feat: using claude-code with kimi k2

flake.lock: Update
Flake lock file updates: • Updated input 'mysecrets': 'git+ssh://git@github.com/ryan4yin/nix-secrets.git?ref=refs/heads/main&rev=a914c8281a8ad1df332cfcaf9a1024ecb7ccd9d3&shallow=1' (2025-07-12) → 'git+ssh://git@github.com/ryan4yin/nix-secrets.git?ref=refs/heads/main&rev=a231913597362c15c71fd9212cef5092ae85a64c&shallow=1' (2025-07-16)
2026-05-28 18:39:31 +02:00 · 2025-07-17 15:29:04 +08:00 · 2025-07-17 15:29:04 +08:00 · 2025-07-17 13:09:14 +08:00 · 2025-07-16 23:00:23 +08:00 · 2025-07-16 22:53:59 +08:00
193 changed files with 13704 additions and 2248 deletions
@@ -1,3 +1,4 @@
 .Trash-1000/
 result
 result/
 .direnv/
@@ -26,13 +26,13 @@ test:
 # Update all the flake inputs
 [group('nix')]
 up:
-  nix flake update
+  nix flake update --commit-lock-file
 # Update specific input
 # Usage: just upp nixpkgs
 [group('nix')]
 upp input:
-  nix flake update {{input}}
+  nix flake update {{input}} --commit-lock-file
 # List all generations of the system profile
 [group('nix')]
@@ -48,7 +48,10 @@ repl:
 # on darwin, you may need to switch to root user to run this command
 [group('nix')]
 clean:
  # Wipe out NixOS's history
  sudo nix profile wipe-history --profile /nix/var/nix/profiles/system  --older-than 7d
  # Wipe out home-manager's history
  nix profile wipe-history --profile $"($env.XDG_STATE_HOME)/nix/profiles/home-manager" --older-than 7d
 # Garbage collect all unused nix store entries
 [group('nix')]
@@ -94,6 +97,11 @@ verify-store:
 repair-store *paths:
  nix store repair {{paths}}
 # Update all Nixpkgs inputs
 [group('nix')]
 up-nix:
  nix flake update nixpkgs nixpkgs-stable nixpkgs-unstable nixpkgs-darwin nixpkgs-ollama
 ############################################################################
 #
 #  NixOS Desktop related commands
@@ -116,7 +124,7 @@ s-hypr mode="default":
 ############################################################################
 #
-#  Darwin related commands, harmonica is my macbook pro's hostname
+#  Darwin related commands
 #
 ############################################################################
@@ -133,15 +141,6 @@ darwin-rollback:
  use {{utils_nu}} *;
  darwin-rollback
 # Deploy to harmonica(macOS host)
 [macos]
 [group('desktop')]
 ha mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *;
  darwin-build "harmonica" {{mode}};
  darwin-switch "harmonica" {{mode}}
 # Depoly to fern(macOS host)
 [macos]
 [group('desktop')]
@@ -375,3 +374,29 @@ list-failed:
 [group('services')]
 list-systemd:
  systemctl list-units systemd-*
 # =================================================
 #
 # Nixpkgs Review via Github Action
 # https://github.com/ryan4yin/nixpkgs-review-gha
 #
 # =================================================
 # Run nixpkgs-review for PR
 [linux]
 [group('nixpkgs')]
 pkg-review pr:
  gh workflow run review.yml --repo ryan4yin/nixpkgs-review-gha -f x86_64-darwin=no -f post-result=true -f pr={{pr}}
 # Run package tests for PR
 [linux]
 [group('nixpkgs')]
 pkg-test pr pname:
  gh workflow run review.yml --repo ryan4yin/nixpkgs-review-gha -f x86_64-darwin=no -f post-result=true -f pr={{pr}} -f extra-args="-p {{pname}}.passthru.tests"
 # View the summary of a workflow
 [linux]
 [group('nixpkgs')]
 pkg-summary:
  gh workflow view review.yml --repo ryan4yin/nixpkgs-review-gha
@@ -132,15 +132,11 @@ nix-shell -p just nushell
 # 3. comment home-manager's code in lib/macosSystem.nix to speed up the first deployment.
 # 4. comment out the proxy settings in scripts/darwin_set_proxy.py if the proxy is not ready yet.
 # 4. deploy harmonica's configuration(macOS Intel)
 just ha
 # deploy fern's configuration(Apple Silicon)
 just fe
 # deploy with details
-just ha debug
+just fe debug
 # just fe debug
 ```
 > [What y'all will need when Nix drives you to drink.](https://www.youtube.com/watch?v=Eni9PPPPBpg)
@@ -48,7 +48,9 @@
    },
    "blender-bin": {
      "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "dir": "blender",
@@ -66,6 +68,26 @@
        "type": "github"
      }
    },
    "catppuccin": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1752227483,
        "narHash": "sha256-eetITGJfURryoHY5gfuE9/4sEV9aSgzhPxgsQgofNa8=",
        "owner": "catppuccin",
        "repo": "nix",
        "rev": "5f431aac1a4038c385e6de2d2384d943e4802d61",
        "type": "github"
      },
      "original": {
        "owner": "catppuccin",
        "repo": "nix",
        "type": "github"
      }
    },
    "crane": {
      "locked": {
        "lastModified": 1731098351,
@@ -157,6 +179,21 @@
      }
    },
    "flake-compat_3": {
      "locked": {
        "lastModified": 1688025799,
        "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
        "owner": "nix-community",
        "repo": "flake-compat",
        "rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-compat_4": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
@@ -219,11 +256,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1743550720,
+        "lastModified": 1751413152,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
        "type": "github"
      },
      "original": {
@@ -240,11 +277,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1743550720,
+        "lastModified": 1751413152,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
        "type": "github"
      },
      "original": {
@@ -293,16 +330,16 @@
      "inputs": {
        "flake-compat": "flake-compat",
        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
        "zig": "zig",
        "zon2nix": "zon2nix"
      },
      "locked": {
-        "lastModified": 1748658752,
+        "lastModified": 1752207706,
-        "narHash": "sha256-x50iF9eu6W/WP2Ah958n4FOiu4ix1ytP9mrej2m9GVs=",
+        "narHash": "sha256-6Fiy+icid2rKXL9oKcRd3zuITSwtdnShqCPp0Evt3fM=",
        "owner": "ghostty-org",
        "repo": "ghostty",
-        "rev": "7e85ca3a16ff93ec0eab085e61d5a48cb0222a6a",
+        "rev": "4aa28988a6ddd9aa8b3402e4bab05ad02a0c12c6",
        "type": "github"
      },
      "original": {
@@ -428,11 +465,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748654914,
+        "lastModified": 1752202894,
-        "narHash": "sha256-3xn61GBqAaRXvdvr1cSPcDj3kivENs0x9aJHLOHGiNM=",
+        "narHash": "sha256-knafgng4gCjZIUMyAEWjxxdols6n/swkYnbWr+oF+1w=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "6d09fd37a7d4110251c1c03cb09fbf6321fbe10d",
+        "rev": "fab659b346c0d4252208434c3c4b3983a4b38fec",
        "type": "github"
      },
      "original": {
@@ -442,21 +479,6 @@
        "type": "github"
      }
    },
    "impermanence": {
      "locked": {
        "lastModified": 1737831083,
        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
        "owner": "nix-community",
        "repo": "impermanence",
        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "impermanence",
        "type": "github"
      }
    },
    "lanzaboote": {
      "inputs": {
        "crane": "crane",
@@ -483,13 +505,30 @@
        "type": "github"
      }
    },
    "my-asahi-firmware": {
      "flake": false,
      "locked": {
        "lastModified": 1752336609,
        "narHash": "sha256-PeJXDQgKwmu6PEjEA+68I7nIOTTpwUUyO1b5PpQg4gc=",
        "ref": "refs/heads/main",
        "rev": "981583c8e101967ef6a66388ade54cab751f3a02",
        "shallow": true,
        "type": "git",
        "url": "ssh://git@github.com/ryan4yin/asahi-firmware.git"
      },
      "original": {
        "shallow": true,
        "type": "git",
        "url": "ssh://git@github.com/ryan4yin/asahi-firmware.git"
      }
    },
    "mysecrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1748512246,
+        "lastModified": 1752678564,
-        "narHash": "sha256-hSM5o7nwXbZI0vK5ya+xwSAVJ3FquZ63ejW9eEab2ho=",
+        "narHash": "sha256-x2sbH7Umncbyc9oca5mqX8kMChHVUTytKk+QXEcB4i4=",
        "ref": "refs/heads/main",
-        "rev": "099015dac014d6484594e49082ea1f126749efe8",
+        "rev": "a231913597362c15c71fd9212cef5092ae85a64c",
        "shallow": true,
        "type": "git",
        "url": "ssh://git@github.com/ryan4yin/nix-secrets.git"
@@ -507,11 +546,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748352827,
+        "lastModified": 1751313918,
-        "narHash": "sha256-sNUUP6qxGkK9hXgJ+p362dtWLgnIWwOCmiq72LAWtYo=",
+        "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "44a7d0e687a87b73facfe94fba78d323a6686a90",
+        "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf",
        "type": "github"
      },
      "original": {
@@ -523,14 +562,16 @@
    "nix-gaming": {
      "inputs": {
        "flake-parts": "flake-parts_3",
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1748656608,
+        "lastModified": 1752199489,
-        "narHash": "sha256-VU+8/kZ57Y7XTmgMBpybGMxO/elvUn/4yMndZji2pY8=",
+        "narHash": "sha256-p2zkn8fdLvZ19MgAA5CdiuQWQ/gE3YNg1Nhbm4EAflI=",
        "owner": "fufexan",
        "repo": "nix-gaming",
-        "rev": "b585487bb87faec1c7a09aada7cfe77dd7b3c5fe",
+        "rev": "62f976ed47de88323770646a9a92e4912d33585f",
        "type": "github"
      },
      "original": {
@@ -554,6 +595,28 @@
        "type": "github"
      }
    },
    "nixos-apple-silicon": {
      "inputs": {
        "flake-compat": "flake-compat_3",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1751622568,
        "narHash": "sha256-EE3NBsej517VRa1x+ylAghrvngftxf1KgfHlE9OYyXE=",
        "owner": "nix-community",
        "repo": "nixos-apple-silicon",
        "rev": "eba4b40c816e5aff8951ae231ac237e8aab8ec1d",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nixos-apple-silicon",
        "rev": "eba4b40c816e5aff8951ae231ac237e8aab8ec1d",
        "type": "github"
      }
    },
    "nixos-generators": {
      "inputs": {
        "nixlib": "nixlib",
@@ -562,11 +625,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747663185,
+        "lastModified": 1751903740,
-        "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
+        "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
+        "rev": "032decf9db65efed428afd2fa39d80f7089085eb",
        "type": "github"
      },
      "original": {
@@ -575,22 +638,6 @@
        "type": "github"
      }
    },
    "nixos-hardware": {
      "locked": {
        "lastModified": 1748634340,
        "narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
        "rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "master",
        "repo": "nixos-hardware",
        "type": "github"
      }
    },
    "nixpak": {
      "inputs": {
        "flake-parts": "flake-parts_4",
@@ -600,11 +647,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748485094,
+        "lastModified": 1752113924,
-        "narHash": "sha256-StAZf1nyocL8kTcVyg18n9I2ka/TQHks8RSLrmIp/TE=",
+        "narHash": "sha256-mbAHO0rZDBdSosV4LIk9s/3IH1ZhQY9ELixieo+iEns=",
        "owner": "nixpak",
        "repo": "nixpak",
-        "rev": "507bcbeec5979b5b332901062fe731c716b26544",
+        "rev": "19942ded45bd73c74dbb44642406da0569f639a8",
        "type": "github"
      },
      "original": {
@@ -615,26 +662,24 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1733808091,
+        "lastModified": 1748189127,
-        "narHash": "sha256-KWwINTQelKOoQgrXftxoqxmKFZb9pLVfnRvK270nkVk=",
+        "narHash": "sha256-zRDR+EbbeObu4V2X5QCd2Bk5eltfDlCr5yvhBwUT6pY=",
-        "owner": "NixOS",
+        "rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334",
-        "repo": "nixpkgs",
+        "type": "tarball",
-        "rev": "a0f3e10d94359665dba45b71b4227b0aeb851f8e",
+        "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.802491.7c43f080a7f2/nixexprs.tar.xz"
        "type": "github"
      },
      "original": {
-        "id": "nixpkgs",
+        "type": "tarball",
-        "ref": "nixos-24.11",
+        "url": "https://channels.nixos.org/nixos-25.05/nixexprs.tar.xz"
        "type": "indirect"
      }
    },
    "nixpkgs-darwin": {
      "locked": {
-        "lastModified": 1748506378,
+        "lastModified": 1751949589,
-        "narHash": "sha256-oS0Gxh63Df8b8r04lqEYDDLKhHIrVr9/JLOn2bn8JaI=",
+        "narHash": "sha256-mgFxAPLWw0Kq+C8P3dRrZrOYEQXOtKuYVlo9xvPntt8=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "3866ad91cfc172f08a6839def503d8fc2923c603",
+        "rev": "9b008d60392981ad674e04016d25619281550a9d",
        "type": "github"
      },
      "original": {
@@ -646,11 +691,11 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1743296961,
+        "lastModified": 1751159883,
-        "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
+        "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
+        "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab",
        "type": "github"
      },
      "original": {
@@ -661,11 +706,11 @@
    },
    "nixpkgs-ollama": {
      "locked": {
-        "lastModified": 1748460289,
+        "lastModified": 1751984180,
-        "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=",
+        "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102",
+        "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
        "type": "github"
      },
      "original": {
@@ -693,11 +738,11 @@
    },
    "nixpkgs-stable_2": {
      "locked": {
-        "lastModified": 1748437600,
+        "lastModified": 1751943650,
-        "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=",
+        "narHash": "sha256-7orTnNqkGGru8Je6Un6mq1T8YVVU/O5kyW4+f9C1mZQ=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "7282cb574e0607e65224d33be8241eae7cfe0979",
+        "rev": "88983d4b665fb491861005137ce2b11a9f89f203",
        "type": "github"
      },
      "original": {
@@ -709,11 +754,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1748460289,
+        "lastModified": 1751984180,
-        "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=",
+        "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102",
+        "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
        "type": "github"
      },
      "original": {
@@ -725,40 +770,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1748189127,
+        "lastModified": 1751984180,
-        "narHash": "sha256-zRDR+EbbeObu4V2X5QCd2Bk5eltfDlCr5yvhBwUT6pY=",
+        "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
        "rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334",
        "type": "tarball",
        "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.802491.7c43f080a7f2/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
        "url": "https://channels.nixos.org/nixos-25.05/nixexprs.tar.xz"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1747958103,
        "narHash": "sha256-qmmFCrfBwSHoWw7cVK4Aj+fns+c54EBP8cGqp/yK410=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "fe51d34885f7b5e3e7b59572796e1bcb427eccb1",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_4": {
      "locked": {
        "lastModified": 1748460289,
        "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102",
+        "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
        "type": "github"
      },
      "original": {
@@ -768,39 +784,11 @@
        "type": "github"
      }
    },
    "nixpkgs_5": {
      "locked": {
        "lastModified": 1701436327,
        "narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=",
        "rev": "91050ea1e57e50388fa87a3302ba12d188ef723a",
        "revCount": 555097,
        "type": "tarball",
        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.555097%2Brev-91050ea1e57e50388fa87a3302ba12d188ef723a/018c3450-2363-7c34-883b-4ba70b1eb7ae/source.tar.gz"
      },
      "original": {
        "type": "tarball",
        "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz"
      }
    },
    "nixpkgs_6": {
      "locked": {
        "lastModified": 1747610100,
        "narHash": "sha256-rpR5ZPMkWzcnCcYYo3lScqfuzEw5Uyfh+R0EKZfroAc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "ca49c4304acf0973078db0a9d200fd2bae75676d",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nuenv": {
      "inputs": {
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": [
          "nixpkgs"
        ],
        "rust-overlay": "rust-overlay_2"
      },
      "locked": {
@@ -819,14 +807,16 @@
    },
    "nur-ryan4yin": {
      "inputs": {
-        "nixpkgs": "nixpkgs_6"
+        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1747880260,
+        "lastModified": 1751086727,
-        "narHash": "sha256-qJSGFMB/bPCeX2TPWhrbe3AZhLbxEtm/HeUV2+rOO78=",
+        "narHash": "sha256-5y9aE/o+KwEg075R5m/13Z1mavtyWv+9DE5uppLdRlo=",
        "owner": "ryan4yin",
        "repo": "nur-packages",
-        "rev": "b64163d1bffff09b39a109d38163e6960c524c4f",
+        "rev": "a41be29389c8503f67b9f5cd47fa8b99a5bb3fe5",
        "type": "github"
      },
      "original": {
@@ -838,11 +828,11 @@
    "polybar-themes": {
      "flake": false,
      "locked": {
-        "lastModified": 1744988472,
+        "lastModified": 1750950071,
-        "narHash": "sha256-TxsO28Rd0U/FgA9v5M6426rFW0wNVdN1AVOazxsbMNo=",
+        "narHash": "sha256-Hanx8zEueKvI4jBrcUQIo6GnkzcS2TgsixBLS8V9ZKM=",
        "owner": "adi1090x",
        "repo": "polybar-themes",
-        "rev": "03e542779448dd9fdb1e3451858cf66cf13b31bd",
+        "rev": "ccf23ef328f1e988650487c40678c6953038e2b2",
        "type": "github"
      },
      "original": {
@@ -853,18 +843,18 @@
    },
    "pre-commit-hooks": {
      "inputs": {
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat_4",
        "gitignore": "gitignore_2",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1747372754,
+        "lastModified": 1750779888,
-        "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
+        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
+        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
        "type": "github"
      },
      "original": {
@@ -900,24 +890,40 @@
        "type": "github"
      }
    },
    "preservation": {
      "locked": {
        "lastModified": 1751384068,
        "narHash": "sha256-xGq+Om1ReXcQy6h57yj9V5nOM84g/GBJ3m6oxe1a3js=",
        "owner": "nix-community",
        "repo": "preservation",
        "rev": "286737ba485f30c1687c833e66f5901a6c8dc019",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "preservation",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "agenix": "agenix",
        "anyrun": "anyrun",
        "blender-bin": "blender-bin",
        "catppuccin": "catppuccin",
        "disko": "disko",
        "ghostty": "ghostty",
        "haumea": "haumea",
        "home-manager": "home-manager_2",
        "impermanence": "impermanence",
        "lanzaboote": "lanzaboote",
        "my-asahi-firmware": "my-asahi-firmware",
        "mysecrets": "mysecrets",
        "nix-darwin": "nix-darwin",
        "nix-gaming": "nix-gaming",
        "nixos-apple-silicon": "nixos-apple-silicon",
        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
        "nixpak": "nixpak",
-        "nixpkgs": "nixpkgs_4",
+        "nixpkgs": "nixpkgs_2",
        "nixpkgs-darwin": "nixpkgs-darwin",
        "nixpkgs-ollama": "nixpkgs-ollama",
        "nixpkgs-stable": "nixpkgs-stable_2",
@@ -926,6 +932,7 @@
        "nur-ryan4yin": "nur-ryan4yin",
        "polybar-themes": "polybar-themes",
        "pre-commit-hooks": "pre-commit-hooks",
        "preservation": "preservation",
        "wallpapers": "wallpapers"
      }
    },
@@ -48,7 +48,6 @@
      url = "github:lnl7/nix-darwin";
      inputs.nixpkgs.follows = "nixpkgs-darwin";
    };
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
    # home-manager, used for managing user configuration
    home-manager = {
@@ -61,12 +60,20 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # https://github.com/catppuccin/nix
    catppuccin = {
      url = "github:catppuccin/nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    lanzaboote = {
      url = "github:nix-community/lanzaboote/v0.4.2";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    impermanence.url = "github:nix-community/impermanence";
+    preservation = {
      url = "github:nix-community/preservation";
    };
    # community wayland nixpkgs
    # nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
@@ -90,7 +97,10 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    nix-gaming.url = "github:fufexan/nix-gaming";
+    nix-gaming = {
      url = "github:fufexan/nix-gaming";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    disko = {
      url = "github:nix-community/disko/v1.11.0";
@@ -103,7 +113,10 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    nuenv.url = "github:DeterminateSystems/nuenv";
+    nuenv = {
      url = "github:DeterminateSystems/nuenv";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    haumea = {
      url = "github:nix-community/haumea/v0.2.2";
@@ -119,7 +132,16 @@
      url = "github:ghostty-org/ghostty";
    };
-    blender-bin.url = "github:edolstra/nix-warez?dir=blender";
+    blender-bin = {
      url = "github:edolstra/nix-warez?dir=blender";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixos-apple-silicon = {
      # 2025-07-04
      url = "github:nix-community/nixos-apple-silicon/eba4b40c816e5aff8951ae231ac237e8aab8ec1d";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    ########################  Some non-flake repositories  #########################################
@@ -137,13 +159,21 @@
      flake = false;
    };
    my-asahi-firmware = {
      url = "git+ssh://git@github.com/ryan4yin/asahi-firmware.git?shallow=1";
      flake = false;
    };
    # my wallpapers
    wallpapers = {
      url = "github:ryan4yin/wallpapers";
      flake = false;
    };
-    nur-ryan4yin.url = "github:ryan4yin/nur-packages";
+    nur-ryan4yin = {
      url = "github:ryan4yin/nur-packages";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # for waydroid
    # nur-ataraxiasjel.url = "github:AtaraxiaSjel/nur";
@@ -18,10 +18,8 @@
   - [ ] AppArmor
   - [ ] Kernel & System Hardening
 1. **Per-App Level**:
-   - Nixpak (Bubblewrap)
+   - Nixpak (Bubblewrap, running at user-level)
-     - [x] QQ
+   - Firejail (a SUID program, meaning it's running as root)
     - [x] Firefox
   - [ ] Firejail (risk? not enabled yet)
 ## Kernel Hardening
@@ -32,26 +30,27 @@
 - NixOS Profile:
  https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/profiles/hardened.nix
- Apparmor: [roddhjav/apparmor.d)](https://github.com/roddhjav/apparmor.d)
+- Apparmor: [roddhjav/apparmor.d](https://github.com/roddhjav/apparmor.d)
  - https://gitlab.com/apparmor/apparmor/-/wikis/Documentation
  - AppArmor.d is a set of over 1500 AppArmor profiles whose aim is to confine most Linux based
    applications and processes.
-  - Nix Package:
+  - But all the profiles of AppArmor assume a FHS filesystem, which caused all apparmor policies
-    [roddhjav-apparmor-rules](https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ro/roddhjav-apparmor-rules/package.nix#L33)
+    takes no effect on NixOS.
-  - https://github.com/NixOS/nixpkgs/issues/331645
+  - Apparmor on NixOS Roadmap:
    - https://discourse.nixos.org/t/apparmor-on-nixos-roadmap/57217
    - https://github.com/LordGrimmauld/aa-alias-manager
 - SELinux: too complex, not recommended for personal use.
 ## Application Sandboxing
 - [Bubblewrap](https://github.com/containers/bubblewrap):
  [nixpak](https://github.com/nixpak/nixpak), more secure than firejail, but no batteries included.
  - NixOS's FHSEnv is implemented using bubblewrap by default.
 - [Firejail](https://github.com/netblue30/firejail/tree/master/etc): A SUID security sandbox with
  hundreds of security profiles for many common applications in the default installation.
  - https://wiki.nixos.org/wiki/Firejail
  - Firejail needs SUID to work, which is considered a security risk -
    [Does firejail improve the security of my system?](https://github.com/netblue30/firejail/discussions/4601)
 - [Bubblewrap](https://github.com/containers/bubblewrap):
  [nixpak](https://github.com/nixpak/nixpak), more secure than firejail, but no batteries included.
  - NixOS's FHSEnv is implemented using bubblewrap by default.
 - [Systemd/Hardening](https://wiki.nixos.org/wiki/Systemd/Hardening): Systemd also provides some
  sandboxing features.
@@ -67,8 +66,6 @@ provide a much higher level of security.
 - [Harden your NixOS workstation - dataswamp](https://dataswamp.org/~solene/2022-01-13-nixos-hardened.html)
 - [Linux Insecurities - Madaidans](https://madaidans-insecurities.github.io/linux.html)
 - [Sandboxing all programs by default - NixOS Discourse](https://discourse.nixos.org/t/sandboxing-all-programs-by-default/7792)
 - [在 Firejail 中运行 Steam](https://imbearchild.cyou/archives/2021/11/steam-in-firejail/)
 - [Firejail - Arch Linux Wiki](https://wiki.archlinux.org/title/Firejail)
 - [Paranoid NixOS Setup - xeiaso](https://xeiaso.net/blog/paranoid-nixos-2021-07-18/)
 - [nix-mineral](https://github.com/cynicsketch/nix-mineral): NixOS module for convenient system
  hardening.
@@ -80,8 +77,7 @@ provide a much higher level of security.
 - firejail configs:
  - https://github.com/stelcodes/nixos-config/blob/f8967c82a5e5f3d128eb1aaf7498b5f918f719ec/packages/overlay.nix#L261
 - apparmor configs:
  - https://github.com/sukhmancs/nixos-configs/blob/7fcf737c506ad843113cd5b94796b49d4d4dfad2/modules/shared/security/apparmor/default.nix#L8
  - https://github.com/zramctl/dotfiles/blob/4fe177f6984154960942bb47d5a375098ec6ed6a/modules/nixos/security/apparmor.nix#L4
  - https://git.grimmauld.de/Grimmauld/grimm-nixos-laptop/src/branch/main/hardening
 - Others:
  - Directly via `buildFHSUserEnvBubblewrap`:
    https://github.com/xddxdd/nur-packages/blob/master/pkgs/uncategorized/wechat-uos/default.nix
@@ -0,0 +1,9 @@
 {
  nixpkgs.overlays = [
    (_: super: {
      bwraps = {
        wechat = super.callPackage ./wechat.nix {};
      };
    })
  ];
 }
@@ -0,0 +1,98 @@
 # - wechat's flatpak manifest: https://github.com/flathub/com.tencent.WeChat/blob/master/com.tencent.WeChat.yaml
 # Refer:
 # - Flatpak manifest's docs:
 #   - https://docs.flatpak.org/en/latest/manifests.html
 #   - https://docs.flatpak.org/en/latest/sandbox-permissions.html
 #
 # TODO Since appimageTools.wrapAppImage do not support overriding, I have to pack this package myself.
 # https://github.com/NixOS/nixpkgs/pull/358977
 {
  appimageTools,
  fetchurl,
  stdenvNoCC,
 }: let
  pname = "wechat";
  # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/we/wechat/package.nix
  sources = {
    aarch64-linux = {
      version = "4.0.1.11";
      src = fetchurl {
        url = "https://web.archive.org/web/20250512112413if_/https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_arm64.AppImage";
        hash = "sha256-Rg+FWNgOPC02ILUskQqQmlz1qNb9AMdvLcRWv7NQhGk=";
      };
    };
    x86_64-linux = {
      version = "4.0.1.11";
      src = fetchurl {
        url = "https://web.archive.org/web/20250512110825if_/https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_x86_64.AppImage";
        hash = "sha256-gBWcNQ1o1AZfNsmu1Vi1Kilqv3YbR+wqOod4XYAeVKo=";
      };
    };
  };
  inherit (stdenvNoCC.hostPlatform) system;
  inherit (sources.${system} or (throw "Unsupported system: ${system}")) version src;
  # https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/we/wechat/linux.nix
  appimageContents = appimageTools.extract {
    inherit pname version src;
    postExtract = ''
      patchelf --replace-needed libtiff.so.5 libtiff.so $out/opt/wechat/wechat
    '';
  };
 in
  appimageTools.wrapAppImage {
    inherit pname version;
    src = appimageContents;
    extraInstallCommands = ''
      mkdir -p $out/share/applications
      cp ${appimageContents}/wechat.desktop $out/share/applications/
      mkdir -p $out/share/pixmaps
      cp ${appimageContents}/wechat.png $out/share/pixmaps/
      substituteInPlace $out/share/applications/wechat.desktop --replace-fail AppRun wechat
    '';
    # Add these root paths to FHS sandbox to prevent WeChat from accessing them by default
    # Adapted from https://aur.archlinux.org/cgit/aur.git/tree/wechat-universal.sh?h=wechat-universal-bwrap
    extraPreBwrapCmds = ''
      XDG_DOCUMENTS_DIR="''${XDG_DOCUMENTS_DIR:-$(xdg-user-dir DOCUMENTS)}"
      if [[ -z "''${XDG_DOCUMENTS_DIR}" ]]; then
          echo 'Error: Failed to get XDG_DOCUMENTS_DIR, refuse to continue'
          exit 1
      fi
      WECHAT_DATA_DIR="''${XDG_DOCUMENTS_DIR}/WeChat_Data"
      # Using ''${WECHAT_DATA_DIR} as Wechat Data folder
      WECHAT_HOME_DIR="''${WECHAT_DATA_DIR}/home"
      WECHAT_FILES_DIR="''${WECHAT_DATA_DIR}/xwechat_files"
      mkdir -p "''${WECHAT_FILES_DIR}"
      mkdir -p "''${WECHAT_HOME_DIR}"
      ln -snf "''${WECHAT_FILES_DIR}" "''${WECHAT_HOME_DIR}/xwechat_files"
    '';
    extraBwrapArgs = [
      "--tmpfs /home"
      "--tmpfs /root"
      # format: --bind <host-path> <sandbox-path>
      "--bind \${WECHAT_HOME_DIR} \${HOME}"
      "--bind \${WECHAT_FILES_DIR} \${WECHAT_FILES_DIR}"
      "--chdir \${HOME}"
      # wechat-universal only supports xcb
      "--setenv QT_QPA_PLATFORM xcb"
      "--setenv QT_AUTO_SCREEN_SCALE_FACTOR 1"
      # use fcitx as IME
      "--setenv QT_IM_MODULE fcitx"
      "--setenv GTK_IM_MODULE fcitx"
    ];
    chdirToPwd = false;
    unshareNet = false;
    unshareIpc = true;
    unsharePid = true;
    unshareUts = true;
    unshareCgroup = true;
    privateTmp = true;
  }
@@ -1,71 +0,0 @@
 {pkgs, ...}: let
  firejailWrapper = import ./firejailWrapper.nix pkgs;
 in {
  programs.firejail.enable = true;
  # Add firejailed Apps into nixsuper, and reference them in home-manager or other nixos modules
  nixpkgs.overlays = [
    (_: super: {
      firejailed = {
        steam = firejailWrapper {
          name = "steam-firejailed";
          executable = "${super.steam}/bin/steam";
          profile = "${super.firejail}/etc/firejail/steam.profile";
        };
        steam-run = firejailWrapper {
          name = "steam-run-firejailed";
          executable = "${super.steam}/bin/steam-run";
          profile = "${super.firejail}/etc/firejail/steam.profile";
        };
        # firefox = firejailWrapper {
        #   name = "firefox-firejailed";
        #   executable = "${super.lib.getBin super.firefox-wayland}/bin/firefox";
        #   profile = "${super.firejail}/etc/firejail/firefox.profile";
        # };
        # chromium = firejailWrapper {
        #   name = "chromium-firejailed";
        #   executable = "${super.lib.getBin super.ungoogled-chromium}/bin/chromium";
        #   profile = "${super.firejail}/etc/firejail/chromium.profile";
        # };
        mpv = firejailWrapper {
          executable = "${super.lib.getBin super.mpv}/bin/mpv";
          profile = "${super.firejail}/etc/firejail/mpv.profile";
        };
        imv = firejailWrapper {
          executable = "${super.lib.getBin super.imv}/bin/imv";
          profile = "${super.firejail}/etc/firejail/imv.profile";
        };
        zathura = firejailWrapper {
          executable = "${super.lib.getBin super.zathura}/bin/zathura";
          profile = "${super.firejail}/etc/firejail/zathura.profile";
        };
        slack = firejailWrapper {
          executable = "${super.lib.getBin super.slack}/bin/slack";
          profile = "${super.firejail}/etc/firejail/slack.profile";
        };
        telegram-desktop = firejailWrapper {
          executable = "${super.lib.getBin super.tdesktop}/bin/telegram-desktop";
          profile = "${super.firejail}/etc/firejail/telegram-desktop.profile";
        };
        brave = firejailWrapper {
          executable = "${super.lib.getBin super.brave}/bin/brave";
          profile = "${super.firejail}/etc/firejail/brave.profile";
        };
        qutebrowser = firejailWrapper {
          executable = "${super.lib.getBin super.qutebrowser}/bin/qutebrowser";
          profile = "${super.firejail}/etc/firejail/qutebrowser.profile";
        };
        thunar = firejailWrapper {
          executable = "${super.lib.getBin super.xfce.thunar}/bin/thunar";
          profile = "${super.firejail}/etc/firejail/thunar.profile";
        };
        vscodium = firejailWrapper {
          executable = "${super.lib.getBin super.vscodium}/bin/vscodium";
          profile = "${super.firejail}/etc/firejail/vscodium.profile";
        };
      };
    })
  ];
 }
@@ -1,35 +0,0 @@
 # https://www.reddit.com/r/NixOS/comments/1b56jdx/simple_nix_function_for_wrapping_executables_with/
 pkgs: {
  name ? "firejail-wrapper",
  executable,
  desktop ? null,
  profile ? null,
  extraArgs ? [],
 }:
 pkgs.runCommand name
 {
  preferLocalBuild = true;
  allowSubstitutes = false;
  meta.priority = -1; # take precedence over non-firejailed versions
 }
 (
  let
    firejailArgs = pkgs.lib.concatStringsSep " " (
      extraArgs ++ (pkgs.lib.optional (profile != null) "--profile=${toString profile}")
    );
  in
    ''
      command_path="$out/bin/$(basename ${executable})-jailed"
      mkdir -p $out/bin
      mkdir -p $out/share/applications
      cat <<'_EOF' >"$command_path"
      #! ${pkgs.runtimeShell} -e
      exec /run/wrappers/bin/firejail ${firejailArgs} -- ${toString executable} "\$@"
      _EOF
      chmod 0755 "$command_path"
    ''
    + pkgs.lib.optionalString (desktop != null) ''
      substitute ${desktop} $out/share/applications/$(basename ${desktop}) \
        --replace ${executable} "$command_path"
    ''
 )
@@ -22,8 +22,8 @@ in {
        qq = wrapper super ./qq.nix;
        qq-desktop-item = super.callPackage ./qq-desktop-item.nix {};
-        wechat-uos = wrapper super ./wechat-uos.nix;
+        wechat = wrapper super ./wechat.nix;
-        wechat-uos-desktop-item = super.callPackage ./wechat-uos-desktop-item.nix {};
+        wechat-desktop-item = super.callPackage ./wechat-desktop-item.nix {};
        firefox = wrapper super ./firefox.nix;
        firefox-desktop-item = super.callPackage ./firefox-desktop-item.nix {};
@@ -34,6 +34,15 @@ mkNixPak {
      "org.mozilla.firefox_beta.*" = "own"; # firefox beta
      "org.mpris.MediaPlayer2.firefox.*" = "own";
      "org.freedesktop.NetworkManager" = "talk";
      "org.gnome.Shell.Screencast" = "talk";
      # System tray icon
      "org.freedesktop.Notifications" = "talk";
      "org.kde.StatusNotifierWatcher" = "talk";
      # File Manager
      "org.freedesktop.FileManager1" = "talk";
      # Uses legacy StatusNotifier implementation
      "org.kde.*" = "own";
    };
    bubblewrap = {
@@ -45,17 +54,21 @@ mkNixPak {
        # NOTE: sloth.mkdir is used to create the directory if it does not exist!
        (sloth.mkdir (sloth.concat' sloth.homeDir "/.mozilla"))
        # ================ for externsions ===============================
        # required by https://github.com/browserpass/browserpass-extension
        (sloth.concat' sloth.homeDir "/.local/share/password-store") # pass
        sloth.xdgDownloadDir
        sloth.xdgDocumentsDir
        sloth.xdgDownloadDir
        sloth.xdgMusicDir
        sloth.xdgVideosDir
      ];
      bind.ro = [
        # To actually make Firefox run
        "/sys/bus/pci"
        ["${config.app.package}/lib/firefox" "/app/etc/firefox"]
        # ================ for browserpass extension ===============================
        "/etc/gnupg"
        (sloth.concat' sloth.homeDir "/.gnupg") # gpg's config
        (sloth.concat' sloth.homeDir "/.local/share/password-store") # my secrets
        (sloth.concat' sloth.runtimeDir "/gnupg") # for access gpg-agent socket
        # Unsure
        (sloth.concat' sloth.xdgConfigHome "/dconf")
      ];
@@ -65,12 +78,6 @@ mkNixPak {
        wayland = true;
        pipewire = true;
      };
      bind.dev = [
        "/dev/shm" # Shared Memory
      ];
      tmpfs = [
        "/tmp"
      ];
    };
  };
 }
@@ -18,8 +18,11 @@ in {
      "org.gtk.vfs.*" = "talk";
      "org.gtk.vfs" = "talk";
      "ca.desrt.dconf" = "talk";
      "org.freedesktop.portal.*" = "talk";
      "org.a11y.Bus" = "talk";
      # for default portal & gtk/hyprland's portal
      "org.freedesktop.portal.*" = "talk";
      "org.freedesktop.impl.portal.desktop.*" = "talk";
    };
    # https://github.com/nixpak/nixpak/blob/master/modules/gpu.nix
    # 1. bind readonly - /run/opengl-driver
@@ -72,6 +75,8 @@ in {
        "/etc/static/egl"
      ];
      bind.dev = [
        "/dev/shm" # Shared Memory
        # seems required when using nvidia as primary gpu
        "/dev/nvidia0"
        "/dev/nvidiactl"
@@ -79,6 +84,10 @@ in {
        "/dev/nvidia-uvm"
      ];
      tmpfs = [
        "/tmp"
      ];
      env = {
        XDG_DATA_DIRS = lib.mkForce (lib.makeSearchPath "share" [
          iconTheme
@@ -5,7 +5,7 @@
 makeDesktopItem {
  name = "qq";
  desktopName = "QQ";
-  exec = "qq %U";
+  exec = "${qq}/bin/qq %U";
  terminal = false;
  # To find the icon name(nushell):
  #   let p = NIXPKGS_ALLOW_UNFREE=1 nix eval --impure nixpkgs#qq.outPath | str trim --char '"'
@@ -30,8 +30,13 @@ mkNixPak {
    #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
    dbus.policies = {
      "org.gnome.Shell.Screencast" = "talk";
      # System tray icon
      "org.freedesktop.Notifications" = "talk";
      "org.kde.StatusNotifierWatcher" = "talk";
      # File Manager
      "org.freedesktop.FileManager1" = "talk";
      # Uses legacy StatusNotifier implementation
      "org.kde.*" = "own";
    };
    bubblewrap = {
      # To trace all the home files QQ accesses, you can use the following nushell command:
@@ -41,20 +46,17 @@ mkNixPak {
        # given the read write permission to the following directories.
        # NOTE: sloth.mkdir is used to create the directory if it does not exist!
        (sloth.mkdir (sloth.concat [sloth.xdgConfigHome "/QQ"]))
-        (sloth.mkdir (sloth.concat [sloth.xdgDocumentsDir "/QQ"]))
+
        sloth.xdgDocumentsDir
        sloth.xdgDownloadDir
        sloth.xdgMusicDir
        sloth.xdgVideosDir
      ];
      sockets = {
        x11 = false;
        wayland = true;
        pipewire = true;
      };
      bind.dev = [
        "/dev/shm" # Shared Memory
      ];
      tmpfs = [
        "/tmp"
      ];
    };
  };
 }
@@ -1,17 +0,0 @@
 {
  makeDesktopItem,
  wechat-uos,
 }:
 makeDesktopItem {
  name = "wechat";
  desktopName = "WeChat";
  exec = "wechat-uos %U";
  terminal = false;
  # To find the icon name(nushell):
  #   let p = NIXPKGS_ALLOW_UNFREE=1 nix eval --impure nixpkgs#wechat-uos.outPath | str trim --char '"'
  #   tree $"($p)/share/icons"
  icon = "${wechat-uos}/share/icons/hicolor/256x256/apps/com.tencent.wechat.png";
  type = "Application";
  categories = ["Network"];
  comment = "Wechat boxed";
 }
@@ -1,73 +0,0 @@
 # TODO: wechat-uos is running in FHS sandbox by default, it's problematic
 #   to wrap it again via flatpak. We need to find a way to fix it.
 #   https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/we/wechat-uos/package.nix
 # Refer:
 # - Flatpak manifest's docs:
 #   - https://docs.flatpak.org/en/latest/manifests.html
 #   - https://docs.flatpak.org/en/latest/sandbox-permissions.html
 # - wechat-uos's flatpak manifest: https://github.com/flathub/com.tencent.WeChat/blob/master/com.tencent.WeChat.yaml
 {
  lib,
  pkgs,
  mkNixPak,
  ...
 }:
 mkNixPak {
  config = {sloth, ...}: {
    app = {
      package = pkgs.wechat-uos;
      binPath = "bin/wechat-uos";
    };
    flatpak.appId = "com.tencent.WeChat";
    imports = [
      ./modules/gui-base.nix
      ./modules/network.nix
    ];
    # list all dbus services:
    #   ls -al /run/current-system/sw/share/dbus-1/services/
    #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
    dbus.policies = {
      "org.gnome.Shell.Screencast" = "talk";
      # System tray icon
      "org.freedesktop.Notifications" = "talk";
      "org.kde.StatusNotifierWatcher" = "talk";
      # File Manager
      "org.freedesktop.FileManager1" = "talk";
      # Uses legacy StatusNotifier implementation
      "org.kde.*" = "own";
    };
    bubblewrap = {
      # To trace all the home files QQ accesses, you can use the following nushell command:
      #   just trace-access wechat-uos
      # See the Justfile in the root of this repository for more information.
      bind.rw = [
        # given the read write permission to the following directories.
        # NOTE: sloth.mkdir is used to create the directory if it does not exist!
        (sloth.mkdir (sloth.concat [sloth.homeDir "/.xwechat"]))
        (sloth.mkdir (sloth.concat [sloth.xdgDocumentsDir "/xwechat_files"]))
        (sloth.mkdir (sloth.concat [sloth.xdgDocumentsDir "/WeChat_Data/"]))
        sloth.xdgDownloadDir
      ];
      sockets = {
        x11 = false;
        wayland = true;
        pipewire = true;
      };
      bind.dev = [
        "/dev/shm" # Shared Memory
      ];
      tmpfs = [
        "/tmp"
      ];
      env = {
        # Hidpi scale
        "QT_AUTO_SCREEN_SCALE_FACTOR" = "1";
        # Only supports xcb
        "QT_QPA_PLATFORM" = "kcb";
      };
    };
  };
 }
@@ -1,16 +1,8 @@
 {
  pkgs,
  nur-ryan4yin,
  ...
 }: {
  # https://github.com/catppuccin/btop/blob/main/themes/catppuccin_mocha.theme
  xdg.configFile."btop/themes".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-btop}/themes";
  # replacement of htop/nmon
  programs.btop = {
    enable = true;
    settings = {
      color_theme = "catppuccin_mocha";
      theme_background = false; # make btop transparent
    };
  };
@@ -1,8 +1,4 @@
-{
+{pkgs, ...}: {
  pkgs,
  nur-ryan4yin,
  ...
 }: {
  home.packages = with pkgs; [
    # Misc
    cowsay
@@ -25,8 +21,6 @@
    sad # CLI search and replace, just like sed, but with diff preview.
    yq-go # yaml processor https://github.com/mikefarah/yq
    just # a command runner like make, but simpler
    delta # A viewer for git and diff output
    lazygit # Git terminal UI.
    hyperfine # command-line benchmarking tool
    gping # ping, but with a graph(TUI)
    doggo # DNS client for humans
@@ -53,10 +47,9 @@
    ncdu # analyzer your disk usage Interactively, via TUI(replacement of `du`)
  ];
  programs = {
  # A modern replacement for ‘ls’
  # useful in bash/zsh prompt, not in nushell.
-    eza = {
+  programs.eza = {
    enable = true;
    # do not enable aliases in nushell!
    enableNushellIntegration = false;
@@ -65,44 +58,18 @@
  };
  # a cat(1) clone with syntax highlighting and Git integration.
-    bat = {
+  programs.bat = {
    enable = true;
    config = {
      pager = "less -FR";
        theme = "catppuccin-mocha";
      };
      themes = {
        # https://raw.githubusercontent.com/catppuccin/bat/main/Catppuccin-mocha.tmTheme
        catppuccin-mocha = {
          src = nur-ryan4yin.packages.${pkgs.system}.catppuccin-bat;
          file = "Catppuccin-mocha.tmTheme";
        };
    };
  };
  # A command-line fuzzy finder
-    fzf = {
+  programs.fzf.enable = true;
      enable = true;
      # https://github.com/catppuccin/fzf
      # catppuccin-mocha
      colors = {
        "bg+" = "#313244";
        "bg" = "#1e1e2e";
        "spinner" = "#f5e0dc";
        "hl" = "#f38ba8";
        "fg" = "#cdd6f4";
        "header" = "#f38ba8";
        "info" = "#cba6f7";
        "pointer" = "#f5e0dc";
        "marker" = "#f5e0dc";
        "fg+" = "#cdd6f4";
        "prompt" = "#cba6f7";
        "hl+" = "#f38ba8";
      };
    };
  # very fast version of tldr in Rust
-    tealdeer = {
+  programs.tealdeer = {
    enable = true;
    enableAutoUpdates = true;
    settings = {
@@ -134,7 +101,7 @@
  #   zi foo             # cd with interactive selection (using fzf)
  #
  #   z foo<SPACE><TAB>  # show interactive completions (zoxide v0.8.0+, bash 4.4+/fish/zsh only)
-    zoxide = {
+  programs.zoxide = {
    enable = true;
    enableBashIntegration = true;
    enableZshIntegration = true;
@@ -145,11 +112,10 @@
  # and records additional context for your commands.
  # Additionally, it provides optional and fully encrypted
  # synchronisation of your history between machines, via an Atuin server.
-    atuin = {
+  programs.atuin = {
    enable = true;
    enableBashIntegration = true;
    enableZshIntegration = true;
    enableNushellIntegration = true;
  };
  };
 }
@@ -13,8 +13,27 @@
    rm -f ${config.home.homeDirectory}/.gitconfig
  '';
-  home.packages = with pkgs; [
+  # GitHub CLI tool
-  ];
+  # https://cli.github.com/manual/
  programs.gh = {
    enable = true;
    settings = {
      git_protocol = "ssh";
      prompt = "enabled";
      aliases = {
        co = "pr checkout";
        pv = "pr view";
      };
    };
    hosts = {
      "github.com" = {
        "users" = {
          "ryan4yin" = null;
        };
        "user" = "ryan4yin";
      };
    };
  };
  programs.git = {
    enable = true;
@@ -36,6 +55,7 @@
      trim.bases = "develop,master,main"; # for git-trim
      push.autoSetupRemote = true;
      pull.rebase = true;
      log.date = "iso"; # use iso format for date
      # replace https with ssh
      url = {
@@ -56,7 +76,7 @@
    #   signByDefault = true;
    # };
-    # A syntax-highlighting pager in Rust(2019 ~ Now)
+    # A syntax-highlighting pager for git, diff, grep, and blame output
    delta = {
      enable = true;
      options = {
@@ -96,4 +116,10 @@
      foreach = "submodule foreach";
    };
  };
  # Git terminal UI (written in go).
  programs.lazygit.enable = true;
  # Yet another Git TUI (written in rust).
  programs.gitui.enable = true;
 }
@@ -0,0 +1,9 @@
 {config, ...}: {
  # make `npm install -g <pkg>` happey
  #
  # mainly used to install npm packages that updates frequently
  # such as gemini-cli, claude-code, etc.
  home.file.".npmrc".text = ''
    prefix=${config.home.homeDirectory}/.npm
  '';
 }
@@ -1,3 +1,8 @@
 # Based on the default config generated by:
 #    ```
 #    config nu --default
 #    ```
 #
 # Nushell Config File Documentation
 #
 # Warning: This file is intended for documentation purposes only and
@@ -1,8 +1,4 @@
-{
+{config, ...}: let
  config,
  pkgs-unstable,
  ...
 }: let
  shellAliases = {
    k = "kubectl";
@@ -13,22 +9,24 @@
  localBin = "${config.home.homeDirectory}/.local/bin";
  goBin = "${config.home.homeDirectory}/go/bin";
  rustBin = "${config.home.homeDirectory}/.cargo/bin";
  npmBin = "${config.home.homeDirectory}/.npm/bin";
 in {
  # only works in bash/zsh, not nushell
  home.shellAliases = shellAliases;
  programs.nushell = {
    enable = true;
    package = pkgs-unstable.nushell;
    configFile.source = ./config.nu;
    inherit shellAliases;
  };
  programs.bash = {
    enable = true;
    enableCompletion = true;
    bashrcExtra = ''
-      export PATH="$PATH:${localBin}:${goBin}:${rustBin}"
+      export PATH="$PATH:${localBin}:${goBin}:${rustBin}:${npmBin}"
    '';
  };
  # NOTE: only works in bash/zsh, not nushell
  home.shellAliases = shellAliases;
  # NOTE: nushell will be launched in bash, so it can inherit all the eenvironment variables.
  programs.nushell = {
    enable = true;
    # package = pkgs-unstable.nushell;
    configFile.source = ./config.nu;
    inherit shellAliases;
  };
 }
@@ -1,8 +1,4 @@
 {
  pkgs,
  nur-ryan4yin,
  ...
 }: {
  programs.starship = {
    enable = true;
@@ -10,8 +6,7 @@
    enableZshIntegration = true;
    enableNushellIntegration = true;
-    settings =
+    settings = {
      {
      character = {
        success_symbol = "[›](bold green)";
        error_symbol = "[›](bold red)";
@@ -25,9 +20,6 @@
        format = "on [$symbol$active(\($region\))]($style) ";
        symbol = "🅶 ️";
      };
-
+    };
        palette = "catppuccin_mocha";
      }
      // builtins.fromTOML (builtins.readFile "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-starship}/palettes/mocha.toml");
  };
 }
@@ -0,0 +1,15 @@
 {catppuccin, ...}: {
  # https://github.com/catppuccin/nix
  imports = [
    catppuccin.homeModules.catppuccin
  ];
  catppuccin = {
    # The default `enable` value for all available programs.
    enable = true;
    # one of "latte", "frappe", "macchiato", "mocha"
    flavor = "mocha";
    # one of "blue", "flamingo", "green", "lavender", "maroon", "mauve", "peach", "pink", "red", "rosewater", "sapphire", "sky", "teal", "yellow"
    accent = "pink";
  };
 }
@@ -1,13 +1,8 @@
-{
+{pkgs, ...}: {
  pkgs,
  pkgs-unstable,
  nur-ryan4yin,
  ...
 }: {
  # terminal file manager
  programs.yazi = {
    enable = true;
-    package = pkgs-unstable.yazi;
+    package = pkgs.yazi;
    # Changing working directory when exiting Yazi
    enableBashIntegration = true;
    enableNushellIntegration = true;
@@ -18,6 +13,4 @@
      };
    };
  };
  xdg.configFile."yazi/theme.toml".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-yazi}/mocha.toml";
 }
@@ -1,10 +1,17 @@
 {pkgs, ...}: {
-  home.packages = with pkgs; [
+  home.packages = with pkgs;
    [
      mitmproxy # http/https proxy tool
    insomnia # REST client
      wireshark # network analyzer
      # IDEs
      # jetbrains.idea-community
-  ];
+
      # AI cli tools
      k8sgpt
      kubectl-ai # an ai helper opensourced by google
    ]
    ++ (lib.optionals pkgs.stdenv.isx86_64 [
      insomnia # REST client
    ]);
 }
@@ -1,65 +0,0 @@
 [colors.primary]
 background = "#1e1e2e"
 foreground = "#cdd6f4"
 dim_foreground = "#7f849c"
 bright_foreground = "#cdd6f4"
 [colors.cursor]
 text = "#1e1e2e"
 cursor = "#f5e0dc"
 [colors.vi_mode_cursor]
 text = "#1e1e2e"
 cursor = "#b4befe"
 [colors.search.matches]
 foreground = "#1e1e2e"
 background = "#a6adc8"
 [colors.search.focused_match]
 foreground = "#1e1e2e"
 background = "#a6e3a1"
 [colors.footer_bar]
 foreground = "#1e1e2e"
 background = "#a6adc8"
 [colors.hints.start]
 foreground = "#1e1e2e"
 background = "#f9e2af"
 [colors.hints.end]
 foreground = "#1e1e2e"
 background = "#a6adc8"
 [colors.selection]
 text = "#1e1e2e"
 background = "#f5e0dc"
 [colors.normal]
 black = "#45475a"
 red = "#f38ba8"
 green = "#a6e3a1"
 yellow = "#f9e2af"
 blue = "#89b4fa"
 magenta = "#f5c2e7"
 cyan = "#94e2d5"
 white = "#bac2de"
 [colors.bright]
 black = "#585b70"
 red = "#f38ba8"
 green = "#a6e3a1"
 yellow = "#f9e2af"
 blue = "#89b4fa"
 magenta = "#f5c2e7"
 cyan = "#94e2d5"
 white = "#a6adc8"
 [[colors.indexed_colors]]
 index = 16
 color = "#fab387"
 [[colors.indexed_colors]]
 index = 17
 color = "#f5e0dc"
@@ -26,26 +26,32 @@
 {
  programs.alacritty = {
    enable = true;
-    package = pkgs-unstable.alacritty;
+    # package = pkgs-unstable.alacritty;
    # https://alacritty.org/config-alacritty.html
    settings = {
      general.import = [
        ./catppuccin-mocha.toml
      ];
      window = {
        opacity = 0.93;
        startup_mode = "Maximized"; # Maximized window
        dynamic_title = true;
        option_as_alt = "Both"; # Option key acts as Alt on macOS
        decorations = "None"; # Show neither borders nor title bar
      };
      scrolling = {
        history = 10000;
      };
      font = {
-        bold = {family = "JetBrainsMono Nerd Font";};
+        bold = {
-        italic = {family = "JetBrainsMono Nerd Font";};
+          family = "Maple Mono NF CN";
-        normal = {family = "JetBrainsMono Nerd Font";};
+        };
-        bold_italic = {family = "JetBrainsMono Nerd Font";};
+        italic = {
          family = "Maple Mono NF CN";
        };
        normal = {
          family = "Maple Mono NF CN";
        };
        bold_italic = {
          family = "Maple Mono NF CN";
        };
        size =
          if pkgs.stdenv.isDarwin
          then 14
@@ -55,7 +61,11 @@
        # Spawn a nushell in login mode via `bash`
        shell = {
          program = "${pkgs.bash}/bin/bash";
-          args = ["--login" "-c" "nu --login --interactive"];
+          args = [
            "--login"
            "-c"
            "nu --login --interactive"
          ];
        };
        # Controls the ability to write to the system clipboard with the OSC 52 escape sequence.
        # It's used by zellij to copy text to the system clipboard.
@@ -16,8 +16,8 @@
    settings = {
      main = {
        term = "foot"; # or "xterm-256color" for maximum compatibility
-        font = "JetBrainsMono Nerd Font:size=14";
+        font = "Maple Mono NF CN:size=14";
-        dpi-aware = "yes";
+        dpi-aware = "no"; # scale via window manager instead
        # Spawn a nushell in login mode via `bash`
        shell = "${pkgs.bash}/bin/bash --login -c 'nu --login --interactive'";
@@ -26,47 +26,6 @@
      mouse = {
        hide-when-typing = "yes";
      };
      # https://github.com/catppuccin/foot/blob/main/themes/catppuccin-mocha.ini
      cursor = {
        color = "11111b f5e0dc";
      };
      colors = {
        alpha = "0.93"; # background opacity
        foreground = "cdd6f4";
        background = "1e1e2e";
        regular0 = "45475a";
        regular1 = "f38ba8";
        regular2 = "a6e3a1";
        regular3 = "f9e2af";
        regular4 = "89b4fa";
        regular5 = "f5c2e7";
        regular6 = "94e2d5";
        regular7 = "bac2de";
        bright0 = "585b70";
        bright1 = "f38ba8";
        bright2 = "a6e3a1";
        bright3 = "f9e2af";
        bright4 = "89b4fa";
        bright5 = "f5c2e7";
        bright6 = "94e2d5";
        bright7 = "a6adc8";
        "16" = "fab387";
        "17" = "f5e0dc";
        "selection-foreground" = "cdd6f4";
        "selection-background" = "414356";
        "search-box-no-match" = "11111b f38ba8";
        "search-box-match" = "cdd6f4 313244";
        "jump-labels" = "11111b fab387";
        urls = "89b4fa";
      };
    };
  };
 }
@@ -20,9 +20,7 @@
    installBatSyntax = false;
    # installVimSyntax = true;
    settings = {
-      theme = "catppuccin-mocha";
+      font-family = "Maple Mono NF CN";
      font-family = "JetBrains Mono";
      font-size = 13;
      background-opacity = 0.93;
@@ -16,12 +16,8 @@
 {
  programs.kitty = {
    enable = true;
    # kitty has catppuccin theme built-in,
    # all the built-in themes are packaged into an extra package named `kitty-themes`
    # and it's installed by home-manager if `theme` is specified.
    themeFile = "Catppuccin-Mocha";
    font = {
-      name = "JetBrainsMono Nerd Font";
+      name = "Maple Mono NF CN";
      # use different font size on macOS
      size =
        if pkgs.stdenv.isDarwin
@@ -36,6 +32,10 @@
    };
    settings = {
      # do not show title bar & window title
      hide_window_decorations = "titlebar-and-corners";
      macos_show_window_title_in = "none";
      background_opacity = "0.93";
      macos_option_as_alt = true; # Option key acts as Alt on macOS
      enable_audio_bell = false;
@@ -5,7 +5,7 @@
  ...
 }: {
  home.packages = with pkgs; [
-    docker-compose
+    podman-compose
    dive # explore docker layers
    lazydocker # Docker terminal UI.
    skopeo # copy/sync images between registries and local storage
@@ -17,8 +17,6 @@
    kubectl-tree # kubectl tree
    kubectl-node-shell # exec into node
    kubepug # kubernetes pre upgrade checker
    k8sgpt
    nur-ryan4yin.packages.${pkgs.system}.kubectl-ai # an ai helper opensourced by google
    kubebuilder
    istioctl
@@ -31,32 +29,11 @@
    ko # build go project to container image
  ];
-  programs = {
+  programs.k9s.enable = true;
-    k9s = {
+  catppuccin.k9s.transparent = true;
-      enable = true;
+
-      # https://k9scli.io/topics/aliases/
+  programs.kubecolor = {
      # aliases = {};
      settings = {
        skin = "catppuccino-mocha";
      };
      skins.catppuccin-mocha = let
        skin_file = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-k9s}/dist/mocha.yml"; # theme - catppuccin mocha
        skin_attr = builtins.fromJSON (
          builtins.readFile
          # replace 'base: &base "#1e1e2e"' with 'base: &base "default"'
          # to make fg/bg color transparent. "default" means transparent in k9s skin.
          (pkgs.runCommandNoCC "get-skin-json" {} ''
            cat ${skin_file} \
              |  sed -E 's@(base: &base ).+@\1 "default"@g' \
              | ${pkgs.yj}/bin/yj > $out
          '')
        );
      in
        skin_attr;
    };
    kubecolor = {
    enable = true;
    enableAlias = true;
  };
  };
 }
@@ -18,8 +18,8 @@
    colmena # nixos's remote deployment tool
    # db related
-    pkgs-unstable.mycli
+    mycli
-    pkgs-unstable.pgcli
+    pgcli
    mongosh
    sqlite
@@ -27,10 +27,10 @@
    minicom
    # ai related
-    pkgs-unstable.python313Packages.huggingface-hub # huggingface-cli
+    python313Packages.huggingface-hub # huggingface-cli
    # misc
-    pkgs-unstable.devbox
+    devbox
    bfg-repo-cleaner # remove large files from git history
    k6 # load testing tool
    protobuf # protocol buffer compiler
@@ -1,16 +1,8 @@
-{
+{pkgs, ...}: {
  pkgs,
  nur-ryan4yin,
  ...
 }: {
  # https://github.com/catppuccin/helix
  xdg.configFile."helix/themes".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-helix}/themes/default";
  programs.helix = {
    enable = true;
    package = pkgs.helix;
    settings = {
      theme = "catppuccin_mocha";
      editor = {
        line-number = "relative";
        cursorline = true;
@@ -29,7 +21,10 @@
          w = ":w";
          q = ":q";
        };
-        esc = ["collapse_selection" "keep_primary_selection"];
+        esc = [
          "collapse_selection"
          "keep_primary_selection"
        ];
      };
    };
  };
@@ -20,12 +20,13 @@ let
  configPath = "${config.home.homeDirectory}/nix-config/home/base/tui/editors/neovim/nvim";
 in {
  xdg.configFile."nvim".source = config.lib.file.mkOutOfStoreSymlink configPath;
  # Disable catppuccin to avoid conflict with my non-nix config.
  catppuccin.nvim.enable = false;
  home.shellAliases = shellAliases;
  programs.nushell.shellAliases = shellAliases;
-  programs = {
+  programs.neovim = {
    neovim = {
    enable = true;
    package = pkgs-unstable.neovim-unwrapped;
@@ -44,14 +45,20 @@ in {
      "--suffix"
      "LIBRARY_PATH"
      ":"
-        "${lib.makeLibraryPath [stdenv.cc.cc zlib]}"
+      "${lib.makeLibraryPath [
        stdenv.cc.cc
        zlib
      ]}"
      # PKG_CONFIG_PATH is used by pkg-config before compilation to search directories
      # containing .pc files that describe the libraries that need to be linked to your program.
      "--suffix"
      "PKG_CONFIG_PATH"
      ":"
-        "${lib.makeSearchPathOutput "dev" "lib/pkgconfig" [stdenv.cc.cc zlib]}"
+      "${lib.makeSearchPathOutput "dev" "lib/pkgconfig" [
        stdenv.cc.cc
        zlib
      ]}"
    ];
    # Currently we use lazy.nvim as neovim's package manager, so comment this one.
@@ -70,5 +77,4 @@ in {
      nvim-treesitter.withAllGrammars
    ];
  };
  };
 }
@@ -2,101 +2,137 @@
  "AstroNvim": { "branch": "main", "commit": "c5e610f614e74c9dd9bf11760c4d0ad2c98c0abe" },
  "Comment.nvim": { "branch": "master", "commit": "e30b7f2008e52442154b66f7c519bfd2f1e32acb" },
  "LuaSnip": { "branch": "master", "commit": "458560534a73f7f8d7a11a146c801db00b081df0" },
  "SchemaStore.nvim": { "branch": "main", "commit": "6c52c57432280c54596feb0c0958e1a6cb546f4d" },
  "aerial.nvim": { "branch": "master", "commit": "3284a2cb858ba009c79da87d5e010ccee3c99c4d" },
  "alpha-nvim": { "branch": "main", "commit": "de72250e054e5e691b9736ee30db72c65d560771" },
-  "astrocommunity": { "branch": "main", "commit": "16231a665146b0fe70593dd450afd6e964a3cbe1" },
+  "astrocommunity": { "branch": "main", "commit": "2db3ee2ce37f9e2bc9e6ea2c3e2e6292ca4d33bf" },
  "astrocore": { "branch": "main", "commit": "44a3dc0bf1591022b2a6bc89dccdfac1be17bec9" },
  "astrolsp": { "branch": "main", "commit": "909fbe64f3f87d089ff3777751261544557117cc" },
  "astrotheme": { "branch": "main", "commit": "f12dcf64b1f9a05839c3ac2146f550f43bae9dab" },
  "astroui": { "branch": "main", "commit": "e923a84c488d879a260fc9cfb2dc27dd870fb6ac" },
  "autosave.nvim": { "branch": "main", "commit": "348f72cf0241e3e736e3396c4834def2f8ef8d10" },
-  "avante.nvim": { "branch": "main", "commit": "bc403ddcbf98c4181ee2a7efd35cd1e18a2fdc5c" },
+  "avante.nvim": { "branch": "main", "commit": "508cc4c22c78d565d270df8dec5449db07800296" },
-  "catppuccin": { "branch": "main", "commit": "a0c769bc7cd04bbbf258b3d5f01e2bdce744108d" },
+  "catppuccin": { "branch": "main", "commit": "fa42eb5e26819ef58884257d5ae95dd0552b9a66" },
-  "clangd_extensions.nvim": { "branch": "main", "commit": "db28f29be928d18cbfb86fbfb9f83f584f658feb" },
+  "clangd_extensions.nvim": {
-  "cmake-tools.nvim": { "branch": "master", "commit": "591ae37fc5494677e929118f0a182d2b61fe1af1" },
+    "branch": "main",
    "commit": "db28f29be928d18cbfb86fbfb9f83f584f658feb"
  },
  "cmake-tools.nvim": { "branch": "master", "commit": "17244215b1a96e4b2a83a16abd6719197f270f96" },
  "cmp-buffer": { "branch": "main", "commit": "3022dbc9166796b644a841a02de8dd1cc1d311fa" },
  "cmp-conjure": { "branch": "master", "commit": "8c9a88efedc0e5bf3165baa6af8a407afe29daf6" },
  "cmp-dap": { "branch": "master", "commit": "ea92773e84c0ad3288c3bc5e452ac91559669087" },
  "cmp-nvim-lsp": { "branch": "main", "commit": "99290b3ec1322070bcfb9e846450a46f6efa50f0" },
  "cmp-path": { "branch": "main", "commit": "91ff86cd9c29299a64f968ebb45846c485725f23" },
  "cmp_luasnip": { "branch": "master", "commit": "98d9cb5c2c38532bd9bdb481067b20fea8f32e90" },
-  "conjure": { "branch": "main", "commit": "83c6394f916197d73f2a19538bd5615e08842d10" },
+  "conjure": { "branch": "main", "commit": "5f15eb0322b5530eefb16457c061e7c2ccd7cf13" },
  "crates.nvim": { "branch": "main", "commit": "5d8b1bef686db0fabe5f1bb593744b617e8f1405" },
  "deno-nvim": { "branch": "master", "commit": "5a2f9205df5539c4a0696e73893bf8d1b0cae406" },
  "dressing.nvim": { "branch": "master", "commit": "3a45525bb182730fe462325c99395529308f431e" },
  "flash.nvim": { "branch": "main", "commit": "3c942666f115e2811e959eabbdd361a025db8b63" },
  "flit.nvim": { "branch": "main", "commit": "1ef72de6a02458d31b10039372c8a15ab8989e0d" },
  "friendly-snippets": { "branch": "main", "commit": "efff286dd74c22f731cdec26a70b46e5b203c619" },
-  "fzf-lua": { "branch": "main", "commit": "3de691fafd097177d10ebffb91dec5bec2cb30ed" },
+  "fzf-lua": { "branch": "main", "commit": "a4404dee0a65d3c2e2b292206d10b16567d088c9" },
  "gitsigns.nvim": { "branch": "main", "commit": "7010000889bfb6c26065e0b0f7f1e6aa9163edd9" },
-  "gopher.nvim": { "branch": "main", "commit": "9db5931af1293ae52500921d92c02145d86df02c" },
+  "gopher.nvim": { "branch": "main", "commit": "de585144ebde9f0516fb9b542dd42e90c7835b59" },
  "goto-preview": { "branch": "main", "commit": "d1faf6ea992b5bcaaaf2c682e1aba3131a01143e" },
  "guess-indent.nvim": { "branch": "main", "commit": "6cd61f7a600bb756e558627cd2e740302c58e32d" },
  "heirline.nvim": { "branch": "master", "commit": "fae936abb5e0345b85c3a03ecf38525b0828b992" },
-  "indent-blankline.nvim": { "branch": "master", "commit": "005b56001b2cb30bfa61b7986bc50657816ba4ba" },
+  "indent-blankline.nvim": {
    "branch": "master",
    "commit": "005b56001b2cb30bfa61b7986bc50657816ba4ba"
  },
  "lazy.nvim": { "branch": "main", "commit": "6c3bda4aca61a13a9c63f1c1d1b16b9d3be90d7a" },
  "lazydev.nvim": { "branch": "main", "commit": "f59bd14a852ca43db38e3662395354cb2a9b13e0" },
-  "leap.nvim": { "branch": "main", "commit": "08ca7ec9e859856251d56c22ea107f82f563ff3c" },
+  "leap.nvim": { "branch": "main", "commit": "10c14af4ddfb34dbd7721f0bfb2b4d91f0558907" },
-  "lsp_signature.nvim": { "branch": "master", "commit": "d50e40b3bf9324128e71b0b7e589765ce89466d2" },
+  "lsp_signature.nvim": {
    "branch": "master",
    "commit": "2923666d092300e6d03c8d895991d0bef43f1613"
  },
  "lspkind.nvim": { "branch": "master", "commit": "d79a1c3299ad0ef94e255d045bed9fa26025dab6" },
  "luarocks.nvim": { "branch": "main", "commit": "1db9093915eb16ba2473cfb8d343ace5ee04130a" },
-  "markdown-preview.nvim": { "branch": "main", "commit": "462ce41af003f5cdadab856f3a42dc27e39b89c8" },
+  "markdown-preview.nvim": {
-  "mason-lspconfig.nvim": { "branch": "main", "commit": "1a31f824b9cd5bc6f342fc29e9a53b60d74af245" },
+    "branch": "main",
    "commit": "462ce41af003f5cdadab856f3a42dc27e39b89c8"
  },
  "mason-lspconfig.nvim": {
    "branch": "main",
    "commit": "1a31f824b9cd5bc6f342fc29e9a53b60d74af245"
  },
  "mason-null-ls.nvim": { "branch": "main", "commit": "2b8433f76598397fcc97318d410e0c4f7a4bea6a" },
  "mason-nvim-dap.nvim": { "branch": "main", "commit": "4c2cdc69d69fe00c15ae8648f7e954d99e5de3ea" },
  "mason.nvim": { "branch": "main", "commit": "fc98833b6da5de5a9c5b1446ac541577059555be" },
-  "mini.ai": { "branch": "main", "commit": "5225f16eacf4dce2cb7204ca345123ef54e209d6" },
+  "mini.ai": { "branch": "main", "commit": "d172ada7b0281044a06cb9a625a862553c457b6f" },
  "mini.bufremove": { "branch": "main", "commit": "285bdac9596ee7375db50c0f76ed04336dcd2685" },
-  "mini.surround": { "branch": "main", "commit": "f4307f935ad87cfe3e570dbaae485b35cce4e5ec" },
+  "mini.surround": { "branch": "main", "commit": "1a2b59c77a0c4713a5bd8972da322f842f4821b1" },
  "neo-tree.nvim": { "branch": "main", "commit": "f481de16a0eb59c985abac8985e3f2e2f75b4875" },
  "neoconf.nvim": { "branch": "main", "commit": "f630568a4d04154803886f21ca60923f12709f0f" },
-  "nfnl": { "branch": "main", "commit": "19cac83657514a0718b7af4a086d06bd73269b7a" },
+  "nfnl": { "branch": "main", "commit": "143b595069d98d47b26b80f0e0375420673de4af" },
  "none-ls.nvim": { "branch": "main", "commit": "a117163db44c256d53c3be8717f3e1a2a28e6299" },
  "nui.nvim": { "branch": "main", "commit": "a0fd35fcbb4cb479366f1dc5f20145fd718a3733" },
  "nvim-autopairs": { "branch": "master", "commit": "68f0e5c3dab23261a945272032ee6700af86227a" },
  "nvim-cmp": { "branch": "main", "commit": "1e1900b0769324a9675ef85b38f99cca29e203b3" },
-  "nvim-colorizer.lua": { "branch": "master", "commit": "517df88cf2afb36652830df2c655df2da416a0ae" },
+  "nvim-colorizer.lua": {
    "branch": "master",
    "commit": "517df88cf2afb36652830df2c655df2da416a0ae"
  },
  "nvim-dap": { "branch": "master", "commit": "6a5bba0ddea5d419a783e170c20988046376090d" },
  "nvim-dap-go": { "branch": "main", "commit": "8763ced35b19c8dc526e04a70ab07c34e11ad064" },
  "nvim-dap-python": { "branch": "master", "commit": "261ce649d05bc455a29f9636dc03f8cdaa7e0e2c" },
  "nvim-dap-ui": { "branch": "master", "commit": "bc81f8d3440aede116f821114547a476b082b319" },
-  "nvim-jdtls": { "branch": "master", "commit": "c23f200fee469a415c77265ca55b496feb646992" },
+  "nvim-jdtls": { "branch": "master", "commit": "4d77ff02063cf88963d5cf10683ab1fd15d072de" },
-  "nvim-lsp-file-operations": { "branch": "master", "commit": "9744b738183a5adca0f916527922078a965515ed" },
+  "nvim-lsp-file-operations": {
    "branch": "master",
    "commit": "9744b738183a5adca0f916527922078a965515ed"
  },
  "nvim-lspconfig": { "branch": "master", "commit": "185b2af444b27d6541c02d662b5b68190e5cf0c4" },
  "nvim-nio": { "branch": "master", "commit": "21f5324bfac14e22ba26553caf69ec76ae8a7662" },
  "nvim-notify": { "branch": "master", "commit": "a3020c2cf4dfc4c4f390c4a21e84e35e46cf5d17" },
  "nvim-scrollbar": { "branch": "main", "commit": "5b103ef0fd2e8b9b4be3878ed38d224522192c6c" },
  "nvim-spectre": { "branch": "master", "commit": "72f56f7585903cd7bf92c665351aa585e150af0f" },
-  "nvim-spider": { "branch": "main", "commit": "99df646eab60df0b948dd2532ef5f5512707a9a4" },
+  "nvim-spider": { "branch": "main", "commit": "d4bdc45eac425e77108f068bd0706ff3ac20be7f" },
  "nvim-treesitter": { "branch": "master", "commit": "f8aaf5ce4e27cd20de917946b2ae5c968a2c2858" },
-  "nvim-treesitter-textobjects": { "branch": "master", "commit": "9937e5e356e5b227ec56d83d0a9d0a0f6bc9cad4" },
+  "nvim-treesitter-textobjects": {
    "branch": "master",
    "commit": "9937e5e356e5b227ec56d83d0a9d0a0f6bc9cad4"
  },
  "nvim-ts-autotag": { "branch": "main", "commit": "a1d526af391f6aebb25a8795cbc05351ed3620b5" },
-  "nvim-ts-context-commentstring": { "branch": "main", "commit": "1b212c2eee76d787bbea6aa5e92a2b534e7b4f8f" },
+  "nvim-ts-context-commentstring": {
    "branch": "main",
    "commit": "1b212c2eee76d787bbea6aa5e92a2b534e7b4f8f"
  },
  "nvim-ufo": { "branch": "main", "commit": "61463090a4f55f5d080236ea62f09d1cd8976ff3" },
  "nvim-vtsls": { "branch": "main", "commit": "60b493e641d3674c030c660cabe7a2a3f7a914be" },
  "nvim-web-devicons": { "branch": "master", "commit": "4c3a5848ee0b09ecdea73adcd2a689190aeb728c" },
  "nvim-window-picker": { "branch": "main", "commit": "6382540b2ae5de6c793d4aa2e3fe6dbb518505ec" },
-  "orgmode": { "branch": "master", "commit": "32ef9e95f43a6e951fb931b438372546a4f0c524" },
+  "orgmode": { "branch": "master", "commit": "b6d14eb0a1553a0ef4114346d67605de82d0f7fb" },
  "package-info.nvim": { "branch": "master", "commit": "4f1b8287dde221153ec9f2acd46e8237d2d0881e" },
-  "parinfer-rust": { "branch": "master", "commit": "55bec1e3d4f127527c5c2e507fac96cc934aed6e" },
+  "parinfer-rust": { "branch": "master", "commit": "afe6b1176cd805c000713e23b654fbf4b9f4b156" },
  "plenary.nvim": { "branch": "master", "commit": "857c5ac632080dba10aae49dba902ce3abf91b35" },
  "presence.nvim": { "branch": "main", "commit": "87c857a56b7703f976d3a5ef15967d80508df6e6" },
  "promise-async": { "branch": "main", "commit": "38a4575da9497326badd3995e768b4ccf0bb153e" },
-  "refactoring.nvim": { "branch": "master", "commit": "64dbe67bf7c28c864488262d267c799f80cae9ba" },
+  "refactoring.nvim": { "branch": "master", "commit": "74b608dfee827c2372250519d433cc21cb083407" },
-  "render-markdown.nvim": { "branch": "main", "commit": "8debb17aab2fbbf3b341e46ac032d0a6f937d8c3" },
+  "render-markdown.nvim": {
    "branch": "main",
    "commit": "c809fc129f842a7055c672593d24be6346bcc673"
  },
  "resession.nvim": { "branch": "master", "commit": "cc819b0489938d03e4f3532a583354f0287c015b" },
-  "rustaceanvim": { "branch": "master", "commit": "5120207f90846704a74cbf043295698b009bd5de" },
+  "rustaceanvim": { "branch": "master", "commit": "322224d00a731d75eed6b700d38e460fd30f6e3c" },
  "schemastore.nvim": { "branch": "main", "commit": "e4f80f37cd11ed58a6e914cc30850749f021b6a7" },
  "sentiment.nvim": { "branch": "main", "commit": "54a6db15b630eccfa98c32a76baf90f21c6f1e40" },
  "smart-splits.nvim": { "branch": "master", "commit": "ddb23c1a1cf1507bda487cda7f6e4690965ef9f5" },
-  "telescope-fzf-native.nvim": { "branch": "main", "commit": "1f08ed60cafc8f6168b72b80be2b2ea149813e55" },
+  "telescope-fzf-native.nvim": {
    "branch": "main",
    "commit": "1f08ed60cafc8f6168b72b80be2b2ea149813e55"
  },
  "telescope-undo.nvim": { "branch": "main", "commit": "928d0c2dc9606e01e2cc547196f48d2eaecf58e5" },
  "telescope.nvim": { "branch": "0.1.x", "commit": "a17d611a0e111836a1db5295f04945df407c5135" },
  "todo-comments.nvim": { "branch": "main", "commit": "ae0a2afb47cf7395dc400e5dc4e05274bf4fb9e0" },
-  "tree-sitter-nu": { "branch": "main", "commit": "d5c71a10b4d1b02e38967b05f8de70e847448dd1" },
+  "tree-sitter-nu": { "branch": "main", "commit": "d62bb4a0c78e9476a6dd0081761444f6870252ed" },
  "treesj": { "branch": "main", "commit": "3b4a2bc42738a63de17e7485d4cc5e49970ddbcc" },
  "tsc.nvim": { "branch": "main", "commit": "8c1b4ec6a48d038a79ced8674cb15e7db6dd8ef0" },
-  "venv-selector.nvim": { "branch": "regexp", "commit": "c677caa1030808a9f90092e522de7cc20c1390dd" },
+  "venv-selector.nvim": {
    "branch": "regexp",
    "commit": "c677caa1030808a9f90092e522de7cc20c1390dd"
  },
  "vim-illuminate": { "branch": "master", "commit": "19cb21f513fc2b02f0c66be70107741e837516a1" },
  "vim-repeat": { "branch": "master", "commit": "65846025c15494983dafe5e3b46c8f88ab2e9635" },
  "vim-wakatime": { "branch": "master", "commit": "f39c4a201ae350aaba713b59d4a4fdd88e0811aa" },
@@ -19,8 +19,8 @@ return {
  },
  version = false, -- Never set this value to "*"! Never!
  opts = {
-    provider = "deepseek_reasoner",
+    provider = "openrouter_claude_4",
-    cursor_applying_provider = "deepseek_reasoner", -- In this example, use Groq for applying, but you can also use any provider you want.
+    cursor_applying_provider = "openrouter_claude_4",
    behaviour = {
      -- auto_suggestions = true,
      enable_cursor_planning_mode = true, -- enable cursor planning mode!
@@ -28,44 +28,104 @@ return {
    -- WARNING: Since auto-suggestions are a high-frequency operation and therefore expensive,
    -- currently designating it as `copilot` provider is dangerous because: https://github.com/yetone/avante.nvim/issues/1048
    -- Of course, you can reduce the request frequency by increasing `suggestion.debounce`.
-    auto_suggestions_provider = "aliyun_qwen3",
+    auto_suggestions_provider = "ollama",
    suggestion = {
      debounce = 750, -- wait for x ms before suggestion
      throttle = 1200, -- wait for at least x ms before the next suggestion
    },
    web_search_engine = {
      provider = "google", -- tavily, serpapi, searchapi, google, kagi, brave, or searxng
      proxy = nil, -- proxy support, e.g., http://127.0.0.1:7890
    },
    providers = {
      ollama = {
        endpoint = "http://192.168.5.100:11434", -- Note that there is no /v1 at the end.
        model = "modelscope.cn/unsloth/Qwen3-30B-A3B-GGUF",
-      -- model = "modelscope.cn/unsloth/Qwen3-235B-A22B-GGUF",
+        -- model = "modelscope.cn/unsloth/Qwen3-32B-GGUF",
      },
-    vendors = {
+      -- ==============================================
-      deepseek_coder = {
+      -- https://aistudio.google.com/prompts/new_chat
      -- ==============================================
      gemini = {
        api_key_name = "GEMINI_API_KEY",
        model = "gemini-2.5-pro-preview-06-05",
        timeout = 30000, -- Timeout in milliseconds, increase this for reasoning models
        temperature = 0,
        max_completion_tokens = 8192, -- Increase this to include reasoning tokens (for reasoning models)
        --reasoning_effort = "medium", -- low|medium|high, only used for reasoning models
      },
      -- ==============================================
      -- https://openrouter.ai/rankings
      -- ==============================================
      openrouter_claude_4 = {
        __inherited_from = "openai",
-        api_key_name = "DEEPSEEK_API_KEY",
+        endpoint = "https://openrouter.ai/api/v1",
-        endpoint = "https://api.deepseek.com",
+        api_key_name = "OPENROUTER_API_KEY",
-        model = "deepseek-coder",
+        model = "anthropic/claude-sonnet-4",
      },
      -- deepseek chat v3
      deepseek_chat = {
        __inherited_from = "openai",
        api_key_name = "DEEPSEEK_API_KEY",
        endpoint = "https://api.deepseek.com",
        model = "deepseek-chat",
      },
      -- deepseek r1
      deepseek_reasoner = {
        __inherited_from = "openai",
        api_key_name = "DEEPSEEK_API_KEY",
        endpoint = "https://api.deepseek.com",
        model = "deepseek-reasoner",
      },
      -- ==============================================
      -- https://bailian.console.aliyun.com/?tab=model
      -- ==============================================
      aliyun_qwen3 = {
        __inherited_from = "openai",
        api_key_name = "DASHSCOPE_API_KEY",
        endpoint = "https://dashscope.aliyuncs.com/compatible-mode/v1",
        -- model = "qwen-coder-plus-latest",
        model = "qwen3-235b-a22b",
        -- disable_tools = true,
      },
      aliyun_dpr1 = {
        __inherited_from = "openai",
        api_key_name = "DASHSCOPE_API_KEY",
        endpoint = "https://dashscope.aliyuncs.com/compatible-mode/v1",
        model = "deepseek-r1-0528",
        disable_tools = true,
      },
      -- ==============================================
      -- https://console.volcengine.com/ark/region:ark+cn-beijing/model?feature=&vendor=DeepSeek&view=VENDOR_VIEW
      -- ==============================================
      ark_dpr1 = {
        __inherited_from = "openai",
        api_key_name = "ARK_API_KEY",
        endpoint = "https://ark.cn-beijing.volces.com/api/v3",
        model = "deepseek-r1-250528",
        -- disable_tools = true,
      },
      -- ==============================================
      -- https://cloud.siliconflow.cn/models
      -- ==============================================
      sflow_dpr1 = {
        __inherited_from = "openai",
        api_key_name = "SILICONFLOW_API_KEY",
        endpoint = "https://api.siliconflow.cn/v1",
        model = "Pro/deepseek-ai/DeepSeek-R1",
        -- disable_tools = true,
      },
      -- ==============================================
      -- https://platform.deepseek.com/usage
      -- ==============================================
      dp_coder = {
        __inherited_from = "openai",
        api_key_name = "DEEPSEEK_API_KEY",
        endpoint = "https://api.deepseek.com",
        model = "deepseek-coder",
      },
      -- deepseek chat v3
      dp_chat = {
        __inherited_from = "openai",
        api_key_name = "DEEPSEEK_API_KEY",
        endpoint = "https://api.deepseek.com",
        model = "deepseek-chat",
        -- disable_tools = true,
      },
      -- deepseek r1
      dp_r1 = {
        __inherited_from = "openai",
        api_key_name = "DEEPSEEK_API_KEY",
        endpoint = "https://api.deepseek.com",
        model = "deepseek-reasoner",
        -- disable_tools = true,
      },
    },
  },
@@ -1,13 +1,15 @@
 -- File explorer(Custom configs)
 return {
  "nvim-neo-tree/neo-tree.nvim",
-  opts = {
+  opts = function(_, opts)
-    filesystem = {
+    opts.filesystem.filtered_items = {
      filtered_items = {
      visible = true, -- visible by default
      hide_dotfiles = false,
      hide_gitignored = false,
-      },
+    }
-    },
+    opts.filesystem.follow_current_file = {
-  },
+      enabled = true, -- This will find and focus the file in the active buffer every time
      leave_dirs_open = false, -- `false` closes auto expanded dirs, such as with `:Neotree reveal`
    }
  end,
 }
@@ -61,6 +61,8 @@
      vscode-extensions.vadimcn.vscode-lldb.adapter # codelldb - debugger
      #-- python
      pipx # Install and Run Python Applications in Isolated Environments
      uv # python project package manager
      pyright # python language server
      (python313.withPackages (
        ps:
@@ -5,7 +5,7 @@
 }: {
  home.packages = with pkgs; [
    age
-    pkgs-unstable.sops
+    sops
    rclone
  ];
 }
@@ -14,6 +14,10 @@ in {
    extraConfig = ''
      source /etc/agenix/alias-for-work.nushell
      # using claude-code with kimi k2
      $env.ANTHROPIC_BASE_URL = "https://api.moonshot.cn/anthropic/"
      $env.ANTHROPIC_API_KEY = $env.MOONSHOT_API_KEY
      # Directories in this constant are searched by the
      # `use` and `source` commands.
      const NU_LIB_DIRS = $NU_LIB_DIRS ++ ['${nu_scripts}/share/nu_scripts']
@@ -303,69 +303,6 @@ default_shell "nu"
 //
 // scrollback_lines_to_serialize 10000
 // Define color themes for Zellij
 // For more examples, see: https://github.com/zellij-org/zellij/tree/main/example/themes
 // Once these themes are defined, one of them should to be selected in the "theme" section of this file
 //
 themes {
  // https://github.com/zellij-org/zellij/blob/main/zellij-utils/assets/themes/catppuccin.kdl
  catppuccin-latte {
    bg "#acb0be" // Surface2
    fg "#acb0be" // Surface2
    red "#d20f39"
    green "#40a02b"
    blue "#1e66f5"
    yellow "#df8e1d"
    magenta "#ea76cb" // Pink
    orange "#fe640b" // Peach
    cyan "#04a5e5" // Sky
    black "#dce0e8" // Crust
    white "#4c4f69" // Text
  }
  catppuccin-frappe {
    bg "#626880" // Surface2
    fg "#c6d0f5"
    red "#e78284"
    green "#a6d189"
    blue "#8caaee"
    yellow "#e5c890"
    magenta "#f4b8e4" // Pink
    orange "#ef9f76" // Peach
    cyan "#99d1db" // Sky
    black "#292c3c" // Mantle
    white "#c6d0f5"
  }
  catppuccin-macchiato {
    bg "#5b6078" // Surface2
    fg "#cad3f5"
    red "#ed8796"
    green "#a6da95"
    blue "#8aadf4"
    yellow "#eed49f"
    magenta "#f5bde6" // Pink
    orange "#f5a97f" // Peach
    cyan "#91d7e3" // Sky
    black "#1e2030" // Mantle
    white "#cad3f5"
  }
  catppuccin-mocha {
    bg "#585b70" // Surface2
    fg "#cdd6f4"
    red "#f38ba8"
    green "#a6e3a1"
    blue "#89b4fa"
    yellow "#f9e2af"
    magenta "#f5c2e7" // Pink
    orange "#fab387" // Peach
    cyan "#89dceb" // Sky
    black "#181825" // Mantle
    white "#cdd6f4"
  }
 }
 // Choose the theme that is specified in the themes section.
 // Default: default
 //
@@ -7,6 +7,10 @@ in {
    enable = true;
    package = pkgs.zellij;
  };
  xdg.configFile."zellij/config.kdl".source = ./config.kdl;
  # Disable catppuccin to avoid conflict with my non-nix config.
  catppuccin.zellij.enable = false;
  # auto start zellij in nushell
  programs.nushell.extraConfig = ''
    # auto start zellij
@@ -29,6 +33,4 @@ in {
  # only works in bash/zsh, not nushell
  home.shellAliases = shellAliases;
  programs.nushell.shellAliases = shellAliases;
  xdg.configFile."zellij/config.kdl".source = ./config.kdl;
 }
@@ -226,11 +226,6 @@ run = 'move-node-to-workspace 3Work'
 if.app-id = 'com.tinyspeck.slackmacgap'
 run = 'move-node-to-workspace 3Work'
 [[on-window-detected]]
 if.app-id = 'us.zoom.xos'
 run = 'move-node-to-workspace 3Work'
 [[on-window-detected]]
 if.app-id = 'org.mozilla.firefox'
 run = 'move-node-to-workspace 4Firefox'
@@ -285,6 +280,14 @@ run = ['layout floating', 'move-node-to-workspace 9File']
 if.app-id = 'com.apple.Preview'
 run = ['layout floating', 'move-node-to-workspace 9File']
 [[on-window-detected]]
 if.app-id = 'com.microsoft.VSCode'
 run = ['layout floating', 'move-node-to-workspace 9File']
 [[on-window-detected]]
 if.app-id = 'com.todesktop.230313mzl4w4u92' # Cursor AI Editor
 run = ['layout floating', 'move-node-to-workspace 9File']
 [[on-window-detected]]
 if.app-id = 'org.wireshark.Wireshark'
 run = ['layout floating', 'move-node-to-workspace 0Other']
@@ -294,8 +297,8 @@ if.app-id = 'ai.elementlabs.lmstudio'
 run = ['layout floating', 'move-node-to-workspace 0Other']
 [[on-window-detected]]
-if.app-id = 'com.microsoft.VSCode'
+if.app-id = 'us.zoom.xos'
-run = ['layout floating', 'move-node-to-workspace 0Other']
+run = 'move-node-to-workspace 0Other'
 # Auth UI - do not move it
 [[on-window-detected]]
@@ -307,6 +310,11 @@ run = ['layout floating']
 if.app-id = 'com.apple.systempreferences'
 run = ['layout floating']
 # Clash Verge - has problem with floating
 [[on-window-detected]]
 if.app-id = 'io.github.clash-verge-rev.clash-verge-rev'
 run = ['move-node-to-workspace 0Other']
 # Make all windows float by default
 [[on-window-detected]]
 check-further-callbacks = true
@@ -1,4 +1,5 @@
 {
  lib,
  pkgs,
  pkgs-unstable,
  # pkgs-stable,
@@ -6,10 +7,9 @@
  blender-bin,
  ...
 }: {
-  home.packages = with pkgs; [
+  home.packages = with pkgs;
    [
      # creative
    # https://github.com/edolstra/nix-warez/blob/master/blender/flake.nix
    blender-bin.packages.${pkgs.system}.blender_4_2 # 3d modeling
      # gimp      # image editing, I prefer using figma in browser instead of this one
      inkscape # vector graphics
      krita # digital painting
@@ -18,36 +18,40 @@
      # sonic-pi # music programming
      # 2d game design
    ldtk # A modern, versatile 2D level editor
      # aseprite # Animated sprite editor & pixel art tool
      # this app consumes a lot of storage, so do not install it currently
      # kicad     # 3d printing, eletrical engineering
    ]
    ++ (lib.optionals pkgs.stdenv.isx86_64 [
      # https://github.com/edolstra/nix-warez/blob/master/blender/flake.nix
      blender-bin.packages.${pkgs.system}.blender_4_2 # 3d modeling
      ldtk # A modern, versatile 2D level editor
      # fpga
-    pkgs-unstable.python313Packages.apycula # gowin fpga
+      python313Packages.apycula # gowin fpga
-    pkgs-unstable.yosys # fpga synthesis
+      yosys # fpga synthesis
-    pkgs-unstable.nextpnr # fpga place and route
+      nextpnr # fpga place and route
-    pkgs-unstable.openfpgaloader # fpga programming
+      openfpgaloader # fpga programming
      # nur-ryan4yin.packages.${pkgs.system}.gowin-eda-edu-ide # app: `gowin-env` => `gw_ide` / `gw_pack` / ...
-  ];
+    ]);
  programs = {
    # live streaming
    obs-studio = {
-      enable = true;
+      enable = pkgs.stdenv.isx86_64;
-      plugins = with pkgs.obs-studio-plugins; [
+      plugins = with pkgs.obs-studio-plugins;
        [
          # screen capture
          wlrobs
          # obs-ndi
        obs-vaapi
          # obs-nvfbc
          obs-teleport
          # obs-hyperion
          droidcam-obs
          obs-vkcapture
          obs-gstreamer
        obs-3d-effect
          input-overlay
          obs-multi-rtmp
          obs-source-clone
@@ -61,7 +65,11 @@
          obs-backgroundremoval
          # advanced-scene-switcher
          obs-pipewire-audio-capture
-      ];
+        ]
        ++ (lib.optionals pkgs.stdenv.isx86_64 [
          obs-vaapi
          obs-3d-effect
        ]);
    };
  };
 }
@@ -1,26 +0,0 @@
 # Vertical Candidate List
 Vertical Candidate List=False
 # Use Per Screen DPI
 PerScreenDPI=True
 # Use mouse wheel to go to prev or next page
 WheelForPaging=True
 # Font
 Font="Sans 10"
 # Menu Font
 MenuFont="Sans 10"
 # Tray Font
 TrayFont="Sans Bold 10"
 # Tray Label Outline Color
 TrayOutlineColor=#000000
 # Tray Label Text Color
 TrayTextColor=#ffffff
 # Prefer Text Icon
 PreferTextIcon=False
 # Show Layout Name In Icon
 ShowLayoutNameInIcon=True
 # Use input method language to display text
 UseInputMethodLangaugeToDisplayText=True
 # Theme macchiato, frappe, latte, mocha
 Theme=catppuccin-mocha
 # Force font DPI on Wayland
 ForceWaylandDPI=0
@@ -1,10 +1,4 @@
-{
+{pkgs, ...}: {
  pkgs,
  nur-ryan4yin,
  ...
 }: {
  home.file.".local/share/fcitx5/themes".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-fcitx5}/src";
  xdg.configFile = {
    "fcitx5/profile" = {
      source = ./profile;
@@ -12,12 +6,12 @@
      # so we need to force replace it in every rebuild to avoid file conflict.
      force = true;
    };
    "fcitx5/conf/classicui.conf".source = ./classicui.conf;
  };
  i18n.inputMethod = {
    enable = true;
    type = "fcitx5";
    fcitx5.waylandFrontend = true;
    fcitx5.addons = with pkgs; [
      # for flypy chinese input method
      fcitx5-rime
@@ -42,16 +42,5 @@
      name = "Papirus-Dark";
      package = pkgs.papirus-icon-theme;
    };
    theme = {
      # https://github.com/catppuccin/gtk
      name = "catppuccin-macchiato-pink-compact";
      package = pkgs.catppuccin-gtk.override {
        # https://github.com/NixOS/nixpkgs/blob/nixos-23.05/pkgs/data/themes/catppuccin-gtk/default.nix
        accents = ["pink"];
        size = "compact";
        variant = "macchiato";
      };
    };
  };
 }
@@ -6,39 +6,30 @@
 }:
 # media - control and enjoy audio/video
 {
-  home.packages = with pkgs; [
+  home.packages = with pkgs;
    [
      # audio control
      pavucontrol
      playerctl
      pulsemixer
      imv # simple image viewer
    nvtopPackages.full
      # video/audio tools
    # cava # for visualizing audio
      libva-utils
      vdpauinfo
      vulkan-tools
      glxinfo
-
+      nvitop
    ]
    ++ (lib.optionals pkgs.stdenv.isx86_64 [
      (zoom-us.override {hyprlandXdgDesktopPortalSupport = true;})
-  ];
+    ]);
-  # https://github.com/catppuccin/cava
+  programs.mpv = {
  xdg.configFile."cava/config".text =
    ''
      # custom cava config
    ''
    + builtins.readFile "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-cava}/mocha.cava";
  programs = {
    mpv = {
    enable = true;
    defaultProfiles = ["gpu-hq"];
    scripts = [pkgs.mpvScripts.mpris];
  };
  };
  services = {
    playerctld.enable = true;
@@ -20,17 +20,10 @@
    # my custom hardened packages
    pkgs.nixpaks.qq
    pkgs.nixpaks.qq-desktop-item
-
+    # qqmusic
-    wechat-uos
+    pkgs.bwraps.wechat
    # pkgs.nixpaks.wechat-uos
    # pkgs.nixpaks.wechat-uos-desktop-item
  ];
  # GitHub CLI tool
  programs.gh = {
    enable = true;
  };
  # allow fontconfig to discover fonts and configurations installed through home.packages
  # Install fonts at system-level, not user-level
  fonts.fontconfig.enable = false;
@@ -1,7 +1,7 @@
-{pkgs-stable, ...}: {
+{pkgs, ...}: {
-  home.packages = with pkgs-stable; [
+  home.packages = with pkgs; (lib.optionals pkgs.stdenv.isx86_64 [
    # https://joplinapp.org/help/
    joplin # joplin-cli
    joplin-desktop
-  ];
+  ]);
 }
@@ -32,7 +32,7 @@
      enable = true;
      # let `xdg-open` to open the url with the correct application.
      defaultApplications = let
-        browser = ["firefox.desktop" "google-chrome.desktop"];
+        browser = ["google-chrome.desktop" "firefox.desktop"];
        editor = ["nvim.desktop" "Helix.desktop" "code.desktop" "code-insiders.desktop"];
      in {
        "application/json" = browser;
@@ -1,3 +1,6 @@
-{mylib, ...}: {
+{pkgs, ...}: {
-  imports = mylib.scanPaths ./.;
+  home.packages = with pkgs; [
    zed-editor
    code-cursor
  ];
 }
@@ -1,5 +0,0 @@
 {pkgs, ...}: {
  home.packages = with pkgs; [
    zed-editor
  ];
 }
@@ -30,6 +30,7 @@ cursor {
 ecosystem {
  no_donation_nag = true
  no_update_news = true
 }
 misc {
@@ -122,7 +123,12 @@ input {
    natural_scroll=0
    touchpad {
        disable_while_typing = true
        natural_scroll = 1
        clickfinger_behavior = true
        tap-to-click = true
        tap-and-drag = true
    }
 	force_no_accel=0
    # repeat_rate=
@@ -10,12 +10,13 @@
 windowrulev2   =   workspace 1,     class:^(foot)$
 windowrulev2   =   workspace 2,     class:^(Alacritty)$
 # Work Chat / Meeting
-windowrulev2   =   workspace 3,     class:^(zoom)$
+windowrulev2   =   workspace 3,     class:^(Zoom Workplace)$
 # Browsers
 windowrulev2   =   workspace 4,     class:^(firefox)$
 windowrulev2   =   workspace 5,     class:^(google-chrome)$
 # Chat
 windowrulev2   =   workspace 6,     class:^(QQ)$
 windowrulev2   =   workspace 6,     class:^(wechat)$
 windowrulev2   =   workspace 6,     class:^(org.telegram.desktop)$
 # Music
 # windowrulev2   =   workspace 7,     class:^(music)$
@@ -23,12 +24,14 @@ windowrulev2   =   workspace 6,     class:^(org.telegram.desktop)$
 windowrulev2   =   workspace 8,     class:^(thunderbird)$,title:^(.*Reminder)
 # File Manager & Image/PDF Viewer
 windowrulev2   =   workspace 9,     class:^(thunder)$
 windowrulev2   =   workspace 9,     class:^(code)$ # VS Code
 windowrulev2   =   workspace 9,     class:^(cursor)$ # Cursor AI Editor
 # Other
 windowrulev2   =   workspace 10,     class:^(code)$ # VS Code
 windowrulev2   =   workspace 10,     class:^(org.wireshark.Wireshark)$
 # Float             RULE               WINDOW
 windowrulev2   =    float,             class:^(Zoom Workplace)$
 windowrulev2   =    float,             class:^(pulsemixer)$
 windowrulev2   =    float,             class:^(org.pulseaudio.pavucontrol)$
 windowrulev2   =    float,             class:^(nm-connection-editor)$
@@ -44,7 +47,7 @@ windowrulev2   =    float,             class:^(thunderbird)$,title:^(.*Reminder)
 # ============================================================================
 # Steam
-# Fix: Steam menus dissapearing on mouseover
+# Fix: Steam menus disappearing on mouseover
 windowrulev2   =   stayfocused,        title:^()$,  class:^(steam)$
 windowrulev2   =   minsize 1 1,        title:^()$,  class:^(steam)$
 # Fix: Steam starts in a broken position as float window
@@ -13,25 +13,25 @@ general {
 #     on-resume = brightnessctl -rd rgb:kbd_backlight        # turn on keyboard backlight.
 # }
-listener {
+# listener {
-    timeout = 180                                # 3min.
+#     timeout = 600                                # 10min.
-    on-timeout = brightnessctl -s set 10         # set monitor backlight to minimum, avoid 0 on OLED monitor.
+#     on-timeout = brightnessctl -s set 10         # set monitor backlight to minimum, avoid 0 on OLED monitor.
-    on-resume = brightnessctl -r                 # monitor backlight restore.
+#     on-resume = brightnessctl -r                 # monitor backlight restore.
-}
+# }
 listener {
-    timeout = 300                                     # 5 minutes
+    timeout = 1200                                     # 20 minutes
    on-timeout = pidof hyprlock || hyprlock           # lock screen
    on-resume = hyprctl dispatch dpms on              # monitor wake up
 }
 listener {
-    timeout = 360                                              # 6 minutes
+    timeout = 1260                                             # 21 minutes
    on-timeout = hyprctl dispatch dpms off                     # screen off
    on-resume = hyprctl dispatch dpms on && brightnessctl -r   # monitor wake up & screen on
 }
 # listener {
-#     timeout = 600                                # 10min
+#     timeout = 1800                                # 30min
 #     on-timeout = systemctl suspend                # suspend pc
 # }
@@ -12,7 +12,7 @@ on-touch=dismiss
 on-notify=exec mpv /usr/share/sounds/freedesktop/stereo/message.oga
 # STYLE OPTIONS
-font=JetBrains Mono 10
+font=Maple Mono NF CN
 width=300
 height=100
 margin=10
@@ -3,7 +3,7 @@
 * {
  /* https://docs.gtk.org/gtk3/css-overview.html#colors */
  color: @text;
-  font-family: "JetBrainsMono Nerd Font";
+  font-family: "Maple Mono NF CN";
  font-size: 12pt;
  font-weight: bold;
  border-radius: 8px;
@@ -149,4 +149,3 @@ tooltip label {
  padding-right: 8px;
  padding-left: 10px;
 }
@@ -1,6 +1,6 @@
 /** ********** Fonts ********** **/
 * {
-  font-family: "JetBrains Mono", "Iosevka Nerd Font", sans-serif;
+  font-family: "Maple Mono NF CN", sans-serif;
  font-size: 14px;
  font-weight: bold;
 }
@@ -14,12 +14,13 @@ in {
    wayland.windowManager.hyprland.settings.env = [
      # for hyprland with nvidia gpu, ref https://wiki.hyprland.org/Nvidia/
      "LIBVA_DRIVER_NAME,nvidia"
      "XDG_SESSION_TYPE,wayland"
      "GBM_BACKEND,nvidia-drm"
      "AQ_DRM_DEVICES,/dev/dri/card1"
      "__GLX_VENDOR_LIBRARY_NAME,nvidia"
-      # fix https://github.com/hyprwm/Hyprland/issues/1520
+      # enable native Wayland support for most Electron apps
-      "WLR_NO_HARDWARE_CURSORS,1"
+      "ELECTRON_OZONE_PLATFORM_HINT,auto"
      # VA-API hardware video acceleration
      "NVD_BACKEND,direct"
      "GBM_BACKEND,nvidia-drm"
    ];
  };
 }
@@ -32,7 +32,7 @@
      * {
        transition: 200ms ease;
-        font-family: "JetBrainsMono Nerd Font";
+        font-family: "Maple Mono NF CN";
        font-size: 1.3rem;
      }
@@ -52,7 +52,7 @@
        background-color: @bg-col;
      }
-      /* anyrun's ouput matches entries - Base */
+      /* anyrun's output matches entries - Base */
      #match {
        color: @fg-col;
        background: @bg-col;
@@ -1,8 +1,6 @@
 {
  pkgs,
  config,
  lib,
  nur-ryan4yin,
  ...
 }: let
  package = pkgs.hyprland;
@@ -23,18 +21,22 @@ in {
    enable = true;
    systemd.enable = true;
  };
  # Disable catppuccin to avoid conflict with my non-nix config.
  catppuccin.waybar.enable = false;
  # screen locker
  programs.hyprlock.enable = true;
  # Logout Menu
  programs.wlogout.enable = true;
  catppuccin.wlogout.enable = false;
  # Hyprland idle daemon
  services.hypridle.enable = true;
  # notification daemon, the same as dunst
  services.mako.enable = true;
  catppuccin.mako.enable = false;
  # NOTE:
  # We have to enable hyprland/i3's systemd user service in home-manager,
@@ -47,7 +49,6 @@ in {
      source = let
        configPath = "${config.home.homeDirectory}/.config/hypr/configs";
      in [
        "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-hyprland}/themes/mocha.conf"
        "${configPath}/exec.conf"
        "${configPath}/fcitx5.conf"
        "${configPath}/keybindings.conf"
@@ -64,6 +65,7 @@ in {
        "QT_QPA_PLATFORM,wayland"
        "SDL_VIDEODRIVER,wayland"
        "GDK_BACKEND,wayland"
        "XDG_SESSION_TYPE,wayland"
      ];
    };
    # gammastep/wallpaper-switcher need this to be enabled.
@@ -1,6 +1,6 @@
 {
  pkgs,
-  nur-ryan4yin,
+  pkgs-stable,
  ...
 }: {
  home.packages = with pkgs; [
@@ -12,7 +12,8 @@
  programs = {
    # source code: https://github.com/nix-community/home-manager/blob/master/modules/programs/chromium.nix
    google-chrome = {
-      enable = true;
+      enable = pkgs.stdenv.isx86_64;
      package = pkgs-stable.google-chrome;
      # https://wiki.archlinux.org/title/Chromium#Native_Wayland_support
      commandLineArgs = [
@@ -1,16 +1,8 @@
 # Host - Shoukei
-This is NixOS's configuration for my Macbook Pro 2022 Intel i5, 13.3-inch, 16G RAM + 512G SSD.
+This is NixOS's configuration for my Macbook Pro 2022 M2, 16G RAM.
 Related:
 - [/nixos-installer/README.shoukei.md](/nixos-installer/README.shoukei.md)
- <https://github.com/NixOS/nixos-hardware/tree/master/apple/t2>
+- https://github.com/nix-community/nixos-apple-silicon/blob/main/docs/uefi-standalone.md
 - <https://wiki.t2linux.org/distributions/nixos/installation/>
 TODOs:
 - [ ] Resume from suspend(close the lid) doesn't work
 - [ ] Show battery percentage in i3blocks/waybar
 - [ ] Touchbar unusable some times
  - It works on boot, but after a while it stops working
@@ -1,61 +0,0 @@
 {
  pkgs,
  config,
  lib,
  ...
 }: let
  t2Cfg = config.hardware.myapple-t2;
  efiPrefix = config.boot.loader.efi.efiSysMountPoint;
  apple-set-os-loader-installer = pkgs.stdenv.mkDerivation rec {
    name = "apple-set-os-loader-installer-1.0";
    src = pkgs.fetchFromGitHub {
      owner = "Redecorating";
      repo = "apple_set_os-loader";
      rev = "r33.9856dc4";
      sha256 = "hvwqfoF989PfDRrwU0BMi69nFjPeOmSaD6vR6jIRK2Y=";
    };
    buildInputs = [pkgs.gnu-efi];
    buildPhase = ''
      substituteInPlace Makefile --replace "/usr" '$(GNU_EFI)'
      export GNU_EFI=${pkgs.gnu-efi}
      make
    '';
    installPhase = ''
      install -D bootx64_silent.efi $out/bootx64.efi
    '';
  };
 in {
  options = {
    hardware.myapple-t2.enableAppleSetOsLoader = lib.mkOption {
      default = false;
      type = lib.types.bool;
      description = "Whether to enable the appleSetOsLoader activation script.";
    };
  };
  config = {
    # Activation script to install apple-set-os-loader in order to unlock the iGPU
    system.activationScripts.myappleSetOsLoader = lib.optionalString t2Cfg.enableAppleSetOsLoader ''
      if [[ -e ${efiPrefix}/efi/boot/bootx64_original.efi ]]; then
        true # It's already installed, no action required
      elif [[ -e ${efiPrefix}/efi/boot/bootx64.efi ]]; then
        # Copy the new bootloader to a temporary location
        cp ${apple-set-os-loader-installer}/bootx64.efi ${efiPrefix}/efi/boot/bootx64_temp.efi
        # Rename the original bootloader
        mv ${efiPrefix}/efi/boot/bootx64.efi ${efiPrefix}/efi/boot/bootx64_original.efi
        # Move the new bootloader to the final destination
        mv ${efiPrefix}/efi/boot/bootx64_temp.efi ${efiPrefix}/efi/boot/bootx64.efi
      else
        echo "Error: ${efiPrefix}/efi/boot/bootx64.efi is missing" >&2
      fi
    '';
    # Enable the iGPU by default if present
    environment.etc."modprobe.d/apple-gmux.conf".text = lib.optionalString t2Cfg.enableAppleSetOsLoader ''
      options apple-gmux force_igd=y
    '';
  };
 }
@@ -1,10 +0,0 @@
 {pkgs, ...}:
 pkgs.stdenvNoCC.mkDerivation {
  name = "brcm-firmware";
  nativeBuildInputs = with pkgs; [gnutar xz];
  buildCommand = ''
    dir="$out/lib/"
    mkdir -p "$dir"
    tar -axvf ${./firmware.tar.xz} -C "$dir"
  '';
 }
@@ -1,27 +0,0 @@
 {
  "nodes": {
    "nixpkgs": {
      "locked": {
        "lastModified": 1703068421,
        "narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "nixpkgs": "nixpkgs"
      }
    }
  },
  "root": "root",
  "version": 7
 }
@@ -1,10 +0,0 @@
 {
  # a flake for testing
  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
  outputs = {nixpkgs, ...}: let
    system = "x86_64-linux";
    pkgs = import nixpkgs {inherit system;};
  in {
    packages."${system}".default = pkgs.callPackage ./default.nix {};
  };
 }
@@ -1,32 +1,20 @@
-{
+{myvars, ...}:
  nixos-hardware,
  myvars,
  ...
 }:
 #############################################################
 #
-#  Shoukei - NixOS running on Macbook Pro 2020 I5 16G
+#  Shoukei - NixOS running on Macbook Pro 2022 M2 16G
 #   https://github.com/NixOS/nixos-hardware/tree/master/apple/t2
 #
 #############################################################
 let
  hostName = "shoukei"; # Define your hostname.
 in {
  imports = [
    nixos-hardware.nixosModules.apple-t2
    ./apple-set-os-loader.nix
    {hardware.myapple-t2.enableAppleSetOsLoader = true;}
    ./hardware-configuration.nix
-    ../idols-ai/impermanence.nix
+    ../idols-ai/preservation.nix
  ];
  boot.kernelModules = ["kvm-amd"];
  boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
  networking = {
    inherit hostName;
-    inherit (myvars.networking) defaultGateway nameservers;
+    inherit (myvars.networking) nameservers;
    # configures the network interface(include wireless) via `nmcli` & `nmtui`
    networkmanager.enable = true;
@@ -38,5 +26,5 @@ in {
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "25.05"; # Did you read the comment?
+  system.stateVersion = "25.11"; # Did you read the comment?
 }
@@ -6,29 +6,46 @@
  lib,
  pkgs,
  modulesPath,
  nixos-apple-silicon,
  my-asahi-firmware,
  ...
-}: {
+}: let
  device = "/dev/disk/by-uuid/c2e8b249-240e-4eef-bf4e-81e7dbbf4887";
 in {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    nixos-apple-silicon.nixosModules.default
  ];
-  hardware.firmware = [
+  # Specify path to peripheral firmware files.
-    (import ./brcm-firmware {inherit pkgs;})
+  hardware.asahi = {
-  ];
+    enable = true;
    peripheralFirmwareDirectory = "${my-asahi-firmware}/macbook-pro-m2-a2338";
-  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"];
+    # build the Asahi Linux Kernel with Rust support
-  boot.initrd.kernelModules = [];
+    withRust = true;
-  boot.kernelModules = ["kvm-intel"];
+    # use apple-silicon's GPU instead of CPU
-  boot.extraModulePackages = [];
+    useExperimentalGPUDriver = true;
    # How to install the Asahi Mesa driver
    experimentalGPUInstallMode = "driver"; # driver / replace(for non-flakes) / overlay
  };
-  # Use the EFI boot loader.
+  networking.wireless.iwd = {
-  boot.loader.efi.canTouchEfiVariables = true;
+    enable = true;
    settings.General.EnableNetworkConfiguration = true;
  };
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = false;
  # depending on how you configured your disk mounts, change this to /boot or /boot/efi.
  boot.loader.efi.efiSysMountPoint = "/boot";
  boot.loader.systemd-boot.enable = true;
-  # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
+  # For ` to < and ~ to > (for those with US keyboards)
-  boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
+  # boot.extraModprobeConfig = ''
  #   options hid_apple iso_layout=0
  # '';
  # supported file systems, so we can mount any removable disks with these filesystems
  boot.supportedFilesystems = lib.mkForce [
    "ext4"
@@ -45,7 +62,7 @@
  boot.initrd = {
    # unlocked luks devices via a keyfile or prompt a passphrase.
    luks.devices."crypted-nixos" = {
-      device = "/dev/nvme0n1p4";
+      device = "/dev/disk/by-uuid/1c37820e-2501-46e4-bec4-27c28691a5b4";
      # the keyfile(or device partition) that should be used as the decryption key for the encrypted device.
      # if not specified, you will be prompted for a passphrase instead.
      #keyFile = "/root-part.key";
@@ -60,51 +77,77 @@
    };
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/01CE-1DFD";
    fsType = "vfat";
    options = [
      "fmask=0022"
      "dmask=0022"
    ];
  };
  # equal to `mount -t tmpfs tmpfs /`
  fileSystems."/" = {
    device = "tmpfs";
    fsType = "tmpfs";
    # set mode to 755, otherwise systemd will set it to 777, which cause problems.
    # relatime: Update inode access times relative to modify or change time.
-    options = ["relatime" "mode=755"];
+    options = [
-  };
+      "relatime"
-
+      "mode=755"
-  fileSystems."/boot" = {
+    ];
    device = "/dev/nvme0n1p1";
    fsType = "vfat";
  };
  fileSystems."/nix" = {
-    device = "/dev/disk/by-uuid/2f4db246-e65d-4808-8ab4-5365f9dea1ef";
+    inherit device;
    fsType = "btrfs";
-    options = ["subvol=@nix" "noatime" "compress-force=zstd:1"];
+    options = [
      "subvol=@nix"
      "noatime"
      "compress-force=zstd:1"
    ];
  };
  fileSystems."/tmp" = {
-    device = "/dev/disk/by-uuid/2f4db246-e65d-4808-8ab4-5365f9dea1ef";
+    inherit device;
    fsType = "btrfs";
-    options = ["subvol=@tmp" "noatime" "compress-force=zstd:1"];
+    options = [
      "subvol=@tmp"
      "noatime"
      "compress-force=zstd:1"
    ];
  };
  fileSystems."/persistent" = {
-    device = "/dev/disk/by-uuid/2f4db246-e65d-4808-8ab4-5365f9dea1ef";
+    inherit device;
    fsType = "btrfs";
-    options = ["subvol=@persistent" "noatime" "compress-force=zstd:1"];
+    options = [
-    # impermanence's data is required for booting.
+      "subvol=@persistent"
      "noatime"
      "compress-force=zstd:1"
    ];
    # preservation's data is required for booting.
    neededForBoot = true;
  };
  fileSystems."/snapshots" = {
-    device = "/dev/disk/by-uuid/2f4db246-e65d-4808-8ab4-5365f9dea1ef";
+    inherit device;
    fsType = "btrfs";
-    options = ["subvol=@snapshots" "noatime" "compress-force=zstd:1"];
+    options = [
      "subvol=@snapshots"
      "noatime"
      "compress-force=zstd:1"
    ];
  };
  # mount swap subvolume in readonly mode.
  fileSystems."/swap" = {
-    device = "/dev/disk/by-uuid/2f4db246-e65d-4808-8ab4-5365f9dea1ef";
+    inherit device;
    fsType = "btrfs";
-    options = ["subvol=@swap" "ro"];
+    options = [
      "subvol=@swap"
      "ro"
    ];
  };
  # remount swapfile in read-write mode
@@ -114,7 +157,10 @@
    device = "/swap/swapfile";
    fsType = "none";
-    options = ["bind" "rw"];
+    options = [
      "bind"
      "rw"
    ];
  };
  swapDevices = [
@@ -126,9 +172,7 @@
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp230s0f1u1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp229s0.useDHCP = lib.mkDefault true;
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
@@ -1,17 +1,15 @@
-{config, ...}: let
+{ config, ... }:
 let
  hostName = "shoukei"; # Define your hostname.
-in {
+in
 {
  modules.desktop.hyprland = {
    nvidia = false;
-    settings = {
+    settings.source = [
-      # Configure your Display resolution, offset, scale and Monitors here, use `hyprctl monitors` to get the info.
+      "${config.home.homeDirectory}/nix-config/hosts/12kingdoms-shoukei/hypr-hardware.conf"
-      #   highres:      get the best possible resolution
+    ];
      #   auto:         position automatically
      #   1.5:          scale to 1.5 times
      #   bitdepth,10:  enable 10 bit support
      monitor = "eDP-1,highres,auto,1.5,bitdepth,10";
    };
  };
-  programs.ssh.matchBlocks."github.com".identityFile = "${config.home.homeDirectory}/.ssh/${hostName}";
+  programs.ssh.matchBlocks."github.com".identityFile =
    "${config.home.homeDirectory}/.ssh/${hostName}";
 }
@@ -0,0 +1,9 @@
 # https://wiki.hyprland.org/Configuring/Monitors/
 #
 # Configure your Display resolution, offset, scale and Monitors here, use `hyprctl monitors` to get the info.
 #   highres:      get the best possible resolution
 #   auto:         position automatically
 #   1.25:          scale to 1.25 times
 #   bitdepth,10:  enable 10 bit support
 monitor=eDP-1,      highres@highrr,  0x0,         1.25,  bitdepth,10
@@ -1,11 +1,5 @@
 # Hosts
 1. `12kingdoms`:
   1. `shoukei`: NixOS on Macbook Pro 2020 Intel i5, 13.3-inch, 16G RAM + 512G SSD.
 1. `darwin`(macOS)
   1. `fern`: MacBook Pro 2022 13-inch M2 16G, mainly for business.
   1. `harmonica`: MacBook Pro 2020 13-inch i5 16G, for personal use.
 1. `k8s`: My Kubevirt & Kubernetes Clusters
 1. `idols`
   1. `ai`: My main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use.
   2. `aquamarine`: Kubevirt Virtual Machine.
@@ -13,6 +7,12 @@
        and other services.
   3. `ruby`: Not used now.
   4. `kana`: Not used now.
 1. `k8s`: My Kubevirt & Kubernetes Clusters
 1. `darwin`(macOS)
   1. `fern`: MacBook Pro 2022 13-inch M2 16G, mainly for personal use.
   1. `frieren`: MacBook Pro 2024 14-inch M4Pro 48G, mainly for work.
 1. `12kingdoms`:
   1. `shoukei`: NixOS on MacBook Pro 2022 M2.
 1. Other aarch64/riscv64 SBCs:
   [ryan4yin/nixos-config-sbc](https://github.com/ryan4yin/nixos-config-sbc)
@@ -1,13 +0,0 @@
 _:
 #############################################################
 #
 #  Harmonica - MacBook Pro 2020 13-inch i5 16G, mainly for personal use
 #
 #############################################################
 let
  hostname = "harmonica";
 in {
  networking.hostName = hostname;
  networking.computerName = hostname;
  system.defaults.smb.NetBIOSName = hostname;
 }
@@ -1,2 +0,0 @@
 _: {
 }
@@ -18,21 +18,21 @@ in {
    ./hardware-configuration.nix
    ./nvidia.nix
-    ./impermanence.nix
+    ./preservation.nix
    ./secureboot.nix
  ];
  networking = {
    inherit hostName;
-    # desktop need its cli for status bar & wifi network.
+    # we use networkd instead
-    networkmanager.enable = true;
+    networkmanager.enable = false; # provides nmcli/nmtui for wifi adjustment
    useDHCP = false;
  };
  networking.useNetworkd = true;
  systemd.network.enable = true;
  # Add ipv4 address to the bridge.
  systemd.network.networks."10-${iface}" = {
    matchConfig.Name = [iface];
    networkConfig = {
@@ -56,9 +56,6 @@ in {
    linkConfig.RequiredForOnline = "routable";
  };
  # conflict with feature: containerd-snapshotter
  # virtualisation.docker.storageDriver = "btrfs";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
@@ -18,8 +18,8 @@
  boot.loader.efi.efiSysMountPoint = "/boot";
  boot.loader.systemd-boot.enable = true;
-  # boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
-  boot.kernelPackages = pkgs.linuxPackages_xanmod_latest;
+  # boot.kernelPackages = pkgs.linuxPackages_xanmod_latest;
  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
  boot.initrd.kernelModules = [];
@@ -96,7 +96,7 @@
    device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
    fsType = "btrfs";
    options = ["subvol=@persistent" "compress-force=zstd:1"];
-    # impermanence's data is required for booting.
+    # preservation's data is required for booting.
    neededForBoot = true;
  };
@@ -7,9 +7,11 @@
 #   bitdepth,10:  enable 10 bit support
 #
 # P32A2V  -  3840x2160@144
-monitor=DP-2,      highres@highrr,  0x0,         1.5,  bitdepth,10, cm, hdr, sdrbrightness, 1.3, sdrsaturation, 1
+#   Hyprshot have problems which HDR.
 # monitor=DP-2,      highres@highrr,  0x0,         1.5,  bitdepth,10, cm, hdr, sdrbrightness, 1.3, sdrsaturation, 1
 monitor=DP-2,      highres@highrr,  0x0,         1.5,  bitdepth,10
 # 27D1U   -  3840x2160@60
-monitor=HDMI-A-1,  highres@highrr,  auto-right,  1.5,  bitdepth,10, cm, hdr, sdrbrightness, 1.3, sdrsaturation, 1
+monitor=HDMI-A-1,  highres@highrr,  auto-right,  1.5,  bitdepth,10
 # Bind Workspace to Monitors
@@ -1,151 +0,0 @@
 {
  impermanence,
  pkgs,
  ...
 }: {
  imports = [
    impermanence.nixosModules.impermanence
  ];
  environment.systemPackages = [
    # `sudo ncdu -x /`
    pkgs.ncdu
  ];
  # There are two ways to clear the root filesystem on every boot:
  ##  1. use tmpfs for /
  ##  2. (btrfs/zfs only)take a blank snapshot of the root filesystem and revert to it on every boot via:
  ##     boot.initrd.postDeviceCommands = ''
  ##       mkdir -p /run/mymount
  ##       mount -o subvol=/ /dev/disk/by-uuid/UUID /run/mymount
  ##       btrfs subvolume delete /run/mymount
  ##       btrfs subvolume snapshot / /run/mymount
  ##     '';
  #
  #  See also https://grahamc.com/blog/erase-your-darlings/
  # NOTE: impermanence only mounts the directory/file list below to /persistent
  # If the directory/file already exists in the root filesystem, you should
  # move those files/directories to /persistent first!
  environment.persistence."/persistent" = {
    # sets the mount option x-gvfs-hide on all the bind mounts
    # to hide them from the file manager
    hideMounts = true;
    directories = [
      "/etc/NetworkManager/system-connections"
      "/etc/ssh"
      "/etc/nix/inputs"
      "/etc/secureboot" # lanzaboote - secure boot
      # my secrets
      "/etc/agenix/"
      "/var/log"
      "/var/lib"
      # created by modules/nixos/misc/fhs-fonts.nix
      # for flatpak apps
      # "/usr/share/fonts"
      # "/usr/share/icons"
    ];
    files = [
      "/etc/machine-id"
    ];
    # the following directories will be passed to /persistent/home/$USER
    users.ryan = {
      directories = [
        "codes"
        "nix-config"
        "tmp"
        "Downloads"
        "Music"
        "Pictures"
        "Documents"
        "Videos"
        {
          directory = ".gnupg";
          mode = "0700";
        }
        {
          directory = ".ssh";
          mode = "0700";
        }
        # misc
        ".config/pulse"
        ".pki"
        ".steam" # steam games
        # cloud native
        {
          # pulumi - infrastructure as code
          directory = ".pulumi";
          mode = "0700";
        }
        {
          directory = ".aws";
          mode = "0700";
        }
        {
          directory = ".docker";
          mode = "0700";
        }
        {
          directory = ".kube";
          mode = "0700";
        }
        # remote desktop
        ".config/remmina"
        ".config/freerdp"
        # doom-emacs
        ".config/emacs"
        "org" #  org files
        # vscode
        ".vscode"
        ".vscode-insiders"
        ".config/Code/User"
        ".config/Code - Insiders/User"
        # zed editor
        ".config/zed"
        # browsers
        ".mozilla"
        ".config/google-chrome"
        # neovim / remmina / flatpak / ...
        ".local/share"
        ".local/state"
        # language package managers
        ".npm"
        ".conda" # generated by `conda-shell`
        "go"
        ".cargo" # rust
        ".m2" # maven
        ".gradle" # gradle
        # neovim plugins(wakatime & copilot)
        ".wakatime"
        ".config/github-copilot"
        # others
        ".config/blender"
        ".config/LDtk"
        # IM
        ".config/QQ"
        ".xwechat"
      ];
      files = [
        ".wakatime.cfg"
        ".config/nushell/history.txt"
      ];
    };
  };
 }
@@ -1,21 +1,22 @@
-{pkgs-unstable, ...}: {
+{config, ...}: {
  # ===============================================================================================
  # for Nvidia GPU
  # https://wiki.nixos.org/wiki/NVIDIA
  # https://wiki.hyprland.org/Nvidia/
  # ===============================================================================================
  # https://wiki.hyprland.org/Nvidia/
  boot.kernelParams = [
    "nvidia.NVreg_PreserveVideoMemoryAllocations=1"
    # Since NVIDIA does not load kernel mode setting by default,
    # enabling it is required to make Wayland compositors function properly.
    "nvidia-drm.fbdev=1"
  ];
  services.xserver.videoDrivers = ["nvidia"]; # will install nvidia-vaapi-driver by default
  hardware.nvidia = {
-    open = false;
+    # Open-source kernel modules are preferred over and planned to steadily replace proprietary modules
    open = true;
    # Optionally, you may need to select the appropriate driver version for your specific GPU.
    # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/os-specific/linux/nvidia-x11/default.nix
-    # package = config.boot.kernelPackages.nvidiaPackages.stable;
+    package = config.boot.kernelPackages.nvidiaPackages.beta;
    # required by most wayland compositors!
    modesetting.enable = true;
@@ -28,18 +29,9 @@
    # needed by nvidia-docker
    enable32Bit = true;
  };
  # disable cudasupport before this issue get fixed:
  # https://github.com/NixOS/nixpkgs/issues/338315
  nixpkgs.config.cudaSupport = false;
  nixpkgs.overlays = [
    (_: super: {
      blender = super.blender.override {
        # https://nixos.org/manual/nixpkgs/unstable/#opt-cudaSupport
        cudaSupport = true;
        waylandSupport = true;
      };
      # ffmpeg-full = super.ffmpeg-full.override {
      #   withNvcodec = true;
      # };
@@ -0,0 +1,360 @@
 {
  preservation,
  pkgs,
  myvars,
  ...
 }: let
  inherit (myvars) username;
 in {
  imports = [
    preservation.nixosModules.default
  ];
  preservation.enable = true;
  # pverservation required initrd using systemd.
  boot.initrd.systemd.enable = true;
  environment.systemPackages = [
    # `sudo ncdu -x /`
    pkgs.ncdu
  ];
  # There are two ways to clear the root filesystem on every boot:
  ##  1. use tmpfs for /
  ##  2. (btrfs/zfs only)take a blank snapshot of the root filesystem and revert to it on every boot via:
  ##     boot.initrd.postDeviceCommands = ''
  ##       mkdir -p /run/mymount
  ##       mount -o subvol=/ /dev/disk/by-uuid/UUID /run/mymount
  ##       btrfs subvolume delete /run/mymount
  ##       btrfs subvolume snapshot / /run/mymount
  ##     '';
  #
  #  See also https://grahamc.com/blog/erase-your-darlings/
  # NOTE: preservation only mounts the directory/file list below to /persistent
  # If the directory/file already exists in the root filesystem you should
  # move those files/directories to /persistent first!
  preservation.preserveAt."/persistent" = {
    directories = [
      "/etc/NetworkManager/system-connections"
      "/etc/ssh"
      "/etc/nix/inputs"
      "/etc/secureboot" # lanzaboote - secure boot
      # my secrets
      "/etc/agenix/"
      "/var/log"
      # system-core
      "/var/lib/nixos"
      "/var/lib/systemd"
      {
        directory = "/var/lib/private";
        mode = "0700";
      }
      # containers
      # "/var/lib/docker"
      "/var/lib/cni"
      "/var/lib/containers"
      # other data
      "/var/lib/flatpak"
      # virtualisation
      "/var/lib/libvirt"
      "/var/lib/lxc"
      "/var/lib/lxd"
      "/var/lib/qemu"
      # "/var/lib/waydroid"
      # network
      "/var/lib/tailscale"
      "/var/lib/bluetooth"
      "/var/lib/NetworkManager"
      "/var/lib/iwd"
    ];
    files = [
      # auto-generated machine ID
      {
        file = "/etc/machine-id";
        inInitrd = true;
      }
    ];
    # the following directories will be passed to /persistent/home/$USER
    users.${username} = {
      commonMountOptions = [
        "x-gvfs-hide"
      ];
      directories = [
        # ======================================
        # XDG Directories
        # ======================================
        "Downloads"
        "Music"
        "Pictures"
        "Documents"
        "Videos"
        # ======================================
        # Codes / Work / Playground
        # ======================================
        "codes" # for personal code
        "work" # for work contains a .gitconfig with my work email.
        "nix-config"
        "tmp"
        # ======================================
        # Nix / Home Manager Profiles
        # ======================================
        ".local/state/home-manager"
        ".local/state/nix/profiles"
        ".local/share/nix"
        # ======================================
        # IDE / Editors
        # ======================================
        # neovim plugins(wakatime & copilot)
        ".wakatime"
        ".config/github-copilot"
        # vscode
        ".vscode"
        ".config/Code"
        ".vscode-insiders"
        ".config/Code - Insiders"
        # cursor ai editor
        ".cursor"
        ".config/Cursor"
        # zed editor
        ".config/zed"
        ".local/share/zed"
        # ai agents
        ".claude"
        ".gemini"
        # nvim
        ".local/share/nvim"
        ".local/state/nvim"
        # doom-emacs
        # "org" # org files
        # ".config/emacs"
        # ".local/share/doom"
        # ".local/share/emacs"
        # Joplin
        ".config/joplin" # tui client
        ".config/Joplin" # joplin-desktop
        # ".local/share/jupyter"
        # ======================================
        # Cloud Native
        # ======================================
        {
          # pulumi - infrastructure as code
          directory = ".pulumi";
          mode = "0700";
        }
        {
          directory = ".aws";
          mode = "0700";
        }
        {
          directory = ".aliyun";
          mode = "0700";
        }
        {
          directory = ".config/gcloud";
          mode = "0700";
        }
        {
          directory = ".docker";
          mode = "0700";
        }
        {
          directory = ".kube";
          mode = "0700";
        }
        ".terraform.d/plugin-cache" # terraform's plugin cache
        # ======================================
        # language package managers
        # ======================================
        ".npm" # typsescript/javascript
        "go"
        ".cargo" # rust
        ".m2" # java maven
        ".gradle" # java gradle
        ".conda" # python generated by `conda-shell`
        # python pipx
        ".local/pipx"
        ".local/bin"
        # python uv
        ".local/share/uv"
        ".cache/uv"
        # ======================================
        # Security
        # ======================================
        {
          directory = ".gnupg";
          mode = "0700";
        }
        {
          directory = ".ssh";
          mode = "0700";
        }
        {
          directory = ".pki";
          mode = "0700";
        }
        ".local/share/password-store"
        # gnmome keyrings
        ".local/share/keyrings"
        # ======================================
        # Games / Media
        # ======================================
        ".steam"
        ".config/blender"
        ".config/LDtk"
        ".local/share/Steam"
        ".local/share/PrismLauncher"
        ".local/share/tiled"
        ".local/share/GOG.com"
        ".local/share/StardewValley"
        ".local/share/feral-interactive"
        # ======================================
        # Instant Messaging
        # ======================================
        ".config/QQ"
        ".local/share/TelegramDesktop"
        # ======================================
        # Meeting / Remote Desktop
        # ======================================
        ".config/remmina"
        ".config/freerdp"
        ".zoom"
        ".local/share/remmina"
        # ======================================
        # browsers
        # ======================================
        ".mozilla"
        ".config/google-chrome"
        ".cache/google-chrome"
        # ======================================
        # CLI data
        # ======================================
        ".local/share/atuin"
        ".local/share/zoxide"
        ".local/share/direnv"
        ".local/share/k9s"
        ".cache/tealdeer" # tldr
        # ======================================
        # Containers
        # ======================================
        ".local/share/containers"
        ".local/share/flatpak"
        # flatpak app's data
        ".var"
        # ======================================
        # Misc
        # ======================================
        # Audio
        ".config/pulse"
        ".local/state/wireplumber"
        # Digital Painting
        ".local/share/krita"
      ];
      files = [
        {
          file = ".wakatime.cfg";
          how = "symlink";
        }
        {
          file = ".config/zoomus.conf";
          how = "symlink";
        }
        {
          file = ".config/zoom.conf";
          how = "symlink";
        }
        {
          file = ".claude.json";
          how = "symlink";
        }
      ];
    };
  };
  # Create some directories with custom permissions.
  #
  # In this configuration the path `/home/butz/.local` is not an immediate parent
  # of any persisted file so it would be created with the systemd-tmpfiles default
  # ownership `root:root` and mode `0755`. This would mean that the user `butz`
  # could not create other files or directories inside `/home/butz/.local`.
  #
  # Therefore systemd-tmpfiles is used to prepare such directories with
  # appropriate permissions.
  #
  # Note that immediate parent directories of persisted files can also be
  # configured with ownership and permissions from the `parent` settings if
  # `configureParent = true` is set for the file.
  systemd.tmpfiles.settings.preservation = let
    permission = {
      user = username;
      group = "users";
      mode = "0755";
    };
  in {
    "/home/${username}/.config".d = permission;
    "/home/${username}/.cache".d = permission;
    "/home/${username}/.local".d = permission;
    "/home/${username}/.local/share".d = permission;
    "/home/${username}/.local/state".d = permission;
    "/home/${username}/.local/state/nix".d = permission;
    "/home/${username}/.terraform.d".d = permission;
  };
  # systemd-machine-id-commit.service would fail but it is not relevant
  # in this specific setup for a persistent machine-id so we disable it
  #
  # see the firstboot example below for an alternative approach
  systemd.suppressedSystemUnits = ["systemd-machine-id-commit.service"];
  # let the service commit the transient ID to the persistent volume
  systemd.services.systemd-machine-id-commit = {
    unitConfig.ConditionPathIsMountPoint = [
      ""
      "/persistent/etc/machine-id"
    ];
    serviceConfig.ExecStart = [
      ""
      "systemd-machine-id-setup --commit --root /persistent"
    ];
  };
 }
@@ -81,11 +81,6 @@ in {
      encode zstd gzip
      reverse_proxy http://localhost:9090
    '';
    # Do not redirect to https for api path
    virtualHosts."http://prometheus.writefor.fun/api/v1/write".extraConfig = ''
      encode zstd gzip
      reverse_proxy http://localhost:9090
    '';
    virtualHosts."alertmanager.writefor.fun".extraConfig = ''
      ${hostCommonConfig}
      encode zstd gzip
@@ -123,6 +118,11 @@ in {
        }
      }
    '';
    # Allow http access for specific api (do not redirect to https)
    # virtualHosts."http://xxx.writefor.fun/a/b/c".extraConfig = ''
    #   encode zstd gzip
    #   reverse_proxy http://localhost:9090
    # '';
  };
  networking.firewall.allowedTCPPorts = [80 443];
@@ -13,6 +13,10 @@
 #############################################################
 let
  hostName = "aquamarine"; # Define your hostname.
  inherit (myvars.networking) defaultGateway defaultGateway6 nameservers;
  inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4;
  ipv4WithMask = "${ipv4}/24";
 in {
  imports =
    (mylib.scanPaths ./.)
@@ -43,9 +47,36 @@ in {
  networking = {
    inherit hostName;
-    inherit (myvars.networking) defaultGateway nameservers;
+
-    inherit (myvars.networking.hostsInterface.${hostName}) interfaces;
+    # we use networkd instead
    networkmanager.enable = false;
    useDHCP = false;
  };
  networking.useNetworkd = true;
  systemd.network.enable = true;
  systemd.network.networks."10-${iface}" = {
    matchConfig.Name = [iface];
    networkConfig = {
      Address = [ipv4WithMask];
      DNS = nameservers;
      DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
      IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)
      LinkLocalAddressing = "ipv6";
    };
    routes = [
      {
        Destination = "0.0.0.0/0";
        Gateway = defaultGateway;
      }
      {
        Destination = "::/0";
        Gateway = defaultGateway6;
        GatewayOnLink = true; # it's a gateway on local link.
      }
    ];
    linkConfig.RequiredForOnline = "routable";
  };
  # This value determines the NixOS release from which the default
@@ -1,3 +1,4 @@
 # https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards
 apiVersion: 1
 providers:
@@ -0,0 +1,725 @@
 {
  "annotations": {
    "list": []
  },
  "editable": true,
  "gnetId": null,
  "graphTooltip": 0,
  "hideControls": false,
  "links": [
    {
      "asDropdown": true,
      "icon": "external link",
      "includeVars": true,
      "keepTime": true,
      "tags": ["loki"],
      "targetBlank": false,
      "title": "Loki Dashboards",
      "type": "dashboards"
    }
  ],
  "refresh": "10s",
  "rows": [
    {
      "collapse": false,
      "height": "100px",
      "panels": [
        {
          "aliasColors": {},
          "bars": false,
          "dashLength": 10,
          "dashes": false,
          "datasource": "$datasource",
          "fill": 1,
          "format": "none",
          "id": 1,
          "legend": {
            "avg": false,
            "current": false,
            "max": false,
            "min": false,
            "show": true,
            "total": false,
            "values": false
          },
          "lines": true,
          "linewidth": 1,
          "links": [],
          "nullPointMode": "null as zero",
          "percentage": false,
          "pointradius": 5,
          "points": false,
          "renderer": "flot",
          "seriesOverrides": [],
          "spaceLength": 10,
          "span": 6,
          "stack": false,
          "steppedLine": false,
          "targets": [
            {
              "expr": "sum(loki_compactor_pending_delete_requests_count{cluster=~\"$cluster\", namespace=~\"$namespace\"})",
              "format": "time_series",
              "instant": true,
              "refId": "A"
            }
          ],
          "thresholds": "70,80",
          "timeFrom": null,
          "timeShift": null,
          "title": "Number of Pending Requests",
          "tooltip": {
            "shared": true,
            "sort": 2,
            "value_type": "individual"
          },
          "type": "singlestat",
          "xaxis": {
            "buckets": null,
            "mode": "time",
            "name": null,
            "show": true,
            "values": []
          },
          "yaxes": [
            {
              "format": "short",
              "label": null,
              "logBase": 1,
              "max": null,
              "min": 0,
              "show": true
            },
            {
              "format": "short",
              "label": null,
              "logBase": 1,
              "max": null,
              "min": null,
              "show": false
            }
          ]
        },
        {
          "aliasColors": {},
          "bars": false,
          "dashLength": 10,
          "dashes": false,
          "datasource": "$datasource",
          "fill": 1,
          "format": "dtdurations",
          "id": 2,
          "legend": {
            "avg": false,
            "current": false,
            "max": false,
            "min": false,
            "show": true,
            "total": false,
            "values": false
          },
          "lines": true,
          "linewidth": 1,
          "links": [],
          "nullPointMode": "null as zero",
          "percentage": false,
          "pointradius": 5,
          "points": false,
          "renderer": "flot",
          "seriesOverrides": [],
          "spaceLength": 10,
          "span": 6,
          "stack": false,
          "steppedLine": false,
          "targets": [
            {
              "expr": "max(loki_compactor_oldest_pending_delete_request_age_seconds{cluster=~\"$cluster\", namespace=~\"$namespace\"})",
              "format": "time_series",
              "instant": true,
              "refId": "A"
            }
          ],
          "thresholds": "70,80",
          "timeFrom": null,
          "timeShift": null,
          "title": "Oldest Pending Request Age",
          "tooltip": {
            "shared": true,
            "sort": 2,
            "value_type": "individual"
          },
          "type": "singlestat",
          "xaxis": {
            "buckets": null,
            "mode": "time",
            "name": null,
            "show": true,
            "values": []
          },
          "yaxes": [
            {
              "format": "short",
              "label": null,
              "logBase": 1,
              "max": null,
              "min": 0,
              "show": true
            },
            {
              "format": "short",
              "label": null,
              "logBase": 1,
              "max": null,
              "min": null,
              "show": false
            }
          ]
        }
      ],
      "repeat": null,
      "repeatIteration": null,
      "repeatRowId": null,
      "showTitle": false,
      "title": "Headlines",
      "titleSize": "h6"
    },
    {
      "collapse": false,
      "height": "250px",
      "panels": [
        {
          "datasource": "$datasource",
          "fieldConfig": {
            "defaults": {
              "custom": {
                "drawStyle": "line",
                "fillOpacity": 10,
                "lineWidth": 1,
                "pointSize": 5,
                "showPoints": "never",
                "spanNulls": false,
                "stacking": {
                  "group": "A",
                  "mode": "none"
                }
              },
              "thresholds": {
                "mode": "absolute",
                "steps": []
              },
              "unit": "short"
            },
            "overrides": []
          },
          "id": 3,
          "links": [],
          "options": {
            "legend": {
              "showLegend": true
            },
            "tooltip": {
              "mode": "single",
              "sort": "none"
            }
          },
          "span": 4,
          "targets": [
            {
              "expr": "(loki_compactor_delete_requests_received_total{cluster=~\"$cluster\", namespace=~\"$namespace\"} or on() vector(0)) - on () (loki_compactor_delete_requests_processed_total{cluster=~\"$cluster\", namespace=~\"$namespace\"} or on () vector(0))",
              "format": "time_series",
              "legendFormat": "in progress",
              "legendLink": null
            }
          ],
          "title": "# of Delete Requests (received - processed) ",
          "type": "timeseries"
        },
        {
          "datasource": "$datasource",
          "fieldConfig": {
            "defaults": {
              "custom": {
                "drawStyle": "line",
                "fillOpacity": 10,
                "lineWidth": 1,
                "pointSize": 5,
                "showPoints": "never",
                "spanNulls": false,
                "stacking": {
                  "group": "A",
                  "mode": "none"
                }
              },
              "thresholds": {
                "mode": "absolute",
                "steps": []
              },
              "unit": "short"
            },
            "overrides": []
          },
          "id": 4,
          "links": [],
          "options": {
            "legend": {
              "showLegend": true
            },
            "tooltip": {
              "mode": "single",
              "sort": "none"
            }
          },
          "span": 4,
          "targets": [
            {
              "expr": "sum(increase(loki_compactor_delete_requests_received_total{cluster=~\"$cluster\", namespace=~\"$namespace\"}[1d]))",
              "format": "time_series",
              "legendFormat": "received",
              "legendLink": null
            }
          ],
          "title": "Delete Requests Received / Day",
          "type": "timeseries"
        },
        {
          "datasource": "$datasource",
          "fieldConfig": {
            "defaults": {
              "custom": {
                "drawStyle": "line",
                "fillOpacity": 10,
                "lineWidth": 1,
                "pointSize": 5,
                "showPoints": "never",
                "spanNulls": false,
                "stacking": {
                  "group": "A",
                  "mode": "none"
                }
              },
              "thresholds": {
                "mode": "absolute",
                "steps": []
              },
              "unit": "short"
            },
            "overrides": []
          },
          "id": 5,
          "links": [],
          "options": {
            "legend": {
              "showLegend": true
            },
            "tooltip": {
              "mode": "single",
              "sort": "none"
            }
          },
          "span": 4,
          "targets": [
            {
              "expr": "sum(increase(loki_compactor_delete_requests_processed_total{cluster=~\"$cluster\", namespace=~\"$namespace\"}[1d]))",
              "format": "time_series",
              "legendFormat": "processed",
              "legendLink": null
            }
          ],
          "title": "Delete Requests Processed / Day",
          "type": "timeseries"
        }
      ],
      "repeat": null,
      "repeatIteration": null,
      "repeatRowId": null,
      "showTitle": true,
      "title": "Churn",
      "titleSize": "h6"
    },
    {
      "collapse": false,
      "height": "250px",
      "panels": [
        {
          "datasource": "$datasource",
          "fieldConfig": {
            "defaults": {
              "custom": {
                "drawStyle": "line",
                "fillOpacity": 10,
                "lineWidth": 1,
                "pointSize": 5,
                "showPoints": "never",
                "spanNulls": false,
                "stacking": {
                  "group": "A",
                  "mode": "none"
                }
              },
              "thresholds": {
                "mode": "absolute",
                "steps": []
              },
              "unit": "short"
            },
            "overrides": []
          },
          "id": 6,
          "links": [],
          "options": {
            "legend": {
              "showLegend": true
            },
            "tooltip": {
              "mode": "single",
              "sort": "none"
            }
          },
          "span": 4,
          "targets": [
            {
              "expr": "node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=~\"$cluster\", namespace=~\"$namespace\", pod=~\"(.*compactor.*|(loki.*|enterprise-logs)-backend.*|loki-single-binary)\"}",
              "format": "time_series",
              "legendFormat": "{{pod}}",
              "legendLink": null
            }
          ],
          "title": "Compactor CPU usage",
          "type": "timeseries"
        },
        {
          "datasource": "$datasource",
          "fieldConfig": {
            "defaults": {
              "custom": {
                "drawStyle": "line",
                "fillOpacity": 10,
                "lineWidth": 1,
                "pointSize": 5,
                "showPoints": "never",
                "spanNulls": false,
                "stacking": {
                  "group": "A",
                  "mode": "none"
                }
              },
              "thresholds": {
                "mode": "absolute",
                "steps": []
              },
              "unit": "short"
            },
            "overrides": []
          },
          "id": 7,
          "links": [],
          "options": {
            "legend": {
              "showLegend": true
            },
            "tooltip": {
              "mode": "single",
              "sort": "none"
            }
          },
          "span": 4,
          "targets": [
            {
              "expr": "go_memstats_heap_inuse_bytes{cluster=~\"$cluster\", namespace=~\"$namespace\", pod=~\"(.*compactor.*|(loki.*|enterprise-logs)-backend.*|loki-single-binary)\"} / 1024 / 1024 ",
              "format": "time_series",
              "legendFormat": " {{pod}} ",
              "legendLink": null
            }
          ],
          "title": "Compactor memory usage (MiB)",
          "type": "timeseries"
        },
        {
          "datasource": "$datasource",
          "fieldConfig": {
            "defaults": {
              "custom": {
                "drawStyle": "line",
                "fillOpacity": 10,
                "lineWidth": 1,
                "pointSize": 5,
                "showPoints": "never",
                "spanNulls": false,
                "stacking": {
                  "group": "A",
                  "mode": "none"
                }
              },
              "thresholds": {
                "mode": "absolute",
                "steps": []
              },
              "unit": "short"
            },
            "overrides": []
          },
          "id": 8,
          "links": [],
          "options": {
            "legend": {
              "showLegend": true
            },
            "tooltip": {
              "mode": "single",
              "sort": "none"
            }
          },
          "span": 4,
          "targets": [
            {
              "expr": "loki_boltdb_shipper_compact_tables_operation_duration_seconds{cluster=~\"$cluster\", namespace=~\"$namespace\"}",
              "format": "time_series",
              "legendFormat": "{{pod}}",
              "legendLink": null
            }
          ],
          "title": "Compaction run duration (seconds)",
          "type": "timeseries"
        }
      ],
      "repeat": null,
      "repeatIteration": null,
      "repeatRowId": null,
      "showTitle": true,
      "title": "Compactor",
      "titleSize": "h6"
    },
    {
      "collapse": false,
      "height": "250px",
      "panels": [
        {
          "datasource": "$datasource",
          "fieldConfig": {
            "defaults": {
              "custom": {
                "drawStyle": "line",
                "fillOpacity": 10,
                "lineWidth": 1,
                "pointSize": 5,
                "showPoints": "never",
                "spanNulls": false,
                "stacking": {
                  "group": "A",
                  "mode": "none"
                }
              },
              "thresholds": {
                "mode": "absolute",
                "steps": []
              },
              "unit": "short"
            },
            "overrides": []
          },
          "id": 9,
          "links": [],
          "options": {
            "legend": {
              "showLegend": true
            },
            "tooltip": {
              "mode": "single",
              "sort": "none"
            }
          },
          "span": 6,
          "targets": [
            {
              "expr": "sum(increase(loki_compactor_load_pending_requests_attempts_total{status=\"fail\", cluster=~\"$cluster\", namespace=~\"$namespace\"}[1h]))",
              "format": "time_series",
              "legendFormat": "failures",
              "legendLink": null
            }
          ],
          "title": "Failures in Loading Delete Requests / Hour",
          "type": "timeseries"
        },
        {
          "datasource": "$datasource",
          "fieldConfig": {
            "defaults": {
              "custom": {
                "drawStyle": "line",
                "fillOpacity": 10,
                "lineWidth": 1,
                "pointSize": 5,
                "showPoints": "never",
                "spanNulls": false,
                "stacking": {
                  "group": "A",
                  "mode": "none"
                }
              },
              "thresholds": {
                "mode": "absolute",
                "steps": []
              },
              "unit": "short"
            },
            "overrides": []
          },
          "id": 10,
          "links": [],
          "options": {
            "legend": {
              "showLegend": true
            },
            "tooltip": {
              "mode": "single",
              "sort": "none"
            }
          },
          "span": 6,
          "targets": [
            {
              "expr": "sum(rate(loki_compactor_deleted_lines{cluster=~\"$cluster\", namespace=~\"$namespace\", pod=~\"(.*compactor.*|(loki.*|enterprise-logs)-backend.*|loki-single-binary)\"}[$__rate_interval])) by (user)",
              "format": "time_series",
              "legendFormat": "{{user}}",
              "legendLink": null
            }
          ],
          "title": "Lines Deleted / Sec",
          "type": "timeseries"
        }
      ],
      "repeat": null,
      "repeatIteration": null,
      "repeatRowId": null,
      "showTitle": true,
      "title": "Deletion metrics",
      "titleSize": "h6"
    },
    {
      "collapse": false,
      "height": "250px",
      "panels": [
        {
          "datasource": "$loki_datasource",
          "id": 11,
          "span": 6,
          "targets": [
            {
              "expr": "{cluster=~\"$cluster\", namespace=~\"$namespace\", pod=~\"(.*compactor.*|(loki.*|enterprise-logs)-backend.*|loki-single-binary)\"} |~ \"Started processing delete request|delete request for user marked as processed\" | logfmt | line_format \"{{.ts}} user={{.user}} delete_request_id={{.delete_request_id}} msg={{.msg}}\" ",
              "refId": "A"
            }
          ],
          "title": "In progress/finished",
          "type": "logs"
        },
        {
          "datasource": "$loki_datasource",
          "id": 12,
          "span": 6,
          "targets": [
            {
              "expr": "{cluster=~\"$cluster\", namespace=~\"$namespace\", pod=~\"(.*compactor.*|(loki.*|enterprise-logs)-backend.*|loki-single-binary)\"} |~ \"delete request for user added\" | logfmt | line_format \"{{.ts}} user={{.user}} query='{{.query}}'\"",
              "refId": "A"
            }
          ],
          "title": "Requests",
          "type": "logs"
        }
      ],
      "repeat": null,
      "repeatIteration": null,
      "repeatRowId": null,
      "showTitle": true,
      "title": "List of deletion requests",
      "titleSize": "h6"
    }
  ],
  "schemaVersion": 14,
  "style": "dark",
  "tags": ["loki"],
  "templating": {
    "list": [
      {
        "current": {
          "text": "default",
          "value": "default"
        },
        "hide": 0,
        "label": "Data source",
        "name": "datasource",
        "options": [],
        "query": "prometheus",
        "refresh": 1,
        "regex": "",
        "type": "datasource"
      },
      {
        "allValue": null,
        "current": {
          "text": "prod",
          "value": "prod"
        },
        "datasource": "$datasource",
        "hide": 0,
        "includeAll": false,
        "label": "cluster",
        "multi": false,
        "name": "cluster",
        "options": [],
        "query": "label_values(loki_build_info, cluster)",
        "refresh": 1,
        "regex": "",
        "sort": 2,
        "tagValuesQuery": "",
        "tags": [],
        "tagsQuery": "",
        "type": "query",
        "useTags": false
      },
      {
        "allValue": null,
        "current": {
          "text": "prod",
          "value": "prod"
        },
        "datasource": "$datasource",
        "hide": 0,
        "includeAll": false,
        "label": "namespace",
        "multi": false,
        "name": "namespace",
        "options": [],
        "query": "label_values(loki_build_info{cluster=~\"$cluster\"}, namespace)",
        "refresh": 1,
        "regex": "",
        "sort": 2,
        "tagValuesQuery": "",
        "tags": [],
        "tagsQuery": "",
        "type": "query",
        "useTags": false
      },
      {
        "hide": 0,
        "label": null,
        "name": "loki_datasource",
        "options": [],
        "query": "loki",
        "refresh": 1,
        "regex": "",
        "type": "datasource"
      }
    ]
  },
  "time": {
    "from": "now-1h",
    "to": "now"
  },
  "timepicker": {
    "refresh_intervals": ["5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d"],
    "time_options": ["5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d"]
  },
  "timezone": "utc",
  "title": "Loki / Deletion",
  "uid": "deletion",
  "version": 0
 }
@@ -0,0 +1,945 @@
 {
  "annotations": {
    "list": []
  },
  "editable": true,
  "gnetId": null,
  "graphTooltip": 0,
  "hideControls": false,
  "iteration": 1583185057230,
  "links": [
    {
      "asDropdown": true,
      "icon": "external link",
      "includeVars": true,
      "keepTime": true,
      "tags": ["loki"],
      "targetBlank": false,
      "title": "Loki Dashboards",
      "type": "dashboards"
    }
  ],
  "panels": [
    {
      "aliasColors": {},
      "bars": false,
      "dashLength": 10,
      "dashes": false,
      "datasource": "$datasource",
      "fill": 1,
      "fillGradient": 0,
      "gridPos": {
        "h": 4,
        "w": 3,
        "x": 0,
        "y": 0
      },
      "hiddenSeries": false,
      "id": 35,
      "legend": {
        "avg": false,
        "current": false,
        "max": false,
        "min": false,
        "show": false,
        "total": false,
        "values": false
      },
      "lines": true,
      "linewidth": 1,
      "nullPointMode": "null",
      "options": {
        "dataLinks": []
      },
      "percentage": false,
      "pointradius": 2,
      "points": false,
      "renderer": "flot",
      "seriesOverrides": [],
      "spaceLength": 10,
      "stack": false,
      "steppedLine": false,
      "targets": [
        {
          "expr": "sum by (pod)(go_goroutines{cluster=\"$cluster\", namespace=\"$namespace\", container=~\"$container\"  })",
          "refId": "A"
        }
      ],
      "thresholds": [],
      "timeFrom": null,
      "timeRegions": [],
      "timeShift": null,
      "title": "goroutines",
      "tooltip": {
        "shared": true,
        "sort": 0,
        "value_type": "individual"
      },
      "type": "timeseries",
      "xaxis": {
        "buckets": null,
        "mode": "time",
        "name": null,
        "show": true,
        "values": []
      },
      "yaxes": [
        {
          "format": "short",
          "label": null,
          "logBase": 1,
          "max": null,
          "min": null,
          "show": true
        },
        {
          "format": "short",
          "label": null,
          "logBase": 1,
          "max": null,
          "min": null,
          "show": true
        }
      ],
      "yaxis": {
        "align": false,
        "alignLevel": null
      }
    },
    {
      "aliasColors": {},
      "bars": false,
      "dashLength": 10,
      "dashes": false,
      "datasource": "$datasource",
      "fieldConfig": {
        "defaults": {
          "unit": "s"
        }
      },
      "fill": 1,
      "fillGradient": 0,
      "gridPos": {
        "h": 4,
        "w": 3,
        "x": 3,
        "y": 0
      },
      "hiddenSeries": false,
      "id": 41,
      "legend": {
        "avg": false,
        "current": false,
        "max": false,
        "min": false,
        "show": false,
        "total": false,
        "values": false
      },
      "lines": true,
      "linewidth": 1,
      "nullPointMode": "null",
      "options": {
        "dataLinks": []
      },
      "percentage": false,
      "pointradius": 2,
      "points": false,
      "renderer": "flot",
      "seriesOverrides": [],
      "spaceLength": 10,
      "stack": false,
      "steppedLine": false,
      "targets": [
        {
          "expr": "sum(go_gc_duration_seconds{cluster=\"$cluster\", namespace=\"$namespace\", container=~\"$container\"}) by (quantile)",
          "legendFormat": "{{quantile}}",
          "refId": "A"
        }
      ],
      "thresholds": [],
      "timeFrom": null,
      "timeRegions": [],
      "timeShift": null,
      "title": "gc duration",
      "tooltip": {
        "shared": true,
        "sort": 0,
        "value_type": "individual"
      },
      "type": "timeseries",
      "xaxis": {
        "buckets": null,
        "mode": "time",
        "name": null,
        "show": true,
        "values": []
      },
      "yaxes": [
        {
          "format": "short",
          "label": null,
          "logBase": 1,
          "max": null,
          "min": null,
          "show": true
        },
        {
          "format": "short",
          "label": null,
          "logBase": 1,
          "max": null,
          "min": null,
          "show": true
        }
      ],
      "yaxis": {
        "align": false,
        "alignLevel": null
      }
    },
    {
      "aliasColors": {},
      "bars": false,
      "dashLength": 10,
      "dashes": false,
      "datasource": "$datasource",
      "fill": 1,
      "fillGradient": 0,
      "gridPos": {
        "h": 4,
        "w": 3,
        "x": 6,
        "y": 0
      },
      "hiddenSeries": false,
      "id": 36,
      "legend": {
        "avg": false,
        "current": false,
        "max": false,
        "min": false,
        "show": false,
        "total": false,
        "values": false
      },
      "lines": true,
      "linewidth": 1,
      "nullPointMode": "null",
      "options": {
        "dataLinks": []
      },
      "percentage": false,
      "pointradius": 2,
      "points": false,
      "renderer": "flot",
      "seriesOverrides": [],
      "spaceLength": 10,
      "stack": false,
      "steppedLine": false,
      "targets": [
        {
          "expr": "sum by (pod)(rate(container_cpu_usage_seconds_total{cluster=\"$cluster\", namespace=\"$namespace\", container=~\"$container\"}[$__rate_interval]))",
          "refId": "A"
        }
      ],
      "thresholds": [],
      "timeFrom": null,
      "timeRegions": [],
      "timeShift": null,
      "title": "cpu",
      "tooltip": {
        "shared": true,
        "sort": 0,
        "value_type": "individual"
      },
      "type": "timeseries",
      "xaxis": {
        "buckets": null,
        "mode": "time",
        "name": null,
        "show": true,
        "values": []
      },
      "yaxes": [
        {
          "format": "short",
          "label": null,
          "logBase": 1,
          "max": null,
          "min": null,
          "show": true
        },
        {
          "format": "short",
          "label": null,
          "logBase": 1,
          "max": null,
          "min": null,
          "show": true
        }
      ],
      "yaxis": {
        "align": false,
        "alignLevel": null
      }
    },
    {
      "aliasColors": {},
      "bars": false,
      "dashLength": 10,
      "dashes": false,
      "datasource": "$datasource",
      "fieldConfig": {
        "defaults": {
          "unit": "bytes"
        }
      },
      "fill": 1,
      "fillGradient": 0,
      "gridPos": {
        "h": 4,
        "w": 3,
        "x": 9,
        "y": 0
      },
      "hiddenSeries": false,
      "id": 40,
      "legend": {
        "avg": false,
        "current": false,
        "max": false,
        "min": false,
        "show": false,
        "total": false,
        "values": false
      },
      "lines": true,
      "linewidth": 1,
      "nullPointMode": "null",
      "options": {
        "dataLinks": []
      },
      "percentage": false,
      "pointradius": 2,
      "points": false,
      "renderer": "flot",
      "seriesOverrides": [],
      "spaceLength": 10,
      "stack": false,
      "steppedLine": false,
      "targets": [
        {
          "expr": "sum by (pod)(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container=~\"$container\"})",
          "refId": "A"
        }
      ],
      "thresholds": [],
      "timeFrom": null,
      "timeRegions": [],
      "timeShift": null,
      "title": "working set",
      "tooltip": {
        "shared": true,
        "sort": 0,
        "value_type": "individual"
      },
      "type": "timeseries",
      "xaxis": {
        "buckets": null,
        "mode": "time",
        "name": null,
        "show": true,
        "values": []
      },
      "yaxes": [
        {
          "format": "bytes",
          "label": null,
          "logBase": 1,
          "max": null,
          "min": null,
          "show": true
        },
        {
          "format": "short",
          "label": null,
          "logBase": 1,
          "max": null,
          "min": null,
          "show": true
        }
      ],
      "yaxis": {
        "align": false,
        "alignLevel": null
      }
    },
    {
      "aliasColors": {},
      "bars": false,
      "dashLength": 10,
      "dashes": false,
      "datasource": "$datasource",
      "fieldConfig": {
        "defaults": {
          "unit": "binBps"
        }
      },
      "fill": 1,
      "fillGradient": 0,
      "gridPos": {
        "h": 4,
        "w": 3,
        "x": 12,
        "y": 0
      },
      "hiddenSeries": false,
      "id": 38,
      "legend": {
        "avg": false,
        "current": false,
        "max": false,
        "min": false,
        "show": false,
        "total": false,
        "values": false
      },
      "lines": true,
      "linewidth": 1,
      "nullPointMode": "null",
      "options": {
        "dataLinks": []
      },
      "percentage": false,
      "pointradius": 2,
      "points": false,
      "renderer": "flot",
      "seriesOverrides": [],
      "spaceLength": 10,
      "stack": false,
      "steppedLine": false,
      "targets": [
        {
          "expr": "sum by (pod)(rate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\", container=~\"$container\"}[$__rate_interval]))",
          "refId": "A"
        }
      ],
      "thresholds": [],
      "timeFrom": null,
      "timeRegions": [],
      "timeShift": null,
      "title": "tx",
      "tooltip": {
        "shared": true,
        "sort": 0,
        "value_type": "individual"
      },
      "type": "timeseries",
      "xaxis": {
        "buckets": null,
        "mode": "time",
        "name": null,
        "show": true,
        "values": []
      },
      "yaxes": [
        {
          "format": "bytes",
          "label": null,
          "logBase": 1,
          "max": null,
          "min": null,
          "show": true
        },
        {
          "format": "short",
          "label": null,
          "logBase": 1,
          "max": null,
          "min": null,
          "show": true
        }
      ],
      "yaxis": {
        "align": false,
        "alignLevel": null
      }
    },
    {
      "aliasColors": {},
      "bars": false,
      "dashLength": 10,
      "dashes": false,
      "datasource": "$datasource",
      "fieldConfig": {
        "defaults": {
          "unit": "binBps"
        }
      },
      "fill": 1,
      "fillGradient": 0,
      "gridPos": {
        "h": 4,
        "w": 3,
        "x": 15,
        "y": 0
      },
      "hiddenSeries": false,
      "id": 39,
      "legend": {
        "avg": false,
        "current": false,
        "max": false,
        "min": false,
        "show": false,
        "total": false,
        "values": false
      },
      "lines": true,
      "linewidth": 1,
      "nullPointMode": "null",
      "options": {
        "dataLinks": []
      },
      "percentage": false,
      "pointradius": 2,
      "points": false,
      "renderer": "flot",
      "seriesOverrides": [],
      "spaceLength": 10,
      "stack": false,
      "steppedLine": false,
      "targets": [
        {
          "expr": "sum by (pod)(rate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))",
          "refId": "A"
        }
      ],
      "thresholds": [],
      "timeFrom": null,
      "timeRegions": [],
      "timeShift": null,
      "title": "rx",
      "tooltip": {
        "shared": true,
        "sort": 0,
        "value_type": "individual"
      },
      "type": "timeseries",
      "xaxis": {
        "buckets": null,
        "mode": "time",
        "name": null,
        "show": true,
        "values": []
      },
      "yaxes": [
        {
          "format": "decbytes",
          "label": null,
          "logBase": 1,
          "max": null,
          "min": null,
          "show": true
        },
        {
          "format": "short",
          "label": null,
          "logBase": 1,
          "max": null,
          "min": null,
          "show": true
        }
      ],
      "yaxis": {
        "align": false,
        "alignLevel": null
      }
    },
    {
      "aliasColors": {},
      "bars": false,
      "dashLength": 10,
      "dashes": false,
      "datasource": "$datasource",
      "fill": 1,
      "fillGradient": 0,
      "gridPos": {
        "h": 4,
        "w": 3,
        "x": 18,
        "y": 0
      },
      "hiddenSeries": false,
      "id": 37,
      "legend": {
        "avg": false,
        "current": false,
        "max": false,
        "min": false,
        "show": false,
        "total": false,
        "values": false
      },
      "lines": true,
      "linewidth": 1,
      "nullPointMode": "null",
      "options": {
        "dataLinks": []
      },
      "percentage": false,
      "pointradius": 2,
      "points": false,
      "renderer": "flot",
      "seriesOverrides": [],
      "spaceLength": 10,
      "stack": false,
      "steppedLine": false,
      "targets": [
        {
          "expr": "increase(kube_pod_container_status_last_terminated_reason{cluster=\"$cluster\", namespace=\"$namespace\", container=~\"$container\"}[30m]) > 0",
          "legendFormat": "{{reason}}",
          "refId": "A"
        }
      ],
      "thresholds": [],
      "timeFrom": null,
      "timeRegions": [],
      "timeShift": null,
      "title": "restarts",
      "tooltip": {
        "shared": true,
        "sort": 0,
        "value_type": "individual"
      },
      "type": "timeseries",
      "xaxis": {
        "buckets": null,
        "mode": "time",
        "name": null,
        "show": true,
        "values": []
      },
      "yaxes": [
        {
          "format": "bytes",
          "label": null,
          "logBase": 1,
          "max": null,
          "min": null,
          "show": true
        },
        {
          "format": "short",
          "label": null,
          "logBase": 1,
          "max": null,
          "min": null,
          "show": true
        }
      ],
      "yaxis": {
        "align": false,
        "alignLevel": null
      }
    },
    {
      "aliasColors": {},
      "bars": false,
      "dashLength": 10,
      "dashes": false,
      "datasource": "$loki_datasource",
      "fieldConfig": {
        "defaults": {
          "unit": "ops"
        }
      },
      "fill": 1,
      "fillGradient": 0,
      "gridPos": {
        "h": 7,
        "w": 24,
        "x": 0,
        "y": 4
      },
      "hiddenSeries": false,
      "id": 31,
      "legend": {
        "avg": false,
        "current": false,
        "max": false,
        "min": false,
        "show": false,
        "total": false,
        "values": false
      },
      "lines": true,
      "linewidth": 1,
      "nullPointMode": "null",
      "options": {
        "dataLinks": []
      },
      "percentage": false,
      "pointradius": 2,
      "points": false,
      "renderer": "flot",
      "seriesOverrides": [
        {
          "alias": "warn",
          "color": "#FF780A"
        },
        {
          "alias": "error",
          "color": "#E02F44"
        },
        {
          "alias": "info",
          "color": "#56A64B"
        },
        {
          "alias": "debug",
          "color": "#3274D9"
        }
      ],
      "spaceLength": 10,
      "stack": true,
      "steppedLine": false,
      "targets": [
        {
          "expr": "sum(rate({cluster=\"$cluster\", namespace=\"$namespace\", container=~\"$container\" } |logfmt| level=~\"$level\" |= \"$filter\" | __error__=\"\" [$__auto])) by (level)",
          "intervalFactor": 3,
          "legendFormat": "{{level}}",
          "refId": "A"
        }
      ],
      "thresholds": [],
      "timeFrom": null,
      "timeRegions": [],
      "timeShift": null,
      "title": "Log Rate",
      "tooltip": {
        "shared": true,
        "sort": 2,
        "value_type": "individual"
      },
      "type": "timeseries",
      "xaxis": {
        "buckets": null,
        "mode": "time",
        "name": null,
        "show": false,
        "values": []
      },
      "yaxes": [
        {
          "format": "short",
          "label": null,
          "logBase": 1,
          "max": null,
          "min": null,
          "show": true
        },
        {
          "format": "short",
          "label": null,
          "logBase": 1,
          "max": null,
          "min": null,
          "show": false
        }
      ],
      "yaxis": {
        "align": false,
        "alignLevel": null
      }
    },
    {
      "datasource": "$loki_datasource",
      "gridPos": {
        "h": 19,
        "w": 24,
        "x": 0,
        "y": 6
      },
      "id": 29,
      "maxDataPoints": "",
      "options": {
        "showLabels": false,
        "showTime": true,
        "sortOrder": "Descending",
        "wrapLogMessage": true
      },
      "targets": [
        {
          "expr": "{cluster=\"$cluster\", namespace=\"$namespace\", container=~\"$container\"} | logfmt | level=~\"$level\" |= \"$filter\"",
          "refId": "A"
        }
      ],
      "timeFrom": null,
      "timeShift": null,
      "title": "Logs",
      "type": "logs"
    }
  ],
  "refresh": "10s",
  "rows": [],
  "schemaVersion": 14,
  "style": "dark",
  "tags": ["loki"],
  "templating": {
    "list": [
      {
        "current": {
          "text": "default",
          "value": "default"
        },
        "hide": 0,
        "label": "Data source",
        "name": "datasource",
        "options": [],
        "query": "prometheus",
        "refresh": 1,
        "regex": "",
        "type": "datasource"
      },
      {
        "allValue": null,
        "current": {
          "text": "prod",
          "value": "prod"
        },
        "datasource": "$datasource",
        "hide": 0,
        "includeAll": false,
        "label": "cluster",
        "multi": false,
        "name": "cluster",
        "options": [],
        "query": "label_values(loki_build_info, cluster)",
        "refresh": 1,
        "regex": "",
        "sort": 2,
        "tagValuesQuery": "",
        "tags": [],
        "tagsQuery": "",
        "type": "query",
        "useTags": false
      },
      {
        "allValue": null,
        "current": {
          "text": "prod",
          "value": "prod"
        },
        "datasource": "$datasource",
        "hide": 0,
        "includeAll": false,
        "label": "namespace",
        "multi": false,
        "name": "namespace",
        "options": [],
        "query": "label_values(loki_build_info{cluster=~\"$cluster\"}, namespace)",
        "refresh": 1,
        "regex": "",
        "sort": 2,
        "tagValuesQuery": "",
        "tags": [],
        "tagsQuery": "",
        "type": "query",
        "useTags": false
      },
      {
        "hide": 0,
        "label": null,
        "name": "loki_datasource",
        "options": [],
        "query": "loki",
        "refresh": 1,
        "regex": "",
        "type": "datasource"
      },
      {
        "allValue": null,
        "current": {},
        "datasource": "$datasource",
        "hide": 0,
        "includeAll": false,
        "label": null,
        "multi": true,
        "name": "container",
        "options": [],
        "query": "label_values(kube_pod_container_info{cluster=\"$cluster\", namespace=\"$namespace\"}, container)",
        "refresh": 0,
        "regex": "",
        "sort": 1,
        "tagValuesQuery": "",
        "tags": [],
        "tagsQuery": "",
        "type": "query",
        "useTags": false
      },
      {
        "allValue": null,
        "current": {
          "selected": true,
          "text": "",
          "value": ""
        },
        "hide": 0,
        "includeAll": false,
        "label": "",
        "multi": true,
        "name": "level",
        "options": [
          {
            "selected": false,
            "text": "debug",
            "value": "debug"
          },
          {
            "selected": false,
            "text": "info",
            "value": "info"
          },
          {
            "selected": false,
            "text": "warn",
            "value": "warn"
          },
          {
            "selected": false,
            "text": "error",
            "value": "error"
          }
        ],
        "query": "debug,info,warn,error",
        "refresh": 0,
        "type": "custom"
      },
      {
        "current": {
          "selected": false,
          "text": "",
          "value": ""
        },
        "label": "LogQL Filter",
        "name": "filter",
        "query": "",
        "type": "textbox"
      }
    ]
  },
  "time": {
    "from": "now-1h",
    "to": "now"
  },
  "timepicker": {
    "refresh_intervals": ["5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d"],
    "time_options": ["5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d"]
  },
  "timezone": "utc",
  "title": "Loki / Logs",
  "uid": "logs",
  "version": 0
 }
@@ -1,7 +1,17 @@
-# https://grafana.com/docs/grafana/latest/datasources/prometheus/
+# https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources
 apiVersion: 1
 # List of data sources to delete from the database.
 deleteDatasources:
  - name: Loki
    orgId: 1
 # Mark provisioned data sources for deletion if they are no longer in a provisioning file.
 # It takes no effect if data sources are already listed in the deleteDatasources section.
 prune: true
 datasources:
  # https://grafana.com/docs/grafana/latest/datasources/prometheus/
  - name: prometheus-homelab
    type: prometheus
    access: proxy
@@ -19,3 +29,17 @@ datasources:
      # Increasing the duration of the incrementalQueryOverlapWindow will increase the size of every incremental query,
      # but might be helpful for instances that have inconsistent results for recent data.
      incrementalQueryOverlapWindow: 10m
    isDefault: true
    editable: false
  # https://grafana.com/docs/grafana/latest/datasources/loki/
  - name: loki-k3s-test-1
    type: loki
    access: proxy
    url: https://loki-gateway.writefor.fun
    jsonData:
      timeout: 30
      maxLines: 1000
      httpHeaderName1: "X-Scope-OrgID"
    secureJsonData:
      httpHeaderValue1: "fake"
    editable: false
@@ -10,6 +10,10 @@
 #############################################################
 let
  hostName = "kana"; # Define your hostname.
  inherit (myvars.networking) defaultGateway defaultGateway6 nameservers;
  inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4;
  ipv4WithMask = "${ipv4}/24";
 in {
  imports = mylib.scanPaths ./.;
@@ -30,9 +34,36 @@ in {
  networking = {
    inherit hostName;
-    inherit (myvars.networking) defaultGateway nameservers;
+
-    inherit (myvars.networking.hostsInterface.${hostName}) interfaces;
+    # we use networkd instead
    networkmanager.enable = false;
    useDHCP = false;
  };
  networking.useNetworkd = true;
  systemd.network.enable = true;
  systemd.network.networks."10-${iface}" = {
    matchConfig.Name = [iface];
    networkConfig = {
      Address = [ipv4WithMask];
      DNS = nameservers;
      DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
      IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)
      LinkLocalAddressing = "ipv6";
    };
    routes = [
      {
        Destination = "0.0.0.0/0";
        Gateway = defaultGateway;
      }
      {
        Destination = "::/0";
        Gateway = defaultGateway6;
        GatewayOnLink = true; # it's a gateway on local link.
      }
    ];
    linkConfig.RequiredForOnline = "routable";
  };
  # This value determines the NixOS release from which the default
@@ -10,6 +10,10 @@
 #############################################################
 let
  hostName = "ruby"; # Define your hostname.
  inherit (myvars.networking) defaultGateway defaultGateway6 nameservers;
  inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4;
  ipv4WithMask = "${ipv4}/24";
 in {
  imports = mylib.scanPaths ./.;
@@ -32,9 +36,36 @@ in {
  networking = {
    inherit hostName;
-    inherit (myvars.networking) defaultGateway nameservers;
+
-    inherit (myvars.networking.hostsInterface.${hostName}) interfaces;
+    # we use networkd instead
    networkmanager.enable = false;
    useDHCP = false;
  };
  networking.useNetworkd = true;
  systemd.network.enable = true;
  systemd.network.networks."10-${iface}" = {
    matchConfig.Name = [iface];
    networkConfig = {
      Address = [ipv4WithMask];
      DNS = nameservers;
      DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
      IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)
      LinkLocalAddressing = "ipv6";
    };
    routes = [
      {
        Destination = "0.0.0.0/0";
        Gateway = defaultGateway;
      }
      {
        Destination = "::/0";
        Gateway = defaultGateway6;
        GatewayOnLink = true; # it's a gateway on local link.
      }
    ];
    linkConfig.RequiredForOnline = "routable";
  };
  # This value determines the NixOS release from which the default
@@ -60,7 +60,7 @@ nixos-enter
 # NOTE: DO NOT skip this step!!!
 # copy the essential files into /persistent
 # otherwise the / will be cleared and data will lost
-## NOTE: impermanence just create links from / to /persistent
+## NOTE: preservation just create links from / to /persistent
 ##       We need to copy files into /persistent manually!!!
 mv /etc/machine-id /persistent/etc/
 mv /etc/ssh /persistent/etc/
@@ -1,5 +1,5 @@
 {
-  # required by impermanence
+  # required by preservation
  fileSystems."/persistent".neededForBoot = true;
  # contains the k3s's token
@@ -53,7 +53,7 @@
                # type `cryptsetup --help` to see the compiled-in key and passphrase maximum sizes
                keyFileSize = 512 * 64; # match the `bs * count` of the `dd` command
                keyFileOffset = 512 * 128; # match the `bs * skip` of the `dd` command
-                fallbackToPassword = true;
+                # fallbackToPassword = true;
                allowDiscards = true;
              };
              # Whether to add a boot.initrd.luks.devices entry for the specified disk.
@@ -20,6 +20,13 @@
    # use my own domain & kube-vip's virtual IP for the API server
    # so that the API server can always be accessed even if some nodes are down
    masterHost = "prod-cluster-1.writefor.fun";
    # k3sExtraArgs = [
    #   # IPv4 Private CIDR(full) - 172.16.0.0/12
    #   # IPv4 Pod     CIDR(full) - fdfd:cafe:00:0000::/64 ~ fdfd:cafe:00:7fff::/64
    #   # IPv4 Service CIDR(full) - fdfd:cafe:00:8000::/64 ~ fdfd:cafe:00:ffff::/64
    #   "--cluster-cidr=172.20.0.0/16,fdfd:cafe:00:0003::/64"
    #   "--service-cidr=172.21.0.0/16,fdfd:cafe:00:8003::/112"
    # ];
  };
 in {
  imports =
@@ -18,6 +18,14 @@
    # use my own domain & kube-vip's virtual IP for the API server
    # so that the API server can always be accessed even if some nodes are down
    masterHost = "prod-cluster-1.writefor.fun";
    # k3sExtraArgs = [
    #   # IPv4 Private CIDR(full) - 172.16.0.0/12
    #   # IPv4 Pod     CIDR(full) - fdfd:cafe:00:0000::/64 ~ fdfd:cafe:00:7fff::/64
    #   # IPv4 Service CIDR(full) - fdfd:cafe:00:8000::/64 ~ fdfd:cafe:00:ffff::/64
    #   "--cluster-cidr=172.20.0.0/16,fdfd:cafe:00:0003::/64"
    #   "--service-cidr=172.21.0.0/16,fdfd:cafe:00:8003::/112"
    # ];
  };
 in {
  imports =
@@ -18,6 +18,14 @@
    # use my own domain & kube-vip's virtual IP for the API server
    # so that the API server can always be accessed even if some nodes are down
    masterHost = "prod-cluster-1.writefor.fun";
    # k3sExtraArgs = [
    #   # IPv4 Private CIDR(full) - 172.16.0.0/12
    #   # IPv4 Pod     CIDR(full) - fdfd:cafe:00:0000::/64 ~ fdfd:cafe:00:7fff::/64
    #   # IPv4 Service CIDR(full) - fdfd:cafe:00:8000::/64 ~ fdfd:cafe:00:ffff::/64
    #   "--cluster-cidr=172.20.0.0/16,fdfd:cafe:00:0003::/64"
    #   "--service-cidr=172.21.0.0/16,fdfd:cafe:00:8003::/112"
    # ];
  };
 in {
  imports =
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Ryan Yin	d51025fc6b	feat: using claude-code with kimi k2	2025-07-17 15:29:04 +08:00
Ryan Yin	737b892bad	flake.lock: Update Flake lock file updates: • Updated input 'mysecrets': 'git+ssh://git@github.com/ryan4yin/nix-secrets.git?ref=refs/heads/main&rev=a914c8281a8ad1df332cfcaf9a1024ecb7ccd9d3&shallow=1' (2025-07-12) → 'git+ssh://git@github.com/ryan4yin/nix-secrets.git?ref=refs/heads/main&rev=a231913597362c15c71fd9212cef5092ae85a64c&shallow=1' (2025-07-16)	2025-07-17 15:29:04 +08:00
Ryan Yin	2e8ec1406e	fix(home/darwin): aerospace - clash-verge	2025-07-17 13:09:14 +08:00
Ryan Yin	c231ba66f8	chore: nushell do not use history.txt now	2025-07-16 23:00:23 +08:00
Ryan Yin	2af4b221a7	chore: persistent cache & uv's env	2025-07-16 22:53:59 +08:00
Ryan Yin	29372222e4	feat: add pipx & uv for python	2025-07-16 22:44:17 +08:00
Ryan Yin	653f1586c3	fix: persistent claude-code & gemini-cli's state	2025-07-16 22:34:47 +08:00
Ryan Yin	99cd3f8936	chore: remove gemini, install it via npm instead	2025-07-16 22:25:15 +08:00
Ryan Yin	f51f364cfa	feat(home/linux/base): make `npm install -g <pkg>` happey	2025-07-16 22:25:15 +08:00
Ryan Yin	ec6211ff5c	chore: minor refactor	2025-07-16 22:25:15 +08:00
Ryan Yin	7b5c7064e0	feat: hyprland - touchpad for macbook	2025-07-15 16:22:24 +08:00
Ryan Yin	a30535af6a	feat: apple-silicon - try to use m2's gpu	2025-07-15 14:47:42 +08:00
Ryan Yin	28dee2775c	fix: wechat - input method	2025-07-15 10:12:52 +08:00
Ryan Yin	173aa199e1	chore: hyprland - add wechat into windowrules	2025-07-15 10:02:04 +08:00
Ryan Yin	f9456a3861	chore: hyprland - adjust window rules	2025-07-15 09:53:10 +08:00
Ryan Yin	c715b34439	chore: aerospace - adjust window rules	2025-07-15 09:42:00 +08:00
Ryan Yin	20685f8927	Merge pull request #195 from ryan4yin/apple-silicon feat: remove x86_64-darwin, add new nixos host on macbook pro m2	2025-07-13 10:53:43 +08:00
Ryan Yin	bccf7db486	fix: foot - disable dpi-aware	2025-07-13 04:08:10 +08:00
Ryan Yin	c612aa73de	fix: shoukei - monitor scale	2025-07-13 04:03:56 +08:00
Ryan Yin	cdb8eb26be	chore: update flake.lock	2025-07-13 03:56:24 +08:00
Ryan Yin	50451d9da9	fix: shoukei - filter packages that do not support aarch64	2025-07-13 02:49:36 +08:00
Ryan Yin	ae0158b226	fix: shoukei - allowUnsupportedSstem	2025-07-13 02:42:32 +08:00
Ryan Yin	fde384a626	fix: shoukei - asahi-fwextract	2025-07-13 02:37:56 +08:00
Ryan Yin	710ddc3263	fix: shoukei - filter packages that do not support aarch64	2025-07-13 02:33:52 +08:00
Ryan Yin	264611e334	fix: shoukei - hardening	2025-07-13 02:12:24 +08:00
Ryan Yin	cc82892eb7	fix: enable steam only on x86_64 platform	2025-07-13 02:02:30 +08:00
Ryan Yin	e6f0569fd3	flake.lock: Update Flake lock file updates: • Updated input 'mysecrets': 'git+ssh://git@github.com/ryan4yin/nix-secrets.git?ref=refs/heads/main&rev=6339faf0195d803c9ff4a2df6f6810be8101bf96&shallow=1' (2025-06-07) → 'git+ssh://git@github.com/ryan4yin/nix-secrets.git?ref=refs/heads/main&rev=a914c8281a8ad1df332cfcaf9a1024ecb7ccd9d3&shallow=1' (2025-07-12)	2025-07-13 01:51:06 +08:00
Ryan Yin	8528c6e573	fix: shoukei - hardcode nameservers	2025-07-13 01:28:10 +08:00
Ryan Yin	a6d54395d3	fix: nixos-installer - enable sshd	2025-07-13 01:25:37 +08:00
Ryan Yin	323aaf0ac0	fix: preserve iwd's data	2025-07-13 00:56:09 +08:00
Ryan Yin	3561426a11	fix: docs & /boot	2025-07-13 00:52:53 +08:00
Ryan Yin	9dcafa8cc9	fix: nixos-installer - peripheralFirmwareDirectory	2025-07-13 00:22:11 +08:00
Ryan Yin	c55b1c6712	fix: nixos-installer - disable canTouchEfiVariables, add iwd	2025-07-12 23:59:38 +08:00
Ryan Yin	635e38c275	fix: nixos-installer - missing nixos-apple-silicon	2025-07-12 23:52:12 +08:00
Ryan Yin	a1014361a3	fix: nixos-installer - attribute 'age' missing	2025-07-12 23:47:48 +08:00
Ryan Yin	db82d2d8c5	feat: remove x86_64-darwin, add new nixos host on macbook pro m2	2025-07-12 23:30:52 +08:00
Ryan Yin	77a792710a	docs: outputs	2025-07-12 16:55:41 +08:00
Ryan Yin	ba8b99105b	docs: macOS	2025-07-12 16:54:43 +08:00
Ryan Yin	0c7e43a21b	feat: add sandboxed wechat (#196 )	2025-07-12 16:49:45 +08:00
Ryan Yin	9d0a3df9f9	docs: nushell config.nu	2025-07-12 15:44:00 +08:00
Ryan Yin	f6a5d75f4f	Merge pull request #203 from ryan4yin/catppuccin refactor: theme - catppuccin-mocha	2025-07-12 15:31:17 +08:00
Ryan Yin	649e10525e	fix: zellij - theme	2025-07-12 15:28:42 +08:00
Ryan Yin	5f68f9281f	fix: zellij	2025-07-12 15:28:05 +08:00
Ryan Yin	5e311c6e42	fix: Error installing file '.config/mako/config' outside $HOME	2025-07-12 15:17:59 +08:00
Ryan Yin	c8a790f2cf	fix: Error installing file '.config/mako/config' outside $HOME	2025-07-12 15:08:36 +08:00
Ryan Yin	fcbbfefedc	feat: justfile - commit-lock-file	2025-07-11 14:40:33 +08:00
Ryan Yin	716c8baf65	flake.lock: Update Flake lock file updates: • Updated input 'ghostty': 'github:ghostty-org/ghostty/8e14d262752ef02fdf5838eea5157cf46b668615?narHash=sha256-v9OPz%2BSCTSDCgdxrRQqukWsEWkJ4pNuZN20t766rt2E%3D' (2025-07-03) → 'github:ghostty-org/ghostty/4aa28988a6ddd9aa8b3402e4bab05ad02a0c12c6?narHash=sha256-6Fiy%2Bicid2rKXL9oKcRd3zuITSwtdnShqCPp0Evt3fM%3D' (2025-07-11) • Updated input 'home-manager': 'github:nix-community/home-manager/83f978812c37511ef2ffaf75ffa72160483f738a?narHash=sha256-3q35cq6BPuwIRL3IoVKYPc72r3OleeuRyf4YAPjEqzA%3D' (2025-07-04) → 'github:nix-community/home-manager/fab659b346c0d4252208434c3c4b3983a4b38fec?narHash=sha256-knafgng4gCjZIUMyAEWjxxdols6n/swkYnbWr%2BoF%2B1w%3D' (2025-07-11) • Updated input 'nix-gaming': 'github:fufexan/nix-gaming/d00203f8630983aadb57cfde60b481cd97d06659?narHash=sha256-IXBLUCMTKaMzbbs5SOqH7FEI9fRwOi3ZP6LKjttnO5o%3D' (2025-07-03) → 'github:fufexan/nix-gaming/62f976ed47de88323770646a9a92e4912d33585f?narHash=sha256-p2zkn8fdLvZ19MgAA5CdiuQWQ/gE3YNg1Nhbm4EAflI%3D' (2025-07-11) • Updated input 'nix-gaming/flake-parts': 'github:hercules-ci/flake-parts/9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569?narHash=sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98%3D' (2025-06-08) → 'github:hercules-ci/flake-parts/77826244401ea9de6e3bac47c2db46005e1f30b5?narHash=sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ%3D' (2025-07-01) • Updated input 'nix-gaming/flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/656a64127e9d791a334452c6b6606d17539476e2?narHash=sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc%3D' (2025-06-01) → 'github:nix-community/nixpkgs.lib/14a40a1d7fb9afa4739275ac642ed7301a9ba1ab?narHash=sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo%3D' (2025-06-29) • Updated input 'nix-gaming/nixpkgs': 'github:NixOS/nixpkgs/80d50fc87924c2a0d346372d242c27973cf8cdbf?narHash=sha256-3u6rEbIX9CN/5A5/mc3u0wIO1geZ0EhjvPBXmRDHqWM%3D' (2025-06-27) → 'github:NixOS/nixpkgs/c860cf0b3a0829f0f6cf344ca8de83a2bbfab428?narHash=sha256-4E7wWftF1ExK5ZEDzj41%2B9mVgxtuRV3wWCId7QAYMAU%3D' (2025-07-04) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc?narHash=sha256-Obh50J%2BO9jhUM/FgXtI3he/QRNiV9%2BJ53%2Bl%2BRlKSaAk%3D' (2025-05-19) → 'github:nix-community/nixos-generators/032decf9db65efed428afd2fa39d80f7089085eb?narHash=sha256-PeSkNMvkpEvts%2B9DjFiop1iT2JuBpyknmBUs0Un0a4I%3D' (2025-07-07) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/497ae1357f1ac97f1aea31a4cb74ad0d534ef41f?narHash=sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE%2BJ9w%3D' (2025-07-02) → 'github:NixOS/nixos-hardware/7ced9122cff2163c6a0212b8d1ec8c33a1660806?narHash=sha256-gATnkOe37eeVwKKYCsL%2BOnS2gU4MmLuZFzzWCtaKLI8%3D' (2025-07-09) • Updated input 'nixpak': 'github:nixpak/nixpak/9361c8e7d5d43c64d60d2d858d2ed754f549b969?narHash=sha256-ejnxldFzqwnY791ycFOxqtPswYZ6dVtj2G4GfhSL4Fo%3D' (2025-07-03) → 'github:nixpak/nixpak/19942ded45bd73c74dbb44642406da0569f639a8?narHash=sha256-mbAHO0rZDBdSosV4LIk9s/3IH1ZhQY9ELixieo%2BiEns%3D' (2025-07-10) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/3016b4b15d13f3089db8a41ef937b13a9e33a8df?narHash=sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU%2Btt4YY%3D' (2025-06-30) → 'github:nixos/nixpkgs/9807714d6944a957c2e036f84b0ff8caf9930bc0?narHash=sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X%2BxgOL0%3D' (2025-07-08) • Updated input 'nixpkgs-darwin': 'github:nixos/nixpkgs/d55716bb59b91ae9d1ced4b1ccdea7a442ecbfdb?narHash=sha256-QWJ%2BNQbMU%2BNcU2xiyo7SNox1fAuwksGlQhpzBl76g1I%3D' (2025-07-02) → 'github:nixos/nixpkgs/9b008d60392981ad674e04016d25619281550a9d?narHash=sha256-mgFxAPLWw0Kq%2BC8P3dRrZrOYEQXOtKuYVlo9xvPntt8%3D' (2025-07-08) • Updated input 'nixpkgs-ollama': 'github:nixos/nixpkgs/3016b4b15d13f3089db8a41ef937b13a9e33a8df?narHash=sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU%2Btt4YY%3D' (2025-06-30) → 'github:nixos/nixpkgs/9807714d6944a957c2e036f84b0ff8caf9930bc0?narHash=sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X%2BxgOL0%3D' (2025-07-08) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/b43c397f6c213918d6cfe6e3550abfe79b5d1c51?narHash=sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y%3D' (2025-06-29) → 'github:nixos/nixpkgs/88983d4b665fb491861005137ce2b11a9f89f203?narHash=sha256-7orTnNqkGGru8Je6Un6mq1T8YVVU/O5kyW4%2Bf9C1mZQ%3D' (2025-07-08) • Updated input 'nixpkgs-unstable': 'github:nixos/nixpkgs/3016b4b15d13f3089db8a41ef937b13a9e33a8df?narHash=sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU%2Btt4YY%3D' (2025-06-30) → 'github:nixos/nixpkgs/9807714d6944a957c2e036f84b0ff8caf9930bc0?narHash=sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X%2BxgOL0%3D' (2025-07-08)	2025-07-11 14:40:25 +08:00
Ryan Yin	90d411b943	fix(darwin): homebrew renamed some casks	2025-07-04 17:48:52 +08:00
Ryan Yin	468e9483cf	fix(darwin): revert nixpkgs-darwin, add clash-verge-rev	2025-07-04 17:42:53 +08:00
Ryan Yin	c4a33c55aa	feat: open ports for testing	2025-07-04 17:09:48 +08:00
Ryan Yin	1e937dc832	chore: udpate flake.lock	2025-07-04 10:06:47 +08:00
Ryan Yin	8af80214f5	feat: neo-tree.nvim - do not hide dotfiles	2025-07-02 21:18:09 +08:00
Ryan Yin	a144093227	feat: allow to modify /etc/hosts for testing	2025-07-01 16:20:52 +08:00
Ryan Yin	0a05224ffe	chore: neovim - update plugins	2025-07-01 16:19:38 +08:00
Ryan Yin	f766a3b196	fix: neovim - neo-tree	2025-06-30 14:10:17 +08:00
Ryan Yin	58225d7978	feat: justfile - clean	2025-06-29 15:16:29 +08:00
Ryan Yin	ffee47a2de	chore: replace impermanence with preservation (#201 )	2025-06-29 15:08:12 +08:00
Ryan Yin	0004bccc9d	feat: hosts/k8s - fix k3s cidr (#200 )	2025-06-29 15:00:53 +08:00
Ryan Yin	aaabb5ed76	feat: hosts/k8s - replace impermanence with preservation (#199 )	2025-06-29 14:56:08 +08:00
Ryan Yin	dd008c3363	chore: hyprland - no_update_news=true	2025-06-29 14:01:33 +08:00
Ryan Yin	8690978d7e	feat: replace impermanence with preservation (#198 ) * feat: replace impermanence with preservation * fix: This module cannot be used with scripted initrd. * fix: permission for /var/lib/private * chore: boot.initrd.systemd.enable * docs: boot.initrd.luks.devices.<name>.fallbackToPassword is implied by systemd stage 1 * fix: typo	2025-06-29 13:02:36 +08:00
Ryan Yin	763167ce0d	feat: replace docker with podman, fix justfile for nixpkgs-review (#197 )	2025-06-29 10:32:32 +08:00
Ryan Yin	85039dd975	feat: justfile - commands for nixpkgs review	2025-06-28 15:18:34 +08:00
Ryan Yin	908d52365b	chore: gemini-cli - update	2025-06-28 13:03:07 +08:00
Ryan Yin	0694dcad94	chore: update flake inputs	2025-06-28 12:23:17 +08:00
Ryan Yin	7d0da19a63	feat: idols-ai - persist aliyun's config	2025-06-28 11:47:59 +08:00
Ryan Yin	194b1db1d2	refactor: hosts/idols-ai/impermanence.nix	2025-06-28 11:46:09 +08:00
Ryan Yin	cc0b099d63	feat: add gemini-cli	2025-06-27 00:39:20 +08:00
Ryan Yin	623e697343	fix: github cli	2025-06-23 15:54:06 +08:00
Ryan Yin	9aa0ff80ae	feat: update flake.lock fix: issues introduced by the update chore: --use-remote-sudo is deprecated, use --sudo instead	2025-06-23 15:27:18 +08:00
Ryan Yin	4ec26c5e5f	refactor: fonts (#194 )	2025-06-22 20:13:50 +08:00
Ryan Yin	5716831d6c	chore: fonts - remove unused fonts, add mono fonts for cjk feat: more fontconfig parameters	2025-06-22 19:30:28 +08:00
Ryan Yin	df06a1d7e4	fix: kmscon - show neo-tree icons fix: darwin fonts chore: fonts - add Sarasa Gothic	2025-06-22 17:40:59 +08:00
Ryan Yin	923fd7ae7d	fix: firefox/chrome - render English's sigle quota correctly	2025-06-22 16:21:26 +08:00
Ryan Yin	970d3f9343	chore: kubectl-ai	2025-06-22 11:48:04 +08:00
Ryan Yin	5ec74c3ff5	fix: hyprland - float zoom workspace	2025-06-20 13:43:24 +08:00
Ryan Yin	17301d503c	docs: hardening - more references	2025-06-19 20:45:11 +08:00
Ryan Yin	84a123b917	docs: hardening	2025-06-19 20:43:46 +08:00
Ryan Yin	c8a714a05e	chore: remove firejail	2025-06-19 20:01:33 +08:00
Ryan Yin	8584c3c98b	fix: nixpaks - access gtk/hyprland portals	2025-06-19 00:14:19 +08:00
Ryan Yin	9849923180	refactor: nixpak apps	2025-06-19 00:13:49 +08:00
Ryan Yin	20194262f2	feat: nixpaks - add music/video dirs for firefox & qq	2025-06-19 00:04:58 +08:00
Ryan Yin	8ba75c5128	fix: nixpaks.firefox - browserpass extension	2025-06-19 00:03:39 +08:00
Ryan Yin	915af0c868	fix: hyprland - windowrule for zoom meeting	2025-06-18 13:08:31 +08:00
Ryan Yin	37813ce6f1	chore: neovim - Lazy Update	2025-06-16 21:39:43 +08:00
Ryan Yin	8e67a6d825	fix: neovim - neo-tree.nvim - hidden files	2025-06-16 21:39:22 +08:00
Ryan Yin	4c8b973e2c	chore: nix flake update	2025-06-16 21:25:57 +08:00
Ryan Yin	fb0f89d975	feat: fcitx5 - wayland support	2025-06-14 20:32:15 +08:00
Ryan Yin	710f547074	docs: fcitx5 rime-data	2025-06-14 20:28:13 +08:00
Ryan Yin	50feead9e8	feat: darwin - add a menu bar manager	2025-06-10 00:14:16 +08:00
Ryan Yin	de1513587a	feat: alacritty - do not show title bar & window title	2025-06-09 23:52:59 +08:00
Ryan Yin	a86789c5b8	feat: kitty - do not show title bar & window title	2025-06-09 23:46:56 +08:00
Ryan Yin	e46d101c9f	feat: darwin - add cursor ai editor	2025-06-09 23:27:13 +08:00
Ryan Yin	217a624bc7	feat: darwin - use tailscale app instead of cli version	2025-06-09 22:05:21 +08:00
Ryan Yin	7087ef3024	docs: tailscale	2025-06-09 10:16:24 +08:00
Ryan Yin	e84d88fdc9	fix: loki-operational - trail comma	2025-06-09 03:12:22 +08:00
Ryan Yin	d450dc1704	chore: grafana-loki - add route=otlp_v1_logs	2025-06-09 03:10:03 +08:00
Ryan Yin	8a2ff48bbc	chore: grafana-loki - remove promtail related charts	2025-06-09 03:06:36 +08:00
Ryan Yin	d8d7010dc0	fix: loki-operational	2025-06-09 03:02:18 +08:00
Ryan Yin	f03183e2d9	fix: loki-mixin - remove label - job (#193 )	2025-06-09 02:57:00 +08:00
Ryan Yin	c1959ee0b9	feat: grafana datasource - add loki	2025-06-08 20:05:25 +08:00
Ryan Yin	a6ea7f5d77	chore: vmagent remote write via https, disable http access	2025-06-08 19:13:15 +08:00
Ryan Yin	a37d99f069	chore: remove the unused loki buckets	2025-06-08 19:13:15 +08:00
Ryan Yin	7c2de23806	chore: minio bucket loki - add lifecycle rules	2025-06-08 19:13:15 +08:00
Ryan Yin	e12afe7cea	feat: infra - remove openobserve, add loki	2025-06-08 19:13:15 +08:00
Ryan Yin	77ed0378d1	feat: IPv6 (#192 ) * feat: custom ipv6 routes for all hosts * fix: ipv6 - k3s+cilium	2025-06-08 19:12:55 +08:00
Ryan Yin	10924e67e1	feat: avante.nvim - update providers	2025-06-07 16:09:32 +08:00
Ryan Yin	285662df1e	feat: persistent joplin & cursor's config	2025-06-07 11:40:54 +08:00
Ryan Yin	a2101bd74f	chore: update nvim plugins	2025-06-07 11:05:17 +08:00
Ryan Yin	4fb61ddc59	fix: hyprland with nvidia	2025-06-07 11:04:55 +08:00
Ryan Yin	a3e99c913f	chore: idols-ai - disable hdr for all monitors	2025-06-07 09:50:50 +08:00
Ryan Yin	d2a6f28043	feat: git - use iso format for date	2025-06-06 09:07:16 +08:00
Ryan Yin	04c3c88152	feat(modules/nixos/remote-desktop): enable tailscale & sunshine	2025-06-05 10:59:17 +08:00
Ryan Yin	c4e268682a	fix: google-chrome CVE	2025-06-05 10:59:17 +08:00
Ryan Yin	c070abe60e	feat: update all nixpkgs inputs	2025-06-05 10:59:17 +08:00
Ryan Yin	f6b2e42776	chore(nixos): brew - use bfsu mirror	2025-06-05 10:49:44 +08:00
Ryan Yin	0c9ad09cf2	fix: idols-ai - persist work code	2025-06-03 17:21:18 +08:00
Ryan Yin	c7e6ef3293	fix: idols-ai - disable dhcp	2025-06-03 17:06:58 +08:00
Ryan Yin	0eca8029f1	chore: persist gcloud's data	2025-06-03 16:42:23 +08:00
Ryan Yin	67609dfd9f	fix: persist zoom's config	2025-06-03 15:38:29 +08:00
Ryan Yin	72403971ed	feat: nixos desktop - add flatpak	2025-06-03 14:33:50 +08:00
Ryan Yin	72572a87d6	chore: persist zoom's data	2025-06-03 11:42:38 +08:00
Ryan Yin	39c98598d5	chore: use chrome by default	2025-06-03 11:38:41 +08:00
Ryan Yin	88cee1016d	chore: adjust hypridle's timeout	2025-06-02 21:49:26 +08:00