feat: add WeChat(UOS) sandboxed

fix: mkdir - persist qq's config feat: update kernel params for nvidia
chore(terminals/foot.nix): adjust font size
2026-05-28 18:39:31 +02:00 · 2024-11-14 00:00:22 +08:00 · 2024-11-14 00:00:22 +08:00 · 2024-11-14 00:00:22 +08:00 · 2024-11-14 00:00:21 +08:00 · 2024-11-14 00:00:21 +08:00
740 changed files with 26363 additions and 64823 deletions
@@ -1,2 +1,3 @@
 github: ryan4yin
 patreon: ryan4yin
-custom: ["https://buymeacoffee.com/ryan4yin", "https://afdian.net/a/ryan4yin"]
+custom: ["https://buymeacoffee.com/ryan4yin"]
@@ -3,3 +3,7 @@ result/
 .direnv/
 .DS_Store
 .pre-commit-config.yaml
 logs/
 core*
 !core/
 !core.nix
@@ -9,4 +9,26 @@ binary = false
 extend-ignore-re = [
  "iterm2",
  "iHgEIBYKACAWIQSizQe9ljFEyyclWmtVhZllwnQrSwUCZZ1T9wIdAAAKCRBVhZll", # crypto keys
  "noice",                                                            # noice.nvim
  "crypted-nixos",
  "daed",
  # catppuccin theme colors
  "11111b",
  "1e1e2e",
  "313244",
  "414356",
  "45475a",
  "585b70",
  "89b4fa",
  "94e2d5",
  "a6adc8",
  "a6e3a1",
  "bac2de",
  "cdd6f4",
  "f38ba8",
  "f5c2e7",
  "f5e0dc",
  "f9e2af",
  "fab387",
 ]
@@ -1,67 +1,118 @@
 # just is a command runner, Justfile is very similar to Makefile, but simpler.
-# use nushell for shell commands
+# Use nushell for shell commands
 # To usage this justfile, you need to enter a shell with just & nushell installed:
 # 
 #   nix shell nixpkgs#just nixpkgs#nushell
 set shell := ["nu", "-c"]
 utils_nu := absolute_path("utils.nu")
 ############################################################################
 #
-#  Nix commands related to the local machine
+#  Common commands(suitable for all machines)
 #
 ############################################################################
-i3 mode="default":
+# List all the just commands
-  use utils.nu *; \
+default:
-  nixos-switch ai-i3 {{mode}}
+    @just --list
 hypr mode="default":
  use utils.nu *; \
  nixos-switch ai-hyprland {{mode}}
 s-i3 mode="default":
  use utils.nu *; \
  nixos-switch shoukei-i3 {{mode}}
 s-hypr mode="default":
  use utils.nu *; \
  nixos-switch shoukei-hyprland {{mode}}
 # Run eval tests
 [group('nix')]
 test:
  nix eval .#evalTests --show-trace --print-build-logs --verbose
-# update all the flake inputs
+# Update all the flake inputs
 [group('nix')]
 up:
  nix flake update
 # Update specific input
 # Usage: just upp nixpkgs
 [group('nix')]
 upp input:
-  nix flake lock --update-input {{input}}
+  nix flake update {{input}}
 # List all generations of the system profile
 [group('nix')]
 history:
  nix profile history --profile /nix/var/nix/profiles/system
 # Open a nix shell with the flake
 [group('nix')]
 repl:
  nix repl -f flake:nixpkgs
 # remove all generations older than 7 days
 # on darwin, you may need to switch to root user to run this command
 [group('nix')]
 clean:
  sudo nix profile wipe-history --profile /nix/var/nix/profiles/system  --older-than 7d
 # Garbage collect all unused nix store entries
 [group('nix')]
 gc:
-  # garbage collect all unused nix store entries
+  # garbage collect all unused nix store entries(system-wide)
-  sudo nix store gc --debug
+  sudo nix-collect-garbage --delete-older-than 7d
-  sudo nix-collect-garbage --delete-old
+  # garbage collect all unused nix store entries(for the user - home-manager)
  # https://github.com/NixOS/nix/issues/8508
  nix-collect-garbage --delete-older-than 7d
-# Remove all reflog entries and prune unreachable objects
+# Enter a shell session which has all the necessary tools for this flake
-gitgc:
+[linux]
-  git reflog expire --expire-unreachable=now --all
+[group('nix')]
-  git gc --prune=now
+shell:
  nix shell nixpkgs#git nixpkgs#neovim nixpkgs#colmena
 # Enter a shell session which has all the necessary tools for this flake
 [macos]
 [group('nix')]
 shell:
  nix shell nixpkgs#git nixpkgs#neovim
 [group('nix')]
 fmt:
  # format the nix files in this repo
  nix fmt
 # Show all the auto gc roots in the nix store
 [group('nix')]
 gcroot:
  ls -al /nix/var/nix/gcroots/auto/
 # Verify all the store entries
 # Nix Store can contains corrupted entries if the nix store object has been modified unexpectedly.
 # This command will verify all the store entries,
 # and we need to fix the corrupted entries manually via `sudo nix store delete <store-path-1> <store-path-2> ...`
 [group('nix')]
 verify-store:
  nix store verify --all
 # Repair Nix Store Objects
 [group('nix')]
 repair-store *paths:
  nix store repair {{paths}}
 ############################################################################
 #
 #  NixOS Desktop related commands
 #
 ############################################################################
 [linux]
 [group('desktop')]
 hypr mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *;
  nixos-switch ai-hyprland {{mode}}
 [linux]
 [group('desktop')]
 s-hypr mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *;
  nixos-switch shoukei-hyprland {{mode}}
 ############################################################################
 #
@@ -69,188 +120,298 @@ gitgc:
 #
 ############################################################################
 [macos]
 [group('desktop')]
 darwin-set-proxy:
  sudo python3 scripts/darwin_set_proxy.py
  sleep 1sec
 [macos]
 [group('desktop')]
 darwin-rollback:
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *;
  darwin-rollback
 # Deploy to harmonica(macOS host)
 [macos]
 [group('desktop')]
 ha mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
-  darwin-build "harmonica" {{mode}}; \
+  use {{utils_nu}} *;
  darwin-build "harmonica" {{mode}};
  darwin-switch "harmonica" {{mode}}
 # Depoly to fern(macOS host)
 [macos]
 [group('desktop')]
 fe mode="default": darwin-set-proxy
-  use utils.nu *; \
+  #!/usr/bin/env nu
-  darwin-build "fern" {{mode}}; \
+  use {{utils_nu}} *;
  darwin-build "fern" {{mode}};
  darwin-switch "fern" {{mode}}
-# Reload yabai and skhd(macOS)
+# Reset launchpad to force it to reindex Applications
-yabai-reload:
+[macos]
-  launchctl kickstart -k "gui/502/org.nixos.yabai";
+[group('desktop')]
-  launchctl kickstart -k "gui/502/org.nixos.skhd"; 
+reset-launchpad:
  defaults write com.apple.dock ResetLaunchPad -bool true
  killall Dock
 ############################################################################
 #
-#  Homelab - Virtual Machines running on Kubevirt
+#  Homelab - Kubevirt Cluster related commands
 #
 ############################################################################
 # Remote deployment via colmena
 [linux]
 [group('homelab')]
 col tag:
  colmena apply --on '@{{tag}}' --verbose --show-trace
 [linux]
 [group('homelab')]
 local name mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *;
  nixos-switch {{name}} {{mode}}
 # Build and upload a vm image
 [linux]
 [group('homelab')]
 upload-vm name mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *;
  upload-vm {{name}} {{mode}}
 # Deploy all the KubeVirt nodes(Physical machines running KubeVirt)
 [linux]
 [group('homelab')]
 lab:
  colmena apply --on '@virt-*' --verbose --show-trace
-# Deploy all the VMs running on KubeVirt
+[linux]
-vm:
+[group('homelab')]
-  colmena apply --on '@homelab-*' --verbose --show-trace
+shoryu:
  colmena apply --on '@kubevirt-shoryu' --verbose --show-trace
 [linux]
 [group('homelab')]
 shoryu-local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch kubevirt-shoryu {{mode}}
 [linux]
 [group('homelab')]
 shushou:
  colmena apply --on '@kubevirt-shushou' --verbose --show-trace
 [linux]
 [group('homelab')]
 shushou-local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch kubevirt-shushou {{mode}}
 [linux]
 [group('homelab')]
 youko:
  colmena apply --on '@kubevirt-youko' --verbose --show-trace
 [linux]
 [group('homelab')]
 youko-local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch kubevirt-youko {{mode}}
 ############################################################################
 #
 # Commands for other Virtual Machines
 #
 ############################################################################
 # Build and upload a vm image
 [linux]
 [group('homelab')]
 upload-idols mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  upload-vm aquamarine {{mode}}
  upload-vm ruby {{mode}}
  upload-vm kana {{mode}}
 [linux]
 [group('homelab')]
 aqua:
  colmena apply --on '@aqua' --verbose --show-trace
  # some config changes require a restart of the dae service
  ssh root@aquamarine "sudo systemctl stop dae; sleep 1; sudo systemctl start dae"
 [linux]
 [group('homelab')]
 aqua-local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch aquamarine {{mode}}
 [linux]
 [group('homelab')]
 ruby:
  colmena apply --on '@ruby' --verbose --show-trace
 [linux]
 [group('homelab')]
 ruby-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch ruby {{mode}}
 [linux]
 [group('homelab')]
 kana:
  colmena apply --on '@kana' --verbose --show-trace
 [linux]
 [group('homelab')]
 kana-local mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch kana {{mode}}
 ############################################################################
 #
 # Kubernetes related commands
 #
 ############################################################################
-k3s:
+# Build and upload a vm image
-  colmena apply --on '@k3s-*' --verbose --show-trace
+[linux]
 [group('homelab')]
 upload-k3s-prod mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  upload-vm k3s-prod-1-master-1 {{mode}}; 
  upload-vm k3s-prod-1-master-2 {{mode}}; 
  upload-vm k3s-prod-1-master-3 {{mode}}; 
  upload-vm k3s-prod-1-worker-1 {{mode}}; 
  upload-vm k3s-prod-1-worker-2 {{mode}}; 
  upload-vm k3s-prod-1-worker-3 {{mode}};
-master:
+[linux]
-  colmena apply --on '@k3s-prod-1-master-*' --verbose --show-trace
+[group('homelab')]
 upload-k3s-test mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  upload-vm k3s-test-1-master-1 {{mode}}; 
  upload-vm k3s-test-1-master-2 {{mode}}; 
  upload-vm k3s-test-1-master-3 {{mode}};
-worker:
+[linux]
-  colmena apply --on '@k3s-prod-1-worker-*' --verbose --show-trace
+[group('homelab')]
 k3s-prod:
  colmena apply --on '@k3s-prod-*' --verbose --show-trace
 [linux]
 [group('homelab')]
 k3s-test:
  colmena apply --on '@k3s-test-*' --verbose --show-trace
 ############################################################################
 #
-#  RISC-V related commands
+#  Neovim related commands
 #
 ############################################################################
-riscv:
+[group('neovim')]
  colmena apply --on '@riscv' --verbose --show-trace
 nozomi:
  colmena apply --on '@nozomi' --verbose --show-trace
 yukina:
  colmena apply --on '@yukina' --verbose --show-trace
 ############################################################################
 #
 # Aarch64 related commands
 #
 ############################################################################
 aarch:
  colmena apply --on '@aarch' --build-on-target --verbose --show-trace
 suzu:
  colmena apply --on '@suzu' --build-on-target --verbose --show-trace
 suzu-local mode="default":
  use utils.nu *; \
  nixos-switch suzu {{mode}}
 rakushun:
  colmena apply --on '@rakushun' --build-on-target --verbose --show-trace
 rakushun-local mode="default":
  use utils.nu *; \
  nixos-switch rakushun {{mode}}
 ############################################################################
 #
 #  Misc, other useful commands
 #
 ############################################################################
 fmt:
  # format the nix files in this repo
  nix fmt
 path:
   $env.PATH | split row ":"
 nvim-test:
-  rm -rf $"($env.HOME)/.config/astronvim/lua/user"
+  rm -rf $"($env.HOME)/.config/nvim"
-  rsync -avz --copy-links --chmod=D2755,F744 home/base/desktop/editors/neovim/astronvim_user/ $"($env.HOME)/.config/astronvim/lua/user"
+  rsync -avz --copy-links --chmod=D2755,F744 home/base/tui/editors/neovim/nvim/ $"($env.HOME)/.config/nvim/"
 [group('neovim')]
 nvim-clean:
-  rm -rf $"($env.HOME)/.config/astronvim/lua/user"
+  rm -rf $"($env.HOME)/.config/nvim"
 # =================================================
 # Emacs related commands
 # =================================================
-emacs-plist-path := "~/Library/LaunchAgents/org.nix-community.home.emacs.plist"
+[group('emacs')]
 reload-emacs-cmd := if os() == "macos" {
    "launchctl unload " + emacs-plist-path
    + "\n"
    + "launchctl load " + emacs-plist-path
    + "\n"
    + "tail -f ~/Library/Logs/emacs-daemon.stderr.log"
  } else {
    "systemctl --user restart emacs.service"
    + "\n"
    + "systemctl --user status emacs.service"
  }
 emacs-test:
  rm -rf $"($env.HOME)/.config/doom"
-  rsync -avz --copy-links --chmod=D2755,F744 home/base/desktop/editors/emacs/doom/ $"($env.HOME)/.config/doom"
+  rsync -avz --copy-links --chmod=D2755,F744 home/base/tui/editors/emacs/doom/ $"($env.HOME)/.config/doom/"
  doom clean
  doom sync
 [group('emacs')]
 emacs-clean:
  rm -rf $"($env.HOME)/.config/doom/"
 [group('emacs')]
 emacs-purge:
  doom purge
  doom clean
  doom sync
 [linux]
 [group('emacs')]
 emacs-reload:
  doom sync
-  {{reload-emacs-cmd}}
+  systemctl --user restart emacs.service
  systemctl --user status emacs.service
 emacs-plist-path := "~/Library/LaunchAgents/org.nix-community.home.emacs.plist"
 [macos]
 [group('emacs')]
 emacs-reload:
  doom sync
  launchctl unload {{emacs-plist-path}}
  launchctl load {{emacs-plist-path}}
  tail -f ~/Library/Logs/emacs-daemon.stderr.log
 # =================================================
 #
-# Kubernetes related commands
+# Other useful commands
 #
 # =================================================
 [group('common')]
 path:
   $env.PATH | split row ":"
 [group('common')]
 trace-access app *args:
  strace -f -t -e trace=file {{app}} {{args}} | complete | $in.stderr | lines | find -v -r "(/nix/store|/newroot|/proc)" | parse --regex '"(/.+)"' | sort | uniq
 [linux]
 [group('common')]
 penvof pid:
  sudo cat $"/proc/($pid)/environ" | tr '\0' '\n'
 # Remove all reflog entries and prune unreachable objects
 [group('git')]
 ggc:
  git reflog expire --expire-unreachable=now --all
  git gc --prune=now
 # Amend the last commit without changing the commit message
 [group('git')]
 game:
  git commit --amend -a --no-edit
 # Delete all failed pods
 [group('k8s')]
 del-failed:
  kubectl delete pod --all-namespaces --field-selector="status.phase==Failed"
 [linux]
 [group('services')]
 list-inactive:
  systemctl list-units -all --state=inactive
 [linux]
 [group('services')]
 list-failed:
  systemctl list-units -all --state=failed
@@ -8,27 +8,32 @@
 	<a href="https://github.com/ryan4yin/nix-config/stargazers">
 		<img alt="Stargazers" src="https://img.shields.io/github/stars/ryan4yin/nix-config?style=for-the-badge&logo=starship&color=C9CBFF&logoColor=D9E0EE&labelColor=302D41"></a>
    <a href="https://nixos.org/">
-        <img src="https://img.shields.io/badge/NixOS-23.11-informational.svg?style=for-the-badge&logo=nixos&color=F2CDCD&logoColor=D9E0EE&labelColor=302D41"></a>
+        <img src="https://img.shields.io/badge/NixOS-24.05-informational.svg?style=for-the-badge&logo=nixos&color=F2CDCD&logoColor=D9E0EE&labelColor=302D41"></a>
    <a href="https://github.com/ryan4yin/nixos-and-flakes-book">
        <img src="https://img.shields.io/static/v1?label=Nix Flakes&message=learning&style=for-the-badge&logo=nixos&color=DDB6F2&logoColor=D9E0EE&labelColor=302D41"></a>
  </a>
 </p>
-> My configuration is becoming more and more complex, and it may be difficult for beginners to read
+> My configuration is becoming more and more complex, and **it will be difficult for beginners to
-> it. If you are new to NixOS and want to know how I use NixOS, I would recommend you to take a look
+> read**. If you are new to NixOS and want to know how I use NixOS, I would recommend you to take a
-> at the [ryan4yin/nix-config/releases](https://github.com/ryan4yin/nix-config/releases) first,
+> look at the [ryan4yin/nix-config/releases](https://github.com/ryan4yin/nix-config/releases) first,
-> **checkout to some simpler older versions**, which will be much easier to understand.
+> **checkout to some simpler older versions, such as
 > [i3-kickstarter](https://github.com/ryan4yin/nix-config/tree/i3-kickstarter), which will be much
 > easier to understand**.
 This repository is home to the nix code that builds my systems:
-1. NixOS Desktops: NixOS with home-manager, i3, hyprland, agenix, etc.
+1. NixOS Desktops: NixOS with home-manager, hyprland, agenix, etc.
 2. macOS Desktops: nix-darwin with home-manager, share the same home-manager configuration with
   NixOS Desktops.
-3. NixOS Servers: virtual machines running on Proxmox, with various services, such as kubernetes,
+3. NixOS Servers: virtual machines running on Proxmox/KubeVirt, with various services, such as
-   homepage, prometheus, grafana, etc.
+   kubernetes, homepage, prometheus, grafana, etc.
 See [./hosts](./hosts) for details of each host.
 See [./Virtual-Machine.md](./Virtual-Machine.md) for details of how to create & manage KubeVirt's
 Virtual Machine from this flake.
 ## Why NixOS & Flakes?
 Nix allows for easy-to-manage, collaborative, reproducible deployments. This means that once
@@ -49,29 +54,29 @@ You don't have to go through the pain I've experienced again! Check out my
 ## Components
-|                             | NixOS(Wayland)                                                                                                      | NixOS(Xorg)                                                                                                         |
+|                             | NixOS(Wayland)                                                                                                      |
-| --------------------------- | :------------------------------------------------------------------------------------------------------------------ | :------------------------------------------------------------------------------------------------------------------ |
+| --------------------------- | ------------------------------------------------------------------------------------------------------------------- |
-| **Window Manager**          | [Hyprland][Hyprland]                                                                                                | [i3][i3]                                                                                                            |
+| **Window Manager**          | [Hyprland][Hyprland]                                                                                                |
-| **Terminal Emulator**       | [Zellij][Zellij] + [Kitty][Kitty]                                                                                   | [Zellij][Zellij] + [Kitty][Kitty]                                                                                   |
+| **Terminal Emulator**       | [Zellij][Zellij] + [Kitty][Kitty]                                                                                   |
-| **Bar**                     | [Waybar][Waybar]                                                                                                    | [polybar][polybar]                                                                                                  |
+| **Bar**                     | [Waybar][Waybar]                                                                                                    |
-| **Application Launcher**    | [anyrun][anyrun]                                                                                                    | [rofi][rofi]                                                                                                        |
+| **Application Launcher**    | [anyrun][anyrun]                                                                                                    |
-| **Notification Daemon**     | [Mako][Mako]                                                                                                        | [Dunst][Dunst]                                                                                                      |
+| **Notification Daemon**     | [Mako][Mako]                                                                                                        |
-| **Display Manager**         | [GDM][GDM]                                                                                                          | [GDM][GDM]                                                                                                          |
+| **Display Manager**         | [GDM][GDM]                                                                                                          |
-| **Color Scheme**            | [Catppuccin][Catppuccin]                                                                                            | [Catppuccin][Catppuccin]                                                                                            |
+| **Color Scheme**            | [Catppuccin][Catppuccin]                                                                                            |
-| **network management tool** | [NetworkManager][NetworkManager]                                                                                    | [NetworkManager][NetworkManager]                                                                                    |
+| **network management tool** | [NetworkManager][NetworkManager]                                                                                    |
-| **Input method framework**  | [Fcitx5][Fcitx5]                                                                                                    | [Fcitx5][Fcitx5]                                                                                                    |
+| **Input method framework**  | [Fcitx5][Fcitx5]                                                                                                    |
-| **System resource monitor** | [Btop][Btop]                                                                                                        | [Btop][Btop]                                                                                                        |
+| **System resource monitor** | [Btop][Btop]                                                                                                        |
-| **File Manager**            | [Yazi][Yazi] + [thunar][thunar]                                                                                     | [Yazi][Yazi] + [thunar][thunar]                                                                                     |
+| **File Manager**            | [Yazi][Yazi] + [thunar][thunar]                                                                                     |
-| **Shell**                   | [Nushell][Nushell] + [Starship][Starship]                                                                           | [Nushell][Nushell] + [Starship][Starship]                                                                           |
+| **Shell**                   | [Nushell][Nushell] + [Starship][Starship]                                                                           |
-| **Music Player**            | [mpd][mpd], [ncmpcpp][ncmpcpp], [mpc][mpc], [Netease-cloud-music-gtk][netease-cloud-music-gtk]                      | [Netease-cloud-music-gtk][netease-cloud-music-gtk]                                                                  |
+| **Music Player**            | [mpd][mpd], [ncmpcpp][ncmpcpp], [mpc][mpc]                                                                          |
-| **Media Player**            | [mpv][mpv]                                                                                                          | [mpv][mpv]                                                                                                          |
+| **Media Player**            | [mpv][mpv]                                                                                                          |
-| **Text Editor**             | [Neovim][Neovim] + [DoomEmacs][DoomEmacs]                                                                           | [Neovim][Neovim] + [DoomEmacs][DoomEmacs]                                                                           |
+| **Text Editor**             | [Neovim][Neovim] + [DoomEmacs][DoomEmacs]                                                                           |
-| **Fonts**                   | [Nerd fonts][Nerd fonts]                                                                                            | [Nerd fonts][Nerd fonts]                                                                                            |
+| **Fonts**                   | [Nerd fonts][Nerd fonts]                                                                                            |
-| **Image Viewer**            | [imv][imv]                                                                                                          | [imv][imv]                                                                                                          |
+| **Image Viewer**            | [imv][imv]                                                                                                          |
-| **Screenshot Software**     | [flameshot][flameshot] + [grim][grim]                                                                               | [flameshot][flameshot]                                                                                              |
+| **Screenshot Software**     | [flameshot][flameshot] + [grim][grim]                                                                               |
-| **Screen Recording**        | [OBS][OBS]                                                                                                          | [OBS][OBS]                                                                                                          |
+| **Screen Recording**        | [OBS][OBS]                                                                                                          |
-| **Filesystem & Encryption** | tmpfs on `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] encrypted partition for persistent, unlock via passphrase | tmpfs on `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] encrypted partition for persistent, unlock via passphrase |
+| **Filesystem & Encryption** | tmpfs on `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] encrypted partition for persistent, unlock via passphrase |
-| **Secure Boot**             | [lanzaboote][lanzaboote]                                                                                            | [lanzaboote][lanzaboote]                                                                                            |
+| **Secure Boot**             | [lanzaboote][lanzaboote]                                                                                            |
 Wallpapers: https://github.com/ryan4yin/wallpapers
@@ -83,17 +88,13 @@ Wallpapers: https://github.com/ryan4yin/wallpapers
 ![](./_img/emacs-2024-01-07.webp)
 ## I3 + AstroNvim
 ![](./_img/i3_2023-07-29_1.webp) ![](./_img/i3_2023-07-29_2.webp)
 ## Neovim
-See [./home/base/desktop/editors/neovim/](./home/base/desktop/editors/neovim/) for details.
+See [./home/base/tui/editors/neovim/](./home/base/tui/editors/neovim/) for details.
 ## Emacs
-See [./home/base/desktop/editors/emacs/](./home/base/desktop/editors/emacs/) for details.
+See [./home/base/tui/editors/emacs/](./home/base/tui/editors/emacs/) for details.
 ## Secrets Management
@@ -101,10 +102,10 @@ See [./secrets](./secrets) for details.
 ## How to Deploy this Flake?
-> :red_circle: **IMPORTANT**: **You should NOT deploy this flake directly on your machine
+<!-- prettier-ignore -->
-> :exclamation: It will not succeed.** This flake contains my hardware configuration(such as
+> :red_circle: **IMPORTANT**: **You should NOT deploy this flake directly on your machine :exclamation:
 > It will not succeed.** This flake contains my hardware configuration(such as
 > [hardware-configuration.nix](hosts/idols-ai/hardware-configuration.nix),
 > [cifs-mount.nix](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols_ai/cifs-mount.nix),
 > [Nvidia Support](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols-ai/default.nix#L77-L91),
 > etc.) which is not suitable for your hardwares, and requires my private secrets repository
 > [ryan4yin/nix-secrets](https://github.com/ryan4yin/nix-config/tree/main/secrets) to deploy. You
@@ -119,16 +120,13 @@ For NixOS:
 ```bash
 # deploy one of the configuration based on the hostname
 # sudo nixos-rebuild switch --flake .#ai_i3
 sudo nixos-rebuild switch --flake .#ai-hyprland
 # deploy via `just`(a command runner with similar syntax to make) & Justfile
 # just i3    # deploy my pc with i3 window manager
 just hypr  # deploy my pc with hyprland compositor
 # or we can deploy with details
-# just i3 debug
+just hypr debug
 just hypr-debug
 ```
 For macOS:
@@ -181,17 +179,12 @@ Other dotfiles that inspired me:
  - [HeinzDev/Hyprland-dotfiles](https://github.com/HeinzDev/Hyprland-dotfiles): Refer to the waybar
    configuration here.
  - [linuxmobile/kaku](https://github.com/linuxmobile/kaku)
 - I3 Window Manager
  - [endeavouros-i3wm-setup](https://github.com/endeavouros-team/endeavouros-i3wm-setup): I started
    using i3 here, and my i3 configuration is also based on it, but made a lot of changes.
  - [denisse-dev/dotfiles](https://github.com/denisse-dev/dotfiles)
 - Neovim/AstroNvim
  - [maxbrunet/dotfiles](https://github.com/maxbrunet/dotfiles): astronvim with nix flakes.
 - Misc
  - [1amSimp1e/dots](https://github.com/1amSimp1e/dots)
 [Hyprland]: https://github.com/hyprwm/Hyprland
 [i3]: https://github.com/i3/i3
 [Kitty]: https://github.com/kovidgoyal/kitty
 [Nushell]: https://github.com/nushell/nushell
 [Starship]: https://github.com/starship/starship
@@ -1,19 +1,25 @@
 ## How to create & managage KubeVirt's Virtual Machine from this flake?
-Use `aquamarine` as an example, we can create a virtual machine with the following command:
+Use `aquamarine` as an example, first build and upload the virtual machine's qcow2 image to the file
 server:
 ```shell
 just upload-vm aquamarine
 ```
 Then create the virtual machine by creating a yaml file at
-[ryan4yin/k8s-gitops](https://github.com/ryan4yin/k8s-gitops/tree/main/vms)
+[ryan4yin/k8s-gitops](https://github.com/ryan4yin/k8s-gitops/tree/main/vms), set the
 `spec.dataVolumeTemplates[0].source.http.url` to the uploaded file's URL, and fluxcd will
 automatically apply the changes, then a virtual machine named `aquamarine` will be created in the
 KubeVirt cluster.
 Once the virtual machine `aquamarine` is created, we can deploy updates to it with the following
 commands:
 ```shell
 just col aquamarine
 just col kubevirt-shoryu
 just col k3s-test-1-master-1
 ```
 If you're not familiar with remote deployment, please read this tutorial first:
@@ -0,0 +1,2 @@
 *.key
 *.csr
@@ -0,0 +1,7 @@
 # My Private PKI / CA
 This is my private Private Key Infrastructure (PKI) / Certificate Authority (CA) for my personal
 use. It is used to issue certificates for my own servers and services.
 All the private keys are ignored by git, and will be stored in my private secrets repo
 [../secrets](../secrets/)
@@ -0,0 +1,10 @@
 -----BEGIN CERTIFICATE-----
 MIIBajCB8QIJAIwL98is2nQPMAoGCCqGSM49BAMEMB8xHTAbBgNVBAMMFFJ5YW40
 WWluJ3MgUm9vdCBDQSAxMB4XDTI0MDQwMzA4NDgzM1oXDTM0MDQwMTA4NDgzM1ow
 HzEdMBsGA1UEAwwUUnlhbjRZaW4ncyBSb290IENBIDEwdjAQBgcqhkjOPQIBBgUr
 gQQAIgNiAAQ6ixMbsGZ/u/ZnwzOZ49naVL7rQxm9C74SboGytKcYBH03JjC7tgZ3
 DylirxSLcTYHHtCz9ajdamP6+sgiGVpUODtfGSO+WmS+gAbLjCS37T41bkUhkx88
 JU4NsGhjPXcwCgYIKoZIzj0EAwQDaAAwZQIwDrGLSdO+p/1uywkzqzdM/OnZs8bp
 n60uBhUI7EZzDmrouOFeGx+dXYI5yy5AD/qDAjEA7fTQx+jccyOj4dimq1iU9+71
 e/gWYg0rexfy/+9dQY6kvwMzv8Lnm6URaRMbE1Q/
 -----END CERTIFICATE-----
@@ -0,0 +1 @@
 C050420A8E5A3C1E
@@ -0,0 +1,22 @@
 [ req ]
 prompt = no
 req_extensions = v3_ext
 distinguished_name = req_distinguished_name
 [ req_distinguished_name ]
 countryName            = US
 stateOrProvinceName    = NYK
 localityName           = NYK
 organizationName       = Ryan4Yin
 organizationalUnitName = Ryan4Yin
 commonName             = writefor.fun # deprecated, use subjectAltName(SAN) instead
 emailAddress           = rayn4yin@linux.com
 [ alt_names ]
 DNS.1 = writefor.fun
 DNS.2 = *.writefor.fun
 [ v3_ext ]
 subjectAltName=@alt_names
 basicConstraints       = CA:false
 extendedKeyUsage       = serverAuth
@@ -0,0 +1,14 @@
 -----BEGIN CERTIFICATE-----
 MIICKTCCAa6gAwIBAgIJAMBQQgqOWjweMAoGCCqGSM49BAMEMB8xHTAbBgNVBAMM
 FFJ5YW40WWluJ3MgUm9vdCBDQSAxMB4XDTI0MDQwMzA4NDgzM1oXDTM0MDQwMTA4
 NDgzM1owgYkxCzAJBgNVBAYTAlVTMQwwCgYDVQQIDANOWUsxDDAKBgNVBAcMA05Z
 SzERMA8GA1UECgwIUnlhbjRZaW4xETAPBgNVBAsMCFJ5YW40WWluMRUwEwYDVQQD
 DAx3cml0ZWZvci5mdW4xITAfBgkqhkiG9w0BCQEWEnJheW40eWluQGxpbnV4LmNv
 bTB2MBAGByqGSM49AgEGBSuBBAAiA2IABCNTYKDq/I99NltQR5eKrrovQXp9BbLV
 iuUdYmzFrAh+NC9ikiIqTfDwP+c+7QvDyI3KXu3KI2qPSPdxktZKDUPHK4p2Y2kZ
 xKOI2IFTgTqV3uBciyx7ayWPTwBYxsTDmqNLMEkwJwYDVR0RBCAwHoIMd3JpdGVm
 b3IuZnVugg4qLndyaXRlZm9yLmZ1bjAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsG
 AQUFBwMBMAoGCCqGSM49BAMEA2kAMGYCMQCHw9YkDo15P9mqEObvxSUak8tQmhBB
 9wB81Qg4c+JsMCZA1rMUB7GkNJj1Dr9rWLoCMQDSituLzmo/yPLEOrbNV83bj3/I
 ikKgobSie3pMXm5ZG7krOXaunyFRR/bIkih2V2Q=
 -----END CERTIFICATE-----
@@ -0,0 +1,22 @@
 # 1. Generate the private key for Root CA
 openssl ecparam -genkey -name secp384r1 -out ecc-ca.key
 # 2. Generate the certificate for Root CA with the validity period of 10 years
 # using the private key and some basic information
 # NOTE: we specify sha512 as the signature algorithm, which is the key point
 openssl req -x509 -new -SHA512 -key ecc-ca.key -subj "/CN=Ryan4Yin's Root CA 1" -days 3650 -out ecc-ca.crt
 # 3. Generate the private key for web server
 openssl ecparam -genkey -name secp384r1 -out ecc-server.key
 # 4. Generate the certificate signing request (CSR) for the server certificate
 # using the private key and the configuration file ecc-csr.conf
 openssl req -new -SHA512 -key ecc-server.key -out ecc-server.csr -config ecc-csr.conf
 # 5. Sign the server certificate with the Root CA's certificate and private key
 # NOTE: we specify sha512 as the signature algorithm, which is the key point
 openssl x509 -req -SHA512 -in ecc-server.csr -CA ecc-ca.crt -CAkey ecc-ca.key \
  -CAcreateserial -out ecc-server.crt -days 3650 \
  -extensions v3_ext -extfile ecc-csr.conf
 # 6. Display the information of the certificates
 openssl x509 -noout -text -in ecc-ca.crt
 openssl x509 -noout -text -in ecc-server.crt
@@ -12,19 +12,17 @@
  # the nixConfig here only affects the flake itself, not the system configuration!
  # for more information, see:
-  #     https://nixos-and-flakes.thiscute.world/nixos-with-flakes/add-custom-cache-servers
+  #     https://nixos-and-flakes.thiscute.world/nix-store/add-binary-cache-servers
  nixConfig = {
    # substituers will be appended to the default substituters when fetching packages
    extra-substituters = [
      "https://anyrun.cachix.org"
-      "https://hyprland.cachix.org"
+      # "https://nix-gaming.cachix.org"
      "https://nix-gaming.cachix.org"
      # "https://nixpkgs-wayland.cachix.org"
    ];
    extra-trusted-public-keys = [
      "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
-      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+      # "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
      "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
      # "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
    ];
  };
@@ -37,11 +35,11 @@
    # Official NixOS package source, using nixos's unstable branch by default
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
-    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.11";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
    # for macos
-    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-23.11-darwin";
+    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-24.05-darwin";
    nix-darwin = {
      url = "github:lnl7/nix-darwin";
      inputs.nixpkgs.follows = "nixpkgs-darwin";
@@ -50,8 +48,8 @@
    # home-manager, used for managing user configuration
    home-manager = {
      # url = "github:nix-community/home-manager/release-23.11";
      url = "github:nix-community/home-manager/master";
      # url = "github:nix-community/home-manager/release-24.05";
      # The `follows` keyword in inputs is used for inheritance.
      # Here, `inputs.nixpkgs` of home-manager is kept consistent with the `inputs.nixpkgs` of the current flake,
@@ -60,17 +58,12 @@
    };
    lanzaboote = {
-      url = "github:nix-community/lanzaboote/v0.3.0";
+      url = "github:nix-community/lanzaboote/v0.4.1";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    impermanence.url = "github:nix-community/impermanence";
    hyprland = {
      url = "github:hyprwm/Hyprland/v0.33.1";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # community wayland nixpkgs
    # nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
    # anyrun - a wayland launcher
@@ -96,7 +89,7 @@
    nix-gaming.url = "github:fufexan/nix-gaming";
    disko = {
-      url = "github:nix-community/disko";
+      url = "github:nix-community/disko/v1.6.1";
      inputs.nixpkgs.follows = "nixpkgs";
    };
@@ -108,28 +101,18 @@
    nuenv.url = "github:DeterminateSystems/nuenv";
    daeuniverse.url = "github:daeuniverse/flake.nix";
    # daeuniverse.url = "github:daeuniverse/flake.nix/exp";
    attic.url = "github:zhaofengli/attic";
    haumea = {
      url = "github:nix-community/haumea/v0.2.2";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    microvm = {
+    nixpak = {
-      url = "github:astro/microvm.nix";
+      url = "github:nixpak/nixpak";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    ########################  Some non-flake repositories  #########################################
    # AstroNvim is an aesthetic and feature-rich neovim config.
    astronvim = {
      url = "github:AstroNvim/AstroNvim/v3.41.2";
      flake = false;
    };
    # doom-emacs is a configuration framework for GNU Emacs.
    doomemacs = {
      url = "github:doomemacs/doomemacs";
@@ -156,16 +139,7 @@
      flake = false;
    };
-    nur-ryan4yin = {
+    nur-ryan4yin.url = "github:ryan4yin/nur-packages";
-      url = "github:ryan4yin/nur-packages";
+    nur-ataraxiasjel.url = "github:AtaraxiaSjel/nur";
      # inputs.nixpkgs.follows = "nixpkgs";
    };
    # riscv64 SBCs
    nixos-licheepi4a.url = "github:ryan4yin/nixos-licheepi4a";
    # nixos-jh7110.url = "github:ryan4yin/nixos-jh7110";
    # aarch64 SBCs
    nixos-rk3588.url = "github:ryan4yin/nixos-rk3588";
  };
 }
@@ -0,0 +1,87 @@
 # Linux Hardening
 > Work in progress.
 ## Goal
 - **System Level**: Protect critical files from being accessed by untrusted applications.
  1. Such as browser cookies, SSH keys, etc.
 - **Per-App Level**: Prevent untrusted applications(such as closed-source apps) from:
  1.  Accessing files they shouldn't.
      - Such as a malicious application accessing your browser's cookies, SSH Keys, etc.
  1.  Accessing the network when they don't need to.
  1.  Accessing hardware devices they don't need.
 ## Current Status
 1. **System Level**:
   - [ ] AppArmor
   - [ ] Kernel & System Hardening
 1. **Per-App Level**:
   - Nixpak (Bubblewrap)
     - [x] QQ
     - [x] Firefox
   - [ ] Firejail (risk? not enabled yet)
 ## Kernel Hardening
 - NixOS Kernel Config:
  https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/os-specific/linux/kernel/hardened/config.nix
 ## System Hardening
 - NixOS Profile:
  https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/profiles/hardened.nix
 - Apparmor: [roddhjav/apparmor.d)](https://github.com/roddhjav/apparmor.d)
  - https://gitlab.com/apparmor/apparmor/-/wikis/Documentation
  - AppArmor.d is a set of over 1500 AppArmor profiles whose aim is to confine most Linux based
    applications and processes.
  - Nix Package:
    [roddhjav-apparmor-rules](https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ro/roddhjav-apparmor-rules/package.nix#L33)
  - https://github.com/NixOS/nixpkgs/issues/331645
  - https://github.com/LordGrimmauld/aa-alias-manager
 - SELinux: too complex, not recommended for personal use.
 ## Application Sandboxing
 - [Firejail](https://github.com/netblue30/firejail/tree/master/etc): A SUID security sandbox with
  hundreds of security profiles for many common applications in the default installation.
  - https://wiki.nixos.org/wiki/Firejail
  - Firejail needs SUID to work, which is considered a security risk -
    [Does firejail improve the security of my system?](https://github.com/netblue30/firejail/discussions/4601)
 - [Bubblewrap](https://github.com/containers/bubblewrap):
  [nixpak](https://github.com/nixpak/nixpak), more secure than firejail, but no batteries included.
  - NixOS's FHSEnv is implemented using bubblewrap by default.
 - [Systemd/Hardening](https://wiki.nixos.org/wiki/Systemd/Hardening): Systemd also provides some
  sandboxing features.
 ## NOTE
 **Running untrusted code is never safe, kernel hardening & sandboxing cannot change this**.
 If you want to run untrusted code, please use a VM & an isolated network environment, which will
 provide a much higher level of security.
 ## References
 - [Harden your NixOS workstation - dataswamp](https://dataswamp.org/~solene/2022-01-13-nixos-hardened.html)
 - [Linux Insecurities - Madaidans](https://madaidans-insecurities.github.io/linux.html)
 - [Sandboxing all programs by default - NixOS Discourse](https://discourse.nixos.org/t/sandboxing-all-programs-by-default/7792)
 - [在 Firejail 中运行 Steam](https://imbearchild.cyou/archives/2021/11/steam-in-firejail/)
 - [Firejail - Arch Linux Wiki](https://wiki.archlinux.org/title/Firejail)
 - [Paranoid NixOS Setup - xeiaso](https://xeiaso.net/blog/paranoid-nixos-2021-07-18/)
 - [nix-mineral](https://github.com/cynicsketch/nix-mineral): NixOS module for convenient system
  hardening.
 - nixpak configs:
  - https://github.com/pokon548/OysterOS/tree/b97604d89953373d6316286b96f6a964af2c398d/desktop/application
  - https://github.com/segment-tree/my-nixos/tree/ceb6041f73bd9edcb78a8818b27a28f7c629193b/hm/me/apps/nixpak
  - https://github.com/Keksgesicht/nixos-config/tree/91cc77d8d6b598da7c4dbed143e0009c2dea6940/packages/nixpak
  - https://github.com/bluskript/nix-config/blob/7ecb6a7254c1ac4969072f4c4febdc19f8b83b30/pkgs/nixpak/default.nix
 - firejail configs:
  - https://github.com/stelcodes/nixos-config/blob/f8967c82a5e5f3d128eb1aaf7498b5f918f719ec/packages/overlay.nix#L261
 - apparmor configs:
  - https://github.com/sukhmancs/nixos-configs/blob/7fcf737c506ad843113cd5b94796b49d4d4dfad2/modules/shared/security/apparmor/default.nix#L8
  - https://github.com/zramctl/dotfiles/blob/4fe177f6984154960942bb47d5a375098ec6ed6a/modules/nixos/security/apparmor.nix#L4
 - Others:
  - Directly via `buildFHSUserEnvBubblewrap`:
    https://github.com/xddxdd/nur-packages/blob/master/pkgs/uncategorized/wechat-uos/default.nix
@@ -0,0 +1,58 @@
 {
  config,
  pkgs,
  ...
 }: {
  services.dbus.apparmor = "enabled";
  security.apparmor = {
    enable = true;
    # kill process that are not confined but have apparmor profiles enabled
    killUnconfinedConfinables = true;
    packages = with pkgs; [
      apparmor-utils
      apparmor-profiles
    ];
    # apparmor policies
    policies = {
      "default_deny" = {
        enforce = false;
        enable = false;
        profile = ''
          profile default_deny /** { }
        '';
      };
      "sudo" = {
        enforce = false;
        enable = false;
        profile = ''
          ${pkgs.sudo}/bin/sudo {
            file /** rwlkUx,
          }
        '';
      };
      "nix" = {
        enforce = false;
        enable = false;
        profile = ''
          ${config.nix.package}/bin/nix {
            unconfined,
          }
        '';
      };
    };
  };
  environment.systemPackages = with pkgs; [
    apparmor-bin-utils
    apparmor-profiles
    apparmor-parser
    libapparmor
    apparmor-kernel-patches
    apparmor-pam
    apparmor-utils
  ];
 }
@@ -0,0 +1,71 @@
 {pkgs, ...}: let
  firejailWrapper = import ./firejailWrapper.nix pkgs;
 in {
  programs.firejail.enable = true;
  # Add firejailed Apps into nixsuper, and reference them in home-manager or other nixos modules
  nixpkgs.overlays = [
    (_: super: {
      firejailed = {
        steam = firejailWrapper {
          name = "steam-firejailed";
          executable = "${super.steam}/bin/steam";
          profile = "${super.firejail}/etc/firejail/steam.profile";
        };
        steam-run = firejailWrapper {
          name = "steam-run-firejailed";
          executable = "${super.steam}/bin/steam-run";
          profile = "${super.firejail}/etc/firejail/steam.profile";
        };
        # firefox = firejailWrapper {
        #   name = "firefox-firejailed";
        #   executable = "${super.lib.getBin super.firefox-wayland}/bin/firefox";
        #   profile = "${super.firejail}/etc/firejail/firefox.profile";
        # };
        # chromium = firejailWrapper {
        #   name = "chromium-firejailed";
        #   executable = "${super.lib.getBin super.ungoogled-chromium}/bin/chromium";
        #   profile = "${super.firejail}/etc/firejail/chromium.profile";
        # };
        mpv = firejailWrapper {
          executable = "${super.lib.getBin super.mpv}/bin/mpv";
          profile = "${super.firejail}/etc/firejail/mpv.profile";
        };
        imv = firejailWrapper {
          executable = "${super.lib.getBin super.imv}/bin/imv";
          profile = "${super.firejail}/etc/firejail/imv.profile";
        };
        zathura = firejailWrapper {
          executable = "${super.lib.getBin super.zathura}/bin/zathura";
          profile = "${super.firejail}/etc/firejail/zathura.profile";
        };
        slack = firejailWrapper {
          executable = "${super.lib.getBin super.slack}/bin/slack";
          profile = "${super.firejail}/etc/firejail/slack.profile";
        };
        telegram-desktop = firejailWrapper {
          executable = "${super.lib.getBin super.tdesktop}/bin/telegram-desktop";
          profile = "${super.firejail}/etc/firejail/telegram-desktop.profile";
        };
        brave = firejailWrapper {
          executable = "${super.lib.getBin super.brave}/bin/brave";
          profile = "${super.firejail}/etc/firejail/brave.profile";
        };
        qutebrowser = firejailWrapper {
          executable = "${super.lib.getBin super.qutebrowser}/bin/qutebrowser";
          profile = "${super.firejail}/etc/firejail/qutebrowser.profile";
        };
        thunar = firejailWrapper {
          executable = "${super.lib.getBin super.xfce.thunar}/bin/thunar";
          profile = "${super.firejail}/etc/firejail/thunar.profile";
        };
        vscodium = firejailWrapper {
          executable = "${super.lib.getBin super.vscodium}/bin/vscodium";
          profile = "${super.firejail}/etc/firejail/vscodium.profile";
        };
      };
    })
  ];
 }
@@ -0,0 +1,35 @@
 # https://www.reddit.com/r/NixOS/comments/1b56jdx/simple_nix_function_for_wrapping_executables_with/
 pkgs: {
  name ? "firejail-wrapper",
  executable,
  desktop ? null,
  profile ? null,
  extraArgs ? [],
 }:
 pkgs.runCommand name
 {
  preferLocalBuild = true;
  allowSubstitutes = false;
  meta.priority = -1; # take precedence over non-firejailed versions
 }
 (
  let
    firejailArgs = pkgs.lib.concatStringsSep " " (
      extraArgs ++ (pkgs.lib.optional (profile != null) "--profile=${toString profile}")
    );
  in
    ''
      command_path="$out/bin/$(basename ${executable})-jailed"
      mkdir -p $out/bin
      mkdir -p $out/share/applications
      cat <<'_EOF' >"$command_path"
      #! ${pkgs.runtimeShell} -e
      exec /run/wrappers/bin/firejail ${firejailArgs} -- ${toString executable} "\$@"
      _EOF
      chmod 0755 "$command_path"
    ''
    + pkgs.lib.optionalString (desktop != null) ''
      substitute ${desktop} $out/share/applications/$(basename ${desktop}) \
        --replace ${executable} "$command_path"
    ''
 )
@@ -0,0 +1,33 @@
 {
  pkgs,
  nixpak,
  ...
 }: let
  callArgs = {
    mkNixPak = nixpak.lib.nixpak {
      inherit (pkgs) lib;
      inherit pkgs;
    };
    safeBind = sloth: realdir: mapdir: [
      (sloth.mkdir (sloth.concat' sloth.appDataDir realdir))
      (sloth.concat' sloth.homeDir mapdir)
    ];
  };
  wrapper = _pkgs: path: (_pkgs.callPackage path callArgs).config.script;
 in {
  # Add nixpaked Apps into nixpkgs, and reference them in home-manager or other nixos modules
  nixpkgs.overlays = [
    (_: super: {
      nixpaks = {
        qq = wrapper super ./qq.nix;
        qq-desktop-item = super.callPackage ./qq-desktop-item.nix {};
        wechat-uos = wrapper super ./wechat-uos.nix;
        wechat-uos-desktop-item = super.callPackage ./wechat-uos-desktop-item.nix {};
        firefox = wrapper super ./firefox.nix;
        firefox-desktop-item = super.callPackage ./firefox-desktop-item.nix {};
      };
    })
  ];
 }
@@ -0,0 +1,11 @@
 {makeDesktopItem}:
 makeDesktopItem {
  name = "firefox";
  desktopName = "firefox";
  exec = "firefox %U";
  terminal = false;
  icon = "firefox";
  type = "Application";
  categories = ["Network"];
  comment = "firefox boxed";
 }
@@ -0,0 +1,75 @@
 # Refer:
 # - Flatpak manifest's docs:
 #   - https://docs.flatpak.org/en/latest/manifests.html
 #   - https://docs.flatpak.org/en/latest/sandbox-permissions.html
 # - Firefox's flatpak manifest: https://hg.mozilla.org/mozilla-central/file/tip/taskcluster/docker/firefox-flatpak/runme.sh#l151
 {
  lib,
  pkgs,
  mkNixPak,
  ...
 }:
 mkNixPak {
  config = {
    config,
    sloth,
    ...
  }: {
    app = {
      package = pkgs.firefox-wayland;
      binPath = "bin/firefox";
    };
    flatpak.appId = "org.mozilla.firefox";
    imports = [
      ./modules/gui-base.nix
      ./modules/network.nix
    ];
    # list all dbus services:
    #   ls -al /run/current-system/sw/share/dbus-1/services/
    #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
    dbus.policies = {
      "org.mozilla.firefox.*" = "own"; # firefox
      "org.mozilla.firefox_beta.*" = "own"; # firefox beta
      "org.mpris.MediaPlayer2.firefox.*" = "own";
      "org.freedesktop.NetworkManager" = "talk";
    };
    bubblewrap = {
      # To trace all the home files QQ accesses, you can use the following nushell command:
      #   just trace-access firefox
      # See the Justfile in the root of this repository for more information.
      bind.rw = [
        # given the read write permission to the following directories.
        # NOTE: sloth.mkdir is used to create the directory if it does not exist!
        (sloth.mkdir (sloth.concat' sloth.homeDir "/.mozilla"))
        sloth.xdgDownloadDir
        # ================ for externsions ===============================
        # required by https://github.com/browserpass/browserpass-extension
        (sloth.concat' sloth.homeDir "/.local/share/password-store") # pass
      ];
      bind.ro = [
        # To actually make Firefox run
        "/sys/bus/pci"
        ["${config.app.package}/lib/firefox" "/app/etc/firefox"]
        # Unsure
        (sloth.concat' sloth.xdgConfigHome "/dconf")
      ];
      sockets = {
        x11 = false;
        wayland = true;
        pipewire = true;
      };
      bind.dev = [
        "/dev/shm" # Shared Memory
      ];
      tmpfs = [
        "/tmp"
      ];
    };
  };
 }
@@ -0,0 +1,95 @@
 # https://github.com/nixpak/pkgs/blob/master/pkgs/modules/gui-base.nix
 {
  config,
  lib,
  pkgs,
  sloth,
  ...
 }: let
  envSuffix = envKey: suffix: sloth.concat' (sloth.env envKey) suffix;
  # cursor & icon's theme should be the same as the host's one.
  cursorTheme = pkgs.bibata-cursors;
  iconTheme = pkgs.papirus-icon-theme;
 in {
  config = {
    dbus.policies = {
      "${config.flatpak.appId}" = "own";
      "org.freedesktop.DBus" = "talk";
      "org.gtk.vfs.*" = "talk";
      "org.gtk.vfs" = "talk";
      "ca.desrt.dconf" = "talk";
      "org.freedesktop.portal.*" = "talk";
      "org.a11y.Bus" = "talk";
    };
    # https://github.com/nixpak/nixpak/blob/master/modules/gpu.nix
    # 1. bind readonly - /run/opengl-driver
    # 2. bind device   - /dev/dri
    gpu = {
      enable = lib.mkDefault true;
      provider = "nixos";
      bundlePackage = pkgs.mesa.drivers; # for amd & intel
    };
    # https://github.com/nixpak/nixpak/blob/master/modules/gui/fonts.nix
    # it works not well, bind system's /etc/fonts directly instead
    fonts.enable = false;
    # https://github.com/nixpak/nixpak/blob/master/modules/locale.nix
    locale.enable = true;
    bubblewrap = {
      network = lib.mkDefault false;
      bind.rw = [
        [
          (envSuffix "HOME" "/.var/app/${config.flatpak.appId}/cache")
          sloth.xdgCacheHome
        ]
        (sloth.concat' sloth.xdgCacheHome "/fontconfig")
        (sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache")
        (sloth.concat [
          (sloth.env "XDG_RUNTIME_DIR")
          "/"
          (sloth.envOr "WAYLAND_DISPLAY" "no")
        ])
        (envSuffix "XDG_RUNTIME_DIR" "/at-spi/bus")
        (envSuffix "XDG_RUNTIME_DIR" "/gvfsd")
        (envSuffix "XDG_RUNTIME_DIR" "/pulse")
        "/run/dbus"
      ];
      bind.ro = [
        (envSuffix "XDG_RUNTIME_DIR" "/doc")
        (sloth.concat' sloth.xdgConfigHome "/gtk-2.0")
        (sloth.concat' sloth.xdgConfigHome "/gtk-3.0")
        (sloth.concat' sloth.xdgConfigHome "/gtk-4.0")
        (sloth.concat' sloth.xdgConfigHome "/fontconfig")
        "/etc/fonts" # for fontconfig
        "/etc/machine-id"
        "/etc/localtime"
        # Fix: libEGL warning: egl: failed to create dri2 screen
        "/etc/egl"
        "/etc/static/egl"
      ];
      bind.dev = [
        # seems required when using nvidia as primary gpu
        "/dev/nvidia0"
        "/dev/nvidiactl"
        "/dev/nvidia-modeset"
        "/dev/nvidia-uvm"
      ];
      env = {
        XDG_DATA_DIRS = lib.mkForce (lib.makeSearchPath "share" [
          iconTheme
          cursorTheme
          pkgs.shared-mime-info
        ]);
        XCURSOR_PATH = lib.mkForce (lib.concatStringsSep ":" [
          "${cursorTheme}/share/icons"
          "${cursorTheme}/share/pixmaps"
        ]);
      };
    };
  };
 }
@@ -0,0 +1,8 @@
 # https://github.com/nixpak/pkgs/blob/master/pkgs/modules/network.nix
 {
  etc.sslCertificates.enable = true;
  bubblewrap = {
    bind.ro = ["/etc/resolv.conf"];
    network = true;
  };
 }
@@ -0,0 +1,17 @@
 {
  makeDesktopItem,
  qq,
 }:
 makeDesktopItem {
  name = "qq";
  desktopName = "QQ";
  exec = "qq %U";
  terminal = false;
  # To find the icon name(nushell):
  #   let p = NIXPKGS_ALLOW_UNFREE=1 nix eval --impure nixpkgs#qq.outPath | str trim --char '"'
  #   tree $"($p)/share/icons"
  icon = "${qq}/share/icons/hicolor/512x512/apps/qq.png";
  type = "Application";
  categories = ["Network"];
  comment = "QQ boxed";
 }
@@ -0,0 +1,59 @@
 # Refer:
 # - Flatpak manifest's docs:
 #   - https://docs.flatpak.org/en/latest/manifests.html
 #   - https://docs.flatpak.org/en/latest/sandbox-permissions.html
 # - QQ's flatpak manifest: https://github.com/flathub/com.qq.QQ/blob/master/com.qq.QQ.yaml
 {
  lib,
  pkgs,
  mkNixPak,
  ...
 }:
 mkNixPak {
  config = {sloth, ...}: {
    app = {
      package = pkgs.qq.override {
        # fix fcitx5 input method
        commandLineArgs = lib.concatStringsSep " " ["--enable-wayland-ime"];
      };
      binPath = "bin/qq";
    };
    flatpak.appId = "com.tencent.qq";
    imports = [
      ./modules/gui-base.nix
      ./modules/network.nix
    ];
    # list all dbus services:
    #   ls -al /run/current-system/sw/share/dbus-1/services/
    #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
    dbus.policies = {
      "org.gnome.Shell.Screencast" = "talk";
      "org.freedesktop.Notifications" = "talk";
      "org.kde.StatusNotifierWatcher" = "talk";
    };
    bubblewrap = {
      # To trace all the home files QQ accesses, you can use the following nushell command:
      #   just trace-access qq
      # See the Justfile in the root of this repository for more information.
      bind.rw = [
        # given the read write permission to the following directories.
        # NOTE: sloth.mkdir is used to create the directory if it does not exist!
        (sloth.mkdir (sloth.concat [sloth.xdgConfigHome "/QQ"]))
        (sloth.mkdir (sloth.concat [sloth.xdgDownloadDir "/QQ"]))
      ];
      sockets = {
        x11 = false;
        wayland = true;
        pipewire = true;
      };
      bind.dev = [
        "/dev/shm" # Shared Memory
      ];
      tmpfs = [
        "/tmp"
      ];
    };
  };
 }
@@ -0,0 +1,17 @@
 {
  makeDesktopItem,
  wechat-uos,
 }:
 makeDesktopItem {
  name = "wechat";
  desktopName = "WeChat";
  exec = "wechat-uos %U";
  terminal = false;
  # To find the icon name(nushell):
  #   let p = NIXPKGS_ALLOW_UNFREE=1 nix eval --impure nixpkgs#wechat-uos.outPath | str trim --char '"'
  #   tree $"($p)/share/icons"
  icon = "${wechat-uos}/share/icons/hicolor/256x256/apps/com.tencent.wechat.png";
  type = "Application";
  categories = ["Network"];
  comment = "Wechat boxed";
 }
@@ -0,0 +1,73 @@
 # TODO: wechat-uos is running in FHS sandbox by default, it's problematic
 #   to wrap it again via flatpak. We need to find a way to fix it.
 #   https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/we/wechat-uos/package.nix
 # Refer:
 # - Flatpak manifest's docs:
 #   - https://docs.flatpak.org/en/latest/manifests.html
 #   - https://docs.flatpak.org/en/latest/sandbox-permissions.html
 # - wechat-uos's flatpak manifest: https://github.com/flathub/com.tencent.WeChat/blob/master/com.tencent.WeChat.yaml
 {
  lib,
  pkgs,
  mkNixPak,
  ...
 }:
 mkNixPak {
  config = {sloth, ...}: {
    app = {
      package = pkgs.wechat-uos;
      binPath = "bin/wechat-uos";
    };
    flatpak.appId = "com.tencent.WeChat";
    imports = [
      ./modules/gui-base.nix
      ./modules/network.nix
    ];
    # list all dbus services:
    #   ls -al /run/current-system/sw/share/dbus-1/services/
    #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
    dbus.policies = {
      "org.gnome.Shell.Screencast" = "talk";
      # System tray icon
      "org.freedesktop.Notifications" = "talk";
      "org.kde.StatusNotifierWatcher" = "talk";
      # File Manager
      "org.freedesktop.FileManager1" = "talk";
      # Uses legacy StatusNotifier implementation
      "org.kde.*" = "own";
    };
    bubblewrap = {
      # To trace all the home files QQ accesses, you can use the following nushell command:
      #   just trace-access wechat-uos
      # See the Justfile in the root of this repository for more information.
      bind.rw = [
        # given the read write permission to the following directories.
        # NOTE: sloth.mkdir is used to create the directory if it does not exist!
        (sloth.mkdir (sloth.concat [sloth.homeDir "/.xwechat"]))
        (sloth.mkdir (sloth.concat [sloth.xdgDocumentsDir "/xwechat_files"]))
        (sloth.mkdir (sloth.concat [sloth.xdgDocumentsDir "/WeChat_Data/"]))
        (sloth.mkdir (sloth.concat [sloth.xdgDownloadDir "/WeChat"]))
      ];
      sockets = {
        x11 = false;
        wayland = true;
        pipewire = true;
      };
      bind.dev = [
        "/dev/shm" # Shared Memory
      ];
      tmpfs = [
        "/tmp"
      ];
      env = {
        # Hidpi scale
        "QT_AUTO_SCREEN_SCALE_FACTOR" = "1";
        # Only supports xcb
        "QT_QPA_PLATFORM" = "kcb";
      };
    };
  };
 }
@@ -0,0 +1,9 @@
 {modulesPath, ...}: {
  imports = [
    (modulesPath + "/profiles/hardened.nix")
  ];
  # disable coredump that could be exploited later
  # and also slow down the system when something crash
  systemd.coredump.enable = false;
 }
@@ -5,17 +5,23 @@
  ...
 }: {
  home.packages = with pkgs; [
    skopeo
    docker-compose
    dive # explore docker layers
    lazydocker # Docker terminal UI.
    skopeo # copy/sync images between registries and local storage
    go-containerregistry # provides `crane` & `gcrane`, it's similar to skopeo
    kubectl
    kubectx
    kubebuilder
    istioctl
    clusterctl # for kubernetes cluster-api
    kubevirt # virtctl
    kubernetes-helm
    fluxcd
    argocd
    ko # build go project to container image
  ];
  programs = {
@@ -1,6 +1,5 @@
 {
  pkgs,
  attic,
  nur-ryan4yin,
  ...
 }: {
@@ -11,7 +10,7 @@
    gnupg
    gnumake
-    # Morden cli tools, replacement of grep/sed/...
+    # Modern cli tools, replacement of grep/sed/...
    # Interactively filter its input using fuzzy searching, not limit to filenames.
    fzf
@@ -25,7 +24,7 @@
    ast-grep
    sad # CLI search and replace, just like sed, but with diff preview.
-    yq-go # yaml processer https://github.com/mikefarah/yq
+    yq-go # yaml processor https://github.com/mikefarah/yq
    just # a command runner like make, but simpler
    delta # A viewer for git and diff output
    lazygit # Git terminal UI.
@@ -52,8 +51,6 @@
    # productivity
    caddy # A webserver with automatic HTTPS via Let's Encrypt(replacement of nginx)
    croc # File transfer between computers securely and easily
    # self-hosted nix cache server
    attic.packages.${pkgs.system}.attic-client
    ncdu # analyzer your disk usage Interactively, via TUI(replacement of `du`)
  ];
@@ -62,9 +59,10 @@
    # useful in bash/zsh prompt, not in nushell.
    eza = {
      enable = true;
-      enableAliases = false; # do not enable aliases in nushell!
+      # do not enable aliases in nushell!
      enableNushellIntegration = false;
      git = true;
-      icons = true;
+      icons = "auto";
    };
    # a cat(1) clone with syntax highlighting and Git integration.
@@ -25,7 +25,7 @@
    includes = [
      {
-        # use diffrent email & name for work
+        # use different email & name for work
        path = "~/work/.gitconfig";
        condition = "gitdir:~/work/";
      }
@@ -33,6 +33,7 @@
    extraConfig = {
      init.defaultBranch = "main";
      trim.bases = "develop,master,main"; # for git-trim
      push.autoSetupRemote = true;
      pull.rebase = true;
@@ -109,12 +109,38 @@ $env.config = {
    vi_insert: block # block, underscore, line , blink_block, blink_underscore, blink_line (block is the default)
    vi_normal: underscore # block, underscore, line, blink_block, blink_underscore, blink_line (underscore is the default)
  }
-  use_grid_icons: true
+  footer_mode: "auto" # always, never, number_of_rows, auto
  footer_mode: "25" # always, never, number_of_rows, auto
  float_precision: 2 # the precision for displaying floats in tables
  # buffer_editor: "emacs" # command that will be used to edit the current line buffer with ctrl+o, if unset fallback to $env.EDITOR and $env.VISUAL
  bracketed_paste: true # enable bracketed paste, currently useless on windows
  edit_mode: emacs # emacs, vi
-  shell_integration: true # enables terminal markers and a workaround to arrow keys stop working issue
+  shell_integration: {
        # osc2 abbreviates the path if in the home_dir, sets the tab/window title, shows the running command in the tab/window title
        osc2: true
        # osc7 is a way to communicate the path to the terminal, this is helpful for spawning new tabs in the same directory
        osc7: true
        # osc8 is also implemented as the deprecated setting ls.show_clickable_links, it shows clickable links in ls output if your terminal supports it. show_clickable_links is deprecated in favor of osc8
        osc8: true
        # osc9_9 is from ConEmu and is starting to get wider support. It's similar to osc7 in that it communicates the path to the terminal
        osc9_9: false
        # osc133 is several escapes invented by Final Term which include the supported ones below.
        # 133;A - Mark prompt start
        # 133;B - Mark prompt end
        # 133;C - Mark pre-execution
        # 133;D;exit - Mark execution finished with exit code
        # This is used to enable terminals to know where the prompt is, the command is, where the command finishes, and where the output of the command is
        osc133: true
        # osc633 is closely related to osc133 but only exists in visual studio code (vscode) and supports their shell integration features
        # 633;A - Mark prompt start
        # 633;B - Mark prompt end
        # 633;C - Mark pre-execution
        # 633;D;exit - Mark execution finished with exit code
        # 633;E - NOT IMPLEMENTED - Explicitly set the command line with an optional nonce
        # 633;P;Cwd=<path> - Mark the current working directory and communicate it to the terminal
        # and also helps with the run recent menu in vscode
        osc633: true
        # reset_application_mode is escape \x1b[?1l and was added to help ssh work better
        reset_application_mode: true
    }
  render_right_prompt_on_last_line: false # true or false to enable or disable right prompt to be rendered on last line of the prompt.
 }
@@ -1,16 +1,25 @@
-let
+{
  config,
  pkgs-unstable,
  ...
 }: let
  shellAliases = {
    k = "kubectl";
    urldecode = "python3 -c 'import sys, urllib.parse as ul; print(ul.unquote_plus(sys.stdin.read()))'";
    urlencode = "python3 -c 'import sys, urllib.parse as ul; print(ul.quote_plus(sys.stdin.read()))'";
  };
  localBin = "${config.home.homeDirectory}/.local/bin";
  goBin = "${config.home.homeDirectory}/go/bin";
  rustBin = "${config.home.homeDirectory}/.cargo/bin";
 in {
  # only works in bash/zsh, not nushell
  home.shellAliases = shellAliases;
  programs.nushell = {
    enable = true;
    package = pkgs-unstable.nushell;
    configFile.source = ./config.nu;
    inherit shellAliases;
  };
@@ -19,7 +28,7 @@ in {
    enable = true;
    enableCompletion = true;
    bashrcExtra = ''
-      export PATH="$HOME/.local/bin:$HOME/go/bin:$PATH"
+      export PATH="$PATH:${localBin}:${goBin}:${rustBin}"
    '';
  };
 }
@@ -10,8 +10,13 @@
    package = pkgs-unstable.yazi;
    # Changing working directory when exiting Yazi
    enableBashIntegration = true;
-    # TODO: nushellIntegration is broken on release-23.11, wait for master's fix to be released
+    enableNushellIntegration = true;
-    enableNushellIntegration = false;
+    settings = {
      manager = {
        show_hidden = true;
        sort_dir_first = true;
      };
    };
  };
  xdg.configFile."yazi/theme.toml".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-yazi}/mocha.toml";
@@ -1,14 +1,10 @@
-{
+{pkgs, ...}: {
  pkgs,
  ...
 }: {
  home.packages = with pkgs; [
    # db related
    dbeaver
    mitmproxy # http/https proxy tool
    insomnia # REST client
    wireshark # network analyzer
-    ventoy # create bootable usb
+
    # IDEs
    jetbrains.idea-community
  ];
 }
@@ -13,13 +13,11 @@ My current terminal emulators are:
 1. kitty: My main terminal emulator.
   1. to select/copy a large mount of text, We should do some tricks via kitty's `scrollback_pager`
      with neovim, it's really painful: <https://github.com/kovidgoyal/kitty/issues/719>
-2. wezterm: My secondary terminal emulator.
+2. foot: A fast, lightweight and minimalistic Wayland terminal emulator.
   1. its search ability is very basic, and it's not easy to use.
   1. its scrollback buffer's copy mode is very like vim, which is nice, but zellij's even better,
      it can use neovim as its default scrollback buffer's editor without any pain!
 3. foot: a fast, lightweight and minimalistic Wayland terminal emulator.
   1. foot only do the things a terminal emulator should do, no more, no less.
   1. It's really suitable for tiling window manager or zellij users!
 3. alacritty: A cross-platform, GPU-accelerated terminal emulator.
   1. alacritty is really fast, I use it as a backup terminal emulator on all my desktops.
 ## 'xterm-kitty': unknown terminal type when `ssh` into a remote host or `sudo xxx`
@@ -54,7 +52,7 @@ Error opening terminal: xterm-kitty.
 NixOS preserve the `TERMINFO` and `TERMINFO_DIRS` environment variables, for `root` and the `wheel`
 group:
-[nixpkgs/nixos/modules/config/terminfo.nix](https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/config/terminfo.nix#L18)
+[nixpkgs/nixos/modules/config/terminfo.nix](https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/config/terminfo.nix#L18)
 For nix-darwin, take a look at <https://github.com/LnL7/nix-darwin/wiki/Terminfo-issues>
@@ -0,0 +1,65 @@
 [colors.primary]
 background = "#1e1e2e"
 foreground = "#cdd6f4"
 dim_foreground = "#7f849c"
 bright_foreground = "#cdd6f4"
 [colors.cursor]
 text = "#1e1e2e"
 cursor = "#f5e0dc"
 [colors.vi_mode_cursor]
 text = "#1e1e2e"
 cursor = "#b4befe"
 [colors.search.matches]
 foreground = "#1e1e2e"
 background = "#a6adc8"
 [colors.search.focused_match]
 foreground = "#1e1e2e"
 background = "#a6e3a1"
 [colors.footer_bar]
 foreground = "#1e1e2e"
 background = "#a6adc8"
 [colors.hints.start]
 foreground = "#1e1e2e"
 background = "#f9e2af"
 [colors.hints.end]
 foreground = "#1e1e2e"
 background = "#a6adc8"
 [colors.selection]
 text = "#1e1e2e"
 background = "#f5e0dc"
 [colors.normal]
 black = "#45475a"
 red = "#f38ba8"
 green = "#a6e3a1"
 yellow = "#f9e2af"
 blue = "#89b4fa"
 magenta = "#f5c2e7"
 cyan = "#94e2d5"
 white = "#bac2de"
 [colors.bright]
 black = "#585b70"
 red = "#f38ba8"
 green = "#a6e3a1"
 yellow = "#f9e2af"
 blue = "#89b4fa"
 magenta = "#f5c2e7"
 cyan = "#94e2d5"
 white = "#a6adc8"
 [[colors.indexed_colors]]
 index = 16
 color = "#fab387"
 [[colors.indexed_colors]]
 index = 17
 color = "#f5e0dc"
@@ -0,0 +1,66 @@
 {
  pkgs,
  pkgs-unstable,
  ...
 }:
 ###########################################################
 #
 # Alacritty Configuration
 #
 # Useful Hot Keys for macOS:
 #   1. Multi-Window: `command + N`
 #   2. Increase Font Size: `command + =` | `command + +`
 #   3. Decrease Font Size: `command + -` | `command + _`
 #   4. Search Text: `command + F`
 #   5. And Other common shortcuts such as Copy, Paste, Cursor Move, etc.
 #
 # Useful Hot Keys for Linux:
 #   1. Increase Font Size: `ctrl + shift + =` | `ctrl + shift + +`
 #   2. Decrease Font Size: `ctrl + shift + -` | `ctrl + shift + _`
 #   3. Search Text: `ctrl + shift + N`
 #   4. And Other common shortcuts such as Copy, Paste, Cursor Move, etc.
 #
 # Note: Alacritty do not have support for Tabs, and any graphic protocol.
 #
 ###########################################################
 {
  programs.alacritty = {
    enable = true;
    package = pkgs-unstable.alacritty;
    # https://alacritty.org/config-alacritty.html
    settings = {
      general.import = [
        ./catppuccin-mocha.toml
      ];
      window = {
        opacity = 0.93;
        startup_mode = "Maximized"; # Maximized window
        dynamic_title = true;
        option_as_alt = "Both"; # Option key acts as Alt on macOS
      };
      scrolling = {
        history = 10000;
      };
      font = {
        bold = {family = "JetBrainsMono Nerd Font";};
        italic = {family = "JetBrainsMono Nerd Font";};
        normal = {family = "JetBrainsMono Nerd Font";};
        bold_italic = {family = "JetBrainsMono Nerd Font";};
        size =
          if pkgs.stdenv.isDarwin
          then 14
          else 13;
      };
      terminal = {
        # Spawn a nushell in login mode via `bash`
        shell = {
          program = "${pkgs.bash}/bin/bash";
          args = ["--login" "-c" "nu --login --interactive"];
        };
        # Controls the ability to write to the system clipboard with the OSC 52 escape sequence.
        # It's used by zellij to copy text to the system clipboard.
        osc52 = "CopyPaste";
      };
    };
  };
 }
@@ -0,0 +1,62 @@
 {pkgs, ...}: {
  programs.foot = {
    # foot is designed only for Linux
    enable = pkgs.stdenv.isLinux;
    # https://man.archlinux.org/man/foot.ini.5
    settings = {
      main = {
        term = "foot"; # or "xterm-256color" for maximum compatibility
        font = "JetBrainsMono Nerd Font:size=14";
        dpi-aware = "yes";
        # Spawn a nushell in login mode via `bash`
        shell = "${pkgs.bash}/bin/bash --login -c 'nu --login --interactive'";
      };
      mouse = {
        hide-when-typing = "yes";
      };
      # https://github.com/catppuccin/foot/blob/main/themes/catppuccin-mocha.ini
      cursor = {
        color = "11111b f5e0dc";
      };
      colors = {
        alpha = "0.93"; # background opacity
        foreground = "cdd6f4";
        background = "1e1e2e";
        regular0 = "45475a";
        regular1 = "f38ba8";
        regular2 = "a6e3a1";
        regular3 = "f9e2af";
        regular4 = "89b4fa";
        regular5 = "f5c2e7";
        regular6 = "94e2d5";
        regular7 = "bac2de";
        bright0 = "585b70";
        bright1 = "f38ba8";
        bright2 = "a6e3a1";
        bright3 = "f9e2af";
        bright4 = "89b4fa";
        bright5 = "f5c2e7";
        bright6 = "94e2d5";
        bright7 = "a6adc8";
        "16" = "fab387";
        "17" = "f5e0dc";
        "selection-foreground" = "cdd6f4";
        "selection-background" = "414356";
        "search-box-no-match" = "11111b f38ba8";
        "search-box-match" = "cdd6f4 313244";
        "jump-labels" = "11111b fab387";
        urls = "89b4fa";
      };
    };
  };
 }
@@ -19,7 +19,7 @@
    # kitty has catppuccin theme built-in,
    # all the built-in themes are packaged into an extra package named `kitty-themes`
    # and it's installed by home-manager if `theme` is specified.
-    theme = "Catppuccin-Mocha";
+    themeFile = "Catppuccin-Mocha";
    font = {
      name = "JetBrainsMono Nerd Font";
      # use different font size on macOS
@@ -29,7 +29,7 @@
        else 13;
    };
-    # consistent with wezterm
+    # consistent with other terminal emulators
    keybindings = {
      "ctrl+shift+m" = "toggle_maximized";
      "ctrl+shift+f" = "show_scrollback"; # search in the current window
@@ -1,105 +0,0 @@
 {pkgs, ...}:
 ###########################################################
 #
 # Wezterm Configuration
 #
 # Useful Hot Keys for Linux(replace `ctrl + shift` with `cmd` on macOS)):
 #   1. Increase Font Size: `ctrl + shift + =` | `ctrl + shift + +`
 #   2. Decrease Font Size: `ctrl + shift + -` | `ctrl + shift + _`
 #   3. And Other common shortcuts such as Copy, Paste, Cursor Move, etc.
 #
 # Default Keybindings: https://wezfurlong.org/wezterm/config/default-keys.html
 #
 ###########################################################
 {
  # wezterm has catppuccin theme built-in,
  # it's not necessary to install it separately.
  # we can add wezterm as a flake input once this PR is merged:
  #    https://github.com/wez/wezterm/pull/3547
  programs.wezterm = {
    enable = true; # disable
    # install wezterm via homebrew on macOS to avoid compilation, dummy package here.
    package =
      if pkgs.stdenv.isLinux
      then pkgs.wezterm
      else pkgs.hello;
    enableBashIntegration = pkgs.stdenv.isLinux;
    enableZshIntegration = pkgs.stdenv.isLinux;
    extraConfig = let
      fontsize =
        if pkgs.stdenv.isLinux
        then "13.0"
        else "14.0";
    in ''
      -- Pull in the wezterm API
      local wezterm = require 'wezterm'
      -- This table will hold the configuration.
      local config = {}
      -- In newer versions of wezterm, use the config_builder which will
      -- help provide clearer error messages
      if wezterm.config_builder then
        config = wezterm.config_builder()
      end
      wezterm.on('toggle-opacity', function(window, pane)
        local overrides = window:get_config_overrides() or {}
        if not overrides.window_background_opacity then
          overrides.window_background_opacity = 0.93
        else
          overrides.window_background_opacity = nil
        end
        window:set_config_overrides(overrides)
      end)
      wezterm.on('toggle-maximize', function(window, pane)
        window:maximize()
      end)
      -- This is where you actually apply your config choices
      config.color_scheme = "Catppuccin Mocha"
      config.font = wezterm.font_with_fallback {
        "JetBrainsMono Nerd Font",
        "FiraCode Nerd Font",
        -- To avoid 'Chinese characters displayed as variant (Japanese) glyphs'
        "Source Han Sans SC",
        "Source Han Sans TC"
      }
      config.hide_tab_bar_if_only_one_tab = true
      config.scrollback_lines = 10000
      config.enable_scroll_bar = true
      config.term = 'wezterm'
      config.keys = {
        -- toggle opacity(CTRL + SHIFT + B)
        {
          key = 'B',
          mods = 'CTRL',
          action = wezterm.action.EmitEvent 'toggle-opacity',
        },
        {
          key = 'M',
          mods = 'CTRL',
          action = wezterm.action.EmitEvent 'toggle-maximize',
        },
      }
      config.font_size = ${fontsize}
      -- To resolve issues:
      --   1. https://github.com/ryan4yin/nix-config/issues/26
      --   2. https://github.com/ryan4yin/nix-config/issues/8
      -- Spawn a nushell in login mode via `bash`
      config.default_prog = { '${pkgs.bash}/bin/bash', '--login', '-c', 'nu --login --interactive' }
      return config
    '';
  };
 }
@@ -12,7 +12,7 @@
    # You can update Home Manager without changing this value. See
    # the Home Manager release notes for a list of state version
    # changes in each release.
-    stateVersion = "23.11";
+    stateVersion = "24.05";
  };
  # Let Home Manager install and manage itself.
@@ -24,6 +24,11 @@
    # aliyun
    aliyun-cli
    # digitalocean
    doctl
    # google cloud
    google-cloud-sdk
    # cloud tools that nix do not have cache for.
    terraform
    terraformer # generate terraform configs from existing cloud resources
@@ -18,8 +18,8 @@
    colmena # nixos's remote deployment tool
    # db related
-    mycli
+    pkgs-unstable.mycli
-    pgcli
+    pkgs-unstable.pgcli
    mongosh
    sqlite
@@ -27,7 +27,7 @@
    minicom
    # ai related
-    python311Packages.huggingface-hub # huggingface-cli
+    pkgs-unstable.python312Packages.huggingface-hub # huggingface-cli
    # misc
    pkgs-unstable.devbox
@@ -41,6 +41,7 @@
    # Automatically trims your branches whose tracking remote refs are merged or gone
    # It's really useful when you work on a project for a long time.
    git-trim
    gitleaks
    # need to run `conda-install` before using it
    # need to run `conda-shell` before using command `conda`
@@ -205,7 +205,7 @@ The postfix(flags) in the above commands:
 | Show all buffers                    | `:ls`                               |
 | show next/previous buffer           | `]b`/`[b` or `:bn[ext]` / `bp[rev]` |
 | New Tab(New Workspace in DoomEmacs) | `:tabnew`                           |
-| Next/Previews Tab                   | `gt`/`gT`                           |
+| Next/Previews Tab                   | `gt`/`gy`                           |
 ### History
@@ -5,7 +5,7 @@
 - paredit/[lispy](https://github.com/doomemacs/doomemacs/tree/master/modules/editor/lispy): too
  complex.
 - [evil-cleverparens](https://github.com/emacs-evil/evil-cleverparens): simple and useful.
- [parinfer(par-in-fer)](https://shaunlebron.github.io/parinfer/): morden, simple, elegant and
+- [parinfer(par-in-fer)](https://shaunlebron.github.io/parinfer/): modern, simple, elegant and
  useful, but works not well with some other completion plugins...
  - to make parinfer works, you should disable sexp & smartparens in any lisp mode.
@@ -1,5 +1,5 @@
 # ==============================================
-# Based on doomemacs's auther's config:
+# Based on doomemacs's author's config:
 #   https://github.com/hlissner/dotfiles/blob/master/modules/editors/emacs.nix
 #
 # Emacs Tutorials:
@@ -15,12 +15,12 @@
 }:
 with lib; let
  cfg = config.modules.editors.emacs;
-  envExtra = ''
+  envExtra = lib.mkAfter ''
    export PATH="${config.xdg.configHome}/emacs/bin:$PATH"
  '';
  shellAliases = {
    e = "emacsclient --create-frame"; # gui
-    et = "emacsclient --create-frame --tty"; # termimal
+    et = "emacsclient --create-frame --tty"; # terminal
  };
  librime-dir = "${config.xdg.dataHome}/emacs/librime";
  parinfer-rust-lib-dir = "${config.xdg.dataHome}/emacs/parinfer-rust";
@@ -20,7 +20,7 @@ Use `:tutor` in helix to start the tutorial.
   1. Helix: delete 2 word: `2w` then `x`. You can always see what you're selecting before you apply
      the action.
   2. Neovim: delete 2 word: `d`. then `2w`. No visual feedback before you apply the action.
-1. Helix - Morden builtin features: LSP, tree-sitter, fuzzy finder, multi cursors, surround and
+1. Helix - Modern builtin features: LSP, tree-sitter, fuzzy finder, multi cursors, surround and
   more.
   1. They're all available in Neovim too, but you need to find and use the right plugins manually,
      which takes time and effort.
@@ -30,7 +30,7 @@ Use `:tutor` in helix to start the tutorial.
   1. Personally I'm glad to take a look at a Rust codebase, but not a VimScript/Lua codebase.
 1. Neovim have a very activate plugin ecosystem, and it's easy to find plugins for almost
   everything.
-   1. Helix is still new, and it even do have a stable plugin system yet. A PR to add a plugin
+   1. Helix is still new, and it even don't have a stable plugin system yet. A PR to add a plugin
      system is still envolving: <https://github.com/helix-editor/helix/pull/8675>
 1. Neovim has integrated terminal, and it's very powerful. It's quite similar to VSCode's integrated
   terminal. I use it a lot.
@@ -84,18 +84,23 @@ plugin.
 | Show line diagnostics         | `gl`           |
 | Show function/variable info   | `K`            |
 | References of a symbol        | `gr`           |
 | Next tab                      | `]b`           |
 | Previous tab                  | `[b`           |
 ### Window Navigation
 - Switch between windows: `<Ctrl> + h/j/k/l`
- Resize windows: `<Ctrl> + Up/Down/Left/Right`
+- Resize windows: `<Ctrl> + Up/Down/Left/Right` (`<Ctrl-w> + -/+/</>`)
  - Note: On macOS, conflicts with system shortcuts
  - Disable in System Preferences -> Keyboard -> Shortcuts -> Mission Control
 ### Splitting and Buffers
-| | Action | Shortcut | | --------------------- | ------------- | | Horizontal Split | `\` | |
+| Action           | Shortcut      |
-Vertical Split | `\|` | | Close Buffer | `<Space> + c` |
+| ---------------- | ------------- |
 | Horizontal Split | `\`           |
 | Vertical Split   | `\|`          |
 | Close Buffer     | `<Space> + c` |
 ### Editing and Formatting
@@ -109,7 +114,18 @@ Vertical Split | `\|` | | Close Buffer | `<Space> + c` |
 | Comment Line(support multiple lines)                  | `<Space> + /`  |
 | Open filepath/URL at cursor(neovim's builtin command) | `gx`           |
 | Find files by name (fzf)                              | `<Space> + ff` |
 | Find files by name (include hidden files)             | `<Space> + fF` |
 | Grep string in files (ripgrep)                        | `<Space> + fw` |
 | Grep string in files (include hidden files)           | `<Space> + fW` |
 ### Git
 | Action                     | Shortcut        |
 | -------------------------- | --------------- |
 | Git Commits (repository)   | `:<Space> + gc` |
 | Git Commits (current file) | `:<Space> + gC` |
 | Git Branches               | `:<Space> + gb` |
 | Git Status                 | `:<Space> + gt` |
 ### Sessions
@@ -160,9 +176,10 @@ Provided by mini.surround plugin.
 ### Miscellaneous
 | Action                            |                 |
-| --------------------- | --------------- |
+| --------------------------------- | --------------- |
 | Show all Yank History             | `:<Space> + yh` |
 | Show undo history                 | `:<Space> + uh` |
 | Show the path of the current file | `:!echo $%`     |
 ## Additional Resources
@@ -1,2 +0,0 @@
 .clj-kondo/
 .nrepl-port
@@ -1 +0,0 @@
 {:source-file-patterns ["*.fnl" "**/*.fnl"]}
@@ -1,579 +0,0 @@
 return {
  colorscheme = "catppuccin",
  options = {
    opt = {
      relativenumber = true, -- Show relative numberline
      signcolumn = "auto", -- Show sign column when used only
      spell = false,      -- Spell checking
      swapfile = false,   -- Swapfile
      smartindent = false, -- fix https://github.com/ryan4yin/nix-config/issues/4
      title = true,       -- Set the title of window to `filename [+=-] (path) - NVIM`
      -- The percentage of 'columns' to use for the title
      -- When the title is longer, only the end of the path name is shown.
      titlelen = 20,
    },
  },
  plugins = {
    "AstroNvim/astrocommunity",
    -- Motion
    { import = "astrocommunity.motion.mini-surround" },
    -- https://github.com/echasnovski/mini.ai
    { import = "astrocommunity.motion.mini-ai" },
    { import = "astrocommunity.motion.flash-nvim" },
    -- diable toggleterm.nvim, zellij's terminal is far better than neovim's one
    { "akinsho/toggleterm.nvim",                                   enabled = false },
    { "folke/flash.nvim",                                          vscode = false },
    -- Highly experimental plugin that completely replaces
    -- the UI for messages, cmdline and the popupmenu.
    -- { import = "astrocommunity.utility.noice-nvim" },
    -- Fully featured & enhanced replacement for copilot.vim
    -- <Tab> work with both auto completion in cmp and copilot
    { import = "astrocommunity.media.vim-wakatime" },
    { import = "astrocommunity.motion.leap-nvim" },
    { import = "astrocommunity.motion.flit-nvim" },
    { import = "astrocommunity.scrolling.nvim-scrollbar" },
    { import = "astrocommunity.editing-support.todo-comments-nvim" },
    -- Language Support
    ---- Frontend & NodeJS
    { import = "astrocommunity.pack.typescript-all-in-one" },
    { import = "astrocommunity.pack.tailwindcss" },
    { import = "astrocommunity.pack.html-css" },
    { import = "astrocommunity.pack.prisma" },
    { import = "astrocommunity.pack.vue" },
    ---- Configuration Language
    { import = "astrocommunity.pack.markdown" },
    { import = "astrocommunity.pack.json" },
    { import = "astrocommunity.pack.yaml" },
    { import = "astrocommunity.pack.toml" },
    ---- Backend / System
    { import = "astrocommunity.pack.lua" },
    { import = "astrocommunity.pack.go" },
    { import = "astrocommunity.pack.rust" },
    { import = "astrocommunity.pack.python" },
    { import = "astrocommunity.pack.java" },
    { import = "astrocommunity.pack.cmake" },
    { import = "astrocommunity.pack.cpp" },
    -- { import = "astrocommunity.pack.nix" },  -- manually add config for nix, comment this one.
    { import = "astrocommunity.pack.proto" },
    ---- Operation & Cloud Native
    { import = "astrocommunity.pack.terraform" },
    { import = "astrocommunity.pack.bash" },
    { import = "astrocommunity.pack.docker" },
    { import = "astrocommunity.pack.helm" },
    -- colorscheme
    { import = "astrocommunity.colorscheme.catppuccin" },
    {
      "catppuccin/nvim",
      name = "catppuccin",
      opts = function(_, opts)
        opts.flavour = "mocha"              -- latte, frappe, macchiato, mocha
        opts.transparent_background = true -- setting the background color.
      end,
    },
    -- Language Parser for syntax highlighting / indentation / folding / Incremental selection
    {
      "nvim-treesitter/nvim-treesitter",
      opts = function(_, opts)
        local utils = require("astronvim.utils")
        opts.incremental_selection = {
          enable = true,
          keymaps = {
            init_selection = "<C-space>", -- Ctrl + Space
            node_incremental = "<C-space>",
            scope_incremental = "<A-space>", -- Alt + Space
            node_decremental = "<bs>", -- Backspace
          },
        }
        opts.ignore_install = { "gotmpl" }
        opts.ensure_installed = utils.list_insert_unique(opts.ensure_installed, {
          -- neovim
          "vim",
          "lua",
          -- operation & cloud native
          "dockerfile",
          "hcl",
          "jsonnet",
          "regex",
          "terraform",
          "nix",
          "csv",
          -- other programming language
          "diff",
          "gitignore",
          "gitcommit",
          "latex",
          "sql",
          -- Lisp like
          "fennel",
          "clojure",
          "commonlisp",
          -- customized languages:
          "scheme",
        })
        -- add support for scheme
        local parser_config = require("nvim-treesitter.parsers").get_parser_configs()
        parser_config.scheme = {
          install_info = {
            url = "https://github.com/6cdh/tree-sitter-scheme", -- local path or git repo
            files = { "src/parser.c" },
            -- optional entries:
            branch = "main",                  -- default branch in case of git repo if different from master
            generate_requires_npm = false,    -- if stand-alone parser without npm dependencies
            requires_generate_from_grammar = false, -- if folder contains pre-generated src/parser.c
          },
        }
        -- use scheme parser for filetypes: scm
        vim.treesitter.language.register("scheme", "scm")
      end,
    },
    {
      "eraserhd/parinfer-rust",
      build = "cargo build --release",
      ft = { "scm", "scheme" },
    },
    { "Olical/nfnl",                                       ft = "fennel" },
    {
      "Olical/conjure",
      ft = { "clojure", "fennel", "python", "scheme" }, -- etc
      -- [Optional] cmp-conjure for cmp
      dependencies = {
        {
          "PaterJason/cmp-conjure",
          config = function()
            local cmp = require("cmp")
            local config = cmp.get_config()
            table.insert(config.sources, {
              name = "buffer",
              option = {
                sources = {
                  { name = "conjure" },
                },
              },
            })
            cmp.setup(config)
          end,
        },
      },
      config = function(_, opts)
        require("conjure.main").main()
        require("conjure.mapping")["on-filetype"]()
      end,
      init = function()
        -- Set configuration options here
        vim.g["conjure#debug"] = true
      end,
    },
    {
      "nvim-orgmode/orgmode",
      dependencies = {
        { "nvim-treesitter/nvim-treesitter", lazy = true },
      },
      event = "VeryLazy",
      config = function()
        -- Load treesitter grammar for org
        require("orgmode").setup_ts_grammar()
        -- Setup treesitter
        require("nvim-treesitter.configs").setup({
          highlight = {
            enable = true,
            additional_vim_regex_highlighting = { "org" },
          },
          ensure_installed = { "org" },
        })
        -- Setup orgmode
        require("orgmode").setup({
          org_agenda_files = "~/org/**/*",
          org_default_notes_file = "~/org/refile.org",
        })
      end,
    },
    -- Lua implementation of CamelCaseMotion, with extra consideration of punctuation.
    { import = "astrocommunity.motion.nvim-spider" },
    -- AI Assistant
    { import = "astrocommunity.completion.copilot-lua-cmp" },
    -- Custom copilot-lua to enable filtypes: markdown
    {
      "zbirenbaum/copilot.lua",
      opts = function(_, opts)
        opts.filetypes = {
          yaml = true,
          markdown = true,
        }
      end,
    },
    {
      "0x00-ketsu/autosave.nvim",
      -- lazy-loading on events
      event = { "InsertLeave", "TextChanged" },
      opts = function(_, opts)
        opts.prompt_style = "stdout" -- notify or stdout
      end,
    },
    -- markdown preview
    {
      "0x00-ketsu/markdown-preview.nvim",
      ft = { "md", "markdown", "mkd", "mkdn", "mdwn", "mdown", "mdtxt", "mdtext", "rmd", "wiki" },
      config = function()
        require("markdown-preview").setup({
          -- your configuration comes here
          -- or leave it empty to use the default settings
          -- refer to the setup section below
        })
      end,
    },
    -- clipboard manager
    {
      "gbprod/yanky.nvim",
      opts = function()
        local mapping = require("yanky.telescope.mapping")
        local mappings = mapping.get_defaults()
        mappings.i["<c-p>"] = nil
        return {
          highlight = { timer = 200 },
          picker = {
            telescope = {
              use_default_mappings = false,
              mappings = mappings,
            },
          },
        }
      end,
      keys = {
        {
          "y",
          "<Plug>(YankyYank)",
          mode = { "n", "x" },
          desc = "Yank text",
        },
        {
          "p",
          "<Plug>(YankyPutAfter)",
          mode = { "n", "x" },
          desc = "Put yanked text after cursor",
        },
        {
          "P",
          "<Plug>(YankyPutBefore)",
          mode = { "n", "x" },
          desc = "Put yanked text before cursor",
        },
        {
          "gp",
          "<Plug>(YankyGPutAfter)",
          mode = { "n", "x" },
          desc = "Put yanked text after selection",
        },
        {
          "gP",
          "<Plug>(YankyGPutBefore)",
          mode = { "n", "x" },
          desc = "Put yanked text before selection",
        },
        { "[y", "<Plug>(YankyCycleForward)",              desc = "Cycle forward through yank history" },
        { "]y", "<Plug>(YankyCycleBackward)",             desc = "Cycle backward through yank history" },
        { "]p", "<Plug>(YankyPutIndentAfterLinewise)",    desc = "Put indented after cursor (linewise)" },
        { "[p", "<Plug>(YankyPutIndentBeforeLinewise)",   desc = "Put indented before cursor (linewise)" },
        { "]P", "<Plug>(YankyPutIndentAfterLinewise)",    desc = "Put indented after cursor (linewise)" },
        { "[P", "<Plug>(YankyPutIndentBeforeLinewise)",   desc = "Put indented before cursor (linewise)" },
        { ">p", "<Plug>(YankyPutIndentAfterShiftRight)",  desc = "Put and indent right" },
        { "<p", "<Plug>(YankyPutIndentAfterShiftLeft)",   desc = "Put and indent left" },
        { ">P", "<Plug>(YankyPutIndentBeforeShiftRight)", desc = "Put before and indent right" },
        { "<P", "<Plug>(YankyPutIndentBeforeShiftLeft)",  desc = "Put before and indent left" },
        { "=p", "<Plug>(YankyPutAfterFilter)",            desc = "Put after applying a filter" },
        { "=P", "<Plug>(YankyPutBeforeFilter)",           desc = "Put before applying a filter" },
      },
    },
    -- Enhanced matchparen.vim plugin for Neovim to highlight the outer pair.
    {
      "utilyre/sentiment.nvim",
      version = "*",
      event = "VeryLazy", -- keep for lazy loading
      opts = {
        -- config
      },
      init = function()
        -- `matchparen.vim` needs to be disabled manually in case of lazy loading
        vim.g.loaded_matchparen = 1
      end,
    },
    -- joining blocks of code into oneline, or splitting one line into multiple lines.
    {
      "Wansmer/treesj",
      keys = { "<space>m", "<space>j", "<space>s" },
      dependencies = { "nvim-treesitter/nvim-treesitter" },
      config = function()
        require("treesj").setup({ --[[ your config ]]
        })
      end,
    },
    -- File explorer(Custom configs)
    {
      "nvim-neo-tree/neo-tree.nvim",
      opts = {
        filesystem = {
          filtered_items = {
            visible = true, -- visible by default
            hide_dotfiles = false,
            hide_gitignored = false,
          },
        },
      },
    },
    -- The plugin offers the alibity to refactor code.
    {
      "ThePrimeagen/refactoring.nvim",
      dependencies = {
        { "nvim-lua/plenary.nvim" },
        { "nvim-treesitter/nvim-treesitter" },
      },
    },
    -- The plugin offers the abilibty to search and replace.
    {
      "nvim-pack/nvim-spectre",
      dependencies = {
        { "nvim-lua/plenary.nvim" },
      },
    },
    -- full signature help, docs and completion for the nvim lua API.
    { "folke/neodev.nvim",     opts = {} },
    -- automatically highlighting other uses of the word under the cursor using either LSP, Tree-sitter, or regex matching.
    { "RRethy/vim-illuminate", config = function() end },
    -- implementation/definition preview
    {
      "rmagatti/goto-preview",
      config = function()
        require("goto-preview").setup({})
      end,
    },
    -- Undo tree
    { "debugloop/telescope-undo.nvim" },
    -- Install lsp, formmatter and others via home manager instead of Mason.nvim
    -- LSP installations
    {
      "williamboman/mason-lspconfig.nvim",
      -- mason is unusable on NixOS, disable it.
      -- ensure_installed nothing
      opts = function(_, opts)
        opts.ensure_installed = nil
        opts.automatic_installation = false
      end,
    },
    -- Formatters/Linter installation
    {
      "jay-babu/mason-null-ls.nvim",
      -- mason is unusable on NixOS, disable it.
      -- ensure_installed nothing
      opts = function(_, opts)
        opts.ensure_installed = nil
        opts.automatic_installation = false
      end,
    },
    -- Debugger installation
    {
      "jay-babu/mason-nvim-dap.nvim",
      -- mason is unusable on NixOS, disable it.
      -- ensure_installed nothing
      opts = function(_, opts)
        opts.ensure_installed = nil
        opts.automatic_installation = false
      end,
    },
    {
      "jose-elias-alvarez/null-ls.nvim",
      opts = function(_, opts)
        local null_ls = require("null-ls")
        local code_actions = null_ls.builtins.code_actions
        local diagnostics = null_ls.builtins.diagnostics
        local formatting = null_ls.builtins.formatting
        local hover = null_ls.builtins.hover
        local completion = null_ls.builtins.completion
        -- https://github.com/jose-elias-alvarez/null-ls.nvim/blob/main/doc/BUILTINS.md
        if type(opts.sources) == "table" then
          vim.list_extend(opts.sources, {
            -- Common Code Actions
            code_actions.gitsigns,
            -- common refactoring actions based off the Refactoring book by Martin Fowler
            code_actions.refactoring,
            code_actions.gomodifytags, -- Go - modify struct field tags
            code_actions.impl,   -- Go - generate interface method stubs
            code_actions.shellcheck,
            code_actions.proselint, -- English prose linter
            code_actions.statix, -- Lints and suggestions for Nix.
            -- Diagnostic
            diagnostics.actionlint, -- GitHub Actions workflow syntax checking
            diagnostics.buf,  -- check text in current buffer
            diagnostics.checkmake, -- check Makefiles
            diagnostics.deadnix, -- Scan Nix files for dead code.
            -- Formatting
            formatting.prettier,                 -- js/ts/vue/css/html/json/... formatter
            diagnostics.hadolint,                -- Dockerfile linter
            formatting.black,                    -- Python formatter
            formatting.ruff,                     -- extremely fast Python linter
            formatting.goimports,                -- Go formatter
            formatting.shfmt,                    -- Shell formatter
            formatting.rustfmt,                  -- Rust formatter
            formatting.taplo,                    -- TOML formatteautoindentr
            formatting.terraform_fmt,            -- Terraform formatter
            formatting.stylua,                   -- Lua formatter
            formatting.alejandra,                -- Nix formatter
            formatting.sqlfluff.with({           -- SQL formatter
              extra_args = { "--dialect", "postgres" }, -- change to your dialect
            }),
            formatting.nginx_beautifier,         -- Nginx formatter
            formatting.verible_verilog_format,   -- Verilog formatter
            formatting.emacs_scheme_mode,        -- using emacs in batch mode to format scheme files.
            formatting.fnlfmt,                   -- Format Fennel code
          })
        end
      end,
    },
    {
      "nvim-telescope/telescope.nvim",
      branch = "0.1.x",
      dependencies = { "nvim-lua/plenary.nvim" },
      init = function()
        -- 1. Disable highlighting for certain filetypes
        -- 2. Ignore files larger than a certain filesize
        local previewers = require("telescope.previewers")
        local _bad = { ".*%.csv", ".*%.min.js" } -- Put all filetypes that slow you down in this array
        local filesize_threshold = 300 * 1024 -- 300KB
        local bad_files = function(filepath)
          for _, v in ipairs(_bad) do
            if filepath:match(v) then
              return false
            end
          end
          return true
        end
        local new_maker = function(filepath, bufnr, opts)
          opts = opts or {}
          if opts.use_ft_detect == nil then
            opts.use_ft_detect = true
          end
          -- 1. Check if the file is in the bad_files array, and if so, don't highlight it
          opts.use_ft_detect = opts.use_ft_detect == false and false or bad_files(filepath)
          -- 2. Check the file size, and ignore it if it's too big(preview nothing).
          filepath = vim.fn.expand(filepath)
          vim.loop.fs_stat(filepath, function(_, stat)
            if not stat then
              return
            end
            if stat.size > filesize_threshold then
              return
            else
              previewers.buffer_previewer_maker(filepath, bufnr, opts)
            end
          end)
        end
        require("telescope").setup({
          defaults = {
            buffer_previewer_maker = new_maker,
          },
        })
      end,
    },
  },
  -- Configure require("lazy").setup() options
  lazy = {
    defaults = { lazy = true },
    performance = {
      rtp = {
        -- customize default disabled vim plugins
        disabled_plugins = {},
      },
    },
  },
  -- https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md
  lsp = {
    config = {
      -- the offset_enconding of clangd will confilicts whit null-ls
      -- so we need to manually set it to utf-8
      clangd = {
        capabilities = {
          offsetEncoding = "utf-8",
        },
      },
      scheme_langserver = {
        filetypes = { "scheme", "scm" },
        single_file_support = true,
      },
    },
    -- enable servers that installed by home-manager instead of mason
    servers = {
      ---- Frontend & NodeJS
      "tsserver",       -- typescript/javascript language server
      "tailwindcss",    -- tailwindcss language server
      "html",           -- html language server
      "cssls",          -- css language server
      "prismals",       -- prisma language server
      "volar",          -- vue language server
      ---- Configuration Language
      "marksman",       -- markdown ls
      "jsonls",         -- json language server
      "yamlls",         -- yaml language server
      "taplo",          -- toml language server
      ---- Backend
      "lua_ls",         -- lua
      "gopls",          -- go
      "rust_analyzer",  -- rust
      "pyright",        -- python
      "ruff_lsp",       -- extremely fast Python linter and code transformation
      "jdtls",          -- java
      "nil_ls",         -- nix language server
      "bufls",          -- protocol buffer language server
      "zls",            -- zig language server
      ---- HDL
      "verible",        -- verilog language server
      ---- Operation & Cloud Nativautoindente
      "bashls",         -- bash
      "cmake",          -- cmake language server
      "clangd",         -- c/c++
      "dockerls",       -- dockerfile
      "jsonnet_ls",     -- jsonnet language server
      "terraformls",    -- terraform hcl
      "nushell",        -- nushell language server
      "scheme_langserver", -- scheme language server
    },
    formatting = {
      disabled = {},
      format_on_save = {
        enabled = true,
        allow_filetypes = {
          "go",
          "jsonnet",
          "rust",
          "terraform",
          "nu",
        },
      },
    },
  },
 }
@@ -1,66 +0,0 @@
 -- Mapping data with "desc" stored directly by vim.keymap.set().
 --
 -- Please use this mappings table to set keyboard mapping since this is the
 -- lower level configuration and more robust one. (which-key will
 -- automatically pick-up stored data by this setting.)
 local utils = require "astronvim.utils"
 require("telescope").load_extension("refactoring")
 require("telescope").load_extension("yank_history")
 require("telescope").load_extension("undo")
 return {
  -- normal mode
  n = {
    -- second key is the lefthand side of the map
    -- mappings seen under group name "Buffer"
    ["<leader>bn"] = { "<cmd>tabnew<cr>", desc = "New tab" },
    -- quick save
    ["<C-s>"] = { ":w!<cr>", desc = "Save File" },  -- change description but the same command
    -- Terminal
    -- NOTE: https://neovim.io/doc/user/builtin.html#jobstart()
    --   1. If {cmd} is a List it runs directly (no 'shell')
    --   2. If {cmd} is a String it runs in the 'shell'
    -- search and replace globally
    ['<leader>ss'] = {'<cmd>lua require("spectre").toggle()<CR>', desc = "Toggle Spectre" },
    ['<leader>sw'] = {'<cmd>lua require("spectre").open_visual({select_word=true})<CR>', desc = "Search current word" },
    ['<leader>sp'] ={'<cmd>lua require("spectre").open_file_search({select_word=true})<CR>', desc = "Search on current file" },
    -- refactoring
    ["<leader>ri"] = { function() require('refactoring').refactor('Inline Variable') end, desc = "Inverse of extract variable" },
    ["<leader>rb"] = { function() require('refactoring').refactor('Extract Block') end, desc = "Extract Block" },
    ["<leader>rbf"] = { function() require('refactoring').refactor('Extract Block To File') end, desc = "Extract Block To File" },
    ["<leader>rr"] = { function() require('telescope').extensions.refactoring.refactors() end, desc = "Prompt for a refactor to apply" },
    ["<leader>rp"] = { function() require('refactoring').debug.printf({below = false}) end, desc = "Insert print statement to mark the calling of a function" },
    ["<leader>rv"] = { function() require('refactoring').debug.print_var() end, desc = "Insert print statement to print a variable" },
    ["<leader>rc"] = { function() require('refactoring').debug.cleanup({}) end, desc = "Cleanup of all generated print statements" },
    -- yank_history
    ["<leader>yh"] = { function() require("telescope").extensions.yank_history.yank_history() end, desc = "Preview Yank History" },
    -- undo history
    ["<leader>uh"] = {"<cmd>Telescope undo<cr>", desc="Telescope undo" },
    -- implementation/definition preview
    ["gpd"] = { "<cmd>lua require('goto-preview').goto_preview_definition()<CR>", desc="goto_preview_definition" },
    ["gpt"] = { "<cmd>lua require('goto-preview').goto_preview_type_definition()<CR>", desc="goto_preview_type_definition" },
    ["gpi"] = { "<cmd>lua require('goto-preview').goto_preview_implementation()<CR>", desc="goto_preview_implementation" },
    ["gP" ] = {  "<cmd>lua require('goto-preview').close_all_win()<CR>", desc="close_all_win" },
    ["gpr"] = { "<cmd>lua require('goto-preview').goto_preview_references()<CR>", desc="goto_preview_references" },
  },
  -- Visual mode
  v = {
    -- search and replace globally
    ['<leader>sw'] =  {'<esc><cmd>lua require("spectre").open_visual()<CR>', desc = "Search current word" },
  },
  -- visual mode(what's the difference between v and x???)
  x = {
    -- refactoring
    ["<leader>ri"] = { function() require('refactoring').refactor('Inline Variable') end, desc = "Inverse of extract variable" },
    ["<leader>re"] = { function() require('refactoring').refactor('Extract Function') end, desc = "Extracts the selected code to a separate function" },
    ["<leader>rf"] = { function() require('refactoring').refactor('Extract Function To File') end, desc = "Extract Function To File" },
    ["<leader>rv"] = { function() require('refactoring').refactor('Extract Variable') end, desc = "Extracts occurrences of a selected expression to its own variable" },
    ["<leader>rr"] = { function() require('telescope').extensions.refactoring.refactors() end, desc = "Prompt for a refactor to apply" },
  },
 }
@@ -1,6 +1,8 @@
 {
  config,
  lib,
  pkgs,
-  astronvim,
+  pkgs-unstable,
  ...
 }:
 ###############################################################################
@@ -14,20 +16,9 @@ let
    vdiff = "nvim -d";
  };
 in {
-  xdg.configFile = {
+  home.activation.installAstroNvim = lib.hm.dag.entryAfter ["writeBoundary"] ''
-    # astronvim's config
+    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F744 ${./nvim}/ ${config.xdg.configHome}/nvim/
-    "nvim" = {
+  '';
      source = astronvim;
      force = true;
    };
    # my custom astronvim config, astronvim will load it after base config
    # https://github.com/AstroNvim/AstroNvim/blob/v3.32.0/lua/astronvim/bootstrap.lua#L15-L16
    "astronvim/lua/user" = {
      source = ./astronvim_user;
      force = true;
    };
  };
  home.shellAliases = shellAliases;
  programs.nushell.shellAliases = shellAliases;
@@ -35,13 +26,37 @@ in {
  programs = {
    neovim = {
      enable = true;
      package = pkgs-unstable.neovim-unwrapped;
      defaultEditor = true;
      viAlias = true;
      vimAlias = true;
-      # currently we use lazy.nvim as neovim's package manager, so comment this one.
+      # These environment variables are needed to build and run binaries
-      # Install packages that will compile locally or download FHS binaries via Nix!
+      # with external package managers like mason.nvim.
      #
      # LD_LIBRARY_PATH is also needed to run the non-FHS binaries downloaded by mason.nvim.
      # it will be set by nix-ld, so we do not need to set it here again.
      extraWrapperArgs = with pkgs; [
        # LIBRARY_PATH is used by gcc before compilation to search directories
        # containing static and shared libraries that need to be linked to your program.
        "--suffix"
        "LIBRARY_PATH"
        ":"
        "${lib.makeLibraryPath [stdenv.cc.cc zlib]}"
        # PKG_CONFIG_PATH is used by pkg-config before compilation to search directories
        # containing .pc files that describe the libraries that need to be linked to your program.
        "--suffix"
        "PKG_CONFIG_PATH"
        ":"
        "${lib.makeSearchPathOutput "dev" "lib/pkgconfig" [stdenv.cc.cc zlib]}"
      ];
      # Currently we use lazy.nvim as neovim's package manager, so comment this one.
      #
      # NOTE: These plugins will not be used by astronvim by default!
      # We should install packages that will compile locally or download FHS binaries via Nix!
      # and use lazy.nvim's `dir` option to specify the package directory in nix store.
      # so that these plugins can work on NixOS.
      #
@@ -50,6 +65,8 @@ in {
      plugins = with pkgs.vimPlugins; [
        # search all the plugins using https://search.nixos.org/packages
        telescope-fzf-native-nvim
        nvim-treesitter.withAllGrammars
      ];
    };
  };
@@ -0,0 +1,20 @@
 {
  "neodev": {
    "library": {
      "enabled": true,
      "plugins": true
    }
  },
  "neoconf": {
    "plugins": {
      "lua_ls": {
        "enabled": true
      }
    }
  },
  "lspconfig": {
    "lua_ls": {
      "Lua.format.enable": false
    }
  }
 }
@@ -0,0 +1,19 @@
 -- This file simply bootstraps the installation of Lazy.nvim and then calls other files for execution
 -- This file doesn't necessarily need to be touched, BE CAUTIOUS editing this file and proceed at your own risk.
 local lazypath = vim.env.LAZY or vim.fn.stdpath "data" .. "/lazy/lazy.nvim"
 if not (vim.env.LAZY or (vim.uv or vim.loop).fs_stat(lazypath)) then
  -- stylua: ignore
  vim.fn.system({ "git", "clone", "--filter=blob:none", "https://github.com/folke/lazy.nvim.git", "--branch=stable", lazypath })
 end
 vim.opt.rtp:prepend(lazypath)
 -- validate that lazy is available
 if not pcall(require, "lazy") then
  -- stylua: ignore
  vim.api.nvim_echo({ { ("Unable to load lazy from: %s\n"):format(lazypath), "ErrorMsg" }, { "Press any key to exit...", "MoreMsg" } }, true, {})
  vim.fn.getchar()
  vim.cmd.quit()
 end
 require "lazy_setup"
 require "polish"
@@ -0,0 +1,59 @@
 -- AstroCommunity: import any community modules here
 -- We import this file in `lazy_setup.lua` before the `plugins/` folder.
 -- This guarantees that the specs are processed before any user plugins.
 ---@type LazySpec
 return {
  "AstroNvim/astrocommunity",
  -- Motion
  { import = "astrocommunity.motion.mini-surround" },
  -- https://github.com/echasnovski/mini.ai
  { import = "astrocommunity.motion.mini-ai" },
  { import = "astrocommunity.motion.flash-nvim" },
  -- Highly experimental plugin that completely replaces
  -- the UI for messages, cmdline and the popupmenu.
  -- { import = "astrocommunity.utility.noice-nvim" },
  -- Fully featured & enhanced replacement for copilot.vim
  -- <Tab> work with both auto completion in cmp and copilot
  { import = "astrocommunity.media.vim-wakatime" },
  { import = "astrocommunity.motion.leap-nvim" },
  { import = "astrocommunity.motion.flit-nvim" },
  { import = "astrocommunity.scrolling.nvim-scrollbar" },
  { import = "astrocommunity.editing-support.todo-comments-nvim" },
  -- Language Support
  ---- Frontend & NodeJS
  { import = "astrocommunity.pack.typescript-all-in-one" },
  { import = "astrocommunity.pack.tailwindcss" },
  { import = "astrocommunity.pack.html-css" },
  { import = "astrocommunity.pack.prisma" },
  { import = "astrocommunity.pack.vue" },
  ---- Configuration Language
  { import = "astrocommunity.pack.markdown" },
  { import = "astrocommunity.pack.json" },
  { import = "astrocommunity.pack.yaml" },
  { import = "astrocommunity.pack.toml" },
  ---- Backend / System
  { import = "astrocommunity.pack.lua" },
  { import = "astrocommunity.pack.go" },
  { import = "astrocommunity.pack.rust" },
  { import = "astrocommunity.pack.python" },
  { import = "astrocommunity.pack.java" },
  { import = "astrocommunity.pack.cmake" },
  { import = "astrocommunity.pack.cpp" },
  -- { import = "astrocommunity.pack.nix" },  -- manually add config for nix, comment this one.
  { import = "astrocommunity.pack.proto" },
  ---- Operation & Cloud Native
  { import = "astrocommunity.pack.terraform" },
  { import = "astrocommunity.pack.bash" },
  { import = "astrocommunity.pack.docker" },
  { import = "astrocommunity.pack.helm" },
  -- colorscheme
  { import = "astrocommunity.colorscheme.catppuccin" },
  -- Lua implementation of CamelCaseMotion, with extra consideration of punctuation.
  { import = "astrocommunity.motion.nvim-spider" },
  -- AI Assistant
  { import = "astrocommunity.completion.copilot-lua-cmp" },
 }
@@ -0,0 +1,34 @@
 require("lazy").setup({
  {
    "AstroNvim/AstroNvim",
    version = "^4", -- Remove version tracking to elect for nighly AstroNvim
    import = "astronvim.plugins",
    opts = { -- AstroNvim options must be set here with the `import` key
      mapleader = " ", -- This ensures the leader key must be configured before Lazy is set up
      maplocalleader = ",", -- This ensures the localleader key must be configured before Lazy is set up
      icons_enabled = true, -- Set to false to disable icons (if no Nerd Font is available)
      pin_plugins = nil, -- Default will pin plugins when tracking `version` of AstroNvim, set to true/false to override
    },
  },
  { import = "community" },
  { import = "plugins" },
 } --[[@as LazySpec]], {
  -- Configure any other `lazy.nvim` configuration options here
  -- https://github.com/folke/lazy.nvim?tab=readme-ov-file#%EF%B8%8F-configuration
  -- try to load one of these colorschemes when starting an installation during startup
  install = { colorscheme = { "catppuccin" }, },
  ui = { backdrop = 100 },
  performance = {
    rtp = {
      -- disable some rtp plugins, add more to your liking
      disabled_plugins = {
        "gzip",
        "netrwPlugin",
        "tarPlugin",
        "tohtml",
        "zipPlugin",
      },
    },
  },
 } --[[@as LazyConfig]])
@@ -0,0 +1,107 @@
 -- AstroCore provides a central place to modify mappings, vim options, autocommands, and more!
 -- Configuration documentation can be found with `:h astrocore`
 -- NOTE: We highly recommend setting up the Lua Language Server (`:LspInstall lua_ls`)
 --       as this provides autocomplete and documentation while editing
 ---@type LazySpec
 return {
  "AstroNvim/astrocore",
  ---@type AstroCoreOpts
  opts = {
    -- Configure core features of AstroNvim
    features = {
      large_buf = { size = 1024 * 500, lines = 10000 }, -- set global limits for large files for disabling features like treesitter
      autopairs = true, -- enable autopairs at start
      cmp = true, -- enable completion at start
      diagnostics_mode = 3, -- diagnostic mode on start (0 = off, 1 = no signs/virtual text, 2 = no virtual text, 3 = on)
      highlighturl = true, -- highlight URLs at start
      notifications = true, -- enable notifications at start
    },
    -- Diagnostics configuration (for vim.diagnostics.config({...})) when diagnostics are on
    diagnostics = {
      virtual_text = true,
      underline = true,
    },
    -- vim options can be configured here
    options = {
      opt = { -- vim.opt.<key>
        relativenumber = true, -- Show relative numberline
        signcolumn = "auto", -- Show sign column when used only
        spell = false, -- Spell checking
        swapfile = false, -- Swapfile
        smartindent = false, -- fix https://github.com/ryan4yin/nix-config/issues/4
        title = true, -- Set the title of window to `filename [+=-] (path) - NVIM`
        -- The percentage of 'columns' to use for the title
        -- When the title is longer, only the end of the path name is shown.
        titlelen = 20,
      },
      g = { -- vim.g.<key>
        -- configure global vim variables (vim.g)
        -- NOTE: `mapLeader` and `maplocalLeader` must be set in the AstroNvim opts or before `lazy.setup`
        -- This can be found in the `lua/lazy_setup.lua` file
      },
    },
    -- Mappings can be configured through AstroCore as well.
    -- https://docs.astronvim.com/recipes/mappings/
    -- NOTE: keycodes follow the casing in the vimdocs. For example, `<Leader>` must be capitalized
    mappings = {
      -- first key is the mode
      n = {
        -- second key is the lefthand side of the map
        -- second key is the lefthand side of the map
        -- mappings seen under group name "Buffer"
        ["<Leader>bn"] = { "<cmd>tabnew<cr>", desc = "New tab" },
        -- quick save
        -- ["<C-s>"] = { ":w!<cr>", desc = "Save File" },
        -- Terminal
        -- NOTE: https://neovim.io/doc/user/builtin.html#jobstart()
        --   1. If {cmd} is a List it runs directly (no 'shell')
        --   2. If {cmd} is a String it runs in the 'shell'
        -- search and replace globally
        ["<Leader>ss"] = { '<cmd>lua require("spectre").toggle()<CR>', desc = "Toggle Spectre" },
        ["<Leader>sw"] = {
          '<cmd>lua require("spectre").open_visual({select_word=true})<CR>',
          desc = "Search current word",
        },
        ["<Leader>sp"] = {
          '<cmd>lua require("spectre").open_file_search({select_word=true})<CR>',
          desc = "Search on current file",
        },
        -- yank_history
        ["<Leader>yh"] = {
          function() require("telescope").extensions.yank_history.yank_history() end,
          desc = "Preview Yank History",
        },
        -- undo history
        ["<Leader>uh"] = { "<cmd>Telescope undo<cr>", desc = "Telescope undo" },
        -- implementation/definition preview
        ["gpd"] = { "<cmd>lua require('goto-preview').goto_preview_definition()<CR>", desc = "goto_preview_definition" },
        ["gpt"] = {
          "<cmd>lua require('goto-preview').goto_preview_type_definition()<CR>",
          desc = "goto_preview_type_definition",
        },
        ["gpi"] = {
          "<cmd>lua require('goto-preview').goto_preview_implementation()<CR>",
          desc = "goto_preview_implementation",
        },
        ["gP"] = { "<cmd>lua require('goto-preview').close_all_win()<CR>", desc = "close_all_win" },
        ["gpr"] = { "<cmd>lua require('goto-preview').goto_preview_references()<CR>", desc = "goto_preview_references" },
      },
      t = {
        -- setting a mapping to false will disable it
        -- ["<esc>"] = false,
      },
      -- Visual mode
      v = {
        -- search and replace globally
        ["<Leader>sw"] = { '<esc><cmd>lua require("spectre").open_visual()<CR>', desc = "Search current word" },
      },
    },
  },
 }
@@ -0,0 +1,227 @@
 -- AstroLSP allows you to customize the features in AstroNvim's LSP configuration engine
 -- Configuration documentation can be found with `:h astrolsp`
 -- NOTE: We highly recommend setting up the Lua Language Server (`:LspInstall lua_ls`)
 --       as this provides autocomplete and documentation while editing
 ---@type LazySpec
 return {
  "AstroNvim/astrolsp",
  ---@type AstroLSPOpts
  opts = {
    -- Configuration table of features provided by AstroLSP
    features = {
      autoformat = true, -- enable or disable auto formatting on start
      codelens = true, -- enable/disable codelens refresh on start
      inlay_hints = true, -- enable/disable inlay hints on start
      semantic_tokens = true, -- enable/disable semantic token highlighting
    },
    -- customize lsp formatting options
    formatting = {
      -- control auto formatting on save
      format_on_save = {
        enabled = true, -- enable or disable format on save globally
        allow_filetypes = { -- enable format on save for specified filetypes only
          "go",
          "jsonnet",
          "rust",
          "terraform",
          "nu",
        },
        ignore_filetypes = { -- disable format on save for specified filetypes
          -- "python",
        },
      },
      disabled = { -- disable formatting capabilities for the listed language servers
        -- disable lua_ls formatting capability if you want to use StyLua to format your lua code
        -- "lua_ls",
      },
      timeout_ms = 1000, -- default format timeout
      -- filter = function(client) -- fully override the default formatting function
      --   return true
      -- end
    },
    -- enable servers that you already have installed without mason
    -- https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md
    servers = {
      ---- Data & Configuration Languages
      "jsonls", -- json language server
      "jsonnet_ls", -- jsonnet language server
      "yamlls", -- yaml language server
      "taplo", -- toml language server
      "dagger", -- cuelsp - cue language server
      "terraformls", -- terraform hcl
      "marksman", -- markdown ls
      "nickel_ls", -- nickel language server
      "nil_ls", -- nix language server
      "bufls", -- protocol buffer language server
      "dockerls", -- dockerfile
      "cmake", -- cmake language server
      "sqls", -- sql language server
      ---- General Purpose Languages
      "clangd", -- c/c++
      "gopls", -- go
      "jdtls", -- java language server, provides only basic features
      "rust_analyzer", -- rust
      "pyright", -- python
      "ruff_lsp", -- extremely fast Python linter and code transformation
      -- "julials", -- julia language server
      -- "zls", -- zig language server
      "lua_ls", -- lua
      "bashls", -- bash
      "nushell", -- nushell language server
      ---- Web Development
      "ts_ls", -- typescript/javascript language server
      "tailwindcss", -- tailwindcss language server
      "html", -- html language server
      "cssls", -- css language server
      "prismals", -- prisma language server
      "volar", -- vue language server
      ---- Lisp Like
      "scheme_langserver", -- scheme language server
      "elixirls", -- elixir language server
      -- "clojure_lsp", -- clojure language server"
      ---- Circuit Design
      "verible", -- verilog language server
    },
    -- customize language server configuration options passed to `lspconfig`
    ---@diagnostic disable: missing-fields
    config = {
      -- the offset_encoding of clangd will confilicts whit null-ls
      -- so we need to manually set it to utf-8
      clangd = {
        capabilities = {
          offsetEncoding = "utf-8",
        },
      },
      scheme_langserver = {
        filetypes = { "scheme", "scm" },
        single_file_support = true,
      },
      rust_analyzer = {
        settings = {
          -- Make the rust-analyzer use its own profile,
          -- so you can run cargo build without that being blocked while rust-analyzer runs.
          ["rust-analyzer"] = {
            cargo = {
              extraEnv = { CARGO_PROFILE_RUST_ANALYZER_INHERITS = "dev" },
              extraArgs = { "--profile", "rust-analyzer" },
            },
          },
        },
      },
    },
    -- customize how language servers are attached
    handlers = {
      -- a function without a key is simply the default handler, functions take two parameters, the server name and the configured options table for that server
      -- function(server, opts) require("lspconfig")[server].setup(opts) end
      -- the key is the server that is being setup with `lspconfig`
      -- rust_analyzer = false, -- setting a handler to false will disable the set up of that language server
      -- pyright = function(_, opts) require("lspconfig").pyright.setup(opts) end -- or a custom handler function can be passed
    },
    -- Configure buffer local auto commands to add when attaching a language server
    autocmds = {
      -- first key is the `augroup` to add the auto commands to (:h augroup)
      lsp_document_highlight = {
        -- Optional condition to create/delete auto command group
        -- can either be a string of a client capability or a function of `fun(client, bufnr): boolean`
        -- condition will be resolved for each client on each execution and if it ever fails for all clients,
        -- the auto commands will be deleted for that buffer
        cond = "textDocument/documentHighlight",
        -- cond = function(client, bufnr) return client.name == "lua_ls" end,
        -- list of auto commands to set
        {
          -- events to trigger
          event = { "CursorHold", "CursorHoldI" },
          -- the rest of the autocmd options (:h nvim_create_autocmd)
          desc = "Document Highlighting",
          callback = function() vim.lsp.buf.document_highlight() end,
        },
        {
          event = { "CursorMoved", "CursorMovedI", "BufLeave" },
          desc = "Document Highlighting Clear",
          callback = function() vim.lsp.buf.clear_references() end,
        },
      },
    },
    -- mappings to be set up on attaching of a language server
    mappings = {
      n = {
        gl = { function() vim.diagnostic.open_float() end, desc = "Hover diagnostics" },
        -- a `cond` key can provided as the string of a server capability to be required to attach, or a function with `client` and `bufnr` parameters from the `on_attach` that returns a boolean
        -- gD = {
        --   function() vim.lsp.buf.declaration() end,
        --   desc = "Declaration of current symbol",
        --   cond = "textDocument/declaration",
        -- },
        -- ["<Leader>uY"] = {
        --   function() require("astrolsp.toggles").buffer_semantic_tokens() end,
        --   desc = "Toggle LSP semantic highlight (buffer)",
        --   cond = function(client) return client.server_capabilities.semanticTokensProvider and vim.lsp.semantic_tokens end,
        -- },
        -- refactoring
        ["<Leader>ri"] = {
          function() require("refactoring").refactor "Inline Variable" end,
          desc = "Inverse of extract variable",
        },
        ["<Leader>rb"] = { function() require("refactoring").refactor "Extract Block" end, desc = "Extract Block" },
        ["<Leader>rbf"] = {
          function() require("refactoring").refactor "Extract Block To File" end,
          desc = "Extract Block To File",
        },
        ["<Leader>rr"] = {
          function() require("telescope").extensions.refactoring.refactors() end,
          desc = "Prompt for a refactor to apply",
        },
        ["<Leader>rp"] = {
          function() require("refactoring").debug.printf { below = false } end,
          desc = "Insert print statement to mark the calling of a function",
        },
        ["<Leader>rv"] = {
          function() require("refactoring").debug.print_var() end,
          desc = "Insert print statement to print a variable",
        },
        ["<Leader>rc"] = {
          function() require("refactoring").debug.cleanup {} end,
          desc = "Cleanup of all generated print statements",
        },
      },
      -- visual mode(what's the difference between v and x???)
      x = {
        -- refactoring
        ["<Leader>ri"] = {
          function() require("refactoring").refactor "Inline Variable" end,
          desc = "Inverse of extract variable",
        },
        ["<Leader>re"] = {
          function() require("refactoring").refactor "Extract Function" end,
          desc = "Extracts the selected code to a separate function",
        },
        ["<Leader>rf"] = {
          function() require("refactoring").refactor "Extract Function To File" end,
          desc = "Extract Function To File",
        },
        ["<Leader>rv"] = {
          function() require("refactoring").refactor "Extract Variable" end,
          desc = "Extracts occurrences of a selected expression to its own variable",
        },
        ["<Leader>rr"] = {
          function() require("telescope").extensions.refactoring.refactors() end,
          desc = "Prompt for a refactor to apply",
        },
      },
    },
    -- A custom `on_attach` function to be run after the default `on_attach` function
    -- takes two parameters `client` and `bufnr`  (`:h lspconfig-setup`)
    on_attach = function(client, bufnr)
      -- this would disable semanticTokensProvider for all clients
      -- client.server_capabilities.semanticTokensProvider = nil
    end,
  },
 }
@@ -0,0 +1,38 @@
 -- AstroUI provides the basis for configuring the AstroNvim User Interface
 -- Configuration documentation can be found with `:h astroui`
 -- NOTE: We highly recommend setting up the Lua Language Server (`:LspInstall lua_ls`)
 --       as this provides autocomplete and documentation while editing
 ---@type LazySpec
 return {
  "AstroNvim/astroui",
  ---@type AstroUIOpts
  opts = {
    -- change colorscheme
    -- colorscheme = "astrodark",
    colorscheme = "catppuccin",
    -- AstroUI allows you to easily modify highlight groups easily for any and all colorschemes
    highlights = {
      init = { -- this table overrides highlights in all themes
        -- Normal = { bg = "#000000" },
      },
      astrotheme = { -- a table of overrides/changes when applying the astrotheme theme
        -- Normal = { bg = "#000000" },
      },
    },
    -- Icons can be configured throughout the interface
    icons = {
      -- configure the loading of the lsp in the status line
      LSPLoading1 = "⠋",
      LSPLoading2 = "⠙",
      LSPLoading3 = "⠹",
      LSPLoading4 = "⠸",
      LSPLoading5 = "⠼",
      LSPLoading6 = "⠴",
      LSPLoading7 = "⠦",
      LSPLoading8 = "⠧",
      LSPLoading9 = "⠇",
      LSPLoading10 = "⠏",
    },
  },
 }
@@ -0,0 +1,8 @@
 return {
  "0x00-ketsu/autosave.nvim",
  -- lazy-loading on events
  event = { "InsertLeave", "TextChanged" },
  opts = function(_, opts)
    opts.prompt_style = "stdout" -- notify or stdout
  end,
 }
@@ -0,0 +1,8 @@
 return {
  "catppuccin/nvim",
  name = "catppuccin",
  opts = function(_, opts)
    opts.flavour = "mocha" -- latte, frappe, macchiato, mocha
    opts.transparent_background = true -- setting the background color.
  end,
 }
@@ -0,0 +1,31 @@
 return {
  "Olical/conjure",
  ft = { "clojure", "fennel", "python", "scheme" }, -- etc
  -- [Optional] cmp-conjure for cmp
  dependencies = {
    {
      "PaterJason/cmp-conjure",
      config = function()
        local cmp = require "cmp"
        local config = cmp.get_config()
        table.insert(config.sources, {
          name = "buffer",
          option = {
            sources = {
              { name = "conjure" },
            },
          },
        })
        cmp.setup(config)
      end,
    },
  },
  config = function(_, opts)
    require("conjure.main").main()
    require("conjure.mapping")["on-filetype"]()
  end,
  init = function()
    -- Set configuration options here
    vim.g["conjure#debug"] = true
  end,
 }
@@ -0,0 +1,14 @@
 -- Custom copilot-lua to enable filetypes: markdown
 return {
  -- "zbirenbaum/copilot.lua",
  -- Fix https://github.com/zbirenbaum/copilot.lua/pull/336
  "ryan4yin/copilot.lua",
  branch = "fix_issue_330",
  opts = function(_, opts)
    opts.filetypes = {
      yaml = true,
      markdown = true,
    }
  end,
 }
@@ -0,0 +1 @@
 return { "folke/flash.nvim", vscode = false }
@@ -0,0 +1,5 @@
 -- implementation/definition preview
 return {
  "rmagatti/goto-preview",
  config = function() require("goto-preview").setup {} end,
 }
@@ -0,0 +1,12 @@
 -- markdown preview
 return {
  "0x00-ketsu/markdown-preview.nvim",
  ft = { "md", "markdown", "mkd", "mkdn", "mdwn", "mdown", "mdtxt", "mdtext", "rmd", "wiki" },
  config = function()
    require("markdown-preview").setup {
      -- your configuration comes here
      -- or leave it empty to use the default settings
      -- refer to the setup section below
    }
  end,
 }
@@ -0,0 +1,78 @@
 -- Customize Mason plugins
 --
 -- NOTE: Issue - mason.nvim does not support NixOS:
 -- https://github.com/williamboman/mason.nvim/issues/428
 ---@type LazySpec
 return {
  -- use mason-lspconfig to configure LSP installations
  {
    "williamboman/mason-lspconfig.nvim",
    -- mason is unusable on NixOS, disable it.
    -- ensure_installed nothing
    opts = function(_, opts)
      opts.ensure_installed = nil
      opts.automatic_installation = false
    end,
    -- overrides `require("mason-lspconfig").setup(...)`
    -- opts = function(_, opts)
    --   -- add more things to the ensure_installed table protecting against community packs modifying it
    --   opts.ensure_installed = require("astrocore").list_insert_unique(opts.ensure_installed, {
    --     "lua_ls",
    --     -- add more arguments for adding more language servers
    --   })
    -- end,
  },
  -- use mason-null-ls to configure Formatters/Linter installation for null-ls sources
  {
    "jay-babu/mason-null-ls.nvim",
    -- mason is unusable on NixOS, disable it.
    -- ensure_installed nothing
    opts = function(_, opts)
      opts.ensure_installed = nil
      opts.automatic_installation = false
    end,
    -- -- overrides `require("mason-null-ls").setup(...)`
    -- opts = function(_, opts)
    --   -- add more things to the ensure_installed table protecting against community packs modifying it
    --   opts.ensure_installed = require("astrocore").list_insert_unique(opts.ensure_installed, {
    --     "prettier",
    --     "stylua",
    --     -- add more arguments for adding more null-ls sources
    --   })
    -- end,
  },
  {
    -- https://docs.astronvim.com/recipes/dap/
    "jay-babu/mason-nvim-dap.nvim",
    -- mason is unusable on NixOS, disable it.
    -- ensure_installed nothing
    -- opts = function(_, opts)
    --   opts.ensure_installed = nil
    --   opts.automatic_installation = false
    -- end,
    -- overrides `require("mason-nvim-dap").setup(...)`
    -- opts = function(_, opts)
    --   -- add more things to the ensure_installed table protecting against community packs modifying it
    --   opts.ensure_installed = require("astrocore").list_insert_unique(opts.ensure_installed, {
    --     "python",
    --     -- add more arguments for adding more debuggers
    --   })
    -- end,
  },
  {
    "williamboman/mason.nvim",
    opts = function(_, opts)
      -- Where Mason should put its bin location in your PATH. Can be one of:
      -- - "prepend" (default, Mason's bin location is put first in PATH)
      -- - "append" (Mason's bin location is put at the end of PATH)
      -- - "skip" (doesn't modify PATH)
      ---@type '"prepend"' | '"append"' | '"skip"'
      opts.PATH = "append" -- use mason's package only when no other package is found
    end,
  },
 }
@@ -0,0 +1,13 @@
 -- File explorer(Custom configs)
 return {
  "nvim-neo-tree/neo-tree.nvim",
  opts = {
    filesystem = {
      filtered_items = {
        visible = true, -- visible by default
        hide_dotfiles = false,
        hide_gitignored = false,
      },
    },
  },
 }
@@ -0,0 +1,2 @@
 -- full signature help, docs and completion for the nvim lua API.
 return { "folke/neodev.nvim", opts = {} }
@@ -0,0 +1 @@
 return { "Olical/nfnl", ft = "fennel" }
@@ -0,0 +1,53 @@
 -- Customize None-ls sources
 ---@type LazySpec
 return {
  "nvimtools/none-ls.nvim",
  opts = function(_, config)
    -- config variable is the default configuration table for the setup function call
    local null_ls = require "null-ls"
    local code_actions = null_ls.builtins.code_actions
    local diagnostics = null_ls.builtins.diagnostics
    local formatting = null_ls.builtins.formatting
    local hover = null_ls.builtins.hover
    local completion = null_ls.builtins.completion
    -- Check supported formatters and linters
    -- https://github.com/nvimtools/none-ls.nvim/tree/main/lua/null-ls/builtins/formatting
    -- https://github.com/nvimtools/none-ls.nvim/tree/main/lua/null-ls/builtins/diagnostics
    config.sources = {
      -- Common Code Actions
      code_actions.gitsigns,
      -- common refactoring actions based off the Refactoring book by Martin Fowler
      code_actions.refactoring,
      code_actions.gomodifytags, -- Go - modify struct field tags
      code_actions.impl, -- Go - generate interface method stubs
      code_actions.proselint, -- English prose linter
      code_actions.statix, -- Lints and suggestions for Nix.
      -- Diagnostic
      diagnostics.actionlint, -- GitHub Actions workflow syntax checking
      diagnostics.buf, -- check text in current buffer
      diagnostics.checkmake, -- check Makefiles
      diagnostics.deadnix, -- Scan Nix files for dead code.
      -- Formatting
      formatting.prettier, -- js/ts/vue/css/html/json/... formatter
      diagnostics.hadolint, -- Dockerfile linter
      formatting.black, -- Python formatter
      formatting.goimports, -- Go formatter
      formatting.shfmt, -- Shell formatter
      formatting.terraform_fmt, -- Terraform formatter
      formatting.stylua, -- Lua formatter
      formatting.alejandra, -- Nix formatter
      formatting.sqlfluff.with { -- SQL formatter
        extra_args = { "--dialect", "postgres" }, -- change to your dialect
      },
      formatting.nginx_beautifier, -- Nginx formatter
      formatting.verible_verilog_format, -- Verilog formatter
      formatting.emacs_scheme_mode, -- using emacs in batch mode to format scheme files.
      formatting.fnlfmt, -- Format Fennel code
    }
    return config -- return final config table
  end,
 }
@@ -0,0 +1,7 @@
 -- The plugin offers the abilibty to search and replace.
 return {
  "nvim-pack/nvim-spectre",
  dependencies = {
    { "nvim-lua/plenary.nvim" },
  },
 }
@@ -0,0 +1,19 @@
 return {
  'nvim-orgmode/orgmode',
  event = 'VeryLazy',
  ft = { 'org' },
  config = function()
    -- Setup orgmode
    require('orgmode').setup({
      org_agenda_files = "~/org/**/*",
      org_default_notes_file = "~/org/refile.org",
    })
    -- NOTE: If you are using nvim-treesitter with ~ensure_installed = "all"~ option
    -- add ~org~ to ignore_install
    require('nvim-treesitter.configs').setup({
      ensure_installed = 'all',
      ignore_install = { 'org' },
    })
  end,
 }
@@ -0,0 +1,5 @@
 return {
  "eraserhd/parinfer-rust",
  build = "cargo build --release",
  ft = { "scm", "scheme" },
 }
@@ -0,0 +1,8 @@
 -- The plugin offers the alibity to refactor code.
 return {
  "ThePrimeagen/refactoring.nvim",
  dependencies = {
    { "nvim-lua/plenary.nvim" },
    { "nvim-treesitter/nvim-treesitter" },
  },
 }
@@ -0,0 +1,13 @@
 -- Enhanced matchparen.vim plugin for Neovim to highlight the outer pair.
 return {
  "utilyre/sentiment.nvim",
  version = "*",
  event = "VeryLazy", -- keep for lazy loading
  opts = {
    -- config
  },
  init = function()
    -- `matchparen.vim` needs to be disabled manually in case of lazy loading
    vim.g.loaded_matchparen = 1
  end,
 }
@@ -0,0 +1,49 @@
 return {
  "nvim-telescope/telescope.nvim",
  branch = "0.1.x",
  dependencies = { "nvim-lua/plenary.nvim" },
  init = function()
    -- 1. Disable highlighting for certain filetypes
    -- 2. Ignore files larger than a certain filesize
    local previewers = require "telescope.previewers"
    local _bad = { ".*%.csv", ".*%.min.js" } -- Put all filetypes that slow you down in this array
    local filesize_threshold = 300 * 1024 -- 300KB
    local bad_files = function(filepath)
      for _, v in ipairs(_bad) do
        if filepath:match(v) then return false end
      end
      return true
    end
    local new_maker = function(filepath, bufnr, opts)
      opts = opts or {}
      if opts.use_ft_detect == nil then opts.use_ft_detect = true end
      -- 1. Check if the file is in the bad_files array, and if so, don't highlight it
      opts.use_ft_detect = opts.use_ft_detect == false and false or bad_files(filepath)
      -- 2. Check the file size, and ignore it if it's too big(preview nothing).
      filepath = vim.fn.expand(filepath)
      vim.loop.fs_stat(filepath, function(_, stat)
        if not stat then return end
        if stat.size > filesize_threshold then
          return
        else
          previewers.buffer_previewer_maker(filepath, bufnr, opts)
        end
      end)
      -- Load Extensions
      require("telescope").load_extension "refactoring"
      require("telescope").load_extension "yank_history"
      require("telescope").load_extension "undo"
    end
    require("telescope").setup {
      defaults = {
        buffer_previewer_maker = new_maker,
      },
    }
  end,
 }
@@ -0,0 +1,2 @@
 -- disable toggleterm.nvim, zellij's terminal is far better than neovim's one
 return { "akinsho/toggleterm.nvim", enabled = false }
@@ -0,0 +1,42 @@
 -- Customize Treesitter
 ---@type LazySpec
 return {
  "nvim-treesitter/nvim-treesitter",
  dependencies = {
    -- NOTE: additional parser
    { "nushell/tree-sitter-nu" }, -- nushell scripts
  },
  opts = function(_, opts)
    opts.incremental_selection = {
      enable = true,
      keymaps = {
        init_selection = "<C-space>", -- Ctrl + Space
        node_incremental = "<C-space>",
        scope_incremental = "<A-space>", -- Alt + Space
        node_decremental = "<bs>", -- Backspace
      },
    }
    opts.ignore_install = { "gotmpl", "wing" }
    -- add more things to the ensure_installed table protecting against community packs modifying it
    -- https://github.com/nvim-treesitter/nvim-treesitter/tree/master
    opts.ensure_installed = require("astrocore").list_insert_unique(opts.ensure_installed, {
      -- please add only the tree-sitters that are not available in nixpkgs here
      "just",
      "kdl",
      "csv",
      "xml",
      ---- Misc
      "diff",
      "git_config",
      "git_rebase",
      "gitignore",
      "gitcommit",
      "gitattributes",
      "ssh_config",
    })
  end,
 }
@@ -0,0 +1,10 @@
 -- joining blocks of code into oneline, or splitting one line into multiple lines.
 return {
  "Wansmer/treesj",
  keys = { "<space>m", "<space>j", "<space>s" },
  dependencies = { "nvim-treesitter/nvim-treesitter" },
  config = function()
    require("treesj").setup { --[[ your config ]]
    }
  end,
 }
@@ -0,0 +1,2 @@
 -- Undo tree
 return { "debugloop/telescope-undo.nvim" }
@@ -0,0 +1,83 @@
 -- You can also add or configure plugins by creating files in this `plugins/` folder
 -- Here are some examples:
 ---@type LazySpec
 return {
  -- == Examples of Adding Plugins ==
  "andweeb/presence.nvim",
  {
    "ray-x/lsp_signature.nvim",
    event = "BufRead",
    config = function() require("lsp_signature").setup() end,
  },
  -- == Examples of Overriding Plugins ==
  -- customize alpha options
  {
    "goolord/alpha-nvim",
    opts = function(_, opts)
      -- customize the dashboard header
      opts.section.header.val = {
        " █████  ███████ ████████ ██████   ██████",
        "██   ██ ██         ██    ██   ██ ██    ██",
        "███████ ███████    ██    ██████  ██    ██",
        "██   ██      ██    ██    ██   ██ ██    ██",
        "██   ██ ███████    ██    ██   ██  ██████",
        " ",
        "    ███    ██ ██    ██ ██ ███    ███",
        "    ████   ██ ██    ██ ██ ████  ████",
        "    ██ ██  ██ ██    ██ ██ ██ ████ ██",
        "    ██  ██ ██  ██  ██  ██ ██  ██  ██",
        "    ██   ████   ████   ██ ██      ██",
      }
      return opts
    end,
  },
  -- You can disable default plugins as follows:
  { "max397574/better-escape.nvim", enabled = false },
  -- You can also easily customize additional setup of plugins that is outside of the plugin's setup call
  {
    "L3MON4D3/LuaSnip",
    config = function(plugin, opts)
      require "astronvim.plugins.configs.luasnip"(plugin, opts) -- include the default astronvim config that calls the setup call
      -- add more custom luasnip configuration such as filetype extend or custom snippets
      local luasnip = require "luasnip"
      luasnip.filetype_extend("javascript", { "javascriptreact" })
    end,
  },
  {
    "windwp/nvim-autopairs",
    config = function(plugin, opts)
      require "astronvim.plugins.configs.nvim-autopairs"(plugin, opts) -- include the default astronvim config that calls the setup call
      -- add more custom autopairs configuration such as custom rules
      local npairs = require "nvim-autopairs"
      local Rule = require "nvim-autopairs.rule"
      local cond = require "nvim-autopairs.conds"
      npairs.add_rules(
        {
          Rule("$", "$", { "tex", "latex" })
            -- don't add a pair if the next character is %
            :with_pair(cond.not_after_regex "%%")
            -- don't add a pair if  the previous character is xxx
            :with_pair(
              cond.not_before_regex("xxx", 3)
            )
            -- don't move right when repeat character
            :with_move(cond.none())
            -- don't delete if the next character is xx
            :with_del(cond.not_after_regex "xx")
            -- disable adding a newline when you press <cr>
            :with_cr(cond.none()),
        },
        -- disable for .vim files, but it work for another filetypes
        Rule("a", "a", "-vim")
      )
    end,
  },
 }
@@ -0,0 +1,62 @@
 -- clipboard manager
 return {
  "gbprod/yanky.nvim",
  opts = function()
    local mapping = require "yanky.telescope.mapping"
    local mappings = mapping.get_defaults()
    mappings.i["<c-p>"] = nil
    return {
      highlight = { timer = 200 },
      picker = {
        telescope = {
          use_default_mappings = false,
          mappings = mappings,
        },
      },
    }
  end,
  keys = {
    {
      "y",
      "<Plug>(YankyYank)",
      mode = { "n", "x" },
      desc = "Yank text",
    },
    {
      "p",
      "<Plug>(YankyPutAfter)",
      mode = { "n", "x" },
      desc = "Put yanked text after cursor",
    },
    {
      "P",
      "<Plug>(YankyPutBefore)",
      mode = { "n", "x" },
      desc = "Put yanked text before cursor",
    },
    {
      "gp",
      "<Plug>(YankyGPutAfter)",
      mode = { "n", "x" },
      desc = "Put yanked text after selection",
    },
    {
      "gP",
      "<Plug>(YankyGPutBefore)",
      mode = { "n", "x" },
      desc = "Put yanked text before selection",
    },
    { "[y", "<Plug>(YankyCycleForward)", desc = "Cycle forward through yank history" },
    { "]y", "<Plug>(YankyCycleBackward)", desc = "Cycle backward through yank history" },
    { "]p", "<Plug>(YankyPutIndentAfterLinewise)", desc = "Put indented after cursor (linewise)" },
    { "[p", "<Plug>(YankyPutIndentBeforeLinewise)", desc = "Put indented before cursor (linewise)" },
    { "]P", "<Plug>(YankyPutIndentAfterLinewise)", desc = "Put indented after cursor (linewise)" },
    { "[P", "<Plug>(YankyPutIndentBeforeLinewise)", desc = "Put indented before cursor (linewise)" },
    { ">p", "<Plug>(YankyPutIndentAfterShiftRight)", desc = "Put and indent right" },
    { "<p", "<Plug>(YankyPutIndentAfterShiftLeft)", desc = "Put and indent left" },
    { ">P", "<Plug>(YankyPutIndentBeforeShiftRight)", desc = "Put before and indent right" },
    { "<P", "<Plug>(YankyPutIndentBeforeShiftLeft)", desc = "Put before and indent left" },
    { "=p", "<Plug>(YankyPutAfterFilter)", desc = "Put after applying a filter" },
    { "=P", "<Plug>(YankyPutBeforeFilter)", desc = "Put before applying a filter" },
  },
 }
@@ -0,0 +1,16 @@
 -- This will run last in the setup process and is a good place to configure
 -- things like custom filetypes. This just pure lua so anything that doesn't
 -- fit in the normal config locations above can go here
 -- Set up custom filetypes
 -- vim.filetype.add {
 --   extension = {
 --     foo = "fooscript",
 --   },
 --   filename = {
 --     ["Foofile"] = "fooscript",
 --   },
 --   pattern = {
 --     ["~/%.config/foo/.*"] = "fooscript",
 --   },
 -- }
@@ -0,0 +1,6 @@
 ---
 base: lua51
 globals:
  vim:
    any: true
@@ -0,0 +1,8 @@
 std = "neovim"
 [rules]
 global_usage = "allow"
 if_same_then_else = "allow"
 incorrect_standard_library_use = "allow"
 mixed_table = "allow"
 multiple_statements = "allow"
@@ -1,11 +1,56 @@
-{pkgs, ...}: {
+{
  pkgs,
  pkgs-unstable,
  ...
 }: {
  nixpkgs.config = {
    programs.npm.npmrc = ''
      prefix = ''${HOME}/.npm-global
    '';
  };
-  home.packages = with pkgs; [
+  home.packages = with pkgs; (
    # -*- Data & Configuration Languages -*-#
    [
      #-- nix
      nil
      # rnix-lsp
      # nixd
      statix # Lints and suggestions for the nix programming language
      deadnix # Find and remove unused code in .nix source files
      alejandra # Nix Code Formatter
      #-- nickel lang
      nickel
      #-- json like
      # terraform  # install via brew on macOS
      terraform-ls
      jsonnet
      jsonnet-language-server
      taplo # TOML language server / formatter / validator
      nodePackages.yaml-language-server
      actionlint # GitHub Actions linter
      #-- dockerfile
      hadolint # Dockerfile linter
      nodePackages.dockerfile-language-server-nodejs
      #-- markdown
      marksman # language server for markdown
      glow # markdown previewer
      pandoc # document converter
      pkgs-unstable.hugo # static site generator
      #-- sql
      sqlfluff
      #-- protocol buffer
      buf # linting and formatting
    ]
    ++
    #-*- General Purpose Languages -*-#
    [
      #-- c/c++
      cmake
      cmake-language-server
@@ -13,49 +58,50 @@
      checkmake
      # c/c++ compiler, required by nvim-treesitter!
      gcc
      gdb
      # c/c++ tools with clang-tools, the unwrapped version won't
      # add alias like `cc` and `c++`, so that it won't conflict with gcc
-    llvmPackages.clang-unwrapped
+      # llvmPackages.clang-unwrapped
      clang-tools
      lldb
      vscode-extensions.vadimcn.vscode-lldb.adapter # codelldb - debugger
      #-- python
-    nodePackages.pyright # python language server
+      pyright # python language server
      (python311.withPackages (
        ps:
          with ps; [
            ruff-lsp
            black # python formatter
            # debugpy
            # my commonly used python packages
            jupyter
            ipython
            pandas
            requests
            pyquery
            pyyaml
            boto3
            ## emacs's lsp-bridge dependenciesge
-          epc
+            # epc
-          orjson
+            # orjson
-          sexpdata
+            # sexpdata
-          six
+            # six
-          setuptools
+            # setuptools
-          paramiko
+            # paramiko
-          rapidfuzz
+            # rapidfuzz
          ]
      ))
      #-- rust
-    rust-analyzer
+      # we'd better use the rust-overlays for rust development
-    cargo # rust package manager
+      pkgs-unstable.rustc
-    rustfmt
+      pkgs-unstable.rust-analyzer
-
+      pkgs-unstable.cargo # rust package manager
-    #-- nix
+      pkgs-unstable.rustfmt
-    nil
+      pkgs-unstable.clippy # rust linter
    rnix-lsp
    # nixd
    statix # Lints and suggestions for the nix programming language
    deadnix # Find and remove unused code in .nix source files
    alejandra # Nix Code Formatter
      #-- golang
      go
@@ -71,6 +117,10 @@
      gradle
      maven
      spring-boot-cli
      jdt-language-server
      #-- zig
      zls
      #-- lua
      stylua
@@ -80,8 +130,9 @@
      nodePackages.bash-language-server
      shellcheck
      shfmt
-
+    ]
-    #-- javascript/typescript --#
+    #-*- Web Development -*-#
    ++ [
      nodePackages.nodejs
      nodePackages.typescript
      nodePackages.typescript-language-server
@@ -89,45 +140,29 @@
      nodePackages.vscode-langservers-extracted
      nodePackages."@tailwindcss/language-server"
      emmet-ls
-
+    ]
-    # -- Lisp like Languages
+    # -*- Lisp like Languages -*-#
    ++ [
      guile
      racket-minimal
      fnlfmt # fennel
-
+      (
-    #-- Others
+        if pkgs.stdenv.isDarwin
-    taplo # TOML language server / formatter / validator
+        then pkgs.emptyDirectory
-    nodePackages.yaml-language-server
+        else pkgs-unstable.akkuPackages.scheme-langserver
-    sqlfluff # SQL linter
+      )
-    actionlint # GitHub Actions linter
+    ]
-    buf # protoc plugin for linting and formatting
+    ++ [
      proselint # English prose linter
    #-- Misc
    tree-sitter # common language parser/highlighter
    nodePackages.prettier # common code formatter
    marksman # language server for markdown
    glow # markdown previewer
    fzf
    pandoc # document converter
    hugo # static site generator
    #-- Optional Requirements:
    gdu # disk usage analyzer, required by AstroNvim
    (ripgrep.override {withPCRE2 = true;}) # recursively searches directories for a regex pattern
    #-- CloudNative
    nodePackages.dockerfile-language-server-nodejs
    # terraform  # install via brew on macOS
    terraform-ls
    jsonnet
    jsonnet-language-server
    hadolint # Dockerfile linter
    #-- zig
    zls
      #-- verilog / systemverilog
      verible
-    gdb
+
-  ];
+      #-- Optional Requirements:
      nodePackages.prettier # common code formatter
      fzf
      gdu # disk usage analyzer, required by AstroNvim
      (ripgrep.override {withPCRE2 = true;}) # recursively searches directories for a regex pattern
    ]
  );
 }
@@ -16,7 +16,7 @@ using a Cloud provider for key management.
 Both age, Sops & GnuPG provide asymmetric encryption, which is useful for encrypting files for a
 specific user.
-For morden use, age is recommended, as it use [AEAD encryption function -
+For modern use, age is recommended, as it use [AEAD encryption function -
 ChaCha20-Poly1305][age Format v1], If you do not want to manage the keys by yourself, Sops is
 recommended, as it use KMS for key management.
@@ -1,7 +1,11 @@
-{pkgs, ...}: {
+{
  pkgs,
  pkgs-unstable,
  ...
 }: {
  home.packages = with pkgs; [
    age
-    sops
+    pkgs-unstable.sops
    rclone
  ];
 }
@@ -104,7 +104,7 @@ one keypair, or a keyring/keychain(which contains multiple sub key-pairs).
 Let's generate a keypair interactively:
-> Now in 2024, GnuPG 2.4.1 defaults to ECC algorithm (9) and Curve 25519 for ECC, which is morden
+> Now in 2024, GnuPG 2.4.1 defaults to ECC algorithm (9) and Curve 25519 for ECC, which is modern
 > and safe, I would recommend to use these defaults directly.
 ```bash
@@ -31,9 +31,9 @@ in {
      use ${nu_scripts}/share/nu_scripts/custom-completions/cargo/cargo-completions.nu *
      use ${nu_scripts}/share/nu_scripts/custom-completions/zellij/zellij-completions.nu *
      # alias
-      use ${nu_scripts}/share/nu_scripts/aliases/git/git-aliases.nu *
+      # use ${nu_scripts}/share/nu_scripts/aliases/git/git-aliases.nu *
      use ${nu_scripts}/share/nu_scripts/aliases/eza/eza-aliases.nu *
-      # use ${nu_scripts}/share/nu_scripts/aliases/bat/bat-aliases.nu *
+      use ${nu_scripts}/share/nu_scripts/aliases/bat/bat-aliases.nu *
    '';
  };
 }
@@ -1,10 +1,20 @@
-let
+{
  pkgs,
  pkgs-stable,
  ...
 }: let
  shellAliases = {
    "zj" = "zellij";
  };
 in {
  programs.zellij = {
    enable = true;
    # [Linux] Revert to old v0.40.1 to fix:
    # https://github.com/zellij-org/zellij/issues/3592
    package =
      if pkgs.stdenv.isLinux
      then pkgs-stable.zellij
      else pkgs.zellij;
  };
  # auto start zellij in nushell
  programs.nushell.extraConfig = ''
@@ -0,0 +1,257 @@
 # Place a copy of this config to ~/.aerospace.toml
 # After that, you can edit ~/.aerospace.toml to your liking
 # It's not necessary to copy all keys to your config.
 # If the key is missing in your config, "default-config.toml" will serve as a fallback
 # You can use it to add commands that run after login to macOS user session.
 # 'start-at-login' needs to be 'true' for 'after-login-command' to work
 # Available commands: https://nikitabobko.github.io/AeroSpace/commands
 after-login-command = []
 # You can use it to add commands that run after AeroSpace startup.
 # 'after-startup-command' is run after 'after-login-command'
 # Available commands : https://nikitabobko.github.io/AeroSpace/commands
 after-startup-command = [
  # Highlight focused windows with colored borders
  # 
  # JankyBorders has a built-in detection of already running process,
  # so it won't be run twice on AeroSpace restart
  'exec-and-forget borders active_color=0xffe1e3e4 inactive_color=0xff494d64 width=5.0',
 ]
 # Start AeroSpace at login
 start-at-login = false
 # Normalizations. See: https://nikitabobko.github.io/AeroSpace/guide#normalization
 enable-normalization-flatten-containers = true
 enable-normalization-opposite-orientation-for-nested-containers = true
 # See: https://nikitabobko.github.io/AeroSpace/guide#layouts
 # The 'accordion-padding' specifies the size of accordion padding
 # You can set 0 to disable the padding feature
 accordion-padding = 30
 # Possible values: tiles|accordion
 default-root-container-layout = 'tiles'
 # Possible values: horizontal|vertical|auto
 # 'auto' means: wide monitor (anything wider than high) gets horizontal orientation,
 #               tall monitor (anything higher than wide) gets vertical orientation
 default-root-container-orientation = 'auto'
 # Possible values: (qwerty|dvorak)
 # See https://nikitabobko.github.io/AeroSpace/guide#key-mapping
 key-mapping.preset = 'qwerty'
 # Mouse follows focus when focused monitor changes
 # Drop it from your config, if you don't like this behavior
 # See https://nikitabobko.github.io/AeroSpace/guide#on-focus-changed-callbacks
 # See https://nikitabobko.github.io/AeroSpace/commands#move-mouse
 on-focused-monitor-changed = ['move-mouse monitor-lazy-center']
 # Gaps between windows (inner-*) and between monitor edges (outer-*).
 # Possible values:
 # - Constant:     gaps.outer.top = 8
 # - Per monitor:  gaps.outer.top = [{ monitor.main = 16 }, { monitor."some-pattern" = 32 }, 24]
 #                 In this example, 24 is a default value when there is no match.
 #                 Monitor pattern is the same as for 'workspace-to-monitor-force-assignment'.
 #                 See: https://nikitabobko.github.io/AeroSpace/guide#assign-workspaces-to-monitors
 [gaps]
 inner.horizontal = 5
 inner.vertical = 5
 outer.left = 5
 outer.bottom = 5
 outer.top = 5
 outer.right = 5
 [exec]
 inherit-env-vars = true
 [exec.env-vars]
 PATH = '/opt/homebrew/bin:/opt/homebrew/sbin:${PATH}'
 # 'main' binding mode declaration
 # See: https://nikitabobko.github.io/AeroSpace/guide#binding-modes
 # 'main' binding mode must be always presented
 [mode.main.binding]
 # All possible keys:
 # - Letters.        a, b, c, ..., z
 # - Numbers.        0, 1, 2, ..., 9
 # - Keypad numbers. keypad0, keypad1, keypad2, ..., keypad9
 # - F-keys.         f1, f2, ..., f20
 # - Special keys.   minus, equal, period, comma, slash, backslash, quote, semicolon, backtick,
 #                   leftSquareBracket, rightSquareBracket, space, enter, esc, backspace, tab
 # - Keypad special. keypadClear, keypadDecimalMark, keypadDivide, keypadEnter, keypadEqual,
 #                   keypadMinus, keypadMultiply, keypadPlus
 # - Arrows.         left, down, up, right
 # All possible modifiers: cmd, alt, ctrl, shift
 # All possible commands: https://nikitabobko.github.io/AeroSpace/commands
 # See: https://nikitabobko.github.io/AeroSpace/commands#exec-and-forget
 # You can uncomment the following lines to open up terminal with alt + enter shortcut (like in i3)
 alt-enter = '''exec-and-forget osascript -e '
 tell application "kitty"
    do script
    activate
 end tell'
 '''
 # See: https://nikitabobko.github.io/AeroSpace/commands#layout
 alt-slash = 'layout tiles horizontal vertical'
 alt-comma = 'layout accordion horizontal vertical'
 # See: https://nikitabobko.github.io/AeroSpace/commands#focus
 alt-h = 'focus left'
 alt-j = 'focus down'
 alt-k = 'focus up'
 alt-l = 'focus right'
 # See: https://nikitabobko.github.io/AeroSpace/commands#move
 alt-shift-h = 'move left'
 alt-shift-j = 'move down'
 alt-shift-k = 'move up'
 alt-shift-l = 'move right'
 # See: https://nikitabobko.github.io/AeroSpace/commands#resize
 alt-shift-minus = 'resize smart -50'
 alt-shift-equal = 'resize smart +50'
 # See: https://nikitabobko.github.io/AeroSpace/commands#workspace
 alt-1 = 'workspace 1Kitty'
 alt-2 = 'workspace 2Alacritty'
 alt-3 = 'workspace 3Work'
 alt-4 = 'workspace 4Firefox'
 alt-5 = 'workspace 5Chrome'
 alt-6 = 'workspace 6Chat'
 alt-7 = 'workspace 7Music'
 alt-8 = 'workspace 8'
 alt-9 = 'workspace 9'
 alt-0 = 'workspace 10'
 # See: https://nikitabobko.github.io/AeroSpace/commands#move-node-to-workspace
 alt-shift-1 = 'move-node-to-workspace 1Kitty'
 alt-shift-2 = 'move-node-to-workspace 2Alacritty'
 alt-shift-3 = 'move-node-to-workspace 3Work'
 alt-shift-4 = 'move-node-to-workspace 4Firefox'
 alt-shift-5 = 'move-node-to-workspace 5Chrome'
 alt-shift-6 = 'move-node-to-workspace 6Chat'
 alt-shift-7 = 'move-node-to-workspace 7Music'
 alt-shift-8 = 'move-node-to-workspace 8'
 alt-shift-9 = 'move-node-to-workspace 9'
 alt-shift-0 = 'move-node-to-workspace 10'
 # See: https://nikitabobko.github.io/AeroSpace/commands#workspace-back-and-forth
 alt-tab = 'workspace-back-and-forth'
 # See: https://nikitabobko.github.io/AeroSpace/commands#move-workspace-to-monitor
 alt-shift-tab = 'move-workspace-to-monitor --wrap-around next'
 # See: https://nikitabobko.github.io/AeroSpace/commands#mode
 alt-shift-semicolon = 'mode service'
 cmd-h = []     # Disable "hide application"
 cmd-alt-h = [] # Disable "hide others"
 alt-shift-c = 'reload-config'
 alt-r = 'mode resize'
 # Declare 'resize' binding mode
 [mode.resize.binding]
 h = 'resize width -50'
 j = 'resize height +50'
 k = 'resize height -50'
 l = 'resize width +50'
 enter = 'mode main'
 esc = 'mode main'
 # 'service' binding mode declaration.
 # See: https://nikitabobko.github.io/AeroSpace/guide#binding-modes
 [mode.service.binding]
 esc = ['reload-config', 'mode main']
 r = ['flatten-workspace-tree', 'mode main'] # reset layout
 #s = ['layout sticky tiling', 'mode main'] # sticky is not yet supported https://github.com/nikitabobko/AeroSpace/issues/2
 f = [
  'layout floating tiling',
  'mode main',
 ] # Toggle between floating and tiling layout
 backspace = ['close-all-windows-but-current', 'mode main']
 alt-shift-h = ['join-with left', 'mode main']
 alt-shift-j = ['join-with down', 'mode main']
 alt-shift-k = ['join-with up', 'mode main']
 alt-shift-l = ['join-with right', 'mode main']
 # =================================================================
 #
 # Assign apps on particular workspaces
 #
 # Use this command to get IDs of running applications:
 #   aerospace list-apps
 #
 # =================================================================
 [[on-window-detected]]
 if.app-id = 'net.kovidgoyal.kitty'
 run = 'move-node-to-workspace 1Kitty'
 [[on-window-detected]]
 if.app-id = 'org.alacritty'
 run = 'move-node-to-workspace 2Alacritty'
 [[on-window-detected]]
 if.app-id = 'com.tencent.WeWorkMac'
 run = 'move-node-to-workspace 3Work'
 [[on-window-detected]]
 if.app-id = 'org.mozilla.firefox'
 run = 'move-node-to-workspace 4Firefox'
 [[on-window-detected]]
 if.app-id = 'com.google.Chrome'
 run = 'move-node-to-workspace 5Chrome'
 [[on-window-detected]]
 if.app-id = 'ru.keepcoder.Telegram'
 run = 'move-node-to-workspace 6Chat'
 [[on-window-detected]]
 if.app-id = 'com.tencent.xinWeChat'
 run = 'move-node-to-workspace 6Chat'
 [[on-window-detected]]
 if.app-id = 'com.tencent.qq'
 run = 'move-node-to-workspace 6Chat'
 [[on-window-detected]]
 if.app-id = 'com.tencent.QQMusicMac'
 run = 'move-node-to-workspace 7Music'
 [[on-window-detected]]
 if.app-id = 'com.netease.163music'
 run = 'move-node-to-workspace 7Music'
 # Make all windows float by default
 [[on-window-detected]]
 check-further-callbacks = true
 run = 'layout floating'
 # =================================================================
 # Multiple monitor configuration
 # =================================================================
 [workspace-to-monitor-force-assignment]
 1Kitty = 'secondary'  # Non-main monitor in case when there are only two monitors'
 2Alacritty = 'main'         # "Main" monitor ("main" as in System Settings → Displays → Use as)
 3Work = 'main'
 4Firefox = 'main'
 5Chrome = 'secondary'
 6Chat = 'main'
 7Music = 'main'
 8 = 'main'
 9 = 'main'
 0 = 'main'
@@ -0,0 +1,3 @@
 {
  home.file.".aerospace.toml".source = ./aerospace.toml;
 }
--- a/Show More
+++ b/Show More
		`@@ -1 +0,0 @@`
			`{:source-file-patterns [".fnl" "/.fnl"]}`
		`@@ -0,0 +1 @@`
							`return { "folke/flash.nvim", vscode = false }`
		`@@ -0,0 +1,2 @@`
							`-- full signature help, docs and completion for the nvim lua API.`
							`return { "folke/neodev.nvim", opts = {} }`
		`@@ -0,0 +1,2 @@`
							`-- disable toggleterm.nvim, zellij's terminal is far better than neovim's one`
							`return { "akinsho/toggleterm.nvim", enabled = false }`
		`@@ -0,0 +1,2 @@`
							`-- Undo tree`
							`return { "debugloop/telescope-undo.nvim" }`