docs: virtual machines running on kubevirt

docs: hosts
Merge pull request #110 from ryan4yin/migrate-services-to-aarch
2026-05-28 18:39:31 +02:00 · 2024-03-31 17:08:24 +08:00 · 2024-03-31 17:01:47 +08:00 · 2024-03-31 16:53:11 +08:00 · 2024-03-31 16:50:17 +08:00 · 2024-03-31 15:35:08 +08:00
802 changed files with 65496 additions and 3467 deletions
@@ -1,2 +1,2 @@
 patreon: ryan4yin
-custom:  ['https://buymeacoffee.com/ryan4yin', 'https://afdian.net/a/ryan4yin']
+custom: ["https://buymeacoffee.com/ryan4yin", "https://afdian.net/a/ryan4yin"]
@@ -1,24 +0,0 @@
-name: Nix Flake Check
-
-on: [push, pull_request, workflow_dispatch]
-
-jobs:
-  checks:
-    name: Check expressions
-    runs-on: ubuntu-latest
-
-    steps:
-      # - name: Checkout repository
-      #   uses: actions/checkout@v4
-      # - name: Install nix
-      #   uses: cachix/install-nix-action@v24
-      #   with:
-      #     install_url: https://nixos.org/nix/install
-      #     extra_nix_config: |
-      #       access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
-      #       experimental-features = nix-command flakes
-
-      - name: Run Nix Flake Check
-        run: |
-          echo 'TODO: nix flake check'
-          # nix flake check
@@ -0,0 +1,42 @@
+name: Nix Flake Eval Tests
+
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - "scripts/**"
+      - "**.md"
+      - "**.nu"
+      - "Justfile"
+  pull_request:
+    branches:
+      - main
+    paths-ignore:
+      - "scripts/**"
+      - "**.md"
+      - "**.nu"
+      - "Justfile"
+
+jobs:
+  checks:
+    name: Check expressions
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Install nix
+        uses: cachix/install-nix-action@v24
+        with:
+          install_url: https://nixos.org/nix/install
+          extra_nix_config: |
+            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+            experimental-features = nix-command flakes
+
+      - name: Run Nix Flake Eval Tests
+        run: |
+          echo 'Flake Eval Tests'
+          # stack overflow...
+          # nix eval .#checks --show-trace --print-build-logs --verbose
+          nix eval .#evalTests --show-trace --print-build-logs --verbose
@@ -1,7 +1,11 @@
 name: Mirror this repo to Gitee
 on:
-  workflow_dispatch: {}
-  push: {}
+  push:
+    branches:
+      - main
+    tags:
+      - "*"
+
 jobs:
  mirror:
    runs-on: ubuntu-latest
@@ -26,4 +30,3 @@ jobs:
          export GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no"
          git remote add mirror "$INPUT_TARGET_REPO_URL"
          git push --tags --force --prune mirror "refs/remotes/origin/*:refs/heads/*"
-
@@ -0,0 +1,8 @@
+LICENSE.md
+dist
+pnpm-lock.yaml
+flake.lock
+vercel.json
+cache
+temp
+.temp
@@ -0,0 +1,6 @@
+# https://prettier.io/docs/en/options
+semi: false
+singleQuote: false
+printWidth: 100
+proseWrap: always # always change wrapping in markdown text
+trailingComma: es5
@@ -0,0 +1,12 @@
+[files]
+ignore-dot = true
+ignore-files = true
+extend-exclude = ["themes/", "data/", "static-surprises/", "resources/"]
+
+[default]
+binary = false
+# ignore some special identifiers(sha256, mac address, crypto keys, etc)
+extend-ignore-re = [
+  "iterm2",
+  "iHgEIBYKACAWIQSizQe9ljFEyyclWmtVhZllwnQrSwUCZZ1T9wIdAAAKCRBVhZll", # crypto keys
+]
@@ -11,23 +11,27 @@ set shell := ["nu", "-c"]

 i3 mode="default":
  use utils.nu *; \
-  nixos-switch ai_i3 {{mode}}
+  nixos-switch ai-i3 {{mode}}

 hypr mode="default":
  use utils.nu *; \
-  nixos-switch ai_hyprland {{mode}}
+  nixos-switch ai-hyprland {{mode}}


 s-i3 mode="default":
  use utils.nu *; \
-  nixos-switch shoukei_i3 {{mode}}
+  nixos-switch shoukei-i3 {{mode}}


 s-hypr mode="default":
  use utils.nu *; \
-  nixos-switch shoukei_hyprland {{mode}}
+  nixos-switch shoukei-hyprland {{mode}}

+# Run eval tests
+test:
+  nix eval .#evalTests --show-trace --print-build-logs --verbose

+# update all the flake inputs
 up:
  nix flake update

@@ -36,21 +40,25 @@ up:
 upp input:
  nix flake lock --update-input {{input}}

+# List all generations of the system profile
 history:
  nix profile history --profile /nix/var/nix/profiles/system

+# Open a nix shell with the flake
 repl:
  nix repl -f flake:nixpkgs

+# remove all generations older than 7 days
 clean:
-  # remove all generations older than 7 days
  sudo nix profile wipe-history --profile /nix/var/nix/profiles/system  --older-than 7d

+# Garbage collect all unused nix store entries
 gc:
  # garbage collect all unused nix store entries
  sudo nix store gc --debug
  sudo nix-collect-garbage --delete-old

+# Remove all reflog entries and prune unreachable objects
 gitgc:
  git reflog expire --expire-unreachable=now --all
  git gc --prune=now
@@ -69,60 +77,78 @@ darwin-rollback:
  use utils.nu *; \
  darwin-rollback

+# Deploy to harmonica(macOS host)
 ha mode="default":
  use utils.nu *; \
  darwin-build "harmonica" {{mode}}; \
  darwin-switch "harmonica" {{mode}}

+# Depoly to fern(macOS host)
 fe mode="default": darwin-set-proxy
  use utils.nu *; \
  darwin-build "fern" {{mode}}; \
  darwin-switch "fern" {{mode}}

+# Reload yabai and skhd(macOS)
 yabai-reload:
  launchctl kickstart -k "gui/502/org.nixos.yabai";
  launchctl kickstart -k "gui/502/org.nixos.skhd"; 

 ############################################################################
 #
-#  Colmena - Remote NixOS deployment
+#  Homelab - Virtual Machines running on Kubevirt
 #
 ############################################################################

-colmena-ssh-key:
-  ssh-add /etc/agenix/ssh-key-romantic
+# Remote deployment via colmena
+col tag:
+  colmena apply --on '@{{tag}}' --verbose --show-trace

-dist:
-  colmena apply --on '@dist-build'
+# Build and upload a vm image
+upload-vm name mode="default":
+  use utils.nu *; \
+  upload-vm {{name}} {{mode}}

-dist-debug:
-  colmena apply --on '@dist-build' --verbose --show-trace
+# Deploy all the KubeVirt nodes(Physical machines running KubeVirt)
+lab:
+  colmena apply --on '@virt-*' --verbose --show-trace
+
+# Deploy all the VMs running on KubeVirt
+vm:
+  colmena apply --on '@homelab-*' --verbose --show-trace

 aqua:
-  colmena apply --on '@aqua'
+  colmena apply --on '@aqua' --verbose --show-trace
+  # some config changes require a restart of the dae service
+  ssh root@aquamarine "sudo systemctl stop dae; sleep 1; sudo systemctl start dae"

 ruby:
-  colmena apply --on '@ruby'
+  colmena apply --on '@ruby' --verbose --show-trace
+
+ruby-local mode="default":
+  use utils.nu *; \
+  nixos-switch ruby {{mode}}

 kana:
-  colmena apply --on '@kana'
+  colmena apply --on '@kana' --verbose --show-trace

-tailscale_gw:
-  colmena apply --on '@tailscale_gw'
+############################################################################
+#
+# Kubernetes related commands
+#
+############################################################################

-pve-image:
-  nom build .#tailscale_gw
-  rsync -avz --progress --copy-links result root@s500plus:/var/lib/vz/dump/vzdump-qemu-tailscale_gw.vma.zst
+k3s:
+  colmena apply --on '@k3s-*' --verbose --show-trace

-  nom build .#aquamarine
-  rsync -avz --progress --copy-links result root@s500plus:/var/lib/vz/dump/vzdump-qemu-aquamarine.vma.zst
+master:
+  colmena apply --on '@k3s-prod-1-master-*' --verbose --show-trace

-  nom build .#ruby
-  rsync -avz --progress --copy-links result root@gtr5:/var/lib/vz/dump/vzdump-qemu-ruby.vma.zst
-
-  nom build .#kana
-  rsync -avz --progress --copy-links result root@um560:/var/lib/vz/dump/vzdump-qemu-kana.vma.zst
+worker:
+  colmena apply --on '@k3s-prod-1-worker-*' --verbose --show-trace

+k3s-test:
+  colmena apply --on '@k3s-test-*' --verbose --show-trace

 ############################################################################
 #
@@ -130,17 +156,14 @@ pve-image:
 #
 ############################################################################

-roll:
-  colmena apply --on '@riscv'
-
-roll-debug:
-  colmena apply --on '@dist-build' --verbose --show-trace
+riscv:
+  colmena apply --on '@riscv' --verbose --show-trace

 nozomi:
-  colmena apply --on '@nozomi'
+  colmena apply --on '@nozomi' --verbose --show-trace

 yukina:
-  colmena apply --on '@yukina'
+  colmena apply --on '@yukina' --verbose --show-trace

 ############################################################################
 #
@@ -149,13 +172,21 @@ yukina:
 ############################################################################

 aarch:
-  colmena apply --on '@aarch'
+  colmena apply --on '@aarch' --build-on-target --verbose --show-trace

 suzu:
-  colmena apply --on '@suzu'
+  colmena apply --on '@suzu' --build-on-target --verbose --show-trace

-suzu-debug:
-  colmena apply --on '@suzu' --verbose --show-trace
+suzu-local mode="default":
+  use utils.nu *; \
+  nixos-switch suzu {{mode}}
+
+rakushun:
+  colmena apply --on '@rakushun' --build-on-target --verbose --show-trace
+
+rakushun-local mode="default":
+  use utils.nu *; \
+  nixos-switch rakushun {{mode}}

 ############################################################################
 #
@@ -212,3 +243,14 @@ emacs-purge:
 emacs-reload:
  doom sync
  {{reload-emacs-cmd}}
+
+
+# =================================================
+#
+# Kubernetes related commands
+#
+# =================================================
+
+
+del-failed:
+   kubectl delete pod --all-namespaces --field-selector="status.phase==Failed"
@@ -14,43 +14,64 @@
  </a>
 </p>

-This repository is home to the nix code that builds my systems.
+> My configuration is becoming more and more complex, and it may be difficult for beginners to read
+> it. If you are new to NixOS and want to know how I use NixOS, I would recommend you to take a look
+> at the [ryan4yin/nix-config/releases](https://github.com/ryan4yin/nix-config/releases) first,
+> **checkout to some simpler older versions**, which will be much easier to understand.
+
+This repository is home to the nix code that builds my systems:
+
+1. NixOS Desktops: NixOS with home-manager, i3, hyprland, agenix, etc.
+2. macOS Desktops: nix-darwin with home-manager, share the same home-manager configuration with
+   NixOS Desktops.
+3. NixOS Servers: virtual machines running on Proxmox, with various services, such as kubernetes,
+   homepage, prometheus, grafana, etc.
+
+See [./hosts](./hosts) for details of each host.

 ## Why NixOS & Flakes?

-Nix allows for easy-to-manage, collaborative, reproducible deployments. This means that once something is setup and configured once, it works (almost) forever. If someone else shares their configuration, anyone else can just use it (if you really understand what you're copying/refering now).
+Nix allows for easy-to-manage, collaborative, reproducible deployments. This means that once
+something is setup and configured once, it works (almost) forever. If someone else shares their
+configuration, anyone else can just use it (if you really understand what you're copying/refering
+now).

-As for Flakes, refer to [Introduction to Flakes - NixOS & Nix Flakes Book](https://nixos-and-flakes.thiscute.world/nixos-with-flakes/introduction-to-flakes)
+As for Flakes, refer to
+[Introduction to Flakes - NixOS & Nix Flakes Book](https://nixos-and-flakes.thiscute.world/nixos-with-flakes/introduction-to-flakes)

-**Want to know NixOS & Flaks in detail? Looking for a beginner-friendly tutorial or best practices? You don't have to go through the pain I've experienced again! Check out my [NixOS & Nix Flakes Book - 🛠️ ❤️ An unofficial & opinionated :book: for beginners](https://github.com/ryan4yin/nixos-and-flakes-book)!**
+**Want to know NixOS & Flaks in detail? Looking for a beginner-friendly tutorial or best practices?
+You don't have to go through the pain I've experienced again! Check out my
+[NixOS & Nix Flakes Book - 🛠️ ❤️ An unofficial & opinionated :book: for beginners](https://github.com/ryan4yin/nixos-and-flakes-book)!**

-> If you're using macOS, check out [ryan4yin/nix-darwin-kickstarter](https://github.com/ryan4yin/nix-darwin-kickstarter) for a quick start.
+> If you're using macOS, check out
+> [ryan4yin/nix-darwin-kickstarter](https://github.com/ryan4yin/nix-darwin-kickstarter) for a quick
+> start.

 ## Components

-|                             | NixOS(Wayland)                                                                                                    | NixOS(Xorg)                                                                                                       |
-| --------------------------- | :---------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------- |
-| **Window Manager**          | [Hyprland][Hyprland]                                                                                              | [i3][i3]                                                                                                          |
-| **Terminal Emulator**       | [Zellij][Zellij] + [Kitty][Kitty]                                                                                 | [Zellij][Zellij] + [Kitty][Kitty]                                                                                 |
-| **Bar**                     | [Waybar][Waybar]                                                                                                  | [polybar][polybar]                                                                                                |
-| **Application Launcher**    | [anyrun][anyrun]                                                                                                  | [rofi][rofi]                                                                                                      |
-| **Notification Daemon**     | [Mako][Mako]                                                                                                      | [Dunst][Dunst]                                                                                                    |
-| **Display Manager**         | [GDM][GDM]                                                                                                        | [GDM][GDM]                                                                                                        |
-| **Color Scheme**            | [Catppuccin][Catppuccin]                                                                                          | [Catppuccin][Catppuccin]                                                                                          |
-| **network management tool** | [NetworkManager][NetworkManager]                                                                                  | [NetworkManager][NetworkManager]                                                                                  |
-| **Input method framework**  | [Fcitx5][Fcitx5]                                                                                                  | [Fcitx5][Fcitx5]                                                                                                  |
-| **System resource monitor** | [Btop][Btop]                                                                                                      | [Btop][Btop]                                                                                                      |
-| **File Manager**            | [Yazi][Yazi] + [thunar][thunar]                                                                                   | [Yazi][Yazi] + [thunar][thunar]                                                                                   |
-| **Shell**                   | [Nushell][Nushell] + [Starship][Starship]                                                                         | [Nushell][Nushell] + [Starship][Starship]                                                                         |
-| **Music Player**            | [mpd][mpd], [ncmpcpp][ncmpcpp], [mpc][mpc], [Netease-cloud-music-gtk][netease-cloud-music-gtk]                    | [Netease-cloud-music-gtk][netease-cloud-music-gtk]                                                                |
-| **Media Player**            | [mpv][mpv]                                                                                                        | [mpv][mpv]                                                                                                        |
-| **Text Editor**             | [Neovim][Neovim] + [DoomEmacs][DoomEmacs]                                                                         | [Neovim][Neovim] + [DoomEmacs][DoomEmacs]                                                                         |
-| **Fonts**                   | [Nerd fonts][Nerd fonts]                                                                                          | [Nerd fonts][Nerd fonts]                                                                                          |
-| **Image Viewer**            | [imv][imv]                                                                                                        | [imv][imv]                                                                                                        |
-| **Screenshot Software**     | [grim][grim]                                                                                                      | [flameshot](https://github.com/flameshot-org/flameshot)                                                           |
-| **Screen Recording**        | [OBS][OBS]                                                                                                        | [OBS][OBS]                                                                                                        |
-| **Filesystem & Encryption** | tmpfs on `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] crypted partition for persistent, unlock via passphrase | tmpfs on `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] crypted partition for persistent, unlock via passphrase |
-| **Secure Boot**             | [lanzaboote][lanzaboote]                                                                                          | [lanzaboote][lanzaboote]                                                                                          |
+|                             | NixOS(Wayland)                                                                                                      | NixOS(Xorg)                                                                                                         |
+| --------------------------- | :------------------------------------------------------------------------------------------------------------------ | :------------------------------------------------------------------------------------------------------------------ |
+| **Window Manager**          | [Hyprland][Hyprland]                                                                                                | [i3][i3]                                                                                                            |
+| **Terminal Emulator**       | [Zellij][Zellij] + [Kitty][Kitty]                                                                                   | [Zellij][Zellij] + [Kitty][Kitty]                                                                                   |
+| **Bar**                     | [Waybar][Waybar]                                                                                                    | [polybar][polybar]                                                                                                  |
+| **Application Launcher**    | [anyrun][anyrun]                                                                                                    | [rofi][rofi]                                                                                                        |
+| **Notification Daemon**     | [Mako][Mako]                                                                                                        | [Dunst][Dunst]                                                                                                      |
+| **Display Manager**         | [GDM][GDM]                                                                                                          | [GDM][GDM]                                                                                                          |
+| **Color Scheme**            | [Catppuccin][Catppuccin]                                                                                            | [Catppuccin][Catppuccin]                                                                                            |
+| **network management tool** | [NetworkManager][NetworkManager]                                                                                    | [NetworkManager][NetworkManager]                                                                                    |
+| **Input method framework**  | [Fcitx5][Fcitx5]                                                                                                    | [Fcitx5][Fcitx5]                                                                                                    |
+| **System resource monitor** | [Btop][Btop]                                                                                                        | [Btop][Btop]                                                                                                        |
+| **File Manager**            | [Yazi][Yazi] + [thunar][thunar]                                                                                     | [Yazi][Yazi] + [thunar][thunar]                                                                                     |
+| **Shell**                   | [Nushell][Nushell] + [Starship][Starship]                                                                           | [Nushell][Nushell] + [Starship][Starship]                                                                           |
+| **Music Player**            | [mpd][mpd], [ncmpcpp][ncmpcpp], [mpc][mpc], [Netease-cloud-music-gtk][netease-cloud-music-gtk]                      | [Netease-cloud-music-gtk][netease-cloud-music-gtk]                                                                  |
+| **Media Player**            | [mpv][mpv]                                                                                                          | [mpv][mpv]                                                                                                          |
+| **Text Editor**             | [Neovim][Neovim] + [DoomEmacs][DoomEmacs]                                                                           | [Neovim][Neovim] + [DoomEmacs][DoomEmacs]                                                                           |
+| **Fonts**                   | [Nerd fonts][Nerd fonts]                                                                                            | [Nerd fonts][Nerd fonts]                                                                                            |
+| **Image Viewer**            | [imv][imv]                                                                                                          | [imv][imv]                                                                                                          |
+| **Screenshot Software**     | [flameshot][flameshot] + [grim][grim]                                                                               | [flameshot][flameshot]                                                                                              |
+| **Screen Recording**        | [OBS][OBS]                                                                                                          | [OBS][OBS]                                                                                                          |
+| **Filesystem & Encryption** | tmpfs on `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] encrypted partition for persistent, unlock via passphrase | tmpfs on `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] encrypted partition for persistent, unlock via passphrase |
+| **Secure Boot**             | [lanzaboote][lanzaboote]                                                                                            | [lanzaboote][lanzaboote]                                                                                            |

 Wallpapers: https://github.com/ryan4yin/wallpapers

@@ -64,8 +85,7 @@ Wallpapers: https://github.com/ryan4yin/wallpapers

 ## I3 + AstroNvim

-![](./_img/i3_2023-07-29_1.webp)
-![](./_img/i3_2023-07-29_2.webp)
+![](./_img/i3_2023-07-29_1.webp) ![](./_img/i3_2023-07-29_2.webp)

 ## Neovim

@@ -75,47 +95,54 @@ See [./home/base/desktop/editors/neovim/](./home/base/desktop/editors/neovim/) f

 See [./home/base/desktop/editors/emacs/](./home/base/desktop/editors/emacs/) for details.

-## Hosts
-
-See [./hosts](./hosts) for details.
-
 ## Secrets Management

 See [./secrets](./secrets) for details.

 ## How to Deploy this Flake?

-> :red_circle: **IMPORTANT**: **You should NOT deploy this flake directly on your machine:exclamation: It will not succeed.** this flake contains my hardware configuration(such as [hardware-configuration.nix](hosts/idols_ai/hardware-configuration.nix), [cifs-mount.nix](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols_ai/cifs-mount.nix), [Nvidia Support](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols_ai/default.nix#L77-L91), etc.) which is not suitable for your hardware, and my private secrets repository [ryan4yin/nix-secrets](https://github.com/ryan4yin/nix-config/tree/main/secrets) that only I have access to. You may use this repo as a reference to build your own configuration.
+> :red_circle: **IMPORTANT**: **You should NOT deploy this flake directly on your machine
+> :exclamation: It will not succeed.** This flake contains my hardware configuration(such as
+> [hardware-configuration.nix](hosts/idols-ai/hardware-configuration.nix),
+> [cifs-mount.nix](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols_ai/cifs-mount.nix),
+> [Nvidia Support](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols-ai/default.nix#L77-L91),
+> etc.) which is not suitable for your hardwares, and requires my private secrets repository
+> [ryan4yin/nix-secrets](https://github.com/ryan4yin/nix-config/tree/main/secrets) to deploy. You
+> may use this repo as a reference to build your own configuration.

 For NixOS:

-> To deploy this flake from NixOS's official ISO image(purest installation method), please refer to [./nixos-installer/](./nixos-installer/)
+> To deploy this flake from NixOS's official ISO image(purest installation method), please refer to
+> [./nixos-installer/](./nixos-installer/)

 > Need to restart the machine when switching between `wayland` and `xorg`.

 ```bash
 # deploy one of the configuration based on the hostname
-sudo nixos-rebuild switch --flake .#ai_i3
-# sudo nixos-rebuild switch --flake .#ai_hyprland
+# sudo nixos-rebuild switch --flake .#ai_i3
+sudo nixos-rebuild switch --flake .#ai-hyprland

 # deploy via `just`(a command runner with similar syntax to make) & Justfile
-just i3    # deploy my pc with i3 window manager
-# just hypr  # deploy my pc with hyprland compositor
+# just i3    # deploy my pc with i3 window manager
+just hypr  # deploy my pc with hyprland compositor

 # or we can deploy with details
-just i3 debug
-# just hypr-debug
+# just i3 debug
+just hypr-debug
 ```

 For macOS:

 ```bash
-# deploy harmonica's configuration(macOS Intel)
-just ha
-
 # If you are deploying for the first time,
-# enter a shell with essential packages available
-# nix shell nixpkgs#just nixpkgs#git
+# 1. install nix & homebrew manually.
+# 2. prepare the deployment environment with essential packages available
+nix-shell -p just nushell
+# 3. comment home-manager's code in lib/macosSystem.nix to speed up the first deplyment.
+# 4. comment out the proxy settings in scripts/darwin_set_proxy.py if the proxy is not ready yet.
+
+# 4. deploy harmonica's configuration(macOS Intel)
+just ha

 # deploy fern's configuration(Apple Silicon)
 just fe
@@ -125,35 +152,8 @@ just ha debug
 # just fe debug
 ```

-> [What y'all will need when Nix drives you to drink.](https://www.youtube.com/watch?v=Eni9PPPPBpg) (copy from hlissner's dotfiles, it really matches my feelings when I first started using NixOS...)
-
-## How to create & managage VM from this flake?
-
-use `aquamarine` as an example, we can create a virtual machine with the following command:
-
-```shell
-# 1. generate a proxmox vma image file
-nom build .#aquamarine  # `nom`(nix-output-monitor) can be replaced by the standard command `nix`
-
-# 2. upload the genereated image to proxmox server's backup directory `/var/lib/vz/dump`
-#    please replace the vma file name with the one you generated in step 1.
-rsync -avz --progress --copy-links result root@gtr5:/var/lib/vz/dump/vzdump-qemu-aquamarine.vma.zst
-
-# 3. the image we uploaded will be listed in proxmox web ui's this page: [storage 'local'] -> [backups], we can restore a vm from it via the web ui now.
-```
-
-Once the virtual machine `aquamarine` is created, we can deploy updates to it with the following commands:
-
-```shell
-# 1. add the ssh key to ssh-agent
-ssh-add /etc/agenix/ssh-key-romantic
-
-# 2. deploy the configuration to all the remote host with tag `@dist-build`
-# using the ssh key we added in step 1
-colmena apply --on '@dist-build' --show-trace
-```
-
-If you're not familiar with remote deployment, please read this tutorial first: [Remote Deployment - NixOS & Flakes Book](https://nixos-and-flakes.thiscute.world/best-practices/remote-deployment)
+> [What y'all will need when Nix drives you to drink.](https://www.youtube.com/watch?v=Eni9PPPPBpg)
+> (copy from hlissner's dotfiles, it really matches my feelings when I first started using NixOS...)

 ## References

@@ -168,16 +168,22 @@ Other dotfiles that inspired me:
  - [davidtwco/veritas](https://github.com/davidtwco/veritas)
  - [gvolpe/nix-config](https://github.com/gvolpe/nix-config)
  - [Ruixi-rebirth/flakes](https://github.com/Ruixi-rebirth/flakes)
-  - [fufexan/dotfiles](https://github.com/fufexan/dotfiles): gtk theme, xdg, git, media, anyrun, etc.
+  - [fufexan/dotfiles](https://github.com/fufexan/dotfiles): gtk theme, xdg, git, media, anyrun,
+    etc.
+  - [nix-community/srvos](https://github.com/nix-community/srvos): a collection of opinionated and
+    sharable NixOS configurations for servers
 - Modularized NixOS Configuration
  - [hlissner/dotfiles](https://github.com/hlissner/dotfiles)
  - [viperML/dotfiles](https://github.com/viperML/dotfiles)
 - Hyprland(wayland)
-  - [notwidow/hyprland](https://github.com/notwidow/hyprland): This is where I start my hyprland journey.
-  - [HeinzDev/Hyprland-dotfiles](https://github.com/HeinzDev/Hyprland-dotfiles): Refer to the waybar configuration here.
+  - [notwidow/hyprland](https://github.com/notwidow/hyprland): This is where I start my hyprland
+    journey.
+  - [HeinzDev/Hyprland-dotfiles](https://github.com/HeinzDev/Hyprland-dotfiles): Refer to the waybar
+    configuration here.
  - [linuxmobile/kaku](https://github.com/linuxmobile/kaku)
 - I3 Window Manager
-  - [endeavouros-i3wm-setup](https://github.com/endeavouros-team/endeavouros-i3wm-setup): I started using i3 here, and my i3 configuration is also based on it, but made a lot of changes.
+  - [endeavouros-i3wm-setup](https://github.com/endeavouros-team/endeavouros-i3wm-setup): I started
+    using i3 here, and my i3 configuration is also based on it, but made a lot of changes.
  - [denisse-dev/dotfiles](https://github.com/denisse-dev/dotfiles)
 - Neovim/AstroNvim
  - [maxbrunet/dotfiles](https://github.com/maxbrunet/dotfiles): astronvim with nix flakes.
@@ -203,6 +209,7 @@ Other dotfiles that inspired me:
 [DoomEmacs]: https://github.com/doomemacs/doomemacs
 [flameshot]: https://github.com/flameshot-org/flameshot
 [grim]: https://github.com/emersion/grim
+[flameshot]: https://github.com/flameshot-org/flameshot
 [imv]: https://sr.ht/~exec64/imv/
 [OBS]: https://obsproject.com
 [Mako]: https://github.com/emersion/mako
@@ -0,0 +1,20 @@
+## How to create & managage KubeVirt's Virtual Machine from this flake?
+
+Use `aquamarine` as an example, we can create a virtual machine with the following command:
+
+```shell
+just upload-vm aquamarine
+```
+
+Then create the virtual machine by creating a yaml file at
+[ryan4yin/k8s-gitops](https://github.com/ryan4yin/k8s-gitops/tree/main/vms)
+
+Once the virtual machine `aquamarine` is created, we can deploy updates to it with the following
+commands:
+
+```shell
+just col aquamarine
+```
+
+If you're not familiar with remote deployment, please read this tutorial first:
+[Remote Deployment - NixOS & Flakes Book](https://nixos-and-flakes.thiscute.world/best-practices/remote-deployment)
@@ -1,17 +0,0 @@
-rec {
-  # user information
-  username = "ryan";
-  userfullname = "Ryan Yin";
-  useremail = "xiaoyin_c@qq.com";
-
-  allSystemAttrs = {
-    # linux systems
-    x64_system = "x86_64-linux";
-    riscv64_system = "riscv64-linux";
-    aarch64_system = "aarch64-linux";
-    #darwin systems
-    x64_darwin = "x86_64-darwin";
-    aarch64_darwin = "aarch64-darwin";
-  };
-  allSystems = builtins.attrValues allSystemAttrs;
-}
@@ -1,5 +1,5 @@
 {
-  description = "NixOS & macOS configuration of Ryan Yin";
+  description = "Ryan Yin's nix configuration for both NixOS & macOS";

  ##################################################################################################################
  #
@@ -8,68 +8,7 @@
  #
  ##################################################################################################################

-  # The `outputs` function will return all the build results of the flake.
-  # A flake can have many use cases and different types of outputs,
-  # parameters in `outputs` are defined in `inputs` and can be referenced by their names.
-  # However, `self` is an exception, this special parameter points to the `outputs` itself (self-reference)
-  # The `@` syntax here is used to alias the attribute set of the inputs's parameter, making it convenient to use inside the function.
-  outputs = inputs @ {
-    self,
-    nixpkgs,
-    pre-commit-hooks,
-    ...
-  }: let
-    constants = import ./constants.nix;
-
-    # `lib.genAttrs [ "foo" "bar" ] (name: "x_" + name)` => `{ foo = "x_foo"; bar = "x_bar"; }`
-    forEachSystem = func: (nixpkgs.lib.genAttrs constants.allSystems func);
-
-    allSystemConfigurations = import ./systems {inherit self inputs constants;};
-  in
-    allSystemConfigurations
-    // {
-      # format the nix code in this flake
-      # alejandra is a nix formatter with a beautiful output
-      formatter = forEachSystem (
-        system: nixpkgs.legacyPackages.${system}.alejandra
-      );
-
-      # pre-commit hooks for nix code
-      checks = forEachSystem (
-        system: {
-          pre-commit-check = pre-commit-hooks.lib.${system}.run {
-            src = ./.;
-            hooks = {
-              alejandra.enable = true; # formatter
-              # deadnix.enable = true; # detect unused variable bindings in `*.nix`
-              # statix.enable = true; # lints and suggestions for Nix code(auto suggestions)
-              # prettier = {
-              #   enable = true;
-              #   excludes = [".js" ".md" ".ts"];
-              # };
-            };
-          };
-        }
-      );
-      devShells = forEachSystem (
-        system: let
-          pkgs = nixpkgs.legacyPackages.${system};
-        in {
-          default = pkgs.mkShell {
-            packages = with pkgs; [
-              # fix https://discourse.nixos.org/t/non-interactive-bash-errors-from-flake-nix-mkshell/33310
-              bashInteractive
-              # fix `cc` replaced by clang, which causes nvim-treesitter compilation error
-              gcc
-            ];
-            name = "dots";
-            shellHook = ''
-              ${self.checks.${system}.pre-commit-check.shellHook}
-            '';
-          };
-        }
-      );
-    };
+  outputs = inputs: import ./outputs inputs;

  # the nixConfig here only affects the flake itself, not the system configuration!
  # for more information, see:
@@ -96,7 +35,7 @@
    # There are many ways to reference flake inputs. The most widely used is github:owner/name/reference,
    # which represents the GitHub repository URL + branch/commit-id/tag.

-    # Official NixOS package source, using nixos's stable branch by default
+    # Official NixOS package source, using nixos's unstable branch by default
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.11";
@@ -147,15 +86,20 @@
    };
    # secrets management
    agenix = {
-      # lock with git commit at 0.14.0
-      url = "github:ryantm/agenix/54693c91d923fecb4cf04c4535e3d84f8dec7919";
+      # lock with git commit at 0.15.0
+      # url = "github:ryantm/agenix/564595d0ad4be7277e07fa63b5a991b3c645655d";
      # replaced with a type-safe reimplementation to get a better error message and less bugs.
-      # url = "github:ryan4yin/ragenix";
+      url = "github:ryan4yin/ragenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    nix-gaming.url = "github:fufexan/nix-gaming";

+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    # add git hooks to format nix code before commit
    pre-commit-hooks = {
      url = "github:cachix/pre-commit-hooks.nix";
@@ -164,6 +108,21 @@

    nuenv.url = "github:DeterminateSystems/nuenv";

+    daeuniverse.url = "github:daeuniverse/flake.nix";
+    # daeuniverse.url = "github:daeuniverse/flake.nix/exp";
+
+    attic.url = "github:zhaofengli/attic";
+
+    haumea = {
+      url = "github:nix-community/haumea/v0.2.2";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    microvm = {
+      url = "github:astro/microvm.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    ########################  Some non-flake repositories  #########################################

    # AstroNvim is an aesthetic and feature-rich neovim config.
@@ -3,4 +3,3 @@
 1. `base`: The base module that is suitable for both Linux and macOS.
 2. `linux`: Linux-specific configuration.
 3. `darwin`: macOS-specific configuration.
-
@@ -3,4 +3,3 @@
 1. `server`: Configuration which is suitable for both servers and desktops.
 1. `desktop`: Configuration for desktop environments, such as Hyprland, I3, etc.
 1. `core.nix`: Minimal home-manager's config
-
@@ -12,13 +12,21 @@

    kubectl
    istioctl
+    kubevirt # virtctl
    kubernetes-helm
+    fluxcd
+    argocd
  ];

  programs = {
    k9s = {
      enable = true;
-      skin = let
+      # https://k9scli.io/topics/aliases/
+      # aliases = {};
+      settings = {
+        skin = "catppuccino-mocha";
+      };
+      skins.catppuccin-mocha = let
        skin_file = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-k9s}/dist/mocha.yml"; # theme - catppuccin mocha
        skin_attr = builtins.fromJSON (
          builtins.readFile
@@ -1,49 +1,17 @@
 {
  pkgs,
+  attic,
  nur-ryan4yin,
  ...
 }: {
  home.packages = with pkgs; [
-    neofetch
-
-    # networking tools
-    mtr # A network diagnostic tool
-    iperf3
-    dnsutils # `dig` + `nslookup`
-    ldns # replacement of `dig`, it provide the command `drill`
-    aria2 # A lightweight multi-protocol & multi-source command-line download utility
-    socat # replacement of openbsd-netcat
-    nmap # A utility for network discovery and security auditing
-    ipcalc # it is a calculator for the IPv4/v6 addresses
-
-    # archives
-    zip
-    xz
-    unzip
-    p7zip
-
-    # misc
+    # Misc
    tldr
    cowsay
-    file
-    findutils
-    which
-    tree
-    gnutar
-    zstd
    gnupg
-    rsync
-
-    # Text Processing
-    # Docs: https://github.com/learnbyexample/Command-line-text-processing
-
-    gnugrep # GNU grep, provides `grep`/`egrep`/`fgrep`
-    gnused # GNU sed, very powerful(mainly for replacing text in files)
    gnumake
-    gawk # GNU awk, a pattern scanning and processing language
-    jq # A lightweight and flexible command-line JSON processor

-    # morden cli tools, replacement of grep/sed/...
+    # Morden cli tools, replacement of grep/sed/...

    # Interactively filter its input using fuzzy searching, not limit to filenames.
    fzf
@@ -66,7 +34,6 @@
    doggo # DNS client for humans
    duf # Disk Usage/Free Utility - a better 'df' alternative
    du-dust # A more intuitive version of `du` in rust
-    ncdu # analyzer your disk usage Interactively, via TUI(replacement of `du`)
    gdu # disk usage analyzer(replacement of `du`)

    # nix related
@@ -74,10 +41,20 @@
    # it provides the command `nom` works just like `nix
    # with more details log output
    nix-output-monitor
+    hydra-check # check hydra(nix's build farm) for the build status of a package
+    nix-index # A small utility to index nix store paths
+    nix-init # generate nix derivation from url
+    # https://github.com/nix-community/nix-melt
+    nix-melt # A TUI flake.lock viewer
+    # https://github.com/utdemir/nix-tree
+    nix-tree # A TUI to visualize the dependency graph of a nix derivation

    # productivity
    caddy # A webserver with automatic HTTPS via Let's Encrypt(replacement of nginx)
    croc # File transfer between computers securely and easily
+    # self-hosted nix cache server
+    attic.packages.${pkgs.system}.attic-client
+    ncdu # analyzer your disk usage Interactively, via TUI(replacement of `du`)
  ];

  programs = {
@@ -1,4 +1,3 @@
 # Editors

 See [desktop/editors/](../../desktop/editors/) for more details.
-
@@ -2,8 +2,7 @@
  config,
  lib,
  pkgs,
-  userfullname,
-  useremail,
+  myvars,
  ...
 }: {
  # `programs.git` will generate the config file: ~/.config/git/config
@@ -21,8 +20,8 @@
    enable = true;
    lfs.enable = true;

-    userName = userfullname;
-    userEmail = useremail;
+    userName = myvars.userfullname;
+    userEmail = myvars.useremail;

    includes = [
      {
@@ -0,0 +1,13 @@
+_: {
+  # use mirror for pip install
+  xdg.configFile."pip/pip.conf".text = ''
+    [global]
+    index-url = https://mirrors.ustc.edu.cn/pypi/web/simple
+    format = columns
+  '';
+
+  # xdg.configFile."pip/pip.conf".text = ''
+  #   [global]
+  #   index-url = https://mirrors.bfsu.edu.cn/pypi/web/simple
+  # '';
+}
@@ -1,27 +0,0 @@
-{pkgs, ...}: {
-  home.packages = with pkgs;
-    [
-      # general tools
-      pulumi
-      pulumictl
-      packer # machine image builder
-
-      # aws
-      awscli2
-      ssm-session-manager-plugin # Amazon SSM Session Manager Plugin
-      aws-iam-authenticator
-      eksctl
-
-      # aliyun
-      aliyun-cli
-    ]
-    ++ (
-      if pkgs.stdenv.isLinux
-      then [
-        # cloud tools that nix do not have cache for.
-        terraform
-        terraformer # generate terraform configs from existing cloud resources
-      ]
-      else []
-    );
-}
@@ -1,71 +0,0 @@
-{
-  pkgs,
-  pkgs-unstable,
-  ...
-}: {
-  #############################################################
-  #
-  #  Basic settings for development environment
-  #
-  #  Please avoid to install language specific packages here(globally),
-  #  instead, install them:
-  #     1. per IDE, such as `programs.neovim.extraPackages`
-  #     2. per-project, using https://github.com/the-nix-way/dev-templates
-  #
-  #############################################################
-
-  home.packages = with pkgs;
-    [
-      # db related
-      dbeaver
-      mycli
-      pgcli
-      mongosh
-      sqlite
-
-      # embedded development
-      minicom
-
-      # ai related
-      python311Packages.huggingface-hub # huggingface-cli
-
-      # misc
-      pkgs-unstable.devbox
-      bfg-repo-cleaner # remove large files from git history
-      k6 # load testing tool
-      protobuf # protocol buffer compiler
-      nix-init # generate nix package from url
-
-      # solve coding extercises - learn by doing
-      exercism
-    ]
-    ++ (
-      if pkgs.stdenv.isLinux
-      then [
-        # Automatically trims your branches whose tracking remote refs are merged or gone
-        # It's really useful when you work on a project for a long time.
-        git-trim
-
-        # need to run `conda-install` before using it
-        # need to run `conda-shell` before using command `conda`
-        # conda is not available for MacOS
-        conda
-
-        mitmproxy # http/https proxy tool
-        insomnia # REST client
-        wireshark # network analyzer
-      ]
-      else []
-    );
-
-  programs = {
-    direnv = {
-      enable = true;
-      nix-direnv.enable = true;
-
-      enableZshIntegration = true;
-      enableBashIntegration = true;
-      enableNushellIntegration = true;
-    };
-  };
-}
@@ -1,24 +0,0 @@
-# Structured Editing
-
-## S-expression data(Lisp)
-
- paredit/[lispy](https://github.com/doomemacs/doomemacs/tree/master/modules/editor/lispy): too complex.
- [evil-cleverparens](https://github.com/emacs-evil/evil-cleverparens): simple and useful.
- [parinfer(par-in-fer)](https://shaunlebron.github.io/parinfer/): morden, simple, elegant and useful, but works not well with some other completion plugins...
-    - to make parinfer works, you should disable sexp & smartparens in any lisp mode.
-
-Some plugins:
-
- Emacs
-    - [parinfer-rusT-mode](https://github.com/justinbarclay/parinfer-rust-mode)
- Neovim
-    - [parinfer-rust](https://github.com/eraserhd/parinfer-rust)
-    - <https://github.com/Olical/conjure>
- Helix
-    - [parinfer #4090 - Helix](https://github.com/helix-editor/helix/discussions/4090)
-
-## Other Languages
-
-1. treesitter
-1. ...
-
@@ -1,43 +0,0 @@
-# Helix Editor
-
-Neovim is really powerful, and have a very active community. I use it as my main editor, and I'm very happy with it. I use it for everything, from writing code to writing this document.
-
-But its configuration is a bit complex, and finding the right plugins, writing configurations, and keeping everything up to date is not easy.
-
-That's why I'm interested in Helix, Helix is similar to Neovim, but it's more opinionated, and it's batteries included.
-Whether I'll switch my main editor to Helix or not, it gives me a lot of ideas on how to improve my Neovim workflow.
-
-## Tutorial
-
-Use `:tutor` in helix to start the tutorial.
-
-## Differences between Neovim and Helixer
-
-1. Selecting first, then action.
-    1. Helix: delete 2 word: `2w` then `x`. You can always see what you're selecting before you apply the action.
-    2. Neovim: delete 2 word: `d`. then `2w`. No visual feedback before you apply the action.
-1. Helix - Morden builtin features: LSP, tree-sitter, fuzzy finder, multi cursors, surround and more.
-    1. They're all available in Neovim too, but you need to find and use the right plugins manually, which takes time and effort.
-1. Helix is built in Rust from scratch. The result is a much smaller codebase and a modern set of defaults. No VimScript. No Lua.
-    1. Neovim contains a lot of VimScript, and lua is too dynamic, it's hard to debug.
-    1. Personally I'm glad to take a look at a Rust codebase, but not a VimScript/Lua codebase.
-1. Neovim have a very activate plugin ecosystem, and it's easy to find plugins for almost everything.
-    1. Helix is still new, and it even do have a stable plugin system yet. A PR to add a plugin system is still envolving: <https://github.com/helix-editor/helix/pull/8675>
-2. Neovim has intergrated terminal, and it's very powerful. It's quite similar to VSCode's intergrated terminal. I use it a lot.
-    1. Helix doesn't have a intergrated terminal yet, as it's complicated to implement. Users are recommended to use tmux/Zellij or Wezterm/Kitty to implement this feature instead.
-    1. <https://github.com/helix-editor/helix/issues/1976#issuecomment-1091074719>
-    1. <https://github.com/helix-editor/helix/pull/4649>
-    1. **My Neovim often gets stuck when I switch to [toggleterm.nvim](https://github.com/akinsho/toggleterm.nvim), this Helix issue made me consider to switch from this Neovim plugin to Zellij**.
-1. Helix do not have a tree-view panel, it's recommended to use Yazi/ranger/Broot instead, and open Helix in them.
-    1. a tree-view plugin may be added after the plugin system is stable, but no one knows when it will be.
-    2. and some Helix users stated that they don't need a tree-view plugin, Helix's file picker is useful and good enough.
-1. It seems Helix lacks a global substitution command, you should run it in another window(via wm or Zellij).
-    1. <https://github.com/helix-editor/helix/issues/196>
-    1. Neovim's substitution command allow you to preview the changes before you apply it, and it's very useful. if I switch to Helix, I'll need to find some other tools with similar feature(such as https://github.com/ms-jpq/sad).
-1. Complexity and Maintenance Costs vs Batteries Included: <https://github.com/helix-editor/helix/discussions/6356>
-
-
-I think Use Helix/Neovim within a terminal file manager(Yazi/ranger/Broot) and Zellij is a good idea. 
-It's quite different from the workflow I migrated from VSCode/JetBrains before, I'm very interested in it.
-
-In Neovim I can make the workflow similar to VSCode/JetBrains by using some plugins, but Helix forces me to get out of my comfort zone, and try something new.
@@ -1,140 +0,0 @@
-{pkgs, ...}: {
-  nixpkgs.config = {
-    programs.npm.npmrc = ''
-      prefix = ''${HOME}/.npm-global
-    '';
-  };
-
-  home.packages = with pkgs;
-    [
-      #-- c/c++
-      cmake
-      cmake-language-server
-      gnumake
-      checkmake
-      # c/c++ compiler, required by nvim-treesitter!
-      gcc
-      # c/c++ tools with clang-tools, the unwrapped version won't
-      # add alias like `cc` and `c++`, so that it won't conflict with gcc
-      llvmPackages.clang-unwrapped
-      lldb
-
-      #-- python
-      nodePackages.pyright # python language server
-      (python311.withPackages (
-        ps:
-          with ps; [
-            ruff-lsp
-            black # python formatter
-
-            jupyter
-            ipython
-            pandas
-            requests
-            pyquery
-            pyyaml
-
-            ## emacs's lsp-bridge dependenciesge
-            epc
-            orjson
-            sexpdata
-            six
-            setuptools
-            paramiko
-            rapidfuzz
-          ]
-      ))
-
-      #-- rust
-      rust-analyzer
-      cargo # rust package manager
-      rustfmt
-
-      #-- zig
-      zls
-
-      #-- nix
-      nil
-      rnix-lsp
-      # nixd
-      statix # Lints and suggestions for the nix programming language
-      deadnix # Find and remove unused code in .nix source files
-      alejandra # Nix Code Formatter
-
-      #-- golang
-      go
-      gomodifytags
-      iferr # generate error handling code for go
-      impl # generate function implementation for go
-      gotools # contains tools like: godoc, goimports, etc.
-      gopls # go language server
-      delve # go debugger
-
-      # -- java
-      jdk17
-      gradle
-      maven
-      spring-boot-cli
-
-      #-- lua
-      stylua
-      lua-language-server
-
-      #-- bash
-      nodePackages.bash-language-server
-      shellcheck
-      shfmt
-
-      #-- javascript/typescript --#
-      nodePackages.nodejs
-      nodePackages.typescript
-      nodePackages.typescript-language-server
-      # HTML/CSS/JSON/ESLint language servers extracted from vscode
-      nodePackages.vscode-langservers-extracted
-      nodePackages."@tailwindcss/language-server"
-      emmet-ls
-
-      #-- CloudNative
-      nodePackages.dockerfile-language-server-nodejs
-      # terraform  # install via brew on macOS
-      terraform-ls
-      jsonnet
-      jsonnet-language-server
-      hadolint # Dockerfile linter
-
-      # -- Lisp like Languages
-      guile
-      racket-minimal
-      fnlfmt # fennel
-
-      #-- Others
-      taplo # TOML language server / formatter / validator
-      nodePackages.yaml-language-server
-      sqlfluff # SQL linter
-      actionlint # GitHub Actions linter
-      buf # protoc plugin for linting and formatting
-      proselint # English prose linter
-
-      #-- Misc
-      tree-sitter # common language parser/highlighter
-      nodePackages.prettier # common code formatter
-      marksman # language server for markdown
-      glow # markdown previewer
-      fzf
-      pandoc # document converter
-      hugo # static site generator
-
-      #-- Optional Requirements:
-      gdu # disk usage analyzer, required by AstroNvim
-      (ripgrep.override {withPCRE2 = true;}) # recursively searches directories for a regex pattern
-    ]
-    ++ (
-      if pkgs.stdenv.isDarwin
-      then []
-      else [
-        #-- verilog / systemverilog
-        verible
-        gdb
-      ]
-    );
-}
@@ -1,47 +0,0 @@
-# Password Manager
-
- https://www.passwordstore.org/
- [awesome-password-store](https://github.com/tijn/awesome-password-store)
- <https://github.com/gopasspw/gopass>: reimplement in go, with more features.
- Clients
-  - Android: <https://github.com/android-password-store/Android-Password-Store>
-  - Brosers(Chrome/Firefox): <https://github.com/browserpass/browserpass-extension>
-
-## How to change the gpg key of the pass password store?
-
-To ensure security, we should change the GPG key every two or three years. Here is how to do this.
-
-1. Create a new GPG key pair and backup it to a safe place.
-2. Ensure you can access both the old and new GPG keys.
-3. Update `./default.nix` to use the new GPG sub keys.
-4. Check which Key `pass` currently uses:
-
-    ```bash
-    cd ~/.local/share/password-store/
-    # check which key is used by pass
-    cat .gpg-id
-    # check which key is really used to encrypt the password
-    gpg --list-packets path/to/any/password.gpg
-    ```
-4. Change the key used by `pass`:
-    ```bash
-    # change the key used by pass, see `man pass` for more details
-    # you will be asked to enter the password of both the new and old keys
-    # then pass will re-encrypt all the passwords with the new key
-    pass init <new-key-id>
-    ```
-5. Check if the key is changed:
-    ```bash
-    # check which key is used by pass
-    cat .gpg-id
-    # check which key is really used to encrypt the password
-    gpg --list-packets path/to/any/password.gpg
-    ```
-6. Delete the old GPG key pair:
-    ```bash
-    # delete the old key pair
-    gpg --delete-secret-keys <old-key-id>
-    gpg --delete-keys <old-key-id>
-    ```
-
-
@@ -1,73 +0,0 @@
-# Termianl Emulators
-
-I used to spend a lot of time on terminal emulators, to make them match my taste, 
-but now I found that it's not worth it, **Zellij can provide a user-friendly and unified user experience for all terminal emulators! without any pain**!
-
-Currently, I only use the most basic features of terminal emulators, such as true color, graphics protocol, etc.
-Other features such as tabs, scrollback buffer, select/search/copy, etc, are all provided by zellij!
-
-My current terminal emulators are:
-
-1. kitty: My main terminal emulator.
-    1. to select/copy a large mount of text, We should do some tricks via kitty's `scrollback_pager` with neovim, it's really painful: <https://github.com/kovidgoyal/kitty/issues/719>
-2. wezterm: My secondary terminal emulator.
-    1. its search ability is very basic, and it's not easy to use.
-    1. its scrollback buffer's copy mode is very like vim, which is nice, but zellij's even better, it can use neovim as its default scrollback buffer's editor without any pain!
-3. foot: a fast, lightweight and minimalistic Wayland terminal emulator.
-    1. foot only do the things a terminal emulator should do, no more, no less.
-    1. It's really suitable for tiling window manager or zellij users!
-
-## 'xterm-kitty': unknown terminal type when `ssh` into a remote host or `sudo xxx`
-
-> https://sw.kovidgoyal.net/kitty/faq/#i-get-errors-about-the-terminal-being-unknown-or-opening-the-terminal-failing-or-functional-keys-like-arrow-keys-don-t-work
-
-> https://wezfurlong.org/wezterm/config/lua/config/term.html
-
-kitty set `TERM` to `xterm-kitty` by default, and TUI apps like `viu`, `yazi`, `curses` will try to search in the host's [terminfo(terminal capability data base)](https://linux.die.net/man/5/terminfo) for value of `TERM` to determine the capabilities of the terminal.
-
-But when you `ssh` into a remote host, the remote host is very likely to not have `xterm-kitty` in its terminfo, so you will get this error:
-
-```
-'xterm-kitty': unknown terminal type
-```
-
-Or when you `sudo xxx`, `sudo` won't preserve the `TERM` variable, it will be reset to root's default `TERM` value, which is `xterm` or `xterm-256color` in most linux distributions, so you will get this error:
-
-```
-'xterm-256color': unknown terminal type
-```
-
-or 
-
-```
-Error opening terminal: xterm-kitty.
-```
-
-NixOS preserve the `TERMINFO` and `TERMINFO_DIRS` environment variables, for `root` and the `wheel` group: [nixpkgs/nixos/modules/config/terminfo.nix](https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/config/terminfo.nix#L18)
-
-For nix-darwin, take a look at <https://github.com/LnL7/nix-darwin/wiki/Terminfo-issues>
-
-### Solutions
-
-Simplest solution, it will automatically copy over the terminfo files and also magically enable shell integration on the remote machine: 
-
-```
-kitten ssh user@host
-```
-
-Or if you do not care about kitty's features(such as true color & graphics protocol), you can simply set `TERM` to `xterm-256color`, which is built-in in most linux distributions:
-
-```
-export TERM=xterm-256color
-```
-
-If you need kitty's features, but do not like the magic of `kitten`, you can manually install kitty's terminfo on the remote host:
-
-```bash
-# install on ubuntu / debian
-sudo apt-get install kitty-terminfo
-
-# or copy from local machine
-infocmp -a xterm-kitty | ssh myserver tic -x -o \~/.terminfo /dev/stdin
-```
-
@@ -1,110 +0,0 @@
-{pkgs, ...}:
-###########################################################
-#
-# Wezterm Configuration
-#
-# Useful Hot Keys for Linux(replace `ctrl + shift` with `cmd` on macOS)):
-#   1. Increase Font Size: `ctrl + shift + =` | `ctrl + shift + +`
-#   2. Decrease Font Size: `ctrl + shift + -` | `ctrl + shift + _`
-#   3. And Other common shortcuts such as Copy, Paste, Cursor Move, etc.
-#
-# Default Keybindings: https://wezfurlong.org/wezterm/config/default-keys.html
-#
-###########################################################
-{
-  # wezterm has catppuccin theme built-in,
-  # it's not necessary to install it separately.
-
-  # we can add wezterm as a flake input once this PR is merged:
-  #    https://github.com/wez/wezterm/pull/3547
-
-  programs.wezterm =
-    {
-      enable = false; # disable
-
-      # TODO: Fix: https://github.com/wez/wezterm/issues/4483
-      # package = pkgs.wezterm.override { };
-
-      extraConfig = let
-        fontsize =
-          if pkgs.stdenv.isDarwin
-          then "14.0"
-          else "13.0";
-      in ''
-        -- Pull in the wezterm API
-        local wezterm = require 'wezterm'
-
-        -- This table will hold the configuration.
-        local config = {}
-
-        -- In newer versions of wezterm, use the config_builder which will
-        -- help provide clearer error messages
-        if wezterm.config_builder then
-          config = wezterm.config_builder()
-        end
-
-        wezterm.on('toggle-opacity', function(window, pane)
-          local overrides = window:get_config_overrides() or {}
-          if not overrides.window_background_opacity then
-            overrides.window_background_opacity = 0.93
-          else
-            overrides.window_background_opacity = nil
-          end
-          window:set_config_overrides(overrides)
-        end)
-
-        wezterm.on('toggle-maximize', function(window, pane)
-          window:maximize()
-        end)
-
-        -- This is where you actually apply your config choices
-        config.color_scheme = "Catppuccin Mocha"
-        config.font = wezterm.font_with_fallback {
-          "JetBrainsMono Nerd Font",
-          "FiraCode Nerd Font",
-
-          -- To avoid 'Chinese characters displayed as variant (Japanese) glyphs'
-          "Source Han Sans SC",
-          "Source Han Sans TC"
-        }
-
-        config.hide_tab_bar_if_only_one_tab = true
-        config.scrollback_lines = 10000
-        config.enable_scroll_bar = true
-        config.term = 'wezterm'
-
-        config.keys = {
-          -- toggle opacity(CTRL + SHIFT + B)
-          {
-            key = 'B',
-            mods = 'CTRL',
-            action = wezterm.action.EmitEvent 'toggle-opacity',
-          },
-          {
-            key = 'M',
-            mods = 'CTRL',
-            action = wezterm.action.EmitEvent 'toggle-maximize',
-          },
-        }
-        config.font_size = ${fontsize}
-
-        -- To resolve issues:
-        --   1. https://github.com/ryan4yin/nix-config/issues/26
-        --   2. https://github.com/ryan4yin/nix-config/issues/8
-        -- Spawn a nushell in login mode via `bash`
-        config.default_prog = { '${pkgs.bash}/bin/bash', '--login', '-c', 'nu --login --interactive' }
-
-        return config
-      '';
-    }
-    // (
-      if pkgs.stdenv.isDarwin
-      then {
-        # install wezterm via homebrew on macOS to avoid compilation, dummy package here.
-        # package = pkgs.hello;
-        enableBashIntegration = false;
-        enableZshIntegration = false;
-      }
-      else {}
-    );
-}
@@ -1,39 +0,0 @@
-# Zellij - A workspace lives in your terminal
-
-Zellij is a terminal workspace with batteries included.
-At its core, it is a terminal multiplexer (similar to tmux and screen), but this is merely its infrastructure layer.
-
-Zellij is very user-friendly and easy to use, with a step-by-step hint system that will help you get to know the keybindings, which is very like the Neovim or helix.
-
-> By contrast, tmux's key design is counterintuitive, there is no prompt system, and the plug-in performance is rubbish. It's really a pain to use.
-> tmux's inital release was in 2007, it's too old, I would recommend any users that do not have a experience with multiplexer to use zellij instead of tmux.
-
-## Why use zellij as the detault terminal environment?
-
-By auto start zellij on shell login, and exit the shell session on zellij exit, we can use zellij as the default terminal environment.
-
-By this way, We will only use the most basic features of the terminal emulator(kitty/alacritty/wezterm/...),
-while most of the functions of terminal are provided by zellij.
-Thus we can easily switch to any terminal emulator without losing any key functions,
-and do not need to take care of the differences between different terminal emulators.
-
-And Zellij can be used not only locally, but also on any remote server, which is very convenient. Learn once and use everywhere!
-
-> Yeah, you didn't misread it, zellij is very suitable for not only remotely, but also locally!
-
-Some features such as search/copy/scrollback in different terminal emulators are implemented in different ways, and has different user experience.
-For example, Wezterm's default search function is very basic, and it's not easy to use. Kitty's scrollback search/copy is really tricky to use.
-As for some Editor such as Neovim, its intergrated terminal is really useful, but zellij is more powerful and useful than it, and more stable!
-Zellij overcomes these problems, and provides a unified user experience for all terminal emulators!
-
-Teminal emulators should only be responsible for displaying characters.
-
-## Passthrough mode(Lock Mode)
-
-`Ctrl + g` lock the outer zellij interface, and all keys will be sent to the focused pane.
-
-It's extremely useful when you want to:
-
-1. Use zellij locally for daily work, and use a remote zellij via ssh to do some work on the remote server.
-1. To avoid the key conflicts between zellij and the program running in the terminal, such as vim, tmux, etc.
-
@@ -0,0 +1,14 @@
+{
+  pkgs,
+  ...
+}: {
+  home.packages = with pkgs; [
+    # db related
+    dbeaver
+
+    mitmproxy # http/https proxy tool
+    insomnia # REST client
+    wireshark # network analyzer
+    ventoy # create bootable usb
+  ];
+}
@@ -0,0 +1,86 @@
+# Terminal Emulators
+
+I used to spend a lot of time on terminal emulators, to make them match my taste, but now I found
+that it's not worth it, **Zellij can provide a user-friendly and unified user experience for all
+terminal emulators! without any pain**!
+
+Currently, I only use the most basic features of terminal emulators, such as true color, graphics
+protocol, etc. Other features such as tabs, scrollback buffer, select/search/copy, etc, are all
+provided by zellij!
+
+My current terminal emulators are:
+
+1. kitty: My main terminal emulator.
+   1. to select/copy a large mount of text, We should do some tricks via kitty's `scrollback_pager`
+      with neovim, it's really painful: <https://github.com/kovidgoyal/kitty/issues/719>
+2. wezterm: My secondary terminal emulator.
+   1. its search ability is very basic, and it's not easy to use.
+   1. its scrollback buffer's copy mode is very like vim, which is nice, but zellij's even better,
+      it can use neovim as its default scrollback buffer's editor without any pain!
+3. foot: a fast, lightweight and minimalistic Wayland terminal emulator.
+   1. foot only do the things a terminal emulator should do, no more, no less.
+   1. It's really suitable for tiling window manager or zellij users!
+
+## 'xterm-kitty': unknown terminal type when `ssh` into a remote host or `sudo xxx`
+
+> https://sw.kovidgoyal.net/kitty/faq/#i-get-errors-about-the-terminal-being-unknown-or-opening-the-terminal-failing-or-functional-keys-like-arrow-keys-don-t-work
+
+> https://wezfurlong.org/wezterm/config/lua/config/term.html
+
+kitty set `TERM` to `xterm-kitty` by default, and TUI apps like `viu`, `yazi`, `curses` will try to
+search in the host's [terminfo(terminal capability data base)](https://linux.die.net/man/5/terminfo)
+for value of `TERM` to determine the capabilities of the terminal.
+
+But when you `ssh` into a remote host, the remote host is very likely to not have `xterm-kitty` in
+its terminfo, so you will get this error:
+
+```
+'xterm-kitty': unknown terminal type
+```
+
+Or when you `sudo xxx`, `sudo` won't preserve the `TERM` variable, it will be reset to root's
+default `TERM` value, which is `xterm` or `xterm-256color` in most linux distributions, so you will
+get this error:
+
+```
+'xterm-256color': unknown terminal type
+```
+
+or
+
+```
+Error opening terminal: xterm-kitty.
+```
+
+NixOS preserve the `TERMINFO` and `TERMINFO_DIRS` environment variables, for `root` and the `wheel`
+group:
+[nixpkgs/nixos/modules/config/terminfo.nix](https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/config/terminfo.nix#L18)
+
+For nix-darwin, take a look at <https://github.com/LnL7/nix-darwin/wiki/Terminfo-issues>
+
+### Solutions
+
+Simplest solution, it will automatically copy over the terminfo files and also magically enable
+shell integration on the remote machine:
+
+```
+kitten ssh user@host
+```
+
+Or if you do not care about kitty's features(such as true color & graphics protocol), you can simply
+set `TERM` to `xterm-256color`, which is built-in in most linux distributions:
+
+```
+export TERM=xterm-256color
+```
+
+If you need kitty's features, but do not like the magic of `kitten`, you can manually install
+kitty's terminfo on the remote host:
+
+```bash
+# install on ubuntu / debian
+sudo apt-get install kitty-terminfo
+
+# or copy from local machine
+infocmp -a xterm-kitty | ssh myserver tic -x -o \~/.terminfo /dev/stdin
+```
@@ -0,0 +1,105 @@
+{pkgs, ...}:
+###########################################################
+#
+# Wezterm Configuration
+#
+# Useful Hot Keys for Linux(replace `ctrl + shift` with `cmd` on macOS)):
+#   1. Increase Font Size: `ctrl + shift + =` | `ctrl + shift + +`
+#   2. Decrease Font Size: `ctrl + shift + -` | `ctrl + shift + _`
+#   3. And Other common shortcuts such as Copy, Paste, Cursor Move, etc.
+#
+# Default Keybindings: https://wezfurlong.org/wezterm/config/default-keys.html
+#
+###########################################################
+{
+  # wezterm has catppuccin theme built-in,
+  # it's not necessary to install it separately.
+
+  # we can add wezterm as a flake input once this PR is merged:
+  #    https://github.com/wez/wezterm/pull/3547
+
+  programs.wezterm = {
+    enable = true; # disable
+
+    # install wezterm via homebrew on macOS to avoid compilation, dummy package here.
+    package =
+      if pkgs.stdenv.isLinux
+      then pkgs.wezterm
+      else pkgs.hello;
+
+    enableBashIntegration = pkgs.stdenv.isLinux;
+    enableZshIntegration = pkgs.stdenv.isLinux;
+
+    extraConfig = let
+      fontsize =
+        if pkgs.stdenv.isLinux
+        then "13.0"
+        else "14.0";
+    in ''
+      -- Pull in the wezterm API
+      local wezterm = require 'wezterm'
+
+      -- This table will hold the configuration.
+      local config = {}
+
+      -- In newer versions of wezterm, use the config_builder which will
+      -- help provide clearer error messages
+      if wezterm.config_builder then
+        config = wezterm.config_builder()
+      end
+
+      wezterm.on('toggle-opacity', function(window, pane)
+        local overrides = window:get_config_overrides() or {}
+        if not overrides.window_background_opacity then
+          overrides.window_background_opacity = 0.93
+        else
+          overrides.window_background_opacity = nil
+        end
+        window:set_config_overrides(overrides)
+      end)
+
+      wezterm.on('toggle-maximize', function(window, pane)
+        window:maximize()
+      end)
+
+      -- This is where you actually apply your config choices
+      config.color_scheme = "Catppuccin Mocha"
+      config.font = wezterm.font_with_fallback {
+        "JetBrainsMono Nerd Font",
+        "FiraCode Nerd Font",
+
+        -- To avoid 'Chinese characters displayed as variant (Japanese) glyphs'
+        "Source Han Sans SC",
+        "Source Han Sans TC"
+      }
+
+      config.hide_tab_bar_if_only_one_tab = true
+      config.scrollback_lines = 10000
+      config.enable_scroll_bar = true
+      config.term = 'wezterm'
+
+      config.keys = {
+        -- toggle opacity(CTRL + SHIFT + B)
+        {
+          key = 'B',
+          mods = 'CTRL',
+          action = wezterm.action.EmitEvent 'toggle-opacity',
+        },
+        {
+          key = 'M',
+          mods = 'CTRL',
+          action = wezterm.action.EmitEvent 'toggle-maximize',
+        },
+      }
+      config.font_size = ${fontsize}
+
+      -- To resolve issues:
+      --   1. https://github.com/ryan4yin/nix-config/issues/26
+      --   2. https://github.com/ryan4yin/nix-config/issues/8
+      -- Spawn a nushell in login mode via `bash`
+      config.default_prog = { '${pkgs.bash}/bin/bash', '--login', '-c', 'nu --login --interactive' }
+
+      return config
+    '';
+  };
+}
@@ -1,8 +1,8 @@
-{username, ...}: {
+{myvars, ...}: {
  # Home Manager needs a bit of information about you and the
  # paths it should manage.
  home = {
-    inherit username;
+    inherit (myvars) username;

    # This value determines the Home Manager release that your
    # configuration is compatible with. This helps avoid breakage
@@ -1,7 +0,0 @@
-_: {
-  # use mirror for pip install
-  xdg.configFile."pip/pip.conf".text = ''
-    [global]
-    index-url = https://mirrors.bfsu.edu.cn/pypi/web/simple
-  '';
-}
@@ -0,0 +1,32 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  home.packages = with pkgs; [
+    # infrastructure as code
+    # pulumi
+    # pulumictl
+    # tf2pulumi
+    # crd2pulumi
+    # pulumiPackages.pulumi-random
+    # pulumiPackages.pulumi-command
+    # pulumiPackages.pulumi-aws-native
+    # pulumiPackages.pulumi-language-go
+    # pulumiPackages.pulumi-language-python
+    # pulumiPackages.pulumi-language-nodejs
+
+    # aws
+    awscli2
+    ssm-session-manager-plugin # Amazon SSM Session Manager Plugin
+    aws-iam-authenticator
+    eksctl
+
+    # aliyun
+    aliyun-cli
+    # cloud tools that nix do not have cache for.
+    terraform
+    terraformer # generate terraform configs from existing cloud resources
+    packer # machine image builder
+  ];
+}
@@ -0,0 +1,61 @@
+{
+  pkgs,
+  pkgs-unstable,
+  ...
+}: {
+  #############################################################
+  #
+  #  Basic settings for development environment
+  #
+  #  Please avoid to install language specific packages here(globally),
+  #  instead, install them:
+  #     1. per IDE, such as `programs.neovim.extraPackages`
+  #     2. per-project, using https://github.com/the-nix-way/dev-templates
+  #
+  #############################################################
+
+  home.packages = with pkgs; [
+    colmena # nixos's remote deployment tool
+
+    # db related
+    mycli
+    pgcli
+    mongosh
+    sqlite
+
+    # embedded development
+    minicom
+
+    # ai related
+    python311Packages.huggingface-hub # huggingface-cli
+
+    # misc
+    pkgs-unstable.devbox
+    bfg-repo-cleaner # remove large files from git history
+    k6 # load testing tool
+    protobuf # protocol buffer compiler
+
+    # solve coding extercises - learn by doing
+    exercism
+
+    # Automatically trims your branches whose tracking remote refs are merged or gone
+    # It's really useful when you work on a project for a long time.
+    git-trim
+
+    # need to run `conda-install` before using it
+    # need to run `conda-shell` before using command `conda`
+    # conda is not available for MacOS
+    conda
+  ];
+
+  programs = {
+    direnv = {
+      enable = true;
+      nix-direnv.enable = true;
+
+      enableZshIntegration = true;
+      enableBashIntegration = true;
+      enableNushellIntegration = true;
+    };
+  };
+}
@@ -6,7 +6,9 @@

 > https://langserver.org/

-The Language Server Protocol (LSP) is an open, JSON-RPC-based protocol for use between source code editors or integrated development environments (IDEs) and servers that provide programming language-specific features like:
+The Language Server Protocol (LSP) is an open, JSON-RPC-based protocol for use between source code
+editors or integrated development environments (IDEs) and servers that provide programming
+language-specific features like:

 - motions such as go-to-definition, find-references, hover.
 - **code completion**
@@ -15,10 +17,11 @@ The Language Server Protocol (LSP) is an open, JSON-RPC-based protocol for use b
 - syntax highlighting (use Tree-sitter instead)
 - code formatting (use a dedicated formatter instead)

-The goal of the protocol is to allow programming language support to be implemented and distributed independently of any given editor or IDE.
+The goal of the protocol is to allow programming language support to be implemented and distributed
+independently of any given editor or IDE.

-LSP was originally developed for Microsoft Visual Studio Code and is now an open standard.
-In the early 2020s LSP quickly became a "norm" for language intelligence tools providers.
+LSP was originally developed for Microsoft Visual Studio Code and is now an open standard. In the
+early 2020s LSP quickly became a "norm" for language intelligence tools providers.

 ### Tree-sitter

@@ -26,7 +29,9 @@ In the early 2020s LSP quickly became a "norm" for language intelligence tools p

 > https://www.reddit.com/r/neovim/comments/1109wgr/treesitter_vs_lsp_differences_ans_overlap/

-Tree-sitter is a parser generator tool and an **incremental parsing** library. It can build a concrete syntax tree for a source file and efficiently update the syntax tree as the source file is edited.
+Tree-sitter is a parser generator tool and an **incremental parsing** library. It can build a
+concrete syntax tree for a source file and efficiently update the syntax tree as the source file is
+edited.

 It is used by many editors and IDEs to provide:

@@ -38,17 +43,22 @@ It is used by many editors and IDEs to provide:
  - such as join/split lines, structural editing, cursor motion, etc.

 **Treesitter process each file independently**, and it is not aware of the semantics of your code.
-For example, it does not know does a function/variable really exist, or what is the type/return-type of a variable. This is where LSP comes in.
+For example, it does not know does a function/variable really exist, or what is the type/return-type
+of a variable. This is where LSP comes in.

-The LSP server parses the code much more deeply and it **not only parses a single file but your whole project**.
-So, the LSP server will know whether a function/variable does exist with the same type/return-type. If it does not, it will mark it as an error.
+The LSP server parses the code much more deeply and it **not only parses a single file but your
+whole project**. So, the LSP server will know whether a function/variable does exist with the same
+type/return-type. If it does not, it will mark it as an error.

 **LSP does understand the code semantically, while Treesitter only cares about correct syntax**.

 #### LSP vs Tree-sitter

- Tree-sitter: lightweight, fast, but limited knowledge of your code. mainly used for **syntax highlighting, indentation, and folding/refactoring in a single file**.
- LSP: heavy and slow on large projects, but it has a deep understanding of your code. mainly used for **code completion, refactoring in the projects, errors/warnings, and other semantic-aware features**.
+- Tree-sitter: lightweight, fast, but limited knowledge of your code. mainly used for **syntax
+  highlighting, indentation, and folding/refactoring in a single file**.
+- LSP: heavy and slow on large projects, but it has a deep understanding of your code. mainly used
+  for **code completion, refactoring in the projects, errors/warnings, and other semantic-aware
+  features**.

 ### Formatter vs Linter

@@ -56,7 +66,10 @@ Linting is distinct from Formatting because:

 1. **formatting** only restructures how code appears.
   1. `prettier` is a popular formatter.
-1. **linting** analyzes how the code runs and detects errors, it may also suggest improvements such as replace `var` with `let` or `const`.
+1. **linting** analyzes how the code runs and detects errors, it may also suggest improvements such
+   as replace `var` with `let` or `const`.

-Formatters and Linters process each file independently, they do not need to know about other files in the project.
-  * [ ]
+Formatters and Linters process each file independently, they do not need to know about other files
+in the project.
+
+- [ ]
@@ -10,15 +10,18 @@ And `Zellij` for a smooth and stable terminal experience.

 ## Tips

-1. Many useful keys are already provided by vim, check vim/neovim's docs before you install a new plugin / reinvent the wheel.
-1. After using Emacs/Neovim more skillfully, I strongly recommend that you read the official documentation of Neovim/vim:
+1. Many useful keys are already provided by vim, check vim/neovim's docs before you install a new
+   plugin / reinvent the wheel.
+1. After using Emacs/Neovim more skillfully, I strongly recommend that you read the official
+   documentation of Neovim/vim:
   1. <https://vimhelp.org/>: The official vim documentation.
   1. <https://neovim.io/doc/user/>: Neovim's official user documentation.
 1. Use Zellij for terminal related operations, and use Neovim/Helix for editing.
 1. As for Emacs, Use its GUI version & terminal emulator `vterm` for terminal related operations.
 1. Two powerful file search & jump tools:
 1. Tree-view plugins are beginner-friendly and intuitive, but they're not very efficient.
-1. **Search by the file path**: Useful when you're familiar with the project structure, especially on a large project.
+1. **Search by the file path**: Useful when you're familiar with the project structure, especially
+   on a large project.
 1. **Search by the content**: Useful when you're familiar with the code.

 ## Tutorial
@@ -27,13 +30,16 @@ Type `:tutor`(`:Tutor` in Neovim) to learn the basics usage of vim/neovim.

 ## VIM's Cheetsheet

-> Here only record my commonly used keys, to see **a more comprehensive cheetsheet**: <https://vimhelp.org/quickref.txt.html>
+> Here only record my commonly used keys, to see **a more comprehensive cheetsheet**:
+> <https://vimhelp.org/quickref.txt.html>

-Both Emacs-Evil & Neovim are compatible with vim, sothe key-bindings described here are common in both Emacs-Evil, Neovim & vim.
+Both Emacs-Evil & Neovim are compatible with vim, sothe key-bindings described here are common in
+both Emacs-Evil, Neovim & vim.

 ### Terminal Related

-I mainly use Zellij for terminal related operations, here is its terminal shortcuts I use frequently now:
+I mainly use Zellij for terminal related operations, here is its terminal shortcuts I use frequently
+now:

 | Action                    | Zellij's Shortcut |
 | ------------------------- | ----------------- |
@@ -76,10 +82,12 @@ I mainly use Zellij for terminal related operations, here is its terminal shortc

 Text Objects:

- **sentence**: text ending at a '.', '!' or '?' followed by either the end of a line, or by a space or tab.
+- **sentence**: text ending at a '.', '!' or '?' followed by either the end of a line, or by a space
+  or tab.
 - **paragraph**: text ending at a blank line.
- **section**: text starting with a section header and ending at the start of the next section header (or at the end of the file). - The "`]]`" and "`[[`" commands stop at the '`{`' in the first column. This is
-  useful to find the start of a function in a C/Go/Java/... program.
+- **section**: text starting with a section header and ending at the start of the next section
+  header (or at the end of the file). - The "`]]`" and "`[[`" commands stop at the '`{`' in the
+  first column. This is useful to find the start of a function in a C/Go/Java/... program.

 ### Text Manipulation

@@ -99,7 +107,7 @@ Basics:
 | Toggle text's case                      | `~`                        |
 | Convert to uppercase                    | `U` (visual mode)          |
 | Convert to lowercase                    | `u` (visual mode)          |
-| Align the selected conent               | `:center`/`:left`/`:right` |
+| Align the selected content              | `:center`/`:left`/`:right` |

 Misc:

@@ -116,7 +124,7 @@ Misc:

 | Action                                                                    |                |
 | ------------------------------------------------------------------------- | -------------- |
-| Sort tye selected lines                                                   | `:sort`        |
+| Sort the selected lines                                                   | `:sort`        |
 | Join Selection of Lines With Space                                        | `:join` or `J` |
 | Join without spaces                                                       | `:join!`       |
 | Enter Insert mode at the start/end of the line                            | `I` / `A`      |
@@ -161,7 +169,8 @@ Advance Techs:
 | Replace all the lines            | `:% s/old/new/g`                    |
 | Replace all the lines with regex | `:% s@\vhttp://(\w+)@https://\1@gc` |

-1. `\v` means means that in the regex pattern after it can be used without backslash escaping(similar to python's raw string).
+1. `\v` means means that in the regex pattern after it can be used without backslash
+   escaping(similar to python's raw string).
 2. `\1` means the first matched group in the pattern.

 ### Replace in the specific lines
@@ -0,0 +1,25 @@
+# Structured Editing
+
+## S-expression data(Lisp)
+
+- paredit/[lispy](https://github.com/doomemacs/doomemacs/tree/master/modules/editor/lispy): too
+  complex.
+- [evil-cleverparens](https://github.com/emacs-evil/evil-cleverparens): simple and useful.
+- [parinfer(par-in-fer)](https://shaunlebron.github.io/parinfer/): morden, simple, elegant and
+  useful, but works not well with some other completion plugins...
+  - to make parinfer works, you should disable sexp & smartparens in any lisp mode.
+
+Some plugins:
+
+- Emacs
+  - [parinfer-rusT-mode](https://github.com/justinbarclay/parinfer-rust-mode)
+- Neovim
+  - [parinfer-rust](https://github.com/eraserhd/parinfer-rust)
+  - <https://github.com/Olical/conjure>
+- Helix
+  - [parinfer #4090 - Helix](https://github.com/helix-editor/helix/discussions/4090)
+
+## Other Languages
+
+1. treesitter
+1. ...
@@ -6,17 +6,19 @@
 2. Org Mode
 3. Lisp Coding
 4. A top-level tutorial for Emacs(Chinese): <https://nyk.ma/tags/emacs/>
-5. A Beginner's Guide to Emacs(Chinese): <https://github.com/emacs-tw/emacs-101-beginner-survival-guide>
+5. A Beginner's Guide to Emacs(Chinese):
+   <https://github.com/emacs-tw/emacs-101-beginner-survival-guide>

 ## Screenshot

 ![](/_img/emacs-2024-01-07.webp)

-## Usefull Links
+## Useful Links

 - Framework: <https://github.com/doomemacs/doomemacs>
  - key bindings:
-    - source code: <https://github.com/doomemacs/doomemacs/blob/master/modules/config/default/%2Bevil-bindings.el>
+    - source code:
+      <https://github.com/doomemacs/doomemacs/blob/master/modules/config/default/%2Bevil-bindings.el>
    - docs: <https://github.com/doomemacs/doomemacs/blob/master/modules/editor/evil/README.org>
  - module index: <https://github.com/doomemacs/doomemacs/blob/master/docs/modules.org>
 - LSP Client: <https://github.com/manateelazycat/lsp-bridge>
@@ -44,7 +46,7 @@ when in doubt, run `doom sync`!
 ```bash
 # testing
 just emacs-test
-jsut emacs-purge
+just emacs-purge
 just emacs-reload

 # clear test data
@@ -59,14 +61,16 @@ just emacs-clean
  - So vim/neovim is still the best choice for servers.
 - Emacs's markdown-mode works not well with tables, see:
  - https://github.com/jrblevin/markdown-mode/issues/380
- I use git command frequently, but doomemacs only autoupdates status of git diff / treemacs when using magit.
+- I use git command frequently, but doomemacs only autoupdates status of git diff / treemacs when
+  using magit.
  - I have to learn magit to avoid this issue...
 - GitHub's orgmode support is not well, Markdown is better for GitHub.
  - Use markdown for repo's README.md, and use orgmode for my personal notes and docs only.

 ## Cheetsheet

-Here is the cheetsheet related to my DoomEmacs configs. Please read vim's common cheetsheet at [../README.md](../README.md) before reading the following.
+Here is the cheetsheet related to my DoomEmacs configs. Please read vim's common cheetsheet at
+[../README.md](../README.md) before reading the following.

 ### Basics

@@ -98,7 +102,8 @@ Here is the cheetsheet related to my DoomEmacs configs. Please read vim's common
 ### File Tree

 - treemacs: <https://github.com/Alexander-Miller/treemacs/blob/master/src/elisp/treemacs-mode.el>
- treemacs-evil: <https://github.com/Alexander-Miller/treemacs/blob/master/src/extra/treemacs-evil.el>
+- treemacs-evil:
+  <https://github.com/Alexander-Miller/treemacs/blob/master/src/extra/treemacs-evil.el>

 | Action                                | Shortcut  |
 | ------------------------------------- | --------- |
@@ -199,8 +204,9 @@ Magit is a powerful tool that make git operations easy and intuitive.

 Shortcuts in magit's pane:

-> When run `git commit` / `git add` / `git push` /... via magit, multiple Arguments can be set.
-> Set arguments won't trigger a git command immediately. Magit will try to run a git command only after an Action key is pressed.
+> When run `git commit` / `git add` / `git push` /... via magit, multiple Arguments can be set. Set
+> arguments won't trigger a git command immediately. Magit will try to run a git command only after
+> an Action key is pressed.

 | Action                                             | Shortcut                                      |
 | -------------------------------------------------- | --------------------------------------------- |
@@ -220,4 +226,5 @@ Shortcuts in magit's pane:
 | Fold/Unfold                                        | `TAB`                                         |
 | Show details of the current unit(commit/stage/...) | `<ENTER>`                                     |

-KeyBinding full list: <https://github.com/emacs-evil/evil-collection/tree/master/modes/magit#key-bindings>
+KeyBinding full list:
+<https://github.com/emacs-evil/evil-collection/tree/master/modes/magit#key-bindings>
@@ -47,7 +47,7 @@ in {
        zstd # for undo-fu-session/undo-tree compression

        # go-mode
-        gocode
+        # gocode # project archived, use gopls instead

        ## Module dependencies
        # :checkers spell
@@ -57,7 +57,7 @@ in {
        # :tools lookup & :lang org +roam
        sqlite
        # :lang latex & :lang org (latex previews)
-        texlive.combined.scheme-medium
+        # texlive.combined.scheme-medium
      ];

      programs.bash.bashrcExtra = envExtra;
@@ -0,0 +1,64 @@
+# Helix Editor
+
+Neovim is really powerful, and have a very active community. I use it as my main editor, and I'm
+very happy with it. I use it for everything, from writing code to writing this document.
+
+But its configuration is a bit complex, and finding the right plugins, writing configurations, and
+keeping everything up to date is not easy.
+
+That's why I'm interested in Helix, Helix is similar to Neovim, but it's more opinionated, and it's
+batteries included. Whether I'll switch my main editor to Helix or not, it gives me a lot of ideas
+on how to improve my Neovim workflow.
+
+## Tutorial
+
+Use `:tutor` in helix to start the tutorial.
+
+## Differences between Neovim and Helixer
+
+1. Selecting first, then action.
+   1. Helix: delete 2 word: `2w` then `x`. You can always see what you're selecting before you apply
+      the action.
+   2. Neovim: delete 2 word: `d`. then `2w`. No visual feedback before you apply the action.
+1. Helix - Morden builtin features: LSP, tree-sitter, fuzzy finder, multi cursors, surround and
+   more.
+   1. They're all available in Neovim too, but you need to find and use the right plugins manually,
+      which takes time and effort.
+1. Helix is built in Rust from scratch. The result is a much smaller codebase and a modern set of
+   defaults. No VimScript. No Lua.
+   1. Neovim contains a lot of VimScript, and lua is too dynamic, it's hard to debug.
+   1. Personally I'm glad to take a look at a Rust codebase, but not a VimScript/Lua codebase.
+1. Neovim have a very activate plugin ecosystem, and it's easy to find plugins for almost
+   everything.
+   1. Helix is still new, and it even do have a stable plugin system yet. A PR to add a plugin
+      system is still envolving: <https://github.com/helix-editor/helix/pull/8675>
+1. Neovim has integrated terminal, and it's very powerful. It's quite similar to VSCode's integrated
+   terminal. I use it a lot.
+   1. Helix doesn't have a integrated terminal yet, as it's complicated to implement. Users are
+      recommended to use tmux/Zellij or Wezterm/Kitty to implement this feature instead.
+   1. <https://github.com/helix-editor/helix/issues/1976#issuecomment-1091074719>
+   1. <https://github.com/helix-editor/helix/pull/4649>
+   1. **My Neovim often gets stuck when I switch to
+      [toggleterm.nvim](https://github.com/akinsho/toggleterm.nvim), this Helix issue made me
+      consider to switch from this Neovim plugin to Zellij**.
+1. Helix do not have a tree-view panel, it's recommended to use Yazi/ranger/Broot instead, and open
+   Helix in them.
+   1. a tree-view plugin may be added after the plugin system is stable, but no one knows when it
+      will be.
+   2. and some Helix users stated that they don't need a tree-view plugin, Helix's file picker is
+      useful and good enough.
+1. It seems Helix lacks a global substitution command, you should run it in another window(via wm or
+   Zellij).
+   1. <https://github.com/helix-editor/helix/issues/196>
+   1. Neovim's substitution command allow you to preview the changes before you apply it, and it's
+      very useful. if I switch to Helix, I'll need to find some other tools with similar
+      feature(such as https://github.com/ms-jpq/sad).
+1. Complexity and Maintenance Costs vs Batteries Included:
+   <https://github.com/helix-editor/helix/discussions/6356>
+
+I think Use Helix/Neovim within a terminal file manager(Yazi/ranger/Broot) and Zellij is a good
+idea. It's quite different from the workflow I migrated from VSCode/JetBrains before, I'm very
+interested in it.
+
+In Neovim I can make the workflow similar to VSCode/JetBrains by using some plugins, but Helix
+forces me to get out of my comfort zone, and try something new.
@@ -1,14 +1,14 @@
 # Neovim Editor

-My Neovim config based on [AstroNvim](https://github.com/AstroNvim/AstroNvim).
-For more details, visit the [AstroNvim website](https://astronvim.com/).
+My Neovim config based on [AstroNvim](https://github.com/AstroNvim/AstroNvim). For more details,
+visit the [AstroNvim website](https://astronvim.com/).

-This document outlines neovim's configuration structure and various shortcuts/commands for efficient usage.
+This document outlines neovim's configuration structure and various shortcuts/commands for efficient
+usage.

 ## Screenshots

-![](/_img/astronvim_2023-07-13_00-39.webp)
-![](/_img/hyprland_2023-07-29_2.webp)
+![](/_img/astronvim_2023-07-13_00-39.webp) ![](/_img/hyprland_2023-07-29_2.webp)

 ## Configuration Structure

@@ -47,7 +47,8 @@ just nvim-clear

 ## Cheetsheet

-Here is the cheetsheet related to my Neovim configs. Please read vim's common cheetsheet at [../README.md](../README.md) before reading the following.
+Here is the cheetsheet related to my Neovim configs. Please read vim's common cheetsheet at
+[../README.md](../README.md) before reading the following.

 ### Incremental Selection

@@ -62,15 +63,16 @@ Provided by nvim-treesitter.

 ### Search and Jump

-Provided by [flash.nvim](https://github.com/folke/flash.nvim), it's a intelligent search and jump plugin.
+Provided by [flash.nvim](https://github.com/folke/flash.nvim), it's a intelligent search and jump
+plugin.

-1. It enhaces the default search and jump behavior of neovim.(search with prefix `/`)
+1. It enhances the default search and jump behavior of neovim.(search with prefix `/`)

-| Action            | Shortcut                                                                                                      |
-| ----------------- | ------------------------------------------------------------------------------------------------------------- |
-| Search            | `/`(normal search), `s`(disable all code highlight, only highlight matches)                                   |
-| Treesitter Search | `yR`,`dR`, `cR`, `vR`, `ctrl+v+R`(arround your matches, all the surrounding Treesitter nodes will be labeled) |
-| Remote Flash      | `yr`, `dr`, `cr`, (arround your matches, all the surrounding Treesitter nodes will be labeled)                |
+| Action            | Shortcut                                                                                                     |
+| ----------------- | ------------------------------------------------------------------------------------------------------------ |
+| Search            | `/`(normal search), `s`(disable all code highlight, only highlight matches)                                  |
+| Treesitter Search | `yR`,`dR`, `cR`, `vR`, `ctrl+v+R`(around your matches, all the surrounding Treesitter nodes will be labeled) |
+| Remote Flash      | `yr`, `dr`, `cr`, (around your matches, all the surrounding Treesitter nodes will be labeled)                |

 ### Commands & Shortcuts

@@ -92,12 +94,8 @@ Provided by [flash.nvim](https://github.com/folke/flash.nvim), it's a intelligen

 ### Splitting and Buffers

-|
-| Action | Shortcut |
-| --------------------- | ------------- |
-| Horizontal Split | `\` |
-| Vertical Split | `\|` |
-| Close Buffer | `<Space> + c` |
+| | Action | Shortcut | | --------------------- | ------------- | | Horizontal Split | `\` | |
+Vertical Split | `\|` | | Close Buffer | `<Space> + c` |

 ### Editing and Formatting

@@ -129,9 +127,9 @@ Press `<Space> + D` to view available bindings and options.

 ### Search and Replace Globally

-| Description                                                  | Shortcut                                                         |
-| ------------------------------------------------------------ | ---------------------------------------------------------------- |
-| Open spectre.nvim search and replace panel                   | `<Space> + ss`                                                   |
+| Description                                | Shortcut       |
+| ------------------------------------------ | -------------- |
+| Open spectre.nvim search and replace panel | `<Space> + ss` |

 Search and replace via cli(fd + sad + delta):

@@ -139,7 +137,6 @@ Search and replace via cli(fd + sad + delta):
 fd "\\.nix$" . | sad '<pattern>' '<replacement>' | delta
 ```

-
 ### Surrounding Characters

 Provided by mini.surround plugin.
@@ -0,0 +1,133 @@
+{pkgs, ...}: {
+  nixpkgs.config = {
+    programs.npm.npmrc = ''
+      prefix = ''${HOME}/.npm-global
+    '';
+  };
+
+  home.packages = with pkgs; [
+    #-- c/c++
+    cmake
+    cmake-language-server
+    gnumake
+    checkmake
+    # c/c++ compiler, required by nvim-treesitter!
+    gcc
+    # c/c++ tools with clang-tools, the unwrapped version won't
+    # add alias like `cc` and `c++`, so that it won't conflict with gcc
+    llvmPackages.clang-unwrapped
+    lldb
+
+    #-- python
+    nodePackages.pyright # python language server
+    (python311.withPackages (
+      ps:
+        with ps; [
+          ruff-lsp
+          black # python formatter
+
+          jupyter
+          ipython
+          pandas
+          requests
+          pyquery
+          pyyaml
+
+          ## emacs's lsp-bridge dependenciesge
+          epc
+          orjson
+          sexpdata
+          six
+          setuptools
+          paramiko
+          rapidfuzz
+        ]
+    ))
+
+    #-- rust
+    rust-analyzer
+    cargo # rust package manager
+    rustfmt
+
+    #-- nix
+    nil
+    rnix-lsp
+    # nixd
+    statix # Lints and suggestions for the nix programming language
+    deadnix # Find and remove unused code in .nix source files
+    alejandra # Nix Code Formatter
+
+    #-- golang
+    go
+    gomodifytags
+    iferr # generate error handling code for go
+    impl # generate function implementation for go
+    gotools # contains tools like: godoc, goimports, etc.
+    gopls # go language server
+    delve # go debugger
+
+    # -- java
+    jdk17
+    gradle
+    maven
+    spring-boot-cli
+
+    #-- lua
+    stylua
+    lua-language-server
+
+    #-- bash
+    nodePackages.bash-language-server
+    shellcheck
+    shfmt
+
+    #-- javascript/typescript --#
+    nodePackages.nodejs
+    nodePackages.typescript
+    nodePackages.typescript-language-server
+    # HTML/CSS/JSON/ESLint language servers extracted from vscode
+    nodePackages.vscode-langservers-extracted
+    nodePackages."@tailwindcss/language-server"
+    emmet-ls
+
+    # -- Lisp like Languages
+    guile
+    racket-minimal
+    fnlfmt # fennel
+
+    #-- Others
+    taplo # TOML language server / formatter / validator
+    nodePackages.yaml-language-server
+    sqlfluff # SQL linter
+    actionlint # GitHub Actions linter
+    buf # protoc plugin for linting and formatting
+    proselint # English prose linter
+
+    #-- Misc
+    tree-sitter # common language parser/highlighter
+    nodePackages.prettier # common code formatter
+    marksman # language server for markdown
+    glow # markdown previewer
+    fzf
+    pandoc # document converter
+    hugo # static site generator
+
+    #-- Optional Requirements:
+    gdu # disk usage analyzer, required by AstroNvim
+    (ripgrep.override {withPCRE2 = true;}) # recursively searches directories for a regex pattern
+
+    #-- CloudNative
+    nodePackages.dockerfile-language-server-nodejs
+    # terraform  # install via brew on macOS
+    terraform-ls
+    jsonnet
+    jsonnet-language-server
+    hadolint # Dockerfile linter
+
+    #-- zig
+    zls
+    #-- verilog / systemverilog
+    verible
+    gdb
+  ];
+}
@@ -1,30 +1,31 @@
 # Encryption

-We have GnuPG & password-store installed by default, mainly for password management, authentication & communication encryption.
+We have GnuPG & password-store installed by default, mainly for password management, authentication
+& communication encryption.

-We also have LUKS2 for disk encryption on Linux, and [rclone](https://rclone.org/crypt/) for cross-platform data encryption & syncing.
+We also have LUKS2 for disk encryption on Linux, and [rclone](https://rclone.org/crypt/) for
+cross-platform data encryption & syncing.

 [age](https://github.com/FiloSottile/age) may be more general for file encryption.

 [Sops](https://github.com/getsops/sops/tree/main) can be used for file encryption too, if you prefer
 using a Cloud provider for key management.

-
 ## Asymmetric Encryption

-Both age, Sops & GnuPG provide asymmetric encryption, which is useful for encrypting files for a specific user.
+Both age, Sops & GnuPG provide asymmetric encryption, which is useful for encrypting files for a
+specific user.

-For morden use, age is recommended, as it use [AEAD encryption function - ChaCha20-Poly1305][age Format v1],
-If you do not want to manage the keys by yourself, Sops is recommended, as it use KMS for key management.
+For morden use, age is recommended, as it use [AEAD encryption function -
+ChaCha20-Poly1305][age Format v1], If you do not want to manage the keys by yourself, Sops is
+recommended, as it use KMS for key management.

 ## Symmetric Encryption

-Both age & GnuPG provide symmetric encryption, which is useful for encrypting files for a specific user.
-
-As described in [age Format v1][age Format v1], age use scrypt to encrypt and decrypt the file key with a provided passphrase,
-which is more secure than GnuPG's symmetric encryption.
-
+Both age & GnuPG provide symmetric encryption, which is useful for encrypting files for a specific
+user.

+As described in [age Format v1][age Format v1], age use scrypt to encrypt and decrypt the file key
+with a provided passphrase, which is more secure than GnuPG's symmetric encryption.

 [age Format v1]: https://age-encryption.org/v1
-
@@ -1,10 +1,14 @@
 # GNU Privacy Guard(GnuPG)

-> Offical Website: https://www.gnupg.org/
+> Official Website: https://www.gnupg.org/

-The GNU Privacy Guard is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as **PGP**). GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kind of public key directories. 
+The GNU Privacy Guard is a complete and free implementation of the OpenPGP standard as defined by
+RFC4880 (also known as **PGP**). GnuPG allows to encrypt and sign your data and communication,
+features a versatile key management system as well as access modules for all kind of public key
+directories.

-> In the following content, we will use GPG to refer to GnuPG tool, and PGP to refer to various concepts defined in the OepnPGP standard(e.g. PGP key, PGP key server).
+> In the following content, we will use GPG to refer to GnuPG tool, and PGP to refer to various
+> concepts defined in the OepnPGP standard(e.g. PGP key, PGP key server).

 Key functions of GnuPG:

@@ -20,18 +24,21 @@ Main usage scenarios of GnuPG:
 3. Manage your ssh key
 4. Encrypt your data and store it somewhere.

-GnuPG/OpenPGP is complex, so while using it, I have been looking forward to finding an encryption tool that is simple enough, functional enough, and widely adopted.
+GnuPG/OpenPGP is complex, so while using it, I have been looking forward to finding an encryption
+tool that is simple enough, functional enough, and widely adopted.

 Currently I use both age & GnuPG:

 1. Age for secrets encryption(ssh key & other secret files), it's simple and easy to use.
 2. GnuPG for password-store and email encryption.

-> At present, the safe and efficient use of GPG is probably combined with hardware keys such as yubikey. but I don't have one, so I won't talk about it here.
+> At present, the safe and efficient use of GPG is probably combined with hardware keys such as
+> yubikey. but I don't have one, so I won't talk about it here.

 ## Practical Cryptography for Developers

-To use GnuGP without seamlessly, Some Practical Cryptography knowledge is required, here is dome tutorials:
+To use GnuGP without seamlessly, Some Practical Cryptography knowledge is required, here is dome
+tutorials:

 - English version: <https://github.com/nakov/Practical-Cryptography-for-Developers-Book>
 - Chinese version: <https://thiscute.world/tags/cryptography/>
@@ -50,12 +57,14 @@ Related Docs:
 - [Predictable, Passphrase-Derived PGP Keys][Predictable, Passphrase-Derived PGP Keys]
 - [OpenPGP - The almost perfect key pair][OpenPGP - The almost perfect key pair]

+GnuPG generate every secret key separately, and encrypt them with a symmetric key derived from your
+passphrase. OpenPGP standard defines
+[String-to-Key (S2K)](https://datatracker.ietf.org/doc/html/rfc4880#section-3.7) algorithm to derive
+a symmetric key from your passphrase.

-GnuPG generate every secret key separately, and encrypt them with a symmetric key derived from your passphrase.
-OpenPGP standard defines [String-to-Key (S2K)](https://datatracker.ietf.org/doc/html/rfc4880#section-3.7)
-algorithm to derive a symmetric key from your passphrase.
-
-GnuPG's [OpenPGP protocol specific options](https://gnupg.org/documentation/manuals/gnupg/OpenPGP-Options.html#OpenPGP-Options) shows that:
+GnuPG's
+[OpenPGP protocol specific options](https://gnupg.org/documentation/manuals/gnupg/OpenPGP-Options.html#OpenPGP-Options)
+shows that:

 ```
 --s2k-cipher-algo name
@@ -81,24 +90,31 @@ gpg --s2k-mode 3 --s2k-count 65011712 --s2k-digest-algo SHA512 --s2k-cipher-algo
 To use the strongest options globally, you can specify these options in your `~/.gnupg/gpg.conf`.
 I've added them to my Home Manager's `programs.gpg.settings` option.

-
 ### 1. PGP Key(Primary Key) generation

 Key management is the core of OpenPGP standard / GnuPG.

-GnuPG uses public-key cryptography so that users may communicate securely. In a public-key system, each user has a pair of keys consisting of a private key and a public key. **A user's private key is kept secret; it need **never be revealed. The public key may be given to anyone with whom the user wants to communicate**. GnuPG uses a somewhat more sophisticated scheme in which a user has a primary keypair and then zero or more additional subordinate keypairs. The primary and subordinate keypairs are bundled to facilitate key management and the bundle can often be considered simply as one keypair, or a keyring/keychain(which contains multiple sub key-pairs).
+GnuPG uses public-key cryptography so that users may communicate securely. In a public-key system,
+each user has a pair of keys consisting of a private key and a public key. **A user's private key is
+kept secret; it need **never be revealed. The public key may be given to anyone with whom the user
+wants to communicate\*\*. GnuPG uses a somewhat more sophisticated scheme in which a user has a
+primary keypair and then zero or more additional subordinate keypairs. The primary and subordinate
+keypairs are bundled to facilitate key management and the bundle can often be considered simply as
+one keypair, or a keyring/keychain(which contains multiple sub key-pairs).

 Let's generate a keypair interactively:

-> Now in 2024, GnuPG 2.4.1 defaults to ECC algorithm (9) and Curve 25519 for ECC, which is morden and safe, I would recommend to use these defaults directly.
+> Now in 2024, GnuPG 2.4.1 defaults to ECC algorithm (9) and Curve 25519 for ECC, which is morden
+> and safe, I would recommend to use these defaults directly.

 ```bash
 gpg --full-gen-key
 ```

-This command will ask you for some algorithm related settings(ECC & Curve 25519), your personal info, and a strong passphrase to protect your PGP key. e.g.
+This command will ask you for some algorithm related settings(ECC & Curve 25519), your personal
+info, and a strong passphrase to protect your PGP key. e.g.

-``` bash
+```bash
 › gpg --full-gen-key
 gpg (GnuPG) 2.4.1; Copyright (C) 2023 g10 Code GmbH
 This is free software: you are free to change and redistribute it.
@@ -163,7 +179,7 @@ sub   cv25519 2024-01-09 [E] [expires: 2034-01-04]

 The generated keys are stored in `~/.gnupg` by default, the functions of each file are as follows:

-``` bash
+```bash
 › tree ~/.gnupg/
 /Users/ryan/.gnupg/
 |-- S.gpg-agent           # socket file
@@ -185,28 +201,41 @@ The generated keys are stored in `~/.gnupg` by default, the functions of each fi
 4 directories, 12 files
 ```

-The functions of most files are quite clear at a glance, but the `trustdb.gpg` in them is a bit difficult to understand. Here are the details: <https://www.gnupg.org/gph/en/manual/x334.html>
+The functions of most files are quite clear at a glance, but the `trustdb.gpg` in them is a bit
+difficult to understand. Here are the details: <https://www.gnupg.org/gph/en/manual/x334.html>

-Home Manager will manage all the things in `~/.gnupg/` EXCEPT `~/.gnupg/openpgp-revocs.d/` and `~/.gnupg/private-keys-v1.d/`, which is expected.
+Home Manager will manage all the things in `~/.gnupg/` EXCEPT `~/.gnupg/openpgp-revocs.d/` and
+`~/.gnupg/private-keys-v1.d/`, which is expected.

 ### 3. Sub Key Generation & Best Practice

 In PGP, every keys has a **usage flag** to indicate its usage:

- `C` means this key can be used to **Certify** other keys, which means this key can be used to **create/delete/revoke/modify** other keys.
+- `C` means this key can be used to **Certify** other keys, which means this key can be used to
+  **create/delete/revoke/modify** other keys.
 - `S` means this key can be used to **Sign** data.
 - `E` means this key can be used to **Encrypt** data.
- `A` means this key can be used to **Authenticate** data with various non-GnuPG programs. The key can be used as e.g. an **SSH key**.
+- `A` means this key can be used to **Authenticate** data with various non-GnuPG programs. The key
+  can be used as e.g. an **SSH key**.

 The **best practice** is:

 1. Generate a primary key with strong cryptography arguments(such as ECC + Curve 25519).
 2. Then generate 3 sub keys with `E`, `S` and `A` usage flag respectively.
-3. **The Primary Key is extremely important**, Backup the primary key to somewhere absolutely safe(such as two encryptd USB drivers, keep them in different places), and then **delete it from your computer immediately**.
-4. The sub key is also important, but you can generate a new one and replace it easily. You can backup it to somewhere else, and import it to another machine to use your keypair.
-5. Backup your Primary key's revocation certificate to somewhere safe, it's the last way to rescure your safety if your primary key is compromised!
-  1. It's a big problem if your revocation certificate is compromised, but not the bigest one. because it's only used to revoke your keypair, your data is still safe. But you should generate a new keypair and revoke the old one immediately.
-  1. It will be a big problem if your primary key is compromised, and you don't have a revocation certificate to revoke it. But since OpenPGP do not have a good way to distribute revocation certificate, even you have a revocation certificate, it's still hard to distribute it to others...
+3. **The Primary Key is extremely important**, Backup the primary key to somewhere absolutely
+   safe(such as two encryptd USB drivers, keep them in different places), and then **delete it from
+   your computer immediately**.
+4. The sub key is also important, but you can generate a new one and replace it easily. You can
+   backup it to somewhere else, and import it to another machine to use your keypair.
+5. Backup your Primary key's revocation certificate to somewhere safe, it's the last way to rescure
+   your safety if your primary key is compromised!
+6. It's a big problem if your revocation certificate is compromised, but not the bigest one. because
+   it's only used to revoke your keypair, your data is still safe. But you should generate a new
+   keypair and revoke the old one immediately.
+7. It will be a big problem if your primary key is compromised, and you don't have a revocation
+   certificate to revoke it. But since OpenPGP do not have a good way to distribute revocation
+   certificate, even you have a revocation certificate, it's still hard to distribute it to
+   others...

 To keep your keypair safe, you should backup your keypair according to the following steps.

@@ -216,7 +245,7 @@ Now let's add the sub keys to the keypair we generated above:

 > GnuPG will ask you to input your passphrase to unlock your primary key.

-``` bash
+```bash
 › gpg --expert --edit-key ryan4yin@linux.com
 gpg (GnuPG) 2.4.1; Copyright (C) 2023 g10 Code GmbH
 This is free software: you are free to change and redistribute it.
@@ -393,10 +422,12 @@ nix run nixpkgs#pgpdump ryan4yin-gpg-keys.pub

 Export Primary Key(The exported key is still encrypted by your passphrase):

-> the `!` at the end of the key ID is to force GnuPG to export only the specified key, not the subkeys.
+> the `!` at the end of the key ID is to force GnuPG to export only the specified key, not the
+> subkeys.

-> GnuPG will ask you to input your passphrase to unlock your keypair,
-> because GnuPG need to convert the secret key's format from its internal protection format to the one specified by the OpenPGP protocol.
+> GnuPG will ask you to input your passphrase to unlock your keypair, because GnuPG need to convert
+> the secret key's format from its internal protection format to the one specified by the OpenPGP
+> protocol.

 ```bash
 # replace the key ID with your own sec key's ID
@@ -422,10 +453,14 @@ Old: Secret Key Packet(tag 5)(134 bytes)
 ...
 ```

-As [Predictable, Passphrase-Derived PGP Keys][Predictable, Passphrase-Derived PGP Keys] says, we'll find that gpg ignored the `--s2k-count` option we specified when generating the keypair, and the `--s2k` related options we specified in `~/.gnupg/gpg.conf`, 
-the exported primary key is protectd by `SHA1` and `AES128`, which is not secure enough!
+As [Predictable, Passphrase-Derived PGP Keys][Predictable, Passphrase-Derived PGP Keys] says, we'll
+find that gpg ignored the `--s2k-count` option we specified when generating the keypair, and the
+`--s2k` related options we specified in `~/.gnupg/gpg.conf`, the exported primary key is protectd by
+`SHA1` and `AES128`, which is not secure enough!

-So to increase the security of the exported primary key, we need to encrypt it again with a stronger algorithm, I choose `age` here(which use `scrypt` to encrypt the file key with a provided passphrase):
+So to increase the security of the exported primary key, we need to encrypt it again with a stronger
+algorithm, I choose `age` here(which use `scrypt` to encrypt the file key with a provided
+passphrase):

 ```bash
 # for simplicity, use the same passphrase as your gpg keypair here
@@ -446,11 +481,14 @@ age --passphrase  -o ryan4yin-gpg-subkeys.priv.age ryan4yin-gpg-subkeys.priv
 rm ryan4yin-gpg-subkeys.priv
 ```

-Your can import the exported Private Key via `gpg --import <keyfile>` to restore it, but you need to decrypt it via age first.
+Your can import the exported Private Key via `gpg --import <keyfile>` to restore it, but you need to
+decrypt it via age first.

-As for Public Keys, please import your publicKeys via Home Manager's `programs.gpg.publicKeys` option, DO NOT import it manually(via `gpg --import <keyfile>`).
+As for Public Keys, please import your publicKeys via Home Manager's `programs.gpg.publicKeys`
+option, DO NOT import it manually(via `gpg --import <keyfile>`).

-To ensure security, delete the master key and revoke the certificate immediately after the backup is completed:
+To ensure security, delete the master key and revoke the certificate immediately after the backup is
+completed:

 ```bash
 # delete the primary key and all its sub keys
@@ -522,7 +560,8 @@ gpg --decrypt <file>
 gpg -d <file>
 ```

-If you just want to encrypt/decrypt a file quickly, you can use `age` with a passphrase, `gpg` can also do this, but it's not recommended(as age(scrypt)'s more secure):
+If you just want to encrypt/decrypt a file quickly, you can use `age` with a passphrase, `gpg` can
+also do this, but it's not recommended(as age(scrypt)'s more secure):

 ```bash
 # Encrypt a file via symmetric encryption(AES256), and output cleartext.
@@ -538,27 +577,41 @@ gpg -d <file>

 ### 7. Public Key Exchange & Revocation

-In the case of many users, it is very difficult to exchange public keys securely and reliably with each other.
-In the Web world, There is a **Chain of Trust**** to resolve this problem:
+In the case of many users, it is very difficult to exchange public keys securely and reliably with
+each other. In the Web world, There is a **Chain of Trust\*\*** to resolve this problem:

 - A Certificate Authority(CA) is responsible to verify & sign all the certificate signing request.
 - Web Server can safely transmit its Web Certificate to the client via TLS protocol.
- Client can verify the recevied Web Certificate via the CA's root certificate(which is built in Browser/OS). 
+- Client can verify the received Web Certificate via the CA's root certificate(which is built in
+  Browser/OS).

 But in OpenPGP:

- There is key servers to distribute(exchange) public keys, but it **do not verify the identity of the key owner**, and any uploaded data is **not allowed to be deleted**. Which make it **insecure and dangerous**.
+- There is key servers to distribute(exchange) public keys, but it **do not verify the identity of
+  the key owner**, and any uploaded data is **not allowed to be deleted**. Which make it **insecure
+  and dangerous**.
  - Why key server is dangerous?
-    - Many PGP novices follow various tutorials to upload various key with personal privacy (such as real names) to the public key server, and then find that they can't delete them, which is very embarrassing.
-    - Anyone can upload a key to the key server, and claim that it is the key of a certain person(such as Linus), which is very insecure.
+    - Many PGP novices follow various tutorials to upload various key with personal privacy (such as
+      real names) to the public key server, and then find that they can't delete them, which is very
+      embarrassing.
+    - Anyone can upload a key to the key server, and claim that it is the key of a certain
+      person(such as Linus), which is very insecure.
  - **key server** is not recommend to use.
- GnuPG will generate revocation certificate when generating keypair(`~/.gnupg/private-keys-v1.d/<Key-ID.rev>`), anyone can import this certificate to revoke the keypair. But OpenPGP standard **DO NOT provide a way to distribute this certificate to others**.
+- GnuPG will generate revocation certificate when generating
+  keypair(`~/.gnupg/private-keys-v1.d/<Key-ID.rev>`), anyone can import this certificate to revoke
+  the keypair. But OpenPGP standard **DO NOT provide a way to distribute this certificate to
+  others**.
  - Not to mention some key status query protocol like OCSP in Web PKI.
-  - Users has to pulish their revocation certificate to their blog, github profile or somewhere else, and others has to check it and run `gpg --import <revocation-certificate>` to revoke the keypair manually.
+  - Users has to pulish their revocation certificate to their blog, github profile or somewhere
+    else, and others has to check it and run `gpg --import <revocation-certificate>` to revoke the
+    keypair manually.

-In summary, **there is no good way to distribute public keys and revoke them in OpenPGP**, which is a big problem.
+In summary, **there is no good way to distribute public keys and revoke them in OpenPGP**, which is
+a big problem.

-Currently, You have to distribute your public key or revocation certificate via your blog, github profile, or somewhere else, and others has to check it and run `gpg --import` to import your public key or revocation certificate manually.
+Currently, You have to distribute your public key or revocation certificate via your blog, github
+profile, or somewhere else, and others has to check it and run `gpg --import` to import your public
+key or revocation certificate manually.

 Anyway, let's try to revoke a keypair:

@@ -615,7 +668,8 @@ STuJCp+gru6OtbTCu8Y2LugQeDh7UicM7Ak=
 -----END PGP PUBLIC KEY BLOCK-----
 ```

-As the revocation certificate says, we need to remove the first colon(`:`) before the 5 dashes(`-----BEGIN PGP PUBLIC KEY BLOCK-----`), then import it:
+As the revocation certificate says, we need to remove the first colon(`:`) before the 5
+dashes(`-----BEGIN PGP PUBLIC KEY BLOCK-----`), then import it:

 ```bash
 › gpg --import gpg-test-revoke.rev
@@ -646,7 +700,8 @@ gpg: 9E78E897B6490D6B: skipped: Unusable public key
 gpg: README.md: encryption failed: Unusable public key
 ```

-But if you delete the `trustdb.gpg` and `pubring.kbx`, then import the revoked public key again, it will be valid and usable again... which is very dangerous.
+But if you delete the `trustdb.gpg` and `pubring.kbx`, then import the revoked public key again, it
+will be valid and usable again... which is very dangerous.

 ## References

@@ -654,7 +709,8 @@ But if you delete the `trustdb.gpg` and `pubring.kbx`, then import the revoked p
 - [Predictable, Passphrase-Derived PGP Keys][Predictable, Passphrase-Derived PGP Keys]
 - [OpenPGP - The almost perfect key pair][OpenPGP - The almost perfect key pair]

-[2021年，用更现代的方法使用PGP（上）]: https://ulyc.github.io/2021/01/13/2021%E5%B9%B4-%E7%94%A8%E6%9B%B4%E7%8E%B0%E4%BB%A3%E7%9A%84%E6%96%B9%E6%B3%95%E4%BD%BF%E7%94%A8PGP-%E4%B8%8A/
+[2021年，用更现代的方法使用PGP（上）]:
+  https://ulyc.github.io/2021/01/13/2021%E5%B9%B4-%E7%94%A8%E6%9B%B4%E7%8E%B0%E4%BB%A3%E7%9A%84%E6%96%B9%E6%B3%95%E4%BD%BF%E7%94%A8PGP-%E4%B8%8A/
 [Predictable, Passphrase-Derived PGP Keys]: https://nullprogram.com/blog/2019/07/10/
-[OpenPGP - The almost perfect key pair]: https://blog.eleven-labs.com/en/openpgp-almost-perfect-key-pair-part-1/
-
+[OpenPGP - The almost perfect key pair]:
+  https://blog.eleven-labs.com/en/openpgp-almost-perfect-key-pair-part-1/
@@ -19,10 +19,10 @@
    mutableKeys = false;
    publicKeys = [
      # https://www.gnupg.org/gph/en/manual/x334.html
-      # {
-      #   source = "${mysecrets}/public/ryan4yin-gpg-keys.pub";
-      #   trust = 5;
-      # } # ultimate trust, my own keys.
+      {
+        source = "${mysecrets}/public/ryan4yin-gpg-keys-2014-01-27.pub";
+        trust = 5;
+      } # ultimate trust, my own keys.
    ];

    # This configuration is based on the tutorial below, it allows for a robust setup
@@ -0,0 +1,46 @@
+# Password Manager
+
+- https://www.passwordstore.org/
+- [awesome-password-store](https://github.com/tijn/awesome-password-store)
+- <https://github.com/gopasspw/gopass>: reimplement in go, with more features.
+- Clients
+  - Android: <https://github.com/android-password-store/Android-Password-Store>
+  - Brosers(Chrome/Firefox): <https://github.com/browserpass/browserpass-extension>
+
+## How to change the gpg key of the pass password store?
+
+To ensure security, we should change the GPG key every two or three years. Here is how to do this.
+
+1. Create a new GPG key pair and backup it to a safe place.
+2. Ensure you can access both the old and new GPG keys.
+3. Update `./default.nix` to use the new GPG sub keys.
+4. Check which Key `pass` currently uses:
+
+   ```bash
+   cd ~/.local/share/password-store/
+   # check which key is used by pass
+   cat .gpg-id
+   # check which key is really used to encrypt the password
+   gpg --list-packets path/to/any/password.gpg
+   ```
+
+5. Change the key used by `pass`:
+   ```bash
+   # change the key used by pass, see `man pass` for more details
+   # you will be asked to enter the password of both the new and old keys
+   # then pass will re-encrypt all the passwords with the new key
+   pass init <new-key-id>
+   ```
+6. Check if the key is changed:
+   ```bash
+   # check which key is used by pass
+   cat .gpg-id
+   # check which key is really used to encrypt the password
+   gpg --list-packets path/to/any/password.gpg
+   ```
+7. Delete the old GPG key pair:
+   ```bash
+   # delete the old key pair
+   gpg --delete-secret-keys <old-key-id>
+   gpg --delete-keys <old-key-id>
+   ```
@@ -4,12 +4,12 @@
  programs.ssh = {
    enable = true;

-    # all my ssh private key are generated by `ssh-keygen -t ed25519 -C "ryan@nickname"`
-    # the config's format:
+    # All my ssh private key are generated by `ssh-keygen -t ed25519 -a 256 -C "xxx@xxx"`
+    # Config format:
    #   Host —  given the pattern used to match against the host name given on the command line.
    #   HostName — specify nickname or abbreviation for host
    #   IdentityFile — the location of your SSH key authentication file for the account.
-    # format in details:
+    # Format in details:
    #   https://www.ssh.com/academy/ssh/config
    extraConfig = ''
      # a private key that is used during authentication will be added to ssh-agent if it is running
@@ -36,18 +36,6 @@
      Host s500plus
        HostName 192.168.5.174
        Port 22
-
-      Host k8s-main
-        HostName 192.168.5.181
-        ForwardAgent yes
-
-      Host k8s-data1
-        HostName 192.168.5.182
-        ForwardAgent yes
-
-      Host k8s-data2
-        HostName 192.168.5.183
-        ForwardAgent yes
    '';
  };
 }
@@ -0,0 +1,47 @@
+# Zellij - A workspace lives in your terminal
+
+Zellij is a terminal workspace with batteries included. At its core, it is a terminal multiplexer
+(similar to tmux and screen), but this is merely its infrastructure layer.
+
+Zellij is very user-friendly and easy to use, with a step-by-step hint system that will help you get
+to know the keybindings, which is very like the Neovim or helix.
+
+> By contrast, tmux's key design is counterintuitive, there is no prompt system, and the plug-in
+> performance is rubbish. It's really a pain to use. tmux's initial release was in 2007, it's too
+> old, I would recommend any users that do not have a experience with multiplexer to use zellij
+> instead of tmux.
+
+## Why use zellij as the default terminal environment?
+
+By auto start zellij on shell login, and exit the shell session on zellij exit, we can use zellij as
+the default terminal environment.
+
+By this way, We will only use the most basic features of the terminal
+emulator(kitty/alacritty/wezterm/...), while most of the functions of terminal are provided by
+zellij. Thus we can easily switch to any terminal emulator without losing any key functions, and do
+not need to take care of the differences between different terminal emulators.
+
+And Zellij can be used not only locally, but also on any remote server, which is very convenient.
+Learn once and use everywhere!
+
+> Yeah, you didn't misread it, zellij is very suitable for not only remotely, but also locally!
+
+Some features such as search/copy/scrollback in different terminal emulators are implemented in
+different ways, and has different user experience. For example, Wezterm's default search function is
+very basic, and it's not easy to use. Kitty's scrollback search/copy is really tricky to use. As for
+some Editor such as Neovim, its integrated terminal is really useful, but zellij is more powerful
+and useful than it, and more stable! Zellij overcomes these problems, and provides a unified user
+experience for all terminal emulators!
+
+Terminal emulators should only be responsible for displaying characters.
+
+## Passthrough mode(Lock Mode)
+
+`Ctrl + g` lock the outer zellij interface, and all keys will be sent to the focused pane.
+
+It's extremely useful when you want to:
+
+1. Use zellij locally for daily work, and use a remote zellij via ssh to do some work on the remote
+   server.
+1. To avoid the key conflicts between zellij and the program running in the terminal, such as vim,
+   tmux, etc.
@@ -10,7 +10,7 @@ in {
  programs.nushell.extraConfig = ''
    # auto start zellij
    # except when in emacs or zellij itself
-    if (not "ZELLIJ" in $env) and (not "INSIDE_EMACS" in $env) {
+    if (not ("ZELLIJ" in $env)) and (not ("INSIDE_EMACS" in $env)) {
      if "ZELLIJ_AUTO_ATTACH" in $env and $env.ZELLIJ_AUTO_ATTACH == "true" {
        ^zellij attach -c
      } else {
@@ -4,4 +4,3 @@
 2. `shell.nix`: shell related.
 3. `rime-squirrel.nix`: [rime-squirrel](https://github.com/rime/squirrel)'s configuration.
 4. `default.nix`: the entrypoint of darwin's configuration, it import all the submodules above.
-
@@ -1,3 +1,3 @@
-{username, ...}: {
-  home.homeDirectory = "/Users/${username}";
+{myvars, ...}: {
+  home.homeDirectory = "/Users/${myvars.username}";
 }
@@ -2,8 +2,9 @@
  imports =
    (mylib.scanPaths ./.)
    ++ [
-      ../base/server
-      ../base/desktop
-      ../base/core.nix
+      ../base/core
+      ../base/tui
+      ../base/gui
+      ../base/home.nix
    ];
 }
@@ -2,6 +2,24 @@ let
  envExtra = ''
    export PATH="$PATH:/opt/homebrew/bin:/usr/local/bin"
  '';
+  # copied from the content generated by `conda init bash`
+  initExtra = ''
+    arch=$(uname -m)
+
+    if [ "aarch64" = "$arch" ] ||  [ "arm64" = "$arch" ]; then
+      # >>> (miniforge)conda initialize >>>
+      # !! Contents within this block are managed by 'conda init' !!
+      if [ -f "/opt/homebrew/Caskroom/miniforge/base/etc/profile.d/conda.sh" ]; then
+          . "/opt/homebrew/Caskroom/miniforge/base/etc/profile.d/conda.sh"
+      else
+          export PATH="/opt/homebrew/Caskroom/miniforge/base/bin:$PATH"
+      fi
+      # <<< conda initialize <<<
+    elif [[ "x86_64" = "$arch" ]]; then
+      # do nothing
+      true
+    fi
+  '';
 in {
  # Homebrew's default install location:
  #   /opt/homebrew for Apple Silicon
@@ -10,10 +28,10 @@ in {
  # in /opt/homebrew for Apple Silicon and /usr/local for Rosetta 2 to coexist and use bottles.
  programs.bash = {
    enable = true;
-    bashrcExtra = envExtra;
+    bashrcExtra = envExtra + initExtra;
  };
  programs.zsh = {
    enable = true;
-    inherit envExtra;
+    inherit envExtra initExtra;
  };
 }
@@ -0,0 +1,3 @@
+{myvars, ...}: {
+  programs.ssh.extraConfig = myvars.networking.ssh.extraConfig;
+}
@@ -2,7 +2,9 @@

 1. `base`: The base module that is suitable for any NixOS environment.
 2. `desktop`: Configuration for desktop environments, such as Hyprland, I3, etc.
-6. `server.nix`: Configuration which is suitable for both servers and desktops. It import only `base` as its submodule.
-    1. used by all my nixos servers.
-7. `desktop.nix`: the entrypoint of desktop's configuration, it import both `base` and `desktop` as its submodules.
-    1. used by all my nixos desktops.
+3. `server.nix`: Configuration which is suitable for both servers and desktops. It import only
+   `base` as its submodule.
+   1. used by all my nixos servers.
+4. `desktop.nix`: the entrypoint of desktop's configuration, it import both `base` and `desktop` as
+   its submodules.
+   1. used by all my nixos desktops.
@@ -1,13 +1,13 @@
 {
  config,
-  username,
+  myvars,
  ...
 }: let
  d = config.xdg.dataHome;
  c = config.xdg.configHome;
  cache = config.xdg.cacheHome;
 in rec {
-  home.homeDirectory = "/home/${username}";
+  home.homeDirectory = "/home/${myvars.username}";

  # environment variables that always set at login
  home.sessionVariables = {
@@ -1,29 +1,9 @@
 {pkgs, ...}: {
  # Linux Only Packages, not available on Darwin
  home.packages = with pkgs; [
-    nmon
-    iotop
-    iftop
-
    # misc
    libnotify
    wireguard-tools # manage wireguard vpn manually, via wg-quick
-
-    # system call monitoring
-    strace # system call monitoring
-    ltrace # library call monitoring
-    bpftrace # powerful tracing tool
-    tcpdump # network sniffer
-    lsof # list open files
-
-    # system tools
-    sysstat
-    lm_sensors # for `sensors` command
-    ethtool
-    pciutils # lspci
-    usbutils # lsusb
-    hdparm # for disk performance, command
-    dmidecode # a tool that reads information about your system's hardware from the BIOS according to the SMBIOS/DMI standard
  ];

  # auto mount usb drives
@@ -0,0 +1,8 @@
+{
+  imports = [
+    ../base/core
+    ../base/home.nix
+
+    ./base
+  ];
+}
@@ -1,10 +0,0 @@
-{
-  imports = [
-    ../base/server
-    ../base/desktop
-    ../base/core.nix
-
-    ./base
-    ./desktop
-  ];
-}
@@ -1,16 +0,0 @@
-# Desktop Related
-
-
-3. `base`: all common configurations for all desktops.
-4. `hyprland`: Hyprland's configuration.
-5. `i3`: i3's configuration.
-
-
-## Why install I3/Hyprland in Home Manager instead of a NixOS Module?
-
-1. I3 & Hyprland's configuration file is located in `~/.config`, which can be easily managed by Home Manager.
-2. There're other user-specific systemd servcies, such gammastep, wallpaper-switcher, etc. which can be easily managed by Home Manager, but if we start i3/hyprland in NixOS Module, they may failed to start automatically. With i3/hyprland installed via home-manager, we can control their systemd service's dependent order, to avoid issues like this.
-3. By install as less as possible in NixOS Module, we can:
-    1. Make the NixOS system more secure and stable.
-    2. Make this flake more portable to other non-NixOS systems, as home-manager can be installed on any Linux system.
-
@@ -1,55 +0,0 @@
-#!/usr/bin/env bash
-
-## Script to take screenshots with grim, slurp (in Wayland)
-
-iDIR="$HOME/.config/hypr/mako/icons"
-
-time=$(date +%Y-%m-%d-%H-%M-%S)
-dir="$(xdg-user-dir PICTURES)/Screenshots"  # need 
-file="Screenshot_${time}_${RANDOM}.png"
-
-# notify and view screenshot
-notify_cmd_shot="notify-send -h string:x-canonical-private-synchronous:shot-notify -u low -i ${iDIR}/picture.png"
-notify_view () {
-	${notify_cmd_shot} "Copied to clipboard."
-	imv ${dir}/"$file"
-	if [[ -e "$dir/$file" ]]; then
-		${notify_cmd_shot} "Screenshot Saved."
-	else
-		${notify_cmd_shot} "Screenshot Deleted."
-	fi
-}
-
-# take shots
-shotnow () {
-	cd ${dir} && grim - | tee "$file" | wl-copy
-	notify_view
-}
-
-shotwin () {
-	w_pos=$(hyprctl activewindow | grep 'at:' | cut -d':' -f2 | tr -d ' ' | tail -n1)
-	w_size=$(hyprctl activewindow | grep 'size:' | cut -d':' -f2 | tr -d ' ' | tail -n1 | sed s/,/x/g)
-	cd ${dir} && grim -g "$w_pos $w_size" - | tee "$file" | wl-copy
-	notify_view
-}
-
-shotarea () {
-	cd ${dir} && grim -g "$(slurp -b 1B1F28CC -c E06B74ff -s C778DD0D -w 2)" - | tee "$file" | wl-copy
-	notify_view
-}
-
-if [[ ! -d "$dir" ]]; then
-	mkdir -p "$dir"
-fi
-
-if [[ "$1" == "--now" ]]; then
-	shotnow
-elif [[ "$1" == "--area" ]]; then
-	shotarea
-elif [[ "$1" == "--win" ]]; then
-	shotwin
-else
-	echo -e "Available Options : --now --win --area"
-fi
-
-exit 0
@@ -1,207 +0,0 @@
-{
-  "position": "top",
-  "layer": "top",
-
-  "modules-left": [
-    "custom/launcher",
-    "temperature",
-    "backlight",
-    "wlr/workspaces"
-  ],
-  "modules-center": [
-    "custom/playerctl"
-  ],
-  "modules-right": [
-    "mpd",
-    "pulseaudio",
-    "battery",
-    "memory",
-    "cpu",
-    "network",
-    "clock",
-    "idle_inhibitor",
-    "custom/powermenu",
-    "tray"
-  ],
-  "wlr/workspaces": {
-    "format": "{icon}",
-    "on-click": "activate",
-    "format-icons": {
-      "1": "",
-      "2": "",
-      "3": "",
-      "4": "",
-      "5": "",
-      "6": "",
-      "7": "",
-      "8": "",
-      "9": "",
-      "10": "〇",
-      "focused": "",
-      "default": ""
-    }
-  },
-
-  "clock": {
-    "interval": 60,
-    "align": 0,
-    "rotate": 0,
-    "tooltip-format": "<big>{:%B %Y}</big>\n<tt><small>{calendar}</small></tt>",
-    "format": " {:%H:%M}",
-    "format-alt": " {:%a %b %d, %G}"
-  },
-  "cpu": {
-    "format": "\udb80\udf5b {usage}%",
-    "interval": 1,
-    "on-click-middle": "kitty btop",
-    "on-click-right": "kitty btop"
-  },
-  "custom/launcher": {
-    "format": "\uf313 ",
-    "on-click": "$HOME/.config/hypr/scripts/menu",
-    "on-click-middle": "exec default_wall",
-    "on-click-right": "exec wallpaper_random",
-    "tooltip": false
-  },
-  "custom/powermenu": {
-    "format": "\uf011",
-    "on-click": "$HOME/.config/hypr/scripts/wlogout",
-    "tooltip": false
-  },
-  "idle_inhibitor": {
-    "format": "{icon}",
-    "format-icons": {
-      "activated": "\uf06e",
-      "deactivated": "\uf070"
-    },
-    "tooltip": false
-  },
-  "memory": {
-    "format": "\udb83\udee0 {percentage}%",
-    "interval": 1,
-    "states": {
-      "warning": 85
-    }
-  },
-  "mpd": {
-      "interval": 2,
-      "unknown-tag": "N/A",
-      "format": "{stateIcon} {artist} - {title}",
-      "format-disconnected": " Disconnected",
-      "format-paused": "{stateIcon} {artist} - {title}",
-      "format-stopped": "Stopped ",
-      "state-icons": {
-          "paused": "",
-          "playing": ""
-      },
-      "tooltip-format": "MPD (connected)",
-      "tooltip-format-disconnected": "MPD (disconnected)",
-      // Commands to execute on events
-      "on-click": "mpc toggle",
-      "on-click-middle": "mpc prev",
-      "on-click-right": "mpc next",
-      "on-update": "",
-      "on-scroll-up": "mpc seek +00:00:01",
-      "on-scroll-down": "mpc seek -00:00:01",
-      "smooth-scrolling-threshold": 1
-  },
-  "custom/playerctl": {
-     "format": "{icon}  <span>{}</span>",
-     "return-type": "json",
-     "max-length": 55,
-     "exec": "playerctl -a metadata --format '{\"text\": \"  {{markup_escape(title)}}\", \"tooltip\": \"{{playerName}} : {{markup_escape(title)}}\", \"alt\": \"{{status}}\", \"class\": \"{{status}}\"}' -F",
-     "on-click-middle": "playerctl previous",
-     "on-click": "playerctl play-pause",
-     "on-click-right": "playerctl next",
-     "format-icons": {
-       "Paused": "<span foreground='#6dd9d9'></span>",
-       "Playing": "<span foreground='#82db97'></span>"
-     }
-  },
-  "network": {
-      "interval": 5,
-      //"interface": "wlan*", // (Optional) To force the use of this interface, set it for netspeed to work
-      "format-wifi": " {essid}",
-      "format-ethernet": " {ipaddr}/{cidr}",
-      "format-linked": " {ifname} (No IP)",
-      "format-disconnected": "睊 Disconnected",
-      "format-disabled": "睊 Disabled",
-      "format-alt": " {bandwidthUpBytes} |  {bandwidthDownBytes}",
-      "tooltip-format": " {ifname} via {gwaddr}",
-      "on-click-middle": "nm-connection-editor",
-      "on-click-right": "kitty nmtui"
-  },
-  "pulseaudio": {
-      //"format": "{volume}% {icon} {format_source}",
-      "format": "{icon} {volume}%",
-      "format-muted": " Mute",
-      "format-bluetooth": " {volume}% {format_source}",
-      "format-bluetooth-muted": " Mute",
-      "format-source": " {volume}%",
-      "format-source-muted": "",
-      "format-icons": {
-          "headphone": "",
-          "hands-free": "",
-          "headset": "",
-          "phone": "",
-          "portable": "",
-          "car": "",
-          "default": [
-              "",
-              "",
-              ""
-          ]
-      },
-      "scroll-step": 5.0,
-      // Commands to execute on events
-      "on-click": "amixer set Master toggle",
-      "on-click-right": "pavucontrol",
-      "smooth-scrolling-threshold": 1,
-  },
-  "temperature": {
-    "format": "\uf2c9 {temperatureC}\u00b0C",
-    "tooltip": false
-  },
-  "backlight": {
-    "format": "{icon} {percent}%",
-    "format-icons": [
-      "",
-      "",
-      "",
-      "",
-      "",
-      "",
-      "",
-      "",
-      ""
-    ]
-  },
-  "tray": {
-    "icon-size": 15,
-    "spacing": 5
-  },
-  "battery": {
-    "bat": "BAT0",
-    "adapter": "ADP0",
-    "interval": 60,
-    "states": {
-      "warning": 30,
-      "critical": 15
-    },
-    "max-length": 20,
-    "format": "{icon} {capacity}%",
-    "format-warning": "{icon} {capacity}%",
-    "format-critical": "{icon} {capacity}%",
-    "format-charging": "<span font-family='Font Awesome 6 Free'></span> {capacity}%",
-    "format-plugged": " {capacity}%",
-    "format-alt": "{icon} {time}",
-    "format-full": " {capacity}%",
-    "format-icons": [
-      " ",
-      " ",
-      " ",
-      " ",
-      " "
-    ]
-  },
-}
@@ -1,52 +0,0 @@
-/** ********** Fonts ********** **/
-* {
-    font-family: "JetBrains Mono", "Iosevka Nerd Font", sans-serif;
-    font-size: 14px;
-    font-weight: bold;
-}
-
-/** ********** Main Window ********** **/
-window {
-	background-color: #1E1E2E;
-}
-
-/** ********** Buttons ********** **/
-button {
-	background-color: #242434;
-    color: #FFFFFF;
-	border: 2px solid #282838;
-	border-radius: 20px;
-	background-repeat: no-repeat;
-	background-position: center;
-	background-size: 35%;
-}
-
-button:focus, button:active, button:hover {
-	background-color: #89B4FA;
-	outline-style: none;
-}
-
-/** ********** Icons ********** **/
-#lock {
-    background-image: image(url("icons/lock.png"), url("/usr/share/wlogout/icons/lock.png"));
-}
-
-#logout {
-    background-image: image(url("icons/logout.png"), url("/usr/share/wlogout/icons/logout.png"));
-}
-
-#suspend {
-    background-image: image(url("icons/suspend.png"), url("/usr/share/wlogout/icons/suspend.png"));
-}
-
-#hibernate {
-    background-image: image(url("icons/hibernate.png"), url("/usr/share/wlogout/icons/hibernate.png"));
-}
-
-#shutdown {
-    background-image: image(url("icons/shutdown.png"), url("/usr/share/wlogout/icons/shutdown.png"));
-}
-
-#reboot {
-    background-image: image(url("icons/reboot.png"), url("/usr/share/wlogout/icons/reboot.png"));
-}
@@ -0,0 +1,11 @@
+{
+  imports = [
+    ../base/core
+    ../base/tui
+    ../base/gui
+    ../base/home.nix
+
+    ./base
+    ./gui
+  ];
+}
--- a/Show More
+++ b/Show More