feat: start clash-verge on login

feat: use mainGateway for idols-ai, rename defaultGateway to proxyGateway
feat: install clash verge on all nixos desktop hosts
2026-05-28 18:39:31 +02:00 · 2025-08-11 00:42:10 +08:00 · 2025-08-11 00:32:08 +08:00 · 2025-08-11 00:18:29 +08:00 · 2025-08-10 13:27:20 +08:00 · 2025-08-10 13:23:56 +08:00
307 changed files with 15839 additions and 3778 deletions
@@ -1,3 +1,4 @@
 .Trash-1000/
 result
 result/
 .direnv/
@@ -26,13 +26,13 @@ test:
 # Update all the flake inputs
 [group('nix')]
 up:
-  nix flake update
+  nix flake update --commit-lock-file
 # Update specific input
 # Usage: just upp nixpkgs
 [group('nix')]
 upp input:
-  nix flake update {{input}}
+  nix flake update {{input}} --commit-lock-file
 # List all generations of the system profile
 [group('nix')]
@@ -48,7 +48,10 @@ repl:
 # on darwin, you may need to switch to root user to run this command
 [group('nix')]
 clean:
  # Wipe out NixOS's history
  sudo nix profile wipe-history --profile /nix/var/nix/profiles/system  --older-than 7d
  # Wipe out home-manager's history
  nix profile wipe-history --profile $"($env.XDG_STATE_HOME)/nix/profiles/home-manager" --older-than 7d
 # Garbage collect all unused nix store entries
 [group('nix')]
@@ -74,7 +77,7 @@ shell:
 [group('nix')]
 fmt:
  # format the nix files in this repo
-  nix fmt
+  ls **/*.nix | each { |it| nixfmt $it.name }
 # Show all the auto gc roots in the nix store
 [group('nix')]
@@ -94,6 +97,11 @@ verify-store:
 repair-store *paths:
  nix store repair {{paths}}
 # Update all Nixpkgs inputs
 [group('nix')]
 up-nix:
  nix flake update nixpkgs nixpkgs-stable nixpkgs-unstable nixpkgs-darwin nixpkgs-ollama
 ############################################################################
 #
 #  NixOS Desktop related commands
@@ -116,7 +124,7 @@ s-hypr mode="default":
 ############################################################################
 #
-#  Darwin related commands, harmonica is my macbook pro's hostname
+#  Darwin related commands
 #
 ############################################################################
@@ -133,15 +141,6 @@ darwin-rollback:
  use {{utils_nu}} *;
  darwin-rollback
 # Deploy to harmonica(macOS host)
 [macos]
 [group('desktop')]
 ha mode="default":
  #!/usr/bin/env nu
  use {{utils_nu}} *;
  darwin-build "harmonica" {{mode}};
  darwin-switch "harmonica" {{mode}}
 # Depoly to fern(macOS host)
 [macos]
 [group('desktop')]
@@ -375,3 +374,29 @@ list-failed:
 [group('services')]
 list-systemd:
  systemctl list-units systemd-*
 # =================================================
 #
 # Nixpkgs Review via Github Action
 # https://github.com/ryan4yin/nixpkgs-review-gha
 #
 # =================================================
 # Run nixpkgs-review for PR
 [linux]
 [group('nixpkgs')]
 pkg-review pr:
  gh workflow run review.yml --repo ryan4yin/nixpkgs-review-gha -f x86_64-darwin=no -f post-result=true -f pr={{pr}}
 # Run package tests for PR
 [linux]
 [group('nixpkgs')]
 pkg-test pr pname:
  gh workflow run review.yml --repo ryan4yin/nixpkgs-review-gha -f x86_64-darwin=no -f post-result=true -f pr={{pr}} -f extra-args="-p {{pname}}.passthru.tests"
 # View the summary of a workflow
 [linux]
 [group('nixpkgs')]
 pkg-summary:
  gh workflow view review.yml --repo ryan4yin/nixpkgs-review-gha
@@ -132,15 +132,11 @@ nix-shell -p just nushell
 # 3. comment home-manager's code in lib/macosSystem.nix to speed up the first deployment.
 # 4. comment out the proxy settings in scripts/darwin_set_proxy.py if the proxy is not ready yet.
 # 4. deploy harmonica's configuration(macOS Intel)
 just ha
 # deploy fern's configuration(Apple Silicon)
-just fe
+just fr
 # deploy with details
-just ha debug
+just fr debug
 # just fe debug
 ```
 > [What y'all will need when Nix drives you to drink.](https://www.youtube.com/watch?v=Eni9PPPPBpg)
@@ -48,15 +48,17 @@
    },
    "blender-bin": {
      "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "dir": "blender",
-        "lastModified": 1746378999,
+        "lastModified": 1752701743,
-        "narHash": "sha256-aF+uC/aYR4I7VxN9s0gQG1WRDTE0Re3jAMd0qBkWjV4=",
+        "narHash": "sha256-cQeX9PP5F7fgsuv0CrL16GtlU6MS0i9LLnkkITu8jA8=",
        "owner": "edolstra",
        "repo": "nix-warez",
-        "rev": "85d76721132cc6631bbaa8c950d4d0f3aa4003fd",
+        "rev": "69acfebb3740542936f71775bcdf322dc328a655",
        "type": "github"
      },
      "original": {
@@ -66,6 +68,26 @@
        "type": "github"
      }
    },
    "catppuccin": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1753702336,
        "narHash": "sha256-IVFUQV6egGQHnm+I183OT+4ct/ka1IWA5u/0A9I/YV4=",
        "owner": "catppuccin",
        "repo": "nix",
        "rev": "b32de96c3c5384c83b0f4d741ec58a7f97c9ab11",
        "type": "github"
      },
      "original": {
        "owner": "catppuccin",
        "repo": "nix",
        "type": "github"
      }
    },
    "crane": {
      "locked": {
        "lastModified": 1731098351,
@@ -157,6 +179,21 @@
      }
    },
    "flake-compat_3": {
      "locked": {
        "lastModified": 1688025799,
        "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
        "owner": "nix-community",
        "repo": "flake-compat",
        "rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-compat_4": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
@@ -219,11 +256,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1743550720,
+        "lastModified": 1753121425,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e",
        "type": "github"
      },
      "original": {
@@ -240,11 +277,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1743550720,
+        "lastModified": 1753121425,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e",
        "type": "github"
      },
      "original": {
@@ -293,16 +330,16 @@
      "inputs": {
        "flake-compat": "flake-compat",
        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
        "zig": "zig",
        "zon2nix": "zon2nix"
      },
      "locked": {
-        "lastModified": 1748658752,
+        "lastModified": 1753722074,
-        "narHash": "sha256-x50iF9eu6W/WP2Ah958n4FOiu4ix1ytP9mrej2m9GVs=",
+        "narHash": "sha256-yGQ28k8iz2tGrj5oo/HBkn0ihWA5uUZ1ZErkMtegzTw=",
        "owner": "ghostty-org",
        "repo": "ghostty",
-        "rev": "7e85ca3a16ff93ec0eab085e61d5a48cb0222a6a",
+        "rev": "92c1f4b0b9c6fde6d8f79109de71bf4e30831e86",
        "type": "github"
      },
      "original": {
@@ -387,11 +424,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748000383,
+        "lastModified": 1752595130,
-        "narHash": "sha256-EaAJhwfJGBncgIV/0NlJviid2DP93cTMc9h0q6P6xXk=",
+        "narHash": "sha256-CNBgr4OZSuklGtNOa9CnTNo9+Xceqn/EDAC1Tc43fH8=",
        "owner": "hercules-ci",
        "repo": "hercules-ci-effects",
-        "rev": "231726642197817d20310b9d39dd4afb9e899489",
+        "rev": "5f2e09654b2e70ba643e41609d9f9b6640f22113",
        "type": "github"
      },
      "original": {
@@ -428,11 +465,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748654914,
+        "lastModified": 1753807879,
-        "narHash": "sha256-3xn61GBqAaRXvdvr1cSPcDj3kivENs0x9aJHLOHGiNM=",
+        "narHash": "sha256-d8nxwjUxnRyLWc5G/CpGVsqcSU3ZolS/QYWm9L+/CG0=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "6d09fd37a7d4110251c1c03cb09fbf6321fbe10d",
+        "rev": "25deca893974aae98c9be151fb47d6284c053470",
        "type": "github"
      },
      "original": {
@@ -442,21 +479,6 @@
        "type": "github"
      }
    },
    "impermanence": {
      "locked": {
        "lastModified": 1737831083,
        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
        "owner": "nix-community",
        "repo": "impermanence",
        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "impermanence",
        "type": "github"
      }
    },
    "lanzaboote": {
      "inputs": {
        "crane": "crane",
@@ -483,13 +505,30 @@
        "type": "github"
      }
    },
    "my-asahi-firmware": {
      "flake": false,
      "locked": {
        "lastModified": 1752336609,
        "narHash": "sha256-PeJXDQgKwmu6PEjEA+68I7nIOTTpwUUyO1b5PpQg4gc=",
        "ref": "refs/heads/main",
        "rev": "981583c8e101967ef6a66388ade54cab751f3a02",
        "shallow": true,
        "type": "git",
        "url": "ssh://git@github.com/ryan4yin/asahi-firmware.git"
      },
      "original": {
        "shallow": true,
        "type": "git",
        "url": "ssh://git@github.com/ryan4yin/asahi-firmware.git"
      }
    },
    "mysecrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1748512246,
+        "lastModified": 1752678564,
-        "narHash": "sha256-hSM5o7nwXbZI0vK5ya+xwSAVJ3FquZ63ejW9eEab2ho=",
+        "narHash": "sha256-x2sbH7Umncbyc9oca5mqX8kMChHVUTytKk+QXEcB4i4=",
        "ref": "refs/heads/main",
-        "rev": "099015dac014d6484594e49082ea1f126749efe8",
+        "rev": "a231913597362c15c71fd9212cef5092ae85a64c",
        "shallow": true,
        "type": "git",
        "url": "ssh://git@github.com/ryan4yin/nix-secrets.git"
@@ -507,11 +546,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748352827,
+        "lastModified": 1751313918,
-        "narHash": "sha256-sNUUP6qxGkK9hXgJ+p362dtWLgnIWwOCmiq72LAWtYo=",
+        "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "44a7d0e687a87b73facfe94fba78d323a6686a90",
+        "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf",
        "type": "github"
      },
      "original": {
@@ -523,14 +562,16 @@
    "nix-gaming": {
      "inputs": {
        "flake-parts": "flake-parts_3",
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1748656608,
+        "lastModified": 1753582293,
-        "narHash": "sha256-VU+8/kZ57Y7XTmgMBpybGMxO/elvUn/4yMndZji2pY8=",
+        "narHash": "sha256-CimzlksXOfuPcLr4ye/s4hwZhHk98f0gnXB6Dq9RhZo=",
        "owner": "fufexan",
        "repo": "nix-gaming",
-        "rev": "b585487bb87faec1c7a09aada7cfe77dd7b3c5fe",
+        "rev": "ceb9d44f09b0db02332873247a50210a486959ff",
        "type": "github"
      },
      "original": {
@@ -554,6 +595,28 @@
        "type": "github"
      }
    },
    "nixos-apple-silicon": {
      "inputs": {
        "flake-compat": "flake-compat_3",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1751622568,
        "narHash": "sha256-EE3NBsej517VRa1x+ylAghrvngftxf1KgfHlE9OYyXE=",
        "owner": "nix-community",
        "repo": "nixos-apple-silicon",
        "rev": "eba4b40c816e5aff8951ae231ac237e8aab8ec1d",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nixos-apple-silicon",
        "rev": "eba4b40c816e5aff8951ae231ac237e8aab8ec1d",
        "type": "github"
      }
    },
    "nixos-generators": {
      "inputs": {
        "nixlib": "nixlib",
@@ -562,11 +625,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747663185,
+        "lastModified": 1751903740,
-        "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
+        "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
+        "rev": "032decf9db65efed428afd2fa39d80f7089085eb",
        "type": "github"
      },
      "original": {
@@ -575,22 +638,6 @@
        "type": "github"
      }
    },
    "nixos-hardware": {
      "locked": {
        "lastModified": 1748634340,
        "narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
        "rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "master",
        "repo": "nixos-hardware",
        "type": "github"
      }
    },
    "nixpak": {
      "inputs": {
        "flake-parts": "flake-parts_4",
@@ -600,11 +647,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748485094,
+        "lastModified": 1753324041,
-        "narHash": "sha256-StAZf1nyocL8kTcVyg18n9I2ka/TQHks8RSLrmIp/TE=",
+        "narHash": "sha256-2JZ82g01Lo3f0SNP2WSDZ0ER1FnAN2WicULZkoEsRx0=",
        "owner": "nixpak",
        "repo": "nixpak",
-        "rev": "507bcbeec5979b5b332901062fe731c716b26544",
+        "rev": "fedd4b59b7c8f18be508dee9d89985a8501982d0",
        "type": "github"
      },
      "original": {
@@ -615,26 +662,24 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1733808091,
+        "lastModified": 1748189127,
-        "narHash": "sha256-KWwINTQelKOoQgrXftxoqxmKFZb9pLVfnRvK270nkVk=",
+        "narHash": "sha256-zRDR+EbbeObu4V2X5QCd2Bk5eltfDlCr5yvhBwUT6pY=",
-        "owner": "NixOS",
+        "rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334",
-        "repo": "nixpkgs",
+        "type": "tarball",
-        "rev": "a0f3e10d94359665dba45b71b4227b0aeb851f8e",
+        "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.802491.7c43f080a7f2/nixexprs.tar.xz"
        "type": "github"
      },
      "original": {
-        "id": "nixpkgs",
+        "type": "tarball",
-        "ref": "nixos-24.11",
+        "url": "https://channels.nixos.org/nixos-25.05/nixexprs.tar.xz"
        "type": "indirect"
      }
    },
    "nixpkgs-darwin": {
      "locked": {
-        "lastModified": 1748506378,
+        "lastModified": 1753722563,
-        "narHash": "sha256-oS0Gxh63Df8b8r04lqEYDDLKhHIrVr9/JLOn2bn8JaI=",
+        "narHash": "sha256-FK8iq76wlacriq3u0kFCehsRYTAqjA9nfprpiSWRWIc=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "3866ad91cfc172f08a6839def503d8fc2923c603",
+        "rev": "648f70160c03151bc2121d179291337ad6bc564b",
        "type": "github"
      },
      "original": {
@@ -646,11 +691,11 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1743296961,
+        "lastModified": 1751159883,
-        "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
+        "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
+        "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab",
        "type": "github"
      },
      "original": {
@@ -661,11 +706,11 @@
    },
    "nixpkgs-ollama": {
      "locked": {
-        "lastModified": 1748460289,
+        "lastModified": 1753694789,
-        "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=",
+        "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102",
+        "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
        "type": "github"
      },
      "original": {
@@ -693,11 +738,11 @@
    },
    "nixpkgs-stable_2": {
      "locked": {
-        "lastModified": 1748437600,
+        "lastModified": 1753489912,
-        "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=",
+        "narHash": "sha256-uDCFHeXdRIgJpYmtcUxGEsZ+hYlLPBhR83fdU+vbC1s=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "7282cb574e0607e65224d33be8241eae7cfe0979",
+        "rev": "13e8d35b7d6028b7198f8186bc0347c6abaa2701",
        "type": "github"
      },
      "original": {
@@ -709,11 +754,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1748460289,
+        "lastModified": 1753694789,
-        "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=",
+        "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102",
+        "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
        "type": "github"
      },
      "original": {
@@ -725,40 +770,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1748189127,
+        "lastModified": 1753694789,
-        "narHash": "sha256-zRDR+EbbeObu4V2X5QCd2Bk5eltfDlCr5yvhBwUT6pY=",
+        "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
        "rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334",
        "type": "tarball",
        "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.802491.7c43f080a7f2/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
        "url": "https://channels.nixos.org/nixos-25.05/nixexprs.tar.xz"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1747958103,
        "narHash": "sha256-qmmFCrfBwSHoWw7cVK4Aj+fns+c54EBP8cGqp/yK410=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "fe51d34885f7b5e3e7b59572796e1bcb427eccb1",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_4": {
      "locked": {
        "lastModified": 1748460289,
        "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102",
+        "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
        "type": "github"
      },
      "original": {
@@ -768,39 +784,11 @@
        "type": "github"
      }
    },
    "nixpkgs_5": {
      "locked": {
        "lastModified": 1701436327,
        "narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=",
        "rev": "91050ea1e57e50388fa87a3302ba12d188ef723a",
        "revCount": 555097,
        "type": "tarball",
        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.555097%2Brev-91050ea1e57e50388fa87a3302ba12d188ef723a/018c3450-2363-7c34-883b-4ba70b1eb7ae/source.tar.gz"
      },
      "original": {
        "type": "tarball",
        "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz"
      }
    },
    "nixpkgs_6": {
      "locked": {
        "lastModified": 1747610100,
        "narHash": "sha256-rpR5ZPMkWzcnCcYYo3lScqfuzEw5Uyfh+R0EKZfroAc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "ca49c4304acf0973078db0a9d200fd2bae75676d",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nuenv": {
      "inputs": {
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": [
          "nixpkgs"
        ],
        "rust-overlay": "rust-overlay_2"
      },
      "locked": {
@@ -819,14 +807,16 @@
    },
    "nur-ryan4yin": {
      "inputs": {
-        "nixpkgs": "nixpkgs_6"
+        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1747880260,
+        "lastModified": 1751086727,
-        "narHash": "sha256-qJSGFMB/bPCeX2TPWhrbe3AZhLbxEtm/HeUV2+rOO78=",
+        "narHash": "sha256-5y9aE/o+KwEg075R5m/13Z1mavtyWv+9DE5uppLdRlo=",
        "owner": "ryan4yin",
        "repo": "nur-packages",
-        "rev": "b64163d1bffff09b39a109d38163e6960c524c4f",
+        "rev": "a41be29389c8503f67b9f5cd47fa8b99a5bb3fe5",
        "type": "github"
      },
      "original": {
@@ -838,11 +828,11 @@
    "polybar-themes": {
      "flake": false,
      "locked": {
-        "lastModified": 1744988472,
+        "lastModified": 1753542051,
-        "narHash": "sha256-TxsO28Rd0U/FgA9v5M6426rFW0wNVdN1AVOazxsbMNo=",
+        "narHash": "sha256-f/54m7RJnqNW6eC/75IrnFxmSWTY+zd5epm6TQsYeYA=",
        "owner": "adi1090x",
        "repo": "polybar-themes",
-        "rev": "03e542779448dd9fdb1e3451858cf66cf13b31bd",
+        "rev": "e6326ff356b296256b7fac9c5bcc42a1ef4a4d5b",
        "type": "github"
      },
      "original": {
@@ -853,23 +843,23 @@
    },
    "pre-commit-hooks": {
      "inputs": {
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat_4",
        "gitignore": "gitignore_2",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1747372754,
+        "lastModified": 1750779888,
-        "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
+        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
+        "repo": "git-hooks.nix",
-        "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
+        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
+        "repo": "git-hooks.nix",
        "type": "github"
      }
    },
@@ -900,24 +890,40 @@
        "type": "github"
      }
    },
    "preservation": {
      "locked": {
        "lastModified": 1751384068,
        "narHash": "sha256-xGq+Om1ReXcQy6h57yj9V5nOM84g/GBJ3m6oxe1a3js=",
        "owner": "nix-community",
        "repo": "preservation",
        "rev": "286737ba485f30c1687c833e66f5901a6c8dc019",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "preservation",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "agenix": "agenix",
        "anyrun": "anyrun",
        "blender-bin": "blender-bin",
        "catppuccin": "catppuccin",
        "disko": "disko",
        "ghostty": "ghostty",
        "haumea": "haumea",
        "home-manager": "home-manager_2",
        "impermanence": "impermanence",
        "lanzaboote": "lanzaboote",
        "my-asahi-firmware": "my-asahi-firmware",
        "mysecrets": "mysecrets",
        "nix-darwin": "nix-darwin",
        "nix-gaming": "nix-gaming",
        "nixos-apple-silicon": "nixos-apple-silicon",
        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
        "nixpak": "nixpak",
-        "nixpkgs": "nixpkgs_4",
+        "nixpkgs": "nixpkgs_2",
        "nixpkgs-darwin": "nixpkgs-darwin",
        "nixpkgs-ollama": "nixpkgs-ollama",
        "nixpkgs-stable": "nixpkgs-stable_2",
@@ -926,6 +932,7 @@
        "nur-ryan4yin": "nur-ryan4yin",
        "polybar-themes": "polybar-themes",
        "pre-commit-hooks": "pre-commit-hooks",
        "preservation": "preservation",
        "wallpapers": "wallpapers"
      }
    },
@@ -1051,7 +1058,8 @@
    "zig": {
      "inputs": {
        "flake-compat": [
-          "ghostty"
+          "ghostty",
          "flake-compat"
        ],
        "flake-utils": [
          "ghostty",
@@ -1097,8 +1105,8 @@
      },
      "original": {
        "owner": "jcollie",
        "ref": "56c159be489cc6c0e73c3930bd908ddc6fe89613",
        "repo": "zon2nix",
        "rev": "56c159be489cc6c0e73c3930bd908ddc6fe89613",
        "type": "github"
      }
    }
@@ -48,7 +48,6 @@
      url = "github:lnl7/nix-darwin";
      inputs.nixpkgs.follows = "nixpkgs-darwin";
    };
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
    # home-manager, used for managing user configuration
    home-manager = {
@@ -61,12 +60,20 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # https://github.com/catppuccin/nix
    catppuccin = {
      url = "github:catppuccin/nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    lanzaboote = {
      url = "github:nix-community/lanzaboote/v0.4.2";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    impermanence.url = "github:nix-community/impermanence";
+    preservation = {
      url = "github:nix-community/preservation";
    };
    # community wayland nixpkgs
    # nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
@@ -90,7 +97,10 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    nix-gaming.url = "github:fufexan/nix-gaming";
+    nix-gaming = {
      url = "github:fufexan/nix-gaming";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    disko = {
      url = "github:nix-community/disko/v1.11.0";
@@ -99,11 +109,14 @@
    # add git hooks to format nix code before commit
    pre-commit-hooks = {
-      url = "github:cachix/pre-commit-hooks.nix";
+      url = "github:cachix/git-hooks.nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    nuenv.url = "github:DeterminateSystems/nuenv";
+    nuenv = {
      url = "github:DeterminateSystems/nuenv";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    haumea = {
      url = "github:nix-community/haumea/v0.2.2";
@@ -119,7 +132,16 @@
      url = "github:ghostty-org/ghostty";
    };
-    blender-bin.url = "github:edolstra/nix-warez?dir=blender";
+    blender-bin = {
      url = "github:edolstra/nix-warez?dir=blender";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixos-apple-silicon = {
      # 2025-07-04
      url = "github:nix-community/nixos-apple-silicon/eba4b40c816e5aff8951ae231ac237e8aab8ec1d";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    ########################  Some non-flake repositories  #########################################
@@ -137,13 +159,21 @@
      flake = false;
    };
    my-asahi-firmware = {
      url = "git+ssh://git@github.com/ryan4yin/asahi-firmware.git?shallow=1";
      flake = false;
    };
    # my wallpapers
    wallpapers = {
      url = "github:ryan4yin/wallpapers";
      flake = false;
    };
-    nur-ryan4yin.url = "github:ryan4yin/nur-packages";
+    nur-ryan4yin = {
      url = "github:ryan4yin/nur-packages";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # for waydroid
    # nur-ataraxiasjel.url = "github:AtaraxiaSjel/nur";
@@ -18,10 +18,8 @@
   - [ ] AppArmor
   - [ ] Kernel & System Hardening
 1. **Per-App Level**:
-   - Nixpak (Bubblewrap)
+   - Nixpak (Bubblewrap, running at user-level)
-     - [x] QQ
+   - Firejail (a SUID program, meaning it's running as root)
     - [x] Firefox
   - [ ] Firejail (risk? not enabled yet)
 ## Kernel Hardening
@@ -32,26 +30,27 @@
 - NixOS Profile:
  https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/profiles/hardened.nix
- Apparmor: [roddhjav/apparmor.d)](https://github.com/roddhjav/apparmor.d)
+- Apparmor: [roddhjav/apparmor.d](https://github.com/roddhjav/apparmor.d)
  - https://gitlab.com/apparmor/apparmor/-/wikis/Documentation
  - AppArmor.d is a set of over 1500 AppArmor profiles whose aim is to confine most Linux based
    applications and processes.
-  - Nix Package:
+  - But all the profiles of AppArmor assume a FHS filesystem, which caused all apparmor policies
-    [roddhjav-apparmor-rules](https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ro/roddhjav-apparmor-rules/package.nix#L33)
+    takes no effect on NixOS.
-  - https://github.com/NixOS/nixpkgs/issues/331645
+  - Apparmor on NixOS Roadmap:
    - https://discourse.nixos.org/t/apparmor-on-nixos-roadmap/57217
    - https://github.com/LordGrimmauld/aa-alias-manager
 - SELinux: too complex, not recommended for personal use.
 ## Application Sandboxing
 - [Bubblewrap](https://github.com/containers/bubblewrap):
  [nixpak](https://github.com/nixpak/nixpak), more secure than firejail, but no batteries included.
  - NixOS's FHSEnv is implemented using bubblewrap by default.
 - [Firejail](https://github.com/netblue30/firejail/tree/master/etc): A SUID security sandbox with
  hundreds of security profiles for many common applications in the default installation.
  - https://wiki.nixos.org/wiki/Firejail
  - Firejail needs SUID to work, which is considered a security risk -
    [Does firejail improve the security of my system?](https://github.com/netblue30/firejail/discussions/4601)
 - [Bubblewrap](https://github.com/containers/bubblewrap):
  [nixpak](https://github.com/nixpak/nixpak), more secure than firejail, but no batteries included.
  - NixOS's FHSEnv is implemented using bubblewrap by default.
 - [Systemd/Hardening](https://wiki.nixos.org/wiki/Systemd/Hardening): Systemd also provides some
  sandboxing features.
@@ -67,8 +66,6 @@ provide a much higher level of security.
 - [Harden your NixOS workstation - dataswamp](https://dataswamp.org/~solene/2022-01-13-nixos-hardened.html)
 - [Linux Insecurities - Madaidans](https://madaidans-insecurities.github.io/linux.html)
 - [Sandboxing all programs by default - NixOS Discourse](https://discourse.nixos.org/t/sandboxing-all-programs-by-default/7792)
 - [在 Firejail 中运行 Steam](https://imbearchild.cyou/archives/2021/11/steam-in-firejail/)
 - [Firejail - Arch Linux Wiki](https://wiki.archlinux.org/title/Firejail)
 - [Paranoid NixOS Setup - xeiaso](https://xeiaso.net/blog/paranoid-nixos-2021-07-18/)
 - [nix-mineral](https://github.com/cynicsketch/nix-mineral): NixOS module for convenient system
  hardening.
@@ -80,8 +77,7 @@ provide a much higher level of security.
 - firejail configs:
  - https://github.com/stelcodes/nixos-config/blob/f8967c82a5e5f3d128eb1aaf7498b5f918f719ec/packages/overlay.nix#L261
 - apparmor configs:
  - https://github.com/sukhmancs/nixos-configs/blob/7fcf737c506ad843113cd5b94796b49d4d4dfad2/modules/shared/security/apparmor/default.nix#L8
  - https://github.com/zramctl/dotfiles/blob/4fe177f6984154960942bb47d5a375098ec6ed6a/modules/nixos/security/apparmor.nix#L4
  - https://git.grimmauld.de/Grimmauld/grimm-nixos-laptop/src/branch/main/hardening
 - Others:
  - Directly via `buildFHSUserEnvBubblewrap`:
    https://github.com/xddxdd/nur-packages/blob/master/pkgs/uncategorized/wechat-uos/default.nix
@@ -2,7 +2,8 @@
  config,
  pkgs,
  ...
-}: {
+}:
 {
  services.dbus.apparmor = "enabled";
  security.apparmor = {
    enable = true;
@@ -0,0 +1,9 @@
 {
  nixpkgs.overlays = [
    (_: super: {
      bwraps = {
        wechat = super.callPackage ./wechat.nix { };
      };
    })
  ];
 }
@@ -0,0 +1,99 @@
 # - wechat's flatpak manifest: https://github.com/flathub/com.tencent.WeChat/blob/master/com.tencent.WeChat.yaml
 # Refer:
 # - Flatpak manifest's docs:
 #   - https://docs.flatpak.org/en/latest/manifests.html
 #   - https://docs.flatpak.org/en/latest/sandbox-permissions.html
 #
 # TODO Since appimageTools.wrapAppImage do not support overriding, I have to pack this package myself.
 # https://github.com/NixOS/nixpkgs/pull/358977
 {
  appimageTools,
  fetchurl,
  stdenvNoCC,
 }:
 let
  pname = "wechat";
  # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/we/wechat/package.nix
  sources = {
    aarch64-linux = {
      version = "4.0.1.11";
      src = fetchurl {
        url = "https://web.archive.org/web/20250512112413if_/https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_arm64.AppImage";
        hash = "sha256-Rg+FWNgOPC02ILUskQqQmlz1qNb9AMdvLcRWv7NQhGk=";
      };
    };
    x86_64-linux = {
      version = "4.0.1.11";
      src = fetchurl {
        url = "https://web.archive.org/web/20250512110825if_/https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_x86_64.AppImage";
        hash = "sha256-gBWcNQ1o1AZfNsmu1Vi1Kilqv3YbR+wqOod4XYAeVKo=";
      };
    };
  };
  inherit (stdenvNoCC.hostPlatform) system;
  inherit (sources.${system} or (throw "Unsupported system: ${system}")) version src;
  # https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/we/wechat/linux.nix
  appimageContents = appimageTools.extract {
    inherit pname version src;
    postExtract = ''
      patchelf --replace-needed libtiff.so.5 libtiff.so $out/opt/wechat/wechat
    '';
  };
 in
 appimageTools.wrapAppImage {
  inherit pname version;
  src = appimageContents;
  extraInstallCommands = ''
    mkdir -p $out/share/applications
    cp ${appimageContents}/wechat.desktop $out/share/applications/
    mkdir -p $out/share/pixmaps
    cp ${appimageContents}/wechat.png $out/share/pixmaps/
    substituteInPlace $out/share/applications/wechat.desktop --replace-fail AppRun wechat
  '';
  # Add these root paths to FHS sandbox to prevent WeChat from accessing them by default
  # Adapted from https://aur.archlinux.org/cgit/aur.git/tree/wechat-universal.sh?h=wechat-universal-bwrap
  extraPreBwrapCmds = ''
    XDG_DOCUMENTS_DIR="''${XDG_DOCUMENTS_DIR:-$(xdg-user-dir DOCUMENTS)}"
    if [[ -z "''${XDG_DOCUMENTS_DIR}" ]]; then
        echo 'Error: Failed to get XDG_DOCUMENTS_DIR, refuse to continue'
        exit 1
    fi
    WECHAT_DATA_DIR="''${XDG_DOCUMENTS_DIR}/WeChat_Data"
    # Using ''${WECHAT_DATA_DIR} as Wechat Data folder
    WECHAT_HOME_DIR="''${WECHAT_DATA_DIR}/home"
    WECHAT_FILES_DIR="''${WECHAT_DATA_DIR}/xwechat_files"
    mkdir -p "''${WECHAT_FILES_DIR}"
    mkdir -p "''${WECHAT_HOME_DIR}"
    ln -snf "''${WECHAT_FILES_DIR}" "''${WECHAT_HOME_DIR}/xwechat_files"
  '';
  extraBwrapArgs = [
    "--tmpfs /home"
    "--tmpfs /root"
    # format: --bind <host-path> <sandbox-path>
    "--bind \${WECHAT_HOME_DIR} \${HOME}"
    "--bind \${WECHAT_FILES_DIR} \${WECHAT_FILES_DIR}"
    "--chdir \${HOME}"
    # wechat-universal only supports xcb
    "--setenv QT_QPA_PLATFORM xcb"
    "--setenv QT_AUTO_SCREEN_SCALE_FACTOR 1"
    # use fcitx as IME
    "--setenv QT_IM_MODULE fcitx"
    "--setenv GTK_IM_MODULE fcitx"
  ];
  chdirToPwd = false;
  unshareNet = false;
  unshareIpc = true;
  unsharePid = true;
  unshareUts = true;
  unshareCgroup = true;
  privateTmp = true;
 }
@@ -1,71 +0,0 @@
 {pkgs, ...}: let
  firejailWrapper = import ./firejailWrapper.nix pkgs;
 in {
  programs.firejail.enable = true;
  # Add firejailed Apps into nixsuper, and reference them in home-manager or other nixos modules
  nixpkgs.overlays = [
    (_: super: {
      firejailed = {
        steam = firejailWrapper {
          name = "steam-firejailed";
          executable = "${super.steam}/bin/steam";
          profile = "${super.firejail}/etc/firejail/steam.profile";
        };
        steam-run = firejailWrapper {
          name = "steam-run-firejailed";
          executable = "${super.steam}/bin/steam-run";
          profile = "${super.firejail}/etc/firejail/steam.profile";
        };
        # firefox = firejailWrapper {
        #   name = "firefox-firejailed";
        #   executable = "${super.lib.getBin super.firefox-wayland}/bin/firefox";
        #   profile = "${super.firejail}/etc/firejail/firefox.profile";
        # };
        # chromium = firejailWrapper {
        #   name = "chromium-firejailed";
        #   executable = "${super.lib.getBin super.ungoogled-chromium}/bin/chromium";
        #   profile = "${super.firejail}/etc/firejail/chromium.profile";
        # };
        mpv = firejailWrapper {
          executable = "${super.lib.getBin super.mpv}/bin/mpv";
          profile = "${super.firejail}/etc/firejail/mpv.profile";
        };
        imv = firejailWrapper {
          executable = "${super.lib.getBin super.imv}/bin/imv";
          profile = "${super.firejail}/etc/firejail/imv.profile";
        };
        zathura = firejailWrapper {
          executable = "${super.lib.getBin super.zathura}/bin/zathura";
          profile = "${super.firejail}/etc/firejail/zathura.profile";
        };
        slack = firejailWrapper {
          executable = "${super.lib.getBin super.slack}/bin/slack";
          profile = "${super.firejail}/etc/firejail/slack.profile";
        };
        telegram-desktop = firejailWrapper {
          executable = "${super.lib.getBin super.tdesktop}/bin/telegram-desktop";
          profile = "${super.firejail}/etc/firejail/telegram-desktop.profile";
        };
        brave = firejailWrapper {
          executable = "${super.lib.getBin super.brave}/bin/brave";
          profile = "${super.firejail}/etc/firejail/brave.profile";
        };
        qutebrowser = firejailWrapper {
          executable = "${super.lib.getBin super.qutebrowser}/bin/qutebrowser";
          profile = "${super.firejail}/etc/firejail/qutebrowser.profile";
        };
        thunar = firejailWrapper {
          executable = "${super.lib.getBin super.xfce.thunar}/bin/thunar";
          profile = "${super.firejail}/etc/firejail/thunar.profile";
        };
        vscodium = firejailWrapper {
          executable = "${super.lib.getBin super.vscodium}/bin/vscodium";
          profile = "${super.firejail}/etc/firejail/vscodium.profile";
        };
      };
    })
  ];
 }
@@ -1,35 +0,0 @@
 # https://www.reddit.com/r/NixOS/comments/1b56jdx/simple_nix_function_for_wrapping_executables_with/
 pkgs: {
  name ? "firejail-wrapper",
  executable,
  desktop ? null,
  profile ? null,
  extraArgs ? [],
 }:
 pkgs.runCommand name
 {
  preferLocalBuild = true;
  allowSubstitutes = false;
  meta.priority = -1; # take precedence over non-firejailed versions
 }
 (
  let
    firejailArgs = pkgs.lib.concatStringsSep " " (
      extraArgs ++ (pkgs.lib.optional (profile != null) "--profile=${toString profile}")
    );
  in
    ''
      command_path="$out/bin/$(basename ${executable})-jailed"
      mkdir -p $out/bin
      mkdir -p $out/share/applications
      cat <<'_EOF' >"$command_path"
      #! ${pkgs.runtimeShell} -e
      exec /run/wrappers/bin/firejail ${firejailArgs} -- ${toString executable} "\$@"
      _EOF
      chmod 0755 "$command_path"
    ''
    + pkgs.lib.optionalString (desktop != null) ''
      substitute ${desktop} $out/share/applications/$(basename ${desktop}) \
        --replace ${executable} "$command_path"
    ''
 )
@@ -2,7 +2,8 @@
  pkgs,
  nixpak,
  ...
-}: let
+}:
 let
  callArgs = {
    mkNixPak = nixpak.lib.nixpak {
      inherit (pkgs) lib;
@@ -14,19 +15,20 @@
    ];
  };
  wrapper = _pkgs: path: (_pkgs.callPackage path callArgs).config.script;
-in {
+in
 {
  # Add nixpaked Apps into nixpkgs, and reference them in home-manager or other nixos modules
  nixpkgs.overlays = [
    (_: super: {
      nixpaks = {
        qq = wrapper super ./qq.nix;
-        qq-desktop-item = super.callPackage ./qq-desktop-item.nix {};
+        qq-desktop-item = super.callPackage ./qq-desktop-item.nix { };
-        wechat-uos = wrapper super ./wechat-uos.nix;
+        wechat = wrapper super ./wechat.nix;
-        wechat-uos-desktop-item = super.callPackage ./wechat-uos-desktop-item.nix {};
+        wechat-desktop-item = super.callPackage ./wechat-desktop-item.nix { };
        firefox = wrapper super ./firefox.nix;
-        firefox-desktop-item = super.callPackage ./firefox-desktop-item.nix {};
+        firefox-desktop-item = super.callPackage ./firefox-desktop-item.nix { };
      };
    })
  ];
@@ -1,4 +1,4 @@
-{makeDesktopItem}:
+{ makeDesktopItem }:
 makeDesktopItem {
  name = "firefox";
  desktopName = "firefox";
@@ -6,6 +6,6 @@ makeDesktopItem {
  terminal = false;
  icon = "firefox";
  type = "Application";
-  categories = ["Network"];
+  categories = [ "Network" ];
  comment = "firefox boxed";
 }
@@ -10,11 +10,13 @@
  ...
 }:
 mkNixPak {
-  config = {
+  config =
    {
      config,
      sloth,
      ...
-  }: {
+    }:
    {
      app = {
        package = pkgs.firefox-wayland;
        binPath = "bin/firefox";
@@ -34,6 +36,15 @@ mkNixPak {
        "org.mozilla.firefox_beta.*" = "own"; # firefox beta
        "org.mpris.MediaPlayer2.firefox.*" = "own";
        "org.freedesktop.NetworkManager" = "talk";
        "org.gnome.Shell.Screencast" = "talk";
        # System tray icon
        "org.freedesktop.Notifications" = "talk";
        "org.kde.StatusNotifierWatcher" = "talk";
        # File Manager
        "org.freedesktop.FileManager1" = "talk";
        # Uses legacy StatusNotifier implementation
        "org.kde.*" = "own";
      };
      bubblewrap = {
@@ -45,16 +56,23 @@ mkNixPak {
          # NOTE: sloth.mkdir is used to create the directory if it does not exist!
          (sloth.mkdir (sloth.concat' sloth.homeDir "/.mozilla"))
        # ================ for externsions ===============================
        # required by https://github.com/browserpass/browserpass-extension
        (sloth.concat' sloth.homeDir "/.local/share/password-store") # pass
        sloth.xdgDownloadDir
          sloth.xdgDocumentsDir
          sloth.xdgDownloadDir
          sloth.xdgMusicDir
          sloth.xdgVideosDir
        ];
        bind.ro = [
        # To actually make Firefox run
          "/sys/bus/pci"
-        ["${config.app.package}/lib/firefox" "/app/etc/firefox"]
+          [
            "${config.app.package}/lib/firefox"
            "/app/etc/firefox"
          ]
          # ================ for browserpass extension ===============================
          "/etc/gnupg"
          (sloth.concat' sloth.homeDir "/.gnupg") # gpg's config
          (sloth.concat' sloth.homeDir "/.local/share/password-store") # my secrets
          (sloth.concat' sloth.runtimeDir "/gnupg") # for access gpg-agent socket
          # Unsure
          (sloth.concat' sloth.xdgConfigHome "/dconf")
@@ -65,12 +83,6 @@ mkNixPak {
          wayland = true;
          pipewire = true;
        };
      bind.dev = [
        "/dev/shm" # Shared Memory
      ];
      tmpfs = [
        "/tmp"
      ];
      };
    };
 }
@@ -5,12 +5,14 @@
  pkgs,
  sloth,
  ...
-}: let
+}:
 let
  envSuffix = envKey: suffix: sloth.concat' (sloth.env envKey) suffix;
  # cursor & icon's theme should be the same as the host's one.
  cursorTheme = pkgs.bibata-cursors;
  iconTheme = pkgs.papirus-icon-theme;
-in {
+in
 {
  config = {
    dbus.policies = {
      "${config.flatpak.appId}" = "own";
@@ -18,8 +20,11 @@ in {
      "org.gtk.vfs.*" = "talk";
      "org.gtk.vfs" = "talk";
      "ca.desrt.dconf" = "talk";
      "org.freedesktop.portal.*" = "talk";
      "org.a11y.Bus" = "talk";
      # for default portal & gtk/hyprland's portal
      "org.freedesktop.portal.*" = "talk";
      "org.freedesktop.impl.portal.desktop.*" = "talk";
    };
    # https://github.com/nixpak/nixpak/blob/master/modules/gpu.nix
    # 1. bind readonly - /run/opengl-driver
@@ -72,6 +77,8 @@ in {
        "/etc/static/egl"
      ];
      bind.dev = [
        "/dev/shm" # Shared Memory
        # seems required when using nvidia as primary gpu
        "/dev/nvidia0"
        "/dev/nvidiactl"
@@ -79,16 +86,24 @@ in {
        "/dev/nvidia-uvm"
      ];
      tmpfs = [
        "/tmp"
      ];
      env = {
-        XDG_DATA_DIRS = lib.mkForce (lib.makeSearchPath "share" [
+        XDG_DATA_DIRS = lib.mkForce (
          lib.makeSearchPath "share" [
            iconTheme
            cursorTheme
            pkgs.shared-mime-info
-        ]);
+          ]
-        XCURSOR_PATH = lib.mkForce (lib.concatStringsSep ":" [
+        );
        XCURSOR_PATH = lib.mkForce (
          lib.concatStringsSep ":" [
            "${cursorTheme}/share/icons"
            "${cursorTheme}/share/pixmaps"
-        ]);
+          ]
        );
      };
    };
  };
@@ -2,7 +2,7 @@
 {
  etc.sslCertificates.enable = true;
  bubblewrap = {
-    bind.ro = ["/etc/resolv.conf"];
+    bind.ro = [ "/etc/resolv.conf" ];
    network = true;
  };
 }
@@ -5,13 +5,13 @@
 makeDesktopItem {
  name = "qq";
  desktopName = "QQ";
-  exec = "qq %U";
+  exec = "${qq}/bin/qq %U";
  terminal = false;
  # To find the icon name(nushell):
  #   let p = NIXPKGS_ALLOW_UNFREE=1 nix eval --impure nixpkgs#qq.outPath | str trim --char '"'
  #   tree $"($p)/share/icons"
  icon = "${qq}/share/icons/hicolor/512x512/apps/qq.png";
  type = "Application";
-  categories = ["Network"];
+  categories = [ "Network" ];
  comment = "QQ boxed";
 }
@@ -10,11 +10,13 @@
  ...
 }:
 mkNixPak {
-  config = {sloth, ...}: {
+  config =
    { sloth, ... }:
    {
      app = {
        package = pkgs.qq.override {
          # fix fcitx5 input method
-        commandLineArgs = lib.concatStringsSep " " ["--enable-wayland-ime"];
+          commandLineArgs = lib.concatStringsSep " " [ "--enable-wayland-ime" ];
        };
        binPath = "bin/qq";
      };
@@ -30,8 +32,13 @@ mkNixPak {
      #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
      dbus.policies = {
        "org.gnome.Shell.Screencast" = "talk";
        # System tray icon
        "org.freedesktop.Notifications" = "talk";
        "org.kde.StatusNotifierWatcher" = "talk";
        # File Manager
        "org.freedesktop.FileManager1" = "talk";
        # Uses legacy StatusNotifier implementation
        "org.kde.*" = "own";
      };
      bubblewrap = {
        # To trace all the home files QQ accesses, you can use the following nushell command:
@@ -40,21 +47,23 @@ mkNixPak {
        bind.rw = [
          # given the read write permission to the following directories.
          # NOTE: sloth.mkdir is used to create the directory if it does not exist!
-        (sloth.mkdir (sloth.concat [sloth.xdgConfigHome "/QQ"]))
+          (sloth.mkdir (
-        (sloth.mkdir (sloth.concat [sloth.xdgDocumentsDir "/QQ"]))
+            sloth.concat [
              sloth.xdgConfigHome
              "/QQ"
            ]
          ))
          sloth.xdgDocumentsDir
          sloth.xdgDownloadDir
          sloth.xdgMusicDir
          sloth.xdgVideosDir
        ];
        sockets = {
          x11 = false;
          wayland = true;
          pipewire = true;
        };
      bind.dev = [
        "/dev/shm" # Shared Memory
      ];
      tmpfs = [
        "/tmp"
      ];
      };
    };
 }
@@ -1,17 +0,0 @@
 {
  makeDesktopItem,
  wechat-uos,
 }:
 makeDesktopItem {
  name = "wechat";
  desktopName = "WeChat";
  exec = "wechat-uos %U";
  terminal = false;
  # To find the icon name(nushell):
  #   let p = NIXPKGS_ALLOW_UNFREE=1 nix eval --impure nixpkgs#wechat-uos.outPath | str trim --char '"'
  #   tree $"($p)/share/icons"
  icon = "${wechat-uos}/share/icons/hicolor/256x256/apps/com.tencent.wechat.png";
  type = "Application";
  categories = ["Network"];
  comment = "Wechat boxed";
 }
@@ -1,73 +0,0 @@
 # TODO: wechat-uos is running in FHS sandbox by default, it's problematic
 #   to wrap it again via flatpak. We need to find a way to fix it.
 #   https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/we/wechat-uos/package.nix
 # Refer:
 # - Flatpak manifest's docs:
 #   - https://docs.flatpak.org/en/latest/manifests.html
 #   - https://docs.flatpak.org/en/latest/sandbox-permissions.html
 # - wechat-uos's flatpak manifest: https://github.com/flathub/com.tencent.WeChat/blob/master/com.tencent.WeChat.yaml
 {
  lib,
  pkgs,
  mkNixPak,
  ...
 }:
 mkNixPak {
  config = {sloth, ...}: {
    app = {
      package = pkgs.wechat-uos;
      binPath = "bin/wechat-uos";
    };
    flatpak.appId = "com.tencent.WeChat";
    imports = [
      ./modules/gui-base.nix
      ./modules/network.nix
    ];
    # list all dbus services:
    #   ls -al /run/current-system/sw/share/dbus-1/services/
    #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
    dbus.policies = {
      "org.gnome.Shell.Screencast" = "talk";
      # System tray icon
      "org.freedesktop.Notifications" = "talk";
      "org.kde.StatusNotifierWatcher" = "talk";
      # File Manager
      "org.freedesktop.FileManager1" = "talk";
      # Uses legacy StatusNotifier implementation
      "org.kde.*" = "own";
    };
    bubblewrap = {
      # To trace all the home files QQ accesses, you can use the following nushell command:
      #   just trace-access wechat-uos
      # See the Justfile in the root of this repository for more information.
      bind.rw = [
        # given the read write permission to the following directories.
        # NOTE: sloth.mkdir is used to create the directory if it does not exist!
        (sloth.mkdir (sloth.concat [sloth.homeDir "/.xwechat"]))
        (sloth.mkdir (sloth.concat [sloth.xdgDocumentsDir "/xwechat_files"]))
        (sloth.mkdir (sloth.concat [sloth.xdgDocumentsDir "/WeChat_Data/"]))
        sloth.xdgDownloadDir
      ];
      sockets = {
        x11 = false;
        wayland = true;
        pipewire = true;
      };
      bind.dev = [
        "/dev/shm" # Shared Memory
      ];
      tmpfs = [
        "/tmp"
      ];
      env = {
        # Hidpi scale
        "QT_AUTO_SCREEN_SCALE_FACTOR" = "1";
        # Only supports xcb
        "QT_QPA_PLATFORM" = "kcb";
      };
    };
  };
 }
@@ -1,4 +1,5 @@
-{modulesPath, ...}: {
+{ modulesPath, ... }:
 {
  imports = [
    (modulesPath + "/profiles/hardened.nix")
  ];
@@ -1,16 +1,8 @@
 {
  pkgs,
  nur-ryan4yin,
  ...
 }: {
  # https://github.com/catppuccin/btop/blob/main/themes/catppuccin_mocha.theme
  xdg.configFile."btop/themes".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-btop}/themes";
  # replacement of htop/nmon
  programs.btop = {
    enable = true;
    settings = {
      color_theme = "catppuccin_mocha";
      theme_background = false; # make btop transparent
    };
  };
@@ -1,8 +1,5 @@
 { pkgs, ... }:
 {
  pkgs,
  nur-ryan4yin,
  ...
 }: {
  home.packages = with pkgs; [
    # Misc
    cowsay
@@ -16,7 +13,7 @@
    # search for files by name, faster than find
    fd
    # search for files by its content, replacement of grep
-    (ripgrep.override {withPCRE2 = true;})
+    (ripgrep.override { withPCRE2 = true; })
    # A fast and polyglot tool for code searching, linting, rewriting at large scale
    # supported languages: only some mainstream languages currently(do not support nix/nginx/yaml/toml/...)
@@ -25,8 +22,6 @@
    sad # CLI search and replace, just like sed, but with diff preview.
    yq-go # yaml processor https://github.com/mikefarah/yq
    just # a command runner like make, but simpler
    delta # A viewer for git and diff output
    lazygit # Git terminal UI.
    hyperfine # command-line benchmarking tool
    gping # ping, but with a graph(TUI)
    doggo # DNS client for humans
@@ -53,10 +48,9 @@
    ncdu # analyzer your disk usage Interactively, via TUI(replacement of `du`)
  ];
  programs = {
  # A modern replacement for ‘ls’
  # useful in bash/zsh prompt, not in nushell.
-    eza = {
+  programs.eza = {
    enable = true;
    # do not enable aliases in nushell!
    enableNushellIntegration = false;
@@ -65,44 +59,18 @@
  };
  # a cat(1) clone with syntax highlighting and Git integration.
-    bat = {
+  programs.bat = {
    enable = true;
    config = {
      pager = "less -FR";
        theme = "catppuccin-mocha";
      };
      themes = {
        # https://raw.githubusercontent.com/catppuccin/bat/main/Catppuccin-mocha.tmTheme
        catppuccin-mocha = {
          src = nur-ryan4yin.packages.${pkgs.system}.catppuccin-bat;
          file = "Catppuccin-mocha.tmTheme";
        };
    };
  };
  # A command-line fuzzy finder
-    fzf = {
+  programs.fzf.enable = true;
      enable = true;
      # https://github.com/catppuccin/fzf
      # catppuccin-mocha
      colors = {
        "bg+" = "#313244";
        "bg" = "#1e1e2e";
        "spinner" = "#f5e0dc";
        "hl" = "#f38ba8";
        "fg" = "#cdd6f4";
        "header" = "#f38ba8";
        "info" = "#cba6f7";
        "pointer" = "#f5e0dc";
        "marker" = "#f5e0dc";
        "fg+" = "#cdd6f4";
        "prompt" = "#cba6f7";
        "hl+" = "#f38ba8";
      };
    };
  # very fast version of tldr in Rust
-    tealdeer = {
+  programs.tealdeer = {
    enable = true;
    enableAutoUpdates = true;
    settings = {
@@ -134,7 +102,7 @@
  #   zi foo             # cd with interactive selection (using fzf)
  #
  #   z foo<SPACE><TAB>  # show interactive completions (zoxide v0.8.0+, bash 4.4+/fish/zsh only)
-    zoxide = {
+  programs.zoxide = {
    enable = true;
    enableBashIntegration = true;
    enableZshIntegration = true;
@@ -145,11 +113,10 @@
  # and records additional context for your commands.
  # Additionally, it provides optional and fully encrypted
  # synchronisation of your history between machines, via an Atuin server.
-    atuin = {
+  programs.atuin = {
    enable = true;
    enableBashIntegration = true;
    enableZshIntegration = true;
    enableNushellIntegration = true;
  };
  };
 }
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
 {
  imports = mylib.scanPaths ./.;
 }
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
 {
  imports = mylib.scanPaths ./.;
 }
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
 {
  programs.helix = {
    enable = true;
  };
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
 {
  programs = {
    neovim = {
      enable = true;
@@ -4,17 +4,37 @@
  pkgs,
  myvars,
  ...
-}: {
+}:
 {
  # `programs.git` will generate the config file: ~/.config/git/config
  # to make git use this config file, `~/.gitconfig` should not exist!
  #
  #    https://git-scm.com/docs/git-config#Documentation/git-config.txt---global
-  home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore ["checkLinkTargets"] ''
+  home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore [ "checkLinkTargets" ] ''
    rm -f ${config.home.homeDirectory}/.gitconfig
  '';
-  home.packages = with pkgs; [
+  # GitHub CLI tool
-  ];
+  # https://cli.github.com/manual/
  programs.gh = {
    enable = true;
    settings = {
      git_protocol = "ssh";
      prompt = "enabled";
      aliases = {
        co = "pr checkout";
        pv = "pr view";
      };
    };
    hosts = {
      "github.com" = {
        "users" = {
          "ryan4yin" = null;
        };
        "user" = "ryan4yin";
      };
    };
  };
  programs.git = {
    enable = true;
@@ -36,6 +56,7 @@
      trim.bases = "develop,master,main"; # for git-trim
      push.autoSetupRemote = true;
      pull.rebase = true;
      log.date = "iso"; # use iso format for date
      # replace https with ssh
      url = {
@@ -56,7 +77,7 @@
    #   signByDefault = true;
    # };
-    # A syntax-highlighting pager in Rust(2019 ~ Now)
+    # A syntax-highlighting pager for git, diff, grep, and blame output
    delta = {
      enable = true;
      options = {
@@ -96,4 +117,10 @@
      foreach = "submodule foreach";
    };
  };
  # Git terminal UI (written in go).
  programs.lazygit.enable = true;
  # Yet another Git TUI (written in rust).
  programs.gitui.enable = true;
 }
@@ -0,0 +1,10 @@
 { config, ... }:
 {
  # make `npm install -g <pkg>` happey
  #
  # mainly used to install npm packages that updates frequently
  # such as gemini-cli, claude-code, etc.
  home.file.".npmrc".text = ''
    prefix=${config.home.homeDirectory}/.npm
  '';
 }
@@ -1,3 +1,8 @@
 # Based on the default config generated by:
 #    ```
 #    config nu --default
 #    ```
 #
 # Nushell Config File Documentation
 #
 # Warning: This file is intended for documentation purposes only and
@@ -1,8 +1,5 @@
-{
+{ config, ... }:
-  config,
+let
  pkgs-unstable,
  ...
 }: let
  shellAliases = {
    k = "kubectl";
@@ -13,22 +10,25 @@
  localBin = "${config.home.homeDirectory}/.local/bin";
  goBin = "${config.home.homeDirectory}/go/bin";
  rustBin = "${config.home.homeDirectory}/.cargo/bin";
-in {
+  npmBin = "${config.home.homeDirectory}/.npm/bin";
-  # only works in bash/zsh, not nushell
+in
-  home.shellAliases = shellAliases;
+{
  programs.nushell = {
    enable = true;
    package = pkgs-unstable.nushell;
    configFile.source = ./config.nu;
    inherit shellAliases;
  };
  programs.bash = {
    enable = true;
    enableCompletion = true;
    bashrcExtra = ''
-      export PATH="$PATH:${localBin}:${goBin}:${rustBin}"
+      export PATH="$PATH:${localBin}:${goBin}:${rustBin}:${npmBin}"
    '';
  };
  # NOTE: only works in bash/zsh, not nushell
  home.shellAliases = shellAliases;
  # NOTE: nushell will be launched in bash, so it can inherit all the eenvironment variables.
  programs.nushell = {
    enable = true;
    # package = pkgs-unstable.nushell;
    configFile.source = ./config.nu;
    inherit shellAliases;
  };
 }
@@ -1,8 +1,4 @@
 {
  pkgs,
  nur-ryan4yin,
  ...
 }: {
  programs.starship = {
    enable = true;
@@ -10,8 +6,7 @@
    enableZshIntegration = true;
    enableNushellIntegration = true;
-    settings =
+    settings = {
      {
      character = {
        success_symbol = "[›](bold green)";
        error_symbol = "[›](bold red)";
@@ -25,9 +20,6 @@
        format = "on [$symbol$active(\($region\))]($style) ";
        symbol = "🅶 ️";
      };
-
+    };
        palette = "catppuccin_mocha";
      }
      // builtins.fromTOML (builtins.readFile "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-starship}/palettes/mocha.toml");
  };
 }
@@ -0,0 +1,16 @@
 { catppuccin, ... }:
 {
  # https://github.com/catppuccin/nix
  imports = [
    catppuccin.homeModules.catppuccin
  ];
  catppuccin = {
    # The default `enable` value for all available programs.
    enable = true;
    # one of "latte", "frappe", "macchiato", "mocha"
    flavor = "mocha";
    # one of "blue", "flamingo", "green", "lavender", "maroon", "mauve", "peach", "pink", "red", "rosewater", "sapphire", "sky", "teal", "yellow"
    accent = "pink";
  };
 }
@@ -1,13 +1,9 @@
 { pkgs, ... }:
 {
  pkgs,
  pkgs-unstable,
  nur-ryan4yin,
  ...
 }: {
  # terminal file manager
  programs.yazi = {
    enable = true;
-    package = pkgs-unstable.yazi;
+    package = pkgs.yazi;
    # Changing working directory when exiting Yazi
    enableBashIntegration = true;
    enableNushellIntegration = true;
@@ -18,6 +14,4 @@
      };
    };
  };
  xdg.configFile."yazi/theme.toml".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-yazi}/mocha.toml";
 }
@@ -2,7 +2,8 @@ let
  shellAliases = {
    "zj" = "zellij";
  };
-in {
+in
 {
  programs.zellij = {
    enable = true;
  };
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
 {
  imports = mylib.scanPaths ./.;
 }
@@ -1,10 +1,19 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
-  home.packages = with pkgs; [
+{
  home.packages =
    with pkgs;
    [
      mitmproxy # http/https proxy tool
    insomnia # REST client
      wireshark # network analyzer
      # IDEs
      # jetbrains.idea-community
-  ];
+
      # AI cli tools
      k8sgpt
      kubectl-ai # an ai helper opensourced by google
    ]
    ++ (lib.optionals pkgs.stdenv.isx86_64 [
      insomnia # REST client
    ]);
 }
@@ -1,65 +0,0 @@
 [colors.primary]
 background = "#1e1e2e"
 foreground = "#cdd6f4"
 dim_foreground = "#7f849c"
 bright_foreground = "#cdd6f4"
 [colors.cursor]
 text = "#1e1e2e"
 cursor = "#f5e0dc"
 [colors.vi_mode_cursor]
 text = "#1e1e2e"
 cursor = "#b4befe"
 [colors.search.matches]
 foreground = "#1e1e2e"
 background = "#a6adc8"
 [colors.search.focused_match]
 foreground = "#1e1e2e"
 background = "#a6e3a1"
 [colors.footer_bar]
 foreground = "#1e1e2e"
 background = "#a6adc8"
 [colors.hints.start]
 foreground = "#1e1e2e"
 background = "#f9e2af"
 [colors.hints.end]
 foreground = "#1e1e2e"
 background = "#a6adc8"
 [colors.selection]
 text = "#1e1e2e"
 background = "#f5e0dc"
 [colors.normal]
 black = "#45475a"
 red = "#f38ba8"
 green = "#a6e3a1"
 yellow = "#f9e2af"
 blue = "#89b4fa"
 magenta = "#f5c2e7"
 cyan = "#94e2d5"
 white = "#bac2de"
 [colors.bright]
 black = "#585b70"
 red = "#f38ba8"
 green = "#a6e3a1"
 yellow = "#f9e2af"
 blue = "#89b4fa"
 magenta = "#f5c2e7"
 cyan = "#94e2d5"
 white = "#a6adc8"
 [[colors.indexed_colors]]
 index = 16
 color = "#fab387"
 [[colors.indexed_colors]]
 index = 17
 color = "#f5e0dc"
@@ -26,36 +26,43 @@
 {
  programs.alacritty = {
    enable = true;
-    package = pkgs-unstable.alacritty;
+    # package = pkgs-unstable.alacritty;
    # https://alacritty.org/config-alacritty.html
    settings = {
      general.import = [
        ./catppuccin-mocha.toml
      ];
      window = {
        opacity = 0.93;
        startup_mode = "Maximized"; # Maximized window
        dynamic_title = true;
        option_as_alt = "Both"; # Option key acts as Alt on macOS
        decorations = "None"; # Show neither borders nor title bar
      };
      scrolling = {
        history = 10000;
      };
      font = {
-        bold = {family = "JetBrainsMono Nerd Font";};
+        bold = {
-        italic = {family = "JetBrainsMono Nerd Font";};
+          family = "Maple Mono NF CN";
-        normal = {family = "JetBrainsMono Nerd Font";};
+        };
-        bold_italic = {family = "JetBrainsMono Nerd Font";};
+        italic = {
-        size =
+          family = "Maple Mono NF CN";
-          if pkgs.stdenv.isDarwin
+        };
-          then 14
+        normal = {
-          else 13;
+          family = "Maple Mono NF CN";
        };
        bold_italic = {
          family = "Maple Mono NF CN";
        };
        size = if pkgs.stdenv.isDarwin then 14 else 13;
      };
      terminal = {
        # Spawn a nushell in login mode via `bash`
        shell = {
          program = "${pkgs.bash}/bin/bash";
-          args = ["--login" "-c" "nu --login --interactive"];
+          args = [
            "--login"
            "-c"
            "nu --login --interactive"
          ];
        };
        # Controls the ability to write to the system clipboard with the OSC 52 escape sequence.
        # It's used by zellij to copy text to the system clipboard.
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
 {
  imports = mylib.scanPaths ./.;
 }
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
 {
  programs.foot = {
    # foot is designed only for Linux
    enable = pkgs.stdenv.isLinux;
@@ -16,8 +17,8 @@
    settings = {
      main = {
        term = "foot"; # or "xterm-256color" for maximum compatibility
-        font = "JetBrainsMono Nerd Font:size=14";
+        font = "Maple Mono NF CN:size=14";
-        dpi-aware = "yes";
+        dpi-aware = "no"; # scale via window manager instead
        # Spawn a nushell in login mode via `bash`
        shell = "${pkgs.bash}/bin/bash --login -c 'nu --login --interactive'";
@@ -26,47 +27,6 @@
      mouse = {
        hide-when-typing = "yes";
      };
      # https://github.com/catppuccin/foot/blob/main/themes/catppuccin-mocha.ini
      cursor = {
        color = "11111b f5e0dc";
      };
      colors = {
        alpha = "0.93"; # background opacity
        foreground = "cdd6f4";
        background = "1e1e2e";
        regular0 = "45475a";
        regular1 = "f38ba8";
        regular2 = "a6e3a1";
        regular3 = "f9e2af";
        regular4 = "89b4fa";
        regular5 = "f5c2e7";
        regular6 = "94e2d5";
        regular7 = "bac2de";
        bright0 = "585b70";
        bright1 = "f38ba8";
        bright2 = "a6e3a1";
        bright3 = "f9e2af";
        bright4 = "89b4fa";
        bright5 = "f5c2e7";
        bright6 = "94e2d5";
        bright7 = "a6adc8";
        "16" = "fab387";
        "17" = "f5e0dc";
        "selection-foreground" = "cdd6f4";
        "selection-background" = "414356";
        "search-box-no-match" = "11111b f38ba8";
        "search-box-match" = "cdd6f4 313244";
        "jump-labels" = "11111b fab387";
        urls = "89b4fa";
      };
    };
  };
 }
@@ -12,17 +12,16 @@
  programs.ghostty = {
    enable = true;
    package =
-      if pkgs.stdenv.isDarwin
+      if pkgs.stdenv.isDarwin then
-      then pkgs.hello # pkgs.ghostty is currently broken on darwin
+        pkgs.hello # pkgs.ghostty is currently broken on darwin
-      else pkgs.ghostty; # the stable version
+      else
        pkgs.ghostty; # the stable version
    # package = ghostty.packages.${pkgs.system}.default; # the latest version
    enableBashIntegration = false;
    installBatSyntax = false;
    # installVimSyntax = true;
    settings = {
-      theme = "catppuccin-mocha";
+      font-family = "Maple Mono NF CN";
      font-family = "JetBrains Mono";
      font-size = 13;
      background-opacity = 0.93;
@@ -16,17 +16,10 @@
 {
  programs.kitty = {
    enable = true;
    # kitty has catppuccin theme built-in,
    # all the built-in themes are packaged into an extra package named `kitty-themes`
    # and it's installed by home-manager if `theme` is specified.
    themeFile = "Catppuccin-Mocha";
    font = {
-      name = "JetBrainsMono Nerd Font";
+      name = "Maple Mono NF CN";
      # use different font size on macOS
-      size =
+      size = if pkgs.stdenv.isDarwin then 14 else 13;
        if pkgs.stdenv.isDarwin
        then 14
        else 13;
    };
    # consistent with other terminal emulators
@@ -36,6 +29,10 @@
    };
    settings = {
      # do not show title bar & window title
      hide_window_decorations = "titlebar-and-corners";
      macos_show_window_title_in = "none";
      background_opacity = "0.93";
      macos_option_as_alt = true; # Option key acts as Alt on macOS
      enable_audio_bell = false;
@@ -48,6 +45,6 @@
    };
    # macOS specific settings
-    darwinLaunchOptions = ["--start-as=maximized"];
+    darwinLaunchOptions = [ "--start-as=maximized" ];
  };
 }
@@ -1,4 +1,5 @@
-{myvars, ...}: {
+{ myvars, ... }:
 {
  # Home Manager needs a bit of information about you and the
  # paths it should manage.
  home = {
@@ -2,7 +2,8 @@
  lib,
  pkgs,
  ...
-}: {
+}:
 {
  # https://developer.hashicorp.com/terraform/cli/config/config-file
  home.file.".terraformrc".source = ./terraformrc;
@@ -30,9 +31,12 @@
    # digitalocean
    doctl
    # google cloud
-    (google-cloud-sdk.withExtraComponents (with google-cloud-sdk.components; [
+    (google-cloud-sdk.withExtraComponents (
      with google-cloud-sdk.components;
      [
        gke-gcloud-auth-plugin
-    ]))
+      ]
    ))
    # cloud tools that nix do not have cache for.
    terraform
@@ -3,9 +3,10 @@
  pkgs-unstable,
  nur-ryan4yin,
  ...
-}: {
+}:
 {
  home.packages = with pkgs; [
-    docker-compose
+    podman-compose
    dive # explore docker layers
    lazydocker # Docker terminal UI.
    skopeo # copy/sync images between registries and local storage
@@ -17,8 +18,6 @@
    kubectl-tree # kubectl tree
    kubectl-node-shell # exec into node
    kubepug # kubernetes pre upgrade checker
    k8sgpt
    nur-ryan4yin.packages.${pkgs.system}.kubectl-ai # an ai helper opensourced by google
    kubebuilder
    istioctl
@@ -31,32 +30,11 @@
    ko # build go project to container image
  ];
-  programs = {
+  programs.k9s.enable = true;
-    k9s = {
+  catppuccin.k9s.transparent = true;
-      enable = true;
+
-      # https://k9scli.io/topics/aliases/
+  programs.kubecolor = {
      # aliases = {};
      settings = {
        skin = "catppuccino-mocha";
      };
      skins.catppuccin-mocha = let
        skin_file = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-k9s}/dist/mocha.yml"; # theme - catppuccin mocha
        skin_attr = builtins.fromJSON (
          builtins.readFile
          # replace 'base: &base "#1e1e2e"' with 'base: &base "default"'
          # to make fg/bg color transparent. "default" means transparent in k9s skin.
          (pkgs.runCommandNoCC "get-skin-json" {} ''
            cat ${skin_file} \
              |  sed -E 's@(base: &base ).+@\1 "default"@g' \
              | ${pkgs.yj}/bin/yj > $out
          '')
        );
      in
        skin_attr;
    };
    kubecolor = {
    enable = true;
    enableAlias = true;
  };
  };
 }
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
 {
  imports = mylib.scanPaths ./.;
 }
@@ -2,7 +2,8 @@
  pkgs,
  pkgs-unstable,
  ...
-}: {
+}:
 {
  #############################################################
  #
  #  Basic settings for development environment
@@ -18,8 +19,8 @@
    colmena # nixos's remote deployment tool
    # db related
-    pkgs-unstable.mycli
+    mycli
-    pkgs-unstable.pgcli
+    pgcli
    mongosh
    sqlite
@@ -27,10 +28,10 @@
    minicom
    # ai related
-    pkgs-unstable.python313Packages.huggingface-hub # huggingface-cli
+    python313Packages.huggingface-hub # huggingface-cli
    # misc
-    pkgs-unstable.devbox
+    devbox
    bfg-repo-cleaner # remove large files from git history
    k6 # load testing tool
    protobuf # protocol buffer compiler
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
 {
  imports = mylib.scanPaths ./.;
 }
@@ -1,16 +1,9 @@
 { pkgs, ... }:
 {
  pkgs,
  nur-ryan4yin,
  ...
 }: {
  # https://github.com/catppuccin/helix
  xdg.configFile."helix/themes".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-helix}/themes/default";
  programs.helix = {
    enable = true;
    package = pkgs.helix;
    settings = {
      theme = "catppuccin_mocha";
      editor = {
        line-number = "relative";
        cursorline = true;
@@ -29,7 +22,10 @@
          w = ":w";
          q = ":q";
        };
-        esc = ["collapse_selection" "keep_primary_selection"];
+        esc = [
          "collapse_selection"
          "keep_primary_selection"
        ];
      };
    };
  };
@@ -18,14 +18,16 @@ let
  # the path to nvim directory
  # to make this symlink work, we need to git clone this repo to your home directory.
  configPath = "${config.home.homeDirectory}/nix-config/home/base/tui/editors/neovim/nvim";
-in {
+in
 {
  xdg.configFile."nvim".source = config.lib.file.mkOutOfStoreSymlink configPath;
  # Disable catppuccin to avoid conflict with my non-nix config.
  catppuccin.nvim.enable = false;
  home.shellAliases = shellAliases;
  programs.nushell.shellAliases = shellAliases;
-  programs = {
+  programs.neovim = {
    neovim = {
    enable = true;
    package = pkgs-unstable.neovim-unwrapped;
@@ -44,14 +46,20 @@ in {
      "--suffix"
      "LIBRARY_PATH"
      ":"
-        "${lib.makeLibraryPath [stdenv.cc.cc zlib]}"
+      "${lib.makeLibraryPath [
        stdenv.cc.cc
        zlib
      ]}"
      # PKG_CONFIG_PATH is used by pkg-config before compilation to search directories
      # containing .pc files that describe the libraries that need to be linked to your program.
      "--suffix"
      "PKG_CONFIG_PATH"
      ":"
-        "${lib.makeSearchPathOutput "dev" "lib/pkgconfig" [stdenv.cc.cc zlib]}"
+      "${lib.makeSearchPathOutput "dev" "lib/pkgconfig" [
        stdenv.cc.cc
        zlib
      ]}"
    ];
    # Currently we use lazy.nvim as neovim's package manager, so comment this one.
@@ -70,5 +78,4 @@ in {
      nvim-treesitter.withAllGrammars
    ];
  };
  };
 }
@@ -2,101 +2,137 @@
  "AstroNvim": { "branch": "main", "commit": "c5e610f614e74c9dd9bf11760c4d0ad2c98c0abe" },
  "Comment.nvim": { "branch": "master", "commit": "e30b7f2008e52442154b66f7c519bfd2f1e32acb" },
  "LuaSnip": { "branch": "master", "commit": "458560534a73f7f8d7a11a146c801db00b081df0" },
  "SchemaStore.nvim": { "branch": "main", "commit": "6c52c57432280c54596feb0c0958e1a6cb546f4d" },
  "aerial.nvim": { "branch": "master", "commit": "3284a2cb858ba009c79da87d5e010ccee3c99c4d" },
  "alpha-nvim": { "branch": "main", "commit": "de72250e054e5e691b9736ee30db72c65d560771" },
-  "astrocommunity": { "branch": "main", "commit": "16231a665146b0fe70593dd450afd6e964a3cbe1" },
+  "astrocommunity": { "branch": "main", "commit": "2db3ee2ce37f9e2bc9e6ea2c3e2e6292ca4d33bf" },
  "astrocore": { "branch": "main", "commit": "44a3dc0bf1591022b2a6bc89dccdfac1be17bec9" },
  "astrolsp": { "branch": "main", "commit": "909fbe64f3f87d089ff3777751261544557117cc" },
  "astrotheme": { "branch": "main", "commit": "f12dcf64b1f9a05839c3ac2146f550f43bae9dab" },
  "astroui": { "branch": "main", "commit": "e923a84c488d879a260fc9cfb2dc27dd870fb6ac" },
  "autosave.nvim": { "branch": "main", "commit": "348f72cf0241e3e736e3396c4834def2f8ef8d10" },
-  "avante.nvim": { "branch": "main", "commit": "bc403ddcbf98c4181ee2a7efd35cd1e18a2fdc5c" },
+  "avante.nvim": { "branch": "main", "commit": "508cc4c22c78d565d270df8dec5449db07800296" },
-  "catppuccin": { "branch": "main", "commit": "a0c769bc7cd04bbbf258b3d5f01e2bdce744108d" },
+  "catppuccin": { "branch": "main", "commit": "fa42eb5e26819ef58884257d5ae95dd0552b9a66" },
-  "clangd_extensions.nvim": { "branch": "main", "commit": "db28f29be928d18cbfb86fbfb9f83f584f658feb" },
+  "clangd_extensions.nvim": {
-  "cmake-tools.nvim": { "branch": "master", "commit": "591ae37fc5494677e929118f0a182d2b61fe1af1" },
+    "branch": "main",
    "commit": "db28f29be928d18cbfb86fbfb9f83f584f658feb"
  },
  "cmake-tools.nvim": { "branch": "master", "commit": "17244215b1a96e4b2a83a16abd6719197f270f96" },
  "cmp-buffer": { "branch": "main", "commit": "3022dbc9166796b644a841a02de8dd1cc1d311fa" },
  "cmp-conjure": { "branch": "master", "commit": "8c9a88efedc0e5bf3165baa6af8a407afe29daf6" },
  "cmp-dap": { "branch": "master", "commit": "ea92773e84c0ad3288c3bc5e452ac91559669087" },
  "cmp-nvim-lsp": { "branch": "main", "commit": "99290b3ec1322070bcfb9e846450a46f6efa50f0" },
  "cmp-path": { "branch": "main", "commit": "91ff86cd9c29299a64f968ebb45846c485725f23" },
  "cmp_luasnip": { "branch": "master", "commit": "98d9cb5c2c38532bd9bdb481067b20fea8f32e90" },
-  "conjure": { "branch": "main", "commit": "83c6394f916197d73f2a19538bd5615e08842d10" },
+  "conjure": { "branch": "main", "commit": "5f15eb0322b5530eefb16457c061e7c2ccd7cf13" },
  "crates.nvim": { "branch": "main", "commit": "5d8b1bef686db0fabe5f1bb593744b617e8f1405" },
  "deno-nvim": { "branch": "master", "commit": "5a2f9205df5539c4a0696e73893bf8d1b0cae406" },
  "dressing.nvim": { "branch": "master", "commit": "3a45525bb182730fe462325c99395529308f431e" },
  "flash.nvim": { "branch": "main", "commit": "3c942666f115e2811e959eabbdd361a025db8b63" },
  "flit.nvim": { "branch": "main", "commit": "1ef72de6a02458d31b10039372c8a15ab8989e0d" },
  "friendly-snippets": { "branch": "main", "commit": "efff286dd74c22f731cdec26a70b46e5b203c619" },
-  "fzf-lua": { "branch": "main", "commit": "3de691fafd097177d10ebffb91dec5bec2cb30ed" },
+  "fzf-lua": { "branch": "main", "commit": "a4404dee0a65d3c2e2b292206d10b16567d088c9" },
  "gitsigns.nvim": { "branch": "main", "commit": "7010000889bfb6c26065e0b0f7f1e6aa9163edd9" },
-  "gopher.nvim": { "branch": "main", "commit": "9db5931af1293ae52500921d92c02145d86df02c" },
+  "gopher.nvim": { "branch": "main", "commit": "de585144ebde9f0516fb9b542dd42e90c7835b59" },
  "goto-preview": { "branch": "main", "commit": "d1faf6ea992b5bcaaaf2c682e1aba3131a01143e" },
  "guess-indent.nvim": { "branch": "main", "commit": "6cd61f7a600bb756e558627cd2e740302c58e32d" },
  "heirline.nvim": { "branch": "master", "commit": "fae936abb5e0345b85c3a03ecf38525b0828b992" },
-  "indent-blankline.nvim": { "branch": "master", "commit": "005b56001b2cb30bfa61b7986bc50657816ba4ba" },
+  "indent-blankline.nvim": {
    "branch": "master",
    "commit": "005b56001b2cb30bfa61b7986bc50657816ba4ba"
  },
  "lazy.nvim": { "branch": "main", "commit": "6c3bda4aca61a13a9c63f1c1d1b16b9d3be90d7a" },
  "lazydev.nvim": { "branch": "main", "commit": "f59bd14a852ca43db38e3662395354cb2a9b13e0" },
-  "leap.nvim": { "branch": "main", "commit": "08ca7ec9e859856251d56c22ea107f82f563ff3c" },
+  "leap.nvim": { "branch": "main", "commit": "10c14af4ddfb34dbd7721f0bfb2b4d91f0558907" },
-  "lsp_signature.nvim": { "branch": "master", "commit": "d50e40b3bf9324128e71b0b7e589765ce89466d2" },
+  "lsp_signature.nvim": {
    "branch": "master",
    "commit": "2923666d092300e6d03c8d895991d0bef43f1613"
  },
  "lspkind.nvim": { "branch": "master", "commit": "d79a1c3299ad0ef94e255d045bed9fa26025dab6" },
  "luarocks.nvim": { "branch": "main", "commit": "1db9093915eb16ba2473cfb8d343ace5ee04130a" },
-  "markdown-preview.nvim": { "branch": "main", "commit": "462ce41af003f5cdadab856f3a42dc27e39b89c8" },
+  "markdown-preview.nvim": {
-  "mason-lspconfig.nvim": { "branch": "main", "commit": "1a31f824b9cd5bc6f342fc29e9a53b60d74af245" },
+    "branch": "main",
    "commit": "462ce41af003f5cdadab856f3a42dc27e39b89c8"
  },
  "mason-lspconfig.nvim": {
    "branch": "main",
    "commit": "1a31f824b9cd5bc6f342fc29e9a53b60d74af245"
  },
  "mason-null-ls.nvim": { "branch": "main", "commit": "2b8433f76598397fcc97318d410e0c4f7a4bea6a" },
  "mason-nvim-dap.nvim": { "branch": "main", "commit": "4c2cdc69d69fe00c15ae8648f7e954d99e5de3ea" },
  "mason.nvim": { "branch": "main", "commit": "fc98833b6da5de5a9c5b1446ac541577059555be" },
-  "mini.ai": { "branch": "main", "commit": "5225f16eacf4dce2cb7204ca345123ef54e209d6" },
+  "mini.ai": { "branch": "main", "commit": "d172ada7b0281044a06cb9a625a862553c457b6f" },
  "mini.bufremove": { "branch": "main", "commit": "285bdac9596ee7375db50c0f76ed04336dcd2685" },
-  "mini.surround": { "branch": "main", "commit": "f4307f935ad87cfe3e570dbaae485b35cce4e5ec" },
+  "mini.surround": { "branch": "main", "commit": "1a2b59c77a0c4713a5bd8972da322f842f4821b1" },
  "neo-tree.nvim": { "branch": "main", "commit": "f481de16a0eb59c985abac8985e3f2e2f75b4875" },
  "neoconf.nvim": { "branch": "main", "commit": "f630568a4d04154803886f21ca60923f12709f0f" },
-  "nfnl": { "branch": "main", "commit": "19cac83657514a0718b7af4a086d06bd73269b7a" },
+  "nfnl": { "branch": "main", "commit": "143b595069d98d47b26b80f0e0375420673de4af" },
  "none-ls.nvim": { "branch": "main", "commit": "a117163db44c256d53c3be8717f3e1a2a28e6299" },
  "nui.nvim": { "branch": "main", "commit": "a0fd35fcbb4cb479366f1dc5f20145fd718a3733" },
  "nvim-autopairs": { "branch": "master", "commit": "68f0e5c3dab23261a945272032ee6700af86227a" },
  "nvim-cmp": { "branch": "main", "commit": "1e1900b0769324a9675ef85b38f99cca29e203b3" },
-  "nvim-colorizer.lua": { "branch": "master", "commit": "517df88cf2afb36652830df2c655df2da416a0ae" },
+  "nvim-colorizer.lua": {
    "branch": "master",
    "commit": "517df88cf2afb36652830df2c655df2da416a0ae"
  },
  "nvim-dap": { "branch": "master", "commit": "6a5bba0ddea5d419a783e170c20988046376090d" },
  "nvim-dap-go": { "branch": "main", "commit": "8763ced35b19c8dc526e04a70ab07c34e11ad064" },
  "nvim-dap-python": { "branch": "master", "commit": "261ce649d05bc455a29f9636dc03f8cdaa7e0e2c" },
  "nvim-dap-ui": { "branch": "master", "commit": "bc81f8d3440aede116f821114547a476b082b319" },
-  "nvim-jdtls": { "branch": "master", "commit": "c23f200fee469a415c77265ca55b496feb646992" },
+  "nvim-jdtls": { "branch": "master", "commit": "4d77ff02063cf88963d5cf10683ab1fd15d072de" },
-  "nvim-lsp-file-operations": { "branch": "master", "commit": "9744b738183a5adca0f916527922078a965515ed" },
+  "nvim-lsp-file-operations": {
    "branch": "master",
    "commit": "9744b738183a5adca0f916527922078a965515ed"
  },
  "nvim-lspconfig": { "branch": "master", "commit": "185b2af444b27d6541c02d662b5b68190e5cf0c4" },
  "nvim-nio": { "branch": "master", "commit": "21f5324bfac14e22ba26553caf69ec76ae8a7662" },
  "nvim-notify": { "branch": "master", "commit": "a3020c2cf4dfc4c4f390c4a21e84e35e46cf5d17" },
  "nvim-scrollbar": { "branch": "main", "commit": "5b103ef0fd2e8b9b4be3878ed38d224522192c6c" },
  "nvim-spectre": { "branch": "master", "commit": "72f56f7585903cd7bf92c665351aa585e150af0f" },
-  "nvim-spider": { "branch": "main", "commit": "99df646eab60df0b948dd2532ef5f5512707a9a4" },
+  "nvim-spider": { "branch": "main", "commit": "d4bdc45eac425e77108f068bd0706ff3ac20be7f" },
  "nvim-treesitter": { "branch": "master", "commit": "f8aaf5ce4e27cd20de917946b2ae5c968a2c2858" },
-  "nvim-treesitter-textobjects": { "branch": "master", "commit": "9937e5e356e5b227ec56d83d0a9d0a0f6bc9cad4" },
+  "nvim-treesitter-textobjects": {
    "branch": "master",
    "commit": "9937e5e356e5b227ec56d83d0a9d0a0f6bc9cad4"
  },
  "nvim-ts-autotag": { "branch": "main", "commit": "a1d526af391f6aebb25a8795cbc05351ed3620b5" },
-  "nvim-ts-context-commentstring": { "branch": "main", "commit": "1b212c2eee76d787bbea6aa5e92a2b534e7b4f8f" },
+  "nvim-ts-context-commentstring": {
    "branch": "main",
    "commit": "1b212c2eee76d787bbea6aa5e92a2b534e7b4f8f"
  },
  "nvim-ufo": { "branch": "main", "commit": "61463090a4f55f5d080236ea62f09d1cd8976ff3" },
  "nvim-vtsls": { "branch": "main", "commit": "60b493e641d3674c030c660cabe7a2a3f7a914be" },
  "nvim-web-devicons": { "branch": "master", "commit": "4c3a5848ee0b09ecdea73adcd2a689190aeb728c" },
  "nvim-window-picker": { "branch": "main", "commit": "6382540b2ae5de6c793d4aa2e3fe6dbb518505ec" },
-  "orgmode": { "branch": "master", "commit": "32ef9e95f43a6e951fb931b438372546a4f0c524" },
+  "orgmode": { "branch": "master", "commit": "b6d14eb0a1553a0ef4114346d67605de82d0f7fb" },
  "package-info.nvim": { "branch": "master", "commit": "4f1b8287dde221153ec9f2acd46e8237d2d0881e" },
-  "parinfer-rust": { "branch": "master", "commit": "55bec1e3d4f127527c5c2e507fac96cc934aed6e" },
+  "parinfer-rust": { "branch": "master", "commit": "afe6b1176cd805c000713e23b654fbf4b9f4b156" },
  "plenary.nvim": { "branch": "master", "commit": "857c5ac632080dba10aae49dba902ce3abf91b35" },
  "presence.nvim": { "branch": "main", "commit": "87c857a56b7703f976d3a5ef15967d80508df6e6" },
  "promise-async": { "branch": "main", "commit": "38a4575da9497326badd3995e768b4ccf0bb153e" },
-  "refactoring.nvim": { "branch": "master", "commit": "64dbe67bf7c28c864488262d267c799f80cae9ba" },
+  "refactoring.nvim": { "branch": "master", "commit": "74b608dfee827c2372250519d433cc21cb083407" },
-  "render-markdown.nvim": { "branch": "main", "commit": "8debb17aab2fbbf3b341e46ac032d0a6f937d8c3" },
+  "render-markdown.nvim": {
    "branch": "main",
    "commit": "c809fc129f842a7055c672593d24be6346bcc673"
  },
  "resession.nvim": { "branch": "master", "commit": "cc819b0489938d03e4f3532a583354f0287c015b" },
-  "rustaceanvim": { "branch": "master", "commit": "5120207f90846704a74cbf043295698b009bd5de" },
+  "rustaceanvim": { "branch": "master", "commit": "322224d00a731d75eed6b700d38e460fd30f6e3c" },
  "schemastore.nvim": { "branch": "main", "commit": "e4f80f37cd11ed58a6e914cc30850749f021b6a7" },
  "sentiment.nvim": { "branch": "main", "commit": "54a6db15b630eccfa98c32a76baf90f21c6f1e40" },
  "smart-splits.nvim": { "branch": "master", "commit": "ddb23c1a1cf1507bda487cda7f6e4690965ef9f5" },
-  "telescope-fzf-native.nvim": { "branch": "main", "commit": "1f08ed60cafc8f6168b72b80be2b2ea149813e55" },
+  "telescope-fzf-native.nvim": {
    "branch": "main",
    "commit": "1f08ed60cafc8f6168b72b80be2b2ea149813e55"
  },
  "telescope-undo.nvim": { "branch": "main", "commit": "928d0c2dc9606e01e2cc547196f48d2eaecf58e5" },
  "telescope.nvim": { "branch": "0.1.x", "commit": "a17d611a0e111836a1db5295f04945df407c5135" },
  "todo-comments.nvim": { "branch": "main", "commit": "ae0a2afb47cf7395dc400e5dc4e05274bf4fb9e0" },
-  "tree-sitter-nu": { "branch": "main", "commit": "d5c71a10b4d1b02e38967b05f8de70e847448dd1" },
+  "tree-sitter-nu": { "branch": "main", "commit": "d62bb4a0c78e9476a6dd0081761444f6870252ed" },
  "treesj": { "branch": "main", "commit": "3b4a2bc42738a63de17e7485d4cc5e49970ddbcc" },
  "tsc.nvim": { "branch": "main", "commit": "8c1b4ec6a48d038a79ced8674cb15e7db6dd8ef0" },
-  "venv-selector.nvim": { "branch": "regexp", "commit": "c677caa1030808a9f90092e522de7cc20c1390dd" },
+  "venv-selector.nvim": {
    "branch": "regexp",
    "commit": "c677caa1030808a9f90092e522de7cc20c1390dd"
  },
  "vim-illuminate": { "branch": "master", "commit": "19cb21f513fc2b02f0c66be70107741e837516a1" },
  "vim-repeat": { "branch": "master", "commit": "65846025c15494983dafe5e3b46c8f88ab2e9635" },
  "vim-wakatime": { "branch": "master", "commit": "f39c4a201ae350aaba713b59d4a4fdd88e0811aa" },
@@ -52,7 +52,8 @@ return {
      "terraformls", -- terraform hcl
      "marksman", -- markdown ls
      "nickel_ls", -- nickel language server
-      "nil_ls", -- nix language server
+      -- "nil_ls", -- nix language server
      "nixd", -- another nix language server
      "buf_ls", -- protocol buffer language server
      "dockerls", -- dockerfile
      "cmake", -- cmake language server
@@ -19,8 +19,8 @@ return {
  },
  version = false, -- Never set this value to "*"! Never!
  opts = {
-    provider = "deepseek_reasoner",
+    provider = "openrouter_claude_4",
-    cursor_applying_provider = "deepseek_reasoner", -- In this example, use Groq for applying, but you can also use any provider you want.
+    cursor_applying_provider = "openrouter_claude_4",
    behaviour = {
      -- auto_suggestions = true,
      enable_cursor_planning_mode = true, -- enable cursor planning mode!
@@ -28,44 +28,104 @@ return {
    -- WARNING: Since auto-suggestions are a high-frequency operation and therefore expensive,
    -- currently designating it as `copilot` provider is dangerous because: https://github.com/yetone/avante.nvim/issues/1048
    -- Of course, you can reduce the request frequency by increasing `suggestion.debounce`.
-    auto_suggestions_provider = "aliyun_qwen3",
+    auto_suggestions_provider = "ollama",
    suggestion = {
      debounce = 750, -- wait for x ms before suggestion
      throttle = 1200, -- wait for at least x ms before the next suggestion
    },
    web_search_engine = {
      provider = "google", -- tavily, serpapi, searchapi, google, kagi, brave, or searxng
      proxy = nil, -- proxy support, e.g., http://127.0.0.1:7890
    },
    providers = {
      ollama = {
        endpoint = "http://192.168.5.100:11434", -- Note that there is no /v1 at the end.
        model = "modelscope.cn/unsloth/Qwen3-30B-A3B-GGUF",
-      -- model = "modelscope.cn/unsloth/Qwen3-235B-A22B-GGUF",
+        -- model = "modelscope.cn/unsloth/Qwen3-32B-GGUF",
      },
-    vendors = {
+      -- ==============================================
-      deepseek_coder = {
+      -- https://aistudio.google.com/prompts/new_chat
      -- ==============================================
      gemini = {
        api_key_name = "GEMINI_API_KEY",
        model = "gemini-2.5-pro-preview-06-05",
        timeout = 30000, -- Timeout in milliseconds, increase this for reasoning models
        temperature = 0,
        max_completion_tokens = 8192, -- Increase this to include reasoning tokens (for reasoning models)
        --reasoning_effort = "medium", -- low|medium|high, only used for reasoning models
      },
      -- ==============================================
      -- https://openrouter.ai/rankings
      -- ==============================================
      openrouter_claude_4 = {
        __inherited_from = "openai",
-        api_key_name = "DEEPSEEK_API_KEY",
+        endpoint = "https://openrouter.ai/api/v1",
-        endpoint = "https://api.deepseek.com",
+        api_key_name = "OPENROUTER_API_KEY",
-        model = "deepseek-coder",
+        model = "anthropic/claude-sonnet-4",
      },
      -- deepseek chat v3
      deepseek_chat = {
        __inherited_from = "openai",
        api_key_name = "DEEPSEEK_API_KEY",
        endpoint = "https://api.deepseek.com",
        model = "deepseek-chat",
      },
      -- deepseek r1
      deepseek_reasoner = {
        __inherited_from = "openai",
        api_key_name = "DEEPSEEK_API_KEY",
        endpoint = "https://api.deepseek.com",
        model = "deepseek-reasoner",
      },
      -- ==============================================
      -- https://bailian.console.aliyun.com/?tab=model
      -- ==============================================
      aliyun_qwen3 = {
        __inherited_from = "openai",
        api_key_name = "DASHSCOPE_API_KEY",
        endpoint = "https://dashscope.aliyuncs.com/compatible-mode/v1",
        -- model = "qwen-coder-plus-latest",
        model = "qwen3-235b-a22b",
        -- disable_tools = true,
      },
      aliyun_dpr1 = {
        __inherited_from = "openai",
        api_key_name = "DASHSCOPE_API_KEY",
        endpoint = "https://dashscope.aliyuncs.com/compatible-mode/v1",
        model = "deepseek-r1-0528",
        disable_tools = true,
      },
      -- ==============================================
      -- https://console.volcengine.com/ark/region:ark+cn-beijing/model?feature=&vendor=DeepSeek&view=VENDOR_VIEW
      -- ==============================================
      ark_dpr1 = {
        __inherited_from = "openai",
        api_key_name = "ARK_API_KEY",
        endpoint = "https://ark.cn-beijing.volces.com/api/v3",
        model = "deepseek-r1-250528",
        -- disable_tools = true,
      },
      -- ==============================================
      -- https://cloud.siliconflow.cn/models
      -- ==============================================
      sflow_dpr1 = {
        __inherited_from = "openai",
        api_key_name = "SILICONFLOW_API_KEY",
        endpoint = "https://api.siliconflow.cn/v1",
        model = "Pro/deepseek-ai/DeepSeek-R1",
        -- disable_tools = true,
      },
      -- ==============================================
      -- https://platform.deepseek.com/usage
      -- ==============================================
      dp_coder = {
        __inherited_from = "openai",
        api_key_name = "DEEPSEEK_API_KEY",
        endpoint = "https://api.deepseek.com",
        model = "deepseek-coder",
      },
      -- deepseek chat v3
      dp_chat = {
        __inherited_from = "openai",
        api_key_name = "DEEPSEEK_API_KEY",
        endpoint = "https://api.deepseek.com",
        model = "deepseek-chat",
        -- disable_tools = true,
      },
      -- deepseek r1
      dp_r1 = {
        __inherited_from = "openai",
        api_key_name = "DEEPSEEK_API_KEY",
        endpoint = "https://api.deepseek.com",
        model = "deepseek-reasoner",
        -- disable_tools = true,
      },
    },
  },
@@ -1,13 +1,15 @@
 -- File explorer(Custom configs)
 return {
  "nvim-neo-tree/neo-tree.nvim",
-  opts = {
+  opts = function(_, opts)
-    filesystem = {
+    opts.filesystem.filtered_items = {
      filtered_items = {
      visible = true, -- visible by default
      hide_dotfiles = false,
      hide_gitignored = false,
-      },
+    }
-    },
+    opts.filesystem.follow_current_file = {
-  },
+      enabled = true, -- This will find and focus the file in the active buffer every time
      leave_dirs_open = false, -- `false` closes auto expanded dirs, such as with `:Neotree reveal`
    }
  end,
 }
@@ -39,7 +39,7 @@ return {
      formatting.shfmt, -- Shell formatter
      formatting.terraform_fmt, -- Terraform formatter
      formatting.stylua, -- Lua formatter
-      formatting.alejandra, -- Nix formatter
+      -- formatting.alejandra, -- Nix formatter
      formatting.sqlfluff.with { -- SQL formatter
        extra_args = { "--dialect", "postgres" }, -- change to your dialect
      },
@@ -2,17 +2,19 @@
  pkgs,
  pkgs-unstable,
  ...
-}: {
+}:
-  home.packages = with pkgs; (
+{
  home.packages =
    with pkgs;
    (
      # -*- Data & Configuration Languages -*-#
      [
        #-- nix
        nil
-      # rnix-lsp
+        nixd
      # nixd
        statix # Lints and suggestions for the nix programming language
        deadnix # Find and remove unused code in .nix source files
-      alejandra # Nix Code Formatter
+        nixfmt # Nix Code Formatter
        #-- nickel lang
        nickel
@@ -61,10 +63,11 @@
          vscode-extensions.vadimcn.vscode-lldb.adapter # codelldb - debugger
          #-- python
          pipx # Install and Run Python Applications in Isolated Environments
          uv # python project package manager
          pyright # python language server
          (python313.withPackages (
-        ps:
+            ps: with ps; [
          with ps; [
              ruff
              black # python formatter
              # debugpy
@@ -147,7 +150,7 @@
        nodePackages.prettier # common code formatter
        fzf
        gdu # disk usage analyzer, required by AstroNvim
-      (ripgrep.override {withPCRE2 = true;}) # recursively searches directories for a regex pattern
+        (ripgrep.override { withPCRE2 = true; }) # recursively searches directories for a regex pattern
      ]
    );
 }
@@ -2,10 +2,11 @@
  pkgs,
  pkgs-unstable,
  ...
-}: {
+}:
 {
  home.packages = with pkgs; [
    age
-    pkgs-unstable.sops
+    sops
    rclone
  ];
 }
@@ -2,7 +2,8 @@
  config,
  mysecrets,
  ...
-}: {
+}:
 {
  programs.gpg = {
    enable = true;
    homedir = "${config.home.homeDirectory}/.gnupg";
@@ -3,9 +3,11 @@
  config,
  lib,
  ...
-}: let
+}:
 let
  passwordStoreDir = "${config.xdg.dataHome}/password-store";
-in {
+in
 {
  programs.password-store = {
    enable = true;
    package = pkgs.pass.withExtensions (exts: [
@@ -2,9 +2,11 @@
  config,
  pkgs-unstable,
  ...
-}: let
+}:
 let
  inherit (pkgs-unstable) nu_scripts;
-in {
+in
 {
  programs.nushell = {
    # load the alias file for work
    # the file must exist, otherwise nushell will complain about it!
@@ -14,6 +16,10 @@ in {
    extraConfig = ''
      source /etc/agenix/alias-for-work.nushell
      # using claude-code with kimi k2
      $env.ANTHROPIC_BASE_URL = "https://api.moonshot.cn/anthropic/"
      $env.ANTHROPIC_API_KEY = $env.MOONSHOT_API_KEY
      # Directories in this constant are searched by the
      # `use` and `source` commands.
      const NU_LIB_DIRS = $NU_LIB_DIRS ++ ['${nu_scripts}/share/nu_scripts']
@@ -34,7 +40,7 @@ in {
      # use custom-completions/zoxide/zoxide-completions.nu *
      # alias
-      use aliases/git/git-aliases.nu *
+      # use aliases/git/git-aliases.nu *
      use aliases/eza/eza-aliases.nu *
      use aliases/bat/bat-aliases.nu *
@@ -2,7 +2,8 @@
  config,
  mysecrets,
  ...
-}: {
+}:
 {
  home.file.".ssh/romantic.pub".source = "${mysecrets}/public/romantic.pub";
  programs.ssh = {
@@ -303,69 +303,6 @@ default_shell "nu"
 //
 // scrollback_lines_to_serialize 10000
 // Define color themes for Zellij
 // For more examples, see: https://github.com/zellij-org/zellij/tree/main/example/themes
 // Once these themes are defined, one of them should to be selected in the "theme" section of this file
 //
 themes {
  // https://github.com/zellij-org/zellij/blob/main/zellij-utils/assets/themes/catppuccin.kdl
  catppuccin-latte {
    bg "#acb0be" // Surface2
    fg "#acb0be" // Surface2
    red "#d20f39"
    green "#40a02b"
    blue "#1e66f5"
    yellow "#df8e1d"
    magenta "#ea76cb" // Pink
    orange "#fe640b" // Peach
    cyan "#04a5e5" // Sky
    black "#dce0e8" // Crust
    white "#4c4f69" // Text
  }
  catppuccin-frappe {
    bg "#626880" // Surface2
    fg "#c6d0f5"
    red "#e78284"
    green "#a6d189"
    blue "#8caaee"
    yellow "#e5c890"
    magenta "#f4b8e4" // Pink
    orange "#ef9f76" // Peach
    cyan "#99d1db" // Sky
    black "#292c3c" // Mantle
    white "#c6d0f5"
  }
  catppuccin-macchiato {
    bg "#5b6078" // Surface2
    fg "#cad3f5"
    red "#ed8796"
    green "#a6da95"
    blue "#8aadf4"
    yellow "#eed49f"
    magenta "#f5bde6" // Pink
    orange "#f5a97f" // Peach
    cyan "#91d7e3" // Sky
    black "#1e2030" // Mantle
    white "#cad3f5"
  }
  catppuccin-mocha {
    bg "#585b70" // Surface2
    fg "#cdd6f4"
    red "#f38ba8"
    green "#a6e3a1"
    blue "#89b4fa"
    yellow "#f9e2af"
    magenta "#f5c2e7" // Pink
    orange "#fab387" // Peach
    cyan "#89dceb" // Sky
    black "#181825" // Mantle
    white "#cdd6f4"
  }
 }
 // Choose the theme that is specified in the themes section.
 // Default: default
 //
@@ -1,12 +1,18 @@
-{pkgs, ...}: let
+{ pkgs, ... }:
 let
  shellAliases = {
    "zj" = "zellij";
  };
-in {
+in
 {
  programs.zellij = {
    enable = true;
    package = pkgs.zellij;
  };
  xdg.configFile."zellij/config.kdl".source = ./config.kdl;
  # Disable catppuccin to avoid conflict with my non-nix config.
  catppuccin.zellij.enable = false;
  # auto start zellij in nushell
  programs.nushell.extraConfig = ''
    # auto start zellij
@@ -29,6 +35,4 @@ in {
  # only works in bash/zsh, not nushell
  home.shellAliases = shellAliases;
  programs.nushell.shellAliases = shellAliases;
  xdg.configFile."zellij/config.kdl".source = ./config.kdl;
 }
@@ -226,11 +226,6 @@ run = 'move-node-to-workspace 3Work'
 if.app-id = 'com.tinyspeck.slackmacgap'
 run = 'move-node-to-workspace 3Work'
 [[on-window-detected]]
 if.app-id = 'us.zoom.xos'
 run = 'move-node-to-workspace 3Work'
 [[on-window-detected]]
 if.app-id = 'org.mozilla.firefox'
 run = 'move-node-to-workspace 4Firefox'
@@ -285,6 +280,14 @@ run = ['layout floating', 'move-node-to-workspace 9File']
 if.app-id = 'com.apple.Preview'
 run = ['layout floating', 'move-node-to-workspace 9File']
 [[on-window-detected]]
 if.app-id = 'com.microsoft.VSCode'
 run = ['layout floating', 'move-node-to-workspace 9File']
 [[on-window-detected]]
 if.app-id = 'com.todesktop.230313mzl4w4u92' # Cursor AI Editor
 run = ['layout floating', 'move-node-to-workspace 9File']
 [[on-window-detected]]
 if.app-id = 'org.wireshark.Wireshark'
 run = ['layout floating', 'move-node-to-workspace 0Other']
@@ -294,8 +297,8 @@ if.app-id = 'ai.elementlabs.lmstudio'
 run = ['layout floating', 'move-node-to-workspace 0Other']
 [[on-window-detected]]
-if.app-id = 'com.microsoft.VSCode'
+if.app-id = 'us.zoom.xos'
-run = ['layout floating', 'move-node-to-workspace 0Other']
+run = 'move-node-to-workspace 0Other'
 # Auth UI - do not move it
 [[on-window-detected]]
@@ -307,6 +310,11 @@ run = ['layout floating']
 if.app-id = 'com.apple.systempreferences'
 run = ['layout floating']
 # Clash Verge - has problem with floating
 [[on-window-detected]]
 if.app-id = 'io.github.clash-verge-rev.clash-verge-rev'
 run = ['move-node-to-workspace 0Other']
 # Make all windows float by default
 [[on-window-detected]]
 check-further-callbacks = true
@@ -1,5 +1,5 @@
-{config, ...}: {
+{ config, ... }:
 {
  home.file.".aerospace.toml".source =
-    config.lib.file.mkOutOfStoreSymlink
+    config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-config/home/darwin/aerospace/aerospace.toml";
    "${config.home.homeDirectory}/nix-config/home/darwin/aerospace/aerospace.toml";
 }
@@ -2,11 +2,10 @@
  mylib,
  myvars,
  ...
-}: {
+}:
 {
  home.homeDirectory = "/Users/${myvars.username}";
-  imports =
+  imports = (mylib.scanPaths ./.) ++ [
    (mylib.scanPaths ./.)
    ++ [
    ../base/core
    ../base/tui
    ../base/gui
@@ -2,12 +2,12 @@
  config,
  pkgs,
  ...
-}: {
+}:
 {
  home.packages = with pkgs; [
    clash-meta
  ];
  home.file.".proxychains/proxychains.conf".source =
-    config.lib.file.mkOutOfStoreSymlink
+    config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-config/home/darwin/proxy/proxychains.conf";
    "${config.home.homeDirectory}/nix-config/home/darwin/proxy/proxychains.conf";
 }
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
 {
  # Squirrel Input Method
  home.file."Library/Rime" = {
    # my custom squirrel data (flypy input method)
@@ -1,4 +1,5 @@
-{lib, ...}: let
+{ lib, ... }:
 let
  envExtra = ''
    export PATH="$PATH:/opt/homebrew/bin:/usr/local/bin"
  '';
@@ -20,7 +21,8 @@
      true
    fi
  '';
-in {
+in
 {
  # Homebrew's default install location:
  #   /opt/homebrew for Apple Silicon
  #   /usr/local for macOS Intel
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
 {
  imports = mylib.scanPaths ./.;
 }
@@ -2,11 +2,13 @@
  config,
  myvars,
  ...
-}: let
+}:
 let
  d = config.xdg.dataHome;
  c = config.xdg.configHome;
  cache = config.xdg.cacheHome;
-in rec {
+in
 rec {
  home.homeDirectory = "/home/${myvars.username}";
  # environment variables that always set at login
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
 {
  # Linux Only Packages, not available on Darwin
  home.packages = with pkgs; [
    # misc
@@ -1,15 +1,17 @@
 {
  lib,
  pkgs,
  pkgs-unstable,
  # pkgs-stable,
  nur-ryan4yin,
  blender-bin,
  ...
-}: {
+}:
-  home.packages = with pkgs; [
+{
  home.packages =
    with pkgs;
    [
      # creative
    # https://github.com/edolstra/nix-warez/blob/master/blender/flake.nix
    blender-bin.packages.${pkgs.system}.blender_4_2 # 3d modeling
      # gimp      # image editing, I prefer using figma in browser instead of this one
      inkscape # vector graphics
      krita # digital painting
@@ -18,36 +20,41 @@
      # sonic-pi # music programming
      # 2d game design
    ldtk # A modern, versatile 2D level editor
      # aseprite # Animated sprite editor & pixel art tool
      # this app consumes a lot of storage, so do not install it currently
      # kicad     # 3d printing, eletrical engineering
    ]
    ++ (lib.optionals pkgs.stdenv.isx86_64 [
      # https://github.com/edolstra/nix-warez/blob/master/blender/flake.nix
      blender-bin.packages.${pkgs.system}.blender_4_2 # 3d modeling
      ldtk # A modern, versatile 2D level editor
      # fpga
-    pkgs-unstable.python313Packages.apycula # gowin fpga
+      python313Packages.apycula # gowin fpga
-    pkgs-unstable.yosys # fpga synthesis
+      yosys # fpga synthesis
-    pkgs-unstable.nextpnr # fpga place and route
+      nextpnr # fpga place and route
-    pkgs-unstable.openfpgaloader # fpga programming
+      openfpgaloader # fpga programming
      # nur-ryan4yin.packages.${pkgs.system}.gowin-eda-edu-ide # app: `gowin-env` => `gw_ide` / `gw_pack` / ...
-  ];
+    ]);
  programs = {
    # live streaming
    obs-studio = {
-      enable = true;
+      enable = pkgs.stdenv.isx86_64;
-      plugins = with pkgs.obs-studio-plugins; [
+      plugins =
        with pkgs.obs-studio-plugins;
        [
          # screen capture
          wlrobs
          # obs-ndi
        obs-vaapi
          # obs-nvfbc
          obs-teleport
          # obs-hyperion
          droidcam-obs
          obs-vkcapture
          obs-gstreamer
        obs-3d-effect
          input-overlay
          obs-multi-rtmp
          obs-source-clone
@@ -61,7 +68,11 @@
          obs-backgroundremoval
          # advanced-scene-switcher
          obs-pipewire-audio-capture
-      ];
+        ]
        ++ (lib.optionals pkgs.stdenv.isx86_64 [
          obs-vaapi
          obs-3d-effect
        ]);
    };
  };
 }
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
 {
  imports = mylib.scanPaths ./.;
 }
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
 {
  home.packages = with pkgs; [
    android-tools
  ];
@@ -2,7 +2,8 @@
  pkgs,
  lib,
  ...
-}: {
+}:
 {
  # Adjust the color temperature(& brightness) of your screen according to
  # your surroundings. This may help your eyes hurt less if you are
  # working in front of the screen at night.
@@ -1,26 +0,0 @@
 # Vertical Candidate List
 Vertical Candidate List=False
 # Use Per Screen DPI
 PerScreenDPI=True
 # Use mouse wheel to go to prev or next page
 WheelForPaging=True
 # Font
 Font="Sans 10"
 # Menu Font
 MenuFont="Sans 10"
 # Tray Font
 TrayFont="Sans Bold 10"
 # Tray Label Outline Color
 TrayOutlineColor=#000000
 # Tray Label Text Color
 TrayTextColor=#ffffff
 # Prefer Text Icon
 PreferTextIcon=False
 # Show Layout Name In Icon
 ShowLayoutNameInIcon=True
 # Use input method language to display text
 UseInputMethodLangaugeToDisplayText=True
 # Theme macchiato, frappe, latte, mocha
 Theme=catppuccin-mocha
 # Force font DPI on Wayland
 ForceWaylandDPI=0
@@ -1,10 +1,5 @@
 { pkgs, ... }:
 {
  pkgs,
  nur-ryan4yin,
  ...
 }: {
  home.file.".local/share/fcitx5/themes".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-fcitx5}/src";
  xdg.configFile = {
    "fcitx5/profile" = {
      source = ./profile;
@@ -12,12 +7,12 @@
      # so we need to force replace it in every rebuild to avoid file conflict.
      force = true;
    };
    "fcitx5/conf/classicui.conf".source = ./classicui.conf;
  };
  i18n.inputMethod = {
    enable = true;
    type = "fcitx5";
    fcitx5.waylandFrontend = true;
    fcitx5.addons = with pkgs; [
      # for flypy chinese input method
      fcitx5-rime
@@ -2,7 +2,8 @@
  pkgs,
  nix-gaming,
  ...
-}: {
+}:
 {
  home.packages = with pkgs; [
    # nix-gaming.packages.${pkgs.system}.osu-laser-bin
    gamescope # SteamOS session compositing window manager
@@ -2,7 +2,8 @@
  pkgs,
  config,
  ...
-}: {
+}:
 {
  # If your themes for mouse cursor, icons or windows don’t load correctly,
  # try setting them with home.pointerCursor and gtk.theme,
  # which enable a bunch of compatibility options that should make the themes load in all situations.
@@ -42,16 +43,5 @@
      name = "Papirus-Dark";
      package = pkgs.papirus-icon-theme;
    };
    theme = {
      # https://github.com/catppuccin/gtk
      name = "catppuccin-macchiato-pink-compact";
      package = pkgs.catppuccin-gtk.override {
        # https://github.com/NixOS/nixpkgs/blob/nixos-23.05/pkgs/data/themes/catppuccin-gtk/default.nix
        accents = ["pink"];
        size = "compact";
        variant = "macchiato";
      };
    };
  };
 }
@@ -16,7 +16,8 @@
 #  TODO not used yet, need to test it.
 #
 ##############################################################################################
-with lib; let
+with lib;
 let
  cfg = config.home.immutable-file;
  immutableFileOpts = _: {
    options = {
@@ -42,24 +43,25 @@ with lib; let
    sudo cp $2 $1
    sudo chattr +i $1
  '';
-in {
+in
 {
  options.home.immutable-file = mkOption {
    type = with types; attrsOf (submodule immutableFileOpts);
-    default = {};
+    default = { };
  };
-  config = mkIf (cfg != {}) {
+  config = mkIf (cfg != { }) {
-    home.activation =
+    home.activation = mapAttrs' (
-      mapAttrs'
+      name:
-      (name: {
+      {
        src,
        dst,
      }:
-        nameValuePair
+      nameValuePair "make-immutable-${name}" (
-        "make-immutable-${name}"
+        lib.hm.dag.entryAfter [ "writeBoundary" ] ''
        (lib.hm.dag.entryAfter ["writeBoundary"] ''
          ${mkImmutableFile} ${dst} ${src}
-        ''))
+        ''
-      cfg;
+      )
    ) cfg;
  };
 }
@@ -6,38 +6,30 @@
 }:
 # media - control and enjoy audio/video
 {
-  home.packages = with pkgs; [
+  home.packages =
    with pkgs;
    [
      # audio control
      pavucontrol
      playerctl
      pulsemixer
      imv # simple image viewer
    nvtopPackages.full
      # video/audio tools
    # cava # for visualizing audio
      libva-utils
      vdpauinfo
      vulkan-tools
      glxinfo
      nvitop
    ]
    ++ (lib.optionals pkgs.stdenv.isx86_64 [
      (zoom-us.override { hyprlandXdgDesktopPortalSupport = true; })
    ]);
-    (zoom-us.override {hyprlandXdgDesktopPortalSupport = true;})
+  programs.mpv = {
  ];
  # https://github.com/catppuccin/cava
  xdg.configFile."cava/config".text =
    ''
      # custom cava config
    ''
    + builtins.readFile "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-cava}/mocha.cava";
  programs = {
    mpv = {
    enable = true;
-      defaultProfiles = ["gpu-hq"];
+    defaultProfiles = [ "gpu-hq" ];
-      scripts = [pkgs.mpvScripts.mpris];
+    scripts = [ pkgs.mpvScripts.mpris ];
    };
  };
  services = {
@@ -2,7 +2,8 @@
  pkgs,
  pkgs-unstable,
  ...
-}: {
+}:
 {
  home.packages = with pkgs; [
    # GUI apps
    # e-book viewer(.epub/.mobi/...)
@@ -20,17 +21,10 @@
    # my custom hardened packages
    pkgs.nixpaks.qq
    pkgs.nixpaks.qq-desktop-item
-
+    # qqmusic
-    wechat-uos
+    pkgs.bwraps.wechat
    # pkgs.nixpaks.wechat-uos
    # pkgs.nixpaks.wechat-uos-desktop-item
  ];
  # GitHub CLI tool
  programs.gh = {
    enable = true;
  };
  # allow fontconfig to discover fonts and configurations installed through home.packages
  # Install fonts at system-level, not user-level
  fonts.fontconfig.enable = false;
@@ -1,7 +1,10 @@
-{pkgs-stable, ...}: {
+{ pkgs, ... }:
-  home.packages = with pkgs-stable; [
+{
  home.packages =
    with pkgs;
    (lib.optionals pkgs.stdenv.isx86_64 [
      # https://joplinapp.org/help/
      joplin # joplin-cli
      joplin-desktop
-  ];
+    ]);
 }
@@ -4,18 +4,28 @@
  lib,
  wallpapers,
  ...
-}: {
+}:
 {
  systemd.user.services.wallpaper = {
    Unit = {
      Description = "Wallpaper Switcher daemon";
-      After = ["graphical-session-pre.target" "xdg-desktop-autostart.target"];
+      After = [
-      Wants = ["graphical-session-pre.target"];
+        "graphical-session-pre.target"
        "xdg-desktop-autostart.target"
      ];
      Wants = [ "graphical-session-pre.target" ];
    };
-    Install.WantedBy = ["graphical-session.target"];
+    Install.WantedBy = [ "graphical-session.target" ];
    Service = {
-      ExecStart = lib.getExe (pkgs.writeShellApplication {
+      ExecStart = lib.getExe (
        pkgs.writeShellApplication {
          name = "wallpaper";
-        runtimeInputs = with pkgs; [procps feh swaybg python3];
+          runtimeInputs = with pkgs; [
            procps
            feh
            swaybg
            python3
          ];
          text = ''
            export WALLPAPERS_DIR="${wallpapers}"
            export WALLPAPERS_STATE_FILEPATH="${config.xdg.stateHome}/wallpaper-switcher/switcher_state"
@@ -23,7 +33,8 @@
            export WALLPAPER_WAIT_MAX=180
            exec ${./wallpaper-switcher.py}
          '';
-      });
+        }
      );
      RestartSec = 3;
      Restart = "on-failure";
    };
@@ -6,7 +6,8 @@
  config,
  pkgs,
  ...
-}: {
+}:
 {
  home.packages = with pkgs; [
    xdg-utils # provides cli tools such as `xdg-mime` `xdg-open`
    xdg-user-dirs
@@ -31,10 +32,20 @@
    mimeApps = {
      enable = true;
      # let `xdg-open` to open the url with the correct application.
-      defaultApplications = let
+      defaultApplications =
-        browser = ["firefox.desktop" "google-chrome.desktop"];
+        let
-        editor = ["nvim.desktop" "Helix.desktop" "code.desktop" "code-insiders.desktop"];
+          browser = [
-      in {
+            "google-chrome.desktop"
            "firefox.desktop"
          ];
          editor = [
            "nvim.desktop"
            "Helix.desktop"
            "code.desktop"
            "code-insiders.desktop"
          ];
        in
        {
          "application/json" = browser;
          "application/pdf" = browser; # TODO: pdf viewer
@@ -59,24 +70,24 @@
          "x-scheme-handler/http" = browser;
          "x-scheme-handler/https" = browser;
          # https://github.com/microsoft/vscode/issues/146408
-        "x-scheme-handler/vscode" = ["code-url-handler.desktop"]; # open `vscode://` url with `code-url-handler.desktop`
+          "x-scheme-handler/vscode" = [ "code-url-handler.desktop" ]; # open `vscode://` url with `code-url-handler.desktop`
-        "x-scheme-handler/vscode-insiders" = ["code-insiders-url-handler.desktop"]; # open `vscode-insiders://` url with `code-insiders-url-handler.desktop`
+          "x-scheme-handler/vscode-insiders" = [ "code-insiders-url-handler.desktop" ]; # open `vscode-insiders://` url with `code-insiders-url-handler.desktop`
-        "x-scheme-handler/zoommtg" = ["Zoom.desktop"];
+          "x-scheme-handler/zoommtg" = [ "Zoom.desktop" ];
          # all other unknown schemes will be opened by this default application.
          # "x-scheme-handler/unknown" = editor;
-        "x-scheme-handler/tg" = ["org.telegram.desktop.desktop "];
+          "x-scheme-handler/tg" = [ "org.telegram.desktop.desktop " ];
-        "audio/*" = ["mpv.desktop"];
+          "audio/*" = [ "mpv.desktop" ];
-        "video/*" = ["mpv.desktop"];
+          "video/*" = [ "mpv.desktop" ];
-        "image/*" = ["imv-dir.desktop"];
+          "image/*" = [ "imv-dir.desktop" ];
-        "image/gif" = ["imv-dir.desktop"];
+          "image/gif" = [ "imv-dir.desktop" ];
-        "image/jpeg" = ["imv-dir.desktop"];
+          "image/jpeg" = [ "imv-dir.desktop" ];
-        "image/png" = ["imv-dir.desktop"];
+          "image/png" = [ "imv-dir.desktop" ];
-        "image/webp" = ["imv-dir.desktop"];
+          "image/webp" = [ "imv-dir.desktop" ];
-        "inode/directory" = ["yazi.desktop"];
+          "inode/directory" = [ "yazi.desktop" ];
        };
      associations.removed = {
@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
 {
  imports = mylib.scanPaths ./.;
 }
@@ -1,3 +1,7 @@
-{mylib, ...}: {
+{ pkgs, ... }:
-  imports = mylib.scanPaths ./.;
+{
  home.packages = with pkgs; [
    zed-editor
    code-cursor
  ];
 }
@@ -1,5 +0,0 @@
 {pkgs, ...}: {
  home.packages = with pkgs; [
    zed-editor
  ];
 }
@@ -7,11 +7,14 @@ exec-once = ln -s "$XDG_RUNTIME_DIR/hypr" /tmp/hypr
 # Terminals
 exec-once = foot
 exec-once = alacritty
 # Network
 exec-once = clash-verge &
 # Browsers
 exec-once = firefox
 exec-once = google-chrome-stable
 exec-once = chromium-browser
 # Chat
-exec-once = telegram-desktop
+exec-once = Telegram
 # Switch to Terminals & Browsers
@@ -134,6 +134,6 @@ bind =   $mod,       Print,  exec,  hyprshot -m window  -o ~/Pictures/Screenshot
 bind =   CTRL,       Print,  exec,  hyprshot -m region -o ~/Pictures/Screenshots
 # -- Others --
-bind =   CTRL ALT,   l,      exec,  hyprlock
+bind =   CTRL ALT,   l,      exec,  swaylock
 bind =   $mod SHIFT, x,      exec,  wlogout
 bind =   $mod,       n,      exec,  nm-connection-editor  # need install network-manager-applet
@@ -30,6 +30,7 @@ cursor {
 ecosystem {
  no_donation_nag = true
  no_update_news = true
 }
 misc {
@@ -123,6 +124,13 @@ input {
    natural_scroll=0
    touchpad {
        natural_scroll = 1
        clickfinger_behavior = true
        disable_while_typing = true # seems useless...
        # tap - 轻触触摸板, click - 点击触摸板
        # disable tap related features to avoid palm rejection.
        tap-to-click = false
        tap-and-drag = false
    }
 	force_no_accel=0
    # repeat_rate=
@@ -10,12 +10,14 @@
 windowrulev2   =   workspace 1,     class:^(foot)$
 windowrulev2   =   workspace 2,     class:^(Alacritty)$
 # Work Chat / Meeting
-windowrulev2   =   workspace 3,     class:^(zoom)$
+windowrulev2   =   workspace 3,     class:^(Zoom Workplace)$
 # Browsers
 windowrulev2   =   workspace 4,     class:^(firefox)$
 windowrulev2   =   workspace 5,     class:^(google-chrome)$
 windowrulev2   =   workspace 5,     class:^(chromium-browser)$
 # Chat
 windowrulev2   =   workspace 6,     class:^(QQ)$
 windowrulev2   =   workspace 6,     class:^(wechat)$
 windowrulev2   =   workspace 6,     class:^(org.telegram.desktop)$
 # Music
 # windowrulev2   =   workspace 7,     class:^(music)$
@@ -23,12 +25,15 @@ windowrulev2   =   workspace 6,     class:^(org.telegram.desktop)$
 windowrulev2   =   workspace 8,     class:^(thunderbird)$,title:^(.*Reminder)
 # File Manager & Image/PDF Viewer
 windowrulev2   =   workspace 9,     class:^(thunder)$
 windowrulev2   =   workspace 9,     class:^(code)$ # VS Code
 windowrulev2   =   workspace 9,     class:^(cursor)$ # Cursor AI Editor
 # Other
 windowrulev2   =   workspace 10,     class:^(code)$ # VS Code
 windowrulev2   =   workspace 10,     class:^(org.wireshark.Wireshark)$
 windowrulev2   =   workspace 10,     class:^(clash-verge)$
 # Float             RULE               WINDOW
 windowrulev2   =    float,             class:^(Zoom Workplace)$
 windowrulev2   =    float,             class:^(pulsemixer)$
 windowrulev2   =    float,             class:^(org.pulseaudio.pavucontrol)$
 windowrulev2   =    float,             class:^(nm-connection-editor)$
@@ -44,7 +49,7 @@ windowrulev2   =    float,             class:^(thunderbird)$,title:^(.*Reminder)
 # ============================================================================
 # Steam
-# Fix: Steam menus dissapearing on mouseover
+# Fix: Steam menus disappearing on mouseover
 windowrulev2   =   stayfocused,        title:^()$,  class:^(steam)$
 windowrulev2   =   minsize 1 1,        title:^()$,  class:^(steam)$
 # Fix: Steam starts in a broken position as float window
@@ -1,6 +1,6 @@
 general {
-    lock_cmd = pidof hyprlock || hyprlock              # avoid starting multiple instances
+    lock_cmd = pidof swaylock || swaylock              # avoid starting multiple instances
    before_sleep_cmd = loginctl lock-session          # lock before suspend
    after_sleep_cmd = hyprctl dispatch dpms on        # resume dpms after suspend
    ignore_dbus_inhibit = false                       # whether to ignore dbus-sent idle-inhibit requests
@@ -13,25 +13,25 @@ general {
 #     on-resume = brightnessctl -rd rgb:kbd_backlight        # turn on keyboard backlight.
 # }
-listener {
+# listener {
-    timeout = 180                                # 3min.
+#     timeout = 600                                # 10min.
-    on-timeout = brightnessctl -s set 10         # set monitor backlight to minimum, avoid 0 on OLED monitor.
+#     on-timeout = brightnessctl -s set 10         # set monitor backlight to minimum, avoid 0 on OLED monitor.
-    on-resume = brightnessctl -r                 # monitor backlight restore.
+#     on-resume = brightnessctl -r                 # monitor backlight restore.
-}
+# }
 listener {
-    timeout = 300                                     # 5 minutes
+    timeout = 1200                                     # 20 minutes
-    on-timeout = pidof hyprlock || hyprlock           # lock screen
+    on-timeout = pidof swaylock || swaylock           # lock screen
    on-resume = hyprctl dispatch dpms on              # monitor wake up
 }
 listener {
-    timeout = 360                                              # 6 minutes
+    timeout = 1260                                             # 21 minutes
    on-timeout = hyprctl dispatch dpms off                     # screen off
    on-resume = hyprctl dispatch dpms on && brightnessctl -r   # monitor wake up & screen on
 }
 # listener {
-#     timeout = 600                                # 10min
+#     timeout = 1800                                # 30min
 #     on-timeout = systemctl suspend                # suspend pc
 # }
@@ -12,7 +12,7 @@ on-touch=dismiss
 on-notify=exec mpv /usr/share/sounds/freedesktop/stereo/message.oga
 # STYLE OPTIONS
-font=JetBrains Mono 10
+font=Maple Mono NF CN
 width=300
 height=100
 margin=10
@@ -6,10 +6,10 @@
  "modules-center": ["custom/playerctl"],
  "modules-right": [
    "pulseaudio",
    "battery",
    "memory",
    "cpu",
    "network",
    "battery",
    "clock",
    "idle_inhibitor",
    "custom/powermenu",
@@ -91,12 +91,12 @@
  "network": {
    "interval": 5,
    "format": "{ifname}",
-    "format-wifi": " {essid} ({signalStrength}%)  Up: {bandwidthUpBits} Down: {bandwidthDownBits}",
+    "format-wifi": "  {signalStrength}% Down: {bandwidthDownBytes} Up: {bandwidthUpBytes} {essid}",
-    "format-ethernet": "  {ifname} Up: {bandwidthUpBits} Down: {bandwidthDownBits}",
+    "format-ethernet": "  {ifname} Down: {bandwidthDownBytes} Up: {bandwidthUpBytes}",
    "format-disconnected": "Disconnected ⚠",
    "tooltip-format": " {ifname} via {gwaddri}",
-    "tooltip-format-wifi": "  {ifname} @ {essid}\nIP: {ipaddr}\nStrength: {signalStrength}%\nFreq: {frequency}MHz\nUp: {bandwidthUpBits} Down: {bandwidthDownBits}",
+    "tooltip-format-wifi": "  {ifname} @ {essid}\nIP: {ipaddr}\nStrength: {signalStrength}%\nFreq: {frequency}MHz\nDown: {bandwidthDownBytes} Up: {bandwidthUpBytes}",
-    "tooltip-format-ethernet": " {ifname}\nIP: {ipaddr}\n up: {bandwidthUpBits} down: {bandwidthDownBits}",
+    "tooltip-format-ethernet": " {ifname}\nIP: {ipaddr}\n Down: {bandwidthDownBytes} Up: {bandwidthUpBytes}",
    "tooltip-format-disconnected": "Disconnected",
    "max-length": 50,
    "on-click-middle": "nm-connection-editor",
@@ -122,7 +122,7 @@
    "scroll-step": 5.0,
    // Commands to execute on events
    "on-click": "amixer set Master toggle",
-    "on-click-right": "pavucontrol",
+    "on-click-right": "GSK_RENDERER=opengl pavucontrol",
    "smooth-scrolling-threshold": 1,
  },
  "temperature": {
@@ -138,8 +138,6 @@
    "spacing": 5,
  },
  "battery": {
    "bat": "BAT0",
    "adapter": "ADP0",
    "interval": 60,
    "states": {
      "warning": 30,
@@ -3,7 +3,7 @@
 * {
  /* https://docs.gtk.org/gtk3/css-overview.html#colors */
  color: @text;
-  font-family: "JetBrainsMono Nerd Font";
+  font-family: "Maple Mono NF CN";
  font-size: 12pt;
  font-weight: bold;
  border-radius: 8px;
@@ -149,4 +149,3 @@ tooltip label {
  padding-right: 8px;
  padding-left: 10px;
 }
@@ -1,6 +1,6 @@
 /** ********** Fonts ********** **/
 * {
-  font-family: "JetBrains Mono", "Iosevka Nerd Font", sans-serif;
+  font-family: "Maple Mono NF CN", sans-serif;
  font-size: 14px;
  font-weight: bold;
 }
@@ -4,10 +4,12 @@
  lib,
  anyrun,
  ...
-} @ args:
+}@args:
-with lib; let
+with lib;
 let
  cfg = config.modules.desktop.hyprland;
-in {
+in
 {
  imports = [
    # anyrun.homeManagerModules.default # the module is already in hm now.
    ./options
@@ -16,7 +18,9 @@ in {
  options.modules.desktop.hyprland = {
    enable = mkEnableOption "hyprland compositor";
    settings = lib.mkOption {
-      type = with lib.types; let
+      type =
        with lib.types;
        let
          valueType =
            nullOr (oneOf [
              bool
@@ -32,16 +36,18 @@ in {
            };
        in
        valueType;
-      default = {};
+      default = { };
    };
  };
  config = mkIf cfg.enable (
-    mkMerge ([
+    mkMerge (
      [
        {
          wayland.windowManager.hyprland.settings = cfg.settings;
        }
      ]
-      ++ (import ./values args))
+      ++ (import ./values args)
    )
  );
 }
--- a/Show More
+++ b/Show More