Merge pull request #154 from ryan4yin/refactor-vars

refactor: migrate ssh auth keys & hashed password into vars
2026-05-28 18:39:31 +02:00 · 2024-08-16 14:40:54 +08:00 · 2024-08-16 14:40:06 +08:00 · 2024-08-16 11:46:37 +08:00 · 2024-08-16 11:44:30 +08:00 · 2024-08-15 22:50:20 +08:00
114 changed files with 1361 additions and 1097 deletions
@@ -1,3 +1,3 @@
 github: ryan4yin
 patreon: ryan4yin
-custom: ["https://buymeacoffee.com/ryan4yin", "https://afdian.net/a/ryan4yin"]
+custom: ["https://buymeacoffee.com/ryan4yin"]
@@ -3,3 +3,4 @@ result/
 .direnv/
 .DS_Store
 .pre-commit-config.yaml
+logs/
@@ -10,4 +10,5 @@ extend-ignore-re = [
  "iterm2",
  "iHgEIBYKACAWIQSizQe9ljFEyyclWmtVhZllwnQrSwUCZZ1T9wIdAAAKCRBVhZll", # crypto keys
  "noice", # noice.nvim
+  "crypted-nixos",
 ]
@@ -1,57 +1,85 @@
 # just is a command runner, Justfile is very similar to Makefile, but simpler.

-# use nushell for shell commands
+# Use nushell for shell commands
+# To usage this justfile, you need to enter a shell with just & nushell installed:
+# 
+#   nix shell nixpkgs#just nixpkgs#nushell
 set shell := ["nu", "-c"]

+utils_nu := absolute_path("utils.nu")
+
 ############################################################################
 #
 #  Common commands(suitable for all machines)
 #
 ############################################################################

-# Remote deployment via colmena
-col tag:
-  colmena apply --on '@{{tag}}' --verbose --show-trace
-
-local name mode="default":
-  use utils.nu *; \
-  nixos-switch {{name}} {{mode}}
+# List all the just commands
+default:
+    @just --list

 # Run eval tests
+[group('nix')]
 test:
  nix eval .#evalTests --show-trace --print-build-logs --verbose

-# update all the flake inputs
+# Update all the flake inputs
+[group('nix')]
 up:
  nix flake update

 # Update specific input
 # Usage: just upp nixpkgs
+[group('nix')]
 upp input:
  nix flake update {{input}}

 # List all generations of the system profile
+[group('nix')]
 history:
  nix profile history --profile /nix/var/nix/profiles/system

 # Open a nix shell with the flake
+[group('nix')]
 repl:
  nix repl -f flake:nixpkgs

 # remove all generations older than 7 days
+# on darwin, you may need to switch to root user to run this command
+[group('nix')]
 clean:
  sudo nix profile wipe-history --profile /nix/var/nix/profiles/system  --older-than 7d

 # Garbage collect all unused nix store entries
+[group('nix')]
 gc:
-  # garbage collect all unused nix store entries
-  sudo nix store gc --debug
-  sudo nix-collect-garbage --delete-old
+  # garbage collect all unused nix store entries(system-wide)
+  sudo nix-collect-garbage --delete-older-than 7d
+  # garbage collect all unused nix store entries(for the user - home-manager)
+  # https://github.com/LnL7/nix-darwin/issues/237
+  nix-collect-garbage --delete-older-than 7d

-# Remove all reflog entries and prune unreachable objects
-gitgc:
-  git reflog expire --expire-unreachable=now --all
-  git gc --prune=now
+# Enter a shell session which has all the necessary tools for this flake
+[linux]
+[group('nix')]
+shell:
+  nix shell nixpkgs#git nixpkgs#neovim nixpkgs#colmena
+
+# Enter a shell session which has all the necessary tools for this flake
+[macos]
+[group('nix')]
+shell:
+  nix shell nixpkgs#git nixpkgs#neovim
+
+[group('nix')]
+fmt:
+  # format the nix files in this repo
+  nix fmt
+
+# Show all the auto gc roots in the nix store
+[group('nix')]
+gcroot:
+  ls -al /nix/var/nix/gcroots/auto/

 ############################################################################
 #
@@ -60,24 +88,32 @@ gitgc:
 ############################################################################

 [linux]
+[group('desktop')]
 i3 mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
  nixos-switch ai-i3 {{mode}}

 [linux]
+[group('desktop')]
 hypr mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
  nixos-switch ai-hyprland {{mode}}


 [linux]
+[group('desktop')]
 s-i3 mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
  nixos-switch shoukei-i3 {{mode}}

 [linux]
+[group('desktop')]
 s-hypr mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
  nixos-switch shoukei-hyprland {{mode}}

 ############################################################################
@@ -87,31 +123,39 @@ s-hypr mode="default":
 ############################################################################

 [macos]
+[group('desktop')]
 darwin-set-proxy:
  sudo python3 scripts/darwin_set_proxy.py
  sleep 1sec

 [macos]
+[group('desktop')]
 darwin-rollback:
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
  darwin-rollback

 # Deploy to harmonica(macOS host)
 [macos]
+[group('desktop')]
 ha mode="default":
-  use utils.nu *; \
-  darwin-build "harmonica" {{mode}}; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
+  darwin-build "harmonica" {{mode}};
  darwin-switch "harmonica" {{mode}}

 # Depoly to fern(macOS host)
 [macos]
+[group('desktop')]
 fe mode="default": darwin-set-proxy
-  use utils.nu *; \
-  darwin-build "fern" {{mode}}; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
+  darwin-build "fern" {{mode}};
  darwin-switch "fern" {{mode}}

 # Reload yabai and skhd(macOS)
 [macos]
+[group('desktop')]
 yabai-reload:
  launchctl kickstart -k "gui/502/org.nixos.yabai";
  launchctl kickstart -k "gui/502/org.nixos.skhd"; 
@@ -122,34 +166,67 @@ yabai-reload:
 #
 ############################################################################

+# Remote deployment via colmena
+[linux]
+[group('homelab')]
+col tag:
+  colmena apply --on '@{{tag}}' --verbose --show-trace
+
+[linux]
+[group('homelab')]
+local name mode="default":
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
+  nixos-switch {{name}} {{mode}}
+
 # Build and upload a vm image
+[linux]
+[group('homelab')]
 upload-vm name mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
  upload-vm {{name}} {{mode}}

 # Deploy all the KubeVirt nodes(Physical machines running KubeVirt)
+[linux]
+[group('homelab')]
 lab:
  colmena apply --on '@virt-*' --verbose --show-trace

+[linux]
+[group('homelab')]
 shoryu:
  colmena apply --on '@kubevirt-shoryu' --verbose --show-trace

+[linux]
+[group('homelab')]
 shoryu-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
  nixos-switch kubevirt-shoryu {{mode}}

+[linux]
+[group('homelab')]
 shushou:
  colmena apply --on '@kubevirt-shushou' --verbose --show-trace

+[linux]
+[group('homelab')]
 shushou-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
  nixos-switch kubevirt-shushou {{mode}}

+[linux]
+[group('homelab')]
 youko:
  colmena apply --on '@kubevirt-youko' --verbose --show-trace

+[linux]
+[group('homelab')]
 youko-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
  nixos-switch kubevirt-youko {{mode}}

 ############################################################################
@@ -159,31 +236,49 @@ youko-local mode="default":
 ############################################################################

 # Build and upload a vm image
+[linux]
+[group('homelab')]
 upload-idols mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
  upload-vm aquamarine {{mode}}
  upload-vm ruby {{mode}}
  upload-vm kana {{mode}}

+[linux]
+[group('homelab')]
 aqua:
  colmena apply --on '@aqua' --verbose --show-trace

+[linux]
+[group('homelab')]
 aqua-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
  nixos-switch aquamarine {{mode}}

+[linux]
+[group('homelab')]
 ruby:
  colmena apply --on '@ruby' --verbose --show-trace

+[linux]
+[group('homelab')]
 ruby-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
  nixos-switch ruby {{mode}}

+[linux]
+[group('homelab')]
 kana:
  colmena apply --on '@kana' --verbose --show-trace

+[linux]
+[group('homelab')]
 kana-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
  nixos-switch kana {{mode}}

 ############################################################################
@@ -193,30 +288,34 @@ kana-local mode="default":
 ############################################################################

 # Build and upload a vm image
-upload-k3s mode="default":
-  use utils.nu *; \
-  upload-vm k3s-prod-1-master-1 {{mode}}; \
-  upload-vm k3s-prod-1-master-2 {{mode}}; \
-  upload-vm k3s-prod-1-master-3 {{mode}}; \
-  upload-vm k3s-prod-1-worker-1 {{mode}}; \
-  upload-vm k3s-prod-1-worker-2 {{mode}}; \
+[linux]
+[group('homelab')]
+upload-k3s-prod mode="default":
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
+  upload-vm k3s-prod-1-master-1 {{mode}}; 
+  upload-vm k3s-prod-1-master-2 {{mode}}; 
+  upload-vm k3s-prod-1-master-3 {{mode}}; 
+  upload-vm k3s-prod-1-worker-1 {{mode}}; 
+  upload-vm k3s-prod-1-worker-2 {{mode}}; 
  upload-vm k3s-prod-1-worker-3 {{mode}};

+[linux]
+[group('homelab')]
 upload-k3s-test mode="default":
-  use utils.nu *; \
-  upload-vm k3s-test-1-master-1 {{mode}}; \
-  upload-vm k3s-test-1-master-2 {{mode}}; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
+  upload-vm k3s-test-1-master-1 {{mode}}; 
+  upload-vm k3s-test-1-master-2 {{mode}}; 
  upload-vm k3s-test-1-master-3 {{mode}};

-k3s:
-  colmena apply --on '@k3s-*' --verbose --show-trace
-
-master:
-  colmena apply --on '@k3s-prod-1-master-*' --verbose --show-trace
-
-worker:
-  colmena apply --on '@k3s-prod-1-worker-*' --verbose --show-trace
+[linux]
+[group('homelab')]
+k3s-prod:
+  colmena apply --on '@k3s-prod-*' --verbose --show-trace

+[linux]
+[group('homelab')]
 k3s-test:
  colmena apply --on '@k3s-test-*' --verbose --show-trace

@@ -226,12 +325,18 @@ k3s-test:
 #
 ############################################################################

+[linux]
+[group('homelab')]
 riscv:
  colmena apply --on '@riscv' --verbose --show-trace

+[linux]
+[group('homelab')]
 nozomi:
  colmena apply --on '@nozomi' --verbose --show-trace

+[linux]
+[group('homelab')]
 yukina:
  colmena apply --on '@yukina' --verbose --show-trace

@@ -241,42 +346,49 @@ yukina:
 #
 ############################################################################

+[linux]
+[group('homelab')]
 rakushun:
  colmena apply --on '@rakushun' --build-on-target --verbose --show-trace

+[linux]
+[group('homelab')]
 rakushun-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
  nixos-switch rakushun {{mode}}

+[linux]
+[group('homelab')]
 suzu-set-proxy:
  ip route del default via 192.168.5.1
  ip route add default via 192.168.5.178

+[linux]
+[group('homelab')]
 suzu-unset-proxy:
  ip route del default via 192.168.5.178
  ip route add default via 192.168.5.1

+[linux]
+[group('homelab')]
 suzu-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
  nixos-switch suzu {{mode}}

 ############################################################################
 #
-#  Misc, other useful commands
+#  Neovim related commands
 #
 ############################################################################

-fmt:
-  # format the nix files in this repo
-  nix fmt
-
-path:
-   $env.PATH | split row ":"
-
+[group('neovim')]
 nvim-test:
  rm -rf $"($env.HOME)/.config/nvim"
  rsync -avz --copy-links --chmod=D2755,F744 home/base/tui/editors/neovim/nvim/ $"($env.HOME)/.config/nvim/"

+[group('neovim')]
 nvim-clean:
  rm -rf $"($env.HOME)/.config/nvim"

@@ -284,45 +396,68 @@ nvim-clean:
 # Emacs related commands
 # =================================================

-emacs-plist-path := "~/Library/LaunchAgents/org.nix-community.home.emacs.plist"
-
-reload-emacs-cmd := if os() == "macos" {
-    "launchctl unload " + emacs-plist-path
-    + "\n"
-    + "launchctl load " + emacs-plist-path
-    + "\n"
-    + "tail -f ~/Library/Logs/emacs-daemon.stderr.log"
-  } else {
-    "systemctl --user restart emacs.service"
-    + "\n"
-    + "systemctl --user status emacs.service"
-  }
-
+[group('emacs')]
 emacs-test:
  rm -rf $"($env.HOME)/.config/doom"
  rsync -avz --copy-links --chmod=D2755,F744 home/base/tui/editors/emacs/doom/ $"($env.HOME)/.config/doom/"
  doom clean
  doom sync

+[group('emacs')]
 emacs-clean:
  rm -rf $"($env.HOME)/.config/doom/"

+[group('emacs')]
 emacs-purge:
  doom purge
  doom clean
  doom sync

+[linux]
+[group('emacs')]
 emacs-reload:
  doom sync
-  {{reload-emacs-cmd}}
+  systemctl --user restart emacs.service
+  systemctl --user status emacs.service


+emacs-plist-path := "~/Library/LaunchAgents/org.nix-community.home.emacs.plist"
+
+[macos]
+[group('emacs')]
+emacs-reload:
+  doom sync
+  launchctl unload {{emacs-plist-path}}
+  launchctl load {{emacs-plist-path}}
+  tail -f ~/Library/Logs/emacs-daemon.stderr.log
+
 # =================================================
 #
-# Kubernetes related commands
+# Other useful commands
 #
 # =================================================

+[group('common')]
+path:
+   $env.PATH | split row ":"

+[linux]
+[group('common')]
+penvof pid:
+  sudo cat $"/proc/($pid)/environ" | tr '\0' '\n'
+
+# Remove all reflog entries and prune unreachable objects
+[group('git')]
+ggc:
+  git reflog expire --expire-unreachable=now --all
+  git gc --prune=now
+
+# Amend the last commit without changing the commit message
+[group('git')]
+game:
+  git commit --amend -a --no-edit
+
+# Delete all failed pods
+[group('k8s')]
 del-failed:
   kubectl delete pod --all-namespaces --field-selector="status.phase==Failed"
@@ -14,8 +14,8 @@
  </a>
 </p>

-> My configuration is becoming more and more complex, and it will be difficult for beginners to
-> read. If you are new to NixOS and want to know how I use NixOS, I would recommend you to take a
+> My configuration is becoming more and more complex, and **it will be difficult for beginners to
+> read**. If you are new to NixOS and want to know how I use NixOS, I would recommend you to take a
 > look at the [ryan4yin/nix-config/releases](https://github.com/ryan4yin/nix-config/releases) first,
 > **checkout to some simpler older versions, such as
 > [i3-kickstarter](https://github.com/ryan4yin/nix-config/tree/i3-kickstarter), which will be much
@@ -31,6 +31,9 @@ This repository is home to the nix code that builds my systems:

 See [./hosts](./hosts) for details of each host.

+See [./Virtual-Machine.md](./Virtual-Machine.md) for details of how to create & manage KubeVirt's
+Virtual Machine from this flake.
+
 ## Why NixOS & Flakes?

 Nix allows for easy-to-manage, collaborative, reproducible deployments. This means that once
@@ -1,13 +1,17 @@
 ## How to create & managage KubeVirt's Virtual Machine from this flake?

-Use `aquamarine` as an example, we can create a virtual machine with the following command:
+Use `aquamarine` as an example, first build and upload the virtual machine's qcow2 image to the file
+server:

 ```shell
 just upload-vm aquamarine
 ```

 Then create the virtual machine by creating a yaml file at
-[ryan4yin/k8s-gitops](https://github.com/ryan4yin/k8s-gitops/tree/main/vms)
+[ryan4yin/k8s-gitops](https://github.com/ryan4yin/k8s-gitops/tree/main/vms), set the
+`spec.dataVolumeTemplates[0].source.http.url` to the uploaded file's URL, and fluxcd will
+automatically apply the changes, then a virtual machine named `aquamarine` will be created in the
+KubeVirt cluster.

 Once the virtual machine `aquamarine` is created, we can deploy updates to it with the following
 commands:
@@ -12,18 +12,16 @@

  # the nixConfig here only affects the flake itself, not the system configuration!
  # for more information, see:
-  #     https://nixos-and-flakes.thiscute.world/nixos-with-flakes/add-custom-cache-servers
+  #     https://nixos-and-flakes.thiscute.world/nix-store/add-binary-cache-servers
  nixConfig = {
    # substituers will be appended to the default substituters when fetching packages
    extra-substituters = [
      "https://anyrun.cachix.org"
-      "https://hyprland.cachix.org"
      "https://nix-gaming.cachix.org"
      # "https://nixpkgs-wayland.cachix.org"
    ];
    extra-trusted-public-keys = [
      "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
-      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
      "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
      # "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
    ];
@@ -36,9 +34,9 @@
    # which represents the GitHub repository URL + branch/commit-id/tag.

    # Official NixOS package source, using nixos's unstable branch by default
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
-    # nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";

    # for macos
    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-24.05-darwin";
@@ -50,8 +48,8 @@

    # home-manager, used for managing user configuration
    home-manager = {
-      url = "github:nix-community/home-manager/release-24.05";
-      # url = "github:nix-community/home-manager/master";
+      url = "github:nix-community/home-manager/master";
+      # url = "github:nix-community/home-manager/release-24.05";

      # The `follows` keyword in inputs is used for inheritance.
      # Here, `inputs.nixpkgs` of home-manager is kept consistent with the `inputs.nixpkgs` of the current flake,
@@ -60,17 +58,12 @@
    };

    lanzaboote = {
-      url = "github:nix-community/lanzaboote/v0.3.0";
+      url = "github:nix-community/lanzaboote/v0.4.1";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    impermanence.url = "github:nix-community/impermanence";

-    hyprland = {
-      url = "github:hyprwm/Hyprland/v0.39.1";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
    # community wayland nixpkgs
    # nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
    # anyrun - a wayland launcher
@@ -5,17 +5,23 @@
  ...
 }: {
  home.packages = with pkgs; [
-    skopeo
    docker-compose
    dive # explore docker layers
    lazydocker # Docker terminal UI.
+    skopeo # copy/sync images between registries and local storage
+    go-containerregistry # provides `crane` & `gcrane`, it's similar to skopeo

    kubectl
+    kubectx
+    kubebuilder
    istioctl
+    clusterctl # for kubernetes cluster-api
    kubevirt # virtctl
    kubernetes-helm
    fluxcd
    argocd
+
+    ko # build go project to container image
  ];

  programs = {
@@ -10,7 +10,7 @@
    gnupg
    gnumake

-    # Morden cli tools, replacement of grep/sed/...
+    # Modern cli tools, replacement of grep/sed/...

    # Interactively filter its input using fuzzy searching, not limit to filenames.
    fzf
@@ -115,6 +115,33 @@ $env.config = {
  # buffer_editor: "emacs" # command that will be used to edit the current line buffer with ctrl+o, if unset fallback to $env.EDITOR and $env.VISUAL
  bracketed_paste: true # enable bracketed paste, currently useless on windows
  edit_mode: emacs # emacs, vi
-  shell_integration: true # enables terminal markers and a workaround to arrow keys stop working issue
+  shell_integration: {
+        # osc2 abbreviates the path if in the home_dir, sets the tab/window title, shows the running command in the tab/window title
+        osc2: true
+        # osc7 is a way to communicate the path to the terminal, this is helpful for spawning new tabs in the same directory
+        osc7: true
+        # osc8 is also implemented as the deprecated setting ls.show_clickable_links, it shows clickable links in ls output if your terminal supports it. show_clickable_links is deprecated in favor of osc8
+        osc8: true
+        # osc9_9 is from ConEmu and is starting to get wider support. It's similar to osc7 in that it communicates the path to the terminal
+        osc9_9: false
+        # osc133 is several escapes invented by Final Term which include the supported ones below.
+        # 133;A - Mark prompt start
+        # 133;B - Mark prompt end
+        # 133;C - Mark pre-execution
+        # 133;D;exit - Mark execution finished with exit code
+        # This is used to enable terminals to know where the prompt is, the command is, where the command finishes, and where the output of the command is
+        osc133: true
+        # osc633 is closely related to osc133 but only exists in visual studio code (vscode) and supports their shell integration features
+        # 633;A - Mark prompt start
+        # 633;B - Mark prompt end
+        # 633;C - Mark pre-execution
+        # 633;D;exit - Mark execution finished with exit code
+        # 633;E - NOT IMPLEMENTED - Explicitly set the command line with an optional nonce
+        # 633;P;Cwd=<path> - Mark the current working directory and communicate it to the terminal
+        # and also helps with the run recent menu in vscode
+        osc633: true
+        # reset_application_mode is escape \x1b[?1l and was added to help ssh work better
+        reset_application_mode: true
+    }
  render_right_prompt_on_last_line: false # true or false to enable or disable right prompt to be rendered on last line of the prompt.
 }
@@ -1,4 +1,4 @@
-let
+{pkgs-unstable, ...}: let
  shellAliases = {
    k = "kubectl";

@@ -11,6 +11,7 @@ in {

  programs.nushell = {
    enable = true;
+    package = pkgs-unstable.nushell;
    configFile.source = ./config.nu;
    inherit shellAliases;
  };
@@ -11,6 +11,12 @@
    # Changing working directory when exiting Yazi
    enableBashIntegration = true;
    enableNushellIntegration = true;
+    settings = {
+      manager = {
+        show_hidden = true;
+        sort_dir_first = true;
+      };
+    };
  };

  xdg.configFile."yazi/theme.toml".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-yazi}/mocha.toml";
@@ -3,5 +3,8 @@
    mitmproxy # http/https proxy tool
    insomnia # REST client
    wireshark # network analyzer
+
+    # IDEs
+    jetbrains.idea-community
  ];
 }
@@ -24,6 +24,11 @@

    # aliyun
    aliyun-cli
+    # digitalocean
+    doctl
+    # google cloud
+    google-cloud-sdk
+
    # cloud tools that nix do not have cache for.
    terraform
    terraformer # generate terraform configs from existing cloud resources
@@ -41,6 +41,7 @@
    # Automatically trims your branches whose tracking remote refs are merged or gone
    # It's really useful when you work on a project for a long time.
    git-trim
+    gitleaks

    # need to run `conda-install` before using it
    # need to run `conda-shell` before using command `conda`
@@ -5,7 +5,7 @@
 - paredit/[lispy](https://github.com/doomemacs/doomemacs/tree/master/modules/editor/lispy): too
  complex.
 - [evil-cleverparens](https://github.com/emacs-evil/evil-cleverparens): simple and useful.
- [parinfer(par-in-fer)](https://shaunlebron.github.io/parinfer/): morden, simple, elegant and
+- [parinfer(par-in-fer)](https://shaunlebron.github.io/parinfer/): modern, simple, elegant and
  useful, but works not well with some other completion plugins...
  - to make parinfer works, you should disable sexp & smartparens in any lisp mode.

@@ -20,7 +20,7 @@ Use `:tutor` in helix to start the tutorial.
   1. Helix: delete 2 word: `2w` then `x`. You can always see what you're selecting before you apply
      the action.
   2. Neovim: delete 2 word: `d`. then `2w`. No visual feedback before you apply the action.
-1. Helix - Morden builtin features: LSP, tree-sitter, fuzzy finder, multi cursors, surround and
+1. Helix - Modern builtin features: LSP, tree-sitter, fuzzy finder, multi cursors, surround and
   more.
   1. They're all available in Neovim too, but you need to find and use the right plugins manually,
      which takes time and effort.
@@ -30,7 +30,7 @@ Use `:tutor` in helix to start the tutorial.
   1. Personally I'm glad to take a look at a Rust codebase, but not a VimScript/Lua codebase.
 1. Neovim have a very activate plugin ecosystem, and it's easy to find plugins for almost
   everything.
-   1. Helix is still new, and it even do have a stable plugin system yet. A PR to add a plugin
+   1. Helix is still new, and it even don't have a stable plugin system yet. A PR to add a plugin
      system is still envolving: <https://github.com/helix-editor/helix/pull/8675>
 1. Neovim has integrated terminal, and it's very powerful. It's quite similar to VSCode's integrated
   terminal. I use it a lot.
@@ -88,14 +88,17 @@ plugin.
 ### Window Navigation

 - Switch between windows: `<Ctrl> + h/j/k/l`
- Resize windows: `<Ctrl> + Up/Down/Left/Right`
+- Resize windows: `<Ctrl> + Up/Down/Left/Right` (`<Ctrl-w> + -/+/</>`)
  - Note: On macOS, conflicts with system shortcuts
  - Disable in System Preferences -> Keyboard -> Shortcuts -> Mission Control

 ### Splitting and Buffers

-| | Action | Shortcut | | --------------------- | ------------- | | Horizontal Split | `\` | |
-Vertical Split | `\|` | | Close Buffer | `<Space> + c` |
+| Action           | Shortcut      |
+| ---------------- | ------------- |
+| Horizontal Split | `\`           |
+| Vertical Split   | `\|`          |
+| Close Buffer     | `<Space> + c` |

 ### Editing and Formatting

@@ -109,7 +112,18 @@ Vertical Split | `\|` | | Close Buffer | `<Space> + c` |
 | Comment Line(support multiple lines)                  | `<Space> + /`  |
 | Open filepath/URL at cursor(neovim's builtin command) | `gx`           |
 | Find files by name (fzf)                              | `<Space> + ff` |
+| Find files by name (include hidden files)             | `<Space> + fF` |
 | Grep string in files (ripgrep)                        | `<Space> + fw` |
+| Grep string in files (include hidden files)           | `<Space> + fW` |
+
+### Git
+
+| Action                     | Shortcut        |
+| -------------------------- | --------------- |
+| Git Commits (repository)   | `:<Space> + gc` |
+| Git Commits (current file) | `:<Space> + gC` |
+| Git Branches               | `:<Space> + gb` |
+| Git Status                 | `:<Space> + gt` |

 ### Sessions

@@ -159,10 +173,11 @@ Provided by mini.surround plugin.

 ### Miscellaneous

-| Action                |                 |
-| --------------------- | --------------- |
-| Show all Yank History | `:<Space> + yh` |
-| Show undo history     | `:<Space> + uh` |
+| Action                            |                 |
+| --------------------------------- | --------------- |
+| Show all Yank History             | `:<Space> + yh` |
+| Show undo history                 | `:<Space> + uh` |
+| Show the path of the current file | `:!echo $%`     |

 ## Additional Resources

@@ -2,6 +2,7 @@
  config,
  lib,
  pkgs,
+  pkgs-unstable,
  ...
 }:
 ###############################################################################
@@ -25,13 +26,37 @@ in {
  programs = {
    neovim = {
      enable = true;
+      package = pkgs-unstable.neovim-unwrapped;

      defaultEditor = true;
      viAlias = true;
      vimAlias = true;

-      # currently we use lazy.nvim as neovim's package manager, so comment this one.
-      # Install packages that will compile locally or download FHS binaries via Nix!
+      # These environment variables are needed to build and run binaries
+      # with external package managers like mason.nvim.
+      #
+      # LD_LIBRARY_PATH is also needed to run the non-FHS binaries downloaded by mason.nvim.
+      # it will be set by nix-ld, so we do not need to set it here again.
+      extraWrapperArgs = with pkgs; [
+        # LIBRARY_PATH is used by gcc before compilation to search directories
+        # containing static and shared libraries that need to be linked to your program.
+        "--suffix"
+        "LIBRARY_PATH"
+        ":"
+        "${lib.makeLibraryPath [stdenv.cc.cc zlib]}"
+
+        # PKG_CONFIG_PATH is used by pkg-config before compilation to search directories
+        # containing .pc files that describe the libraries that need to be linked to your program.
+        "--suffix"
+        "PKG_CONFIG_PATH"
+        ":"
+        "${lib.makeSearchPathOutput "dev" "lib/pkgconfig" [stdenv.cc.cc zlib]}"
+      ];
+
+      # Currently we use lazy.nvim as neovim's package manager, so comment this one.
+      #
+      # NOTE: These plugins will not be used by astronvim by default!
+      # We should install packages that will compile locally or download FHS binaries via Nix!
      # and use lazy.nvim's `dir` option to specify the package directory in nix store.
      # so that these plugins can work on NixOS.
      #
@@ -40,6 +65,8 @@ in {
      plugins = with pkgs.vimPlugins; [
        # search all the plugins using https://search.nixos.org/packages
        telescope-fzf-native-nvim
+
+        nvim-treesitter.withAllGrammars
      ];
    };
  };
@@ -3,7 +3,6 @@
 -- NOTE: We highly recommend setting up the Lua Language Server (`:LspInstall lua_ls`)
 --       as this provides autocomplete and documentation while editing

-
 ---@type LazySpec
 return {
  "AstroNvim/astrolsp",
@@ -42,40 +41,51 @@ return {
      -- end
    },
    -- enable servers that you already have installed without mason
+    -- https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md
    servers = {
-      ---- Frontend & NodeJS
+      ---- Data & Configuration Languages
+      "jsonls", -- json language server
+      "jsonnet_ls", -- jsonnet language server
+      "yamlls", -- yaml language server
+      "taplo", -- toml language server
+      "dagger", -- cuelsp - cue language server
+      "terraformls", -- terraform hcl
+      "marksman", -- markdown ls
+      "nickel_ls", -- nickel language server
+      "nil_ls", -- nix language server
+      "bufls", -- protocol buffer language server
+      "dockerls", -- dockerfile
+      "cmake", -- cmake language server
+      "sqls", -- sql language server
+
+      ---- General Purpose Languages
+      "clangd", -- c/c++
+      "gopls", -- go
+      "jdtls", -- java language server, provides only basic features
+      "rust_analyzer", -- rust
+      "pyright", -- python
+      "ruff_lsp", -- extremely fast Python linter and code transformation
+      -- "julials", -- julia language server
+      -- "zls", -- zig language server
+      "lua_ls", -- lua
+      "bashls", -- bash
+      "nushell", -- nushell language server
+
+      ---- Web Development
      "tsserver", -- typescript/javascript language server
      "tailwindcss", -- tailwindcss language server
      "html", -- html language server
      "cssls", -- css language server
      "prismals", -- prisma language server
      "volar", -- vue language server
-      ---- Configuration Language
-      "marksman", -- markdown ls
-      "jsonls", -- json language server
-      "yamlls", -- yaml language server
-      "taplo", -- toml language server
-      ---- Backend
-      "lua_ls", -- lua
-      "gopls", -- go
-      "rust_analyzer", -- rust
-      "pyright", -- python
-      "ruff_lsp", -- extremely fast Python linter and code transformation
-      "jdtls", -- java
-      "nil_ls", -- nix language server
-      "bufls", -- protocol buffer language server
-      "zls", -- zig language server
-      ---- HDL
-      "verible", -- verilog language server
-      ---- Operation & Cloud Nativautoindente
-      "bashls", -- bash
-      "cmake", -- cmake language server
-      "clangd", -- c/c++
-      "dockerls", -- dockerfile
-      "jsonnet_ls", -- jsonnet language server
-      "terraformls", -- terraform hcl
-      "nushell", -- nushell language server
+
+      ---- Lisp Like
      "scheme_langserver", -- scheme language server
+      "elixirls", -- elixir language server
+      -- "clojure_lsp", -- clojure language server"
+
+      ---- Circuit Design
+      "verible", -- verilog language server
    },
    -- customize language server configuration options passed to `lspconfig`
    ---@diagnostic disable: missing-fields
@@ -1,4 +1,7 @@
 -- Customize Mason plugins
+--
+-- NOTE: Issue - mason.nvim does not support NixOS:
+-- https://github.com/williamboman/mason.nvim/issues/428

 ---@type LazySpec
 return {
@@ -3,6 +3,10 @@
 ---@type LazySpec
 return {
  "nvim-treesitter/nvim-treesitter",
+  dependencies = {
+    -- NOTE: additional parser
+    { "nushell/tree-sitter-nu" }, -- nushell scripts
+  },
  opts = function(_, opts)
    opts.incremental_selection = {
      enable = true,
@@ -13,48 +17,26 @@ return {
        node_decremental = "<bs>", -- Backspace
      },
    }
-    opts.ignore_install = { "gotmpl" }
+    opts.ignore_install = { "gotmpl", "wing" }

    -- add more things to the ensure_installed table protecting against community packs modifying it
+    -- https://github.com/nvim-treesitter/nvim-treesitter/tree/master
    opts.ensure_installed = require("astrocore").list_insert_unique(opts.ensure_installed, {
-      -- neovim
-      "vim",
-      "lua",
-      -- operation & cloud native
-      "dockerfile",
-      "hcl",
-      "jsonnet",
-      "regex",
-      "terraform",
-      "nix",
+      -- please add only the tree-sitters that are not available in nixpkgs here
+
+      "just",
+      "kdl",
      "csv",
-      -- other programming language
+      "xml",
+
+      ---- Misc
      "diff",
+      "git_config",
+      "git_rebase",
      "gitignore",
      "gitcommit",
-      "latex",
-      "sql",
-      -- Lisp like
-      "fennel",
-      "clojure",
-      "commonlisp",
-      -- customized languages:
-      "scheme",
+      "gitattributes",
+      "ssh_config",
    })
-
-    -- add support for scheme
-    local parser_config = require("nvim-treesitter.parsers").get_parser_configs()
-    parser_config.scheme = {
-      install_info = {
-        url = "https://github.com/6cdh/tree-sitter-scheme", -- local path or git repo
-        files = { "src/parser.c" },
-        -- optional entries:
-        branch = "main", -- default branch in case of git repo if different from master
-        generate_requires_npm = false, -- if stand-alone parser without npm dependencies
-        requires_generate_from_grammar = false, -- if folder contains pre-generated src/parser.c
-      },
-    }
-    -- use scheme parser for filetypes: scm
-    vim.treesitter.language.register("scheme", "scm")
  end,
 }
@@ -5,133 +5,151 @@
    '';
  };

-  home.packages = with pkgs; [
-    #-- c/c++
-    cmake
-    cmake-language-server
-    gnumake
-    checkmake
-    # c/c++ compiler, required by nvim-treesitter!
-    gcc
-    # c/c++ tools with clang-tools, the unwrapped version won't
-    # add alias like `cc` and `c++`, so that it won't conflict with gcc
-    # llvmPackages.clang-unwrapped
-    clang-tools
-    lldb
+  home.packages = with pkgs; (
+    # -*- Data & Configuration Languages -*-#
+    [
+      #-- nix
+      nil
+      # rnix-lsp
+      # nixd
+      statix # Lints and suggestions for the nix programming language
+      deadnix # Find and remove unused code in .nix source files
+      alejandra # Nix Code Formatter

-    #-- python
-    nodePackages.pyright # python language server
-    (python311.withPackages (
-      ps:
-        with ps; [
-          ruff-lsp
-          black # python formatter
-          # debugpy
+      #-- nickel lang
+      nickel

-          # my commonly used python packages
-          jupyter
-          ipython
-          pandas
-          requests
-          pyquery
-          pyyaml
-          boto3
+      #-- json like
+      # terraform  # install via brew on macOS
+      terraform-ls
+      jsonnet
+      jsonnet-language-server
+      taplo # TOML language server / formatter / validator
+      nodePackages.yaml-language-server
+      actionlint # GitHub Actions linter

-          ## emacs's lsp-bridge dependenciesge
-          # epc
-          # orjson
-          # sexpdata
-          # six
-          # setuptools
-          # paramiko
-          # rapidfuzz
-        ]
-    ))
+      #-- dockerfile
+      hadolint # Dockerfile linter
+      nodePackages.dockerfile-language-server-nodejs

-    #-- rust
-    rust-analyzer
-    cargo # rust package manager
-    rustfmt
+      #-- markdown
+      marksman # language server for markdown
+      glow # markdown previewer
+      pandoc # document converter
+      hugo # static site generator

-    #-- nix
-    nil
-    # rnix-lsp
-    # nixd
-    statix # Lints and suggestions for the nix programming language
-    deadnix # Find and remove unused code in .nix source files
-    alejandra # Nix Code Formatter
+      #-- sql
+      sqlfluff

-    #-- golang
-    go
-    gomodifytags
-    iferr # generate error handling code for go
-    impl # generate function implementation for go
-    gotools # contains tools like: godoc, goimports, etc.
-    gopls # go language server
-    delve # go debugger
+      #-- protocol buffer
+      buf # linting and formatting
+    ]
+    ++
+    #-*- General Purpose Languages -*-#
+    [
+      #-- c/c++
+      cmake
+      cmake-language-server
+      gnumake
+      checkmake
+      # c/c++ compiler, required by nvim-treesitter!
+      gcc
+      gdb
+      # c/c++ tools with clang-tools, the unwrapped version won't
+      # add alias like `cc` and `c++`, so that it won't conflict with gcc
+      # llvmPackages.clang-unwrapped
+      clang-tools
+      lldb

-    # -- java
-    jdk17
-    gradle
-    maven
-    spring-boot-cli
+      #-- python
+      pyright # python language server
+      (python311.withPackages (
+        ps:
+          with ps; [
+            ruff-lsp
+            black # python formatter
+            # debugpy

-    #-- lua
-    stylua
-    lua-language-server
+            # my commonly used python packages
+            jupyter
+            ipython
+            pandas
+            requests
+            pyquery
+            pyyaml
+            boto3

-    #-- bash
-    nodePackages.bash-language-server
-    shellcheck
-    shfmt
+            ## emacs's lsp-bridge dependenciesge
+            # epc
+            # orjson
+            # sexpdata
+            # six
+            # setuptools
+            # paramiko
+            # rapidfuzz
+          ]
+      ))

-    #-- javascript/typescript --#
-    nodePackages.nodejs
-    nodePackages.typescript
-    nodePackages.typescript-language-server
-    # HTML/CSS/JSON/ESLint language servers extracted from vscode
-    nodePackages.vscode-langservers-extracted
-    nodePackages."@tailwindcss/language-server"
-    emmet-ls
+      #-- rust
+      rust-analyzer
+      cargo # rust package manager
+      rustfmt

-    # -- Lisp like Languages
-    guile
-    racket-minimal
-    fnlfmt # fennel
+      #-- golang
+      go
+      gomodifytags
+      iferr # generate error handling code for go
+      impl # generate function implementation for go
+      gotools # contains tools like: godoc, goimports, etc.
+      gopls # go language server
+      delve # go debugger

-    #-- Others
-    taplo # TOML language server / formatter / validator
-    nodePackages.yaml-language-server
-    sqlfluff # SQL linter
-    actionlint # GitHub Actions linter
-    buf # protoc plugin for linting and formatting
-    proselint # English prose linter
+      # -- java
+      jdk17
+      gradle
+      maven
+      spring-boot-cli
+      jdt-language-server

-    #-- Misc
-    tree-sitter # common language parser/highlighter
-    nodePackages.prettier # common code formatter
-    marksman # language server for markdown
-    glow # markdown previewer
-    fzf
-    pandoc # document converter
-    hugo # static site generator
+      #-- zig
+      zls

-    #-- Optional Requirements:
-    gdu # disk usage analyzer, required by AstroNvim
-    (ripgrep.override {withPCRE2 = true;}) # recursively searches directories for a regex pattern
+      #-- lua
+      stylua
+      lua-language-server

-    #-- CloudNative
-    nodePackages.dockerfile-language-server-nodejs
-    # terraform  # install via brew on macOS
-    terraform-ls
-    jsonnet
-    jsonnet-language-server
-    hadolint # Dockerfile linter
+      #-- bash
+      nodePackages.bash-language-server
+      shellcheck
+      shfmt
+    ]
+    #-*- Web Development -*-#
+    ++ [
+      nodePackages.nodejs
+      nodePackages.typescript
+      nodePackages.typescript-language-server
+      # HTML/CSS/JSON/ESLint language servers extracted from vscode
+      nodePackages.vscode-langservers-extracted
+      nodePackages."@tailwindcss/language-server"
+      emmet-ls
+    ]
+    # -*- Lisp like Languages -*-#
+    ++ [
+      guile
+      racket-minimal
+      fnlfmt # fennel
+    ]
+    ++ [
+      proselint # English prose linter

-    #-- zig
-    zls
-    #-- verilog / systemverilog
-    verible
-    gdb
-  ];
+      #-- verilog / systemverilog
+      verible
+
+      #-- Optional Requirements:
+      nodePackages.prettier # common code formatter
+      fzf
+      gdu # disk usage analyzer, required by AstroNvim
+      (ripgrep.override {withPCRE2 = true;}) # recursively searches directories for a regex pattern
+    ]
+  );
 }
@@ -16,7 +16,7 @@ using a Cloud provider for key management.
 Both age, Sops & GnuPG provide asymmetric encryption, which is useful for encrypting files for a
 specific user.

-For morden use, age is recommended, as it use [AEAD encryption function -
+For modern use, age is recommended, as it use [AEAD encryption function -
 ChaCha20-Poly1305][age Format v1], If you do not want to manage the keys by yourself, Sops is
 recommended, as it use KMS for key management.

@@ -104,7 +104,7 @@ one keypair, or a keyring/keychain(which contains multiple sub key-pairs).

 Let's generate a keypair interactively:

-> Now in 2024, GnuPG 2.4.1 defaults to ECC algorithm (9) and Curve 25519 for ECC, which is morden
+> Now in 2024, GnuPG 2.4.1 defaults to ECC algorithm (9) and Curve 25519 for ECC, which is modern
 > and safe, I would recommend to use these defaults directly.

 ```bash
@@ -31,9 +31,9 @@ in {
      use ${nu_scripts}/share/nu_scripts/custom-completions/cargo/cargo-completions.nu *
      use ${nu_scripts}/share/nu_scripts/custom-completions/zellij/zellij-completions.nu *
      # alias
-      use ${nu_scripts}/share/nu_scripts/aliases/git/git-aliases.nu *
+      # use ${nu_scripts}/share/nu_scripts/aliases/git/git-aliases.nu *
      use ${nu_scripts}/share/nu_scripts/aliases/eza/eza-aliases.nu *
-      # use ${nu_scripts}/share/nu_scripts/aliases/bat/bat-aliases.nu *
+      use ${nu_scripts}/share/nu_scripts/aliases/bat/bat-aliases.nu *
    '';
  };
 }
@@ -45,7 +45,7 @@

    theme = {
      # https://github.com/catppuccin/gtk
-      name = "Catppuccin-Macchiato-Compact-Pink-Dark";
+      name = "catppuccin-macchiato-pink-compact";
      package = pkgs.catppuccin-gtk.override {
        # https://github.com/NixOS/nixpkgs/blob/nixos-23.05/pkgs/data/themes/catppuccin-gtk/default.nix
        accents = ["pink"];
@@ -1,5 +1,5 @@
-{pkgs, ...}: {
-  home.packages = with pkgs; [
+{pkgs-stable, ...}: {
+  home.packages = with pkgs-stable; [
    # https://joplinapp.org/help/
    joplin # joplin-cli
    joplin-desktop
@@ -1,5 +1,9 @@
 #!/usr/bin/env bash

+## Fix anyrun
+## https://github.com/anyrun-org/anyrun/issues/153
+ln -s $XDG_RUNTIME_DIR/hypr /tmp/hypr
+
 ## Autostart Programs

 # Kill already running process
@@ -1,11 +1,10 @@
 {
  pkgs,
  lib,
-  hyprland,
  nur-ryan4yin,
  ...
 }: let
-  package = hyprland.packages.${pkgs.system}.hyprland;
+  package = pkgs.hyprland;
 in {
  # NOTE:
  # We have to enable hyprland/i3's systemd user service in home-manager,
@@ -30,7 +29,10 @@ in {
    };
    extraConfig = builtins.readFile ../conf/hyprland.conf;
    # gammastep/wallpaper-switcher need this to be enabled.
-    systemd.enable = true;
+    systemd = {
+      enable = true;
+      variables = ["--all"];
+    };
  };

  # NOTE: this executable is used by greetd to start a wayland session when system boot up
@@ -2,36 +2,12 @@

 LUKS encrypted SSD for NixOS, on Orange Pi 5 Plus.

-Host running storage, operation and maintenance related services:
-
-1. Storage such as git server, file server/browser, torrent downloader,, etc.
-1. Backup or sync my personal data to cloud or NAS.
-   - For safety, those data should be encrypted before sending to the cloud or my NAS.
-1. Collect and monitor the metrics/logs of my homelab.
+TODO

 ## Showcases

 ![](../../_img/2024-03-07_orangepi5plus_rakushun.webp)

-## Features
-
-Services:
-
-1. prometheus + alertmanager + grafana + loki: Monitor the metrics/logs of my homelab.
-1. restic: Backup my personal data to cloud or NAS.
-1. synthing: Sync file between android/macbook/PC and NAS.
-1. gitea: Self-hosted git service.
-1. sftpgo: SFTP server.
-1. transmission & AriaNg: Torrent downloader and HTTP downloader
-1. alist/filebrower: File browser for local/SMB/Cloud
-
-All the services assumes a reverse proxy to be setup in the front, they are all listening on
-localhost, and a caddy service is listening on the local network interface and proxy the requests to
-the services.
-
-TODO: create a private PKI for caddy, to achieve end-to-end encryption between caddy and the
-services.
-
 ## Misc

 ```bash
@@ -1 +0,0 @@
-# Homepage for my Homelab
@@ -1,25 +0,0 @@
-{pkgs, ...}: let
-  configDir = "/var/lib/homepage-dashboard";
-in {
-  # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/misc/homepage-dashboard.nix
-  services.homepage-dashboard = {
-    enable = true;
-    listenPort = 4401;
-    openFirewall = false;
-  };
-  systemd.services.homepage-dashboard.environment = {
-    HOMEPAGE_CONFIG_DIR = configDir;
-
-    # 1. The value of env var HOMEPAGE_VAR_XXX will replace {{HOMEPAGE_VAR_XXX}} in any config
-    # HOMEPAGE_VAR_XXX_APIKEY = "myapikey";
-    # 2. The value of env var HOMEPAGE_FILE_XXX must be a file path,
-    # the contents of which will be used to replace {{HOMEPAGE_FILE_XXX}} in any config
-  };
-  # Install the homepage-dashboard configuration files
-  system.activationScripts.installHomepageDashboardConfig = ''
-    mkdir -p ${configDir}
-    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F600 ${./config}/ ${configDir}/
-
-    ${pkgs.systemdMinimal}/bin/systemctl restart homepage-dashboard
-  '';
-}
@@ -1,26 +0,0 @@
-{
-  # Replace dashy with gethomepage, because dashy is too slow to start/reload.
-
-  # # Install the dashy configuration file instead of symlink it
-  # system.activationScripts.installDashyConfig = ''
-  #   install -Dm 600 ${./dashy_conf.yml} /etc/dashy/dashy_conf.yml
-  # '';
-  #
-  # # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/virtualisation/oci-containers.nix
-  # virtualisation.oci-containers.containers = {
-  #   # check its logs via `journalctl -u podman-dashy`
-  #   dashy = {
-  #     hostname = "dashy";
-  #     image = "lissy93/dashy:latest";
-  #     ports = ["127.0.0.1:4000:80"];
-  #     environment = {
-  #       "NODE_ENV" = "production";
-  #     };
-  #     volumes = [
-  #       "/etc/dashy/dashy_conf.yml:/app/public/conf.yml"
-  #     ];
-  #     autoStart = true;
-  #     # cmd = [];
-  #   };
-  # };
-}
@@ -1,12 +0,0 @@
-{
-  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/uptime-kuma.nix
-  services.uptime-kuma = {
-    enable = true;
-    # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables
-    settings = {
-      "UPTIME_KUMA_HOST" = "127.0.0.1";
-      "UPTIME_KUMA_PORT" = "3350";
-      "DATA_DIR" = "/var/lib/uptime-kuma/";
-    };
-  };
-}
@@ -44,7 +44,7 @@
  boot.tmp.cleanOnBoot = true;
  boot.initrd = {
    # unlocked luks devices via a keyfile or prompt a passphrase.
-    luks.devices."encrypted-nixos" = {
+    luks.devices."crypted-nixos" = {
      device = "/dev/nvme0n1p4";
      # the keyfile(or device partition) that should be used as the decryption key for the encrypted device.
      # if not specified, you will be prompted for a passphrase instead.
@@ -209,6 +209,12 @@ group {
        policy: min_avg10
    }

+    proxy-random {
+        filter: name(keyword: 'UK')
+        filter: name(keyword: '英国')
+        policy: random
+    }
+
    sg {
        filter: name(keyword: 'Singapore')
        filter: name(keyword: '新加坡')
@@ -222,6 +228,7 @@ group {
    }
 }

+# Ref: https://github.com/v2fly/domain-list-community
 # See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples.
 # Pname has the highest priority, so should be placed in the front.
 # Priority of other rules is the same as the order of the rules defined in this file.
@@ -268,10 +275,22 @@ routing {
    # SSH - tcp port 22 is blocked by many proxy servers.
    dport(22) && !dip(geoip:cn) && !domain(geosite:cn) -> ssh-proxy

+    ### GitHub / Docker Hub
+    ### randomly select a node from the group for every connection
+    ### to avoid the rate limit of GitHub API and Docker Hub API
+    domain(geosite:github) -> proxy-random
+    domain(geosite:docker) -> proxy-random
+
    ### OpenAI
    domain(geosite:openai) -> sg
    domain(regex:'.+\.openai$') -> sg

+    # Steam
+    domain(suffix: steampowered.com) -> direct
+    domain(suffix: steamserver.net) -> direct
+    domain(geosite:steam@cn) -> direct
+    domain(geosite:steam) -> proxy
+
    ### Media
    domain(geosite:netflix) -> media

@@ -4,19 +4,20 @@
   1. `shoukei`: NixOS on Macbook Pro 2020 Intel i5, 13.3-inch, 16G RAM + 512G SSD.
   1. `suzu`: Orange Pi 5, RK3588s(4xA76 + 4xA55), GPU(4Cores, Mail-G610), NPU(6Tops@int8), 8G RAM +
      256G SSD.
-      1. Network related services running via microvm.nix, such as router(transparent proxy - dae),
-         tailscale subrouter, etc.
+      - Network related services running via microvm.nix, such as router(transparent proxy - dae),
+        tailscale subrouter, etc.
   1. `rakushun`: Orange Pi 5 Plus, RK3588(4xA76 + 4xA55), GPU(4Cores, Mail-G610), NPU(6Tops@int8),
      16G RAM + 2T SSD.
-      1. Monitoring(prometheus, grafana, exporters), CI/CD(gitea, runner), homepage, file browser,
-         and other services.
+      - Not used now.
 1. `darwin`(macOS)
   1. `fern`: MacBook Pro 2022 13-inch M2 16G, mainly for business.
   1. `harmonica`: MacBook Pro 2020 13-inch i5 16G, for personal use.
-1. `k8s`: My Kubernetes Clusters
+1. `k8s`: My Kubevirt & Kubernetes Clusters
 1. `idols`
   1. `ai`: My main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use.
-   2. `aquamarine`: Not used now.
+   2. `aquamarine`: Kubevirt Virtual Machine.
+      - Monitoring(prometheus, grafana, exporters), CI/CD(gitea, runner), homepage, file browser,
+        and other services.
   3. `ruby`: Not used now.
   4. `kana`: Not used now.
 1. `rolling_girls`: My RISCV64 hosts.
@@ -40,7 +40,7 @@ zram0             253:0    0 15.6G  0 disk  [SWAP]
 nvme0n1           259:0    0  1.8T  0 disk
 ├─nvme0n1p1       259:2    0  598M  0 part  /boot
 └─nvme0n1p2       259:3    0  1.8T  0 part
-  └─encrypted-nixos 254:0    0  1.8T  0 crypt /tmp
+  └─crypted-nixos 254:0    0  1.8T  0 crypt /tmp
                                            /swap/swapfile
                                            /swap
                                            /snapshots
@@ -41,12 +41,10 @@ in {
  };
  virtualisation.docker.enableNvidia = true; # for nvidia-docker

-  hardware.opengl = {
+  hardware.graphics = {
    enable = true;
-    # if hardware.opengl.driSupport is enabled, mesa is installed and provides Vulkan for supported hardware.
-    driSupport = true;
    # needed by nvidia-docker
-    driSupport32Bit = true;
+    enable32Bit = true;
  };

  # This value determines the NixOS release from which the default
@@ -45,7 +45,7 @@

  boot.initrd = {
    # unlocked luks devices via a keyfile or prompt a passphrase.
-    luks.devices."encrypted-nixos" = {
+    luks.devices."crypted-nixos" = {
      # NOTE: DO NOT use device name here(like /dev/sda, /dev/nvme0n1p2, etc), use UUID instead.
      # https://github.com/ryan4yin/nix-config/issues/43
      device = "/dev/disk/by-uuid/a21ca82a-9ee6-4e5c-9d3f-a93e84e4e0f4";
@@ -1,3 +1,24 @@
 # Idols - Aquamarine

-TODO
+Storage, operation and maintenance related services are running on this host:
+
+1. Storage such as git server, file server/browser, torrent downloader,, etc.
+1. Backup or sync my personal data to cloud or NAS.
+   - For safety, those data should be encrypted before sending to the cloud or my NAS.
+1. Collect and monitor the metrics/logs of my homelab.
+
+## Features
+
+Services:
+
+1. prometheus + alertmanager + grafana + loki: Monitor the metrics/logs of my homelab.
+1. restic: Backup my personal data to cloud or NAS.
+1. synthing: Sync file between android/macbook/PC and NAS.
+1. gitea: Self-hosted git service.
+1. sftpgo: SFTP server.
+1. transmission & AriaNg: Torrent downloader and HTTP downloader
+1. alist/filebrower: File browser for local/SMB/Cloud
+
+All the services assumes a reverse proxy to be setup in the front, they are all listening on
+localhost, and a caddy service is listening on the local network interface and proxy the requests to
+the services.
@@ -17,7 +17,7 @@ in {
    # Reload Caddy instead of restarting it when configuration file changes.
    enableReload = true;
    user = "caddy"; # User account under which caddy runs.
-    dataDir = "/var/lib/caddy";
+    dataDir = "/data/apps/caddy";
    logDir = "/var/log/caddy";

    # Additional lines of configuration appended to the global config section of the Caddyfile.
@@ -31,12 +31,12 @@ in {
    # Dashboard
    virtualHosts."home.writefor.fun".extraConfig = ''
      ${hostCommonConfig}
-      reverse_proxy http://localhost:4401
+      reverse_proxy http://localhost:54401
    '';

    # https://caddyserver.com/docs/caddyfile/directives/file_server
    virtualHosts."file.writefor.fun".extraConfig = ''
-      root * /var/lib/caddy/fileserver/
+      root * /data/apps/caddy/fileserver/
      ${hostCommonConfig}
      file_server browse {
        hide .git
@@ -64,7 +64,7 @@ in {
    # Monitoring
    virtualHosts."uptime-kuma.writefor.fun".extraConfig = ''
      encode zstd gzip
-      reverse_proxy http://localhost:3350
+      reverse_proxy http://localhost:53350
    '';
    virtualHosts."grafana.writefor.fun".extraConfig = ''
      encode zstd gzip
@@ -83,15 +83,15 @@ in {

  # Create Directories
  systemd.tmpfiles.rules = [
-    "d /var/lib/caddy/fileserver/ 0755 caddy caddy"
+    "d /data/apps/caddy/fileserver/ 0755 caddy caddy"
    # directory for virtual machine's images
-    "d /var/lib/caddy/fileserver/vms 0755 caddy caddy"
+    "d /data/apps/caddy/fileserver/vms 0755 caddy caddy"
  ];

-  # Add all my wallpapers into /var/lib/caddy/fileserver/wallpapers
+  # Add all my wallpapers into /data/apps/caddy/fileserver/wallpapers
  # Install the homepage-dashboard configuration files
  system.activationScripts.installCaddyWallpapers = ''
-    mkdir -p /var/lib/caddy/fileserver/wallpapers
-    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F644 ${wallpapers}/ /var/lib/caddy/fileserver/wallpapers/
+    mkdir -p /data/apps/caddy/fileserver/wallpapers
+    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F644 ${wallpapers}/ /data/apps/caddy/fileserver/wallpapers/
  '';
 }
@@ -1,4 +1,10 @@
-{myvars, ...}:
+{
+  mylib,
+  myvars,
+  pkgs,
+  disko,
+  ...
+}:
 #############################################################
 #
 #  Aquamarine - A NixOS VM running on Proxmox/KubeVirt
@@ -7,25 +13,33 @@
 let
  hostName = "aquamarine"; # Define your hostname.
 in {
-  imports = [
-  ];
+  imports =
+    (mylib.scanPaths ./.)
+    ++ [
+      disko.nixosModules.default
+    ];

  # supported file systems, so we can mount any removable disks with these filesystems
  boot.supportedFilesystems = [
    "ext4"
    "btrfs"
    "xfs"
+    #"zfs"
+    "ntfs"
    "fat"
    "vfat"
    "exfat"
  ];

-  # boot.kernelModules = ["kvm-amd"];
-  # boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.kernelModules = ["kvm-amd"];
+  boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu

  networking = {
    inherit hostName;
-    inherit (myvars.networking) nameservers;
+    inherit (myvars.networking) defaultGateway nameservers;
+    inherit (myvars.networking.hostsInterface.${hostName}) interfaces;
+    networkmanager.enable = false;
  };

  # This value determines the NixOS release from which the default
@@ -0,0 +1,62 @@
+# auto disk partitioning:
+#   nix run github:nix-community/disko -- --mode disko ./disko-fs.nix
+{
+  disko.devices = {
+    disk.data-apps = {
+      type = "disk";
+      device = "/dev/disk/by-id/ata-WDC_WD40EJRX-89T1XY0_WD-WCC7K0XDCZE6";
+      content = {
+        type = "gpt";
+        partitions.data-apps = {
+          size = "100%";
+          content = {
+            type = "btrfs";
+            # extraArgs = ["-f"]; # Override existing partition
+            subvolumes = {
+              "@persistent" = {
+                mountpoint = "/data/apps";
+                mountOptions = [
+                  "compress-force=zstd:1"
+                  # https://www.freedesktop.org/software/systemd/man/latest/systemd.mount.html
+                  "nofail"
+                ];
+              };
+              "@backups" = {
+                mountpoint = "/data/backups";
+                mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
+              };
+              "@snapshots" = {
+                mountpoint = "/data/apps-snapshots";
+                mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
+              };
+            };
+          };
+        };
+      };
+    };
+    disk.data-fileshare = {
+      type = "disk";
+      device = "/dev/disk/by-id/ata-WDC_WD40EZRZ-22GXCB0_WD-WCC7K7VV9613";
+      content = {
+        type = "gpt";
+        partitions.data-fileshare = {
+          size = "100%";
+          content = {
+            type = "btrfs";
+            # extraArgs = ["-f"]; # Override existing partition
+            subvolumes = {
+              "@persistent" = {
+                mountpoint = "/data/fileshare";
+                mountOptions = ["compress-force=zstd:1" "nofail"];
+              };
+              "@snapshots" = {
+                mountpoint = "/data/fileshare-snapshots";
+                mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
@@ -5,7 +5,7 @@ in {
    enable = true;
    user = "gitea";
    group = "gitea";
-    stateDir = "/var/lib/gitea";
+    stateDir = "/data/apps/gitea";
    appName = "Ryan Yin's Gitea Service";
    lfs.enable = true;
    # Enable a timer that runs gitea dump to generate backup-files of the current gitea database and repositories.
@@ -27,7 +27,10 @@ in {
      };
      # one of "Trace", "Debug", "Info", "Warn", "Error", "Critical"
      log.LEVEL = "Info";
-      session.COOKIE_SECURE = false;
+      # Marks session cookies as "secure" as a hint for browsers to only send them via HTTPS.
+      session.COOKIE_SECURE = true;
+      # NOTE: The first registered user will be the administrator,
+      # so this parameter should NOT be set before the first user registers!
      service.DISABLE_REGISTRATION = true;

      # "cron.sync_external_users" = {
@@ -5,7 +5,7 @@
 }: {
  services.grafana = {
    enable = true;
-    dataDir = "/var/lib/grafana";
+    dataDir = "/data/apps/grafana";
    # DeclarativePlugins = with pkgs.grafanaPlugins; [ grafana-piechart-panel ];
    settings = {
      server = {
@@ -1,56 +1,62 @@
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/latest/configs/services
+#
+# Icons:
+#   1. .png/.svg: will be referenced from https://github.com/walkxcode/dashboard-icons
+#   2. mdi-XXX:   https://pictogrammers.com/library/mdi/
+#   3. si-XXX:    https://simpleicons.org/

 - KubeVirt 虚拟化集群:
    - KubeVirt-Shoryu:
-        icon: si-kubevirt
+        icon: mdi-server
        description: "CPU: R7-5825U / MEM: 64G / DISK: 1T"
-        href: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.181:9100
-        siteMonitor: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.181:9100
+        href: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.181:9100
+        siteMonitor: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.181:9100
    - KubeVirt-Shushou:
-        icon: si-kubevirt
+        icon: mdi-server
        description: "CPU: R9-5900HX / MEM: 64G / DISK: 1T"
-        href: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.182:9100
-        siteMonitor: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.182:9100
+        href: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.182:9100
+        siteMonitor: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.182:9100
    - KubeVirt-Youko:
-        icon: si-kubevirt
+        icon: mdi-server
        description: "CPU: R5-5625U / MEM: 32G / DISK: 512G+4T*2"
-        href: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.183:9100
-        siteMonitor: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.183:9100
+        href: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.183:9100
+        siteMonitor: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.183:9100
    - LongHorn-Storage:
-        icon: si-longhorn
+        icon: longhorn.svg
        href: http://longhorn.writefor.fun/
    - Victoria-Metrics:
        icon: si-victoriametrics
        href: http://vm.writefor.fun/
    - KubeVirt-Grafana:
-        icon: si-grafana
+        icon: grafana.svg
        href: http://k8s-grafana.writefor.fun/

 - Homelab Monitoring:
    - Grafana:
-        icon: si-grafana
-        href: http://grafana.writefor.fun
+        icon: grafana.svg
+        href: https://grafana.writefor.fun
        description: Data visualised on dashboards
-        siteMonitor: http://grafana.writefor.fun
+        siteMonitor: https://grafana.writefor.fun
    - Prometheus Dashboard:
-        icon: si-prometheus
-        href: http://prometheus.writefor.fun
+        icon: prometheus.svg
+        href: https://prometheus.writefor.fun
        description: Monitoring - Prometheus
-        siteMonitor: http://prometheus.writefor.fun
+        siteMonitor: https://prometheus.writefor.fun
    - Uptime Kuma:
-        icon: si-uptimekuma
-        href: http://uptime-kuma.writefor.fun
+        icon: uptime-kuma.svg
+        href: https://uptime-kuma.writefor.fun
        description: Uptime Checking
-        siteMonitor: http://uptime-kuma.writefor.fun
+        siteMonitor: https://uptime-kuma.writefor.fun

 - Homelab Applications:
    - SFTPGO:
-      icon: sftpgo.png
-      href: "http://sftpgo.writefor.fun/web/admin/folders"
-      description: WebDAV & SFTP server
-      siteMonitor: http://sftpgo.writefor.fun/
+        icon: sftpgo.png
+        href: "https://sftpgo.writefor.fun/web/admin/folders"
+        description: WebDAV & SFTP server
+        siteMonitor: https://sftpgo.writefor.fun/
+#
 # - Kubernetes Monitoring:
 #     # TODO: Update this
 #     - Emby:
@@ -21,10 +21,10 @@ providers:

 background:
  image: https://file.writefor.fun/wallpapers/rolling-girls.png
-  blur: sm # sm, "", md, xl... see https://tailwindcss.com/docs/backdrop-blur
-  saturate: 90 # 0, 50, 100... see https://tailwindcss.com/docs/backdrop-saturate
+  blur: sm # 模糊 - sm, "", md, xl... see https://tailwindcss.com/docs/backdrop-blur
+  saturate: 90 # 色彩饱和度 - 0, 50, 100... see https://tailwindcss.com/docs/backdrop-saturate
  brightness: 90 # 0, 50, 75... see https://tailwindcss.com/docs/backdrop-brightness
-  opacity: 85 # 0-100
+  opacity: 25 # 透明度 - 0-100

 theme: dark # or light

@@ -32,7 +32,7 @@ theme: dark # or light
 # slate, gray, zinc, neutral, stone, amber,
 # yellow, lime, green, emerald, teal, cyan,
 # sky, blue, indigo, violet, purple, fuchsia, pink, rose, red, white
-color: indigo
+color: slate

 # make all cards in a row the same height.
 useEqualHeights: true
@@ -40,31 +40,20 @@ useEqualHeights: true
 # Groups and its layout
 # Groups Name should match the name defined in your services.yaml or widgets.yaml
 layout:
+  Homelab Monitoring:
+    icon: mdi-monitor-dashboard
+    initiallyCollapsed: false # collapsed by default
+    tab: Main
+    style: row
+    columns: 3
+
+  Homelab Applications:
+    icon: si-homepage
+    tab: Main
+
  KubeVirt 虚拟化集群:
-    icon: si-kubevirt
-    tab: First
-
-  Group A:
-    initiallyCollapsed: true # collapsed by default
-    tab: First
-    style: row
-    columns: 4
-
-  Second Service Group:
-    useEqualHeights: true # overrides global setting
-    tab: Second
-    columns: 4
-
-  Third Service Group:
-    tab: Third
-    style: row
-
-  Bookmark Group on Fourth Tab:
-    tab: Fourth
-
-  Service Group on every Tab:
-    style: row
-    columns: 4
+    icon: si-kubernetes
+    tab: KubeVirt

 # https://gethomepage.dev/latest/configs/services/#icons
 # iconStyle: theme # optional, defaults to gradient
@@ -0,0 +1,41 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+  user = "homepage";
+  configDir = "/data/apps/homepage-dashboard";
+in {
+  users.groups.${user} = {};
+  users.users.${user} = {
+    group = user;
+    home = configDir;
+    isSystemUser = true;
+  };
+
+  # Install the homepage-dashboard configuration files
+  system.activationScripts.installHomepageDashboardConfig = ''
+    mkdir -p ${configDir}
+    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F644 ${./config}/ ${configDir}/
+    chown -R ${user}:${user} ${configDir}
+  '';
+
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/virtualisation/oci-containers.nix
+  virtualisation.oci-containers.containers = {
+    # check its logs via `journalctl -u podman-homepage`
+    homepage = {
+      hostname = "homepage";
+      image = "ghcr.io/gethomepage/homepage:latest";
+      ports = ["127.0.0.1:54401:3000"];
+      # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables
+      environment = {
+        # "PUID" = config.users.users.${user}.uid;
+        # "PGID" = config.users.groups.${user}.gid;
+      };
+      volumes = [
+        "${configDir}:/app/config"
+      ];
+      autoStart = true;
+    };
+  };
+}
@@ -0,0 +1,35 @@
+{config, ...}: let
+  user = "kuma";
+  dataDir = "/data/apps/uptime-kuma";
+in {
+  users.groups.${user} = {};
+  users.users.${user} = {
+    group = user;
+    home = dataDir;
+    isSystemUser = true;
+  };
+
+  # Create Directories
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 0755 ${user} ${user}"
+  ];
+
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/virtualisation/oci-containers.nix
+  virtualisation.oci-containers.containers = {
+    # check its logs via `journalctl -u podman-homepage`
+    uptime-kuma = {
+      hostname = "uptime-kuma";
+      image = "louislam/uptime-kuma:1";
+      ports = ["127.0.0.1:53350:3001"];
+      # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables
+      environment = {
+        # "PUID" = config.users.users.${user}.uid;
+        # "PGID" = config.users.groups.${user}.gid;
+      };
+      volumes = [
+        "${dataDir}:/app/data"
+      ];
+      autoStart = true;
+    };
+  };
+}
@@ -1,4 +1,5 @@
 {
+  lib,
  config,
  myvars,
  ...
@@ -45,64 +46,75 @@

    # specifies a set of targets and parameters describing how to scrape metrics from them.
    # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config
-    scrapeConfigs = [
+    scrapeConfigs =
+      [
+        # --- Homelab Applications --- #
+
+        {
+          job_name = "dnsmasq-exporter";
+          scrape_interval = "30s";
+          metrics_path = "/metrics";
+          static_configs = [
+            {
+              targets = ["${myvars.networking.hostsAddr.suzi.ipv4}:9153"];
+              labels.type = "app";
+              labels.app = "dnsmasq";
+              labels.host = "suzi";
+            }
+          ];
+        }
+
+        {
+          job_name = "v2ray-exporter";
+          scrape_interval = "30s";
+          metrics_path = "/metrics";
+          static_configs = [
+            {
+              targets = ["${myvars.networking.hostsAddr.aquamarine.ipv4}:9153"];
+              labels.type = "app";
+              labels.app = "v2ray";
+              labels.host = "aquamarine";
+            }
+          ];
+        }
+
+        {
+          job_name = "sftpgo-embedded-exporter";
+          scrape_interval = "30s";
+          metrics_path = "/metrics";
+          static_configs = [
+            {
+              targets = ["${myvars.networking.hostsAddr.aquamarine.ipv4}:10000"];
+              labels.type = "app";
+              labels.app = "sftpgo";
+              labels.host = "aquamarine";
+            }
+          ];
+        }
+      ]
      # --- Hosts --- #
-      {
-        job_name = "node-exporter";
-        scrape_interval = "30s";
-        metrics_path = "/metrics";
-        static_configs = [
-          {
-            # All my NixOS hosts.
-            targets =
-              map (addr: "${addr.ipv4}:9100")
-              (builtins.attrValues myvars.networking.hostsAddr);
-            labels.type = "node";
-          }
-        ];
-      }
-
-      # --- Homelab Applications --- #
-
-      {
-        job_name = "dnsmasq-exporter";
-        scrape_interval = "30s";
-        metrics_path = "/metrics";
-        static_configs = [
-          {
-            targets = ["${myvars.networking.hostsAddr.suzi.ipv4}:9153"];
-            labels.type = "app";
-            labels.app = "dnsmasq";
-          }
-        ];
-      }
-
-      {
-        job_name = "v2ray-exporter";
-        scrape_interval = "30s";
-        metrics_path = "/metrics";
-        static_configs = [
-          {
-            targets = ["${myvars.networking.hostsAddr.rakushun.ipv4}:9153"];
-            labels.type = "app";
-            labels.app = "v2ray";
-          }
-        ];
-      }
-
-      {
-        job_name = "sftpgo-embedded-exporter";
-        scrape_interval = "30s";
-        metrics_path = "/metrics";
-        static_configs = [
-          {
-            targets = ["${myvars.networking.hostsAddr.rakushun.ipv4}:10000"];
-            labels.type = "app";
-            labels.app = "v2ray";
-          }
-        ];
-      }
-    ];
+      ++ (
+        lib.attrsets.foldlAttrs
+        (acc: hostname: addr:
+          acc
+          ++ [
+            {
+              job_name = "node-exporter-${hostname}";
+              scrape_interval = "30s";
+              metrics_path = "/metrics";
+              static_configs = [
+                {
+                  # All my NixOS hosts.
+                  targets = ["${addr.ipv4}:9100"];
+                  labels.type = "node";
+                  labels.host = hostname;
+                }
+              ];
+            }
+          ])
+        []
+        myvars.networking.hostsAddr
+      );

    # specifies Alertmanager instances the Prometheus server sends alerts to
    # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config
@@ -1,11 +1,18 @@
-{config, ...}: {
+{config, ...}: let
+  user = "sftpgo";
+  dataDir = "/data/apps/sftpgo";
+in {
  # Read SFTPGO_DEFAULT_ADMIN_USERNAME and SFTPGO_DEFAULT_ADMIN_PASSWORD from a file
  systemd.services.sftpgo.serviceConfig.EnvironmentFile = config.age.secrets."sftpgo.env".path;

+  # Create Directories
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 0755 ${user} ${user}"
+  ];
+
  services.sftpgo = {
    enable = true;
-    user = "sftpgo";
-    dataDir = "/var/lib/sftpgo";
+    inherit user dataDir;
    extraArgs = [
      "--log-level"
      "info"
@@ -3,7 +3,7 @@
  myvars,
  ...
 }: let
-  dataDir = "/var/lib/transmission";
+  dataDir = "/data/apps/transmission";
  name = "transmission";
 in {
  # the headless Transmission BitTorrent daemon
@@ -28,11 +28,7 @@ Clusters running as virtual machines on the KubeVirt cluster, for testing and pr
   1. `k3s-prod-1-worker-1`
   1. `k3s-prod-1-worker-2`
   1. `k3s-prod-1-worker-3`
-1. For testing:.
-   1. `k3s-test-1-master-1`
-   2. `k3s-test-1-worker-1`
-   3. `k3s-test-1-worker-2`
-   4. `k3s-test-1-worker-3`
+1. For testing:. 2. `k3s-test-1-master-1` 3. `k3s-test-1-master-2` 4. `k3s-test-1-master-3`

 ## Kubernetes Resources

@@ -14,7 +14,7 @@
  k3sModule = mylib.genK3sServerModule {
    inherit pkgs;
    kubeconfigFile = "/home/${myvars.username}/.kube/config";
-    tokenFile = config.age.secrets."k3s-prod-1-token".path;
+    tokenFile = config.age.secrets."k3s-test-1-token".path;
    # the first node in the cluster should be the one to initialize the cluster
    clusterInit = true;
    # use my own domain & kube-vip's virtual IP for the API server
@@ -14,7 +14,7 @@
  k3sModule = mylib.genK3sServerModule {
    inherit pkgs;
    kubeconfigFile = "/home/${myvars.username}/.kube/config";
-    tokenFile = config.age.secrets."k3s-prod-1-token".path;
+    tokenFile = config.age.secrets."k3s-test-1-token".path;
    # use my own domain & kube-vip's virtual IP for the API server
    # so that the API server can always be accessed even if some nodes are down
    masterHost = "test-cluster-1.writefor.fun";
@@ -14,7 +14,7 @@
  k3sModule = mylib.genK3sServerModule {
    inherit pkgs;
    kubeconfigFile = "/home/${myvars.username}/.kube/config";
-    tokenFile = config.age.secrets."k3s-prod-1-token".path;
+    tokenFile = config.age.secrets."k3s-test-1-token".path;
    # use my own domain & kube-vip's virtual IP for the API server
    # so that the API server can always be accessed even if some nodes are down
    masterHost = "test-cluster-1.writefor.fun";
@@ -49,4 +49,17 @@ in {
      coreModule
      k3sModule
    ];
+
+  boot.kernelParams = [
+    # disable transparent hugepage(allocate hugepages dynamically)
+    "transparent_hugepage=never"
+
+    # https://kubevirt.io/user-guide/compute/hugepages/
+    #
+    # pre-allocate hugepages manually(for kubevirt guest vms)
+    # NOTE: the hugepages allocated here can not be used for other purposes!
+    # so we should left some memory for the host OS and other vms that don't use hugepages
+    "hugepagesz=1G"
+    "hugepages=48" # use 75% of the total memory for hugepages
+  ];
 }
@@ -43,4 +43,17 @@ in {
      coreModule
      k3sModule
    ];
+
+  boot.kernelParams = [
+    # disable transparent hugepage(allocate hugepages dynamically)
+    "transparent_hugepage=never"
+
+    # https://kubevirt.io/user-guide/compute/hugepages/
+    #
+    # pre-allocate hugepages manually(for kubevirt guest vms)
+    # NOTE: the hugepages allocated here can not be used for other purposes!
+    # so we should left some memory for the host OS and other vms that don't use hugepages
+    "hugepagesz=1G"
+    "hugepages=48" # use 75% of the total memory for hugepages
+  ];
 }
@@ -43,4 +43,24 @@ in {
      coreModule
      k3sModule
    ];
+
+  boot.kernelParams = [
+    # disable transparent hugepage(allocate hugepages dynamically)
+    "transparent_hugepage=never"
+
+    # https://kubevirt.io/user-guide/compute/hugepages/
+    #
+    # pre-allocate hugepages manually(for kubevirt guest vms)
+    # NOTE: the hugepages allocated here can not be used for other purposes!
+    # so we should left some memory for the host OS and other vms that don't use hugepages
+    "hugepagesz=1G"
+    "hugepages=15" # use 15/24 of the total memory for hugepages
+
+    # https://kubevirt.io/user-guide/compute/host-devices/
+    #
+    # PCI passthrough
+    # "amd_iommu=on" # enable IOMMU
+    # "iommu=pt" # use passthrough mode
+    # "pcie_acs_override=downstream" # enable ACS override
+  ];
 }
@@ -27,8 +27,10 @@ in {
    kubernetes-helm
    cilium-cli
    fluxcd
+    clusterctl # for kubernetes cluster-api

-    skopeo
+    skopeo # copy/sync images between registries and local storage
+    go-containerregistry # provides `crane` & `gcrane`, it's similar to skopeo
    dive # explore docker layers
  ];

@@ -4,7 +4,7 @@
  networking,
  ...
 }: let
-  inherit (networking) mainGateway nameservers;
+  inherit (networking) defaultGateway nameservers;
  inherit (networking.hostsAddr.${hostName}) iface ipv4;
  ipv4WithMask = "${ipv4}/24";
 in {
@@ -27,7 +27,7 @@ in {
    matchConfig.Name = [iface];
    networkConfig = {
      Address = [ipv4WithMask];
-      Gateway = mainGateway;
+      Gateway = defaultGateway;
      DNS = nameservers;
      IPv6AcceptRA = true;
    };
@@ -2,6 +2,8 @@
  pkgs,
  myvars,
  nuenv,
+  nixpkgs,
+  lib,
  ...
 } @ args: {
  nixpkgs.overlays =
@@ -72,11 +74,7 @@
    #      ```
    #    2. Never leave the device and never sent over the network.
    # 2. Or just use hardware security keys like Yubikey/CanoKey.
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKlN+Q/GxvwxDX/OAjJHaNFEznEN4Tw4E4TwqQu/eD6 ryan@idols-ai"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPoa9uEI/gR5+klqTQwvCgD6CD5vT5iD9YCNx2xNrH3B ryan@fern"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPwZ9MdotnyhxIJrI4gmVshExHiZOx+FGFhcW7BaYkfR ryan@harmonica"
-    ];
+    openssh.authorizedKeys.keys = myvars.sshAuthorizedKeys;
  };

  nix.settings = {
@@ -92,9 +90,10 @@
    substituters = [
      # cache mirror located in China
      # status: https://mirror.sjtu.edu.cn/
-      # "https://mirror.sjtu.edu.cn/nix-channels/store"
+      "https://mirror.sjtu.edu.cn/nix-channels/store"
      # status: https://mirrors.ustc.edu.cn/status/
      "https://mirrors.ustc.edu.cn/nix-channels/store"
+      "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"

      "https://nix-community.cachix.org"
      # my own cache server
@@ -110,4 +109,14 @@
    ];
    builders-use-substitutes = true;
  };
+
+  # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
+  nix.registry.nixpkgs.flake = nixpkgs;
+
+  environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
+  # make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
+  # discard all the default paths, and only use the one from this flake.
+  nix.nixPath = lib.mkForce ["/etc/nix/inputs"];
+  # https://github.com/NixOS/nix/issues/9574
+  nix.settings.nix-path = lib.mkForce "nixpkgs=/etc/nix/inputs/nixpkgs";
 }
@@ -2,6 +2,7 @@
  config,
  lib,
  pkgs,
+  pkgs-unstable,
  ...
 }:
 ##########################################################################
@@ -80,7 +81,7 @@ in {
  programs.zsh.enable = true;
  environment.shells = [
    pkgs.zsh
-    pkgs.nushellFull # my custom shell
+    pkgs-unstable.nushell # my custom shell
  ];

  # homebrew need to be installed manually, see https://brew.sh
@@ -103,7 +104,7 @@ in {
      Wechat = 836500024;
      QQ = 451108668;
      WeCom = 1189898970; # Wechat for Work
-      TecentMetting = 1484048379;
+      TecentMeeting = 1484048379;
      QQMusic = 595615424;
    };

@@ -164,7 +165,7 @@ in {
      # Misc
      "shadowsocksx-ng" # proxy tool
      "iina" # video player
-      "raycast" # (HotKey: alt/option + space)search, caculate and run scripts(with many plugins)
+      "raycast" # (HotKey: alt/option + space)search, calculate and run scripts(with many plugins)
      "stats" # beautiful system status monitor in menu bar
      # "reaper"  # audio editor
      "sonic-pi" # music programming
@@ -1,8 +1,4 @@
 {
-  lib,
-  nixpkgs,
-  ...
-}: {
  ###################################################################################
  #
  #  Core configuration for nix-darwin
@@ -28,12 +24,4 @@
  nix.settings.auto-optimise-store = false;

  nix.gc.automatic = false;
-
-  # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
-  nix.registry.nixpkgs.flake = nixpkgs;
-
-  environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
-  # make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
-  # discard all the default paths, and only use the one from this flake.
-  nix.nixPath = lib.mkForce ["/etc/nix/inputs"];
 }
@@ -19,6 +19,8 @@
  # Add ability to used TouchID for sudo authentication
  security.pam.enableSudoTouchIdAuth = true;

+  time.timeZone = "Asia/Shanghai";
+
  system = {
    # activationScripts are executed every time you boot the system or run `nixos-rebuild` / `darwin-rebuild`.
    activationScripts.postUserActivation.text = ''
@@ -183,13 +185,7 @@

  # Fonts
  fonts = {
-    # will be removed after this PR is merged:
-    #   https://github.com/LnL7/nix-darwin/pull/754
-    fontDir.enable = true;
-
-    # will change to `fonts.packages` after this PR is merged:
-    #   https://github.com/LnL7/nix-darwin/pull/754
-    fonts = with pkgs; [
+    packages = with pkgs; [
      # packages = with pkgs; [
      # icon fonts
      material-design-icons
@@ -18,12 +18,19 @@

  services.btrbk.instances.btrbk = {
    # How often this btrbk instance is started. See systemd.time(7) for more information about the format.
-    onCalendar = "daily";
+    onCalendar = "Tue,Thu,Sat *-*-* 3:45:20";
    settings = {
-      # keep daily snapshots for 14 days
-      snapshot_preserve = "14d";
-      # keep all snapshots for 2 days, no matter how frequently you (or your cron job) run btrbk
+      # how to prune local snapshots:
+      # 1. keep daily snapshots for xx days
+      snapshot_preserve = "9d";
+      # 2. keep all snapshots for 2 days, no matter how frequently you (or your cron job) run btrbk
      snapshot_preserve_min = "2d";
+
+      # hot to prune remote incremental baqckups:
+      # keep daily backups for 9 days, weekly backups for 4 weeks, and monthly backups for 2 months
+      target_preserve = "9d 4w 2m";
+      target_preserve_min = "no";
+
      volume = {
        "/btr_pool" = {
          subvolume = {
@@ -31,7 +38,10 @@
              snapshot_create = "always";
            };
          };
-          target = "/snapshots";
+
+          # backup to a remote server or a local directory
+          # its prune policy is defined by `target_preserve` and `target_preserve_min`
+          # target = "/snapshots";
        };
      };
    };
@@ -1,4 +1,4 @@
-_: {
+{
  # Network discovery, mDNS
  # With this enabled, you can access your machine at <hostname>.local
  # it's more convenient than using the IP address.
@@ -12,4 +12,10 @@ _: {
      userServices = true;
    };
  };
+
+  # Use an NTP server located in the mainland of China to synchronize the system time
+  networking.timeServers = [
+    "ntp.aliyun.com" # Aliyun NTP Server
+    "ntp.tencent.com" # Tencent NTP Server
+  ];
 }
@@ -22,7 +22,7 @@
  users.users."${myvars.username}" = {
    # generated by `mkpasswd -m scrypt`
    # we have to use initialHashedPassword here when using tmpfs for /
-    initialHashedPassword = "$7$CU..../....KDvTIXqLTXpmCaoUy2yC9.$145eM358b7Q0sRXgEBvxctd5EAuEEdao57LmZjc05D.";
+    inherit (myvars) initialHashedPassword;
    home = "/home/${myvars.username}";
    isNormalUser = true;
    extraGroups = [
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Ryan Yin	07178984b1	Merge pull request #154 from ryan4yin/refactor-vars refactor: migrate ssh auth keys & hashed password into vars	2024-08-16 14:40:54 +08:00
Ryan Yin	eb83e88267	refactor: migrate ssh auth keys & hashed password into vars	2024-08-16 14:40:06 +08:00
Ryan Yin	6c8e8111c6	docs: dae - comment	2024-08-16 11:46:37 +08:00
Ryan Yin	62e96cde7e	feat: dae - avoid rate limit of GitHub API & Docker Hub API	2024-08-16 11:44:30 +08:00
Ryan Yin	4bb53d0190	feat: justfile - gc	2024-08-15 22:50:20 +08:00
Ryan Yin	41af2c1444	Merge pull request #152 from ryan4yin/kubevirt-hugepages feat: kubevirt - use 75% of the memory for hugepages	2024-08-15 22:50:05 +08:00
Ryan Yin	43db6bcf63	feat: kubevirt - use 75% of the memory for hugepages	2024-08-15 17:19:26 +08:00
Ryan Yin	e17bc1ec23	feat: neovim - tree-sitter - just	2024-08-12 18:30:26 +08:00
Ryan Yin	c9954c009a	chore: justfile - gc - delete old than 7 days	2024-08-12 17:56:46 +08:00
Ryan Yin	e68a43edce	docs: justfile - nix gc	2024-08-12 17:51:02 +08:00
Ryan Yin	08a6885873	feat: justfile - nix gc	2024-08-12 17:44:37 +08:00
Ryan Yin	930d8322d1	feat: use the latest version of neovim	2024-08-12 17:18:59 +08:00
Ryan Yin	2363ab59c4	chore: add default to just	2024-08-12 17:18:18 +08:00
Ryan Yin	1394e26a59	chore: update flake.lock	2024-08-12 17:18:02 +08:00
Ryan Yin	940367c790	chore: update scripts	2024-08-12 15:17:38 +08:00
Ryan Yin	cae48ede1b	fix: update ntp time servers	2024-08-11 20:18:20 +08:00
Ryan Yin	9535c09a33	feat: add kubectx	2024-08-06 15:13:54 +08:00
Ryan Yin	194c3d9895	chore: remove some unused just commands	2024-08-01 10:14:54 +08:00
Ryan Yin	a8f613ead1	docs: justfile	2024-08-01 10:11:56 +08:00
Ryan Yin	5d69019f60	docs: virtual machine	2024-08-01 10:03:12 +08:00
Ryan Yin	648021b0ca	docs: virtual machine	2024-08-01 10:02:49 +08:00
Ryan Yin	c30730bedd	docs: virtual machine	2024-08-01 09:58:42 +08:00
Ryan Yin	e9b502fa5f	feat: yazi & neovim - show shidden files	2024-08-01 09:44:02 +08:00
Ryan Yin	3e2340aee7	feat: adjust configs for gitea	2024-07-31 23:18:52 +08:00
Ryan Yin	94c8eef2cb	Merge pull request #151 from ryan4yin/homepage feat: adjust homepage config	2024-07-31 23:04:01 +08:00
Ryan Yin	2581c9d562	feat: adjust homepage config	2024-07-31 23:03:07 +08:00
Ryan Yin	3aaa4c0372	Merge pull request #150 from ryan4yin/p8s-scrape-configs refactor: p8s scrape configs	2024-07-31 21:41:19 +08:00
Ryan Yin	c446a693ea	refactor: p8s scrape configs	2024-07-31 19:22:01 +08:00
Ryan Yin	9b0c5d7d50	Merge pull request #149 from ryan4yin/fix-nodejs-based-apps fix: fix nodejs-based apps	2024-07-31 17:19:49 +08:00
Ryan Yin	86ee8132b7	fix: homelab - use https	2024-07-31 17:19:35 +08:00
Ryan Yin	2f3d644234	fix: fix nodejs-based apps	2024-07-31 17:09:20 +08:00
Ryan Yin	87dfa7669f	Merge pull request #145 from ryan4yin/migrate-services-to-aqua feat: migrate grafana & prometheus to aqua	2024-07-31 16:22:27 +08:00
Ryan Yin	64dd1fc2f3	fix: typo	2024-07-31 16:20:32 +08:00
Ryan Yin	fc81143c10	chore: update mysecrets	2024-07-31 16:01:02 +08:00
Ryan Yin	5178a3e638	fix: sftpgo - directory	2024-07-31 15:52:41 +08:00
Ryan Yin	b3127a18c9	fix: uptime kuma	2024-07-31 15:42:40 +08:00
Ryan Yin	15e0b150e9	fix: home page	2024-07-31 15:38:48 +08:00
Ryan Yin	41dc24e350	feat: aqua - no fail if usb storage is not available	2024-07-31 15:07:53 +08:00
Ryan Yin	8c795c7d0d	feat: change data directories, add disko for usb storage	2024-07-31 14:29:21 +08:00
Ryan Yin	b671c05db9	feat: migrate services to aqua	2024-07-31 14:29:21 +08:00
Ryan Yin	80e0bcf031	fix: nix path	2024-07-31 14:28:40 +08:00
Ryan Yin	64ab375d1f	feat: update shell sessin	2024-07-31 14:09:53 +08:00
Ryan Yin	325f82b9cc	fix: nix path (#147 )	2024-07-31 13:39:49 +08:00
Ryan Yin	59a46844a7	fix: justfile & nushell - should use absolute path	2024-07-31 11:22:17 +08:00
Ryan Yin	5e21effb15	refactor: just - emacs reload for linux & macos	2024-07-31 11:08:07 +08:00
Ryan Yin	1e7b9697e1	feat: check process environment variables	2024-07-31 10:56:29 +08:00
Ryan Yin	422ec75ec0	refactor: justfile	2024-07-31 10:56:29 +08:00
Ryan Yin	c059d90b17	feat: aqua - mount usb storage	2024-07-31 09:43:30 +08:00
Ryan Yin	880e0ac65e	chore: update public keys	2024-07-30 14:21:07 +08:00
Ryan Yin	ed4a2f00fe	chore: nix flake update mysecrets	2024-07-30 14:01:26 +08:00
Ryan Yin	7a1788520b	fix: typo	2024-07-30 13:50:32 +08:00
Ryan Yin	e86d7a1020	fix: aqua - networking	2024-07-30 13:48:44 +08:00
Ryan Yin	6670c5bd7d	fix: btrbk - kubevirt	2024-07-30 12:41:08 +08:00
Ryan Yin	0620f199b2	feat: update btrbk configs	2024-07-30 11:41:38 +08:00
Ryan Yin	e2457e80aa	docs: kubevirt-youko - pci passthrough	2024-07-30 10:22:42 +08:00
Ryan Yin	8ffaf4e3ae	feat: decrease pre-allocated hugepages	2024-07-30 01:21:04 +08:00
Ryan Yin	f9d07d92de	fix: virt guest - use default gateway for better network	2024-07-30 00:31:37 +08:00
Ryan Yin	2b91c6f99d	chore: nix flake update mysecrets	2024-07-30 00:02:55 +08:00
Ryan Yin	fed3bc981b	fix: k3s test cluster - token path	2024-07-29 23:42:14 +08:00
Ryan Yin	d02331c1e0	Merge pull request #143 from ryan4yin/kubevirt-hugepages feat: pre-allocate hugepages for kubevirt	2024-07-29 22:43:28 +08:00
Ryan Yin	5ec72c848f	fix: allocate only hugepages with size 1Gi	2024-07-29 22:31:17 +08:00
Ryan Yin	5a6ccd8794	chore: update caddy's vm image path, checksum when uploading	2024-07-29 17:41:51 +08:00
Ryan Yin	3dc7ec1fe8	Merge pull request #141 from DataEraserC/fix-gtk-theme fix(home/linux/gui/base/gtk.nix): gtk theme name mismatch after upgrade	2024-07-26 16:35:14 +08:00
DataEraserC	414a222d19	fix(home/linux/gui/base/gtk.nix): gtk theme name mismatch after upgrade	2024-07-26 04:28:16 +08:00
Ryan Yin	783d61999c	docs: neovim - mason issue about nixos	2024-07-26 00:06:19 +08:00
Ryan Yin	86ec08aecb	Merge pull request #140 from ryan4yin/nix-ld feat: add nix-ld and LIBRARY_PATH for mason.nvim and other downloaded…	2024-07-25 23:27:46 +08:00
Ryan Yin	b7b913b444	feat: add nix-ld and LIBRARY_PATH for mason.nvim and other downloaded binaries	2024-07-25 23:25:33 +08:00
Ryan Yin	aa0e1d84e0	Merge pull request #139 from DataEraserC/patch-11 fix(docs typo):`Morden` -> `Modern`	2024-07-24 08:51:56 +08:00
DataEraserC	94e2e17c60	fix(typo):morden -> modern	2024-07-24 01:45:32 +08:00
Ryan Yin	41f4dc6237	docs: typo	2024-07-23 18:29:01 +08:00
Ryan Yin	d7c0e7caa6	feat(modules/base.nix): add more cache mirrors	2024-07-23 10:00:11 +08:00
Ryan Yin	d8759cc845	feat: darwin - font.packages	2024-07-23 09:49:04 +08:00
Ryan Yin	6c6ada4243	fix: nixos installer	2024-07-23 09:43:46 +08:00
Ryan Yin	95cdd40c77	feat: adjust btrbk's backups preserve policy, and disable backups...	2024-07-21 04:50:09 +08:00
Ryan Yin	a04d6dfdf6	feat: adjust btrbk's snapshot timer	2024-07-21 02:13:24 +08:00
Ryan Yin	adf1415868	docs: minior update	2024-07-20 17:54:25 +08:00
Ryan Yin	b1c6f1b90f	Merge pull request #137 from ryan4yin/update Update dependencies	2024-07-20 12:14:05 +08:00
Ryan Yin	5e9f98e56d	fix: anyrun - https://github.com/anyrun-org/anyrun/issues/153	2024-07-20 12:12:57 +08:00
Ryan Yin	885205d9e3	fix: remove non-existent tree sitter	2024-07-20 11:52:56 +08:00
Ryan Yin	385bcd2d87	chore: update graphics config	2024-07-20 11:49:14 +08:00
Ryan Yin	b3b55c36d8	fix: hyprland - crash	2024-07-20 11:43:16 +08:00
Ryan Yin	7d6fa4028d	chore: debug hyprland	2024-07-20 11:42:01 +08:00
Ryan Yin	0ea8548f37	fix: remove hyprlnad's flake	2024-07-20 11:42:01 +08:00
Ryan Yin	c29148fc77	fix: update flake again to fix lanzaboote's error	2024-07-20 11:42:01 +08:00
Ryan Yin	1eecf89793	feat: update dependencies	2024-07-20 11:42:01 +08:00
Ryan Yin	5fcf0d0995	refactor(home/base/tui/edistors): neovim - adjust the classification of lsp/treesitter	2024-07-19 18:28:06 +08:00
Ryan Yin	66949f6b8f	feat: neovim - add support for nickel	2024-07-19 15:43:50 +08:00
Ryan Yin	36ba5a4efc	feat: remove afdian	2024-07-16 14:44:21 +08:00
Ryan Yin	68285a70d0	feat: add idea for java development	2024-07-12 12:20:54 +08:00
Ryan Yin	f97ad2fd1e	feat: java language server	2024-07-12 12:09:07 +08:00
Ryan Yin	1d66cf655d	feat: add k8s related tools	2024-07-10 15:22:49 +08:00
Ryan Yin	04fa05151a	Merge pull request #136 from DataEraserC/patch-11 fix: ignore typo `crypted-nixos`	2024-07-08 09:36:09 +08:00
Sacabambaspis	62d986d1c8	fix: ignore typo `crypted-nixos`	2024-07-06 18:50:55 +08:00
Ryan Yin	730906ebf2	feat: neovim - add syntax highlight for justfiles	2024-06-28 17:36:40 +08:00
Ryan Yin	bcf5b8b1cb	feat: add gitleaks	2024-06-24 09:11:43 +08:00
Ryan Yin	1f14f5899c	Merge pull request #135 from DataEraserC/patch-9 fix(docs): update url in docs	2024-06-19 09:29:30 +08:00
Sacabambaspis	9732c87d1f	fix(docs): update url in docs	2024-06-18 23:02:27 +08:00
Ryan Yin	032f478d2a	docs: neovim	2024-06-18 11:08:23 +08:00
Ryan Yin	71cb1cf295	Merge pull request #134 from ryan4yin/rename-luks-device chore: rename luks device to crypted-nixos	2024-06-18 09:41:09 +08:00
Ryan Yin	09a9e086d8	chore: rename luks device to crypted-nixos	2024-06-18 09:40:00 +08:00
Ryan Yin	e903f95a46	Merge pull request #133 from yocoldle/patch-1 docs: fix description about the helix plugin system	2024-06-18 09:37:41 +08:00
Coldle	1239f4549a	docs: fix description about the helix plugin system	2024-06-17 22:23:47 +08:00
Ryan Yin	4433e018d9	feat: disable treesitter-wing	2024-06-16 21:38:14 +08:00
Ryan Yin	e9ac7d8ddc	feat: darwin - timezone	2024-06-16 20:13:53 +08:00
Ryan Yin	cf51e77d75	Merge pull request #132 from ryan4yin/update-flake-lock Update flake lock, adjust nushell	2024-06-15 11:54:09 +08:00
Ryan Yin	095b092e08	feat: adjust nushell	2024-06-15 11:39:20 +08:00
Ryan Yin	4e4eb9a003	feat: update flake.lock	2024-06-14 17:15:42 +08:00
Ryan Yin	1efe489846	feat: add gcloud & doctl	2024-06-14 15:29:58 +08:00
Ryan Yin	ea13da3031	feat: add ko for go project	2024-06-14 15:26:30 +08:00
Ryan Yin	47a735d235	feat: add dae rules for steam	2024-06-10 20:53:05 +08:00
Ryan Yin	84c4708b98	feat: add kubebuilder	2024-06-04 11:09:37 +08:00
Ryan Yin	12494d66af	Merge pull request #130 from DataEraserC/main fix(docs): fix partition unmatched	2024-06-03 18:40:51 +08:00
Sacabambaspis	97ff571431	fix(docs): fix docs typo	2024-06-03 18:27:41 +08:00
Ryan Yin	c0e3af3fad	docs: README	2024-06-03 15:20:19 +08:00
Ryan Yin	bbe2e80650	docs: README	2024-06-03 15:07:17 +08:00