feat: my custom libAttrs

docs: update README
feat: homebrew - darwin
2026-05-28 18:39:31 +02:00 · 2023-12-23 11:06:50 +08:00 · 2023-12-23 11:06:50 +08:00 · 2023-12-22 21:23:23 +08:00 · 2023-12-22 21:20:02 +08:00 · 2023-12-22 21:03:25 +08:00
126 changed files with 2870 additions and 2140 deletions
@@ -0,0 +1 @@
+use flake
@@ -0,0 +1,24 @@
+name: Nix Flake Check
+
+on: [push, pull_request, workflow_dispatch]
+
+jobs:
+  checks:
+    name: Check expressions
+    runs-on: ubuntu-latest
+
+    steps:
+      # - name: Checkout repository
+      #   uses: actions/checkout@v4
+      # - name: Install nix
+      #   uses: cachix/install-nix-action@v24
+      #   with:
+      #     install_url: https://nixos.org/nix/install
+      #     extra_nix_config: |
+      #       access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+      #       experimental-features = nix-command flakes
+
+      - name: Run Nix Flake Check
+        run: |
+          echo 'TODO: nix flake check'
+          # nix flake check
@@ -1,3 +1,5 @@
 result
 result/
+.direnv/
 .DS_Store
+.pre-commit-config.yaml
@@ -33,12 +33,18 @@ upp:
 history:
 	nix profile history --profile /nix/var/nix/profiles/system

+repl:
+	nix repl -f flake:nixpkgs
+
+eye:
+	systemctl --user start gammastep.service
+
 gc:
 	# remove all generations older than 7 days
 	sudo nix profile wipe-history --profile /nix/var/nix/profiles/system  --older-than 7d

 	# garbage collect all unused nix store entries
-	sudo nix store gc --debug
+	# sudo nix store gc --debug

 ############################################################################
 #
@@ -48,15 +54,27 @@ gc:

 darwin-set-proxy:
 	sudo python3 scripts/darwin_set_proxy.py
+	sleep 1
+
+darwin-rollback:
+	./result/sw/bin/darwin-rebuild rollback

 ha: darwin-set-proxy
 	nix build .#darwinConfigurations.harmonica.system
-	./result/sw/bin/darwin-rebuild switch --flake .
+	./result/sw/bin/darwin-rebuild switch --flake .#harmonica

 ha-debug: darwin-set-proxy
-	nix build .#darwinConfigurations.harmonica.system --show-trace --verbose
+	nom build .#darwinConfigurations.harmonica.system --show-trace --verbose
 	./result/sw/bin/darwin-rebuild switch --flake .#harmonica --show-trace --verbose

+fe: darwin-set-proxy
+	nix build .#darwinConfigurations.fern.system
+	./result/sw/bin/darwin-rebuild switch --flake .#fern
+
+fe-debug: darwin-set-proxy
+	nom build .#darwinConfigurations.fern.system --show-trace --verbose
+	./result/sw/bin/darwin-rebuild switch --flake .#fern --show-trace --verbose
+

 ############################################################################
 #
@@ -16,18 +16,20 @@

 This repository is home to the nix code that builds my systems.

-## Why Nix?
+## Why NixOS & Flakes?

-Nix allows for easy-to-manage, collaborative, reproducible deployments. This means that once something is setup and configured once, it works forever. If someone else shares their configuration, anyone can make use of it.
+Nix allows for easy-to-manage, collaborative, reproducible deployments. This means that once something is setup and configured once, it works (almost) forever. If someone else shares their configuration, anyone can make use of it(if you really understand what you're copying/refering now).

-**Want to know Nix in detail? Looking for a beginner-friendly tutorial or best practices? Check out [NixOS & Nix Flakes Book - 🛠️ ❤️ An unofficial & opinionated :book: for beginners](https://github.com/ryan4yin/nixos-and-flakes-book)!**
+As for Flakes, refer to [Introduction to Flakes - NixOS & Nix Flakes Book](https://nixos-and-flakes.thiscute.world/nixos-with-flakes/introduction-to-flakes)

-> If you're using macOS, you can also check out [ryan4yin/nix-darwin-kickstarter](https://github.com/ryan4yin/nix-darwin-kickstarter) for a quick start.
+**Want to know NixOS & Flaks in detail? Looking for a beginner-friendly tutorial or best practices? You don't have to go through the pain I've experienced again! Check out  my [NixOS & Nix Flakes Book - 🛠️ ❤️ An unofficial & opinionated :book: for beginners](https://github.com/ryan4yin/nixos-and-flakes-book)!**
+
+> If you're using macOS, check out [ryan4yin/nix-darwin-kickstarter](https://github.com/ryan4yin/nix-darwin-kickstarter) for a quick start.

 ## Components

 |                             | NixOS(Wayland)                                                                                                    | NixOS(Xorg)                                                                                                       |
-| --------------------------- | :--------------------------------------------------------------------------------------------- | :------------------------------------------------------ |
+| --------------------------- | :---------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------- |
 | **Window Manager**          | [Hyprland][Hyprland]                                                                                              | [i3][i3]                                                                                                          |
 | **Terminal Emulator**       | [Kitty][Kitty]                                                                                                    | [Kitty][Kitty]                                                                                                    |
 | **Bar**                     | [Waybar][Waybar]                                                                                                  | [i3block][i3block]                                                                                                |
@@ -47,6 +49,8 @@ Nix allows for easy-to-manage, collaborative, reproducible deployments. This mea
 | **Image Viewer**            | [imv][imv]                                                                                                        | [imv][imv]                                                                                                        |
 | **Screenshot Software**     | [grim][grim]                                                                                                      | [flameshot](https://github.com/flameshot-org/flameshot)                                                           |
 | **Screen Recording**        | [OBS][OBS]                                                                                                        | [OBS][OBS]                                                                                                        |
+| **Filesystem & Encryption** | tmpfs on `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] crypted partition for persistent, unlock via passphrase | tmpfs on `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] crypted partition for persistent, unlock via passphrase |
+| **Secure Boot**             | [lanzaboote][lanzaboote]                                                                                          | [lanzaboote][lanzaboote]                                                                                          |

 Wallpapers: https://github.com/ryan4yin/wallpapers

@@ -69,7 +73,6 @@ See [./home/base/desktop/neovim](./home/base/desktop/neovim) for details.

 See [./hosts](./hosts) for details.

-
 ## Secrets Management

 See [./secrets](./secrets) for details.
@@ -78,18 +81,10 @@ See [./secrets](./secrets) for details.

 > :red_circle: **IMPORTANT**: **You should NOT deploy this flake directly on your machine:exclamation: It will not succeed.** this flake contains my hardware configuration(such as [hardware-configuration.nix](hosts/idols/ai/hardware-configuration.nix), [cifs-mount.nix](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols/ai/cifs-mount.nix), [Nvidia Support](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols/ai/default.nix#L77-L91), etc.) which is not suitable for your hardware, and my private secrets repository [ryan4yin/nix-secrets](https://github.com/ryan4yin/nix-config/tree/main/secrets) that only I have access to. You may use this repo as a reference to build your own configuration.

-For MacOS:
-
-```bash
-# deploy the darwin configuration(harmonicia)
-make ha
-
-# deploy with details
-make ha-debug
-```
-
 For NixOS:

+> To deploy this flake from NixOS's official ISO image(purest installation method), please refer to [./hosts/idols/ai/nixos-installer/](./hosts/idols/ai/nixos-installer/)
+
 > Need to restart the machine when switching between `wayland` and `xorg`.

 ```bash
@@ -106,27 +101,22 @@ make i3-debug
 # make hypr-debug
 ```

-To deploy this flake from NixOS's official ISO image(purest installation method), please refer to [ryan4yin/nix-config/nixos-install](https://github.com/ryan4yin/nix-config/tree/nixos-install)
-
-## Install Apps from Flatpak
-
-We can install apps from flathub, which has a lot of apps that are not supported well in nixpkgs.
+For macOS:

 ```bash
-# Add the Flathub repository
-flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
+# deploy harmonicia's configuration(macOS Intel)
+make ha

-# install apps from flathub
-flatpak install netease-cloud-music-gtk
+# deploy fern's configuration(Apple Silicon)
+make fe

-# install 3d printer slicer - cura
-flatpak install flathub com.ultimaker.cura
-
-# or you can search apps from flathub
-flatpak search <keyword>
-# search on website is also supported: https://flathub.org/
+# deploy with details
+make ha-debug
+# make fe
 ```

+> [What y'all will need when Nix drives you to drink.](https://www.youtube.com/watch?v=Eni9PPPPBpg) (copy from hlissner's dotfiles, it really matches my feelings when I first started using NixOS...)
+
 ## How to create & managage VM from this flake?

 use `aquamarine` as an example, we can create a virtual machine with the following command:
@@ -169,6 +159,8 @@ Other dotfiles that inspired me:
  - [gvolpe/nix-config](https://github.com/gvolpe/nix-config)
  - [Ruixi-rebirth/flakes](https://github.com/Ruixi-rebirth/flakes)
  - [fufexan/dotfiles](https://github.com/fufexan/dotfiles): gtk theme, xdg, git, media, anyrun, etc.
+- Modularized NixOS Configuration
+  - [hlissner/dotfiles](https://github.com/hlissner/dotfiles)
 - Hyprland(wayland)
  - [notwidow/hyprland](https://github.com/notwidow/hyprland): This is where I start my hyprland journey.
  - [HeinzDev/Hyprland-dotfiles](https://github.com/HeinzDev/Hyprland-dotfiles): Refer to the waybar configuration here.
@@ -213,3 +205,6 @@ Other dotfiles that inspired me:
 [thunar]: https://gitlab.xfce.org/xfce/thunar
 [ranger]: https://github.com/ranger/ranger
 [Catppuccin]: https://github.com/catppuccin/catppuccin
+[Btrfs]: https://btrfs.readthedocs.io
+[LUKS]: https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system
+[lanzaboote]: https://github.com/nix-community/lanzaboote
@@ -0,0 +1,17 @@
+rec {
+  # user information
+  username = "ryan";
+  userfullname = "Ryan Yin";
+  useremail = "xiaoyin_c@qq.com";
+
+  allSystemAttrs = {
+    # linux systems
+    x64_system = "x86_64-linux";
+    riscv64_system = "riscv64-linux";
+    aarch64_system = "aarch64-linux";
+    # darwin systems
+    x64_darwin = "x86_64-darwin";
+    aarch64_darwin = "aarch64-darwin";
+  };
+  allSystems = builtins.attrValues allSystemAttrs;
+}
@@ -16,258 +16,72 @@
  outputs = inputs @ {
    self,
    nixpkgs,
-    nixpkgs-unstable,
-    nix-darwin,
-    home-manager,
-    nixos-generators,
-    nixos-licheepi4a,
-    nixos-rk3588,
+    pre-commit-hooks,
    ...
  }: let
-    username = "ryan";
-    userfullname = "Ryan Yin";
-    useremail = "xiaoyin_c@qq.com";
+    constants = import ./constants.nix;

-    x64_system = "x86_64-linux";
-    x64_darwin = "x86_64-darwin";
-    riscv64_system = "riscv64-linux";
-    aarch64_system = "aarch64-linux";
-    allSystems = [x64_system x64_darwin riscv64_system aarch64_system];
+    # `lib.genAttrs [ "foo" "bar" ] (name: "x_" + name)` => `{ foo = "x_foo"; bar = "x_bar"; }`
+    forEachSystem = func: (nixpkgs.lib.genAttrs constants.allSystems func);

-    nixosSystem = import ./lib/nixosSystem.nix;
-    macosSystem = import ./lib/macosSystem.nix;
-    colmenaSystem = import ./lib/colmenaSystem.nix;
-
-    # 星野 アイ, Hoshino Ai
-    idol_ai_modules_i3 = {
-      nixos-modules = [
-        ./hosts/idols/ai
-        ./modules/nixos/i3.nix
-      ];
-      home-module = import ./home/linux/desktop-i3.nix;
-    };
-    idol_ai_modules_hyprland = {
-      nixos-modules = [
-        ./hosts/idols/ai
-        ./modules/nixos/hyprland.nix
-      ];
-      home-module = import ./home/linux/desktop-hyprland.nix;
-    };
-
-    # 星野 愛久愛海, Hoshino Akuamarin
-    idol_aquamarine_modules = {
-      nixos-modules = [
-        ./hosts/idols/aquamarine
-      ];
-      home-module = import ./home/linux/server.nix;
-    };
-    idol_aquamarine_tags = ["dist-build" "aqua"];
-
-    # 星野 瑠美衣, Hoshino Rubii
-    idol_ruby_modules = {
-      nixos-modules = [
-        ./hosts/idols/ruby
-      ];
-      home-module = import ./home/linux/server.nix;
-    };
-    idol_ruby_tags = ["dist-build" "ruby"];
-
-    # 有馬 かな, Arima Kana
-    idol_kana_modules = {
-      nixos-modules = [
-        ./hosts/idols/kana
-      ];
-      home-module = import ./home/linux/server.nix;
-    };
-    idol_kana_tags = ["dist-build" "kana"];
-
-    # 森友 望未, Moritomo Nozomi
-    rolling_nozomi_modules = {
-      nixos-modules = [
-        ./hosts/rolling_girls/nozomi
-      ];
-      # home-module = import ./home/linux/server-riscv64.nix;
-    };
-    rolling_nozomi_tags = ["riscv" "nozomi"];
-
-    # 小坂 結季奈, Kosaka Yukina
-    rolling_yukina_modules = {
-      nixos-modules = [
-        ./hosts/rolling_girls/yukina
-      ];
-      # home-module = import ./home/linux/server-riscv64.nix;
-    };
-    rolling_yukina_tags = ["riscv" "yukina"];
-
-    # 大木 鈴, Ōki Suzu
-    _12kingdoms_suzu_modules = {
-      nixos-modules = [
-        ./hosts/12kingdoms/suzu
-      ];
-      # home-module = import ./home/linux/server.nix;
-    };
-    _12kingdoms_suzu_tags = ["aarch" "suzu"];
-
-    x64_specialArgs =
-      {
-        inherit username userfullname useremail;
-        # use unstable branch for some packages to get the latest updates
-        pkgs-unstable = import nixpkgs-unstable {
-          system = x64_system; # refer the `system` parameter form outer scope recursively
-          # To use chrome, we need to allow the installation of non-free software
-          config.allowUnfree = true;
-        };
-      }
-      // inputs;
-  in {
-    nixosConfigurations = let
-      base_args = {
-        inherit home-manager nixos-generators;
-        nixpkgs = nixpkgs; # or nixpkgs-unstable
-        system = x64_system;
-        specialArgs = x64_specialArgs;
-      };
-    in {
-      # ai with i3 window manager
-      ai_i3 = nixosSystem (idol_ai_modules_i3 // base_args);
-      # ai with hyprland compositor
-      ai_hyprland = nixosSystem (idol_ai_modules_hyprland // base_args);
-
-      # three virtual machines without desktop environment.
-      aquamarine = nixosSystem (idol_aquamarine_modules // base_args);
-      ruby = nixosSystem (idol_ruby_modules // base_args);
-      kana = nixosSystem (idol_kana_modules // base_args);
-    };
-
-    # colmena - remote deployment via SSH
-    colmena = let
-      # x86_64 related
-      x64_base_args = {
-        inherit home-manager;
-        nixpkgs = nixpkgs; # or nixpkgs-unstable
-        specialArgs = x64_specialArgs;
-      };
-
-      # riscv64 related
-      # using the same nixpkgs as nixos-licheepi4a to utilize the cross-compilation cache.
-      lpi4a_pkgs = import nixos-licheepi4a.inputs.nixpkgs {system = x64_system;};
-      lpi4a_specialArgs =
-        {
-          inherit username userfullname useremail;
-          pkgsKernel = nixos-licheepi4a.packages.${x64_system}.pkgsKernelCross;
-        }
-        // inputs;
-      lpi4a_base_args = {
-        inherit home-manager;
-        nixpkgs = nixos-licheepi4a.inputs.nixpkgs; # or nixpkgs-unstable
-        specialArgs = lpi4a_specialArgs;
-        targetUser = "root";
-      };
-
-      # aarch64 related
-      # using the same nixpkgs as nixos-rk3588 to utilize the cross-compilation cache.
-      rk3588_pkgs = import nixos-rk3588.inputs.nixpkgs {system = x64_system;};
-      rk3588_specialArgs =
-        {
-          inherit username userfullname useremail;
-        }
-        // nixos-rk3588.inputs;
-      rk3588_base_args = {
-        inherit home-manager;
-        nixpkgs = nixos-rk3588.inputs.nixpkgs; # or nixpkgs-unstable
-        specialArgs = rk3588_specialArgs;
-        targetUser = "root";
-      };
-    in {
-      meta = {
-        nixpkgs = import nixpkgs {system = x64_system;};
-        specialArgs = x64_specialArgs;
-
-        nodeSpecialArgs = {
-          # riscv64 SBCs
-          nozomi = lpi4a_specialArgs;
-          yukina = lpi4a_specialArgs;
-
-          # aarch64 SBCs
-          suzu = rk3588_specialArgs;
-        };
-        nodeNixpkgs = {
-          nozomi = lpi4a_pkgs;
-          yukina = lpi4a_pkgs;
-
-          # aarch64 SBCs
-          suzu = rk3588_pkgs;
-        };
-      };
-
-      # proxmox virtual machines(x86_64)
-      aquamarine = colmenaSystem (idol_aquamarine_modules // x64_base_args // {host_tags = idol_aquamarine_tags;});
-      ruby = colmenaSystem (idol_ruby_modules // x64_base_args // {host_tags = idol_ruby_tags;});
-      kana = colmenaSystem (idol_kana_modules // x64_base_args // {host_tags = idol_kana_tags;});
-
-      # riscv64 SBCs
-      nozomi = colmenaSystem (rolling_nozomi_modules // lpi4a_base_args // {host_tags = rolling_nozomi_tags;});
-      yukina = colmenaSystem (rolling_yukina_modules // lpi4a_base_args // {host_tags = rolling_yukina_tags;});
-
-      # aarch64 SBCs
-      suzu = colmenaSystem (_12kingdoms_suzu_modules // rk3588_base_args // {host_tags = _12kingdoms_suzu_tags;});
-    };
-
-    # take system images for idols
-    # https://github.com/nix-community/nixos-generators
-    packages."${x64_system}" =
-      # genAttrs returns an attribute set with the given keys and values(host => image).
-      nixpkgs.lib.genAttrs [
-        "ai_i3"
-        "ai_hyprland"
-      ] (
-        # generate iso image for hosts with desktop environment
-        host:
-          self.nixosConfigurations.${host}.config.formats.iso
-      )
-      // nixpkgs.lib.genAttrs [
-        "aquamarine"
-        "ruby"
-        "kana"
-      ] (
-        # generate proxmox image for virtual machines without desktop environment
-        host:
-          self.nixosConfigurations.${host}.config.formats.proxmox
-      );
-
-    # macOS's configuration, for work.
-    darwinConfigurations = let
-      system = x64_darwin;
-      specialArgs =
-        {
-          inherit username userfullname useremail;
-          # use unstable branch for some packages to get the latest updates
-          pkgs-unstable = import nixpkgs-unstable {
-            inherit system; # refer the `system` parameter form outer scope recursively
-            # To use chrome, we need to allow the installation of non-free software
-            config.allowUnfree = true;
-          };
-        }
-        // inputs;
-      base_args = {
-        inherit nix-darwin home-manager system specialArgs nixpkgs;
-      };
-    in {
-      harmonica = macosSystem (base_args
+    allSystemConfigurations = import ./systems {inherit self inputs constants;};
+  in
+    allSystemConfigurations
    // {
-          darwin-modules = [
-            ./hosts/harmonica
-          ];
-          home-module = import ./home/darwin;
-        });
-    };
-
      # format the nix code in this flake
      # alejandra is a nix formatter with a beautiful output
-    formatter = nixpkgs.lib.genAttrs allSystems (
-      system:
-        nixpkgs.legacyPackages.${system}.alejandra
+      formatter = forEachSystem (
+        system: nixpkgs.legacyPackages.${system}.alejandra
      );
+
+      # pre-commit hooks for nix code
+      checks = forEachSystem (
+        system: {
+          pre-commit-check = pre-commit-hooks.lib.${system}.run {
+            src = ./.;
+            hooks = {
+              alejandra.enable = true; # formatter
+              # deadnix.enable = true; # detect unused variable bindings in `*.nix`
+              statix.enable = true; # lints and suggestions for Nix code(auto suggestions)
+              prettier = {
+                enable = true;
+                excludes = [".js" ".md" ".ts"];
+              };
+            };
+          };
+        }
+      );
+      devShells = forEachSystem (
+        system: {
+          default = nixpkgs.legacyPackages.${system}.mkShell {
+            packages = [
+              # fix https://discourse.nixos.org/t/non-interactive-bash-errors-from-flake-nix-mkshell/33310
+              nixpkgs.legacyPackages.${system}.bashInteractive
+            ];
+            name = "dots";
+            shellHook = ''
+              ${self.checks.${system}.pre-commit-check.shellHook}
+            '';
+          };
+        }
+      );
+    };
+
+  # the nixConfig here only affects the flake itself, not the system configuration!
+  # for more information, see:
+  #     https://nixos-and-flakes.thiscute.world/nixos-with-flakes/add-custom-cache-servers
+  nixConfig = {
+    # substituers will be appended to the default substituters when fetching packages
+    extra-substituters = [
+      "https://anyrun.cachix.org"
+      "https://hyprland.cachix.org"
+      # "https://nixpkgs-wayland.cachix.org"
+    ];
+    extra-trusted-public-keys = [
+      "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+      # "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
+    ];
  };

  # This is the standard format for flake.nix. `inputs` are the dependencies of the flake,
@@ -281,6 +95,12 @@
    # nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";

+    # add git hooks to format nix code before commit
+    pre-commit-hooks = {
+      url = "github:cachix/pre-commit-hooks.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    # for macos
    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-23.11-darwin";
    nix-darwin = {
@@ -306,10 +126,13 @@

    impermanence.url = "github:nix-community/impermanence";

-    # modern window compositor
-    hyprland.url = "github:hyprwm/Hyprland/v0.32.3";
+    hyprland = {
+      url = "github:hyprwm/Hyprland/v0.33.1";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    # community wayland nixpkgs
-    nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
+    # nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
    # anyrun - a wayland launcher
    anyrun = {
      url = "github:Kirottu/anyrun";
@@ -321,15 +144,20 @@
      url = "github:nix-community/nixos-generators";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-
-    # secrets management, lock with git commit at 2023/7/15
-    agenix.url = "github:ryantm/agenix/0d8c5325fc81daf00532e3e26c6752f7bcde1143";
+    # secrets management
+    agenix = {
+      # lock with git commit at 0.14.0
+      url = "github:ryantm/agenix/54693c91d923fecb4cf04c4535e3d84f8dec7919";
+      # replaced with a type-safe reimplementation to get a better error message and less bugs.
+      # url = "github:ryan4yin/ragenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };

    ########################  Some non-flake repositories  #########################################

    # AstroNvim is an aesthetic and feature-rich neovim config.
    astronvim = {
-      url = "github:AstroNvim/AstroNvim/v3.37.12";
+      url = "github:AstroNvim/AstroNvim/v3.40.3";
      flake = false;
    };

@@ -365,77 +193,5 @@

    # aarch64 SBCs
    nixos-rk3588.url = "github:ryan4yin/nixos-rk3588";
-
-    ########################  Color Schemes  #########################################
-
-    # color scheme - catppuccin
-    catppuccin-btop = {
-      url = "github:catppuccin/btop";
-      flake = false;
-    };
-    catppuccin-fcitx5 = {
-      url = "github:catppuccin/fcitx5";
-      flake = false;
-    };
-    catppuccin-bat = {
-      url = "github:catppuccin/bat";
-      flake = false;
-    };
-    catppuccin-alacritty = {
-      url = "github:catppuccin/alacritty";
-      flake = false;
-    };
-    catppuccin-helix = {
-      url = "github:catppuccin/helix";
-      flake = false;
-    };
-    catppuccin-starship = {
-      url = "github:catppuccin/starship";
-      flake = false;
-    };
-    catppuccin-hyprland = {
-      url = "github:catppuccin/hyprland";
-      flake = false;
-    };
-    catppuccin-cava = {
-      url = "github:catppuccin/cava";
-      flake = false;
-    };
-    cattppuccin-k9s = {
-      url = "github:catppuccin/k9s";
-      flake = false;
-    };
-  };
-
-  # the nixConfig here only affects the flake itself, not the system configuration!
-  nixConfig = {
-    substituters = [
-      # cache mirror located in China
-      # status: https://mirror.sjtu.edu.cn/
-      "https://mirror.sjtu.edu.cn/nix-channels/store"
-      # status: https://mirrors.ustc.edu.cn/status/
-      # "https://mirrors.ustc.edu.cn/nix-channels/store"
-
-      # my own cache server
-      "https://ryan4yin.cachix.org"
-      "https://anyrun.cachix.org"
-      "https://hyprland.cachix.org"
-      
-      "https://cache.nixos.org"
-    ];
-
-    # nix community's cache server
-    extra-substituters = [
-      "https://nix-community.cachix.org"
-      "https://nixpkgs-wayland.cachix.org"
-    ];
-    extra-trusted-public-keys = [
-      "ryan4yin.cachix.org-1:Gbk27ZU5AYpGS9i3ssoLlwdvMIh0NxG0w8it/cv9kbU="
-      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-      "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
-      "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
-      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
-    ];
  };
 }
@@ -1,8 +1,6 @@
-{
-  pkgs,
-  ...
-}: {
-  home.packages = with pkgs; [
+{pkgs, ...}: {
+  home.packages = with pkgs;
+    [
      # general tools
      pulumi
      pulumictl
@@ -10,14 +8,21 @@

      # aws
      awscli2
+      ssm-session-manager-plugin # Amazon SSM Session Manager Plugin
      aws-iam-authenticator
      eksctl
      istioctl

      # aliyun
      aliyun-cli
-   ];
-
-  programs = {
-  };
+    ]
+    ++ (
+      if pkgs.stdenv.isLinux
+      then [
+        # cloud tools that nix do not have cache for.
+        terraform
+        terraformer # generate terraform configs from existing cloud resources
+      ]
+      else []
+    );
 }
@@ -1,7 +1,6 @@
 {
  pkgs,
-  pkgs-unstable,
-  cattppuccin-k9s,
+  nur-ryan4yin,
  ...
 }: {
  home.packages = with pkgs; [
@@ -12,10 +11,10 @@
  programs = {
    k9s = {
      enable = true;
-      skin =
-        let
-          skin_file = "${cattppuccin-k9s}/dist/mocha.yml";  # theme - cattppuccin mocha
-          skin_attr = builtins.fromJSON (builtins.readFile
+      skin = let
+        skin_file = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-k9s}/dist/mocha.yml"; # theme - catppuccin mocha
+        skin_attr = builtins.fromJSON (
+          builtins.readFile
          # replace 'base: &base "#1e1e2e"' with 'base: &base "default"'
          # to make fg/bg color transparent. "default" means transparent in k9s skin.
          (pkgs.runCommandNoCC "get-skin-json" {} ''
@@ -11,5 +11,6 @@
    ./helix.nix
    ./media.nix
    ./shell.nix
+    ./yazi.nix
  ];
 }
@@ -8,30 +8,29 @@
  #  Basic settings for development environment
  #
  #  Please avoid to install language specific packages here(globally),
-  #  instead, install them independently using dev-templates:
-  #     https://github.com/the-nix-way/dev-templates
+  #  instead, install them:
+  #     1. per IDE, such as `programs.neovim.extraPackages`
+  #     2. per-project, using https://github.com/the-nix-way/dev-templates
  #
  #############################################################

-  home.packages = with pkgs; [
-    pkgs-unstable.devbox
-
-    # DO NOT install build tools for C/C++ and others, set it per project by devShell instead
-    gnumake # used by this repo, to simplify the deployment
-    jdk17   # used to run some java based tools(.jar)
-
-    # scheme related
-    guile
-
-    # python
-    (python311.withPackages (ps:
+  home.packages = with pkgs;
+    [
+      (python3.withPackages (
+        ps:
          with ps; [
            ipython
            pandas
            requests
            pyquery
            pyyaml
-      ]))
+          ]
+      ))
+
+      cargo # rust package manager
+      go
+      jdk17
+      guile # scheme language

      # db related
      dbeaver
@@ -43,11 +42,37 @@
      # embedded development
      minicom

-    # other tools
+      # ai related
+      python311Packages.huggingface-hub # huggingface-cli
+
+      # misc
+      pkgs-unstable.devbox
+      glow # markdown previewer
+      fzf
+      gdu # disk usage analyzer, required by AstroNvim
+      ripgrep # fast search tool, required by AstroNvim's '<leader>fw'(<leader> is space key)
      bfg-repo-cleaner # remove large files from git history
      k6 # load testing tool
      protobuf # protocol buffer compiler
-  ];
+    ]
+    ++ (
+      if pkgs.stdenv.isLinux
+      then [
+        # Automatically trims your branches whose tracking remote refs are merged or gone
+        # It's really useful when you work on a project for a long time.
+        git-trim
+
+        # need to run `conda-install` before using it
+        # need to run `conda-shell` before using command `conda`
+        # conda is not available for MacOS
+        conda
+
+        mitmproxy # http/https proxy tool
+        insomnia # REST client
+        wireshark # network analyzer
+      ]
+      else []
+    );

  programs = {
    direnv = {
@@ -1,8 +1,10 @@
-{ pkgs, catppuccin-helix, ... }:
-
 {
+  pkgs,
+  nur-ryan4yin,
+  ...
+}: {
  # https://github.com/catppuccin/helix
-  xdg.configFile."helix/themes".source = "${catppuccin-helix}/themes/default";
+  xdg.configFile."helix/themes".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-helix}/themes/default";

  programs.helix = {
    enable = true;
@@ -22,9 +24,11 @@
        indent-guides.render = true;
      };
      keys.normal = {
-        space.space = "file_picker";
-        space.w = ":w";
-        space.q = ":q";
+        space = {
+          space = "file_picker";
+          w = ":w";
+          q = ":q";
+        };
        esc = ["collapse_selection" "keep_primary_selection"];
      };
    };
@@ -7,7 +7,7 @@ return {
      signcolumn = "auto", -- Show sign column when used only
      spell = false,      -- Spell checking
      swapfile = false,   -- Swapfile
-      smartindent = false; -- fix https://github.com/ryan4yin/nix-config/issues/4
+      smartindent = false, -- fix https://github.com/ryan4yin/nix-config/issues/4
    },
  },

@@ -24,7 +24,6 @@ return {
    { import = "astrocommunity.motion.leap-nvim" },
    { import = "astrocommunity.motion.flit-nvim" },
    { import = "astrocommunity.scrolling.nvim-scrollbar" },
-    { import = "astrocommunity.editing-support.auto-save-nvim" },
    { import = "astrocommunity.editing-support.todo-comments-nvim" },
    -- Language Support
    ---- Frontend & NodeJS
@@ -67,22 +66,31 @@ return {
      "zbirenbaum/copilot.lua",
      opts = function(_, opts)
        opts.filetypes = {
-          yaml = true;
+          yaml = true,
          markdown = true,
        }
      end,
    },

+    {
+      "0x00-ketsu/autosave.nvim",
+      -- lazy-loading on events
+      event = { "InsertLeave", "TextChanged" },
+      opts = function(_, opts)
+        opts.prompt_style = "notify" -- or stdout
+      end,
+    },
+
    -- markdown preview
    {
-      '0x00-ketsu/markdown-preview.nvim',
-      ft = {'md', 'markdown', 'mkd', 'mkdn', 'mdwn', 'mdown', 'mdtxt', 'mdtext', 'rmd', 'wiki'},
+      "0x00-ketsu/markdown-preview.nvim",
+      ft = { "md", "markdown", "mkd", "mkdn", "mdwn", "mdown", "mdtxt", "mdtext", "rmd", "wiki" },
      config = function()
-        require('markdown-preview').setup {
+        require("markdown-preview").setup({
          -- your configuration comes here
          -- or leave it empty to use the default settings
          -- refer to the setup section below
-        }
+        })
      end,
    },

@@ -90,7 +98,7 @@ return {
    {
      "gbprod/yanky.nvim",
      opts = function()
-        local mapping = require "yanky.telescope.mapping"
+        local mapping = require("yanky.telescope.mapping")
        local mappings = mapping.get_defaults()
        mappings.i["<c-p>"] = nil
        return {
@@ -104,11 +112,36 @@ return {
        }
      end,
      keys = {
-        { "y", "<Plug>(YankyYank)", mode = { "n", "x" }, desc = "Yank text" },
-        { "p", "<Plug>(YankyPutAfter)", mode = { "n", "x" }, desc = "Put yanked text after cursor" },
-        { "P", "<Plug>(YankyPutBefore)", mode = { "n", "x" }, desc = "Put yanked text before cursor" },
-        { "gp", "<Plug>(YankyGPutAfter)", mode = { "n", "x" }, desc = "Put yanked text after selection" },
-        { "gP", "<Plug>(YankyGPutBefore)", mode = { "n", "x" }, desc = "Put yanked text before selection" },
+        {
+          "y",
+          "<Plug>(YankyYank)",
+          mode = { "n", "x" },
+          desc = "Yank text",
+        },
+        {
+          "p",
+          "<Plug>(YankyPutAfter)",
+          mode = { "n", "x" },
+          desc = "Put yanked text after cursor",
+        },
+        {
+          "P",
+          "<Plug>(YankyPutBefore)",
+          mode = { "n", "x" },
+          desc = "Put yanked text before cursor",
+        },
+        {
+          "gp",
+          "<Plug>(YankyGPutAfter)",
+          mode = { "n", "x" },
+          desc = "Put yanked text after selection",
+        },
+        {
+          "gP",
+          "<Plug>(YankyGPutBefore)",
+          mode = { "n", "x" },
+          desc = "Put yanked text before selection",
+        },
        { "[y", "<Plug>(YankyCycleForward)",              desc = "Cycle forward through yank history" },
        { "]y", "<Plug>(YankyCycleBackward)",             desc = "Cycle backward through yank history" },
        { "]p", "<Plug>(YankyPutIndentAfterLinewise)",    desc = "Put indented after cursor (linewise)" },
@@ -140,11 +173,12 @@ return {

    -- joining blocks of code into oneline, or splitting one line into multiple lines.
    {
-      'Wansmer/treesj',
-      keys = { '<space>m', '<space>j', '<space>s' },
-      dependencies = { 'nvim-treesitter/nvim-treesitter' },
+      "Wansmer/treesj",
+      keys = { "<space>m", "<space>j", "<space>s" },
+      dependencies = { "nvim-treesitter/nvim-treesitter" },
      config = function()
-        require('treesj').setup({--[[ your config ]]})
+        require("treesj").setup({ --[[ your config ]]
+        })
      end,
    },

@@ -159,22 +193,22 @@ return {
            hide_gitignored = false,
          },
        },
-      }
+      },
    },
    -- The plugin offers the alibity to refactor code.
    {
      "ThePrimeagen/refactoring.nvim",
      dependencies = {
        { "nvim-lua/plenary.nvim" },
-        {"nvim-treesitter/nvim-treesitter"}
-      }
+        { "nvim-treesitter/nvim-treesitter" },
+      },
    },
    -- The plugin offers the abilibty to search and replace.
    {
      "nvim-pack/nvim-spectre",
      dependencies = {
        { "nvim-lua/plenary.nvim" },
-      }
+      },
    },

    -- full signature help, docs and completion for the nvim lua API.
@@ -186,7 +220,7 @@ return {
    {
      "nvim-treesitter/nvim-treesitter",
      opts = function(_, opts)
-        local utils = require "astronvim.utils";
+        local utils = require("astronvim.utils")
        opts.incremental_selection = {
          enable = true,
          keymaps = {
@@ -213,14 +247,14 @@ return {

    -- implementation/definition preview
    {
-      'rmagatti/goto-preview',
+      "rmagatti/goto-preview",
      config = function()
-        require('goto-preview').setup {}
-      end
+        require("goto-preview").setup({})
+      end,
    },

    -- Undo tree
-    { "debugloop/telescope-undo.nvim", },
+    { "debugloop/telescope-undo.nvim" },

    -- Install lsp, formmatter and others via home manager instead of Mason.nvim
    -- LSP installations
@@ -245,7 +279,7 @@ return {
    {
      "jose-elias-alvarez/null-ls.nvim",
      opts = function(_, opts)
-        local null_ls = require "null-ls"
+        local null_ls = require("null-ls")
        local code_actions = null_ls.builtins.code_actions
        local diagnostics = null_ls.builtins.diagnostics
        local formatting = null_ls.builtins.formatting
@@ -302,8 +336,9 @@ return {
    },

    {
-      'nvim-telescope/telescope.nvim', branch = '0.1.x',
-      dependencies = { 'nvim-lua/plenary.nvim' },
+      "nvim-telescope/telescope.nvim",
+      branch = "0.1.x",
+      dependencies = { "nvim-lua/plenary.nvim" },
      init = function()
        -- 1. Disable highlighting for certain filetypes
        -- 2. Ignore files larger than a certain filesize
@@ -322,7 +357,9 @@ return {

        local new_maker = function(filepath, bufnr, opts)
          opts = opts or {}
-          if opts.use_ft_detect == nil then opts.use_ft_detect = true end
+          if opts.use_ft_detect == nil then
+            opts.use_ft_detect = true
+          end

          -- 1. Check if the file is in the bad_files array, and if so, don't highlight it
          opts.use_ft_detect = opts.use_ft_detect == false and false or bad_files(filepath)
@@ -330,7 +367,9 @@ return {
          -- 2. Check the file size, and ignore it if it's too big(preview nothing).
          filepath = vim.fn.expand(filepath)
          vim.loop.fs_stat(filepath, function(_, stat)
-            if not stat then return end
+            if not stat then
+              return
+            end
            if stat.size > filesize_threshold then
              return
            else
@@ -339,13 +378,13 @@ return {
          end)
        end

-        require("telescope").setup {
+        require("telescope").setup({
          defaults = {
            buffer_previewer_maker = new_maker,
-          }
-        }
+          },
+        })
      end,
-    }
+    },
  },

  -- Configure require("lazy").setup() options
@@ -354,7 +393,7 @@ return {
    performance = {
      rtp = {
        -- customize default disabled vim plugins
-        disabled_plugins = { };
+        disabled_plugins = {},
      },
    },
  },
@@ -17,7 +17,12 @@ return {
    ["<leader>bn"] = { "<cmd>tabnew<cr>", desc = "New tab" },
    -- quick save
    ["<C-s>"] = { ":w!<cr>", desc = "Save File" },  -- change description but the same command
-    ["<leader>tp"] = { function() utils.toggle_term_cmd("ipython") end, desc = "ToggleTerm python" },
+
+    -- Terminal
+    -- NOTE: https://neovim.io/doc/user/builtin.html#jobstart()
+    --   1. If {cmd} is a List it runs directly (no 'shell')
+    --   2. If {cmd} is a String it runs in the 'shell'
+    ["<leader>tp"] = { function() utils.toggle_term_cmd({ cmd = "ipython" }) end, desc = "ToggleTerm python" },

    -- search and replace globally
    ['<leader>ss'] = {'<cmd>lua require("spectre").toggle()<CR>', desc = "Toggle Spectre" },
@@ -27,23 +27,18 @@
  programs = {
    neovim = {
      enable = true;
+
      defaultEditor = true;
-
-      viAlias = false;
+      viAlias = true;
      vimAlias = true;

-      withPython3 = true;
-      withNodeJs = true;
-      extraPackages = with pkgs; [];
-
      # currently we use lazy.nvim as neovim's package manager, so comment this one.
      # plugins = with pkgs.vimPlugins; [
      #   # search all the plugins using https://search.nixos.org/packages
      # ];
-    };
-  };
-  home = {
-    packages = with pkgs;
+
+      # Extra packages only available to nvim(won't pollute the global home environment)
+      extraPackages = with pkgs;
        [
          #-- c/c++
          cmake
@@ -52,13 +47,24 @@
          checkmake
          gcc # c/c++ compiler, required by nvim-treesitter!
          llvmPackages.clang-unwrapped # c/c++ tools with clang-tools such as clangd
-        gdb
-        # lldb  # TODO - fix python3.11's package conflict - six.py
+          lldb

          #-- python
          nodePackages.pyright # python language server
-        python311Packages.black # python formatter
-        python311Packages.ruff-lsp
+          python3Packages.black # python formatter
+          python3Packages.ruff-lsp
+          (python3.withPackages (
+            ps:
+              with ps; [
+                pynvim # Python client and plugin host for Nvim
+
+                ipython
+                pandas
+                requests
+                pyquery
+                pyyaml
+              ]
+          ))

          #-- rust
          rust-analyzer
@@ -85,6 +91,12 @@
          gopls # go language server
          delve # go debugger

+          # -- java
+          jdk17
+          gradle
+          maven
+          spring-boot-cli
+
          #-- lua
          stylua
          lua-language-server
@@ -95,6 +107,7 @@
          shfmt

          #-- javascript/typescript --#
+          nodePackages.nodejs
          nodePackages.typescript
          nodePackages.typescript-language-server
          # HTML/CSS/JSON/ESLint language servers extracted from vscode
@@ -116,6 +129,7 @@
          actionlint # GitHub Actions linter
          buf # protoc plugin for linting and formatting
          proselint # English prose linter
+          guile # scheme language

          #-- Misc
          tree-sitter # common language parser/highlighter
@@ -134,7 +148,9 @@
          else [
            #-- verilog / systemverilog
            verible
+            gdb
          ]
        );
    };
+  };
 }
@@ -5,3 +5,57 @@
 3. alacritty: Standby terminal.


+## 'xterm-kitty': unknown terminal type when `ssh` into a remote host or `sudo xxx`
+
+> https://sw.kovidgoyal.net/kitty/faq/#i-get-errors-about-the-terminal-being-unknown-or-opening-the-terminal-failing-or-functional-keys-like-arrow-keys-don-t-work
+
+> https://wezfurlong.org/wezterm/config/lua/config/term.html
+
+kitty set `TERM` to `xterm-kitty` by default, and TUI apps like `viu`, `yazi`, `curses` will try to search in the host's [terminfo(terminal capability data base)](https://linux.die.net/man/5/terminfo) for value of `TERM` to determine the capabilities of the terminal.
+
+But when you `ssh` into a remote host, the remote host is very likely to not have `xterm-kitty` in its terminfo, so you will get this error:
+
+```
+'xterm-kitty': unknown terminal type
+```
+
+Or when you `sudo xxx`, `sudo` won't preserve the `TERM` variable, it will be reset to root's default `TERM` value, which is `xterm` or `xterm-256color` in most linux distributions, so you will get this error:
+
+```
+'xterm-256color': unknown terminal type
+```
+
+or 
+
+```
+Error opening terminal: xterm-kitty.
+```
+
+NixOS preserve the `TERMINFO` and `TERMINFO_DIRS` environment variables, for `root` and the `wheel` group: [nixpkgs/nixos/modules/config/terminfo.nix](https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/config/terminfo.nix#L18)
+
+For nix-darwin, take a look at <https://github.com/LnL7/nix-darwin/wiki/Terminfo-issues>
+
+### Solutions
+
+Simplest solution, it will automatically copy over the terminfo files and also magically enable shell integration on the remote machine: 
+
+```
+kitten ssh user@host
+```
+
+Or if you do not care about kitty's features(such as true color & graphics protocol), you can simply set `TERM` to `xterm-256color`, which is built-in in most linux distributions:
+
+```
+export TERM=xterm-256color
+```
+
+If you need kitty's features, but do not like the magic of `kitten`, you can manually install kitty's terminfo on the remote host:
+
+```bash
+# install on ubuntu / debian
+sudo apt-get install kitty-terminfo
+
+# or copy from local machine
+infocmp -a xterm-kitty | ssh myserver tic -x -o \~/.terminfo /dev/stdin
+```
+
@@ -1,4 +1,8 @@
-{pkgs, catppuccin-alacritty, ...}:
+{
+  pkgs,
+  nur-ryan4yin,
+  ...
+}:
 ###########################################################
 #
 # Alacritty Configuration
@@ -20,7 +24,7 @@
 #
 ###########################################################
 {
-  xdg.configFile."alacritty/theme_catppuccin.yml".source = "${catppuccin-alacritty}/catppuccin-mocha.yml";
+  xdg.configFile."alacritty/theme_catppuccin.yml".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-alacritty}/catppuccin-mocha.yml";
  programs.alacritty = {
    enable = true;
  };
@@ -83,14 +87,22 @@
          # If the bold italic family is not specified, it will fall back to the
          # value specified for the normal font.
          family: JetBrainsMono Nerd Font
+      shell:
+        #  To resolve issues:
+        #    1. https://github.com/ryan4yin/nix-config/issues/26
+        #    2. https://github.com/ryan4yin/nix-config/issues/8
+        #  Spawn a nushell in login mode via `bash`
+        program: ${pkgs.bash}/bin/bash
+        args:
+          - --login
+          - -c
+          - 'nu --login --interactive'
    ''
    + (
      if pkgs.stdenv.isDarwin
      then ''
        # Point size
        size: 14
-        shell:  # force nushell as default shell on macOS
-          program:  /run/current-system/sw/bin/nu
      ''
      else ''
        # holder identation
@@ -47,22 +47,18 @@
      "ctrl+shift+m" = "toggle_maximized";
    };

-    settings =
-      {
+    settings = {
      background_opacity = "0.93";
      macos_option_as_alt = true; # Option key acts as Alt on macOS
      scrollback_lines = 10000;
      enable_audio_bell = false;
      tab_bar_edge = "top"; # tab bar on top
-      }
-      // (
-        if pkgs.stdenv.isDarwin
-        then {
-          # macOS specific settings, force kitty to use nushell as default shell
-          shell = "/run/current-system/sw/bin/nu";
-        }
-        else {}
-      );
+      #  To resolve issues:
+      #    1. https://github.com/ryan4yin/nix-config/issues/26
+      #    2. https://github.com/ryan4yin/nix-config/issues/8
+      #  Spawn a nushell in login mode via `bash`
+      shell = "${pkgs.bash}/bin/bash --login -c 'nu --login --interactive'";
+    };

    # macOS specific settings
    darwinLaunchOptions = ["--start-as=maximized"];
@@ -10,17 +10,22 @@
  # wezterm has catppuccin theme built-in,
  # it's not necessary to install it separately.

+  # we can add wezterm as a flake input once this PR is merged:
+  #    https://github.com/wez/wezterm/pull/3547
+
  programs.wezterm =
    {
      enable = true;

+      # TODO: Fix: https://github.com/wez/wezterm/issues/4483
+      # package = pkgs.wezterm.override { };
+
      extraConfig = let
        fontsize =
          if pkgs.stdenv.isDarwin
          then "14.0"
          else "13.0";
-      in
-        ''
+      in ''
        -- Pull in the wezterm API
        local wezterm = require 'wezterm'

@@ -75,18 +80,14 @@
            action = wezterm.action.EmitEvent 'toggle-maximize',
          },
        }
-
        config.font_size = ${fontsize}
-        ''
-        + (
-          if pkgs.stdenv.isDarwin
-          then ''
-            -- Spawn a fish shell in login mod
-            config.default_prog = { '/run/current-system/sw/bin/nu', '-l' }
-          ''
-          else ""
-        )
-        + ''
+
+        -- To resolve issues:
+        --   1. https://github.com/ryan4yin/nix-config/issues/26
+        --   2. https://github.com/ryan4yin/nix-config/issues/8
+        -- Spawn a nushell in login mode via `bash`
+        config.default_prog = { '${pkgs.bash}/bin/bash', '--login', '-c', 'nu --login --interactive' }
+
        return config
      '';
    }
@@ -0,0 +1,10 @@
+{pkgs-unstable, ...}: {
+  # terminal file manager
+  programs.yazi = {
+    enable = true;
+    package = pkgs-unstable.yazi;
+    enableBashIntegration = true;
+    # TODO: nushellIntegration is broken on release-23.11, wait for master's fix to be released
+    enableNushellIntegration = false;
+  };
+}
@@ -1,16 +0,0 @@
-{...}: {
-  programs.bash = {
-    enable = true;
-    enableCompletion = true;
-    bashrcExtra = ''
-      export PATH="$PATH:$HOME/bin:$HOME/.local/bin:$HOME/go/bin"
-    '';
-
-    shellAliases = {
-      k = "kubectl";
-
-      urldecode = "python3 -c 'import sys, urllib.parse as ul; print(ul.unquote_plus(sys.stdin.read()))'";
-      urlencode = "python3 -c 'import sys, urllib.parse as ul; print(ul.quote_plus(sys.stdin.read()))'";
-    };
-  };
-}
@@ -1,4 +1,8 @@
-{ catppuccin-bat, ...}: {
+{
+  pkgs,
+  nur-ryan4yin,
+  ...
+}: {
  # a cat(1) clone with syntax highlighting and Git integration.
  programs.bat = {
    enable = true;
@@ -9,7 +13,7 @@
    themes = {
      # https://raw.githubusercontent.com/catppuccin/bat/main/Catppuccin-mocha.tmTheme
      catppuccin-mocha = {
-        src = catppuccin-bat;
+        src = nur-ryan4yin.packages.${pkgs.system}.catppuccin-bat;
        file = "Catppuccin-mocha.tmTheme";
      };
    };
@@ -1,8 +1,10 @@
-{ catppuccin-btop, ... }:
-
 {
+  pkgs,
+  nur-ryan4yin,
+  ...
+}: {
  # https://github.com/catppuccin/btop/blob/main/themes/catppuccin_mocha.theme
-  home.file.".config/btop/themes".source = "${catppuccin-btop}/themes";
+  xdg.configFile."btop/themes".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-btop}/themes";

  # replacement of htop/nmon
  programs.btop = {
@@ -19,7 +19,6 @@
    nmap # A utility for network discovery and security auditing
    ipcalc # it is a calculator for the IPv4/v6 addresses

-
    # Text Processing
    # Docs: https://github.com/learnbyexample/Command-line-text-processing
    gnugrep # GNU grep, provides `grep`/`egrep`/`fgrep`
@@ -58,18 +57,11 @@
  ];

  programs = {
-    # modern vim
-    neovim = {
-      enable = true;
-      defaultEditor = true;
-      vimAlias = true;
-    };
-
    # A modern replacement for ‘ls’
    # useful in bash/zsh prompt, not in nushell.
    eza = {
      enable = true;
-      enableAliases = true;
+      enableAliases = false; # do not enable aliases in nushell!
      git = true;
      icons = true;
    };
@@ -1,10 +1,9 @@
 {...}: {
  imports = [
-    ./nushell
+    ./shells
    ./tmux
    ./zellij

-    ./bash.nix
    ./bat.nix
    ./btop.nix
    ./core.nix
@@ -2,7 +2,6 @@
  config,
  lib,
  pkgs,
-
  userfullname,
  useremail,
  ...
@@ -12,7 +11,7 @@
  #
  #    https://git-scm.com/docs/git-config#Documentation/git-config.txt---global
  home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore ["checkLinkTargets"] ''
-    rm -f ~/.gitconfig
+    rm -f ${config.home.homeDirectory}/.gitconfig
  '';

  home.packages = with pkgs; [
@@ -1,29 +0,0 @@
-{ config, ...}: {
-  programs.nushell = {
-    enable = true;
-    configFile.source = ./config.nu;
-
-    extraConfig = ''
-      $env.PATH = ([
-        "${config.home.homeDirectory}/bin"
-        "${config.home.homeDirectory}/.local/bin"
-        "${config.home.homeDirectory}/go/bin"
-
-        ($env.PATH | split row (char esep))
-      ] | flatten)
-    '';
-
-    # home-manager will merge the cotent in `environmentVariables` with the `envFile.source`
-    # but basically, I set all environment variables via the shell-independent way, so I don't need to use those two options
-    #
-    # envFile.source = ./env.nu;
-    # environmentVariables = { FOO="bar"; };
-
-    shellAliases = {
-      k = "kubectl";
-
-      urldecode = "python3 -c 'import sys, urllib.parse as ul; print(ul.unquote_plus(sys.stdin.read()))'";
-      urlencode = "python3 -c 'import sys, urllib.parse as ul; print(ul.quote_plus(sys.stdin.read()))'";
-    };
-  };
-}
@@ -0,0 +1,25 @@
+let
+  shellAliases = {
+    k = "kubectl";
+
+    urldecode = "python3 -c 'import sys, urllib.parse as ul; print(ul.unquote_plus(sys.stdin.read()))'";
+    urlencode = "python3 -c 'import sys, urllib.parse as ul; print(ul.quote_plus(sys.stdin.read()))'";
+  };
+in {
+  # only works in bash/zsh, not nushell
+  home.shellAliases = shellAliases;
+
+  programs.nushell = {
+    enable = true;
+    configFile.source = ./config.nu;
+    shellAliases = shellAliases;
+  };
+
+  programs.bash = {
+    enable = true;
+    enableCompletion = true;
+    bashrcExtra = ''
+      export PATH="$HOME/.local/bin:$HOME/go/bin:$PATH"
+    '';
+  };
+}
@@ -1,4 +1,8 @@
-{ catppuccin-starship, ...}: {
+{
+  pkgs,
+  nur-ryan4yin,
+  ...
+}: {
  programs.starship = {
    enable = true;

@@ -6,7 +10,8 @@
    enableZshIntegration = true;
    enableNushellIntegration = true;

-    settings = {
+    settings =
+      {
        character = {
          success_symbol = "[›](bold green)";
          error_symbol = "[›](bold red)";
@@ -22,6 +27,7 @@
        };

        palette = "catppuccin_mocha";
-    } // builtins.fromTOML (builtins.readFile "${catppuccin-starship}/palettes/mocha.toml");
+      }
+      // builtins.fromTOML (builtins.readFile "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-starship}/palettes/mocha.toml");
  };
 }
@@ -1,13 +0,0 @@
-{pkgs, ...}: let
-  buildTmuxPlugin = pkgs.tmuxPlugins.mkTmuxPlugin;
-in {
-  draculaTheme = buildTmuxPlugin {
-    pluginName = "dracula";
-    version = "v2.2.0";
-    src = builtins.fetchTarball {
-      name = "dracula-tmux-v2.2.0";
-      url = "https://github.com/dracula/tmux/archive/refs/tags/v2.2.0.tar.gz";
-      sha256 = "sha256:0v2k994yy4xx2iw8qxg7qphw46gq2qmg496i3a3h9b6jgwxqm7zn";
-    };
-  };
-}
@@ -1,10 +1,4 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  plugins = pkgs.tmuxPlugins // pkgs.callPackage ./custom-plugins.nix {};
-in {
+{pkgs, ...}: {
  programs.tmux = {
    enable = true;
    shell = "${pkgs.nushell}/bin/nu";
@@ -17,26 +11,33 @@ in {
    # tmux-sensible overwrites default tmux shortcuts, makes them more sane.
    sensibleOnTop = true;

-    # extraConfig =  builtins.readFile ./tmux.conf;
+    # https://github.com/sxyazi/yazi/wiki/Image-preview-within-tmux
+    extraConfig = ''
+      set -g allow-passthrough on
+
+      set -ga update-environment TERM
+      set -ga update-environment TERM_PROGRAM
+    '';
    # keyMode = "vi";  # default is emacs

    baseIndex = 1; # start index from 1
    escapeTime = 0; # do not wait for escape key
-    terminal = "xterm-256color";

-    plugins = with plugins; [
-      draculaTheme # theme
+    plugins = with pkgs.tmuxPlugins; [
      {
-        # https://github.com/tmux-plugins/tmux-continuum
-        # Continuous saving of tmux environment. Automatic restore when tmux is started.
-        plugin = continuum;
+        # theme
+        # https://github.com/catppuccin/tmux
+        plugin = catppuccin;
        extraConfig = ''
-          set -g @continuum-save-interval '15'
-
-          # Option to display current status of tmux continuum in tmux status line.
-          set -g status-right 'Continuum status: #{continuum_status}'
+          set -g @catppuccin_flavour 'mocha' # or frappe, macchiato, mocha
+          set -g @catppuccin_window_status_enable "yes"
        '';
      }
+
+      # https://github.com/tmux-plugins/tmux-yank
+      # Enables copying to system clipboard.
+      yank
+
      {
        # https://github.com/tmux-plugins/tmux-resurrect
        # Manually persists tmux environment across system restarts.
@@ -47,11 +48,7 @@ in {
        # Restore Neovim sessions
        extraConfig = "set -g @resurrect-strategy-nvim 'session'";
      }
-      {
-        # https://github.com/tmux-plugins/tmux-yank
-        # Enables copying to system clipboard.
-        plugin = yank;
-      }
+
      # set -g @plugin 'tmux-plugins/tmux-cpu'
      {
        plugin = cpu;
@@ -1,7 +1,7 @@
-{...}: {
+_: {
  programs.zellij = {
    enable = true;
  };

-  home.file.".config/zellij/config.kdl".source = ./config.kdl;
+  xdg.configFile."zellij/config.kdl".source = ./config.kdl;
 }
@@ -3,16 +3,15 @@
    ../base/desktop

    ./proxychains
-
    ./core.nix
-    ./nushell.nix
    ./rime-squirrel.nix
+    ./shell.nix
  ];

  # Home Manager needs a bit of information about you and the
  # paths it should manage.
  home = {
-    username = username;
+    inherit username;
    # set homeDirectory make build fail
    homeDirectory = "/Users/${username}";

@@ -24,7 +23,7 @@
    # You can update Home Manager without changing this value. See
    # the Home Manager release notes for a list of state version
    # changes in each release.
-    stateVersion = "22.11";
+    stateVersion = "23.11";
  };

  # Let Home Manager install and manage itself.
@@ -1,18 +0,0 @@
-{config, ...}: {
-  # nix-darwin do not set PATH for nushell! so we need to do it manually
-  # this is a workaround to add nix's PATH to nushell
-  programs.nushell.extraConfig = ''
-    $env.PATH = ([
-      "${config.home.homeDirectory}/bin"
-      "${config.home.homeDirectory}/.local/bin"
-      "${config.home.homeDirectory}/go/bin"
-      "/usr/local/bin"
-      "${config.home.homeDirectory}/.nix-profile/bin"
-      "/etc/profiles/per-user/${config.home.username}/bin"
-      "/run/current-system/sw/bin"
-      "/nix/var/nix/profiles/default/bin"
-
-      ($env.PATH | split row (char esep))
-    ] | flatten)
-  '';
-}
@@ -1,17 +1,11 @@
-{
-  lib,
-  pkgs,
-  ...
-}: {
-  # remove existing rime data (squirrel)
-  home.activation.removeExistingRimeData = lib.hm.dag.entryBefore ["checkLinkTargets"] ''
-    rm -rf "~/Library/Rime/build/flypy.prism.bin"
-  '';
-
+{pkgs, ...}: {
  # Squirrel Input Method
  home.file."Library/Rime" = {
    # my custom squirrel data (flypy input method)
    source = "${pkgs.flypy-squirrel}/share/rime-data";
    recursive = true;
+    # overwrite possible existing data dynamically generated by squirrel
+    # https://github.com/nix-community/home-manager/blob/release-23.05/modules/lib/file-type.nix#L101-L111
+    force = true;
  };
 }
@@ -0,0 +1,13 @@
+_: {
+  # Homebrew's default install location:
+  #   /opt/homebrew for Apple Silicon
+  #   /usr/local for macOS Intel
+  # The prefix /opt/homebrew was chosen to allow installations
+  # in /opt/homebrew for Apple Silicon and /usr/local for Rosetta 2 to coexist and use bottles.
+  programs.bash.bashrcExtra = ''
+    export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH"
+  '';
+  programs.zsh.envExtra = ''
+    export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH"
+  '';
+}
@@ -1,4 +1,8 @@
-{config, nushell-scripts, ...}: let
+{
+  config,
+  nushell-scripts,
+  ...
+}: let
  d = config.xdg.dataHome;
  c = config.xdg.configHome;
  cache = config.xdg.cacheHome;
@@ -17,7 +21,6 @@ in rec {

    # set default applications
    BROWSER = "firefox";
-    TERM = "xterm-256color";

    # enable scrolling in git diff
    DELTA_PAGER = "less -R";
@@ -1,14 +1,6 @@
 {pkgs, ...}: {
  # Linux Only Packages, not available on Darwin
  home.packages = with pkgs; [
-    # Automatically trims your branches whose tracking remote refs are merged or gone
-    # It's really useful when you work on a project for a long time.
-    git-trim
-
-    # cloud tools that nix do not have cache for.
-    terraform
-    terraformer # generate terraform configs from existing cloud resources
-
    nmon
    iotop
    iftop
@@ -17,11 +9,6 @@
    libnotify
    wireguard-tools # manage wireguard vpn manually, via wg-quick

-    # need to run `conda-install` before using it
-    # need to run `conda-shell` before using command `conda`
-    # conda is not available for MacOS
-    conda
-
    # system call monitoring
    strace # system call monitoring
    ltrace # library call monitoring
@@ -12,7 +12,7 @@
  # Home Manager needs a bit of information about you and the
  # paths it should manage.
  home = {
-    username = username;
+    inherit username;
    homeDirectory = "/home/${username}";

    # This value determines the Home Manager release that your
@@ -23,7 +23,7 @@
    # You can update Home Manager without changing this value. See
    # the Home Manager release notes for a list of state version
    # changes in each release.
-    stateVersion = "22.11";
+    stateVersion = "23.11";
  };

  # Let Home Manager install and manage itself.
@@ -12,7 +12,7 @@
  # Home Manager needs a bit of information about you and the
  # paths it should manage.
  home = {
-    username = username;
+    inherit username;
    homeDirectory = "/home/${username}";

    # This value determines the Home Manager release that your
@@ -23,7 +23,7 @@
    # You can update Home Manager without changing this value. See
    # the Home Manager release notes for a list of state version
    # changes in each release.
-    stateVersion = "22.11";
+    stateVersion = "23.11";
  };

  # Let Home Manager install and manage itself.
@@ -6,7 +6,7 @@
 }: {
  home.packages = with pkgs; [
    # creative
-    # blender   # 3d modeling
+    blender # 3d modeling
    # gimp      # image editing, I prefer using figma in browser instead of this one
    inkscape # vector graphics
    krita # digital painting
@@ -7,13 +7,11 @@
    ./ssh.nix
    ./wallpaper.nix
    ./xdg.nix
+    ./eye-protection.nix
  ];

  home.packages = with pkgs; [
    # GUI apps
-    insomnia # REST client
-    wireshark # network analyzer
-
    # e-book viewer(.epub/.mobi/...)
    # do not support .pdf
    foliate
@@ -29,7 +27,7 @@

    # misc
    flameshot
-    mitmproxy # http/https proxy tool
+    ventoy # multi-boot usb creator
  ];

  # GitHub CLI tool
@@ -0,0 +1,45 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  # Adjust the color temperature(& brightness) of your screen according to
+  # your surroundings. This may help your eyes hurt less if you are
+  # working in front of the screen at night.
+  #
+  # works fine with both x11 & wayland(hyprland)
+  #
+  # https://gitlab.com/chinstrap/gammastep
+  services.gammastep = {
+    enable = true;
+    # add a gammastep icon in the system tray
+    # has problem with wayland, so disable it
+    tray = false;
+    temperature = {
+      day = 5700;
+      night = 4000;
+    };
+    # https://gitlab.com/chinstrap/gammastep/-/blob/master/gammastep.conf.sample?ref_type=heads
+    settings = {
+      general = {
+        fade = "1"; # gradually apply the new screen temperature/brightness over a couple of seconds.
+        # it is a fake brightness adjustment obtained by manipulating the gamma ramps,
+        # which means that it does not reduce the backlight　of the screen.
+        # Preferably only use it if your normal backlight adjustment is too coarse-grained.
+        brightness-day = "1.0";
+        brightness-night = "0.8";
+        location-provider = "manual";
+
+        # by default, Redshift will use the current elevation of the sun
+        # to determine whether it is daytime, night or in transition (dawn/dusk).
+        # dawn-time = "6:00-8:45";
+        # dusk-time = "18:35-20:15";
+      };
+      manual = {
+        # China, Shenzhen
+        lat = "22.5"; # latitude
+        lon = "114.1"; # longitude
+      };
+    };
+  };
+}
@@ -3,12 +3,16 @@
  config,
  ...
 }: {
+  # If your themes for mouse cursor, icons or windows don’t load correctly,
+  # try setting them with home.pointerCursor and gtk.theme,
+  # which enable a bunch of compatibility options that should make the themes load in all situations.
+
  home.pointerCursor = {
+    gtk.enable = true;
+    x11.enable = true;
    package = pkgs.bibata-cursors;
    name = "Bibata-Modern-Classic";
    size = 24;
-    gtk.enable = true;
-    x11.enable = true;
  };

  # set dpi for 4k monitor
@@ -27,8 +31,9 @@
    enable = true;

    font = {
-      name = "Roboto";
-      package = pkgs.roboto;
+      name = "Noto Sans";
+      package = pkgs.noto-fonts;
+      size = 11;
    };

    gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
@@ -18,7 +18,7 @@
 ##############################################################################################
 with lib; let
  cfg = config.home.immutable-file;
-  immutableFileOpts = {...}: {
+  immutableFileOpts = _: {
    options = {
      src = mkOption {
        type = types.path;
@@ -1,6 +1,6 @@
 {
  pkgs,
-  catppuccin-cava,
+  pkgs-unstable,
  nur-ryan4yin,
  ...
 }:
@@ -21,14 +21,14 @@
    vdpauinfo
    vulkan-tools
    glxinfo
-
-    nur-ryan4yin.packages.${pkgs.system}.yazi  # terminal file manager
  ];

  # https://github.com/catppuccin/cava
-  home.file.".config/cava/config".text = ''
+  xdg.configFile."cava/config".text =
+    ''
      # custom cava config
-  '' + builtins.readFile "${catppuccin-cava}/mocha.cava";
+    ''
+    + builtins.readFile "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-cava}/mocha.cava";

  programs = {
    mpv = {
@@ -1,8 +1,6 @@
-{ wallpapers, ... }:
-
-{
+{wallpapers, ...}: {
  # https://github.com/ryan4yin/wallpapers
-  home.file.".config/wallpapers".source = wallpapers;
+  xdg.configFile."wallpapers".source = wallpapers;
  home.file.".local/bin/wallpaper_random" = {
    source = "${wallpapers}/wallpaper_random.py";
    executable = true;
@@ -62,8 +62,7 @@
        "image/webp" = ["imv.desktop"];
      };

-      associations.removed =
-        {
+      associations.removed = {
        # ......
      };
    };
@@ -1,22 +1,19 @@
 {
  pkgs,
-  config,
-  lib,
-  catppuccin-fcitx5,
+  nur-ryan4yin,
  ...
 }: {
-  home.file.".config/fcitx5/profile".source = ./profile;
+  home.file.".local/share/fcitx5/themes".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-fcitx5}/src";

-  # color schema
-  home.file.".local/share/fcitx5/themes".source = "${catppuccin-fcitx5}/src";
-  home.file.".config/fcitx5/conf/classicui.conf".source = ./classicui.conf;
-
-  # every time fcitx5 switch input method, it will modify ~/.config/fcitx5/profile file,
-  # which will override my config managed by home-manager
-  # so we need to remove it before everytime we rebuild the config
-  home.activation.removeExistingFcitx5Profile = lib.hm.dag.entryBefore ["checkLinkTargets"] ''
-    rm -f "${config.xdg.configHome}/fcitx5/profile"
-  '';
+  xdg.configFile = {
+    "fcitx5/profile" = {
+      source = ./profile;
+      # every time fcitx5 switch input method, it will modify ~/.config/fcitx5/profile,
+      # so we need to force replace it in every rebuild to avoid file conflict.
+      force = true;
+    };
+    "fcitx5/conf/classicui.conf".source = ./classicui.conf;
+  };

  i18n.inputMethod = {
    enabled = "fcitx5";
@@ -1,6 +1,8 @@
-{ pkgs, anyrun, ... }:
-
 {
+  pkgs,
+  anyrun,
+  ...
+}: {
  imports = [
    anyrun.homeManagerModules.default
  ];
@@ -83,5 +85,4 @@
      }
    '';
  };
-
 }
@@ -1,26 +1,56 @@
-{pkgs, hyprland, catppuccin-hyprland, ...}: {
+{
+  lib,
+  pkgs,
+  hyprland,
+  nur-ryan4yin,
+  ...
+}: {
  imports = [
-    # hyprland.homeManagerModules.default
-
    ./anyrun.nix
    ./wayland-apps.nix
  ];

-  # wayland.windowManager.hyprland.enable = true;
+  # NOTE:
+  #   (Required) NixOS Module: enables critical components needed to run Hyprland properly
+  #   (Optional) Home-manager module: lets you declaratively configure Hyprland
+  wayland.windowManager.hyprland = {
+    enable = true;
+    package = hyprland.packages.${pkgs.system}.hyprland;
+    settings = lib.mkForce {};
+    extraConfig = builtins.readFile ./hypr-conf/hyprland.conf;
+    # programs.grammastep need this to be enabled.
+    systemd.enable = true;
+  };

  # hyprland configs, based on https://github.com/notwidow/hyprland
-  home.file.".config/hypr" = {
-    source = ./hypr-conf;
-    # copy the scripts directory recursively
+  xdg.configFile = {
+    "hypr/mako" = {
+      source = ./hypr-conf/mako;
+      recursive = true;
+    };
+    "hypr/scripts" = {
+      source = ./hypr-conf/scripts;
+      recursive = true;
+    };
+    "hypr/waybar" = {
+      source = ./hypr-conf/waybar;
+      recursive = true;
+    };
+    "hypr/wlogout" = {
+      source = ./hypr-conf/wlogout;
+      recursive = true;
+    };
+    "hypr/themes" = {
+      source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-hyprland}/themes";
      recursive = true;
    };
-  home.file.".config/hypr/themes".source = "${catppuccin-hyprland}/themes";

    # music player - mpd
-  home.file.".config/mpd" = {
+    "mpd" = {
      source = ./mpd;
      recursive = true;
    };
+  };

  # allow fontconfig to discover fonts and configurations installed through home.packages
  fonts.fontconfig.enable = true;
@@ -38,5 +68,4 @@
    "WLR_NO_HARDWARE_CURSORS" = "1";
    "WLR_EGL_NO_MODIFIRES" = "1";
  };
-
 }
@@ -218,7 +218,15 @@ exec-once = hyprctl setcursor "Bibata-Modern-Ice" 24
 # 相比较一开始的方案输入法字体大小也正确了．唯一有点问题的可能是 xwayland 窗口下的鼠标指针大小不对
 exec-once = xprop -root -f _XWAYLAND_GLOBAL_OUTPUT_SCALE 32c -set _XWAYLAND_GLOBAL_OUTPUT_SCALE 2

-exec-once = xrdb -merge ~/.Xresources
-# env = GDK_SCALE,2
-env = XCURSOR_SIZE,48
-env = XCURSOR_THEME,"Bibata-Modern-Ice"
+-- Fix HiDPI - xwayland
+# change monitor to high resolution, the last argument is the scale factor
+monitor=,highres,auto,2
+
+# unscale XWayland
+xwayland {
+  force_zero_scaling = true
+}
+
+# toolkit-specific scale
+env = GDK_SCALE,2
+env = XCURSOR_SIZE,32
@@ -5,6 +5,7 @@
  "modules-left": [
    "custom/launcher",
    "temperature",
+    "backlight",
    "wlr/workspaces"
  ],
  "modules-center": [
@@ -13,11 +14,11 @@
  "modules-right": [
    "mpd",
    "pulseaudio",
-    "backlight",
    "memory",
    "cpu",
    "network",
    "clock",
+    "idle_inhibitor",
    "custom/powermenu",
    "tray"
  ],
@@ -50,7 +51,9 @@
  },
  "cpu": {
    "format": "\udb80\udf5b {usage}%",
-    "interval": 1
+    "interval": 1,
+    "on-click-middle": "kitty btop",
+    "on-click-right": "kitty btop"
  },
  "custom/launcher": {
    "format": "\uf313 ",
@@ -122,8 +125,10 @@
      "format-linked": " {ifname} (No IP)",
      "format-disconnected": "睊 Disconnected",
      "format-disabled": "睊 Disabled",
-      "format-alt": " {bandwidthUpBits} |  {bandwidthDownBits}",
+      "format-alt": " {bandwidthUpBytes} |  {bandwidthDownBytes}",
      "tooltip-format": " {ifname} via {gwaddr}",
+      "on-click-middle": "nm-connection-editor",
+      "on-click-right": "kitty nmtui"
  },
  "pulseaudio": {
      //"format": "{volume}% {icon} {format_source}",
@@ -156,6 +161,20 @@
    "format": "\uf2c9 {temperatureC}\u00b0C",
    "tooltip": false
  },
+  "backlight": {
+    "format": "{icon} {percent}%",
+    "format-icons": [
+      "",
+      "",
+      "",
+      "",
+      "",
+      "",
+      "",
+      "",
+      ""
+    ]
+  },
  "tray": {
    "icon-size": 15,
    "spacing": 5
@@ -8,9 +8,11 @@
      commandLineArgs = [
        # make it use GTK_IM_MODULE if it runs with Gtk4, so fcitx5 can work with it.
        # (only supported by chromium/chrome at this time, not electron)
-        "--gtk-version=4"
+        "--gtk-version=5"
+        "--enable-features=UseOzonePlatform"
+        "--ozone-platform=wayland"
        # make it use text-input-v1, which works for kwin 5.27 and weston
-        # "--enable-wayland-ime"
+        "--enable-wayland-ime"

        # enable hardware acceleration - vulkan api
        # "--enable-features=Vulkan"
@@ -43,5 +43,4 @@
    "GBM_BACKEND" = "nvidia-drm";
    "__GLX_VENDOR_LIBRARY_NAME" = "nvidia";
  };
-
 }
@@ -5,7 +5,7 @@
  # Home Manager needs a bit of information about you and the
  # paths it should manage.
  home = {
-    username = username;
+    inherit username;
    homeDirectory = "/home/${username}";

    # This value determines the Home Manager release that your
@@ -16,7 +16,7 @@
    # You can update Home Manager without changing this value. See
    # the Home Manager release notes for a list of state version
    # changes in each release.
-    stateVersion = "23.05";
+    stateVersion = "23.11";
  };

  # Let Home Manager install and manage itself.
@@ -8,7 +8,7 @@
  # Home Manager needs a bit of information about you and the
  # paths it should manage.
  home = {
-    username = username;
+    inherit username;
    homeDirectory = "/home/${username}";

    # This value determines the Home Manager release that your
@@ -19,7 +19,7 @@
    # You can update Home Manager without changing this value. See
    # the Home Manager release notes for a list of state version
    # changes in each release.
-    stateVersion = "22.11";
+    stateVersion = "23.11";
  };

  # Let Home Manager install and manage itself.
@@ -3,7 +3,7 @@
  username,
  nixos-rk3588,
  ...
-} @ args:
+}:
 #############################################################
 #
 #  Aquamarine - A NixOS VM running on Proxmox
@@ -11,18 +11,8 @@
 #############################################################
 {
  imports = [
-    {
-      nixpkgs.crossSystem = {
-        config = "aarch64-unknown-linux-gnu";
-      };
-    }
-
    # import the rk3588 module, which contains the configuration for bootloader/kernel/firmware
-    (nixos-rk3588 + "/modules/boards/orangepi5.nix")
-
-    # core-riscv64 only the core packages, it's suitable for aarch64 too.
-    ../../../modules/nixos/core-riscv64.nix
-    ../../../modules/nixos/user-group.nix
+    nixos-rk3588.nixosModules.orangepi5
  ];

  users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys;
@@ -58,5 +48,5 @@
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.05"; # Did you read the comment?
+  system.stateVersion = "23.11"; # Did you read the comment?
 }
@@ -1,6 +1,8 @@
 # Hosts

-1. `harmonica`: My MacBook Pro 2020 13-inch, for work.
+1. macOS
+   1. `fern`: MacBook Pro 2022 13-inch M2 16G, mainly for business.
+   1. `harmonica`: MacBook Pro 2020 13-inch i5 16G, for personal use.
 2. `idols`
   1. `ai`: My main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use.
   2. `aquamarine`: My NixOS virtual machine with R9-5900HX(8C16T), for distributed building & testing.
@@ -0,0 +1,24 @@
+{username, ...} @ args:
+#############################################################
+#
+#  Fern - MacBook Pro 2022 13-inch M2 16G, mainly for business.
+#
+#############################################################
+let
+  hostname = "fern";
+in {
+  networking.hostName = hostname;
+  networking.computerName = hostname;
+  system.defaults.smb.NetBIOSName = hostname;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users."${username}" = {
+    home = "/Users/${username}";
+    description = username;
+
+    # set user's default shell back to zsh
+    #    `chsh -s /bin/zsh`
+    # DO NOT change the system's default shell to nushell! it will break some apps!
+    # It's better to change only starship/alacritty/vscode's shell to nushell!
+  };
+}
@@ -1,20 +1,12 @@
 {username, ...} @ args:
 #############################################################
 #
-#  Harmonica - my MacBook Pro 2020 13-inch, mainly for business.
+#  Harmonica - MacBook Pro 2020 13-inch i5 16G, mainly for personal use
 #
 #############################################################
 let
  hostname = "harmonica";
 in {
-  imports = [
-    ../../modules/darwin
-
-    ../../secrets/darwin.nix
-  ];
-
-  nixpkgs.overlays = import ../../overlays args;
-
  networking.hostName = hostname;
  networking.computerName = hostname;
  system.defaults.smb.NetBIOSName = hostname;
@@ -29,6 +21,4 @@ in {
    # DO NOT change the system's default shell to nushell! it will break some apps!
    # It's better to change only starship/alacritty/vscode's shell to nushell!
  };
-
-  nix.settings.trusted-users = [username];
 }
@@ -0,0 +1,75 @@
+# Host - AI
+
+disk status & mountpoints:
+
+```bash
+› df -Th
+Filesystem                Type      Size  Used Avail Use% Mounted on
+devtmpfs                  devtmpfs  1.6G     0  1.6G   0% /dev
+tmpfs                     tmpfs      16G  8.0K   16G   1% /dev/shm
+tmpfs                     tmpfs     7.8G  7.9M  7.8G   1% /run
+tmpfs                     tmpfs      16G  1.1M   16G   1% /run/wrappers
+tmpfs                     tmpfs      16G   87M   16G   1% /
+/dev/mapper/crypted-nixos btrfs     1.9T  630G  1.3T  34% /persistent
+/dev/mapper/crypted-nixos btrfs     1.9T  630G  1.3T  34% /nix
+tmpfs                     tmpfs     4.0M     0  4.0M   0% /sys/fs/cgroup
+efivarfs                  efivarfs  256K  108K  144K  43% /sys/firmware/efi/efivars
+/dev/mapper/crypted-nixos btrfs     1.9T  630G  1.3T  34% /snapshots
+/dev/mapper/crypted-nixos btrfs     1.9T  630G  1.3T  34% /swap
+/dev/nvme0n1p1            vfat      597M  108M  490M  19% /boot
+tmpfs                     tmpfs     3.2G   48K  3.2G   1% /run/user/1000
+//192.168.5.194/Downloads cifs      3.7T  3.0T  699G  82% /home/ryan/SMB-Downloads
+tmpfs                     tmpfs     100K     0  100K   0% /var/lib/lxd/shmounts
+tmpfs                     tmpfs     100K     0  100K   0% /var/lib/lxd/devlxd
+/dev/mapper/crypted-nixos btrfs     1.9T  630G  1.3T  34% /tmp
+
+~ 
+› lsblk
+NAME              MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINTS
+zram0             253:0    0 15.6G  0 disk  [SWAP]
+nvme0n1           259:0    0  1.8T  0 disk  
+├─nvme0n1p1       259:2    0  598M  0 part  /boot
+└─nvme0n1p2       259:3    0  1.8T  0 part  
+  └─crypted-nixos 254:0    0  1.8T  0 crypt /tmp
+                                            /swap/swapfile
+                                            /swap
+                                            /snapshots
+                                            /home/ryan/tmp
+                                            /home/ryan/nix-config
+                                            /home/ryan/go
+                                            /home/ryan/codes
+                                            /home/ryan/Videos
+                                            /home/ryan/Pictures
+                                            /home/ryan/Music
+                                            /home/ryan/Downloads
+                                            /home/ryan/Documents
+                                            /home/ryan/.wakatime
+                                            /home/ryan/.ssh
+                                            /home/ryan/.pki
+                                            /home/ryan/.npm
+                                            /home/ryan/.mozilla
+                                            /home/ryan/.local/state
+                                            /home/ryan/.local/share
+                                            /home/ryan/.kube
+                                            /home/ryan/.gnupg
+                                            /home/ryan/.docker
+                                            /home/ryan/.config/remmina
+                                            /home/ryan/.config/pulse
+                                            /home/ryan/.config/google-chrome
+                                            /home/ryan/.config/github-copilot
+                                            /home/ryan/.config/freerdp
+                                            /home/ryan/.aws
+                                            /etc/ssh
+                                            /etc/secureboot
+                                            /etc/nix/inputs
+                                            /etc/agenix
+                                            /etc/NetworkManager/system-connections
+                                            /etc/machine-id
+                                            /home/ryan/.config/nushell/history.txt
+                                            /home/ryan/.wakatime.cfg
+                                            /nix/store
+                                            /var/log
+                                            /var/lib
+                                            /nix
+                                            /persistent
+```
@@ -1,7 +1,5 @@
 {
  config,
-  pkgs,
-
  username,
  ...
 }: {
@@ -1,4 +1,3 @@
-{lanzaboote, ...} @ args:
 #############################################################
 #
 #  Ai - my main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use.
@@ -12,18 +11,8 @@

    ./impermanence.nix
    ./secureboot.nix
-
-    # ../../../modules/nixos/fhs-fonts.nix
-    ../../../modules/nixos/libvirt.nix
-    ../../../modules/nixos/core-desktop.nix
-    ../../../modules/nixos/remote-building.nix
-    ../../../modules/nixos/user-group.nix
-
-    ../../../secrets/nixos.nix
  ];

-  nixpkgs.overlays = import ../../../overlays args;
-
  networking = {
    hostName = "ai";
    wireless.enable = false; # Enables wireless support via wpa_supplicant.
@@ -51,7 +40,8 @@
    ];
  };

-  virtualisation.docker.storageDriver = "btrfs";
+  # conflict with feature: containerd-snapshotter
+  # virtualisation.docker.storageDriver = "btrfs";

  # for Nvidia GPU
  services.xserver.videoDrivers = ["nvidia"]; # will install nvidia-vaapi-driver by default
@@ -59,12 +49,8 @@
    # Optionally, you may need to select the appropriate driver version for your specific GPU.
    # package = config.boot.kernelPackages.nvidiaPackages.stable;

-    # Modesetting is needed for most Wayland compositors
+    # required by most wayland compositors!
    modesetting.enable = true;
-    # Use the open source version of the kernel module
-    # Only available on driver 515.43.04+
-    open = false;
-
    powerManagement.enable = true;
  };
  virtualisation.docker.enableNvidia = true; # for nvidia-docker
@@ -18,11 +18,16 @@
  boot.loader.efi.efiSysMountPoint = "/boot";
  boot.loader.systemd-boot.enable = true;

+  # boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.kernelPackages = pkgs.linuxPackages_xanmod_latest;
+
  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
  boot.initrd.kernelModules = [];
  boot.kernelModules = ["kvm-intel"];
  boot.kernelParams = ["nvidia.NVreg_PreserveVideoMemoryAllocations=1"];
  boot.extraModulePackages = [];
+  # clear /tmp on boot to get a stateless /tmp directory.
+  boot.tmp.cleanOnBoot = true;

  # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
  boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
@@ -37,7 +42,6 @@
    "cifs" # mount windows share
  ];

-
  boot.initrd = {
    # unlocked luks devices via a keyfile or prompt a passphrase.
    luks.devices."crypted-nixos" = {
@@ -70,6 +74,7 @@
    device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
    fsType = "btrfs";
    options = ["subvol=@persistent" "compress-force=zstd:1"];
+    # impermanence's data is required for booting.
    neededForBoot = true;
  };

@@ -79,6 +84,12 @@
    options = ["subvol=@snapshots" "compress-force=zstd:1"];
  };

+  fileSystems."/tmp" = {
+    device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
+    fsType = "btrfs";
+    options = ["subvol=@tmp" "compress-force=zstd:1"];
+  };
+
  # mount swap subvolume in readonly mode.
  fileSystems."/swap" = {
    device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
@@ -15,7 +15,7 @@
  # There are two ways to clear the root filesystem on every boot:
  ##  1. use tmpfs for /
  ##  2. (btrfs/zfs only)take a blank snapshot of the root filesystem and revert to it on every boot via:
-  ##  3. boot.initrd.postDeviceCommands = ''
+  ##     boot.initrd.postDeviceCommands = ''
  ##       mkdir -p /run/mymount
  ##       mount -o subvol=/ /dev/disk/by-uuid/UUID /run/mymount
  ##       btrfs subvolume delete /run/mymount
@@ -23,6 +23,10 @@
  ##     '';
  #
  #  See also https://grahamc.com/blog/erase-your-darlings/
+
+  # NOTE: impermanence only mounts the directory/file list below to /persistent
+  # If the directory/file already exists in the root filesystem, you should
+  # move those files/directories to /persistent first!
  environment.persistence."/persistent" = {
    # sets the mount option x-gvfs-hide on all the bind mounts
    # to hide them from the file manager
@@ -38,7 +42,7 @@
      "/var/log"
      "/var/lib"

-      # created by modules/nixos/fhs-fonts.nix
+      # created by modules/nixos/misc/fhs-fonts.nix
      # for flatpak apps
      # "/usr/share/fonts"
      # "/usr/share/icons"
@@ -46,6 +50,8 @@
    files = [
      "/etc/machine-id"
    ];
+
+    # the following directories will be passed to /persistent/home/$USER
    users.ryan = {
      directories = [
        "codes"
@@ -0,0 +1,3 @@
+result
+result/
+.DS_Store
@@ -0,0 +1,243 @@
+# Nix Environment for Deploying my NixOS Configuration
+
+This flake prepares a Nix environment for setting my desktop [/hosts/idols/ai](/hosts/idols/ai/)(on main flake) up on a new machine.
+
+TODOs:
+
+- [ ] dcalarative disk partitioning with [disko](https://github.com/nix-community/disko)
+
+## Why an extra flake is needed?
+
+The configuration of the main flake, [/flake.nix](/flake.nix), is heavy, and it takes time to debug & deploy.
+This simplified flake is tiny and can be deployed very quickly, it helps me to:
+
+1. Adjust & verify my `hardware-configuration.nix` modification quickly before deploying the `main` flake.
+2. Test some new filesystem related features on a NixOS virtual machine, such as impermanence, Secure Boot, TMP2, Encryption, etc.
+
+## Steps to Deploying the `main` flake
+
+First, create a USB install medium from NixOS's official ISO image and boot from it.
+
+### 1. Encrypting with LUKS(everything except ESP)
+
+> https://nixos.org/manual/nixos/stable/#sec-installation-manual-partitioning
+
+> [dm-crypt/Encrypting an entire system - Arch Wiki](https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system)
+
+> [Encrypted /boot - GRUB2 - Arch Wiki](https://wiki.archlinux.org/title/GRUB#Encrypted_/boot)
+
+> [Frequently asked questions (FAQ) - cryptsetup](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions)
+
+Securing a root file system is where dm-crypt excels, feature and performance-wise. 
+An encrypted root file system protects everything on the system, it make the system a black box to the attacker.
+
+1. The EFI system partition(ESP) must be left unencrypted, and is mounted at `/boot`
+    1. Since the UEFI firmware can only load boot loaders from unencrypted partitions.
+2. Secure Boot is enabled, everything in ESP is signed.
+3. The BTRFS file system with subvolumes is used for the root partition, and the swap area is a swapfile on a dedicated BTRFS subvolume, thus the swap area is also encrypted.
+
+And the boot flow is:
+
+1. The UEFI firmware loads the boot loader from the ESP(`/boot`).
+2. The boot loader loads the kernel and initrd from the ESP(`/boot`).
+3. **The initrd prompts for the passphrase to unlock the root partition**.
+4. The initrd unlocks the root partition and mounts it at `/`.
+5. The initrd continues the boot process, and hands over the control to the kernel.
+
+Partitioning the disk:
+
+```bash
+# Create a GPT partition table
+parted /dev/nvme0n1 -- mklabel gpt
+
+# NixOS by default uses the ESP (EFI system partition) as its /boot partition
+# Create a 512MB EFI system partition
+parted /dev/nvme0n1 -- mkpart ESP fat32 2MB 629MB
+
+# set the boot flag on the ESP partition
+# Format:
+#    set partition flag state
+parted /dev/nvme0n1 -- set 1 esp on
+
+# Create the root partition using the rest of the disk
+# Format: 
+#   mkpart [part-type name fs-type] start end
+parted /dev/nvme0n1 -- mkpart primary 630MB 100% 
+
+# show disk status
+lsblk
+```
+
+Encrypting the root partition:
+
+```bash
+lsblk
+# show cryptsetup's compiled in defualts
+cryptsetup --help
+
+# encrypt the root partition with luks2 and argon2id, will prompt for a passphrase, which will be used to unlock the partition.
+cryptsetup luksFormat --type luks2 --pbkdf argon2id --cipher aes-xts-plain64 --key-size 512 --hash sha512 /dev/nvme0n1p2
+
+# show status
+cryptsetup luksDump /dev/nvme0n1p2
+
+# open(unlock) the device with the passphrase you just set
+cryptsetup luksOpen /dev/nvme0n1p2 crypted-nixos
+
+# show disk status
+lsblk
+```
+
+Formatting the root partition:
+
+```bash
+mkfs.fat -F 32 -n ESP /dev/nvme0n1p1
+# format the root partition with btrfs and label it
+mkfs.btrfs -L crypted-nixos /dev/mapper/crypted-nixos 
+
+# mount the root partition and create subvolumes
+mount /dev/mapper/crypted-nixos /mnt
+btrfs subvolume create /mnt/@nix
+btrfs subvolume create /mnt/@tmp
+btrfs subvolume create /mnt/@swap
+btrfs subvolume create /mnt/@persistent
+btrfs subvolume create /mnt/@snapshots
+umount /mnt
+
+# Use tmpfs for root - stateless
+mount -t tmpfs tmpfs /mnt
+
+# Remount the root partition with the subvolumes you just created
+# 
+# Enable zstd compression to:
+#   1. Reduce the read/write operations, which helps to:
+#     1. Extend the life of the SSD.
+#     2. improve the performance of disks with low IOPS / RW throughput, such as HDD and SATA SSD.
+#   2. Save the disk space.
+mkdir /mnt/{nix,tmp,swap,persistent,snapshots,boot}
+mount -o compress-force=zstd:1,noatime,subvol=@nix /dev/mapper/crypted-nixos /mnt/nix
+mount -o compress-force=zstd:1,subvol=@tmp /dev/mapper/crypted-nixos /mnt/tmp
+mount -o subvol=@swap /dev/mapper/crypted-nixos /mnt/swap
+mount -o compress-force=zstd:1,noatime,subvol=@persistent /dev/mapper/crypted-nixos /mnt/persistent
+mount -o compress-force=zstd:1,noatime,subvol=@snapshots /dev/mapper/crypted-nixos /mnt/snapshots
+mount /dev/nvme0n1p1 /mnt/boot
+
+# create a swapfile on btrfs file system
+# This command will disable CoW / compression on the swap subvolume and then create a swapfile.
+# because the linux kernel requires that swapfile must not be compressed or have copy-on-write(CoW) enabled.
+btrfs filesystem mkswapfile --size 96g --uuid clear /mnt/swap/swapfile
+
+# check whether the swap subvolume has CoW disabled
+# the output of `lsattr` for the swap subvolume should be:
+#    ---------------C------ /swap/swapfile
+# if not, delete the swapfile, and rerun the commands above.
+lsattr /mnt/swap
+
+# mount the swapfile as swap area
+swapon swapfile
+```
+
+Now, the disk status should be:
+
+```bash
+# show disk status
+$ lsblk
+nvme0n1           259:0    0   1.8T  0 disk  
+├─nvme0n1p1       259:2    0   600M  0 part  /mnt/boot
+└─nvme0n1p2       259:3    0   1.8T  0 part  
+  └─crypted-nixos 254:0    0   1.8T  0 crypt /mnt/swap
+                                             /mnt/persistent
+                                             /mnt/snapshots
+                                             /mnt/nix
+                                             /mnt/tmp
+
+# show swap status
+$ swapon -s
+Filename				Type		Size		Used		Priority
+/swap/swapfile                          file		100663292	0		-2
+```
+
+### 2. Generating the NixOS Configuration and Installing NixOS
+
+Clone this repository:
+
+```bash
+# enter an shell with git/vim/ssh-agent/gnumake available
+nix-shell -p git vim gnumake
+
+# clone this repository
+git clone https://github.com/ryan4yin/nix-config.git
+```
+
+Then, generate the NixOS configuration:
+
+```bash
+# nixos configurations
+nixos-generate-config --root /mnt
+
+# we need to update our filesystem configs in old hardware-configuration.nix according to the generated one.
+cp /etc/nixos/hardware-configuration.nix ./nix-config/hosts/idols/ai/hardware-configuration-new.nix
+vim .
+```
+
+Then, Install NixOS:
+
+```bash
+cd ~/nix-config
+
+# run this command if you're retrying to run nixos-install
+rm -rf /mnt/etc
+
+# install nixos
+# NOTE: the root password you set here will be discarded when reboot
+nixos-install --root /mnt --flake .#ai --no-root-password
+
+# if you want to use a cache mirror, run this command instead
+# replace the mirror url with your own
+nixos-install --root /mnt --flake .#ai --no-root-password --option substituters "https://mirror.sjtu.edu.cn/nix-channels/store"
+
+# enter into the installed system, check password & users
+nixos-enter
+
+# copy the essential files into /persistent
+# otherwise the / will be cleared and data will lost
+## NOTE: impermanence just create links from / to /persistent
+##       We need to copy files into /persistent manually!!!
+mv /etc/machine-id /persistent/etc/
+mv /etc/ssh /persistent/etc/
+
+
+# delte the generated configuration after editing
+rm -f /mnt/etc/nixos
+rm ~/nix-config/hosts/idols/ai/hardware-configuration-new.nix
+
+# commit the changes after installing nixos successfully
+git config --global user.email "ryan4yin@linux.com"
+git config --global user.name "Ryan Yin"
+git commit -am "feat: update hardware-configuration"
+
+# copy our configuration to the installed file system
+cp -r ../nix-config /mnt/etc/nixos
+```
+
+And then reboot.
+
+
+## Deploying the main flake's NixOS configuration
+
+After rebooting, we can deploy the main flake's NixOS configuration by running:
+
+```bash
+# 1. Add the ssh key to the ssh-agent, so that nixos-rebuild can use it to pull my private git repositories.
+ssh-add ~/.ssh/xxx
+
+sudo mv /etc/nixos ~/nix-config
+chown -R ryan:ryan ~/nix-config
+
+cd ~/nix-config
+
+# deploy the configuration
+make hypr
+```
+
+Finally, to enable secure boot, follow the instructions in [lanzaboote - Quick Start](https://github.com/nix-community/lanzaboote/blob/master/docs/QUICK_START.md) and [nix-config/ai/secure-boot.nix](https://github.com/ryan4yin/nix-config/blob/main/hosts/idols/ai/secureboot.nix)
@@ -0,0 +1,8 @@
+_: {
+  networking = {
+    hostName = "ai";
+    defaultGateway = "192.168.5.201";
+    networkmanager.enable = true;
+  };
+  system.stateVersion = "23.11";
+}
@@ -0,0 +1,43 @@
+{
+  "nodes": {
+    "impermanence": {
+      "locked": {
+        "lastModified": 1697303681,
+        "narHash": "sha256-caJ0rXeagaih+xTgRduYtYKL1rZ9ylh06CIrt1w5B4g=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "0f317c2e9e56550ce12323eb39302d251618f5b5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1701389149,
+        "narHash": "sha256-rU1suTIEd5DGCaAXKW6yHoCfR1mnYjOXQFOaH7M23js=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "5de0b32be6e85dc1a9404c75131316e4ffbc634c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-23.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "impermanence": "impermanence",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
@@ -0,0 +1,24 @@
+{
+  description = "NixOS configuration of Ryan Yin";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
+    impermanence.url = "github:nix-community/impermanence";
+  };
+
+  outputs = inputs @ {nixpkgs, ...}: {
+    nixosConfigurations = {
+      ai = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = inputs;
+        modules = [
+          ./configuration.nix
+          ./system.nix
+
+          ../hardware-configuration.nix
+          ../impermanence.nix
+        ];
+      };
+    };
+  };
+}
@@ -0,0 +1,57 @@
+{pkgs, ...}: {
+  # Set your time zone.
+  time.timeZone = "Asia/Shanghai";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "zh_CN.UTF-8";
+    LC_IDENTIFICATION = "zh_CN.UTF-8";
+    LC_MEASUREMENT = "zh_CN.UTF-8";
+    LC_MONETARY = "zh_CN.UTF-8";
+    LC_NAME = "zh_CN.UTF-8";
+    LC_NUMERIC = "zh_CN.UTF-8";
+    LC_PAPER = "zh_CN.UTF-8";
+    LC_TELEPHONE = "zh_CN.UTF-8";
+    LC_TIME = "zh_CN.UTF-8";
+  };
+
+  # ssh-agent is used to pull my private secrets repo from github when depoloying my nixos config.
+  programs.ssh.startAgent = true;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    git
+    gnumake
+    wget
+    curl
+    nix-output-monitor
+  ];
+
+  users.groups = {
+    "ryan" = {};
+  };
+
+  # Don't allow mutation of users outside the config.
+  users = {
+    mutableUsers = false;
+    # Define a user account. Don't forget to set a password with ‘passwd’.
+    users = {
+      ryan = {
+        # generated by `mkpasswd -m scrypt`
+        # we have to use initialHashedPassword here, if your'are using tmpfs for /
+        initialHashedPassword = "$7$CU..../....Sdl/JRH..9eIvZ6mE/52r.$xeR6lyvTcVVKt28Owcoc/vPOOECcYSiq1xjw/QCz2t0";
+        isNormalUser = true;
+        description = "ryan";
+        extraGroups = ["ryan" "networkmanager" "wheel"];
+      };
+      root.initialHashedPassword = "$7$CU..../....X6uvZYnFD.i1CqqFFNl4./$4vgqzIPyw5XBr0aCDFbY/UIRRJr7h5SMGoQ/ZvX3FP2";
+    };
+  };
+
+  # make ryan a trusted user so he can set custom nix substituters url(cache mirror) to speed up nixos-rebuild.
+  nix.settings.trusted-users = ["ryan"];
+}
@@ -1,19 +1,9 @@
-{...} @ args:
 #############################################################
 #
 #  Aquamarine - A NixOS VM running on Proxmox
 #
 #############################################################
 {
-  imports = [
-    ../../../modules/nixos/proxmox-hardware-configuration.nix
-
-    ../../../modules/nixos/core-server.nix
-    ../../../modules/nixos/user-group.nix
-  ];
-
-  nixpkgs.overlays = import ../../../overlays args;
-
  # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
  boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
  # supported fil systems, so we can mount any removable disks with these filesystems
@@ -60,5 +50,5 @@
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "22.11"; # Did you read the comment?
+  system.stateVersion = "23.11"; # Did you read the comment?
 }
@@ -1,19 +1,9 @@
-{...} @ args:
 #############################################################
 #
 #  Kana - a NixOS VM running on Proxmox
 #
 #############################################################
 {
-  imports = [
-    ../../../modules/nixos/proxmox-hardware-configuration.nix
-
-    ../../../modules/nixos/core-server.nix
-    ../../../modules/nixos/user-group.nix
-  ];
-
-  nixpkgs.overlays = import ../../../overlays args;
-
  # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
  boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
  # supported fil systems, so we can mount any removable disks with these filesystems
@@ -60,5 +50,5 @@
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.05"; # Did you read the comment?
+  system.stateVersion = "23.11"; # Did you read the comment?
 }
@@ -1,19 +1,9 @@
-{...} @ args:
 #############################################################
 #
 #  Ruby - a NixOS VM running on Proxmox
 #
 #############################################################
 {
-  imports = [
-    ../../../modules/nixos/proxmox-hardware-configuration.nix
-
-    ../../../modules/nixos/core-server.nix
-    ../../../modules/nixos/user-group.nix
-  ];
-
-  nixpkgs.overlays = import ../../../overlays args;
-
  # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
  boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
  # supported fil systems, so we can mount any removable disks with these filesystems
@@ -60,5 +50,5 @@
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.05"; # Did you read the comment?
+  system.stateVersion = "23.11"; # Did you read the comment?
 }
@@ -1,9 +1,7 @@
 {
-  config,
-  username,
  # nixos-jh7110,
  ...
-} @ args:
+}:
 #############################################################
 #
 #  Chiaya - NixOS Configuration for Milk-V Mars
@@ -13,21 +11,8 @@
 #############################################################
 {
  imports = [
-    {
-      # cross-compilation this flake.
-      nixpkgs.crossSystem = {
-        system = "riscv64-linux";
-      };
-    }
-
-    # TODO
-
-    ../../../modules/nixos/core-riscv64.nix
-    ../../../modules/nixos/user-group.nix
  ];

-  users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys;
-
  # Set static IP address / gateway / DNS servers.
  networking = {
    hostName = "chiaya"; # Define your hostname.
@@ -1,9 +1,4 @@
-{
-  config,
-  username,
-  nixos-licheepi4a,
-  ...
-} @ args:
+{nixos-licheepi4a, ...}:
 #############################################################
 #
 #  Nozomi - NixOS configuration for Lichee Pi 4A
@@ -11,24 +6,12 @@
 #############################################################
 {
  imports = [
-    {
-      # cross-compilation this flake.
-      nixpkgs.crossSystem = {
-        system = "riscv64-linux";
-      };
-    }
-
    # import the licheepi4a module, which contains the configuration for bootloader/kernel/firmware
    (nixos-licheepi4a + "/modules/licheepi4a.nix")
    # import the sd-image module, which contains the fileSystems & kernel parameters for booting from sd card.
    (nixos-licheepi4a + "/modules/sd-image/sd-image-lp4a.nix")
-
-    ../../../modules/nixos/core-riscv64.nix
-    ../../../modules/nixos/user-group.nix
  ];

-  users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys;
-
  # Set static IP address / gateway / DNS servers.
  networking = {
    hostName = "nozomi"; # Define your hostname.
@@ -1,9 +1,4 @@
-{
-  config,
-  username,
-  nixos-licheepi4a,
-  ...
-} @ args:
+{nixos-licheepi4a, ...}:
 #############################################################
 #
 #  Yukina - NixOS configuration for Lichee Pi 4A
@@ -11,24 +6,12 @@
 #############################################################
 {
  imports = [
-    {
-      # cross-compilation this flake.
-      nixpkgs.crossSystem = {
-        system = "riscv64-linux";
-      };
-    }
-
    # import the licheepi4a module, which contains the configuration for bootloader/kernel/firmware
    (nixos-licheepi4a + "/modules/licheepi4a.nix")
    # import the sd-image module, which contains the fileSystems & kernel parameters for booting from sd card.
    (nixos-licheepi4a + "/modules/sd-image/sd-image-lp4a.nix")
-
-    ../../../modules/nixos/core-riscv64.nix
-    ../../../modules/nixos/user-group.nix
  ];

-  users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys;
-
  # Set static IP address / gateway / DNS servers.
  networking = {
    hostName = "yukina"; # Define your hostname.
@@ -0,0 +1,46 @@
+{ lib, ... }:
+
+rec {
+  # Generate an attribute set from a list.
+  #
+  #   lib.genAttrs [ "foo" "bar" ] (name: "x_" + name)
+  #     => { foo = "x_foo"; bar = "x_bar"; }
+  listToAttrs = lib.genAttrs;
+
+  # Update only the values of the given attribute set.
+  # 
+  #   mapAttrs
+  #   (name: value: ("bar-" + value))
+  #   { x = "a"; y = "b"; }
+  #     => { foo = "bar-a"; foo = "bar-b"; }
+  mapAttrs = lib.attrsets.mapAttrs;
+
+  # Update both the names and values of the given attribute set.
+  # 
+  #   mapAttrs'
+  #   (name: value: nameValuePair ("foo_" + name) ("bar-" + value))
+  #   { x = "a"; y = "b"; }
+  #     => { foo_x = "bar-a"; foo_y = "bar-b"; }
+  mapAttrs' = lib.attrsets.mapAttrs';
+
+  # Merge a list of attribute sets into one. smilar to the operator `a // b`, but for a list of attribute sets.
+  #
+  #   mergeAttrsList
+  #   [ { x = "a"; y = "b"; } { x = "c"; z = "d"; } { g = "e"; } ]
+  #   => { x = "c"; y = "b"; z = "d"; g = "e"; }
+  mergeAttrsList = lib.attrsets.mergeAttrsList;
+
+  # Generate a string from an attribute set.
+  # 
+  #   attrsets.foldlAttrs
+  #   (acc: name: value: acc + "\nexport ${name}=${value}")
+  #   "# A shell script"
+  #   { x = "a"; y = "b"; }
+  #     =>
+  #     ```
+  #     # A shell script
+  #     export x=a
+  #     export y=b
+  #    ````
+  foldlAttrs = lib.attrsets.foldlAttrs;
+}
@@ -8,12 +8,12 @@
  host_tags,
  targetUser ? specialArgs.username,
 }: let
-  username = specialArgs.username;
+  inherit (specialArgs) username;
 in
-  { name, nodes, ... }: {
+  {name, ...}: {
    deployment = {
+      inherit targetUser;
      targetHost = name; # hostName or IP address
-      targetUser = targetUser;
      tags = host_tags;
    };

@@ -23,11 +23,14 @@ in
        {
          # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
          nix.registry.nixpkgs.flake = nixpkgs;
-          # make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
-          environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
-          nix.nixPath = ["/etc/nix/inputs"];
+          nix.channel.enable = false; # disable nix-channel, we use flakes instead.
+
+          nixpkgs.overlays = import ../overlays specialArgs;
        }
-      ] ++ (if (home-module != null) then [
+      ]
+      ++ (
+        if (home-module != null)
+        then [
          home-manager.nixosModules.home-manager
          {
            home-manager.useGlobalPkgs = true;
@@ -36,5 +39,7 @@ in
            home-manager.extraSpecialArgs = specialArgs;
            home-manager.users."${username}" = home-module;
          }
-      ] else []);
+        ]
+        else []
+      );
  }
@@ -7,21 +7,25 @@
  darwin-modules,
  home-module,
 }: let
-  username = specialArgs.username;
+  inherit (specialArgs) username;
 in
  nix-darwin.lib.darwinSystem {
    inherit system specialArgs;
    modules =
      darwin-modules
      ++ [
-        {
+        ({lib, ...}: {
+          nixpkgs.pkgs = import nixpkgs {inherit system;};
          # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
          nix.registry.nixpkgs.flake = nixpkgs;

-          # make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
          environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
-          nix.nixPath = ["/etc/nix/inputs"];
-        }
+          # make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
+          # discard all the default paths, and only use the one from this flake.
+          nix.nixPath = lib.mkForce ["/etc/nix/inputs"];
+
+          nixpkgs.overlays = import ../overlays specialArgs;
+        })

        home-manager.darwinModules.home-manager
        {
@@ -7,7 +7,7 @@
  nixos-modules,
  home-module,
 }: let
-  username = specialArgs.username;
+  inherit (specialArgs) username;
 in
  nixpkgs.lib.nixosSystem {
    inherit system specialArgs;
@@ -17,10 +17,9 @@ in
        {
          # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
          nix.registry.nixpkgs.flake = nixpkgs;
+          nix.channel.enable = false; # disable nix-channel, we use flakes instead.

-          # make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
-          environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
-          nix.nixPath = ["/etc/nix/inputs"];
+          nixpkgs.overlays = import ../overlays specialArgs;
        }

        nixos-generators.nixosModules.all-formats
@@ -0,0 +1,38 @@
+{
+  config,
+  lib,
+  username,
+  ...
+}: {
+  nix.settings = {
+    # enable flakes globally
+    experimental-features = ["nix-command" "flakes"];
+
+    # given the users in this list the right to specify additional substituters via:
+    #    1. `nixConfig.substituers` in `flake.nix`
+    #    2. command line args `--options substituers http://xxx`
+    trusted-users = [username];
+
+    # substituers that will be considered before the official ones(https://cache.nixos.org)
+    substituters = [
+      # cache mirror located in China
+      # status: https://mirror.sjtu.edu.cn/
+      "https://mirror.sjtu.edu.cn/nix-channels/store"
+      # status: https://mirrors.ustc.edu.cn/status/
+      # "https://mirrors.ustc.edu.cn/nix-channels/store"
+
+      "https://nix-community.cachix.org"
+      # my own cache server
+      "https://ryan4yin.cachix.org"
+    ];
+
+    trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "ryan4yin.cachix.org-1:Gbk27ZU5AYpGS9i3ssoLlwdvMIh0NxG0w8it/cv9kbU="
+    ];
+    builders-use-substitutes = true;
+  };
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = lib.mkDefault false;
+}
@@ -1,4 +1,9 @@
-{pkgs, ...}: {
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 ##########################################################################
 #
 #  Install all apps and packages here.
@@ -9,7 +14,28 @@
 # TODO Fell free to modify this file to fit your needs.
 #
 ##########################################################################
+let
+  # Homebrew Mirror
+  # NOTE: is only useful when you run `brew install` manually! (not via nix-darwin)
+  homebrew_mirror_env = {
+    HOMEBREW_API_DOMAIN = "https://mirrors.tuna.tsinghua.edu.cn/homebrew-bottles/api";
+    HOMEBREW_BOTTLE_DOMAIN = "https://mirrors.tuna.tsinghua.edu.cn/homebrew-bottles";
+    HOMEBREW_BREW_GIT_REMOTE = "https://mirrors.tuna.tsinghua.edu.cn/git/homebrew/brew.git";
+    HOMEBREW_CORE_GIT_REMOTE = "https://mirrors.tuna.tsinghua.edu.cn/git/homebrew/homebrew-core.git";
+    HOMEBREW_PIP_INDEX_URL = "https://pypi.tuna.tsinghua.edu.cn/simple";
+  };

+  local_proxy_env = {
+    # HTTP_PROXY = "http://127.0.0.1:7890";
+    # HTTPS_PROXY = "http://127.0.0.1:7890";
+  };
+
+  homebrew_env_script =
+    lib.attrsets.foldlAttrs
+    (acc: name: value: acc + "\nexport ${name}=${value}")
+    ""
+    (homebrew_mirror_env // local_proxy_env);
+in {
  # Install packages from nix's official package repository.
  #
  # The packages installed here are available to all users, and are reproducible across machines, and are rollbackable.
@@ -23,7 +49,21 @@
    gnugrep # replacee macos's grep
    gnutar # replacee macos's tar
  ];
-  environment.variables.EDITOR = "nvim";
+  environment.variables =
+    {
+      # Fix https://github.com/LnL7/nix-darwin/wiki/Terminfo-issues
+      TERMINFO_DIRS = map (path: path + "/share/terminfo") config.environment.profiles ++ ["/usr/share/terminfo"];
+
+      EDITOR = "nvim";
+    }
+    # Set variables for you to manually install homebrew packages.
+    // homebrew_mirror_env;
+
+  # Set environment variables for nix-darwin before run `brew bundle`.
+  system.activationScripts.homebrew.text = lib.mkBefore ''
+    echo >&2 '${homebrew_env_script}'
+    ${homebrew_env_script}
+  '';

  # Create /etc/zshrc that loads the nix-darwin environment.
  # this is required if you want to use darwin's default shell - zsh
@@ -33,16 +73,8 @@
    pkgs.nushell # my custom shell
  ];

-  # Homebrew Mirror
-  environment.variables = {
-    HOMEBREW_API_DOMAIN = "https://mirrors.tuna.tsinghua.edu.cn/homebrew-bottles/api";
-    HOMEBREW_BOTTLE_DOMAIN = "https://mirrors.tuna.tsinghua.edu.cn/homebrew-bottles";
-    HOMEBREW_BREW_GIT_REMOTE = "https://mirrors.tuna.tsinghua.edu.cn/git/homebrew/brew.git";
-    HOMEBREW_CORE_GIT_REMOTE = "https://mirrors.tuna.tsinghua.edu.cn/git/homebrew/homebrew-core.git";
-    HOMEBREW_PIP_INDEX_URL = "https://pypi.tuna.tsinghua.edu.cn/simple";
-  };
-
  # homebrew need to be installed manually, see https://brew.sh
+  # https://github.com/LnL7/nix-darwin/blob/master/modules/homebrew.nix
  homebrew = {
    enable = true;

@@ -73,7 +105,6 @@
      "homebrew/cask-versions"

      "hashicorp/tap"
-      "pulumi/tap"
    ];

    brews = [
@@ -83,7 +114,6 @@
      "aria2" # download tool
      "httpie" # http client
      "wireguard-tools" # wireguard
-      "mitmproxy"

      # Usage:
      #  https://github.com/tailscale/tailscale/wiki/Tailscaled-on-macOS#run-the-tailscaled-daemon
@@ -123,20 +153,19 @@
      "microsoft-remote-desktop"

      # "anki"
-      "clashx" # proxy tool
+      "shadowsocksx-ng" # proxy tool
      "iina" # video player
-      "openinterminal-lite" # open current folder in terminal
      "syncthing" # file sync
      "raycast" # (HotKey: alt/option + space)search, caculate and run scripts(with many plugins)
-      "iglance" # beautiful system monitor
+      "stats" # beautiful system status monitor in menu bar
      "eudic" # 欧路词典
      # "reaper"  # audio editor
      "sonic-pi" # music programming

      # Development
+      "mitmproxy" # HTTP/HTTPS traffic inspector
      "insomnia" # REST client
      "wireshark" # network analyzer
-      "temurin17"  # JDK 17
      "jdk-mission-control" # Java Mission Control
      "google-cloud-sdk" # Google Cloud SDK
    ];
@@ -1,7 +1,9 @@
 {
  imports = [
-    ./apps.nix
+    ../base.nix
    ./nix-core.nix
+
+    ./apps.nix
    ./system.nix
  ];
 }
@@ -1,8 +1,4 @@
-{
-  pkgs,
-  lib,
-  ...
-}: {
+{pkgs, ...}: {
  ###################################################################################
  #
  #  Core configuration for nix-darwin
@@ -12,33 +8,36 @@
  #
  ###################################################################################

-  # enable flakes globally
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+  # Fix: https://github.com/LnL7/nix-darwin/issues/149#issuecomment-1741720259
+  # nix is installed via DeterminateSystems's nix-installer.
+  environment.etc."zshrc".knownSha256Hashes = [
+    "b9902f2020c636aeda956a74b5ae11882d53e206d1aa50b3abe591a8144fa710"  # nix-installer on harmonica
+  ];
+  environment.etc."bashrc".knownSha256Hashes = [
+    "53ab77cddb5c9aa2954efe42e9af0b8a2829f94dd31b6c33f8082ed194dcc0cb"    # nix-installer on harmonica
+    "6ffdf5a198ffe73fbcd17def767f52093b42b29149d4a3e911b49ebcb9785101"    # nix-installer on fern
+   ];
+  environment.etc."zshenv".knownSha256Hashes = [
+    "bb96fe80a72ea9cd3291f09e4dc13a64e7db3b401f5889e43edc1fe34ed02d2c"    # nix-installer on harmonica
+    "0c544e42afe7836de9ba933d93f46043b12f58ae484ff8cfb02716353f1dba5f"    # nix-installer on fern
+  ];
+
+
+  environment.etc."shells".knownSha256Hashes = [
+    "9d5aa72f807091b481820d12e693093293ba33c73854909ad7b0fb192c2db193"     # nix-installer on fern
+  ];

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

  # Auto upgrade nix package and the daemon service.
  services.nix-daemon.enable = true;
-  # Use this instead of services.nix-daemon.enable if you
-  # don't wan't the daemon service to be managed for you.
-  # nix.useDaemon = true;
-
  nix.package = pkgs.nix;

-  programs.nix-index.enable = true;
-
-  # boot.loader.grub.configurationLimit = 10;
-  # do garbage collection weekly to keep disk usage low
-  nix.gc = {
-    automatic = lib.mkDefault true;
-    options = lib.mkDefault "--delete-older-than 7d";
-  };
-
  # Disable auto-optimise-store because of this issue:
  #   https://github.com/NixOS/nix/issues/7273
  # "error: cannot link '/nix/store/.tmp-link-xxxxx-xxxxx' to '/nix/store/.links/xxxx': File exists"
-  nix.settings = {
-    auto-optimise-store = false;
-  };
+  nix.settings.auto-optimise-store = false;
+
+  nix.gc.automatic = false;
 }
@@ -59,7 +59,10 @@
        # `defaults read NSGlobalDomain "xxx"`
        "com.apple.swipescrolldirection" = true; # enable natural scrolling(default to true)
        "com.apple.sound.beep.feedback" = 0; # disable beep sound when pressing volume up/down key
+
+        # Appearance
        AppleInterfaceStyle = "Dark"; # dark mode
+
        AppleKeyboardUIMode = 3; # Mode 3 enables full keyboard control.
        ApplePressAndHoldEnabled = true; # enable press and hold

@@ -129,6 +132,9 @@
    # keyboard settings is not very useful on macOS
    # the most important thing is to remap option key to alt key globally,
    # but it's not supported by macOS yet.
+    #
+    # To avoid conflicts with neovim, disable ctrl + up/down/left/right to switch spaces in:
+    #   [System Preferences] -> [Keyboard] -> [Keyboard Shortcuts] -> [Mission Control]
    keyboard = {
      enableKeyMapping = true; # enable key mapping so that we can use `option` as `control`

@@ -0,0 +1,19 @@
+{
+  # Set your time zone.
+  time.timeZone = "Asia/Shanghai";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "zh_CN.UTF-8";
+    LC_IDENTIFICATION = "zh_CN.UTF-8";
+    LC_MEASUREMENT = "zh_CN.UTF-8";
+    LC_MONETARY = "zh_CN.UTF-8";
+    LC_NAME = "zh_CN.UTF-8";
+    LC_NUMERIC = "zh_CN.UTF-8";
+    LC_PAPER = "zh_CN.UTF-8";
+    LC_TELEPHONE = "zh_CN.UTF-8";
+    LC_TIME = "zh_CN.UTF-8";
+  };
+}
@@ -2,16 +2,20 @@
  lib,
  pkgs,
  ...
-}: {
+}:
+{
  ###################################################################################
  #
  #  NixOS's core configuration suitable for all my machines
  #
  ###################################################################################

+  # to install chrome, you need to enable unfree packages
+  nixpkgs.config.allowUnfree = true;
+
  # for nix server, we do not need to keep too much generations
  boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
-  # boot.loader.grub.configurationLimit = 10;
+
  # do garbage collection weekly to keep disk usage low
  nix.gc = {
    automatic = lib.mkDefault true;
@@ -19,51 +23,29 @@
    options = lib.mkDefault "--delete-older-than 7d";
  };

-  nix.settings = {
  # Manual optimise storage: nix-store --optimise
  # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store
-    auto-optimise-store = true;
-    builders-use-substitutes = true;
-    # enable flakes globally
-    experimental-features = ["nix-command" "flakes"];
-  };
+  nix.settings.auto-optimise-store = true;

-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = lib.mkDefault false;
-
-  # Set your time zone.
-  time.timeZone = "Asia/Shanghai";
-
-  # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.UTF-8";
-
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "zh_CN.UTF-8";
-    LC_IDENTIFICATION = "zh_CN.UTF-8";
-    LC_MEASUREMENT = "zh_CN.UTF-8";
-    LC_MONETARY = "zh_CN.UTF-8";
-    LC_NAME = "zh_CN.UTF-8";
-    LC_NUMERIC = "zh_CN.UTF-8";
-    LC_PAPER = "zh_CN.UTF-8";
-    LC_TELEPHONE = "zh_CN.UTF-8";
-    LC_TIME = "zh_CN.UTF-8";
-  };
-
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  networking.firewall.enable = lib.mkDefault false;
-
-  # Enable the OpenSSH daemon.
-  services.openssh = {
+  # Enable in-memory compressed devices and swap space provided by the zram kernel module.
+  # By enable this, we can store more data in memory instead of fallback to disk-based swap devices directly, 
+  # and thus improve I/O performance when we have a lot of memory.
+  # 
+  #   https://www.kernel.org/doc/Documentation/blockdev/zram.txt
+  zramSwap = {
    enable = true;
-    settings = {
-      X11Forwarding = true;
-      PermitRootLogin = "no"; # disable root login
-      PasswordAuthentication = false; # disable password login
-    };
-    openFirewall = true;
+    # one of "lzo", "lz4", "zstd"
+    algorithm = "zstd";
+    # Priority of the zram swap devices. 
+    # It should be a number higher than the priority of your disk-based swap devices
+    # (so that the system will fill the zram swap devices before falling back to disk swap).
+    priority = 5;
+    # Maximum total amount of memory that can be stored in the zram swap devices (as a percentage of your total memory). 
+    # Defaults to 1/2 of your total RAM. Run zramctl to check how good memory is compressed. 
+    # This doesn’t define how much memory will be used by the zram swap devices.
+    memoryPercent = 50;
  };
+
  # for power management
  services = {
    power-profiles-daemon = {
@@ -75,6 +57,8 @@
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
+    parted
+    psmisc # killall/pstree/prtstat/fuser/...
    neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
    wget
    curl
@@ -100,11 +84,4 @@

  # replace default editor with neovim
  environment.variables.EDITOR = "nvim";
-
-  virtualisation.docker = {
-    enable = true;
-    # start dockerd on boot.
-    # This is required for containers which are created with the `--restart=always` flag to work.
-    enableOnBoot = true;
-  };
 }
@@ -0,0 +1,19 @@
+{lib, ...}: {
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = lib.mkDefault false;
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    settings = {
+      X11Forwarding = true;
+      PermitRootLogin = "no"; # disable root login
+      PasswordAuthentication = false; # disable password login
+    };
+    openFirewall = true;
+  };
+
+
+}
@@ -1,5 +1,4 @@
-{ username, ... }:
-{
+{username, ...}: {
  ####################################################################
  #
  #  NixOS's Configuration for Remote Building / Distributed Building
@@ -1,8 +1,4 @@
-{ username, ... }: 
-
-{
-  nix.settings.trusted-users = [username];
-
+{username, config, ...}: {
  # Don't allow mutation of users outside the config.
  users.mutableUsers = false;

@@ -10,7 +6,6 @@
    "${username}" = {};
    docker = {};
    wireshark = {};
-
    # for android platform tools's udev rules
    adbusers = {};
    dialout = {};
@@ -22,7 +17,7 @@

  users.users."${username}" = {
    # generated by `mkpasswd -m scrypt`
-    # we have to use initialHashedPassword here, if your'are using tmpfs for /
+    # we have to use initialHashedPassword here when using tmpfs for /
    initialHashedPassword = "$7$CU..../....Sdl/JRH..9eIvZ6mE/52r.$xeR6lyvTcVVKt28Owcoc/vPOOECcYSiq1xjw/QCz2t0";
    home = "/home/${username}";
    isNormalUser = true;
@@ -42,7 +37,10 @@
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7PTkP3ixXTZlrJNSHnXgkmHNT+QslFi9wNYXOpVwGB ryan@harmonica"
    ];
  };
-  users.users.root.initialHashedPassword = "$7$CU..../....X6uvZYnFD.i1CqqFFNl4./$4vgqzIPyw5XBr0aCDFbY/UIRRJr7h5SMGoQ/ZvX3FP2";
+  users.users.root = {
+    initialHashedPassword = "$7$CU..../....X6uvZYnFD.i1CqqFFNl4./$4vgqzIPyw5XBr0aCDFbY/UIRRJr7h5SMGoQ/ZvX3FP2";
+    openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys;
+  };

  # DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure`
  security.sudo.extraRules = [
@@ -0,0 +1,25 @@
+{pkgs, ...}: {
+  ###################################################################################
+  #
+  #  Visualisation - Libvirt(QEMU/KVM) / Docker / LXD / WayDroid
+  #
+  ###################################################################################
+
+  virtualisation = {
+    docker = {
+      enable = true;
+      daemon.settings = {
+        # enables pulling using containerd, which supports restarting from a partial pull
+        # https://docs.docker.com/storage/containerd/
+        "features" = {"containerd-snapshotter" = true;};
+      };
+
+      # start dockerd on boot.
+      # This is required for containers which are created with the `--restart=always` flag to work.
+      enableOnBoot = true;
+    };
+
+    waydroid.enable = true;
+    lxd.enable = true;
+  };
+}
@@ -1,224 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  pkgs-unstable,
-  ...
-}: {
-  ###################################################################################
-  #
-  #  NixOS's core configuration suitable for my desktop computer
-  #
-  ###################################################################################
-
-  imports = [
-    ./core-server.nix
-  ];
-
-  # to install chrome, you need to enable unfree packages
-  nixpkgs.config.allowUnfree = lib.mkForce true;
-
-  # add user's shell into /etc/shells
-  environment.shells = with pkgs; [
-    bash
-    nushell
-  ];
-  # set user's default shell system-wide
-  users.defaultUserShell = pkgs.nushell;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    parted
-    ventoy
-    # python, some times I may need to use python with root permission.
-    (python310.withPackages (ps:
-      with ps; [
-        ipython
-        pandas
-        requests
-        pyquery
-        pyyaml
-      ]
-    ))
-    psmisc  # killall/pstree/prtstat/fuser/...
-    colmena  # nixos's remote deployment tool
-    pulseaudio  # provides `pactl`, which is required by some apps(e.g. sonic-pi)
-  ];
-
-  programs = {
-    # android development tools, this will install adb/fastboot and other android tools and udev rules
-    # see https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/programs/adb.nix
-    adb.enable = true;
-    # The OpenSSH agent remembers private keys for you
-    # so that you don’t have to type in passphrases every time you make an SSH connection.
-    # Use `ssh-add` to add a key to the agent.
-    ssh.startAgent = true;
-    # dconf is a low-level configuration system.
-    dconf.enable = true;
-  };
-
-  # A key remapping daemon for linux.
-  # https://github.com/rvaiya/keyd
-  services.keyd = {
-    enable = true;
-    keyboards = {
-      default = {
-        settings = {
-          main = {
-            # overloads the capslock key to function as both escape (when tapped) and control (when held)
-            capslock = "overload(control, esc)";
-          };
-        };
-      };
-    };
-  };
-
-  # PipeWire is a new low-level multimedia framework.
-  # It aims to offer capture and playback for both audio and video with minimal latency.
-  # It support for PulseAudio-, JACK-, ALSA- and GStreamer-based applications.
-  # PipeWire has a great bluetooth support, it can be a good alternative to PulseAudio.
-  #     https://nixos.wiki/wiki/PipeWire
-  services.pipewire = {
-    enable = true;
-    # package = pkgs-unstable.pipewire;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-    # If you want to use JACK applications, uncomment this
-    jack.enable = true;
-    wireplumber.enable = true;
-  };
-  # rtkit is optional but recommended
-  security.rtkit.enable = true;
-  # Remove sound.enable or turn it off if you had it set previously, it seems to cause conflicts with pipewire
-  sound.enable = false;
-  # Disable pulseaudio, it conflicts with pipewire too.
-  hardware.pulseaudio.enable = false;
-
-  # enable bluetooth & gui paring tools - blueman
-  # or you can use cli:
-  # $ bluetoothctl
-  # [bluetooth] # power on
-  # [bluetooth] # agent on
-  # [bluetooth] # default-agent
-  # [bluetooth] # scan on
-  # ...put device in pairing mode and wait [hex-address] to appear here...
-  # [bluetooth] # pair [hex-address]
-  # [bluetooth] # connect [hex-address]
-  # Bluetooth devices automatically connect with bluetoothctl as well:
-  # [bluetooth] # trust [hex-address]
-  hardware.bluetooth.enable = true;
-  services.blueman.enable = true;
-
-  # security with polkit
-  services.power-profiles-daemon = {
-    enable = true;
-  };
-  security.polkit.enable = true;
-  # security with gnome-kering
-  services.gnome.gnome-keyring.enable = true;
-  security.pam.services.greetd.enableGnomeKeyring = true;
-  
-  services = {
-    # Enable CUPS to print documents.
-    printing.enable = true;
-
-    # https://flatpak.org/setup/NixOS
-    flatpak.enable = true;
-
-    dbus.packages = [pkgs.gcr];
-    geoclue2.enable = true;
-
-    udev.packages = with pkgs; [
-      gnome.gnome-settings-daemon
-      platformio # udev rules for platformio
-      openocd # required by paltformio, see https://github.com/NixOS/nixpkgs/issues/224895
-      android-udev-rules
-      openfpgaloader
-    ];
-  };
-
-
-  xdg.portal = {
-    enable = true;
-
-    config = {
-      common = {
-        # Use xdg-desktop-portal-gtk for every portal interface...
-        default = [
-          "gtk"
-        ];
-        # except for the secret portal, which is handled by gnome-keyring
-        "org.freedesktop.impl.portal.Secret" = [
-          "gnome-keyring"
-        ];
-      };
-    };
-
-    # Sets environment variable NIXOS_XDG_OPEN_USE_PORTAL to 1
-    # This will make xdg-open use the portal to open programs,
-    # which resolves bugs involving programs opening inside FHS envs or with unexpected env vars set from wrappers.
-    # xdg-open is used by almost all programs to open a unknown file/uri
-    # alacritty as an example, it use xdg-open as default, but you can also custom this behavior
-    # and vscode has open like `External Uri Openers`
-    xdgOpenUsePortal = false;
-    extraPortals = with pkgs; [
-      xdg-desktop-portal-gtk # for gtk
-      # xdg-desktop-portal-kde  # for kde
-    ];
-  };
-
-  # all fonts are linked to /nix/var/nix/profiles/system/sw/share/X11/fonts
-  fonts = {
-    # use fonts specified by user rather than default ones
-    enableDefaultPackages = false;
-    fontDir.enable = true;
-
-    packages = with pkgs; [
-      # icon fonts
-      material-design-icons
-      font-awesome
-
-      # Noto 系列字体是 Google 主导的，名字的含义是「没有豆腐」（no tofu），因为缺字时显示的方框或者方框被叫作 tofu
-      # Noto 系列字族名只支持英文，命名规则是 Noto + Sans 或 Serif + 文字名称。
-      # 其中汉字部分叫 Noto Sans/Serif CJK SC/TC/HK/JP/KR，最后一个词是地区变种。
-      noto-fonts # 大部分文字的常见样式，不包含汉字
-      noto-fonts-cjk # 汉字部分
-      noto-fonts-emoji # 彩色的表情符号字体
-      noto-fonts-extra # 提供额外的字重和宽度变种
-
-      # 思源系列字体是 Adobe 主导的。其中汉字部分被称为「思源黑体」和「思源宋体」，是由 Adobe + Google 共同开发的
-      source-sans # 无衬线字体，不含汉字。字族名叫 Source Sans 3 和 Source Sans Pro，以及带字重的变体，加上 Source Sans 3 VF
-      source-serif # 衬线字体，不含汉字。字族名叫 Source Code Pro，以及带字重的变体
-      source-han-sans # 思源黑体
-      source-han-serif # 思源宋体
-
-      # nerdfonts
-      (nerdfonts.override {
-        fonts = [
-          "FiraCode"
-          "JetBrainsMono"
-          "Iosevka"
-        ];
-      })
-
-      (pkgs.callPackage ../../fonts/icomoon-feather-icon-font.nix {})
-    ];
-
-    # user defined fonts
-    # the reason there's Noto Color Emoji everywhere is to override DejaVu's
-    # B&W emojis that would sometimes show instead of some Color emojis
-    fontconfig.defaultFonts = {
-      serif = ["Noto Serif CJK SC" "Noto Serif CJK TC" "Noto Serif CJK JP" "Noto Color Emoji"];
-      sansSerif = ["Noto Sans CJK SC" "Noto Sans CJK TC" "Noto Sans CJK JP" "Noto Color Emoji"];
-      monospace = ["JetBrainsMono Nerd Font" "Noto Color Emoji"];
-      emoji = ["Noto Color Emoji"];
-    };
-  };
-
-  environment.variables = {
-    # fix https://github.com/NixOS/nixpkgs/issues/238025
-    TZ = "${config.time.timeZone}";
-  };
-}
@@ -1,74 +0,0 @@
-{config, pkgs, nixpkgs, ...}: {
-
-  # =========================================================================
-  #      Base NixOS Configuration
-  # =========================================================================
-
-  # Set your time zone.
-  time.timeZone = "Asia/Shanghai";
-
-  # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.UTF-8";
-
-  nix.settings = {
-    # Manual optimise storage: nix-store --optimise
-    # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store
-    auto-optimise-store = true;
-    builders-use-substitutes = true;
-    # enable flakes globally
-    experimental-features = ["nix-command" "flakes"];
-  };
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  #
-  # TODO feel free to add or remove packages here.
-  environment.systemPackages = with pkgs; [
-    neovim
-
-    # networking
-    mtr      # A network diagnostic tool
-    iperf3   # A tool for measuring TCP and UDP bandwidth performance
-    nmap     # A utility for network discovery and security auditing
-    ldns     # replacement of dig, it provide the command `drill`
-    socat    # replacement of openbsd-netcat
-    tcpdump  # A powerful command-line packet analyzer
-
-    # archives
-    zip
-    xz
-    unzip
-    p7zip
-    zstd
-    gnutar
-
-    # misc
-    file
-    which
-    tree
-    gnused
-    gawk
-    tmux
-    docker-compose
-  ];
-
-  # replace default editor with neovim
-  environment.variables.EDITOR = "nvim";
-
-  virtualisation.docker = {
-    enable = true;
-    # start dockerd on boot.
-    # This is required for containers which are created with the `--restart=always` flag to work.
-    enableOnBoot = true;
-  };
-
-  services.openssh = {
-    enable = true;
-    settings = {
-      X11Forwarding = true;
-      PermitRootLogin = "prohibit-password";  # disable root login with password
-      PasswordAuthentication = false; # disable password login
-    };
-    openFirewall = true;
-  };
-}
@@ -0,0 +1,10 @@
+{
+  imports = [
+    ./fonts.nix
+    ./graphic.nix
+    ./misc.nix
+    ./peripherals.nix
+    ./security.nix
+    ./visualisation.nix
+  ];
+}
@@ -0,0 +1,69 @@
+{pkgs, ...}: {
+  # all fonts are linked to /nix/var/nix/profiles/system/sw/share/X11/fonts
+  fonts = {
+    # use fonts specified by user rather than default ones
+    enableDefaultPackages = false;
+    fontDir.enable = true;
+
+    packages = with pkgs; [
+      # icon fonts
+      material-design-icons
+      font-awesome
+
+      # Noto 系列字体是 Google 主导的，名字的含义是「没有豆腐」（no tofu），因为缺字时显示的方框或者方框被叫作 tofu
+      # Noto 系列字族名只支持英文，命名规则是 Noto + Sans 或 Serif + 文字名称。
+      # 其中汉字部分叫 Noto Sans/Serif CJK SC/TC/HK/JP/KR，最后一个词是地区变种。
+      noto-fonts # 大部分文字的常见样式，不包含汉字
+      noto-fonts-cjk # 汉字部分
+      noto-fonts-emoji # 彩色的表情符号字体
+      noto-fonts-extra # 提供额外的字重和宽度变种
+
+      # 思源系列字体是 Adobe 主导的。其中汉字部分被称为「思源黑体」和「思源宋体」，是由 Adobe + Google 共同开发的
+      source-sans # 无衬线字体，不含汉字。字族名叫 Source Sans 3 和 Source Sans Pro，以及带字重的变体，加上 Source Sans 3 VF
+      source-serif # 衬线字体，不含汉字。字族名叫 Source Code Pro，以及带字重的变体
+      source-han-sans # 思源黑体
+      source-han-serif # 思源宋体
+
+      # nerdfonts
+      (nerdfonts.override {
+        fonts = [
+          "FiraCode"
+          "JetBrainsMono"
+          "Iosevka"
+        ];
+      })
+
+      # added by my custom overlays, custom icon font for hyprland/i3's tray/bar
+      icomoon-feather-icon-font
+    ];
+
+    # user defined fonts
+    # the reason there's Noto Color Emoji everywhere is to override DejaVu's
+    # B&W emojis that would sometimes show instead of some Color emojis
+    fontconfig.defaultFonts = {
+      serif = ["Noto Serif CJK SC" "Noto Serif CJK TC" "Noto Serif CJK JP" "Noto Color Emoji"];
+      sansSerif = ["Noto Sans CJK SC" "Noto Sans CJK TC" "Noto Sans CJK JP" "Noto Color Emoji"];
+      monospace = ["JetBrainsMono Nerd Font" "Noto Color Emoji"];
+      emoji = ["Noto Color Emoji"];
+    };
+  };
+
+  # https://wiki.archlinux.org/title/KMSCON
+  services.kmscon = {
+    # Use kmscon as the virtual console instead of gettys.
+    # kmscon is a kms/dri-based userspace virtual terminal implementation.
+    # It supports a richer feature set than the standard linux console VT,
+    # including full unicode support, and when the video card supports drm should be much faster.
+    enable = true;
+    fonts = [
+      {
+        name = "Source Code Pro";
+        package = pkgs.source-code-pro;
+      }
+    ];
+    extraOptions = "--term xterm-256color";
+    extraConfig = "font-size=12";
+    # Whether to use 3D hardware acceleration to render the console.
+    hwRender = true;
+  };
+}
@@ -0,0 +1,30 @@
+{pkgs, ...}: {
+  xdg.portal = {
+    enable = true;
+
+    config = {
+      common = {
+        # Use xdg-desktop-portal-gtk for every portal interface...
+        default = [
+          "gtk"
+        ];
+        # except for the secret portal, which is handled by gnome-keyring
+        "org.freedesktop.impl.portal.Secret" = [
+          "gnome-keyring"
+        ];
+      };
+    };
+
+    # Sets environment variable NIXOS_XDG_OPEN_USE_PORTAL to 1
+    # This will make xdg-open use the portal to open programs,
+    # which resolves bugs involving programs opening inside FHS envs or with unexpected env vars set from wrappers.
+    # xdg-open is used by almost all programs to open a unknown file/uri
+    # alacritty as an example, it use xdg-open as default, but you can also custom this behavior
+    # and vscode has open like `External Uri Openers`
+    xdgOpenUsePortal = false;
+    extraPortals = with pkgs; [
+      xdg-desktop-portal-gtk # for gtk
+      # xdg-desktop-portal-kde  # for kde
+    ];
+  };
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Ryan Yin	82cfa4c6f7	feat: my custom libAttrs	2023-12-23 11:06:50 +08:00
Ryan Yin	27dd5ebb13	docs: update README	2023-12-23 11:06:50 +08:00
Ryan Yin	a589feee7b	feat: homebrew - darwin	2023-12-22 21:23:23 +08:00
Ryan Yin	a9459e7606	feat: darwin	2023-12-22 21:20:02 +08:00
Ryan Yin	ad86ed60dc	feat: update PATH	2023-12-22 21:03:25 +08:00
Ryan Yin	2a42da46ad	fix: mitmproxy on macOS	2023-12-22 17:01:30 +08:00
Ryan Yin	1817f41423	feat: update for shells	2023-12-22 16:59:56 +08:00
Ryan Yin	217057612c	feat: migrate yazi into base	2023-12-22 16:43:37 +08:00
Ryan Yin	a1b5572eea	refactor: via statix	2023-12-22 12:07:37 +08:00
Ryan Yin	cddd8101c7	fix: darwin fern	2023-12-22 09:49:09 +08:00
Ryan Yin	d6f6154a22	fix: suzu - orangepi5	2023-12-22 01:49:28 +08:00
Ryan Yin	8ac24e4f13	refactor: replace mapAttrs' with mapAttrs	2023-12-22 01:43:28 +08:00
Ryan Yin	e4abf62ec3	refactor: replace listToAttrs with mapAttrs' to get a cleaner definition	2023-12-22 01:28:48 +08:00
Ryan Yin	05aa451895	refactor: systems	2023-12-22 01:18:25 +08:00
Ryan Yin	c49a96ae29	docs: update docs for idols - ai	2023-12-22 00:18:04 +08:00
Ryan Yin	ac3c05545f	fix: typo	2023-12-22 00:15:30 +08:00
Ryan Yin	b12af73ff6	fix: increase of tmpfs's size by mount a btrfs subvolume for it feat: migrate nixos-installer from a separate branch into a folder	2023-12-22 00:13:21 +08:00
Ryan Yin	45b52845f7	feat: disable flake_check in ci	2023-12-21 17:48:18 +08:00
Ryan Yin	434b3bfe81	feat: enable zram	2023-12-21 17:10:11 +08:00
Ryan Yin	6c1cd365a0	feat: enable zram	2023-12-21 17:09:34 +08:00
Ryan Yin	b1d9bbc26e	feat: enable zram	2023-12-21 17:08:39 +08:00
Ryan Yin	76b0b1c68d	fix: disable flake_check in ci temporarily	2023-12-21 15:37:28 +08:00
Ryan Yin	6dca4d1492	docs: README	2023-12-21 15:32:28 +08:00
Ryan Yin	a237c108d1	fix: bash in mkShell	2023-12-21 14:46:20 +08:00
Ryan Yin	9832a955e4	feat: darwin - homebrew mirror, replace iglance with stats	2023-12-21 12:24:12 +08:00
Ryan Yin	c90bb514d0	feat: new aarch64-darwin host - fern	2023-12-21 12:03:16 +08:00
Ryan Yin	932e1a236c	Merge pull request #30 from ryan4yin/fern feat: new aarch64-darwin host - fern	2023-12-20 23:02:46 +08:00
Ryan Yin	e70f7269f4	feat: new aarch64-darwin host - fern	2023-12-20 21:43:16 +08:00
Ryan Yin	a07dfbe36a	feat: replace agenix with ragenix	2023-12-20 15:37:33 +08:00
Ryan Yin	d57e3ff61b	fix: fcitx5 theme	2023-12-20 13:29:25 +08:00
Ryan Yin	6f38faef79	fix: ci	2023-12-20 13:25:42 +08:00
Ryan Yin	50d9301e13	feat: migrate capptuccin themes into my nur-packages, add nix's access-tokens into secrets	2023-12-20 13:13:54 +08:00
Ryan Yin	58b02a6b16	feat: replace home.activation.xxx via home.file.<name>.force	2023-12-20 10:45:01 +08:00
Ryan Yin	29511fa574	feat: refactor flake.nix	2023-12-20 02:19:40 +08:00
Ryan Yin	809a68fa27	feat: add github workflow - flake_check	2023-12-19 21:03:59 +08:00
Ryan Yin	2ac43c8a33	feat: add github workflow - flake_check	2023-12-19 20:45:53 +08:00
Ryan Yin	802e9e6e39	feat: auto nix develop - direnv	2023-12-19 20:45:27 +08:00
Ryan Yin	625691084a	fix: The following files have unrecognized content and would be overwritten: /etc/bashrc /etc/zshrc /etc/zshenv	2023-12-18 15:09:43 +08:00
Ryan Yin	38e7a45bb8	fix: agenix on nix-darwin	2023-12-18 14:42:03 +08:00
Ryan Yin	dbe62811c7	fix: agenix on nix-darwin, update flake.nix	2023-12-18 14:05:45 +08:00
Ryan Yin	8d83ded0fb	feat: update git pre-commit checks	2023-12-18 11:14:17 +08:00
Ryan Yin	74cec7dd8e	feat: nix fmt	2023-12-18 01:06:28 +08:00
Ryan Yin	b2f75a37dc	feat: nix fmt	2023-12-18 00:36:59 +08:00
Ryan Yin	a04a058077	feat: refactor, hyprland - greet with autologin	2023-12-18 00:32:41 +08:00
Ryan Yin	7d03e63bdd	feat: upgrade system.stateVersion feat: autologin - hyprland / i3 feat: 256color for console tty	2023-12-17 05:59:22 +08:00
Ryan Yin	1cf34add85	fix: fcitx - macOS	2023-12-17 00:09:13 +08:00
Ryan Yin	20b6aa07af	feat: update flake.lock, add eye-protection.nix	2023-12-17 00:08:54 +08:00
Ryan Yin	ab5a68ce9d	feat: change linux kernel to xanmod	2023-12-16 21:44:05 +08:00
Ryan Yin	da729c1ade	feat: add aws ssm plugin	2023-12-13 18:10:05 +08:00
Ryan Yin	f899d59da9	docs: impermanence - ai	2023-12-13 12:23:21 +08:00
Ryan Yin	ca8f0dc166	feat: disable nix channel	2023-12-13 11:57:59 +08:00
Ryan Yin	393338a23d	fix: disable docker storageDriver	2023-12-12 23:39:35 +08:00
Ryan Yin	5ca251646a	feat: docker - pulling using containerd	2023-12-12 22:08:32 +08:00
Ryan Yin	75ef84913f	fix: agenix failed to decrypt secrets when booting	2023-12-12 20:37:03 +08:00
Ryan Yin	b92537e264	fix: nix-darwin	2023-12-12 11:28:24 +08:00
Ryan Yin	e3a17925f2	fix: nix optimise storage	2023-12-09 16:37:54 +08:00
Ryan Yin	c170e251ac	fix: nixConfig.extra-sbustituers https://github.com/ryan4yin/nixos-and-flakes-book/discussions/62#discussioncomment-7805510	2023-12-09 14:18:19 +08:00
Ryan Yin	ec1747707b	fix: terminfo	2023-12-08 17:50:32 +08:00
Ryan Yin	56f2abc737	fix: terminfo error on macOS	2023-12-08 14:24:44 +08:00
Ryan Yin	cb6f46aea8	fix: syntax error, optimise tmux	2023-12-07 22:38:04 +08:00
Ryan Yin	dfab5ddacc	fix: TERM and TERMINFO	2023-12-07 22:02:01 +08:00
Ryan Yin	0e2faec44f	docs: wezterm crash with the latest hyprland	2023-12-07 21:12:17 +08:00
Ryan Yin	88671c40e7	Merge pull request #27 from ryan4yin/fix-nushell-neovim fix: environment variables missed in nushell	2023-12-07 20:10:01 +08:00
Ryan Yin	9f59301a0e	fix: environment variables missed in nushell fix: https://github.com/ryan4yin/nix-config/issues/26	2023-12-07 13:10:15 +08:00
Ryan Yin	d13a353921	revert: shell wrapper for neovim's terminal still useless on macOS	2023-12-07 10:47:08 +08:00
Ryan Yin	989989ecc6	docs: update comments	2023-12-07 10:39:03 +08:00
Ryan Yin	0a66a3b0a3	docs: comment for nvim-shell	2023-12-07 00:27:30 +08:00
Ryan Yin	be036118ca	feat: optimise autosave.nvim	2023-12-06 23:50:07 +08:00
Ryan Yin	601fcafd31	fix: autosave.nvim & yazi	2023-12-06 23:07:01 +08:00
Ryan Yin	087d38487c	feat: access extraPackages in neovim's terminal - add a shell wrapper	2023-12-06 22:39:10 +08:00
Ryan Yin	b0e481a1f1	fix: package collisions	2023-12-06 11:45:26 +08:00
Ryan Yin	1ca7607814	feat: update yazi, add tools for java development	2023-12-05 21:05:37 +08:00
Ryan Yin	59ea29a7ab	feat: auto chmod agenix's secrets on darwin	2023-12-05 12:12:32 +08:00
Ryan Yin	486a3b343c	feat: disable flatpak	2023-12-05 12:01:07 +08:00
Ryan Yin	3b7772712e	docs: update README	2023-12-05 11:44:19 +08:00
Ryan Yin	37b34beca4	feat: enable waydroid & lxd	2023-12-05 11:18:15 +08:00