flake.lock: Update

Flake lock file updates:

• Updated input 'llm-agents':
    'github:numtide/llm-agents.nix/7c2b15bbb92e200cb741372f050de789e7811539?narHash=sha256-sq50LUIQ58jHTH5mG811fpC24BVOCagBqi0UuSTZN9o%3D' (2026-05-17)
  → 'github:numtide/llm-agents.nix/3c69691d60d50f87cc0d5f6222992b63c90b010d?narHash=sha256-pXnXgFvoFQKt4gDnOx0OjKSsv0T51QmN5thbzWf9WX0%3D' (2026-05-20)
• Updated input 'llm-agents/bun2nix':
    'github:nix-community/bun2nix/2499dedd70744dba1815875b854818a3019e9e4c?narHash=sha256-oQvcadh2BCkrog%2BSGrG6YffKJrveYpjj3TdQJWaKhaM%3D' (2026-05-10)
  → 'github:nix-community/bun2nix/f2bc12af1a6369648aac41041ceeaa0b866599c6?narHash=sha256-oQvcadh2BCkrog%2BSGrG6YffKJrveYpjj3TdQJWaKhaM%3D' (2026-05-10)

.github/workflows/flake_evaltests.yml

@@ -25,9 +25,9 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Install nix
-        uses: cachix/install-nix-action@v24
+        uses: cachix/install-nix-action@v31
         with:
           install_url: https://nixos.org/nix/install
           extra_nix_config: |

.gitignore

@@ -1,3 +1,4 @@
+.Trash-1000/
 result
 result/
 .direnv/
@@ -7,3 +8,223 @@ logs/
 core*
 !core/
 !core.nix
+!coredns*
+
+# =============== Python.gitignore ===========================
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[codz]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#   Usually these files are written by a python script from a template
+#   before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py.cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+# Pipfile.lock
+
+# UV
+#   Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+# uv.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+# poetry.lock
+# poetry.toml
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#   pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
+#   https://pdm-project.org/en/latest/usage/project/#working-with-version-control
+# pdm.lock
+# pdm.toml
+.pdm-python
+.pdm-build/
+
+# pixi
+#   Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
+# pixi.lock
+#   Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
+#   in the .venv directory. It is recommended not to include this directory in version control.
+.pixi
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# Redis
+*.rdb
+*.aof
+*.pid
+
+# RabbitMQ
+mnesia/
+rabbitmq/
+rabbitmq-data/
+
+# ActiveMQ
+activemq-data/
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.envrc
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#   JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#   be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#   and can be added to the global gitignore or merged into this file.  For a more nuclear
+#   option (not recommended) you can uncomment the following to ignore the entire idea folder.
+# .idea/
+
+# Abstra
+#   Abstra is an AI-powered process automation framework.
+#   Ignore directories containing user credentials, local state, and settings.
+#   Learn more at https://abstra.io/docs
+.abstra/
+
+# Visual Studio Code
+#   Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore 
+#   that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
+#   and can be added to the global gitignore or merged into this file. However, if you prefer, 
+#   you could uncomment the following to ignore the entire vscode folder
+# .vscode/
+
+# Ruff stuff:
+.ruff_cache/
+
+# PyPI configuration file
+.pypirc
+
+# Marimo
+marimo/_static/
+marimo/_lsp/
+__marimo__/
+
+# Streamlit
+.streamlit/secrets.toml

.typos.toml

@@ -1,10 +1,21 @@
 [files]
+# Respect .ignore files.
 ignore-dot = true
+# Respect ignore files.
 ignore-files = true
-extend-exclude = ["themes/", "data/", "static-surprises/", "resources/"]
+# Typos-specific ignore globs (gitignore syntax).
+# NOTE: This setting is ignored when you pass the path directly on the command line, as cachix/git-hooks.nix does.
+# To ignore those files, you must also exclude those directories via git-hooks.hooks.typos.settings.exclude.
+extend-exclude = [
+  "data/",
+  "rime-data/",
+]
 
 [default]
+# Check binary files as text.
 binary = false
+# Verify spelling in file names.
+check-filename = true
 # ignore some special identifiers(sha256, mac address, crypto keys, etc)
 extend-ignore-re = [
   "iterm2",

AGENTS.md

@@ -0,0 +1,204 @@
+# AGENTS.md - Guidelines for AI Coding Agents
+
+This file defines the default operating guide for AI agents working in this Nix Flake repository.
+Keep changes minimal, verifiable, and safe for multi-host deployments.
+
+## Scope and Repository Model
+
+This repository manages:
+
+- NixOS hosts (desktop + servers)
+- macOS hosts via nix-darwin
+- Home Manager profiles shared across platforms
+- Remote deployments via colmena
+
+High-level layout:
+
+```text
+.
+├── flake.nix                    # Flake entry; outputs composed in ./outputs
+├── Justfile                     # Primary command entrypoint (uses nushell)
+├── outputs/
+│   ├── default.nix
+│   ├── x86_64-linux/
+│   ├── aarch64-linux/
+│   └── aarch64-darwin/
+├── modules/                     # NixOS + darwin modules
+├── home/                        # Home Manager modules
+├── hosts/                       # Host-specific config
+├── vars/                        # Shared variables
+├── lib/                         # Helper functions
+├── agents/                      # Reusable cross-project agent files and installer
+└── secrets/                     # Agenix secret definitions
+```
+
+## Ground Rules for Agents
+
+- Prefer `just` tasks over ad-hoc commands when an equivalent task exists.
+- Make the smallest reasonable change; avoid drive-by refactors.
+- Do not commit secrets, generated credentials, or private keys.
+- Preserve platform guards (`[linux]`, `[macos]`) and host naming conventions.
+- Run formatting and evaluation checks for touched areas before finishing.
+
+## Quick Start Workflow (Recommended)
+
+1. Inspect context:
+
+```bash
+just --list
+rg -n "<symbol-or-option>" modules home hosts outputs
+```
+
+2. Implement the change.
+3. Format:
+
+```bash
+just fmt
+```
+
+4. Validate:
+
+```bash
+just test
+```
+
+5. If deployment behavior changed, provide the exact `just` command the user should run (do not run
+   remote deploys unless explicitly requested).
+
+## Canonical Commands
+
+### Core quality loop
+
+```bash
+just fmt                    # format Nix files
+just test                   # run eval tests: nix eval .#evalTests ...
+nix flake check             # run flake checks + pre-commit style checks
+```
+
+### Dependency/input updates
+
+```bash
+just up                     # update all inputs and commit lock file
+just upp <input>            # update one input and commit lock file
+just up-nix                 # update nixpkgs-related inputs
+```
+
+### Local deploy commands
+
+```bash
+just local                  # deploy config for current hostname
+just local debug            # same with verbose/debug mode
+just niri                   # deploy "<hostname>-niri" on Linux
+just niri debug             # debug mode
+```
+
+### Remote deploy commands (colmena)
+
+```bash
+just col <tag>              # deploy nodes matching tag
+just lab                    # deploy all kubevirt nodes
+just k3s-prod               # deploy k3s production nodes
+just k3s-test               # deploy k3s test nodes
+```
+
+### Useful direct commands
+
+```bash
+nix eval .#evalTests --show-trace --print-build-logs --verbose
+nix build .#nixosConfigurations.<host>.config.system.build.toplevel
+nixos-rebuild switch --flake .#<hostname>
+```
+
+## Test Structure and Expectations
+
+Eval tests live under:
+
+- `outputs/x86_64-linux/tests/`
+- `outputs/aarch64-linux/tests/`
+- `outputs/aarch64-darwin/tests/`
+
+Typical test pair:
+
+- `expr.nix`
+- `expected.nix`
+
+Agent expectations:
+
+- If logic changes affect shared modules, run `just test`.
+- If only docs/comments changed, tests may be skipped, but say so explicitly.
+- If tests cannot run, report why and include the exact failing command.
+
+## Formatting and Style
+
+### Formatting tools
+
+- Nix: `nixfmt` (RFC style, width 100)
+- Non-Nix: `prettier` (see `.prettierrc.yaml`)
+- Spelling: `typos` (see `.typos.toml`)
+
+### Nix style conventions
+
+- Files use `kebab-case.nix`.
+- Prefer `inherit (...)` for attribute imports.
+- Prefer `lib.mkIf`, `lib.optional`, `lib.optionals` for conditional config.
+- Use `lib.mkDefault` for defaults and `lib.mkForce` only when necessary.
+- Keep module options documented with `description`.
+
+Module pattern:
+
+```nix
+{ lib, config, ... }:
+{
+  options.myFeature = {
+    enable = lib.mkEnableOption "my feature";
+  };
+
+  config = lib.mkIf config.myFeature.enable {
+    # ...
+  };
+}
+```
+
+## Platform Notes
+
+- `Justfile` uses `nu` (`set shell := ["nu", "-c"]`).
+- Some tasks exist only on Linux or macOS via `[linux]` / `[macos]` guards.
+- `just local` has different implementations per platform:
+  - Linux: `nixos-switch`
+  - macOS: `darwin-build` + `darwin-switch`
+
+## Secrets and Safety
+
+- Secrets are managed with agenix and an external private secrets repo.
+- Never inline secret values in Nix files, tests, or docs.
+- Do not run broad remote deploy commands unless requested.
+- Prefer build/eval validation first, deploy second.
+
+## Change Review Checklist (for agents)
+
+Before finishing, verify:
+
+1. Change is scoped to requested behavior.
+2. `just fmt` applied (or not needed, stated explicitly).
+3. `just test` run for config changes (or limitation explained).
+4. No secrets or machine-specific artifacts added.
+5. User-facing summary includes what changed and what was validated.
+
+## Common Pitfalls
+
+- Editing host-specific files when the change belongs in shared module layers (`modules/` or
+  `home/`).
+- Forgetting to update both Linux and darwin paths when touching shared abstractions.
+- Running deployment commands to validate syntax when `nix eval`/`nix build` would be safer.
+- Introducing hardcoded usernames/paths instead of using `myvars` and existing abstractions.
+
+## References
+
+- [README.md](./README.md)
+- [agents/README.md](./agents/README.md)
+- [Justfile](./Justfile)
+- [outputs/README.md](./outputs/README.md)
+- [hosts/README.md](./hosts/README.md)
+- [home/README.md](./home/README.md)
+- [modules/README.md](./modules/README.md)
+- [secrets/README.md](./secrets/README.md)

Justfile

@@ -1,7 +1,7 @@
 # just is a command runner, Justfile is very similar to Makefile, but simpler.
 
 # Use nushell for shell commands
-# To usage this justfile, you need to enter a shell with just & nushell installed:
+# To use this justfile, you need to enter a shell with just & nushell installed:
 # 
 #   nix shell nixpkgs#just nixpkgs#nushell
 set shell := ["nu", "-c"]
@@ -26,13 +26,13 @@ test:
 # Update all the flake inputs
 [group('nix')]
 up:
-  nix flake update
+  nix flake update --commit-lock-file
 
 # Update specific input
 # Usage: just upp nixpkgs
 [group('nix')]
 upp input:
-  nix flake update {{input}}
+  nix flake update {{input}} --commit-lock-file
 
 # List all generations of the system profile
 [group('nix')]
@@ -44,11 +44,14 @@ history:
 repl:
   nix repl -f flake:nixpkgs
 
-# remove all generations older than 7 days
+# remove all old generations
 # on darwin, you may need to switch to root user to run this command
 [group('nix')]
 clean:
-  sudo nix profile wipe-history --profile /nix/var/nix/profiles/system  --older-than 7d
+  # Wipe out NixOS's history
+  sudo nix profile wipe-history --profile /nix/var/nix/profiles/system
+  # Wipe out home-manager's history
+  nix profile wipe-history --profile $"($env.XDG_STATE_HOME)/nix/profiles/home-manager"
 
 # Garbage collect all unused nix store entries
 [group('nix')]
@@ -71,10 +74,16 @@ shell:
 shell:
   nix shell nixpkgs#git nixpkgs#neovim
 
+# upgrade determinate nix
+[macos]
+[group('nix')]
+nix-upgrade:
+  sudo determinate-nixd upgrade
+
 [group('nix')]
 fmt:
   # format the nix files in this repo
-  nix fmt
+  ls **/*.nix | each { |it| nixfmt $it.name }
 
 # Show all the auto gc roots in the nix store
 [group('nix')]
@@ -94,29 +103,41 @@ verify-store:
 repair-store *paths:
   nix store repair {{paths}}
 
+# Update all Nixpkgs inputs
+[group('nix')]
+up-nix:
+  nix flake update --commit-lock-file nixpkgs-stable nixpkgs-master nixpkgs-darwin nixpkgs-patched
+
+# override nixpkgs's commit hash
+[group('nix')]
+override-pkgs hash:
+  nix flake update --commit-lock-file nixpkgs --override-input nixpkgs github:NixOS/nixpkgs/{{hash}}
+
 ############################################################################
 #
 #  NixOS Desktop related commands
 #
 ############################################################################
 
+# Deploy the nixosConfiguration by hostname match
 [linux]
-[group('desktop')]
-hypr mode="default":
+[group('homelab')]
+local mode="default":
   #!/usr/bin/env nu
   use {{utils_nu}} *;
-  nixos-switch ai-hyprland {{mode}}
+  nixos-switch (hostname) {{mode}}
 
+# Deploy the niri nixosConfiguration by hostname match
 [linux]
 [group('desktop')]
-s-hypr mode="default":
+niri mode="default":
   #!/usr/bin/env nu
   use {{utils_nu}} *;
-  nixos-switch shoukei-hyprland {{mode}}
+  nixos-switch $"(hostname)-niri" {{mode}}
 
 ############################################################################
 #
-#  Darwin related commands, harmonica is my macbook pro's hostname
+#  Darwin related commands
 #
 ############################################################################
 
@@ -133,23 +154,15 @@ darwin-rollback:
   use {{utils_nu}} *;
   darwin-rollback
 
-# Deploy to harmonica(macOS host)
+# Deploy the darwinConfiguration by hostname match
 [macos]
 [group('desktop')]
-ha mode="default":
+local mode="default": 
   #!/usr/bin/env nu
   use {{utils_nu}} *;
-  darwin-build "harmonica" {{mode}};
-  darwin-switch "harmonica" {{mode}}
+  darwin-build (hostname) {{mode}};
+  darwin-switch (hostname) {{mode}}
 
-# Depoly to fern(macOS host)
-[macos]
-[group('desktop')]
-fe mode="default": darwin-set-proxy
-  #!/usr/bin/env nu
-  use {{utils_nu}} *;
-  darwin-build "fern" {{mode}};
-  darwin-switch "fern" {{mode}}
 
 # Reset launchpad to force it to reindex Applications
 [macos]
@@ -170,13 +183,6 @@ reset-launchpad:
 col tag:
   colmena apply --on '@{{tag}}' --verbose --show-trace
 
-[linux]
-[group('homelab')]
-local name mode="default":
-  #!/usr/bin/env nu
-  use {{utils_nu}} *;
-  nixos-switch {{name}} {{mode}}
-
 # Build and upload a vm image
 [linux]
 [group('homelab')]
@@ -196,37 +202,16 @@ lab:
 shoryu:
   colmena apply --on '@kubevirt-shoryu' --verbose --show-trace
 
-[linux]
-[group('homelab')]
-shoryu-local mode="default":
-  #!/usr/bin/env nu
-  use {{utils_nu}} *; 
-  nixos-switch kubevirt-shoryu {{mode}}
-
 [linux]
 [group('homelab')]
 shushou:
   colmena apply --on '@kubevirt-shushou' --verbose --show-trace
 
-[linux]
-[group('homelab')]
-shushou-local mode="default":
-  #!/usr/bin/env nu
-  use {{utils_nu}} *; 
-  nixos-switch kubevirt-shushou {{mode}}
-
 [linux]
 [group('homelab')]
 youko:
   colmena apply --on '@kubevirt-youko' --verbose --show-trace
 
-[linux]
-[group('homelab')]
-youko-local mode="default":
-  #!/usr/bin/env nu
-  use {{utils_nu}} *; 
-  nixos-switch kubevirt-youko {{mode}}
-
 ############################################################################
 #
 # Commands for other Virtual Machines
@@ -248,37 +233,16 @@ upload-idols mode="default":
 aqua:
   colmena apply --on '@aqua' --verbose --show-trace
 
-[linux]
-[group('homelab')]
-aqua-local mode="default":
-  #!/usr/bin/env nu
-  use {{utils_nu}} *; 
-  nixos-switch aquamarine {{mode}}
-
 [linux]
 [group('homelab')]
 ruby:
   colmena apply --on '@ruby' --verbose --show-trace
 
-[linux]
-[group('homelab')]
-ruby-local mode="default":
-  #!/usr/bin/env nu
-  use {{utils_nu}} *; 
-  nixos-switch ruby {{mode}}
-
 [linux]
 [group('homelab')]
 kana:
   colmena apply --on '@kana' --verbose --show-trace
 
-[linux]
-[group('homelab')]
-kana-local mode="default":
-  #!/usr/bin/env nu
-  use {{utils_nu}} *; 
-  nixos-switch kana {{mode}}
-
 ############################################################################
 #
 # Kubernetes related commands
@@ -317,60 +281,6 @@ k3s-prod:
 k3s-test:
   colmena apply --on '@k3s-test-*' --verbose --show-trace
 
-############################################################################
-#
-#  Neovim related commands
-#
-############################################################################
-
-[group('neovim')]
-nvim-test:
-  rm -rf $"($env.HOME)/.config/nvim"
-  rsync -avz --copy-links --chmod=D2755,F744 home/base/tui/editors/neovim/nvim/ $"($env.HOME)/.config/nvim/"
-
-[group('neovim')]
-nvim-clean:
-  rm -rf $"($env.HOME)/.config/nvim"
-
-# =================================================
-# Emacs related commands
-# =================================================
-
-[group('emacs')]
-emacs-test:
-  rm -rf $"($env.HOME)/.config/doom"
-  rsync -avz --copy-links --chmod=D2755,F744 home/base/tui/editors/emacs/doom/ $"($env.HOME)/.config/doom/"
-  doom clean
-  doom sync
-
-[group('emacs')]
-emacs-clean:
-  rm -rf $"($env.HOME)/.config/doom/"
-
-[group('emacs')]
-emacs-purge:
-  doom purge
-  doom clean
-  doom sync
-
-[linux]
-[group('emacs')]
-emacs-reload:
-  doom sync
-  systemctl --user restart emacs.service
-  systemctl --user status emacs.service
-
-
-emacs-plist-path := "~/Library/LaunchAgents/org.nix-community.home.emacs.plist"
-
-[macos]
-[group('emacs')]
-emacs-reload:
-  doom sync
-  launchctl unload {{emacs-plist-path}}
-  launchctl load {{emacs-plist-path}}
-  tail -f ~/Library/Logs/emacs-daemon.stderr.log
-
 # =================================================
 #
 # Other useful commands
@@ -415,3 +325,35 @@ list-inactive:
 [group('services')]
 list-failed:
   systemctl list-units -all --state=failed
+
+[linux]
+[group('services')]
+list-systemd:
+  systemctl list-units systemd-*
+
+
+# =================================================
+#
+# GitHub CLI + Nixpkgs Review via Github Action
+# https://github.com/ryan4yin/nixpkgs-review-gha
+#
+# =================================================
+
+[group('github')]
+gh-login:
+  gh auth login -h github.com --skip-ssh-key --git-protocol ssh
+
+# Run nixpkgs-review for PR
+[group('nixpkgs')]
+pkg-review pr:
+  gh workflow run review.yml --repo ryan4yin/nixpkgs-review-gha -f x86_64-darwin=no -f post-result=true -f pr={{pr}}
+
+# Run package tests for PR
+[group('nixpkgs')]
+pkg-test pr pname:
+  gh workflow run review.yml --repo ryan4yin/nixpkgs-review-gha -f x86_64-darwin=no -f post-result=true -f pr={{pr}} -f extra-args="-p {{pname}}.passthru.tests"
+
+# View the summary of a workflow
+[group('nixpkgs')]
+pkg-summary:
+  gh workflow view review.yml --repo ryan4yin/nixpkgs-review-gha

README.md

@@ -8,22 +8,22 @@
 	<a href="https://github.com/ryan4yin/nix-config/stargazers">
 		<img alt="Stargazers" src="https://img.shields.io/github/stars/ryan4yin/nix-config?style=for-the-badge&logo=starship&color=C9CBFF&logoColor=D9E0EE&labelColor=302D41"></a>
     <a href="https://nixos.org/">
-        <img src="https://img.shields.io/badge/NixOS-24.05-informational.svg?style=for-the-badge&logo=nixos&color=F2CDCD&logoColor=D9E0EE&labelColor=302D41"></a>
+        <img src="https://img.shields.io/badge/NixOS-25.11-informational.svg?style=for-the-badge&logo=nixos&color=F2CDCD&logoColor=D9E0EE&labelColor=302D41"></a>
     <a href="https://github.com/ryan4yin/nixos-and-flakes-book">
-        <img src="https://img.shields.io/static/v1?label=Nix Flakes&message=learning&style=for-the-badge&logo=nixos&color=DDB6F2&logoColor=D9E0EE&labelColor=302D41"></a>
+        <img src="https://img.shields.io/badge/Nix%20Flakes-learning-informational.svg?style=for-the-badge&logo=nixos&color=F2CDCD&logoColor=D9E0EE&labelColor=302D41"></a>
   </a>
 </p>
 
 > My configuration is becoming more and more complex, and **it will be difficult for beginners to
 > read**. If you are new to NixOS and want to know how I use NixOS, I would recommend you to take a
 > look at the [ryan4yin/nix-config/releases](https://github.com/ryan4yin/nix-config/releases) first,
-> **checkout to some simpler older versions, such as
+> **check out to some simpler older versions, such as
 > [i3-kickstarter](https://github.com/ryan4yin/nix-config/tree/i3-kickstarter), which will be much
 > easier to understand**.
 
 This repository is home to the nix code that builds my systems:
 
-1. NixOS Desktops: NixOS with home-manager, hyprland, agenix, etc.
+1. NixOS Desktops: NixOS with home-manager, niri, agenix, etc.
 2. macOS Desktops: nix-darwin with home-manager, share the same home-manager configuration with
    NixOS Desktops.
 3. NixOS Servers: virtual machines running on Proxmox/KubeVirt, with various services, such as
@@ -38,13 +38,13 @@ Virtual Machine from this flake.
 
 Nix allows for easy-to-manage, collaborative, reproducible deployments. This means that once
 something is setup and configured once, it works (almost) forever. If someone else shares their
-configuration, anyone else can just use it (if you really understand what you're copying/refering
+configuration, anyone else can just use it (if you really understand what you're copying/referring
 now).
 
 As for Flakes, refer to
 [Introduction to Flakes - NixOS & Nix Flakes Book](https://nixos-and-flakes.thiscute.world/nixos-with-flakes/introduction-to-flakes)
 
-**Want to know NixOS & Flaks in detail? Looking for a beginner-friendly tutorial or best practices?
+**Want to know NixOS & Flakes in detail? Looking for a beginner-friendly tutorial or best practices?
 You don't have to go through the pain I've experienced again! Check out my
 [NixOS & Nix Flakes Book - 🛠️ ❤️ An unofficial & opinionated :book: for beginners](https://github.com/ryan4yin/nixos-and-flakes-book)!**
 
@@ -54,47 +54,45 @@ You don't have to go through the pain I've experienced again! Check out my
 
 ## Components
 
-|                             | NixOS(Wayland)                                                                                                      |
-| --------------------------- | ------------------------------------------------------------------------------------------------------------------- |
-| **Window Manager**          | [Hyprland][Hyprland]                                                                                                |
-| **Terminal Emulator**       | [Zellij][Zellij] + [Kitty][Kitty]                                                                                   |
-| **Bar**                     | [Waybar][Waybar]                                                                                                    |
-| **Application Launcher**    | [anyrun][anyrun]                                                                                                    |
-| **Notification Daemon**     | [Mako][Mako]                                                                                                        |
-| **Display Manager**         | [GDM][GDM]                                                                                                          |
-| **Color Scheme**            | [Catppuccin][Catppuccin]                                                                                            |
-| **network management tool** | [NetworkManager][NetworkManager]                                                                                    |
-| **Input method framework**  | [Fcitx5][Fcitx5]                                                                                                    |
-| **System resource monitor** | [Btop][Btop]                                                                                                        |
-| **File Manager**            | [Yazi][Yazi] + [thunar][thunar]                                                                                     |
-| **Shell**                   | [Nushell][Nushell] + [Starship][Starship]                                                                           |
-| **Music Player**            | [mpd][mpd], [ncmpcpp][ncmpcpp], [mpc][mpc]                                                                          |
-| **Media Player**            | [mpv][mpv]                                                                                                          |
-| **Text Editor**             | [Neovim][Neovim] + [DoomEmacs][DoomEmacs]                                                                           |
-| **Fonts**                   | [Nerd fonts][Nerd fonts]                                                                                            |
-| **Image Viewer**            | [imv][imv]                                                                                                          |
-| **Screenshot Software**     | [flameshot][flameshot] + [grim][grim]                                                                               |
-| **Screen Recording**        | [OBS][OBS]                                                                                                          |
-| **Filesystem & Encryption** | tmpfs on `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] encrypted partition for persistent, unlock via passphrase |
-| **Secure Boot**             | [lanzaboote][lanzaboote]                                                                                            |
+|                                                                | NixOS(Wayland)                                                                                                      |
+| -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- |
+| **Window Manager**                                             | [Niri][Niri]                                                                                                        |
+| **Terminal Emulator**                                          | [Zellij][Zellij] + [foot][foot]/[Kitty][Kitty]/[Alacritty][Alacritty]/[Ghostty][Ghostty]                            |
+| **Status Bar** / **Notifier** / **Launcher** / **lockscreens** | [noctalia-shell][noctalia-shell]                                                                                    |
+| **Display Manager**                                            | [tuigreet][tuigreet]                                                                                                |
+| **Color Scheme**                                               | [catppuccin-nix][catppuccin-nix]                                                                                    |
+| **network management tool**                                    | [NetworkManager][NetworkManager]                                                                                    |
+| **Input method framework**                                     | [Fcitx5][Fcitx5] + [rime][rime] + [小鹤音形 flypy][flypy]                                                           |
+| **System resource monitor**                                    | [Btop][Btop]                                                                                                        |
+| **File Manager**                                               | [Yazi][Yazi] + [thunar][thunar]                                                                                     |
+| **Shell**                                                      | [Nushell][Nushell] + [Starship][Starship]                                                                           |
+| **Media Player**                                               | [mpv][mpv]                                                                                                          |
+| **Editors / IDE**                                              | [Helix][Helix] (primary), [Neovim][Neovim] (backup) — [configuration & usage](./home/base/core/editors/)            |
+| **Fonts**                                                      | [Nerd fonts][Nerd fonts]                                                                                            |
+| **Image Viewer**                                               | [imv][imv]                                                                                                          |
+| **Screenshot Software**                                        | Niri's builtin function                                                                                             |
+| **Screen Recording**                                           | [OBS][OBS]                                                                                                          |
+| **Filesystem & Encryption**                                    | tmpfs as `/`, [Btrfs][Btrfs] subvolumes on a [LUKS][LUKS] encrypted partition for persistent, unlock via passphrase |
+| **Secure Boot**                                                | [lanzaboote][lanzaboote]                                                                                            |
 
 Wallpapers: https://github.com/ryan4yin/wallpapers
 
-## Hyprland + AstroNvim + DoomEmacs
+## Screenshots
 
-![](./_img/hyprland_2023-07-29_1.webp)
+![desktop](./_img/2026-01-05_niri-noctalia_desktop.webp)
 
-![](./_img/hyprland_2023-07-29_2.webp)
+![overview](./_img/2026-01-04_niri-noctalia_overview.webp)
 
-![](./_img/emacs-2024-01-07.webp)
+![nvim](./_img/2026-01-04_niri-noctalia_nvim.webp)
 
-## Neovim
+## Editors / IDE
 
-See [./home/base/tui/editors/neovim/](./home/base/tui/editors/neovim/) for details.
-
-## Emacs
-
-See [./home/base/tui/editors/emacs/](./home/base/tui/editors/emacs/) for details.
+- **Terminal editors:** [./home/base/core/editors/](./home/base/core/editors/) — Helix / Neovim,
+  `$EDITOR`, docs.
+- **VS Code (GUI, Home Manager on NixOS):**
+  [./home/linux/gui/base/editors.nix](./home/linux/gui/base/editors.nix).
+- **LLM coding agents:** [./agents](./agents/) — rules, installers, CLI snippets; see
+  [./agents/README.md](./agents/README.md).
 
 ## Secrets Management
 
@@ -107,26 +105,24 @@ See [./secrets](./secrets) for details.
 > It will not succeed.** This flake contains my hardware configuration(such as
 > [hardware-configuration.nix](hosts/idols-ai/hardware-configuration.nix),
 > [Nvidia Support](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols-ai/default.nix#L77-L91),
-> etc.) which is not suitable for your hardwares, and requires my private secrets repository
+> etc.) which is not suitable for your hardware, and requires my private secrets repository
 > [ryan4yin/nix-secrets](https://github.com/ryan4yin/nix-config/tree/main/secrets) to deploy. You
 > may use this repo as a reference to build your own configuration.
 
 For NixOS:
 
-> To deploy this flake from NixOS's official ISO image(purest installation method), please refer to
+> To deploy this flake from NixOS's official ISO image (purest installation method), please refer to
 > [./nixos-installer/](./nixos-installer/)
 
-> Need to restart the machine when switching between `wayland` and `xorg`.
-
 ```bash
 # deploy one of the configuration based on the hostname
-sudo nixos-rebuild switch --flake .#ai-hyprland
+sudo nixos-rebuild switch --flake .#ai-niri
 
-# deploy via `just`(a command runner with similar syntax to make) & Justfile
-just hypr  # deploy my pc with hyprland compositor
+# Deploy the niri nixosConfiguration by hostname match
+just niri
 
 # or we can deploy with details
-just hypr debug
+just niri debug
 ```
 
 For macOS:
@@ -136,18 +132,14 @@ For macOS:
 # 1. install nix & homebrew manually.
 # 2. prepare the deployment environment with essential packages available
 nix-shell -p just nushell
-# 3. comment home-manager's code in lib/macosSystem.nix to speed up the first deplyment.
+# 3. comment home-manager's code in lib/macosSystem.nix to speed up the first deployment.
 # 4. comment out the proxy settings in scripts/darwin_set_proxy.py if the proxy is not ready yet.
 
-# 4. deploy harmonica's configuration(macOS Intel)
-just ha
-
-# deploy fern's configuration(Apple Silicon)
-just fe
+# Deploy the darwinConfiguration by hostname match
+just local
 
 # deploy with details
-just ha debug
-# just fe debug
+just local debug
 ```
 
 > [What y'all will need when Nix drives you to drink.](https://www.youtube.com/watch?v=Eni9PPPPBpg)
@@ -166,58 +158,44 @@ Other dotfiles that inspired me:
   - [davidtwco/veritas](https://github.com/davidtwco/veritas)
   - [gvolpe/nix-config](https://github.com/gvolpe/nix-config)
   - [Ruixi-rebirth/flakes](https://github.com/Ruixi-rebirth/flakes)
-  - [fufexan/dotfiles](https://github.com/fufexan/dotfiles): gtk theme, xdg, git, media, anyrun,
-    etc.
+  - [fufexan/dotfiles](https://github.com/fufexan/dotfiles): gtk theme, xdg, git, media, etc.
   - [nix-community/srvos](https://github.com/nix-community/srvos): a collection of opinionated and
     sharable NixOS configurations for servers
 - Modularized NixOS Configuration
   - [hlissner/dotfiles](https://github.com/hlissner/dotfiles)
   - [viperML/dotfiles](https://github.com/viperML/dotfiles)
-- Hyprland(wayland)
-  - [notwidow/hyprland](https://github.com/notwidow/hyprland): This is where I start my hyprland
-    journey.
-  - [HeinzDev/Hyprland-dotfiles](https://github.com/HeinzDev/Hyprland-dotfiles): Refer to the waybar
-    configuration here.
-  - [linuxmobile/kaku](https://github.com/linuxmobile/kaku)
 - Neovim/AstroNvim
   - [maxbrunet/dotfiles](https://github.com/maxbrunet/dotfiles): astronvim with nix flakes.
 - Misc
   - [1amSimp1e/dots](https://github.com/1amSimp1e/dots)
 
-[Hyprland]: https://github.com/hyprwm/Hyprland
+[Niri]: https://github.com/YaLTeR/niri
 [Kitty]: https://github.com/kovidgoyal/kitty
+[foot]: https://codeberg.org/dnkl/foot
+[Alacritty]: https://github.com/alacritty/alacritty
+[Ghostty]: https://github.com/ghostty-org/ghostty
 [Nushell]: https://github.com/nushell/nushell
 [Starship]: https://github.com/starship/starship
-[Waybar]: https://github.com/Alexays/Waybar
-[polybar]: https://github.com/polybar/polybar
-[rofi]: https://github.com/davatorium/rofi
-[anyrun]: https://github.com/Kirottu/anyrun
-[Dunst]: https://github.com/dunst-project/dunst
 [Fcitx5]: https://github.com/fcitx/fcitx5
+[rime]: https://wiki.archlinux.org/title/Rime
+[flypy]: https://flypy.cc/
 [Btop]: https://github.com/aristocratos/btop
 [mpv]: https://github.com/mpv-player/mpv
 [Zellij]: https://github.com/zellij-org/zellij
+[Helix]: https://github.com/helix-editor/helix
 [Neovim]: https://github.com/neovim/neovim
 [AstroNvim]: https://github.com/AstroNvim/AstroNvim
-[DoomEmacs]: https://github.com/doomemacs/doomemacs
-[flameshot]: https://github.com/flameshot-org/flameshot
-[grim]: https://github.com/emersion/grim
-[flameshot]: https://github.com/flameshot-org/flameshot
 [imv]: https://sr.ht/~exec64/imv/
 [OBS]: https://obsproject.com
-[Mako]: https://github.com/emersion/mako
 [Nerd fonts]: https://github.com/ryanoasis/nerd-fonts
-[catppuccin]: https://github.com/catppuccin/catppuccin
-[mpd]: https://github.com/MusicPlayerDaemon/MPD
-[ncmpcpp]: https://github.com/ncmpcpp/ncmpcpp
-[mpc]: https://github.com/MusicPlayerDaemon/mpc
-[Netease-cloud-music-gtk]: https://github.com/gmg137/netease-cloud-music-gtk
+[catppuccin-nix]: https://github.com/catppuccin/nix
 [NetworkManager]: https://wiki.gnome.org/Projects/NetworkManager
 [wl-clipboard]: https://github.com/bugaevc/wl-clipboard
-[GDM]: https://wiki.archlinux.org/title/GDM
+[tuigreet]: https://github.com/apognu/tuigreet
 [thunar]: https://gitlab.xfce.org/xfce/thunar
 [Yazi]: https://github.com/sxyazi/yazi
 [Catppuccin]: https://github.com/catppuccin/catppuccin
 [Btrfs]: https://btrfs.readthedocs.io
 [LUKS]: https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system
 [lanzaboote]: https://github.com/nix-community/lanzaboote
+[noctalia-shell]: https://github.com/noctalia-dev/noctalia-shell

agents/AGENTS.md

@@ -0,0 +1,85 @@
+# RULES - Global Agent Baseline
+
+This file defines the cross-project baseline for AI coding agents. It focuses on safety, boundaries,
+and portable behavior.
+
+## 1) Instruction Priority
+
+Apply instructions in this order:
+
+1. Runtime system/developer instructions
+2. User task request
+3. Project-local policy (`AGENTS.md`, `CLAUDE.md`, repo docs)
+4. This global RULES
+
+If rules conflict, follow the higher-priority source and state the conflict briefly.
+
+## 2) Hard Safety Boundaries (MUST NOT)
+
+- MUST NOT read/write outside the approved workspace.
+- MUST NOT perform broad operations on the entire home directory.
+- MUST NOT mutate remote Git state unless explicitly requested.
+  - Examples: `git push`, creating/updating remote PRs/Issues via `gh`.
+- MUST NOT auto-run remote-mutating commands unless explicitly requested.
+  - Examples: `kubectl apply/delete`, `helm upgrade`, `terraform apply`, remote `ssh` mutation.
+- MUST NOT use destructive/force/delete options EVEN if explicitly requested.
+  - Examples: `--force`, `rm -rf`, `git reset --hard`, `gh repo delete`, `terraform destroy`
+- MUST NOT expose or commit secrets (tokens, keys, kubeconfig credentials, passwords).
+
+## 3) Security and Secrets Handling
+
+- Never write secret literals into tracked files.
+- Use environment variables, secret managers, or placeholders.
+- Redact sensitive output in logs and summaries.
+- For infra/IaC changes, prefer plan/eval/check before apply/switch.
+
+## 4) Scope Discipline
+
+- Keep changes strictly within requested scope.
+- Do not refactor unrelated areas unless user asks.
+- Preserve backward compatibility unless a breaking change is explicitly requested.
+
+## 5) Change Hygiene
+
+- Keep diffs minimal and reviewable.
+- Group logically related edits together.
+- Do not revert user/unrelated changes unless explicitly asked.
+- Do not claim verification you did not run.
+
+## 6) Tooling Defaults
+
+- Prefer structural search tools first for code find/replace (`ast-grep`/`jq`/`yq`), then text tools
+  (`rg`, `fd`).
+- Prefer project task runners (`just`, `make`, `task`, `npm scripts`, etc.) over ad-hoc commands
+  when equivalent.
+- If a required command is not already available, use only `nix run`, `flake.nix`/`shell.nix` or
+  `uv`/`pnpm` to provide it.
+- If that is still insufficient, stop and ask the user to prepare the environment instead of using
+  any other installation method.
+- Use `gh` CLI for GitHub operations, especially code/PR/issue search and inspection.
+
+## 7) Environment Defaults
+
+- Primary OS: NixOS.
+- Shell: default to `nushell`, `bash` also exists.
+
+## 8) Script Engineering Principles
+
+Treat scripts as interruptible jobs that must be diagnosable and safe to rerun:
+
+- Split workflows into explicit stages; allow running a selected stage via flags/arguments.
+- Make reruns idempotent; persist progress after each stage and support resume.
+- Cache external data with invalidation strategy to speed retries and improve reproducibility.
+- For HTTP flows, separate transport success from business success; support retry/backoff.
+- Provide independent verification commands/checks for key outputs (counts, samples, invariants).
+
+## 9) Communication Defaults
+
+- Respond in the language the user is currently using, prefer English & Chinese.
+- Code, commands, identifiers, and code comments: English.
+- Be concise, concrete, and action-oriented.
+
+## 10) Project Overlay
+
+Project-local policy may add stricter constraints (build/test/deploy/style/ownership/environment).
+It must not weaken this baseline.

agents/README.md

@@ -0,0 +1,59 @@
+# agents
+
+Reusable, symlink-first agent resources shared across projects.
+
+This directory is the canonical source for baseline agent rules and supporting command references.
+The primary workflow is to symlink files from here into each agent runtime/config location.
+
+## What this directory contains
+
+- `AGENTS.md`: global baseline rules for coding agents.
+- `permissions.md`: permission policies for agent tool access.
+- `install-rules.py`: installs the baseline by creating symlinks in supported agent config dirs.
+- `install-cli.md`: curated CLI install/update command snippets.
+- `install-skills.md`: curated `npx skills` command snippets.
+
+## Core workflow
+
+1. Maintain shared rules in `agents/AGENTS.md`.
+2. Define permission policies in `agents/permissions.md`.
+3. Run `install-rules.py` to refresh symlinks in local agent homes.
+4. Use `install-cli.md` and `install-skills.md` as reference snippets when needed.
+
+## Install baseline rules (symlink-based)
+
+Run:
+
+```bash
+python3 agents/install-rules.py
+```
+
+Current targets:
+
+- Codex: `AGENTS.md` -> `${CODEX_HOME:-~/.codex}/AGENTS.md`
+- OpenCode: `AGENTS.md` -> `${XDG_CONFIG_HOME:-~/.config}/opencode/AGENTS.md`
+- Claude Code: `AGENTS.md` -> `~/.claude/CLAUDE.md`
+
+Behavior:
+
+- Each target is handled independently.
+- Missing destination directories are skipped.
+- Existing destination file/symlink is replaced with a symlink to this repo source file.
+
+## About `install-cli.md` and `install-skills.md`
+
+Use them as snippet libraries:
+
+- review the commands
+- select what you need
+- run selected commands manually
+
+## Conventions
+
+- Keep files portable and reviewable.
+- Keep secrets and machine-specific credentials out of this directory.
+- Keep guidance generic enough to reuse across multiple agent environments.
+
+## Goal
+
+Maintain one reusable source of truth for agent setup that stays simple to sync and easy to evolve.

agents/install-cli.md

@@ -0,0 +1,33 @@
+# Agent CLI Commands
+
+Reference commands for installing and updating agent CLIs. Run only the commands you need.
+
+## Install CLIs
+
+Installed via Nix:
+
+- codex
+- cursor-cli
+- claude-code
+- opencode
+
+Install Manually:
+
+```bash
+# kimi-cli
+uv tool install --python 3.13 kimi-cli
+uv tool upgrade kimi-cli --no-cache
+```
+
+## Optional tooling
+
+```bash
+# context7: up-to-date docs and code examples for LLMs and agents
+npx ctx7 setup
+```
+
+## Update npm-installed agent tools
+
+```bash
+npm update -g
+```

agents/install-rules.py

@@ -0,0 +1,42 @@
+#!/usr/bin/env python3
+
+import os
+import sys
+from pathlib import Path
+
+
+def install_one(target_dir: Path, source_file: Path, target_name: str) -> None:
+    if not target_dir.exists():
+        print(f"skipped  {target_dir} (not found)")
+        return
+
+    target_file = target_dir / target_name
+
+    if target_file.exists() or target_file.is_symlink():
+        target_file.unlink()
+
+    target_file.symlink_to(source_file)
+    print(f"linked  {target_file} -> {source_file}")
+
+
+def main() -> int:
+    script_dir = Path(__file__).resolve().parent
+    agents_file = script_dir / "AGENTS.md"
+
+    if not agents_file.is_file():
+        print(f"Missing source file: {agents_file}", file=sys.stderr)
+        return 1
+
+    codex_dir = Path(os.environ.get("CODEX_HOME", "~/.codex")).expanduser()
+    xdg_config_home = Path(os.environ.get("XDG_CONFIG_HOME", "~/.config")).expanduser()
+    opencode_dir = xdg_config_home / "opencode"
+    claude_dir = Path("~/.claude").expanduser()
+    install_one(codex_dir, agents_file, "AGENTS.md")
+    install_one(opencode_dir, agents_file, "AGENTS.md")
+    install_one(claude_dir, agents_file, "CLAUDE.md")
+
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

agents/install-skills.md

@@ -0,0 +1,63 @@
+# Agent Skills Commands
+
+Reference commands for listing, installing, and updating skills via `npx skills`. Run only the
+commands you need.
+
+## Inspect and update installed skills
+
+```bash
+# list all installed skills (project + global)
+npx skills list
+
+# list only global skills
+npx skills ls -g
+
+# check for updates
+npx skills check
+
+# update all installed skills
+npx skills update
+
+# remove from global scope
+npx skills remove --global web-design-guidelines
+```
+
+## Discover skills from repositories
+
+```bash
+# list skills in a repository
+npx skills add vercel-labs/agent-skills --list
+```
+
+## Install commonly used skill packs
+
+```bash
+# superpowers
+npx skills add -g obra/superpowers --agent '*' --skill '*'
+
+# github skills
+npx skills add -g github/awesome-copilot --agent '*' --skill 'git-commit' --skill 'gh-cli'
+
+# find skills
+npx skills add -g vercel-labs/skills --agent '*'
+
+# anthropic skills
+npx skills add -g anthropics/skills --agent '*' --skill 'skill-creator' --skill 'pdf'
+```
+
+## Optional packs
+
+```bash
+npx skills add -g pbakaus/impeccable --agent '*' --skill '*'
+
+npx skills add -g coreyhaines31/marketingskills --agent '*' --skill '*'
+
+npx skills add -g phuryn/pm-skills --agent '*' --skill '*'
+```
+
+References:
+
+- https://github.com/vercel-labs/skills
+- https://github.com/pbakaus/impeccable
+- https://github.com/coreyhaines31/marketingskills
+- https://github.com/phuryn/pm-skills

agents/permissions.md

@@ -0,0 +1,190 @@
+# Permissions Configuration
+
+This document records the current permission requirements for AI agents operating in this
+repository.
+
+## Scope
+
+| Environment              | Policy                                      |
+| ------------------------ | ------------------------------------------- |
+| **Personal workstation** | Restrictive - protect user's daily workflow |
+| **Homelab VMs**          | Permissive - agents have full autonomy      |
+
+The permissions below apply to **personal workstation** only. For homelab VMs, almost everything is
+allowed except destructive operations on production systems.
+
+## Default Policy
+
+| Tool             | Permission |
+| ---------------- | ---------- |
+| `*` (all others) | ask        |
+
+## File Read Permissions
+
+| Pattern         | Permission |
+| --------------- | ---------- |
+| `*` (all files) | allow      |
+| `*.env`         | deny       |
+| `*.env.*`       | deny       |
+| `*.env.example` | allow      |
+| `*.pem`         | deny       |
+| `*.key`         | deny       |
+| `*kubeconfig*`  | deny       |
+| `.ssh/**`       | deny       |
+| `.aws/**`       | deny       |
+| `.kube/**`      | deny       |
+| `.gnupg/**`     | deny       |
+
+## Always Allowed Tools
+
+These tools run without prompting:
+
+- `glob`
+- `grep`
+- `lsp`
+- `question`
+- `skill`
+- `todowrite`
+- `webfetch`
+- `websearch`
+- `codesearch`
+- `edit` (covers `write` and `apply_patch`)
+
+## Bash Command Permissions
+
+### Always Allowed (Read-only operations)
+
+**Git:**
+
+- `git status`, `git diff`, `git log`, `git show`, `git branch`, `git remote`
+
+**Kubernetes:**
+
+- `kubectl get`, `kubectl describe`, `kubectl logs`, `kubectl top`
+- `kubectl api-resources`, `kubectl api-versions`
+- `kubectl config view`, `kubectl config get-contexts`
+- `kubectl explain`
+- `kubectl kustomize`, `kustomize build`, `kustomize version`
+
+**Terraform:**
+
+- `terraform plan`, `terraform show`, `terraform state list`, `terraform state show`
+- `terraform output`, `terraform version`, `terraform providers`, `terraform fmt`
+
+**GitHub CLI:**
+
+- `gh repo view/list`, `gh issue view/list`, `gh pr view/list/diff/checks`
+- `gh api`, `gh search`, `gh gist list/view`
+- `gh release view/list`, `gh workflow list/view`, `gh run list/view`
+- `gh status`, `gh auth status`
+
+**Helm:**
+
+- `helm list`, `helm get`, `helm show`, `helm search`
+- `helm repo list`, `helm status`, `helm version`, `helm template`
+
+**Google Cloud:**
+
+- `gcloud * list`, `gcloud * describe`, `gcloud * get-iam-policy`
+- `gcloud config list`, `gcloud auth list`, `gcloud version`
+
+**Nix:**
+
+- `nix eval`, `nix build`, `nix flake show`, `nix flake metadata`
+- `nix flake check`, `nix flake lock`
+- `nix profile list`, `nix profile history`
+- `nix store verify`, `nix store ls`, `nix store path-info`
+- `nix search`, `nix doctor`, `nix --version`
+- `nixos-rebuild build`, `darwin-rebuild build`
+- `nom build`
+
+**Just:**
+
+- `just --list`, `just --show`, `just --dry-run`
+
+**Linters & Formatters:**
+
+- `statix check`, `deadnix`, `nixfmt --check`
+- `shellcheck`, `hadolint`, `actionlint`
+- `ruff check`, `clippy`, `prettier --check`
+- `tokei`
+
+**System diagnostics:**
+
+- `systemctl status`, `systemctl list-units`, `systemctl show`
+- `journalctl -u`, `journalctl --since`
+- `lspci`, `lsusb`, `lsblk`, `df`, `free`, `uptime`, `uname -a`
+- `sensors`, `lsof`
+
+**Git (extended):**
+
+- `git tag`, `git blame`, `git reflog`, `git stash list`
+- `git lfs status`, `git lfs ls-files`
+
+**Development tools:**
+
+- `go version`, `go env`, `go list`, `go doc`, `go vet`
+- `cargo --version`, `cargo tree`, `cargo metadata`
+- `python3 --version`, `python3 -m py_compile`
+- `node --version`, `pnpm list`, `uv pip list`
+
+**General utilities:**
+
+- `rg`, `fd`, `cp`, `mv`, `chmod`
+- `ls`, `cat`, `head`, `tail`, `wc`, `find`, `which`
+- `echo`, `pwd`, `date`, `env`, `printenv`
+- `file`, `stat`, `du`, `tree`, `bat`, `eza`
+- `jq`, `yq`, `tldr`
+- `mkdir`, `rmdir`, `grep`
+
+### Requires Confirmation
+
+| Command    | Permission |
+| ---------- | ---------- |
+| `rm *`     | ask        |
+| `rm -rf *` | ask        |
+
+### Always Denied
+
+| Command  | Permission |
+| -------- | ---------- |
+| `sudo *` | deny       |
+
+## Homelab VM Permissions
+
+For agents running in dedicated homelab VMs, permissions are significantly relaxed:
+
+| Category             | Permission            |
+| -------------------- | --------------------- |
+| `bash`               | allow (most commands) |
+| `edit`               | allow                 |
+| `write`              | allow                 |
+| `task`               | allow                 |
+| `external_directory` | allow                 |
+| `rm`                 | allow                 |
+
+**Still restricted in homelab VMs:**
+
+- Production cluster destructive operations (`kubectl delete`, `helm uninstall`)
+- Infrastructure teardown (`terraform destroy`)
+- Secret exposure in logs
+
+## Other Tool Permissions
+
+| Tool                 | Permission |
+| -------------------- | ---------- |
+| `edit`               | allow      |
+| `task`               | ask        |
+| `external_directory` | ask        |
+| `doom_loop`          | deny       |
+
+## Summary
+
+- **Default policy**: All tools `ask` — only explicitly whitelisted tools auto-allow
+- **File operations**: `read`, `glob`, `grep`, `edit`, `write` all allowed in workspace
+- **Nix operations**: Build/eval/flake commands auto-allowed (writes to store only)
+- **Linting & formatting**: All check commands auto-allowed
+- **System diagnostics**: Read-only system info auto-allowed
+- **Sensitive files**: Credentials, keys, and cloud configs are blocked
+- **Bash commands**: Read-only ops auto-allowed; `rm` requires confirmation; `sudo` blocked
+- **Scope control**: `task` and `external_directory` require approval

certs/README.md

@@ -3,5 +3,21 @@
 This is my private Private Key Infrastructure (PKI) / Certificate Authority (CA) for my personal
 use. It is used to issue certificates for my own servers and services.
 
-All the private keys are ignored by git, and will be stored in my private secrets repo
-[../secrets](../secrets/)
+## Current Structure
+
+- **ecc-ca.crt** - ECC CA certificate file
+- **ecc-ca.srl** - CA serial number file for certificate tracking
+- **ecc-csr.conf** - OpenSSL configuration file for certificate signing requests
+- **ecc-server.crt** - Server certificate signed by the ECC CA
+- **gen-certs.sh** - Shell script to generate certificates automatically
+
+## Security Notes
+
+All private keys (`.key` files) are ignored by git and stored in a private secrets repository. The
+public certificates and configuration files are committed to this repository for reference.
+
+## Usage
+
+Run `./gen-certs.sh` to generate new certificates using the ECC CA configuration.
+
+See [../secrets](../secrets/) for the corresponding private key management.

flake.nix

@@ -16,14 +16,16 @@
   nixConfig = {
     # substituers will be appended to the default substituters when fetching packages
     extra-substituters = [
-      "https://anyrun.cachix.org"
+      "https://cache.numtide.com"
       # "https://nix-gaming.cachix.org"
       # "https://nixpkgs-wayland.cachix.org"
+      # "https://install.determinate.systems"
     ];
     extra-trusted-public-keys = [
-      "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
+      "niks3.numtide.com-1:DTx8wZduET09hRmMtKdQDxNNthLQETkc/yaX7M4qK0g="
       # "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
       # "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
+      # "cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM="
     ];
   };
 
@@ -34,22 +36,30 @@
     # which represents the GitHub repository URL + branch/commit-id/tag.
 
     # Official NixOS package source, using nixos's unstable branch by default
+    # Find git commit hash with build status here(3 jobs per day):
+    # https://hydra.nixos.org/jobset/nixpkgs/unstable
+    # update via nix flake update nixpkgs --override-input nixpkgs github:NixOS/nixpkgs/<commit-hash>
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
-    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11";
+    nixpkgs-2505.url = "github:nixos/nixpkgs/nixos-25.05";
+
+    # nixpkgs with some custom patches
+    nixpkgs-patched.url = "github:ryan4yin/nixpkgs/nixos-unstable-patched";
+    # get some latest packages from the master branch
+    nixpkgs-master.url = "github:nixos/nixpkgs/master";
 
     # for macos
-    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-24.05-darwin";
+    # nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-25.11-darwin";
+    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-unstable";
     nix-darwin = {
       url = "github:lnl7/nix-darwin";
       inputs.nixpkgs.follows = "nixpkgs-darwin";
     };
-    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
 
     # home-manager, used for managing user configuration
     home-manager = {
       url = "github:nix-community/home-manager/master";
-      # url = "github:nix-community/home-manager/release-24.05";
+      # url = "github:nix-community/home-manager/release-25.11";
 
       # The `follows` keyword in inputs is used for inheritance.
       # Here, `inputs.nixpkgs` of home-manager is kept consistent with the `inputs.nixpkgs` of the current flake,
@@ -57,21 +67,26 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    lanzaboote = {
-      url = "github:nix-community/lanzaboote/v0.4.1";
+    nixvim = {
+      url = "github:nix-community/nixvim";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    impermanence.url = "github:nix-community/impermanence";
-
-    # community wayland nixpkgs
-    # nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
-    # anyrun - a wayland launcher
-    anyrun = {
-      url = "github:Kirottu/anyrun";
+    # https://github.com/catppuccin/nix
+    catppuccin = {
+      url = "github:catppuccin/nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    lanzaboote = {
+      url = "github:nix-community/lanzaboote/v1.0.0";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    preservation = {
+      url = "github:nix-community/preservation";
+    };
+
     # generate iso/qcow2/docker/... image from nixos configuration
     nixos-generators = {
       url = "github:nix-community/nixos-generators";
@@ -79,27 +94,28 @@
     };
     # secrets management
     agenix = {
-      # lock with git commit at 0.15.0
-      # url = "github:ryantm/agenix/564595d0ad4be7277e07fa63b5a991b3c645655d";
+      # lock with git commit at May 18, 2025
+      url = "github:ryantm/agenix/4835b1dc898959d8547a871ef484930675cb47f1";
       # replaced with a type-safe reimplementation to get a better error message and less bugs.
-      url = "github:ryan4yin/ragenix";
+      # url = "github:ryan4yin/ragenix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    nix-gaming.url = "github:fufexan/nix-gaming";
-
     disko = {
-      url = "github:nix-community/disko/v1.6.1";
+      url = "github:nix-community/disko/v1.13.0";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
     # add git hooks to format nix code before commit
     pre-commit-hooks = {
-      url = "github:cachix/pre-commit-hooks.nix";
+      url = "github:cachix/git-hooks.nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    nuenv.url = "github:DeterminateSystems/nuenv";
+    nuenv = {
+      url = "github:DeterminateSystems/nuenv";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
 
     haumea = {
       url = "github:nix-community/haumea/v0.2.2";
@@ -111,16 +127,31 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    ########################  Some non-flake repositories  #########################################
-
-    # doom-emacs is a configuration framework for GNU Emacs.
-    doomemacs = {
-      url = "github:doomemacs/doomemacs";
-      flake = false;
+    blender-bin = {
+      url = "github:edolstra/nix-warez?dir=blender";
+      inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    polybar-themes = {
-      url = "github:adi1090x/polybar-themes";
+    nixos-apple-silicon = {
+      # asahi-6.18.9
+      url = "github:nix-community/nixos-apple-silicon";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    # AI coding agents
+    llm-agents.url = "github:numtide/llm-agents.nix";
+
+    # -------------- Gaming ---------------------
+
+    nix-gaming = {
+      url = "github:fufexan/nix-gaming";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    ########################  Some non-flake repositories  #########################################
+
+    nu_scripts = {
+      url = "github:ryan4yin/nu_scripts";
       flake = false;
     };
 
@@ -133,13 +164,20 @@
       flake = false;
     };
 
+    my-asahi-firmware = {
+      url = "git+ssh://git@github.com/ryan4yin/asahi-firmware.git?shallow=1";
+      flake = false;
+    };
+
     # my wallpapers
     wallpapers = {
       url = "github:ryan4yin/wallpapers";
       flake = false;
     };
 
-    nur-ryan4yin.url = "github:ryan4yin/nur-packages";
-    nur-ataraxiasjel.url = "github:AtaraxiaSjel/nur";
+    nur-ryan4yin = {
+      url = "github:ryan4yin/nur-packages";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 }

hardening/README.md

@@ -7,21 +7,58 @@
 - **System Level**: Protect critical files from being accessed by untrusted applications.
   1. Such as browser cookies, SSH keys, etc.
 - **Per-App Level**: Prevent untrusted applications(such as closed-source apps) from:
-  1.  Accessing files they shouldn't.
-      - Such as a malicious application accessing your browser's cookies, SSH Keys, etc.
-  1.  Accessing the network when they don't need to.
-  1.  Accessing hardware devices they don't need.
+  1. Accessing files they shouldn't.
+     - Such as a malicious application accessing your browser's cookies, SSH Keys, etc.
+  1. Accessing the network when they don't need to.
+  1. Accessing hardware devices they don't need.
 
-## Current Status
+## Current Structure
 
-1. **System Level**:
-   - [ ] AppArmor
-   - [ ] Kernel & System Hardening
-1. **Per-App Level**:
-   - Nixpak (Bubblewrap)
-     - [x] QQ
-     - [x] Firefox
-   - [ ] Firejail (risk? not enabled yet)
+### 1. **System Level**
+
+- **AppArmor** (`apparmor/`): AppArmor profiles and configuration
+- **Kernel & System Hardening** (`profiles/`): System-wide hardening profiles
+
+### 2. **Per-App Level**
+
+- **Nixpak** (`nixpaks/`): Bubblewrap-based sandboxing for applications
+  - Firefox configuration
+  - QQ (Chinese messaging app) configuration
+  - Modular system with reusable components
+- **Firejail** (legacy): SUID-based sandboxing (not used)
+- **Bubblewrap** (`bwraps/`): Direct bubblewrap configurations
+  - WeChat sandboxing configuration
+
+## Current Implementation Status
+
+| Component         | Status    | Notes                          |
+| ----------------- | --------- | ------------------------------ |
+| AppArmor Profiles | 🚧 WIP    | Basic structure in place       |
+| Nixpak Firefox    | ✅ Active | Firefox sandboxing via nixpak  |
+| Nixpak QQ         | ✅ Active | QQ application sandboxing      |
+| Bubblewrap WeChat | ✅ Active | WeChat specific sandboxing     |
+| System Profiles   | 🚧 WIP    | Hardened system configurations |
+
+## Directory Structure
+
+```
+hardening/
+├── README.md
+├── apparmor/           # AppArmor security profiles
+│   └── default.nix
+├── bwraps/            # Direct bubblewrap configurations
+│   ├── default.nix
+│   └── wechat.nix
+├── nixpaks/           # Nixpak application sandboxing
+│   ├── default.nix
+│   ├── firefox.nix
+│   ├── qq.nix
+│   └── modules/       # Reusable nixpak modules
+│       ├── gui-base.nix
+│       └── network.nix
+└── profiles/          # System hardening profiles
+    └── default.nix
+```
 
 ## Kernel Hardening
 
@@ -32,26 +69,27 @@
 
 - NixOS Profile:
   https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/profiles/hardened.nix
-- Apparmor: [roddhjav/apparmor.d)](https://github.com/roddhjav/apparmor.d)
+- Apparmor: [roddhjav/apparmor.d](https://github.com/roddhjav/apparmor.d)
   - https://gitlab.com/apparmor/apparmor/-/wikis/Documentation
   - AppArmor.d is a set of over 1500 AppArmor profiles whose aim is to confine most Linux based
     applications and processes.
-  - Nix Package:
-    [roddhjav-apparmor-rules](https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ro/roddhjav-apparmor-rules/package.nix#L33)
-  - https://github.com/NixOS/nixpkgs/issues/331645
-  - https://github.com/LordGrimmauld/aa-alias-manager
+  - But all the profiles of AppArmor assume a FHS filesystem, which caused all apparmor policies
+    takes no effect on NixOS.
+  - Apparmor on NixOS Roadmap:
+    - https://discourse.nixos.org/t/apparmor-on-nixos-roadmap/57217
+    - https://github.com/LordGrimmauld/aa-alias-manager
 - SELinux: too complex, not recommended for personal use.
 
 ## Application Sandboxing
 
+- [Bubblewrap](https://github.com/containers/bubblewrap):
+  [nixpak](https://github.com/nixpak/nixpak), more secure than firejail, but no batteries included.
+  - NixOS's FHSEnv is implemented using bubblewrap by default.
 - [Firejail](https://github.com/netblue30/firejail/tree/master/etc): A SUID security sandbox with
   hundreds of security profiles for many common applications in the default installation.
   - https://wiki.nixos.org/wiki/Firejail
   - Firejail needs SUID to work, which is considered a security risk -
     [Does firejail improve the security of my system?](https://github.com/netblue30/firejail/discussions/4601)
-- [Bubblewrap](https://github.com/containers/bubblewrap):
-  [nixpak](https://github.com/nixpak/nixpak), more secure than firejail, but no batteries included.
-  - NixOS's FHSEnv is implemented using bubblewrap by default.
 - [Systemd/Hardening](https://wiki.nixos.org/wiki/Systemd/Hardening): Systemd also provides some
   sandboxing features.
 
@@ -67,21 +105,11 @@ provide a much higher level of security.
 - [Harden your NixOS workstation - dataswamp](https://dataswamp.org/~solene/2022-01-13-nixos-hardened.html)
 - [Linux Insecurities - Madaidans](https://madaidans-insecurities.github.io/linux.html)
 - [Sandboxing all programs by default - NixOS Discourse](https://discourse.nixos.org/t/sandboxing-all-programs-by-default/7792)
-- [在 Firejail 中运行 Steam](https://imbearchild.cyou/archives/2021/11/steam-in-firejail/)
-- [Firejail - Arch Linux Wiki](https://wiki.archlinux.org/title/Firejail)
 - [Paranoid NixOS Setup - xeiaso](https://xeiaso.net/blog/paranoid-nixos-2021-07-18/)
 - [nix-mineral](https://github.com/cynicsketch/nix-mineral): NixOS module for convenient system
   hardening.
-- nixpak configs:
-  - https://github.com/pokon548/OysterOS/tree/b97604d89953373d6316286b96f6a964af2c398d/desktop/application
-  - https://github.com/segment-tree/my-nixos/tree/ceb6041f73bd9edcb78a8818b27a28f7c629193b/hm/me/apps/nixpak
-  - https://github.com/Keksgesicht/nixos-config/tree/91cc77d8d6b598da7c4dbed143e0009c2dea6940/packages/nixpak
-  - https://github.com/bluskript/nix-config/blob/7ecb6a7254c1ac4969072f4c4febdc19f8b83b30/pkgs/nixpak/default.nix
-- firejail configs:
-  - https://github.com/stelcodes/nixos-config/blob/f8967c82a5e5f3d128eb1aaf7498b5f918f719ec/packages/overlay.nix#L261
 - apparmor configs:
-  - https://github.com/sukhmancs/nixos-configs/blob/7fcf737c506ad843113cd5b94796b49d4d4dfad2/modules/shared/security/apparmor/default.nix#L8
   - https://github.com/zramctl/dotfiles/blob/4fe177f6984154960942bb47d5a375098ec6ed6a/modules/nixos/security/apparmor.nix#L4
+  - https://git.grimmauld.de/Grimmauld/grimm-nixos-laptop/src/branch/main/hardening
 - Others:
   - Directly via `buildFHSUserEnvBubblewrap`:
-    https://github.com/xddxdd/nur-packages/blob/master/pkgs/uncategorized/wechat-uos/default.nix

hardening/apparmor/default.nix

@@ -2,7 +2,8 @@
   config,
   pkgs,
   ...
-}: {
+}:
+{
   services.dbus.apparmor = "enabled";
   security.apparmor = {
     enable = true;

hardening/bwraps/default.nix

@@ -0,0 +1,9 @@
+{
+  nixpkgs.overlays = [
+    (_: super: {
+      bwraps = {
+        wechat = super.callPackage ./wechat.nix { };
+      };
+    })
+  ];
+}

hardening/bwraps/wechat.nix

@@ -0,0 +1,102 @@
+# - wechat's flatpak manifest: https://github.com/flathub/com.tencent.WeChat/blob/master/com.tencent.WeChat.yaml
+# Refer:
+# - Flatpak manifest's docs:
+#   - https://docs.flatpak.org/en/latest/manifests.html
+#   - https://docs.flatpak.org/en/latest/sandbox-permissions.html
+#
+# TODO Since appimageTools.wrapAppImage do not support overriding, I have to pack this package myself.
+# https://github.com/NixOS/nixpkgs/pull/358977
+{
+  appimageTools,
+  fetchurl,
+  stdenvNoCC,
+}:
+let
+  pname = "wechat";
+  # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/we/wechat/package.nix
+  sources = {
+    # use https://web.archive.org/save to archive the Linux versions
+    # add `if_` at the end of timestamps to avoid toolbar insertion
+    # for a more complicated guide, see https://en.wikipedia.org/wiki/Help:Using_the_Wayback_Machine
+    aarch64-linux = {
+      version = "4.1.1.4";
+      src = fetchurl {
+        url = "https://web.archive.org/web/20260311102559if_/https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_arm64.AppImage";
+        hash = "sha256-YlWJxT62tXDaNwYVpsPMC5elFH8fsbI1HjTQn6ePiPo=";
+      };
+    };
+    x86_64-linux = {
+      version = "4.1.1.4";
+      src = fetchurl {
+        url = "https://web.archive.org/web/20260311102439if_/https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_x86_64.AppImage";
+        hash = "sha256-XxAvFnlljqurGPDgRr+DnuCKbdVvgXBPh02DLHY3Oz8=";
+      };
+    };
+  };
+
+  inherit (stdenvNoCC.hostPlatform) system;
+  inherit (sources.${system} or (throw "Unsupported system: ${system}")) version src;
+
+  # https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/we/wechat/linux.nix
+  appimageContents = appimageTools.extract {
+    inherit pname version src;
+    postExtract = ''
+      patchelf --replace-needed libtiff.so.5 libtiff.so $out/opt/wechat/wechat
+    '';
+  };
+in
+appimageTools.wrapAppImage {
+  inherit pname version;
+
+  src = appimageContents;
+
+  extraInstallCommands = ''
+    mkdir -p $out/share/applications
+    cp ${appimageContents}/wechat.desktop $out/share/applications/
+    mkdir -p $out/share/pixmaps
+    cp ${appimageContents}/wechat.png $out/share/pixmaps/
+
+    substituteInPlace $out/share/applications/wechat.desktop --replace-fail AppRun wechat
+  '';
+
+  # Add these root paths to FHS sandbox to prevent WeChat from accessing them by default
+  # Adapted from https://aur.archlinux.org/cgit/aur.git/tree/wechat-universal.sh?h=wechat-universal-bwrap
+  extraPreBwrapCmds = ''
+    XDG_DOCUMENTS_DIR="''${XDG_DOCUMENTS_DIR:-$(xdg-user-dir DOCUMENTS)}"
+    if [[ -z "''${XDG_DOCUMENTS_DIR}" ]]; then
+        echo 'Error: Failed to get XDG_DOCUMENTS_DIR, refuse to continue'
+        exit 1
+    fi
+
+    WECHAT_DATA_DIR="''${XDG_DOCUMENTS_DIR}/WeChat_Data"
+
+    # Using ''${WECHAT_DATA_DIR} as Wechat Data folder
+    WECHAT_HOME_DIR="''${WECHAT_DATA_DIR}/home"
+    WECHAT_FILES_DIR="''${WECHAT_DATA_DIR}/xwechat_files"
+
+    mkdir -p "''${WECHAT_FILES_DIR}"
+    mkdir -p "''${WECHAT_HOME_DIR}"
+    ln -snf "''${WECHAT_FILES_DIR}" "''${WECHAT_HOME_DIR}/xwechat_files"
+  '';
+  extraBwrapArgs = [
+    "--tmpfs /home"
+    "--tmpfs /root"
+    # format: --bind <host-path> <sandbox-path>
+    "--bind \${WECHAT_HOME_DIR} \${HOME}"
+    "--bind \${WECHAT_FILES_DIR} \${WECHAT_FILES_DIR}"
+    "--chdir \${HOME}"
+    # wechat-universal only supports xcb
+    "--setenv QT_QPA_PLATFORM xcb"
+    "--setenv QT_AUTO_SCREEN_SCALE_FACTOR 1"
+    # use fcitx as IME
+    "--setenv QT_IM_MODULE fcitx"
+    "--setenv GTK_IM_MODULE fcitx"
+  ];
+  chdirToPwd = false;
+  unshareNet = false;
+  unshareIpc = true;
+  unsharePid = true;
+  unshareUts = true;
+  unshareCgroup = true;
+  privateTmp = true;
+}

hardening/firejail/default.nix

@@ -1,71 +0,0 @@
-{pkgs, ...}: let
-  firejailWrapper = import ./firejailWrapper.nix pkgs;
-in {
-  programs.firejail.enable = true;
-
-  # Add firejailed Apps into nixsuper, and reference them in home-manager or other nixos modules
-  nixpkgs.overlays = [
-    (_: super: {
-      firejailed = {
-        steam = firejailWrapper {
-          name = "steam-firejailed";
-          executable = "${super.steam}/bin/steam";
-          profile = "${super.firejail}/etc/firejail/steam.profile";
-        };
-        steam-run = firejailWrapper {
-          name = "steam-run-firejailed";
-          executable = "${super.steam}/bin/steam-run";
-          profile = "${super.firejail}/etc/firejail/steam.profile";
-        };
-
-        # firefox = firejailWrapper {
-        #   name = "firefox-firejailed";
-        #   executable = "${super.lib.getBin super.firefox-wayland}/bin/firefox";
-        #   profile = "${super.firejail}/etc/firejail/firefox.profile";
-        # };
-        # chromium = firejailWrapper {
-        #   name = "chromium-firejailed";
-        #   executable = "${super.lib.getBin super.ungoogled-chromium}/bin/chromium";
-        #   profile = "${super.firejail}/etc/firejail/chromium.profile";
-        # };
-
-        mpv = firejailWrapper {
-          executable = "${super.lib.getBin super.mpv}/bin/mpv";
-          profile = "${super.firejail}/etc/firejail/mpv.profile";
-        };
-        imv = firejailWrapper {
-          executable = "${super.lib.getBin super.imv}/bin/imv";
-          profile = "${super.firejail}/etc/firejail/imv.profile";
-        };
-        zathura = firejailWrapper {
-          executable = "${super.lib.getBin super.zathura}/bin/zathura";
-          profile = "${super.firejail}/etc/firejail/zathura.profile";
-        };
-        slack = firejailWrapper {
-          executable = "${super.lib.getBin super.slack}/bin/slack";
-          profile = "${super.firejail}/etc/firejail/slack.profile";
-        };
-        telegram-desktop = firejailWrapper {
-          executable = "${super.lib.getBin super.tdesktop}/bin/telegram-desktop";
-          profile = "${super.firejail}/etc/firejail/telegram-desktop.profile";
-        };
-        brave = firejailWrapper {
-          executable = "${super.lib.getBin super.brave}/bin/brave";
-          profile = "${super.firejail}/etc/firejail/brave.profile";
-        };
-        qutebrowser = firejailWrapper {
-          executable = "${super.lib.getBin super.qutebrowser}/bin/qutebrowser";
-          profile = "${super.firejail}/etc/firejail/qutebrowser.profile";
-        };
-        thunar = firejailWrapper {
-          executable = "${super.lib.getBin super.xfce.thunar}/bin/thunar";
-          profile = "${super.firejail}/etc/firejail/thunar.profile";
-        };
-        vscodium = firejailWrapper {
-          executable = "${super.lib.getBin super.vscodium}/bin/vscodium";
-          profile = "${super.firejail}/etc/firejail/vscodium.profile";
-        };
-      };
-    })
-  ];
-}

hardening/firejail/firejailWrapper.nix

@@ -1,35 +0,0 @@
-# https://www.reddit.com/r/NixOS/comments/1b56jdx/simple_nix_function_for_wrapping_executables_with/
-pkgs: {
-  name ? "firejail-wrapper",
-  executable,
-  desktop ? null,
-  profile ? null,
-  extraArgs ? [],
-}:
-pkgs.runCommand name
-{
-  preferLocalBuild = true;
-  allowSubstitutes = false;
-  meta.priority = -1; # take precedence over non-firejailed versions
-}
-(
-  let
-    firejailArgs = pkgs.lib.concatStringsSep " " (
-      extraArgs ++ (pkgs.lib.optional (profile != null) "--profile=${toString profile}")
-    );
-  in
-    ''
-      command_path="$out/bin/$(basename ${executable})-jailed"
-      mkdir -p $out/bin
-      mkdir -p $out/share/applications
-      cat <<'_EOF' >"$command_path"
-      #! ${pkgs.runtimeShell} -e
-      exec /run/wrappers/bin/firejail ${firejailArgs} -- ${toString executable} "\$@"
-      _EOF
-      chmod 0755 "$command_path"
-    ''
-    + pkgs.lib.optionalString (desktop != null) ''
-      substitute ${desktop} $out/share/applications/$(basename ${desktop}) \
-        --replace ${executable} "$command_path"
-    ''
-)

hardening/nixpaks/default.nix

@@ -1,8 +1,10 @@
 {
   pkgs,
+  pkgs-master,
   nixpak,
   ...
-}: let
+}:
+let
   callArgs = {
     mkNixPak = nixpak.lib.nixpak {
       inherit (pkgs) lib;
@@ -13,20 +15,16 @@
       (sloth.concat' sloth.homeDir mapdir)
     ];
   };
-  wrapper = _pkgs: path: (_pkgs.callPackage path callArgs).config.script;
-in {
+  wrapper = _pkgs: path: (_pkgs.callPackage path callArgs);
+in
+{
   # Add nixpaked Apps into nixpkgs, and reference them in home-manager or other nixos modules
   nixpkgs.overlays = [
     (_: super: {
       nixpaks = {
         qq = wrapper super ./qq.nix;
-        qq-desktop-item = super.callPackage ./qq-desktop-item.nix {};
-
-        wechat-uos = wrapper super ./wechat-uos.nix;
-        wechat-uos-desktop-item = super.callPackage ./wechat-uos-desktop-item.nix {};
-
+        telegram-desktop = wrapper super ./telegram-desktop.nix;
         firefox = wrapper super ./firefox.nix;
-        firefox-desktop-item = super.callPackage ./firefox-desktop-item.nix {};
       };
     })
   ];

hardening/nixpaks/firefox-desktop-item.nix

@@ -1,11 +0,0 @@
-{makeDesktopItem}:
-makeDesktopItem {
-  name = "firefox";
-  desktopName = "firefox";
-  exec = "firefox %U";
-  terminal = false;
-  icon = "firefox";
-  type = "Application";
-  categories = ["Network"];
-  comment = "firefox boxed";
-}

hardening/nixpaks/firefox.nix

@@ -5,71 +5,123 @@
 # - Firefox's flatpak manifest: https://hg.mozilla.org/mozilla-central/file/tip/taskcluster/docker/firefox-flatpak/runme.sh#l151
 {
   lib,
-  pkgs,
+  firefox,
   mkNixPak,
+  buildEnv,
+  makeDesktopItem,
   ...
 }:
-mkNixPak {
-  config = {
-    config,
-    sloth,
-    ...
-  }: {
-    app = {
-      package = pkgs.firefox-wayland;
-      binPath = "bin/firefox";
-    };
-    flatpak.appId = "org.mozilla.firefox";
 
-    imports = [
-      ./modules/gui-base.nix
-      ./modules/network.nix
-    ];
+let
+  appId = "org.mozilla.firefox";
+  wrapped = mkNixPak {
+    config =
+      {
+        config,
+        sloth,
+        ...
+      }:
+      {
+        app = {
+          package = firefox;
+          binPath = "bin/firefox";
+        };
+        flatpak.appId = appId;
 
-    # list all dbus services:
-    #   ls -al /run/current-system/sw/share/dbus-1/services/
-    #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
-    dbus.policies = {
-      "org.mozilla.firefox.*" = "own"; # firefox
-      "org.mozilla.firefox_beta.*" = "own"; # firefox beta
-      "org.mpris.MediaPlayer2.firefox.*" = "own";
-      "org.freedesktop.NetworkManager" = "talk";
-    };
+        imports = [
+          ./modules/gui-base.nix
+          ./modules/network.nix
+          ./modules/common.nix
+        ];
 
-    bubblewrap = {
-      # To trace all the home files QQ accesses, you can use the following nushell command:
-      #   just trace-access firefox
-      # See the Justfile in the root of this repository for more information.
-      bind.rw = [
-        # given the read write permission to the following directories.
-        # NOTE: sloth.mkdir is used to create the directory if it does not exist!
-        (sloth.mkdir (sloth.concat' sloth.homeDir "/.mozilla"))
+        bubblewrap = {
+          # To trace all the home files Firefox accesses, you can use the following nushell command:
+          #   just trace-access firefox
+          # See the Justfile in the root of this repository for more information.
+          bind.rw = [
+            # given the read write permission to the following directories.
+            # NOTE: sloth.mkdir is used to create the directory if it does not exist!
+            (sloth.mkdir (sloth.concat' sloth.homeDir "/.mozilla"))
 
-        sloth.xdgDownloadDir
-        # ================ for externsions ===============================
-        # required by https://github.com/browserpass/browserpass-extension
-        (sloth.concat' sloth.homeDir "/.local/share/password-store") # pass
-      ];
-      bind.ro = [
-        # To actually make Firefox run
-        "/sys/bus/pci"
-        ["${config.app.package}/lib/firefox" "/app/etc/firefox"]
+            sloth.xdgDocumentsDir
+            sloth.xdgDownloadDir
+            sloth.xdgMusicDir
+            sloth.xdgVideosDir
+            sloth.xdgPicturesDir
+          ];
+          bind.ro = [
+            "/sys/bus/pci"
+            [
+              "${config.app.package}/lib/firefox"
+              "/app/etc/firefox"
+            ]
 
-        # Unsure
-        (sloth.concat' sloth.xdgConfigHome "/dconf")
-      ];
+            # ================ for browserpass extension ===============================
+            "/etc/gnupg"
+            (sloth.concat' sloth.homeDir "/.gnupg") # gpg's config
+            (sloth.concat' sloth.homeDir "/.local/share/password-store") # my secrets
+            (sloth.concat' sloth.runtimeDir "/gnupg") # for access gpg-agent socket
 
-      sockets = {
-        x11 = false;
-        wayland = true;
-        pipewire = true;
+            # Unsure
+            (sloth.concat' sloth.xdgConfigHome "/dconf")
+          ];
+
+          sockets = {
+            x11 = false;
+            wayland = true;
+            pipewire = true;
+          };
+        };
       };
-      bind.dev = [
-        "/dev/shm" # Shared Memory
-      ];
-      tmpfs = [
-        "/tmp"
-      ];
-    };
   };
+  exePath = lib.getExe wrapped.config.script;
+in
+buildEnv {
+  inherit (wrapped.config.script) name meta passthru;
+  paths = [
+    wrapped.config.script
+    (makeDesktopItem {
+      name = appId;
+      desktopName = "Firefox";
+      genericName = "Firefox Boxed";
+      comment = "Firefox Browser";
+      exec = "${exePath} %U";
+      terminal = false;
+      icon = "firefox";
+      startupNotify = true;
+      startupWMClass = "firefox";
+      type = "Application";
+      categories = [
+        "Network"
+        "WebBrowser"
+      ];
+      mimeTypes = [
+        "text/html"
+        "text/xml"
+        "application/xhtml+xml"
+        "application/vnd.mozilla.xul+xml"
+        "x-scheme-handler/http"
+        "x-scheme-handler/https"
+      ];
+
+      actions = {
+        new-private-window = {
+          name = "New Private Window";
+          exec = "${exePath} --private-window %U";
+        };
+        new-window = {
+          name = "New Window";
+          exec = "${exePath} --new-window %U";
+        };
+        profile-manager-window = {
+          name = "Profile Manager";
+          exec = "${exePath} --ProfileManager";
+        };
+      };
+
+      extraConfig = {
+        X-Flatpak = appId;
+      };
+    })
+  ];
 }

hardening/nixpaks/modules/common.nix

@@ -0,0 +1,234 @@
+# https://github.com/mnixry/nixos-config/blob/74913c2b90d06e31170bbbaa0074f915721da224/desktop/packages/nixpaks-common.nix
+# https://github.com/Kraftland/portable/blob/09c4a4227538a3f42de208a6ecbdc938ac9c00dd/portable.sh
+# https://flatpak.github.io/xdg-desktop-portal/docs/api-reference.html
+{
+  lib,
+  sloth,
+  config,
+  ...
+}:
+let
+  inherit (config.flatpak) appId;
+in
+{
+  config = {
+    # list all dbus services:
+    #   ls -al /run/current-system/sw/share/dbus-1/services/
+    #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
+    dbus = {
+      # `--see`: The bus name can be enumerated by the application.
+      # `--talk`: The application can send messages to, and receive replies and signals from, the bus name.
+      # `--own`: The application can own the bus name
+      policies = {
+        "${appId}" = "own";
+        "${appId}.*" = "own";
+        "org.freedesktop.DBus" = "talk";
+        "ca.desrt.dconf" = "talk";
+        "org.freedesktop.appearance" = "talk";
+        "org.freedesktop.appearance.*" = "talk";
+      }
+      // (builtins.listToAttrs (
+        map (id: lib.nameValuePair "org.kde.StatusNotifierItem-${toString id}-1" "own") (
+          lib.lists.range 2 29
+        )
+      ))
+      // {
+        # --- MPRIS Media Control ---
+        # Allows the app to register as a media player. These are derived from the appID.
+        "org.mpris.MediaPlayer2.${appId}" = "own";
+        "org.mpris.MediaPlayer2.${appId}.*" = "own";
+        "org.mpris.MediaPlayer2.${lib.lists.last (lib.strings.splitString "." appId)}" = "own";
+        "org.mpris.MediaPlayer2.${lib.lists.last (lib.strings.splitString "." appId)}.*" = "own";
+
+        # --- General Desktop Integration ---
+        "com.canonical.AppMenu.Registrar" = "talk"; # For Ubuntu AppMenu
+        "org.freedesktop.FileManager1" = "talk";
+        "org.freedesktop.Notifications" = "talk";
+        "org.kde.StatusNotifierWatcher" = "talk";
+        "org.gnome.Shell.Screencast" = "talk";
+
+        # --- Accessibility (a11y) 无障碍服务 ---
+        "org.a11y.Bus" = "see";
+
+        # --- Portal Access ---
+        # "org.freedesktop.portal.*" = "talk";
+        "org.freedesktop.portal.Documents" = "talk";
+        "org.freedesktop.portal.FileTransfer" = "talk";
+        "org.freedesktop.portal.FileTransfer.*" = "talk";
+        "org.freedesktop.portal.Notification" = "talk";
+        "org.freedesktop.portal.OpenURI" = "talk";
+        "org.freedesktop.portal.OpenURI.OpenFile" = "talk";
+        "org.freedesktop.portal.OpenURI.OpenURI" = "talk";
+        "org.freedesktop.portal.Print" = "talk";
+        "org.freedesktop.portal.Request" = "see";
+
+        # --- Input Method Portals ---
+        "org.freedesktop.portal.Fcitx" = "talk";
+        "org.freedesktop.portal.Fcitx.*" = "talk";
+        "org.freedesktop.portal.IBus" = "talk";
+        "org.freedesktop.portal.IBus.*" = "talk";
+      };
+      # '--call' rules permit specific method calls on D-Bus interfaces.
+      rules.call = {
+        # --- Accessibility (a11y) 无障碍服务 ---
+        "org.a11y.Bus" = [
+          "org.a11y.Bus.GetAddress@/org/a11y/bus"
+          "org.freedesktop.DBus.Properties.Get@/org/a11y/bus"
+        ];
+
+        # --- General Portal Rules ---
+        "org.freedesktop.FileManager1" = [ "*" ];
+        "org.freedesktop.Notifications.*" = [ "*" ];
+        "org.freedesktop.portal.Documents" = [ "*" ];
+        "org.freedesktop.portal.FileTransfer" = [ "*" ];
+        "org.freedesktop.portal.FileTransfer.*" = [ "*" ];
+        "org.freedesktop.portal.Fcitx" = [ "*" ];
+        "org.freedesktop.portal.Fcitx.*" = [ "*" ];
+        "org.freedesktop.portal.IBus" = [ "*" ];
+        "org.freedesktop.portal.IBus.*" = [ "*" ];
+        "org.freedesktop.portal.Notification" = [ "*" ];
+        "org.freedesktop.portal.OpenURI" = [ "*" ];
+        "org.freedesktop.portal.OpenURI.OpenFile" = [ "*" ];
+        "org.freedesktop.portal.OpenURI.OpenURI" = [ "*" ];
+        "org.freedesktop.portal.Print" = [ "*" ];
+        "org.freedesktop.portal.Request" = [ "*" ];
+
+        # --- Main Desktop Portal Interface ---
+        # A comprehensive list of permissions for interacting with the desktop environment.
+        "org.freedesktop.portal.Desktop" = [
+          # Properties & Settings
+          "org.freedesktop.DBus.Properties.GetAll"
+          "org.freedesktop.DBus.Properties.Get@/org/freedesktop/portal/desktop"
+          "org.freedesktop.portal.Session.Close"
+          "org.freedesktop.portal.Settings.ReadAll"
+          "org.freedesktop.portal.Settings.Read"
+          "org.freedesktop.portal.Account.GetUserInformation"
+
+          # Network & Proxy
+          "org.freedesktop.portal.NetworkMonitor"
+          "org.freedesktop.portal.NetworkMonitor.*"
+          "org.freedesktop.portal.ProxyResolver.Lookup"
+          "org.freedesktop.portal.ProxyResolver.Lookup.*"
+
+          # Screenshot / Screen Capture & Sharing
+          "org.freedesktop.portal.ScreenCast"
+          "org.freedesktop.portal.ScreenCast.*"
+          "org.freedesktop.portal.Screenshot"
+          "org.freedesktop.portal.Screenshot.Screenshot"
+
+          # Device Access(Camera / USB)
+          "org.freedesktop.portal.Camera"
+          "org.freedesktop.portal.Camera.*"
+          "org.freedesktop.portal.Usb"
+          "org.freedesktop.portal.Usb.*"
+
+          # Remote Desktop
+          "org.freedesktop.portal.RemoteDesktop"
+          "org.freedesktop.portal.RemoteDesktop.*"
+
+          # File Operations
+          "org.freedesktop.portal.Documents"
+          "org.freedesktop.portal.Documents.*"
+          "org.freedesktop.portal.FileChooser"
+          "org.freedesktop.portal.FileChooser.*"
+          "org.freedesktop.portal.FileTransfer"
+          "org.freedesktop.portal.FileTransfer.*"
+
+          # Notifications & Printing
+          "org.freedesktop.portal.Notification"
+          "org.freedesktop.portal.Notification.*"
+          "org.freedesktop.portal.Print"
+          "org.freedesktop.portal.Print.*"
+
+          # Open/Launch Handlers
+          "org.freedesktop.portal.OpenURI"
+          "org.freedesktop.portal.OpenURI.*"
+          "org.freedesktop.portal.Email.ComposeEmail"
+
+          # Input Methods
+          "org.freedesktop.portal.Fcitx"
+          "org.freedesktop.portal.Fcitx.*"
+          "org.freedesktop.portal.IBus"
+          "org.freedesktop.portal.IBus.*"
+
+          # Secrets (Keyring)
+          "org.freedesktop.portal.Secret"
+          "org.freedesktop.portal.Secret.RetrieveSecret"
+
+          # Get/Update GlobalShortcuts
+          # "org.freedesktop.portal.GlobalShortcuts"
+          # "org.freedesktop.portal.GlobalShortcuts.*"
+
+          # -- get the user's location
+          # "org.freedesktop.portal.Location"
+          # "org.freedesktop.portal.Location.*"
+
+          # -- inhibit the user session from ending, suspending, idling or getting switched away.
+          "org.freedesktop.portal.Inhibit"
+          "org.freedesktop.portal.Inhibit.*"
+
+          # Generic Request Fallback
+          "org.freedesktop.portal.Request"
+        ];
+      };
+
+      # 'broadcast' rules permit receiving signals from D-Bus names.
+      rules.broadcast = {
+        "org.freedesktop.portal.*" = [ "@/org/freedesktop/portal/*" ];
+      };
+      args = [
+        "--filter"
+        "--sloppy-names"
+        "--log"
+      ];
+    };
+
+    etc.sslCertificates.enable = true;
+    bubblewrap = {
+      network = lib.mkDefault true;
+      sockets = {
+        wayland = true;
+        pulse = true;
+      };
+
+      bind.rw = with sloth; [
+        [
+          (mkdir appDataDir)
+          xdgDataHome
+        ]
+        [
+          (mkdir appConfigDir)
+          xdgConfigHome
+        ]
+        [
+          (mkdir appCacheDir)
+          xdgCacheHome
+        ]
+
+        (sloth.concat [
+          sloth.runtimeDir
+          "/"
+          (sloth.envOr "WAYLAND_DISPLAY" "no")
+        ])
+        (sloth.concat' sloth.runtimeDir "/at-spi/bus")
+        (sloth.concat' sloth.runtimeDir "/gvfsd")
+        (sloth.concat' sloth.runtimeDir "/dconf")
+
+        (sloth.concat' sloth.xdgCacheHome "/fontconfig")
+        (sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache")
+        (sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache_db")
+        (sloth.concat' sloth.xdgCacheHome "/radv_builtin_shaders")
+      ];
+      bind.ro = [
+        (sloth.concat' sloth.runtimeDir "/doc")
+        (sloth.concat' sloth.xdgConfigHome "/kdeglobals")
+        (sloth.concat' sloth.xdgConfigHome "/gtk-2.0")
+        (sloth.concat' sloth.xdgConfigHome "/gtk-3.0")
+        (sloth.concat' sloth.xdgConfigHome "/gtk-4.0")
+        (sloth.concat' sloth.xdgConfigHome "/fontconfig")
+        (sloth.concat' sloth.xdgConfigHome "/dconf")
+      ];
+      bind.dev = [ "/dev/shm" ] ++ (map (id: "/dev/video${toString id}") (lib.lists.range 0 9));
+    };
+  };
+}

hardening/nixpaks/modules/gui-base.nix

@@ -5,21 +5,18 @@
   pkgs,
   sloth,
   ...
-}: let
+}:
+let
   envSuffix = envKey: suffix: sloth.concat' (sloth.env envKey) suffix;
   # cursor & icon's theme should be the same as the host's one.
   cursorTheme = pkgs.bibata-cursors;
   iconTheme = pkgs.papirus-icon-theme;
-in {
+in
+{
   config = {
     dbus.policies = {
       "${config.flatpak.appId}" = "own";
-      "org.freedesktop.DBus" = "talk";
-      "org.gtk.vfs.*" = "talk";
-      "org.gtk.vfs" = "talk";
-      "ca.desrt.dconf" = "talk";
-      "org.freedesktop.portal.*" = "talk";
-      "org.a11y.Bus" = "talk";
+      # we add other policies in ./common.nix
     };
     # https://github.com/nixpak/nixpak/blob/master/modules/gpu.nix
     # 1. bind readonly - /run/opengl-driver
@@ -64,14 +61,16 @@ in {
         (sloth.concat' sloth.xdgConfigHome "/fontconfig")
 
         "/etc/fonts" # for fontconfig
-        "/etc/machine-id"
-        "/etc/localtime"
+        "/etc/localtime" # this is a symlink to /etc/zoneinfo/xxx
+        "/etc/zoneinfo"
 
         # Fix: libEGL warning: egl: failed to create dri2 screen
         "/etc/egl"
         "/etc/static/egl"
       ];
       bind.dev = [
+        "/dev/shm" # Shared Memory
+
         # seems required when using nvidia as primary gpu
         "/dev/nvidia0"
         "/dev/nvidiactl"
@@ -79,16 +78,24 @@ in {
         "/dev/nvidia-uvm"
       ];
 
+      tmpfs = [
+        "/tmp"
+      ];
+
       env = {
-        XDG_DATA_DIRS = lib.mkForce (lib.makeSearchPath "share" [
-          iconTheme
-          cursorTheme
-          pkgs.shared-mime-info
-        ]);
-        XCURSOR_PATH = lib.mkForce (lib.concatStringsSep ":" [
-          "${cursorTheme}/share/icons"
-          "${cursorTheme}/share/pixmaps"
-        ]);
+        XDG_DATA_DIRS = lib.mkForce (
+          lib.makeSearchPath "share" [
+            iconTheme
+            cursorTheme
+            pkgs.shared-mime-info
+          ]
+        );
+        XCURSOR_PATH = lib.mkForce (
+          lib.concatStringsSep ":" [
+            "${cursorTheme}/share/icons"
+            "${cursorTheme}/share/pixmaps"
+          ]
+        );
       };
     };
   };

hardening/nixpaks/modules/network.nix

@@ -2,7 +2,7 @@
 {
   etc.sslCertificates.enable = true;
   bubblewrap = {
-    bind.ro = ["/etc/resolv.conf"];
+    bind.ro = [ "/etc/resolv.conf" ];
     network = true;
   };
 }

hardening/nixpaks/qq-desktop-item.nix

@@ -1,17 +0,0 @@
-{
-  makeDesktopItem,
-  qq,
-}:
-makeDesktopItem {
-  name = "qq";
-  desktopName = "QQ";
-  exec = "qq %U";
-  terminal = false;
-  # To find the icon name(nushell):
-  #   let p = NIXPKGS_ALLOW_UNFREE=1 nix eval --impure nixpkgs#qq.outPath | str trim --char '"'
-  #   tree $"($p)/share/icons"
-  icon = "${qq}/share/icons/hicolor/512x512/apps/qq.png";
-  type = "Application";
-  categories = ["Network"];
-  comment = "QQ boxed";
-}

hardening/nixpaks/qq.nix

@@ -5,55 +5,75 @@
 # - QQ's flatpak manifest: https://github.com/flathub/com.qq.QQ/blob/master/com.qq.QQ.yaml
 {
   lib,
-  pkgs,
+  qq,
   mkNixPak,
+  buildEnv,
+  makeDesktopItem,
   ...
 }:
-mkNixPak {
-  config = {sloth, ...}: {
-    app = {
-      package = pkgs.qq.override {
-        # fix fcitx5 input method
-        commandLineArgs = lib.concatStringsSep " " ["--enable-wayland-ime"];
-      };
-      binPath = "bin/qq";
-    };
-    flatpak.appId = "com.tencent.qq";
 
-    imports = [
-      ./modules/gui-base.nix
-      ./modules/network.nix
-    ];
+let
+  appId = "com.qq.QQ";
 
-    # list all dbus services:
-    #   ls -al /run/current-system/sw/share/dbus-1/services/
-    #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
-    dbus.policies = {
-      "org.gnome.Shell.Screencast" = "talk";
-      "org.freedesktop.Notifications" = "talk";
-      "org.kde.StatusNotifierWatcher" = "talk";
-    };
-    bubblewrap = {
-      # To trace all the home files QQ accesses, you can use the following nushell command:
-      #   just trace-access qq
-      # See the Justfile in the root of this repository for more information.
-      bind.rw = [
-        # given the read write permission to the following directories.
-        # NOTE: sloth.mkdir is used to create the directory if it does not exist!
-        (sloth.mkdir (sloth.concat [sloth.xdgConfigHome "/QQ"]))
-        (sloth.mkdir (sloth.concat [sloth.xdgDownloadDir "/QQ"]))
-      ];
-      sockets = {
-        x11 = false;
-        wayland = true;
-        pipewire = true;
+  wrapped = mkNixPak {
+    config =
+      { sloth, ... }:
+      {
+        app = {
+          package = qq;
+          binPath = "bin/qq";
+        };
+        flatpak.appId = appId;
+
+        imports = [
+          ./modules/gui-base.nix
+          ./modules/network.nix
+          ./modules/common.nix
+        ];
+
+        bubblewrap = {
+          # To trace all the home files QQ accesses, you can use the following nushell command:
+          #   just trace-access qq
+          # See the Justfile in the root of this repository for more information.
+          bind.rw = [
+            sloth.xdgDocumentsDir
+            sloth.xdgDownloadDir
+            sloth.xdgMusicDir
+            sloth.xdgVideosDir
+            sloth.xdgPicturesDir
+          ];
+          sockets = {
+            x11 = false;
+            wayland = true;
+            pipewire = true;
+          };
+        };
       };
-      bind.dev = [
-        "/dev/shm" # Shared Memory
-      ];
-      tmpfs = [
-        "/tmp"
-      ];
-    };
   };
+  exePath = lib.getExe wrapped.config.script;
+in
+buildEnv {
+  inherit (wrapped.config.script) name meta passthru;
+  paths = [
+    wrapped.config.script
+    (makeDesktopItem {
+      name = appId;
+      desktopName = "QQ";
+      genericName = "QQ Boxed";
+      comment = "Tencent QQ, also known as QQ, is an instant messaging software service and web portal developed by the Chinese technology company Tencent.";
+      exec = "${exePath} %U";
+      terminal = false;
+      icon = "${qq}/share/icons/hicolor/512x512/apps/qq.png";
+      startupNotify = true;
+      startupWMClass = "QQ";
+      type = "Application";
+      categories = [
+        "InstantMessaging"
+        "Network"
+      ];
+      extraConfig = {
+        X-Flatpak = appId;
+      };
+    })
+  ];
 }

hardening/nixpaks/telegram-desktop.nix

@@ -0,0 +1,101 @@
+{
+  lib,
+  telegram-desktop,
+  buildEnv,
+  mkNixPak,
+  makeDesktopItem,
+  ...
+}:
+let
+  appId = "org.telegram.desktop";
+  wrapped = mkNixPak {
+    config =
+      { sloth, ... }:
+      {
+        imports = [
+          ./modules/gui-base.nix
+          ./modules/network.nix
+          ./modules/common.nix
+        ];
+        app.package = telegram-desktop;
+        flatpak = {
+          appId = appId;
+        };
+        dbus = {
+          enable = true;
+          policies = {
+            "com.canonical.indicator.application" = "talk";
+            "org.ayatana.indicator.application" = "talk";
+            "org.sigxcpu.Feedback" = "talk";
+          };
+        };
+
+        bubblewrap = {
+          bind.rw = [
+            sloth.xdgDocumentsDir
+            sloth.xdgDownloadDir
+            sloth.xdgMusicDir
+            sloth.xdgVideosDir
+            sloth.xdgPicturesDir
+          ];
+          sockets = {
+            x11 = false;
+            wayland = true;
+            pipewire = true;
+          };
+        };
+      };
+  };
+  exePath = lib.getExe wrapped.config.script;
+in
+buildEnv {
+  inherit (wrapped.config.script) name meta passthru;
+  paths = [
+    wrapped.config.script
+    (makeDesktopItem {
+      name = appId;
+      desktopName = "Telegram";
+      comment = "New era of messaging";
+      tryExec = "${exePath}";
+      exec = "${exePath} -- %u";
+      icon = appId;
+      startupNotify = true;
+      startupWMClass = appId;
+      terminal = false;
+      type = "Application";
+      categories = [
+        "Chat"
+        "Network"
+        "InstantMessaging"
+        "Qt"
+      ];
+      mimeTypes = [
+        "x-scheme-handler/tg"
+        "x-scheme-handler/tonsite"
+      ];
+      keywords = [
+        "tg"
+        "chat"
+        "im"
+        "messaging"
+        "messenger"
+        "sms"
+        "tdesktop"
+      ];
+      actions = {
+        quit = {
+          name = "Quit Telegram";
+          exec = "${exePath} -quit";
+          icon = "application-exit";
+        };
+      };
+      extraConfig = {
+        X-Flatpak = appId;
+        DBusActivatable = "true";
+        SingleMainWindow = "true";
+        X-GNOME-UsesNotifications = "true";
+        X-GNOME-SingleWindow = "true";
+      };
+    })
+  ];
+}

hardening/nixpaks/wechat-uos-desktop-item.nix

@@ -1,17 +0,0 @@
-{
-  makeDesktopItem,
-  wechat-uos,
-}:
-makeDesktopItem {
-  name = "wechat";
-  desktopName = "WeChat";
-  exec = "wechat-uos %U";
-  terminal = false;
-  # To find the icon name(nushell):
-  #   let p = NIXPKGS_ALLOW_UNFREE=1 nix eval --impure nixpkgs#wechat-uos.outPath | str trim --char '"'
-  #   tree $"($p)/share/icons"
-  icon = "${wechat-uos}/share/icons/hicolor/256x256/apps/com.tencent.wechat.png";
-  type = "Application";
-  categories = ["Network"];
-  comment = "Wechat boxed";
-}

hardening/nixpaks/wechat-uos.nix

@@ -1,73 +0,0 @@
-# TODO: wechat-uos is running in FHS sandbox by default, it's problematic
-#   to wrap it again via flatpak. We need to find a way to fix it.
-#   https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/we/wechat-uos/package.nix
-# Refer:
-# - Flatpak manifest's docs:
-#   - https://docs.flatpak.org/en/latest/manifests.html
-#   - https://docs.flatpak.org/en/latest/sandbox-permissions.html
-# - wechat-uos's flatpak manifest: https://github.com/flathub/com.tencent.WeChat/blob/master/com.tencent.WeChat.yaml
-{
-  lib,
-  pkgs,
-  mkNixPak,
-  ...
-}:
-mkNixPak {
-  config = {sloth, ...}: {
-    app = {
-      package = pkgs.wechat-uos;
-      binPath = "bin/wechat-uos";
-    };
-    flatpak.appId = "com.tencent.WeChat";
-
-    imports = [
-      ./modules/gui-base.nix
-      ./modules/network.nix
-    ];
-
-    # list all dbus services:
-    #   ls -al /run/current-system/sw/share/dbus-1/services/
-    #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
-    dbus.policies = {
-      "org.gnome.Shell.Screencast" = "talk";
-      # System tray icon
-      "org.freedesktop.Notifications" = "talk";
-      "org.kde.StatusNotifierWatcher" = "talk";
-      # File Manager
-      "org.freedesktop.FileManager1" = "talk";
-      # Uses legacy StatusNotifier implementation
-      "org.kde.*" = "own";
-    };
-    bubblewrap = {
-      # To trace all the home files QQ accesses, you can use the following nushell command:
-      #   just trace-access wechat-uos
-      # See the Justfile in the root of this repository for more information.
-      bind.rw = [
-        # given the read write permission to the following directories.
-        # NOTE: sloth.mkdir is used to create the directory if it does not exist!
-        (sloth.mkdir (sloth.concat [sloth.homeDir "/.xwechat"]))
-        (sloth.mkdir (sloth.concat [sloth.xdgDocumentsDir "/xwechat_files"]))
-        (sloth.mkdir (sloth.concat [sloth.xdgDocumentsDir "/WeChat_Data/"]))
-        (sloth.mkdir (sloth.concat [sloth.xdgDownloadDir "/WeChat"]))
-      ];
-      sockets = {
-        x11 = false;
-        wayland = true;
-        pipewire = true;
-      };
-      bind.dev = [
-        "/dev/shm" # Shared Memory
-      ];
-      tmpfs = [
-        "/tmp"
-      ];
-
-      env = {
-        # Hidpi scale
-        "QT_AUTO_SCREEN_SCALE_FACTOR" = "1";
-        # Only supports xcb
-        "QT_QPA_PLATFORM" = "kcb";
-      };
-    };
-  };
-}

hardening/profiles/default.nix

@@ -1,4 +1,5 @@
-{modulesPath, ...}: {
+{ modulesPath, ... }:
+{
   imports = [
     (modulesPath + "/profiles/hardened.nix")
   ];

home/README.md

@@ -1,5 +1,56 @@
 # Home Manager's Submodules
 
-1. `base`: The base module that is suitable for both Linux and macOS.
-2. `linux`: Linux-specific configuration.
-3. `darwin`: macOS-specific configuration.
+This directory contains all Home Manager configurations organized by platform and functionality.
+
+## Current Structure
+
+```
+home/
+├── base/              # Cross-platform home manager configurations
+│   ├── core/          # Essential applications and settings
+│   │   ├── editors/   # Editor configurations (Neovim, Helix)
+│   │   ├── shells/    # Shell configurations (Nushell, Zellij)
+│   │   └── ...
+│   ├── gui/           # GUI applications and desktop settings
+│   │   ├── terminal/  # Terminal emulators (Kitty, Alacritty, etc.)
+│   │   └── ...
+│   ├── tui/           # Terminal/TUI applications
+│   │   ├── editors/   # Heavy editor/tooling pkgs only (`packages.nix`; core editors live under `core/editors`)
+│   │   ├── encryption/ # GPG, password-store, etc.
+│   │   └── ...
+│   └── home.nix       # Main home manager entry point
+├── linux/             # Linux-specific home manager configurations
+│   ├── base/          # Linux base configurations
+│   ├── gui/           # Linux GUI applications
+│   │   ├── niri/      # Niri window manager
+│   │   └── ...
+│   ├── editors/       # Linux-specific editors
+│   └── ...
+├── hosts/             # Host-specific home manager entry modules
+│   ├── linux/         # Linux host home modules (ai, shoukei, k3s-*, etc.)
+│   └── darwin/        # macOS host home modules (fern, frieren)
+└── darwin/            # macOS-specific home manager configurations
+    ├── aerospace/     # macOS window manager
+    ├── proxy/         # Proxy configurations
+    └── ...
+```
+
+## Module Overview
+
+1. **base**: The base module suitable for both Linux and macOS
+   - Cross-platform applications and settings
+   - Shared configurations for editors, shells, and essential tools
+
+2. **linux**: Linux-specific configuration
+   - Desktop environments (Noctalia Shell, Niri compositor)
+   - Linux-specific GUI applications
+   - System integration tools
+
+3. **darwin**: macOS-specific configuration
+   - macOS applications and services
+   - Platform-specific integrations (Aerospace, Squirrel, etc.)
+
+4. **hosts**: Host entry modules for Home Manager
+   - Each output should reference only one host home module file
+   - Host modules are responsible for importing shared stacks (`home/linux/*` or `home/darwin`) and
+     applying host overrides

home/base/README.md

@@ -1,5 +1,64 @@
 # Home Manager's Base Submodules
 
-1. `server`: Configuration which is suitable for both servers and desktops.
-1. `desktop`: Configuration for desktop environments, such as Hyprland, I3, etc.
-1. `core.nix`: Minimal home-manager's config
+This directory contains cross-platform base configurations that are shared between Linux and Darwin
+systems.
+
+## Configuration Structure
+
+### Core System
+
+- **core/**: Essential cross-platform configurations
+  - **core.nix**: Minimal home-manager configuration
+  - **shells/**: Shell configurations (bash, zsh, fish, nu)
+  - **editors/**: Helix + Neovim (Home Manager) and usage docs (`README.md` per editor)
+  - **btop.nix**: System monitoring tools
+  - **git.nix**: Git configuration and aliases
+  - **npm.nix**: Node.js package management
+  - **pip.nix**: Python package management
+  - **starship.nix**: Cross-shell prompt configuration
+  - **theme.nix**: Color schemes and theming
+  - **yazi.nix**: Terminal file manager configuration
+  - **zellij/**: Terminal multiplexer with custom layouts
+
+### Desktop Environment
+
+- **gui/**: Cross-platform GUI applications and configurations
+  - **dev-tools.nix**: Development tools and IDEs
+  - **media.nix**: Media players and utilities
+  - **terminal/**: Terminal emulator configurations
+    - **alacritty/**: Alacritty terminal
+    - **kitty/**: Kitty terminal
+    - **foot/**: Foot terminal (Linux)
+    - **ghostty/**: Ghostty terminal
+
+### Terminal Interface
+
+- **tui/**: Terminal-based interface configurations
+  - **cloud/**: Cloud development tools (Terraform, etc.)
+  - **container.nix**: Container tools (Docker, Podman)
+  - **dev-tools.nix**: Terminal-based development tools
+  - **editors/**: Extra terminal editor Nix (see `core/editors/` for docs and baseline enables)
+  - **encryption/**: Encryption and security tools
+  - **gpg/**: GPG key management
+  - **password-store/**: Password management with pass
+  - **shell.nix**: Shell environment configurations
+  - **ssh/**: SSH configuration and management
+  - **zellij/**: Terminal workspace management
+
+### System Management
+
+- **home.nix**: Main home manager configuration file
+
+## Platform Compatibility
+
+All configurations in this directory are designed to work across:
+
+- **Linux**: All distributions with Nix and Home Manager
+- **macOS**: Darwin systems with Home Manager
+- **WSL**: Windows Subsystem for Linux
+
+## Usage
+
+These base configurations provide the foundation for both Linux and Darwin systems, ensuring
+consistent environments across different platforms while allowing for platform-specific
+customizations.

home/base/core/btop.nix

@@ -1,16 +1,8 @@
 {
-  pkgs,
-  nur-ryan4yin,
-  ...
-}: {
-  # https://github.com/catppuccin/btop/blob/main/themes/catppuccin_mocha.theme
-  xdg.configFile."btop/themes".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-btop}/themes";
-
   # replacement of htop/nmon
   programs.btop = {
     enable = true;
     settings = {
-      color_theme = "catppuccin_mocha";
       theme_background = false; # make btop transparent
     };
   };

home/base/core/container.nix

@@ -1,51 +0,0 @@
-{
-  pkgs,
-  pkgs-unstable,
-  nur-ryan4yin,
-  ...
-}: {
-  home.packages = with pkgs; [
-    docker-compose
-    dive # explore docker layers
-    lazydocker # Docker terminal UI.
-    skopeo # copy/sync images between registries and local storage
-    go-containerregistry # provides `crane` & `gcrane`, it's similar to skopeo
-
-    kubectl
-    kubectx
-    kubebuilder
-    istioctl
-    clusterctl # for kubernetes cluster-api
-    kubevirt # virtctl
-    kubernetes-helm
-    fluxcd
-    argocd
-
-    ko # build go project to container image
-  ];
-
-  programs = {
-    k9s = {
-      enable = true;
-      # https://k9scli.io/topics/aliases/
-      # aliases = {};
-      settings = {
-        skin = "catppuccino-mocha";
-      };
-      skins.catppuccin-mocha = let
-        skin_file = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-k9s}/dist/mocha.yml"; # theme - catppuccin mocha
-        skin_attr = builtins.fromJSON (
-          builtins.readFile
-          # replace 'base: &base "#1e1e2e"' with 'base: &base "default"'
-          # to make fg/bg color transparent. "default" means transparent in k9s skin.
-          (pkgs.runCommandNoCC "get-skin-json" {} ''
-            cat ${skin_file} \
-              |  sed -E 's@(base: &base ).+@\1 "default"@g' \
-              | ${pkgs.yj}/bin/yj > $out
-          '')
-        );
-      in
-        skin_attr;
-    };
-  };
-}

home/base/core/core.nix

@@ -1,40 +1,6 @@
+{ pkgs, ... }:
 {
-  pkgs,
-  nur-ryan4yin,
-  ...
-}: {
   home.packages = with pkgs; [
-    # Misc
-    tldr
-    cowsay
-    gnupg
-    gnumake
-
-    # Modern cli tools, replacement of grep/sed/...
-
-    # Interactively filter its input using fuzzy searching, not limit to filenames.
-    fzf
-    # search for files by name, faster than find
-    fd
-    # search for files by its content, replacement of grep
-    (ripgrep.override {withPCRE2 = true;})
-
-    # A fast and polyglot tool for code searching, linting, rewriting at large scale
-    # supported languages: only some mainstream languages currently(do not support nix/nginx/yaml/toml/...)
-    ast-grep
-
-    sad # CLI search and replace, just like sed, but with diff preview.
-    yq-go # yaml processor https://github.com/mikefarah/yq
-    just # a command runner like make, but simpler
-    delta # A viewer for git and diff output
-    lazygit # Git terminal UI.
-    hyperfine # command-line benchmarking tool
-    gping # ping, but with a graph(TUI)
-    doggo # DNS client for humans
-    duf # Disk Usage/Free Utility - a better 'df' alternative
-    du-dust # A more intuitive version of `du` in rust
-    gdu # disk usage analyzer(replacement of `du`)
-
     # nix related
     #
     # it provides the command `nom` works just like `nix
@@ -48,93 +14,86 @@
     # https://github.com/utdemir/nix-tree
     nix-tree # A TUI to visualize the dependency graph of a nix derivation
 
-    # productivity
+    # misc
+    cowsay
+    gnupg
     caddy # A webserver with automatic HTTPS via Let's Encrypt(replacement of nginx)
-    croc # File transfer between computers securely and easily
-    ncdu # analyzer your disk usage Interactively, via TUI(replacement of `du`)
+    # A fast and polyglot tool for code searching, linting, rewriting at large scale
+    # supported languages: only some mainstream languages currently(do not support nix/nginx/yaml/toml/...)
+    ast-grep
+
+    # other core cli tools are installed at system-level
   ];
 
-  programs = {
-    # A modern replacement for ‘ls’
-    # useful in bash/zsh prompt, not in nushell.
-    eza = {
-      enable = true;
-      # do not enable aliases in nushell!
-      enableNushellIntegration = false;
-      git = true;
-      icons = "auto";
-    };
+  # A modern replacement for ‘ls’
+  # useful in bash/zsh prompt, not in nushell.
+  programs.eza = {
+    enable = true;
+    # do not enable aliases in nushell!
+    enableNushellIntegration = false;
+    git = true;
+    icons = "auto";
+  };
 
-    # a cat(1) clone with syntax highlighting and Git integration.
-    bat = {
-      enable = true;
-      config = {
-        pager = "less -FR";
-        theme = "catppuccin-mocha";
-      };
-      themes = {
-        # https://raw.githubusercontent.com/catppuccin/bat/main/Catppuccin-mocha.tmTheme
-        catppuccin-mocha = {
-          src = nur-ryan4yin.packages.${pkgs.system}.catppuccin-bat;
-          file = "Catppuccin-mocha.tmTheme";
-        };
-      };
-    };
-
-    # A command-line fuzzy finder
-    fzf = {
-      enable = true;
-      # https://github.com/catppuccin/fzf
-      # catppuccin-mocha
-      colors = {
-        "bg+" = "#313244";
-        "bg" = "#1e1e2e";
-        "spinner" = "#f5e0dc";
-        "hl" = "#f38ba8";
-        "fg" = "#cdd6f4";
-        "header" = "#f38ba8";
-        "info" = "#cba6f7";
-        "pointer" = "#f5e0dc";
-        "marker" = "#f5e0dc";
-        "fg+" = "#cdd6f4";
-        "prompt" = "#cba6f7";
-        "hl+" = "#f38ba8";
-      };
-    };
-
-    # zoxide is a smarter cd command, inspired by z and autojump.
-    # It remembers which directories you use most frequently,
-    # so you can "jump" to them in just a few keystrokes.
-    # zoxide works on all major shells.
-    #
-    #   z foo              # cd into highest ranked directory matching foo
-    #   z foo bar          # cd into highest ranked directory matching foo and bar
-    #   z foo /            # cd into a subdirectory starting with foo
-    #
-    #   z ~/foo            # z also works like a regular cd command
-    #   z foo/             # cd into relative path
-    #   z ..               # cd one level up
-    #   z -                # cd into previous directory
-    #
-    #   zi foo             # cd with interactive selection (using fzf)
-    #
-    #   z foo<SPACE><TAB>  # show interactive completions (zoxide v0.8.0+, bash 4.4+/fish/zsh only)
-    zoxide = {
-      enable = true;
-      enableBashIntegration = true;
-      enableZshIntegration = true;
-      enableNushellIntegration = true;
-    };
-
-    # Atuin replaces your existing shell history with a SQLite database,
-    # and records additional context for your commands.
-    # Additionally, it provides optional and fully encrypted
-    # synchronisation of your history between machines, via an Atuin server.
-    atuin = {
-      enable = true;
-      enableBashIntegration = true;
-      enableZshIntegration = true;
-      enableNushellIntegration = true;
+  # a cat(1) clone with syntax highlighting and Git integration.
+  programs.bat = {
+    enable = true;
+    config = {
+      pager = "less -FR";
     };
   };
+
+  # A command-line fuzzy finder
+  programs.fzf.enable = true;
+
+  # very fast version of tldr in Rust
+  programs.tealdeer = {
+    enable = true;
+    enableAutoUpdates = true;
+    settings = {
+      display = {
+        compact = false;
+        use_pager = true;
+      };
+      updates = {
+        auto_update = false;
+        auto_update_interval_hours = 720;
+      };
+    };
+  };
+
+  # zoxide is a smarter cd command, inspired by z and autojump.
+  # It remembers which directories you use most frequently,
+  # so you can "jump" to them in just a few keystrokes.
+  # zoxide works on all major shells.
+  #
+  #   z foo              # cd into highest ranked directory matching foo
+  #   z foo bar          # cd into highest ranked directory matching foo and bar
+  #   z foo /            # cd into a subdirectory starting with foo
+  #
+  #   z ~/foo            # z also works like a regular cd command
+  #   z foo/             # cd into relative path
+  #   z ..               # cd one level up
+  #   z -                # cd into previous directory
+  #
+  #   zi foo             # cd with interactive selection (using fzf)
+  #
+  #   z foo<SPACE><TAB>  # show interactive completions (zoxide v0.8.0+, bash 4.4+/fish/zsh only)
+  programs.zoxide = {
+    enable = true;
+    enableBashIntegration = true;
+    enableZshIntegration = true;
+    enableNushellIntegration = true;
+  };
+
+  # Atuin replaces your existing shell history with a SQLite database,
+  # and records additional context for your commands.
+  # Additionally, it provides optional and fully encrypted
+  # synchronisation of your history between machines, via an Atuin server.
+  programs.atuin = {
+    enable = true;
+    enableBashIntegration = true;
+    enableZshIntegration = true;
+    enableNushellIntegration = true;
+  };
 }

home/base/core/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/core/editors/Glossary.md

@@ -71,5 +71,3 @@ Linting is distinct from Formatting because:
 
 Formatters and Linters process each file independently, they do not need to know about other files
 in the project.
-
-- [ ]

home/base/core/editors/README.md

@@ -1,3 +1,26 @@
 # Editors
 
-See [desktop/editors/](../../desktop/editors/) for more details.
+Shared editor configuration and **usage notes** for terminal-focused editing.
+
+## Roles
+
+- **Helix** (`helix/`): Primary TUI editor — batteries-included, small attack surface. `$EDITOR` /
+  `$VISUAL` default to `hx` (`session-env.nix`).
+- **Neovim** (`neovim/`): Backup editor — classic vim-style workflow and `:help` when needed. For
+  privileged edits (`sudoedit`) and other security-sensitive inputs, `$SUDO_EDITOR` is
+  `nvim --clean`; use that explicitly when `$EDITOR` must avoid user config/plugins.
+
+Terminal layout and files: **Zellij** and **Yazi** live under `core/zellij/` and `core/yazi.nix`
+(not in this folder).
+
+## Docs
+
+- [`helix/README.md`](./helix/README.md) — Helix basics, cheatsheet, official doc links, Helix vs
+  Neovim notes.
+- [`neovim/README.md`](./neovim/README.md) — Vim/Neovim basics, cheatsheet, and official doc links.
+
+Nix modules in `helix/` and `neovim/` enable each editor via Home Manager. Language servers and
+other heavy editor-related packages are listed in
+[`../../tui/editors/`](../../tui/editors/README.md) (imported from `home/base/tui`).
+
+Editor terminology (LSP, tree-sitter): [`Glossary.md`](./Glossary.md).

home/base/core/editors/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/core/editors/helix/README.md

@@ -0,0 +1,209 @@
+# Helix (primary) — Kakoune-style usage
+
+Neovim is powerful and has a very active community. This config still enables Neovim as a **backup**
+editor (vim-style muscle memory, `:help`, and occasional plugin workflows).
+
+Helix is the **primary** TUI editor here: opinionated, batteries-included (LSP, tree-sitter, picker,
+multi-cursor, surround), and a smaller moving part than a large Neovim plugin stack.
+
+## Tips
+
+1. This flake sets `$EDITOR` / `$VISUAL` to **`hx`** by default. For security-sensitive edits
+   (privileged files, unfamiliar binaries, secrets), prefer **`nvim --clean`** — `$SUDO_EDITOR` uses
+   it so `sudoedit` stays minimal; invoke it yourself in other trust-boundary cases.
+1. Helix is **selection-first** (like Kakoune): extend a selection, then run an action (`d`, `c`,
+   `y`, …). A lone cursor is a zero-width selection.
+1. Read the official docs before reinventing workflows:
+   1. <https://docs.helix-editor.com/> — documentation home (links to usage, keymap, configuration).
+   1. <https://docs.helix-editor.com/usage.html> — modes, buffers, motions overview.
+   1. <https://docs.helix-editor.com/keymap.html> — full default keybindings.
+   1. <https://docs.helix-editor.com/commands.html> — typable commands (`:` prompt).
+   1. <https://docs.helix-editor.com/configuration.html> — `config.toml`, themes, remaps.
+   1. <https://github.com/helix-editor/helix/wiki> — install tips, language servers, FAQ.
+1. Prefer **Zellij** for shells and panes; use **Helix** for buffers and text.
+1. On large codebases, navigation is often **by picker** (`Space f`, symbols, workspace search) or
+   **by LSP** (`g` goto mode), complementing motion-based editing.
+1. After **git** operations (`checkout`, `merge`, `pull`, `rebase`) or whenever many files changed
+   on disk, run **`:reload-all`** (alias **`:rla`**) so every open buffer is refreshed from disk in
+   one step — much faster than revisiting each file or restarting Helix.
+
+## Tutorial
+
+Run `:tutor` inside Helix, or `hx --tutor` from the shell
+([tutor source](https://github.com/helix-editor/helix/blob/master/runtime/tutor)).
+
+## Helix cheatsheet (common keys)
+
+> Full reference: <https://docs.helix-editor.com/keymap.html>  
+> Typable commands: <https://docs.helix-editor.com/commands.html>
+
+### Terminal related
+
+Zellij shortcuts used often (same idea as in the Neovim notes):
+
+| Action                    | Zellij shortcut |
+| ------------------------- | --------------- |
+| Floating terminal         | `Ctrl + p + w`  |
+| Horizontal split terminal | `Ctrl + p + d`  |
+| Vertical split terminal   | `Ctrl + p + n`  |
+
+In Helix, `|` / `!` and variants pipe or insert shell output on selections (see **Changes**).
+
+This flake’s Helix Home Manager module keeps **almost all default keys**; the only remap is
+**`Ctrl+Shift+o`** → jump backward, because Zellij uses **`Ctrl+o`** for Session (see
+`home/base/core/editors/helix/default.nix`). For other Zellij clashes, use **locked mode**
+(`Ctrl+g`), **`:`** commands, or the built-in **`Space`** menu.
+
+### Command mode (`:`)
+
+> <https://docs.helix-editor.com/commands.html>
+
+| Action                 | Command examples                                                     |
+| ---------------------- | -------------------------------------------------------------------- |
+| Write / write all      | `:w` / `:wa`                                                         |
+| Quit view / quit all   | `:q` / `:qa` — add `!` to discard changes                            |
+| Write and quit         | `:wq`, `:x`                                                          |
+| Write all and quit all | `:wqa`, `:xa`                                                        |
+| Open file              | `:open path`, `:e path`                                              |
+| Next / previous buffer | `:bn` / `:bp` (also `gn` / `gp` in normal)                           |
+| Close buffer           | `:bc` (add `!` to force)                                             |
+| Reload from disk       | `:reload` (current buffer); `:reload-all` / **`:rla`** (all buffers) |
+| Change directory / pwd | `:cd` / `:pwd`                                                       |
+| Split open file        | `:vs path`, `:hs path`                                               |
+
+### Movement (normal mode)
+
+| Action                | Keys / notes                                        |
+| --------------------- | --------------------------------------------------- |
+| Arrow keys            | `h` `j` `k` `l`                                     |
+| Words                 | `w` `b` `e` — `W` `B` `E` for WORD-style            |
+| Find char / till char | `f` `F` `t` `T` (not limited to current line)       |
+| Line / file           | `Home` / `End`; `gg` start or goto line; `G` line   |
+| Half / full page      | `Ctrl-u` / `Ctrl-d`; `Ctrl-b` / `Ctrl-f`            |
+| Jumplist              | `Ctrl-o` back, `Ctrl-i` forward; `Ctrl-s` save spot |
+
+### Selection & changes
+
+| Action                 | Keys / notes                                                      |
+| ---------------------- | ----------------------------------------------------------------- |
+| Extend selections      | `v` select mode; motions extend instead of moving                 |
+| Line selection         | `x` extend line; `X` line bounds                                  |
+| Select all / regex     | `%`; `s` regex in selections; `S` split on regex                  |
+| Undo / redo            | `u` / `U`                                                         |
+| Delete / change / yank | `d` / `c` / `y` — acts on selection                               |
+| Paste                  | `p` / `P`; registers `"` …                                        |
+| Insert                 | `i` `a` `I` `A` `o` `O`                                           |
+| Indent / format        | `>` / `<`; `=` format (LSP)                                       |
+| Case                   | `~` toggle; lower/upper case via grave / `Alt-grave` (see keymap) |
+| Join lines             | `J`; `Alt-J` join keeping space                                   |
+
+### Search
+
+| Action               | Keys                                     |
+| -------------------- | ---------------------------------------- |
+| Search / reverse     | `/` / `?`                                |
+| Next / prev match    | `n` / `N`                                |
+| Selection as pattern | `*` (word bounds); `Alt-*` raw selection |
+
+Use **extend mode** (`v`) with `n` / `N` to add matches to multi-cursors
+([keymap](https://docs.helix-editor.com/keymap.html#select--extend-mode)).
+
+### Replace / multi-occur edits
+
+Helix has no vim-style `:%s` with preview. Typical patterns:
+
+- Select matches with `s` or search, then `c` to change all selections at once.
+- Workspace-wide search: `Space /` (global search picker).
+- Heavy refactors: external tools or another pane (see **Differences** below).
+
+### Goto mode (`g` then …)
+
+| Action               | Keys (after `g`) |
+| -------------------- | ---------------- |
+| File start / end     | `g` / `e`        |
+| Line start / end     | `h` / `l`        |
+| File / URL           | `f`              |
+| First non-whitespace | `s`              |
+| Definition / refs    | `d` / `r` (LSP)  |
+| Type / impl          | `y` / `i` (LSP)  |
+| Next / prev buffer   | `n` / `p`        |
+
+Also: `gd` / `gD` definition/declaration-style jumps where bound.
+
+### Match mode (`m` …)
+
+Surround and textobjects: see <https://docs.helix-editor.com/surround.html> and
+<https://docs.helix-editor.com/textobjects.html>. Matching bracket: `mm` (tree-sitter).
+
+### Window mode (`Ctrl-w` then …)
+
+| Action           | Keys            |
+| ---------------- | --------------- |
+| Next window      | `w`             |
+| Vertical split   | `v`             |
+| Horizontal split | `s`             |
+| Focus splits     | `h` `j` `k` `l` |
+| Close / only     | `q` / `o`       |
+
+### Space mode (`Space` then …)
+
+| Action               | Keys               |
+| -------------------- | ------------------ |
+| File picker (roots)  | `f`                |
+| File picker (cwd)    | `F`                |
+| Buffer picker        | `b`                |
+| Global search        | `/`                |
+| Command palette      | `?`                |
+| Hover docs (LSP)     | `k`                |
+| Symbols / workspace  | `s` / `S`          |
+| Diagnostics          | `d` / `D`          |
+| Clipboard yank/paste | `y` / `p` variants |
+
+Picker movement: <https://docs.helix-editor.com/pickers.html>.
+
+### Minor modes from normal
+
+| Mode        | Key       |
+| ----------- | --------- |
+| Command     | `:`       |
+| View scroll | `z` / `Z` |
+| Goto        | `g`       |
+| Match       | `m`       |
+| Window      | `Ctrl-w`  |
+
+Some bindings need an **LSP** or **tree-sitter** grammar; see notes on the keymap page.
+
+## Differences between Neovim and Helix
+
+1. Selecting first, then action.
+   1. Helix: delete 2 words: move/select with `w` … then `d`. You see the selection before the
+      action.
+   2. Neovim: delete 2 words: `d` then `2w`. No visual feedback before the action runs.
+1. Helix — modern built-in features: LSP, tree-sitter, fuzzy finder, multi-cursors, surround, and
+   more.
+   1. The same is available in Neovim, but usually via plugins you choose and maintain.
+1. Helix is built in Rust from scratch: smaller codebase, modern defaults. No VimScript, no Lua in
+   user config.
+   1. Neovim carries Vim heritage (VimScript) and Lua-heavy customization.
+1. Neovim has a huge plugin ecosystem.
+   1. Helix is newer; a stable plugin system is still evolving:
+      <https://github.com/helix-editor/helix/pull/8675>
+1. Neovim has an integrated terminal (similar in spirit to VS Code’s).
+   1. Helix does not ship one; use Zellij / tmux / terminal features instead.
+   1. <https://github.com/helix-editor/helix/issues/1976#issuecomment-1091074719>
+   1. <https://github.com/helix-editor/helix/pull/4649>
+1. Helix has no built-in tree panel; pair with **Yazi**, ranger, or Broot and open files from there.
+   1. A tree view may arrive with plugins later; many users rely on the file picker instead.
+1. Global substitution is weaker in Helix; run replacements in another pane (Zellij) or an external
+   tool when needed.
+   1. <https://github.com/helix-editor/helix/issues/196>
+   1. Neovim’s `:s` with preview remains strong for interactive refactors; external tools (e.g.
+      <https://github.com/ms-jpq/sad>) can fill gaps in Helix-centric flows.
+1. Complexity vs batteries-included tradeoffs:
+   <https://github.com/helix-editor/helix/discussions/6356>
+
+Using **Helix** (and Neovim when useful) inside **Yazi** and **Zellij** keeps editing, files, and
+panes explicit and scriptable — different from a single IDE window, but very composable.
+
+Helix nudges you away from reproducing VS Code/JetBrains inside one process; Neovim remains there
+when you want that depth.

home/base/core/editors/helix/default.nix

@@ -1,5 +1,120 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.helix = {
     enable = true;
+    package = pkgs.helix;
+    settings = {
+      editor = {
+        # Display & cursor
+        line-number = "relative";
+        cursorline = true;
+        color-modes = true;
+        scrolloff = 8;
+
+        # use system clipboard by default
+        default-yank-register = "+";
+        # Wrap long lines to the viewport (word-wrap style; does not insert hard line endings)
+        soft-wrap = {
+          enable = true;
+        };
+
+        # Completion / formatting
+        auto-format = true;
+        preview-completion-insert = true;
+        completion-timeout = 5;
+        idle-timeout = 200;
+        end-of-line-diagnostics = "hint";
+
+        # Save to disk on focus loss and after idle (helps LSP see disk changes)
+        auto-save = {
+          focus-lost = true;
+          after-delay = {
+            enable = true;
+            timeout = 2000;
+          };
+        };
+
+        # LSP: inlay hints, signature help, progress / messages in status area
+        lsp = {
+          display-messages = true;
+          display-progress-messages = true;
+          display-inlay-hints = true;
+          auto-signature-help = true;
+        };
+
+        inline-diagnostics = {
+          cursor-line = "hint";
+          other-lines = "disable";
+        };
+
+        # Buffers tab strip, menu borders, status line layout
+        bufferline = "multiple";
+        popup-border = "menu";
+        statusline = {
+          left = [
+            "mode"
+            "spinner"
+            "version-control"
+            "file-name"
+            "read-only-indicator"
+            "file-modification-indicator"
+          ];
+          center = [ ];
+          right = [
+            "workspace-diagnostics"
+            "diagnostics"
+            "selections"
+            "position"
+            "position-percentage"
+            "file-type"
+            "file-encoding"
+            "file-line-ending"
+          ];
+          separator = "│";
+          diagnostics = [
+            "error"
+            "warning"
+            "info"
+          ];
+          workspace-diagnostics = [
+            "error"
+            "warning"
+          ];
+          mode = {
+            normal = "NORMAL";
+            insert = "INSERT";
+            select = "SELECT";
+          };
+        };
+
+        # Show dotfiles in picker (project-wide ignores still apply)
+        file-picker.hidden = false;
+
+        cursor-shape = {
+          insert = "bar";
+          normal = "block";
+          select = "underline";
+        };
+        indent-guides.render = true;
+      };
+
+      keys.normal = {
+        space.space = ":reload-all";
+        esc = [
+          "collapse_selection"
+          "keep_primary_selection"
+        ];
+        space.w = ":w";
+        space.q = ":q";
+
+        # useful vim keybindings
+        "$" = "goto_line_end";
+        "0" = "goto_line_start";
+
+        # Ctrl+o opens Zellij Session
+        "C-S-o" = "jump_backward";
+      };
+
+    };
   };
 }

home/base/core/editors/neovim/README.md

@@ -0,0 +1,180 @@
+# Neovim (backup) — vim-style usage
+
+Primary day-to-day editing is **Helix**; this file is the **vim/Neovim** quick reference and doc
+pointers for when you reach for Neovim as a backup.
+
+## Tips
+
+1. Many motions already exist in vim — check vim/Neovim docs before adding plugins or reinventing
+   wheels.
+1. For deeper skill, read the official docs:
+   1. <https://vimhelp.org/> — vim help.
+   1. <https://neovim.io/doc/user/> — Neovim user manual.
+1. Prefer **Zellij** for shells and panes; use **Helix** or **Neovim** for buffers and text.
+1. Two powerful navigation modes on large codebases:
+   1. **By path** — when you know the tree layout.
+   1. **By content** — when you know what the code says.
+
+## Tutorial
+
+Type `:tutor` (or `:Tutor` in Neovim) for the built-in vim tutorial.
+
+## Vim cheatsheet (common keys)
+
+> For a fuller reference: <https://vimhelp.org/quickref.txt.html>
+
+Emacs Evil, Neovim, and vim share the motions below.
+
+### Terminal related
+
+Zellij shortcuts used often:
+
+| Action                    | Zellij shortcut |
+| ------------------------- | --------------- |
+| Floating terminal         | `Ctrl + p + w`  |
+| Horizontal split terminal | `Ctrl + p + d`  |
+| Vertical split terminal   | `Ctrl + p + n`  |
+| Run a shell command       | `!xxx`          |
+
+### File management
+
+> <https://neovim.io/doc/user/usr_22.html>  
+> <https://vimhelp.org/editing.txt.html>
+
+| Action                        | Command                                      |
+| ----------------------------- | -------------------------------------------- |
+| Save selection to a file      | `:w filename` (shows `:'<,'>w filename`)     |
+| Save and close current buffer | `:wq`                                        |
+| Save all buffers              | `:wa`                                        |
+| Save and close all buffers    | `:wqa`                                       |
+| Edit a file                   | `:e filename` (or `:e <TAB>` for completion) |
+| Browse files                  | `:Ex` or `:e .`                              |
+| Discard changes and reload    | `:e!`                                        |
+
+### Motion
+
+> <https://vimhelp.org/motion.txt.html>
+
+| Action                              | Command                                 |
+| ----------------------------------- | --------------------------------------- |
+| Start / end of buffer               | `gg` / `G`                              |
+| Go to line 5                        | `5gg` / `5G`                            |
+| Left / down / up / right            | `h` `j` `k` `l` (counts like `5j` work) |
+| Jump to matchpairs `()`, `{}`, `[]` | `%`                                     |
+| Start / end of line                 | `0` / `$`                               |
+| Sentence forward / backward         | `(` / `)`                               |
+| Paragraph forward / backward        | `{` / `}`                               |
+| Section forward / backward          | `[[` / `]]`                             |
+| Jump to marks                       | `'` + mark (Neovim may prompt)          |
+
+Text objects:
+
+- **Sentence**: ends at `.` `!` `?` plus line end or space/tab.
+- **Paragraph**: ends at a blank line.
+- **Section**: between section headers; `[[` / `]]` often stop at `{` in column 1 (handy in
+  C/Go/Java).
+
+### Text manipulation
+
+Basics:
+
+| Action                        | Command                        |
+| ----------------------------- | ------------------------------ |
+| Delete character under cursor | `x`                            |
+| Put (paste)                   | `p`                            |
+| Delete operator + motion      | `d`                            |
+| Undo word (insert)            | `CTRL-w`                       |
+| Undo line (insert)            | `CTRL-u`                       |
+| Undo change                   | `u`                            |
+| Redo                          | `Ctrl-r`                       |
+| Repeat previous insert        | `Ctrl-a`                       |
+| Repeat last change            | `.`                            |
+| Toggle case                   | `~`                            |
+| Uppercase (visual)            | `U`                            |
+| Lowercase (visual)            | `u`                            |
+| Align selection               | `:center` / `:left` / `:right` |
+
+Misc:
+
+| Action                   | Shortcut    |
+| ------------------------ | ----------- |
+| Character-wise visual    | `v`         |
+| Line-wise visual         | `V`         |
+| Block visual             | `<Ctrl-v>`  |
+| Fold close / open        | `zc` / `zo` |
+| Go to definition         | `gd`        |
+| Go to references         | `gD`        |
+| Comment line (if mapped) | e.g. `gcc`  |
+
+| Action                              | Command        |
+| ----------------------------------- | -------------- |
+| Sort lines                          | `:sort`        |
+| Join lines                          | `:join` or `J` |
+| Join without spaces                 | `:join!`       |
+| Insert at line start / end          | `I` / `A`      |
+| Delete to end of line               | `D`            |
+| Change to end of line (into insert) | `C`            |
+
+Advanced patterns:
+
+- Append to many lines: `:normal A<text>` (often after visual-block `Ctrl-v`).
+- Neovim may pad short lines with spaces when block-appending past EOL.
+- Delete last character on many lines: `:normal $x` over a visual selection.
+- Delete last word on many lines: `:normal $bD`.
+
+### Search
+
+| Action                            | Command |
+| --------------------------------- | ------- |
+| Search forward / backward         | `/` `?` |
+| Repeat search same / opposite dir | `n` `N` |
+
+### Find and replace
+
+| Action              | Command                            |
+| ------------------- | ---------------------------------- |
+| In visual selection | `:s/old/new/g`                     |
+| Current line        | same                               |
+| Whole buffer        | `:%s/old/new/g`                    |
+| Regex example       | `:%s@\vhttp://(\w+)@https://\1@gc` |
+
+Notes:
+
+- `\v` — “very magic”, less backslash noise in the pattern.
+- `\1` — first capture group.
+
+### Specific line ranges
+
+| Action                | Command examples                     |
+| --------------------- | ------------------------------------ |
+| Lines 10–end          | `:10,$s/old/new/g` or `:10,$s@^@#@g` |
+| Lines 10–20           | `:10,20s/old/new/g`                  |
+| Strip trailing spaces | `:%s/\s\+$//g`                       |
+
+Flags: `g` all matches in range, `c` confirm each, `i` ignore case.
+
+### Buffers, windows, tabs
+
+> <https://neovim.io/doc/user/usr_08.html>  
+> <https://vimhelp.org/windows.txt.html>
+
+- **Buffer** — in-memory text for a file.
+- **Window** — viewport on a buffer.
+- **Tab page** — layout of windows.
+
+| Action             | Command                        |
+| ------------------ | ------------------------------ |
+| Horizontal split   | `:sp` or `:sp filename`        |
+| Vertical split     | `:vs` or `:vs filename`        |
+| Next / prev window | `Ctrl-w w` or `Ctrl-w h/j/k/l` |
+| List buffers       | `:ls`                          |
+| Next / prev buffer | `]b` / `[b` or `:bn` / `:bp`   |
+| New tab            | `:tabnew`                      |
+| Next / prev tab    | `gt` / `gT`                    |
+
+### History
+
+| Action          | Command |
+| --------------- | ------- |
+| Command history | `q:`    |
+| Search history  | `q/`    |

home/base/core/editors/neovim/default.nix

@@ -1,11 +1,96 @@
-{pkgs, ...}: {
-  programs = {
-    neovim = {
-      enable = true;
+{ config, nixvim, ... }:
+{
 
-      defaultEditor = true;
-      viAlias = true;
-      vimAlias = true;
+  imports = [ nixvim.homeModules.nixvim ];
+  home.shellAliases = {
+
+    vi = "nvim";
+    vim = "nvim";
+  };
+
+  programs.nixvim = {
+    enable = true;
+
+    clipboard.providers.wl-copy.enable = true;
+
+    opts = {
+      number = true;
+      relativenumber = true;
+      cursorline = true;
+      signcolumn = "auto";
+      clipboard = "unnamedplus";
+      scrolloff = 8;
+      swapfile = false;
+      title = true;
+      titlelen = 20;
+      smartindent = false;
+      mouse = "a";
+      undofile = true;
+      ignorecase = true;
+      smartcase = true;
+      splitbelow = true;
+      splitright = true;
+      updatetime = 300;
+      wrap = true;
+      linebreak = true;
+    };
+
+    colorschemes.catppuccin = {
+      enable = true;
+      settings = {
+        transparent_background = true;
+      };
+    };
+
+    plugins.lsp.servers = {
+      nixd.enable = true;
+      "rust_analyzer" = {
+        enable = true;
+        installCargo = false;
+        installRustc = false;
+      };
+      gopls.enable = true;
+      pyright.enable = true;
+      bashls.enable = true;
+    };
+
+    plugins.treesitter = {
+      enable = true;
+      grammarPackages = with config.programs.nixvim.plugins.treesitter.package.builtGrammars; [
+        bash
+        json
+        lua
+        make
+        markdown
+        nix
+        regex
+        rust
+        go
+        python
+        toml
+        vim
+        vimdoc
+        xml
+        yaml
+        nu
+      ];
+    };
+
+    plugins.neo-tree = {
+      enable = true;
+      settings = {
+        filesystem = {
+          filtered_items = {
+            visible = true;
+            hide_dotfiles = false;
+            hide_gitignored = false;
+          };
+          follow_current_file = {
+            enabled = true;
+            leave_dirs_open = false;
+          };
+        };
+      };
     };
   };
 }

home/base/core/editors/session-env.nix

@@ -0,0 +1,9 @@
+# Default interactive editor is Helix (`hx`). For trust-boundary edits (e.g. `sudoedit`,
+# secrets, unfamiliar payloads), prefer `nvim --clean` — wired via `SUDO_EDITOR`.
+{
+  home.sessionVariables = {
+    EDITOR = "hx";
+    VISUAL = "hx";
+    SUDO_EDITOR = "nvim --clean";
+  };
+}

home/base/core/git.nix

@@ -4,96 +4,108 @@
   pkgs,
   myvars,
   ...
-}: {
+}:
+{
   # `programs.git` will generate the config file: ~/.config/git/config
   # to make git use this config file, `~/.gitconfig` should not exist!
   #
   #    https://git-scm.com/docs/git-config#Documentation/git-config.txt---global
-  home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore ["checkLinkTargets"] ''
+  home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore [ "checkLinkTargets" ] ''
     rm -f ${config.home.homeDirectory}/.gitconfig
   '';
 
-  home.packages = with pkgs; [
-  ];
+  # GitHub CLI tool
+  # https://cli.github.com/manual/
+  programs.gh.enable = true;
 
   programs.git = {
     enable = true;
     lfs.enable = true;
 
-    userName = myvars.userfullname;
-    userEmail = myvars.useremail;
+    signing.format = "openpgp";
+    # signing = {
+    #   key = "xxx";
+    #   signByDefault = true;
+    # };
 
     includes = [
       {
-        # use different email & name for work
+        # use different email & name for work:
+        #
+        # [user]
+        #   email = "xxx@xxx.com"
+        #   name = "Ryan Yin"
         path = "~/work/.gitconfig";
         condition = "gitdir:~/work/";
       }
     ];
 
-    extraConfig = {
+    settings = {
+      user.email = myvars.useremail;
+      user.name = myvars.userfullname;
+
       init.defaultBranch = "main";
       trim.bases = "develop,master,main"; # for git-trim
       push.autoSetupRemote = true;
       pull.rebase = true;
+      log.date = "iso"; # use iso format for date
 
       # replace https with ssh
       url = {
         "ssh://git@github.com/ryan4yin" = {
           insteadOf = "https://github.com/ryan4yin";
         };
-        # "ssh://git@gitlab.com/" = {
-        #   insteadOf = "https://gitlab.com/";
-        # };
-        # "ssh://git@bitbucket.com/" = {
-        #   insteadOf = "https://bitbucket.com/";
+        # "ssh://git@bitbucket.com/ryan4yin" = {
+        #   insteadOf = "https://bitbucket.com/ryan4yin";
         # };
       };
-    };
 
-    # signing = {
-    #   key = "xxx";
-    #   signByDefault = true;
-    # };
+      alias = {
+        # common aliases
+        br = "branch";
+        co = "checkout";
+        st = "status";
+        ls = "log --pretty=format:\"%C(yellow)%h%Cred%d\\\\ %Creset%s%Cblue\\\\ [%cn]\" --decorate";
+        ll = "log --pretty=format:\"%C(yellow)%h%Cred%d\\\\ %Creset%s%Cblue\\\\ [%cn]\" --decorate --numstat";
+        cm = "commit -m"; # commit via `git cm <message>`
+        ca = "commit -am"; # commit all changes via `git ca <message>`
+        dc = "diff --cached";
 
-    # A syntax-highlighting pager in Rust(2019 ~ Now)
-    delta = {
-      enable = true;
-      options = {
-        diff-so-fancy = true;
-        line-numbers = true;
-        true-color = "always";
-        # features => named groups of settings, used to keep related settings organized
-        # features = "";
+        amend = "commit --amend -m"; # amend commit message via `git amend <message>`
+        unstage = "reset HEAD --"; # unstage file via `git unstage <file>`
+        merged = "branch --merged"; # list merged(into HEAD) branches via `git merged`
+        unmerged = "branch --no-merged"; # list unmerged(into HEAD) branches via `git unmerged`
+        nonexist = "remote prune origin --dry-run"; # list non-exist(remote) branches via `git nonexist`
+
+        # delete merged branches except master & dev & staging
+        #  `!` indicates it's a shell script, not a git subcommand
+        delmerged = ''! git branch --merged | egrep -v "(^\*|main|master|dev|staging)" | xargs git branch -d'';
+        # delete non-exist(remote) branches
+        delnonexist = "remote prune origin";
+
+        # aliases for submodule
+        update = "submodule update --init --recursive";
+        foreach = "submodule foreach";
       };
     };
-
-    aliases = {
-      # common aliases
-      br = "branch";
-      co = "checkout";
-      st = "status";
-      ls = "log --pretty=format:\"%C(yellow)%h%Cred%d\\\\ %Creset%s%Cblue\\\\ [%cn]\" --decorate";
-      ll = "log --pretty=format:\"%C(yellow)%h%Cred%d\\\\ %Creset%s%Cblue\\\\ [%cn]\" --decorate --numstat";
-      cm = "commit -m"; # commit via `git cm <message>`
-      ca = "commit -am"; # commit all changes via `git ca <message>`
-      dc = "diff --cached";
-
-      amend = "commit --amend -m"; # amend commit message via `git amend <message>`
-      unstage = "reset HEAD --"; # unstage file via `git unstage <file>`
-      merged = "branch --merged"; # list merged(into HEAD) branches via `git merged`
-      unmerged = "branch --no-merged"; # list unmerged(into HEAD) branches via `git unmerged`
-      nonexist = "remote prune origin --dry-run"; # list non-exist(remote) branches via `git nonexist`
-
-      # delete merged branches except master & dev & staging
-      #  `!` indicates it's a shell script, not a git subcommand
-      delmerged = ''! git branch --merged | egrep -v "(^\*|main|master|dev|staging)" | xargs git branch -d'';
-      # delete non-exist(remote) branches
-      delnonexist = "remote prune origin";
-
-      # aliases for submodule
-      update = "submodule update --init --recursive";
-      foreach = "submodule foreach";
-    };
   };
+
+  # A syntax-highlighting pager for git, diff, grep, and blame output
+  programs.delta = {
+    enable = true;
+    enableGitIntegration = true;
+    options = {
+      diff-so-fancy = true;
+      line-numbers = true;
+      true-color = "always";
+      # features => named groups of settings, used to keep related settings organized
+      # features = "";
+    };
+  };
+
+  # Git terminal UI (written in go).
+  programs.lazygit.enable = true;
+
+  # Yet another Git TUI (written in rust).
+  programs.gitui.enable = false;
 }

home/base/core/npm.nix

@@ -0,0 +1,9 @@
+{ config, ... }:
+{
+  # 1. make `npm install -g <pkg>` happey
+  # 2. set min-release-age for security
+  home.file.".npmrc".text = ''
+    prefix=${config.home.homeDirectory}/.npm
+    min-release-age=7
+  '';
+}

home/base/core/pip.nix

@@ -2,12 +2,6 @@ _: {
   # use mirror for pip install
   xdg.configFile."pip/pip.conf".text = ''
     [global]
-    index-url = https://mirrors.ustc.edu.cn/pypi/web/simple
-    format = columns
+    index-url = https://mirrors.bfsu.edu.cn/pypi/web/simple
   '';
-
-  # xdg.configFile."pip/pip.conf".text = ''
-  #   [global]
-  #   index-url = https://mirrors.bfsu.edu.cn/pypi/web/simple
-  # '';
 }

home/base/core/shells/config.nu

@@ -1,146 +1,175 @@
-# Nushell Config File
+# Based on the default config generated by:
+#    ```
+#    config nu --default
+#    ```
 #
-# version = 0.81.1
+# Nushell Config File Documentation
+#
+# Warning: This file is intended for documentation purposes only and
+# is not intended to be used as an actual configuration file as-is.
+#
+# version = "0.103.0"
+#
+# A `config.nu` file is used to override default Nushell settings,
+# define (or import) custom commands, or run any other startup tasks.
+# See https://www.nushell.sh/book/configuration.html
+#
+# Nushell sets "sensible defaults" for most configuration settings, so
+# the user's `config.nu` only needs to override these defaults if
+# desired.
+#
+# This file serves as simple "in-shell" documentation for these
+# settings, or you can view a more complete discussion online at:
+# https://nushell.sh/book/configuration
+#
+# You can pretty-print and page this file using:
+# config nu --doc | nu-highlight | less -R
 
-# let's define some colors
+# $env.config
+# -----------
+# The $env.config environment variable is a record containing most Nushell
+# configuration settings. Keep in mind that, as a record, setting it to a
+# new record will remove any keys which aren't in the new record. Nushell
+# will then automatically merge in the internal defaults for missing keys.
+#
+# The same holds true for keys in the $env.config which are also records
+# or lists.
+#
+# For this reason, settings are typically changed by updating the value of
+# a particular key. Merging a new config record is also possible. See the
+# Configuration chapter of the book for more information.
 
-# https://github.com/catppuccin/i3/blob/main/themes/catppuccin-mocha
-let rosewater = "#f5e0dc"
-let flamingo  = "#f2cdcd"
-let pink      = "#f5c2e7"
-let mauve     = "#cba6f7"
-let red       = "#f38ba8"
-let maroon    = "#eba0ac"
-let peach     = "#fab387"
-let green     = "#a6e3a1"
-let teal      = "#94e2d5"
-let sky       = "#89dceb"
-let sapphire  = "#74c7ec"
-let blue      = "#89b4fa"
-let lavender  = "#b4befe"
-let text      = "#cdd6f4"
-let subtext1  = "#bac2de"
-let subtext0  = "#a6adc8"
-let overlay2  = "#9399b2"
-let overlay1  = "#7f849c"
-let overlay0  = "#6c7086"
-let surface2  = "#585b70"
-let surface1  = "#45475a"
-let surface0  = "#313244"
-let base      = "#1e1e2e"
-let mantle    = "#181825"
-let crust     = "#11111b"
 
-# we're creating a theme here that uses the colors we defined above.
+$env.config.history.file_format = "sqlite"
+$env.config.history.max_size = 5_000_000
 
-let catppuccin_theme = {
-    separator: $overlay2
-    leading_trailing_space_bg: $surface2
-    header: $red
-    date: $pink
-    filesize: $green
-    row_index: $text
-    bool: $peach
-    int: $red
-    duration: $sky
-    range: $sapphire
-    float: $lavender
-    string: $text
-    nothing: $overlay1
-    binary: $subtext1
-    cellpath: $subtext0
-    hints: dark_gray
+# isolation (bool):
+# `true`: New history from other currently-open Nushell sessions is not
+# seen when scrolling through the history using PrevHistory (typically
+# the Up key) or NextHistory (Down key)
+# `false`: All commands entered in other Nushell sessions will be mixed with
+# those from the current shell.
+# Note: Older history items (from before the current shell was started) are
+# always shown.
+# This setting only applies to SQLite-backed history
+$env.config.history.isolation = true
 
-    shape_garbage: { fg: $overlay2 bg: $red attr: b}
-    shape_bool: $maroon
-    shape_int: { fg: $pink attr: b}
-    shape_float: { fg: $pink attr: b}
-    shape_range: { fg: $overlay0 attr: b}
-    shape_internalcall: { fg: $maroon attr: b}
-    shape_external: $mauve
-    shape_externalarg: { fg: $red attr: b}
-    shape_literal: $flamingo
-    shape_operator: $rosewater
-    shape_signature: { fg: $red attr: b}
-    shape_string: $red
-    shape_filepath: $peach
-    shape_globpattern: { fg: $teal attr: b}
-    shape_variable: $pink
-    shape_flag: { fg: $mauve attr: b}
-    shape_custom: {attr: b}
-}
+# ----------------------
+# Miscellaneous Settings
+# ----------------------
 
-# The default config record. This is where much of your global configuration is setup.
-$env.config = {
-  color_config: $catppuccin_theme  # <-- this is the theme
-  use_ansi_coloring: true
+# show_banner (bool): Enable or disable the welcome banner at startup
+$env.config.show_banner = false
 
-  # true or false to enable or disable the welcome banner at startup
-  show_banner: false
-  
-  table: {
-    mode: rounded # basic, compact, compact_double, light, thin, with_love, rounded, reinforced, heavy, none, other
-    index_mode: always # "always" show indexes, "never" show indexes, "auto" = show indexes when a table has "index" column
-    show_empty: true # show 'empty list' and 'empty record' placeholders for command output
-    trim: {
-      methodology: wrapping # wrapping or truncating
-      wrapping_try_keep_words: true # A strategy used by the 'wrapping' methodology
-      truncating_suffix: "..." # A suffix used by the 'truncating' methodology
-    }
-  }
+# rm.always_trash (bool):
+# true: rm behaves as if the --trash/-t option is specified
+# false: rm behaves as if the --permanent/-p option is specified (default)
+$env.config.rm.always_trash = true
+
+# recursion_limit (int): how many times a command can call itself recursively
+# before an error will be generated.
+$env.config.recursion_limit = 50
+
+# ---------------------------
+# Commandline Editor Settings
+# ---------------------------
+
+# edit_mode (string) "vi" or "emacs" sets the editing behavior of Reedline
+$env.config.edit_mode = "vi"
+
+# Command that will be used to edit the current line buffer with Ctrl+O.
+# If unset, uses $env.VISUAL and then $env.EDITOR ($EDITOR is `hx` via session-env).
+#
+$env.config.buffer_editor = ["hx"]
+
+# cursor_shape_* (string)
+# -----------------------
+# The following variables accept a string from the following selections:
+# "block", "underscore", "line", "blink_block", "blink_underscore", "blink_line", or "inherit"
+# "inherit" skips setting cursor shape and uses the current terminal setting.
+$env.config.cursor_shape.emacs = "inherit"         # Cursor shape in emacs mode
+$env.config.cursor_shape.vi_insert = "block"       # Cursor shape in vi-insert mode
+$env.config.cursor_shape.vi_normal = "underscore"  # Cursor shape in normal vi mode
+
+# --------------------
+# Terminal Integration
+# --------------------
+# Nushell can output a number of escape codes to enable advanced features in Terminal Emulators
+# that support them. Settings in this section enable or disable these features in Nushell.
+# Features aren't supported by your Terminal can be disabled. Features can also be disabled,
+#  of course, if there is a conflict between the Nushell and Terminal's implementation.
+
+# use_kitty_protocol (bool):
+# A keyboard enhancement protocol supported by the Kitty Terminal. Additional keybindings are
+# available when using this protocol in a supported terminal. For example, without this protocol,
+# Ctrl+I is interpreted as the Tab Key. With this protocol, Ctrl+I and Tab can be mapped separately.
+$env.config.use_kitty_protocol = false
+
+# osc2 (bool):
+# When true, the current directory and running command are shown in the terminal tab/window title.
+# Also abbreviates the directory name by prepending ~ to the home directory and its subdirectories.
+$env.config.shell_integration.osc2 = true
+
+# osc7 (bool):
+# Nushell will report the current directory to the terminal using OSC 7. This is useful when
+# spawning new tabs in the same directory.
+$env.config.shell_integration.osc7 = true
+
+# osc9_9 (bool):
+# Enables/Disables OSC 9;9 support, originally a ConEmu terminal feature. This is an
+# alternative to OSC 7 which also communicates the current path to the terminal.
+$env.config.shell_integration.osc9_9 = false
+
+# osc8 (bool):
+# When true, the `ls` command will generate clickable links that can be launched in another
+# application by the terminal.
+# Note: This setting replaces the now deprecated `ls.clickable_links`
+$env.config.shell_integration.osc8 = true
+
+# osc133 (bool):
+# true/false to enable/disable OSC 133 support, a set of several escape sequences which
+# report the (1) starting location of the prompt, (2) ending location of the prompt,
+# (3) starting location of the command output, and (4) the exit code of the command.
+
+# originating with Final Term. These sequences report information regarding the prompt
+# location as well as command status to the terminal. This enables advanced features in
+# some terminals, including the ability to provide separate background colors for the
+# command vs. the output, collapsible output, or keybindings to scroll between prompts.
+$env.config.shell_integration.osc133 = true
+
+# osc633 (bool):
+# true/false to enable/disable OSC 633, an extension to OSC 133 for Visual Studio Code
+$env.config.shell_integration.osc633 = true
+
+# NU_LIB_DIRS
+# -----------
+# Directories in this constant are searched by the
+# `use` and `source` commands.
+#
+# By default, the `scripts` subdirectory of the default configuration
+# directory is included:
+const NU_LIB_DIRS = [
+    ($nu.default-config-dir | path join 'scripts') # add <nushell-config-dir>/scripts
+    ($nu.data-dir | path join 'completions') # default home for nushell completions
+]
+
+# NU_PLUGIN_DIRS
+# --------------
+# Directories to search for plugin binaries when calling add.
+
+# By default, the `plugins` subdirectory of the default configuration
+# directory is included:
+const NU_PLUGIN_DIRS = [
+    ($nu.default-config-dir | path join 'plugins') # add <nushell-config-dir>/plugins
+]
+
+# As with NU_LIB_DIRS, an $env.NU_PLUGIN_DIRS is searched after the constant version
+
+# The `path add` function from the Standard Library also provides
+# a convenience method for prepending to the path:
+use std/util "path add"
+path add "~/.local/bin"
+
+# You can remove duplicate directories from the path using:
+$env.PATH = ($env.PATH | uniq)
 
-  completions: {
-    case_sensitive: false # set to true to enable case-sensitive completions
-    quick: true  # set this to false to prevent auto-selecting completions when only one remains
-    partial: true  # set this to false to prevent partial filling of the prompt
-    algorithm: "prefix"  # prefix or fuzzy
-    external: {
-      enable: true # set to false to prevent nushell looking into $env.PATH to find more suggestions, `false` recommended for WSL users as this look up may be very slow
-      max_results: 100 # setting it lower can improve completion performance at the cost of omitting some options
-      completer: null # check 'carapace_completer' above as an example
-    }
-  }
-  filesize: {
-    metric: true # true => KB, MB, GB (ISO standard), false => KiB, MiB, GiB (Windows standard)
-    format: "auto" # b, kb, kib, mb, mib, gb, gib, tb, tib, pb, pib, eb, eib, zb, zib, auto
-  }
-  cursor_shape: {
-    emacs: line # block, underscore, line, blink_block, blink_underscore, blink_line (line is the default)
-    vi_insert: block # block, underscore, line , blink_block, blink_underscore, blink_line (block is the default)
-    vi_normal: underscore # block, underscore, line, blink_block, blink_underscore, blink_line (underscore is the default)
-  }
-  footer_mode: "auto" # always, never, number_of_rows, auto
-  float_precision: 2 # the precision for displaying floats in tables
-  # buffer_editor: "emacs" # command that will be used to edit the current line buffer with ctrl+o, if unset fallback to $env.EDITOR and $env.VISUAL
-  bracketed_paste: true # enable bracketed paste, currently useless on windows
-  edit_mode: emacs # emacs, vi
-  shell_integration: {
-        # osc2 abbreviates the path if in the home_dir, sets the tab/window title, shows the running command in the tab/window title
-        osc2: true
-        # osc7 is a way to communicate the path to the terminal, this is helpful for spawning new tabs in the same directory
-        osc7: true
-        # osc8 is also implemented as the deprecated setting ls.show_clickable_links, it shows clickable links in ls output if your terminal supports it. show_clickable_links is deprecated in favor of osc8
-        osc8: true
-        # osc9_9 is from ConEmu and is starting to get wider support. It's similar to osc7 in that it communicates the path to the terminal
-        osc9_9: false
-        # osc133 is several escapes invented by Final Term which include the supported ones below.
-        # 133;A - Mark prompt start
-        # 133;B - Mark prompt end
-        # 133;C - Mark pre-execution
-        # 133;D;exit - Mark execution finished with exit code
-        # This is used to enable terminals to know where the prompt is, the command is, where the command finishes, and where the output of the command is
-        osc133: true
-        # osc633 is closely related to osc133 but only exists in visual studio code (vscode) and supports their shell integration features
-        # 633;A - Mark prompt start
-        # 633;B - Mark prompt end
-        # 633;C - Mark pre-execution
-        # 633;D;exit - Mark execution finished with exit code
-        # 633;E - NOT IMPLEMENTED - Explicitly set the command line with an optional nonce
-        # 633;P;Cwd=<path> - Mark the current working directory and communicate it to the terminal
-        # and also helps with the run recent menu in vscode
-        osc633: true
-        # reset_application_mode is escape \x1b[?1l and was added to help ssh work better
-        reset_application_mode: true
-    }
-  render_right_prompt_on_last_line: false # true or false to enable or disable right prompt to be rendered on last line of the prompt.
-}

home/base/core/shells/default.nix

@@ -1,8 +1,5 @@
-{
-  config,
-  pkgs-unstable,
-  ...
-}: let
+{ config, ... }:
+let
   shellAliases = {
     k = "kubectl";
 
@@ -13,22 +10,24 @@
   localBin = "${config.home.homeDirectory}/.local/bin";
   goBin = "${config.home.homeDirectory}/go/bin";
   rustBin = "${config.home.homeDirectory}/.cargo/bin";
-in {
-  # only works in bash/zsh, not nushell
-  home.shellAliases = shellAliases;
-
-  programs.nushell = {
-    enable = true;
-    package = pkgs-unstable.nushell;
-    configFile.source = ./config.nu;
-    inherit shellAliases;
-  };
-
+  npmBin = "${config.home.homeDirectory}/.npm/bin";
+in
+{
   programs.bash = {
     enable = true;
     enableCompletion = true;
     bashrcExtra = ''
-      export PATH="$PATH:${localBin}:${goBin}:${rustBin}"
+      export PATH="$PATH:${localBin}:${goBin}:${rustBin}:${npmBin}"
     '';
   };
+
+  # NOTE: only works in bash/zsh, not nushell
+  home.shellAliases = shellAliases;
+
+  # NOTE: nushell will be launched in bash, so it can inherit all the eenvironment variables.
+  programs.nushell = {
+    enable = true;
+    configFile.source = ./config.nu;
+    inherit shellAliases;
+  };
 }

home/base/core/starship.nix

@@ -1,8 +1,4 @@
 {
-  pkgs,
-  nur-ryan4yin,
-  ...
-}: {
   programs.starship = {
     enable = true;
 
@@ -10,24 +6,24 @@
     enableZshIntegration = true;
     enableNushellIntegration = true;
 
-    settings =
-      {
-        character = {
-          success_symbol = "[›](bold green)";
-          error_symbol = "[›](bold red)";
-        };
-        aws = {
-          symbol = "🅰 ";
-        };
-        gcloud = {
-          # do not show the account/project's info
-          # to avoid the leak of sensitive information when sharing the terminal
-          format = "on [$symbol$active(\($region\))]($style) ";
-          symbol = "🅶 ️";
-        };
+    # https://starship.rs/config/
+    settings = {
+      # Get editor completions based on the config schema
+      "$schema" = "https://starship.rs/config-schema.json";
+      character = {
+        success_symbol = "[➜](bold green)";
+        error_symbol = "[➜](bold red)";
+      };
+      # I never rely on the defaults, so this module is useless to me—disabled.
+      # I prefer adding --project, --region to very gcloud/aws command.
+      aws.disabled = true;
+      gcloud.disabled = true;
 
-        palette = "catppuccin_mocha";
-      }
-      // builtins.fromTOML (builtins.readFile "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-starship}/palettes/mocha.toml");
+      kubernetes = {
+        symbol = "⛵";
+        disabled = false;
+      };
+      os.disabled = false;
+    };
   };
 }

home/base/core/theme.nix

@@ -0,0 +1,16 @@
+{ catppuccin, ... }:
+{
+  # https://github.com/catppuccin/nix
+  imports = [
+    catppuccin.homeModules.catppuccin
+  ];
+
+  catppuccin = {
+    # The default `enable` value for all available programs.
+    enable = true;
+    # one of "latte", "frappe", "macchiato", "mocha"
+    flavor = "mocha";
+    # one of "blue", "flamingo", "green", "lavender", "maroon", "mauve", "peach", "pink", "red", "rosewater", "sapphire", "sky", "teal", "yellow"
+    accent = "pink";
+  };
+}

home/base/core/yazi.nix

@@ -1,23 +1,18 @@
+{ pkgs, ... }:
 {
-  pkgs,
-  pkgs-unstable,
-  nur-ryan4yin,
-  ...
-}: {
   # terminal file manager
   programs.yazi = {
     enable = true;
-    package = pkgs-unstable.yazi;
+    package = pkgs.yazi;
     # Changing working directory when exiting Yazi
     enableBashIntegration = true;
     enableNushellIntegration = true;
+    shellWrapperName = "yy";
     settings = {
-      manager = {
+      mgr = {
         show_hidden = true;
         sort_dir_first = true;
       };
     };
   };
-
-  xdg.configFile."yazi/theme.toml".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-yazi}/mocha.toml";
 }

home/base/core/zellij/default.nix

@@ -2,7 +2,8 @@ let
   shellAliases = {
     "zj" = "zellij";
   };
-in {
+in
+{
   programs.zellij = {
     enable = true;
   };

home/base/gui/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/gui/dev-tools.nix

@@ -1,10 +1,20 @@
-{pkgs, ...}: {
-  home.packages = with pkgs; [
-    mitmproxy # http/https proxy tool
-    insomnia # REST client
-    wireshark # network analyzer
+{ pkgs, llm-agents, ... }:
+{
+  home.packages =
+    with pkgs;
+    [
+      mitmproxy # http/https proxy tool
+      wireshark # network analyzer
+    ]
+    # AI Agent Tools
+    ++ (with llm-agents.packages.${pkgs.stdenv.hostPlatform.system}; [
+      # Agents
+      codex
+      cursor-cli
+      claude-code
+      opencode
 
-    # IDEs
-    jetbrains.idea-community
-  ];
+      # Utilities
+      rtk # CLI proxy that reduces LLM token consumption
+    ]);
 }

home/base/gui/terminal/README.md

@@ -52,7 +52,7 @@ Error opening terminal: xterm-kitty.
 
 NixOS preserve the `TERMINFO` and `TERMINFO_DIRS` environment variables, for `root` and the `wheel`
 group:
-[nixpkgs/nixos/modules/config/terminfo.nix](https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/config/terminfo.nix#L18)
+[nixpkgs/nixos/modules/config/terminfo.nix](https://github.com/NixOS/nixpkgs/blob/nixos-25.11/nixos/modules/config/terminfo.nix#L18)
 
 For nix-darwin, take a look at <https://github.com/LnL7/nix-darwin/wiki/Terminfo-issues>
 

home/base/gui/terminal/alacritty/catppuccin-mocha.toml

@@ -1,65 +0,0 @@
-[colors.primary]
-background = "#1e1e2e"
-foreground = "#cdd6f4"
-dim_foreground = "#7f849c"
-bright_foreground = "#cdd6f4"
-
-[colors.cursor]
-text = "#1e1e2e"
-cursor = "#f5e0dc"
-
-[colors.vi_mode_cursor]
-text = "#1e1e2e"
-cursor = "#b4befe"
-
-[colors.search.matches]
-foreground = "#1e1e2e"
-background = "#a6adc8"
-
-[colors.search.focused_match]
-foreground = "#1e1e2e"
-background = "#a6e3a1"
-
-[colors.footer_bar]
-foreground = "#1e1e2e"
-background = "#a6adc8"
-
-[colors.hints.start]
-foreground = "#1e1e2e"
-background = "#f9e2af"
-
-[colors.hints.end]
-foreground = "#1e1e2e"
-background = "#a6adc8"
-
-[colors.selection]
-text = "#1e1e2e"
-background = "#f5e0dc"
-
-[colors.normal]
-black = "#45475a"
-red = "#f38ba8"
-green = "#a6e3a1"
-yellow = "#f9e2af"
-blue = "#89b4fa"
-magenta = "#f5c2e7"
-cyan = "#94e2d5"
-white = "#bac2de"
-
-[colors.bright]
-black = "#585b70"
-red = "#f38ba8"
-green = "#a6e3a1"
-yellow = "#f9e2af"
-blue = "#89b4fa"
-magenta = "#f5c2e7"
-cyan = "#94e2d5"
-white = "#a6adc8"
-
-[[colors.indexed_colors]]
-index = 16
-color = "#fab387"
-
-[[colors.indexed_colors]]
-index = 17
-color = "#f5e0dc"

home/base/gui/terminal/alacritty/default.nix

@@ -1,6 +1,5 @@
 {
   pkgs,
-  pkgs-unstable,
   ...
 }:
 ###########################################################
@@ -26,36 +25,42 @@
 {
   programs.alacritty = {
     enable = true;
-    package = pkgs-unstable.alacritty;
     # https://alacritty.org/config-alacritty.html
     settings = {
-      general.import = [
-        ./catppuccin-mocha.toml
-      ];
       window = {
         opacity = 0.93;
         startup_mode = "Maximized"; # Maximized window
         dynamic_title = true;
         option_as_alt = "Both"; # Option key acts as Alt on macOS
+        decorations = "None"; # Show neither borders nor title bar
       };
       scrolling = {
         history = 10000;
       };
       font = {
-        bold = {family = "JetBrainsMono Nerd Font";};
-        italic = {family = "JetBrainsMono Nerd Font";};
-        normal = {family = "JetBrainsMono Nerd Font";};
-        bold_italic = {family = "JetBrainsMono Nerd Font";};
-        size =
-          if pkgs.stdenv.isDarwin
-          then 14
-          else 13;
+        bold = {
+          family = "Maple Mono NF CN";
+        };
+        italic = {
+          family = "Maple Mono NF CN";
+        };
+        normal = {
+          family = "Maple Mono NF CN";
+        };
+        bold_italic = {
+          family = "Maple Mono NF CN";
+        };
+        size = 13;
       };
       terminal = {
         # Spawn a nushell in login mode via `bash`
         shell = {
           program = "${pkgs.bash}/bin/bash";
-          args = ["--login" "-c" "nu --login --interactive"];
+          args = [
+            "--login"
+            "-c"
+            "nu --login --interactive"
+          ];
         };
         # Controls the ability to write to the system clipboard with the OSC 52 escape sequence.
         # It's used by zellij to copy text to the system clipboard.

home/base/gui/terminal/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/gui/terminal/foot.nix

@@ -1,62 +1,38 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.foot = {
     # foot is designed only for Linux
     enable = pkgs.stdenv.isLinux;
+
+    # foot can also be run in a server mode. In this mode, one process hosts multiple windows.
+    # All Wayland communication, VT parsing and rendering is done in the server process.
+    # New windows are opened by running footclient, which remains running until the terminal window is closed.
+    #
+    # Advantages to run foot in server mode including reduced memory footprint and startup time.
+    # The downside is a performance penalty. If one window is very busy with, for example, producing output,
+    # then other windows will suffer. Also, should the server process crash, all windows will be gone.
+    server.enable = true;
+
     # https://man.archlinux.org/man/foot.ini.5
     settings = {
       main = {
         term = "foot"; # or "xterm-256color" for maximum compatibility
-        font = "JetBrainsMono Nerd Font:size=14";
-        dpi-aware = "yes";
+        font = "Maple Mono NF CN:size=13";
+        dpi-aware = "no"; # scale via window manager instead
+        resize-keep-grid = "no"; # do not resize the window on font resizing
 
         # Spawn a nushell in login mode via `bash`
         shell = "${pkgs.bash}/bin/bash --login -c 'nu --login --interactive'";
       };
 
+      colors-dark = {
+        alpha = 0.93; # background transparency
+        blur = true; # requires foot >= 1.26 and compositor support (e.g. niri v26.04+)
+      };
+
       mouse = {
         hide-when-typing = "yes";
       };
-
-      # https://github.com/catppuccin/foot/blob/main/themes/catppuccin-mocha.ini
-      cursor = {
-        color = "11111b f5e0dc";
-      };
-      colors = {
-        alpha = "0.93"; # background opacity
-
-        foreground = "cdd6f4";
-        background = "1e1e2e";
-
-        regular0 = "45475a";
-        regular1 = "f38ba8";
-        regular2 = "a6e3a1";
-        regular3 = "f9e2af";
-        regular4 = "89b4fa";
-        regular5 = "f5c2e7";
-        regular6 = "94e2d5";
-        regular7 = "bac2de";
-
-        bright0 = "585b70";
-        bright1 = "f38ba8";
-        bright2 = "a6e3a1";
-        bright3 = "f9e2af";
-        bright4 = "89b4fa";
-        bright5 = "f5c2e7";
-        bright6 = "94e2d5";
-        bright7 = "a6adc8";
-
-        "16" = "fab387";
-        "17" = "f5e0dc";
-
-        "selection-foreground" = "cdd6f4";
-        "selection-background" = "414356";
-
-        "search-box-no-match" = "11111b f38ba8";
-        "search-box-match" = "cdd6f4 313244";
-
-        "jump-labels" = "11111b fab387";
-        urls = "89b4fa";
-      };
     };
   };
 }

home/base/gui/terminal/ghostty.nix

@@ -0,0 +1,38 @@
+{
+  pkgs,
+  ...
+}:
+###########################################################
+#
+# Ghostty Configuration
+#
+###########################################################
+{
+  programs.ghostty = {
+    enable = true;
+    package =
+      if pkgs.stdenv.isDarwin then
+        pkgs.hello # pkgs.ghostty is currently broken on darwin
+      else
+        pkgs.ghostty; # the stable version
+    enableBashIntegration = false;
+    installBatSyntax = false;
+    # installVimSyntax = true;
+    settings = {
+      font-family = "Maple Mono NF CN";
+      font-size = 13;
+
+      background-opacity = 0.93;
+      # only supported on macOS;
+      background-blur-radius = 10;
+      scrollback-limit = 20000;
+
+      # https://ghostty.org/docs/config/reference#command
+      #  To resolve issues:
+      #    1. https://github.com/ryan4yin/nix-config/issues/26
+      #    2. https://github.com/ryan4yin/nix-config/issues/8
+      #  Spawn a nushell in login mode via `bash`
+      command = "${pkgs.bash}/bin/bash --login -c 'nu --login --interactive'";
+    };
+  };
+}

home/base/gui/terminal/kitty.nix

@@ -16,17 +16,10 @@
 {
   programs.kitty = {
     enable = true;
-    # kitty has catppuccin theme built-in,
-    # all the built-in themes are packaged into an extra package named `kitty-themes`
-    # and it's installed by home-manager if `theme` is specified.
-    themeFile = "Catppuccin-Mocha";
     font = {
-      name = "JetBrainsMono Nerd Font";
+      name = "Maple Mono NF CN";
       # use different font size on macOS
-      size =
-        if pkgs.stdenv.isDarwin
-        then 14
-        else 13;
+      size = 13;
     };
 
     # consistent with other terminal emulators
@@ -36,7 +29,12 @@
     };
 
     settings = {
+      # do not show title bar & window title
+      hide_window_decorations = "titlebar-and-corners";
+      macos_show_window_title_in = "none";
+
       background_opacity = "0.93";
+      background_blur = 1; # requires kitty >= 0.46.2 and compositor support (e.g. niri v26.04+)
       macos_option_as_alt = true; # Option key acts as Alt on macOS
       enable_audio_bell = false;
       tab_bar_edge = "top"; # tab bar on top
@@ -48,6 +46,6 @@
     };
 
     # macOS specific settings
-    darwinLaunchOptions = ["--start-as=maximized"];
+    darwinLaunchOptions = [ "--start-as=maximized" ];
   };
 }

home/base/home.nix

@@ -1,4 +1,5 @@
-{myvars, ...}: {
+{ myvars, ... }:
+{
   # Home Manager needs a bit of information about you and the
   # paths it should manage.
   home = {
@@ -12,9 +13,6 @@
     # You can update Home Manager without changing this value. See
     # the Home Manager release notes for a list of state version
     # changes in each release.
-    stateVersion = "24.05";
+    stateVersion = "24.11";
   };
-
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
 }

home/base/tui/cloud/default.nix

@@ -2,7 +2,11 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
+  # https://developer.hashicorp.com/terraform/cli/config/config-file
+  home.file.".terraformrc".source = ./terraformrc;
+
   home.packages = with pkgs; [
     # infrastructure as code
     # pulumi
@@ -27,7 +31,12 @@
     # digitalocean
     doctl
     # google cloud
-    google-cloud-sdk
+    (google-cloud-sdk.withExtraComponents (
+      with google-cloud-sdk.components;
+      [
+        gke-gcloud-auth-plugin
+      ]
+    ))
 
     # cloud tools that nix do not have cache for.
     terraform

home/base/tui/cloud/terraformrc

@@ -0,0 +1,2 @@
+plugin_cache_dir   = "$HOME/.terraform.d/plugin-cache"
+disable_checkpoint = true

home/base/tui/container.nix

@@ -0,0 +1,44 @@
+{
+  pkgs,
+  pkgs-2505,
+  nur-ryan4yin,
+  ...
+}:
+{
+  home.packages = with pkgs; [
+    podman-compose
+    dive # explore docker layers
+    lazydocker # Docker terminal UI.
+    skopeo # copy/sync images between registries and local storage
+    go-containerregistry # provides `crane` & `gcrane`, it's similar to skopeo
+
+    kubectl
+    kustomize
+    kubeconform # FAST Kubernetes manifests validator, with support for Custom Resources
+    kubectx # kubectx & kubens
+    kubie # same as kubectl-ctx, but per-shell (won’t touch kubeconfig).
+    kubectl-view-secret # kubectl view-secret
+    kubectl-tree # kubectl tree
+    kubectl-node-shell # exec into node
+    kubepug # kubernetes pre upgrade checker
+    kubectl-cnpg # cloudnative-pg's cli tool
+
+    kubebuilder
+    istioctl
+    clusterctl # for kubernetes cluster-api
+    kubevirt # virtctl
+    pkgs-2505.kubernetes-helm
+    fluxcd
+    # argocd
+
+    ko # build go project to container image
+  ];
+
+  programs.k9s.enable = true;
+  catppuccin.k9s.transparent = true;
+
+  programs.kubecolor = {
+    enable = true;
+    enableAlias = true;
+  };
+}

home/base/tui/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/tui/dev-tools.nix

@@ -1,8 +1,9 @@
 {
   pkgs,
-  pkgs-unstable,
+  pkgs-patched,
   ...
-}: {
+}:
+{
   #############################################################
   #
   #  Basic settings for development environment
@@ -17,9 +18,11 @@
   home.packages = with pkgs; [
     colmena # nixos's remote deployment tool
 
+    tokei # count lines of code, alternative to cloc
+
     # db related
-    pkgs-unstable.mycli
-    pkgs-unstable.pgcli
+    # mycli
+    pgcli
     mongosh
     sqlite
 
@@ -27,13 +30,14 @@
     minicom
 
     # ai related
-    pkgs-unstable.python312Packages.huggingface-hub # huggingface-cli
+    python313Packages.huggingface-hub # huggingface-cli
+    pkgs-patched.python313Packages.modelscope
+    yt-dlp # youtube/bilibili/soundcloud/... video/music downloader
 
     # misc
-    pkgs-unstable.devbox
+    devbox
     bfg-repo-cleaner # remove large files from git history
     k6 # load testing tool
-    protobuf # protocol buffer compiler
 
     # solve coding extercises - learn by doing
     exercism

home/base/tui/editors/README.md

@@ -1,215 +1,10 @@
-# Editors
+# Editor tooling packages (heavy dependencies)
 
-My editors:
+This directory intentionally holds **only** [`packages.nix`](./packages.nix): language servers,
+formatters, compilers, and other editor-adjacent tools that pull in a large closure.
 
-1. Neovim
-2. Emacs
-3. Helix
+Editor programs, keymaps, `$EDITOR` defaults, and usage docs live under
+[`../../core/editors/`](../../core/editors/README.md) (Helix, Neovim backup, glossary, cheatsheets).
 
-And `Zellij` for a smooth and stable terminal experience.
-
-## Tips
-
-1. Many useful keys are already provided by vim, check vim/neovim's docs before you install a new
-   plugin / reinvent the wheel.
-1. After using Emacs/Neovim more skillfully, I strongly recommend that you read the official
-   documentation of Neovim/vim:
-   1. <https://vimhelp.org/>: The official vim documentation.
-   1. <https://neovim.io/doc/user/>: Neovim's official user documentation.
-1. Use Zellij for terminal related operations, and use Neovim/Helix for editing.
-1. As for Emacs, Use its GUI version & terminal emulator `vterm` for terminal related operations.
-1. Two powerful file search & jump tools:
-1. Tree-view plugins are beginner-friendly and intuitive, but they're not very efficient.
-1. **Search by the file path**: Useful when you're familiar with the project structure, especially
-   on a large project.
-1. **Search by the content**: Useful when you're familiar with the code.
-
-## Tutorial
-
-Type `:tutor`(`:Tutor` in Neovim) to learn the basics usage of vim/neovim.
-
-## VIM's Cheetsheet
-
-> Here only record my commonly used keys, to see **a more comprehensive cheetsheet**:
-> <https://vimhelp.org/quickref.txt.html>
-
-Both Emacs-Evil & Neovim are compatible with vim, sothe key-bindings described here are common in
-both Emacs-Evil, Neovim & vim.
-
-### Terminal Related
-
-I mainly use Zellij for terminal related operations, here is its terminal shortcuts I use frequently
-now:
-
-| Action                    | Zellij's Shortcut |
-| ------------------------- | ----------------- |
-| Floating Terminal         | `Ctrl + p + w`    |
-| Horizontal Split Terminal | `Ctrl + p + d`    |
-| Vertical Split Terminal   | `Ctrl + p + n`    |
-| Execute a command         | `!xxx`            |
-
-### File Management
-
-> <https://neovim.io/doc/user/usr_22.html>
-
-> <https://vimhelp.org/editing.txt.html>
-
-| Action                              |                                                  |
-| ----------------------------------- | ------------------------------------------------ |
-| Save selected text to a file        | `:w filename` (Will show `:'<,'>w filename`)     |
-| Save and close the current buffer   | `:wq`                                            |
-| Save all buffers                    | `:wa`                                            |
-| Save and close all buffers          | `:wqa`                                           |
-| Edit a file                         | `:e filename`(or `:e <TAB>` to show a file list) |
-| Browse the file list                | `:Ex` or `:e .`                                  |
-| Discard changes and reread the file | `:e!`                                            |
-
-### Motion
-
-> https://vimhelp.org/motion.txt.html
-
-| Action                                              | Command                                            |
-| --------------------------------------------------- | -------------------------------------------------- |
-| Move to the start/end of the buffer                 | `gg`/`G`                                           |
-| Move the line number 5                              | `5gg` / `5G`                                       |
-| Move left/down/up/right                             | h/j/k/l or `5h`/`5j`/`5k`/`5l` or `Ctr-n`/`Ctrl-p` |
-| Move to the matchpairs, default to `()`, `{}`, `[]` | `%`                                                |
-| Move to the start/end of the line                   | `0` / `$`                                          |
-| Move a sentence forward/backward                    | `(` / `)`                                          |
-| Move a paragraph forward/backward                   | `{` / `}`                                          |
-| Move a section forward/backward                     | `[[` / `]]`                                        |
-| Jump to various positions                           | `'` + some other keys(neovim has prompt)           |
-
-Text Objects:
-
-- **sentence**: text ending at a '.', '!' or '?' followed by either the end of a line, or by a space
-  or tab.
-- **paragraph**: text ending at a blank line.
-- **section**: text starting with a section header and ending at the start of the next section
-  header (or at the end of the file). - The "`]]`" and "`[[`" commands stop at the '`{`' in the
-  first column. This is useful to find the start of a function in a C/Go/Java/... program.
-
-### Text Manipulation
-
-Basics:
-
-| Action                                  |                            |
-| --------------------------------------- | -------------------------- |
-| Delete the current character            | `x`                        |
-| Paste the copied text                   | `p`                        |
-| Delete the selection                    | `d`                        |
-| Undo the last word                      | `CTRL-w`(in insert mode)   |
-| Undo the last line                      | `CTRL-u`(in insert mode)   |
-| Undo the last change                    | `u`                        |
-| Redo the last change                    | `Ctrl + r`                 |
-| Inserts the text of the previous insert | `Ctrl + a`                 |
-| Repeat the last command                 | `.`                        |
-| Toggle text's case                      | `~`                        |
-| Convert to uppercase                    | `U` (visual mode)          |
-| Convert to lowercase                    | `u` (visual mode)          |
-| Align the selected content              | `:center`/`:left`/`:right` |
-
-Misc:
-
-| Action                        | Shortcut                                 |
-| ----------------------------- | ---------------------------------------- |
-| Toggle visual mode            | `v` (lower case v)                       |
-| Select the current line       | `V` (upper case v)                       |
-| Toggle visual block mode      | `<Ctrl> + v` (select a block vertically) |
-| Fold the current code block   | `zc`                                     |
-| Unfold the current code block | `zo`                                     |
-| Jump to Definition            | `gd`                                     |
-| Jump to References            | `gD`                                     |
-| (Un)Comment the current line  | `gcc`                                    |
-
-| Action                                                                    |                |
-| ------------------------------------------------------------------------- | -------------- |
-| Sort the selected lines                                                   | `:sort`        |
-| Join Selection of Lines With Space                                        | `:join` or `J` |
-| Join without spaces                                                       | `:join!`       |
-| Enter Insert mode at the start/end of the line                            | `I` / `A`      |
-| Delete from the cursor to the end of the line                             | `D`            |
-| Delete from the cursor to the end of the line, and then enter insert mode | `C`            |
-
-Advance Techs:
-
-- Add at the end of multiple lines: `:normal A<text>`
-
-  - Execublock: `:A<text>`
-  - visual block mode(ctrl + v)
-  - Append text at the end of each line in the selected block
-  - If position exceeds line end, neovim adds spaces automatically
-
-- Delete the last char of multivle lines: `:normal $x`
-
-  - Execute `$x` on each line
-  - visual mode(v)
-  - `$` moves cursor to the end of line
-  - `x` deletes the character under the cursor
-
-- Delete the last word of multiple lines: `:normal $bD`
-  - Execute `$bD` on each line
-  - visual mode(v)
-  - `$` moves cursor to the end of line
-  - `b` moves cursor to the beginning of the last word
-
-### Search
-
-| Action                                                | Command   |
-| ----------------------------------------------------- | --------- |
-| Search forward/backword for a pattern                 | `/` / `?` |
-| Repeat the last search in the same/opposite direction | `n` / `N` |
-
-### Find and Replace
-
-| Action                           | Command                             |
-| -------------------------------- | ----------------------------------- |
-| Replace in selected area         | `:s/old/new/g`                      |
-| Replace in current line          | Same as above                       |
-| Replace all the lines            | `:% s/old/new/g`                    |
-| Replace all the lines with regex | `:% s@\vhttp://(\w+)@https://\1@gc` |
-
-1. `\v` means means that in the regex pattern after it can be used without backslash
-   escaping(similar to python's raw string).
-2. `\1` means the first matched group in the pattern.
-
-### Replace in the specific lines
-
-| Action                                    | Command                                |
-| ----------------------------------------- | -------------------------------------- |
-| From the 10th line to the end of the file | `:10,$ s/old/new/g` or `:10,$ s@^@#@g` |
-| From the 10th line to the 20th line       | `:10,20 s/old/new/g`                   |
-| Remove the trailing spaces                | `:% s/\s\+$//g`                        |
-
-The postfix(flags) in the above commands:
-
-1. `g` means replace all the matched strings in the current line/file.
-2. `c` means ask for confirmation before replacing.
-3. `i` means ignore case.
-
-### Buffers, Windows and Tabs
-
-> <https://neovim.io/doc/user/usr_08.html>
-
-> <https://vimhelp.org/windows.txt.html>
-
-- A buffer is the in-memory text of a file.
-- A window is a viewport on a buffer.
-- A tab page is a collection of windows.
-
-| Action                              | Command                             |
-| ----------------------------------- | ----------------------------------- |
-| Split the window horizontally       | `:sp[lit]` or `:sp filename`        |
-| Split the window horizontally       | `:vs[plit]` or `:vs filename`       |
-| Switch to the next/previous window  | `Ctrl-w + w` or `Ctrl-w + h/j/k/l`  |
-| Show all buffers                    | `:ls`                               |
-| show next/previous buffer           | `]b`/`[b` or `:bn[ext]` / `bp[rev]` |
-| New Tab(New Workspace in DoomEmacs) | `:tabnew`                           |
-| Next/Previews Tab                   | `gt`/`gy`                           |
-
-### History
-
-| Action                   | Command |
-| ------------------------ | ------- |
-| Show the command history | `q:`    |
-| Show the search history  | `q/`    |
+[`default.nix`](./default.nix) imports `./packages.nix` so `home/base/tui` can keep pulling in
+tooling without mixing it into `core/editors`.

home/base/tui/editors/Structured-Editing.md

@@ -1,25 +0,0 @@
-# Structured Editing
-
-## S-expression data(Lisp)
-
-- paredit/[lispy](https://github.com/doomemacs/doomemacs/tree/master/modules/editor/lispy): too
-  complex.
-- [evil-cleverparens](https://github.com/emacs-evil/evil-cleverparens): simple and useful.
-- [parinfer(par-in-fer)](https://shaunlebron.github.io/parinfer/): modern, simple, elegant and
-  useful, but works not well with some other completion plugins...
-  - to make parinfer works, you should disable sexp & smartparens in any lisp mode.
-
-Some plugins:
-
-- Emacs
-  - [parinfer-rusT-mode](https://github.com/justinbarclay/parinfer-rust-mode)
-- Neovim
-  - [parinfer-rust](https://github.com/eraserhd/parinfer-rust)
-  - <https://github.com/Olical/conjure>
-- Helix
-  - [parinfer #4090 - Helix](https://github.com/helix-editor/helix/discussions/4090)
-
-## Other Languages
-
-1. treesitter
-1. ...

home/base/tui/editors/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
-  imports = mylib.scanPaths ./.;
+# Editor-related language servers and heavy tooling — kept out of `core/editors`.
+{
+  imports = [ ./packages.nix ];
 }

home/base/tui/editors/emacs/README.md

@@ -1,230 +0,0 @@
-# Emacs Editor
-
-## Why emacs?
-
-1. Explore the unknown, just for fun!
-2. Org Mode
-3. Lisp Coding
-4. A top-level tutorial for Emacs(Chinese): <https://nyk.ma/tags/emacs/>
-5. A Beginner's Guide to Emacs(Chinese):
-   <https://github.com/emacs-tw/emacs-101-beginner-survival-guide>
-
-## Screenshot
-
-![](/_img/emacs-2024-01-07.webp)
-
-## Useful Links
-
-- Framework: <https://github.com/doomemacs/doomemacs>
-  - key bindings:
-    - source code:
-      <https://github.com/doomemacs/doomemacs/blob/master/modules/config/default/%2Bevil-bindings.el>
-    - docs: <https://github.com/doomemacs/doomemacs/blob/master/modules/editor/evil/README.org>
-  - module index: <https://github.com/doomemacs/doomemacs/blob/master/docs/modules.org>
-- LSP Client: <https://github.com/manateelazycat/lsp-bridge>
-- Emacs Wiki: <https://www.emacswiki.org/emacs/SiteMap>
-- Awesome Emacs: <https://github.com/emacs-tw/awesome-emacs#lsp-client>
-- Chinese(rime) support: <https://github.com/DogLooksGood/emacs-rime>
-- modal editing:
-  - <https://github.com/emacs-evil/evil>: evil mode, enabled by default in doom-emacs.
-  - <https://github.com/meow-edit/meow>
-
-## Install or Update
-
-After deploying this nix flake, run the following command to install or update emacs:
-
-```bash
-doom sync
-```
-
-when in doubt, run `doom sync`!
-
-## Testing
-
-> via `Justfile` located at the root of this repo.
-
-```bash
-# testing
-just emacs-test
-just emacs-purge
-just emacs-reload
-
-# clear test data
-just emacs-clean
-```
-
-## Limits
-
-- It's too slow to start up and install(compile/build) packages.
-  - I have to use emacs in daemon/client mode to avoid this issue.
-- It's too large in size, not suitable for servers.
-  - So vim/neovim is still the best choice for servers.
-- Emacs's markdown-mode works not well with tables, see:
-  - https://github.com/jrblevin/markdown-mode/issues/380
-- I use git command frequently, but doomemacs only autoupdates status of git diff / treemacs when
-  using magit.
-  - I have to learn magit to avoid this issue...
-- GitHub's orgmode support is not well, Markdown is better for GitHub.
-  - Use markdown for repo's README.md, and use orgmode for my personal notes and docs only.
-
-## Cheetsheet
-
-Here is the cheetsheet related to my DoomEmacs configs. Please read vim's common cheetsheet at
-[../README.md](../README.md) before reading the following.
-
-### Basics
-
-> Terminal(vterm) is useful in GUI mode, I use Zellij instead in terminal mode.
-
-| Action                 | Shortcut                                          |
-| ---------------------- | ------------------------------------------------- |
-| Popup Terminal(vterm)  | `SPC + o + t`                                     |
-| Open Terminal          | `SPC + o + T`                                     |
-| Open file tree sidebar | `SPC + o + p`                                     |
-| Frame fullscreen       | `SPC + t + F`                                     |
-| Exit                   | `M-x C-c`                                         |
-| Execute Command        | `M-x`(hold on `Alt`/`option`, and then press `x`) |
-| Eval Lisp Code         | `M-:`(hold on `Alt`/`option`, and then press `:`) |
-
-### Window Navigation
-
-| Action                                     | Shortcut                                                              |
-| ------------------------------------------ | --------------------------------------------------------------------- |
-| Split a window vertically and horizontally | `SPC w v/s`                                                           |
-| Move to a window in a specific direction   | `Ctrl-w + h/j/k/l`                                                    |
-| Move a window to a specific direction      | `Ctrl-w + H/J/K/L`                                                    |
-| Move to the next window                    | `SPC w w`                                                             |
-| Close the current window                   | `SPC w q`                                                             |
-| Rebalance all windows                      | `SPC w =`                                                             |
-| Set window's width(columns)                | `80 SPC w \|` (the Vertical line is escaped due to markdown's limits) |
-| Set window's height                        | `30 SPC w _ `                                                         |
-
-### File Tree
-
-- treemacs: <https://github.com/Alexander-Miller/treemacs/blob/master/src/elisp/treemacs-mode.el>
-- treemacs-evil:
-  <https://github.com/Alexander-Miller/treemacs/blob/master/src/extra/treemacs-evil.el>
-
-| Action                                | Shortcut  |
-| ------------------------------------- | --------- |
-| Resize Treemacs's window              | `>` & `<` |
-| Extra Wide Window                     | `W`       |
-| Rename                                | `R`       |
-| Delete File/Direcoty                  | `d`       |
-| New File                              | `cf`      |
-| New Directory                         | `cd`      |
-| Go to parent                          | `u`       |
-| Run shell command in for current node | `!`       |
-| Refresh file tree                     | `gr`      |
-| Copy project-path into pasteboard     | `yp`      |
-| Copy absolute-path into pasteboard    | `ya`      |
-| Copy relative-path into pasteboard    | `yr`      |
-| Copy file to another location         | `yf`      |
-| Move file to another location         | `m`       |
-| quit                                  | `q`       |
-
-And bookmarks:
-
-- Add bookmarks in treemacs: `b`
-- Show Bookmark List: `SPC s m`
-
-### Splitting and Buffers
-
-| Action                  | Shortcut          |
-| ----------------------- | ----------------- |
-| Buffer List             | `<Space> + ,`     |
-| Save all buffers(Tab)   | `<Space> + b + S` |
-| Kill the current buffer | `<Space> + b + k` |
-| Kill all buffers        | `<Space> + b + K` |
-
-### Editing and Formatting
-
-| Action                                     | Shortcut            |
-| ------------------------------------------ | ------------------- |
-| Format Document                            | `<Space> + cf`      |
-| Code Actions                               | `<Space> + ca`      |
-| Rename                                     | `<Space> + cr`      |
-| Opening LSP symbols                        | `<Space> + cS`      |
-| Show all LSP Errors                        | `<Space> + c + x/X` |
-| Show infinite undo history(really useful!) | `<Space> + s + u`   |
-| Open filepath/URL at cursor                | `gf`                |
-| Find files by keyword in path              | `<Space> + <Space>` |
-| Grep string in files (vertico + ripgrep)   | `<Space> + sd`      |
-
-### Image Preview(GUI mode only)
-
-Use `-`, `+` to resize the image, `r` to rotate the image.
-
-### Search & replace
-
-```bash
-SPC s p foo C-; E C-c C-p :%s/foo/bar/g RET Z Z
-```
-
-1. `SPC s p`: search in project
-1. `foo`: the keyword to search
-1. `C-; E`: exports what you’re looking at into a new buffer in grep-mode
-1. `C-c C-p` to run wgrep-change-to-wgrep-mode to make the search results writable.
-1. `:%s/foo/bar/g RET`: replace in the current buffer(just like neovim/vim)
-1. `Z Z`: to write all the changes to their respective files
-
-### Projects
-
-> easily switch between projects without exit emacs!
-
-| Action                     | Shortcut      |
-| -------------------------- | ------------- |
-| Switch between projects    | `SPC + p + p` |
-| Browse the current project | `SPC + p + .` |
-| Add new project            | `SPC + p + a` |
-
-### Workspaces
-
-> Very useful when run emacs in daemon/client modes
-
-| Action                      | Shortcut                    |
-| --------------------------- | --------------------------- |
-| Switch between workspaces   | `M-1/2/3/...`(Alt-1/2/3/..) |
-| New Workspace               | `SPC + TAB + n`             |
-| New Named Workspace         | `SPC + TAB + N`             |
-| Delete Workspace            | `SPC + TAB + d`             |
-| Display Workspaces bar blow | `SPC + TAB + TAB`           |
-
-### Magit
-
-> https://github.com/magit/magit
-
-Magit is a powerful tool that make git operations easy and intuitive.
-
-| Action                   | Shortcut                 |
-| ------------------------ | ------------------------ |
-| Open Magit               | `C-x g` or `SPC + g + g` |
-| Switch branch            | `SPC + g + b`            |
-| Show buffer's commit log | `SPC + g + L`            |
-
-Shortcuts in magit's pane:
-
-> When run `git commit` / `git add` / `git push` /... via magit, multiple Arguments can be set. Set
-> arguments won't trigger a git command immediately. Magit will try to run a git command only after
-> an Action key is pressed.
-
-| Action                                             | Shortcut                                      |
-| -------------------------------------------------- | --------------------------------------------- |
-| Quit the current Magit pane                        | `q`                                           |
-| Show log                                           | `l`                                           |
-| Show current branch's log                          | `l + l`                                       |
-| Show current reflog                                | `l + r`                                       |
-| Commit                                             | `c`                                           |
-| Stage                                              | `s`                                           |
-| Unstage                                            | `u`                                           |
-| Push                                               | `p`                                           |
-| Pull                                               | `f`                                           |
-| Rebase                                             | `r`                                           |
-| Rebase Interactively                               | `r + i`, select on a commit, then `C-c + C-c` |
-| Stash                                              | `z`                                           |
-| Merge                                              | `m`                                           |
-| Fold/Unfold                                        | `TAB`                                         |
-| Show details of the current unit(commit/stage/...) | `<ENTER>`                                     |
-
-KeyBinding full list:
-<https://github.com/emacs-evil/evil-collection/tree/master/modes/magit#key-bindings>

home/base/tui/editors/emacs/default.nix

@@ -1,132 +0,0 @@
-# ==============================================
-# Based on doomemacs's author's config:
-#   https://github.com/hlissner/dotfiles/blob/master/modules/editors/emacs.nix
-#
-# Emacs Tutorials:
-#  1. Official: <https://www.gnu.org/software/emacs/tour/index.html>
-#  2. Doom Emacs: <https://github.com/doomemacs/doomemacs/blob/master/docs/index.org>
-#
-{
-  config,
-  lib,
-  pkgs,
-  doomemacs,
-  ...
-}:
-with lib; let
-  cfg = config.modules.editors.emacs;
-  envExtra = lib.mkAfter ''
-    export PATH="${config.xdg.configHome}/emacs/bin:$PATH"
-  '';
-  shellAliases = {
-    e = "emacsclient --create-frame"; # gui
-    et = "emacsclient --create-frame --tty"; # terminal
-  };
-  librime-dir = "${config.xdg.dataHome}/emacs/librime";
-  parinfer-rust-lib-dir = "${config.xdg.dataHome}/emacs/parinfer-rust";
-  myEmacsPackagesFor = emacs: ((pkgs.emacsPackagesFor emacs).emacsWithPackages (epkgs: [
-    epkgs.vterm
-  ]));
-in {
-  options.modules.editors.emacs = {
-    enable = mkEnableOption "Emacs Editor";
-  };
-
-  config = mkIf cfg.enable (mkMerge [
-    {
-      home.packages = with pkgs; [
-        ## Doom dependencies
-        git
-        (ripgrep.override {withPCRE2 = true;})
-        gnutls # for TLS connectivity
-
-        ## Optional dependencies
-        fd # faster projectile indexing
-        imagemagick # for image-dired
-        fd # faster projectile indexing
-        zstd # for undo-fu-session/undo-tree compression
-
-        # go-mode
-        # gocode # project archived, use gopls instead
-
-        ## Module dependencies
-        # :checkers spell
-        (aspellWithDicts (ds: with ds; [en en-computers en-science]))
-        # :tools editorconfig
-        editorconfig-core-c # per-project style config
-        # :tools lookup & :lang org +roam
-        sqlite
-        # :lang latex & :lang org (latex previews)
-        # texlive.combined.scheme-medium
-      ];
-
-      programs.bash.bashrcExtra = envExtra;
-      programs.zsh.envExtra = envExtra;
-      home.shellAliases = shellAliases;
-      programs.nushell.shellAliases = shellAliases;
-
-      xdg.configFile."doom" = {
-        source = ./doom;
-        force = true;
-      };
-
-      home.activation.installDoomEmacs = lib.hm.dag.entryAfter ["writeBoundary"] ''
-        ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F744 ${doomemacs}/ ${config.xdg.configHome}/emacs/
-
-        # librime for emacs-rime
-        mkdir -p ${librime-dir}
-        ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F744 ${pkgs.librime}/ ${librime-dir}/
-
-        # libparinfer_rust for emacs' parinfer-rust-mode
-        mkdir -p ${parinfer-rust-lib-dir}
-        ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F744  ${pkgs.vimPlugins.parinfer-rust}/lib/libparinfer_rust.* ${parinfer-rust-lib-dir}/parinfer-rust.so
-      '';
-    }
-
-    (mkIf pkgs.stdenv.isLinux (
-      let
-        # Do not use emacs-nox here, which makes the mouse wheel work abnormally in terminal mode.
-        # pgtk (pure gtk) build add native support for wayland.
-        # https://www.gnu.org/savannah-checkouts/gnu/emacs/emacs.html#Releases
-        emacsPkg = myEmacsPackagesFor pkgs.emacs29-pgtk;
-      in {
-        home.packages = [emacsPkg];
-        services.emacs = {
-          enable = true;
-          package = emacsPkg;
-          client = {
-            enable = true;
-            arguments = [" --create-frame"];
-          };
-          startWithUserSession = true;
-        };
-      }
-    ))
-
-    (mkIf pkgs.stdenv.isDarwin (
-      let
-        # macport adds some native features based on GNU Emacs 29
-        # https://bitbucket.org/mituharu/emacs-mac/src/master/README-mac
-        emacsPkg = myEmacsPackagesFor pkgs.emacs29;
-      in {
-        home.packages = [emacsPkg];
-        launchd.enable = true;
-        launchd.agents.emacs = {
-          enable = true;
-          config = {
-            ProgramArguments = [
-              "${pkgs.bash}/bin/bash"
-              "-l"
-              "-c"
-              "${emacsPkg}/bin/emacs --fg-daemon"
-            ];
-            StandardErrorPath = "${config.home.homeDirectory}/Library/Logs/emacs-daemon.stderr.log";
-            StandardOutPath = "${config.home.homeDirectory}/Library/Logs/emacs-daemon.stdout.log";
-            RunAtLoad = true;
-            KeepAlive = true;
-          };
-        };
-      }
-    ))
-  ]);
-}

home/base/tui/editors/emacs/doom/config.el

@@ -1,175 +0,0 @@
-;;; $DOOMDIR/config.el -*- lexical-binding: t; -*-
-
-;; Place your private configuration here! Remember, you do not need to run 'doom
-;; sync' after modifying this file!
-
-
-;; Some functionality uses this to identify you, e.g. GPG configuration, email
-;; clients, file templates and snippets. It is optional.
-;; (setq user-full-name "John Doe"
-;;       user-mail-address "john@doe.com")
-
-;; Doom exposes five (optional) variables for controlling fonts in Doom:
-;;
-;; - `doom-font' -- the primary font to use
-;; - `doom-variable-pitch-font' -- a non-monospace font (where applicable)
-;; - `doom-big-font' -- used for `doom-big-font-mode'; use this for
-;;   presentations or streaming.
-;; - `doom-symbol-font' -- for symbols
-;; - `doom-serif-font' -- for the `fixed-pitch-serif' face
-;;
-;; See 'C-h v doom-font' for documentation and more examples of what they
-;; accept. For example:
-;;
-(setq doom-font (font-spec :family "JetBrainsMono Nerd Font" :size 18)
-      doom-variable-pitch-font (font-spec :family "DejaVu Sans")
-      doom-symbol-font (font-spec :family "Symbols Nerd Font Mono")
-      doom-big-font (font-spec :family "JetBrainsMono Nerd Font" :size 28))
-
-;; Users should inject their own font logic in `after-setting-font-hook'
-;; Add font for CJK charset
-(defun init-cjk-fonts()
-  (dolist (charset '(kana han cjk-misc bopomofo))
-    (set-fontset-font (frame-parameter nil 'font)
-                      charset (font-spec :family "Source Han Sans SC"))))
-(add-hook 'after-setting-font-hook 'init-cjk-fonts)
-
-
-;; If you or Emacs can't find your font, use 'M-x describe-font' to look them
-;; up, `M-x eval-region' to execute elisp code, and 'M-x doom/reload-font' to
-;; refresh your font settings. If Emacs still can't find your font, it likely
-;; wasn't installed correctly. Font issues are rarely Doom issues!
-
-;; There are two ways to load a theme. Both assume the theme is installed and
-;; available. You can either set `doom-theme' or manually load a theme with the
-;; `load-theme' function. This is the default:
-;; other doom's official themes:
-;;   https://github.com/doomemacs/themes
-(setq doom-theme 'doom-dracula) ;; doom-one doom-dracula doom-nord
-(if (eq system-type 'darwin)
-    ;; Transparent Backgroud - for macOS
-    ;;(set-frame-parameter (selected-frame) 'alpha '(<active> . <inactive>))
-    ;;(set-frame-parameter (selected-frame) 'alpha <both>)
-    (progn
-      (set-frame-parameter (selected-frame) 'alpha '(85 . 70))
-      (add-to-list 'default-frame-alist '(alpha . (85 . 70))))
-  ;; Transparent Background - for Linux Xorg/Wayland
-  (set-frame-parameter nil 'alpha-background 93) ; For current frame
-  (add-to-list 'default-frame-alist '(alpha-background . 93))); For all new frames henceforth
-
-;; This determines the style of line numbers in effect. If set to `nil', line
-;; numbers are disabled. For relative line numbers, set this to `relative'.
-(setq display-line-numbers-type t)
-(setq warning-minimum-level :error)
-;; If you use `org' and don't want your org files in the default location below,
-;; change `org-directory'. It must be set before org loads!
-(setq org-directory "~/org/")
-;; Whenever you reconfigure a package, make sure to wrap your config in an
-;; `after!' block, otherwise Doom's defaults may override your settings. E.g.
-;;
-;;   (after! PACKAGE
-;;     (setq x y))
-;;
-;; The exceptions to this rule:
-;;
-;;   - Setting file/directory variables (like `org-directory')
-;;   - Setting variables which explicitly tell you to set them before their
-;;     package is loaded (see 'C-h v VARIABLE' to look up their documentation).
-;;   - Setting doom variables (which start with 'doom-' or '+').
-;;
-;; Here are some additional functions/macros that will help you configure Doom.
-;;
-;; - `load!' for loading external *.el files relative to this one
-;; - `use-package!' for configuring packages
-;; - `after!' for running code after a package has loaded
-;; - `add-load-path!' for adding directories to the `load-path', relative to
-;;   this file. Emacs searches the `load-path' when you load packages with
-;;   `require' or `use-package'.
-;; - `map!' for binding new keys
-;;
-;; To get information about any of these functions/macros, move the cursor over
-;; the highlighted symbol at press 'K' (non-evil users must press 'C-c c k').
-;; This will open documentation for it, including demos of how they are used.
-;; Alternatively, use `C-h o' to look up a symbol (functions, variables, faces,
-;; etc).
-;;
-;; You can also try 'gd' (or 'C-c c d') to jump to their definition and see how
-;; they are implemented.
-
-;; use alejandra to format nix files
-(use-package! lsp-nix
-  :ensure lsp-mode
-  :after
-  (lsp-mode)
-  :demand t
-  :custom
-  (lsp-nix-nil-formatter
-   ["alejandra"]))
-
-(use-package! nushell-mode
-  :config
-  (setq nushell-enable-auto-indent 1))
-(after! vterm
-  (setq vterm-shell "nu")) ; use nushell by defualt
-
-;; emacs-rime
-(use-package! rime
-  :custom
-  (default-input-method "rime")
-  (rime-librime-root "~/.local/share/emacs/librime"))
-
-;; use parinfer for lisp editing
-(use-package! parinfer-rust-mode
-  :hook ((emacs-lisp-mode
-          clojure-mode
-          scheme-mode
-          lisp-mode
-          racket-mode
-          fennel-mode
-          hy-mode) . parinfer-rust-mode)
-  :init
-  ;; parinfer-rust library do not provide a apple silicon binary.
-  ;; fix: https://github.com/doomemacs/doomemacs/issues/6163
-  (setq parinfer-rust-auto-download 0)
-  ;; we need to download it manually and put it in this path
-  (setq parinfer-rust-library "~/.local/share/emacs/parinfer-rust/parinfer-rust.so")
-  :config
-  (map! :map parinfer-rust-mode-map
-        :localleader
-        "p" #'parinfer-rust-switch-mode
-        "P" #'parinfer-rust-toggle-disable))
-
-;; disable smatparens-mode here to void conflict with parinfer
-;; https://discourse.doomemacs.org/t/disable-smartparens-or-parenthesis-completion/134
-(add-hook 'clojure-mode-hook        #'turn-off-smartparens-mode)
-(add-hook 'scheme-mode-hook         #'turn-off-smartparens-mode)
-(add-hook 'lisp-mode-hook           #'turn-off-smartparens-mode)
-(add-hook 'racket-mode-hook         #'turn-off-smartparens-mode)
-(add-hook 'fennel-mode-hook         #'turn-off-smartparens-mode)
-(add-hook 'hy-mode-hook             #'turn-off-smartparens-mode)
-
-;; auto-save
-(use-package super-save
-  :ensure t
-  :config
-  (super-save-mode +1)
-  (setq super-save-auto-save-when-idle t)
-  (setq auto-save-default nil))
-
-;; save on find-file
-(add-to-list 'super-save-hook-triggers 'find-file-hook)
-
-(use-package! copilot
-  :hook
-  (prog-mode . copilot-mode)
-  :bind
-  (:map copilot-completion-map
-        ("<tab>" . 'copilot-accept-completion)
-        ("TAB" . 'copilot-accept-completion)
-        ("C-TAB" . 'copilot-accept-completion-by-word)
-        ("C-<tab>" . 'copilot-accept-completion-by-word))
-  :config
-  (copilot-mode +1))
-
-(use-package! wakatime-mode :ensure t)
-

home/base/tui/editors/emacs/doom/init.el

@@ -1,211 +0,0 @@
-;;; init.el -*- lexical-binding: t; -*-
-
-;; This file controls what Doom modules are enabled and what order they load
-;; in. Remember to run 'doom sync' after modifying it!
-
-;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
-;;      documentation. There you'll find a link to Doom's Module Index where all
-;;      of our modules are listed, including what flags they support.
-
-;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
-;;      'C-c c k' for non-vim users) to view its documentation. This works on
-;;      flags as well (those symbols that start with a plus).
-;;
-;;      Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
-;;      directory (for easy access to its source code).
-
-
-(doom! :input
-       ;;bidi              ; (tfel ot) thgir etirw uoy gnipleh
-       chinese
-       ;;japanese
-       ;;layout            ; auie,ctsrnm is the superior home row
-
-       :completion
-       ;; (company +childframe)  ; conflict with lsp-bridge
-                                        ; the ultimate code completion backend
-       ;;helm              ; the *other* search engine for love and life
-       ;;ido               ; the other *other* search engine...
-       ;;ivy               ; a search engine for love and life
-       vertico                          ; the search engine of the future
-
-       :ui
-       ;;deft              ; notational velocity for Emacs
-       doom                             ; what makes DOOM look the way it does
-       doom-dashboard                   ; a nifty splash screen for Emacs
-       ;;doom-quit         ; DOOM quit-message prompts when you quit Emacs
-       ;; (emoji +unicode) ; Emacs 29 provides native support for inserting Unicode emojis.
-                                        ; 🙂
-       hl-todo            ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
-       indent-guides      ; highlighted indent columns
-       ligatures          ; ligatures and symbols to make your code pretty again
-       modeline           ; snazzy, Atom-inspired modeline, plus API
-       ophints            ; highlight the region an operation acts on
-       (popup +defaults)
-                                        ; tame sudden yet inevitable temporary windows
-       tabs                             ; a tab bar for Emacs
-       treemacs                 ; a project drawer, like neotree but cooler
-       unicode                  ; extended unicode support for various languages
-       (vc-gutter +pretty)
-                                        ; vcs diff in the fringe
-       vi-tilde-fringe                  ; fringe tildes to mark beyond EOB
-       ;;window-select     ; visually switch windows
-       workspaces       ; tab emulation, persistence & separate workspaces
-       ;;zen               ; distraction-free coding or writing
-
-       :editor
-       (evil +everywhere)
-                                        ; come to the dark side, we have cookies
-       file-templates                   ; auto-snippets for empty files
-       fold                             ; (nigh) universal code folding
-       (format +onsave)
-                                        ; automated prettiness
-       ;; multiple-cursors  ; editing in many places at once
-       ;; objed             ; text object editing for the innocent, conflict with parinfer
-       parinfer          ; turn lisp into python, sort of, conflict with copilot/objed/smartparens
-       ;;rotate-text       ; cycle region at point between text candidates
-       snippets   ; my elves. They type so I don't have to
-       word-wrap         ; soft wrapping with language-aware indent
-
-       :emacs
-       dired             ; making dired pretty [functional]
-       electric          ; smarter, keyword-based electric-indent
-       ibuffer         ; interactive buffer management
-       undo              ; persistent, smarter undo for your inevitable mistakes
-       vc                ; version-control and Emacs, sitting in a tree
-
-       :term
-       ;;eshell            ; the elisp shell that works everywhere
-       ;;shell             ; simple shell REPL for Emacs
-       ;;term              ; basic terminal emulator for Emacs
-       vterm                            ; the best terminal emulation in Emacs
-
-       :checkers
-       syntax                        ; tasing you for every semicolon you forget
-       (spell +flyspell)
-                                        ; tasing you for misspelling mispelling
-       grammar                          ; tasing grammar mistake every you make
-
-       :tools
-       ;;ansible
-       ;;biblio            ; Writes a PhD for you (citation needed)
-       ;;collab            ; buffers with friends
-       ;;debugger          ; FIXME stepping through code, to help you add bugs
-       ;;direnv
-       (docker)
-       editorconfig      ; let someone else argue about tabs vs spaces
-       ;;ein               ; tame Jupyter notebooks with emacs
-       (eval +overlay)
-                                        ; run code, run (also, repls)
-       lookup                   ; navigate your code and its documentation
-       lsp    ; lsp-mode, conflict with lsp-bridge
-       magit                    ; a git porcelain for Emacs
-       ;;make              ; run make tasks from Emacs
-       ;;pass              ; password manager for nerds
-       pdf                              ; pdf enhancements
-       ;;prodigy           ; FIXME managing external services & code builders
-       (terraform)
-                                        ; infrastructure as code
-       tree-sitter                    ; syntax and parsing, sitting in a tree...
-       ;;upload            ; map local to remote projects via ssh/ftp
-
-       :os
-       (:if IS-MAC macos)
-                                        ; improve compatibility with macOS
-       tty                              ; improve the terminal Emacs experience
-
-       :lang
-       ;;agda              ; types of types of types of types...
-       ;;beancount         ; mind the GAAP
-       (cc +lsp +tree-sitter)
-                                        ; C > C++ == 1
-       ;;clojure           ; java with a lisp
-       ;;common-lisp       ; if you've seen one lisp, you've seen them all
-       ;;coq               ; proofs-as-programs
-       ;;crystal           ; ruby at the speed of c
-       ;;csharp            ; unity, .NET, and mono shenanigans
-       data                     ; config/data formats
-       ;;(dart +flutter)   ; paint ui and not much else
-       ;;dhall
-       ;;elixir            ; erlang done right
-       ;;elm               ; care for a cup of TEA?
-       emacs-lisp                       ; drown in parentheses
-       ;;erlang            ; an elegant language for a more civilized age
-       ;;ess               ; emacs speaks statistics
-       ;;factor
-       ;;faust             ; dsp, but you get to keep your soul
-       ;;fortran           ; in FORTRAN, GOD is REAL (unless declared INTEGER)
-       ;;fsharp            ; ML stands for Microsoft's Language
-       ;;fstar             ; (dependent) types and (monadic) effects and Z3
-       ;;gdscript          ; the language you waited for
-       (go +lsp +tree-sitter)  ;; disable go-mode, use lsp-bridge instead
-                                        ; the hipster dialect
-       ;;(graphql)    ; Give queries a REST
-       ;;(haskell)    ; a language that's lazier than I am
-       ;;hy                ; readability of scheme w/ speed of python
-       ;;idris             ; a language you can depend on
-       (json +lsp +tree-sitter)
-                                        ; At least it ain't XML
-       (java +lsp +tree-sitter)
-                                        ; the poster child for carpal tunnel syndrome
-       (javascript +lsp +tree-sitter)
-                                        ; all(hope(abandon(ye(who(enter(here))))))
-       ;;julia             ; a better, faster MATLAB
-       ;;kotlin            ; a better, slicker Java(Script)
-       (latex)
-                                        ; writing papers in Emacs has never been so fun
-       ;;lean              ; for folks with too much to prove
-       ;;ledger            ; be audit you can be
-       (lua +lsp +tree-sitter)
-                                        ; one-based indices? one-based indices
-       (markdown +grip)
-                                        ; writing docs for people to ignore
-       ;;nim               ; python + lisp at the speed of c
-       (nix +lsp +tree-sitter)
-                                        ; I hereby declare "nix geht mehr!"
-       ;;ocaml             ; an objective camel
-       (org +pandoc +hugo +jupyter)  ; organize your plain life in plain text
-       ;;php               ; perl's insecure younger brother
-       ;;plantuml          ; diagrams for confusing people more
-       ;;purescript        ; javascript, but functional
-       (python +lsp +tree-sitter +pyright)
-                                        ; beautiful is better than ugly
-       ;;qt                ; the 'cutest' gui framework ever
-       racket           ; a DSL for DSLs
-       ;;raku              ; the artist formerly known as perl6
-       ;;rest              ; Emacs as a REST client
-       ;;rst               ; ReST in peace
-       ;;(ruby +rails)     ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
-       (rust +lsp +tree-sitter)
-                                        ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
-       ;;scala             ; java, but good
-       (scheme +guile)
-                                        ; a fully conniving family of lisps
-       (sh +lsp +tree-sitter)
-                                        ; she sells {ba,z,fi}sh shells on the C xor
-       ;;sml
-       ;;solidity          ; do you need a blockchain? No.
-       ;;swift             ; who asked for emoji variables?
-       ;;terra             ; Earth and Moon in alignment for performance.
-       (web +lsp +tree-sitter)
-                                        ; support for various web languages, including HTML5, CSS, SASS/SCSS, Pug/Jade/Slim, and more
-       (yaml +lsp +tree-sitter)
-                                        ; JSON, but readable
-       ;;zig               ; C, but simpler
-
-       :email
-       ;;(mu4e +org +gmail)
-       ;;notmuch
-       ;;(wanderlust +gmail)
-
-       :app
-       ;;calendar
-       ;;emms
-       ;;everywhere        ; *leave* Emacs!? You must be joking
-       ;;irc               ; how neckbeards socialize
-       ;;(rss +org)        ; emacs as an RSS reader
-       ;;twitter           ; twitter client https://twitter.com/vnought
-
-       :config
-       ;;literate
-       (default +bindings +smartparens))

home/base/tui/editors/emacs/doom/packages.el

@@ -1,64 +0,0 @@
-;; -*- no-byte-compile: t; -*-
-;;; $DOOMDIR/packages.el
-
-;; To install a package with Doom you must declare them here and run 'doom sync'
-;; on the command line, then restart Emacs for the changes to take effect -- or
-;; use 'M-x doom/reload'.
-
-(package! super-save)
-(package! rime)
-(package! wakatime-mode
-  :recipe
-  (:host github :repo "wakatime/wakatime-mode" :files
-         ("*.el" "dist")))
-
-(package! nushell-mode :recipe
-  (:host github :repo "mrkkrp/nushell-mode"))
-
-(package! copilot
-  :recipe
-  (:host github :repo "copilot-emacs/copilot.el" :files
-         ("*.el" "dist")))
-
-;; To install SOME-PACKAGE from MELPA, ELPA or emacsmirror:
-;; (package! some-package)
-
-;; To install a package directly from a remote git repo, you must specify a
-;; `:recipe'. You'll find documentation on what `:recipe' accepts here:
-;; https://github.com/radian-software/straight.el#the-recipe-format
-;; (package! another-package
-;;   :recipe (:host github :repo "username/repo"))
-
-;; If the package you are trying to install does not contain a PACKAGENAME.el
-;; file, or is located in a subdirectory of the repo, you'll need to specify
-;; `:files' in the `:recipe':
-;; (package! this-package
-;;   :recipe (:host github :repo "username/repo"
-;;            :files ("some-file.el" "src/lisp/*.el")))
-
-;; If you'd like to disable a package included with Doom, you can do so here
-;; with the `:disable' property:
-;; (package! builtin-package :disable t)
-
-;; You can override the recipe of a built in package without having to specify
-;; all the properties for `:recipe'. These will inherit the rest of its recipe
-;; from Doom or MELPA/ELPA/Emacsmirror:
-;; (package! builtin-package :recipe (:nonrecursive t))
-;; (package! builtin-package-2 :recipe (:repo "myfork/package"))
-
-;; Specify a `:branch' to install a package from a particular branch or tag.
-;; This is required for some packages whose default branch isn't 'master' (which
-;; our package manager can't deal with; see radian-software/straight.el#279)
-;; (package! builtin-package :recipe (:branch "develop"))
-
-;; Use `:pin' to specify a particular commit to install.
-;; (package! builtin-package :pin "1a2b3c4d5e")
-
-
-;; Doom's packages are pinned to a specific commit and updated from release to
-;; release. The `unpin!' macro allows you to unpin single packages...
-;; (unpin! pinned-package)
-;; ...or multiple packages
-;; (unpin! pinned-package another-pinned-package)
-;; ...Or *all* packages (NOT RECOMMENDED; will likely break things)
-;; (unpin! t)

home/base/tui/editors/helix/README.md

@@ -1,64 +0,0 @@
-# Helix Editor
-
-Neovim is really powerful, and have a very active community. I use it as my main editor, and I'm
-very happy with it. I use it for everything, from writing code to writing this document.
-
-But its configuration is a bit complex, and finding the right plugins, writing configurations, and
-keeping everything up to date is not easy.
-
-That's why I'm interested in Helix, Helix is similar to Neovim, but it's more opinionated, and it's
-batteries included. Whether I'll switch my main editor to Helix or not, it gives me a lot of ideas
-on how to improve my Neovim workflow.
-
-## Tutorial
-
-Use `:tutor` in helix to start the tutorial.
-
-## Differences between Neovim and Helixer
-
-1. Selecting first, then action.
-   1. Helix: delete 2 word: `2w` then `x`. You can always see what you're selecting before you apply
-      the action.
-   2. Neovim: delete 2 word: `d`. then `2w`. No visual feedback before you apply the action.
-1. Helix - Modern builtin features: LSP, tree-sitter, fuzzy finder, multi cursors, surround and
-   more.
-   1. They're all available in Neovim too, but you need to find and use the right plugins manually,
-      which takes time and effort.
-1. Helix is built in Rust from scratch. The result is a much smaller codebase and a modern set of
-   defaults. No VimScript. No Lua.
-   1. Neovim contains a lot of VimScript, and lua is too dynamic, it's hard to debug.
-   1. Personally I'm glad to take a look at a Rust codebase, but not a VimScript/Lua codebase.
-1. Neovim have a very activate plugin ecosystem, and it's easy to find plugins for almost
-   everything.
-   1. Helix is still new, and it even don't have a stable plugin system yet. A PR to add a plugin
-      system is still envolving: <https://github.com/helix-editor/helix/pull/8675>
-1. Neovim has integrated terminal, and it's very powerful. It's quite similar to VSCode's integrated
-   terminal. I use it a lot.
-   1. Helix doesn't have a integrated terminal yet, as it's complicated to implement. Users are
-      recommended to use tmux/Zellij or Wezterm/Kitty to implement this feature instead.
-   1. <https://github.com/helix-editor/helix/issues/1976#issuecomment-1091074719>
-   1. <https://github.com/helix-editor/helix/pull/4649>
-   1. **My Neovim often gets stuck when I switch to
-      [toggleterm.nvim](https://github.com/akinsho/toggleterm.nvim), this Helix issue made me
-      consider to switch from this Neovim plugin to Zellij**.
-1. Helix do not have a tree-view panel, it's recommended to use Yazi/ranger/Broot instead, and open
-   Helix in them.
-   1. a tree-view plugin may be added after the plugin system is stable, but no one knows when it
-      will be.
-   2. and some Helix users stated that they don't need a tree-view plugin, Helix's file picker is
-      useful and good enough.
-1. It seems Helix lacks a global substitution command, you should run it in another window(via wm or
-   Zellij).
-   1. <https://github.com/helix-editor/helix/issues/196>
-   1. Neovim's substitution command allow you to preview the changes before you apply it, and it's
-      very useful. if I switch to Helix, I'll need to find some other tools with similar
-      feature(such as https://github.com/ms-jpq/sad).
-1. Complexity and Maintenance Costs vs Batteries Included:
-   <https://github.com/helix-editor/helix/discussions/6356>
-
-I think Use Helix/Neovim within a terminal file manager(Yazi/ranger/Broot) and Zellij is a good
-idea. It's quite different from the workflow I migrated from VSCode/JetBrains before, I'm very
-interested in it.
-
-In Neovim I can make the workflow similar to VSCode/JetBrains by using some plugins, but Helix
-forces me to get out of my comfort zone, and try something new.

home/base/tui/editors/helix/default.nix

@@ -1,36 +0,0 @@
-{
-  pkgs,
-  nur-ryan4yin,
-  ...
-}: {
-  # https://github.com/catppuccin/helix
-  xdg.configFile."helix/themes".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-helix}/themes/default";
-
-  programs.helix = {
-    enable = true;
-    package = pkgs.helix;
-    settings = {
-      theme = "catppuccin_mocha";
-      editor = {
-        line-number = "relative";
-        cursorline = true;
-        color-modes = true;
-        lsp.display-messages = true;
-        cursor-shape = {
-          insert = "bar";
-          normal = "block";
-          select = "underline";
-        };
-        indent-guides.render = true;
-      };
-      keys.normal = {
-        space = {
-          space = "file_picker";
-          w = ":w";
-          q = ":q";
-        };
-        esc = ["collapse_selection" "keep_primary_selection"];
-      };
-    };
-  };
-}

home/base/tui/editors/neovim/README.md

@@ -1,190 +0,0 @@
-# Neovim Editor
-
-My Neovim config based on [AstroNvim](https://github.com/AstroNvim/AstroNvim). For more details,
-visit the [AstroNvim website](https://astronvim.com/).
-
-This document outlines neovim's configuration structure and various shortcuts/commands for efficient
-usage.
-
-## Screenshots
-
-![](/_img/astronvim_2023-07-13_00-39.webp) ![](/_img/hyprland_2023-07-29_2.webp)
-
-## Configuration Structure
-
-| Description                                       | Standard Location                           | My Location                                                               |
-| ------------------------------------------------- | ------------------------------------------- | ------------------------------------------------------------------------- |
-| Neovim's config                                   | `~/.config/nvim`                            | AstroNvim's github repository, referenced as a flake input in this flake. |
-| AstroNvim's user configuration                    | `$XDG_CONFIG_HOME/astronvim/lua/user`       | [./astronvim_user/](./astronvim_user/)                                    |
-| Plugins installation directory (lazy.nvim)        | `~/.local/share/nvim/`                      | The same as standard location, generated and managed by lazy.nvim.        |
-| LSP servers, DAP servers, linters, and formatters | `~/.local/share/nvim/mason/`(by mason.nvim) | [./default.nix](./default.nix), installed by nix.                         |
-
-## Update/Clean Plugins
-
-Note that lazy.nvim will not automatically update plugins, so you need to update them manually.
-
-```bash
-:Lazy update
-```
-
-Remove all unused plugins:
-
-```bash
-:Lazy clean
-```
-
-## Testing
-
-> via `Justfile` located at the root of this repo.
-
-```bash
-# testing
-just nvim-test
-
-# clear test data
-just nvim-clear
-```
-
-## Cheetsheet
-
-Here is the cheetsheet related to my Neovim configs. Please read vim's common cheetsheet at
-[../README.md](../README.md) before reading the following.
-
-### Incremental Selection
-
-Provided by nvim-treesitter.
-
-| Action            | Shortcut       |
-| ----------------- | -------------- |
-| init selection    | `<Ctrl-space>` |
-| node incremental  | `<Ctrl-space>` |
-| scope incremental | `<Alt-Space>`  |
-| node decremental  | `Backspace`    |
-
-### Search and Jump
-
-Provided by [flash.nvim](https://github.com/folke/flash.nvim), it's a intelligent search and jump
-plugin.
-
-1. It enhances the default search and jump behavior of neovim.(search with prefix `/`)
-
-| Action            | Shortcut                                                                                                     |
-| ----------------- | ------------------------------------------------------------------------------------------------------------ |
-| Search            | `/`(normal search), `s`(disable all code highlight, only highlight matches)                                  |
-| Treesitter Search | `yR`,`dR`, `cR`, `vR`, `ctrl+v+R`(around your matches, all the surrounding Treesitter nodes will be labeled) |
-| Remote Flash      | `yr`, `dr`, `cr`, (around your matches, all the surrounding Treesitter nodes will be labeled)                |
-
-### Commands & Shortcuts
-
-| Action                        | Shortcut       |
-| ----------------------------- | -------------- |
-| Open file explorer            | `<Space> + e`  |
-| Focus Neotree to current file | `<Space> + o`  |
-| Toggle line wrap              | `<Space> + uw` |
-| Show line diagnostics         | `gl`           |
-| Show function/variable info   | `K`            |
-| References of a symbol        | `gr`           |
-| Next tab                      | `]b`           |
-| Previous tab                  | `[b`           |
-
-### Window Navigation
-
-- Switch between windows: `<Ctrl> + h/j/k/l`
-- Resize windows: `<Ctrl> + Up/Down/Left/Right` (`<Ctrl-w> + -/+/</>`)
-  - Note: On macOS, conflicts with system shortcuts
-  - Disable in System Preferences -> Keyboard -> Shortcuts -> Mission Control
-
-### Splitting and Buffers
-
-| Action           | Shortcut      |
-| ---------------- | ------------- |
-| Horizontal Split | `\`           |
-| Vertical Split   | `\|`          |
-| Close Buffer     | `<Space> + c` |
-
-### Editing and Formatting
-
-| Action                                                | Shortcut       |
-| ----------------------------------------------------- | -------------- |
-| Toggle buffer auto formatting                         | `<Space> + uf` |
-| Format Document                                       | `<Space> + lf` |
-| Code Actions                                          | `<Space> + la` |
-| Rename                                                | `<Space> + lr` |
-| Opening LSP symbols                                   | `<Space> + lS` |
-| Comment Line(support multiple lines)                  | `<Space> + /`  |
-| Open filepath/URL at cursor(neovim's builtin command) | `gx`           |
-| Find files by name (fzf)                              | `<Space> + ff` |
-| Find files by name (include hidden files)             | `<Space> + fF` |
-| Grep string in files (ripgrep)                        | `<Space> + fw` |
-| Grep string in files (include hidden files)           | `<Space> + fW` |
-
-### Git
-
-| Action                     | Shortcut        |
-| -------------------------- | --------------- |
-| Git Commits (repository)   | `:<Space> + gc` |
-| Git Commits (current file) | `:<Space> + gC` |
-| Git Branches               | `:<Space> + gb` |
-| Git Status                 | `:<Space> + gt` |
-
-### Sessions
-
-| Action                         | Shortcut       |
-| ------------------------------ | -------------- |
-| Save Session                   | `<Space> + Ss` |
-| Last Session                   | `<Space> + Sl` |
-| Delete Session                 | `<Space> + Sd` |
-| Search Session                 | `<Space> + Sf` |
-| Load Current Directory Session | `<Space> + S.` |
-
-### Debugging
-
-Press `<Space> + D` to view available bindings and options.
-
-### Search and Replace Globally
-
-| Description                                | Shortcut       |
-| ------------------------------------------ | -------------- |
-| Open spectre.nvim search and replace panel | `<Space> + ss` |
-
-Search and replace via cli(fd + sad + delta):
-
-```bash
-fd "\\.nix$" . | sad '<pattern>' '<replacement>' | delta
-```
-
-### Surrounding Characters
-
-Provided by mini.surround plugin.
-
-- Prefix `gz`
-
-| Action                         | Shortcut | Description                                     |
-| ------------------------------ | -------- | ----------------------------------------------- |
-| Add surrounding characters     | `gzaiw'` | Add `'` around the word under cursor            |
-| Delete surrounding characters  | `gzd'`   | Delete `'` around the word under cursor         |
-| Replace surrounding characters | `gzr'"`  | Replace `'` by `"` around the word under cursor |
-| Highlight surrounding          | `gzh'`   | Highlight `'` around the word under cursor      |
-
-### Text Manipulation
-
-| Action                                 |               |
-| -------------------------------------- | ------------- |
-| Join with LSP intelligence(treesj)     | `<Space> + j` |
-| Split Line into Multiple Lines(treesj) | `<Space> + s` |
-
-### Miscellaneous
-
-| Action                            |                 |
-| --------------------------------- | --------------- |
-| Show all Yank History             | `:<Space> + yh` |
-| Show undo history                 | `:<Space> + uh` |
-| Show the path of the current file | `:!echo $%`     |
-
-## Additional Resources
-
-For more detailed information and advanced usage, refer to:
-
-1. [AstroNvim walkthrough](https://astronvim.com/Basic%20Usage/walkthrough)
-2. [./astronvim_user/mapping.lua](./astronvim_user/mappings.lua)
-3. All the plugins' documentations

home/base/tui/editors/neovim/default.nix

@@ -1,73 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  pkgs-unstable,
-  ...
-}:
-###############################################################################
-#
-#  AstroNvim's configuration and all its dependencies(lsp, formatter, etc.)
-#
-#e#############################################################################
-let
-  shellAliases = {
-    v = "nvim";
-    vdiff = "nvim -d";
-  };
-in {
-  home.activation.installAstroNvim = lib.hm.dag.entryAfter ["writeBoundary"] ''
-    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F744 ${./nvim}/ ${config.xdg.configHome}/nvim/
-  '';
-
-  home.shellAliases = shellAliases;
-  programs.nushell.shellAliases = shellAliases;
-
-  programs = {
-    neovim = {
-      enable = true;
-      package = pkgs-unstable.neovim-unwrapped;
-
-      defaultEditor = true;
-      viAlias = true;
-      vimAlias = true;
-
-      # These environment variables are needed to build and run binaries
-      # with external package managers like mason.nvim.
-      #
-      # LD_LIBRARY_PATH is also needed to run the non-FHS binaries downloaded by mason.nvim.
-      # it will be set by nix-ld, so we do not need to set it here again.
-      extraWrapperArgs = with pkgs; [
-        # LIBRARY_PATH is used by gcc before compilation to search directories
-        # containing static and shared libraries that need to be linked to your program.
-        "--suffix"
-        "LIBRARY_PATH"
-        ":"
-        "${lib.makeLibraryPath [stdenv.cc.cc zlib]}"
-
-        # PKG_CONFIG_PATH is used by pkg-config before compilation to search directories
-        # containing .pc files that describe the libraries that need to be linked to your program.
-        "--suffix"
-        "PKG_CONFIG_PATH"
-        ":"
-        "${lib.makeSearchPathOutput "dev" "lib/pkgconfig" [stdenv.cc.cc zlib]}"
-      ];
-
-      # Currently we use lazy.nvim as neovim's package manager, so comment this one.
-      #
-      # NOTE: These plugins will not be used by astronvim by default!
-      # We should install packages that will compile locally or download FHS binaries via Nix!
-      # and use lazy.nvim's `dir` option to specify the package directory in nix store.
-      # so that these plugins can work on NixOS.
-      #
-      # related project:
-      #  https://github.com/b-src/lazy-nix-helper.nvim
-      plugins = with pkgs.vimPlugins; [
-        # search all the plugins using https://search.nixos.org/packages
-        telescope-fzf-native-nvim
-
-        nvim-treesitter.withAllGrammars
-      ];
-    };
-  };
-}

home/base/tui/editors/neovim/nvim/.neoconf.json

@@ -1,20 +0,0 @@
-{
-  "neodev": {
-    "library": {
-      "enabled": true,
-      "plugins": true
-    }
-  },
-  "neoconf": {
-    "plugins": {
-      "lua_ls": {
-        "enabled": true
-      }
-    }
-  },
-  "lspconfig": {
-    "lua_ls": {
-      "Lua.format.enable": false
-    }
-  }
-}

home/base/tui/editors/neovim/nvim/.stylua.toml

@@ -1,7 +0,0 @@
-column_width = 120
-line_endings = "Unix"
-indent_type = "Spaces"
-indent_width = 2
-quote_style = "AutoPreferDouble"
-call_parentheses = "None"
-collapse_simple_statement = "Always"

home/base/tui/editors/neovim/nvim/init.lua

@@ -1,19 +0,0 @@
--- This file simply bootstraps the installation of Lazy.nvim and then calls other files for execution
--- This file doesn't necessarily need to be touched, BE CAUTIOUS editing this file and proceed at your own risk.
-local lazypath = vim.env.LAZY or vim.fn.stdpath "data" .. "/lazy/lazy.nvim"
-if not (vim.env.LAZY or (vim.uv or vim.loop).fs_stat(lazypath)) then
-  -- stylua: ignore
-  vim.fn.system({ "git", "clone", "--filter=blob:none", "https://github.com/folke/lazy.nvim.git", "--branch=stable", lazypath })
-end
-vim.opt.rtp:prepend(lazypath)
-
--- validate that lazy is available
-if not pcall(require, "lazy") then
-  -- stylua: ignore
-  vim.api.nvim_echo({ { ("Unable to load lazy from: %s\n"):format(lazypath), "ErrorMsg" }, { "Press any key to exit...", "MoreMsg" } }, true, {})
-  vim.fn.getchar()
-  vim.cmd.quit()
-end
-
-require "lazy_setup"
-require "polish"

home/base/tui/editors/neovim/nvim/lua/community.lua

@@ -1,59 +0,0 @@
--- AstroCommunity: import any community modules here
--- We import this file in `lazy_setup.lua` before the `plugins/` folder.
--- This guarantees that the specs are processed before any user plugins.
-
----@type LazySpec
-return {
-  "AstroNvim/astrocommunity",
-  -- Motion
-  { import = "astrocommunity.motion.mini-surround" },
-  -- https://github.com/echasnovski/mini.ai
-  { import = "astrocommunity.motion.mini-ai" },
-  { import = "astrocommunity.motion.flash-nvim" },
-  -- Highly experimental plugin that completely replaces
-  -- the UI for messages, cmdline and the popupmenu.
-  -- { import = "astrocommunity.utility.noice-nvim" },
-  -- Fully featured & enhanced replacement for copilot.vim
-  -- <Tab> work with both auto completion in cmp and copilot
-  { import = "astrocommunity.media.vim-wakatime" },
-  { import = "astrocommunity.motion.leap-nvim" },
-  { import = "astrocommunity.motion.flit-nvim" },
-  { import = "astrocommunity.scrolling.nvim-scrollbar" },
-  { import = "astrocommunity.editing-support.todo-comments-nvim" },
-  -- Language Support
-  ---- Frontend & NodeJS
-  { import = "astrocommunity.pack.typescript-all-in-one" },
-  { import = "astrocommunity.pack.tailwindcss" },
-  { import = "astrocommunity.pack.html-css" },
-  { import = "astrocommunity.pack.prisma" },
-  { import = "astrocommunity.pack.vue" },
-  ---- Configuration Language
-  { import = "astrocommunity.pack.markdown" },
-  { import = "astrocommunity.pack.json" },
-  { import = "astrocommunity.pack.yaml" },
-  { import = "astrocommunity.pack.toml" },
-  ---- Backend / System
-  { import = "astrocommunity.pack.lua" },
-  { import = "astrocommunity.pack.go" },
-  { import = "astrocommunity.pack.rust" },
-  { import = "astrocommunity.pack.python" },
-  { import = "astrocommunity.pack.java" },
-  { import = "astrocommunity.pack.cmake" },
-  { import = "astrocommunity.pack.cpp" },
-  -- { import = "astrocommunity.pack.nix" },  -- manually add config for nix, comment this one.
-  { import = "astrocommunity.pack.proto" },
-
-  ---- Operation & Cloud Native
-  { import = "astrocommunity.pack.terraform" },
-  { import = "astrocommunity.pack.bash" },
-  { import = "astrocommunity.pack.docker" },
-  { import = "astrocommunity.pack.helm" },
-
-  -- colorscheme
-  { import = "astrocommunity.colorscheme.catppuccin" },
-
-  -- Lua implementation of CamelCaseMotion, with extra consideration of punctuation.
-  { import = "astrocommunity.motion.nvim-spider" },
-  -- AI Assistant
-  { import = "astrocommunity.completion.copilot-lua-cmp" },
-}

home/base/tui/editors/neovim/nvim/lua/lazy_setup.lua

@@ -1,34 +0,0 @@
-require("lazy").setup({
-  {
-    "AstroNvim/AstroNvim",
-    version = "^4", -- Remove version tracking to elect for nighly AstroNvim
-    import = "astronvim.plugins",
-    opts = { -- AstroNvim options must be set here with the `import` key
-      mapleader = " ", -- This ensures the leader key must be configured before Lazy is set up
-      maplocalleader = ",", -- This ensures the localleader key must be configured before Lazy is set up
-      icons_enabled = true, -- Set to false to disable icons (if no Nerd Font is available)
-      pin_plugins = nil, -- Default will pin plugins when tracking `version` of AstroNvim, set to true/false to override
-    },
-  },
-  { import = "community" },
-  { import = "plugins" },
-} --[[@as LazySpec]], {
-  -- Configure any other `lazy.nvim` configuration options here
-  -- https://github.com/folke/lazy.nvim?tab=readme-ov-file#%EF%B8%8F-configuration
-  
-  -- try to load one of these colorschemes when starting an installation during startup
-  install = { colorscheme = { "catppuccin" }, },
-  ui = { backdrop = 100 },
-  performance = {
-    rtp = {
-      -- disable some rtp plugins, add more to your liking
-      disabled_plugins = {
-        "gzip",
-        "netrwPlugin",
-        "tarPlugin",
-        "tohtml",
-        "zipPlugin",
-      },
-    },
-  },
-} --[[@as LazyConfig]])

home/base/tui/editors/neovim/nvim/lua/plugins/astrocore.lua

@@ -1,107 +0,0 @@
--- AstroCore provides a central place to modify mappings, vim options, autocommands, and more!
--- Configuration documentation can be found with `:h astrocore`
--- NOTE: We highly recommend setting up the Lua Language Server (`:LspInstall lua_ls`)
---       as this provides autocomplete and documentation while editing
-
----@type LazySpec
-return {
-  "AstroNvim/astrocore",
-  ---@type AstroCoreOpts
-  opts = {
-    -- Configure core features of AstroNvim
-    features = {
-      large_buf = { size = 1024 * 500, lines = 10000 }, -- set global limits for large files for disabling features like treesitter
-      autopairs = true, -- enable autopairs at start
-      cmp = true, -- enable completion at start
-      diagnostics_mode = 3, -- diagnostic mode on start (0 = off, 1 = no signs/virtual text, 2 = no virtual text, 3 = on)
-      highlighturl = true, -- highlight URLs at start
-      notifications = true, -- enable notifications at start
-    },
-    -- Diagnostics configuration (for vim.diagnostics.config({...})) when diagnostics are on
-    diagnostics = {
-      virtual_text = true,
-      underline = true,
-    },
-    -- vim options can be configured here
-    options = {
-      opt = { -- vim.opt.<key>
-        relativenumber = true, -- Show relative numberline
-        signcolumn = "auto", -- Show sign column when used only
-        spell = false, -- Spell checking
-        swapfile = false, -- Swapfile
-        smartindent = false, -- fix https://github.com/ryan4yin/nix-config/issues/4
-        title = true, -- Set the title of window to `filename [+=-] (path) - NVIM`
-        -- The percentage of 'columns' to use for the title
-        -- When the title is longer, only the end of the path name is shown.
-        titlelen = 20,
-      },
-      g = { -- vim.g.<key>
-        -- configure global vim variables (vim.g)
-        -- NOTE: `mapLeader` and `maplocalLeader` must be set in the AstroNvim opts or before `lazy.setup`
-        -- This can be found in the `lua/lazy_setup.lua` file
-      },
-    },
-    -- Mappings can be configured through AstroCore as well.
-    -- https://docs.astronvim.com/recipes/mappings/
-    -- NOTE: keycodes follow the casing in the vimdocs. For example, `<Leader>` must be capitalized
-    mappings = {
-      -- first key is the mode
-      n = {
-        -- second key is the lefthand side of the map
-
-        -- second key is the lefthand side of the map
-        -- mappings seen under group name "Buffer"
-        ["<Leader>bn"] = { "<cmd>tabnew<cr>", desc = "New tab" },
-        -- quick save
-        -- ["<C-s>"] = { ":w!<cr>", desc = "Save File" },
-
-        -- Terminal
-        -- NOTE: https://neovim.io/doc/user/builtin.html#jobstart()
-        --   1. If {cmd} is a List it runs directly (no 'shell')
-        --   2. If {cmd} is a String it runs in the 'shell'
-        -- search and replace globally
-        ["<Leader>ss"] = { '<cmd>lua require("spectre").toggle()<CR>', desc = "Toggle Spectre" },
-        ["<Leader>sw"] = {
-          '<cmd>lua require("spectre").open_visual({select_word=true})<CR>',
-          desc = "Search current word",
-        },
-        ["<Leader>sp"] = {
-          '<cmd>lua require("spectre").open_file_search({select_word=true})<CR>',
-          desc = "Search on current file",
-        },
-
-        -- yank_history
-        ["<Leader>yh"] = {
-          function() require("telescope").extensions.yank_history.yank_history() end,
-          desc = "Preview Yank History",
-        },
-
-        -- undo history
-        ["<Leader>uh"] = { "<cmd>Telescope undo<cr>", desc = "Telescope undo" },
-
-        -- implementation/definition preview
-        ["gpd"] = { "<cmd>lua require('goto-preview').goto_preview_definition()<CR>", desc = "goto_preview_definition" },
-        ["gpt"] = {
-          "<cmd>lua require('goto-preview').goto_preview_type_definition()<CR>",
-          desc = "goto_preview_type_definition",
-        },
-        ["gpi"] = {
-          "<cmd>lua require('goto-preview').goto_preview_implementation()<CR>",
-          desc = "goto_preview_implementation",
-        },
-        ["gP"] = { "<cmd>lua require('goto-preview').close_all_win()<CR>", desc = "close_all_win" },
-        ["gpr"] = { "<cmd>lua require('goto-preview').goto_preview_references()<CR>", desc = "goto_preview_references" },
-      },
-      t = {
-        -- setting a mapping to false will disable it
-        -- ["<esc>"] = false,
-      },
-      -- Visual mode
-      v = {
-        -- search and replace globally
-        ["<Leader>sw"] = { '<esc><cmd>lua require("spectre").open_visual()<CR>', desc = "Search current word" },
-      },
-
-    },
-  },
-}

home/base/tui/editors/neovim/nvim/lua/plugins/astrolsp.lua

@@ -1,227 +0,0 @@
--- AstroLSP allows you to customize the features in AstroNvim's LSP configuration engine
--- Configuration documentation can be found with `:h astrolsp`
--- NOTE: We highly recommend setting up the Lua Language Server (`:LspInstall lua_ls`)
---       as this provides autocomplete and documentation while editing
-
----@type LazySpec
-return {
-  "AstroNvim/astrolsp",
-  ---@type AstroLSPOpts
-  opts = {
-    -- Configuration table of features provided by AstroLSP
-    features = {
-      autoformat = true, -- enable or disable auto formatting on start
-      codelens = true, -- enable/disable codelens refresh on start
-      inlay_hints = true, -- enable/disable inlay hints on start
-      semantic_tokens = true, -- enable/disable semantic token highlighting
-    },
-    -- customize lsp formatting options
-    formatting = {
-      -- control auto formatting on save
-      format_on_save = {
-        enabled = true, -- enable or disable format on save globally
-        allow_filetypes = { -- enable format on save for specified filetypes only
-          "go",
-          "jsonnet",
-          "rust",
-          "terraform",
-          "nu",
-        },
-        ignore_filetypes = { -- disable format on save for specified filetypes
-          -- "python",
-        },
-      },
-      disabled = { -- disable formatting capabilities for the listed language servers
-        -- disable lua_ls formatting capability if you want to use StyLua to format your lua code
-        -- "lua_ls",
-      },
-      timeout_ms = 1000, -- default format timeout
-      -- filter = function(client) -- fully override the default formatting function
-      --   return true
-      -- end
-    },
-    -- enable servers that you already have installed without mason
-    -- https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md
-    servers = {
-      ---- Data & Configuration Languages
-      "jsonls", -- json language server
-      "jsonnet_ls", -- jsonnet language server
-      "yamlls", -- yaml language server
-      "taplo", -- toml language server
-      "dagger", -- cuelsp - cue language server
-      "terraformls", -- terraform hcl
-      "marksman", -- markdown ls
-      "nickel_ls", -- nickel language server
-      "nil_ls", -- nix language server
-      "bufls", -- protocol buffer language server
-      "dockerls", -- dockerfile
-      "cmake", -- cmake language server
-      "sqls", -- sql language server
-
-      ---- General Purpose Languages
-      "clangd", -- c/c++
-      "gopls", -- go
-      "jdtls", -- java language server, provides only basic features
-      "rust_analyzer", -- rust
-      "pyright", -- python
-      "ruff_lsp", -- extremely fast Python linter and code transformation
-      -- "julials", -- julia language server
-      -- "zls", -- zig language server
-      "lua_ls", -- lua
-      "bashls", -- bash
-      "nushell", -- nushell language server
-
-      ---- Web Development
-      "ts_ls", -- typescript/javascript language server
-      "tailwindcss", -- tailwindcss language server
-      "html", -- html language server
-      "cssls", -- css language server
-      "prismals", -- prisma language server
-      "volar", -- vue language server
-
-      ---- Lisp Like
-      "scheme_langserver", -- scheme language server
-      "elixirls", -- elixir language server
-      -- "clojure_lsp", -- clojure language server"
-
-      ---- Circuit Design
-      "verible", -- verilog language server
-    },
-    -- customize language server configuration options passed to `lspconfig`
-    ---@diagnostic disable: missing-fields
-    config = {
-      -- the offset_encoding of clangd will confilicts whit null-ls
-      -- so we need to manually set it to utf-8
-      clangd = {
-        capabilities = {
-          offsetEncoding = "utf-8",
-        },
-      },
-      scheme_langserver = {
-        filetypes = { "scheme", "scm" },
-        single_file_support = true,
-      },
-      rust_analyzer = {
-        settings = {
-          -- Make the rust-analyzer use its own profile,
-          -- so you can run cargo build without that being blocked while rust-analyzer runs.
-          ["rust-analyzer"] = {
-            cargo = {
-              extraEnv = { CARGO_PROFILE_RUST_ANALYZER_INHERITS = "dev" },
-              extraArgs = { "--profile", "rust-analyzer" },
-            },
-          },
-        },
-      },
-    },
-    -- customize how language servers are attached
-    handlers = {
-      -- a function without a key is simply the default handler, functions take two parameters, the server name and the configured options table for that server
-      -- function(server, opts) require("lspconfig")[server].setup(opts) end
-
-      -- the key is the server that is being setup with `lspconfig`
-      -- rust_analyzer = false, -- setting a handler to false will disable the set up of that language server
-      -- pyright = function(_, opts) require("lspconfig").pyright.setup(opts) end -- or a custom handler function can be passed
-    },
-    -- Configure buffer local auto commands to add when attaching a language server
-    autocmds = {
-      -- first key is the `augroup` to add the auto commands to (:h augroup)
-      lsp_document_highlight = {
-        -- Optional condition to create/delete auto command group
-        -- can either be a string of a client capability or a function of `fun(client, bufnr): boolean`
-        -- condition will be resolved for each client on each execution and if it ever fails for all clients,
-        -- the auto commands will be deleted for that buffer
-        cond = "textDocument/documentHighlight",
-        -- cond = function(client, bufnr) return client.name == "lua_ls" end,
-        -- list of auto commands to set
-        {
-          -- events to trigger
-          event = { "CursorHold", "CursorHoldI" },
-          -- the rest of the autocmd options (:h nvim_create_autocmd)
-          desc = "Document Highlighting",
-          callback = function() vim.lsp.buf.document_highlight() end,
-        },
-        {
-          event = { "CursorMoved", "CursorMovedI", "BufLeave" },
-          desc = "Document Highlighting Clear",
-          callback = function() vim.lsp.buf.clear_references() end,
-        },
-      },
-    },
-    -- mappings to be set up on attaching of a language server
-    mappings = {
-      n = {
-        gl = { function() vim.diagnostic.open_float() end, desc = "Hover diagnostics" },
-
-        -- a `cond` key can provided as the string of a server capability to be required to attach, or a function with `client` and `bufnr` parameters from the `on_attach` that returns a boolean
-        -- gD = {
-        --   function() vim.lsp.buf.declaration() end,
-        --   desc = "Declaration of current symbol",
-        --   cond = "textDocument/declaration",
-        -- },
-        -- ["<Leader>uY"] = {
-        --   function() require("astrolsp.toggles").buffer_semantic_tokens() end,
-        --   desc = "Toggle LSP semantic highlight (buffer)",
-        --   cond = function(client) return client.server_capabilities.semanticTokensProvider and vim.lsp.semantic_tokens end,
-        -- },
-
-        -- refactoring
-        ["<Leader>ri"] = {
-          function() require("refactoring").refactor "Inline Variable" end,
-          desc = "Inverse of extract variable",
-        },
-        ["<Leader>rb"] = { function() require("refactoring").refactor "Extract Block" end, desc = "Extract Block" },
-        ["<Leader>rbf"] = {
-          function() require("refactoring").refactor "Extract Block To File" end,
-          desc = "Extract Block To File",
-        },
-        ["<Leader>rr"] = {
-          function() require("telescope").extensions.refactoring.refactors() end,
-          desc = "Prompt for a refactor to apply",
-        },
-        ["<Leader>rp"] = {
-          function() require("refactoring").debug.printf { below = false } end,
-          desc = "Insert print statement to mark the calling of a function",
-        },
-        ["<Leader>rv"] = {
-          function() require("refactoring").debug.print_var() end,
-          desc = "Insert print statement to print a variable",
-        },
-        ["<Leader>rc"] = {
-          function() require("refactoring").debug.cleanup {} end,
-          desc = "Cleanup of all generated print statements",
-        },
-      },
-      -- visual mode(what's the difference between v and x???)
-      x = {
-        -- refactoring
-        ["<Leader>ri"] = {
-          function() require("refactoring").refactor "Inline Variable" end,
-          desc = "Inverse of extract variable",
-        },
-        ["<Leader>re"] = {
-          function() require("refactoring").refactor "Extract Function" end,
-          desc = "Extracts the selected code to a separate function",
-        },
-        ["<Leader>rf"] = {
-          function() require("refactoring").refactor "Extract Function To File" end,
-          desc = "Extract Function To File",
-        },
-        ["<Leader>rv"] = {
-          function() require("refactoring").refactor "Extract Variable" end,
-          desc = "Extracts occurrences of a selected expression to its own variable",
-        },
-        ["<Leader>rr"] = {
-          function() require("telescope").extensions.refactoring.refactors() end,
-          desc = "Prompt for a refactor to apply",
-        },
-      },
-    },
-    -- A custom `on_attach` function to be run after the default `on_attach` function
-    -- takes two parameters `client` and `bufnr`  (`:h lspconfig-setup`)
-    on_attach = function(client, bufnr)
-      -- this would disable semanticTokensProvider for all clients
-      -- client.server_capabilities.semanticTokensProvider = nil
-    end,
-  },
-}

home/base/tui/editors/neovim/nvim/lua/plugins/astroui.lua

@@ -1,38 +0,0 @@
--- AstroUI provides the basis for configuring the AstroNvim User Interface
--- Configuration documentation can be found with `:h astroui`
--- NOTE: We highly recommend setting up the Lua Language Server (`:LspInstall lua_ls`)
---       as this provides autocomplete and documentation while editing
-
----@type LazySpec
-return {
-  "AstroNvim/astroui",
-  ---@type AstroUIOpts
-  opts = {
-    -- change colorscheme
-    -- colorscheme = "astrodark",
-    colorscheme = "catppuccin",
-    -- AstroUI allows you to easily modify highlight groups easily for any and all colorschemes
-    highlights = {
-      init = { -- this table overrides highlights in all themes
-        -- Normal = { bg = "#000000" },
-      },
-      astrotheme = { -- a table of overrides/changes when applying the astrotheme theme
-        -- Normal = { bg = "#000000" },
-      },
-    },
-    -- Icons can be configured throughout the interface
-    icons = {
-      -- configure the loading of the lsp in the status line
-      LSPLoading1 = "⠋",
-      LSPLoading2 = "⠙",
-      LSPLoading3 = "⠹",
-      LSPLoading4 = "⠸",
-      LSPLoading5 = "⠼",
-      LSPLoading6 = "⠴",
-      LSPLoading7 = "⠦",
-      LSPLoading8 = "⠧",
-      LSPLoading9 = "⠇",
-      LSPLoading10 = "⠏",
-    },
-  },
-}