docs: how to add a new machine

docs: update docs
docs: update docs, remove unused host - chiaya
2026-05-28 18:39:31 +02:00 · 2024-03-10 20:56:54 +08:00 · 2024-03-10 20:46:36 +08:00 · 2024-03-10 20:45:57 +08:00 · 2024-03-10 20:18:02 +08:00 · 2024-03-10 20:13:57 +08:00
796 changed files with 129154 additions and 5575 deletions
@@ -0,0 +1 @@
+use flake
@@ -0,0 +1,3 @@
+# https://github.com/github-linguist/linguist/blob/master/docs/overrides.md
+
+home/linux/desktop/i3/conf/polybar/** linguist-vendored
@@ -0,0 +1,24 @@
+name: Nix Flake Check
+
+on: [push, pull_request, workflow_dispatch]
+
+jobs:
+  checks:
+    name: Check expressions
+    runs-on: ubuntu-latest
+
+    steps:
+      # - name: Checkout repository
+      #   uses: actions/checkout@v4
+      # - name: Install nix
+      #   uses: cachix/install-nix-action@v24
+      #   with:
+      #     install_url: https://nixos.org/nix/install
+      #     extra_nix_config: |
+      #       access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+      #       experimental-features = nix-command flakes
+
+      - name: Run Nix Flake Check
+        run: |
+          echo 'TODO: nix flake check'
+          # nix flake check
@@ -1,3 +1,5 @@
 result
 result/
+.direnv/
 .DS_Store
+.pre-commit-config.yaml
@@ -0,0 +1,283 @@
+# just is a command runner, Justfile is very similar to Makefile, but simpler.
+
+# use nushell for shell commands
+set shell := ["nu", "-c"]
+
+############################################################################
+#
+#  Nix commands related to the local machine
+#
+############################################################################
+
+i3 mode="default":
+  use utils.nu *; \
+  nixos-switch ai-i3 {{mode}}
+
+hypr mode="default":
+  use utils.nu *; \
+  nixos-switch ai-hyprland {{mode}}
+
+
+s-i3 mode="default":
+  use utils.nu *; \
+  nixos-switch shoukei-i3 {{mode}}
+
+
+s-hypr mode="default":
+  use utils.nu *; \
+  nixos-switch shoukei-hyprland {{mode}}
+
+
+up:
+  nix flake update
+
+# Update specific input
+# Usage: just upp nixpkgs
+upp input:
+  nix flake lock --update-input {{input}}
+
+history:
+  nix profile history --profile /nix/var/nix/profiles/system
+
+repl:
+  nix repl -f flake:nixpkgs
+
+clean:
+  # remove all generations older than 7 days
+  sudo nix profile wipe-history --profile /nix/var/nix/profiles/system  --older-than 7d
+
+gc:
+  # garbage collect all unused nix store entries
+  sudo nix store gc --debug
+  sudo nix-collect-garbage --delete-old
+
+gitgc:
+  git reflog expire --expire-unreachable=now --all
+  git gc --prune=now
+
+############################################################################
+#
+#  Darwin related commands, harmonica is my macbook pro's hostname
+#
+############################################################################
+
+darwin-set-proxy:
+  sudo python3 scripts/darwin_set_proxy.py
+  sleep 1sec
+
+darwin-rollback:
+  use utils.nu *; \
+  darwin-rollback
+
+ha mode="default":
+  use utils.nu *; \
+  darwin-build "harmonica" {{mode}}; \
+  darwin-switch "harmonica" {{mode}}
+
+fe mode="default": darwin-set-proxy
+  use utils.nu *; \
+  darwin-build "fern" {{mode}}; \
+  darwin-switch "fern" {{mode}}
+
+yabai-reload:
+  launchctl kickstart -k "gui/502/org.nixos.yabai";
+  launchctl kickstart -k "gui/502/org.nixos.skhd"; 
+
+############################################################################
+#
+#  Homelab - NixOS servers running on bare metal
+#
+############################################################################
+
+virt:
+  colmena apply --on '@virt-*' --verbose --show-trace
+
+shoryu:
+  colmena apply --on '@shoryu' --verbose --show-trace
+
+shushou:
+  colmena apply --on '@shushou' --verbose --show-trace
+
+youko:
+  colmena apply --on '@youko' --verbose --show-trace
+
+
+############################################################################
+#
+#  Homelab - Virtual Machines running on Kubevirt
+#
+############################################################################
+
+lab:
+  colmena apply --on '@homelab-*' --verbose --show-trace
+
+aqua:
+  colmena apply --on '@aqua' --verbose --show-trace
+  # some config changes require a restart of the dae service
+  ssh root@aquamarine "sudo systemctl stop dae; sleep 1; sudo systemctl start dae"
+
+ruby:
+  colmena apply --on '@ruby' --verbose --show-trace
+
+kana:
+  colmena apply --on '@kana' --verbose --show-trace
+
+tailscale:
+  colmena apply --on '@tailscale-gw' --verbose --show-trace
+
+# pve-aqua:
+#   nom build .#aquamarine
+#   rsync -avz --progress --copy-links result root@um560:/var/lib/vz/dump/vzdump-qemu-aquamarine.vma.zst
+#
+# pve-ruby:
+#   nom build .#ruby
+#   rsync -avz --progress --copy-links result root@um560:/var/lib/vz/dump/vzdump-qemu-ruby.vma.zst
+#
+# pve-kana:
+#   nom build .#kana
+#   rsync -avz --progress --copy-links result root@gtr5:/var/lib/vz/dump/vzdump-qemu-kana.vma.zst
+#
+# pve-tsgw:
+#   nom build .#tailscale-gw
+#   rsync -avz --progress --copy-links result root@um560:/var/lib/vz/dump/vzdump-qemu-tailscale-gw.vma.zst
+#
+
+############################################################################
+#
+# Kubernetes related commands
+#
+############################################################################
+
+k3s:
+  colmena apply --on '@k3s-*' --verbose --show-trace
+
+master:
+  colmena apply --on '@k3s-prod-1-master-*' --verbose --show-trace
+
+worker:
+  colmena apply --on '@k3s-prod-1-worker-*' --verbose --show-trace
+
+# pve-k8s:
+#   nom build .#k3s-prod-1-master-1
+#   rsync -avz --progress --copy-links result root@um560:/var/lib/vz/dump/vzdump-qemu-k3s-prod-1-master-1.vma.zst
+#
+#   nom build .#k3s-prod-1-master-2
+#   rsync -avz --progress --copy-links result root@gtr5:/var/lib/vz/dump/vzdump-qemu-k3s-prod-1-master-2.vma.zst
+#
+#   nom build .#k3s-prod-1-master-3
+#   rsync -avz --progress --copy-links result root@s500plus:/var/lib/vz/dump/vzdump-qemu-k3s-prod-1-master-3.vma.zst
+#
+#   nom build .#k3s-prod-1-worker-1
+#   rsync -avz --progress --copy-links result root@gtr5:/var/lib/vz/dump/vzdump-qemu-k3s-prod-1-worker-1.vma.zst
+#
+#   nom build .#k3s-prod-1-worker-2
+#   rsync -avz --progress --copy-links result root@s500plus:/var/lib/vz/dump/vzdump-qemu-k3s-prod-1-worker-2.vma.zst
+#
+#   nom build .#k3s-prod-1-worker-3
+#   rsync -avz --progress --copy-links result root@s500plus:/var/lib/vz/dump/vzdump-qemu-k3s-prod-1-worker-3.vma.zst
+#
+
+############################################################################
+#
+#  RISC-V related commands
+#
+############################################################################
+
+riscv:
+  colmena apply --on '@riscv' --verbose --show-trace
+
+nozomi:
+  colmena apply --on '@nozomi' --verbose --show-trace
+
+yukina:
+  colmena apply --on '@yukina' --verbose --show-trace
+
+############################################################################
+#
+# Aarch64 related commands
+#
+############################################################################
+
+aarch:
+  colmena apply --on '@aarch' --verbose --show-trace
+
+suzu:
+  colmena apply --on '@suzu' --build-on-target --verbose --show-trace
+
+suzu-local mode="default":
+  use utils.nu *; \
+  nixos-switch suzu {{mode}}
+
+rakushun:
+  colmena apply --on '@rakushun' --build-on-target --verbose --show-trace
+
+rakushun-local mode="default":
+  use utils.nu *; \
+  nixos-switch rakushun {{mode}}
+
+############################################################################
+#
+#  Misc, other useful commands
+#
+############################################################################
+
+fmt:
+  # format the nix files in this repo
+  nix fmt
+
+path:
+   $env.PATH | split row ":"
+
+nvim-test:
+  rm -rf $"($env.HOME)/.config/astronvim/lua/user"
+  rsync -avz --copy-links --chmod=D2755,F744 home/base/desktop/editors/neovim/astronvim_user/ $"($env.HOME)/.config/astronvim/lua/user"
+
+nvim-clean:
+  rm -rf $"($env.HOME)/.config/astronvim/lua/user"
+
+# =================================================
+# Emacs related commands
+# =================================================
+
+emacs-plist-path := "~/Library/LaunchAgents/org.nix-community.home.emacs.plist"
+
+reload-emacs-cmd := if os() == "macos" {
+    "launchctl unload " + emacs-plist-path
+    + "\n"
+    + "launchctl load " + emacs-plist-path
+    + "\n"
+    + "tail -f ~/Library/Logs/emacs-daemon.stderr.log"
+  } else {
+    "systemctl --user restart emacs.service"
+    + "\n"
+    + "systemctl --user status emacs.service"
+  }
+
+emacs-test:
+  rm -rf $"($env.HOME)/.config/doom"
+  rsync -avz --copy-links --chmod=D2755,F744 home/base/desktop/editors/emacs/doom/ $"($env.HOME)/.config/doom"
+  doom clean
+  doom sync
+
+emacs-clean:
+  rm -rf $"($env.HOME)/.config/doom/"
+
+emacs-purge:
+  doom purge
+  doom clean
+  doom sync
+
+emacs-reload:
+  doom sync
+  {{reload-emacs-cmd}}
+
+
+# =================================================
+#
+# Kubernetes related commands
+#
+# =================================================
+
+
+del-failed:
+   kubectl delete pod --all-namespaces --field-selector="status.phase==Failed"
@@ -1,147 +0,0 @@
-#
-#  NOTE: Makefile's target name should not be the same as one of the file or directory in the current directory, 
-#    otherwise the target will not be executed!
-#
-
-
-############################################################################
-#
-#  Nix commands related to the local machine
-#
-############################################################################
-
-i3: 
-	nixos-rebuild switch --flake .#ai_i3 --use-remote-sudo
-
-hypr:
-	nixos-rebuild switch --flake .#ai_hyprland --use-remote-sudo
-
-i3-debug:
-	nixos-rebuild switch --flake .#ai_i3 --use-remote-sudo --show-trace --verbose
-
-hypr-debug:
-	nixos-rebuild switch --flake .#ai_hyprland --use-remote-sudo --show-trace --verbose
-
-up:
-	nix flake update
-
-# Update specific input
-# usage: make upp i=wallpapers
-upp:
-	nix flake lock --update-input $(i)
-
-history:
-	nix profile history --profile /nix/var/nix/profiles/system
-
-gc:
-	# remove all generations older than 7 days
-	sudo nix profile wipe-history --profile /nix/var/nix/profiles/system  --older-than 7d
-
-	# garbage collect all unused nix store entries
-	sudo nix store gc --debug
-
-############################################################################
-#
-#  Darwin related commands, harmonica is my macbook pro's hostname
-#
-############################################################################
-
-darwin-set-proxy:
-	echo "skip setting proxy, use global proxy instead"
-	# sudo python3 scripts/darwin_set_proxy.py
-
-ha: darwin-set-proxy
-	nix build .#darwinConfigurations.harmonica.system
-	./result/sw/bin/darwin-rebuild switch --flake .
-	sleep 3
-	sudo chmod 644 /etc/agenix/alias-for-work.*
-
-ha-debug: darwin-set-proxy
-	nix build .#darwinConfigurations.harmonica.system --show-trace --verbose
-	./result/sw/bin/darwin-rebuild switch --flake .#harmonica --show-trace --verbose
-	sleep 3
-	sudo chmod 644 /etc/agenix/alias-for-work.*
-
-############################################################################
-#
-#  Idols, Commands related to my remote distributed building cluster
-#
-############################################################################
-
-add-idols-ssh-key:
-	ssh-add ~/.ssh/ai-idols
-
-idols: add-idols-ssh-key
-	colmena apply --on '@dist-build'
-
-aqua:
-	colmena apply --on '@aqua'
-
-ruby:
-	colmena apply --on '@ruby'
-
-kana:
-	colmena apply --on '@kana'
-
-idols-debug: add-idols-ssh-key
-	colmena apply --on '@dist-build' --verbose --show-trace
-
-# only used once to setup the virtual machines
-idols-image:
-	# take image for idols, and upload the image to proxmox nodes.
-	nom build .#aquamarine
-	scp result root@gtr5:/var/lib/vz/dump/vzdump-qemu-aquamarine.vma.zst
-
-	nom build .#ruby
-	scp result root@s500plus:/var/lib/vz/dump/vzdump-qemu-ruby.vma.zst
-
-	nom build .#kana
-	scp result root@um560:/var/lib/vz/dump/vzdump-qemu-kana.vma.zst
-
-
-############################################################################
-#
-#	RISC-V related commands
-#		
-############################################################################
-
-roll: add-idols-ssh-key
-	colmena apply --on '@riscv' 
-
-roll-debug: add-idols-ssh-key
-	colmena apply --on '@dist-build' --verbose --show-trace
-
-nozomi:
-	colmena apply --on '@nozomi'
-
-yukina:
-	colmena apply --on '@yukina'
-
-############################################################################
-#
-# Aarch64 related commands
-#
-############################################################################
-
-aarch:
-	colmena apply --on '@aarch'
-
-suzu:
-	colmena apply --on '@suzu'
-
-suzu-debug:
-	colmena apply --on '@suzu' --verbose --show-trace
-
-############################################################################
-#
-#  Misc, other useful commands
-#
-############################################################################
-
-fmt:
-	# format the nix files in this repo
-	nix fmt
-
-.PHONY: clean  
-clean:  
-	rm -rf result
@@ -8,29 +8,40 @@
 	<a href="https://github.com/ryan4yin/nix-config/stargazers">
 		<img alt="Stargazers" src="https://img.shields.io/github/stars/ryan4yin/nix-config?style=for-the-badge&logo=starship&color=C9CBFF&logoColor=D9E0EE&labelColor=302D41"></a>
    <a href="https://nixos.org/">
-        <img src="https://img.shields.io/badge/NixOS-23.05-informational.svg?style=for-the-badge&logo=nixos&color=F2CDCD&logoColor=D9E0EE&labelColor=302D41"></a>
+        <img src="https://img.shields.io/badge/NixOS-23.11-informational.svg?style=for-the-badge&logo=nixos&color=F2CDCD&logoColor=D9E0EE&labelColor=302D41"></a>
    <a href="https://github.com/ryan4yin/nixos-and-flakes-book">
        <img src="https://img.shields.io/static/v1?label=Nix Flakes&message=learning&style=for-the-badge&logo=nixos&color=DDB6F2&logoColor=D9E0EE&labelColor=302D41"></a>
  </a>
 </p>

-This repository is home to the nix code that builds my systems.
+> My configuration is becoming more and more complex, and it may be difficult for beginners to read it.
+> If you are new to NixOS and want to know how I use NixOS, I would recommend you to take a look at the [ryan4yin/nix-config/releases](https://github.com/ryan4yin/nix-config/releases) first, **checkout to some simpler older versions**, which will be much easier to understand.

-## Why Nix?
+This repository is home to the nix code that builds my systems:

-Nix allows for easy-to-manage, collaborative, reproducible deployments. This means that once something is setup and configured once, it works forever. If someone else shares their configuration, anyone can make use of it.
+1. NixOS Desktops: NixOS with home-manager, i3, hyprland, agenix, etc.
+2. macOS Desktops: nix-darwin with home-manager, share the same home-manager configuration with NixOS Desktops.
+3. NixOS Servers: virtual machines running on Proxmox, with various services, such as kubernetes, homepage, prometheus, grafana, etc.

-**Want to know Nix in detail? Looking for a beginner-friendly tutorial or best practices? Check out [NixOS & Nix Flakes Book - 🛠️ ❤️ An unofficial & opinionated :book: for beginners](https://github.com/ryan4yin/nixos-and-flakes-book)!**
+See [./hosts](./hosts) for details of each host.

-> If you're using macOS, you can also check out [ryan4yin/nix-darwin-kickstarter](https://github.com/ryan4yin/nix-darwin-kickstarter) for a quick start.
+## Why NixOS & Flakes?
+
+Nix allows for easy-to-manage, collaborative, reproducible deployments. This means that once something is setup and configured once, it works (almost) forever. If someone else shares their configuration, anyone else can just use it (if you really understand what you're copying/refering now).
+
+As for Flakes, refer to [Introduction to Flakes - NixOS & Nix Flakes Book](https://nixos-and-flakes.thiscute.world/nixos-with-flakes/introduction-to-flakes)
+
+**Want to know NixOS & Flaks in detail? Looking for a beginner-friendly tutorial or best practices? You don't have to go through the pain I've experienced again! Check out my [NixOS & Nix Flakes Book - 🛠️ ❤️ An unofficial & opinionated :book: for beginners](https://github.com/ryan4yin/nixos-and-flakes-book)!**
+
+> If you're using macOS, check out [ryan4yin/nix-darwin-kickstarter](https://github.com/ryan4yin/nix-darwin-kickstarter) for a quick start.

 ## Components

 |                             | NixOS(Wayland)                                                                                                    | NixOS(Xorg)                                                                                                       |
 | --------------------------- | :---------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------- |
 | **Window Manager**          | [Hyprland][Hyprland]                                                                                              | [i3][i3]                                                                                                          |
-| **Terminal Emulator**       | [Kitty][Kitty]                                                                                                    | [Kitty][Kitty]                                                                                                    |
-| **Bar**                     | [Waybar][Waybar]                                                                                                  | [i3block][i3block]                                                                                                |
+| **Terminal Emulator**       | [Zellij][Zellij] + [Kitty][Kitty]                                                                                 | [Zellij][Zellij] + [Kitty][Kitty]                                                                                 |
+| **Bar**                     | [Waybar][Waybar]                                                                                                  | [polybar][polybar]                                                                                                |
 | **Application Launcher**    | [anyrun][anyrun]                                                                                                  | [rofi][rofi]                                                                                                      |
 | **Notification Daemon**     | [Mako][Mako]                                                                                                      | [Dunst][Dunst]                                                                                                    |
 | **Display Manager**         | [GDM][GDM]                                                                                                        | [GDM][GDM]                                                                                                        |
@@ -38,26 +49,28 @@ Nix allows for easy-to-manage, collaborative, reproducible deployments. This mea
 | **network management tool** | [NetworkManager][NetworkManager]                                                                                  | [NetworkManager][NetworkManager]                                                                                  |
 | **Input method framework**  | [Fcitx5][Fcitx5]                                                                                                  | [Fcitx5][Fcitx5]                                                                                                  |
 | **System resource monitor** | [Btop][Btop]                                                                                                      | [Btop][Btop]                                                                                                      |
-| **File Manager**            | [ranger][ranger] + [thunar][thunar]                                                                               | [ranger][ranger] + [thunar][thunar]                                                                               |
+| **File Manager**            | [Yazi][Yazi] + [thunar][thunar]                                                                                   | [Yazi][Yazi] + [thunar][thunar]                                                                                   |
 | **Shell**                   | [Nushell][Nushell] + [Starship][Starship]                                                                         | [Nushell][Nushell] + [Starship][Starship]                                                                         |
 | **Music Player**            | [mpd][mpd], [ncmpcpp][ncmpcpp], [mpc][mpc], [Netease-cloud-music-gtk][netease-cloud-music-gtk]                    | [Netease-cloud-music-gtk][netease-cloud-music-gtk]                                                                |
 | **Media Player**            | [mpv][mpv]                                                                                                        | [mpv][mpv]                                                                                                        |
-| **Text Editor**             | [Neovim][Neovim]                                                                                                  | [Neovim][Neovim]                                                                                                  |
+| **Text Editor**             | [Neovim][Neovim] + [DoomEmacs][DoomEmacs]                                                                         | [Neovim][Neovim] + [DoomEmacs][DoomEmacs]                                                                         |
 | **Fonts**                   | [Nerd fonts][Nerd fonts]                                                                                          | [Nerd fonts][Nerd fonts]                                                                                          |
 | **Image Viewer**            | [imv][imv]                                                                                                        | [imv][imv]                                                                                                        |
-| **Screenshot Software**     | [grim][grim]                                                                                                      | [flameshot](https://github.com/flameshot-org/flameshot)                                                           |
+| **Screenshot Software**     | [flameshot][flameshot] + [grim][grim]                                                                             | [flameshot][flameshot]                                                                                            |
 | **Screen Recording**        | [OBS][OBS]                                                                                                        | [OBS][OBS]                                                                                                        |
 | **Filesystem & Encryption** | tmpfs on `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] crypted partition for persistent, unlock via passphrase | tmpfs on `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] crypted partition for persistent, unlock via passphrase |
 | **Secure Boot**             | [lanzaboote][lanzaboote]                                                                                          | [lanzaboote][lanzaboote]                                                                                          |

 Wallpapers: https://github.com/ryan4yin/wallpapers

-## Hyprland + AstroNvim
+## Hyprland + AstroNvim + DoomEmacs

 ![](./_img/hyprland_2023-07-29_1.webp)

 ![](./_img/hyprland_2023-07-29_2.webp)

+![](./_img/emacs-2024-01-07.webp)
+
 ## I3 + AstroNvim

 ![](./_img/i3_2023-07-29_1.webp)
@@ -65,11 +78,11 @@ Wallpapers: https://github.com/ryan4yin/wallpapers

 ## Neovim

-See [./home/base/desktop/neovim](./home/base/desktop/neovim) for details.
+See [./home/base/desktop/editors/neovim/](./home/base/desktop/editors/neovim/) for details.

-## Hosts
+## Emacs

-See [./hosts](./hosts) for details.
+See [./home/base/desktop/editors/emacs/](./home/base/desktop/editors/emacs/) for details.

 ## Secrets Management

@@ -77,37 +90,53 @@ See [./secrets](./secrets) for details.

 ## How to Deploy this Flake?

-> :red_circle: **IMPORTANT**: **You should NOT deploy this flake directly on your machine:exclamation: It will not succeed.** this flake contains my hardware configuration(such as [hardware-configuration.nix](hosts/idols/ai/hardware-configuration.nix), [cifs-mount.nix](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols/ai/cifs-mount.nix), [Nvidia Support](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols/ai/default.nix#L77-L91), etc.) which is not suitable for your hardware, and my private secrets repository [ryan4yin/nix-secrets](https://github.com/ryan4yin/nix-config/tree/main/secrets) that only I have access to. You may use this repo as a reference to build your own configuration.
-
-For MacOS:
-
-```bash
-# deploy the darwin configuration(harmonicia)
-make ha
-
-# deploy with details
-make ha-debug
-```
+> :red_circle: **IMPORTANT**: **You should NOT deploy this flake directly on your machine :exclamation: It will not succeed.** 
+> This flake contains my hardware configuration(such as [hardware-configuration.nix](hosts/idols-ai/hardware-configuration.nix), [cifs-mount.nix](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols_ai/cifs-mount.nix), [Nvidia Support](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols-ai/default.nix#L77-L91), etc.) which is not suitable for your hardwares,
+> and requires my private secrets repository [ryan4yin/nix-secrets](https://github.com/ryan4yin/nix-config/tree/main/secrets) to deploy.
+> You may use this repo as a reference to build your own configuration.

 For NixOS:

+> To deploy this flake from NixOS's official ISO image(purest installation method), please refer to [./nixos-installer/](./nixos-installer/)
+
 > Need to restart the machine when switching between `wayland` and `xorg`.

 ```bash
 # deploy one of the configuration based on the hostname
 sudo nixos-rebuild switch --flake .#ai_i3
-# sudo nixos-rebuild switch --flake .#ai_hyprland
+# sudo nixos-rebuild switch --flake .#ai-hyprland

-# we can also deploy using `make`, which is defined in Makefile
-make i3    # deploy my pc with i3 window manager
-# make hypr  # deploy my pc with hyprland compositor
+# deploy via `just`(a command runner with similar syntax to make) & Justfile
+just i3    # deploy my pc with i3 window manager
+# just hypr  # deploy my pc with hyprland compositor

 # or we can deploy with details
-make i3-debug
-# make hypr-debug
+just i3 debug
+# just hypr-debug
 ```

-To deploy this flake from NixOS's official ISO image(purest installation method), please refer to [ryan4yin/nix-config/nixos-install](https://github.com/ryan4yin/nix-config/tree/nixos-install)
+For macOS:
+
+```bash
+# If you are deploying for the first time,
+# 1. install nix & homebrew manually.
+# 2. prepare the deployment environment with essential packages available
+nix-shell -p just nushell
+# 3. comment home-manager's code in lib/macosSystem.nix to speed up the first deplyment.
+# 4. comment out the proxy settings in scripts/darwin_set_proxy.py if the proxy is not ready yet.
+
+# 4. deploy harmonica's configuration(macOS Intel)
+just ha
+
+# deploy fern's configuration(Apple Silicon)
+just fe
+
+# deploy with details
+just ha debug
+# just fe debug
+```
+
+> [What y'all will need when Nix drives you to drink.](https://www.youtube.com/watch?v=Eni9PPPPBpg) (copy from hlissner's dotfiles, it really matches my feelings when I first started using NixOS...)

 ## How to create & managage VM from this flake?

@@ -119,7 +148,7 @@ nom build .#aquamarine  # `nom`(nix-output-monitor) can be replaced by the stand

 # 2. upload the genereated image to proxmox server's backup directory `/var/lib/vz/dump`
 #    please replace the vma file name with the one you generated in step 1.
-scp result/vzdump-qemu-aquamarine-nixos-23.11.20230603.dd49825.vma.zst root@192.168.5.174:/var/lib/vz/dump
+rsync -avz --progress --copy-links result root@um560:/var/lib/vz/dump/vzdump-qemu-aquamarine.vma.zst

 # 3. the image we uploaded will be listed in proxmox web ui's this page: [storage 'local'] -> [backups], we can restore a vm from it via the web ui now.
 ```
@@ -128,7 +157,7 @@ Once the virtual machine `aquamarine` is created, we can deploy updates to it wi

 ```shell
 # 1. add the ssh key to ssh-agent
-ssh-add ~/.ssh/ai-idols
+ssh-add /etc/agenix/ssh-key-romantic

 # 2. deploy the configuration to all the remote host with tag `@dist-build`
 # using the ssh key we added in step 1
@@ -151,6 +180,10 @@ Other dotfiles that inspired me:
  - [gvolpe/nix-config](https://github.com/gvolpe/nix-config)
  - [Ruixi-rebirth/flakes](https://github.com/Ruixi-rebirth/flakes)
  - [fufexan/dotfiles](https://github.com/fufexan/dotfiles): gtk theme, xdg, git, media, anyrun, etc.
+  - [nix-community/srvos](https://github.com/nix-community/srvos): a collection of opinionated and sharable NixOS configurations for servers
+- Modularized NixOS Configuration
+  - [hlissner/dotfiles](https://github.com/hlissner/dotfiles)
+  - [viperML/dotfiles](https://github.com/viperML/dotfiles)
 - Hyprland(wayland)
  - [notwidow/hyprland](https://github.com/notwidow/hyprland): This is where I start my hyprland journey.
  - [HeinzDev/Hyprland-dotfiles](https://github.com/HeinzDev/Hyprland-dotfiles): Refer to the waybar configuration here.
@@ -169,17 +202,20 @@ Other dotfiles that inspired me:
 [Nushell]: https://github.com/nushell/nushell
 [Starship]: https://github.com/starship/starship
 [Waybar]: https://github.com/Alexays/Waybar
-[i3block]: https://github.com/vivien/i3blocks
+[polybar]: https://github.com/polybar/polybar
 [rofi]: https://github.com/davatorium/rofi
 [anyrun]: https://github.com/Kirottu/anyrun
 [Dunst]: https://github.com/dunst-project/dunst
 [Fcitx5]: https://github.com/fcitx/fcitx5
 [Btop]: https://github.com/aristocratos/btop
 [mpv]: https://github.com/mpv-player/mpv
+[Zellij]: https://github.com/zellij-org/zellij
 [Neovim]: https://github.com/neovim/neovim
 [AstroNvim]: https://github.com/AstroNvim/AstroNvim
+[DoomEmacs]: https://github.com/doomemacs/doomemacs
 [flameshot]: https://github.com/flameshot-org/flameshot
 [grim]: https://github.com/emersion/grim
+[flameshot]: https://github.com/flameshot-org/flameshot
 [imv]: https://sr.ht/~exec64/imv/
 [OBS]: https://obsproject.com
 [Mako]: https://github.com/emersion/mako
@@ -193,7 +229,7 @@ Other dotfiles that inspired me:
 [wl-clipboard]: https://github.com/bugaevc/wl-clipboard
 [GDM]: https://wiki.archlinux.org/title/GDM
 [thunar]: https://gitlab.xfce.org/xfce/thunar
-[ranger]: https://github.com/ranger/ranger
+[Yazi]: https://github.com/sxyazi/yazi
 [Catppuccin]: https://github.com/catppuccin/catppuccin
 [Btrfs]: https://btrfs.readthedocs.io
 [LUKS]: https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system
@@ -1,5 +1,5 @@
 {
-  description = "NixOS & macOS configuration of Ryan Yin";
+  description = "Ryan Yin's nix configuration for both NixOS & macOS";

  ##################################################################################################################
  #
@@ -8,266 +8,25 @@
  #
  ##################################################################################################################

-  # The `outputs` function will return all the build results of the flake.
-  # A flake can have many use cases and different types of outputs,
-  # parameters in `outputs` are defined in `inputs` and can be referenced by their names.
-  # However, `self` is an exception, this special parameter points to the `outputs` itself (self-reference)
-  # The `@` syntax here is used to alias the attribute set of the inputs's parameter, making it convenient to use inside the function.
-  outputs = inputs @ {
-    self,
-    nixpkgs,
-    nixpkgs-unstable,
-    nix-darwin,
-    home-manager,
-    nixos-generators,
-    nixos-licheepi4a,
-    nixos-rk3588,
-    ...
-  }: let
-    username = "ryan";
-    userfullname = "Ryan Yin";
-    useremail = "xiaoyin_c@qq.com";
+  outputs = inputs: import ./outputs inputs;

-    x64_system = "x86_64-linux";
-    x64_darwin = "x86_64-darwin";
-    riscv64_system = "riscv64-linux";
-    aarch64_system = "aarch64-linux";
-    allSystems = [x64_system x64_darwin riscv64_system aarch64_system];
-
-    nixosSystem = import ./lib/nixosSystem.nix;
-    macosSystem = import ./lib/macosSystem.nix;
-    colmenaSystem = import ./lib/colmenaSystem.nix;
-
-    # 星野 アイ, Hoshino Ai
-    idol_ai_modules_i3 = {
-      nixos-modules = [
-        ./hosts/idols/ai
-        ./modules/nixos/i3.nix
-      ];
-      home-module = import ./home/linux/desktop-i3.nix;
-    };
-    idol_ai_modules_hyprland = {
-      nixos-modules = [
-        ./hosts/idols/ai
-        ./modules/nixos/hyprland.nix
-      ];
-      home-module = import ./home/linux/desktop-hyprland.nix;
-    };
-
-    # 星野 愛久愛海, Hoshino Akuamarin
-    idol_aquamarine_modules = {
-      nixos-modules = [
-        ./hosts/idols/aquamarine
-      ];
-      home-module = import ./home/linux/server.nix;
-    };
-    idol_aquamarine_tags = ["dist-build" "aqua"];
-
-    # 星野 瑠美衣, Hoshino Rubii
-    idol_ruby_modules = {
-      nixos-modules = [
-        ./hosts/idols/ruby
-      ];
-      home-module = import ./home/linux/server.nix;
-    };
-    idol_ruby_tags = ["dist-build" "ruby"];
-
-    # 有馬 かな, Arima Kana
-    idol_kana_modules = {
-      nixos-modules = [
-        ./hosts/idols/kana
-      ];
-      home-module = import ./home/linux/server.nix;
-    };
-    idol_kana_tags = ["dist-build" "kana"];
-
-    # 森友 望未, Moritomo Nozomi
-    rolling_nozomi_modules = {
-      nixos-modules = [
-        ./hosts/rolling_girls/nozomi
-      ];
-      # home-module = import ./home/linux/server-riscv64.nix;
-    };
-    rolling_nozomi_tags = ["riscv" "nozomi"];
-
-    # 小坂 結季奈, Kosaka Yukina
-    rolling_yukina_modules = {
-      nixos-modules = [
-        ./hosts/rolling_girls/yukina
-      ];
-      # home-module = import ./home/linux/server-riscv64.nix;
-    };
-    rolling_yukina_tags = ["riscv" "yukina"];
-
-    # 大木 鈴, Ōki Suzu
-    _12kingdoms_suzu_modules = {
-      nixos-modules = [
-        ./hosts/12kingdoms/suzu
-      ];
-      # home-module = import ./home/linux/server.nix;
-    };
-    _12kingdoms_suzu_tags = ["aarch" "suzu"];
-
-    x64_specialArgs =
-      {
-        inherit username userfullname useremail;
-        # use unstable branch for some packages to get the latest updates
-        pkgs-unstable = import nixpkgs-unstable {
-          system = x64_system; # refer the `system` parameter form outer scope recursively
-          # To use chrome, we need to allow the installation of non-free software
-          config.allowUnfree = true;
-        };
-      }
-      // inputs;
-  in {
-    nixosConfigurations = let
-      base_args = {
-        inherit home-manager nixos-generators;
-        nixpkgs = nixpkgs; # or nixpkgs-unstable
-        system = x64_system;
-        specialArgs = x64_specialArgs;
-      };
-    in {
-      # ai with i3 window manager
-      ai_i3 = nixosSystem (idol_ai_modules_i3 // base_args);
-      # ai with hyprland compositor
-      ai_hyprland = nixosSystem (idol_ai_modules_hyprland // base_args);
-
-      # three virtual machines without desktop environment.
-      aquamarine = nixosSystem (idol_aquamarine_modules // base_args);
-      ruby = nixosSystem (idol_ruby_modules // base_args);
-      kana = nixosSystem (idol_kana_modules // base_args);
-    };
-
-    # colmena - remote deployment via SSH
-    colmena = let
-      # x86_64 related
-      x64_base_args = {
-        inherit home-manager;
-        nixpkgs = nixpkgs; # or nixpkgs-unstable
-        specialArgs = x64_specialArgs;
-      };
-
-      # riscv64 related
-      # using the same nixpkgs as nixos-licheepi4a to utilize the cross-compilation cache.
-      lpi4a_pkgs = import nixos-licheepi4a.inputs.nixpkgs {system = x64_system;};
-      lpi4a_specialArgs =
-        {
-          inherit username userfullname useremail;
-          pkgsKernel = nixos-licheepi4a.packages.${x64_system}.pkgsKernelCross;
-        }
-        // inputs;
-      lpi4a_base_args = {
-        inherit home-manager;
-        nixpkgs = nixos-licheepi4a.inputs.nixpkgs; # or nixpkgs-unstable
-        specialArgs = lpi4a_specialArgs;
-        targetUser = "root";
-      };
-
-      # aarch64 related
-      # using the same nixpkgs as nixos-rk3588 to utilize the cross-compilation cache.
-      rk3588_pkgs = import nixos-rk3588.inputs.nixpkgs {system = x64_system;};
-      rk3588_specialArgs =
-        {
-          inherit username userfullname useremail;
-        }
-        // nixos-rk3588.inputs;
-      rk3588_base_args = {
-        inherit home-manager;
-        nixpkgs = nixos-rk3588.inputs.nixpkgs; # or nixpkgs-unstable
-        specialArgs = rk3588_specialArgs;
-        targetUser = "root";
-      };
-    in {
-      meta = {
-        nixpkgs = import nixpkgs {system = x64_system;};
-        specialArgs = x64_specialArgs;
-
-        nodeSpecialArgs = {
-          # riscv64 SBCs
-          nozomi = lpi4a_specialArgs;
-          yukina = lpi4a_specialArgs;
-
-          # aarch64 SBCs
-          suzu = rk3588_specialArgs;
-        };
-        nodeNixpkgs = {
-          nozomi = lpi4a_pkgs;
-          yukina = lpi4a_pkgs;
-
-          # aarch64 SBCs
-          suzu = rk3588_pkgs;
-        };
-      };
-
-      # proxmox virtual machines(x86_64)
-      aquamarine = colmenaSystem (idol_aquamarine_modules // x64_base_args // {host_tags = idol_aquamarine_tags;});
-      ruby = colmenaSystem (idol_ruby_modules // x64_base_args // {host_tags = idol_ruby_tags;});
-      kana = colmenaSystem (idol_kana_modules // x64_base_args // {host_tags = idol_kana_tags;});
-
-      # riscv64 SBCs
-      nozomi = colmenaSystem (rolling_nozomi_modules // lpi4a_base_args // {host_tags = rolling_nozomi_tags;});
-      yukina = colmenaSystem (rolling_yukina_modules // lpi4a_base_args // {host_tags = rolling_yukina_tags;});
-
-      # aarch64 SBCs
-      suzu = colmenaSystem (_12kingdoms_suzu_modules // rk3588_base_args // {host_tags = _12kingdoms_suzu_tags;});
-    };
-
-    # take system images for idols
-    # https://github.com/nix-community/nixos-generators
-    packages."${x64_system}" =
-      # genAttrs returns an attribute set with the given keys and values(host => image).
-      nixpkgs.lib.genAttrs [
-        "ai_i3"
-        "ai_hyprland"
-      ] (
-        # generate iso image for hosts with desktop environment
-        host:
-          self.nixosConfigurations.${host}.config.formats.iso
-      )
-      // nixpkgs.lib.genAttrs [
-        "aquamarine"
-        "ruby"
-        "kana"
-      ] (
-        # generate proxmox image for virtual machines without desktop environment
-        host:
-          self.nixosConfigurations.${host}.config.formats.proxmox
-      );
-
-    # macOS's configuration, for work.
-    darwinConfigurations = let
-      system = x64_darwin;
-      specialArgs =
-        {
-          inherit username userfullname useremail;
-          # use unstable branch for some packages to get the latest updates
-          pkgs-unstable = import nixpkgs-unstable {
-            inherit system; # refer the `system` parameter form outer scope recursively
-            # To use chrome, we need to allow the installation of non-free software
-            config.allowUnfree = true;
-          };
-        }
-        // inputs;
-      base_args = {
-        inherit nix-darwin home-manager system specialArgs nixpkgs;
-      };
-    in {
-      harmonica = macosSystem (base_args
-        // {
-          darwin-modules = [
-            ./hosts/harmonica
-          ];
-          home-module = import ./home/darwin;
-        });
-    };
-
-    # format the nix code in this flake
-    # alejandra is a nix formatter with a beautiful output
-    formatter = nixpkgs.lib.genAttrs allSystems (
-      system:
-        nixpkgs.legacyPackages.${system}.alejandra
-    );
+  # the nixConfig here only affects the flake itself, not the system configuration!
+  # for more information, see:
+  #     https://nixos-and-flakes.thiscute.world/nixos-with-flakes/add-custom-cache-servers
+  nixConfig = {
+    # substituers will be appended to the default substituters when fetching packages
+    extra-substituters = [
+      "https://anyrun.cachix.org"
+      "https://hyprland.cachix.org"
+      "https://nix-gaming.cachix.org"
+      # "https://nixpkgs-wayland.cachix.org"
+    ];
+    extra-trusted-public-keys = [
+      "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+      "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
+      # "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
+    ];
  };

  # This is the standard format for flake.nix. `inputs` are the dependencies of the flake,
@@ -276,10 +35,10 @@
    # There are many ways to reference flake inputs. The most widely used is github:owner/name/reference,
    # which represents the GitHub repository URL + branch/commit-id/tag.

-    # Official NixOS package source, using nixos's stable branch by default
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
-    # nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    # Official NixOS package source, using nixos's unstable branch by default
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.11";

    # for macos
    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-23.11-darwin";
@@ -287,11 +46,12 @@
      url = "github:lnl7/nix-darwin";
      inputs.nixpkgs.follows = "nixpkgs-darwin";
    };
+    nixos-hardware.url = "github:NixOS/nixos-hardware/master";

    # home-manager, used for managing user configuration
    home-manager = {
-      url = "github:nix-community/home-manager/release-23.11";
-      # url = "github:nix-community/home-manager/master";
+      # url = "github:nix-community/home-manager/release-23.11";
+      url = "github:nix-community/home-manager/master";

      # The `follows` keyword in inputs is used for inheritance.
      # Here, `inputs.nixpkgs` of home-manager is kept consistent with the `inputs.nixpkgs` of the current flake,
@@ -306,10 +66,13 @@

    impermanence.url = "github:nix-community/impermanence";

-    # modern window compositor
-    hyprland.url = "github:hyprwm/Hyprland/v0.32.3";
+    hyprland = {
+      url = "github:hyprwm/Hyprland/v0.33.1";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    # community wayland nixpkgs
-    nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
+    # nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
    # anyrun - a wayland launcher
    anyrun = {
      url = "github:Kirottu/anyrun";
@@ -321,21 +84,55 @@
      url = "github:nix-community/nixos-generators";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    # secrets management
+    agenix = {
+      # lock with git commit at 0.15.0
+      url = "github:ryantm/agenix/564595d0ad4be7277e07fa63b5a991b3c645655d";
+      # replaced with a type-safe reimplementation to get a better error message and less bugs.
+      # url = "github:ryan4yin/ragenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };

-    # secrets management, lock with git commit at 2023/7/15
-    agenix.url = "github:ryantm/agenix/0d8c5325fc81daf00532e3e26c6752f7bcde1143";
+    nix-gaming.url = "github:fufexan/nix-gaming";
+
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    # add git hooks to format nix code before commit
+    pre-commit-hooks = {
+      url = "github:cachix/pre-commit-hooks.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    nuenv.url = "github:DeterminateSystems/nuenv";
+
+    # daeuniverse.url = "github:daeuniverse/flake.nix/unstable";
+    daeuniverse.url = "github:daeuniverse/flake.nix/exp";
+
+    attic.url = "github:zhaofengli/attic";
+
+    haumea = {
+      url = "github:nix-community/haumea/v0.2.2";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };

    ########################  Some non-flake repositories  #########################################

    # AstroNvim is an aesthetic and feature-rich neovim config.
    astronvim = {
-      url = "github:AstroNvim/AstroNvim/v3.39.0";
+      url = "github:AstroNvim/AstroNvim/v3.41.2";
+      flake = false;
+    };
+    # doom-emacs is a configuration framework for GNU Emacs.
+    doomemacs = {
+      url = "github:doomemacs/doomemacs";
      flake = false;
    };

-    # useful nushell scripts, such as auto_completion
-    nushell-scripts = {
-      url = "github:nushell/nu_scripts/main";
+    polybar-themes = {
+      url = "github:adi1090x/polybar-themes";
      flake = false;
    };

@@ -365,65 +162,5 @@

    # aarch64 SBCs
    nixos-rk3588.url = "github:ryan4yin/nixos-rk3588";
-
-    ########################  Color Schemes  #########################################
-
-    # color scheme - catppuccin
-    catppuccin-btop = {
-      url = "github:catppuccin/btop";
-      flake = false;
-    };
-    catppuccin-fcitx5 = {
-      url = "github:catppuccin/fcitx5";
-      flake = false;
-    };
-    catppuccin-bat = {
-      url = "github:catppuccin/bat";
-      flake = false;
-    };
-    catppuccin-alacritty = {
-      url = "github:catppuccin/alacritty";
-      flake = false;
-    };
-    catppuccin-helix = {
-      url = "github:catppuccin/helix";
-      flake = false;
-    };
-    catppuccin-starship = {
-      url = "github:catppuccin/starship";
-      flake = false;
-    };
-    catppuccin-hyprland = {
-      url = "github:catppuccin/hyprland";
-      flake = false;
-    };
-    catppuccin-cava = {
-      url = "github:catppuccin/cava";
-      flake = false;
-    };
-    cattppuccin-k9s = {
-      url = "github:catppuccin/k9s";
-      flake = false;
-    };
-  };
-
-  # the nixConfig here only affects the flake itself, not the system configuration!
-  nixConfig = {
-    # substituers will be appended to the default substituters when fetching packages
-    extra-substituters = [
-      # my own cache server
-      "https://ryan4yin.cachix.org"
-      "https://anyrun.cachix.org"
-      "https://hyprland.cachix.org"
-      "https://nix-community.cachix.org"
-      "https://nixpkgs-wayland.cachix.org"
-    ];
-    extra-trusted-public-keys = [
-      "ryan4yin.cachix.org-1:Gbk27ZU5AYpGS9i3ssoLlwdvMIh0NxG0w8it/cv9kbU="
-      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-      "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
-      "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
-      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
-    ];
  };
 }
@@ -1,42 +0,0 @@
-{
-  lib,
-  stdenvNoCC,
-  fetchgit,
-}:
-stdenvNoCC.mkDerivation rec {
-  pname = "icomoon-feather-font";
-  version = "2023-05-06";
-
-  # 参考 https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=ttf-icomoon-feather
-  src = fetchgit {
-    url = "https://github.com/adi1090x/polybar-themes.git";
-    rev = "47b66337a92a1afd2240ed7094ffcb039cc686cf"; # git commit id
-    sparseCheckout = ["fonts/feather.ttf"]; # only fetch the feather.ttf file
-
-    # the sha256 is used to verify the integrity of the downloaded source, and alse cache the build result.
-    # so if you copy other package src's sha256, you will get a cached build result of that package, and all configs in this file will be ignored.
-    # specify sha256 to empty and build it, then an error will indicate the correct sha256
-    sha256 = "sha256-R+UpUFkXDrxKcX7ljLara+1B1rOMdKGZiLQq1/ojgP4=";
-  };
-
-  installPhase = ''
-    runHook preInstall
-
-    install -Dm644 fonts/feather.ttf -t $out/share/fonts/truetype/
-
-    runHook postInstall
-  '';
-
-  meta = with lib; {
-    homepage = "https://github.com/feathericons/feather";
-    description = "Icomoon feather font";
-    version = version;
-    longDescription = ''
-      Feather is a collection of simply beautiful open source icons.
-      Each icon is designed on a 24x24 grid with an emphasis on simplicity, consistency, and flexibility.
-    '';
-    license = licenses.mit;
-    maintainers = [maintainers.ryan4yin];
-    platforms = platforms.all;
-  };
-}
@@ -1,6 +1,6 @@
 # Home Manager's Base Submodules

-2. `server`: Configuration which is suitable for both servers and desktops.
+1. `server`: Configuration which is suitable for both servers and desktops.
 1. `desktop`: Configuration for desktop environments, such as Hyprland, I3, etc.
-    1. it import `server` as its submodule.
+1. `core.nix`: Minimal home-manager's config

@@ -1,12 +1,8 @@
-{ username, ... }: {
-  imports = [
-  ];
-
+{myvars, ...}: {
  # Home Manager needs a bit of information about you and the
  # paths it should manage.
  home = {
-    username = username;
-    homeDirectory = "/home/${username}";
+    inherit (myvars) username;

    # This value determines the Home Manager release that your
    # configuration is compatible with. This helps avoid breakage
@@ -16,7 +12,7 @@
    # You can update Home Manager without changing this value. See
    # the Home Manager release notes for a list of state version
    # changes in each release.
-    stateVersion = "23.05";
+    stateVersion = "23.11";
  };

  # Let Home Manager install and manage itself.
@@ -1,24 +1,37 @@
 {
+  lib,
  pkgs,
  ...
 }: {
-  home.packages = with pkgs; [
-    # general tools
-    pulumi
-    pulumictl
-    # istioctl
+  home.packages = with pkgs;
+    [
+      # infrastructure as code
+      # pulumi
+      # pulumictl
+      # tf2pulumi
+      # crd2pulumi
+      # pulumiPackages.pulumi-random
+      # pulumiPackages.pulumi-command
+      # pulumiPackages.pulumi-aws-native
+      # pulumiPackages.pulumi-language-go
+      # pulumiPackages.pulumi-language-python
+      # pulumiPackages.pulumi-language-nodejs

-    # aws
-    awscli2
-    aws-iam-authenticator
-    eksctl
-    istioctl
+      # aws
+      awscli2
+      ssm-session-manager-plugin # Amazon SSM Session Manager Plugin
+      aws-iam-authenticator
+      eksctl

-    # aliyun
-    aliyun-cli
-   ] ++ (if pkgs.stdenv.isLinux then [
-     # cloud tools that nix do not have cache for.
-     terraform
-     terraformer # generate terraform configs from existing cloud resources
-   ] else []);
+      # aliyun
+      aliyun-cli
+    ]
+    ++ (
+      lib.optionals pkgs.stdenv.isLinux [
+        # cloud tools that nix do not have cache for.
+        terraform
+        terraformer # generate terraform configs from existing cloud resources
+        packer # machine image builder
+      ]
+    );
 }
@@ -1,14 +0,0 @@
-{
-  pkgs,
-  pkgs-unstable,
-  ...
-}: {
-  home.packages = with pkgs; [
-    skopeo
-    docker-compose
-    dive # explore docker layers
-   ];
-
-  programs = {
-  };
-}
@@ -1,6 +0,0 @@
-{ ... }: {
-  imports = [
-    ./container.nix
-    ./kubernetes.nix
-  ];
-}
@@ -1,31 +0,0 @@
-{
-  pkgs,
-  pkgs-unstable,
-  cattppuccin-k9s,
-  ...
-}: {
-  home.packages = with pkgs; [
-    kubectl
-    kubernetes-helm
-  ];
-
-  programs = {
-    k9s = {
-      enable = true;
-      skin =
-        let
-          skin_file = "${cattppuccin-k9s}/dist/mocha.yml";  # theme - cattppuccin mocha
-          skin_attr = builtins.fromJSON (builtins.readFile
-            # replace 'base: &base "#1e1e2e"' with 'base: &base "default"'
-            # to make fg/bg color transparent. "default" means transparent in k9s skin.
-            (pkgs.runCommandNoCC "get-skin-json" {} ''
-              cat ${skin_file} \
-                |  sed -E 's@(base: &base ).+@\1 "default"@g' \
-                | ${pkgs.yj}/bin/yj > $out
-            '')
-          );
-        in 
-          skin_attr;
-    };
-  };
-}
@@ -1,15 +1,3 @@
-{...}: {
-  imports = [
-    ../server
-
-    ./cloud
-    ./container
-    ./neovim
-    ./terminal
-
-    ./development.nix
-    ./helix.nix
-    ./media.nix
-    ./shell.nix
-  ];
+{mylib, ...}: {
+  imports = mylib.scanPaths ./.;
 }
@@ -0,0 +1,71 @@
+{
+  pkgs,
+  pkgs-unstable,
+  ...
+}: {
+  #############################################################
+  #
+  #  Basic settings for development environment
+  #
+  #  Please avoid to install language specific packages here(globally),
+  #  instead, install them:
+  #     1. per IDE, such as `programs.neovim.extraPackages`
+  #     2. per-project, using https://github.com/the-nix-way/dev-templates
+  #
+  #############################################################
+
+  home.packages = with pkgs;
+    [
+      colmena # nixos's remote deployment tool
+
+      # db related
+      dbeaver
+      mycli
+      pgcli
+      mongosh
+      sqlite
+
+      # embedded development
+      minicom
+
+      # ai related
+      python311Packages.huggingface-hub # huggingface-cli
+
+      # misc
+      pkgs-unstable.devbox
+      bfg-repo-cleaner # remove large files from git history
+      k6 # load testing tool
+      protobuf # protocol buffer compiler
+
+      # solve coding extercises - learn by doing
+      exercism
+    ]
+    ++ (
+      lib.optionals pkgs.stdenv.isLinux [
+        # Automatically trims your branches whose tracking remote refs are merged or gone
+        # It's really useful when you work on a project for a long time.
+        git-trim
+
+        # need to run `conda-install` before using it
+        # need to run `conda-shell` before using command `conda`
+        # conda is not available for MacOS
+        conda
+
+        mitmproxy # http/https proxy tool
+        insomnia # REST client
+        wireshark # network analyzer
+        ventoy # create bootable usb
+      ]
+    );
+
+  programs = {
+    direnv = {
+      enable = true;
+      nix-direnv.enable = true;
+
+      enableZshIntegration = true;
+      enableBashIntegration = true;
+      enableNushellIntegration = true;
+    };
+  };
+}
@@ -1,78 +0,0 @@
-{
-  pkgs,
-  pkgs-unstable,
-  ...
-}: {
-  #############################################################
-  #
-  #  Basic settings for development environment
-  #
-  #  Please avoid to install language specific packages here(globally),
-  #  instead, install them:
-  #     1. per IDE, such as `programs.neovim.extraPackages`
-  #     2. per-project, using https://github.com/the-nix-way/dev-templates
-  #
-  #############################################################
-
-  home.packages = with pkgs; [
-    (python3.withPackages (
-      ps:
-        with ps; [
-          ipython
-          pandas
-          requests
-          pyquery
-          pyyaml
-        ]
-    ))
-
-    cargo # rust package manager
-    go
-    jdk17
-    guile # scheme language
-
-    # db related
-    dbeaver
-    mycli
-    pgcli
-    mongosh
-    sqlite
-
-    # embedded development
-    minicom
-
-    # misc
-    pkgs-unstable.devbox
-    glow # markdown previewer
-    fzf
-    gdu # disk usage analyzer, required by AstroNvim
-    ripgrep # fast search tool, required by AstroNvim's '<leader>fw'(<leader> is space key)
-    bfg-repo-cleaner # remove large files from git history
-    k6 # load testing tool
-    protobuf # protocol buffer compiler
-  ] ++ (if pkgs.stdenv.isLinux then [
-    # Automatically trims your branches whose tracking remote refs are merged or gone
-    # It's really useful when you work on a project for a long time.
-    git-trim
-
-    # need to run `conda-install` before using it
-    # need to run `conda-shell` before using command `conda`
-    # conda is not available for MacOS
-    conda
-
-    mitmproxy # http/https proxy tool
-    insomnia # REST client
-    wireshark # network analyzer
-  ] else []);
-
-  programs = {
-    direnv = {
-      enable = true;
-      nix-direnv.enable = true;
-
-      enableZshIntegration = true;
-      enableBashIntegration = true;
-      enableNushellIntegration = true;
-    };
-  };
-}
@@ -0,0 +1,62 @@
+# Editors Glossary
+
+### LSP - Language Server Protocol
+
+> https://en.wikipedia.org/wiki/Language_Server_Protocol
+
+> https://langserver.org/
+
+The Language Server Protocol (LSP) is an open, JSON-RPC-based protocol for use between source code editors or integrated development environments (IDEs) and servers that provide programming language-specific features like:
+
+- motions such as go-to-definition, find-references, hover.
+- **code completion**
+- **marking of warnings and errors**
+- **refactoring routines**
+- syntax highlighting (use Tree-sitter instead)
+- code formatting (use a dedicated formatter instead)
+
+The goal of the protocol is to allow programming language support to be implemented and distributed independently of any given editor or IDE.
+
+LSP was originally developed for Microsoft Visual Studio Code and is now an open standard.
+In the early 2020s LSP quickly became a "norm" for language intelligence tools providers.
+
+### Tree-sitter
+
+> https://tree-sitter.github.io/tree-sitter/
+
+> https://www.reddit.com/r/neovim/comments/1109wgr/treesitter_vs_lsp_differences_ans_overlap/
+
+Tree-sitter is a parser generator tool and an **incremental parsing** library. It can build a concrete syntax tree for a source file and efficiently update the syntax tree as the source file is edited.
+
+It is used by many editors and IDEs to provide:
+
+- **syntax highlighting**
+- **indentation**
+- **creating foldable code regions**
+- **Incremental selection**
+- **simple refactoring in a single file**
+  - such as join/split lines, structural editing, cursor motion, etc.
+
+**Treesitter process each file independently**, and it is not aware of the semantics of your code.
+For example, it does not know does a function/variable really exist, or what is the type/return-type of a variable. This is where LSP comes in.
+
+The LSP server parses the code much more deeply and it **not only parses a single file but your whole project**.
+So, the LSP server will know whether a function/variable does exist with the same type/return-type. If it does not, it will mark it as an error.
+
+**LSP does understand the code semantically, while Treesitter only cares about correct syntax**.
+
+#### LSP vs Tree-sitter
+
+- Tree-sitter: lightweight, fast, but limited knowledge of your code. mainly used for **syntax highlighting, indentation, and folding/refactoring in a single file**.
+- LSP: heavy and slow on large projects, but it has a deep understanding of your code. mainly used for **code completion, refactoring in the projects, errors/warnings, and other semantic-aware features**.
+
+### Formatter vs Linter
+
+Linting is distinct from Formatting because:
+
+1. **formatting** only restructures how code appears.
+   1. `prettier` is a popular formatter.
+1. **linting** analyzes how the code runs and detects errors, it may also suggest improvements such as replace `var` with `let` or `const`.
+
+Formatters and Linters process each file independently, they do not need to know about other files in the project.
+  * [ ]
@@ -0,0 +1,206 @@
+# Editors
+
+My editors:
+
+1. Neovim
+2. Emacs
+3. Helix
+
+And `Zellij` for a smooth and stable terminal experience.
+
+## Tips
+
+1. Many useful keys are already provided by vim, check vim/neovim's docs before you install a new plugin / reinvent the wheel.
+1. After using Emacs/Neovim more skillfully, I strongly recommend that you read the official documentation of Neovim/vim:
+   1. <https://vimhelp.org/>: The official vim documentation.
+   1. <https://neovim.io/doc/user/>: Neovim's official user documentation.
+1. Use Zellij for terminal related operations, and use Neovim/Helix for editing.
+1. As for Emacs, Use its GUI version & terminal emulator `vterm` for terminal related operations.
+1. Two powerful file search & jump tools:
+1. Tree-view plugins are beginner-friendly and intuitive, but they're not very efficient.
+1. **Search by the file path**: Useful when you're familiar with the project structure, especially on a large project.
+1. **Search by the content**: Useful when you're familiar with the code.
+
+## Tutorial
+
+Type `:tutor`(`:Tutor` in Neovim) to learn the basics usage of vim/neovim.
+
+## VIM's Cheetsheet
+
+> Here only record my commonly used keys, to see **a more comprehensive cheetsheet**: <https://vimhelp.org/quickref.txt.html>
+
+Both Emacs-Evil & Neovim are compatible with vim, sothe key-bindings described here are common in both Emacs-Evil, Neovim & vim.
+
+### Terminal Related
+
+I mainly use Zellij for terminal related operations, here is its terminal shortcuts I use frequently now:
+
+| Action                    | Zellij's Shortcut |
+| ------------------------- | ----------------- |
+| Floating Terminal         | `Ctrl + p + w`    |
+| Horizontal Split Terminal | `Ctrl + p + d`    |
+| Vertical Split Terminal   | `Ctrl + p + n`    |
+| Execute a command         | `!xxx`            |
+
+### File Management
+
+> <https://neovim.io/doc/user/usr_22.html>
+
+> <https://vimhelp.org/editing.txt.html>
+
+| Action                              |                                                  |
+| ----------------------------------- | ------------------------------------------------ |
+| Save selected text to a file        | `:w filename` (Will show `:'<,'>w filename`)     |
+| Save and close the current buffer   | `:wq`                                            |
+| Save all buffers                    | `:wa`                                            |
+| Save and close all buffers          | `:wqa`                                           |
+| Edit a file                         | `:e filename`(or `:e <TAB>` to show a file list) |
+| Browse the file list                | `:Ex` or `:e .`                                  |
+| Discard changes and reread the file | `:e!`                                            |
+
+### Motion
+
+> https://vimhelp.org/motion.txt.html
+
+| Action                                              | Command                                            |
+| --------------------------------------------------- | -------------------------------------------------- |
+| Move to the start/end of the buffer                 | `gg`/`G`                                           |
+| Move the line number 5                              | `5gg` / `5G`                                       |
+| Move left/down/up/right                             | h/j/k/l or `5h`/`5j`/`5k`/`5l` or `Ctr-n`/`Ctrl-p` |
+| Move to the matchpairs, default to `()`, `{}`, `[]` | `%`                                                |
+| Move to the start/end of the line                   | `0` / `$`                                          |
+| Move a sentence forward/backward                    | `(` / `)`                                          |
+| Move a paragraph forward/backward                   | `{` / `}`                                          |
+| Move a section forward/backward                     | `[[` / `]]`                                        |
+| Jump to various positions                           | `'` + some other keys(neovim has prompt)           |
+
+Text Objects:
+
+- **sentence**: text ending at a '.', '!' or '?' followed by either the end of a line, or by a space or tab.
+- **paragraph**: text ending at a blank line.
+- **section**: text starting with a section header and ending at the start of the next section header (or at the end of the file). - The "`]]`" and "`[[`" commands stop at the '`{`' in the first column. This is
+  useful to find the start of a function in a C/Go/Java/... program.
+
+### Text Manipulation
+
+Basics:
+
+| Action                                  |                            |
+| --------------------------------------- | -------------------------- |
+| Delete the current character            | `x`                        |
+| Paste the copied text                   | `p`                        |
+| Delete the selection                    | `d`                        |
+| Undo the last word                      | `CTRL-w`(in insert mode)   |
+| Undo the last line                      | `CTRL-u`(in insert mode)   |
+| Undo the last change                    | `u`                        |
+| Redo the last change                    | `Ctrl + r`                 |
+| Inserts the text of the previous insert | `Ctrl + a`                 |
+| Repeat the last command                 | `.`                        |
+| Toggle text's case                      | `~`                        |
+| Convert to uppercase                    | `U` (visual mode)          |
+| Convert to lowercase                    | `u` (visual mode)          |
+| Align the selected conent               | `:center`/`:left`/`:right` |
+
+Misc:
+
+| Action                        | Shortcut                                 |
+| ----------------------------- | ---------------------------------------- |
+| Toggle visual mode            | `v` (lower case v)                       |
+| Select the current line       | `V` (upper case v)                       |
+| Toggle visual block mode      | `<Ctrl> + v` (select a block vertically) |
+| Fold the current code block   | `zc`                                     |
+| Unfold the current code block | `zo`                                     |
+| Jump to Definition            | `gd`                                     |
+| Jump to References            | `gD`                                     |
+| (Un)Comment the current line  | `gcc`                                    |
+
+| Action                                                                    |                |
+| ------------------------------------------------------------------------- | -------------- |
+| Sort tye selected lines                                                   | `:sort`        |
+| Join Selection of Lines With Space                                        | `:join` or `J` |
+| Join without spaces                                                       | `:join!`       |
+| Enter Insert mode at the start/end of the line                            | `I` / `A`      |
+| Delete from the cursor to the end of the line                             | `D`            |
+| Delete from the cursor to the end of the line, and then enter insert mode | `C`            |
+
+Advance Techs:
+
+- Add at the end of multiple lines: `:normal A<text>`
+
+  - Execublock: `:A<text>`
+  - visual block mode(ctrl + v)
+  - Append text at the end of each line in the selected block
+  - If position exceeds line end, neovim adds spaces automatically
+
+- Delete the last char of multivle lines: `:normal $x`
+
+  - Execute `$x` on each line
+  - visual mode(v)
+  - `$` moves cursor to the end of line
+  - `x` deletes the character under the cursor
+
+- Delete the last word of multiple lines: `:normal $bD`
+  - Execute `$bD` on each line
+  - visual mode(v)
+  - `$` moves cursor to the end of line
+  - `b` moves cursor to the beginning of the last word
+
+### Search
+
+| Action                                                | Command   |
+| ----------------------------------------------------- | --------- |
+| Search forward/backword for a pattern                 | `/` / `?` |
+| Repeat the last search in the same/opposite direction | `n` / `N` |
+
+### Find and Replace
+
+| Action                           | Command                             |
+| -------------------------------- | ----------------------------------- |
+| Replace in selected area         | `:s/old/new/g`                      |
+| Replace in current line          | Same as above                       |
+| Replace all the lines            | `:% s/old/new/g`                    |
+| Replace all the lines with regex | `:% s@\vhttp://(\w+)@https://\1@gc` |
+
+1. `\v` means means that in the regex pattern after it can be used without backslash escaping(similar to python's raw string).
+2. `\1` means the first matched group in the pattern.
+
+### Replace in the specific lines
+
+| Action                                    | Command                                |
+| ----------------------------------------- | -------------------------------------- |
+| From the 10th line to the end of the file | `:10,$ s/old/new/g` or `:10,$ s@^@#@g` |
+| From the 10th line to the 20th line       | `:10,20 s/old/new/g`                   |
+| Remove the trailing spaces                | `:% s/\s\+$//g`                        |
+
+The postfix(flags) in the above commands:
+
+1. `g` means replace all the matched strings in the current line/file.
+2. `c` means ask for confirmation before replacing.
+3. `i` means ignore case.
+
+### Buffers, Windows and Tabs
+
+> <https://neovim.io/doc/user/usr_08.html>
+
+> <https://vimhelp.org/windows.txt.html>
+
+- A buffer is the in-memory text of a file.
+- A window is a viewport on a buffer.
+- A tab page is a collection of windows.
+
+| Action                              | Command                             |
+| ----------------------------------- | ----------------------------------- |
+| Split the window horizontally       | `:sp[lit]` or `:sp filename`        |
+| Split the window horizontally       | `:vs[plit]` or `:vs filename`       |
+| Switch to the next/previous window  | `Ctrl-w + w` or `Ctrl-w + h/j/k/l`  |
+| Show all buffers                    | `:ls`                               |
+| show next/previous buffer           | `]b`/`[b` or `:bn[ext]` / `bp[rev]` |
+| New Tab(New Workspace in DoomEmacs) | `:tabnew`                           |
+| Next/Previews Tab                   | `gt`/`gT`                           |
+
+### History
+
+| Action                   | Command |
+| ------------------------ | ------- |
+| Show the command history | `q:`    |
+| Show the search history  | `q/`    |
@@ -0,0 +1,24 @@
+# Structured Editing
+
+## S-expression data(Lisp)
+
+- paredit/[lispy](https://github.com/doomemacs/doomemacs/tree/master/modules/editor/lispy): too complex.
+- [evil-cleverparens](https://github.com/emacs-evil/evil-cleverparens): simple and useful.
+- [parinfer(par-in-fer)](https://shaunlebron.github.io/parinfer/): morden, simple, elegant and useful, but works not well with some other completion plugins...
+    - to make parinfer works, you should disable sexp & smartparens in any lisp mode.
+
+Some plugins:
+
+- Emacs
+    - [parinfer-rusT-mode](https://github.com/justinbarclay/parinfer-rust-mode)
+- Neovim
+    - [parinfer-rust](https://github.com/eraserhd/parinfer-rust)
+    - <https://github.com/Olical/conjure>
+- Helix
+    - [parinfer #4090 - Helix](https://github.com/helix-editor/helix/discussions/4090)
+
+## Other Languages
+
+1. treesitter
+1. ...
+
@@ -0,0 +1,3 @@
+{mylib, ...}: {
+  imports = mylib.scanPaths ./.;
+}
@@ -0,0 +1,223 @@
+# Emacs Editor
+
+## Why emacs?
+
+1. Explore the unknown, just for fun!
+2. Org Mode
+3. Lisp Coding
+4. A top-level tutorial for Emacs(Chinese): <https://nyk.ma/tags/emacs/>
+5. A Beginner's Guide to Emacs(Chinese): <https://github.com/emacs-tw/emacs-101-beginner-survival-guide>
+
+## Screenshot
+
+![](/_img/emacs-2024-01-07.webp)
+
+## Usefull Links
+
+- Framework: <https://github.com/doomemacs/doomemacs>
+  - key bindings:
+    - source code: <https://github.com/doomemacs/doomemacs/blob/master/modules/config/default/%2Bevil-bindings.el>
+    - docs: <https://github.com/doomemacs/doomemacs/blob/master/modules/editor/evil/README.org>
+  - module index: <https://github.com/doomemacs/doomemacs/blob/master/docs/modules.org>
+- LSP Client: <https://github.com/manateelazycat/lsp-bridge>
+- Emacs Wiki: <https://www.emacswiki.org/emacs/SiteMap>
+- Awesome Emacs: <https://github.com/emacs-tw/awesome-emacs#lsp-client>
+- Chinese(rime) support: <https://github.com/DogLooksGood/emacs-rime>
+- modal editing:
+  - <https://github.com/emacs-evil/evil>: evil mode, enabled by default in doom-emacs.
+  - <https://github.com/meow-edit/meow>
+
+## Install or Update
+
+After deploying this nix flake, run the following command to install or update emacs:
+
+```bash
+doom sync
+```
+
+when in doubt, run `doom sync`!
+
+## Testing
+
+> via `Justfile` located at the root of this repo.
+
+```bash
+# testing
+just emacs-test
+jsut emacs-purge
+just emacs-reload
+
+# clear test data
+just emacs-clean
+```
+
+## Limits
+
+- It's too slow to start up and install(compile/build) packages.
+  - I have to use emacs in daemon/client mode to avoid this issue.
+- It's too large in size, not suitable for servers.
+  - So vim/neovim is still the best choice for servers.
+- Emacs's markdown-mode works not well with tables, see:
+  - https://github.com/jrblevin/markdown-mode/issues/380
+- I use git command frequently, but doomemacs only autoupdates status of git diff / treemacs when using magit.
+  - I have to learn magit to avoid this issue...
+- GitHub's orgmode support is not well, Markdown is better for GitHub.
+  - Use markdown for repo's README.md, and use orgmode for my personal notes and docs only.
+
+## Cheetsheet
+
+Here is the cheetsheet related to my DoomEmacs configs. Please read vim's common cheetsheet at [../README.md](../README.md) before reading the following.
+
+### Basics
+
+> Terminal(vterm) is useful in GUI mode, I use Zellij instead in terminal mode.
+
+| Action                 | Shortcut                                          |
+| ---------------------- | ------------------------------------------------- |
+| Popup Terminal(vterm)  | `SPC + o + t`                                     |
+| Open Terminal          | `SPC + o + T`                                     |
+| Open file tree sidebar | `SPC + o + p`                                     |
+| Frame fullscreen       | `SPC + t + F`                                     |
+| Exit                   | `M-x C-c`                                         |
+| Execute Command        | `M-x`(hold on `Alt`/`option`, and then press `x`) |
+| Eval Lisp Code         | `M-:`(hold on `Alt`/`option`, and then press `:`) |
+
+### Window Navigation
+
+| Action                                     | Shortcut                                                              |
+| ------------------------------------------ | --------------------------------------------------------------------- |
+| Split a window vertically and horizontally | `SPC w v/s`                                                           |
+| Move to a window in a specific direction   | `Ctrl-w + h/j/k/l`                                                    |
+| Move a window to a specific direction      | `Ctrl-w + H/J/K/L`                                                    |
+| Move to the next window                    | `SPC w w`                                                             |
+| Close the current window                   | `SPC w q`                                                             |
+| Rebalance all windows                      | `SPC w =`                                                             |
+| Set window's width(columns)                | `80 SPC w \|` (the Vertical line is escaped due to markdown's limits) |
+| Set window's height                        | `30 SPC w _ `                                                         |
+
+### File Tree
+
+- treemacs: <https://github.com/Alexander-Miller/treemacs/blob/master/src/elisp/treemacs-mode.el>
+- treemacs-evil: <https://github.com/Alexander-Miller/treemacs/blob/master/src/extra/treemacs-evil.el>
+
+| Action                                | Shortcut  |
+| ------------------------------------- | --------- |
+| Resize Treemacs's window              | `>` & `<` |
+| Extra Wide Window                     | `W`       |
+| Rename                                | `R`       |
+| Delete File/Direcoty                  | `d`       |
+| New File                              | `cf`      |
+| New Directory                         | `cd`      |
+| Go to parent                          | `u`       |
+| Run shell command in for current node | `!`       |
+| Refresh file tree                     | `gr`      |
+| Copy project-path into pasteboard     | `yp`      |
+| Copy absolute-path into pasteboard    | `ya`      |
+| Copy relative-path into pasteboard    | `yr`      |
+| Copy file to another location         | `yf`      |
+| Move file to another location         | `m`       |
+| quit                                  | `q`       |
+
+And bookmarks:
+
+- Add bookmarks in treemacs: `b`
+- Show Bookmark List: `SPC s m`
+
+### Splitting and Buffers
+
+| Action                  | Shortcut          |
+| ----------------------- | ----------------- |
+| Buffer List             | `<Space> + ,`     |
+| Save all buffers(Tab)   | `<Space> + b + S` |
+| Kill the current buffer | `<Space> + b + k` |
+| Kill all buffers        | `<Space> + b + K` |
+
+### Editing and Formatting
+
+| Action                                     | Shortcut            |
+| ------------------------------------------ | ------------------- |
+| Format Document                            | `<Space> + cf`      |
+| Code Actions                               | `<Space> + ca`      |
+| Rename                                     | `<Space> + cr`      |
+| Opening LSP symbols                        | `<Space> + cS`      |
+| Show all LSP Errors                        | `<Space> + c + x/X` |
+| Show infinite undo history(really useful!) | `<Space> + s + u`   |
+| Open filepath/URL at cursor                | `gf`                |
+| Find files by keyword in path              | `<Space> + <Space>` |
+| Grep string in files (vertico + ripgrep)   | `<Space> + sd`      |
+
+### Image Preview(GUI mode only)
+
+Use `-`, `+` to resize the image, `r` to rotate the image.
+
+### Search & replace
+
+```bash
+SPC s p foo C-; E C-c C-p :%s/foo/bar/g RET Z Z
+```
+
+1. `SPC s p`: search in project
+1. `foo`: the keyword to search
+1. `C-; E`: exports what you’re looking at into a new buffer in grep-mode
+1. `C-c C-p` to run wgrep-change-to-wgrep-mode to make the search results writable.
+1. `:%s/foo/bar/g RET`: replace in the current buffer(just like neovim/vim)
+1. `Z Z`: to write all the changes to their respective files
+
+### Projects
+
+> easily switch between projects without exit emacs!
+
+| Action                     | Shortcut      |
+| -------------------------- | ------------- |
+| Switch between projects    | `SPC + p + p` |
+| Browse the current project | `SPC + p + .` |
+| Add new project            | `SPC + p + a` |
+
+### Workspaces
+
+> Very useful when run emacs in daemon/client modes
+
+| Action                      | Shortcut                    |
+| --------------------------- | --------------------------- |
+| Switch between workspaces   | `M-1/2/3/...`(Alt-1/2/3/..) |
+| New Workspace               | `SPC + TAB + n`             |
+| New Named Workspace         | `SPC + TAB + N`             |
+| Delete Workspace            | `SPC + TAB + d`             |
+| Display Workspaces bar blow | `SPC + TAB + TAB`           |
+
+### Magit
+
+> https://github.com/magit/magit
+
+Magit is a powerful tool that make git operations easy and intuitive.
+
+| Action                   | Shortcut                 |
+| ------------------------ | ------------------------ |
+| Open Magit               | `C-x g` or `SPC + g + g` |
+| Switch branch            | `SPC + g + b`            |
+| Show buffer's commit log | `SPC + g + L`            |
+
+Shortcuts in magit's pane:
+
+> When run `git commit` / `git add` / `git push` /... via magit, multiple Arguments can be set.
+> Set arguments won't trigger a git command immediately. Magit will try to run a git command only after an Action key is pressed.
+
+| Action                                             | Shortcut                                      |
+| -------------------------------------------------- | --------------------------------------------- |
+| Quit the current Magit pane                        | `q`                                           |
+| Show log                                           | `l`                                           |
+| Show current branch's log                          | `l + l`                                       |
+| Show current reflog                                | `l + r`                                       |
+| Commit                                             | `c`                                           |
+| Stage                                              | `s`                                           |
+| Unstage                                            | `u`                                           |
+| Push                                               | `p`                                           |
+| Pull                                               | `f`                                           |
+| Rebase                                             | `r`                                           |
+| Rebase Interactively                               | `r + i`, select on a commit, then `C-c + C-c` |
+| Stash                                              | `z`                                           |
+| Merge                                              | `m`                                           |
+| Fold/Unfold                                        | `TAB`                                         |
+| Show details of the current unit(commit/stage/...) | `<ENTER>`                                     |
+
+KeyBinding full list: <https://github.com/emacs-evil/evil-collection/tree/master/modes/magit#key-bindings>
@@ -0,0 +1,132 @@
+# ==============================================
+# Based on doomemacs's auther's config:
+#   https://github.com/hlissner/dotfiles/blob/master/modules/editors/emacs.nix
+#
+# Emacs Tutorials:
+#  1. Official: <https://www.gnu.org/software/emacs/tour/index.html>
+#  2. Doom Emacs: <https://github.com/doomemacs/doomemacs/blob/master/docs/index.org>
+#
+{
+  config,
+  lib,
+  pkgs,
+  doomemacs,
+  ...
+}:
+with lib; let
+  cfg = config.modules.editors.emacs;
+  envExtra = ''
+    export PATH="${config.xdg.configHome}/emacs/bin:$PATH"
+  '';
+  shellAliases = {
+    e = "emacsclient --create-frame"; # gui
+    et = "emacsclient --create-frame --tty"; # termimal
+  };
+  librime-dir = "${config.xdg.dataHome}/emacs/librime";
+  parinfer-rust-lib-dir = "${config.xdg.dataHome}/emacs/parinfer-rust";
+  myEmacsPackagesFor = emacs: ((pkgs.emacsPackagesFor emacs).emacsWithPackages (epkgs: [
+    epkgs.vterm
+  ]));
+in {
+  options.modules.editors.emacs = {
+    enable = mkEnableOption "Emacs Editor";
+  };
+
+  config = mkIf cfg.enable (mkMerge [
+    {
+      home.packages = with pkgs; [
+        ## Doom dependencies
+        git
+        (ripgrep.override {withPCRE2 = true;})
+        gnutls # for TLS connectivity
+
+        ## Optional dependencies
+        fd # faster projectile indexing
+        imagemagick # for image-dired
+        fd # faster projectile indexing
+        zstd # for undo-fu-session/undo-tree compression
+
+        # go-mode
+        # gocode # project archived, use gopls instead
+
+        ## Module dependencies
+        # :checkers spell
+        (aspellWithDicts (ds: with ds; [en en-computers en-science]))
+        # :tools editorconfig
+        editorconfig-core-c # per-project style config
+        # :tools lookup & :lang org +roam
+        sqlite
+        # :lang latex & :lang org (latex previews)
+        texlive.combined.scheme-medium
+      ];
+
+      programs.bash.bashrcExtra = envExtra;
+      programs.zsh.envExtra = envExtra;
+      home.shellAliases = shellAliases;
+      programs.nushell.shellAliases = shellAliases;
+
+      xdg.configFile."doom" = {
+        source = ./doom;
+        force = true;
+      };
+
+      home.activation.installDoomEmacs = lib.hm.dag.entryAfter ["writeBoundary"] ''
+        ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F744 ${doomemacs}/ ${config.xdg.configHome}/emacs/
+
+        # librime for emacs-rime
+        mkdir -p ${librime-dir}
+        ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F744 ${pkgs.librime}/ ${librime-dir}/
+
+        # libparinfer_rust for emacs' parinfer-rust-mode
+        mkdir -p ${parinfer-rust-lib-dir}
+        ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F744  ${pkgs.vimPlugins.parinfer-rust}/lib/libparinfer_rust.* ${parinfer-rust-lib-dir}/parinfer-rust.so
+      '';
+    }
+
+    (mkIf pkgs.stdenv.isLinux (
+      let
+        # Do not use emacs-nox here, which makes the mouse wheel work abnormally in terminal mode.
+        # pgtk (pure gtk) build add native support for wayland.
+        # https://www.gnu.org/savannah-checkouts/gnu/emacs/emacs.html#Releases
+        emacsPkg = myEmacsPackagesFor pkgs.emacs29-pgtk;
+      in {
+        home.packages = [emacsPkg];
+        services.emacs = {
+          enable = true;
+          package = emacsPkg;
+          client = {
+            enable = true;
+            arguments = [" --create-frame"];
+          };
+          startWithUserSession = true;
+        };
+      }
+    ))
+
+    (mkIf pkgs.stdenv.isDarwin (
+      let
+        # macport adds some native features based on GNU Emacs 29
+        # https://bitbucket.org/mituharu/emacs-mac/src/master/README-mac
+        emacsPkg = myEmacsPackagesFor pkgs.emacs29;
+      in {
+        home.packages = [emacsPkg];
+        launchd.enable = true;
+        launchd.agents.emacs = {
+          enable = true;
+          config = {
+            ProgramArguments = [
+              "${pkgs.bash}/bin/bash"
+              "-l"
+              "-c"
+              "${emacsPkg}/bin/emacs --fg-daemon"
+            ];
+            StandardErrorPath = "${config.home.homeDirectory}/Library/Logs/emacs-daemon.stderr.log";
+            StandardOutPath = "${config.home.homeDirectory}/Library/Logs/emacs-daemon.stdout.log";
+            RunAtLoad = true;
+            KeepAlive = true;
+          };
+        };
+      }
+    ))
+  ]);
+}
@@ -0,0 +1,175 @@
+;;; $DOOMDIR/config.el -*- lexical-binding: t; -*-
+
+;; Place your private configuration here! Remember, you do not need to run 'doom
+;; sync' after modifying this file!
+
+
+;; Some functionality uses this to identify you, e.g. GPG configuration, email
+;; clients, file templates and snippets. It is optional.
+;; (setq user-full-name "John Doe"
+;;       user-mail-address "john@doe.com")
+
+;; Doom exposes five (optional) variables for controlling fonts in Doom:
+;;
+;; - `doom-font' -- the primary font to use
+;; - `doom-variable-pitch-font' -- a non-monospace font (where applicable)
+;; - `doom-big-font' -- used for `doom-big-font-mode'; use this for
+;;   presentations or streaming.
+;; - `doom-symbol-font' -- for symbols
+;; - `doom-serif-font' -- for the `fixed-pitch-serif' face
+;;
+;; See 'C-h v doom-font' for documentation and more examples of what they
+;; accept. For example:
+;;
+(setq doom-font (font-spec :family "JetBrainsMono Nerd Font" :size 18)
+      doom-variable-pitch-font (font-spec :family "DejaVu Sans")
+      doom-symbol-font (font-spec :family "Symbols Nerd Font Mono")
+      doom-big-font (font-spec :family "JetBrainsMono Nerd Font" :size 28))
+
+;; Users should inject their own font logic in `after-setting-font-hook'
+;; Add font for CJK charset
+(defun init-cjk-fonts()
+  (dolist (charset '(kana han cjk-misc bopomofo))
+    (set-fontset-font (frame-parameter nil 'font)
+                      charset (font-spec :family "Source Han Sans SC"))))
+(add-hook 'after-setting-font-hook 'init-cjk-fonts)
+
+
+;; If you or Emacs can't find your font, use 'M-x describe-font' to look them
+;; up, `M-x eval-region' to execute elisp code, and 'M-x doom/reload-font' to
+;; refresh your font settings. If Emacs still can't find your font, it likely
+;; wasn't installed correctly. Font issues are rarely Doom issues!
+
+;; There are two ways to load a theme. Both assume the theme is installed and
+;; available. You can either set `doom-theme' or manually load a theme with the
+;; `load-theme' function. This is the default:
+;; other doom's official themes:
+;;   https://github.com/doomemacs/themes
+(setq doom-theme 'doom-dracula) ;; doom-one doom-dracula doom-nord
+(if (eq system-type 'darwin)
+    ;; Transparent Backgroud - for macOS
+    ;;(set-frame-parameter (selected-frame) 'alpha '(<active> . <inactive>))
+    ;;(set-frame-parameter (selected-frame) 'alpha <both>)
+    (progn
+      (set-frame-parameter (selected-frame) 'alpha '(85 . 70))
+      (add-to-list 'default-frame-alist '(alpha . (85 . 70))))
+  ;; Transparent Background - for Linux Xorg/Wayland
+  (set-frame-parameter nil 'alpha-background 93) ; For current frame
+  (add-to-list 'default-frame-alist '(alpha-background . 93))); For all new frames henceforth
+
+;; This determines the style of line numbers in effect. If set to `nil', line
+;; numbers are disabled. For relative line numbers, set this to `relative'.
+(setq display-line-numbers-type t)
+(setq warning-minimum-level :error)
+;; If you use `org' and don't want your org files in the default location below,
+;; change `org-directory'. It must be set before org loads!
+(setq org-directory "~/org/")
+;; Whenever you reconfigure a package, make sure to wrap your config in an
+;; `after!' block, otherwise Doom's defaults may override your settings. E.g.
+;;
+;;   (after! PACKAGE
+;;     (setq x y))
+;;
+;; The exceptions to this rule:
+;;
+;;   - Setting file/directory variables (like `org-directory')
+;;   - Setting variables which explicitly tell you to set them before their
+;;     package is loaded (see 'C-h v VARIABLE' to look up their documentation).
+;;   - Setting doom variables (which start with 'doom-' or '+').
+;;
+;; Here are some additional functions/macros that will help you configure Doom.
+;;
+;; - `load!' for loading external *.el files relative to this one
+;; - `use-package!' for configuring packages
+;; - `after!' for running code after a package has loaded
+;; - `add-load-path!' for adding directories to the `load-path', relative to
+;;   this file. Emacs searches the `load-path' when you load packages with
+;;   `require' or `use-package'.
+;; - `map!' for binding new keys
+;;
+;; To get information about any of these functions/macros, move the cursor over
+;; the highlighted symbol at press 'K' (non-evil users must press 'C-c c k').
+;; This will open documentation for it, including demos of how they are used.
+;; Alternatively, use `C-h o' to look up a symbol (functions, variables, faces,
+;; etc).
+;;
+;; You can also try 'gd' (or 'C-c c d') to jump to their definition and see how
+;; they are implemented.
+
+;; use alejandra to format nix files
+(use-package! lsp-nix
+  :ensure lsp-mode
+  :after
+  (lsp-mode)
+  :demand t
+  :custom
+  (lsp-nix-nil-formatter
+   ["alejandra"]))
+
+(use-package! nushell-mode
+  :config
+  (setq nushell-enable-auto-indent 1))
+(after! vterm
+  (setq vterm-shell "nu")) ; use nushell by defualt
+
+;; emacs-rime
+(use-package! rime
+  :custom
+  (default-input-method "rime")
+  (rime-librime-root "~/.local/share/emacs/librime"))
+
+;; use parinfer for lisp editing
+(use-package! parinfer-rust-mode
+  :hook ((emacs-lisp-mode
+          clojure-mode
+          scheme-mode
+          lisp-mode
+          racket-mode
+          fennel-mode
+          hy-mode) . parinfer-rust-mode)
+  :init
+  ;; parinfer-rust library do not provide a apple silicon binary.
+  ;; fix: https://github.com/doomemacs/doomemacs/issues/6163
+  (setq parinfer-rust-auto-download 0)
+  ;; we need to download it manually and put it in this path
+  (setq parinfer-rust-library "~/.local/share/emacs/parinfer-rust/parinfer-rust.so")
+  :config
+  (map! :map parinfer-rust-mode-map
+        :localleader
+        "p" #'parinfer-rust-switch-mode
+        "P" #'parinfer-rust-toggle-disable))
+
+;; disable smatparens-mode here to void conflict with parinfer
+;; https://discourse.doomemacs.org/t/disable-smartparens-or-parenthesis-completion/134
+(add-hook 'clojure-mode-hook        #'turn-off-smartparens-mode)
+(add-hook 'scheme-mode-hook         #'turn-off-smartparens-mode)
+(add-hook 'lisp-mode-hook           #'turn-off-smartparens-mode)
+(add-hook 'racket-mode-hook         #'turn-off-smartparens-mode)
+(add-hook 'fennel-mode-hook         #'turn-off-smartparens-mode)
+(add-hook 'hy-mode-hook             #'turn-off-smartparens-mode)
+
+;; auto-save
+(use-package super-save
+  :ensure t
+  :config
+  (super-save-mode +1)
+  (setq super-save-auto-save-when-idle t)
+  (setq auto-save-default nil))
+
+;; save on find-file
+(add-to-list 'super-save-hook-triggers 'find-file-hook)
+
+(use-package! copilot
+  :hook
+  (prog-mode . copilot-mode)
+  :bind
+  (:map copilot-completion-map
+        ("<tab>" . 'copilot-accept-completion)
+        ("TAB" . 'copilot-accept-completion)
+        ("C-TAB" . 'copilot-accept-completion-by-word)
+        ("C-<tab>" . 'copilot-accept-completion-by-word))
+  :config
+  (copilot-mode +1))
+
+(use-package! wakatime-mode :ensure t)
+
@@ -0,0 +1,211 @@
+;;; init.el -*- lexical-binding: t; -*-
+
+;; This file controls what Doom modules are enabled and what order they load
+;; in. Remember to run 'doom sync' after modifying it!
+
+;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
+;;      documentation. There you'll find a link to Doom's Module Index where all
+;;      of our modules are listed, including what flags they support.
+
+;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
+;;      'C-c c k' for non-vim users) to view its documentation. This works on
+;;      flags as well (those symbols that start with a plus).
+;;
+;;      Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
+;;      directory (for easy access to its source code).
+
+
+(doom! :input
+       ;;bidi              ; (tfel ot) thgir etirw uoy gnipleh
+       chinese
+       ;;japanese
+       ;;layout            ; auie,ctsrnm is the superior home row
+
+       :completion
+       ;; (company +childframe)  ; conflict with lsp-bridge
+                                        ; the ultimate code completion backend
+       ;;helm              ; the *other* search engine for love and life
+       ;;ido               ; the other *other* search engine...
+       ;;ivy               ; a search engine for love and life
+       vertico                          ; the search engine of the future
+
+       :ui
+       ;;deft              ; notational velocity for Emacs
+       doom                             ; what makes DOOM look the way it does
+       doom-dashboard                   ; a nifty splash screen for Emacs
+       ;;doom-quit         ; DOOM quit-message prompts when you quit Emacs
+       ;; (emoji +unicode) ; Emacs 29 provides native support for inserting Unicode emojis.
+                                        ; 🙂
+       hl-todo            ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
+       indent-guides      ; highlighted indent columns
+       ligatures          ; ligatures and symbols to make your code pretty again
+       modeline           ; snazzy, Atom-inspired modeline, plus API
+       ophints            ; highlight the region an operation acts on
+       (popup +defaults)
+                                        ; tame sudden yet inevitable temporary windows
+       tabs                             ; a tab bar for Emacs
+       treemacs                 ; a project drawer, like neotree but cooler
+       unicode                  ; extended unicode support for various languages
+       (vc-gutter +pretty)
+                                        ; vcs diff in the fringe
+       vi-tilde-fringe                  ; fringe tildes to mark beyond EOB
+       ;;window-select     ; visually switch windows
+       workspaces       ; tab emulation, persistence & separate workspaces
+       ;;zen               ; distraction-free coding or writing
+
+       :editor
+       (evil +everywhere)
+                                        ; come to the dark side, we have cookies
+       file-templates                   ; auto-snippets for empty files
+       fold                             ; (nigh) universal code folding
+       (format +onsave)
+                                        ; automated prettiness
+       ;; multiple-cursors  ; editing in many places at once
+       ;; objed             ; text object editing for the innocent, conflict with parinfer
+       parinfer          ; turn lisp into python, sort of, conflict with copilot/objed/smartparens
+       ;;rotate-text       ; cycle region at point between text candidates
+       snippets   ; my elves. They type so I don't have to
+       word-wrap         ; soft wrapping with language-aware indent
+
+       :emacs
+       dired             ; making dired pretty [functional]
+       electric          ; smarter, keyword-based electric-indent
+       ibuffer         ; interactive buffer management
+       undo              ; persistent, smarter undo for your inevitable mistakes
+       vc                ; version-control and Emacs, sitting in a tree
+
+       :term
+       ;;eshell            ; the elisp shell that works everywhere
+       ;;shell             ; simple shell REPL for Emacs
+       ;;term              ; basic terminal emulator for Emacs
+       vterm                            ; the best terminal emulation in Emacs
+
+       :checkers
+       syntax                        ; tasing you for every semicolon you forget
+       (spell +flyspell)
+                                        ; tasing you for misspelling mispelling
+       grammar                          ; tasing grammar mistake every you make
+
+       :tools
+       ;;ansible
+       ;;biblio            ; Writes a PhD for you (citation needed)
+       ;;collab            ; buffers with friends
+       ;;debugger          ; FIXME stepping through code, to help you add bugs
+       ;;direnv
+       (docker)
+       editorconfig      ; let someone else argue about tabs vs spaces
+       ;;ein               ; tame Jupyter notebooks with emacs
+       (eval +overlay)
+                                        ; run code, run (also, repls)
+       lookup                   ; navigate your code and its documentation
+       lsp    ; lsp-mode, conflict with lsp-bridge
+       magit                    ; a git porcelain for Emacs
+       ;;make              ; run make tasks from Emacs
+       ;;pass              ; password manager for nerds
+       pdf                              ; pdf enhancements
+       ;;prodigy           ; FIXME managing external services & code builders
+       (terraform)
+                                        ; infrastructure as code
+       tree-sitter                    ; syntax and parsing, sitting in a tree...
+       ;;upload            ; map local to remote projects via ssh/ftp
+
+       :os
+       (:if IS-MAC macos)
+                                        ; improve compatibility with macOS
+       tty                              ; improve the terminal Emacs experience
+
+       :lang
+       ;;agda              ; types of types of types of types...
+       ;;beancount         ; mind the GAAP
+       (cc +lsp +tree-sitter)
+                                        ; C > C++ == 1
+       ;;clojure           ; java with a lisp
+       ;;common-lisp       ; if you've seen one lisp, you've seen them all
+       ;;coq               ; proofs-as-programs
+       ;;crystal           ; ruby at the speed of c
+       ;;csharp            ; unity, .NET, and mono shenanigans
+       data                     ; config/data formats
+       ;;(dart +flutter)   ; paint ui and not much else
+       ;;dhall
+       ;;elixir            ; erlang done right
+       ;;elm               ; care for a cup of TEA?
+       emacs-lisp                       ; drown in parentheses
+       ;;erlang            ; an elegant language for a more civilized age
+       ;;ess               ; emacs speaks statistics
+       ;;factor
+       ;;faust             ; dsp, but you get to keep your soul
+       ;;fortran           ; in FORTRAN, GOD is REAL (unless declared INTEGER)
+       ;;fsharp            ; ML stands for Microsoft's Language
+       ;;fstar             ; (dependent) types and (monadic) effects and Z3
+       ;;gdscript          ; the language you waited for
+       (go +lsp +tree-sitter)  ;; disable go-mode, use lsp-bridge instead
+                                        ; the hipster dialect
+       ;;(graphql)    ; Give queries a REST
+       ;;(haskell)    ; a language that's lazier than I am
+       ;;hy                ; readability of scheme w/ speed of python
+       ;;idris             ; a language you can depend on
+       (json +lsp +tree-sitter)
+                                        ; At least it ain't XML
+       (java +lsp +tree-sitter)
+                                        ; the poster child for carpal tunnel syndrome
+       (javascript +lsp +tree-sitter)
+                                        ; all(hope(abandon(ye(who(enter(here))))))
+       ;;julia             ; a better, faster MATLAB
+       ;;kotlin            ; a better, slicker Java(Script)
+       (latex)
+                                        ; writing papers in Emacs has never been so fun
+       ;;lean              ; for folks with too much to prove
+       ;;ledger            ; be audit you can be
+       (lua +lsp +tree-sitter)
+                                        ; one-based indices? one-based indices
+       (markdown +grip)
+                                        ; writing docs for people to ignore
+       ;;nim               ; python + lisp at the speed of c
+       (nix +lsp +tree-sitter)
+                                        ; I hereby declare "nix geht mehr!"
+       ;;ocaml             ; an objective camel
+       (org +pandoc +hugo +jupyter)  ; organize your plain life in plain text
+       ;;php               ; perl's insecure younger brother
+       ;;plantuml          ; diagrams for confusing people more
+       ;;purescript        ; javascript, but functional
+       (python +lsp +tree-sitter +pyright)
+                                        ; beautiful is better than ugly
+       ;;qt                ; the 'cutest' gui framework ever
+       racket           ; a DSL for DSLs
+       ;;raku              ; the artist formerly known as perl6
+       ;;rest              ; Emacs as a REST client
+       ;;rst               ; ReST in peace
+       ;;(ruby +rails)     ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
+       (rust +lsp +tree-sitter)
+                                        ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
+       ;;scala             ; java, but good
+       (scheme +guile)
+                                        ; a fully conniving family of lisps
+       (sh +lsp +tree-sitter)
+                                        ; she sells {ba,z,fi}sh shells on the C xor
+       ;;sml
+       ;;solidity          ; do you need a blockchain? No.
+       ;;swift             ; who asked for emoji variables?
+       ;;terra             ; Earth and Moon in alignment for performance.
+       (web +lsp +tree-sitter)
+                                        ; support for various web languages, including HTML5, CSS, SASS/SCSS, Pug/Jade/Slim, and more
+       (yaml +lsp +tree-sitter)
+                                        ; JSON, but readable
+       ;;zig               ; C, but simpler
+
+       :email
+       ;;(mu4e +org +gmail)
+       ;;notmuch
+       ;;(wanderlust +gmail)
+
+       :app
+       ;;calendar
+       ;;emms
+       ;;everywhere        ; *leave* Emacs!? You must be joking
+       ;;irc               ; how neckbeards socialize
+       ;;(rss +org)        ; emacs as an RSS reader
+       ;;twitter           ; twitter client https://twitter.com/vnought
+
+       :config
+       ;;literate
+       (default +bindings +smartparens))
@@ -0,0 +1,64 @@
+;; -*- no-byte-compile: t; -*-
+;;; $DOOMDIR/packages.el
+
+;; To install a package with Doom you must declare them here and run 'doom sync'
+;; on the command line, then restart Emacs for the changes to take effect -- or
+;; use 'M-x doom/reload'.
+
+(package! super-save)
+(package! rime)
+(package! wakatime-mode
+  :recipe
+  (:host github :repo "wakatime/wakatime-mode" :files
+         ("*.el" "dist")))
+
+(package! nushell-mode :recipe
+  (:host github :repo "mrkkrp/nushell-mode"))
+
+(package! copilot
+  :recipe
+  (:host github :repo "copilot-emacs/copilot.el" :files
+         ("*.el" "dist")))
+
+;; To install SOME-PACKAGE from MELPA, ELPA or emacsmirror:
+;; (package! some-package)
+
+;; To install a package directly from a remote git repo, you must specify a
+;; `:recipe'. You'll find documentation on what `:recipe' accepts here:
+;; https://github.com/radian-software/straight.el#the-recipe-format
+;; (package! another-package
+;;   :recipe (:host github :repo "username/repo"))
+
+;; If the package you are trying to install does not contain a PACKAGENAME.el
+;; file, or is located in a subdirectory of the repo, you'll need to specify
+;; `:files' in the `:recipe':
+;; (package! this-package
+;;   :recipe (:host github :repo "username/repo"
+;;            :files ("some-file.el" "src/lisp/*.el")))
+
+;; If you'd like to disable a package included with Doom, you can do so here
+;; with the `:disable' property:
+;; (package! builtin-package :disable t)
+
+;; You can override the recipe of a built in package without having to specify
+;; all the properties for `:recipe'. These will inherit the rest of its recipe
+;; from Doom or MELPA/ELPA/Emacsmirror:
+;; (package! builtin-package :recipe (:nonrecursive t))
+;; (package! builtin-package-2 :recipe (:repo "myfork/package"))
+
+;; Specify a `:branch' to install a package from a particular branch or tag.
+;; This is required for some packages whose default branch isn't 'master' (which
+;; our package manager can't deal with; see radian-software/straight.el#279)
+;; (package! builtin-package :recipe (:branch "develop"))
+
+;; Use `:pin' to specify a particular commit to install.
+;; (package! builtin-package :pin "1a2b3c4d5e")
+
+
+;; Doom's packages are pinned to a specific commit and updated from release to
+;; release. The `unpin!' macro allows you to unpin single packages...
+;; (unpin! pinned-package)
+;; ...or multiple packages
+;; (unpin! pinned-package another-pinned-package)
+;; ...Or *all* packages (NOT RECOMMENDED; will likely break things)
+;; (unpin! t)
@@ -0,0 +1,43 @@
+# Helix Editor
+
+Neovim is really powerful, and have a very active community. I use it as my main editor, and I'm very happy with it. I use it for everything, from writing code to writing this document.
+
+But its configuration is a bit complex, and finding the right plugins, writing configurations, and keeping everything up to date is not easy.
+
+That's why I'm interested in Helix, Helix is similar to Neovim, but it's more opinionated, and it's batteries included.
+Whether I'll switch my main editor to Helix or not, it gives me a lot of ideas on how to improve my Neovim workflow.
+
+## Tutorial
+
+Use `:tutor` in helix to start the tutorial.
+
+## Differences between Neovim and Helixer
+
+1. Selecting first, then action.
+    1. Helix: delete 2 word: `2w` then `x`. You can always see what you're selecting before you apply the action.
+    2. Neovim: delete 2 word: `d`. then `2w`. No visual feedback before you apply the action.
+1. Helix - Morden builtin features: LSP, tree-sitter, fuzzy finder, multi cursors, surround and more.
+    1. They're all available in Neovim too, but you need to find and use the right plugins manually, which takes time and effort.
+1. Helix is built in Rust from scratch. The result is a much smaller codebase and a modern set of defaults. No VimScript. No Lua.
+    1. Neovim contains a lot of VimScript, and lua is too dynamic, it's hard to debug.
+    1. Personally I'm glad to take a look at a Rust codebase, but not a VimScript/Lua codebase.
+1. Neovim have a very activate plugin ecosystem, and it's easy to find plugins for almost everything.
+    1. Helix is still new, and it even do have a stable plugin system yet. A PR to add a plugin system is still envolving: <https://github.com/helix-editor/helix/pull/8675>
+2. Neovim has intergrated terminal, and it's very powerful. It's quite similar to VSCode's intergrated terminal. I use it a lot.
+    1. Helix doesn't have a intergrated terminal yet, as it's complicated to implement. Users are recommended to use tmux/Zellij or Wezterm/Kitty to implement this feature instead.
+    1. <https://github.com/helix-editor/helix/issues/1976#issuecomment-1091074719>
+    1. <https://github.com/helix-editor/helix/pull/4649>
+    1. **My Neovim often gets stuck when I switch to [toggleterm.nvim](https://github.com/akinsho/toggleterm.nvim), this Helix issue made me consider to switch from this Neovim plugin to Zellij**.
+1. Helix do not have a tree-view panel, it's recommended to use Yazi/ranger/Broot instead, and open Helix in them.
+    1. a tree-view plugin may be added after the plugin system is stable, but no one knows when it will be.
+    2. and some Helix users stated that they don't need a tree-view plugin, Helix's file picker is useful and good enough.
+1. It seems Helix lacks a global substitution command, you should run it in another window(via wm or Zellij).
+    1. <https://github.com/helix-editor/helix/issues/196>
+    1. Neovim's substitution command allow you to preview the changes before you apply it, and it's very useful. if I switch to Helix, I'll need to find some other tools with similar feature(such as https://github.com/ms-jpq/sad).
+1. Complexity and Maintenance Costs vs Batteries Included: <https://github.com/helix-editor/helix/discussions/6356>
+
+
+I think Use Helix/Neovim within a terminal file manager(Yazi/ranger/Broot) and Zellij is a good idea. 
+It's quite different from the workflow I migrated from VSCode/JetBrains before, I'm very interested in it.
+
+In Neovim I can make the workflow similar to VSCode/JetBrains by using some plugins, but Helix forces me to get out of my comfort zone, and try something new.
@@ -1,8 +1,10 @@
-{ pkgs, catppuccin-helix, ... }:
-
 {
+  pkgs,
+  nur-ryan4yin,
+  ...
+}: {
  # https://github.com/catppuccin/helix
-  xdg.configFile."helix/themes".source = "${catppuccin-helix}/themes/default";
+  xdg.configFile."helix/themes".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-helix}/themes/default";

  programs.helix = {
    enable = true;
@@ -22,10 +24,12 @@
        indent-guides.render = true;
      };
      keys.normal = {
-        space.space = "file_picker";
-        space.w = ":w";
-        space.q = ":q";
-        esc = [ "collapse_selection" "keep_primary_selection" ];
+        space = {
+          space = "file_picker";
+          w = ":w";
+          q = ":q";
+        };
+        esc = ["collapse_selection" "keep_primary_selection"];
      };
    };
  };
@@ -1,10 +1,15 @@
-# AstroNvim Configuration and Shortcuts
+# Neovim Editor

 My Neovim config based on [AstroNvim](https://github.com/AstroNvim/AstroNvim).
 For more details, visit the [AstroNvim website](https://astronvim.com/).

 This document outlines neovim's configuration structure and various shortcuts/commands for efficient usage.

+## Screenshots
+
+![](/_img/astronvim_2023-07-13_00-39.webp)
+![](/_img/hyprland_2023-07-29_2.webp)
+
 ## Configuration Structure

 | Description                                       | Standard Location                           | My Location                                                               |
@@ -28,19 +33,23 @@ Remove all unused plugins:
 :Lazy clean
 ```

-## Screenshots
+## Testing

-![](/_img/astronvim_2023-07-13_00-39.webp)
-![](/_img/hyprland_2023-07-29_2.webp)
+> via `Justfile` located at the root of this repo.

-## Visual Modes
+```bash
+# testing
+just nvim-test

-| Action                   | Shortcut                                 |
-| ------------------------ | ---------------------------------------- |
-| Toggle visual mode       | `v`                                      |
-| Toggle visual block mode | `<Ctrl> + v` (select a block vertically) |
+# clear test data
+just nvim-clear
+```

-## Incremental Selection
+## Cheetsheet
+
+Here is the cheetsheet related to my Neovim configs. Please read vim's common cheetsheet at [../README.md](../README.md) before reading the following.
+
+### Incremental Selection

 Provided by nvim-treesitter.

@@ -51,7 +60,7 @@ Provided by nvim-treesitter.
 | scope incremental | `<Alt-Space>`  |
 | node decremental  | `Backspace`    |

-## Search and Jump
+### Search and Jump

 Provided by [flash.nvim](https://github.com/folke/flash.nvim), it's a intelligent search and jump plugin.

@@ -63,65 +72,34 @@ Provided by [flash.nvim](https://github.com/folke/flash.nvim), it's a intelligen
 | Treesitter Search | `yR`,`dR`, `cR`, `vR`, `ctrl+v+R`(arround your matches, all the surrounding Treesitter nodes will be labeled) |
 | Remote Flash      | `yr`, `dr`, `cr`, (arround your matches, all the surrounding Treesitter nodes will be labeled)                |

-## Text Manipulation
-
- Add at the end of multiple lines: `:normal A<text>`
-
-  - Execublock: `:A<text>`
-
-  - visual block mode(ctrl + v)
-  - Append text at the end of each line in the selected block
-  - If position exceeds line end, neovim adds spaces automatically
-
- Delete the last char of multivle lines: `:normal $x`
-
-  - Execute `$x` on each line
-  - visual mode(v)
-  - `$` moves cursor to the end of line
-  - `x` deletes the character under the cursor
-
- Delete the last word of multiple lines: `:normal $bD`
-  - Execute `$bD` on each line
-  - visual mode(v)
-  - `$` moves cursor to the end of line
-  - `b` moves cursor to the beginning of the last word
-  - `D` deletes from cursor to the end of line
-
-## Commands & Shortcuts
+### Commands & Shortcuts

 | Action                        | Shortcut       |
 | ----------------------------- | -------------- |
-| Learn Neovim's Basics         | `:Tutor`       |
 | Open file explorer            | `<Space> + e`  |
 | Focus Neotree to current file | `<Space> + o`  |
-| Floating Terminal             | `<Space> + tf` |
-| Horizontal Split Terminal     | `<Space> + th` |
-| Vertical Split Terminal       | `<Space> + tv` |
-| Open IPython REPL             | `<Space> + tp` |
 | Toggle line wrap              | `<Space> + uw` |
 | Show line diagnostics         | `gl`           |
 | Show function/variable info   | `K`            |
-| Go to definition              | `gd`           |
 | References of a symbol        | `gr`           |

-## Window Navigation
+### Window Navigation

 - Switch between windows: `<Ctrl> + h/j/k/l`
 - Resize windows: `<Ctrl> + Up/Down/Left/Right`
  - Note: On macOS, conflicts with system shortcuts
  - Disable in System Preferences -> Keyboard -> Shortcuts -> Mission Control

-## Splitting and Buffers
+### Splitting and Buffers

-| Action                | Shortcut      |
+|
+| Action | Shortcut |
 | --------------------- | ------------- |
-| Horizontal Split      | `\`           |
-| Vertical Split        | `\|`          |
-| Next Buffer (Tab)     | `]b`          |
-| Previous Buffer (Tab) | `[b`          |
-| Close Buffer          | `<Space> + c` |
+| Horizontal Split | `\` |
+| Vertical Split | `\|` |
+| Close Buffer | `<Space> + c` |

-## Editing and Formatting
+### Editing and Formatting

 | Action                                                | Shortcut       |
 | ----------------------------------------------------- | -------------- |
@@ -135,7 +113,7 @@ Provided by [flash.nvim](https://github.com/folke/flash.nvim), it's a intelligen
 | Find files by name (fzf)                              | `<Space> + ff` |
 | Grep string in files (ripgrep)                        | `<Space> + fw` |

-## Sessions
+### Sessions

 | Action                         | Shortcut       |
 | ------------------------------ | -------------- |
@@ -145,43 +123,24 @@ Provided by [flash.nvim](https://github.com/folke/flash.nvim), it's a intelligen
 | Search Session                 | `<Space> + Sf` |
 | Load Current Directory Session | `<Space> + S.` |

-## Debugging
+### Debugging

 Press `<Space> + D` to view available bindings and options.

-## Find and Replace
-
-| Action                   | Command                             |
-| ------------------------ | ----------------------------------- |
-| Replace in selected area | `:s/old/new/g`                      |
-| Replace in current line  | Same as above                       |
-| Replace in whole file    | `:% s/old/new/g`                    |
-| Replace with regex       | `:% s@\vhttp://(\w+)@https://\1@gc` |
-
-1. `\v` means means that in the regex pattern after it can be used without backslash escaping(similar to python's raw string).
-2. `\1` means the first matched group in the pattern.
-
-## Replace in the specific lines
-
-| Action                                    | Command                                |
-| ----------------------------------------- | -------------------------------------- |
-| From the 10th line to the end of the file | `:10,$ s/old/new/g` or `:10,$ s@^@#@g` |
-| From the 10th line to the 20th line       | `:10,20 s/old/new/g`                   |
-
-The postfix(flags) in the above commands:
-
-1. `g` means replace all the matched strings in the current line/file.
-2. `c` means ask for confirmation before replacing.
-3. `i` means ignore case.
-
-## Search and Replace Globally
+### Search and Replace Globally

 | Description                                                  | Shortcut                                                         |
 | ------------------------------------------------------------ | ---------------------------------------------------------------- |
 | Open spectre.nvim search and replace panel                   | `<Space> + ss`                                                   |
-| Search and replace in command line(need install `sad` first) | `find -name "*.nix" \| sad '<pattern>' '<replacement>' \| delta` |

-## Surrounding Characters
+Search and replace via cli(fd + sad + delta):
+
+```bash
+fd "\\.nix$" . | sad '<pattern>' '<replacement>' | delta
+```
+
+
+### Surrounding Characters

 Provided by mini.surround plugin.

@@ -194,30 +153,19 @@ Provided by mini.surround plugin.
 | Replace surrounding characters | `gzr'"`  | Replace `'` by `"` around the word under cursor |
 | Highlight surrounding          | `gzh'`   | Highlight `'` around the word under cursor      |

-## Text Manipulation
+### Text Manipulation

 | Action                                 |               |
 | -------------------------------------- | ------------- |
-| Join Selection of Lines With Space     | `:join`       |
-| Join without spaces                    | `:join!`      |
 | Join with LSP intelligence(treesj)     | `<Space> + j` |
 | Split Line into Multiple Lines(treesj) | `<Space> + s` |

-## Convert Text Case
+### Miscellaneous

-| Action               |     |
-| -------------------- | --- |
-| Toggle text's case   | `~` |
-| Convert to uppercase | `U` |
-| Convert to lowercase | `u` |
-
-## Miscellaneous
-
-| Action                       |                                              |
-| ---------------------------- | -------------------------------------------- |
-| Save selected text to a file | `:w filename` (Will show `:'<,'>w filename`) |
-| Show all Yank History        | `:<Space> + yh`                              |
-| Show undo history            | `:<Space> + uh`                              |
+| Action                |                 |
+| --------------------- | --------------- |
+| Show all Yank History | `:<Space> + yh` |
+| Show undo history     | `:<Space> + uh` |

 ## Additional Resources

@@ -0,0 +1,2 @@
+.clj-kondo/
+.nrepl-port
@@ -0,0 +1 @@
+{:source-file-patterns ["*.fnl" "**/*.fnl"]}
@@ -0,0 +1,7 @@
+column_width = 120
+line_endings = "Unix"
+indent_type = "Spaces"
+indent_width = 2
+quote_style = "AutoPreferDouble"
+call_parentheses = "None"
+collapse_simple_statement = "Always"
@@ -8,16 +8,26 @@ return {
      spell = false,      -- Spell checking
      swapfile = false,   -- Swapfile
      smartindent = false, -- fix https://github.com/ryan4yin/nix-config/issues/4
+      title = true,       -- Set the title of window to `filename [+=-] (path) - NVIM`
+      -- The percentage of 'columns' to use for the title
+      -- When the title is longer, only the end of the path name is shown.
+      titlelen = 20,
    },
  },

  plugins = {
    "AstroNvim/astrocommunity",
-    -- colorscheme - catppuccin
-    { import = "astrocommunity.colorscheme.catppuccin" },
+    -- Motion
+    { import = "astrocommunity.motion.mini-surround" },
+    -- https://github.com/echasnovski/mini.ai
+    { import = "astrocommunity.motion.mini-ai" },
+    { import = "astrocommunity.motion.flash-nvim" },
+    -- diable toggleterm.nvim, zellij's terminal is far better than neovim's one
+    { "akinsho/toggleterm.nvim",                                   enabled = false },
+    { "folke/flash.nvim",                                          vscode = false },
    -- Highly experimental plugin that completely replaces
    -- the UI for messages, cmdline and the popupmenu.
-    { import = "astrocommunity.utility.noice-nvim" },
+    -- { import = "astrocommunity.utility.noice-nvim" },
    -- Fully featured & enhanced replacement for copilot.vim
    -- <Tab> work with both auto completion in cmp and copilot
    { import = "astrocommunity.media.vim-wakatime" },
@@ -37,26 +47,154 @@ return {
    { import = "astrocommunity.pack.json" },
    { import = "astrocommunity.pack.yaml" },
    { import = "astrocommunity.pack.toml" },
-    ---- Backend
+    ---- Backend / System
    { import = "astrocommunity.pack.lua" },
    { import = "astrocommunity.pack.go" },
    { import = "astrocommunity.pack.rust" },
    { import = "astrocommunity.pack.python" },
    { import = "astrocommunity.pack.java" },
+    { import = "astrocommunity.pack.cmake" },
+    { import = "astrocommunity.pack.cpp" },
    -- { import = "astrocommunity.pack.nix" },  -- manually add config for nix, comment this one.
    { import = "astrocommunity.pack.proto" },
+
    ---- Operation & Cloud Native
    { import = "astrocommunity.pack.terraform" },
    { import = "astrocommunity.pack.bash" },
-    { import = "astrocommunity.pack.cmake" },
-    { import = "astrocommunity.pack.cpp" },
    { import = "astrocommunity.pack.docker" },
-    -- Motion
-    { import = "astrocommunity.motion.mini-surround" },
-    -- https://github.com/echasnovski/mini.ai
-    { import = "astrocommunity.motion.mini-ai" },
-    { import = "astrocommunity.motion.flash-nvim" },
-    { "folke/flash.nvim",                                          vscode = false },
+    { import = "astrocommunity.pack.helm" },
+
+    -- colorscheme
+    { import = "astrocommunity.colorscheme.catppuccin" },
+    {
+      "catppuccin/nvim",
+      name = "catppuccin",
+      opts = function(_, opts)
+        opts.flavour = "mocha"              -- latte, frappe, macchiato, mocha
+        opts.transparent_background = true -- setting the background color.
+      end,
+    },
+    -- Language Parser for syntax highlighting / indentation / folding / Incremental selection
+    {
+      "nvim-treesitter/nvim-treesitter",
+      opts = function(_, opts)
+        local utils = require("astronvim.utils")
+        opts.incremental_selection = {
+          enable = true,
+          keymaps = {
+            init_selection = "<C-space>", -- Ctrl + Space
+            node_incremental = "<C-space>",
+            scope_incremental = "<A-space>", -- Alt + Space
+            node_decremental = "<bs>", -- Backspace
+          },
+        }
+        opts.ignore_install = { "gotmpl" }
+        opts.ensure_installed = utils.list_insert_unique(opts.ensure_installed, {
+          -- neovim
+          "vim",
+          "lua",
+          -- operation & cloud native
+          "dockerfile",
+          "hcl",
+          "jsonnet",
+          "regex",
+          "terraform",
+          "nix",
+          "csv",
+          -- other programming language
+          "diff",
+          "gitignore",
+          "gitcommit",
+          "latex",
+          "sql",
+          -- Lisp like
+          "fennel",
+          "clojure",
+          "commonlisp",
+          -- customized languages:
+          "scheme",
+        })
+
+        -- add support for scheme
+        local parser_config = require("nvim-treesitter.parsers").get_parser_configs()
+        parser_config.scheme = {
+          install_info = {
+            url = "https://github.com/6cdh/tree-sitter-scheme", -- local path or git repo
+            files = { "src/parser.c" },
+            -- optional entries:
+            branch = "main",                  -- default branch in case of git repo if different from master
+            generate_requires_npm = false,    -- if stand-alone parser without npm dependencies
+            requires_generate_from_grammar = false, -- if folder contains pre-generated src/parser.c
+          },
+        }
+        -- use scheme parser for filetypes: scm
+        vim.treesitter.language.register("scheme", "scm")
+      end,
+    },
+    {
+      "eraserhd/parinfer-rust",
+      build = "cargo build --release",
+      ft = { "scm", "scheme" },
+    },
+    { "Olical/nfnl",                                       ft = "fennel" },
+    {
+      "Olical/conjure",
+      ft = { "clojure", "fennel", "python", "scheme" }, -- etc
+      -- [Optional] cmp-conjure for cmp
+      dependencies = {
+        {
+          "PaterJason/cmp-conjure",
+          config = function()
+            local cmp = require("cmp")
+            local config = cmp.get_config()
+            table.insert(config.sources, {
+              name = "buffer",
+              option = {
+                sources = {
+                  { name = "conjure" },
+                },
+              },
+            })
+            cmp.setup(config)
+          end,
+        },
+      },
+      config = function(_, opts)
+        require("conjure.main").main()
+        require("conjure.mapping")["on-filetype"]()
+      end,
+      init = function()
+        -- Set configuration options here
+        vim.g["conjure#debug"] = true
+      end,
+    },
+    {
+      "nvim-orgmode/orgmode",
+      dependencies = {
+        { "nvim-treesitter/nvim-treesitter", lazy = true },
+      },
+      event = "VeryLazy",
+      config = function()
+        -- Load treesitter grammar for org
+        require("orgmode").setup_ts_grammar()
+
+        -- Setup treesitter
+        require("nvim-treesitter.configs").setup({
+          highlight = {
+            enable = true,
+            additional_vim_regex_highlighting = { "org" },
+          },
+          ensure_installed = { "org" },
+        })
+
+        -- Setup orgmode
+        require("orgmode").setup({
+          org_agenda_files = "~/org/**/*",
+          org_default_notes_file = "~/org/refile.org",
+        })
+      end,
+    },
+
    -- Lua implementation of CamelCaseMotion, with extra consideration of punctuation.
    { import = "astrocommunity.motion.nvim-spider" },
    -- AI Assistant
@@ -77,7 +215,7 @@ return {
      -- lazy-loading on events
      event = { "InsertLeave", "TextChanged" },
      opts = function(_, opts)
-        opts.prompt_style = "notify" -- or stdout
+        opts.prompt_style = "stdout" -- notify or stdout
      end,
    },

@@ -213,38 +351,8 @@ return {

    -- full signature help, docs and completion for the nvim lua API.
    { "folke/neodev.nvim",     opts = {} },
-
+    -- automatically highlighting other uses of the word under the cursor using either LSP, Tree-sitter, or regex matching.
    { "RRethy/vim-illuminate", config = function() end },
-
-    -- Language Parser for syntax highlighting / indentation / folding / Incremental selection
-    {
-      "nvim-treesitter/nvim-treesitter",
-      opts = function(_, opts)
-        local utils = require("astronvim.utils")
-        opts.incremental_selection = {
-          enable = true,
-          keymaps = {
-            init_selection = "<C-space>", -- Ctrl + Space
-            node_incremental = "<C-space>",
-            scope_incremental = "<A-space>", -- Alt + Space
-            node_decremental = "<bs>", -- Backspace
-          },
-        }
-        opts.ensure_installed = utils.list_insert_unique(opts.ensure_installed, {
-          -- neovim
-          "vim",
-          "lua",
-          -- operation & cloud native
-          "dockerfile",
-          "hcl",
-          "jsonnet",
-          "regex",
-          "terraform",
-          "nix",
-        })
-      end,
-    },
-
    -- implementation/definition preview
    {
      "rmagatti/goto-preview",
@@ -260,22 +368,34 @@ return {
    -- LSP installations
    {
      "williamboman/mason-lspconfig.nvim",
-      -- overwrite ensure_installed to install lsp via home manager(except emmet_ls)
-      opts = function(_, opts)
-        opts.ensure_installed = {
-          "emmet_ls", -- not exist in nixpkgs, so install it via mason
-        }
-      end,
-    },
-    -- Formatters/Linter installation
-    {
-      "jay-babu/mason-null-ls.nvim",
+      -- mason is unusable on NixOS, disable it.
      -- ensure_installed nothing
      opts = function(_, opts)
        opts.ensure_installed = nil
        opts.automatic_installation = false
      end,
    },
+    -- Formatters/Linter installation
+    {
+      "jay-babu/mason-null-ls.nvim",
+      -- mason is unusable on NixOS, disable it.
+      -- ensure_installed nothing
+      opts = function(_, opts)
+        opts.ensure_installed = nil
+        opts.automatic_installation = false
+      end,
+    },
+    -- Debugger installation
+    {
+      "jay-babu/mason-nvim-dap.nvim",
+      -- mason is unusable on NixOS, disable it.
+      -- ensure_installed nothing
+      opts = function(_, opts)
+        opts.ensure_installed = nil
+        opts.automatic_installation = false
+      end,
+    },
+
    {
      "jose-elias-alvarez/null-ls.nvim",
      opts = function(_, opts)
@@ -305,35 +425,28 @@ return {
            diagnostics.deadnix, -- Scan Nix files for dead code.

            -- Formatting
-            formatting.prettier,                          -- js/ts/vue/css/html/json/... formatter
-            diagnostics.hadolint,                         -- Dockerfile linter
-            formatting.black,                             -- Python formatter
-            formatting.ruff,                              -- extremely fast Python linter
-            formatting.goimports,                         -- Go formatter
-            formatting.shfmt,                             -- Shell formatter
-            formatting.rustfmt,                           -- Rust formatter
-            formatting.taplo,                             -- TOML formatteautoindentr
-            formatting.terraform_fmt,                     -- Terraform formatter
-            formatting.stylua,                            -- Lua formatter
-            formatting.alejandra,                         -- Nix formatter
-            formatting.sqlfluff.with({                    -- SQL formatter
-              extra_args = { "--dialect", "postgres" },   -- change to your dialect
+            formatting.prettier,                 -- js/ts/vue/css/html/json/... formatter
+            diagnostics.hadolint,                -- Dockerfile linter
+            formatting.black,                    -- Python formatter
+            formatting.ruff,                     -- extremely fast Python linter
+            formatting.goimports,                -- Go formatter
+            formatting.shfmt,                    -- Shell formatter
+            formatting.rustfmt,                  -- Rust formatter
+            formatting.taplo,                    -- TOML formatteautoindentr
+            formatting.terraform_fmt,            -- Terraform formatter
+            formatting.stylua,                   -- Lua formatter
+            formatting.alejandra,                -- Nix formatter
+            formatting.sqlfluff.with({           -- SQL formatter
+              extra_args = { "--dialect", "postgres" }, -- change to your dialect
            }),
-            formatting.nginx_beautifier,                  -- Nginx formatter
-            null_ls.builtins.formatting.verible_verilog_format, -- Verilog formatter
+            formatting.nginx_beautifier,         -- Nginx formatter
+            formatting.verible_verilog_format,   -- Verilog formatter
+            formatting.emacs_scheme_mode,        -- using emacs in batch mode to format scheme files.
+            formatting.fnlfmt,                   -- Format Fennel code
          })
        end
      end,
    },
-    -- Debugger installation
-    {
-      "jay-babu/mason-nvim-dap.nvim",
-      -- overrides `require("mason-nvim-dap").setup(...)`
-      opts = function(_, opts)
-        opts.ensure_installed = nil
-        opts.automatic_installation = false
-      end,
-    },

    {
      "nvim-telescope/telescope.nvim",
@@ -408,40 +521,46 @@ return {
          offsetEncoding = "utf-8",
        },
      },
+      scheme_langserver = {
+        filetypes = { "scheme", "scm" },
+        single_file_support = true,
+      },
    },
    -- enable servers that installed by home-manager instead of mason
    servers = {
      ---- Frontend & NodeJS
-      "tsserver",   -- typescript/javascript language server
-      "tailwindcss", -- tailwindcss language server
-      "html",       -- html language server
-      "cssls",      -- css language server
-      "prismals",   -- prisma language server
-      "volar",      -- vue language server
+      "tsserver",       -- typescript/javascript language server
+      "tailwindcss",    -- tailwindcss language server
+      "html",           -- html language server
+      "cssls",          -- css language server
+      "prismals",       -- prisma language server
+      "volar",          -- vue language server
      ---- Configuration Language
-      "marksman",   -- markdown ls
-      "jsonls",     -- json language server
-      "yamlls",     -- yaml language server
-      "taplo",      -- toml language server
+      "marksman",       -- markdown ls
+      "jsonls",         -- json language server
+      "yamlls",         -- yaml language server
+      "taplo",          -- toml language server
      ---- Backend
-      "lua_ls",     -- lua
-      "gopls",      -- go
-      "rust_analyzer", -- rust
-      "pyright",    -- python
-      "ruff_lsp",   -- extremely fast Python linter and code transformation
-      "jdtls",      -- java
-      "nil_ls",     -- nix language server
-      "bufls",      -- protocol buffer language server
-      "zls",        -- zig language server
+      "lua_ls",         -- lua
+      "gopls",          -- go
+      "rust_analyzer",  -- rust
+      "pyright",        -- python
+      "ruff_lsp",       -- extremely fast Python linter and code transformation
+      "jdtls",          -- java
+      "nil_ls",         -- nix language server
+      "bufls",          -- protocol buffer language server
+      "zls",            -- zig language server
      ---- HDL
-      "verible",    -- verilog language server
+      "verible",        -- verilog language server
      ---- Operation & Cloud Nativautoindente
-      "bashls",     -- bash
-      "cmake",      -- cmake language server
-      "clangd",     -- c/c++
-      "dockerls",   -- dockerfile
-      "jsonnet_ls", -- jsonnet language server
-      "terraformls", -- terraform hcl
+      "bashls",         -- bash
+      "cmake",          -- cmake language server
+      "clangd",         -- c/c++
+      "dockerls",       -- dockerfile
+      "jsonnet_ls",     -- jsonnet language server
+      "terraformls",    -- terraform hcl
+      "nushell",        -- nushell language server
+      "scheme_langserver", -- scheme language server
    },
    formatting = {
      disabled = {},
@@ -452,6 +571,7 @@ return {
          "jsonnet",
          "rust",
          "terraform",
+          "nu",
        },
      },
    },
@@ -22,8 +22,6 @@ return {
    -- NOTE: https://neovim.io/doc/user/builtin.html#jobstart()
    --   1. If {cmd} is a List it runs directly (no 'shell')
    --   2. If {cmd} is a String it runs in the 'shell'
-    ["<leader>tp"] = { function() utils.toggle_term_cmd({ cmd = "ipython" }) end, desc = "ToggleTerm python" },
-
    -- search and replace globally
    ['<leader>ss'] = {'<cmd>lua require("spectre").toggle()<CR>', desc = "Toggle Spectre" },
    ['<leader>sw'] = {'<cmd>lua require("spectre").open_visual({select_word=true})<CR>', desc = "Search current word" },
@@ -0,0 +1,56 @@
+{
+  pkgs,
+  astronvim,
+  ...
+}:
+###############################################################################
+#
+#  AstroNvim's configuration and all its dependencies(lsp, formatter, etc.)
+#
+#e#############################################################################
+let
+  shellAliases = {
+    v = "nvim";
+    vdiff = "nvim -d";
+  };
+in {
+  xdg.configFile = {
+    # astronvim's config
+    "nvim" = {
+      source = astronvim;
+      force = true;
+    };
+
+    # my custom astronvim config, astronvim will load it after base config
+    # https://github.com/AstroNvim/AstroNvim/blob/v3.32.0/lua/astronvim/bootstrap.lua#L15-L16
+    "astronvim/lua/user" = {
+      source = ./astronvim_user;
+      force = true;
+    };
+  };
+
+  home.shellAliases = shellAliases;
+  programs.nushell.shellAliases = shellAliases;
+
+  programs = {
+    neovim = {
+      enable = true;
+
+      defaultEditor = true;
+      viAlias = true;
+      vimAlias = true;
+
+      # currently we use lazy.nvim as neovim's package manager, so comment this one.
+      # Install packages that will compile locally or download FHS binaries via Nix!
+      # and use lazy.nvim's `dir` option to specify the package directory in nix store.
+      # so that these plugins can work on NixOS.
+      #
+      # related project:
+      #  https://github.com/b-src/lazy-nix-helper.nvim
+      plugins = with pkgs.vimPlugins; [
+        # search all the plugins using https://search.nixos.org/packages
+        telescope-fzf-native-nvim
+      ];
+    };
+  };
+}
@@ -0,0 +1,138 @@
+{pkgs, ...}: {
+  nixpkgs.config = {
+    programs.npm.npmrc = ''
+      prefix = ''${HOME}/.npm-global
+    '';
+  };
+
+  home.packages = with pkgs;
+    [
+      #-- c/c++
+      cmake
+      cmake-language-server
+      gnumake
+      checkmake
+      # c/c++ compiler, required by nvim-treesitter!
+      gcc
+      # c/c++ tools with clang-tools, the unwrapped version won't
+      # add alias like `cc` and `c++`, so that it won't conflict with gcc
+      llvmPackages.clang-unwrapped
+      lldb
+
+      #-- python
+      nodePackages.pyright # python language server
+      (python311.withPackages (
+        ps:
+          with ps; [
+            ruff-lsp
+            black # python formatter
+
+            jupyter
+            ipython
+            pandas
+            requests
+            pyquery
+            pyyaml
+
+            ## emacs's lsp-bridge dependenciesge
+            epc
+            orjson
+            sexpdata
+            six
+            setuptools
+            paramiko
+            rapidfuzz
+          ]
+      ))
+
+      #-- rust
+      rust-analyzer
+      cargo # rust package manager
+      rustfmt
+
+      #-- zig
+      zls
+
+      #-- nix
+      nil
+      rnix-lsp
+      # nixd
+      statix # Lints and suggestions for the nix programming language
+      deadnix # Find and remove unused code in .nix source files
+      alejandra # Nix Code Formatter
+
+      #-- golang
+      go
+      gomodifytags
+      iferr # generate error handling code for go
+      impl # generate function implementation for go
+      gotools # contains tools like: godoc, goimports, etc.
+      gopls # go language server
+      delve # go debugger
+
+      # -- java
+      jdk17
+      gradle
+      maven
+      spring-boot-cli
+
+      #-- lua
+      stylua
+      lua-language-server
+
+      #-- bash
+      nodePackages.bash-language-server
+      shellcheck
+      shfmt
+
+      #-- javascript/typescript --#
+      nodePackages.nodejs
+      nodePackages.typescript
+      nodePackages.typescript-language-server
+      # HTML/CSS/JSON/ESLint language servers extracted from vscode
+      nodePackages.vscode-langservers-extracted
+      nodePackages."@tailwindcss/language-server"
+      emmet-ls
+
+      #-- CloudNative
+      nodePackages.dockerfile-language-server-nodejs
+      # terraform  # install via brew on macOS
+      terraform-ls
+      jsonnet
+      jsonnet-language-server
+      hadolint # Dockerfile linter
+
+      # -- Lisp like Languages
+      guile
+      racket-minimal
+      fnlfmt # fennel
+
+      #-- Others
+      taplo # TOML language server / formatter / validator
+      nodePackages.yaml-language-server
+      sqlfluff # SQL linter
+      actionlint # GitHub Actions linter
+      buf # protoc plugin for linting and formatting
+      proselint # English prose linter
+
+      #-- Misc
+      tree-sitter # common language parser/highlighter
+      nodePackages.prettier # common code formatter
+      marksman # language server for markdown
+      glow # markdown previewer
+      fzf
+      pandoc # document converter
+      hugo # static site generator
+
+      #-- Optional Requirements:
+      gdu # disk usage analyzer, required by AstroNvim
+      (ripgrep.override {withPCRE2 = true;}) # recursively searches directories for a regex pattern
+    ]
+    ++ (
+      lib.optionals pkgs.stdenv.isLinux [
+        #-- verilog / systemverilog
+        verible
+        gdb
+      ]
+    );
+}
@@ -0,0 +1,30 @@
+# Encryption
+
+We have GnuPG & password-store installed by default, mainly for password management, authentication & communication encryption.
+
+We also have LUKS2 for disk encryption on Linux, and [rclone](https://rclone.org/crypt/) for cross-platform data encryption & syncing.
+
+[age](https://github.com/FiloSottile/age) may be more general for file encryption.
+
+[Sops](https://github.com/getsops/sops/tree/main) can be used for file encryption too, if you prefer 
+using a Cloud provider for key management.
+
+
+## Asymmetric Encryption
+
+Both age, Sops & GnuPG provide asymmetric encryption, which is useful for encrypting files for a specific user.
+
+For morden use, age is recommended, as it use [AEAD encryption function - ChaCha20-Poly1305][age Format v1],
+If you do not want to manage the keys by yourself, Sops is recommended, as it use KMS for key management.
+
+## Symmetric Encryption
+
+Both age & GnuPG provide symmetric encryption, which is useful for encrypting files for a specific user.
+
+As described in [age Format v1][age Format v1], age use scrypt to encrypt and decrypt the file key with a provided passphrase,
+which is more secure than GnuPG's symmetric encryption.
+
+
+
+[age Format v1]: https://age-encryption.org/v1
+
@@ -0,0 +1,7 @@
+{pkgs, ...}: {
+  home.packages = with pkgs; [
+    age
+    sops
+    rclone
+  ];
+}
@@ -0,0 +1,660 @@
+# GNU Privacy Guard(GnuPG)
+
+> Offical Website: https://www.gnupg.org/
+
+The GNU Privacy Guard is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as **PGP**). GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kind of public key directories. 
+
+> In the following content, we will use GPG to refer to GnuPG tool, and PGP to refer to various concepts defined in the OepnPGP standard(e.g. PGP key, PGP key server).
+
+Key functions of GnuPG:
+
+1. Keypair(keyring) management
+2. Sign and Verify your data
+3. Encrypt and Decrypt your data
+
+Main usage scenarios of GnuPG:
+
+1. Sign or encrypt your email
+   1. Verify or decrypt the email you received
+2. Sign your git commit
+3. Manage your ssh key
+4. Encrypt your data and store it somewhere.
+
+GnuPG/OpenPGP is complex, so while using it, I have been looking forward to finding an encryption tool that is simple enough, functional enough, and widely adopted.
+
+Currently I use both age & GnuPG:
+
+1. Age for secrets encryption(ssh key & other secret files), it's simple and easy to use.
+2. GnuPG for password-store and email encryption.
+
+> At present, the safe and efficient use of GPG is probably combined with hardware keys such as yubikey. but I don't have one, so I won't talk about it here.
+
+## Practical Cryptography for Developers
+
+To use GnuGP without seamlessly, Some Practical Cryptography knowledge is required, here is dome tutorials:
+
+- English version: <https://github.com/nakov/Practical-Cryptography-for-Developers-Book>
+- Chinese version: <https://thiscute.world/tags/cryptography/>
+
+## Overview of GnuPG
+
+> GnuPG's Official User Guides: <https://www.gnupg.org/documentation/guides.html>
+
+> ArchWiki's GnuPG page: <https://wiki.archlinux.org/title/GnuPG>
+
+### 0. How GnuGP generate & protect your keypair?
+
+Related Docs:
+
+- [2021年，用更现代的方法使用PGP（上）][2021年，用更现代的方法使用PGP（上）]
+- [Predictable, Passphrase-Derived PGP Keys][Predictable, Passphrase-Derived PGP Keys]
+- [OpenPGP - The almost perfect key pair][OpenPGP - The almost perfect key pair]
+
+
+GnuPG generate every secret key separately, and encrypt them with a symmetric key derived from your passphrase.
+OpenPGP standard defines [String-to-Key (S2K)](https://datatracker.ietf.org/doc/html/rfc4880#section-3.7)
+algorithm to derive a symmetric key from your passphrase.
+
+GnuPG's [OpenPGP protocol specific options](https://gnupg.org/documentation/manuals/gnupg/OpenPGP-Options.html#OpenPGP-Options) shows that:
+
+```
+--s2k-cipher-algo name
+
+    Use name as the cipher algorithm for symmetric encryption with a passphrase if --personal-cipher-preferences and --cipher-algo are not given. The default is AES-128.
+--s2k-digest-algo name
+
+    Use name as the digest algorithm used to mangle the passphrases for symmetric encryption. The default is SHA-1.
+--s2k-mode n
+
+    Selects how passphrases for symmetric encryption are mangled. If n is 0 a plain passphrase (which is in general not recommended) will be used, a 1 adds a salt (which should not be used) to the passphrase and a 3 (the default) iterates the whole process a number of times (see --s2k-count).
+--s2k-count n
+
+    Specify how many times the passphrases mangling for symmetric encryption is repeated. This value may range between 1024 and 65011712 inclusive. The default is inquired from gpg-agent. Note that not all values in the 1024-65011712 range are legal and if an illegal value is selected, GnuPG will round up to the nearest legal value. This option is only meaningful if --s2k-mode is set to the default of 3.
+```
+
+The strongest options should be:
+
+```
+gpg --s2k-mode 3 --s2k-count 65011712 --s2k-digest-algo SHA512 --s2k-cipher-algo AES256 ...
+```
+
+To use the strongest options globally, you can specify these options in your `~/.gnupg/gpg.conf`.
+I've added them to my Home Manager's `programs.gpg.settings` option.
+
+
+### 1. PGP Key(Primary Key) generation
+
+Key management is the core of OpenPGP standard / GnuPG.
+
+GnuPG uses public-key cryptography so that users may communicate securely. In a public-key system, each user has a pair of keys consisting of a private key and a public key. **A user's private key is kept secret; it need **never be revealed. The public key may be given to anyone with whom the user wants to communicate**. GnuPG uses a somewhat more sophisticated scheme in which a user has a primary keypair and then zero or more additional subordinate keypairs. The primary and subordinate keypairs are bundled to facilitate key management and the bundle can often be considered simply as one keypair, or a keyring/keychain(which contains multiple sub key-pairs).
+
+Let's generate a keypair interactively:
+
+> Now in 2024, GnuPG 2.4.1 defaults to ECC algorithm (9) and Curve 25519 for ECC, which is morden and safe, I would recommend to use these defaults directly.
+
+```bash
+gpg --full-gen-key
+```
+
+This command will ask you for some algorithm related settings(ECC & Curve 25519), your personal info, and a strong passphrase to protect your PGP key. e.g.
+
+``` bash
+› gpg --full-gen-key
+gpg (GnuPG) 2.4.1; Copyright (C) 2023 g10 Code GmbH
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+gpg: directory '/Users/ryan/.gnupg' created
+Please select what kind of key you want:
+   (1) RSA and RSA
+   (2) DSA and Elgamal
+   (3) DSA (sign only)
+   (4) RSA (sign only)
+   (9) ECC (sign and encrypt) *default*
+  (10) ECC (sign only)
+  (14) Existing key from card
+Your selection? 9
+Please select which elliptic curve you want:
+   (1) Curve 25519 *default*
+   (4) NIST P-384
+   (6) Brainpool P-256
+Your selection? 1
+Please specify how long the key should be valid.
+         0 = key does not expire
+      <n>  = key expires in n days
+      <n>w = key expires in n weeks
+      <n>m = key expires in n months
+      <n>y = key expires in n years
+Key is valid for? (0) 10y
+Key expires at 一  1/ 4 13:50:31 2044 CST
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: 
+Email address: 
+Comment: 
+You selected this USER-ID:
+    "Ryan Yin (For pass For Work ssh only) <ryan4yin@linux.com>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+gpg: /Users/ryan/.gnupg/trustdb.gpg: trustdb created
+gpg: directory '/Users/ryan/.gnupg/openpgp-revocs.d' created
+gpg: revocation certificate stored as '/Users/ryan/.gnupg/openpgp-revocs.d/C8D84EBC5F82494F432ACEF042E49B284C30A0DA.rev'
+public and secret key created and signed.
+
+pub   ed25519 2024-01-09 [SC] [expires: 2034-01-04]
+      C8D84EBC5F82494F432ACEF042E49B284C30A0DA
+uid                      Ryan Yin (For pass For Work ssh only) <ryan4yin@linux.com>
+sub   cv25519 2024-01-09 [E] [expires: 2034-01-04]
+```
+
+### 2. Configuration Files
+
+> https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration.html
+
+The generated keys are stored in `~/.gnupg` by default, the functions of each file are as follows:
+
+``` bash
+› tree ~/.gnupg/
+/Users/ryan/.gnupg/
+|-- S.gpg-agent           # socket file
+|-- S.gpg-agent.browser   # socket file
+|-- S.gpg-agent.extra     # socket file
+|-- S.gpg-agent.ssh       # socket file
+|-- S.keyboxd             # socket file
+|-- common.conf              # config file
+|-- openpgp-revocs.d         # Revocation certificates
+|   `-- F680C6D7215674ADEA421CC5E22EC419FF93EA98.rev
+|-- private-keys-v1.d        # private keys with user info & protect by passphrase
+|   |-- 2083133619AB24DC32DA68F9FE83C58D375284E3.key
+|   `-- 9350704F120643C504491E92CA97255223778C8A.key
+|-- public-keys.d            # public keys
+|   |-- pubring.db
+|   `-- pubring.db.lock
+`-- trustdb.gpg              # a trust database
+
+4 directories, 12 files
+```
+
+The functions of most files are quite clear at a glance, but the `trustdb.gpg` in them is a bit difficult to understand. Here are the details: <https://www.gnupg.org/gph/en/manual/x334.html>
+
+Home Manager will manage all the things in `~/.gnupg/` EXCEPT `~/.gnupg/openpgp-revocs.d/` and `~/.gnupg/private-keys-v1.d/`, which is expected.
+
+### 3. Sub Key Generation & Best Practice
+
+In PGP, every keys has a **usage flag** to indicate its usage:
+
+- `C` means this key can be used to **Certify** other keys, which means this key can be used to **create/delete/revoke/modify** other keys.
+- `S` means this key can be used to **Sign** data.
+- `E` means this key can be used to **Encrypt** data. 
+- `A` means this key can be used to **Authenticate** data with various non-GnuPG programs. The key can be used as e.g. an **SSH key**.
+
+The **best practice** is:
+
+1. Generate a primary key with strong cryptography arguments(such as ECC + Curve 25519).
+2. Then generate 3 sub keys with `E`, `S` and `A` usage flag respectively.
+3. **The Primary Key is extremely important**, Backup the primary key to somewhere absolutely safe(such as two encryptd USB drivers, keep them in different places), and then **delete it from your computer immediately**.
+4. The sub key is also important, but you can generate a new one and replace it easily. You can backup it to somewhere else, and import it to another machine to use your keypair.
+5. Backup your Primary key's revocation certificate to somewhere safe, it's the last way to rescure your safety if your primary key is compromised!
+  1. It's a big problem if your revocation certificate is compromised, but not the bigest one. because it's only used to revoke your keypair, your data is still safe. But you should generate a new keypair and revoke the old one immediately.
+  1. It will be a big problem if your primary key is compromised, and you don't have a revocation certificate to revoke it. But since OpenPGP do not have a good way to distribute revocation certificate, even you have a revocation certificate, it's still hard to distribute it to others...
+
+To keep your keypair safe, you should backup your keypair according to the following steps.
+
+Now let's add the sub keys to the keypair we generated above:
+
+> `E` sub key is already generated by default, so we only need to generate `S` and `A` sub keys.
+
+> GnuPG will ask you to input your passphrase to unlock your primary key.
+
+``` bash
+› gpg --expert --edit-key ryan4yin@linux.com
+gpg (GnuPG) 2.4.1; Copyright (C) 2023 g10 Code GmbH
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Secret key is available.
+
+sec  ed25519/42E49B284C30A0DA
+     created: 2024-01-09  expires: 2034-01-04  usage: SC
+     trust: ultimate      validity: ultimate
+ssb  cv25519/6CB4A81FFB3C99B6
+     created: 2024-01-09  expires: 2034-01-04  usage: E
+[ultimate] (1). Ryan Yin (For pass For Work ssh only) <ryan4yin@linux.com>
+
+gpg> addkey
+Please select what kind of key you want:
+   (3) DSA (sign only)
+   (4) RSA (sign only)
+   (5) Elgamal (encrypt only)
+   (6) RSA (encrypt only)
+   (7) DSA (set your own capabilities)
+   (8) RSA (set your own capabilities)
+  (10) ECC (sign only)
+  (11) ECC (set your own capabilities)
+  (12) ECC (encrypt only)
+  (13) Existing key
+  (14) Existing key from card
+Your selection? 10
+Please select which elliptic curve you want:
+   (1) Curve 25519 *default*
+   (2) Curve 448
+   (3) NIST P-256
+   (4) NIST P-384
+   (5) NIST P-521
+   (6) Brainpool P-256
+   (7) Brainpool P-384
+   (8) Brainpool P-512
+   (9) secp256k1
+Your selection? 1
+Please specify how long the key should be valid.
+         0 = key does not expire
+      <n>  = key expires in n days
+      <n>w = key expires in n weeks
+      <n>m = key expires in n months
+      <n>y = key expires in n years
+Key is valid for? (0) 10y
+Key expires at Mon Jan  4 17:47:24 2044 CST
+Is this correct? (y/N) y
+Really create? (y/N) y
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+
+sec  ed25519/42E49B284C30A0DA
+     created: 2024-01-09  expires: 2034-01-04  usage: SC
+     trust: ultimate      validity: ultimate
+ssb  cv25519/6CB4A81FFB3C99B6
+     created: 2024-01-09  expires: 2034-01-04  usage: E
+ssb  ed25519/A42813E03A10F504
+     created: 2024-01-09  expires: 2034-01-04  usage: S
+[ultimate] (1). Ryan Yin (For pass For Work ssh only) <ryan4yin@linux.com>
+
+gpg> addkey
+Please select what kind of key you want:
+   (3) DSA (sign only)
+   (4) RSA (sign only)
+   (5) Elgamal (encrypt only)
+   (6) RSA (encrypt only)
+   (7) DSA (set your own capabilities)
+   (8) RSA (set your own capabilities)
+  (10) ECC (sign only)
+  (11) ECC (set your own capabilities)
+  (12) ECC (encrypt only)
+  (13) Existing key
+  (14) Existing key from card
+Your selection? 11
+
+Possible actions for this ECC key: Sign Authenticate
+Current allowed actions: Sign
+
+   (S) Toggle the sign capability
+   (A) Toggle the authenticate capability
+   (Q) Finished
+
+Your selection? S
+
+Possible actions for this ECC key: Sign Authenticate
+Current allowed actions:
+
+   (S) Toggle the sign capability
+   (A) Toggle the authenticate capability
+   (Q) Finished
+
+Your selection? A
+
+Possible actions for this ECC key: Sign Authenticate
+Current allowed actions: Authenticate
+
+   (S) Toggle the sign capability
+   (A) Toggle the authenticate capability
+   (Q) Finished
+
+Your selection? Q
+Please select which elliptic curve you want:
+   (1) Curve 25519 *default*
+   (2) Curve 448
+   (3) NIST P-256
+   (4) NIST P-384
+   (5) NIST P-521
+   (6) Brainpool P-256
+   (7) Brainpool P-384
+   (8) Brainpool P-512
+   (9) secp256k1
+Your selection? 1
+Please specify how long the key should be valid.
+         0 = key does not expire
+      <n>  = key expires in n days
+      <n>w = key expires in n weeks
+      <n>m = key expires in n months
+      <n>y = key expires in n years
+Key is valid for? (0) 10y
+Key expires at Mon Jan  4 17:48:27 2044 CST
+Is this correct? (y/N) y
+Really create? (y/N) y
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+
+sec  ed25519/42E49B284C30A0DA
+     created: 2024-01-09  expires: 2034-01-04  usage: SC
+     trust: ultimate      validity: ultimate
+ssb  cv25519/6CB4A81FFB3C99B6
+     created: 2024-01-09  expires: 2034-01-04  usage: E
+ssb  ed25519/A42813E03A10F504
+     created: 2024-01-09  expires: 2034-01-04  usage: S
+ssb  ed25519/5469C4FACC81B60F
+     created: 2024-01-09  expires: 2034-01-04  usage: A
+[ultimate] (1). Ryan Yin (For pass For Work ssh only) <ryan4yin@linux.com>
+
+gpg> save
+```
+
+Check the secret keys and public keys we generated:
+
+```bash
+› gpg --list-secret-keys --with-subkey-fingerprint
+[keyboxd]
+---------
+sec   ed25519 2024-01-09 [SC] [expires: 2034-01-04]
+      C8D84EBC5F82494F432ACEF042E49B284C30A0DA
+uid           [ultimate] Ryan Yin (For pass For Work ssh only) <ryan4yin@linux.com>
+ssb   cv25519 2024-01-09 [E] [expires: 2034-01-04]
+      1146D48B93C2177C92D186026CB4A81FFB3C99B6
+ssb   ed25519 2024-01-09 [S] [expires: 2034-01-04]
+      DF64002A822948B17783BBB1A42813E03A10F504
+ssb   ed25519 2024-01-09 [A] [expires: 2034-01-04]
+      65E2C6C1C3559362ABB7047C5469C4FACC81B60F
+
+› gpg --list-public-keys
+...
+```
+ 
+### 4. Backup & Restore
+
+Export Public Keys(Both Primary Key & Sub Keys):
+
+```bash
+gpg --armor --export ryan4yin@linux.com > ryan4yin-gpg-keys.pub
+# check what we have exported, we should see 4 public keys
+nix run nixpkgs#pgpdump ryan4yin-gpg-keys.pub
+```
+
+Export Primary Key(The exported key is still encrypted by your passphrase):
+
+> the `!` at the end of the key ID is to force GnuPG to export only the specified key, not the subkeys.
+
+> GnuPG will ask you to input your passphrase to unlock your keypair,
+> because GnuPG need to convert the secret key's format from its internal protection format to the one specified by the OpenPGP protocol.
+
+```bash
+# replace the key ID with your own sec key's ID
+gpg --armor --export-secret-keys C8D84EBC5F82494F432ACEF042E49B284C30A0DA! > ryan4yin-primary-key.priv
+
+# Check the exported primary key's detail info,
+nix run nixpkgs#pgpdump ryan4yin-primary-key.priv
+...
+Old: Secret Key Packet(tag 5)(134 bytes)
+        Ver 4 - new
+        Public key creation time - Sat Jan 27 14:13:13 CST 2024
+        Pub alg - EdDSA Edwards-curve Digital Signature Algorithm(pub 22)
+        Elliptic Curve - Ed25519 (0x2B 06 01 04 01 DA 47 0F 01)
+        EdDSA Q(263 bits) - ...
+        Sym alg - AES with 128-bit key(sym 7)
+        Iterated and salted string-to-key(s2k 3):
+                Hash alg - SHA1(hash 2)
+                Salt - 8c 78 58 c0 87 83 8c 2c
+                Count - 65011712(coded count 255)
+        IV - xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 
+        Encrypted EdDSA x
+        Encrypted SHA1 hash
+...
+```
+
+As [Predictable, Passphrase-Derived PGP Keys][Predictable, Passphrase-Derived PGP Keys] says, we'll find that gpg ignored the `--s2k-count` option we specified when generating the keypair, and the `--s2k` related options we specified in `~/.gnupg/gpg.conf`, 
+the exported primary key is protectd by `SHA1` and `AES128`, which is not secure enough!
+
+So to increase the security of the exported primary key, we need to encrypt it again with a stronger algorithm, I choose `age` here(which use `scrypt` to encrypt the file key with a provided passphrase):
+
+```bash
+# for simplicity, use the same passphrase as your gpg keypair here
+age --passphrase -o ryan4yin-primary-key.priv.age ryan4yin-primary-key.priv
+rm ryan4yin-primary-key.priv
+```
+
+Export Sub Keys one by one(The exported keys is still encrypted by your passphrase):
+
+```bash
+gpg --armor --export-secret-subkeys > ryan4yin-gpg-subkeys.priv
+
+# Check the exported primary key's detail info,
+nix run nixpkgs#pgpdump ryan4yin-gpg-subkeys.priv
+
+# encrypt it again with age(scrypt)
+age --passphrase  -o ryan4yin-gpg-subkeys.priv.age ryan4yin-gpg-subkeys.priv
+rm ryan4yin-gpg-subkeys.priv
+```
+
+Your can import the exported Private Key via `gpg --import <keyfile>` to restore it, but you need to decrypt it via age first.
+
+As for Public Keys, please import your publicKeys via Home Manager's `programs.gpg.publicKeys` option, DO NOT import it manually(via `gpg --import <keyfile>`).
+
+To ensure security, delete the master key and revoke the certificate immediately after the backup is completed:
+
+```bash
+# delete the primary key and all its sub keys
+gpg --delete-secret-keys ryan4yin@linux.com
+
+# delete the revocation certificate
+rm ~/.gnupg/openpgp-revocs.d/C8D84EBC5F82494F432ACEF042E49B284C30A0DA.rev
+
+# import our subkeys back
+age --decrypt -o ryan4yin-primary-key.priv ryan4yin-primary-key.priv.age
+gpg --import ryan4yin-gpg-subkeys.priv
+```
+
+Now check the secret keys and public keys again:
+
+> A `#` at the end of the key ID means that the key is not available, because we have deleted it.
+
+```bash
+› gpg --list-secret-keys --keyid-format=long
+/home/ryan/.gnupg/pubring.kbx
+-----------------------------
+sec#  ed25519/D1C5FFA3118A41FC 2024-01-09 [SC] [expires: 2034-01-04]
+      Key fingerprint = E267 943C 33AD C5AF 3D76  4D96 D1C5 FFA3 118A 41FC
+uid                 [ unknown] Ryan Yin (Personal) <ryan4yin@linux.com>
+ssb   cv25519/62526A4A0CF43E33 2024-01-09 [E] [expires: 2034-01-04]
+ssb   ed25519/433A66D63805BD1A 2024-01-09 [S] [expires: 2034-01-04]
+ssb   ed25519/441E3D8FBD313BF2 2024-01-09 [A] [expires: 2034-01-04]
+
+
+› gpg --list-public-keys --keyid-format=long
+/home/ryan/.gnupg/pubring.kbx
+-----------------------------
+pub   ed25519/D1C5FFA3118A41FC 2024-01-09 [SC] [expires: 2034-01-04]
+      Key fingerprint = E267 943C 33AD C5AF 3D76  4D96 D1C5 FFA3 118A 41FC
+uid                 [ unknown] Ryan Yin (Personal) <ryan4yin@linux.com>
+sub   cv25519/62526A4A0CF43E33 2024-01-09 [E] [expires: 2034-01-04]
+sub   ed25519/433A66D63805BD1A 2024-01-09 [S] [expires: 2034-01-04]
+sub   ed25519/441E3D8FBD313BF2 2024-01-09 [A] [expires: 2034-01-04]
+```
+
+### 5. Signing & Verification
+
+```bash
+#  Make a cleartext signature.
+gpg --clearsign <file>
+
+# Make a detached signature, with text output.
+gpg --armor --detach-sign <file>
+
+# verify the file contains a valid signature.
+gpg --verify <file>
+
+# verify the file with a detached signature.
+gpg --verify <file> <signature-file>
+```
+
+### 6. Encryption & Decryption
+
+```bash
+# Encrypt a file via recipient's public key, sign it via your private key for signing, and output cleartext.
+# so that the reciiptent can decrypt it via his/her private key.
+gpg --armor --sign --encrypt --recipient ryan4yin@linux.com <file>
+# or use this short version
+gpg -aser ryan4yin@linux.com <file>
+
+# Descrypt a file via your private key, and verify the signature via the sender's public key.
+gpg --decrypt <file>
+# or
+gpg -d <file>
+```
+
+If you just want to encrypt/decrypt a file quickly, you can use `age` with a passphrase, `gpg` can also do this, but it's not recommended(as age(scrypt)'s more secure):
+
+```bash
+# Encrypt a file via symmetric encryption(AES256), and output cleartext.
+gpg --armor --symmetric --cipher-algo AES256 <file>
+# or
+gpg -ac <file>
+
+# Decrypt a file via symmetric encryption.
+gpg --decrypt <file>
+# or
+gpg -d <file>
+```
+
+### 7. Public Key Exchange & Revocation
+
+In the case of many users, it is very difficult to exchange public keys securely and reliably with each other.
+In the Web world, There is a **Chain of Trust**** to resolve this problem:
+
+- A Certificate Authority(CA) is responsible to verify & sign all the certificate signing request.
+- Web Server can safely transmit its Web Certificate to the client via TLS protocol.
+- Client can verify the recevied Web Certificate via the CA's root certificate(which is built in Browser/OS). 
+
+But in OpenPGP:
+
+- There is key servers to distribute(exchange) public keys, but it **do not verify the identity of the key owner**, and any uploaded data is **not allowed to be deleted**. Which make it **insecure and dangerous**.
+  - Why key server is dangerous?
+    - Many PGP novices follow various tutorials to upload various key with personal privacy (such as real names) to the public key server, and then find that they can't delete them, which is very embarrassing.
+    - Anyone can upload a key to the key server, and claim that it is the key of a certain person(such as Linus), which is very insecure.
+  - **key server** is not recommend to use.
+- GnuPG will generate revocation certificate when generating keypair(`~/.gnupg/private-keys-v1.d/<Key-ID.rev>`), anyone can import this certificate to revoke the keypair. But OpenPGP standard **DO NOT provide a way to distribute this certificate to others**.
+  - Not to mention some key status query protocol like OCSP in Web PKI.
+  - Users has to pulish their revocation certificate to their blog, github profile or somewhere else, and others has to check it and run `gpg --import <revocation-certificate>` to revoke the keypair manually.
+
+In summary, **there is no good way to distribute public keys and revoke them in OpenPGP**, which is a big problem.
+
+Currently, You have to distribute your public key or revocation certificate via your blog, github profile, or somewhere else, and others has to check it and run `gpg --import` to import your public key or revocation certificate manually.
+
+Anyway, let's try to revoke a keypair:
+
+```bash
+› gpg --list-keys
+gpg: checking the trustdb
+gpg: marginals needed: 3  completes needed: 1  trust model: pgp
+gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
+/home/ryan/.gnupg/pubring.kbx
+-----------------------------
+pub   ed25519/0x55859965C2742B4B 2024-01-09 [SC]
+      Key fingerprint = A2CD 07BD 9631 44CB 2725  5A6B 5585 9965 C274 2B4B
+uid                   [ultimate] test <test@test.t>
+sub   cv25519/0x9E78E897B6490D6B 2024-01-09 [E]
+
+# encrypt some file before revoke the keypair
+› gpg -aer test@test.t README.md > README.md.asc
+
+# try to decrypt the file, it should works
+› gpg -d README.md.asc
+gpg: encrypted with cv25519 key, ID 0x9E78E897B6490D6B, created 2024-01-09
+      "test <test@test.t>"
+# ......
+
+# take a look at the revocation certificate
+› cat gpg-test-revoke.rev
+This is a revocation certificate for the OpenPGP key:
+
+pub   ed25519/0x55859965C2742B4B 2024-01-09 [S]
+      Key fingerprint = A2CD 07BD 9631 44CB 2725  5A6B 5585 9965 C274 2B4B
+uid                            test <test@test.t>
+
+A revocation certificate is a kind of "kill switch" to publicly
+declare that a key shall not anymore be used.  It is not possible
+to retract such a revocation certificate once it has been published.
+
+Use it to revoke this key in case of a compromise or loss of
+the secret key.  However, if the secret key is still accessible,
+it is better to generate a new revocation certificate and give
+a reason for the revocation.  For details see the description of
+of the gpg command "--generate-revocation" in the GnuPG manual.
+
+To avoid an accidental use of this file, a colon has been inserted
+before the 5 dashes below.  Remove this colon with a text editor
+before importing and publishing this revocation certificate.
+
+:-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: This is a revocation certificate
+
+iHgEIBYKACAWIQSizQe9ljFEyyclWmtVhZllwnQrSwUCZZ1T9wIdAAAKCRBVhZll
+wnQrS2LVAQCegRF1qPqY/OCS5QCz8G0ra0XgPYlQYo9pSOjHgfY39AD+Psin2/6t
+STuJCp+gru6OtbTCu8Y2LugQeDh7UicM7Ak=
+=Xfs6
+-----END PGP PUBLIC KEY BLOCK-----
+```
+
+As the revocation certificate says, we need to remove the first colon(`:`) before the 5 dashes(`-----BEGIN PGP PUBLIC KEY BLOCK-----`), then import it:
+
+```bash
+› gpg --import gpg-test-revoke.rev
+gpg: key 0x55859965C2742B4B: "test <test@test.t>" revocation certificate imported
+gpg: Total number processed: 1
+gpg:    new key revocations: 1
+gpg: no ultimately trusted keys found
+
+› gpg --list-secret-keys --keyid-format=long
+/home/ryan/.gnupg/pubring.kbx
+-----------------------------
+sec   ed25519/55859965C2742B4B 2024-01-09 [SC] [revoked: 2024-01-09]
+      Key fingerprint = A2CD 07BD 9631 44CB 2725  5A6B 5585 9965 C274 2B4B
+uid                 [ revoked] test <test@test.t>
+
+
+# try to decrypt the file, it still works, but will indicate that the key is revoked.
+› gpg -d README.md.asc
+gpg: encrypted with cv25519 key, ID 0x9E78E897B6490D6B, created 2024-01-09
+      "test <test@test.t>"
+gpg: Note: key has been revoked
+gpg: reason for revocation: No reason specified
+# ......
+
+# try to encrypt some file via the revoked key, it will fail.
+› gpg -aer 9E78E897B6490D6B README.md
+gpg: 9E78E897B6490D6B: skipped: Unusable public key
+gpg: README.md: encryption failed: Unusable public key
+```
+
+But if you delete the `trustdb.gpg` and `pubring.kbx`, then import the revoked public key again, it will be valid and usable again... which is very dangerous.
+
+## References
+
+- [2021年，用更现代的方法使用PGP（上）][2021年，用更现代的方法使用PGP（上）]
+- [Predictable, Passphrase-Derived PGP Keys][Predictable, Passphrase-Derived PGP Keys]
+- [OpenPGP - The almost perfect key pair][OpenPGP - The almost perfect key pair]
+
+[2021年，用更现代的方法使用PGP（上）]: https://ulyc.github.io/2021/01/13/2021%E5%B9%B4-%E7%94%A8%E6%9B%B4%E7%8E%B0%E4%BB%A3%E7%9A%84%E6%96%B9%E6%B3%95%E4%BD%BF%E7%94%A8PGP-%E4%B8%8A/
+[Predictable, Passphrase-Derived PGP Keys]: https://nullprogram.com/blog/2019/07/10/
+[OpenPGP - The almost perfect key pair]: https://blog.eleven-labs.com/en/openpgp-almost-perfect-key-pair-part-1/
+
@@ -0,0 +1,83 @@
+{
+  config,
+  mysecrets,
+  ...
+}: {
+  programs.gpg = {
+    enable = true;
+    homedir = "${config.home.homeDirectory}/.gnupg";
+    #  $GNUPGHOME/trustdb.gpg stores all the trust level you specified in `programs.gpg.publicKeys` option.
+    #
+    # If set `mutableTrust` to false, the path $GNUPGHOME/trustdb.gpg will be overwritten on each activation.
+    # Thus we can only update trsutedb.gpg via home-manager.
+    mutableTrust = false;
+
+    # $GNUPGHOME/pubring.kbx stores all the public keys you specified in `programs.gpg.publicKeys` option.
+    #
+    # If set `mutableKeys` to false, the path $GNUPGHOME/pubring.kbx will become an immutable link to the Nix store, denying modifications.
+    # Thus we can only update pubring.kbx via home-manager
+    mutableKeys = false;
+    publicKeys = [
+      # https://www.gnupg.org/gph/en/manual/x334.html
+      {
+        source = "${mysecrets}/public/ryan4yin-gpg-keys-2014-01-27.pub";
+        trust = 5;
+      } # ultimate trust, my own keys.
+    ];
+
+    # This configuration is based on the tutorial below, it allows for a robust setup
+    # https://blog.eleven-labs.com/en/openpgp-almost-perfect-key-pair-part-1
+    # ~/.gnupg/gpg.conf
+    settings = {
+      # Get rid of the copyright notice
+      no-greeting = true;
+
+      # Disable inclusion of the version string in ASCII armored output
+      no-emit-version = true;
+      # Do not write comment packets
+      no-comments = false;
+      # Export the smallest key possible
+      # This removes all signatures except the most recent self-signature on each user ID
+      export-options = "export-minimal";
+
+      # Display long key IDs
+      keyid-format = "0xlong";
+      # List all keys (or the specified ones) along with their fingerprints
+      with-fingerprint = true;
+
+      # Display the calculated validity of user IDs during key listings
+      list-options = "show-uid-validity";
+      verify-options = "show-uid-validity show-keyserver-urls";
+
+      # Select the strongest cipher
+      personal-cipher-preferences = "AES256";
+      # Select the strongest digest
+      personal-digest-preferences = "SHA512";
+      # This preference list is used for new keys and becomes the default for "setpref" in the edit menu
+      default-preference-list = "SHA512 SHA384 SHA256 RIPEMD160 AES256 TWOFISH BLOWFISH ZLIB BZIP2 ZIP Uncompressed";
+
+      # Use the strongest cipher algorithm
+      cipher-algo = "AES256";
+      # Use the strongest digest algorithm
+      digest-algo = "SHA512";
+      # Message digest algorithm used when signing a key
+      cert-digest-algo = "SHA512";
+      # Use RFC-1950 ZLIB compression
+      compress-algo = "ZLIB";
+
+      # Disable weak algorithm
+      disable-cipher-algo = "3DES";
+      # Treat the specified digest algorithm as weak
+      weak-digest = "SHA1";
+
+      # The cipher algorithm for symmetric encryption for symmetric encryption with a passphrase
+      s2k-cipher-algo = "AES256";
+      # The digest algorithm used to mangle the passphrases for symmetric encryption
+      s2k-digest-algo = "SHA512";
+      # Selects how passphrases for symmetric encryption are mangled
+      s2k-mode = "3";
+      # Specify how many times the passphrases mangling for symmetric encryption is repeated
+      s2k-count = "65011712";
+    };
+  };
+}
@@ -1,156 +0,0 @@
-{
-  pkgs,
-  astronvim,
-  ...
-}:
-###############################################################################
-#
-#  AstroNvim's configuration and all its dependencies(lsp, formatter, etc.)
-#
-#e#############################################################################
-{
-  xdg.configFile = {
-    # astronvim's config
-    "nvim".source = astronvim;
-
-    # my custom astronvim config, astronvim will load it after base config
-    # https://github.com/AstroNvim/AstroNvim/blob/v3.32.0/lua/astronvim/bootstrap.lua#L15-L16
-    "astronvim/lua/user".source = ./astronvim_user;
-  };
-
-  nixpkgs.config = {
-    programs.npm.npmrc = ''
-      prefix = ''${HOME}/.npm-global
-    '';
-  };
-
-  programs = {
-    neovim = {
-      enable = true;
-
-      defaultEditor = true;
-      viAlias = true;
-      vimAlias = true;
-
-      # currently we use lazy.nvim as neovim's package manager, so comment this one.
-      # plugins = with pkgs.vimPlugins; [
-      #   # search all the plugins using https://search.nixos.org/packages
-      # ];
-
-      # Extra packages only available to nvim(won't pollute the global home environment)
-      extraPackages = with pkgs;
-        [
-          #-- c/c++
-          cmake
-          cmake-language-server
-          gnumake
-          checkmake
-          gcc # c/c++ compiler, required by nvim-treesitter!
-          llvmPackages.clang-unwrapped # c/c++ tools with clang-tools such as clangd
-          gdb
-          lldb
-
-          #-- python
-          nodePackages.pyright # python language server
-          python3Packages.black # python formatter
-          python3Packages.ruff-lsp
-          (python3.withPackages (
-            ps:
-              with ps; [
-                pynvim # Python client and plugin host for Nvim
-
-                ipython
-                pandas
-                requests
-                pyquery
-                pyyaml
-              ]
-          ))
-
-          #-- rust
-          rust-analyzer
-          cargo # rust package manager
-          rustfmt
-
-          #-- zig
-          zls
-
-          #-- nix
-          nil
-          rnix-lsp
-          # nixd
-          statix # Lints and suggestions for the nix programming language
-          deadnix # Find and remove unused code in .nix source files
-          alejandra # Nix Code Formatter
-
-          #-- golang
-          go
-          gomodifytags
-          iferr # generate error handling code for go
-          impl # generate function implementation for go
-          gotools # contains tools like: godoc, goimports, etc.
-          gopls # go language server
-          delve # go debugger
-
-          # -- java
-          jdk17
-          gradle
-          maven
-          spring-boot-cli
-
-          #-- lua
-          stylua
-          lua-language-server
-
-          #-- bash
-          nodePackages.bash-language-server
-          shellcheck
-          shfmt
-
-          #-- javascript/typescript --#
-          nodePackages.nodejs
-          nodePackages.typescript
-          nodePackages.typescript-language-server
-          # HTML/CSS/JSON/ESLint language servers extracted from vscode
-          nodePackages.vscode-langservers-extracted
-          nodePackages."@tailwindcss/language-server"
-
-          #-- CloudNative
-          nodePackages.dockerfile-language-server-nodejs
-          # terraform  # install via brew on macOS
-          terraform-ls
-          jsonnet
-          jsonnet-language-server
-          hadolint # Dockerfile linter
-
-          #-- Others
-          taplo # TOML language server / formatter / validator
-          nodePackages.yaml-language-server
-          sqlfluff # SQL linter
-          actionlint # GitHub Actions linter
-          buf # protoc plugin for linting and formatting
-          proselint # English prose linter
-          guile # scheme language
-
-          #-- Misc
-          tree-sitter # common language parser/highlighter
-          nodePackages.prettier # common code formatter
-          marksman # language server for markdown
-          glow # markdown previewer
-          fzf
-
-          #-- Optional Requirements:
-          gdu # disk usage analyzer, required by AstroNvim
-          ripgrep # fast search tool, required by AstroNvim's '<leader>fw'(<leader> is space key)
-        ]
-        ++ (
-          if pkgs.stdenv.isDarwin
-          then []
-          else [
-            #-- verilog / systemverilog
-            verible
-          ]
-        );
-    };
-  };
-}
@@ -0,0 +1,47 @@
+# Password Manager
+
+- https://www.passwordstore.org/
+- [awesome-password-store](https://github.com/tijn/awesome-password-store)
+- <https://github.com/gopasspw/gopass>: reimplement in go, with more features.
+- Clients
+  - Android: <https://github.com/android-password-store/Android-Password-Store>
+  - Brosers(Chrome/Firefox): <https://github.com/browserpass/browserpass-extension>
+
+## How to change the gpg key of the pass password store?
+
+To ensure security, we should change the GPG key every two or three years. Here is how to do this.
+
+1. Create a new GPG key pair and backup it to a safe place.
+2. Ensure you can access both the old and new GPG keys.
+3. Update `./default.nix` to use the new GPG sub keys.
+4. Check which Key `pass` currently uses:
+
+    ```bash
+    cd ~/.local/share/password-store/
+    # check which key is used by pass
+    cat .gpg-id
+    # check which key is really used to encrypt the password
+    gpg --list-packets path/to/any/password.gpg
+    ```
+4. Change the key used by `pass`:
+    ```bash
+    # change the key used by pass, see `man pass` for more details
+    # you will be asked to enter the password of both the new and old keys
+    # then pass will re-encrypt all the passwords with the new key
+    pass init <new-key-id>
+    ```
+5. Check if the key is changed:
+    ```bash
+    # check which key is used by pass
+    cat .gpg-id
+    # check which key is really used to encrypt the password
+    gpg --list-packets path/to/any/password.gpg
+    ```
+6. Delete the old GPG key pair:
+    ```bash
+    # delete the old key pair
+    gpg --delete-secret-keys <old-key-id>
+    gpg --delete-keys <old-key-id>
+    ```
+
+
@@ -0,0 +1,52 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: let
+  passwordStoreDir = "${config.xdg.dataHome}/password-store";
+in {
+  programs.password-store = {
+    enable = true;
+    package = pkgs.pass.withExtensions (exts: [
+      # support for one-time-password (OTP) tokens
+      # NOTE: Saving the password and OTP together runs counter to the purpose of secondary verification!
+      # exts.pass-otp
+
+      exts.pass-import # a generic importer tool from other password managers
+      exts.pass-update # an easy flow for updating passwords
+    ]);
+    # See the “Environment variables” section of pass(1) and the extension man pages for more information about the available keys.
+    settings = {
+      PASSWORD_STORE_DIR = passwordStoreDir;
+      # Overrides the default gpg key identification set by init.
+      # Hexadecimal key signature is recommended.
+      # Multiple keys may be specified separated by spaces.
+      PASSWORD_STORE_KEY = lib.strings.concatStringsSep " " [
+        "EF824EB73CFD6CC7" # E - Ryan Yin (For pass & ssh only) <ryan4yin@linux.com>
+      ];
+      # all .gpg-id files and non-system extension files must be signed using a detached signature using the GPG key specified by
+      #   the full 40 character upper-case fingerprint in this variable.
+      # If multiple fingerprints are specified, each separated by a whitespace character, then signatures must match at least one.
+      # The init command will keep signatures of .gpg-id files up to date.
+      PASSWORD_STORE_SIGNING_KEY = lib.strings.concatStringsSep " " [
+        "C2A313F98166C942" # S - Ryan Yin (For pass & ssh only) <ryan4yin@linux.com>
+      ];
+      PASSWORD_STORE_CLIP_TIME = "60";
+      PASSWORD_STORE_GENERATED_LENGTH = "15";
+      PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
+    };
+  };
+
+  # password-store extensions for browsers
+  # you need to install the browser extension for this to work
+  # https://github.com/browserpass/browserpass-extension
+  programs.browserpass = {
+    enable = true;
+    browsers = [
+      "chrome"
+      "chromium"
+      "firefox"
+    ];
+  };
+}
@@ -1,4 +1,6 @@
-{ nushell-scripts, ...}: {
+{pkgs-unstable, ...}: let
+  inherit (pkgs-unstable) nu_scripts;
+in {
  programs.bash = {
    # load the alias file for work
    bashrcExtra = ''
@@ -19,13 +21,19 @@
    # https://github.com/nushell/nushell/issues/8214
    extraConfig = ''
      source /etc/agenix/alias-for-work.nushell
-      use ${nushell-scripts}/custom-completions/git/git-completions.nu *
-      use ${nushell-scripts}/custom-completions/glow/glow-completions.nu *
-      use ${nushell-scripts}/custom-completions/make/make-completions.nu *
-      use ${nushell-scripts}/custom-completions/nix/nix-completions.nu *
-      use ${nushell-scripts}/custom-completions/man/man-completions.nu *
-      use ${nushell-scripts}/custom-completions/cargo/cargo-completions.nu *
-      use ${nushell-scripts}/custom-completions/zellij/zellij-completions.nu *
+      # completion
+      use ${nu_scripts}/share/nu_scripts/custom-completions/git/git-completions.nu *
+      use ${nu_scripts}/share/nu_scripts/custom-completions/glow/glow-completions.nu *
+      use ${nu_scripts}/share/nu_scripts/custom-completions/just/just-completions.nu *
+      use ${nu_scripts}/share/nu_scripts/custom-completions/make/make-completions.nu *
+      use ${nu_scripts}/share/nu_scripts/custom-completions/man/man-completions.nu *
+      use ${nu_scripts}/share/nu_scripts/custom-completions/nix/nix-completions.nu *
+      use ${nu_scripts}/share/nu_scripts/custom-completions/cargo/cargo-completions.nu *
+      use ${nu_scripts}/share/nu_scripts/custom-completions/zellij/zellij-completions.nu *
+      # alias
+      use ${nu_scripts}/share/nu_scripts/aliases/git/git-aliases.nu *
+      use ${nu_scripts}/share/nu_scripts/aliases/eza/eza-aliases.nu *
+      # use ${nu_scripts}/share/nu_scripts/aliases/bat/bat-aliases.nu *
    '';
  };
 }
@@ -1,13 +1,15 @@
-{pkgs, ...}: {
+{mysecrets, ...}: {
+  home.file.".ssh/romantic.pub".source = "${mysecrets}/public/romantic.pub";
+
  programs.ssh = {
    enable = true;

-    # all my ssh private key are generated by `ssh-keygen -t ed25519 -C "ryan@nickname"`
-    # the config's format:
+    # All my ssh private key are generated by `ssh-keygen -t ed25519 -a 256 -C "xxx@xxx"`
+    # Config format:
    #   Host —  given the pattern used to match against the host name given on the command line.
    #   HostName — specify nickname or abbreviation for host
    #   IdentityFile — the location of your SSH key authentication file for the account.
-    # format in details:
+    # Format in details:
    #   https://www.ssh.com/academy/ssh/config
    extraConfig = ''
      # a private key that is used during authentication will be added to ssh-agent if it is running
@@ -18,18 +20,11 @@
        # It has the same effect as adding cli option `ssh -A user@host`
        ForwardAgent yes
        # romantic holds my homelab~
-        IdentityFile ~/.ssh/romantic
+        IdentityFile /etc/agenix/ssh-key-romantic
        # Specifies that ssh should only use the identity file explicitly configured above
        # required to prevent sending default identity files first.
        IdentitiesOnly yes

-      Host github.com
-          # github is controlled by gluttony~
-          IdentityFile ~/.ssh/gluttony
-          # Specifies that ssh should only use the identity file explicitly configured above
-          # required to prevent sending default identity files first.
-          IdentitiesOnly yes
-
      Host gtr5
        HostName 192.168.5.172
        Port 22
@@ -41,24 +36,6 @@
      Host s500plus
        HostName 192.168.5.174
        Port 22
-
-      Host k8s-main
-        HostName 192.168.5.181
-        ForwardAgent yes
-        IdentityFile ~/.ssh/romantic
-        IdentitiesOnly yes
-
-      Host k8s-data1
-        HostName 192.168.5.182
-        ForwardAgent yes
-        IdentityFile ~/.ssh/romantic
-        IdentitiesOnly yes
-
-      Host k8s-data2
-        HostName 192.168.5.183
-        ForwardAgent yes
-        IdentityFile ~/.ssh/romantic
-        IdentitiesOnly yes
    '';
  };
 }
@@ -1,9 +1,21 @@
 # Termianl Emulators

-1. kitty: My main terminal emulator.
-2. wezterm: My secondary terminal emulator.
-3. alacritty: Standby terminal.
+I used to spend a lot of time on terminal emulators, to make them match my taste, 
+but now I found that it's not worth it, **Zellij can provide a user-friendly and unified user experience for all terminal emulators! without any pain**!

+Currently, I only use the most basic features of terminal emulators, such as true color, graphics protocol, etc.
+Other features such as tabs, scrollback buffer, select/search/copy, etc, are all provided by zellij!
+
+My current terminal emulators are:
+
+1. kitty: My main terminal emulator.
+    1. to select/copy a large mount of text, We should do some tricks via kitty's `scrollback_pager` with neovim, it's really painful: <https://github.com/kovidgoyal/kitty/issues/719>
+2. wezterm: My secondary terminal emulator.
+    1. its search ability is very basic, and it's not easy to use.
+    1. its scrollback buffer's copy mode is very like vim, which is nice, but zellij's even better, it can use neovim as its default scrollback buffer's editor without any pain!
+3. foot: a fast, lightweight and minimalistic Wayland terminal emulator.
+    1. foot only do the things a terminal emulator should do, no more, no less.
+    1. It's really suitable for tiling window manager or zellij users!

 ## 'xterm-kitty': unknown terminal type when `ssh` into a remote host or `sudo xxx`

@@ -1,109 +0,0 @@
-{pkgs, catppuccin-alacritty, ...}:
-###########################################################
-#
-# Alacritty Configuration
-#
-# Useful Hot Keys for macOS:
-#   1. Multi-Window: `command + N`
-#   2. Increase Font Size: `command + =` | `command + +`
-#   3. Decrease Font Size: `command + -` | `command + _`
-#   4. Search Text: `command + F`
-#   5. And Other common shortcuts such as Copy, Paste, Cursor Move, etc.
-#
-# Useful Hot Keys for Linux:
-#   1. Increase Font Size: `ctrl + shift + =` | `ctrl + shift + +`
-#   2. Decrease Font Size: `ctrl + shift + -` | `ctrl + shift + _`
-#   3. Search Text: `ctrl + shift + N`
-#   4. And Other common shortcuts such as Copy, Paste, Cursor Move, etc.
-#
-# Note: Alacritty do not have support for Tabs, and any graphic protocol.
-#
-###########################################################
-{
-  xdg.configFile."alacritty/theme_catppuccin.yml".source = "${catppuccin-alacritty}/catppuccin-mocha.yml";
-  programs.alacritty = {
-    enable = true;
-  };
-
-  xdg.configFile."alacritty/alacritty.yml".text =
-    ''
-      import:
-        # all alacritty themes can be found at
-        #    https://github.com/alacritty/alacritty-theme
-        - ~/.config/alacritty/theme_catppuccin.yml
-
-      window:
-        # Background opacity
-        #
-        # Window opacity as a floating point number from `0.0` to `1.0`.
-        # The value `0.0` is completely transparent and `1.0` is opaque.
-        opacity: 0.93
-
-        # Startup Mode (changes require restart)
-        #
-        # Values for `startup_mode`:
-        #   - Windowed
-        #   - Maximized
-        #   - Fullscreen
-        #
-        # Values for `startup_mode` (macOS only):
-        #   - SimpleFullscreen
-        startup_mode: Maximized
-
-        # Allow terminal applications to change Alacritty's window title.
-        dynamic_title: true
-
-        # Make `Option` key behave as `Alt` (macOS only):
-        #   - OnlyLeft
-        #   - OnlyRight
-        #   - Both
-        #   - None (default)
-        option_as_alt: Both
-
-      scrolling:
-        # Maximum number of lines in the scrollback buffer.
-        # Specifying '0' will disable scrolling.
-        history: 10000
-
-        # Scrolling distance multiplier.
-        #multiplier: 3
-
-      # Font configuration
-      font:
-        # Normal (roman) font face
-        bold:
-          family: JetBrainsMono Nerd Font
-        italic:
-          family: JetBrainsMono Nerd Font
-        normal:
-          family: JetBrainsMono Nerd Font
-        bold_italic:
-          # Font family
-          #
-          # If the bold italic family is not specified, it will fall back to the
-          # value specified for the normal font.
-          family: JetBrainsMono Nerd Font
-      shell:
-        #  To resolve issues:
-        #    1. https://github.com/ryan4yin/nix-config/issues/26
-        #    2. https://github.com/ryan4yin/nix-config/issues/8
-        #  Spawn a nushell in login mode via `bash`
-        program: ${pkgs.bash}/bin/bash
-        args:
-          - --login
-          - -c
-          - 'nu --login --interactive'
-    ''
-    + (
-      if pkgs.stdenv.isDarwin
-      then ''
-          # Point size
-          size: 14
-      ''
-      else ''
-        # holder identation
-          # Point size
-          size: 13
-      ''
-    );
-}
@@ -1,7 +1,3 @@
-{...}: {
-  imports = [
-    ./alacritty.nix
-    ./kitty.nix
-    ./wezterm.nix
-  ];
+{mylib, ...}: {
+  imports = mylib.scanPaths ./.;
 }
@@ -7,24 +7,10 @@
 #
 # Kitty Configuration
 #
-# Useful Hot Keys for macOS:
-#   1. New Tab: `command + t`
-#   2. Close Tab: `command + w`
-#   3. Switch Tab: `shift + command + [` | `shift + command + ]`
-#   4. Increase Font Size: `command + =` | `command + +`
-#   5. Decrease Font Size: `command + -` | `command + _`
-#   6. And Other common shortcuts such as Copy, Paste, Cursor Move, etc.
-#   7. Search in the current window(show_scrollback): `ctrl + shift + h`
-#          This will open a pager, it's defined by `scrollback_pager`, default is `less`
-#
-#
-# Useful Hot Keys for Linux:
-#   1. New Tab: `ctrl + shift + t`
-#   2. Close Tab: `ctrl + shift + q`
-#   3. Switch Tab: `ctrl + shift + right` | `ctrl + shift + left`
-#   4. Increase Font Size: `ctrl + shift + =` | `ctrl + shift + +`
-#   5. Decrease Font Size: `ctrl + shift + -` | `ctrl + shift + _`
-#   6. And Other common shortcuts such as Copy, Paste, Cursor Move, etc.
+# Useful Hot Keys for Linux(replace `ctrl + shift` with `cmd` on macOS)):
+#   1. Increase Font Size: `ctrl + shift + =` | `ctrl + shift + +`
+#   2. Decrease Font Size: `ctrl + shift + -` | `ctrl + shift + _`
+#   3. And Other common shortcuts such as Copy, Paste, Cursor Move, etc.
 #
 ###########################################################
 {
@@ -43,14 +29,15 @@
        else 13;
    };

+    # consistent with wezterm
    keybindings = {
      "ctrl+shift+m" = "toggle_maximized";
+      "ctrl+shift+f" = "show_scrollback"; # search in the current window
    };

    settings = {
      background_opacity = "0.93";
      macos_option_as_alt = true; # Option key acts as Alt on macOS
-      scrollback_lines = 10000;
      enable_audio_bell = false;
      tab_bar_edge = "top"; # tab bar on top
      #  To resolve issues:
@@ -3,6 +3,11 @@
 #
 # Wezterm Configuration
 #
+# Useful Hot Keys for Linux(replace `ctrl + shift` with `cmd` on macOS)):
+#   1. Increase Font Size: `ctrl + shift + =` | `ctrl + shift + +`
+#   2. Decrease Font Size: `ctrl + shift + -` | `ctrl + shift + _`
+#   3. And Other common shortcuts such as Copy, Paste, Cursor Move, etc.
+#
 # Default Keybindings: https://wezfurlong.org/wezterm/config/default-keys.html
 #
 ###########################################################
@@ -13,93 +18,88 @@
  # we can add wezterm as a flake input once this PR is merged:
  #    https://github.com/wez/wezterm/pull/3547

-  programs.wezterm =
-    {
-      enable = true;
+  programs.wezterm = {
+    enable = true; # disable

-      # TODO: Fix: https://github.com/wez/wezterm/issues/4483
-      # package = pkgs.wezterm.override { };
+    # install wezterm via homebrew on macOS to avoid compilation, dummy package here.
+    package =
+      if pkgs.stdenv.isLinux
+      then pkgs.wezterm
+      else pkgs.hello;

-      extraConfig = let
-        fontsize =
-          if pkgs.stdenv.isDarwin
-          then "14.0"
-          else "13.0";
-      in
-        ''
-          -- Pull in the wezterm API
-          local wezterm = require 'wezterm'
+    enableBashIntegration = pkgs.stdenv.isLinux;
+    enableZshIntegration = pkgs.stdenv.isLinux;

-          -- This table will hold the configuration.
-          local config = {}
+    extraConfig = let
+      fontsize =
+        if pkgs.stdenv.isLinux
+        then "13.0"
+        else "14.0";
+    in ''
+      -- Pull in the wezterm API
+      local wezterm = require 'wezterm'

-          -- In newer versions of wezterm, use the config_builder which will
-          -- help provide clearer error messages
-          if wezterm.config_builder then
-            config = wezterm.config_builder()
-          end
+      -- This table will hold the configuration.
+      local config = {}

-          wezterm.on('toggle-opacity', function(window, pane)
-            local overrides = window:get_config_overrides() or {}
-            if not overrides.window_background_opacity then
-              overrides.window_background_opacity = 0.93
-            else
-              overrides.window_background_opacity = nil
-            end
-            window:set_config_overrides(overrides)
-          end)
+      -- In newer versions of wezterm, use the config_builder which will
+      -- help provide clearer error messages
+      if wezterm.config_builder then
+        config = wezterm.config_builder()
+      end

-          wezterm.on('toggle-maximize', function(window, pane)
-            window:maximize()
-          end)
+      wezterm.on('toggle-opacity', function(window, pane)
+        local overrides = window:get_config_overrides() or {}
+        if not overrides.window_background_opacity then
+          overrides.window_background_opacity = 0.93
+        else
+          overrides.window_background_opacity = nil
+        end
+        window:set_config_overrides(overrides)
+      end)

-          -- This is where you actually apply your config choices
-          config.color_scheme = "Catppuccin Mocha"
-          config.font = wezterm.font_with_fallback {
-            "JetBrainsMono Nerd Font",
-            "FiraCode Nerd Font",
+      wezterm.on('toggle-maximize', function(window, pane)
+        window:maximize()
+      end)

-            -- To avoid 'Chinese characters displayed as variant (Japanese) glyphs'
-            "Source Han Sans SC",
-            "Source Han Sans TC"
-          }
+      -- This is where you actually apply your config choices
+      config.color_scheme = "Catppuccin Mocha"
+      config.font = wezterm.font_with_fallback {
+        "JetBrainsMono Nerd Font",
+        "FiraCode Nerd Font",

-          config.hide_tab_bar_if_only_one_tab = true
-          config.scrollback_lines = 10000
-          config.enable_scroll_bar = true
-
-          config.keys = {
-            -- toggle opacity(CTRL + SHIFT + B)
-            {
-              key = 'B',
-              mods = 'CTRL',
-              action = wezterm.action.EmitEvent 'toggle-opacity',
-            },
-            {
-              key = 'M',
-              mods = 'CTRL',
-              action = wezterm.action.EmitEvent 'toggle-maximize',
-            },
-          }
-          config.font_size = ${fontsize}
-
-          -- To resolve issues:
-          --   1. https://github.com/ryan4yin/nix-config/issues/26
-          --   2. https://github.com/ryan4yin/nix-config/issues/8
-          -- Spawn a nushell in login mode via `bash`
-          config.default_prog = { '${pkgs.bash}/bin/bash', '--login', '-c', 'nu --login --interactive' }
-
-          return config
-        '';
-    }
-    // (
-      if pkgs.stdenv.isDarwin
-      then {
-        # install wezterm via homebrew on macOS to avoid compilation, dummy package here.
-        package = pkgs.hello;
-        enableBashIntegration = false;
-        enableZshIntegration = false;
+        -- To avoid 'Chinese characters displayed as variant (Japanese) glyphs'
+        "Source Han Sans SC",
+        "Source Han Sans TC"
      }
-      else {}
-    );
+
+      config.hide_tab_bar_if_only_one_tab = true
+      config.scrollback_lines = 10000
+      config.enable_scroll_bar = true
+      config.term = 'wezterm'
+
+      config.keys = {
+        -- toggle opacity(CTRL + SHIFT + B)
+        {
+          key = 'B',
+          mods = 'CTRL',
+          action = wezterm.action.EmitEvent 'toggle-opacity',
+        },
+        {
+          key = 'M',
+          mods = 'CTRL',
+          action = wezterm.action.EmitEvent 'toggle-maximize',
+        },
+      }
+      config.font_size = ${fontsize}
+
+      -- To resolve issues:
+      --   1. https://github.com/ryan4yin/nix-config/issues/26
+      --   2. https://github.com/ryan4yin/nix-config/issues/8
+      -- Spawn a nushell in login mode via `bash`
+      config.default_prog = { '${pkgs.bash}/bin/bash', '--login', '-c', 'nu --login --interactive' }
+
+      return config
+    '';
+  };
 }
@@ -0,0 +1,39 @@
+# Zellij - A workspace lives in your terminal
+
+Zellij is a terminal workspace with batteries included.
+At its core, it is a terminal multiplexer (similar to tmux and screen), but this is merely its infrastructure layer.
+
+Zellij is very user-friendly and easy to use, with a step-by-step hint system that will help you get to know the keybindings, which is very like the Neovim or helix.
+
+> By contrast, tmux's key design is counterintuitive, there is no prompt system, and the plug-in performance is rubbish. It's really a pain to use.
+> tmux's inital release was in 2007, it's too old, I would recommend any users that do not have a experience with multiplexer to use zellij instead of tmux.
+
+## Why use zellij as the detault terminal environment?
+
+By auto start zellij on shell login, and exit the shell session on zellij exit, we can use zellij as the default terminal environment.
+
+By this way, We will only use the most basic features of the terminal emulator(kitty/alacritty/wezterm/...),
+while most of the functions of terminal are provided by zellij.
+Thus we can easily switch to any terminal emulator without losing any key functions,
+and do not need to take care of the differences between different terminal emulators.
+
+And Zellij can be used not only locally, but also on any remote server, which is very convenient. Learn once and use everywhere!
+
+> Yeah, you didn't misread it, zellij is very suitable for not only remotely, but also locally!
+
+Some features such as search/copy/scrollback in different terminal emulators are implemented in different ways, and has different user experience.
+For example, Wezterm's default search function is very basic, and it's not easy to use. Kitty's scrollback search/copy is really tricky to use.
+As for some Editor such as Neovim, its intergrated terminal is really useful, but zellij is more powerful and useful than it, and more stable!
+Zellij overcomes these problems, and provides a unified user experience for all terminal emulators!
+
+Teminal emulators should only be responsible for displaying characters.
+
+## Passthrough mode(Lock Mode)
+
+`Ctrl + g` lock the outer zellij interface, and all keys will be sent to the focused pane.
+
+It's extremely useful when you want to:
+
+1. Use zellij locally for daily work, and use a remote zellij via ssh to do some work on the remote server.
+1. To avoid the key conflicts between zellij and the program running in the terminal, such as vim, tmux, etc.
+
@@ -1,5 +1,5 @@
 // If you'd like to override the default keybindings completely, be sure to change "keybinds" to "keybinds clear-defaults=true"
-keybinds {
+keybinds clear-defaults=true {
    normal {
        // uncomment this and adjust key if using copy_on_select=false
        // bind "Alt c" { Copy; }
@@ -111,29 +111,29 @@ keybinds {
        bind "Ctrl s" { SwitchToMode "Scroll"; }
        bind "d" { Detach; }
    }
-    tmux {
-        bind "[" { SwitchToMode "Scroll"; }
-        bind "Ctrl b" { Write 2; SwitchToMode "Normal"; }
-        bind "\"" { NewPane "Down"; SwitchToMode "Normal"; }
-        bind "%" { NewPane "Right"; SwitchToMode "Normal"; }
-        bind "z" { ToggleFocusFullscreen; SwitchToMode "Normal"; }
-        bind "c" { NewTab; SwitchToMode "Normal"; }
-        bind "," { SwitchToMode "RenameTab"; }
-        bind "p" { GoToPreviousTab; SwitchToMode "Normal"; }
-        bind "n" { GoToNextTab; SwitchToMode "Normal"; }
-        bind "Left" { MoveFocus "Left"; SwitchToMode "Normal"; }
-        bind "Right" { MoveFocus "Right"; SwitchToMode "Normal"; }
-        bind "Down" { MoveFocus "Down"; SwitchToMode "Normal"; }
-        bind "Up" { MoveFocus "Up"; SwitchToMode "Normal"; }
-        bind "h" { MoveFocus "Left"; SwitchToMode "Normal"; }
-        bind "l" { MoveFocus "Right"; SwitchToMode "Normal"; }
-        bind "j" { MoveFocus "Down"; SwitchToMode "Normal"; }
-        bind "k" { MoveFocus "Up"; SwitchToMode "Normal"; }
-        bind "o" { FocusNextPane; }
-        bind "d" { Detach; }
-        bind "Space" { NextSwapLayout; }
-        bind "x" { CloseFocus; SwitchToMode "Normal"; }
-    }
+    // tmux {
+    //     bind "[" { SwitchToMode "Scroll"; }
+    //     bind "Ctrl b" { Write 2; SwitchToMode "Normal"; }
+    //     bind "\"" { NewPane "Down"; SwitchToMode "Normal"; }
+    //     bind "%" { NewPane "Right"; SwitchToMode "Normal"; }
+    //     bind "z" { ToggleFocusFullscreen; SwitchToMode "Normal"; }
+    //     bind "c" { NewTab; SwitchToMode "Normal"; }
+    //     bind "," { SwitchToMode "RenameTab"; }
+    //     bind "p" { GoToPreviousTab; SwitchToMode "Normal"; }
+    //     bind "n" { GoToNextTab; SwitchToMode "Normal"; }
+    //     bind "Left" { MoveFocus "Left"; SwitchToMode "Normal"; }
+    //     bind "Right" { MoveFocus "Right"; SwitchToMode "Normal"; }
+    //     bind "Down" { MoveFocus "Down"; SwitchToMode "Normal"; }
+    //     bind "Up" { MoveFocus "Up"; SwitchToMode "Normal"; }
+    //     bind "h" { MoveFocus "Left"; SwitchToMode "Normal"; }
+    //     bind "l" { MoveFocus "Right"; SwitchToMode "Normal"; }
+    //     bind "j" { MoveFocus "Down"; SwitchToMode "Normal"; }
+    //     bind "k" { MoveFocus "Up"; SwitchToMode "Normal"; }
+    //     bind "o" { FocusNextPane; }
+    //     bind "d" { Detach; }
+    //     bind "Space" { NextSwapLayout; }
+    //     bind "x" { CloseFocus; SwitchToMode "Normal"; }
+    // }
    shared_except "locked" {
        bind "Ctrl g" { SwitchToMode "Locked"; }
        bind "Ctrl q" { Quit; }
@@ -168,9 +168,9 @@ keybinds {
    shared_except "move" "locked" {
        bind "Ctrl h" { SwitchToMode "Move"; }
    }
-    shared_except "tmux" "locked" {
-        bind "Ctrl b" { SwitchToMode "Tmux"; }
-    }
+    // shared_except "tmux" "locked" {
+    //     bind "Ctrl b" { SwitchToMode "Tmux"; }
+    // }
 }

 plugins {
@@ -0,0 +1,33 @@
+let
+  shellAliases = {
+    "zj" = "zellij";
+  };
+in {
+  programs.zellij = {
+    enable = true;
+  };
+  # auto start zellij in nushell
+  programs.nushell.extraConfig = ''
+    # auto start zellij
+    # except when in emacs or zellij itself
+    if (not ("ZELLIJ" in $env)) and (not ("INSIDE_EMACS" in $env)) {
+      if "ZELLIJ_AUTO_ATTACH" in $env and $env.ZELLIJ_AUTO_ATTACH == "true" {
+        ^zellij attach -c
+      } else {
+        ^zellij
+      }
+
+      # Auto exit the shell session when zellij exit
+      $env.ZELLIJ_AUTO_EXIT = "false" # disable auto exit
+      if "ZELLIJ_AUTO_EXIT" in $env and $env.ZELLIJ_AUTO_EXIT == "true" {
+        exit
+      }
+    }
+  '';
+
+  # only works in bash/zsh, not nushell
+  home.shellAliases = shellAliases;
+  programs.nushell.shellAliases = shellAliases;
+
+  xdg.configFile."zellij/config.kdl".source = ./config.kdl;
+}
@@ -1,16 +0,0 @@
-{...}: {
-  programs.bash = {
-    enable = true;
-    enableCompletion = true;
-    bashrcExtra = ''
-      export PATH="$PATH:$HOME/bin:$HOME/.local/bin:$HOME/go/bin"
-    '';
-
-    shellAliases = {
-      k = "kubectl";
-
-      urldecode = "python3 -c 'import sys, urllib.parse as ul; print(ul.unquote_plus(sys.stdin.read()))'";
-      urlencode = "python3 -c 'import sys, urllib.parse as ul; print(ul.quote_plus(sys.stdin.read()))'";
-    };
-  };
-}
@@ -1,17 +0,0 @@
-{ catppuccin-bat, ...}: {
-  # a cat(1) clone with syntax highlighting and Git integration.
-  programs.bat = {
-    enable = true;
-    config = {
-      pager = "less -FR";
-      theme = "catppuccin-mocha";
-    };
-    themes = {
-      # https://raw.githubusercontent.com/catppuccin/bat/main/Catppuccin-mocha.tmTheme
-      catppuccin-mocha = {
-        src = catppuccin-bat;
-        file = "Catppuccin-mocha.tmTheme";
-      };
-    };
-  };
-}
@@ -1,15 +1,17 @@
-{ catppuccin-btop, ... }:
-
 {
+  pkgs,
+  nur-ryan4yin,
+  ...
+}: {
  # https://github.com/catppuccin/btop/blob/main/themes/catppuccin_mocha.theme
-  home.file.".config/btop/themes".source = "${catppuccin-btop}/themes";
+  xdg.configFile."btop/themes".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-btop}/themes";

  # replacement of htop/nmon
  programs.btop = {
    enable = true;
    settings = {
-        color_theme = "catppuccin_mocha";
-        theme_background = false;   # make btop transparent 
+      color_theme = "catppuccin_mocha";
+      theme_background = false; # make btop transparent
    };
  };
 }
@@ -0,0 +1,45 @@
+{
+  pkgs,
+  pkgs-unstable,
+  nur-ryan4yin,
+  ...
+}: {
+  home.packages = with pkgs; [
+    skopeo
+    docker-compose
+    dive # explore docker layers
+    lazydocker # Docker terminal UI.
+
+    kubectl
+    istioctl
+    kubevirt # virtctl
+    kubernetes-helm
+    fluxcd
+    argocd
+  ];
+
+  programs = {
+    k9s = {
+      enable = true;
+      # https://k9scli.io/topics/aliases/
+      # aliases = {};
+      settings = {
+        skin = "catppuccino-mocha";
+      };
+      skins.catppuccin-mocha = let
+        skin_file = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-k9s}/dist/mocha.yml"; # theme - catppuccin mocha
+        skin_attr = builtins.fromJSON (
+          builtins.readFile
+          # replace 'base: &base "#1e1e2e"' with 'base: &base "default"'
+          # to make fg/bg color transparent. "default" means transparent in k9s skin.
+          (pkgs.runCommandNoCC "get-skin-json" {} ''
+            cat ${skin_file} \
+              |  sed -E 's@(base: &base ).+@\1 "default"@g' \
+              | ${pkgs.yj}/bin/yj > $out
+          '')
+        );
+      in
+        skin_attr;
+    };
+  };
+}
@@ -1,79 +1,89 @@
-{pkgs, ...}: {
-  home.packages = with pkgs; [
-    neofetch
-    ranger # terminal file manager(batteries included, with image preview support)
+{
+  pkgs,
+  attic,
+  nur-ryan4yin,
+  ...
+}: {
+  home.packages = with pkgs;
+    [
+      # Misc
+      tldr
+      cowsay
+      gnupg
+      gnumake

-    # archives
-    zip
-    xz
-    unzip
-    p7zip
+      # Morden cli tools, replacement of grep/sed/...

-    # networking tools
-    mtr # A network diagnostic tool
-    iperf3
-    dnsutils # `dig` + `nslookup`
-    ldns # replacement of `dig`, it provide the command `drill`
-    aria2 # A lightweight multi-protocol & multi-source command-line download utility
-    socat # replacement of openbsd-netcat
-    nmap # A utility for network discovery and security auditing
-    ipcalc # it is a calculator for the IPv4/v6 addresses
+      # Interactively filter its input using fuzzy searching, not limit to filenames.
+      fzf
+      # search for files by name, faster than find
+      fd
+      # search for files by its content, replacement of grep
+      (ripgrep.override {withPCRE2 = true;})

+      # A fast and polyglot tool for code searching, linting, rewriting at large scale
+      # supported languages: only some mainstream languages currently(do not support nix/nginx/yaml/toml/...)
+      ast-grep

-    # Text Processing
-    # Docs: https://github.com/learnbyexample/Command-line-text-processing
-    gnugrep  # GNU grep, provides `grep`/`egrep`/`fgrep`
-    gnused  # GNU sed, very powerful(mainly for replacing text in files)
-    gawk   # GNU awk, a pattern scanning and processing language
-    ripgrep # recursively searches directories for a regex pattern
-    sad  # CLI search and replace, with diff preview, really useful!!!
-    delta  # A viewer for git and diff output
-    # A fast and polyglot tool for code searching, linting, rewriting at large scale
-    # supported languages: only some mainstream languages currently(do not support nix/nginx/yaml/toml/...)
-    ast-grep
-    jq # A lightweight and flexible command-line JSON processor
-    yq-go # yaml processer https://github.com/mikefarah/yq
+      sad # CLI search and replace, just like sed, but with diff preview.
+      yq-go # yaml processer https://github.com/mikefarah/yq
+      just # a command runner like make, but simpler
+      delta # A viewer for git and diff output
+      lazygit # Git terminal UI.
+      hyperfine # command-line benchmarking tool
+      gping # ping, but with a graph(TUI)
+      doggo # DNS client for humans
+      duf # Disk Usage/Free Utility - a better 'df' alternative
+      du-dust # A more intuitive version of `du` in rust
+      ncdu # analyzer your disk usage Interactively, via TUI(replacement of `du`)
+      gdu # disk usage analyzer(replacement of `du`)

-    # misc
-    tldr
-    cowsay
-    file
-    which
-    tree
-    gnutar
-    zstd
-    caddy
-    gnupg
+      # nix related
+      #
+      # it provides the command `nom` works just like `nix
+      # with more details log output
+      nix-output-monitor
+      hydra-check # check hydra(nix's build farm) for the build status of a package
+      nix-index # A small utility to index nix store paths
+      nix-init # generate nix derivation from url
+      # https://github.com/nix-community/nix-melt
+      nix-melt # A TUI flake.lock viewer
+      # https://github.com/utdemir/nix-tree
+      nix-tree # A TUI to visualize the dependency graph of a nix derivation

-    # nix related
-    #
-    # it provides the command `nom` works just like `nix
-    # with more details log output
-    nix-output-monitor
-    nodePackages.node2nix
-
-    # productivity
-    hugo # static site generator
-    glow # markdown previewer in terminal
-  ];
+      # productivity
+      caddy # A webserver with automatic HTTPS via Let's Encrypt(replacement of nginx)
+      croc # File transfer between computers securely and easily
+    ]
+    # self-hosted nix cache server
+    ++ lib.optionals pkgs.stdenv.isLinux [attic.packages.${pkgs.system}.attic-client];

  programs = {
-    # modern vim
-    neovim = {
-      enable = true;
-      defaultEditor = true;
-      vimAlias = true;
-    };
-
    # A modern replacement for ‘ls’
    # useful in bash/zsh prompt, not in nushell.
    eza = {
      enable = true;
-      enableAliases = true;
+      enableAliases = false; # do not enable aliases in nushell!
      git = true;
      icons = true;
    };

+    # a cat(1) clone with syntax highlighting and Git integration.
+    bat = {
+      enable = true;
+      config = {
+        pager = "less -FR";
+        theme = "catppuccin-mocha";
+      };
+      themes = {
+        # https://raw.githubusercontent.com/catppuccin/bat/main/Catppuccin-mocha.tmTheme
+        catppuccin-mocha = {
+          src = nur-ryan4yin.packages.${pkgs.system}.catppuccin-bat;
+          file = "Catppuccin-mocha.tmTheme";
+        };
+      };
+    };
+
    # A command-line fuzzy finder
    fzf = {
      enable = true;
@@ -95,11 +105,39 @@
      };
    };

-    # skim provides a single executable: sk.
-    # Basically anywhere you would want to use grep, try sk instead.
-    skim = {
+    # zoxide is a smarter cd command, inspired by z and autojump.
+    # It remembers which directories you use most frequently,
+    # so you can "jump" to them in just a few keystrokes.
+    # zoxide works on all major shells.
+    #
+    #   z foo              # cd into highest ranked directory matching foo
+    #   z foo bar          # cd into highest ranked directory matching foo and bar
+    #   z foo /            # cd into a subdirectory starting with foo
+    #
+    #   z ~/foo            # z also works like a regular cd command
+    #   z foo/             # cd into relative path
+    #   z ..               # cd one level up
+    #   z -                # cd into previous directory
+    #
+    #   zi foo             # cd with interactive selection (using fzf)
+    #
+    #   z foo<SPACE><TAB>  # show interactive completions (zoxide v0.8.0+, bash 4.4+/fish/zsh only)
+    zoxide = {
      enable = true;
      enableBashIntegration = true;
+      enableZshIntegration = true;
+      enableNushellIntegration = true;
+    };
+
+    # Atuin replaces your existing shell history with a SQLite database,
+    # and records additional context for your commands.
+    # Additionally, it provides optional and fully encrypted
+    # synchronisation of your history between machines, via an Atuin server.
+    atuin = {
+      enable = true;
+      enableBashIntegration = true;
+      enableZshIntegration = true;
+      enableNushellIntegration = true;
    };
  };
 }
@@ -1,14 +1,3 @@
-{...}: {
-  imports = [
-    ./nushell
-    ./tmux
-    ./zellij
-
-    ./bash.nix
-    ./bat.nix
-    ./btop.nix
-    ./core.nix
-    ./git.nix
-    ./starship.nix
-  ];
+{mylib, ...}: {
+  imports = mylib.scanPaths ./.;
 }
@@ -0,0 +1,4 @@
+# Editors
+
+See [desktop/editors/](../../desktop/editors/) for more details.
+
@@ -0,0 +1,3 @@
+{mylib, ...}: {
+  imports = mylib.scanPaths ./.;
+}
@@ -0,0 +1,5 @@
+{pkgs, ...}: {
+  programs.helix = {
+    enable = true;
+  };
+}
@@ -0,0 +1,11 @@
+{pkgs, ...}: {
+  programs = {
+    neovim = {
+      enable = true;
+
+      defaultEditor = true;
+      viAlias = true;
+      vimAlias = true;
+    };
+  };
+}
@@ -2,9 +2,7 @@
  config,
  lib,
  pkgs,
-
-  userfullname,
-  useremail,
+  myvars,
  ...
 }: {
  # `programs.git` will generate the config file: ~/.config/git/config
@@ -12,7 +10,7 @@
  #
  #    https://git-scm.com/docs/git-config#Documentation/git-config.txt---global
  home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore ["checkLinkTargets"] ''
-    rm -f ~/.gitconfig
+    rm -f ${config.home.homeDirectory}/.gitconfig
  '';

  home.packages = with pkgs; [
@@ -22,8 +20,8 @@
    enable = true;
    lfs.enable = true;

-    userName = userfullname;
-    userEmail = useremail;
+    userName = myvars.userfullname;
+    userEmail = myvars.useremail;

    includes = [
      {
@@ -76,15 +74,15 @@
      st = "status";
      ls = "log --pretty=format:\"%C(yellow)%h%Cred%d\\\\ %Creset%s%Cblue\\\\ [%cn]\" --decorate";
      ll = "log --pretty=format:\"%C(yellow)%h%Cred%d\\\\ %Creset%s%Cblue\\\\ [%cn]\" --decorate --numstat";
-      cm = "commit -m";  # commit via `git cm <message>`
-      ca = "commit -am";  # commit all changes via `git ca <message>`
+      cm = "commit -m"; # commit via `git cm <message>`
+      ca = "commit -am"; # commit all changes via `git ca <message>`
      dc = "diff --cached";

-      amend = "commit --amend -m";  # amend commit message via `git amend <message>`
-      unstage = "reset HEAD --";  # unstage file via `git unstage <file>`
-      merged = "branch --merged";  # list merged(into HEAD) branches via `git merged`
-      unmerged = "branch --no-merged";  # list unmerged(into HEAD) branches via `git unmerged`
-      nonexist = "remote prune origin --dry-run";  # list non-exist(remote) branches via `git nonexist`
+      amend = "commit --amend -m"; # amend commit message via `git amend <message>`
+      unstage = "reset HEAD --"; # unstage file via `git unstage <file>`
+      merged = "branch --merged"; # list merged(into HEAD) branches via `git merged`
+      unmerged = "branch --no-merged"; # list unmerged(into HEAD) branches via `git unmerged`
+      nonexist = "remote prune origin --dry-run"; # list non-exist(remote) branches via `git nonexist`

      # delete merged branches except master & dev & staging
      #  `!` indicates it's a shell script, not a git subcommand
@@ -1,19 +0,0 @@
-{ config, ...}: {
-  programs.nushell = {
-    enable = true;
-    configFile.source = ./config.nu;
-
-    # home-manager will merge the cotent in `environmentVariables` with the `envFile.source`
-    # but basically, I set all environment variables via the shell-independent way, so I don't need to use those two options
-    #
-    # envFile.source = ./env.nu;
-    # environmentVariables = { FOO="bar"; };
-
-    shellAliases = {
-      k = "kubectl";
-
-      urldecode = "python3 -c 'import sys, urllib.parse as ul; print(ul.unquote_plus(sys.stdin.read()))'";
-      urlencode = "python3 -c 'import sys, urllib.parse as ul; print(ul.quote_plus(sys.stdin.read()))'";
-    };
-  };
-}
@@ -0,0 +1,13 @@
+_: {
+  # use mirror for pip install
+  xdg.configFile."pip/pip.conf".text = ''
+    [global]
+    index-url = https://mirrors.ustc.edu.cn/pypi/web/simple
+    format = columns
+  '';
+
+  # xdg.configFile."pip/pip.conf".text = ''
+  #   [global]
+  #   index-url = https://mirrors.bfsu.edu.cn/pypi/web/simple
+  # '';
+}
@@ -0,0 +1,25 @@
+let
+  shellAliases = {
+    k = "kubectl";
+
+    urldecode = "python3 -c 'import sys, urllib.parse as ul; print(ul.unquote_plus(sys.stdin.read()))'";
+    urlencode = "python3 -c 'import sys, urllib.parse as ul; print(ul.quote_plus(sys.stdin.read()))'";
+  };
+in {
+  # only works in bash/zsh, not nushell
+  home.shellAliases = shellAliases;
+
+  programs.nushell = {
+    enable = true;
+    configFile.source = ./config.nu;
+    inherit shellAliases;
+  };
+
+  programs.bash = {
+    enable = true;
+    enableCompletion = true;
+    bashrcExtra = ''
+      export PATH="$HOME/.local/bin:$HOME/go/bin:$PATH"
+    '';
+  };
+}
@@ -1,4 +1,8 @@
-{ catppuccin-starship, ...}: {
+{
+  pkgs,
+  nur-ryan4yin,
+  ...
+}: {
  programs.starship = {
    enable = true;

@@ -6,22 +10,24 @@
    enableZshIntegration = true;
    enableNushellIntegration = true;

-    settings = {
-      character = {
-        success_symbol = "[›](bold green)";
-        error_symbol = "[›](bold red)";
-      };
-      aws = {
-        symbol = "🅰 ";
-      };
-      gcloud = {
-        # do not show the account/project's info
-        # to avoid the leak of sensitive information when sharing the terminal
-        format = "on [$symbol$active(\($region\))]($style) ";
-        symbol = "🅶 ️";
-      };
+    settings =
+      {
+        character = {
+          success_symbol = "[›](bold green)";
+          error_symbol = "[›](bold red)";
+        };
+        aws = {
+          symbol = "🅰 ";
+        };
+        gcloud = {
+          # do not show the account/project's info
+          # to avoid the leak of sensitive information when sharing the terminal
+          format = "on [$symbol$active(\($region\))]($style) ";
+          symbol = "🅶 ️";
+        };

-      palette = "catppuccin_mocha";
-    } // builtins.fromTOML (builtins.readFile "${catppuccin-starship}/palettes/mocha.toml");
+        palette = "catppuccin_mocha";
+      }
+      // builtins.fromTOML (builtins.readFile "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-starship}/palettes/mocha.toml");
  };
 }
@@ -1,61 +0,0 @@
-{pkgs, ...}: {
-  programs.tmux = {
-    enable = true;
-    shell = "${pkgs.nushell}/bin/nu";
-
-    # Resize the window to the size of the smallest session for which it is the current window.
-    #
-    aggressiveResize = true;
-
-    # https://github.com/tmux-plugins/tmux-sensible
-    # tmux-sensible overwrites default tmux shortcuts, makes them more sane.
-    sensibleOnTop = true;
-
-    # https://github.com/sxyazi/yazi/wiki/Image-preview-within-tmux
-    extraConfig = ''
-      set -g allow-passthrough on
-
-      set -ga update-environment TERM
-      set -ga update-environment TERM_PROGRAM
-    '';
-    # keyMode = "vi";  # default is emacs
-
-    baseIndex = 1; # start index from 1
-    escapeTime = 0; # do not wait for escape key
-
-    plugins = with pkgs.tmuxPlugins; [
-      {
-        # theme
-        # https://github.com/catppuccin/tmux
-        plugin = catppuccin;
-        extraConfig = ''
-          set -g @catppuccin_flavour 'mocha' # or frappe, macchiato, mocha
-          set -g @catppuccin_window_status_enable "yes"
-        '';
-      }
-
-      # https://github.com/tmux-plugins/tmux-yank
-      # Enables copying to system clipboard.
-      yank
-
-      {
-        # https://github.com/tmux-plugins/tmux-resurrect
-        # Manually persists tmux environment across system restarts.
-        #   prefix + Ctrl-s - save
-        #   prefix + Ctrl-r - restore
-        #
-        plugin = resurrect;
-        # Restore Neovim sessions
-        extraConfig = "set -g @resurrect-strategy-nvim 'session'";
-      }
-
-      # set -g @plugin 'tmux-plugins/tmux-cpu'
-      {
-        plugin = cpu;
-        extraConfig = ''
-          set -g status-right '#{cpu_bg_color} CPU: #{cpu_icon} #{cpu_percentage} | %a %h-%d %H:%M '
-        '';
-      }
-    ];
-  };
-}
@@ -0,0 +1,18 @@
+{
+  pkgs,
+  pkgs-unstable,
+  nur-ryan4yin,
+  ...
+}: {
+  # terminal file manager
+  programs.yazi = {
+    enable = true;
+    package = pkgs-unstable.yazi;
+    # Changing working directory when exiting Yazi
+    enableBashIntegration = true;
+    # TODO: nushellIntegration is broken on release-23.11, wait for master's fix to be released
+    enableNushellIntegration = false;
+  };
+
+  xdg.configFile."yazi/theme.toml".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-yazi}/mocha.toml";
+}
@@ -1,7 +1,12 @@
-{...}: {
+let
+  shellAliases = {
+    "zj" = "zellij";
+  };
+in {
  programs.zellij = {
    enable = true;
  };
-
-  home.file.".config/zellij/config.kdl".source = ./config.kdl;
+  # only works in bash/zsh, not nushell
+  home.shellAliases = shellAliases;
+  programs.nushell.shellAliases = shellAliases;
 }
@@ -1,7 +1,7 @@
 # Home Manager's Darwin Submodules

 1. `core.nix`: some basic configuration.
-2. `nushell.nix`: nushell's configuration for darwin.
+2. `shell.nix`: shell related.
 3. `rime-squirrel.nix`: [rime-squirrel](https://github.com/rime/squirrel)'s configuration.
 4. `default.nix`: the entrypoint of darwin's configuration, it import all the submodules above.

@@ -1,44 +1,3 @@
-{pkgs, ...}: {
-  ##########################################################################
-  #
-  #  MacOS specific home configuration
-  #
-  ##########################################################################
-  programs.zsh = {
-    enable = true;
-  };
-
-  programs.ssh = {
-    enable = true;
-
-    # all my ssh private key are generated by `ssh-keygen -t ed25519 -C "ryan@nickname"`
-    # the config's format:
-    #   Host —  given the pattern used to match against the host name given on the command line.
-    #   HostName — specify nickname or abbreviation for host
-    #   IdentityFile — the location of your SSH key authentication file for the account.
-    # format in details:
-    #   https://www.ssh.com/academy/ssh/config
-    extraConfig = ''
-      # a private key that is used during authentication will be added to ssh-agent if it is running
-      AddKeysToAgent yes
-
-      Host 192.168.*
-        # allow to securely use local SSH agent to authenticate on the remote machine.
-        # It has the same effect as adding cli option `ssh -A user@host`
-        ForwardAgent yes
-        # romantic holds my homelab~
-        IdentityFile ~/.ssh/romantic
-        # Specifies that ssh should only use the identity file explicitly configured above
-        # required to prevent sending default identity files first.
-        IdentitiesOnly yes
-
-      Host github.com
-        Hostname github.com
-        # github is controlled by gluttony~
-        IdentityFile ~/.ssh/harmonica
-        # Specifies that ssh should only use the identity file explicitly configured above
-        # required to prevent sending default identity files first.
-        IdentitiesOnly yes
-    '';
-  };
+{myvars, ...}: {
+  home.homeDirectory = "/Users/${myvars.username}";
 }
@@ -1,31 +1,9 @@
-{ username, ... }: {
-  imports = [
-    ../base/desktop
-    
-    ./proxychains
-
-    ./core.nix
-    ./rime-squirrel.nix
-  ];
-
-  # Home Manager needs a bit of information about you and the
-  # paths it should manage.
-  home = {
-    username = username;
-    # set homeDirectory make build fail
-    homeDirectory = "/Users/${username}";
-
-    # This value determines the Home Manager release that your
-    # configuration is compatible with. This helps avoid breakage
-    # when a new Home Manager release introduces backwards
-    # incompatible changes.
-    #
-    # You can update Home Manager without changing this value. See
-    # the Home Manager release notes for a list of state version
-    # changes in each release.
-    stateVersion = "22.11";
-  };
-
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
+{mylib, ...}: {
+  imports =
+    (mylib.scanPaths ./.)
+    ++ [
+      ../base/server
+      ../base/desktop
+      ../base/core.nix
+    ];
 }
@@ -1,3 +1,6 @@
-{
+{pkgs, ...}: {
+  home.packages = with pkgs; [
+    clash-meta
+  ];
  home.file.".proxychains/proxychains.conf".source = ./proxychains.conf;
 }
@@ -1,17 +1,11 @@
-{
-  lib,
-  pkgs,
-  ...
-}: {
-  # remove existing rime data (squirrel)
-  home.activation.removeExistingRimeData = lib.hm.dag.entryBefore ["checkLinkTargets"] ''
-    rm -rf "~/Library/Rime/build/flypy.prism.bin"
-  '';
-
+{pkgs, ...}: {
  # Squirrel Input Method
  home.file."Library/Rime" = {
    # my custom squirrel data (flypy input method)
    source = "${pkgs.flypy-squirrel}/share/rime-data";
    recursive = true;
+    # overwrite possible existing data dynamically generated by squirrel
+    # https://github.com/nix-community/home-manager/blob/release-23.05/modules/lib/file-type.nix#L101-L111
+    force = true;
  };
 }
@@ -0,0 +1,37 @@
+let
+  envExtra = ''
+    export PATH="$PATH:/opt/homebrew/bin:/usr/local/bin"
+  '';
+  # copied from the content generated by `conda init bash`
+  initExtra = ''
+    arch=$(uname -m)
+
+    if [ "aarch64" = "$arch" ] ||  [ "arm64" = "$arch" ]; then
+      # >>> (miniforge)conda initialize >>>
+      # !! Contents within this block are managed by 'conda init' !!
+      if [ -f "/opt/homebrew/Caskroom/miniforge/base/etc/profile.d/conda.sh" ]; then
+          . "/opt/homebrew/Caskroom/miniforge/base/etc/profile.d/conda.sh"
+      else
+          export PATH="/opt/homebrew/Caskroom/miniforge/base/bin:$PATH"
+      fi
+      # <<< conda initialize <<<
+    elif [[ "x86_64" = "$arch" ]]; then
+      # do nothing
+      true
+    fi
+  '';
+in {
+  # Homebrew's default install location:
+  #   /opt/homebrew for Apple Silicon
+  #   /usr/local for macOS Intel
+  # The prefix /opt/homebrew was chosen to allow installations
+  # in /opt/homebrew for Apple Silicon and /usr/local for Rosetta 2 to coexist and use bottles.
+  programs.bash = {
+    enable = true;
+    bashrcExtra = envExtra + initExtra;
+  };
+  programs.zsh = {
+    enable = true;
+    inherit envExtra initExtra;
+  };
+}
@@ -0,0 +1,3 @@
+{myvars, ...}: {
+  programs.ssh.extraConfig = myvars.networking.ssh.extraConfig;
+}
@@ -2,12 +2,7 @@

 1. `base`: The base module that is suitable for any NixOS environment.
 2. `desktop`: Configuration for desktop environments, such as Hyprland, I3, etc.
-3. `fcitx5`: fcitx5's configuration(Chinese input method).
-4. `hyprland`: Hyprland's configuration.
-5. `i3`: i3's configuration.
 6. `server.nix`: Configuration which is suitable for both servers and desktops. It import only `base` as its submodule.
    1. used by all my nixos servers.
-6. `desktop-hyprland.nix`: the entrypoint of hyprland's configuration, it import all the submodules above, except `i3`.
-    1. used by my hyprland desktop.
-7. `desktop-i3.nix`: the entrypoint of i3's configuration, it import all the submodules above, except `hyprland`.
-    1. used by my i3 desktop.
+7. `desktop.nix`: the entrypoint of desktop's configuration, it import both `base` and `desktop` as its submodules.
+    1. used by all my nixos desktops.
@@ -1,6 +1,3 @@
-{
-  imports = [
-    ./shell.nix
-    ./system-tools.nix
-  ];
+{mylib, ...}: {
+  imports = mylib.scanPaths ./.;
 }
@@ -1,10 +1,16 @@
-{config, nushell-scripts, ...}: let
+{
+  config,
+  myvars,
+  ...
+}: let
  d = config.xdg.dataHome;
  c = config.xdg.configHome;
  cache = config.xdg.cacheHome;
 in rec {
-  # add environment variables
-  systemd.user.sessionVariables = {
+  home.homeDirectory = "/home/${myvars.username}";
+
+  # environment variables that always set at login
+  home.sessionVariables = {
    # clean up ~
    LESSHISTFILE = cache + "/less/history";
    LESSKEY = c + "/less/lesskey";
@@ -20,9 +26,5 @@ in rec {

    # enable scrolling in git diff
    DELTA_PAGER = "less -R";
-
-    MANPAGER = "sh -c 'col -bx | bat -l man -p'";
  };
-
-  home.sessionVariables = systemd.user.sessionVariables;
 }
@@ -1,37 +1,14 @@
 {pkgs, ...}: {
  # Linux Only Packages, not available on Darwin
  home.packages = with pkgs; [
-    nmon
-    iotop
-    iftop
-
    # misc
    libnotify
    wireguard-tools # manage wireguard vpn manually, via wg-quick
-
-    # system call monitoring
-    strace # system call monitoring
-    ltrace # library call monitoring
-    bpftrace # powerful tracing tool
-    tcpdump  # network sniffer
-    lsof # list open files
-
-    # system tools
-    sysstat
-    lm_sensors # for `sensors` command
-    ethtool
-    pciutils # lspci
-    usbutils # lsusb
-    hdparm # for disk performance, command
-    dmidecode # a tool that reads information about your system's hardware from the BIOS according to the SMBIOS/DMI standard
  ];

  # auto mount usb drives
  services = {
    udiskie.enable = true;
-  };
-
-  services = {
    # syncthing.enable = true;
  };
 }
@@ -1,31 +0,0 @@
-{ username, ... }: {
-  imports = [
-    ../base/desktop
-
-    ./base
-    ./fcitx5
-    ./desktop
-
-    ./hyprland
-  ];
-
-  # Home Manager needs a bit of information about you and the
-  # paths it should manage.
-  home = {
-    username = username;
-    homeDirectory = "/home/${username}";
-
-    # This value determines the Home Manager release that your
-    # configuration is compatible with. This helps avoid breakage
-    # when a new Home Manager release introduces backwards
-    # incompatible changes.
-    #
-    # You can update Home Manager without changing this value. See
-    # the Home Manager release notes for a list of state version
-    # changes in each release.
-    stateVersion = "22.11";
-  };
-
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
-}
@@ -1,31 +0,0 @@
-{ username, ... }: {
-  imports = [
-    ../base/desktop
-
-    ./base
-    ./fcitx5
-    ./desktop
-
-    ./i3
-  ];
-
-  # Home Manager needs a bit of information about you and the
-  # paths it should manage.
-  home = {
-    username = username;
-    homeDirectory = "/home/${username}";
-
-    # This value determines the Home Manager release that your
-    # configuration is compatible with. This helps avoid breakage
-    # when a new Home Manager release introduces backwards
-    # incompatible changes.
-    #
-    # You can update Home Manager without changing this value. See
-    # the Home Manager release notes for a list of state version
-    # changes in each release.
-    stateVersion = "22.11";
-  };
-
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
-}
@@ -0,0 +1,10 @@
+{
+  imports = [
+    ../base/server
+    ../base/desktop
+    ../base/core.nix
+
+    ./base
+    ./desktop
+  ];
+}
@@ -0,0 +1,16 @@
+# Desktop Related
+
+
+3. `base`: all common configurations for all desktops.
+4. `hyprland`: Hyprland's configuration.
+5. `i3`: i3's configuration.
+
+
+## Why install I3/Hyprland in Home Manager instead of a NixOS Module?
+
+1. I3 & Hyprland's configuration file is located in `~/.config`, which can be easily managed by Home Manager.
+2. I have many user-specific systemd servcies, such gammastep, wallpaper-switcher, etc. Which can be easily managed by Home Manager, but if we add i3/hyprland in a NixOS Module, those user-level services may failed to start automatically. With i3/hyprland in a Home Manager Module, we can control their systemd service's dependent order more easily, so we can avoid issues like this.
+3. By install packages as less as possible in NixOS Module, we can:
+    1. Make the NixOS system more secure and stable.
+    2. Make this flake more portable to other non-NixOS systems, as home-manager can be installed on any Linux system.
+
@@ -0,0 +1,61 @@
+{
+  pkgs,
+  pkgs-unstable,
+  pkgs-stable,
+  nur-ryan4yin,
+  ...
+}: {
+  home.packages = with pkgs; [
+    # creative
+    blender # 3d modeling
+    # gimp      # image editing, I prefer using figma in browser instead of this one
+    inkscape # vector graphics
+    krita # digital painting
+    musescore # music notation
+    # reaper # audio production
+    # sonic-pi # music programming
+
+    # this app consumes a lot of storage, so do not install it currently
+    # kicad     # 3d printing, eletrical engineering
+
+    # fpga
+    pkgs-unstable.python311Packages.apycula # gowin fpga
+    pkgs-unstable.yosys # fpga synthesis
+    pkgs-unstable.nextpnr # fpga place and route
+    pkgs-unstable.openfpgaloader # fpga programming
+    nur-ryan4yin.packages.${pkgs.system}.gowin-eda-edu-ide # app: `gowin-env` => `gw_ide` / `gw_pack` / ...
+  ];
+
+  programs = {
+    # live streaming
+    obs-studio = {
+      enable = true;
+      plugins = with pkgs-stable.obs-studio-plugins; [
+        # screen capture
+        wlrobs
+        # obs-ndi
+        obs-vaapi
+        obs-nvfbc
+        obs-teleport
+        # obs-hyperion
+        droidcam-obs
+        obs-vkcapture
+        obs-gstreamer
+        obs-3d-effect
+        input-overlay
+        obs-multi-rtmp
+        obs-source-clone
+        obs-shaderfilter
+        obs-source-record
+        obs-livesplit-one
+        looking-glass-obs
+        obs-vintage-filter
+        obs-command-source
+        obs-move-transition
+        obs-backgroundremoval
+        advanced-scene-switcher
+        obs-pipewire-audio-capture
+      ];
+    };
+  };
+}
@@ -0,0 +1,3 @@
+{mylib, ...}: {
+  imports = mylib.scanPaths ./.;
+}
@@ -0,0 +1,45 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  # Adjust the color temperature(& brightness) of your screen according to
+  # your surroundings. This may help your eyes hurt less if you are
+  # working in front of the screen at night.
+  #
+  # works fine with both x11 & wayland(hyprland)
+  #
+  # https://gitlab.com/chinstrap/gammastep
+  services.gammastep = {
+    enable = true;
+    # add a gammastep icon in the system tray
+    # has problem with wayland, so disable it
+    tray = false;
+    temperature = {
+      day = 5700;
+      night = 4000;
+    };
+    # https://gitlab.com/chinstrap/gammastep/-/blob/master/gammastep.conf.sample?ref_type=heads
+    settings = {
+      general = {
+        fade = "1"; # gradually apply the new screen temperature/brightness over a couple of seconds.
+        # it is a fake brightness adjustment obtained by manipulating the gamma ramps,
+        # which means that it does not reduce the backlight　of the screen.
+        # Preferably only use it if your normal backlight adjustment is too coarse-grained.
+        brightness-day = "1.0";
+        brightness-night = "0.8";
+        location-provider = "manual";
+
+        # by default, Redshift will use the current elevation of the sun
+        # to determine whether it is daytime, night or in transition (dawn/dusk).
+        # dawn-time = "6:00-8:45";
+        # dusk-time = "18:35-20:15";
+      };
+      manual = {
+        # China, Shenzhen
+        lat = "22.5"; # latitude
+        lon = "114.1"; # longitude
+      };
+    };
+  };
+}
@@ -0,0 +1,30 @@
+{
+  pkgs,
+  nur-ryan4yin,
+  ...
+}: {
+  home.file.".local/share/fcitx5/themes".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-fcitx5}/src";
+
+  xdg.configFile = {
+    "fcitx5/profile" = {
+      source = ./profile;
+      # every time fcitx5 switch input method, it will modify ~/.config/fcitx5/profile,
+      # so we need to force replace it in every rebuild to avoid file conflict.
+      force = true;
+    };
+    "fcitx5/conf/classicui.conf".source = ./classicui.conf;
+  };
+
+  i18n.inputMethod = {
+    enabled = "fcitx5";
+    fcitx5.addons = with pkgs; [
+      # for flypy chinese input method
+      fcitx5-rime
+      # needed enable rime using configtool after installed
+      fcitx5-configtool
+      fcitx5-chinese-addons
+      # fcitx5-mozc    # japanese input method
+      fcitx5-gtk # gtk im module
+    ];
+  };
+}
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`{:source-file-patterns [".fnl" "/.fnl"]}`