feat(modules/base.nix): add more cache mirrors

Update dependencies

.github/FUNDING.yml

@@ -1,2 +1,3 @@
+github: ryan4yin
 patreon: ryan4yin
-custom: ["https://buymeacoffee.com/ryan4yin", "https://afdian.net/a/ryan4yin"]
+custom: ["https://buymeacoffee.com/ryan4yin"]

.typos.toml

@@ -10,4 +10,5 @@ extend-ignore-re = [
   "iterm2",
   "iHgEIBYKACAWIQSizQe9ljFEyyclWmtVhZllwnQrSwUCZZ1T9wIdAAAKCRBVhZll", # crypto keys
   "noice", # noice.nvim
+  "crypted-nixos",
 ]

Justfile

@@ -28,7 +28,7 @@ up:
 # Update specific input
 # Usage: just upp nixpkgs
 upp input:
-  nix flake lock --update-input {{input}}
+  nix flake update {{input}}
 
 # List all generations of the system profile
 history:
@@ -59,19 +59,23 @@ gitgc:
 #
 ############################################################################
 
+[linux]
 i3 mode="default":
   use utils.nu *; \
   nixos-switch ai-i3 {{mode}}
 
+[linux]
 hypr mode="default":
   use utils.nu *; \
   nixos-switch ai-hyprland {{mode}}
 
 
+[linux]
 s-i3 mode="default":
   use utils.nu *; \
   nixos-switch shoukei-i3 {{mode}}
 
+[linux]
 s-hypr mode="default":
   use utils.nu *; \
   nixos-switch shoukei-hyprland {{mode}}
@@ -82,27 +86,32 @@ s-hypr mode="default":
 #
 ############################################################################
 
+[macos]
 darwin-set-proxy:
   sudo python3 scripts/darwin_set_proxy.py
   sleep 1sec
 
+[macos]
 darwin-rollback:
   use utils.nu *; \
   darwin-rollback
 
 # Deploy to harmonica(macOS host)
+[macos]
 ha mode="default":
   use utils.nu *; \
   darwin-build "harmonica" {{mode}}; \
   darwin-switch "harmonica" {{mode}}
 
 # Depoly to fern(macOS host)
+[macos]
 fe mode="default": darwin-set-proxy
   use utils.nu *; \
   darwin-build "fern" {{mode}}; \
   darwin-switch "fern" {{mode}}
 
 # Reload yabai and skhd(macOS)
+[macos]
 yabai-reload:
   launchctl kickstart -k "gui/502/org.nixos.yabai";
   launchctl kickstart -k "gui/502/org.nixos.skhd"; 
@@ -232,16 +241,6 @@ yukina:
 #
 ############################################################################
 
-aarch:
-  colmena apply --on '@aarch' --build-on-target --verbose --show-trace
-
-suzu:
-  colmena apply --on '@suzu' --build-on-target --verbose --show-trace
-
-suzu-local mode="default":
-  use utils.nu *; \
-  nixos-switch suzu {{mode}}
-
 rakushun:
   colmena apply --on '@rakushun' --build-on-target --verbose --show-trace
 
@@ -249,6 +248,18 @@ rakushun-local mode="default":
   use utils.nu *; \
   nixos-switch rakushun {{mode}}
 
+suzu-set-proxy:
+  ip route del default via 192.168.5.1
+  ip route add default via 192.168.5.178
+
+suzu-unset-proxy:
+  ip route del default via 192.168.5.178
+  ip route add default via 192.168.5.1
+
+suzu-local mode="default":
+  use utils.nu *; \
+  nixos-switch suzu {{mode}}
+
 ############################################################################
 #
 #  Misc, other useful commands

README.md

@@ -8,16 +8,18 @@
 	<a href="https://github.com/ryan4yin/nix-config/stargazers">
 		<img alt="Stargazers" src="https://img.shields.io/github/stars/ryan4yin/nix-config?style=for-the-badge&logo=starship&color=C9CBFF&logoColor=D9E0EE&labelColor=302D41"></a>
     <a href="https://nixos.org/">
-        <img src="https://img.shields.io/badge/NixOS-23.11-informational.svg?style=for-the-badge&logo=nixos&color=F2CDCD&logoColor=D9E0EE&labelColor=302D41"></a>
+        <img src="https://img.shields.io/badge/NixOS-24.05-informational.svg?style=for-the-badge&logo=nixos&color=F2CDCD&logoColor=D9E0EE&labelColor=302D41"></a>
     <a href="https://github.com/ryan4yin/nixos-and-flakes-book">
         <img src="https://img.shields.io/static/v1?label=Nix Flakes&message=learning&style=for-the-badge&logo=nixos&color=DDB6F2&logoColor=D9E0EE&labelColor=302D41"></a>
   </a>
 </p>
 
-> My configuration is becoming more and more complex, and it may be difficult for beginners to read
-> it. If you are new to NixOS and want to know how I use NixOS, I would recommend you to take a look
-> at the [ryan4yin/nix-config/releases](https://github.com/ryan4yin/nix-config/releases) first,
-> **checkout to some simpler older versions**, which will be much easier to understand.
+> My configuration is becoming more and more complex, and **it will be difficult for beginners to
+> read**. If you are new to NixOS and want to know how I use NixOS, I would recommend you to take a
+> look at the [ryan4yin/nix-config/releases](https://github.com/ryan4yin/nix-config/releases) first,
+> **checkout to some simpler older versions, such as
+> [i3-kickstarter](https://github.com/ryan4yin/nix-config/tree/i3-kickstarter), which will be much
+> easier to understand**.
 
 This repository is home to the nix code that builds my systems:
 
@@ -89,11 +91,11 @@ Wallpapers: https://github.com/ryan4yin/wallpapers
 
 ## Neovim
 
-See [./home/base/desktop/editors/neovim/](./home/base/desktop/editors/neovim/) for details.
+See [./home/base/tui/editors/neovim/](./home/base/tui/editors/neovim/) for details.
 
 ## Emacs
 
-See [./home/base/desktop/editors/emacs/](./home/base/desktop/editors/emacs/) for details.
+See [./home/base/tui/editors/emacs/](./home/base/tui/editors/emacs/) for details.
 
 ## Secrets Management
 

flake.nix

@@ -12,18 +12,16 @@
 
   # the nixConfig here only affects the flake itself, not the system configuration!
   # for more information, see:
-  #     https://nixos-and-flakes.thiscute.world/nixos-with-flakes/add-custom-cache-servers
+  #     https://nixos-and-flakes.thiscute.world/nix-store/add-binary-cache-servers
   nixConfig = {
     # substituers will be appended to the default substituters when fetching packages
     extra-substituters = [
       "https://anyrun.cachix.org"
-      "https://hyprland.cachix.org"
       "https://nix-gaming.cachix.org"
       # "https://nixpkgs-wayland.cachix.org"
     ];
     extra-trusted-public-keys = [
       "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
-      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
       "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
       # "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
     ];
@@ -37,11 +35,11 @@
 
     # Official NixOS package source, using nixos's unstable branch by default
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
-    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.11";
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
 
     # for macos
-    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-23.11-darwin";
+    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-24.05-darwin";
     nix-darwin = {
       url = "github:lnl7/nix-darwin";
       inputs.nixpkgs.follows = "nixpkgs-darwin";
@@ -50,8 +48,8 @@
 
     # home-manager, used for managing user configuration
     home-manager = {
-      # url = "github:nix-community/home-manager/release-23.11";
       url = "github:nix-community/home-manager/master";
+      # url = "github:nix-community/home-manager/release-24.05";
 
       # The `follows` keyword in inputs is used for inheritance.
       # Here, `inputs.nixpkgs` of home-manager is kept consistent with the `inputs.nixpkgs` of the current flake,
@@ -60,17 +58,12 @@
     };
 
     lanzaboote = {
-      url = "github:nix-community/lanzaboote/v0.3.0";
+      url = "github:nix-community/lanzaboote/v0.4.1";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
     impermanence.url = "github:nix-community/impermanence";
 
-    hyprland = {
-      url = "github:hyprwm/Hyprland/v0.38.1";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     # community wayland nixpkgs
     # nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
     # anyrun - a wayland launcher
@@ -96,7 +89,7 @@
     nix-gaming.url = "github:fufexan/nix-gaming";
 
     disko = {
-      url = "github:nix-community/disko";
+      url = "github:nix-community/disko/v1.6.1";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 

home/base/core/container.nix

@@ -5,17 +5,22 @@
   ...
 }: {
   home.packages = with pkgs; [
-    skopeo
     docker-compose
     dive # explore docker layers
     lazydocker # Docker terminal UI.
+    skopeo # copy/sync images between registries and local storage
+    go-containerregistry # provides `crane` & `gcrane`, it's similar to skopeo
 
     kubectl
+    kubebuilder
     istioctl
+    clusterctl # for kubernetes cluster-api
     kubevirt # virtctl
     kubernetes-helm
     fluxcd
     argocd
+
+    ko # build go project to container image
   ];
 
   programs = {

home/base/core/core.nix

@@ -134,7 +134,7 @@
       enable = true;
       enableBashIntegration = true;
       enableZshIntegration = true;
-      enableNushellIntegration = false;
+      enableNushellIntegration = true;
     };
   };
 }

home/base/core/git.nix

@@ -25,7 +25,7 @@
 
     includes = [
       {
-        # use diffrent email & name for work
+        # use different email & name for work
         path = "~/work/.gitconfig";
         condition = "gitdir:~/work/";
       }
@@ -33,6 +33,7 @@
 
     extraConfig = {
       init.defaultBranch = "main";
+      trim.bases = "develop,master,main"; # for git-trim
       push.autoSetupRemote = true;
       pull.rebase = true;
 

home/base/core/shells/config.nu

@@ -115,6 +115,33 @@ $env.config = {
   # buffer_editor: "emacs" # command that will be used to edit the current line buffer with ctrl+o, if unset fallback to $env.EDITOR and $env.VISUAL
   bracketed_paste: true # enable bracketed paste, currently useless on windows
   edit_mode: emacs # emacs, vi
-  shell_integration: true # enables terminal markers and a workaround to arrow keys stop working issue
+  shell_integration: {
+        # osc2 abbreviates the path if in the home_dir, sets the tab/window title, shows the running command in the tab/window title
+        osc2: true
+        # osc7 is a way to communicate the path to the terminal, this is helpful for spawning new tabs in the same directory
+        osc7: true
+        # osc8 is also implemented as the deprecated setting ls.show_clickable_links, it shows clickable links in ls output if your terminal supports it. show_clickable_links is deprecated in favor of osc8
+        osc8: true
+        # osc9_9 is from ConEmu and is starting to get wider support. It's similar to osc7 in that it communicates the path to the terminal
+        osc9_9: false
+        # osc133 is several escapes invented by Final Term which include the supported ones below.
+        # 133;A - Mark prompt start
+        # 133;B - Mark prompt end
+        # 133;C - Mark pre-execution
+        # 133;D;exit - Mark execution finished with exit code
+        # This is used to enable terminals to know where the prompt is, the command is, where the command finishes, and where the output of the command is
+        osc133: true
+        # osc633 is closely related to osc133 but only exists in visual studio code (vscode) and supports their shell integration features
+        # 633;A - Mark prompt start
+        # 633;B - Mark prompt end
+        # 633;C - Mark pre-execution
+        # 633;D;exit - Mark execution finished with exit code
+        # 633;E - NOT IMPLEMENTED - Explicitly set the command line with an optional nonce
+        # 633;P;Cwd=<path> - Mark the current working directory and communicate it to the terminal
+        # and also helps with the run recent menu in vscode
+        osc633: true
+        # reset_application_mode is escape \x1b[?1l and was added to help ssh work better
+        reset_application_mode: true
+    }
   render_right_prompt_on_last_line: false # true or false to enable or disable right prompt to be rendered on last line of the prompt.
 }

home/base/core/shells/default.nix

@@ -1,4 +1,4 @@
-let
+{pkgs-unstable, ...}: let
   shellAliases = {
     k = "kubectl";
 
@@ -11,6 +11,7 @@ in {
 
   programs.nushell = {
     enable = true;
+    package = pkgs-unstable.nushell;
     configFile.source = ./config.nu;
     inherit shellAliases;
   };

home/base/core/yazi.nix

@@ -10,8 +10,7 @@
     package = pkgs-unstable.yazi;
     # Changing working directory when exiting Yazi
     enableBashIntegration = true;
-    # TODO: nushellIntegration is broken on release-23.11, wait for master's fix to be released
-    enableNushellIntegration = false;
+    enableNushellIntegration = true;
   };
 
   xdg.configFile."yazi/theme.toml".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-yazi}/mocha.toml";

home/base/gui/dev-tools.nix

@@ -1,10 +1,10 @@
 {pkgs, ...}: {
   home.packages = with pkgs; [
-    # db related
-    dbeaver
-
     mitmproxy # http/https proxy tool
     insomnia # REST client
     wireshark # network analyzer
+
+    # IDEs
+    jetbrains.idea-community
   ];
 }

home/base/gui/terminal/README.md

@@ -54,7 +54,7 @@ Error opening terminal: xterm-kitty.
 
 NixOS preserve the `TERMINFO` and `TERMINFO_DIRS` environment variables, for `root` and the `wheel`
 group:
-[nixpkgs/nixos/modules/config/terminfo.nix](https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/config/terminfo.nix#L18)
+[nixpkgs/nixos/modules/config/terminfo.nix](https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/config/terminfo.nix#L18)
 
 For nix-darwin, take a look at <https://github.com/LnL7/nix-darwin/wiki/Terminfo-issues>
 

home/base/home.nix

@@ -12,7 +12,7 @@
     # You can update Home Manager without changing this value. See
     # the Home Manager release notes for a list of state version
     # changes in each release.
-    stateVersion = "23.11";
+    stateVersion = "24.05";
   };
 
   # Let Home Manager install and manage itself.

home/base/tui/cloud/default.nix

@@ -24,6 +24,11 @@
 
     # aliyun
     aliyun-cli
+    # digitalocean
+    doctl
+    # google cloud
+    google-cloud-sdk
+
     # cloud tools that nix do not have cache for.
     terraform
     terraformer # generate terraform configs from existing cloud resources

home/base/tui/dev-tools.nix

@@ -18,8 +18,8 @@
     colmena # nixos's remote deployment tool
 
     # db related
-    mycli
-    pgcli
+    pkgs-unstable.mycli
+    pkgs-unstable.pgcli
     mongosh
     sqlite
 
@@ -27,7 +27,7 @@
     minicom
 
     # ai related
-    python311Packages.huggingface-hub # huggingface-cli
+    pkgs-unstable.python312Packages.huggingface-hub # huggingface-cli
 
     # misc
     pkgs-unstable.devbox
@@ -41,6 +41,7 @@
     # Automatically trims your branches whose tracking remote refs are merged or gone
     # It's really useful when you work on a project for a long time.
     git-trim
+    gitleaks
 
     # need to run `conda-install` before using it
     # need to run `conda-shell` before using command `conda`

home/base/tui/editors/helix/README.md

@@ -30,7 +30,7 @@ Use `:tutor` in helix to start the tutorial.
    1. Personally I'm glad to take a look at a Rust codebase, but not a VimScript/Lua codebase.
 1. Neovim have a very activate plugin ecosystem, and it's easy to find plugins for almost
    everything.
-   1. Helix is still new, and it even do have a stable plugin system yet. A PR to add a plugin
+   1. Helix is still new, and it even don't have a stable plugin system yet. A PR to add a plugin
       system is still envolving: <https://github.com/helix-editor/helix/pull/8675>
 1. Neovim has integrated terminal, and it's very powerful. It's quite similar to VSCode's integrated
    terminal. I use it a lot.

home/base/tui/editors/neovim/README.md

@@ -88,7 +88,7 @@ plugin.
 ### Window Navigation
 
 - Switch between windows: `<Ctrl> + h/j/k/l`
-- Resize windows: `<Ctrl> + Up/Down/Left/Right`
+- Resize windows: `<Ctrl> + Up/Down/Left/Right` (`<Ctrl-w> + -/+/</>`)
   - Note: On macOS, conflicts with system shortcuts
   - Disable in System Preferences -> Keyboard -> Shortcuts -> Mission Control
 
@@ -159,10 +159,11 @@ Provided by mini.surround plugin.
 
 ### Miscellaneous
 
-| Action                |                 |
-| --------------------- | --------------- |
-| Show all Yank History | `:<Space> + yh` |
-| Show undo history     | `:<Space> + uh` |
+| Action                            |                 |
+| --------------------------------- | --------------- |
+| Show all Yank History             | `:<Space> + yh` |
+| Show undo history                 | `:<Space> + uh` |
+| Show the path of the current file | `:!echo $%`      |
 
 ## Additional Resources
 

home/base/tui/editors/neovim/default.nix

@@ -30,8 +30,10 @@ in {
       viAlias = true;
       vimAlias = true;
 
-      # currently we use lazy.nvim as neovim's package manager, so comment this one.
-      # Install packages that will compile locally or download FHS binaries via Nix!
+      # Currently we use lazy.nvim as neovim's package manager, so comment this one.
+      #
+      # NOTE: These plugins will not be used by astronvim by default!
+      # We should install packages that will compile locally or download FHS binaries via Nix!
       # and use lazy.nvim's `dir` option to specify the package directory in nix store.
       # so that these plugins can work on NixOS.
       #
@@ -40,6 +42,8 @@ in {
       plugins = with pkgs.vimPlugins; [
         # search all the plugins using https://search.nixos.org/packages
         telescope-fzf-native-nvim
+
+        nvim-treesitter.withAllGrammars
       ];
     };
   };

home/base/tui/editors/neovim/nvim/lua/plugins/astrolsp.lua

@@ -3,7 +3,6 @@
 -- NOTE: We highly recommend setting up the Lua Language Server (`:LspInstall lua_ls`)
 --       as this provides autocomplete and documentation while editing
 
-
 ---@type LazySpec
 return {
   "AstroNvim/astrolsp",
@@ -42,40 +41,51 @@ return {
       -- end
     },
     -- enable servers that you already have installed without mason
+    -- https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md
     servers = {
-      ---- Frontend & NodeJS
+      ---- Data & Configuration Languages
+      "jsonls", -- json language server
+      "jsonnet_ls", -- jsonnet language server
+      "yamlls", -- yaml language server
+      "taplo", -- toml language server
+      "dagger", -- cuelsp - cue language server
+      "terraformls", -- terraform hcl
+      "marksman", -- markdown ls
+      "nickel_ls", -- nickel language server
+      "nil_ls", -- nix language server
+      "bufls", -- protocol buffer language server
+      "dockerls", -- dockerfile
+      "cmake", -- cmake language server
+      "sqls", -- sql language server
+
+      ---- General Purpose Languages
+      "clangd", -- c/c++
+      "gopls", -- go
+      "jdtls", -- java language server, provides only basic features
+      "rust_analyzer", -- rust
+      "pyright", -- python
+      "ruff_lsp", -- extremely fast Python linter and code transformation
+      -- "julials", -- julia language server
+      -- "zls", -- zig language server
+      "lua_ls", -- lua
+      "bashls", -- bash
+      "nushell", -- nushell language server
+
+      ---- Web Development
       "tsserver", -- typescript/javascript language server
       "tailwindcss", -- tailwindcss language server
       "html", -- html language server
       "cssls", -- css language server
       "prismals", -- prisma language server
       "volar", -- vue language server
-      ---- Configuration Language
-      "marksman", -- markdown ls
-      "jsonls", -- json language server
-      "yamlls", -- yaml language server
-      "taplo", -- toml language server
-      ---- Backend
-      "lua_ls", -- lua
-      "gopls", -- go
-      "rust_analyzer", -- rust
-      "pyright", -- python
-      "ruff_lsp", -- extremely fast Python linter and code transformation
-      "jdtls", -- java
-      "nil_ls", -- nix language server
-      "bufls", -- protocol buffer language server
-      "zls", -- zig language server
-      ---- HDL
-      "verible", -- verilog language server
-      ---- Operation & Cloud Nativautoindente
-      "bashls", -- bash
-      "cmake", -- cmake language server
-      "clangd", -- c/c++
-      "dockerls", -- dockerfile
-      "jsonnet_ls", -- jsonnet language server
-      "terraformls", -- terraform hcl
-      "nushell", -- nushell language server
+
+      ---- Lisp Like
       "scheme_langserver", -- scheme language server
+      "elixirls", -- elixir language server
+      -- "clojure_lsp", -- clojure language server"
+
+      ---- Circuit Design
+      "verible", -- verilog language server
     },
     -- customize language server configuration options passed to `lspconfig`
     ---@diagnostic disable: missing-fields

home/base/tui/editors/neovim/nvim/lua/plugins/mason.lua

@@ -42,13 +42,14 @@ return {
     -- end,
   },
   {
+    -- https://docs.astronvim.com/recipes/dap/
     "jay-babu/mason-nvim-dap.nvim",
     -- mason is unusable on NixOS, disable it.
     -- ensure_installed nothing
-    opts = function(_, opts)
-      opts.ensure_installed = nil
-      opts.automatic_installation = false
-    end,
+    -- opts = function(_, opts)
+    --   opts.ensure_installed = nil
+    --   opts.automatic_installation = false
+    -- end,
 
     -- overrides `require("mason-nvim-dap").setup(...)`
     -- opts = function(_, opts)

home/base/tui/editors/neovim/nvim/lua/plugins/orgmode.lua

@@ -1,26 +1,19 @@
 return {
-  "nvim-orgmode/orgmode",
-  dependencies = {
-    { "nvim-treesitter/nvim-treesitter", lazy = true },
-  },
-  event = "VeryLazy",
+  'nvim-orgmode/orgmode',
+  event = 'VeryLazy',
+  ft = { 'org' },
   config = function()
-    -- Load treesitter grammar for org
-    require("orgmode").setup_ts_grammar()
-
-    -- Setup treesitter
-    require("nvim-treesitter.configs").setup {
-      highlight = {
-        enable = true,
-        additional_vim_regex_highlighting = { "org" },
-      },
-      ensure_installed = { "org" },
-    }
-
     -- Setup orgmode
-    require("orgmode").setup {
+    require('orgmode').setup({
       org_agenda_files = "~/org/**/*",
       org_default_notes_file = "~/org/refile.org",
-    }
+    })
+
+    -- NOTE: If you are using nvim-treesitter with ~ensure_installed = "all"~ option
+    -- add ~org~ to ignore_install
+    require('nvim-treesitter.configs').setup({
+      ensure_installed = 'all',
+      ignore_install = { 'org' },
+    })
   end,
 }

home/base/tui/editors/neovim/nvim/lua/plugins/treesitter.lua

@@ -3,6 +3,10 @@
 ---@type LazySpec
 return {
   "nvim-treesitter/nvim-treesitter",
+  dependencies = {
+    -- NOTE: additional parser
+    { "nushell/tree-sitter-nu" }, -- nushell scripts
+  },
   opts = function(_, opts)
     opts.incremental_selection = {
       enable = true,
@@ -13,48 +17,25 @@ return {
         node_decremental = "<bs>", -- Backspace
       },
     }
-    opts.ignore_install = { "gotmpl" }
+    opts.ignore_install = { "gotmpl", "wing" }
 
     -- add more things to the ensure_installed table protecting against community packs modifying it
+    -- https://github.com/nvim-treesitter/nvim-treesitter/tree/master
     opts.ensure_installed = require("astrocore").list_insert_unique(opts.ensure_installed, {
-      -- neovim
-      "vim",
-      "lua",
-      -- operation & cloud native
-      "dockerfile",
-      "hcl",
-      "jsonnet",
-      "regex",
-      "terraform",
-      "nix",
+      -- please add only the tree-sitters that are not available in nixpkgs here
+
+      "kdl",
       "csv",
-      -- other programming language
+      "xml",
+
+      ---- Misc
       "diff",
+      "git_config",
+      "git_rebase",
       "gitignore",
       "gitcommit",
-      "latex",
-      "sql",
-      -- Lisp like
-      "fennel",
-      "clojure",
-      "commonlisp",
-      -- customized languages:
-      "scheme",
+      "gitattributes",
+      "ssh_config",
     })
-
-    -- add support for scheme
-    local parser_config = require("nvim-treesitter.parsers").get_parser_configs()
-    parser_config.scheme = {
-      install_info = {
-        url = "https://github.com/6cdh/tree-sitter-scheme", -- local path or git repo
-        files = { "src/parser.c" },
-        -- optional entries:
-        branch = "main", -- default branch in case of git repo if different from master
-        generate_requires_npm = false, -- if stand-alone parser without npm dependencies
-        requires_generate_from_grammar = false, -- if folder contains pre-generated src/parser.c
-      },
-    }
-    -- use scheme parser for filetypes: scm
-    vim.treesitter.language.register("scheme", "scm")
   end,
 }

home/base/tui/editors/packages.nix

@@ -5,129 +5,151 @@
     '';
   };
 
-  home.packages = with pkgs; [
-    #-- c/c++
-    cmake
-    cmake-language-server
-    gnumake
-    checkmake
-    # c/c++ compiler, required by nvim-treesitter!
-    gcc
-    # c/c++ tools with clang-tools, the unwrapped version won't
-    # add alias like `cc` and `c++`, so that it won't conflict with gcc
-    llvmPackages.clang-unwrapped
-    lldb
+  home.packages = with pkgs; (
+    # -*- Data & Configuration Languages -*-#
+    [
+      #-- nix
+      nil
+      # rnix-lsp
+      # nixd
+      statix # Lints and suggestions for the nix programming language
+      deadnix # Find and remove unused code in .nix source files
+      alejandra # Nix Code Formatter
 
-    #-- python
-    nodePackages.pyright # python language server
-    (python311.withPackages (
-      ps:
-        with ps; [
-          ruff-lsp
-          black # python formatter
+      #-- nickel lang
+      nickel
 
-          jupyter
-          ipython
-          pandas
-          requests
-          pyquery
-          pyyaml
+      #-- json like
+      # terraform  # install via brew on macOS
+      terraform-ls
+      jsonnet
+      jsonnet-language-server
+      taplo # TOML language server / formatter / validator
+      nodePackages.yaml-language-server
+      actionlint # GitHub Actions linter
 
-          ## emacs's lsp-bridge dependenciesge
-          epc
-          orjson
-          sexpdata
-          six
-          setuptools
-          paramiko
-          rapidfuzz
-        ]
-    ))
+      #-- dockerfile
+      hadolint # Dockerfile linter
+      nodePackages.dockerfile-language-server-nodejs
 
-    #-- rust
-    rust-analyzer
-    cargo # rust package manager
-    rustfmt
+      #-- markdown
+      marksman # language server for markdown
+      glow # markdown previewer
+      pandoc # document converter
+      hugo # static site generator
 
-    #-- nix
-    nil
-    # rnix-lsp
-    # nixd
-    statix # Lints and suggestions for the nix programming language
-    deadnix # Find and remove unused code in .nix source files
-    alejandra # Nix Code Formatter
+      #-- sql
+      sqlfluff
 
-    #-- golang
-    go
-    gomodifytags
-    iferr # generate error handling code for go
-    impl # generate function implementation for go
-    gotools # contains tools like: godoc, goimports, etc.
-    gopls # go language server
-    delve # go debugger
+      #-- protocol buffer
+      buf # linting and formatting
+    ]
+    ++
+    #-*- General Purpose Languages -*-#
+    [
+      #-- c/c++
+      cmake
+      cmake-language-server
+      gnumake
+      checkmake
+      # c/c++ compiler, required by nvim-treesitter!
+      gcc
+      gdb
+      # c/c++ tools with clang-tools, the unwrapped version won't
+      # add alias like `cc` and `c++`, so that it won't conflict with gcc
+      # llvmPackages.clang-unwrapped
+      clang-tools
+      lldb
 
-    # -- java
-    jdk17
-    gradle
-    maven
-    spring-boot-cli
+      #-- python
+      pyright # python language server
+      (python311.withPackages (
+        ps:
+          with ps; [
+            ruff-lsp
+            black # python formatter
+            # debugpy
 
-    #-- lua
-    stylua
-    lua-language-server
+            # my commonly used python packages
+            jupyter
+            ipython
+            pandas
+            requests
+            pyquery
+            pyyaml
+            boto3
 
-    #-- bash
-    nodePackages.bash-language-server
-    shellcheck
-    shfmt
+            ## emacs's lsp-bridge dependenciesge
+            # epc
+            # orjson
+            # sexpdata
+            # six
+            # setuptools
+            # paramiko
+            # rapidfuzz
+          ]
+      ))
 
-    #-- javascript/typescript --#
-    nodePackages.nodejs
-    nodePackages.typescript
-    nodePackages.typescript-language-server
-    # HTML/CSS/JSON/ESLint language servers extracted from vscode
-    nodePackages.vscode-langservers-extracted
-    nodePackages."@tailwindcss/language-server"
-    emmet-ls
+      #-- rust
+      rust-analyzer
+      cargo # rust package manager
+      rustfmt
 
-    # -- Lisp like Languages
-    guile
-    racket-minimal
-    fnlfmt # fennel
+      #-- golang
+      go
+      gomodifytags
+      iferr # generate error handling code for go
+      impl # generate function implementation for go
+      gotools # contains tools like: godoc, goimports, etc.
+      gopls # go language server
+      delve # go debugger
 
-    #-- Others
-    taplo # TOML language server / formatter / validator
-    nodePackages.yaml-language-server
-    sqlfluff # SQL linter
-    actionlint # GitHub Actions linter
-    buf # protoc plugin for linting and formatting
-    proselint # English prose linter
+      # -- java
+      jdk17
+      gradle
+      maven
+      spring-boot-cli
+      jdt-language-server
 
-    #-- Misc
-    tree-sitter # common language parser/highlighter
-    nodePackages.prettier # common code formatter
-    marksman # language server for markdown
-    glow # markdown previewer
-    fzf
-    pandoc # document converter
-    hugo # static site generator
+      #-- zig
+      zls
 
-    #-- Optional Requirements:
-    gdu # disk usage analyzer, required by AstroNvim
-    (ripgrep.override {withPCRE2 = true;}) # recursively searches directories for a regex pattern
+      #-- lua
+      stylua
+      lua-language-server
 
-    #-- CloudNative
-    nodePackages.dockerfile-language-server-nodejs
-    # terraform  # install via brew on macOS
-    terraform-ls
-    jsonnet
-    jsonnet-language-server
-    hadolint # Dockerfile linter
+      #-- bash
+      nodePackages.bash-language-server
+      shellcheck
+      shfmt
+    ]
+    #-*- Web Development -*-#
+    ++ [
+      nodePackages.nodejs
+      nodePackages.typescript
+      nodePackages.typescript-language-server
+      # HTML/CSS/JSON/ESLint language servers extracted from vscode
+      nodePackages.vscode-langservers-extracted
+      nodePackages."@tailwindcss/language-server"
+      emmet-ls
+    ]
+    # -*- Lisp like Languages -*-#
+    ++ [
+      guile
+      racket-minimal
+      fnlfmt # fennel
+    ]
+    ++ [
+      proselint # English prose linter
 
-    #-- zig
-    zls
-    #-- verilog / systemverilog
-    verible
-    gdb
-  ];
+      #-- verilog / systemverilog
+      verible
+
+      #-- Optional Requirements:
+      nodePackages.prettier # common code formatter
+      fzf
+      gdu # disk usage analyzer, required by AstroNvim
+      (ripgrep.override {withPCRE2 = true;}) # recursively searches directories for a regex pattern
+    ]
+  );
 }

home/base/tui/shell.nix

@@ -31,9 +31,9 @@ in {
       use ${nu_scripts}/share/nu_scripts/custom-completions/cargo/cargo-completions.nu *
       use ${nu_scripts}/share/nu_scripts/custom-completions/zellij/zellij-completions.nu *
       # alias
-      use ${nu_scripts}/share/nu_scripts/aliases/git/git-aliases.nu *
+      # use ${nu_scripts}/share/nu_scripts/aliases/git/git-aliases.nu *
       use ${nu_scripts}/share/nu_scripts/aliases/eza/eza-aliases.nu *
-      # use ${nu_scripts}/share/nu_scripts/aliases/bat/bat-aliases.nu *
+      use ${nu_scripts}/share/nu_scripts/aliases/bat/bat-aliases.nu *
     '';
   };
 }

home/darwin/core.nix

@@ -1,3 +0,0 @@
-{myvars, ...}: {
-  home.homeDirectory = "/Users/${myvars.username}";
-}

home/darwin/default.nix

@@ -1,4 +1,9 @@
-{mylib, ...}: {
+{
+  mylib,
+  myvars,
+  ...
+}: {
+  home.homeDirectory = "/Users/${myvars.username}";
   imports =
     (mylib.scanPaths ./.)
     ++ [

home/linux/gui/base/creative.nix

@@ -1,7 +1,7 @@
 {
   pkgs,
   pkgs-unstable,
-  pkgs-stable,
+  # pkgs-stable,
   nur-ryan4yin,
   ...
 }: {
@@ -19,7 +19,7 @@
     # kicad     # 3d printing, eletrical engineering
 
     # fpga
-    pkgs-unstable.python311Packages.apycula # gowin fpga
+    pkgs-unstable.python312Packages.apycula # gowin fpga
     pkgs-unstable.yosys # fpga synthesis
     pkgs-unstable.nextpnr # fpga place and route
     pkgs-unstable.openfpgaloader # fpga programming
@@ -30,7 +30,7 @@
     # live streaming
     obs-studio = {
       enable = true;
-      plugins = with pkgs-stable.obs-studio-plugins; [
+      plugins = with pkgs.obs-studio-plugins; [
         # screen capture
         wlrobs
         # obs-ndi

home/linux/gui/base/note-taking.nix

@@ -1,5 +1,5 @@
-{pkgs, ...}: {
-  home.packages = with pkgs; [
+{pkgs-stable, ...}: {
+  home.packages = with pkgs-stable; [
     # https://joplinapp.org/help/
     joplin # joplin-cli
     joplin-desktop

home/linux/gui/base/xdg.nix

@@ -68,7 +68,7 @@
         "x-scheme-handler/tg" = ["org.telegram.desktop.desktop "];
 
         "audio/*" = ["mpv.desktop"];
-        "video/*" = ["mpv.dekstop"];
+        "video/*" = ["mpv.desktop"];
         "image/*" = ["imv-dir.desktop"];
         "image/gif" = ["imv-dir.desktop"];
         "image/jpeg" = ["imv-dir.desktop"];

home/linux/gui/hyprland/conf/scripts/startup

@@ -1,5 +1,9 @@
 #!/usr/bin/env bash
 
+## Fix anyrun
+## https://github.com/anyrun-org/anyrun/issues/153
+ln -s $XDG_RUNTIME_DIR/hypr /tmp/hypr
+
 ## Autostart Programs
 
 # Kill already running process

home/linux/gui/hyprland/values/hyprland.nix

@@ -1,11 +1,10 @@
 {
   pkgs,
   lib,
-  hyprland,
   nur-ryan4yin,
   ...
 }: let
-  package = hyprland.packages.${pkgs.system}.hyprland;
+  package = pkgs.hyprland;
 in {
   # NOTE:
   # We have to enable hyprland/i3's systemd user service in home-manager,
@@ -30,7 +29,10 @@ in {
     };
     extraConfig = builtins.readFile ../conf/hyprland.conf;
     # gammastep/wallpaper-switcher need this to be enabled.
-    systemd.enable = true;
+    systemd = {
+      enable = true;
+      variables = ["--all"];
+    };
   };
 
   # NOTE: this executable is used by greetd to start a wayland session when system boot up

hosts/12kingdoms-rakushun/Disk-and-Installation.md

@@ -138,6 +138,20 @@ sudo nix --experimental-features "nix-command flakes" run github:nix-community/d
 
 cd ~/nix-config
 # install nixos
-# NOTE: the root password you set here will be discarded when reboot
 sudo nixos-install --root /mnt --flake .#rakushun --no-root-password --show-trace --verbose
+
+# enter into the installed system, check password & users
+# `su ryan` => `sudo -i` => enter ryan's password => successfully login
+# if login failed, check the password you set in install-1, and try again
+nixos-enter
+
+# NOTE: DO NOT skip this step!!!
+# copy the essential files into /persistent
+# otherwise the / will be cleared and data will lost
+## NOTE: impermanence just create links from / to /persistent
+##       We need to copy files into /persistent manually!!!
+mv /etc/machine-id /persistent/etc/
+mv /etc/ssh /persistent/etc/
+mkdir -p /persistent/home/ryan
+chown -R ryan:ryan /persistent/home/ryan
 ```

hosts/12kingdoms-rakushun/README.md

@@ -2,7 +2,7 @@
 
 LUKS encrypted SSD for NixOS, on Orange Pi 5 Plus.
 
-Host running storage, operation and maintenance related services:
+Storage, operation and maintenance related services are running on this host:
 
 1. Storage such as git server, file server/browser, torrent downloader,, etc.
 1. Backup or sync my personal data to cloud or NAS.
@@ -31,3 +31,10 @@ the services.
 
 TODO: create a private PKI for caddy, to achieve end-to-end encryption between caddy and the
 services.
+
+## Misc
+
+```bash
+# copy closure to another arm64 machine
+nix-copy-closure --to root@suzu  /run/current-system
+```

hosts/12kingdoms-rakushun/caddy.nix

@@ -1,4 +1,9 @@
-{config, ...}: let
+{
+  pkgs,
+  config,
+  wallpapers,
+  ...
+}: let
   hostCommonConfig = ''
     encode zstd gzip
     tls ${../../certs/ecc-server.crt} ${config.age.secrets."certs/ecc-server.key".path} {
@@ -82,4 +87,11 @@ in {
     # directory for virtual machine's images
     "d /var/lib/caddy/fileserver/vms 0755 caddy caddy"
   ];
+
+  # Add all my wallpapers into /var/lib/caddy/fileserver/wallpapers
+  # Install the homepage-dashboard configuration files
+  system.activationScripts.installCaddyWallpapers = ''
+    mkdir -p /var/lib/caddy/fileserver/wallpapers
+    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F644 ${wallpapers}/ /var/lib/caddy/fileserver/wallpapers/
+  '';
 }

hosts/12kingdoms-rakushun/default.nix

@@ -34,5 +34,5 @@ in {
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 }

hosts/12kingdoms-rakushun/disko-fs.nix

@@ -43,7 +43,8 @@
               name = "encrypted";
               settings = {
                 keyFile = "/dev/disk/by-label/OPI5P_DSC"; # The keyfile is stored on a USB stick
-                # The maximum size of the keyfile is 8192 bytes
+                # The maximum size of the keyfile is 8192 KiB
+                # type `cryptsetup --help` to see the compiled-in key and passphrase maximum sizes
                 keyFileSize = 512 * 64; # match the `bs * count` of the `dd` command
                 keyFileOffset = 512 * 128; # match the `bs * skip` of the `dd` command
                 fallbackToPassword = true;

hosts/12kingdoms-rakushun/gitea.nix

@@ -1,6 +1,6 @@
 {pkgs, ...}: let
 in {
-  # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/misc/gitea.nix
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/misc/gitea.nix
   services.gitea = {
     enable = true;
     user = "gitea";

hosts/12kingdoms-rakushun/homepage/README.md

@@ -1,3 +1 @@
 # Homepage for my Homelab
-
-> WIP, just a demo for now

hosts/12kingdoms-rakushun/homepage/config/settings.yaml

@@ -3,12 +3,12 @@
 # https://gethomepage.dev/latest/configs/settings
 
 title: Ryan Yin's Homelab
-base: http://home.writefor.fun/
+base: https://home.writefor.fun/
 favicon: https://thiscute.world/favicon.ico
 
 # https://developer.mozilla.org/en-US/docs/Web/Manifest/start_url
 # Used by some browsers to determine the start page of the web application
-startUrl: http://home.writefor.fun/
+startUrl: https://home.writefor.fun/
 
 language: zh
 
@@ -20,11 +20,11 @@ providers:
   weatherapi: { { HOMEPAGE_VAR_WEATHERAPI_APIKEY } }
 
 background:
-  image: /images/rolling-girls.png
+  image: https://file.writefor.fun/wallpapers/rolling-girls.png
   blur: sm # sm, "", md, xl... see https://tailwindcss.com/docs/backdrop-blur
-  saturate: 50 # 0, 50, 100... see https://tailwindcss.com/docs/backdrop-saturate
-  brightness: 50 # 0, 50, 75... see https://tailwindcss.com/docs/backdrop-brightness
-  opacity: 50 # 0-100
+  saturate: 90 # 0, 50, 100... see https://tailwindcss.com/docs/backdrop-saturate
+  brightness: 90 # 0, 50, 75... see https://tailwindcss.com/docs/backdrop-brightness
+  opacity: 85 # 0-100
 
 theme: dark # or light
 

hosts/12kingdoms-rakushun/oci-containers/dashy/default.nix

@@ -6,7 +6,7 @@
   #   install -Dm 600 ${./dashy_conf.yml} /etc/dashy/dashy_conf.yml
   # '';
   #
-  # # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/virtualisation/oci-containers.nix
+  # # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/virtualisation/oci-containers.nix
   # virtualisation.oci-containers.containers = {
   #   # check its logs via `journalctl -u podman-dashy`
   #   dashy = {

hosts/12kingdoms-rakushun/proxy.nix

@@ -78,7 +78,7 @@
     };
   };
 
-  # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/monitoring/prometheus/exporters/v2ray.nix
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters/v2ray.nix
   # https://github.com/wi1dcard/v2ray-exporter
   services.prometheus.exporters.v2ray = {
     enable = true;

hosts/12kingdoms-rakushun/restic.nix

@@ -3,7 +3,7 @@
   sshKeyPath = "/etc/agenix/ssh-key-for-restic-backup";
   rcloneConfigFile = "/etc/agenix/rclone-conf-for-restic-backup";
 in {
-  # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/backup/restic.nix
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/backup/restic.nix
   services.restic.backups = {
     homelab-backup = {
       inherit passwordFile;

hosts/12kingdoms-rakushun/transmission.nix

@@ -7,7 +7,7 @@
   name = "transmission";
 in {
   # the headless Transmission BitTorrent daemon
-  # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/torrent/transmission.nix
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/torrent/transmission.nix
   # https://wiki.archlinux.org/title/transmission
   services.transmission = {
     enable = true;
@@ -81,7 +81,7 @@ in {
       lpd-enabled = true;
       # The peer port to listen for incoming connections.
       peer-port = 51413;
-      # Enable UPnP or NAT-PMP to forward a port through your firewall(NAT).
+      # Enable UOnP or NAT-PMP to forward a port through your firewall(NAT).
       # https://github.com/transmission/transmission/blob/main/docs/Port-Forwarding-Guide.md
       port-forwarding-enabled = true;
 

hosts/12kingdoms-rakushun/uptime-kuma.nix

@@ -1,5 +1,5 @@
 {
-  # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/monitoring/uptime-kuma.nix
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/uptime-kuma.nix
   services.uptime-kuma = {
     enable = true;
     # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables

hosts/12kingdoms-shoukei/brcm-firmware/flake.lock

@@ -11,7 +11,7 @@
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.05",
         "repo": "nixpkgs",
         "type": "github"
       }

hosts/12kingdoms-shoukei/brcm-firmware/flake.nix

@@ -1,6 +1,6 @@
 {
   # a flake for testing
-  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
+  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
   outputs = {nixpkgs, ...}: let
     system = "x86_64-linux";
     pkgs = import nixpkgs {inherit system;};

hosts/12kingdoms-shoukei/default.nix

@@ -38,5 +38,5 @@ in {
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 }

hosts/12kingdoms-shoukei/hardware-configuration.nix

@@ -37,13 +37,14 @@
     "ntfs"
     "fat"
     "vfat"
+    "exfat"
   ];
 
   # clear /tmp on boot to get a stateless /tmp directory.
   boot.tmp.cleanOnBoot = true;
   boot.initrd = {
     # unlocked luks devices via a keyfile or prompt a passphrase.
-    luks.devices."encrypted-nixos" = {
+    luks.devices."crypted-nixos" = {
       device = "/dev/nvme0n1p4";
       # the keyfile(or device partition) that should be used as the decryption key for the encrypted device.
       # if not specified, you will be prompted for a passphrase instead.

hosts/12kingdoms-suzu/Disk-and-installation.md

@@ -137,6 +137,20 @@ sudo nix --experimental-features "nix-command flakes" run github:nix-community/d
 
 cd ~/nix-config
 # install nixos
-# NOTE: the root password you set here will be discarded when reboot
 sudo nixos-install --root /mnt --flake .#suzu --no-root-password --show-trace --verbose
+
+# enter into the installed system, check password & users
+# `su ryan` => `sudo -i` => enter ryan's password => successfully login
+# if login failed, check the password you set in install-1, and try again
+nixos-enter
+
+# NOTE: DO NOT skip this step!!!
+# copy the essential files into /persistent
+# otherwise the / will be cleared and data will lost
+## NOTE: impermanence just create links from / to /persistent
+##       We need to copy files into /persistent manually!!!
+mv /etc/machine-id /persistent/etc/
+mv /etc/ssh /persistent/etc/
+mkdir -p /persistent/home/ryan
+chown -R ryan:ryan /persistent/home/ryan
 ```

hosts/12kingdoms-suzu/default.nix

@@ -30,5 +30,5 @@ in {
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 }

hosts/12kingdoms-suzu/disko-fs.nix

@@ -43,7 +43,8 @@
               name = "encrypted";
               settings = {
                 keyFile = "/dev/disk/by-label/OPI5_DSC"; # The keyfile is stored on a USB stick
-                # The maximum size of the keyfile is 8192 bytes
+                # The maximum size of the keyfile is 8192 KiB
+                # type `cryptsetup --help` to see the compiled-in key and passphrase maximum sizes
                 keyFileSize = 512 * 64; # match the `bs * count` of the `dd` command
                 keyFileOffset = 512 * 128; # match the `bs * skip` of the `dd` command
                 fallbackToPassword = true;

hosts/12kingdoms-suzu/microvm/mitsuha/default.nix

@@ -63,5 +63,5 @@
     socket = "control.socket";
   };
 
-  system.stateVersion = "23.11";
+  system.stateVersion = "24.05";
 }

hosts/12kingdoms-suzu/microvm/mitsuha/tailscale.nix

@@ -21,7 +21,7 @@
 #   which is already persistent across reboots(via impermanence.nix)
 #
 # References:
-# https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/networking/tailscale.nix
+# https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/networking/tailscale.nix
 #
 # =============================================================
 {

hosts/12kingdoms-suzu/microvm/suzi/config.dae

@@ -272,6 +272,12 @@ routing {
     domain(geosite:openai) -> sg
     domain(regex:'.+\.openai$') -> sg
 
+    # Steam
+    domain(suffix: steampowered.com) -> direct
+    domain(suffix: steamserver.net) -> direct
+    domain(geosite:steam@cn) -> direct
+    domain(geosite:steam) -> proxy
+
     ### Media
     domain(geosite:netflix) -> media
 

hosts/12kingdoms-suzu/microvm/suzi/default.nix

@@ -66,5 +66,5 @@
     socket = "control.socket";
   };
 
-  system.stateVersion = "23.11";
+  system.stateVersion = "24.05";
 }

hosts/12kingdoms-suzu/microvm/suzi/networking.nix

@@ -37,7 +37,7 @@ in {
     nat.enable = false;
     firewall.enable = false;
 
-    # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/networking/nftables.nix
+    # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/networking/nftables.nix
     nftables = {
       enable = true;
       # Check the applied rules with `nft -a list ruleset`.
@@ -164,7 +164,7 @@ in {
   };
 
   # monitoring with prometheus
-  # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix
   services.prometheus.exporters.dnsmasq = {
     enable = true;
     listenAddress = "0.0.0.0";

hosts/idols-ai/README.md

@@ -40,7 +40,7 @@ zram0             253:0    0 15.6G  0 disk  [SWAP]
 nvme0n1           259:0    0  1.8T  0 disk
 ├─nvme0n1p1       259:2    0  598M  0 part  /boot
 └─nvme0n1p2       259:3    0  1.8T  0 part
-  └─encrypted-nixos 254:0    0  1.8T  0 crypt /tmp
+  └─crypted-nixos 254:0    0  1.8T  0 crypt /tmp
                                             /swap/swapfile
                                             /swap
                                             /snapshots

hosts/idols-ai/default.nix

@@ -20,7 +20,9 @@ in {
     inherit hostName;
     inherit (myvars.networking) defaultGateway nameservers;
     inherit (myvars.networking.hostsInterface.${hostName}) interfaces;
-    networkmanager.enable = false;
+
+    # desktop need its cli for status bar
+    networkmanager.enable = true;
   };
 
   # conflict with feature: containerd-snapshotter
@@ -30,6 +32,7 @@ in {
   services.xserver.videoDrivers = ["nvidia"]; # will install nvidia-vaapi-driver by default
   hardware.nvidia = {
     # Optionally, you may need to select the appropriate driver version for your specific GPU.
+    # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/os-specific/linux/nvidia-x11/default.nix
     # package = config.boot.kernelPackages.nvidiaPackages.stable;
 
     # required by most wayland compositors!
@@ -38,12 +41,10 @@ in {
   };
   virtualisation.docker.enableNvidia = true; # for nvidia-docker
 
-  hardware.opengl = {
+  hardware.graphics = {
     enable = true;
-    # if hardware.opengl.driSupport is enabled, mesa is installed and provides Vulkan for supported hardware.
-    driSupport = true;
     # needed by nvidia-docker
-    driSupport32Bit = true;
+    enable32Bit = true;
   };
 
   # This value determines the NixOS release from which the default
@@ -52,5 +53,5 @@ in {
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 }

hosts/idols-ai/hardware-configuration.nix

@@ -40,11 +40,12 @@
     "ntfs"
     "fat"
     "vfat"
+    "exfat"
   ];
 
   boot.initrd = {
     # unlocked luks devices via a keyfile or prompt a passphrase.
-    luks.devices."encrypted-nixos" = {
+    luks.devices."crypted-nixos" = {
       # NOTE: DO NOT use device name here(like /dev/sda, /dev/nvme0n1p2, etc), use UUID instead.
       # https://github.com/ryan4yin/nix-config/issues/43
       device = "/dev/disk/by-uuid/a21ca82a-9ee6-4e5c-9d3f-a93e84e4e0f4";

hosts/idols-aquamarine/default.nix

@@ -34,5 +34,5 @@ in {
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 }

hosts/idols-kana/default.nix

@@ -41,5 +41,5 @@ in {
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 }

hosts/idols-ruby/default.nix

@@ -43,5 +43,5 @@ in {
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 }

hosts/k8s/disko-config/README.md

@@ -50,10 +50,11 @@ sudo nix run --experimental-features "nix-command flakes" 'github:nix-community/
 ## 1. partition & format the disk via disko
 sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko hosts/k8s/disko-config/kukubevirt-disko-fs.nix
 ## 2. install nixos
-# NOTE: the root password you set here will be discarded when reboot
 sudo nixos-install --root /mnt --no-root-password --show-trace --verbose --flake .#kubevirt-shoryu
 
-# move the essential files into /persistent
+# enter into the installed system, check password & users
+# `su ryan` => `sudo -i` => enter ryan's password => successfully login
+# if login failed, check the password you set in install-1, and try again
 nixos-enter
 
 # NOTE: DO NOT skip this step!!!
@@ -63,4 +64,6 @@ nixos-enter
 ##       We need to copy files into /persistent manually!!!
 mv /etc/machine-id /persistent/etc/
 mv /etc/ssh /persistent/etc/
+mkdir -p /persistent/home/ryan
+chown -R ryan:ryan /persistent/home/ryan
 ```

hosts/k8s/disko-config/kubevirt-disko-fs.nix

@@ -49,7 +49,8 @@
               name = "encrypted";
               settings = {
                 keyFile = "/dev/disk/by-label/NIXOS_DSC"; # The keyfile is stored on a USB stick
-                # The maximum size of the keyfile is 8192 bytes
+                # The maximum size of the keyfile is 8192 KiB
+                # type `cryptsetup --help` to see the compiled-in key and passphrase maximum sizes
                 keyFileSize = 512 * 64; # match the `bs * count` of the `dd` command
                 keyFileOffset = 512 * 128; # match the `bs * skip` of the `dd` command
                 fallbackToPassword = true;

lib/genK3sServerModule.nix

@@ -27,8 +27,10 @@ in {
     kubernetes-helm
     cilium-cli
     fluxcd
+    clusterctl # for kubernetes cluster-api
 
-    skopeo
+    skopeo # copy/sync images between registries and local storage
+    go-containerregistry # provides `crane` & `gcrane`, it's similar to skopeo
     dive # explore docker layers
   ];
 

lib/genKubeVirtGuestModule.nix

@@ -40,5 +40,5 @@ in {
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 }

lib/genKubeVirtHostModule.nix

@@ -99,5 +99,5 @@ in {
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 }

lib/macosSystem.nix

@@ -9,7 +9,7 @@
   specialArgs ? (genSpecialArgs system),
   ...
 }: let
-  inherit (inputs) nixpkgs home-manager nix-darwin;
+  inherit (inputs) nixpkgs-darwin home-manager nix-darwin;
 in
   nix-darwin.lib.darwinSystem {
     inherit system specialArgs;
@@ -17,14 +17,7 @@ in
       darwin-modules
       ++ [
         ({lib, ...}: {
-          nixpkgs.pkgs = import nixpkgs {inherit system;};
-          # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
-          nix.registry.nixpkgs.flake = nixpkgs;
-
-          environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
-          # make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
-          # discard all the default paths, and only use the one from this flake.
-          nix.nixPath = lib.mkForce ["/etc/nix/inputs"];
+          nixpkgs.pkgs = import nixpkgs-darwin {inherit system;};
         })
       ]
       ++ (

modules/base.nix

@@ -15,6 +15,10 @@
     ../certs/ecc-ca.crt
   ];
 
+  # auto upgrade nix to the unstable version
+  # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/tools/package-management/nix/default.nix#L284
+  nix.package = pkgs.nixVersions.latest;
+
   environment.systemPackages = with pkgs; [
     git # used by nix flakes
     git-lfs # used by huggingface models
@@ -23,7 +27,7 @@
     zip
     xz
     zstd
-    unzip
+    unzipNLS
     p7zip
 
     # Text Processing
@@ -88,18 +92,22 @@
     substituters = [
       # cache mirror located in China
       # status: https://mirror.sjtu.edu.cn/
-      # "https://mirror.sjtu.edu.cn/nix-channels/store"
+      "https://mirror.sjtu.edu.cn/nix-channels/store"
       # status: https://mirrors.ustc.edu.cn/status/
       "https://mirrors.ustc.edu.cn/nix-channels/store"
+      "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"
 
       "https://nix-community.cachix.org"
       # my own cache server
       "https://ryan4yin.cachix.org"
+      # cuda-maintainer's cache server
+      "https://cuda-maintainers.cachix.org"
     ];
 
     trusted-public-keys = [
       "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
       "ryan4yin.cachix.org-1:Gbk27ZU5AYpGS9i3ssoLlwdvMIh0NxG0w8it/cv9kbU="
+      "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
     ];
     builders-use-substitutes = true;
   };

modules/darwin/apps.nix

@@ -2,6 +2,7 @@
   config,
   lib,
   pkgs,
+  pkgs-unstable,
   ...
 }:
 ##########################################################################
@@ -80,7 +81,7 @@ in {
   programs.zsh.enable = true;
   environment.shells = [
     pkgs.zsh
-    pkgs.nushellFull # my custom shell
+    pkgs-unstable.nushell # my custom shell
   ];
 
   # homebrew need to be installed manually, see https://brew.sh
@@ -103,7 +104,7 @@ in {
       Wechat = 836500024;
       QQ = 451108668;
       WeCom = 1189898970; # Wechat for Work
-      TecentMetting = 1484048379;
+      TecentMeeting = 1484048379;
       QQMusic = 595615424;
     };
 
@@ -164,7 +165,7 @@ in {
       # Misc
       "shadowsocksx-ng" # proxy tool
       "iina" # video player
-      "raycast" # (HotKey: alt/option + space)search, caculate and run scripts(with many plugins)
+      "raycast" # (HotKey: alt/option + space)search, calculate and run scripts(with many plugins)
       "stats" # beautiful system status monitor in menu bar
       # "reaper"  # audio editor
       "sonic-pi" # music programming

modules/darwin/nix-core.nix

@@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
+  lib,
+  nixpkgs,
+  ...
+}: {
   ###################################################################################
   #
   #  Core configuration for nix-darwin
@@ -7,7 +11,7 @@
   #    https://daiderd.com/nix-darwin/manual/index.html#sec-options
   #
   # History Issues:
-  #  1. Fixed by replace the determinated nix-installer by the official one:
+  #  1. Fixed by replace the determined nix-installer by the official one:
   #     https://github.com/LnL7/nix-darwin/issues/149#issuecomment-1741720259
   #
   ###################################################################################
@@ -15,9 +19,8 @@
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
 
-  # Auto upgrade nix package and the daemon service.
+  # Auto upgrade the nix-daemon service.
   services.nix-daemon.enable = true;
-  nix.package = pkgs.nix;
 
   # Disable auto-optimise-store because of this issue:
   #   https://github.com/NixOS/nix/issues/7273
@@ -25,4 +28,12 @@
   nix.settings.auto-optimise-store = false;
 
   nix.gc.automatic = false;
+
+  # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
+  nix.registry.nixpkgs.flake = nixpkgs;
+
+  environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
+  # make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
+  # discard all the default paths, and only use the one from this flake.
+  nix.nixPath = lib.mkForce ["/etc/nix/inputs"];
 }

modules/darwin/system.nix

@@ -13,12 +13,14 @@
 #   1. To avoid conflicts with neovim, disable ctrl + up/down/left/right to switch spaces in:
 #     [System Preferences] -> [Keyboard] -> [Keyboard Shortcuts] -> [Mission Control]
 #   2. Disable use Caps Lock as 中/英 switch in:
-#     [System Preferences] -> [Keyboard] -> [Input Sources] -> [Edit] -> [Use 中/英 key to switch ] -> [Disble]
+#     [System Preferences] -> [Keyboard] -> [Input Sources] -> [Edit] -> [Use 中/英 key to switch ] -> [Disable]
 ###################################################################################
 {
   # Add ability to used TouchID for sudo authentication
   security.pam.enableSudoTouchIdAuth = true;
 
+  time.timeZone = "Asia/Shanghai";
+
   system = {
     # activationScripts are executed every time you boot the system or run `nixos-rebuild` / `darwin-rebuild`.
     activationScripts.postUserActivation.text = ''
@@ -118,7 +120,7 @@
           DSDontWriteUSBStores = true;
         };
         "com.apple.spaces" = {
-          "spans-displays" = 0; # Display have seperate spaces
+          "spans-displays" = 0; # Display have separate spaces
         };
         "com.apple.WindowManager" = {
           EnableStandardClickToShowDesktop = 0; # Click wallpaper to reveal desktop
@@ -183,13 +185,7 @@
 
   # Fonts
   fonts = {
-    # will be removed after this PR is merged:
-    #   https://github.com/LnL7/nix-darwin/pull/754
-    fontDir.enable = true;
-
-    # will change to `fonts.packages` after this PR is merged:
-    #   https://github.com/LnL7/nix-darwin/pull/754
-    fonts = with pkgs; [
+    packages = with pkgs; [
       # packages = with pkgs; [
       # icon fonts
       material-design-icons
@@ -202,7 +198,7 @@
       source-han-serif # 思源宋体
 
       # nerdfonts
-      # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/pkgs/data/fonts/nerdfonts/shas.nix
+      # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/pkgs/data/fonts/nerdfonts/shas.nix
       (nerdfonts.override {
         fonts = [
           # symbols icon only

modules/darwin/wm/yabai.nix

@@ -1,34 +1,13 @@
 {
-  pkgs,
   config,
-  lib,
   myvars,
-  pkgs-unstable,
   ...
 }: let
   homeDir = config.users.users."${myvars.username}".home;
 in {
-  # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/os-specific/darwin/yabai/default.nix
+  # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ya/yabai/package.nix
   services.yabai = {
     enable = true;
-    # temporary workaround for https://github.com/ryan4yin/nix-config/issues/51
-    package = pkgs-unstable.yabai.overrideAttrs (oldAttrs: rec {
-      version = "6.0.7";
-      src =
-        if pkgs.stdenv.isAarch64
-        then
-          (pkgs.fetchzip {
-            url = "https://github.com/koekeishiya/yabai/releases/download/v${version}/yabai-v${version}.tar.gz";
-            hash = "sha256-hZMBXSCiTlx/37jt2yLquCQ8AZ2LS3heIFPKolLub1c=";
-          })
-        else
-          (pkgs.fetchFromGitHub {
-            owner = "koekeishiya";
-            repo = "yabai";
-            rev = "v${version}";
-            hash = "sha256-vWL2KA+Rhj78I2J1kGItJK+OdvhVo1ts0NoOHIK65Hg=";
-          });
-    });
 
     # Whether to enable yabai's scripting-addition.
     # SIP must be disabled for this to work.

modules/nixos/base/btrbk.nix

@@ -18,12 +18,19 @@
 
   services.btrbk.instances.btrbk = {
     # How often this btrbk instance is started. See systemd.time(7) for more information about the format.
-    onCalendar = "daily";
+    onCalendar = "Tue,Fri,Sat,Sun *-*-* 3:45:20"; # daily at 3:45, except on Monday, Wednesday, and Thursday
     settings = {
-      # keep daily snapshots for 14 days
-      snapshot_preserve = "14d";
-      # keep all snapshots for 2 days, no matter how frequently you (or your cron job) run btrbk
+      # how to prune local snapshots:
+      # 1. keep daily snapshots for xx days
+      snapshot_preserve = "9d";
+      # 2. keep all snapshots for 2 days, no matter how frequently you (or your cron job) run btrbk
       snapshot_preserve_min = "2d";
+
+      # hot to prune remote incremental baqckups:
+      # keep daily backups for 9 days, weekly backups for 4 weeks, and monthly backups for 2 months
+      target_preserve = "9d 4w 2m";
+      target_preserve_min = "no";
+
       volume = {
         "/btr_pool" = {
           subvolume = {
@@ -31,7 +38,10 @@
               snapshot_create = "always";
             };
           };
-          target = "/snapshots";
+
+          # backup to a remote server or a local directory
+          # its prune policy is defined by `target_preserve` and `target_preserve_min`
+          # target = "/snapshots";
         };
       };
     };

modules/nixos/base/monitoring.nix

@@ -1,6 +1,6 @@
 {
   # enable the node exporter on all nixos hosts
-  # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/monitoring/prometheus/exporters/node.nix
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters/node.nix
   services.prometheus.exporters.node = {
     enable = true;
     listenAddress = "0.0.0.0";

modules/nixos/base/nix.nix

@@ -17,13 +17,5 @@
   # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store
   nix.settings.auto-optimise-store = true;
 
-  # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
-  nix.registry.nixpkgs.flake = nixpkgs;
   nix.channel.enable = false; # remove nix-channel related tools & configs, we use flakes instead.
-
-  # but NIX_PATH is still used by many useful tools, so we set it to the same value as the one used by this flake.
-  # Make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
-  environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
-  # https://github.com/NixOS/nix/issues/9574
-  nix.settings.nix-path = lib.mkForce "nixpkgs=/etc/nix/inputs/nixpkgs";
 }

modules/nixos/base/ssh.nix

@@ -23,6 +23,6 @@
   };
 
   # Add terminfo database of all known terminals to the system profile.
-  # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/config/terminfo.nix
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/config/terminfo.nix
   environment.enableAllTerminfo = true;
 }

modules/nixos/desktop/fonts.nix

@@ -25,7 +25,7 @@
       source-han-serif # 思源宋体
 
       # nerdfonts
-      # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/pkgs/data/fonts/nerdfonts/shas.nix
+      # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/pkgs/data/fonts/nerdfonts/shas.nix
       (nerdfonts.override {
         fonts = [
           # symbols icon only

modules/nixos/desktop/misc.nix

@@ -2,12 +2,13 @@
   config,
   lib,
   pkgs,
+  pkgs-unstable,
   ...
 }: {
   # add user's shell into /etc/shells
   environment.shells = with pkgs; [
     bashInteractive
-    nushellFull
+    pkgs-unstable.nushell
   ];
   # set user's default shell system-wide
   users.defaultUserShell = pkgs.bashInteractive;

modules/nixos/desktop/peripherals.nix

@@ -24,8 +24,6 @@
   };
   # rtkit is optional but recommended
   security.rtkit.enable = true;
-  # Remove sound.enable or turn it off if you had it set previously, it seems to cause conflicts with pipewire
-  sound.enable = false;
   # Disable pulseaudio, it conflicts with pipewire too.
   hardware.pulseaudio.enable = false;
 

modules/nixos/desktop/remote-desktop/default.nix

@@ -3,11 +3,11 @@
   mylib,
   ...
 }: {
-  imports = mylib.scanPaths ./.;
-
-  environment.systemPackages = with pkgs; [
-    waypipe
-    moonlight-qt # moonlight client, for streaming games/desktop from a PC
-    rustdesk # p2p remote desktop
-  ];
+  # imports = mylib.scanPaths ./.;
+  #
+  # environment.systemPackages = with pkgs; [
+  #   waypipe
+  #   moonlight-qt # moonlight client, for streaming games/desktop from a PC
+  #   rustdesk # p2p remote desktop
+  # ];
 }

modules/nixos/desktop/remote-desktop/tailscale.nix

@@ -25,7 +25,7 @@
 #   which is already persistent across reboots(via impermanence.nix)
 #
 # References:
-# https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/networking/tailscale.nix
+# https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/networking/tailscale.nix
 #
 # =============================================================
 {

nixos-installer/README.md

@@ -98,7 +98,7 @@ cryptsetup luksFormat --type luks2 --cipher aes-xts-plain64 --hash sha512 --iter
 cryptsetup luksDump /dev/nvme0n1p2
 
 # open(unlock) the device with the passphrase you just set
-cryptsetup luksOpen /dev/nvme0n1p2 encrypted-nixos
+cryptsetup luksOpen /dev/nvme0n1p2 crypted-nixos
 
 # show disk status
 lsblk
@@ -110,7 +110,7 @@ Formatting the root partition:
 # NOTE: `cat shoukei.md | grep create-btrfs > btrfs.sh` to generate this script
 mkfs.fat -F 32 -n ESP /dev/nvme0n1p1  # create-btrfs
 # format the root partition with btrfs and label it
-mkfs.btrfs -L encrypted-nixos /dev/mapper/crypted-nixos   # create-btrfs
+mkfs.btrfs -L crypted-nixos /dev/mapper/crypted-nixos   # create-btrfs
 
 # mount the root partition and create subvolumes
 mount /dev/mapper/crypted-nixos /mnt  # create-btrfs
@@ -130,7 +130,7 @@ umount /mnt  # create-btrfs
 #     1. Extend the life of the SSD.
 #     2. improve the performance of disks with low IOPS / RW throughput, such as HDD and SATA SSD.
 #   2. Save the disk space.
-mkdir /mnt/{nix,tmp,swap,persistent,snapshots,boot}  # mount-1
+mkdir /mnt/{nix,gnu,tmp,swap,persistent,snapshots,boot}  # mount-1
 mount -o compress-force=zstd:1,noatime,subvol=@nix /dev/mapper/crypted-nixos /mnt/nix  # mount-1
 mount -o compress-force=zstd:1,noatime,subvol=@guix /dev/mapper/crypted-nixos /mnt/gnu  # mount-1
 mount -o compress-force=zstd:1,subvol=@tmp /dev/mapper/crypted-nixos /mnt/tmp  # mount-1
@@ -162,7 +162,7 @@ $ lsblk
 nvme0n1           259:0    0   1.8T  0 disk
 ├─nvme0n1p1       259:2    0   600M  0 part  /mnt/boot
 └─nvme0n1p2       259:3    0   1.8T  0 part
-  └─encrypted-nixos 254:0    0   1.8T  0 crypt /mnt/swap
+  └─crypted-nixos 254:0    0   1.8T  0 crypt /mnt/swap
                                              /mnt/persistent
                                              /mnt/snapshots
                                              /mnt/nix

nixos-installer/README.shoukei.md

@@ -79,7 +79,7 @@ cryptsetup luksFormat --type luks2 --cipher aes-xts-plain64 --hash sha512 --iter
 cryptsetup luksDump /dev/nvme0n1p4
 
 # open(unlock) the device with the passphrase you just set
-cryptsetup luksOpen /dev/nvme0n1p4 encrypted-nixos
+cryptsetup luksOpen /dev/nvme0n1p4 crypted-nixos
 
 # show disk status
 lsblk
@@ -90,7 +90,7 @@ Formatting the root partition:
 ```bash
 # NOTE: `cat shoukei.md | egrep "create-btrfs"  > create-btrfs.sh` to generate this script
 # format the root partition with btrfs and label it
-mkfs.btrfs -L encrypted-nixos /dev/mapper/crypted-nixos  # create-btrfs
+mkfs.btrfs -L crypted-nixos /dev/mapper/crypted-nixos  # create-btrfs
 # mount the root partition and create subvolumes
 mount /dev/mapper/crypted-nixos /mnt  # create-btrfs
 btrfs subvolume create /mnt/@nix  # create-btrfs
@@ -139,7 +139,7 @@ $ lsblk
 nvme0n1           259:0    0   1.8T  0 disk
 ├─nvme0n1p1       259:2    0   600M  0 part  /mnt/boot
 └─nvme0n1p4       259:3    0   1.8T  0 part
-  └─encrypted-nixos 254:0    0   1.8T  0 crypt /mnt/swap
+  └─crypted-nixos 254:0    0   1.8T  0 crypt /mnt/swap
                                              /mnt/persistent
                                              /mnt/snapshots
                                              /mnt/nix

nixos-installer/configuration.nix

@@ -18,5 +18,5 @@
     networkmanager.enable = true;
     defaultGateway = "192.168.5.101";
   };
-  system.stateVersion = "23.11";
+  system.stateVersion = "24.05";
 }

nixos-installer/flake.lock

@@ -40,7 +40,7 @@
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.05",
         "repo": "nixpkgs",
         "type": "github"
       }

nixos-installer/flake.nix

@@ -2,20 +2,27 @@
   description = "NixOS configuration of Ryan Yin";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
     impermanence.url = "github:nix-community/impermanence";
     nixos-hardware.url = "github:NixOS/nixos-hardware/master";
+    nuenv.url = "github:DeterminateSystems/nuenv";
   };
 
   outputs = inputs @ {
     nixpkgs,
     nixos-hardware,
+    nuenv,
     ...
   }: {
     nixosConfigurations = {
       ai = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
-        specialArgs = inputs // {myvars.username = "ryan";};
+        specialArgs =
+          inputs
+          // {
+            myvars.username = "ryan";
+            myvars.userfullname = "Ryan Yin";
+          };
         modules = [
           {networking.hostName = "ai";}
 
@@ -33,7 +40,12 @@
 
       shoukei = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
-        specialArgs = inputs // {myvars.username = "ryan";};
+        specialArgs =
+          inputs
+          // {
+            myvars.username = "ryan";
+            myvars.userfullname = "Ryan Yin";
+          };
         modules = [
           # Building on a USB installer is buggy, lack of disk space, memory, trublesome to setup substituteers, etc.
           # so we disable apple-t2 module here to avoid build kernel during the initial installation, and enable it after the first boot.

scripts/darwin_set_proxy.py

@@ -4,39 +4,56 @@
                                                                                                                                                                                                                                                                                           
   https://github.com/NixOS/nix/issues/1472#issuecomment-1532955973
 """
+
 import os
 import plistlib
 import shlex
 import subprocess
 from pathlib import Path
-                                                                                                                                                                                                                                                                                          
-                                                                                                                                                                                                                                                                                          
+
+
 NIX_DAEMON_PLIST = Path("/Library/LaunchDaemons/org.nixos.nix-daemon.plist")
 NIX_DAEMON_NAME = "org.nixos.nix-daemon"
 # http proxy provided by my homelab's bypass router
-HTTP_PROXY = "http://192.168.5.103:7890"
-                                                                                                                                                                                                                                                                                          
-pl = plistlib.loads(NIX_DAEMON_PLIST.read_bytes())
-                                                                                                                                                                                                                                                                                          
-# set http/https proxy
-# NOTE: curl only accept the lowercase of `http_proxy`!
-# NOTE: https://curl.se/libcurl/c/libcurl-env.html
-# pl["EnvironmentVariables"]["http_proxy"] = HTTP_PROXY
-# pl["EnvironmentVariables"]["https_proxy"] = HTTP_PROXY
-                                                                                                                                                                                                                                                                                          
-# remove http proxy
-pl["EnvironmentVariables"].pop("http_proxy", None)
-pl["EnvironmentVariables"].pop("https_proxy", None)
-                                                                                                                                                                                                                                                                                          
-os.chmod(NIX_DAEMON_PLIST, 0o644)
-NIX_DAEMON_PLIST.write_bytes(plistlib.dumps(pl))
-os.chmod(NIX_DAEMON_PLIST, 0o444)
-                                                                                                                                                                                                                                                                                          
-# reload the plist
-for cmd in (
+HTTP_PROXY = "http://192.168.5.179:7890"
+
+PLIST = plistlib.loads(NIX_DAEMON_PLIST.read_bytes())
+
+
+def update_plist():
+    os.chmod(NIX_DAEMON_PLIST, 0o644)
+    NIX_DAEMON_PLIST.write_bytes(plistlib.dumps(PLIST))
+    os.chmod(NIX_DAEMON_PLIST, 0o444)
+
+
+def reload_daemon():
+    # reload the plist
+    for cmd in (
         f"launchctl unload {NIX_DAEMON_PLIST}",
         f"launchctl load {NIX_DAEMON_PLIST}",
-):
-    print(cmd)
-    subprocess.run(shlex.split(cmd), capture_output=False)
+    ):
+        print(cmd)
+        subprocess.run(shlex.split(cmd), capture_output=False)
 
+
+def set_proxy():
+    # set http/https proxy
+    # NOTE: curl only accept the lowercase of `http_proxy`!
+    # NOTE: https://curl.se/libcurl/c/libcurl-env.html
+    PLIST["EnvironmentVariables"]["http_proxy"] = HTTP_PROXY
+    PLIST["EnvironmentVariables"]["https_proxy"] = HTTP_PROXY
+    update_plist()
+    reload_daemon()
+
+
+def unset_proxy():
+    # remove http proxy
+    PLIST["EnvironmentVariables"].pop("http_proxy", None)
+    PLIST["EnvironmentVariables"].pop("https_proxy", None)
+    update_plist()
+    reload_daemon()
+
+
+if __name__ == "__main__":
+    # set_proxy()
+    unset_proxy()

secrets/README.md

@@ -30,7 +30,13 @@ This task is accomplished using the [agenix](https://github.com/ryantm/agenix) C
 To use agenix temporarily, run:
 
 ```bash
-nix shell nixpkgs#agenix
+nix shell github:ryantm/agenix#agenix
+```
+
+or agenix provided by ragenix, run:
+
+```bash
+nix shell github:ryan4yin/ragenix#ragenix
 ```
 
 Suppose you want to add a new secret file `xxx.age`. Follow these steps:

utils.nu

@@ -54,7 +54,7 @@ export def darwin-rollback [] {
     ./result/sw/bin/darwin-rebuild --rollback
 }
 
-# ==================== Virutal Machines related =====================
+# ==================== Virtual Machines related =====================
 
 # Build and upload a VM image
 export def upload-vm [