org.freedesktop.portal.IBus.*" = [ "*" ];
        "org.freedesktop.portal.Notification" = [ "*" ];
        "org.freedesktop.portal.OpenURI" = [ "*" ];
        "org.freedesktop.portal.OpenURI.OpenFile" = [ "*" ];
        "org.freedesktop.portal.OpenURI.OpenURI" = [ "*" ];
        "org.freedesktop.portal.Print" = [ "*" ];
        "org.freedesktop.portal.Request" = [ "*" ];
        # --- Main Desktop Portal Interface ---
        # A comprehensive list of permissions for interacting with the desktop environment.
        "org.freedesktop.portal.Desktop" = [
          # Properties & Settings
          "org.freedesktop.DBus.Properties.GetAll"
          "org.freedesktop.DBus.Properties.Get@/org/freedesktop/portal/desktop"
          "org.freedesktop.portal.Session.Close"
          "org.freedesktop.portal.Settings.ReadAll"
          "org.freedesktop.portal.Settings.Read"
          "org.freedesktop.portal.Account.GetUserInformation"
          # Network & Proxy
          "org.freedesktop.portal.NetworkMonitor"
          "org.freedesktop.portal.NetworkMonitor.*"
          "org.freedesktop.portal.ProxyResolver.Lookup"
          "org.freedesktop.portal.ProxyResolver.Lookup.*"
          # Screenshot / Screen Capture & Sharing
          "org.freedesktop.portal.ScreenCast"
          "org.freedesktop.portal.ScreenCast.*"
          "org.freedesktop.portal.Screenshot"
          "org.freedesktop.portal.Screenshot.Screenshot"
          # Device Access(Camera / USB)
          "org.freedesktop.portal.Camera"
          "org.freedesktop.portal.Camera.*"
          "org.freedesktop.portal.Usb"
          "org.freedesktop.portal.Usb.*"
          # Remote Desktop
          "org.freedesktop.portal.RemoteDesktop"
          "org.freedesktop.portal.RemoteDesktop.*"
          # File Operations
          "org.freedesktop.portal.Documents"
          "org.freedesktop.portal.Documents.*"
          "org.freedesktop.portal.FileChooser"
          "org.freedesktop.portal.FileChooser.*"
          "org.freedesktop.portal.FileTransfer"
          "org.freedesktop.portal.FileTransfer.*"
          # Notifications & Printing
          "org.freedesktop.portal.Notification"
          "org.freedesktop.portal.Notification.*"
          "org.freedesktop.portal.Print"
          "org.freedesktop.portal.Print.*"
          # Open/Launch Handlers
          "org.freedesktop.portal.OpenURI"
          "org.freedesktop.portal.OpenURI.*"
          "org.freedesktop.portal.Email.ComposeEmail"
          # Input Methods
          "org.freedesktop.portal.Fcitx"
          "org.freedesktop.portal.Fcitx.*"
          "org.freedesktop.portal.IBus"
          "org.freedesktop.portal.IBus.*"
          # Secrets (Keyring)
          "org.freedesktop.portal.Secret"
          "org.freedesktop.portal.Secret.RetrieveSecret"
          # Get/Update GlobalShortcuts
          # "org.freedesktop.portal.GlobalShortcuts"
          # "org.freedesktop.portal.GlobalShortcuts.*"
          # -- get the user's location
          # "org.freedesktop.portal.Location"
          # "org.freedesktop.portal.Location.*"
          # -- inhibit the user session from ending, suspending, idling or getting switched away.
          "org.freedesktop.portal.Inhibit"
          "org.freedesktop.portal.Inhibit.*"
          # Generic Request Fallback
          "org.freedesktop.portal.Request"
        ];
      };
      # 'broadcast' rules permit receiving signals from D-Bus names.
      rules.broadcast = {
        "org.freedesktop.portal.*" = [ "@/org/freedesktop/portal/*" ];
      };
      args = [
        "--filter"
        "--sloppy-names"
        "--log"
      ];
    };
    etc.sslCertificates.enable = true;
    bubblewrap = {
      network = lib.mkDefault true;
      sockets = {
        wayland = true;
        pulse = true;
      };
      bind.rw = with sloth; [
        [
          (mkdir appDataDir)
          xdgDataHome
        ]
        [
          (mkdir appConfigDir)
          xdgConfigHome
        ]
        [
          (mkdir appCacheDir)
          xdgCacheHome
        ]
        (sloth.concat [
          sloth.runtimeDir
          "/"
          (sloth.envOr "WAYLAND_DISPLAY" "no")
        ])
        (sloth.concat' sloth.runtimeDir "/at-spi/bus")
        (sloth.concat' sloth.runtimeDir "/gvfsd")
        (sloth.concat' sloth.runtimeDir "/dconf")
        (sloth.concat' sloth.xdgCacheHome "/fontconfig")
        (sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache")
        (sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache_db")
        (sloth.concat' sloth.xdgCacheHome "/radv_builtin_shaders")
      ];
      bind.ro = [
        (sloth.concat' sloth.runtimeDir "/doc")
        (sloth.concat' sloth.xdgConfigHome "/kdeglobals")
        (sloth.concat' sloth.xdgConfigHome "/gtk-2.0")
        (sloth.concat' sloth.xdgConfigHome "/gtk-3.0")
        (sloth.concat' sloth.xdgConfigHome "/gtk-4.0")
        (sloth.concat' sloth.xdgConfigHome "/fontconfig")
        (sloth.concat' sloth.xdgConfigHome "/dconf")
      ];
      bind.dev = [ "/dev/shm" ] ++ (map (id: "/dev/video${toString id}") (lib.lists.range 0 9));
    };
  };
 }
@@ -16,15 +16,7 @@ in
  config = {
    dbus.policies = {
      "${config.flatpak.appId}" = "own";
-      "org.freedesktop.DBus" = "talk";
+      # we add other policies in ./common.nix
      "org.gtk.vfs.*" = "talk";
      "org.gtk.vfs" = "talk";
      "ca.desrt.dconf" = "talk";
      "org.a11y.Bus" = "talk";
      # for default portal & gtk/hyprland's portal
      "org.freedesktop.portal.*" = "talk";
      "org.freedesktop.impl.portal.desktop.*" = "talk";
    };
    # https://github.com/nixpak/nixpak/blob/master/modules/gpu.nix
    # 1. bind readonly - /run/opengl-driver
@@ -69,8 +61,8 @@ in
        (sloth.concat' sloth.xdgConfigHome "/fontconfig")
        "/etc/fonts" # for fontconfig
-        "/etc/machine-id"
+        "/etc/localtime" # this is a symlink to /etc/zoneinfo/xxx
-        "/etc/localtime"
+        "/etc/zoneinfo"
        # Fix: libEGL warning: egl: failed to create dri2 screen
        "/etc/egl"
@@ -1,17 +0,0 @@
 {
  makeDesktopItem,
  qq,
 }:
 makeDesktopItem {
  name = "qq";
  desktopName = "QQ";
  exec = "${qq}/bin/qq %U";
  terminal = false;
  # To find the icon name(nushell):
  #   let p = NIXPKGS_ALLOW_UNFREE=1 nix eval --impure nixpkgs#qq.outPath | str trim --char '"'
  #   tree $"($p)/share/icons"
  icon = "${qq}/share/icons/hicolor/512x512/apps/qq.png";
  type = "Application";
  categories = [ "Network" ];
  comment = "QQ boxed";
 }
@@ -5,59 +5,42 @@
 # - QQ's flatpak manifest: https://github.com/flathub/com.qq.QQ/blob/master/com.qq.QQ.yaml
 {
  lib,
-  pkgs,
+  qq,
  mkNixPak,
  buildEnv,
  makeDesktopItem,
  ...
 }:
-mkNixPak {
+
 let
  appId = "com.qq.QQ";
  wrapped = mkNixPak {
    config =
      { sloth, ... }:
      {
        app = {
-        package = pkgs.qq.override {
+          package = qq;
          # fix fcitx5 input method
          commandLineArgs = lib.concatStringsSep " " [ "--enable-wayland-ime" ];
        };
          binPath = "bin/qq";
        };
-      flatpak.appId = "com.tencent.qq";
+        flatpak.appId = appId;
        imports = [
          ./modules/gui-base.nix
          ./modules/network.nix
          ./modules/common.nix
        ];
      # list all dbus services:
      #   ls -al /run/current-system/sw/share/dbus-1/services/
      #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
      dbus.policies = {
        "org.gnome.Shell.Screencast" = "talk";
        # System tray icon
        "org.freedesktop.Notifications" = "talk";
        "org.kde.StatusNotifierWatcher" = "talk";
        # File Manager
        "org.freedesktop.FileManager1" = "talk";
        # Uses legacy StatusNotifier implementation
        "org.kde.*" = "own";
      };
        bubblewrap = {
          # To trace all the home files QQ accesses, you can use the following nushell command:
          #   just trace-access qq
          # See the Justfile in the root of this repository for more information.
          bind.rw = [
          # given the read write permission to the following directories.
          # NOTE: sloth.mkdir is used to create the directory if it does not exist!
          (sloth.mkdir (
            sloth.concat [
              sloth.xdgConfigHome
              "/QQ"
            ]
          ))
            sloth.xdgDocumentsDir
            sloth.xdgDownloadDir
            sloth.xdgMusicDir
            sloth.xdgVideosDir
            sloth.xdgPicturesDir
          ];
          sockets = {
            x11 = false;
@@ -66,4 +49,31 @@ mkNixPak {
          };
        };
      };
  };
  exePath = lib.getExe wrapped.config.script;
 in
 buildEnv {
  inherit (wrapped.config.script) name meta passthru;
  paths = [
    wrapped.config.script
    (makeDesktopItem {
      name = appId;
      desktopName = "QQ";
      genericName = "QQ Boxed";
      comment = "Tencent QQ, also known as QQ, is an instant messaging software service and web portal developed by the Chinese technology company Tencent.";
      exec = "${exePath} %U";
      terminal = false;
      icon = "${qq}/share/icons/hicolor/512x512/apps/qq.png";
      startupNotify = true;
      startupWMClass = "QQ";
      type = "Application";
      categories = [
        "InstantMessaging"
        "Network"
      ];
      extraConfig = {
        X-Flatpak = appId;
      };
    })
  ];
 }
@@ -0,0 +1,101 @@
 {
  lib,
  telegram-desktop,
  buildEnv,
  mkNixPak,
  makeDesktopItem,
  ...
 }:
 let
  appId = "org.telegram.desktop";
  wrapped = mkNixPak {
    config =
      { sloth, ... }:
      {
        imports = [
          ./modules/gui-base.nix
          ./modules/network.nix
          ./modules/common.nix
        ];
        app.package = telegram-desktop;
        flatpak = {
          appId = appId;
        };
        dbus = {
          enable = true;
          policies = {
            "com.canonical.indicator.application" = "talk";
            "org.ayatana.indicator.application" = "talk";
            "org.sigxcpu.Feedback" = "talk";
          };
        };
        bubblewrap = {
          bind.rw = [
            sloth.xdgDocumentsDir
            sloth.xdgDownloadDir
            sloth.xdgMusicDir
            sloth.xdgVideosDir
            sloth.xdgPicturesDir
          ];
          sockets = {
            x11 = false;
            wayland = true;
            pipewire = true;
          };
        };
      };
  };
  exePath = lib.getExe wrapped.config.script;
 in
 buildEnv {
  inherit (wrapped.config.script) name meta passthru;
  paths = [
    wrapped.config.script
    (makeDesktopItem {
      name = appId;
      desktopName = "Telegram";
      comment = "New era of messaging";
      tryExec = "${exePath}";
      exec = "${exePath} -- %u";
      icon = appId;
      startupNotify = true;
      startupWMClass = appId;
      terminal = false;
      type = "Application";
      categories = [
        "Chat"
        "Network"
        "InstantMessaging"
        "Qt"
      ];
      mimeTypes = [
        "x-scheme-handler/tg"
        "x-scheme-handler/tonsite"
      ];
      keywords = [
        "tg"
        "chat"
        "im"
        "messaging"
        "messenger"
        "sms"
        "tdesktop"
      ];
      actions = {
        quit = {
          name = "Quit Telegram";
          exec = "${exePath} -quit";
          icon = "application-exit";
        };
      };
      extraConfig = {
        X-Flatpak = appId;
        DBusActivatable = "true";
        SingleMainWindow = "true";
        X-GNOME-UsesNotifications = "true";
        X-GNOME-SingleWindow = "true";
      };
    })
  ];
 }
@@ -1,5 +1,49 @@
 # Home Manager's Submodules
-1. `base`: The base module that is suitable for both Linux and macOS.
+This directory contains all Home Manager configurations organized by platform and functionality.
-2. `linux`: Linux-specific configuration.
+
-3. `darwin`: macOS-specific configuration.
+## Current Structure
 ```
 home/
 ├── base/              # Cross-platform home manager configurations
 │   ├── core/          # Essential applications and settings
 │   │   ├── editors/   # Editor configurations (Neovim, Helix)
 │   │   ├── shells/    # Shell configurations (Nushell, Zellij)
 │   │   └── ...
 │   ├── gui/           # GUI applications and desktop settings
 │   │   ├── terminal/  # Terminal emulators (Kitty, Alacritty, etc.)
 │   │   └── ...
 │   ├── tui/           # Terminal/TUI applications
 │   │   ├── editors/   # TUI editors and related tools
 │   │   ├── encryption/ # GPG, password-store, etc.
 │   │   └── ...
 │   └── home.nix       # Main home manager entry point
 ├── linux/             # Linux-specific home manager configurations
 │   ├── base/          # Linux base configurations
 │   ├── gui/           # Linux GUI applications
 │   │   ├── hyprland/  # Hyprland window manager
 │   │   ├── niri/      # Niri window manager
 │   │   └── ...
 │   ├── editors/       # Linux-specific editors
 │   └── ...
 └── darwin/            # macOS-specific home manager configurations
    ├── aerospace/     # macOS window manager
    ├── proxy/         # Proxy configurations
    └── ...
 ```
 ## Module Overview
 1. **base**: The base module suitable for both Linux and macOS
   - Cross-platform applications and settings
   - Shared configurations for editors, shells, and essential tools
 2. **linux**: Linux-specific configuration
   - Desktop environments (Hyprland, Niri)
   - Linux-specific GUI applications
   - System integration tools
 3. **darwin**: macOS-specific configuration
   - macOS applications and services
   - Platform-specific integrations (Aerospace, Squirrel, etc.)
@@ -1,5 +1,66 @@
 # Home Manager's Base Submodules
-1. `server`: Configuration which is suitable for both servers and desktops.
+This directory contains cross-platform base configurations that are shared between Linux and Darwin
-1. `desktop`: Configuration for desktop environments, such as Hyprland, I3, etc.
+systems.
-1. `core.nix`: Minimal home-manager's config
+
 ## Configuration Structure
 ### Core System
 - **core/**: Essential cross-platform configurations
  - **core.nix**: Minimal home-manager configuration
  - **shells/**: Shell configurations (bash, zsh, fish, nu)
  - **editors/**: Text editor configurations
    - **neovim/**: Neovim with custom plugins and settings
    - **helix/**: Helix editor configuration
  - **btop.nix**: System monitoring tools
  - **git.nix**: Git configuration and aliases
  - **npm.nix**: Node.js package management
  - **pip.nix**: Python package management
  - **starship.nix**: Cross-shell prompt configuration
  - **theme.nix**: Color schemes and theming
  - **yazi.nix**: Terminal file manager configuration
  - **zellij/**: Terminal multiplexer with custom layouts
 ### Desktop Environment
 - **gui/**: Cross-platform GUI applications and configurations
  - **dev-tools.nix**: Development tools and IDEs
  - **media.nix**: Media players and utilities
  - **terminal/**: Terminal emulator configurations
    - **alacritty/**: Alacritty terminal
    - **kitty/**: Kitty terminal
    - **foot/**: Foot terminal (Linux)
    - **ghostty/**: Ghostty terminal
 ### Terminal Interface
 - **tui/**: Terminal-based interface configurations
  - **cloud/**: Cloud development tools (Terraform, etc.)
  - **container.nix**: Container tools (Docker, Podman)
  - **dev-tools.nix**: Terminal-based development tools
  - **editors/**: Terminal editor configurations
  - **encryption/**: Encryption and security tools
  - **gpg/**: GPG key management
  - **password-store/**: Password management with pass
  - **shell.nix**: Shell environment configurations
  - **ssh/**: SSH configuration and management
  - **zellij/**: Terminal workspace management
 ### System Management
 - **home.nix**: Main home manager configuration file
 ## Platform Compatibility
 All configurations in this directory are designed to work across:
 - **Linux**: All distributions with Nix and Home Manager
 - **macOS**: Darwin systems with Home Manager
 - **WSL**: Windows Subsystem for Linux
 ## Usage
 These base configurations provide the foundation for both Linux and Darwin systems, ensuring
 consistent environments across different platforms while allowing for platform-specific
 customizations.
@@ -1,34 +1,6 @@
 { pkgs, ... }:
 {
  home.packages = with pkgs; [
    # Misc
    cowsay
    gnupg
    gnumake
    # Modern cli tools, replacement of grep/sed/...
    # Interactively filter its input using fuzzy searching, not limit to filenames.
    fzf
    # search for files by name, faster than find
    fd
    # search for files by its content, replacement of grep
    (ripgrep.override { withPCRE2 = true; })
    # A fast and polyglot tool for code searching, linting, rewriting at large scale
    # supported languages: only some mainstream languages currently(do not support nix/nginx/yaml/toml/...)
    ast-grep
    sad # CLI search and replace, just like sed, but with diff preview.
    yq-go # yaml processor https://github.com/mikefarah/yq
    just # a command runner like make, but simpler
    hyperfine # command-line benchmarking tool
    gping # ping, but with a graph(TUI)
    doggo # DNS client for humans
    duf # Disk Usage/Free Utility - a better 'df' alternative
    du-dust # A more intuitive version of `du` in rust
    gdu # disk usage analyzer(replacement of `du`)
    # nix related
    #
    # it provides the command `nom` works just like `nix
@@ -42,10 +14,15 @@
    # https://github.com/utdemir/nix-tree
    nix-tree # A TUI to visualize the dependency graph of a nix derivation
-    # productivity
+    # misc
    cowsay
    gnupg
    caddy # A webserver with automatic HTTPS via Let's Encrypt(replacement of nginx)
-    croc # File transfer between computers securely and easily
+    # A fast and polyglot tool for code searching, linting, rewriting at large scale
-    ncdu # analyzer your disk usage Interactively, via TUI(replacement of `du`)
+    # supported languages: only some mainstream languages currently(do not support nix/nginx/yaml/toml/...)
    ast-grep
    # other core cli tools are installed at system-level
  ];
  # A modern replacement for ‘ls’
@@ -1,3 +1,10 @@
 # Editors
-See [desktop/editors/](../../desktop/editors/) for more details.
+This directory contains editor configurations that are shared across different environments.
 ## Available Editors
 - **neovim/**: Neovim configuration with AstroNvim
 - **helix/**: Helix editor configuration
 These configurations are designed to work across both terminal and GUI environments.
@@ -1,6 +1,4 @@
 { pkgs, ... }:
 {
-  programs.helix = {
+  programs.helix.enable = true;
    enable = true;
  };
 }
@@ -40,18 +40,27 @@
    enable = true;
    lfs.enable = true;
-    userName = myvars.userfullname;
+    # signing = {
-    userEmail = myvars.useremail;
+    #   key = "xxx";
    #   signByDefault = true;
    # };
    includes = [
      {
-        # use different email & name for work
+        # use different email & name for work:
        #
        # [user]
        #   email = "xxx@xxx.com"
        #   name = "Ryan Yin"
        path = "~/work/.gitconfig";
        condition = "gitdir:~/work/";
      }
    ];
-    extraConfig = {
+    settings = {
      user.email = myvars.useremail;
      user.name = myvars.userfullname;
      init.defaultBranch = "main";
      trim.bases = "develop,master,main"; # for git-trim
      push.autoSetupRemote = true;
@@ -63,30 +72,9 @@
        "ssh://git@github.com/ryan4yin" = {
          insteadOf = "https://github.com/ryan4yin";
        };
-        # "ssh://git@gitlab.com/" = {
+        # "ssh://git@bitbucket.com/ryan4yin" = {
-        #   insteadOf = "https://gitlab.com/";
+        #   insteadOf = "https://bitbucket.com/ryan4yin";
        # };
        # "ssh://git@bitbucket.com/" = {
        #   insteadOf = "https://bitbucket.com/";
        # };
      };
    };
    # signing = {
    #   key = "xxx";
    #   signByDefault = true;
    # };
    # A syntax-highlighting pager for git, diff, grep, and blame output
    delta = {
      enable = true;
      options = {
        diff-so-fancy = true;
        line-numbers = true;
        true-color = "always";
        # features => named groups of settings, used to keep related settings organized
        # features = "";
      };
      };
      aliases = {
@@ -117,10 +105,24 @@
        foreach = "submodule foreach";
      };
    };
  };
  # A syntax-highlighting pager for git, diff, grep, and blame output
  programs.delta = {
    enable = true;
    enableGitIntegration = true;
    options = {
      diff-so-fancy = true;
      line-numbers = true;
      true-color = "always";
      # features => named groups of settings, used to keep related settings organized
      # features = "";
    };
  };
  # Git terminal UI (written in go).
  programs.lazygit.enable = true;
  # Yet another Git TUI (written in rust).
-  programs.gitui.enable = true;
+  programs.gitui.enable = false;
 }
@@ -27,7 +27,6 @@ in
  # NOTE: nushell will be launched in bash, so it can inherit all the eenvironment variables.
  programs.nushell = {
    enable = true;
    # package = pkgs-unstable.nushell;
    configFile.source = ./config.nu;
    inherit shellAliases;
  };
@@ -6,20 +6,24 @@
    enableZshIntegration = true;
    enableNushellIntegration = true;
    # https://starship.rs/config/
    settings = {
      # Get editor completions based on the config schema
      "$schema" = "https://starship.rs/config-schema.json";
      character = {
-        success_symbol = "[›](bold green)";
+        success_symbol = "[➜](bold green)";
-        error_symbol = "[›](bold red)";
+        error_symbol = "[➜](bold red)";
      };
-      aws = {
+      # I never rely on the defaults, so this module is useless to me—disabled.
-        symbol = "🅰 ";
+      # I prefer adding --project, --region to very gcloud/aws command.
-      };
+      aws.disabled = true;
-      gcloud = {
+      gcloud.disabled = true;
-        # do not show the account/project's info
+
-        # to avoid the leak of sensitive information when sharing the terminal
+      kubernetes = {
-        format = "on [$symbol$active(\($region\))]($style) ";
+        symbol = "⛵";
-        symbol = "🅶 ️";
+        disabled = false;
      };
      os.disabled = false;
    };
  };
 }
@@ -52,7 +52,7 @@ Error opening terminal: xterm-kitty.
 NixOS preserve the `TERMINFO` and `TERMINFO_DIRS` environment variables, for `root` and the `wheel`
 group:
-[nixpkgs/nixos/modules/config/terminfo.nix](https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/config/terminfo.nix#L18)
+[nixpkgs/nixos/modules/config/terminfo.nix](https://github.com/NixOS/nixpkgs/blob/nixos-25.11/nixos/modules/config/terminfo.nix#L18)
 For nix-darwin, take a look at <https://github.com/LnL7/nix-darwin/wiki/Terminfo-issues>
@@ -1,6 +1,5 @@
 {
  pkgs,
  pkgs-unstable,
  ...
 }:
 ###########################################################
@@ -26,7 +25,6 @@
 {
  programs.alacritty = {
    enable = true;
    # package = pkgs-unstable.alacritty;
    # https://alacritty.org/config-alacritty.html
    settings = {
      window = {
@@ -52,7 +50,7 @@
        bold_italic = {
          family = "Maple Mono NF CN";
        };
-        size = if pkgs.stdenv.isDarwin then 14 else 13;
+        size = 13;
      };
      terminal = {
        # Spawn a nushell in login mode via `bash`
@@ -17,8 +17,9 @@
    settings = {
      main = {
        term = "foot"; # or "xterm-256color" for maximum compatibility
-        font = "Maple Mono NF CN:size=14";
+        font = "Maple Mono NF CN:size=13";
        dpi-aware = "no"; # scale via window manager instead
        resize-keep-grid = "no"; # do not resize the window on font resizing
        # Spawn a nushell in login mode via `bash`
        shell = "${pkgs.bash}/bin/bash --login -c 'nu --login --interactive'";
@@ -16,7 +16,7 @@
        pkgs.hello # pkgs.ghostty is currently broken on darwin
      else
        pkgs.ghostty; # the stable version
-    # package = ghostty.packages.${pkgs.system}.default; # the latest version
+    # package = ghostty.packages.${pkgs.stdenv.hostPlatform.system}.default; # the latest version
    enableBashIntegration = false;
    installBatSyntax = false;
    # installVimSyntax = true;
@@ -19,7 +19,7 @@
    font = {
      name = "Maple Mono NF CN";
      # use different font size on macOS
-      size = if pkgs.stdenv.isDarwin then 14 else 13;
+      size = 13;
    };
    # consistent with other terminal emulators
@@ -1,6 +1,6 @@
 {
  pkgs,
-  pkgs-unstable,
+  pkgs-2505,
  nur-ryan4yin,
  ...
 }:
@@ -14,16 +14,18 @@
    kubectl
    kubectx # kubectx & kubens
    kubie # same as kubectl-ctx, but per-shell (won’t touch kubeconfig).
    kubectl-view-secret # kubectl view-secret
    kubectl-tree # kubectl tree
    kubectl-node-shell # exec into node
    kubepug # kubernetes pre upgrade checker
    kubectl-cnpg # cloudnative-pg's cli tool
    kubebuilder
    istioctl
    clusterctl # for kubernetes cluster-api
    kubevirt # virtctl
-    kubernetes-helm
+    pkgs-2505.kubernetes-helm
    fluxcd
    argocd
@@ -1,6 +1,5 @@
 {
  pkgs,
  pkgs-unstable,
  ...
 }:
 {
@@ -18,6 +17,8 @@
  home.packages = with pkgs; [
    colmena # nixos's remote deployment tool
    tokei # count lines of code, alternative to cloc
    # db related
    mycli
    pgcli
@@ -34,7 +35,6 @@
    devbox
    bfg-repo-cleaner # remove large files from git history
    k6 # load testing tool
    protobuf # protocol buffer compiler
    # solve coding extercises - learn by doing
    exercism
@@ -1,8 +1,29 @@
 { pkgs, ... }:
 {
  config,
  pkgs,
  helix,
  ...
 }:
 let
  helixPackages = helix.packages.${pkgs.stdenv.hostPlatform.system};
 in
 {
  # to make steel work, we need to git clone this repo to your home directory.
  home.sessionVariables.HELIX_STEEL_CONFIG = "${config.home.homeDirectory}/nix-config/home/base/tui/editors/helix/steel";
  home.packages = with pkgs; [
    steel
  ];
  programs.helix = {
    enable = true;
-    package = pkgs.helix;
+    # enable steel as the plugin system
    # https://github.com/helix-editor/helix/pull/8675
    # https://github.com/mattwparas/helix/blob/steel-event-system/STEEL.md
    package = helixPackages.default.overrideAttrs (prevAttrs: {
      cargoBuildFeatures = prevAttrs.cargoBuildFeatures or [ ] ++ [ "steel" ];
    });
    settings = {
      editor = {
        line-number = "relative";
@@ -0,0 +1,40 @@
 ;; The helix.scm module will be loaded first before anything else, 
 ;; the runtime will require this module, and any functions exported
 ;; will now be available to be used as typed commands, e.g. :git-add :open-helix-scm
 (require "helix/editor.scm")
 (require (prefix-in helix. "helix/commands.scm"))
 (require (prefix-in helix.static. "helix/static.scm"))
 (provide shell git-add open-helix-scm open-init-scm)
 (define (current-path)
  (let* ([focus (editor-focus)]
         [focus-doc-id (editor->doc-id focus)])
    (editor-document->path focus-doc-id)))
 ;;@doc
 ;; Specialized shell implementation, where % is a wildcard for the current file
 (define (shell . args)
  (helix.run-shell-command
    (string-join
      ;; Replace the % with the current file
      (map (lambda (x) (if (equal? x "%") (current-path) x)) args)
      " ")))
 ;;@doc
 ;; Adds the current file to git	
 (define (git-add)
  (shell "git" "add" "%"))
 ;;@doc
 ;; Open the helix.scm file
 (define (open-helix-scm)
  (helix.open (helix.static.get-helix-scm-path)))
 ;;@doc
 ;; Opens the init.scm file
 (define (open-init-scm)
  (helix.open (helix.static.get-init-scm-path)))
@@ -0,0 +1,24 @@
 ;; The init.scm file is run at the top level, immediately after the helix.scm module is required.
 ;; The helix context is available here, so you can interact with the editor.
 ;; configure the LSP for steel
 (require "helix/configuration.scm")
 (define-lsp "steel-language-server" (command "steel-language-server") (args '()))
 (define-language "scheme"
                 (language-servers '("steel-language-server")))
 ;; show splash screen - when you open with no argument
 (require "mattwparas-helix-package/splash.scm")
 (when (equal? (command-line) '("hx"))
  (show-splash))
 ;; Terminal & shell
 (require "steel-pty/term.scm")
 (set-default-shell! "nu")
 ;; File Watcher
 (require "helix-file-watcher/file-watcher.scm")
 (spawn-watcher)
 ;; File Tree
 (require "mattwparas-helix-package/cogs/file-tree.scm")
@@ -2,7 +2,6 @@
  config,
  lib,
  pkgs,
  pkgs-unstable,
  ...
 }:
 ###############################################################################
@@ -29,7 +28,7 @@ in
  programs.neovim = {
    enable = true;
-    package = pkgs-unstable.neovim-unwrapped;
+    package = pkgs.neovim-unwrapped;
    # defaultEditor = true; # set EDITOR at system-wide level
    viAlias = true;
@@ -1,6 +1,6 @@
 {
  pkgs,
-  pkgs-unstable,
+  pkgs-master,
  ...
 }:
 {
@@ -30,13 +30,13 @@
        #-- dockerfile
        hadolint # Dockerfile linter
-        nodePackages.dockerfile-language-server-nodejs
+        dockerfile-language-server
        #-- markdown
        marksman # language server for markdown
        glow # markdown previewer
        pandoc # document converter
-        pkgs-unstable.hugo # static site generator
+        pkgs-master.hugo # static site generator
        #-- sql
        sqlfluff
@@ -63,14 +63,15 @@
          vscode-extensions.vadimcn.vscode-lldb.adapter # codelldb - debugger
          #-- python
          pipx # Install and Run Python Applications in Isolated Environments
          uv # python project package manager
          pyright # python language server
          (python313.withPackages (
            ps: with ps; [
              # python language server
              pyright
              ruff
              pipx # Install and Run Python Applications in Isolated Environments
              black # python formatter
-              # debugpy
+              uv # python project package manager
              # my commonly used python packages
              jupyter
@@ -80,16 +81,20 @@
              pyquery
              pyyaml
              boto3
              # misc
              protobuf # protocol buffer compiler
              numpy
            ]
          ))
          #-- rust
          # we'd better use the rust-overlays for rust development
-          pkgs-unstable.rustc
+          pkgs-master.rustc
-          pkgs-unstable.rust-analyzer
+          pkgs-master.rust-analyzer
-          pkgs-unstable.cargo # rust package manager
+          pkgs-master.cargo # rust package manager
-          pkgs-unstable.rustfmt
+          pkgs-master.rustfmt
-          pkgs-unstable.clippy # rust linter
+          pkgs-master.clippy # rust linter
          #-- golang
          go
@@ -136,7 +141,7 @@
      #   fnlfmt # fennel
      #   (
      #     if pkgs.stdenv.isLinux && pkgs.stdenv.isx86
-      #     then pkgs-unstable.akkuPackages.scheme-langserver
+      #     then pkgs-master.akkuPackages.scheme-langserver
      #     else pkgs.emptyDirectory
      #   )
      # ]
@@ -1,6 +1,5 @@
 {
  pkgs,
  pkgs-unstable,
  ...
 }:
 {
@@ -1,53 +0,0 @@
 {
  config,
  pkgs-unstable,
  ...
 }:
 let
  inherit (pkgs-unstable) nu_scripts;
 in
 {
  programs.nushell = {
    # load the alias file for work
    # the file must exist, otherwise nushell will complain about it!
    #
    # currently, nushell does not support conditional sourcing of files
    # https://github.com/nushell/nushell/issues/8214
    extraConfig = ''
      source /etc/agenix/alias-for-work.nushell
      # using claude-code with kimi k2
      $env.ANTHROPIC_BASE_URL = "https://api.moonshot.cn/anthropic/"
      $env.ANTHROPIC_API_KEY = $env.MOONSHOT_API_KEY
      # Directories in this constant are searched by the
      # `use` and `source` commands.
      const NU_LIB_DIRS = $NU_LIB_DIRS ++ ['${nu_scripts}/share/nu_scripts']
      # completion
      use custom-completions/cargo/cargo-completions.nu *
      use custom-completions/curl/curl-completions.nu *
      use custom-completions/git/git-completions.nu *
      use custom-completions/glow/glow-completions.nu *
      use custom-completions/just/just-completions.nu *
      use custom-completions/make/make-completions.nu *
      use custom-completions/man/man-completions.nu *
      use custom-completions/nix/nix-completions.nu *
      use custom-completions/ssh/ssh-completions.nu *
      use custom-completions/tar/tar-completions.nu *
      use custom-completions/tcpdump/tcpdump-completions.nu *
      use custom-completions/zellij/zellij-completions.nu *
      # use custom-completions/zoxide/zoxide-completions.nu *
      # alias
      # use aliases/git/git-aliases.nu *
      use aliases/eza/eza-aliases.nu *
      use aliases/bat/bat-aliases.nu *
      # modules
      use modules/argx *
      use modules/lg *
      use modules/kubernetes *
    '';
  };
 }
@@ -0,0 +1,39 @@
 # Google Cloud CLI aliases
 # Based on https://cloud.google.com/sdk/docs/configurations
 # Note: Avoided conflicts with common git aliases (gc, gca, gcl, gcs, gcu, gs, etc.)
 # Configuration management
 export alias gccfg = gcloud config configurations create
 export alias gcact = gcloud config configurations activate
 export alias gclist = gcloud config configurations list
 export alias gcdel = gcloud config configurations delete
 export alias gcset = gcloud config set
 export alias gcunset = gcloud config unset
 export alias gcconfig = gcloud config list
 # Authentication
 export alias gclogin = gcloud auth login
 export alias gcauth = gcloud auth list
 export alias gcapp = gcloud auth application-default login
 # Project management
 export alias gcproj = gcloud config set project
 export alias gcget = gcloud config get-value project
 # Compute Engine
 export alias gcinst = gcloud compute instances list
 export alias gccreate = gcloud compute instances create
 export alias gcdelete = gcloud compute instances delete
 export alias gcssh = gcloud compute ssh
 export alias gck8sget = gcloud container clusters get-credentials
 # Storage
 export alias gcst = gcloud storage
 export alias gcstls = gcloud storage ls
 export alias gcstcp = gcloud storage cp
 export alias gcstrm = gcloud storage rm
 # General shortcuts
 export alias gcloud = gcloud
 export alias gcinfo = gcloud info
 export alias gcver = gcloud version
@@ -0,0 +1,72 @@
 {
  nu_scripts,
  ...
 }:
 {
  programs.nushell = {
    # load the alias file for work
    # the file must exist, otherwise nushell will complain about it!
    #
    # currently, nushell does not support conditional sourcing of files
    # https://github.com/nushell/nushell/issues/8214
    extraConfig = ''
      source /etc/agenix/alias-for-work.nushell
      $env.CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC = "1"
      # using claude-code with kimi k2
      # https://platform.moonshot.cn/docs/guide/agent-support
      # $env.ANTHROPIC_BASE_URL = "https://api.moonshot.cn/anthropic/"
      # $env.ANTHROPIC_AUTH_TOKEN = $env.MOONSHOT_API_KEY
      # $env.ANTHROPIC_MODEL = "kimi-k2-thinking"
      # $env.ANTHROPIC_DEFAULT_HAIKU_MODEL = "kimi-k2-thinking-turbo"
      # using claude-code with glm llm
      # https://docs.bigmodel.cn/cn/coding-plan/tool/claude
      $env.ANTHROPIC_BASE_URL = "https://open.bigmodel.cn/api/anthropic"
      $env.ANTHROPIC_AUTH_TOKEN = $env.ZAI_API_KEY
      $env.ANTHROPIC_MODEL = "glm-4.6"
      $env.ANTHROPIC_DEFAULT_HAIKU_MODEL = "glm-4.5-air"
      # using claude-code with qwen llm
      # https://bailian.console.aliyun.com/?tab=doc#/doc/?type=model&url=2949529
      # $env.ANTHROPIC_BASE_URL = "https://dashscope.aliyuncs.com/apps/anthropic"
      # $env.ANTHROPIC_AUTH_TOKEN = $env.DASHSCOPE_API_KEY
      # $env.ANTHROPIC_MODEL = "qwen-plus" # 千万别用 qwen-max, 价格
      # $env.ANTHROPIC_DEFAULT_HAIKU_MODEL = "qwen-turbo"
      # Directories in this constant are searched by the
      # `use` and `source` commands.
      const NU_LIB_DIRS = $NU_LIB_DIRS ++ ['${nu_scripts}']
      # -*- completion -*-
      use custom-completions/cargo/cargo-completions.nu *
      use custom-completions/curl/curl-completions.nu *
      use custom-completions/git/git-completions.nu *
      use custom-completions/glow/glow-completions.nu *
      use custom-completions/just/just-completions.nu *
      use custom-completions/make/make-completions.nu *
      use custom-completions/man/man-completions.nu *
      use custom-completions/nix/nix-completions.nu *
      use custom-completions/ssh/ssh-completions.nu *
      use custom-completions/tar/tar-completions.nu *
      use custom-completions/tcpdump/tcpdump-completions.nu *
      use custom-completions/zellij/zellij-completions.nu *
      use custom-completions/zoxide/zoxide-completions.nu *
      # -*- alias -*-
      use aliases/git/git-aliases.nu *
      use aliases/eza/eza-aliases.nu *
      use aliases/bat/bat-aliases.nu *
      use ${./aliases/gcloud.nu} *
      # -*- modules -*-
      # argx & lg is required by the kubernetes module
      use modules/argx *
      use modules/lg *
      # k8s/helm aliases, completions, 
      use modules/kubernetes *
      # a wrapper around the jc cli tool, convert cli outputs to nushell tables
      # use modules/jc
    '';
  };
 }
@@ -9,8 +9,21 @@
  programs.ssh = {
    enable = true;
    # default config
    enableDefaultConfig = false;
    matchBlocks."*" = {
      forwardAgent = false;
      # "a private key that is used during authentication will be added to ssh-agent if it is running"
      addKeysToAgent = "yes";
      compression = true;
      serverAliveInterval = 0;
      serverAliveCountMax = 3;
      hashKnownHosts = false;
      userKnownHostsFile = "~/.ssh/known_hosts";
      controlMaster = "no";
      controlPath = "~/.ssh/master-%r@%n:%p";
      controlPersist = "no";
    };
    matchBlocks = {
      "github.com" = {
@@ -1,6 +1,33 @@
 # Home Manager's Darwin Submodules
-1. `core.nix`: some basic configuration.
+This directory contains macOS-specific Home Manager configurations for Darwin systems.
-2. `shell.nix`: shell related.
+
-3. `rime-squirrel.nix`: [rime-squirrel](https://github.com/rime/squirrel)'s configuration.
+## Configuration Modules
-4. `default.nix`: the entrypoint of darwin's configuration, it import all the submodules above.
+
 ### Core Configurations
 - **default.nix**: Entry point that imports all Darwin configurations
 - **shell.nix**: Shell configurations and environment settings
 - **rime-squirrel.nix**: [Rime Squirrel](https://github.com/rime/squirrel) input method
  configuration
 ### Window Management
 - **aerospace/**: [Aerospace](https://github.com/nikitabobko/AeroSpace) tiling window manager
  configuration
  - Custom keybindings and workspace management
  - Application-specific window rules
 ### Network Configuration
 - **proxy/**: Network proxy configurations
  - `proxychains.conf`: Proxy chains configuration for network routing
  - Proxy settings for development tools and applications
 ## Features
 - macOS-specific package installations and configurations
 - Native macOS applications and utilities
 - Touch ID and system integration
 - Homebrew integration for additional packages
 - macOS-specific shell configurations and aliases
@@ -130,8 +130,8 @@ alt-3 = 'workspace 3Work'
 alt-4 = 'workspace 4Firefox'
 alt-5 = 'workspace 5Chrome'
 alt-6 = 'workspace 6Chat'
-alt-7 = 'workspace 7Music'
+alt-7 = 'workspace 7Work'
-alt-8 = 'workspace 8Mail'
+alt-8 = 'workspace 8Music'
 alt-9 = 'workspace 9File'
 alt-0 = 'workspace 0Other'
 alt-a = 'workspace A'          # In your config, you can drop workspace bindings that you don't need
@@ -146,8 +146,8 @@ alt-shift-3 = 'move-node-to-workspace 3Work'
 alt-shift-4 = 'move-node-to-workspace 4Firefox'
 alt-shift-5 = 'move-node-to-workspace 5Chrome'
 alt-shift-6 = 'move-node-to-workspace 6Chat'
-alt-shift-7 = 'move-node-to-workspace 7Music'
+alt-shift-7 = 'move-node-to-workspace 7Work'
-alt-shift-8 = 'move-node-to-workspace 8Mail'
+alt-shift-8 = 'move-node-to-workspace 8Music'
 alt-shift-9 = 'move-node-to-workspace 9File'
 alt-shift-0 = 'move-node-to-workspace 0Other'
 alt-shift-a = 'move-node-to-workspace A'
@@ -246,22 +246,22 @@ run = 'move-node-to-workspace 6Chat'
 if.app-id = 'com.tencent.qq'
 run = 'move-node-to-workspace 6Chat'
 [[on-window-detected]]
 if.app-id = 'com.tencent.QQMusicMac'
 run = 'move-node-to-workspace 7Music'
 [[on-window-detected]]
 if.app-id = 'com.netease.163music'
 run = 'move-node-to-workspace 7Music'
 [[on-window-detected]]
 if.app-id = 'com.apple.mail'
-run = 'move-node-to-workspace 8Mail'
+run = 'move-node-to-workspace 7Work'
 # calendar
 [[on-window-detected]]
 if.app-id = 'com.apple.iCal'
-run = 'move-node-to-workspace 8Mail'
+run = 'move-node-to-workspace 7Work'
 [[on-window-detected]]
 if.app-id = 'com.tencent.QQMusicMac'
 run = 'move-node-to-workspace 8Music'
 [[on-window-detected]]
 if.app-id = 'com.netease.163music'
 run = 'move-node-to-workspace 8Music'
 [[on-window-detected]]
 if.app-id = 'com.apple.finder'
@@ -296,6 +296,11 @@ run = ['layout floating', 'move-node-to-workspace 0Other']
 if.app-id = 'ai.elementlabs.lmstudio'
 run = ['layout floating', 'move-node-to-workspace 0Other']
 # Clash Verge - has problem with floating
 [[on-window-detected]]
 if.app-id = 'io.github.clash-verge-rev.clash-verge-rev'
 run = ['move-node-to-workspace 0Other']
 [[on-window-detected]]
 if.app-id = 'us.zoom.xos'
 run = 'move-node-to-workspace 0Other'
@@ -310,11 +315,6 @@ run = ['layout floating']
 if.app-id = 'com.apple.systempreferences'
 run = ['layout floating']
 # Clash Verge - has problem with floating
 [[on-window-detected]]
 if.app-id = 'io.github.clash-verge-rev.clash-verge-rev'
 run = ['move-node-to-workspace 0Other']
 # Make all windows float by default
 [[on-window-detected]]
 check-further-callbacks = true
@@ -331,7 +331,7 @@ run = ['layout floating']
 4Firefox = ['main']
 5Chrome = ['main']
 6Chat = ['built-in']
-7Music = ['built-in']
+7Work = ['main']
-8Mail = ['main']
+8Music = ['built-in']
 9File = ['main']
 0Other = ['main']
@@ -0,0 +1,9 @@
 { lib, ... }:
 let
  fontSize = 15;
 in
 {
  programs.alacritty.settings.font.size = lib.mkForce fontSize;
  programs.ghostty.settings.font-size = lib.mkForce fontSize;
  programs.kitty.font.size = lib.mkForce fontSize;
 }
@@ -1,10 +1,34 @@
 # Home Manager's Linux Submodules
-1. `base`: The base module that is suitable for any NixOS environment.
+This directory contains Linux-specific Home Manager configurations organized for different use
-2. `desktop`: Configuration for desktop environments, such as Hyprland, I3, etc.
+cases.
-3. `server.nix`: Configuration which is suitable for both servers and desktops. It import only
+
-   `base` as its submodule.
+## Configuration Modules
-   1. used by all my nixos servers.
+
-4. `desktop.nix`: the entrypoint of desktop's configuration, it import both `base` and `desktop` as
+### Core Configurations
-   its submodules.
+
-   1. used by all my nixos desktops.
+- **core.nix**: Essential Linux-specific configurations and settings
 - **base/**: Base Linux configurations including shell, tools, and utilities
  - `shell.nix`: Shell configurations and aliases
  - `tools.nix`: Essential command-line tools and utilities
 ### Desktop Configurations
 - **gui/**: Desktop environment configurations
  - **hyprland/**: Hyprland window manager with custom keybindings and settings
  - **niri/**: Niri compositor configuration
  - **base/**: Common desktop applications and services
  - **editors/**: Text editor configurations for desktop environments
 ### Available Entry Points
 - **core.nix**: Core Linux configuration, suitable for basic setups
 - **tui.nix**: Terminal-based interface configuration for lightweight environments
 - **gui.nix**: Graphical user interface configuration entry point, imports desktop environments
 ## Usage
 - **Lightweight/Terminal**: Use `core.nix` or `tui.nix` for terminal-focused setups
 - **Desktops**: Use `gui.nix` for full desktop environments with window managers like Hyprland or
  Niri
 - **Custom**: Mix and match configurations as needed for your specific use case
@@ -1,17 +1,49 @@
-# Desktop Related
+# Desktop Environment Configurations
-3. `base`: all common configurations for all desktops.
+This directory contains desktop environment and window manager configurations managed by Home
 4. `hyprland`: Hyprland's configuration.
 ## Why install I3/Hyprland in Home Manager instead of a NixOS Module?
 1. I3 & Hyprland's configuration file is located in `~/.config`, which can be easily managed by Home
 Manager.
-2. I have many user-specific systemd services, such gammastep, wallpaper-switcher, etc. Which can be
+
-   easily managed by Home Manager, but if we add i3/hyprland in a NixOS Module, those user-level
+## Available Configurations
-   services may failed to start automatically. With i3/hyprland in a Home Manager Module, we can
+
-   control their systemd service's dependent order more easily, so we can avoid issues like this.
+### Window Managers
-3. By install packages as less as possible in NixOS Module, we can:
+
-   1. Make the NixOS system more secure and stable.
+- **hyprland**: Hyprland compositor configuration with custom keybindings, settings, and window
-   2. Make this flake more portable to other non-NixOS systems, as home-manager can be installed on
+  rules
-      any Linux system.
+- **niri**: Niri compositor configuration with custom settings, keybindings, spawn-at-startup rules,
  and window rules
 ### Base Desktop Environment
 - **base**: Common desktop configurations shared across all environments, including:
  - Desktop applications (anyrun, mako, waybar, wlogout)
  - Creative tools and media applications
  - Development tools
  - Eye protection utilities (gammastep)
  - Fcitx5 input method framework
  - Games and gaming utilities
  - GTK theme configurations
  - Immutable file handling
  - Note-taking applications
  - Wallpaper management with auto-switcher
  - Wayland applications
  - XDG desktop configurations
 ### Editor Configurations
 - **editors**: Text editor configurations and integrations
 ## Why install Desktop Environments in Home Manager instead of NixOS Module?
 1. **Configuration Location**: Desktop environment configuration files are located in `~/.config`,
   which can be easily managed by Home Manager.
 2. **User-specific Services**: Many user-specific systemd services (gammastep, wallpaper-switcher,
   etc.) can be easily managed by Home Manager. If desktop environments were configured via NixOS
   Module, these user-level services might fail to start automatically. With Home Manager modules,
   we can control systemd service dependency order more effectively.
 3. **System Benefits**: By minimizing package installation through NixOS Module:
   - Makes the NixOS system more secure and stable
   - Increases portability to non-NixOS systems, as Home Manager can be installed on any Linux
     system
   - Allows for easier switching between different window managers without system-level changes
@@ -0,0 +1,15 @@
 {
  pkgs,
  ...
 }:
 {
  home.packages = with pkgs; [
    nixpaks.firefox
  ];
  # source code: https://github.com/nix-community/home-manager/blob/master/modules/programs/chromium.nix
  programs.google-chrome = {
    enable = true;
    package = if pkgs.stdenv.isAarch64 then pkgs.chromium else pkgs.google-chrome;
  };
 }
@@ -1,9 +1,6 @@
 {
  lib,
  pkgs,
  pkgs-unstable,
  # pkgs-stable,
  nur-ryan4yin,
  blender-bin,
  ...
 }:
@@ -23,29 +20,27 @@
      # aseprite # Animated sprite editor & pixel art tool
      # this app consumes a lot of storage, so do not install it currently
-      # kicad     # 3d printing, eletrical engineering
+      # kicad     # 3d printing, electrical engineering
    ]
    ++ (lib.optionals pkgs.stdenv.isx86_64 [
      # https://github.com/edolstra/nix-warez/blob/master/blender/flake.nix
-      blender-bin.packages.${pkgs.system}.blender_4_2 # 3d modeling
+      blender-bin.packages.${pkgs.stdenv.hostPlatform.system}.blender_4_2 # 3d modeling
      ldtk # A modern, versatile 2D level editor
      # fpga
-      python313Packages.apycula # gowin fpga
+      # python313Packages.apycula # gowin fpga
-      yosys # fpga synthesis
+      # yosys # fpga synthesis
-      nextpnr # fpga place and route
+      # nextpnr # fpga place and route
-      openfpgaloader # fpga programming
+      # openfpgaloader # fpga programming
-      # nur-ryan4yin.packages.${pkgs.system}.gowin-eda-edu-ide # app: `gowin-env` => `gw_ide` / `gw_pack` / ...
+      # nur-ryan4yin.packages.${pkgs.stdenv.hostPlatform.system}.gowin-eda-edu-ide # app: `gowin-env` => `gw_ide` / `gw_pack` / ...
    ]);
  programs = {
    # live streaming
    obs-studio = {
      enable = pkgs.stdenv.isx86_64;
-      plugins =
+      plugins = with pkgs.obs-studio-plugins; [
        with pkgs.obs-studio-plugins;
        [
        # screen capture
        wlrobs
        # obs-ndi
@@ -68,11 +63,9 @@
        obs-backgroundremoval
        # advanced-scene-switcher
        obs-pipewire-audio-capture
        ]
        ++ (lib.optionals pkgs.stdenv.isx86_64 [
        obs-vaapi
        obs-3d-effect
-        ]);
+      ];
    };
  };
 }
@@ -0,0 +1,66 @@
 {
  pkgs,
  anyrun,
  ...
 }:
 let
  anyrunPackages = anyrun.packages.${pkgs.stdenv.hostPlatform.system};
 in
 {
  imports = [
    (
      { modulesPath, ... }:
      {
        # Important! We disable home-manager's module to avoid option
        # definition collisions
        disabledModules = [ "${modulesPath}/programs/anyrun.nix" ];
      }
    )
    anyrun.homeManagerModules.default
  ];
  programs.anyrun = {
    enable = true;
    # The package should come from the same flake as all the plugins to avoid breakage.
    package = anyrunPackages.anyrun;
    config = {
      # The horizontal position.
      # when using `fraction`, it sets a fraction of the width or height of the screen
      x.fraction = 0.5; # at the middle of the screen
      # The vertical position.
      y.fraction = 0.05; # at the top of the screen
      # The width of the runner.
      width.fraction = 0.3; # 30% of the screen
      hideIcons = false;
      ignoreExclusiveZones = false;
      layer = "overlay";
      hidePluginInfo = false;
      closeOnClick = true;
      showResultsImmediately = true;
      maxEntries = null;
      # https://github.com/anyrun-org/anyrun/tree/master/plugins
      plugins = with anyrunPackages; [
        applications # Launch applications
        dictionary # Look up word definitions using the Free Dictionary API.
        nix-run # search & run graphical apps from nixpkgs via `nix run`, without installing it.
        # randr         # quickly change monitor configurations on the fly
        rink # A simple calculator plugin
        symbols # Look up unicode symbols and custom user defined symbols.
        translate # ":zh <text to translate>" Quickly translate text using the Google Translate API.
        niri-focus # Search for & focus the window via title/appid on Niri
      ];
    };
    extraConfigFiles = {
      "symbols.ron".source = ./conf/anyrun/symbols.ron;
      "applications.ron".source = ./conf/anyrun/applications.ron;
    };
  };
  # https://github.com/anyrun-org/anyrun/discussions/179
  xdg.configFile."anyrun/style.css".source = ./conf/anyrun/style.css;
 }
@@ -0,0 +1,16 @@
 Config(
  // Also show the Desktop Actions defined in the desktop files, e.g. "New Window" from LibreWolf
  desktop_actions: true,
  max_entries: 5,
  // The terminal used for running terminal based desktop entries, if left as `None` a static list of terminals is used
  // to determine what terminal to use.
  terminal: Some(Terminal(
    // The main terminal command
    command: "alacritty",
    // What arguments should be passed to the terminal process to run the command correctly
    // {} is replaced with the command in the desktop entry
    args: "-e {}",
  )),
 )
@@ -0,0 +1,101 @@
 /* ===== Color variables ===== */
 :root {
  --bg-color: #313244;
  --fg-color: #cdd6f4;
  --primary-color: #89b4fa;
  --secondary-color: #cba6f7;
  --border-color: var(--primary-color);
  --selected-bg-color: var(--primary-color);
  --selected-fg-color: var(--bg-color);
 }
 /* ===== Global reset ===== */
 * {
  all: unset;
  font-family: "JetBrainsMono Nerd Font", monospace;
 }
 /* ===== Transparent window ===== */
 window {
  background: transparent;
 }
 /* ===== Main container ===== */
 box.main {
  border-radius: 16px;
  background-color: color-mix(in srgb, var(--bg-color) 80%, transparent);
  border: 0.5px solid color-mix(in srgb, var(--fg-color) 25%, transparent);
  padding: 12px; /* add uniform padding around the whole box */
 }
 /* ===== Input field ===== */
 text {
  font-size: 1.3rem;
  background: transparent;
  border: 1px solid var(--border-color);
  border-radius: 16px;
  margin-bottom: 12px;
  padding: 5px 10px;
  min-height: 44px;
  caret-color: var(--primary-color);
 }
 /* ===== List container ===== */
 .matches {
  background-color: transparent;
 }
 /* ===== Single match row ===== */
 .match {
  font-size: 1.1rem;
  padding: 4px 10px; /* tight vertical spacing */
  border-radius: 6px;
 }
 /* Remove default label margins */
 .match * {
  margin: 0;
  padding: 0;
  line-height: 1;
 }
 /* Selected / hover state */
 .match:selected,
 .match:hover {
  background-color: var(--selected-bg-color);
  color: var(--selected-fg-color);
 }
 .match:selected label.plugin.info,
 .match:hover label.plugin.info {
  color: var(--selected-fg-color);
 }
 .match:selected label.match.description,
 .match:hover label.match.description {
  color: color-mix(in srgb, var(--selected-fg-color) 90%, transparent);
 }
 /* ===== Plugin info label ===== */
 label.plugin.info {
  color: var(--fg-color);
  font-size: 1rem;
  min-width: 160px;
  text-align: left;
 }
 /* ===== Description label ===== */
 label.match.description {
  font-size: 0rem;
  color: var(--fg-color);
 }
 /* ===== Fade-in animation ===== */
@keyframes fade {
  0% {
    opacity: 0;
  }
  100% {
    opacity: 1;
  }
 }
@@ -0,0 +1,10 @@
 Config(
  // The prefix that the search needs to begin with to yield symbol results
  prefix: "",
  // Custom user defined symbols to be included along the unicode symbols
  symbols: {
    // "name": "text to be copied"
    "shrug": "¯\\_(ツ)_/¯",
  },
  max_entries: 3,
 )
@@ -1,4 +1,3 @@
 general {
    lock_cmd = pidof swaylock || swaylock              # avoid starting multiple instances
    before_sleep_cmd = loginctl lock-session          # lock before suspend
@@ -6,12 +5,13 @@ general {
    ignore_dbus_inhibit = false                       # whether to ignore dbus-sent idle-inhibit requests
 }
-# turn off keyboard backlight, comment out this section if you dont have a keyboard backlight.
+listener { 
-# listener { 
+    timeout = 180                                                      # 3 minutes
-#     timeout = 180                                          # 3 minutes
+    # List devices: brightnessctl --list
-#     on-timeout = brightnessctl -sd rgb:kbd_backlight set 0 # turn off keyboard backlight.
+    # Adjust keyboard backlight: brightnessctl -d kbd_backlight set 50%
-#     on-resume = brightnessctl -rd rgb:kbd_backlight        # turn on keyboard backlight.
+    on-timeout = brightnessctl --save --device=kbd_backlight set 0     # turn off keyboard backlight.
-# }
+    on-resume = brightnessctl --restore --device=kbd_backlight         # turn on keyboard backlight.
 }
 # listener {
 #     timeout = 600                                # 10min.
@@ -20,13 +20,13 @@ general {
 # }
 listener {
-    timeout = 1200                                     # 20 minutes
+    timeout = 1600                                     # 20 minutes
    on-timeout = pidof swaylock || swaylock           # lock screen
    on-resume = hyprctl dispatch dpms on              # monitor wake up
 }
 listener {
-    timeout = 1260                                             # 21 minutes
+    timeout = 1660                                             # 31 minutes
    on-timeout = hyprctl dispatch dpms off                     # screen off
    on-resume = hyprctl dispatch dpms on && brightnessctl -r   # monitor wake up & screen on
 }
@@ -0,0 +1,75 @@
 {
  config,
  pkgs,
  ...
 }:
 {
  imports = [
    ./anyrun.nix
    ./nvidia.nix
  ];
  # wayland related
  home.sessionVariables = {
    "NIXOS_OZONE_WL" = "1"; # for any ozone-based browser & electron apps to run on wayland
    "MOZ_ENABLE_WAYLAND" = "1"; # for firefox to run on wayland
    "MOZ_WEBRENDER" = "1";
    # enable native Wayland support for most Electron apps
    "ELECTRON_OZONE_PLATFORM_HINT" = "auto";
    # misc
    "_JAVA_AWT_WM_NONREPARENTING" = "1";
    "QT_WAYLAND_DISABLE_WINDOWDECORATION" = "1";
    "QT_QPA_PLATFORM" = "wayland";
    "SDL_VIDEODRIVER" = "wayland";
    "GDK_BACKEND" = "wayland";
    "XDG_SESSION_TYPE" = "wayland";
  };
  home.packages = with pkgs; [
    swaybg # the wallpaper
    wl-clipboard # copying and pasting
    hyprpicker # color picker
    brightnessctl
    # audio
    alsa-utils # provides amixer/alsamixer/...
    networkmanagerapplet # provide GUI app: nm-connection-editor
    # screenshot/screencast
    flameshot
    hyprshot # screen shot
    wf-recorder # screen recording
  ];
  xdg.configFile =
    let
      mkSymlink = config.lib.file.mkOutOfStoreSymlink;
      confPath = "${config.home.homeDirectory}/nix-config/home/linux/gui/base/desktop/conf";
    in
    {
      "mako".source = mkSymlink "${confPath}/mako";
      "waybar".source = mkSymlink "${confPath}/waybar";
      "wlogout".source = mkSymlink "${confPath}/wlogout";
      "hypr/hypridle.conf".source = mkSymlink "${confPath}/hypridle.conf";
    };
  # status bar
  programs.waybar = {
    enable = true;
    systemd.enable = true;
  };
  # Disable catppuccin to avoid conflict with my non-nix config.
  catppuccin.waybar.enable = false;
  # screen locker
  programs.swaylock.enable = true;
  # Logout Menu
  programs.wlogout.enable = true;
  catppuccin.wlogout.enable = false;
  # Hyprland idle daemon
  services.hypridle.enable = true;
  # notification daemon, the same as dunst
  services.mako.enable = true;
  catppuccin.mako.enable = false;
 }
@@ -0,0 +1,26 @@
 {
  config,
  lib,
  ...
 }:
 with lib;
 let
  cfg = config.modules.desktop.nvidia;
 in
 {
  options.modules.desktop.nvidia = {
    enable = mkEnableOption "whether nvidia GPU is used";
  };
  config = mkIf (cfg.enable && cfg.enable) {
    home.sessionVariables = {
      # for hyprland with nvidia gpu" = " ref https://wiki.hyprland.org/Nvidia/
      "LIBVA_DRIVER_NAME" = "nvidia";
      "__GLX_VENDOR_LIBRARY_NAME" = "nvidia";
      # VA-API hardware video acceleration
      "NVD_BACKEND" = "direct";
      "GBM_BACKEND" = "nvidia-drm";
    };
  };
 }
@@ -0,0 +1,59 @@
 {
  lib,
  pkgs,
  pkgs-master,
  ...
 }:
 let
  vscodeCliArgs = [
    # https://code.visualstudio.com/docs/configure/settings-sync#_recommended-configure-the-keyring-to-use-with-vs-code
    # For use with any package that implements the Secret Service API
    # (for example gnome-keyring, kwallet5, KeepassXC)
    "--password-store=gnome-libsecret"
  ];
  code-cursor = pkgs-master.code-cursor;
  # (pkgs-master.code-cursor.override {
  #   commandLineArgs = lib.concatStringsSep " " vscodeCliArgs;
  # }).overrideAttrs
  #   (oldAttrs: rec {
  #     pname = "cursor";
  #     version = "2.1.36";
  #     src =
  #       with pkgs-master;
  #       appimageTools.extract {
  #         inherit pname version;
  #         src =
  #           let
  #             sources = {
  #               x86_64-linux = fetchurl {
  #                 # curl -s https://api2.cursor.sh/updates/api/download/stable/linux-x64/cursor | jq
  #                 url = "https://downloads.cursor.com/production/9cd7c8b6cebcbccc1242df211dee45a4b6fe15e4/linux/x64/Cursor-2.1.36-x86_64.AppImage";
  #                 hash = "sha256-aaprRB2BAaUCHj7m5aGacCBHisjN2pVZ+Ca3u1ifxBA=";
  #               };
  #               aarch64-linux = fetchurl {
  #                 # curl -s https://api2.cursor.sh/updates/api/download/stable/linux-arm64/cursor | jq
  #                 url = "https://downloads.cursor.com/production/9cd7c8b6cebcbccc1242df211dee45a4b6fe15e4/linux/arm64/Cursor-2.1.36-aarch64.AppImage";
  #                 hash = "sha256-S2vFYBI6m0zjBJEDbk7gc6/zFiKWyhM73OUm1xsNx6Q=";
  #               };
  #             };
  #           in
  #           sources.${stdenv.hostPlatform.system};
  #       };
  #     sourceRoot = "${pname}-${version}-extracted/usr/share/cursor";
  #   });
 in
 {
  home.packages = [
    pkgs.zed-editor
    code-cursor
  ];
  programs.vscode = {
    enable = true;
    package = pkgs-master.vscode.override {
      commandLineArgs = vscodeCliArgs;
    };
  };
 }
@@ -14,13 +14,15 @@
    type = "fcitx5";
    fcitx5.waylandFrontend = true;
    fcitx5.addons = with pkgs; [
-      # for flypy chinese input method
+      qt6Packages.fcitx5-configtool # GUI for fcitx5
      fcitx5-rime
      # needed enable rime using configtool after installed
      fcitx5-configtool
      fcitx5-chinese-addons
      # fcitx5-mozc    # japanese input method
      fcitx5-gtk # gtk im module
      # Chinese
      fcitx5-rime # for flypy chinese input method
      # fcitx5-chinese-addons # we use rime instead
      # Japanese
      fcitx5-mozc-ut
    ];
  };
 }
@@ -1,10 +1,10 @@
 [Groups/0]
 # Group Name
-Name=Default
+Name=Intl
 # Layout
 Default Layout=us
 # Default Input Method
-DefaultIM=rime
+DefaultIM=keyboard-us-altgr-intl
 [Groups/0/Items/0]
 # Name
@@ -14,10 +14,43 @@ Layout=
 [Groups/0/Items/1]
 # Name
 Name=keyboard-us-intl
 # Layout
 Layout=
 [Groups/0/Items/2]
 # Name
 Name=keyboard-us-altgr-intl
 # Layout
 Layout=
 [Groups/1]
 # Group Name
 Name=Default
 # Layout
 Default Layout=us
 # Default Input Method
 DefaultIM=rime
 [Groups/1/Items/0]
 # Name
 Name=keyboard-us
 # Layout
 Layout=
 [Groups/1/Items/1]
 # Name
 Name=rime
 # Layout
 Layout=
 [Groups/1/Items/2]
 # Name
 Name=mozc
 # Layout
 Layout=
 [GroupOrder]
 0=Default
 1=Intl
@@ -1,13 +0,0 @@
 {
  pkgs,
  nix-gaming,
  ...
 }:
 {
  home.packages = with pkgs; [
    # nix-gaming.packages.${pkgs.system}.osu-laser-bin
    gamescope # SteamOS session compositing window manager
    prismlauncher # A free, open source launcher for Minecraft
    winetricks # A script to install DLLs needed to work around problems in Wine
  ];
 }
@@ -0,0 +1,76 @@
 {
  pkgs,
  pkgs-x64,
  osConfig,
  config,
  lib,
  ...
 }:
 with lib;
 let
  cfg = config.modules.desktop.gaming;
 in
 {
  options.modules.desktop = {
    gaming = {
      enable = mkEnableOption "Install Game Suite(steam, lutris, etc)";
    };
  };
  config = mkIf cfg.enable {
    # ==========================================================================
    # Other Optimizations
    # Usage:
    #  Lutris - enable advanced options, go to the System options -> Command prefix, add: `mangohud`
    #  Steam  - add this as a launch option: `mangohud %command%` / `gamemoderun %command%`
    # ==========================================================================
    home.packages =
      (with pkgs; [
        # https://github.com/flightlessmango/MangoHud
        # a simple overlay program for monitoring FPS, temperature, CPU and GPU load, and more.
        mangohud
        # GUI for installing custom Proton versions like GE_Proton
        # proton - a Wine distribution aimed at gaming
        protonplus
        # Script to install various redistributable runtime libraries in Wine.
        winetricks
        # https://github.com/Open-Wine-Components/umu-launcher
        # a unified launcher for Windows games on Linux
        umu-launcher
        # Sed-like editor for binary files
        # required by some games to fix problems
        bbe
      ])
      ++ (with pkgs-x64; [
        # a game launcher - great for epic games and gog games
        (heroic.override {
          extraPkgs = _pkgs: [
            pkgs.gamescope # aarch64
          ];
        })
      ]);
    # a GUI game launcher for Steam/GoG/Epic
    # https://lutris.net/games?ordering=-popularity
    programs.lutris = {
      enable = true;
      defaultWinePackage = pkgs-x64.proton-ge-bin;
      steamPackage = osConfig.programs.steam.package;
      protonPackages = [ pkgs-x64.proton-ge-bin ];
      winePackages = with pkgs-x64; [
        wineWow64Packages.full
        wineWowPackages.stagingFull
      ];
      extraPackages = with pkgs; [
        winetricks
        gamescope
        gamemode
        mangohud
        umu-launcher
      ];
    };
  };
 }
@@ -38,10 +38,5 @@
    };
    gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
    iconTheme = {
      name = "Papirus-Dark";
      package = pkgs.papirus-icon-theme;
    };
  };
 }
@@ -1,14 +1,11 @@
 {
  pkgs,
-  pkgs-unstable,
+  pkgs-x64,
  nur-ryan4yin,
  ...
 }:
 # media - control and enjoy audio/video
 {
-  home.packages =
+  home.packages = with pkgs; [
    with pkgs;
    [
    # audio control
    pavucontrol
    playerctl
@@ -19,12 +16,10 @@
    libva-utils
    vdpauinfo
    vulkan-tools
-      glxinfo
+    mesa-demos
    nvitop
-    ]
+    (pkgs-x64.zoom-us.override { hyprlandXdgDesktopPortalSupport = true; })
-    ++ (lib.optionals pkgs.stdenv.isx86_64 [
+  ];
      (zoom-us.override { hyprlandXdgDesktopPortalSupport = true; })
    ]);
  programs.mpv = {
    enable = true;
@@ -1,6 +1,5 @@
 {
  pkgs,
  pkgs-unstable,
  ...
 }:
 {
@@ -10,19 +9,16 @@
    # do not support .pdf
    foliate
    # instant messaging
    telegram-desktop
    # discord # update too frequently, use the web version instead
    # remote desktop(rdp connect)
    remmina
    freerdp # required by remmina
    # my custom hardened packages
-    pkgs.nixpaks.qq
+    nixpaks.qq
-    pkgs.nixpaks.qq-desktop-item
+    nixpaks.telegram-desktop
    # qqmusic
-    pkgs.bwraps.wechat
+    bwraps.wechat
    # discord # update too frequently, use the web version instead
  ];
  # allow fontconfig to discover fonts and configurations installed through home.packages
@@ -5,6 +5,6 @@
    (lib.optionals pkgs.stdenv.isx86_64 [
      # https://joplinapp.org/help/
      joplin # joplin-cli
-      joplin-desktop
+      # joplin-desktop
    ]);
 }
@@ -10,8 +10,7 @@
    Unit = {
      Description = "Wallpaper Switcher daemon";
      After = [
-        "graphical-session-pre.target"
+        "graphical-session.target"
        "xdg-desktop-autostart.target"
      ];
      Wants = [ "graphical-session-pre.target" ];
    };
@@ -1,7 +0,0 @@
 { pkgs, ... }:
 {
  home.packages = with pkgs; [
    zed-editor
    code-cursor
  ];
 }
@@ -40,7 +40,6 @@ bind  =  ,    XF86AudioPlay,          exec,        playerctl play-pause
 bind  =  ,    XF86AudioNext,          exec,        playerctl next
 bind  =  ,    XF86AudioPrev,          exec,        playerctl previous
 bind  =  ,    XF86Search,             exec,        anyrun
 bind  =  ,    XF86PowerOff,           exec,        shutdown -h now
 # WORKSPACES
 # ============================================================================
@@ -137,3 +136,14 @@ bind =   CTRL,       Print,  exec,  hyprshot -m region -o ~/Pictures/Screenshots
 bind =   CTRL ALT,   l,      exec,  swaylock
 bind =   $mod SHIFT, x,      exec,  wlogout
 bind =   $mod,       n,      exec,  nm-connection-editor  # need install network-manager-applet
 # Gestures
 # ============================================================================
 # https://wiki.hypr.land/Configuring/Gestures/
 # gesture = fingers, direction, action, options
 gesture = 3, horizontal, workspace
 gesture = 3, down, mod: ALT, close
 gesture = 3, up, mod: SUPER, scale: 1.5, fullscreen
@@ -103,11 +103,6 @@ master {
  new_on_top = true
 }
 # See: https://wiki.hyprland.org/Configuring/Variables
 gestures {
  workspace_swipe = off
 }
 #-- Input ----------------------------------------------------
 # Configure mouse and touchpad here.
 input {
--- a/Show More
+++ b/Show More