Merge pull request #154 from ryan4yin/refactor-vars

refactor: migrate ssh auth keys & hashed password into vars
2026-05-28 18:39:31 +02:00 · 2024-08-16 14:40:54 +08:00 · 2024-08-16 14:40:06 +08:00 · 2024-08-16 11:46:37 +08:00 · 2024-08-16 11:44:30 +08:00 · 2024-08-15 22:50:20 +08:00
87 changed files with 943 additions and 509 deletions
@@ -3,3 +3,4 @@ result/
 .direnv/
 .DS_Store
 .pre-commit-config.yaml
 logs/
@@ -1,57 +1,85 @@
 # just is a command runner, Justfile is very similar to Makefile, but simpler.
-# use nushell for shell commands
+# Use nushell for shell commands
 # To usage this justfile, you need to enter a shell with just & nushell installed:
 # 
 #   nix shell nixpkgs#just nixpkgs#nushell
 set shell := ["nu", "-c"]
 utils_nu := absolute_path("utils.nu")
 ############################################################################
 #
 #  Common commands(suitable for all machines)
 #
 ############################################################################
-# Remote deployment via colmena
+# List all the just commands
-col tag:
+default:
-  colmena apply --on '@{{tag}}' --verbose --show-trace
+    @just --list
 local name mode="default":
  use utils.nu *; \
  nixos-switch {{name}} {{mode}}
 # Run eval tests
 [group('nix')]
 test:
  nix eval .#evalTests --show-trace --print-build-logs --verbose
-# update all the flake inputs
+# Update all the flake inputs
 [group('nix')]
 up:
  nix flake update
 # Update specific input
 # Usage: just upp nixpkgs
 [group('nix')]
 upp input:
  nix flake update {{input}}
 # List all generations of the system profile
 [group('nix')]
 history:
  nix profile history --profile /nix/var/nix/profiles/system
 # Open a nix shell with the flake
 [group('nix')]
 repl:
  nix repl -f flake:nixpkgs
 # remove all generations older than 7 days
 # on darwin, you may need to switch to root user to run this command
 [group('nix')]
 clean:
  sudo nix profile wipe-history --profile /nix/var/nix/profiles/system  --older-than 7d
 # Garbage collect all unused nix store entries
 [group('nix')]
 gc:
-  # garbage collect all unused nix store entries
+  # garbage collect all unused nix store entries(system-wide)
-  sudo nix store gc --debug
+  sudo nix-collect-garbage --delete-older-than 7d
-  sudo nix-collect-garbage --delete-old
+  # garbage collect all unused nix store entries(for the user - home-manager)
  # https://github.com/LnL7/nix-darwin/issues/237
  nix-collect-garbage --delete-older-than 7d
-# Remove all reflog entries and prune unreachable objects
+# Enter a shell session which has all the necessary tools for this flake
-gitgc:
+[linux]
-  git reflog expire --expire-unreachable=now --all
+[group('nix')]
-  git gc --prune=now
+shell:
  nix shell nixpkgs#git nixpkgs#neovim nixpkgs#colmena
 # Enter a shell session which has all the necessary tools for this flake
 [macos]
 [group('nix')]
 shell:
  nix shell nixpkgs#git nixpkgs#neovim
 [group('nix')]
 fmt:
  # format the nix files in this repo
  nix fmt
 # Show all the auto gc roots in the nix store
 [group('nix')]
 gcroot:
  ls -al /nix/var/nix/gcroots/auto/
 ############################################################################
 #
@@ -60,24 +88,32 @@ gitgc:
 ############################################################################
 [linux]
 [group('desktop')]
 i3 mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *;
  nixos-switch ai-i3 {{mode}}
 [linux]
 [group('desktop')]
 hypr mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *;
  nixos-switch ai-hyprland {{mode}}
 [linux]
 [group('desktop')]
 s-i3 mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *;
  nixos-switch shoukei-i3 {{mode}}
 [linux]
 [group('desktop')]
 s-hypr mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *;
  nixos-switch shoukei-hyprland {{mode}}
 ############################################################################
@@ -87,31 +123,39 @@ s-hypr mode="default":
 ############################################################################
 [macos]
 [group('desktop')]
 darwin-set-proxy:
  sudo python3 scripts/darwin_set_proxy.py
  sleep 1sec
 [macos]
 [group('desktop')]
 darwin-rollback:
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *;
  darwin-rollback
 # Deploy to harmonica(macOS host)
 [macos]
 [group('desktop')]
 ha mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
-  darwin-build "harmonica" {{mode}}; \
+  use {{utils_nu}} *;
  darwin-build "harmonica" {{mode}};
  darwin-switch "harmonica" {{mode}}
 # Depoly to fern(macOS host)
 [macos]
 [group('desktop')]
 fe mode="default": darwin-set-proxy
-  use utils.nu *; \
+  #!/usr/bin/env nu
-  darwin-build "fern" {{mode}}; \
+  use {{utils_nu}} *;
  darwin-build "fern" {{mode}};
  darwin-switch "fern" {{mode}}
 # Reload yabai and skhd(macOS)
 [macos]
 [group('desktop')]
 yabai-reload:
  launchctl kickstart -k "gui/502/org.nixos.yabai";
  launchctl kickstart -k "gui/502/org.nixos.skhd"; 
@@ -122,34 +166,67 @@ yabai-reload:
 #
 ############################################################################
 # Remote deployment via colmena
 [linux]
 [group('homelab')]
 col tag:
  colmena apply --on '@{{tag}}' --verbose --show-trace
 [linux]
 [group('homelab')]
 local name mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *;
  nixos-switch {{name}} {{mode}}
 # Build and upload a vm image
 [linux]
 [group('homelab')]
 upload-vm name mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *;
  upload-vm {{name}} {{mode}}
 # Deploy all the KubeVirt nodes(Physical machines running KubeVirt)
 [linux]
 [group('homelab')]
 lab:
  colmena apply --on '@virt-*' --verbose --show-trace
 [linux]
 [group('homelab')]
 shoryu:
  colmena apply --on '@kubevirt-shoryu' --verbose --show-trace
 [linux]
 [group('homelab')]
 shoryu-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch kubevirt-shoryu {{mode}}
 [linux]
 [group('homelab')]
 shushou:
  colmena apply --on '@kubevirt-shushou' --verbose --show-trace
 [linux]
 [group('homelab')]
 shushou-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch kubevirt-shushou {{mode}}
 [linux]
 [group('homelab')]
 youko:
  colmena apply --on '@kubevirt-youko' --verbose --show-trace
 [linux]
 [group('homelab')]
 youko-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch kubevirt-youko {{mode}}
 ############################################################################
@@ -159,31 +236,49 @@ youko-local mode="default":
 ############################################################################
 # Build and upload a vm image
 [linux]
 [group('homelab')]
 upload-idols mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  upload-vm aquamarine {{mode}}
  upload-vm ruby {{mode}}
  upload-vm kana {{mode}}
 [linux]
 [group('homelab')]
 aqua:
  colmena apply --on '@aqua' --verbose --show-trace
 [linux]
 [group('homelab')]
 aqua-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch aquamarine {{mode}}
 [linux]
 [group('homelab')]
 ruby:
  colmena apply --on '@ruby' --verbose --show-trace
 [linux]
 [group('homelab')]
 ruby-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch ruby {{mode}}
 [linux]
 [group('homelab')]
 kana:
  colmena apply --on '@kana' --verbose --show-trace
 [linux]
 [group('homelab')]
 kana-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch kana {{mode}}
 ############################################################################
@@ -193,30 +288,34 @@ kana-local mode="default":
 ############################################################################
 # Build and upload a vm image
-upload-k3s mode="default":
+[linux]
-  use utils.nu *; \
+[group('homelab')]
-  upload-vm k3s-prod-1-master-1 {{mode}}; \
+upload-k3s-prod mode="default":
-  upload-vm k3s-prod-1-master-2 {{mode}}; \
+  #!/usr/bin/env nu
-  upload-vm k3s-prod-1-master-3 {{mode}}; \
+  use {{utils_nu}} *; 
-  upload-vm k3s-prod-1-worker-1 {{mode}}; \
+  upload-vm k3s-prod-1-master-1 {{mode}}; 
-  upload-vm k3s-prod-1-worker-2 {{mode}}; \
+  upload-vm k3s-prod-1-master-2 {{mode}}; 
  upload-vm k3s-prod-1-master-3 {{mode}}; 
  upload-vm k3s-prod-1-worker-1 {{mode}}; 
  upload-vm k3s-prod-1-worker-2 {{mode}}; 
  upload-vm k3s-prod-1-worker-3 {{mode}};
 [linux]
 [group('homelab')]
 upload-k3s-test mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
-  upload-vm k3s-test-1-master-1 {{mode}}; \
+  use {{utils_nu}} *; 
-  upload-vm k3s-test-1-master-2 {{mode}}; \
+  upload-vm k3s-test-1-master-1 {{mode}}; 
  upload-vm k3s-test-1-master-2 {{mode}}; 
  upload-vm k3s-test-1-master-3 {{mode}};
-k3s:
+[linux]
-  colmena apply --on '@k3s-*' --verbose --show-trace
+[group('homelab')]
-
+k3s-prod:
-master:
+  colmena apply --on '@k3s-prod-*' --verbose --show-trace
  colmena apply --on '@k3s-prod-1-master-*' --verbose --show-trace
 worker:
  colmena apply --on '@k3s-prod-1-worker-*' --verbose --show-trace
 [linux]
 [group('homelab')]
 k3s-test:
  colmena apply --on '@k3s-test-*' --verbose --show-trace
@@ -226,12 +325,18 @@ k3s-test:
 #
 ############################################################################
 [linux]
 [group('homelab')]
 riscv:
  colmena apply --on '@riscv' --verbose --show-trace
 [linux]
 [group('homelab')]
 nozomi:
  colmena apply --on '@nozomi' --verbose --show-trace
 [linux]
 [group('homelab')]
 yukina:
  colmena apply --on '@yukina' --verbose --show-trace
@@ -241,42 +346,49 @@ yukina:
 #
 ############################################################################
 [linux]
 [group('homelab')]
 rakushun:
  colmena apply --on '@rakushun' --build-on-target --verbose --show-trace
 [linux]
 [group('homelab')]
 rakushun-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch rakushun {{mode}}
 [linux]
 [group('homelab')]
 suzu-set-proxy:
  ip route del default via 192.168.5.1
  ip route add default via 192.168.5.178
 [linux]
 [group('homelab')]
 suzu-unset-proxy:
  ip route del default via 192.168.5.178
  ip route add default via 192.168.5.1
 [linux]
 [group('homelab')]
 suzu-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
  use {{utils_nu}} *; 
  nixos-switch suzu {{mode}}
 ############################################################################
 #
-#  Misc, other useful commands
+#  Neovim related commands
 #
 ############################################################################
-fmt:
+[group('neovim')]
  # format the nix files in this repo
  nix fmt
 path:
   $env.PATH | split row ":"
 nvim-test:
  rm -rf $"($env.HOME)/.config/nvim"
  rsync -avz --copy-links --chmod=D2755,F744 home/base/tui/editors/neovim/nvim/ $"($env.HOME)/.config/nvim/"
 [group('neovim')]
 nvim-clean:
  rm -rf $"($env.HOME)/.config/nvim"
@@ -284,45 +396,68 @@ nvim-clean:
 # Emacs related commands
 # =================================================
-emacs-plist-path := "~/Library/LaunchAgents/org.nix-community.home.emacs.plist"
+[group('emacs')]
 reload-emacs-cmd := if os() == "macos" {
    "launchctl unload " + emacs-plist-path
    + "\n"
    + "launchctl load " + emacs-plist-path
    + "\n"
    + "tail -f ~/Library/Logs/emacs-daemon.stderr.log"
  } else {
    "systemctl --user restart emacs.service"
    + "\n"
    + "systemctl --user status emacs.service"
  }
 emacs-test:
  rm -rf $"($env.HOME)/.config/doom"
  rsync -avz --copy-links --chmod=D2755,F744 home/base/tui/editors/emacs/doom/ $"($env.HOME)/.config/doom/"
  doom clean
  doom sync
 [group('emacs')]
 emacs-clean:
  rm -rf $"($env.HOME)/.config/doom/"
 [group('emacs')]
 emacs-purge:
  doom purge
  doom clean
  doom sync
 [linux]
 [group('emacs')]
 emacs-reload:
  doom sync
-  {{reload-emacs-cmd}}
+  systemctl --user restart emacs.service
  systemctl --user status emacs.service
 emacs-plist-path := "~/Library/LaunchAgents/org.nix-community.home.emacs.plist"
 [macos]
 [group('emacs')]
 emacs-reload:
  doom sync
  launchctl unload {{emacs-plist-path}}
  launchctl load {{emacs-plist-path}}
  tail -f ~/Library/Logs/emacs-daemon.stderr.log
 # =================================================
 #
-# Kubernetes related commands
+# Other useful commands
 #
 # =================================================
 [group('common')]
 path:
   $env.PATH | split row ":"
 [linux]
 [group('common')]
 penvof pid:
  sudo cat $"/proc/($pid)/environ" | tr '\0' '\n'
 # Remove all reflog entries and prune unreachable objects
 [group('git')]
 ggc:
  git reflog expire --expire-unreachable=now --all
  git gc --prune=now
 # Amend the last commit without changing the commit message
 [group('git')]
 game:
  git commit --amend -a --no-edit
 # Delete all failed pods
 [group('k8s')]
 del-failed:
   kubectl delete pod --all-namespaces --field-selector="status.phase==Failed"
@@ -31,6 +31,9 @@ This repository is home to the nix code that builds my systems:
 See [./hosts](./hosts) for details of each host.
 See [./Virtual-Machine.md](./Virtual-Machine.md) for details of how to create & manage KubeVirt's
 Virtual Machine from this flake.
 ## Why NixOS & Flakes?
 Nix allows for easy-to-manage, collaborative, reproducible deployments. This means that once
@@ -1,13 +1,17 @@
 ## How to create & managage KubeVirt's Virtual Machine from this flake?
-Use `aquamarine` as an example, we can create a virtual machine with the following command:
+Use `aquamarine` as an example, first build and upload the virtual machine's qcow2 image to the file
 server:
 ```shell
 just upload-vm aquamarine
 ```
 Then create the virtual machine by creating a yaml file at
-[ryan4yin/k8s-gitops](https://github.com/ryan4yin/k8s-gitops/tree/main/vms)
+[ryan4yin/k8s-gitops](https://github.com/ryan4yin/k8s-gitops/tree/main/vms), set the
 `spec.dataVolumeTemplates[0].source.http.url` to the uploaded file's URL, and fluxcd will
 automatically apply the changes, then a virtual machine named `aquamarine` will be created in the
 KubeVirt cluster.
 Once the virtual machine `aquamarine` is created, we can deploy updates to it with the following
 commands:
@@ -121,11 +121,11 @@
        "pre-commit-hooks": "pre-commit-hooks"
      },
      "locked": {
-        "lastModified": 1720675195,
+        "lastModified": 1721655093,
-        "narHash": "sha256-kAOt6JR1PHyvHkLz39ABt3y09di05yJZUS3tELIPofc=",
+        "narHash": "sha256-IiUd700gUN8jxeD1xJv+s1v9vW/ILgw0/KfJLNFyutY=",
        "owner": "daeuniverse",
        "repo": "flake.nix",
-        "rev": "7915b3bf5cf0a89abcb152a5a9b732f372c68397",
+        "rev": "140c54a145b5e88684e5e88e36230b6cdf6aff87",
        "type": "github"
      },
      "original": {
@@ -159,15 +159,14 @@
    },
    "devshell": {
      "inputs": {
        "flake-utils": "flake-utils_2",
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1717408969,
+        "lastModified": 1722113426,
-        "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
+        "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
        "owner": "numtide",
        "repo": "devshell",
-        "rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
+        "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
        "type": "github"
      },
      "original": {
@@ -200,11 +199,11 @@
    "doomemacs": {
      "flake": false,
      "locked": {
-        "lastModified": 1721356739,
+        "lastModified": 1723252886,
-        "narHash": "sha256-AW30n1Nr8sbgN6vvyfFmgL7Jh9PwDRYDH0HmVIlsvqs=",
+        "narHash": "sha256-wrC3oAnVz22SHR/ujEG8wqaA9vfSNDlCiitW10iUlbM=",
        "owner": "doomemacs",
        "repo": "doomemacs",
-        "rev": "36e7aaa619342eff61b1daf3ac664f94d5272db7",
+        "rev": "f5020a4f7f228a84a51039a57fbf67107a0f2d74",
        "type": "github"
      },
      "original": {
@@ -213,6 +212,28 @@
        "type": "github"
      }
    },
    "fenix": {
      "inputs": {
        "nixpkgs": [
          "microvm",
          "nixpkgs"
        ],
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
        "lastModified": 1722580276,
        "narHash": "sha256-VaNcSh7n8OaFW/DJsR6Fm23V+EGpSei0DyF71RKB+90=",
        "owner": "nix-community",
        "repo": "fenix",
        "rev": "286f371b3cfeaa5c856c8e6dfb893018e86cc947",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "fenix",
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
@@ -287,11 +308,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1717285511,
+        "lastModified": 1722555600,
-        "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
+        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
+        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
        "type": "github"
      },
      "original": {
@@ -308,11 +329,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1712014858,
+        "lastModified": 1722555600,
-        "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
+        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
+        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
        "type": "github"
      },
      "original": {
@@ -347,11 +368,11 @@
        "nixpkgs-lib": "nixpkgs-lib_2"
      },
      "locked": {
-        "lastModified": 1719994518,
+        "lastModified": 1722555600,
-        "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
+        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
+        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
        "type": "github"
      },
      "original": {
@@ -383,11 +404,11 @@
        "systems": "systems_4"
      },
      "locked": {
-        "lastModified": 1701680307,
+        "lastModified": 1710146030,
-        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
        "type": "github"
      },
      "original": {
@@ -418,24 +439,6 @@
      "inputs": {
        "systems": "systems_6"
      },
      "locked": {
        "lastModified": 1705309234,
        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_5": {
      "inputs": {
        "systems": "systems_7"
      },
      "locked": {
        "lastModified": 1701680307,
        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
@@ -450,9 +453,9 @@
        "type": "github"
      }
    },
-    "flake-utils_6": {
+    "flake-utils_5": {
      "inputs": {
-        "systems": "systems_8"
+        "systems": "systems_7"
      },
      "locked": {
        "lastModified": 1681202837,
@@ -605,11 +608,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1721135958,
+        "lastModified": 1723399884,
-        "narHash": "sha256-H548rpPMsn25LDKn1PCFmPxmWlClJJGnvdzImHkqjuY=",
+        "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "afd2021bedff2de92dfce0e257a3d03ae65c603d",
+        "rev": "086f619dd991a4d355c07837448244029fc2d9ab",
        "type": "github"
      },
      "original": {
@@ -639,7 +642,7 @@
        "crane": "crane_2",
        "flake-compat": "flake-compat_2",
        "flake-parts": "flake-parts_4",
-        "flake-utils": "flake-utils_3",
+        "flake-utils": "flake-utils_2",
        "nixpkgs": [
          "nixpkgs"
        ],
@@ -663,18 +666,19 @@
    },
    "microvm": {
      "inputs": {
-        "flake-utils": "flake-utils_4",
+        "fenix": "fenix",
        "flake-utils": "flake-utils_3",
        "nixpkgs": [
          "nixpkgs"
        ],
        "spectrum": "spectrum"
      },
      "locked": {
-        "lastModified": 1721171275,
+        "lastModified": 1723407630,
-        "narHash": "sha256-GKdodvwT9Suh6V0qJ0N/YWTIADWwto/x3XnFO86iXDs=",
+        "narHash": "sha256-iBvdy5KAYWew4sAIVbrqrNL7jCMWFoB5hObocCXkHiY=",
        "owner": "astro",
        "repo": "microvm.nix",
-        "rev": "36e261aa2c15a4020663cef87905f436b15305f7",
+        "rev": "802ef1704f6a050f272bed5e226d0e86fa3e8c39",
        "type": "github"
      },
      "original": {
@@ -686,10 +690,10 @@
    "mysecrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1712114794,
+        "lastModified": 1722412796,
-        "narHash": "sha256-qWSnhqYo7o9+ThiH5TV5yPOWSKXCKpwSP+7HjnjBZvY=",
+        "narHash": "sha256-bV+DbfqItujekh62XWpqC2ldkw6KqAo6LOpKLh9M7Sc=",
        "ref": "refs/heads/main",
-        "rev": "066524c12e11687110642005d5d51fec88306573",
+        "rev": "8e3cf78c9f6b016625681f668e154b3705851a0d",
        "shallow": true,
        "type": "git",
        "url": "ssh://git@github.com/ryan4yin/nix-secrets.git"
@@ -707,11 +711,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1721270582,
+        "lastModified": 1722924007,
-        "narHash": "sha256-MdZmYPPExntE5rJu88IhJSy8Um4UyZCTXhOwvzbjDVI=",
+        "narHash": "sha256-+CQDamNwqO33REJLft8c26NbUi2Td083hq6SvAm2xkU=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "a3e4a7b8ffc08c7dc1973822a77ad432e1ec3dec",
+        "rev": "91010a5613ffd7ee23ee9263213157a1c422b705",
        "type": "github"
      },
      "original": {
@@ -728,11 +732,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1719227224,
+        "lastModified": 1723372011,
-        "narHash": "sha256-zvi2YfvlOLtui2JFhPs2qybpnJR3/2luMfp8t/eMh54=",
+        "narHash": "sha256-zqenoufFiPfobw74idorZMG8AXG3DnFzbHplt/Nkvrg=",
        "owner": "nix-community",
        "repo": "nix-eval-jobs",
-        "rev": "32071eb9635dbe0e1e8fc750ea1aac6808272018",
+        "rev": "8802412b8747633e9d80639897e4d58fa6290909",
        "type": "github"
      },
      "original": {
@@ -744,14 +748,15 @@
    "nix-gaming": {
      "inputs": {
        "flake-parts": "flake-parts_5",
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_4",
        "umu": "umu"
      },
      "locked": {
-        "lastModified": 1721381874,
+        "lastModified": 1723425928,
-        "narHash": "sha256-fA78AQqvEUTyPlq7KYkYldAzV9eaGTCs8yj16nJy52U=",
+        "narHash": "sha256-BFj0H0h3+hTCTsHTMCzmO7hQL3ym2MTgIdQe1SN1wPw=",
        "owner": "fufexan",
        "repo": "nix-gaming",
-        "rev": "35c551a783b53adae0b9ce81b94cf70e363411fa",
+        "rev": "cd19f284c40ce697db66314d0b7d29e41d47eb6b",
        "type": "github"
      },
      "original": {
@@ -769,11 +774,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1703863825,
+        "lastModified": 1720066371,
-        "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
+        "narHash": "sha256-uPlLYH2S0ACj0IcgaK9Lsf4spmJoGejR9DotXiXSBZQ=",
        "owner": "nix-community",
        "repo": "nix-github-actions",
-        "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
+        "rev": "622f829f5fe69310a866c8a6cd07e747c44ef820",
        "type": "github"
      },
      "original": {
@@ -784,11 +789,11 @@
    },
    "nixlib": {
      "locked": {
-        "lastModified": 1719708727,
+        "lastModified": 1722732880,
-        "narHash": "sha256-XFNKtyirrGNdehpg7lMNm1skEcBApjqGhaHc/OI95HY=",
+        "narHash": "sha256-do2Mfm3T6SR7a5A804RhjQ+JTsF5hk4JTPGjCTRM/m8=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6",
+        "rev": "8bebd4c74f368aacb047f0141db09ec6b339733c",
        "type": "github"
      },
      "original": {
@@ -820,11 +825,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1720859326,
+        "lastModified": 1723444610,
-        "narHash": "sha256-i8BiZj5faQS6gsupE0S9xtiyZmWinGpVLwxXWV342aQ=",
+        "narHash": "sha256-WzhuUR2ZwafNzBh0VAbk3+320xd2sNWdZdjZa0S9ydY=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7",
+        "rev": "a220fc3a6e144f12f0c3dc3e4d01d44c2e6b0b85",
        "type": "github"
      },
      "original": {
@@ -857,11 +862,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1721413321,
+        "lastModified": 1723310128,
-        "narHash": "sha256-0GdiQScDceUrVGbxYpV819LHesK3szHOhJ09e6sgES4=",
+        "narHash": "sha256-IiH8jG6PpR4h9TxSGMYh+2/gQiJW9MwehFvheSb5rPc=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "ab165a8a6cd12781d76fe9cbccb9e975d0fb634f",
+        "rev": "c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf",
        "type": "github"
      },
      "original": {
@@ -876,11 +881,11 @@
        "nixpkgs": "nixpkgs_5"
      },
      "locked": {
-        "lastModified": 1709869951,
+        "lastModified": 1721481969,
-        "narHash": "sha256-NjtSv0VgdewBcdo8VG5lTPseKR7iFoEc90EgQsFfK48=",
+        "narHash": "sha256-KTHUwzTmZCdS7FUghKvjjMm1WgwnHfS/LKZqT8MLohw=",
        "owner": "ryan4yin",
        "repo": "nixos-licheepi4a",
-        "rev": "d641db930a25950d0450ef427c4fe8a059500163",
+        "rev": "0fb4b65137de445de543ed8532d4aac6ecc27271",
        "type": "github"
      },
      "original": {
@@ -891,17 +896,17 @@
    },
    "nixos-rk3588": {
      "inputs": {
-        "flake-utils": "flake-utils_5",
+        "flake-utils": "flake-utils_4",
        "nixos-generators": "nixos-generators_2",
        "nixpkgs": "nixpkgs_6",
        "pre-commit-hooks": "pre-commit-hooks_2"
      },
      "locked": {
-        "lastModified": 1715737248,
+        "lastModified": 1723427077,
-        "narHash": "sha256-DFh9cEWypbcitiuQ+pazHrY2z0qq2XYzPFsqZg7oZ5M=",
+        "narHash": "sha256-SFTRomK5nNC56HRd24R+io6fzvojioIsdY3zyoYsbmA=",
        "owner": "ryan4yin",
        "repo": "nixos-rk3588",
-        "rev": "c4fef04d8c124146e6e99138283e0c57b2ad8e29",
+        "rev": "bee44589a40c6e64b09644ab33ad7f48e9f29950",
        "type": "github"
      },
      "original": {
@@ -912,11 +917,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1704161960,
+        "lastModified": 1722073938,
-        "narHash": "sha256-QGua89Pmq+FBAro8NriTuoO/wNaUtugt29/qqA8zeeM=",
+        "narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "63143ac2c9186be6d9da6035fa22620018c85932",
+        "rev": "e36e9f57337d0ff0cf77aceb58af4c805472bfae",
        "type": "github"
      },
      "original": {
@@ -928,11 +933,11 @@
    },
    "nixpkgs-darwin": {
      "locked": {
-        "lastModified": 1721396254,
+        "lastModified": 1723240379,
-        "narHash": "sha256-IpPVxufZfE8qy9Vp18LBNaDaxQThM4kS3PsFJHxMcdU=",
+        "narHash": "sha256-yMGB8j2NwDHBb8ODvNbFVCPLzUjx71sqQwelzmxJook=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "83bb0d311cc9b1f6f4c860f4a9b30b8a1466126c",
+        "rev": "aa9cfafc2a8dd21b11359ef32e318246d8de226c",
        "type": "github"
      },
      "original": {
@@ -944,40 +949,40 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1717284937,
+        "lastModified": 1722555339,
-        "narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=",
+        "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
      },
      "original": {
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
      }
    },
    "nixpkgs-lib_2": {
      "locked": {
-        "lastModified": 1719876945,
+        "lastModified": 1722555339,
-        "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=",
+        "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
      },
      "original": {
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
      }
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1718447546,
+        "lastModified": 1720386169,
-        "narHash": "sha256-JHuXsrC9pr4kA4n7LuuPfWFJUVlDBVJ1TXDVpHEuUgM=",
+        "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "842253bf992c3a7157b67600c2857193f126563a",
+        "rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
@@ -1000,11 +1005,11 @@
    },
    "nixpkgs-stable_3": {
      "locked": {
-        "lastModified": 1721226092,
+        "lastModified": 1723282977,
-        "narHash": "sha256-UBvzVpo5sXSi2S/Av+t+Q+C2mhMIw/LBEZR+d6NMjws=",
+        "narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "c716603a63aca44f39bef1986c13402167450e0a",
+        "rev": "a781ff33ae258bbcfd4ed6e673860c3e923bf2cc",
        "type": "github"
      },
      "original": {
@@ -1032,11 +1037,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1721393053,
+        "lastModified": 1723418128,
-        "narHash": "sha256-xNiw9gIxyF6xsyXCiFESPjxMjuVAfmr4sBpM9u2l5io=",
+        "narHash": "sha256-k1pEqsnB6ikZyasXbtV6A9akPZMKlsyENPDUA6PXoJo=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "a0691657e9634cfc001f02995cca394025e3e940",
+        "rev": "129f579cbb5b4c1ad258fd96bdfb78eb14802727",
        "type": "github"
      },
      "original": {
@@ -1048,11 +1053,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1715037484,
+        "lastModified": 1723221148,
-        "narHash": "sha256-OUt8xQFmBU96Hmm4T9tOWTu4oCswCzoVl+pxSq/kiFc=",
+        "narHash": "sha256-7pjpeQlZUNQ4eeVntytU3jkw9dFK3k1Htgk2iuXjaD8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "ad7efee13e0d216bf29992311536fce1d3eefbef",
+        "rev": "154bcb95ad51bc257c2ce4043a725de6ca700ef6",
        "type": "github"
      },
      "original": {
@@ -1064,11 +1069,11 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1719075281,
+        "lastModified": 1723175592,
-        "narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=",
+        "narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af",
+        "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b",
        "type": "github"
      },
      "original": {
@@ -1080,11 +1085,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1721303309,
+        "lastModified": 1723221148,
-        "narHash": "sha256-/+Yw4tW/mcTRKmkEAO64ObzCQClpSUZpk2flUD9GDHE=",
+        "narHash": "sha256-7pjpeQlZUNQ4eeVntytU3jkw9dFK3k1Htgk2iuXjaD8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "7e2fb8e0eb807e139d42b05bf8e28da122396bed",
+        "rev": "154bcb95ad51bc257c2ce4043a725de6ca700ef6",
        "type": "github"
      },
      "original": {
@@ -1128,11 +1133,11 @@
    },
    "nixpkgs_7": {
      "locked": {
-        "lastModified": 1721379653,
+        "lastModified": 1723175592,
-        "narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=",
+        "narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374",
+        "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b",
        "type": "github"
      },
      "original": {
@@ -1212,11 +1217,11 @@
    "polybar-themes": {
      "flake": false,
      "locked": {
-        "lastModified": 1719673248,
+        "lastModified": 1722351663,
-        "narHash": "sha256-zDh8jE6SOeRjAYqXgzAOnu6bo5Om5wJysWUzqw0Wuiw=",
+        "narHash": "sha256-cUr2XWVSYtwjRvSJJoCLAO2yNCUD3AghGMoAvrr4bQo=",
        "owner": "adi1090x",
        "repo": "polybar-themes",
-        "rev": "39c73cc1a993816f0b4fb251d242632fe8c51bb7",
+        "rev": "2db8a712d22966181c7e228d4ac63fcdf72a432e",
        "type": "github"
      },
      "original": {
@@ -1236,11 +1241,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1718879355,
+        "lastModified": 1723202784,
-        "narHash": "sha256-RTyqP4fBX2MdhNuMP+fnR3lIwbdtXhyj7w7fwtvgspc=",
+        "narHash": "sha256-qbhjc/NEGaDbyy0ucycubq4N3//gDFFH3DOmp1D3u1Q=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "8cd35b9496d21a6c55164d8547d9d5280162b07a",
+        "rev": "c7012d0c18567c889b948781bc74a501e92275d1",
        "type": "github"
      },
      "original": {
@@ -1319,11 +1324,11 @@
        "nixpkgs-stable": "nixpkgs-stable_4"
      },
      "locked": {
-        "lastModified": 1721042469,
+        "lastModified": 1723202784,
-        "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=",
+        "narHash": "sha256-qbhjc/NEGaDbyy0ucycubq4N3//gDFFH3DOmp1D3u1Q=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd",
+        "rev": "c7012d0c18567c889b948781bc74a501e92275d1",
        "type": "github"
      },
      "original": {
@@ -1362,6 +1367,23 @@
        "wallpapers": "wallpapers"
      }
    },
    "rust-analyzer-src": {
      "flake": false,
      "locked": {
        "lastModified": 1722521768,
        "narHash": "sha256-FvJ4FaMy1kJbZ3Iw1RyvuiUAsbHJXoU2HwylzaFzj1o=",
        "owner": "rust-lang",
        "repo": "rust-analyzer",
        "rev": "f149dc5029d8406fae8b2c541603bcac06e30deb",
        "type": "github"
      },
      "original": {
        "owner": "rust-lang",
        "ref": "nightly",
        "repo": "rust-analyzer",
        "type": "github"
      }
    },
    "rust-overlay": {
      "inputs": {
        "flake-utils": [
@@ -1414,7 +1436,7 @@
    },
    "rust-overlay_3": {
      "inputs": {
-        "flake-utils": "flake-utils_6",
+        "flake-utils": "flake-utils_5",
        "nixpkgs": [
          "nuenv",
          "nixpkgs"
@@ -1437,11 +1459,11 @@
    "spectrum": {
      "flake": false,
      "locked": {
-        "lastModified": 1708358594,
+        "lastModified": 1720264467,
-        "narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=",
+        "narHash": "sha256-xzM92n3Q9L90faJIJrkrTtTx+JqCGRHMkHWztkV4PuY=",
        "ref": "refs/heads/main",
-        "rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c",
+        "rev": "fb59d42542049f586c84b0f8bb86ff3be338e9d3",
-        "revCount": 614,
+        "revCount": 674,
        "type": "git",
        "url": "https://spectrum-os.org/git/spectrum"
      },
@@ -1555,21 +1577,6 @@
        "type": "github"
      }
    },
    "systems_8": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
@@ -1579,11 +1586,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1711963903,
+        "lastModified": 1723303070,
-        "narHash": "sha256-N3QDhoaX+paWXHbEXZapqd1r95mdshxToGowtjtYkGI=",
+        "narHash": "sha256-krGNVA30yptyRonohQ+i9cnK+CfCpedg6z3qzqVJcTs=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "49dc4a92b02b8e68798abd99184f228243b6e3ac",
+        "rev": "14c092e0326de759e16b37535161b3cb9770cea3",
        "type": "github"
      },
      "original": {
@@ -1592,6 +1599,31 @@
        "type": "github"
      }
    },
    "umu": {
      "inputs": {
        "nixpkgs": [
          "nix-gaming",
          "nixpkgs"
        ]
      },
      "locked": {
        "dir": "packaging/nix",
        "lastModified": 1723319758,
        "narHash": "sha256-4WYwxNzH/95Vj0IqR2xh4gyiSn8H9bGnBECFWy4vjIk=",
        "ref": "refs/heads/main",
        "rev": "74656e9da4008f75f3b1d136dbaf1172bf6c232f",
        "revCount": 697,
        "submodules": true,
        "type": "git",
        "url": "https://github.com/Open-Wine-Components/umu-launcher/?dir=packaging/nix"
      },
      "original": {
        "dir": "packaging/nix",
        "submodules": true,
        "type": "git",
        "url": "https://github.com/Open-Wine-Components/umu-launcher/?dir=packaging/nix"
      }
    },
    "wallpapers": {
      "flake": false,
      "locked": {
@@ -12,6 +12,7 @@
    go-containerregistry # provides `crane` & `gcrane`, it's similar to skopeo
    kubectl
    kubectx
    kubebuilder
    istioctl
    clusterctl # for kubernetes cluster-api
@@ -10,7 +10,7 @@
    gnupg
    gnumake
-    # Morden cli tools, replacement of grep/sed/...
+    # Modern cli tools, replacement of grep/sed/...
    # Interactively filter its input using fuzzy searching, not limit to filenames.
    fzf
@@ -11,6 +11,12 @@
    # Changing working directory when exiting Yazi
    enableBashIntegration = true;
    enableNushellIntegration = true;
    settings = {
      manager = {
        show_hidden = true;
        sort_dir_first = true;
      };
    };
  };
  xdg.configFile."yazi/theme.toml".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-yazi}/mocha.toml";
@@ -5,7 +5,7 @@
 - paredit/[lispy](https://github.com/doomemacs/doomemacs/tree/master/modules/editor/lispy): too
  complex.
 - [evil-cleverparens](https://github.com/emacs-evil/evil-cleverparens): simple and useful.
- [parinfer(par-in-fer)](https://shaunlebron.github.io/parinfer/): morden, simple, elegant and
+- [parinfer(par-in-fer)](https://shaunlebron.github.io/parinfer/): modern, simple, elegant and
  useful, but works not well with some other completion plugins...
  - to make parinfer works, you should disable sexp & smartparens in any lisp mode.
@@ -20,7 +20,7 @@ Use `:tutor` in helix to start the tutorial.
   1. Helix: delete 2 word: `2w` then `x`. You can always see what you're selecting before you apply
      the action.
   2. Neovim: delete 2 word: `d`. then `2w`. No visual feedback before you apply the action.
-1. Helix - Morden builtin features: LSP, tree-sitter, fuzzy finder, multi cursors, surround and
+1. Helix - Modern builtin features: LSP, tree-sitter, fuzzy finder, multi cursors, surround and
   more.
   1. They're all available in Neovim too, but you need to find and use the right plugins manually,
      which takes time and effort.
@@ -94,8 +94,11 @@ plugin.
 ### Splitting and Buffers
-| | Action | Shortcut | | --------------------- | ------------- | | Horizontal Split | `\` | |
+| Action           | Shortcut      |
-Vertical Split | `\|` | | Close Buffer | `<Space> + c` |
+| ---------------- | ------------- |
 | Horizontal Split | `\`           |
 | Vertical Split   | `\|`          |
 | Close Buffer     | `<Space> + c` |
 ### Editing and Formatting
@@ -109,7 +112,18 @@ Vertical Split | `\|` | | Close Buffer | `<Space> + c` |
 | Comment Line(support multiple lines)                  | `<Space> + /`  |
 | Open filepath/URL at cursor(neovim's builtin command) | `gx`           |
 | Find files by name (fzf)                              | `<Space> + ff` |
 | Find files by name (include hidden files)             | `<Space> + fF` |
 | Grep string in files (ripgrep)                        | `<Space> + fw` |
 | Grep string in files (include hidden files)           | `<Space> + fW` |
 ### Git
 | Action                     | Shortcut        |
 | -------------------------- | --------------- |
 | Git Commits (repository)   | `:<Space> + gc` |
 | Git Commits (current file) | `:<Space> + gC` |
 | Git Branches               | `:<Space> + gb` |
 | Git Status                 | `:<Space> + gt` |
 ### Sessions
@@ -163,7 +177,7 @@ Provided by mini.surround plugin.
 | --------------------------------- | --------------- |
 | Show all Yank History             | `:<Space> + yh` |
 | Show undo history                 | `:<Space> + uh` |
-| Show the path of the current file | `:!echo $%`      |
+| Show the path of the current file | `:!echo $%`     |
 ## Additional Resources
@@ -2,6 +2,7 @@
  config,
  lib,
  pkgs,
  pkgs-unstable,
  ...
 }:
 ###############################################################################
@@ -25,11 +26,33 @@ in {
  programs = {
    neovim = {
      enable = true;
      package = pkgs-unstable.neovim-unwrapped;
      defaultEditor = true;
      viAlias = true;
      vimAlias = true;
      # These environment variables are needed to build and run binaries
      # with external package managers like mason.nvim.
      #
      # LD_LIBRARY_PATH is also needed to run the non-FHS binaries downloaded by mason.nvim.
      # it will be set by nix-ld, so we do not need to set it here again.
      extraWrapperArgs = with pkgs; [
        # LIBRARY_PATH is used by gcc before compilation to search directories
        # containing static and shared libraries that need to be linked to your program.
        "--suffix"
        "LIBRARY_PATH"
        ":"
        "${lib.makeLibraryPath [stdenv.cc.cc zlib]}"
        # PKG_CONFIG_PATH is used by pkg-config before compilation to search directories
        # containing .pc files that describe the libraries that need to be linked to your program.
        "--suffix"
        "PKG_CONFIG_PATH"
        ":"
        "${lib.makeSearchPathOutput "dev" "lib/pkgconfig" [stdenv.cc.cc zlib]}"
      ];
      # Currently we use lazy.nvim as neovim's package manager, so comment this one.
      #
      # NOTE: These plugins will not be used by astronvim by default!
@@ -1,4 +1,7 @@
 -- Customize Mason plugins
 --
 -- NOTE: Issue - mason.nvim does not support NixOS:
 -- https://github.com/williamboman/mason.nvim/issues/428
 ---@type LazySpec
 return {
@@ -24,6 +24,7 @@ return {
    opts.ensure_installed = require("astrocore").list_insert_unique(opts.ensure_installed, {
      -- please add only the tree-sitters that are not available in nixpkgs here
      "just",
      "kdl",
      "csv",
      "xml",
@@ -16,7 +16,7 @@ using a Cloud provider for key management.
 Both age, Sops & GnuPG provide asymmetric encryption, which is useful for encrypting files for a
 specific user.
-For morden use, age is recommended, as it use [AEAD encryption function -
+For modern use, age is recommended, as it use [AEAD encryption function -
 ChaCha20-Poly1305][age Format v1], If you do not want to manage the keys by yourself, Sops is
 recommended, as it use KMS for key management.
@@ -104,7 +104,7 @@ one keypair, or a keyring/keychain(which contains multiple sub key-pairs).
 Let's generate a keypair interactively:
-> Now in 2024, GnuPG 2.4.1 defaults to ECC algorithm (9) and Curve 25519 for ECC, which is morden
+> Now in 2024, GnuPG 2.4.1 defaults to ECC algorithm (9) and Curve 25519 for ECC, which is modern
 > and safe, I would recommend to use these defaults directly.
 ```bash
@@ -45,7 +45,7 @@
    theme = {
      # https://github.com/catppuccin/gtk
-      name = "Catppuccin-Macchiato-Compact-Pink-Dark";
+      name = "catppuccin-macchiato-pink-compact";
      package = pkgs.catppuccin-gtk.override {
        # https://github.com/NixOS/nixpkgs/blob/nixos-23.05/pkgs/data/themes/catppuccin-gtk/default.nix
        accents = ["pink"];
@@ -2,36 +2,12 @@
 LUKS encrypted SSD for NixOS, on Orange Pi 5 Plus.
-Storage, operation and maintenance related services are running on this host:
+TODO
 1. Storage such as git server, file server/browser, torrent downloader,, etc.
 1. Backup or sync my personal data to cloud or NAS.
   - For safety, those data should be encrypted before sending to the cloud or my NAS.
 1. Collect and monitor the metrics/logs of my homelab.
 ## Showcases
 ![](../../_img/2024-03-07_orangepi5plus_rakushun.webp)
 ## Features
 Services:
 1. prometheus + alertmanager + grafana + loki: Monitor the metrics/logs of my homelab.
 1. restic: Backup my personal data to cloud or NAS.
 1. synthing: Sync file between android/macbook/PC and NAS.
 1. gitea: Self-hosted git service.
 1. sftpgo: SFTP server.
 1. transmission & AriaNg: Torrent downloader and HTTP downloader
 1. alist/filebrower: File browser for local/SMB/Cloud
 All the services assumes a reverse proxy to be setup in the front, they are all listening on
 localhost, and a caddy service is listening on the local network interface and proxy the requests to
 the services.
 TODO: create a private PKI for caddy, to achieve end-to-end encryption between caddy and the
 services.
 ## Misc
 ```bash
@@ -1 +0,0 @@
 # Homepage for my Homelab
@@ -1,25 +0,0 @@
 {pkgs, ...}: let
  configDir = "/var/lib/homepage-dashboard";
 in {
  # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/misc/homepage-dashboard.nix
  services.homepage-dashboard = {
    enable = true;
    listenPort = 4401;
    openFirewall = false;
  };
  systemd.services.homepage-dashboard.environment = {
    HOMEPAGE_CONFIG_DIR = configDir;
    # 1. The value of env var HOMEPAGE_VAR_XXX will replace {{HOMEPAGE_VAR_XXX}} in any config
    # HOMEPAGE_VAR_XXX_APIKEY = "myapikey";
    # 2. The value of env var HOMEPAGE_FILE_XXX must be a file path,
    # the contents of which will be used to replace {{HOMEPAGE_FILE_XXX}} in any config
  };
  # Install the homepage-dashboard configuration files
  system.activationScripts.installHomepageDashboardConfig = ''
    mkdir -p ${configDir}
    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F600 ${./config}/ ${configDir}/
    ${pkgs.systemdMinimal}/bin/systemctl restart homepage-dashboard
  '';
 }
@@ -1,26 +0,0 @@
 {
  # Replace dashy with gethomepage, because dashy is too slow to start/reload.
  # # Install the dashy configuration file instead of symlink it
  # system.activationScripts.installDashyConfig = ''
  #   install -Dm 600 ${./dashy_conf.yml} /etc/dashy/dashy_conf.yml
  # '';
  #
  # # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/virtualisation/oci-containers.nix
  # virtualisation.oci-containers.containers = {
  #   # check its logs via `journalctl -u podman-dashy`
  #   dashy = {
  #     hostname = "dashy";
  #     image = "lissy93/dashy:latest";
  #     ports = ["127.0.0.1:4000:80"];
  #     environment = {
  #       "NODE_ENV" = "production";
  #     };
  #     volumes = [
  #       "/etc/dashy/dashy_conf.yml:/app/public/conf.yml"
  #     ];
  #     autoStart = true;
  #     # cmd = [];
  #   };
  # };
 }
@@ -1,12 +0,0 @@
 {
  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/uptime-kuma.nix
  services.uptime-kuma = {
    enable = true;
    # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables
    settings = {
      "UPTIME_KUMA_HOST" = "127.0.0.1";
      "UPTIME_KUMA_PORT" = "3350";
      "DATA_DIR" = "/var/lib/uptime-kuma/";
    };
  };
 }
@@ -209,6 +209,12 @@ group {
        policy: min_avg10
    }
    proxy-random {
        filter: name(keyword: 'UK')
        filter: name(keyword: '英国')
        policy: random
    }
    sg {
        filter: name(keyword: 'Singapore')
        filter: name(keyword: '新加坡')
@@ -222,6 +228,7 @@ group {
    }
 }
 # Ref: https://github.com/v2fly/domain-list-community
 # See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples.
 # Pname has the highest priority, so should be placed in the front.
 # Priority of other rules is the same as the order of the rules defined in this file.
@@ -268,6 +275,12 @@ routing {
    # SSH - tcp port 22 is blocked by many proxy servers.
    dport(22) && !dip(geoip:cn) && !domain(geosite:cn) -> ssh-proxy
    ### GitHub / Docker Hub
    ### randomly select a node from the group for every connection
    ### to avoid the rate limit of GitHub API and Docker Hub API
    domain(geosite:github) -> proxy-random
    domain(geosite:docker) -> proxy-random
    ### OpenAI
    domain(geosite:openai) -> sg
    domain(regex:'.+\.openai$') -> sg
@@ -4,19 +4,20 @@
   1. `shoukei`: NixOS on Macbook Pro 2020 Intel i5, 13.3-inch, 16G RAM + 512G SSD.
   1. `suzu`: Orange Pi 5, RK3588s(4xA76 + 4xA55), GPU(4Cores, Mail-G610), NPU(6Tops@int8), 8G RAM +
      256G SSD.
-      1. Network related services running via microvm.nix, such as router(transparent proxy - dae),
+      - Network related services running via microvm.nix, such as router(transparent proxy - dae),
-         tailscale subrouter, etc.
+        tailscale subrouter, etc.
   1. `rakushun`: Orange Pi 5 Plus, RK3588(4xA76 + 4xA55), GPU(4Cores, Mail-G610), NPU(6Tops@int8),
      16G RAM + 2T SSD.
-      1. Monitoring(prometheus, grafana, exporters), CI/CD(gitea, runner), homepage, file browser,
+      - Not used now.
         and other services.
 1. `darwin`(macOS)
   1. `fern`: MacBook Pro 2022 13-inch M2 16G, mainly for business.
   1. `harmonica`: MacBook Pro 2020 13-inch i5 16G, for personal use.
-1. `k8s`: My Kubernetes Clusters
+1. `k8s`: My Kubevirt & Kubernetes Clusters
 1. `idols`
   1. `ai`: My main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use.
-   2. `aquamarine`: Not used now.
+   2. `aquamarine`: Kubevirt Virtual Machine.
      - Monitoring(prometheus, grafana, exporters), CI/CD(gitea, runner), homepage, file browser,
        and other services.
   3. `ruby`: Not used now.
   4. `kana`: Not used now.
 1. `rolling_girls`: My RISCV64 hosts.
@@ -1,3 +1,24 @@
 # Idols - Aquamarine
-TODO
+Storage, operation and maintenance related services are running on this host:
 1. Storage such as git server, file server/browser, torrent downloader,, etc.
 1. Backup or sync my personal data to cloud or NAS.
   - For safety, those data should be encrypted before sending to the cloud or my NAS.
 1. Collect and monitor the metrics/logs of my homelab.
 ## Features
 Services:
 1. prometheus + alertmanager + grafana + loki: Monitor the metrics/logs of my homelab.
 1. restic: Backup my personal data to cloud or NAS.
 1. synthing: Sync file between android/macbook/PC and NAS.
 1. gitea: Self-hosted git service.
 1. sftpgo: SFTP server.
 1. transmission & AriaNg: Torrent downloader and HTTP downloader
 1. alist/filebrower: File browser for local/SMB/Cloud
 All the services assumes a reverse proxy to be setup in the front, they are all listening on
 localhost, and a caddy service is listening on the local network interface and proxy the requests to
 the services.
@@ -17,7 +17,7 @@ in {
    # Reload Caddy instead of restarting it when configuration file changes.
    enableReload = true;
    user = "caddy"; # User account under which caddy runs.
-    dataDir = "/var/lib/caddy";
+    dataDir = "/data/apps/caddy";
    logDir = "/var/log/caddy";
    # Additional lines of configuration appended to the global config section of the Caddyfile.
@@ -31,12 +31,12 @@ in {
    # Dashboard
    virtualHosts."home.writefor.fun".extraConfig = ''
      ${hostCommonConfig}
-      reverse_proxy http://localhost:4401
+      reverse_proxy http://localhost:54401
    '';
    # https://caddyserver.com/docs/caddyfile/directives/file_server
    virtualHosts."file.writefor.fun".extraConfig = ''
-      root * /var/lib/caddy/fileserver/
+      root * /data/apps/caddy/fileserver/
      ${hostCommonConfig}
      file_server browse {
        hide .git
@@ -64,7 +64,7 @@ in {
    # Monitoring
    virtualHosts."uptime-kuma.writefor.fun".extraConfig = ''
      encode zstd gzip
-      reverse_proxy http://localhost:3350
+      reverse_proxy http://localhost:53350
    '';
    virtualHosts."grafana.writefor.fun".extraConfig = ''
      encode zstd gzip
@@ -83,15 +83,15 @@ in {
  # Create Directories
  systemd.tmpfiles.rules = [
-    "d /var/lib/caddy/fileserver/ 0755 caddy caddy"
+    "d /data/apps/caddy/fileserver/ 0755 caddy caddy"
    # directory for virtual machine's images
-    "d /var/lib/caddy/fileserver/vms 0755 caddy caddy"
+    "d /data/apps/caddy/fileserver/vms 0755 caddy caddy"
  ];
-  # Add all my wallpapers into /var/lib/caddy/fileserver/wallpapers
+  # Add all my wallpapers into /data/apps/caddy/fileserver/wallpapers
  # Install the homepage-dashboard configuration files
  system.activationScripts.installCaddyWallpapers = ''
-    mkdir -p /var/lib/caddy/fileserver/wallpapers
+    mkdir -p /data/apps/caddy/fileserver/wallpapers
-    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F644 ${wallpapers}/ /var/lib/caddy/fileserver/wallpapers/
+    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F644 ${wallpapers}/ /data/apps/caddy/fileserver/wallpapers/
  '';
 }
@@ -1,4 +1,10 @@
-{myvars, ...}:
+{
  mylib,
  myvars,
  pkgs,
  disko,
  ...
 }:
 #############################################################
 #
 #  Aquamarine - A NixOS VM running on Proxmox/KubeVirt
@@ -7,25 +13,33 @@
 let
  hostName = "aquamarine"; # Define your hostname.
 in {
-  imports = [
+  imports =
-  ];
+    (mylib.scanPaths ./.)
    ++ [
      disko.nixosModules.default
    ];
  # supported file systems, so we can mount any removable disks with these filesystems
  boot.supportedFilesystems = [
    "ext4"
    "btrfs"
    "xfs"
    #"zfs"
    "ntfs"
    "fat"
    "vfat"
    "exfat"
  ];
-  # boot.kernelModules = ["kvm-amd"];
+  boot.kernelPackages = pkgs.linuxPackages_latest;
-  # boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
+  boot.kernelModules = ["kvm-amd"];
  boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
  networking = {
    inherit hostName;
-    inherit (myvars.networking) nameservers;
+    inherit (myvars.networking) defaultGateway nameservers;
    inherit (myvars.networking.hostsInterface.${hostName}) interfaces;
    networkmanager.enable = false;
  };
  # This value determines the NixOS release from which the default
@@ -0,0 +1,62 @@
 # auto disk partitioning:
 #   nix run github:nix-community/disko -- --mode disko ./disko-fs.nix
 {
  disko.devices = {
    disk.data-apps = {
      type = "disk";
      device = "/dev/disk/by-id/ata-WDC_WD40EJRX-89T1XY0_WD-WCC7K0XDCZE6";
      content = {
        type = "gpt";
        partitions.data-apps = {
          size = "100%";
          content = {
            type = "btrfs";
            # extraArgs = ["-f"]; # Override existing partition
            subvolumes = {
              "@persistent" = {
                mountpoint = "/data/apps";
                mountOptions = [
                  "compress-force=zstd:1"
                  # https://www.freedesktop.org/software/systemd/man/latest/systemd.mount.html
                  "nofail"
                ];
              };
              "@backups" = {
                mountpoint = "/data/backups";
                mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
              };
              "@snapshots" = {
                mountpoint = "/data/apps-snapshots";
                mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
              };
            };
          };
        };
      };
    };
    disk.data-fileshare = {
      type = "disk";
      device = "/dev/disk/by-id/ata-WDC_WD40EZRZ-22GXCB0_WD-WCC7K7VV9613";
      content = {
        type = "gpt";
        partitions.data-fileshare = {
          size = "100%";
          content = {
            type = "btrfs";
            # extraArgs = ["-f"]; # Override existing partition
            subvolumes = {
              "@persistent" = {
                mountpoint = "/data/fileshare";
                mountOptions = ["compress-force=zstd:1" "nofail"];
              };
              "@snapshots" = {
                mountpoint = "/data/fileshare-snapshots";
                mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
              };
            };
          };
        };
      };
    };
  };
 }
@@ -5,7 +5,7 @@ in {
    enable = true;
    user = "gitea";
    group = "gitea";
-    stateDir = "/var/lib/gitea";
+    stateDir = "/data/apps/gitea";
    appName = "Ryan Yin's Gitea Service";
    lfs.enable = true;
    # Enable a timer that runs gitea dump to generate backup-files of the current gitea database and repositories.
@@ -27,7 +27,10 @@ in {
      };
      # one of "Trace", "Debug", "Info", "Warn", "Error", "Critical"
      log.LEVEL = "Info";
-      session.COOKIE_SECURE = false;
+      # Marks session cookies as "secure" as a hint for browsers to only send them via HTTPS.
      session.COOKIE_SECURE = true;
      # NOTE: The first registered user will be the administrator,
      # so this parameter should NOT be set before the first user registers!
      service.DISABLE_REGISTRATION = true;
      # "cron.sync_external_users" = {
@@ -5,7 +5,7 @@
 }: {
  services.grafana = {
    enable = true;
-    dataDir = "/var/lib/grafana";
+    dataDir = "/data/apps/grafana";
    # DeclarativePlugins = with pkgs.grafanaPlugins; [ grafana-piechart-panel ];
    settings = {
      server = {
@@ -1,56 +1,62 @@
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/latest/configs/services
 #
 # Icons:
 #   1. .png/.svg: will be referenced from https://github.com/walkxcode/dashboard-icons
 #   2. mdi-XXX:   https://pictogrammers.com/library/mdi/
 #   3. si-XXX:    https://simpleicons.org/
 - KubeVirt 虚拟化集群:
    - KubeVirt-Shoryu:
-        icon: si-kubevirt
+        icon: mdi-server
        description: "CPU: R7-5825U / MEM: 64G / DISK: 1T"
-        href: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.181:9100
+        href: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.181:9100
-        siteMonitor: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.181:9100
+        siteMonitor: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.181:9100
    - KubeVirt-Shushou:
-        icon: si-kubevirt
+        icon: mdi-server
        description: "CPU: R9-5900HX / MEM: 64G / DISK: 1T"
-        href: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.182:9100
+        href: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.182:9100
-        siteMonitor: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.182:9100
+        siteMonitor: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.182:9100
    - KubeVirt-Youko:
-        icon: si-kubevirt
+        icon: mdi-server
        description: "CPU: R5-5625U / MEM: 32G / DISK: 512G+4T*2"
-        href: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.183:9100
+        href: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.183:9100
-        siteMonitor: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.183:9100
+        siteMonitor: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.183:9100
    - LongHorn-Storage:
-        icon: si-longhorn
+        icon: longhorn.svg
        href: http://longhorn.writefor.fun/
    - Victoria-Metrics:
        icon: si-victoriametrics
        href: http://vm.writefor.fun/
    - KubeVirt-Grafana:
-        icon: si-grafana
+        icon: grafana.svg
        href: http://k8s-grafana.writefor.fun/
 - Homelab Monitoring:
    - Grafana:
-        icon: si-grafana
+        icon: grafana.svg
-        href: http://grafana.writefor.fun
+        href: https://grafana.writefor.fun
        description: Data visualised on dashboards
-        siteMonitor: http://grafana.writefor.fun
+        siteMonitor: https://grafana.writefor.fun
    - Prometheus Dashboard:
-        icon: si-prometheus
+        icon: prometheus.svg
-        href: http://prometheus.writefor.fun
+        href: https://prometheus.writefor.fun
        description: Monitoring - Prometheus
-        siteMonitor: http://prometheus.writefor.fun
+        siteMonitor: https://prometheus.writefor.fun
    - Uptime Kuma:
-        icon: si-uptimekuma
+        icon: uptime-kuma.svg
-        href: http://uptime-kuma.writefor.fun
+        href: https://uptime-kuma.writefor.fun
        description: Uptime Checking
-        siteMonitor: http://uptime-kuma.writefor.fun
+        siteMonitor: https://uptime-kuma.writefor.fun
 - Homelab Applications:
    - SFTPGO:
-      icon: sftpgo.png
+        icon: sftpgo.png
-      href: "http://sftpgo.writefor.fun/web/admin/folders"
+        href: "https://sftpgo.writefor.fun/web/admin/folders"
-      description: WebDAV & SFTP server
+        description: WebDAV & SFTP server
-      siteMonitor: http://sftpgo.writefor.fun/
+        siteMonitor: https://sftpgo.writefor.fun/
 #
 # - Kubernetes Monitoring:
 #     # TODO: Update this
 #     - Emby:
@@ -21,10 +21,10 @@ providers:
 background:
  image: https://file.writefor.fun/wallpapers/rolling-girls.png
-  blur: sm # sm, "", md, xl... see https://tailwindcss.com/docs/backdrop-blur
+  blur: sm # 模糊 - sm, "", md, xl... see https://tailwindcss.com/docs/backdrop-blur
-  saturate: 90 # 0, 50, 100... see https://tailwindcss.com/docs/backdrop-saturate
+  saturate: 90 # 色彩饱和度 - 0, 50, 100... see https://tailwindcss.com/docs/backdrop-saturate
  brightness: 90 # 0, 50, 75... see https://tailwindcss.com/docs/backdrop-brightness
-  opacity: 85 # 0-100
+  opacity: 25 # 透明度 - 0-100
 theme: dark # or light
@@ -32,7 +32,7 @@ theme: dark # or light
 # slate, gray, zinc, neutral, stone, amber,
 # yellow, lime, green, emerald, teal, cyan,
 # sky, blue, indigo, violet, purple, fuchsia, pink, rose, red, white
-color: indigo
+color: slate
 # make all cards in a row the same height.
 useEqualHeights: true
@@ -40,31 +40,20 @@ useEqualHeights: true
 # Groups and its layout
 # Groups Name should match the name defined in your services.yaml or widgets.yaml
 layout:
  Homelab Monitoring:
    icon: mdi-monitor-dashboard
    initiallyCollapsed: false # collapsed by default
    tab: Main
    style: row
    columns: 3
  Homelab Applications:
    icon: si-homepage
    tab: Main
  KubeVirt 虚拟化集群:
-    icon: si-kubevirt
+    icon: si-kubernetes
-    tab: First
+    tab: KubeVirt
  Group A:
    initiallyCollapsed: true # collapsed by default
    tab: First
    style: row
    columns: 4
  Second Service Group:
    useEqualHeights: true # overrides global setting
    tab: Second
    columns: 4
  Third Service Group:
    tab: Third
    style: row
  Bookmark Group on Fourth Tab:
    tab: Fourth
  Service Group on every Tab:
    style: row
    columns: 4
 # https://gethomepage.dev/latest/configs/services/#icons
 # iconStyle: theme # optional, defaults to gradient
@@ -0,0 +1,41 @@
 {
  config,
  pkgs,
  ...
 }: let
  user = "homepage";
  configDir = "/data/apps/homepage-dashboard";
 in {
  users.groups.${user} = {};
  users.users.${user} = {
    group = user;
    home = configDir;
    isSystemUser = true;
  };
  # Install the homepage-dashboard configuration files
  system.activationScripts.installHomepageDashboardConfig = ''
    mkdir -p ${configDir}
    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F644 ${./config}/ ${configDir}/
    chown -R ${user}:${user} ${configDir}
  '';
  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/virtualisation/oci-containers.nix
  virtualisation.oci-containers.containers = {
    # check its logs via `journalctl -u podman-homepage`
    homepage = {
      hostname = "homepage";
      image = "ghcr.io/gethomepage/homepage:latest";
      ports = ["127.0.0.1:54401:3000"];
      # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables
      environment = {
        # "PUID" = config.users.users.${user}.uid;
        # "PGID" = config.users.groups.${user}.gid;
      };
      volumes = [
        "${configDir}:/app/config"
      ];
      autoStart = true;
    };
  };
 }
@@ -0,0 +1,35 @@
 {config, ...}: let
  user = "kuma";
  dataDir = "/data/apps/uptime-kuma";
 in {
  users.groups.${user} = {};
  users.users.${user} = {
    group = user;
    home = dataDir;
    isSystemUser = true;
  };
  # Create Directories
  systemd.tmpfiles.rules = [
    "d ${dataDir} 0755 ${user} ${user}"
  ];
  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/virtualisation/oci-containers.nix
  virtualisation.oci-containers.containers = {
    # check its logs via `journalctl -u podman-homepage`
    uptime-kuma = {
      hostname = "uptime-kuma";
      image = "louislam/uptime-kuma:1";
      ports = ["127.0.0.1:53350:3001"];
      # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables
      environment = {
        # "PUID" = config.users.users.${user}.uid;
        # "PGID" = config.users.groups.${user}.gid;
      };
      volumes = [
        "${dataDir}:/app/data"
      ];
      autoStart = true;
    };
  };
 }
@@ -1,4 +1,5 @@
 {
  lib,
  config,
  myvars,
  ...
@@ -45,64 +46,75 @@
    # specifies a set of targets and parameters describing how to scrape metrics from them.
    # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config
-    scrapeConfigs = [
+    scrapeConfigs =
      [
        # --- Homelab Applications --- #
        {
          job_name = "dnsmasq-exporter";
          scrape_interval = "30s";
          metrics_path = "/metrics";
          static_configs = [
            {
              targets = ["${myvars.networking.hostsAddr.suzi.ipv4}:9153"];
              labels.type = "app";
              labels.app = "dnsmasq";
              labels.host = "suzi";
            }
          ];
        }
        {
          job_name = "v2ray-exporter";
          scrape_interval = "30s";
          metrics_path = "/metrics";
          static_configs = [
            {
              targets = ["${myvars.networking.hostsAddr.aquamarine.ipv4}:9153"];
              labels.type = "app";
              labels.app = "v2ray";
              labels.host = "aquamarine";
            }
          ];
        }
        {
          job_name = "sftpgo-embedded-exporter";
          scrape_interval = "30s";
          metrics_path = "/metrics";
          static_configs = [
            {
              targets = ["${myvars.networking.hostsAddr.aquamarine.ipv4}:10000"];
              labels.type = "app";
              labels.app = "sftpgo";
              labels.host = "aquamarine";
            }
          ];
        }
      ]
      # --- Hosts --- #
-      {
+      ++ (
-        job_name = "node-exporter";
+        lib.attrsets.foldlAttrs
-        scrape_interval = "30s";
+        (acc: hostname: addr:
-        metrics_path = "/metrics";
+          acc
-        static_configs = [
+          ++ [
-          {
+            {
-            # All my NixOS hosts.
+              job_name = "node-exporter-${hostname}";
-            targets =
+              scrape_interval = "30s";
-              map (addr: "${addr.ipv4}:9100")
+              metrics_path = "/metrics";
-              (builtins.attrValues myvars.networking.hostsAddr);
+              static_configs = [
-            labels.type = "node";
+                {
-          }
+                  # All my NixOS hosts.
-        ];
+                  targets = ["${addr.ipv4}:9100"];
-      }
+                  labels.type = "node";
-
+                  labels.host = hostname;
-      # --- Homelab Applications --- #
+                }
-
+              ];
-      {
+            }
-        job_name = "dnsmasq-exporter";
+          ])
-        scrape_interval = "30s";
+        []
-        metrics_path = "/metrics";
+        myvars.networking.hostsAddr
-        static_configs = [
+      );
          {
            targets = ["${myvars.networking.hostsAddr.suzi.ipv4}:9153"];
            labels.type = "app";
            labels.app = "dnsmasq";
          }
        ];
      }
      {
        job_name = "v2ray-exporter";
        scrape_interval = "30s";
        metrics_path = "/metrics";
        static_configs = [
          {
            targets = ["${myvars.networking.hostsAddr.rakushun.ipv4}:9153"];
            labels.type = "app";
            labels.app = "v2ray";
          }
        ];
      }
      {
        job_name = "sftpgo-embedded-exporter";
        scrape_interval = "30s";
        metrics_path = "/metrics";
        static_configs = [
          {
            targets = ["${myvars.networking.hostsAddr.rakushun.ipv4}:10000"];
            labels.type = "app";
            labels.app = "v2ray";
          }
        ];
      }
    ];
    # specifies Alertmanager instances the Prometheus server sends alerts to
    # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config
@@ -1,11 +1,18 @@
-{config, ...}: {
+{config, ...}: let
  user = "sftpgo";
  dataDir = "/data/apps/sftpgo";
 in {
  # Read SFTPGO_DEFAULT_ADMIN_USERNAME and SFTPGO_DEFAULT_ADMIN_PASSWORD from a file
  systemd.services.sftpgo.serviceConfig.EnvironmentFile = config.age.secrets."sftpgo.env".path;
  # Create Directories
  systemd.tmpfiles.rules = [
    "d ${dataDir} 0755 ${user} ${user}"
  ];
  services.sftpgo = {
    enable = true;
-    user = "sftpgo";
+    inherit user dataDir;
    dataDir = "/var/lib/sftpgo";
    extraArgs = [
      "--log-level"
      "info"
@@ -3,7 +3,7 @@
  myvars,
  ...
 }: let
-  dataDir = "/var/lib/transmission";
+  dataDir = "/data/apps/transmission";
  name = "transmission";
 in {
  # the headless Transmission BitTorrent daemon
@@ -28,11 +28,7 @@ Clusters running as virtual machines on the KubeVirt cluster, for testing and pr
   1. `k3s-prod-1-worker-1`
   1. `k3s-prod-1-worker-2`
   1. `k3s-prod-1-worker-3`
-1. For testing:.
+1. For testing:. 2. `k3s-test-1-master-1` 3. `k3s-test-1-master-2` 4. `k3s-test-1-master-3`
   1. `k3s-test-1-master-1`
   2. `k3s-test-1-worker-1`
   3. `k3s-test-1-worker-2`
   4. `k3s-test-1-worker-3`
 ## Kubernetes Resources
@@ -14,7 +14,7 @@
  k3sModule = mylib.genK3sServerModule {
    inherit pkgs;
    kubeconfigFile = "/home/${myvars.username}/.kube/config";
-    tokenFile = config.age.secrets."k3s-prod-1-token".path;
+    tokenFile = config.age.secrets."k3s-test-1-token".path;
    # the first node in the cluster should be the one to initialize the cluster
    clusterInit = true;
    # use my own domain & kube-vip's virtual IP for the API server
@@ -14,7 +14,7 @@
  k3sModule = mylib.genK3sServerModule {
    inherit pkgs;
    kubeconfigFile = "/home/${myvars.username}/.kube/config";
-    tokenFile = config.age.secrets."k3s-prod-1-token".path;
+    tokenFile = config.age.secrets."k3s-test-1-token".path;
    # use my own domain & kube-vip's virtual IP for the API server
    # so that the API server can always be accessed even if some nodes are down
    masterHost = "test-cluster-1.writefor.fun";
@@ -14,7 +14,7 @@
  k3sModule = mylib.genK3sServerModule {
    inherit pkgs;
    kubeconfigFile = "/home/${myvars.username}/.kube/config";
-    tokenFile = config.age.secrets."k3s-prod-1-token".path;
+    tokenFile = config.age.secrets."k3s-test-1-token".path;
    # use my own domain & kube-vip's virtual IP for the API server
    # so that the API server can always be accessed even if some nodes are down
    masterHost = "test-cluster-1.writefor.fun";
@@ -49,4 +49,17 @@ in {
      coreModule
      k3sModule
    ];
  boot.kernelParams = [
    # disable transparent hugepage(allocate hugepages dynamically)
    "transparent_hugepage=never"
    # https://kubevirt.io/user-guide/compute/hugepages/
    #
    # pre-allocate hugepages manually(for kubevirt guest vms)
    # NOTE: the hugepages allocated here can not be used for other purposes!
    # so we should left some memory for the host OS and other vms that don't use hugepages
    "hugepagesz=1G"
    "hugepages=48" # use 75% of the total memory for hugepages
  ];
 }
@@ -43,4 +43,17 @@ in {
      coreModule
      k3sModule
    ];
  boot.kernelParams = [
    # disable transparent hugepage(allocate hugepages dynamically)
    "transparent_hugepage=never"
    # https://kubevirt.io/user-guide/compute/hugepages/
    #
    # pre-allocate hugepages manually(for kubevirt guest vms)
    # NOTE: the hugepages allocated here can not be used for other purposes!
    # so we should left some memory for the host OS and other vms that don't use hugepages
    "hugepagesz=1G"
    "hugepages=48" # use 75% of the total memory for hugepages
  ];
 }
@@ -43,4 +43,24 @@ in {
      coreModule
      k3sModule
    ];
  boot.kernelParams = [
    # disable transparent hugepage(allocate hugepages dynamically)
    "transparent_hugepage=never"
    # https://kubevirt.io/user-guide/compute/hugepages/
    #
    # pre-allocate hugepages manually(for kubevirt guest vms)
    # NOTE: the hugepages allocated here can not be used for other purposes!
    # so we should left some memory for the host OS and other vms that don't use hugepages
    "hugepagesz=1G"
    "hugepages=15" # use 15/24 of the total memory for hugepages
    # https://kubevirt.io/user-guide/compute/host-devices/
    #
    # PCI passthrough
    # "amd_iommu=on" # enable IOMMU
    # "iommu=pt" # use passthrough mode
    # "pcie_acs_override=downstream" # enable ACS override
  ];
 }
@@ -4,7 +4,7 @@
  networking,
  ...
 }: let
-  inherit (networking) mainGateway nameservers;
+  inherit (networking) defaultGateway nameservers;
  inherit (networking.hostsAddr.${hostName}) iface ipv4;
  ipv4WithMask = "${ipv4}/24";
 in {
@@ -27,7 +27,7 @@ in {
    matchConfig.Name = [iface];
    networkConfig = {
      Address = [ipv4WithMask];
-      Gateway = mainGateway;
+      Gateway = defaultGateway;
      DNS = nameservers;
      IPv6AcceptRA = true;
    };
@@ -2,6 +2,8 @@
  pkgs,
  myvars,
  nuenv,
  nixpkgs,
  lib,
  ...
 } @ args: {
  nixpkgs.overlays =
@@ -72,11 +74,7 @@
    #      ```
    #    2. Never leave the device and never sent over the network.
    # 2. Or just use hardware security keys like Yubikey/CanoKey.
-    openssh.authorizedKeys.keys = [
+    openssh.authorizedKeys.keys = myvars.sshAuthorizedKeys;
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKlN+Q/GxvwxDX/OAjJHaNFEznEN4Tw4E4TwqQu/eD6 ryan@idols-ai"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPoa9uEI/gR5+klqTQwvCgD6CD5vT5iD9YCNx2xNrH3B ryan@fern"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPwZ9MdotnyhxIJrI4gmVshExHiZOx+FGFhcW7BaYkfR ryan@harmonica"
    ];
  };
  nix.settings = {
@@ -111,4 +109,14 @@
    ];
    builders-use-substitutes = true;
  };
  # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
  nix.registry.nixpkgs.flake = nixpkgs;
  environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
  # make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
  # discard all the default paths, and only use the one from this flake.
  nix.nixPath = lib.mkForce ["/etc/nix/inputs"];
  # https://github.com/NixOS/nix/issues/9574
  nix.settings.nix-path = lib.mkForce "nixpkgs=/etc/nix/inputs/nixpkgs";
 }
@@ -1,8 +1,4 @@
 {
  lib,
  nixpkgs,
  ...
 }: {
  ###################################################################################
  #
  #  Core configuration for nix-darwin
@@ -28,12 +24,4 @@
  nix.settings.auto-optimise-store = false;
  nix.gc.automatic = false;
  # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
  nix.registry.nixpkgs.flake = nixpkgs;
  environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
  # make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
  # discard all the default paths, and only use the one from this flake.
  nix.nixPath = lib.mkForce ["/etc/nix/inputs"];
 }
@@ -18,7 +18,7 @@
  services.btrbk.instances.btrbk = {
    # How often this btrbk instance is started. See systemd.time(7) for more information about the format.
-    onCalendar = "Tue,Fri,Sat,Sun *-*-* 3:45:20"; # daily at 3:45, except on Monday, Wednesday, and Thursday
+    onCalendar = "Tue,Thu,Sat *-*-* 3:45:20";
    settings = {
      # how to prune local snapshots:
      # 1. keep daily snapshots for xx days
@@ -1,4 +1,4 @@
-_: {
+{
  # Network discovery, mDNS
  # With this enabled, you can access your machine at <hostname>.local
  # it's more convenient than using the IP address.
@@ -12,4 +12,10 @@ _: {
      userServices = true;
    };
  };
  # Use an NTP server located in the mainland of China to synchronize the system time
  networking.timeServers = [
    "ntp.aliyun.com" # Aliyun NTP Server
    "ntp.tencent.com" # Tencent NTP Server
  ];
 }
@@ -22,7 +22,7 @@
  users.users."${myvars.username}" = {
    # generated by `mkpasswd -m scrypt`
    # we have to use initialHashedPassword here when using tmpfs for /
-    initialHashedPassword = "$7$CU..../....KDvTIXqLTXpmCaoUy2yC9.$145eM358b7Q0sRXgEBvxctd5EAuEEdao57LmZjc05D.";
+    inherit (myvars) initialHashedPassword;
    home = "/home/${myvars.username}";
    isNormalUser = true;
    extraGroups = [
@@ -16,4 +16,30 @@
          })
    )
  ];
  # https://github.com/Mic92/nix-ld
  #
  # nix-ld will install itself at `/lib64/ld-linux-x86-64.so.2` so that
  # it can be used as the dynamic linker for non-NixOS binaries.
  #
  # nix-ld works like a middleware between the actual link loader located at `/nix/store/.../ld-linux-x86-64.so.2`
  # and the non-NixOS binaries. It will:
  #
  #   1. read the `NIX_LD` environment variable and use it to find the actual link loader.
  #   2. read the `NIX_LD_LIBRARY_PATH` environment variable and use it to set the `LD_LIBRARY_PATH` environment variable
  #      for the actual link loader.
  #
  # nix-ld's nixos module will set default values for `NIX_LD` and `NIX_LD_LIBRARY_PATH` environment variables, so
  # it can work out of the box:
  #
  #  - https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/programs/nix-ld.nix#L37-L40
  #
  # You can overwrite `NIX_LD_LIBRARY_PATH` in the environment where you run the non-NixOS binaries to customize the
  # search path for shared libraries.
  programs.nix-ld = {
    enable = true;
    libraries = with pkgs; [
      stdenv.cc.cc
    ];
  };
 }
@@ -19,6 +19,9 @@
  ];
  config = {
    # disable backups in the VM
    services.btrbk.instances = lib.mkForce {};
    fileSystems."/" = {
      device = "/dev/disk/by-label/nixos";
      fsType = "ext4";
@@ -24,13 +24,10 @@
        "hosts/12kingdoms-${name}"
      ])
      ++ [
        {modules.secrets.server.application.enable = true;}
        {modules.secrets.server.operation.enable = true;}
        {modules.secrets.server.webserver.enable = true;}
      ];
-    home-modules = map mylib.relativeToRoot [
+    home-modules =
-      "home/linux/tui.nix"
+      map mylib.relativeToRoot [
-    ];
+      ];
  };
  inherit (inputs) nixos-rk3588;
@@ -26,7 +26,13 @@
        "hosts/idols-${name}"
      ])
      ++ [
        {modules.secrets.server.application.enable = true;}
        {modules.secrets.server.operation.enable = true;}
        {modules.secrets.server.webserver.enable = true;}
      ];
    home-modules = map mylib.relativeToRoot [
      "home/linux/tui.nix"
    ];
  };
  systemArgs = modules // args;
@@ -15,7 +15,7 @@ from pathlib import Path
 NIX_DAEMON_PLIST = Path("/Library/LaunchDaemons/org.nixos.nix-daemon.plist")
 NIX_DAEMON_NAME = "org.nixos.nix-daemon"
 # http proxy provided by my homelab's bypass router
-HTTP_PROXY = "http://192.168.5.179:7890"
+HTTP_PROXY = "http://192.168.5.101:7890"
 PLIST = plistlib.loads(NIX_DAEMON_PLIST.read_bytes())
@@ -55,5 +55,5 @@ def unset_proxy():
 if __name__ == "__main__":
-    # set_proxy()
+    set_proxy()
-    unset_proxy()
+    # unset_proxy()
@@ -68,7 +68,7 @@ export def upload-vm [
        nix build $target
    }
-    let remote = $"root@rakushun:/var/lib/caddy/fileserver/vms/kubevirt-($name).qcow2"
+    let remote = $"ryan@rakushun:/data/caddy/fileserver/vms/kubevirt-($name).qcow2"
-    rsync -avz --progress --copy-links result $remote
+    rsync -avz --progress --copy-links --checksum result $remote
 }
@@ -3,4 +3,23 @@
  userfullname = "Ryan Yin";
  useremail = "xiaoyin_c@qq.com";
  networking = import ./networking.nix {inherit lib;};
  # generated by `mkpasswd -m scrypt`
  initialHashedPassword = "$7$CU..../....KDvTIXqLTXpmCaoUy2yC9.$145eM358b7Q0sRXgEBvxctd5EAuEEdao57LmZjc05D.";
  # Public Keys that can be used to login to all my PCs, Macbooks, and servers.
  #
  # Since its authority is so large, we must strengthen its security:
  # 1. The corresponding private key must be:
  #    1. Generated locally on every trusted client via:
  #      ```bash
  #      # KDF: bcrypt with 256 rounds, takes 2s on Apple M2):
  #      # Passphrase: digits + letters + symbols, 12+ chars
  #      ssh-keygen -t ed25519 -a 256 -C "ryan@xxx" -f ~/.ssh/xxx`
  #      ```
  #    2. Never leave the device and never sent over the network.
  # 2. Or just use hardware security keys like Yubikey/CanoKey.
  sshAuthorizedKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKlN+Q/GxvwxDX/OAjJHaNFEznEN4Tw4E4TwqQu/eD6 ryan@idols-ai"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPoa9uEI/gR5+klqTQwvCgD6CD5vT5iD9YCNx2xNrH3B ryan@fern"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPwZ9MdotnyhxIJrI4gmVshExHiZOx+FGFhcW7BaYkfR ryan@harmonica"
  ];
 }
@@ -193,9 +193,9 @@
        publicKey = value.publicKey;
      })
      {
-        aquamarine.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJrHY3BZRTu0hrlsKxqS+O4GDp4cbumF8aNnbPCGKji root@aquamarine";
+        aquamarine.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbIecyrmrBpjD497lA2adJeTpsubZ3dozEraLGCcgVi root@aquamarine";
-        ruby.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOAMmGni8imcaS40cXgLbVQqPYnDYKs8MSbyWL91RV98 root@ruby";
+        # ruby.publicKey = "";
-        kana.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcINkxU3KxPsCpWltfEBjDYtKEeCmgrDxyUadl1iZ1D root@kana";
+        # kana.publicKey = "";
      };
  };
 }
Author	SHA1	Message	Date
Ryan Yin	07178984b1	Merge pull request #154 from ryan4yin/refactor-vars refactor: migrate ssh auth keys & hashed password into vars	2024-08-16 14:40:54 +08:00
Ryan Yin	eb83e88267	refactor: migrate ssh auth keys & hashed password into vars	2024-08-16 14:40:06 +08:00
Ryan Yin	6c8e8111c6	docs: dae - comment	2024-08-16 11:46:37 +08:00
Ryan Yin	62e96cde7e	feat: dae - avoid rate limit of GitHub API & Docker Hub API	2024-08-16 11:44:30 +08:00
Ryan Yin	4bb53d0190	feat: justfile - gc	2024-08-15 22:50:20 +08:00
Ryan Yin	41af2c1444	Merge pull request #152 from ryan4yin/kubevirt-hugepages feat: kubevirt - use 75% of the memory for hugepages	2024-08-15 22:50:05 +08:00
Ryan Yin	43db6bcf63	feat: kubevirt - use 75% of the memory for hugepages	2024-08-15 17:19:26 +08:00
Ryan Yin	e17bc1ec23	feat: neovim - tree-sitter - just	2024-08-12 18:30:26 +08:00
Ryan Yin	c9954c009a	chore: justfile - gc - delete old than 7 days	2024-08-12 17:56:46 +08:00
Ryan Yin	e68a43edce	docs: justfile - nix gc	2024-08-12 17:51:02 +08:00
Ryan Yin	08a6885873	feat: justfile - nix gc	2024-08-12 17:44:37 +08:00
Ryan Yin	930d8322d1	feat: use the latest version of neovim	2024-08-12 17:18:59 +08:00
Ryan Yin	2363ab59c4	chore: add default to just	2024-08-12 17:18:18 +08:00
Ryan Yin	1394e26a59	chore: update flake.lock	2024-08-12 17:18:02 +08:00
Ryan Yin	940367c790	chore: update scripts	2024-08-12 15:17:38 +08:00
Ryan Yin	cae48ede1b	fix: update ntp time servers	2024-08-11 20:18:20 +08:00
Ryan Yin	9535c09a33	feat: add kubectx	2024-08-06 15:13:54 +08:00
Ryan Yin	194c3d9895	chore: remove some unused just commands	2024-08-01 10:14:54 +08:00
Ryan Yin	a8f613ead1	docs: justfile	2024-08-01 10:11:56 +08:00
Ryan Yin	5d69019f60	docs: virtual machine	2024-08-01 10:03:12 +08:00
Ryan Yin	648021b0ca	docs: virtual machine	2024-08-01 10:02:49 +08:00
Ryan Yin	c30730bedd	docs: virtual machine	2024-08-01 09:58:42 +08:00
Ryan Yin	e9b502fa5f	feat: yazi & neovim - show shidden files	2024-08-01 09:44:02 +08:00
Ryan Yin	3e2340aee7	feat: adjust configs for gitea	2024-07-31 23:18:52 +08:00
Ryan Yin	94c8eef2cb	Merge pull request #151 from ryan4yin/homepage feat: adjust homepage config	2024-07-31 23:04:01 +08:00
Ryan Yin	2581c9d562	feat: adjust homepage config	2024-07-31 23:03:07 +08:00
Ryan Yin	3aaa4c0372	Merge pull request #150 from ryan4yin/p8s-scrape-configs refactor: p8s scrape configs	2024-07-31 21:41:19 +08:00
Ryan Yin	c446a693ea	refactor: p8s scrape configs	2024-07-31 19:22:01 +08:00
Ryan Yin	9b0c5d7d50	Merge pull request #149 from ryan4yin/fix-nodejs-based-apps fix: fix nodejs-based apps	2024-07-31 17:19:49 +08:00
Ryan Yin	86ee8132b7	fix: homelab - use https	2024-07-31 17:19:35 +08:00
Ryan Yin	2f3d644234	fix: fix nodejs-based apps	2024-07-31 17:09:20 +08:00
Ryan Yin	87dfa7669f	Merge pull request #145 from ryan4yin/migrate-services-to-aqua feat: migrate grafana & prometheus to aqua	2024-07-31 16:22:27 +08:00
Ryan Yin	64dd1fc2f3	fix: typo	2024-07-31 16:20:32 +08:00
Ryan Yin	fc81143c10	chore: update mysecrets	2024-07-31 16:01:02 +08:00
Ryan Yin	5178a3e638	fix: sftpgo - directory	2024-07-31 15:52:41 +08:00
Ryan Yin	b3127a18c9	fix: uptime kuma	2024-07-31 15:42:40 +08:00
Ryan Yin	15e0b150e9	fix: home page	2024-07-31 15:38:48 +08:00
Ryan Yin	41dc24e350	feat: aqua - no fail if usb storage is not available	2024-07-31 15:07:53 +08:00
Ryan Yin	8c795c7d0d	feat: change data directories, add disko for usb storage	2024-07-31 14:29:21 +08:00
Ryan Yin	b671c05db9	feat: migrate services to aqua	2024-07-31 14:29:21 +08:00
Ryan Yin	80e0bcf031	fix: nix path	2024-07-31 14:28:40 +08:00
Ryan Yin	64ab375d1f	feat: update shell sessin	2024-07-31 14:09:53 +08:00
Ryan Yin	325f82b9cc	fix: nix path (#147 )	2024-07-31 13:39:49 +08:00
Ryan Yin	59a46844a7	fix: justfile & nushell - should use absolute path	2024-07-31 11:22:17 +08:00
Ryan Yin	5e21effb15	refactor: just - emacs reload for linux & macos	2024-07-31 11:08:07 +08:00
Ryan Yin	1e7b9697e1	feat: check process environment variables	2024-07-31 10:56:29 +08:00
Ryan Yin	422ec75ec0	refactor: justfile	2024-07-31 10:56:29 +08:00
Ryan Yin	c059d90b17	feat: aqua - mount usb storage	2024-07-31 09:43:30 +08:00
Ryan Yin	880e0ac65e	chore: update public keys	2024-07-30 14:21:07 +08:00
Ryan Yin	ed4a2f00fe	chore: nix flake update mysecrets	2024-07-30 14:01:26 +08:00
Ryan Yin	7a1788520b	fix: typo	2024-07-30 13:50:32 +08:00
Ryan Yin	e86d7a1020	fix: aqua - networking	2024-07-30 13:48:44 +08:00
Ryan Yin	6670c5bd7d	fix: btrbk - kubevirt	2024-07-30 12:41:08 +08:00
Ryan Yin	0620f199b2	feat: update btrbk configs	2024-07-30 11:41:38 +08:00
Ryan Yin	e2457e80aa	docs: kubevirt-youko - pci passthrough	2024-07-30 10:22:42 +08:00
Ryan Yin	8ffaf4e3ae	feat: decrease pre-allocated hugepages	2024-07-30 01:21:04 +08:00
Ryan Yin	f9d07d92de	fix: virt guest - use default gateway for better network	2024-07-30 00:31:37 +08:00
Ryan Yin	2b91c6f99d	chore: nix flake update mysecrets	2024-07-30 00:02:55 +08:00
Ryan Yin	fed3bc981b	fix: k3s test cluster - token path	2024-07-29 23:42:14 +08:00
Ryan Yin	d02331c1e0	Merge pull request #143 from ryan4yin/kubevirt-hugepages feat: pre-allocate hugepages for kubevirt	2024-07-29 22:43:28 +08:00
Ryan Yin	5ec72c848f	fix: allocate only hugepages with size 1Gi	2024-07-29 22:31:17 +08:00
Ryan Yin	5a6ccd8794	chore: update caddy's vm image path, checksum when uploading	2024-07-29 17:41:51 +08:00
Ryan Yin	3dc7ec1fe8	Merge pull request #141 from DataEraserC/fix-gtk-theme fix(home/linux/gui/base/gtk.nix): gtk theme name mismatch after upgrade	2024-07-26 16:35:14 +08:00
DataEraserC	414a222d19	fix(home/linux/gui/base/gtk.nix): gtk theme name mismatch after upgrade	2024-07-26 04:28:16 +08:00
Ryan Yin	783d61999c	docs: neovim - mason issue about nixos	2024-07-26 00:06:19 +08:00
Ryan Yin	86ec08aecb	Merge pull request #140 from ryan4yin/nix-ld feat: add nix-ld and LIBRARY_PATH for mason.nvim and other downloaded…	2024-07-25 23:27:46 +08:00
Ryan Yin	b7b913b444	feat: add nix-ld and LIBRARY_PATH for mason.nvim and other downloaded binaries	2024-07-25 23:25:33 +08:00
Ryan Yin	aa0e1d84e0	Merge pull request #139 from DataEraserC/patch-11 fix(docs typo):`Morden` -> `Modern`	2024-07-24 08:51:56 +08:00
DataEraserC	94e2e17c60	fix(typo):morden -> modern	2024-07-24 01:45:32 +08:00
Ryan Yin	41f4dc6237	docs: typo	2024-07-23 18:29:01 +08:00