switch to upstream pnpm2nix-nzbr

2026-01-12 13:19:23 +08:00 · 2024-02-04 23:50:47 +08:00
123 changed files with 2330 additions and 3829 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -5,41 +5,35 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
  - &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
  - &surface age1ck5vzs0xqx0jplmuksrkh45xwmkm2t05m2wyq5k2w2mnkmn79fxs6tvl3l
  - &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
-  - &xmupc1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
-  - &xmupc2 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
+  - &xmupc1 age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
 creation_rules:
-  - path_regex: devices/pc/secrets/.*$
+  - path_regex: secrets/pc/.*$
    key_groups:
    - age:
      - *chn
      - *pc
-  - path_regex: devices/vps6/secrets/.*$
+  - path_regex: secrets/vps6/.*$
    key_groups:
    - age:
      - *chn
      - *vps6
-  - path_regex: devices/vps7/secrets/.*$
+  - path_regex: secrets/vps7/.*$
    key_groups:
    - age:
      - *chn
      - *vps7
-  - path_regex: devices/nas/secrets/.*$
+  - path_regex: secrets/nas/.*$
    key_groups:
    - age:
      - *chn
      - *nas
-  - path_regex: devices/surface/secrets/.*$
+  - path_regex: secrets/surface/.*$
    key_groups:
    - age:
      - *chn
      - *surface
-  - path_regex: devices/xmupc1/secrets/.*$
+  - path_regex: secrets/xmupc1/.*$
    key_groups:
    - age:
      - *chn
      - *xmupc1
-  - path_regex: devices/xmupc2/secrets/.*$
-    key_groups:
-    - age:
-      - *chn
-      - *xmupc2
--- a/devices/nas/default.nix
+++ b/devices/nas/default.nix
@@ -37,18 +37,17 @@ inputs:
            delayedMount = [ "/" "/nix" ];
          };
          swap = [ "/nix/swap/swap" ];
-          rollingRootfs.device = "/dev/mapper/root1";
+          rollingRootfs = { device = "/dev/mapper/root1"; path = "/nix/rootfs"; };
        };
        initrd.sshd.enable = true;
        grub.installDevice = "efi";
        nixpkgs.march = "silvermont";
        nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
-        kernel.patches = [ "cjktty" "lantian" ];
+        kernel.patches = [ "cjktty" ];
        networking.hostname = "nas";
-        gui.preferred = false;
      };
-      hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
-      packages.packageSet = "desktop-fat";
+      hardware = { cpus = [ "intel" ]; gpus = [ "intel" ]; };
+      packages.packageSet = "server";
      services =
      {
        snapper.enable = true;
@@ -59,9 +58,14 @@ inputs:
          hostsAllowed = "192.168. 127.";
          shares = { home.path = "/home"; root.path = "/"; };
        };
-        sshd.enable = true;
-        xray.client.enable = true;
-        xrdp = { enable = true; hostname = [ "nas.chn.moe" "office.chn.moe" ]; };
+        sshd = { enable = true; passwordAuthentication = true; };
+        xray.client =
+        {
+          enable = true;
+          serverAddress = "74.211.99.69";
+          serverName = "vps6.xserver.chn.moe";
+          dns.extraInterfaces = [ "docker0" ];
+        };
        groupshare.enable = true;
        smartd.enable = true;
        beesd =
@@ -69,7 +73,7 @@ inputs:
          enable = true;
          instances =
          {
-            root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
+            root = { device = "/"; hashTableSizeMB = 2048; };
            nix = { device = "/nix"; hashTableSizeMB = 128; };
          };
        };
@@ -89,7 +93,7 @@ inputs:
          wireguardIp = "192.168.83.4";
        };
      };
-      users.users = [ "chn" "xll" "zem" "yjq" "gb" ];
+      users.users = [ "chn" "xll" "zem" "yjq" "yxy" ];
    };
  };
 }
--- a/devices/pc/default.nix
+++ b/devices/pc/default.nix
@@ -25,7 +25,7 @@ inputs:
          };
          swap = [ "/dev/mapper/swap" ];
          resume = "/dev/mapper/swap";
-          rollingRootfs = {};
+          rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
        };
        grub =
        {
@@ -53,14 +53,14 @@ inputs:
        };
        nixpkgs =
          { march = "znver4"; cuda = { enable = true; capabilities = [ "8.9" ]; forwardCompat = false; }; };
-        kernel.patches = [ "cjktty" "lantian" "hibernate-progress" ];
+        kernel.patches = [ "cjktty" "lantian" ];
        networking.hostname = "pc";
        sysctl.laptop-mode = 5;
      };
      hardware =
      {
        cpus = [ "amd" ];
-        gpu = { type = "amd+nvidia"; prime.busId = { amd = "8:0:0"; nvidia = "1:0:0"; }; dynamicBoost = true; };
+        gpus = [ "nvidia" ];
        bluetooth.enable = true;
        joystick.enable = true;
        printer.enable = true;
@@ -93,7 +93,26 @@ inputs:
          };
        };
        sshd.enable = true;
-        xray.client.enable = true;
+        xray.client =
+        {
+          enable = true;
+          serverAddress = "74.211.99.69";
+          serverName = "vps6.xserver.chn.moe";
+          dns =
+          {
+            extraInterfaces = [ "docker0" ];
+            hosts =
+            {
+              "mirism.one" = "74.211.99.69";
+              "beta.mirism.one" = "74.211.99.69";
+              "ng01.mirism.one" = "74.211.99.69";
+              "debug.mirism.one" = "127.0.0.1";
+              "initrd.vps6.chn.moe" = "74.211.99.69";
+              "nix-store.chn.moe" = "127.0.0.1";
+              "initrd.nas.chn.moe" = "192.168.1.185";
+            };
+          };
+        };
        firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
        acme = { enable = true; cert."debug.mirism.one" = {}; };
        frpClient =
@@ -106,7 +125,7 @@ inputs:
        nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
        smartd.enable = true;
        misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
-        beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 4096; threads = 4; }; };
+        beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 2048; threads = 4; }; };
        wireguard =
        {
          enable = true;
@@ -114,55 +133,16 @@ inputs:
          publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
          wireguardIp = "192.168.83.3";
        };
-        gamemode = { enable = true; drmDevice = 1; };
-        slurm = { enable = true; cpu = { cores = 16; threads = 2; }; memoryMB = 94208; gpus."4060" = 1; };
-        xrdp = { enable = true; hostname = [ "pc.chn.moe" ]; };
      };
      bugs = [ "xmunet" "backlight" "amdpstate" ];
    };
-    services.colord.enable = true;
-    virtualisation.virtualbox.host = { enable = true; enableExtensionPack = true; };
-    specialisation =
+    # use plasma-x11 as default, instead of plasma-wayland
+    services.xserver.displayManager =
    {
-      nvidia.configuration =
-      {
-        nixos =
-        {
-          hardware.gpu.type = inputs.lib.mkForce "nvidia";
-          services.gamemode.drmDevice = inputs.lib.mkForce 0;
-        };
-        system.nixos.tags = [ "nvidia" ];
-      };
-      hybrid-sync.configuration =
-      {
-        nixos.hardware.gpu.prime.mode = "sync";
-        system.nixos.tags = [ "hybrid-sync" ];
-      };
-      amd.configuration =
-      {
-        nixos.hardware.gpu = { type = inputs.lib.mkForce "amd"; dynamicBoost = inputs.lib.mkForce false; };
-        boot =
-        {
-          extraModprobeConfig =
-          ''
-            blacklist nouveau
-            options nouveau modeset=0
-          '';
-          blacklistedKernelModules = [ "nvidia" "nvidia_drm" "nvidia_modeset" ];
-        };
-        services.udev.extraRules =
-        ''
-          # Remove NVIDIA USB xHCI Host Controller devices, if present
-          ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{power/control}="auto", ATTR{remove}="1"
-          # Remove NVIDIA USB Type-C UCSI devices, if present
-          ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c8000", ATTR{power/control}="auto", ATTR{remove}="1"
-          # Remove NVIDIA Audio devices, if present
-          ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{power/control}="auto", ATTR{remove}="1"
-          # Remove NVIDIA VGA/3D controller devices
-          ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x03[0-9]*", ATTR{power/control}="auto", ATTR{remove}="1"
-        '';
-        system.nixos.tags = [ "amd" ];
-      };
+      defaultSession = inputs.lib.mkForce "plasma";
+      setupCommands = "${inputs.pkgs.xcalib}/bin/xcalib -d :0 ${./color/TPLCD_161B_Default.icm}";
    };
+    virtualisation.virtualbox.host = { enable = true; enableExtensionPack = true; };
+    hardware.nvidia.forceFullCompositionPipeline = true;
  };
 }
--- a/devices/pc/secrets/munge.key
+++ b/devices/pc/secrets/munge.key
@@ -1,24 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:ftogJ/2oPME8sVbyNAuI3t3GEzUmdCadyjf2g/bjGNx3AoV0jU0SDxnBLDFfoR1rEtV00zfgCMPDGsEXavg+QVvoICpvvhckXMOLXe37H3Ff0wDVJtL4BBIK3oVh/SiYaRm/+uR0x6HW37KX50RRvKvpQoRdMVNnvtKbMjmQVIA=,iv:MOHfTIavoU643K10jSR3HruzoofOqqVspYgiaLc294o=,tag:zjDTPKwAOh/nqkquvAQpbw==,type:str]",
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": [
-			{
-				"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TTB1bHFXcDhoMk1QVzJ0\nUUplcGVBVUhoOEt0Rnc2ZStDUUpjZmV0eGpvCjFQSGl4TjlMT2R5RExNZWxwOUtz\nSWhhSUtFN0JISzJhclpCMFZDQ09jK28KLS0tIGJydDNoY3hBbEhBYUNYZGZCaWpQ\nQnVDalJCcWpIRTdVaWkzeGVNSGpDRWsKWXoMC8NApfenn191aRwdAjD0iM5+C3R6\nXKpHxfhc1Gf6paxBhketFU+AwWsKiBDKh0gntV49F+YSriPa7uI3FA==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzclYwVjdOZnQ1Y2dlUi9n\naXQya21QVHZ0KzMxTkVuTEJuazB4WklqdFdvCmpMd0h6OXUvZSttOFpmeUdsSlNs\nQkhQaVJqVFdidFNMejljV2h3WUFTaFUKLS0tIGNBemY5R1N3T00zMEthZjBsWXZh\nVXRtNG5UV3I3WG5LYUphNUNyUDI5WXcKVQpMe3zYgzHOtQQvo8Vvz94lYR6TBFuV\nD7ztr4rD/Vdk3hkSGZQvdzGjNDdGpac38LUN9vtFQbzMofykcn/etw==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2024-02-24T05:48:31Z",
-		"mac": "ENC[AES256_GCM,data:kCLcS6xeMijD8Bxa0MBUbFH2pdXX6BdGL1SztHHPet8loMkiCfgEiyp9l/QjszWa3G6zx3K+0wXXtRXmrNAxThnIgMZQVGCy4Ucw7fp8Pral/5eaJNlZGb56JQPF9ZDHb9YQPDPImaEAKYUtzayyaZAGJGlCmIIhVVhXTx7iiig=,iv:MXRDA/6YnVUbLdYAIrMvrdb2iPsi4Bmr06SPCU8CCVc=,tag:9hT7Xo0tRnHTgAaivKj4QQ==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.8.1"
-	}
-}
--- a/devices/surface/default.nix
+++ b/devices/surface/default.nix
@@ -26,18 +26,18 @@ inputs:
          };
          swap = [ "/dev/mapper/swap" ];
          resume = "/dev/mapper/swap";
-          rollingRootfs = {};
+          rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
        };
        nixpkgs.march = "skylake";
        grub.installDevice = "efi";
        nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
-        kernel.patches = [ "cjktty" "lantian" "surface" ];
+        kernel.patches = [ "cjktty" "lantian" ];
        networking.hostname = "surface";
      };
      hardware =
      {
        cpus = [ "intel" ];
-        gpu.type = "intel";
+        gpus = [ "intel" ];
        bluetooth.enable = true;
        joystick.enable = true;
        printer.enable = true;
@@ -50,21 +50,32 @@ inputs:
        snapper.enable = true;
        fontconfig.enable = true;
        sshd.enable = true;
-        xray.client.enable = true;
-        firewall.trustedInterfaces = [ "virbr0" ];
-        wireguard =
+        xray.client =
        {
          enable = true;
-          peers = [ "vps6" ];
-          publicKey = "j7qEeODVMH31afKUQAmKRGLuqg8Bxd0dIPbo17LHqAo=";
-          wireguardIp = "192.168.83.5";
+          serverAddress = "74.211.99.69";
+          serverName = "vps6.xserver.chn.moe";
+          dns.extraInterfaces = [ "docker0" ];
        };
-        beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 512; }; };
+        firewall.trustedInterfaces = [ "virbr0" ];
      };
      bugs = [ "xmunet" ];
    };
-    boot.kernelParams = [ "intel_iommu=off" ];
+    boot.kernelPackages =
+      let
+        originalKernel = inputs.pkgs.linuxPackages_xanmod_latest.kernel;
+        version = originalKernel.version;
+        majorVersion =
+          let versionArray = builtins.splitVersion version;
+          in "${builtins.elemAt versionArray 0}.${builtins.elemAt versionArray 1}";
+        repoFile = "${inputs.topInputs.nixos-hardware}/microsoft/surface/common/kernel/linux-package.nix";
+        inherit (inputs.pkgs.callPackage repoFile {}) repos;
+        patchDir = repos.linux-surface + "/patches/${majorVersion}";
+        patchFile = "${inputs.topInputs.nixos-hardware}/microsoft/surface/common/kernel/linux-6.6.x/patches.nix";
+        kernelPatches = inputs.pkgs.callPackage patchFile { inherit (inputs.lib) kernel; inherit version patchDir; };
+      in
+        inputs.lib.mkForce (inputs.pkgs.linuxPackagesFor (originalKernel.override
+          (prev: { kernelPatches = prev.kernelPatches ++ kernelPatches; })));
    environment.systemPackages = with inputs.pkgs; [ maliit-keyboard maliit-framework ];
-    powerManagement.resumeCommands = ''${inputs.pkgs.systemd}/bin/systemctl restart iptsd'';
  };
 }
--- a/devices/vps6/default.nix
+++ b/devices/vps6/default.nix
@@ -23,7 +23,7 @@ inputs:
            delayedMount = [ "/" ];
          };
          swap = [ "/nix/swap/swap" ];
-          rollingRootfs = {};
+          rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
        };
        grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
        nixpkgs.march = "sandybridge";
@@ -34,7 +34,7 @@ inputs:
      packages.packageSet = "server";
      services =
      {
-        snapper.enable = false;
+        snapper.enable = true;
        sshd.enable = true;
        xray.server = { enable = true; serverName = "vps6.xserver.chn.moe"; };
        frpServer = { enable = true; serverName = "frp.chn.moe"; };
@@ -53,7 +53,7 @@ inputs:
            (site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; })
            [
              "xn--s8w913fdga" "misskey" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix"
-              "send" "kkmeeting" "api" "git" "grafana" "vikunja"
+              "send" "kkmeeting" "api" "git" "grafana"
            ]));
          applications =
          {
@@ -71,13 +71,12 @@ inputs:
        wireguard =
        {
          enable = true;
-          peers = [ "pc" "nas" "vps7" "surface" "xmupc1" "xmupc2" ];
+          peers = [ "pc" "nas" "vps7" ];
          publicKey = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
          wireguardIp = "192.168.83.1";
          listenIp = "74.211.99.69";
          lighthouse = true;
        };
-        beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 64; }; };
      };
    };
  };
--- a/devices/vps7/default.nix
+++ b/devices/vps7/default.nix
@@ -23,16 +23,15 @@ inputs:
            delayedMount = [ "/" ];
          };
          swap = [ "/nix/swap/swap" ];
-          rollingRootfs = {};
+          rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
        };
        grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
        nixpkgs.march = "broadwell";
        nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
        initrd.sshd.enable = true;
        networking.hostname = "vps7";
-        gui.preferred = false;
      };
-      packages.packageSet = "desktop";
+      packages.packageSet = "server";
      services =
      {
        snapper.enable = true;
@@ -50,7 +49,6 @@ inputs:
          synapse.matrixHostname = "synapse.chn.moe";
          matrix = { port = 8009; redisPort = 6380; slidingSyncPort = 9001; };
        };
-        xrdp = { enable = true; hostname = [ "vps7.chn.moe" ]; };
        vaultwarden.enable = true;
        beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 1024; }; };
        photoprism.enable = true;
@@ -72,7 +70,6 @@ inputs:
          wireguardIp = "192.168.83.2";
          listenIp = "95.111.228.40";
        };
-        vikunja.enable = true;
      };
    };
  };
--- a/devices/xmupc1/README.md
+++ b/devices/xmupc1/README.md
@@ -1,125 +0,0 @@
-# slurm
-
-## 基本概念
-
-队列系统换成了 slurm。这是个正经的队列系统（不像之前那样是临时手搓的），可靠性应该会好很多。
-学校的 hpc 上用的是 PBS，和这个不一样，但很多概念是相通的，例如队列、节点等（当然这里只有一个队列和一个节点）。
-这里简单记录一下如何使用。更多内容，网上随便搜一下 slurm 的教程就可以找到很多介绍，也可以看官网文档。
-
-先说明一下机器的硬件配置：CPU 有 16 个核，每个核 2 线程，也就是总共 32 个线程。
-slurm 限制 CPU 按照核（而不是线程）分配，
-  提交任务时， `sbatch` 命令中的 `cpu` 或者 `core` （它俩是同义词）都是指核的数量而不是线程数
-  （也就是说，实际运行的线程数要再乘以 2）。
-
-VASP 支持两个层面的并行，一个叫 MPI，一个叫 OpenMP，实际运行的线程数是两者的乘积。
-MPI 并行的数量就是提交任务时指定的 task 的数量，
-  OpenMP 并行的数量等于提交任务时指定的分配给每个 task 的 CPU 的数量再乘以 2，
-  也就是最终的线程数等于指定的 CPU 数量乘以 2。
-此外还有一个限制：当使用 GPU 时，MPI 并行的数量必须等于 GPU 的数量，否则 VASP 会在开头报个警告然后只用 CPU 计算（但不会报错）。
-
-## 常用命令
-
-提交一个 VASP GPU 任务的例子：
-
-```bash
-sbatch --gpus=1 --ntasks-per-gpu=1 --job-name="my great job" vasp-nvidia-6.4.0 mpirun vasp-std
-```
-
-* `--gpus=1` 指定使用一个 GPU（排到这个任务时哪个空闲就使用哪个）。
-  可以指定具体使用哪个GPU，例如 `--gpus=4090:1`。
-  可以简写为 `-G`。
-  这个选项实际上是 `--gres` 选项的一种简便写法，当需求更复杂时（例如，指定使用一个 3090 和一个 4090）时，就需要用 `--gres`。
-  例如：`--gres=gpu:3090:1,gpu:4090:1`。
-  “gre” 是 “generic resource” 的缩写。
-* `--ntasks-per-gpu=1` 是一定要写的。
-* `--job-name=` 指定任务的名字。可以简写为 `-J`。也可以不指定。
-* 默认情况下，一个 task 会搭配分配一个 CPU 核（两个线程），一般不用修改。如果一定要修改，用 `--cpus-per-task`。
-
-提交一个 VASP CPU 任务的例子：
-
-```bash
-sbatch --ntasks=2 --cpus-per-task=2 --job-name="my great job" vasp-gnu-6.4.0 mpirun vasp-std
-```
-
-* `--ntasks=2` 指定在 MPI 层面上并行的数量。
-  可以简写为 `-n`。
-* `--cpus-per-task=2` 指定每个 task 使用的 CPU 核的数量，OpenMP 并行的数量等于这个数再乘以 2。
-
-要列出已经提交（包括已经完成、取消、失败）的任务：
-
-```bash
-squeue -t all -l
-```
-
-取消一个任务：
-
-```bash
-# 按任务的 id 取消
-scancel 114514
-# 按任务的名字取消
-scancel -n my_great_job
-# 取消一个用户的所有任务
-scancel -u chn
-```
-
-要将自己已经提交的一个任务优先级提到最高（只是自己已经提交任务的最高，不影响别人的任务）：
-
-```bash
-scontrol top job_id
-```
-
-## sbatch 的更多参数
-
-```bash
-# 提交一个新任务，但是礼让后面的任务（推迟到指定时间再开始排队）
--begin=16:00 --begin=now+1hour
-# 指定工作目录
--chdir=/path/to/your/workdir
-# 指定备注
--comment="my great job"
-# 指定任务的 ddl，算不完就杀掉
--deadline=now+1hour
-# 标准错误输出写到别的文件里
--error=error.log
-# 将一些环境变量传递给任务（=ALL是默认行为）
--export=ALL,MY_ENV_VAR=my_value
-# 不传递现在的环境变量
--export=NONE
-# 打开一个文件作为标准输入
--input=
-# 发生一些事件（任务完成等）时发邮件
--mail-type=NONE,BEGIN,END,FAIL,REQUEUE,ALL --mail-user=chn@chn.moe
-# 要求分配内存（不会真的限制内存使用，只是在分配资源时会考虑）
--mem=20G --mem-per-cpu --mem-per-gpu
-# 输出文件是否覆盖
--open-mode={append|truncate}
-# 指定输出文件
-o, --output=<filename_pattern>
-# 不排队，直接跑（超额分配）
-s, --oversubscribe
-# 包裹一个二进制程序
--wrap=
-```
-
-# ssh
-
-ssh 就是 putty winscp 之类的工具使用的那个协议。
-
-* 地址：office.chn.moe（如果在校外，需要厦大 VPN）
-* 端口：6007
-* 用户名：自己名字的拼音首字母
-* 可以用密码登陆，也可以用证书登陆。
-
-要从本机登陆到学校 hpc 的 jykang 账户，使用下面的命令：
-
-```bash
-ssh jykang
-```
-
-# rdp
-
-就是 windows 那个远程桌面。
-
-* 地址：xmupc1.chn.moe（如果在校外，需要厦大 VPN）
-* 用户名：自己名字的拼音首字母
-* 密码和 ssh 一样。
--- a/devices/xmupc1/default.nix
+++ b/devices/xmupc1/default.nix
@@ -10,25 +10,16 @@ inputs:
        {
          mount =
          {
-            vfat."/dev/disk/by-uuid/467C-02E3" = "/boot/efi";
+            vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
            btrfs =
            {
-              "/dev/disk/by-uuid/2f9060bc-09b5-4348-ad0f-3a43a91d158b" = { "/nix" = "/nix"; "/nix/boot" = "/boot"; };
-              "/dev/disk/by-uuid/a04a1fb0-e4ed-4c91-9846-2f9e716f6e12" =
-              {
-                "/nix/rootfs" = "/nix/rootfs";
-                "/nix/persistent" = "/nix/persistent";
-                "/nix/nodatacow" = "/nix/nodatacow";
-                "/nix/rootfs/current" = "/";
-              };
+              "/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
+              "/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
            };
          };
-          swap = [ "/nix/swap/swap" ];
-          rollingRootfs =
-          {
-            device = "/dev/disk/by-uuid/a04a1fb0-e4ed-4c91-9846-2f9e716f6e12";
-            waitDevices = [ "/dev/disk/by-partuuid/cdbfc7d4-965e-42f2-89a3-eb2202849429" ];
-          };
+          swap = [ "/dev/mapper/swap" ];
+          resume = "/dev/mapper/swap";
+          rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
        };
        grub.installDevice = "efi";
        nixpkgs =
@@ -49,63 +40,60 @@ inputs:
            forwardCompat = false;
          };
        };
-        gui = { preferred = false; autoStart = true; };
-        kernel.patches = [ "cjktty" "lantian" ];
+        gui.preferred = false;
+        kernel.patches = [ "cjktty" ];
        networking.hostname = "xmupc1";
      };
      hardware =
      {
        cpus = [ "amd" ];
-        gpu.type = "nvidia";
+        gpus = [ "nvidia" ];
        bluetooth.enable = true;
        joystick.enable = true;
        printer.enable = true;
        sound.enable = true;
+        gamemode.drmDevice = 1;
      };
      packages.packageSet = "workstation";
-      virtualization = { waydroid.enable = true; docker.enable = true; kvmHost = { enable = true; gui = true; }; };
+      virtualization = { docker.enable = true; kvmHost = { enable = true; gui = true; }; };
      services =
      {
        snapper.enable = true;
        fontconfig.enable = true;
-        sshd = { enable = true; passwordAuthentication = true; };
-        xray.client.enable = true;
-        firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
-        smartd.enable = true;
-        beesd =
+        samba =
        {
          enable = true;
-          instances =
+          private = true;
+          hostsAllowed = "192.168. 127.";
+          shares =
          {
-            root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
-            nix = { device = "/nix"; hashTableSizeMB = 512; };
+            media.path = "/run/media/chn";
+            home.path = "/home/chn";
+            mnt.path = "/mnt";
+            share.path = "/home/chn/share";
          };
        };
+        sshd.enable = true;
+        xray.client =
+        {
+          enable = true;
+          serverAddress = "74.211.99.69";
+          serverName = "vps6.xserver.chn.moe";
+          dns.extraInterfaces = [ "docker0" ];
+        };
+        firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
+        acme = { enable = true; cert."debug.mirism.one" = {}; };
+        smartd.enable = true;
+        beesd = { enable = true; instances.root = { device = "/nix/persistent"; hashTableSizeMB = 2048; }; };
        wireguard =
        {
          enable = true;
          peers = [ "vps6" ];
          publicKey = "JEY7D4ANfTpevjXNvGDYO6aGwtBGRXsf/iwNwjwDRQk=";
-          wireguardIp = "192.168.83.6";
-        };
-        slurm =
-        {
-          enable = true;
-          cpu = { cores = 16; threads = 2; };
-          memoryMB = 94208;
-          gpus = { "3090" = 1; "4090" = 1; };
-        };
-        xrdp = { enable = true; hostname = [ "xmupc1.chn.moe" ]; };
-        samba =
-        {
-          enable = true;
-          hostsAllowed = "192.168. 127.";
-          shares = { home.path = "/home"; root.path = "/"; };
+          wireguardIp = "192.168.83.5";
        };
      };
-      bugs = [ "xmunet" "amdpstate" ];
-      users.users = [ "chn" "xll" "zem" "yjq" "gb" ];
+      bugs = [ "xmunet" "firefox" ];
    };
-    services.hardware.bolt.enable = true;
  };
 }
--- a/devices/xmupc1/secrets/default.yaml
+++ b/devices/xmupc1/secrets/default.yaml
@@ -1,44 +0,0 @@
-acme:
-    cloudflare.ini: ENC[AES256_GCM,data:PjCyozvFTXxA///enYYbaMZ8ISfFjJviLVKfdOcMSi5G3CEjEsp1Ez4krbgy4/eJo4v9HfTN0bMmUnl2OHOyzTg=,iv:e1iQZ5JUHkzfnfP956Lzl3FWs11xdULctA5MZsALtU0=,tag:8X2Q/Hixxn/ci4XRSUDidg==,type:str]
-nginx:
-    maxmind-license: ENC[AES256_GCM,data:/7R7w+fiMw54Cmd7y/wT/s8RMqFMf3Fc0Mph0ZhURmCzowkmLEhtmw==,iv:i+Z+2NbssI864Edwf73SQfaeFuWoqr+U8eQ/8R23FOk=,tag:8ITlkS97vlsmHM1HDk6/3A==,type:str]
-xray-client:
-    uuid: ENC[AES256_GCM,data:4PM/d263HgBseIgRplgo5ahJ8u8HuPznXt2hW5O+VawS6WjP,iv:98Ymj4eiCGQPMcaHBI9zJAaRagm82mF0LY2c9bzA+/s=,tag:8imXq/hxAxS5XKy0uWIBPw==,type:str]
-wireguard:
-    privateKey: ENC[AES256_GCM,data:Azaqung7llErB7/IdnOnEkwjQ39yQHKcO7VgvMDCDTExM7nS0zx+yMYX4ls=,iv:FX8oLHMBVEnKkYOg8q2A9vFmtRZDws5T87+lEl7+2G8=,tag:DdOQUbNKB6JK7Tp6McQ0Og==,type:str]
-users:
-    xll: ENC[AES256_GCM,data:tGzKVg4prhg9oXOSX0FJIAWdF79CWsFuiU8U12dSnkBIgRXPZlJkz9mLLTENm6SjftItt/ku4MDj94KnM+nPYkIorTYtEuergg==,iv:oavvRf7/21LuDksUiXLfR2/qQNz5O6JyroxX1DwC6gc=,tag:qYbW1ZQtXo+2qGrl5wuZkA==,type:str]
-    zem: ENC[AES256_GCM,data:r2BDtAfMohsnoqw51/flvkiXe/EtJtDhakEyOTPX2E7cikfPtPD9iJPd2RnNkS3QPBKg08ex5ce2e3ywzGgNX5RKrxIacpxSSA==,iv:VfhEqTvS9qVFGif+SkBdz8VR6BXEnncMYcPQW4qqNk8=,tag:t4JBEhX+6iqnrd0JoLKpmA==,type:str]
-    yjq: ENC[AES256_GCM,data:Yb9gVDrWhpmBYI8JlGee30J+PVFVGLo4btFVGToUVj3Sr2bPetY96mEJoxYQha7SPKBoZ7+ePzWYiYOi43MZ6sYndj3C6sYmYg==,iv:2H2+ZmIIDJAKds1XSMqVcUpsix3rbxLkVlBIIAK3ifg=,tag:7redx03BsscRrk+e7dqXdg==,type:str]
-    gb: ENC[AES256_GCM,data:ZoprrHc2l0nkqy4ujYQfxNENMEnfpRhCIxX7jMPoWeTrJt2sE1AloWeVFsArJKTx8krpW96X3AXpUIauMH9kc/CviPop2QMgDw==,iv:fOIVPEHDvyZ45G9uRbx2gBE0KuZy+aEWALlXusDJ1YU=,tag:G6hZLn9/99Kj+wZAeNyxkQ==,type:str]
-mariadb:
-    slurm: ENC[AES256_GCM,data:qQMD8SKNmxb3PdScXNqppF9zkX7dV5i7rvljvZuhiI5zLnu77qYCHBW6ymh0mrY14N9NjxmQZhZWX/H8TvBlcg==,iv:J5N3LjCYW3QmuEkMBpl7qvPFW1Z9ZoPLkj45jKcIW9U=,tag:Tl+ld07+lVkmzt7f/f2MqQ==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5RWIreCtMeTZ0UE9Zd2di
-            VE9tR0x6SUNyWjlPV1BqMU5Tb0RTSXNGN2hNCkxuVjFFb0xJZTBMekxqdE96RlRh
-            czF0dHQxdVhsNE5tVWg0Q2RmYktsWDgKLS0tIFY3dHRlbFpsWUsyTzA3RVR1Qyts
-            UUJHMU13cm1lOXhRYzhSWlFyTFltYWcKDUxABRGskWWpHEFL44gHYzAqaQ3AmBDt
-            LcL/4IiEs3TwOpuY+WTVx8JKZBOsxcSlNahiDuCnoTbL4gZTPnd0pA==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwbHd4ZHhsTk5leDlreC9E
-            TVAzRXVuS0Judk5zTGVWRVhWSUhpMFdscEg0ClVFYzZYZG9hNjJKTlRVZ1I3eXVq
-            M2Y5by85dE1QM25yQ3g3bFVSL2tsVlkKLS0tIHVYbGxrT0hOQkZ5SHBsQ3UyaVly
-            ZDNHUjE2QVlCV3p0NHdKYW5IMHVBZzQKkZtfyvfroOntg3yRjMw4jQHiQj8eaB2h
-            IeIHfW4y01mmVT2ofbtB0xYpjcl4gtUlQ8X3tn5iJ9P8gcVo0G598A==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-26T06:04:25Z"
-    mac: ENC[AES256_GCM,data:2d3i3rcRYrB58vJuyhP4AIB11Ns+zQq0Pli1LF4sAKb75OmJ/qlRcwJKlOCASdY95FfzOQDGjfZheg58fVSd9EbYxX+npMXGUiODa8JRTHgQye3/qjFv14v49zKFJ0dNs13XnOEA4QAry/7gDlb0+M44bNRGPSZSoFX2yJ53smw=,iv:I1YDN6+26BmaWR84kq9zXNXjQ4cRvtzrS2Q13PlUjp0=,tag:sgxcTpOr7T2oXjb5qLRrqw==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1
--- a/devices/xmupc1/secrets/munge.key
+++ b/devices/xmupc1/secrets/munge.key
@@ -1,24 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:tuEymMXW0f7Rui5wrz/xozphTEq6ffkYIfNIoURFNHwH2Cg+aKHz2ox0gk02BJARhPMDrxCYlChkcrEI0ma/T0eBe9sWz3tA8AOwU1lHSZ06d/JWzW7IUIyTac2mnjt3/jY/qpnR4A8wtHwD0j4zkzXgUgFwq7k/fs24acEE4Jo=,iv:iDTS0xswLrwkOYmfomE5hluVONgJYia/RjINDy7T3R0=,tag:oIYNpFCuT2D+X1QEJJiHew==,type:str]",
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": [
-			{
-				"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3aFRRa0NsOUp5MEg3UHcx\nc3g1VFZEQS9Tci9QSnNFYnIrT3hUdVU5cWxjCnU5UXVEdTFXczJzcHVvSjF2WHdB\nYmpyQVVaUFozKzJIZThBbXUxb2k2YzAKLS0tIHE1QXVrOXo1Y3VXMzJJYitWU3Qv\neDF1cndrSi94clh1cS9NczN0UW9pOXcKtrnIj3WovMYdcg5nWnnyRhJhTGLrlwxW\nxQ6bmNrfbZedmCNdjY2lPXmudMXJ8YlWe/HGCe94x3iFlaSwCIGUsA==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBocFl1SHJEemRySlBnMmNn\nVW9RS1NNdlo4M3l2WGlQaHJmbDBHcjMwaVVnCnY5WExPOXZJVEdYSlJ6UTRBMGJj\ncmlYaUNVV1hnWTNkaWVuV2VuaXN2eU0KLS0tIDBTYnd2NmVYTUJKaHZWRWo3ZlUx\nTEtPZWc2RE1XNG9WTXFOTllWVUVWeUkK+9aLz1rygGAQjpG+oMNUtrDkQaDfg+2q\nnl/CtZZrFD6NXGw6Di0X5t9fQu295NTJ/0qjXnfMigG8gDtxkE+/7g==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2024-02-26T06:04:53Z",
-		"mac": "ENC[AES256_GCM,data:y0RkPyUwwff95BFL951TxS/x5ORzMsxFJVjopSw+8iVtswD8MT1nmsbwyth4C9OnJ/IAtnZk/CjAt72a68AZpPI+2W/JqJq20ohFoquDNhTlsoyLWdO3Vjrd+Wo3hp0+iKQ3e/uYrF1sTqQO9a3OIxu2sVLM0gEDmIe2nJpLJQo=,iv:EjXTQvVdjzfClNfQ3rPxAFVWVqr7sSOz4ap+nshPEAk=,tag:DcIlf9W7NNqQ+gf8f46MwQ==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.8.1"
-	}
-}
--- a/devices/xmupc2/default.nix
+++ b/devices/xmupc2/default.nix
@@ -1,98 +0,0 @@
-inputs:
-{
-  config =
-  {
-    nixos =
-    {
-      system =
-      {
-        fileSystems =
-        {
-          mount =
-          {
-            vfat."/dev/disk/by-uuid/23CA-F4C4" = "/boot/efi";
-            btrfs =
-            {
-              "/dev/disk/by-uuid/d187e03c-a2b6-455b-931a-8d35b529edac" =
-                { "/nix/rootfs/current" = "/"; "/nix" = "/nix"; "/nix/boot" = "/boot"; };
-            };
-          };
-          swap = [ "/nix/swap/swap" ];
-          rollingRootfs.device = "/dev/disk/by-uuid/d187e03c-a2b6-455b-931a-8d35b529edac";
-        };
-        grub.installDevice = "efi";
-        nixpkgs =
-        {
-          march = "skylake";
-          cuda =
-          {
-            enable = true;
-            capabilities =
-            [
-              # p5000 p400
-              "6.1"
-              # 2080 Ti
-              "7.5"
-              # 3090
-              "8.6"
-              # 4090
-              "8.9"
-            ];
-            forwardCompat = false;
-          };
-        };
-        gui = { preferred = false; autoStart = true; };
-        kernel.patches = [ "cjktty" "lantian" ];
-        networking.hostname = "xmupc2";
-      };
-      hardware =
-      {
-        cpus = [ "intel" ];
-        gpu.type = "nvidia";
-        bluetooth.enable = true;
-        joystick.enable = true;
-        printer.enable = true;
-        sound.enable = true;
-      };
-      packages.packageSet = "workstation";
-      virtualization = { waydroid.enable = true; docker.enable = true; kvmHost = { enable = true; gui = true; }; };
-      services =
-      {
-        snapper.enable = false;
-        fontconfig.enable = true;
-        sshd = { enable = true; passwordAuthentication = true; };
-        xray.client.enable = true;
-        firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
-        smartd.enable = true;
-        beesd =
-        {
-          enable = false;
-          instances.root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
-        };
-        wireguard =
-        {
-          enable = true;
-          peers = [ "vps6" ];
-          publicKey = "lNTwQqaR0w/loeG3Fh5qzQevuAVXhKXgiPt6fZoBGFE=";
-          wireguardIp = "192.168.83.7";
-        };
-        slurm =
-        {
-          enable = true;
-          cpu = { sockets = 2; cores = 22; threads = 2; };
-          memoryMB = 253952;
-          gpus = { "p400" = 1; };
-        };
-        xrdp = { enable = false; hostname = [ "xmupc2.chn.moe" ]; };
-        samba =
-        {
-          enable = true;
-          hostsAllowed = "192.168. 127.";
-          shares = { home.path = "/home"; root.path = "/"; };
-        };
-      };
-      bugs = [ "xmunet" ];
-      users.users = [ "chn" "xll" "zem" "yjq" "gb" ];
-    };
-  };
-}
--- a/devices/xmupc2/secrets/default.yaml
+++ b/devices/xmupc2/secrets/default.yaml
@@ -1,44 +0,0 @@
-acme:
-    cloudflare.ini: ENC[AES256_GCM,data:/y070fzfZFI/Jb9xS8UO7iRnjHJ3uItqsHqjyHPAqsTN4tSEyMpaE3KtNpecgWxk2PvLRfqdmdwu/bnGlIp7adU=,iv:fv4dbeK1F/cn5nhnSC1lTUqxeFPG/0lNqEvPWMH6Mzw=,tag:dE4clxPGraAXXsJM6NS8XQ==,type:str]
-nginx:
-    maxmind-license: ENC[AES256_GCM,data:FPVSD8otQMNpbESNEHXCfQjB/zi3OVwZoyLijUtnHQlQzec7KVSiGw==,iv:DkkwCqvRmcFHQIXseh2fycCxZboJMYhHPu67GddenY4=,tag:iHEC8r5GcuB1QcZ5Uf8Skw==,type:str]
-xray-client:
-    uuid: ENC[AES256_GCM,data:j2R0UtfS/es2A+Ic+Kq6FZJSqXlA/Q8tGkuAIX0ZdTsV4hGk,iv:Ovpr49isIJRdUyM3jxgiT+9Sc+qTF6ZnkKUwxIq6KUs=,tag:2VRSkiPNWaOmCqLJti8Bzw==,type:str]
-wireguard:
-    privateKey: ENC[AES256_GCM,data:0Vw9NVs/Kxc52zUlmeAPFeOG8msdL0YopjhzFKRWhv6+kfb+SFObOP8EJ2M=,iv:KgIZIawbnN+1sIcMjNECkdtujPbg7yQktKVc25SXavI=,tag:b79oZP+GZKmM3OVFshvFhg==,type:str]
-users:
-    xll: ENC[AES256_GCM,data:8g3/l09TNw7PYDtVkdQvQDgpOrsdrH2u07mtDxcvBY+hij3kQ9Ma3AMrspo0yRO82zInEOUlB100l/ja79nTtB1hqriQb1SEZg==,iv:G7zuzsUAPj6UHCgR6bDFpy9Wa3PVW+FSag3juYXizg0=,tag:Qdk3fN280ZAzutRkRYK2/A==,type:str]
-    zem: ENC[AES256_GCM,data:lBIXyIPWdE0AIpVzjRdB8vreCC0KW40tVDkYbv8E6D81spNBDsPLntuvliHWq9xs0qAH5fhY/ov03lCThGKwzW0r2GdoeLe+1Q==,iv:orRqqLFJ/P0MhT/i7sVQFLel94qY8YL34Uw4kM6D+10=,tag:fvA12mgRxLQzczz/F4Fmew==,type:str]
-    yjq: ENC[AES256_GCM,data:gnfFvRUjSygRGvQPgxOea4ecgDrTA+YCGjXlcRGyj6l0ZEIOfbdf5XuIX2KeDKZ0ku/2nbEYfQIRAiljIpczJwtKuXcMndhn8w==,iv:U487J2mBOxPeVq8Viyr/NQY5/d63bm03LUUJ1FHQqMM=,tag:H/kUYAWDPlAY52H6AOwgsA==,type:str]
-    gb: ENC[AES256_GCM,data:5Vb+7peQfFFHEjPPYcjWYIQ4EJYFASWKQIfR1A36LUJXWtvr6tIhd2VWIIGOrrAz3JqGEx5+5ZBq49N/zp8fGI4GiEGtFkILGA==,iv:lCjRClDKTmWtEMc1Z6jMfWQQ103/AaFbyETxNoGLr1E=,tag:grdktL6lnNtQk4rKp/hnCA==,type:str]
-mariadb:
-    slurm: ENC[AES256_GCM,data:9wLQ1zF/kDaiw0s3UaRpiHgmngU7u6hwyqpddSjev0+Z0v58Q2oiJtK8vn+2VlSxx5ACfqEFbzp0PZYAxd575w==,iv:q9JTkgDymOwkbZ/PaxRAAQrtO96QmGgZcQuLTFCMoS4=,tag:dwOHlOTgZqT/1jQ+oGf7UQ==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Rmc2Ull1WFB4Smh3c0Zl
-            emlTNGJKZkpIK2JFeUNVeUcrR2FzRXRQZHlvCkhzMHpzYmZRZ0M0cXdRVi8wZmp6
-            ZDRZQ2FkOWt6M0lrdjBHa3VTWXBDKzgKLS0tIGtJbTRRelg1VVk2QStwdzlFM1g4
-            M1JOd1g3cVdjUFRhZ0FxcWphZXZJbkkKFXDtJVoi+qIrXp6cznevuZ+peBiRRITP
-            rrplqLiYsNIGKmKYtRIUu8WXDZ2q2CJ8Z+pka3W3H/U+m957hBDWyw==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSHdka3FPQUYrcXQzcTFo
-            a000TUllT0MvUzk5ZzVFbXZheG9ZVTM2S253CkE5VW9tQktvL2pMWFoxcnFjTGpr
-            Z0p1RjZWRGpSZ01TdTZRcEJXM2NOUkUKLS0tIC9rNmNzWitMdEd5dXQvdWlELzhM
-            M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU
-            LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-03-09T07:58:59Z"
-    mac: ENC[AES256_GCM,data:dNS3GGmHEJonDGNVGlhjRPnDSo0DljmX3pRrnYXsCLrjViOQpLmgInJF3g37Thpl5+PQOpjGpwSqTuWrIkTuSs3wWwjzA2xE6WtPStY13U7lGLhBmkLIocVqmWCPH5zs1pVKQnuk6jNaBUfWUA5aL2+WNcatnPqxIL45j0Chvmw=,iv:JhGN219z3uwl5fEx7KVLG/p23JWe1JHMPLg09G9+CWM=,tag:y5VuwVyMu8c8aDtKqWDykw==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1
--- a/devices/xmupc2/secrets/munge.key
+++ b/devices/xmupc2/secrets/munge.key
@@ -1,24 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:Um00c+kry3QrHEZVdlUws+gGGvtPKh8WzkpT6CHL7uwHRUWc+5E0bvlwXFJTkmPdGOOV2Jx9fGvSKpQb1/MPJhMhpCAw5n69QIRjVVURZcvVVFrl+eNO2sf/h2GTFvKRAtlcNAh7cvjkpiB3r+S7mRYSI914B7w8GLTdRFvtqYo=,iv:gk7S1SiA0iBAfpXLhhPJuexolP6w1XAd8M2H+sqqmoM=,tag:O8Eoa4LjEo14H/+1W5rcgQ==,type:str]",
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": [
-			{
-				"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWYmNFOFlnbm1FdXdGWUNr\nOGN3THhDUyt4SDVzcHY5dEYrSWsrQm1UOFJvCmhXaWFlcC8wazROaXZzcm9tUnFM\nQlphZ0x6c0RhbzY0aGVFbXdOa1BHbG8KLS0tIHF2YUNTVnZ3Z25FSnFlTEdmdXhE\nb3Z2UEp1c2UrOUp3NEdNcE5HSFptbzAKWGSTwv6xUNs/f+p0Bhpzg8zZ7EVK8kMm\no13fru2Cnqrw8Cj0zfx+7LODpBVzo03fLYKqZ6kbPZGa12ihk+fD4g==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRVMrenM2Q1ZheFVPc2Rz\nYVd6UGoxbkpSQlZsNFN1dmIzSkl6SERwaTBRCjlHV3MvTEpxbDY4OHZjeUd5NmRF\nRmc1NzVCMTA0bDhwajNlMWZKTlNKK2cKLS0tIHRZZ0cxY2dwV21iRDlmeE5UZkM4\nK1dKV24yY3FKV2J3U2VzZWt2QnBSTHcKn8mq+1RnJG/nBbH2mAFpSFSTHDWvMqJj\nsziW9lK0cH6bPxhcpDO4oG8K08bdGHUVGtx2Zk81CDqzfamlMzzG2Q==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2024-03-09T07:59:38Z",
-		"mac": "ENC[AES256_GCM,data:zNh6Cioh4+r0+nx04yLqeQShozxl7bLLKSmwodnmHtVQVlOTjj5sDLMEAAmrj1Ym2KrBPJOgdm34Sl6AbsmiBLxzDcBKe6J68Y/LHIeaPkToRKpmoy9I9a177w0KzFXgNaU2ieH71egD+nf8JmGG61hDjpiJRpx1Lwxb16Bn+Xs=,iv:QxiUYymiGuH0EBwEhyg5gDzkSKvGhq0+0wERNEJ71UM=,tag:N1Nn9X9vrghwwJWC3kituA==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.8.1"
-	}
-}
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@@ -4,10 +4,8 @@
  inputs =
  {
    nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-23.11";
-    nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
-    "nixpkgs-23.05".url = "github:CHN-beta/nixpkgs/nixos-23.05";
-    "nixpkgs-22.11".url = "github:NixOS/nixpkgs/nixos-22.11";
-    "nixpkgs-22.05".url = "github:NixOS/nixpkgs/nixos-22.05";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs-2305.url = "github:CHN-beta/nixpkgs/nixos-23.05";
    home-manager = { url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; };
    sops-nix =
    {
@@ -20,13 +18,22 @@
    nixos-cn = { url = "github:nixos-cn/flakes"; inputs.nixpkgs.follows = "nixpkgs"; };
    nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
    nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; };
+    nix-alien =
+    {
+      url = "github:thiagokokada/nix-alien";
+      inputs = { nixpkgs.follows = "nixpkgs"; nix-index-database.follows = "nix-index-database"; };
+    };
    impermanence.url = "github:nix-community/impermanence";
    qchem = { url = "github:Nix-QChem/NixOS-QChem/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; };
    nixd = { url = "github:nix-community/nixd"; inputs.nixpkgs.follows = "nixpkgs"; };
    napalm = { url = "github:nix-community/napalm"; inputs.nixpkgs.follows = "nixpkgs"; };
    nixpak = { url = "github:nixpak/nixpak"; inputs.nixpkgs.follows = "nixpkgs"; };
    deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; };
-    pnpm2nix-nzbr = { url = "github:CHN-beta/pnpm2nix-nzbr"; inputs.nixpkgs.follows = "nixpkgs"; };
+    pnpm2nix-nzbr = { url = "github:nzbr/pnpm2nix-nzbr"; inputs.nixpkgs.follows = "nixpkgs"; };
+    # oneapi
+    lmix = { url = "github:CHN-beta/lmix"; inputs.nixpkgs.follows = "nixpkgs"; };
+    # nvhpc
+    dguibert-nur-packages = { url = "github:CHN-beta/dguibert-nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
    plasma-manager =
    {
      url = "github:pjones/plasma-manager";
@@ -34,9 +41,8 @@
    };
    nix-doom-emacs = { url = "github:nix-community/nix-doom-emacs"; inputs.nixpkgs.follows = "nixpkgs"; };
    nur-linyinfeng = { url = "github:linyinfeng/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
-    nixos-hardware.url = "github:CHN-beta/nixos-hardware";
+    nixos-hardware.url = "github:NixOS/nixos-hardware";
    envfs = { url = "github:Mic92/envfs"; inputs.nixpkgs.follows = "nixpkgs"; };
-    nix-fast-build = { url = "github:/Mic92/nix-fast-build"; inputs.nixpkgs.follows = "nixpkgs"; };

    misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; };
    rsshub = { url = "github:DIYgod/RSSHub"; flake = false; };
@@ -51,21 +57,11 @@
    nodesoup = { url = "github:olvb/nodesoup"; flake = false; };
    tgbot-cpp = { url = "github:reo7sp/tgbot-cpp"; flake = false; };
    v-sim = { url = "gitlab:l_sim/v_sim"; flake = false; };
-    win11os-kde = { url = "github:yeyushengfan258/Win11OS-kde"; flake = false; };
-    fluent-kde = { url = "github:vinceliuice/Fluent-kde"; flake = false; };
-    rycee = { url = "gitlab:rycee/nur-expressions"; flake = false; };
-    blurred-wallpaper = { url = "github:bouteillerAlan/blurredwallpaper"; flake = false; };
-    slate = { url = "github:TheBigWazz/Slate"; flake = false; };
-    linux-surface = { url = "github:linux-surface/linux-surface"; flake = false; };
-    lepton = { url = "github:black7375/Firefox-UI-Fix"; flake = false; };
-    lmod = { url = "github:TACC/Lmod"; flake = false; };
-    mumax = { url = "github:CHN-beta/mumax"; flake = false; };
  };

  outputs = inputs:
    let
      localLib = import ./local/lib inputs.nixpkgs.lib;
-      devices = builtins.attrNames (builtins.readDir ./devices);
    in
    {
      packages.x86_64-linux =
@@ -73,7 +69,7 @@
        default = inputs.nixpkgs.legacyPackages.x86_64-linux.writeText "systems"
          (builtins.concatStringsSep "\n" (builtins.map
            (system: builtins.toString inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel)
-            devices));
+            [ "pc" "vps6" "vps7" "nas" "surface" ]));
      }
      // (
        builtins.listToAttrs (builtins.map
@@ -82,7 +78,7 @@
            name = system;
            value = inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel;
          })
-          devices)
+          [ "pc" "vps6" "vps7" "nas" "surface" "xmupc1" ])
      );
      # ssh-keygen -t rsa -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_rsa_key
      # ssh-keygen -t ed25519 -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_ed25519_key
@@ -107,7 +103,7 @@
            ];
          };
        })
-        devices);
+        [ "pc" "vps6" "vps7" "nas" "surface" "xmupc1" ]);
      # sudo HTTPS_PROXY=socks5://127.0.0.1:10884 nixos-install --flake .#bootstrap --option substituters http://127.0.0.1:5000 --option require-sigs false --option system-features gccarch-silvermont
      # nix-serve -p 5000
      # nix copy --substitute-on-destination --to ssh://server /run/current-system
@@ -143,8 +139,7 @@
                inputs.self.nixosConfigurations.${node};
            };
          })
-          [ "vps6" "vps7" "nas" "surface" "xmupc1" "xmupc2" ]
-        );
+          [ "vps6" "vps7" "nas" "surface" ]);
      };
      checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib;
      overlays.default = final: prev:
--- a/local/lib/default.nix
+++ b/local/lib/default.nix
@@ -1,6 +1,6 @@
 lib:
 {
-  attrsToList = attrs: builtins.map (name: { inherit name; value = attrs.${name}; }) (builtins.attrNames attrs);
+  attrsToList = Attrs: builtins.map ( name: { inherit name; value = Attrs.${name}; } ) ( builtins.attrNames Attrs );
  mkConditional = condition: trueResult: falseResult: let inherit (lib) mkMerge mkIf; in
    mkMerge [ ( mkIf condition trueResult ) ( mkIf (!condition) falseResult ) ];

--- a/local/pkgs/aocc/default.nix
+++ b/local/pkgs/aocc/default.nix
@@ -1 +0,0 @@
-1k9anln9hmdjflrkq4iacrmhma7gfrfj6d0b8ywxys0wfpdvy12v
--- a/local/pkgs/blurred-wallpaper/default.nix
+++ b/local/pkgs/blurred-wallpaper/default.nix
@@ -1,11 +0,0 @@
-{ stdenv, src }: stdenv.mkDerivation
-{
-  name = "blurred-wallpaper";
-  inherit src;
-  phases = [ "installPhase" ];
-  installPhase =
-  ''
-    mkdir -p $out/share/plasma/wallpapers/a2n.blur
-    cp -r $src/* $out/share/plasma/wallpapers/a2n.blur
-  '';
-}
--- a/local/pkgs/chromiumos-touch-keyboard/default.nix
+++ b/local/pkgs/chromiumos-touch-keyboard/default.nix
@@ -0,0 +1,18 @@
+{ lib, stdenv, fetchFromGitHub, fetchurl, cmake }: stdenv.mkDerivation rec
+{
+  pname = "chromiumos-touch-keyboard";
+  version = "1.4.1";
+  src = fetchFromGitHub
+  {
+    owner = "CHN-beta";
+    repo = "chromiumos_touch_keyboard";
+    rev = "32b72240ccac751a1b983152f65aa5b19503ffcf";
+    sha256 = "eFesDSBS2VzTOVfepgXYGynWvkrCSdCV9C/gcG/Ocbg=";
+  };
+  cmakeFlags = [ "-DCMAKE_CXX_FLAGS=-Wno-error=stringop-truncation" ];
+  nativeBuildInputs = [ cmake ];
+  postInstall =
+  ''
+    cp $out/etc/touch_keyboard/layouts/YB1-X9x-pc105.csv $out/etc/touch_keyboard/layout.csv
+  '';
+}
--- a/local/pkgs/default.nix
+++ b/local/pkgs/default.nix
@@ -2,9 +2,21 @@
 {
  typora = callPackage ./typora {};
  vesta = callPackage ./vesta {};
+  oneapi = callPackage ./oneapi {};
  rsshub = callPackage ./rsshub { src = topInputs.rsshub; };
  misskey = callPackage ./misskey { nodejs = nodejs_21; src = topInputs.misskey; };
  mk-meili-mgn = callPackage ./mk-meili-mgn {};
+  # vasp = callPackage ./vasp
+  # {
+  #   stdenv = pkgs.lmix-pkgs.intel21Stdenv;
+  #   intel-mpi = pkgs.lmix-pkgs.intel-oneapi-mpi_2021_9_0;
+  #   ifort = pkgs.lmix-pkgs.intel-oneapi-ifort_2021_9_0;
+  # };
+  vasp = callPackage ./vasp
+  {
+    openmp = llvmPackages.openmp;
+    openmpi = pkgs.openmpi.override { cudaSupport = false; };
+  };
  vaspkit = callPackage ./vaspkit { attrsToList = (import ../lib lib).attrsToList; };
  v-sim = callPackage ./v-sim { src = topInputs.v-sim; };
  concurrencpp = callPackage ./concurrencpp { stdenv = gcc13Stdenv; src = topInputs.concurrencpp; };
@@ -24,7 +36,7 @@
  mirism = callPackage ./mirism
  {
    inherit cppcoro nameof tgbot-cpp date;
-    nghttp2 = pkgs."nghttp2-23.05".override { enableAsioLib = true; };
+    nghttp2 = nghttp2-2305.override { enableAsioLib = true; };
  };
  cppcoro = callPackage ./cppcoro { src = topInputs.cppcoro; };
  date = callPackage ./date { src = topInputs.date; };
@@ -33,37 +45,4 @@
  pyreadline3 = python3Packages.callPackage ./pyreadline3 {};
  torchdata = python3Packages.callPackage ./torchdata {};
  torchtext = python3Packages.callPackage ./torchtext { inherit torchdata; };
-  win11os-kde = callPackage ./win11os-kde { src = topInputs.win11os-kde; };
-  fluent-kde = callPackage ./fluent-kde { src = topInputs.fluent-kde; };
-  blurred-wallpaper = callPackage ./blurred-wallpaper { src = topInputs.blurred-wallpaper; };
-  slate = callPackage ./slate { src = topInputs.slate; };
-  nvhpc = callPackage ./nvhpc {};
-  lmod = callPackage ./lmod { src = topInputs.lmod; };
-  vasp =
-  {
-    source = callPackage ./vasp/source.nix {};
-    gnu = callPackage ./vasp/gnu
-    {
-      inherit (llvmPackages) openmp;
-      wannier90 = callPackage "${topInputs.nixpkgs-unstable}/pkgs/by-name/wa/wannier90/package.nix" {};
-      hdf5 = hdf5.override { mpiSupport = true; fortranSupport = true; };
-    };
-    nvidia = callPackage ./vasp/nvidia
-    {
-      inherit lmod;
-      nvhpc = nvhpc."24.1";
-      hdf5 = hdf5-nvhpc.override { nvhpc = nvhpc."24.1"; };
-      wannier90 = callPackage "${topInputs.nixpkgs-unstable}/pkgs/by-name/wa/wannier90/package.nix" {};
-    };
-    intel = callPackage ./vasp/intel
-    {
-      inherit lmod;
-      oneapi = oneapi."2022.2";
-      hdf5 = hdf5.override { mpiSupport = true; fortranSupport = true; };
-      inherit (unstablePackages) wannier90;
-    };
-  };
-  hdf5-nvhpc = callPackage ./hdf5-nvhpc { inherit lmod; inherit (hdf5) src; nvhpc = nvhpc."24.1"; };
-  oneapi = callPackage ./oneapi {};
-  mumax = callPackage ./mumax { src = topInputs.mumax; };
 }
--- a/local/pkgs/fluent-kde/default.nix
+++ b/local/pkgs/fluent-kde/default.nix
@@ -1,22 +0,0 @@
-{ lib, stdenv, src }: stdenv.mkDerivation
-{
-  name = "fluent-kde";
-  inherit src;
-  installPhase =
-  ''
-    mkdir -p $out/share/aurorae/themes
-    cp -r $src/aurorae/* $out/share/aurorae/themes
-    mkdir -p $out/share/color-schemes
-    cp -r $src/color-schemes/*.colors $out/share/color-schemes
-    mkdir -p $out/share/Kvantum
-    cp -r $src/Kvantum/Fluent* $out/share/Kvantum
-    mkdir -p $out/share/plasma/desktoptheme
-    cp -r $src/plasma/desktoptheme/* $out/share/plasma/desktoptheme
-    mkdir -p $out/share/plasma/layout-templates
-    cp -r $src/plasma/layout-templates/* $out/share/plasma/layout-templates
-    mkdir -p $out/share/plasma/look-and-feel
-    cp -r $src/plasma/look-and-feel/com.github.vinceliuice.Fluent* $out/share/plasma/look-and-feel
-    mkdir -p $out/share/wallpapers
-    cp -r $src/wallpaper/* $out/share/wallpapers
-  '';
-}
--- a/local/pkgs/hdf5-nvhpc/default.nix
+++ b/local/pkgs/hdf5-nvhpc/default.nix
@@ -1,40 +0,0 @@
-{
-  buildFHSEnv, writeScript, stdenvNoCC,
-  src,
-  nvhpc, lmod, cmake, gfortran,
-  config, nvhpcArch ? config.nvhpcArch or "px"
-}:
-let
-  buildEnv = buildFHSEnv
-  {
-    name = "buildEnv";
-    targetPkgs = pkgs: with pkgs; [ zlib ];
-    extraBwrapArgs = [ "--bind" "$out" "$out" ];
-  };
-  buildScript = writeScript "build"
-  ''
-    . ${lmod}/share/lmod/lmod/init/bash
-    module use ${nvhpc}/share/nvhpc/modulefiles
-    module load nvhpc
-    mkdir build
-    cd build
-    cmake -DCMAKE_INSTALL_PREFIX=$out -DHDF5_INSTALL_CMAKE_DIR=$out/lib/cmake \
-      -DHDF5_BUILD_FORTRAN=ON -DHDF5_ENABLE_PARALLEL=ON -DBUILD_SHARED_LIBS=ON ..
-    make -j$NIX_BUILD_CORES
-    make install
-  '';
-in stdenvNoCC.mkDerivation
-{
-  name = "hdf5-nvhpc";
-  inherit src;
-  dontConfigure = true;
-  enableParallelBuilding = true;
-  nativeBuildInputs = [ cmake gfortran ];
-  buildPhase =
-  ''
-    mkdir -p $out
-    ${buildEnv}/bin/buildEnv ${buildScript}
-  '';
-  dontInstall = true;
-  requiredSystemFeatures = [ "nvhpcarch-${nvhpcArch}" ];
-}
--- a/local/pkgs/lmod/default.nix
+++ b/local/pkgs/lmod/default.nix
@@ -1,14 +0,0 @@
-{
-  stdenv, src,
-  tcl,
-  procps, bc, lua
-}:
-stdenv.mkDerivation
-{
-  name = "lmod";
-  inherit src;
-  buildInputs = [ tcl ];
-  nativeBuildInputs = [ procps bc (lua.withPackages (ps: with ps; [ luaposix ])) ];
-  configurePhase = ''./configure --prefix=$out/share'';
-  postUnpack = "patchShebangs .";
-}
--- a/local/pkgs/misskey/default.nix
+++ b/local/pkgs/misskey/default.nix
@@ -1,69 +1,22 @@
 {
-  lib, stdenv, mkPnpmPackage, fetchurl, nodejs, writeShellScript, buildFHSEnv,
-  bash, cypress, vips, pkg-config, src, libtensorflow
+  lib, mkPnpmPackage, nodejs, writeShellScriptBin,
+  bash, cypress, vips, pkg-config, src
 }:
 let
-  name = "misskey";
-  originalPnpmPackage = mkPnpmPackage
+  unwrapped = mkPnpmPackage
  {
-    inherit name src nodejs;
+    inherit src nodejs;
+    name = "misskey-unwrapped";
+    installEnv = { CYPRESS_RUN_BINARY = "${cypress}/bin/Cypress"; NODE_ENV = "production"; };
    copyPnpmStore = true;
-    extraIntegritySha256."https://github.com/aiscript-dev/aiscript-languageserver/releases/download/0.1.5/aiscript-dev-aiscript-languageserver-0.1.5.tgz" = "1mhnwa8h48bc21f0zv8q93aphiqz9i70r7m4xsa4sd1mlncfgyl7";
+    distDir = ".";
+    noDevDependencies = true;
  };
-  startScript = writeShellScript "misskey"
-  ''
-    export PATH=${lib.makeBinPath [ bash nodejs nodejs.pkgs.pnpm nodejs.pkgs.gulp cypress ]}:$PATH
-    export CYPRESS_RUN_BINARY="${cypress}/bin/Cypress"
-    export NODE_ENV=production
-    pnpm run migrateandstart
-  '';
-in
-  stdenv.mkDerivation rec
-  {
-    inherit src name;
-    buildInputs =
-    [
-      bash nodejs nodejs.pkgs.typescript nodejs.pkgs.pnpm nodejs.pkgs.gulp cypress vips pkg-config
-    ];
-    nativeBuildInputs = buildInputs;
-    CYPRESS_RUN_BINARY = "${cypress}/bin/Cypress";
-    NODE_ENV = "production";
-    configurePhase =
-    ''
-      export HOME=$NIX_BUILD_TOP # Some packages need a writable HOME
-      export npm_config_nodedir=${nodejs}
-      pnpm config set reporter append-only
-
-      runHook preConfigure
-
-      store=$(pnpm store path)
-      mkdir -p $(dirname $store)
-
-      cp -f ${originalPnpmPackage.passthru.patchedLockfileYaml} pnpm-lock.yaml
-      cp -RL ${originalPnpmPackage.passthru.pnpmStore} $store
-      chmod -R +w $store
-      pnpm install --frozen-lockfile --offline
-
-      runHook postConfigure
-    '';
-    buildPhase =
-    ''
-      runHook preBuild
-      pnpm run build
-      runHook postBuild
-    '';
-    installPhase =
-    ''
-      runHook preInstall
-      mkdir -p $out
-      mv * .* $out
-      mkdir -p $out/bin
-      cp ${startScript} $out/bin/misskey
-      mkdir -p $out/files
-      runHook postInstall
-    '';
-    passthru =
-    {
-      inherit originalPnpmPackage startScript;
-    };
-  }
+in writeShellScriptBin "misskey"
+''
+  cd ${unwrapped}
+  export PATH=${lib.makeBinPath [ bash nodejs nodejs.pkgs.pnpm nodejs.pkgs.gulp cypress ]}:$PATH
+  export CYPRESS_RUN_BINARY="${cypress}/bin/Cypress"
+  export NODE_ENV=production
+  pnpm run migrateandstart
+''
--- a/local/pkgs/mumax/default.nix
+++ b/local/pkgs/mumax/default.nix
@@ -1,22 +0,0 @@
-{ buildGoModule, cudatoolkit, src, config, cudaCapabilities ? config.cudaCapabilities, gcc, makeWrapper }:
-# TODO: use addDriverRunpath
-buildGoModule
-{
-  name = "mumax";
-  inherit src;
-  vendorHash = null;
-  nativeBuildInputs = [ cudatoolkit gcc makeWrapper ];
-  CUDA_CC = builtins.concatStringsSep " " cudaCapabilities;
-  CPATH = "${cudatoolkit}/include";
-  LIBRARY_PATH = "${cudatoolkit}/lib/stubs";
-  doCheck = false;
-  postInstall =
-  ''
-    rm $out/bin/{doc,test}
-    for i in $out/bin/*; do
-      if [ -f $i ]; then
-        wrapProgram $i --prefix LD_LIBRARY_PATH ":" "/run/opengl-driver/lib:${cudatoolkit}/lib"
-      fi
-    done
-  '';
-}
--- a/local/pkgs/nvhpc/default.nix
+++ b/local/pkgs/nvhpc/default.nix
@@ -1,42 +0,0 @@
-{
-  stdenvNoCC, fetchurl, buildFHSEnv,
-  gfortran, flock
-}:
-let
-  versions =
-  {
-    "24.1" = "1n0x1x7ywvr3623ylvrjagayn44mbvfas3c3062p7y3asmgjx697";
-    "23.1" = "1xg933f4n1bw39y1x1vrjrbzpx36sbmjgvi332hfck3dbx0n982m";
-  };
-  releaseName = version:
-    let versions = builtins.splitVersion version;
-    in "nvhpc_20${builtins.elemAt versions 0}_${builtins.concatStringsSep "" versions}_Linux_x86_64_cuda_multi";
-  builder = buildFHSEnv
-  {
-    name = "builder";
-    targetPkgs = pkgs: with pkgs; [ coreutils ];
-    extraBwrapArgs = [ "--bind" "$out" "$out" ];
-  };
-in let buildNvhpc = version: stdenvNoCC.mkDerivation
-{
-  pname = "nvhpc";
-  inherit version;
-  src = fetchurl
-  {
-    url = "https://developer.download.nvidia.com/hpc-sdk/${version}/${releaseName version}.tar.gz";
-    sha256 = versions.${version};
-  };
-  dontFixup = true;
-  dontBuild = true;
-  buildInputs = [ gfortran flock ];
-  installPhase =
-  ''
-    export NVHPC_SILENT=true
-    export NVHPC_INSTALL_TYPE=single
-    export NVHPC_INSTALL_DIR=$out/share/nvhpc
-    # $out should exist before bwrap
-    mkdir -p $out
-    ${builder}/bin/builder ./install
-  '';
-};
-in builtins.mapAttrs (version: _: buildNvhpc version) versions
--- a/local/pkgs/oneapi/default.nix
+++ b/local/pkgs/oneapi/default.nix
@@ -1,88 +0,0 @@
-{
-  stdenvNoCC, fetchurl, buildFHSEnv,
-  ncurses
-}:
-let
-  versions =
-  {
-    "2022.2" =
-    {
-      basekit =
-      {
-        id = "18673";
-        version = "2022.2.0.262";
-        sha256 = "03qx6sb58mkhc7iyc8va4y1ihj6l3155dxwmqj8dfw7j2ma7r5f6";
-        components =
-        [
-          "intel.oneapi.lin.dpcpp-ct"
-          "intel.oneapi.lin.dpcpp_dbg"
-          "intel.oneapi.lin.dpl"
-          "intel.oneapi.lin.tbb.devel"
-          "intel.oneapi.lin.ccl.devel"
-          "intel.oneapi.lin.dpcpp-cpp-compiler"
-          "intel.oneapi.lin.dpl"
-          "intel.oneapi.lin.mkl.devel"
-        ];
-      };
-      hpckit =
-      {
-        id = "18679";
-        version = "2022.2.0.191";
-        sha256 = "0swz4w9bn58wwqjkqhjqnkcs8k8ms9nn9s8k7j5w6rzvsa6817d2";
-      };
-    };
-    "2024.0" =
-    {
-      basekit =
-      {
-        id = "163da6e4-56eb-4948-aba3-debcec61c064";
-        version = "2024.0.1.46";
-        sha256 = "1sp1fgjv8xj8qxf8nv4lr1x5cxz7xl5wv4ixmfmcg0gyk28cjq1g";
-      };
-      hpckit =
-      {
-        id = "67c08c98-f311-4068-8b85-15d79c4f277a";
-        version = "2024.0.1.38";
-        sha256 = "06vpdz51w2v4ncgk8k6y2srlfbbdqdmb4v4bdwb67zsg9lmf8fp9";
-      };
-    };
-  };
-  builder = buildFHSEnv
-  {
-    name = "builder";
-    targetPkgs = pkgs: with pkgs; [ coreutils zlib ];
-    extraBwrapArgs = [ "--bind" "$out" "$out" ];
-    runScript = "sh";
-  };
-  componentString = components: if components == null then "--components default" else
-    " --components " + (builtins.concatStringsSep ":" components);
-in let buildOneapi = version: stdenvNoCC.mkDerivation rec
-{
-  pname = "oneapi";
-  inherit version;
-  basekit = fetchurl
-  {
-    url = "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/${versions.${version}.basekit.id}/"
-      + "l_BaseKit_p_${versions.${version}.basekit.version}_offline.sh";
-    sha256 = versions.${version}.basekit.sha256;
-  };
-  hpckit = fetchurl
-  {
-    url = "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/${versions.${version}.hpckit.id}/"
-      + "l_HPCKit_p_${versions.${version}.hpckit.version}_offline.sh";
-    sha256 = versions.${version}.hpckit.sha256;
-  };
-  phases = [ "installPhase" ];
-  nativeBuildInputs = [ ncurses ];
-  installPhase =
-  ''
-    mkdir -p $out
-    ${builder}/bin/builder ${basekit} -a --silent --eula accept --install-dir $out/share/intel \
-      ${componentString versions.${version}.basekit.components or null}
-    ${builder}/bin/builder ${hpckit} -a --silent --eula accept --install-dir $out/share/intel \
-      ${componentString versions.${version}.hpckit.components or null}
-    ${builder}/bin/builder $out/share/intel/modulefiles-setup.sh --output-dir=$out/share/intel/modulefiles \
-      --ignore-latest
-  '';
-};
-in builtins.mapAttrs (version: _: buildOneapi version) versions
--- a/local/pkgs/rsshub/default.nix
+++ b/local/pkgs/rsshub/default.nix
@@ -1,50 +1,20 @@
 {
-  lib, stdenv, mkPnpmPackage, nodejs, writeShellScript,
-  chromium, bash, src
+  lib, mkPnpmPackage, nodejs, writeShellScriptBin, src,
+  chromium, bash
 }:
 let
-  name = "rsshub";
-  originalPnpmPackage = mkPnpmPackage { inherit name src nodejs; };
-  nodeModules = originalPnpmPackage.nodeModules.overrideAttrs { PUPPETEER_SKIP_DOWNLOAD = true; };
-  rsshub-unwrapped = stdenv.mkDerivation
+  unwrapped = mkPnpmPackage
  {
-    inherit src;
-    name = "${name}-unwrapped";
-    configurePhase = 
-    ''
-      export HOME=$NIX_BUILD_TOP # Some packages need a writable HOME
-      export npm_config_nodedir=${nodejs}
-
-      runHook preConfigure
-
-      ln -s ${nodeModules}/. node_modules
-
-      runHook postConfigure
-    '';
-    installPhase =
-    ''
-      runHook preInstall
-      mkdir -p $out
-      mv * .* $out
-      runHook postInstall
-    '';
+    name = "rsshub-unwrapped";
+    inherit src nodejs;
+    installEnv.PUPPETEER_SKIP_DOWNLOAD = "1";
+    script = "build:all";
+    distDir = ".";
  };
-  startScript = writeShellScript "rsshub"
-  ''
-    cd ${rsshub-unwrapped}
-    export PATH=${lib.makeBinPath [ bash nodejs nodejs.pkgs.pnpm chromium ]}:$PATH
-    export CHROMIUM_EXECUTABLE_PATH=chromium
-    pnpm start
-  '';
-in stdenv.mkDerivation
-{
-  inherit name;
-  phases = [ "installPhase" ];
-  installPhase =
-  ''
-    runHook preInstall
-    mkdir -p $out/bin
-    cp ${startScript} $out/bin/rsshub
-    runHook postInstall
-  '';
-}
+in writeShellScriptBin "rsshub"
+''
+  cd ${unwrapped}
+  export PATH=${lib.makeBinPath [ bash nodejs nodejs.pkgs.pnpm chromium ]}:$PATH
+  export CHROMIUM_EXECUTABLE_PATH=chromium
+  pnpm start
+''
--- a/local/pkgs/slate/default.nix
+++ b/local/pkgs/slate/default.nix
@@ -1,10 +0,0 @@
-{ stdenv, src }: stdenv.mkDerivation
-{
-  name = "slate";
-  src = "${src}/Slate.tar.gz";
-  installPhase =
-  ''
-    mkdir -p $out/share/yakuake/skins/Slate
-    cp -r * $out/share/yakuake/skins/Slate
-  '';
-}
--- a/local/pkgs/typora/default.nix
+++ b/local/pkgs/typora/default.nix
@@ -0,0 +1,42 @@
+{ lib, stdenv, steam-run, fetchurl, writeShellScript }:
+let
+  typora-dist = stdenv.mkDerivation rec
+  {
+    pname = "typora-dist";
+    version = "1.8.2-dev";
+    src = fetchurl
+    {
+      url = "https://download.typora.io/linux/typora_${version}_amd64.deb";
+      sha256 = "0abi9m8h8k0228ajag26lxk756a7aqqixg608k85gnkdmibnq6mv";
+    };
+
+    dontFixup = true;
+
+    unpackPhase =
+    ''
+      ar x ${src}
+      tar xf data.tar.xz
+    '';
+    installPhase =
+    ''
+      mkdir -p $out
+      mv usr/share $out
+    '';
+  };
+in stdenv.mkDerivation rec
+{
+  pname = "typora";
+  inherit (typora-dist) version;
+  BuildInputs = [ typora-dist steam-run ];
+  startScript = writeShellScript "typora" "${steam-run}/bin/steam-run ${typora-dist}/share/typora/Typora $@";
+  phases = [ "installPhase" ];
+  installPhase =
+  ''
+    mkdir -p $out/bin $out/share/applications
+    ln -s ${startScript} $out/bin/typora
+    cp ${typora-dist}/share/applications/typora.desktop $out/share/applications
+    sed -i "s|Exec=.*|Exec=${startScript} %U|g" $out/share/applications/typora.desktop
+    sed -i "s|Icon=.*|Icon=${typora-dist}/share/icons/hicolor/256x256/apps/typora.png|g" \
+      $out/share/applications/typora.desktop
+  '';
+}
--- a/local/pkgs/vasp/constr_cell_relax.F
+++ b/local/pkgs/vasp/constr_cell_relax.F
@@ -1,22 +0,0 @@
-SUBROUTINE CONSTR_CELL_RELAX(FCELL)
-  USE prec
-  REAL(q) FCELL(3,3)
-
-  LOGICAL FILFLG
-  INTEGER ICELL(3,3)
-  INQUIRE(FILE='OPTCELL',EXIST=FILFLG)
-  IF (FILFLG) THEN
-      OPEN(67,FILE='OPTCELL',FORM='FORMATTED',STATUS='OLD')
-      DO J=1,3
-        READ(67,"(3I1)") (ICELL(I,J),I=1,3)
-      ENDDO
-      CLOSE(67)
-      DO J=1,3
-      DO I=1,3
-        IF (ICELL(I,J)==0) FCELL(I,J)=0.0
-      ENDDO
-      ENDDO
-  ENDIF
-
-  RETURN
-END SUBROUTINE
--- a/local/pkgs/vasp/default.nix
+++ b/local/pkgs/vasp/default.nix
@@ -0,0 +1,77 @@
+# {
+#   stdenv, requireFile, config, rsync, intel-mpi, ifort,
+#   mkl
+# }:
+# stdenv.mkDerivation rec
+# {
+#   pname = "vasp";
+#   version = "6.4.0";
+#   # nix-store --query --hash $(nix store add-path ./vasp-6.4.0)
+#   src = requireFile
+#   {
+#     name = "${pname}-${version}";
+#     sha256 = "189i1l5q33ynmps93p2mwqf5fx7p4l50sls1krqlv8ls14s3m71f";
+#     hashMode = "recursive";
+#     message = "Source file not found.";
+#   };
+#   VASP_TARGET_CPU = if config ? oneapiArch then "-x${config.oneapiArch}" else "";
+#   MKLROOT = mkl;
+#   makeFlags = "DEPS=1";
+#   enableParallelBuilding = true;
+#   buildInputs = [ mkl intel-mpi ifort ];
+#   nativeBuildInputs = [ rsync ];
+#   configurePhase =
+#   ''
+#     cp arch/makefile.include.intel makefile.include
+#     echo "CPP_OPTIONS += -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj" >> makefile.include
+#     echo "OBJECTS_LIB += getshmem.o" >> makefile.include
+#     mkdir -p bin
+#   '';
+#   installPhase =
+#   ''
+#     mkdir -p $out/bin
+#     for i in std gam ncl; do
+#       cp bin/vasp_$i $out/bin/vasp-cpu-${version}-$i
+#     done
+#   '';
+#   doStrip = false;
+#   doFixup = false;
+# }
+{
+  stdenvNoCC, requireFile, rsync, blas, scalapack, openmpi, openmp, gfortran, gcc, fftwMpi
+}:
+stdenvNoCC.mkDerivation rec
+{
+  pname = "vasp";
+  version = "6.4.0";
+  # nix-store --query --hash $(nix store add-path ./vasp-6.4.0)
+  src = requireFile
+  {
+    name = "${pname}-${version}";
+    sha256 = "189i1l5q33ynmps93p2mwqf5fx7p4l50sls1krqlv8ls14s3m71f";
+    hashMode = "recursive";
+    message = "Source file not found.";
+  };
+  # VASP_TARGET_CPU = if config ? oneapiArch then "-x${config.oneapiArch}" else "";
+  # MKLROOT = mkl;
+  makeFlags = "DEPS=1";
+  enableParallelBuilding = true;
+  buildInputs = [ blas scalapack openmpi openmp gfortran gfortran.cc gcc fftwMpi.dev fftwMpi ];
+  nativeBuildInputs = [ rsync ];
+  FFTW_ROOT = fftwMpi.dev;
+  configurePhase =
+  ''
+    cp ${./makefile.include/${version}-gnu} makefile.include
+    chmod +w makefile.include
+    echo "CPP_OPTIONS += -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj" >> makefile.include
+    echo "OBJECTS_LIB += getshmem.o" >> makefile.include
+    mkdir -p bin
+  '';
+  installPhase =
+  ''
+    mkdir -p $out/bin
+    for i in std gam ncl; do
+      cp bin/vasp_$i $out/bin/vasp-gnu-${version}-$i
+    done
+  '';
+}
--- a/local/pkgs/vasp/gnu/default.nix
+++ b/local/pkgs/vasp/gnu/default.nix
@@ -1,47 +0,0 @@
-{
-  stdenvNoCC, requireFile, writeShellApplication, substituteAll,
-  rsync, blas, scalapack, mpi, openmp, gfortran, gcc, fftwMpi, hdf5, wannier90
-}:
-let
-  sources = import ../source.nix { inherit requireFile; };
-  include = version: ./makefile.include-${version};
-  vasp = version: stdenvNoCC.mkDerivation rec
-  {
-    pname = "vasp-gnu";
-    inherit version;
-    src = sources.${version};
-    configurePhase =
-    ''
-      cp ${include version} makefile.include
-      cp ${../constr_cell_relax.F} src/constr_cell_relax.F
-      mkdir -p bin
-    '';
-    enableParallelBuilding = true;
-    makeFlags = "DEPS=1";
-    buildInputs = [ blas scalapack mpi openmp fftwMpi.dev fftwMpi hdf5 hdf5.dev wannier90 ];
-    nativeBuildInputs = [ rsync gfortran gfortran.cc gcc ];
-    FFTW_ROOT = fftwMpi.dev;
-    HDF5_ROOT = hdf5.dev;
-    WANNIER90_ROOT = wannier90;
-    installPhase =
-    ''
-      mkdir -p $out/bin
-      for i in std gam ncl; do
-        cp bin/vasp_$i $out/bin/vasp-$i
-      done
-    '';
-  };
-  startScript = version: writeShellApplication
-  {
-    name = "vasp-gnu-${version}";
-    runtimeInputs = [ (vasp version) ];
-    text =
-    ''
-      if [ -n "''${SLURM_CPUS_PER_TASK-}" ] && [ -n "''${SLURM_THREADS_PER_CPU-}" ]; then
-        export OMP_NUM_THREADS=$(( SLURM_CPUS_PER_TASK * SLURM_THREADS_PER_CPU ))
-      fi
-      export PATH=$PATH:$PWD
-      exec "$@"
-    '';
-  };
-in builtins.mapAttrs (version: _: startScript version) sources
--- a/local/pkgs/vasp/gnu/makefile.include-6.3.1
+++ b/local/pkgs/vasp/gnu/makefile.include-6.3.1
@@ -1,92 +0,0 @@
-# Default precompiler options
-CPP_OPTIONS = -DHOST=\"LinuxGNU\" \
-              -DMPI -DMPI_BLOCK=8000 -Duse_collective \
-              -DscaLAPACK \
-              -DCACHE_SIZE=4000 \
-              -Davoidalloc \
-              -Dvasp6 \
-              -Duse_bse_te \
-              -Dtbdyn \
-              -Dfock_dblbuf \
-              -D_OPENMP -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj
-
-CPP         = gcc -E -C -w $*$(FUFFIX) >$*$(SUFFIX) $(CPP_OPTIONS)
-
-FC          = mpif90 -fopenmp
-FCL         = mpif90 -fopenmp
-
-FREE        = -ffree-form -ffree-line-length-none
-
-FFLAGS      = -w -ffpe-summary=none
-
-OFLAG       = -O2
-OFLAG_IN    = $(OFLAG)
-DEBUG       = -O0
-
-OBJECTS     = fftmpiw.o fftmpi_map.o fftw3d.o fft3dlib.o
-OBJECTS_O1 += fftw3d.o fftmpi.o fftmpiw.o
-OBJECTS_O2 += fft3dlib.o
-
-# For what used to be vasp.5.lib
-CPP_LIB     = $(CPP)
-FC_LIB      = $(FC)
-CC_LIB      = gcc
-CFLAGS_LIB  = -O
-FFLAGS_LIB  = -O1
-FREE_LIB    = $(FREE)
-
-OBJECTS_LIB = linpack_double.o getshmem.o
-
-# For the parser library
-CXX_PARS    = g++
-LLIBS       = -lstdc++
-
-##
-## Customize as of this point! Of course you may change the preceding
-## part of this file as well if you like, but it should rarely be
-## necessary ...
-##
-
-# When compiling on the target machine itself, change this to the
-# relevant target when cross-compiling for another architecture
-# VASP_TARGET_CPU ?= -march=native
-# FFLAGS     += $(VASP_TARGET_CPU)
-
-# For gcc-10 and higher (comment out for older versions)
-FFLAGS     += -fallow-argument-mismatch
-
-# BLAS and LAPACK (mandatory)
-# OPENBLAS_ROOT ?= /path/to/your/openblas/installation
-# BLASPACK    = -L$(OPENBLAS_ROOT)/lib -lopenblas
-BLASPACK    = -lblas
-
-# scaLAPACK (mandatory)
-# SCALAPACK_ROOT ?= /path/to/your/scalapack/installation
-# SCALAPACK   = -L$(SCALAPACK_ROOT)/lib -lscalapack
-SCALAPACK = -lscalapack
-
-LLIBS      += $(SCALAPACK) $(BLASPACK)
-
-# FFTW (mandatory)
-FFTW_ROOT  ?= /path/to/your/fftw/installation
-LLIBS      += -L$(FFTW_ROOT)/lib -lfftw3 -lfftw3_omp
-INCS       += -I$(FFTW_ROOT)/include
-
-# HDF5-support (optional but strongly recommended)
-CPP_OPTIONS+= -DVASP_HDF5
-HDF5_ROOT  ?= /path/to/your/hdf5/installation
-LLIBS      += -L$(HDF5_ROOT)/lib -lhdf5_fortran
-INCS       += -I$(HDF5_ROOT)/include
-
-# For the VASP-2-Wannier90 interface (optional)
-CPP_OPTIONS    += -DVASP2WANNIER90
-WANNIER90_ROOT ?= /path/to/your/wannier90/installation
-LLIBS          += -L$(WANNIER90_ROOT)/lib -lwannier
-
-# For the fftlib library (recommended)
-#CPP_OPTIONS+= -Dsysv
-#FCL        += fftlib.o
-#CXX_FFTLIB  = g++ -fopenmp -std=c++11 -DFFTLIB_THREADSAFE
-#INCS_FFTLIB = -I./include -I$(FFTW_ROOT)/include
-#LIBS       += fftlib
-#LLIBS      += -ldl
--- a/local/pkgs/vasp/intel/default.nix
+++ b/local/pkgs/vasp/intel/default.nix
@@ -1,71 +0,0 @@
-{
-  buildFHSEnv, writeScript, stdenvNoCC, requireFile, substituteAll, symlinkJoin,
-  config, oneapiArch ? config.oneapiArch or "SSE3",
-  oneapi, gfortran, gcc, glibc, lmod, rsync, which, hdf5, wannier90
-}:
-let
-  versions = import ../source.nix;
-  buildEnv = buildFHSEnv
-  {
-    name = "buildEnv";
-    # make "module load mpi" success
-    targetPkgs = pkgs: with pkgs; [ zlib (writeTextDir "etc/release" "") ];
-  };
-  buildScript = writeScript "build"
-  ''
-    . ${lmod}/share/lmod/lmod/init/bash
-    module use ${oneapi}/share/intel/modulefiles
-    module load tbb compiler-rt oclfpga # dependencies
-    module load mpi mkl compiler
-    mkdir -p bin
-    make DEPS=1 -j$NIX_BUILD_CORES std
-  '';
-  include = version: substituteAll
-  {
-    src = ./makefile.include-${version};
-    inherit oneapiArch;
-    gcc = symlinkJoin { name = "gcc"; paths = [ gfortran gfortran.cc gcc ]; };
-  };
-  vasp = version: stdenvNoCC.mkDerivation rec
-  {
-    pname = "vasp";
-    inherit version;
-    src = requireFile
-    {
-      name = "${pname}-${version}";
-      sha256 = versions.${version};
-      hashMode = "recursive";
-      message = "Source file not found.";
-    };
-    configurePhase =
-    ''
-      cp ${include version} makefile.include
-      cp ${../constr_cell_relax.F} src/constr_cell_relax.F
-    '';
-    enableParallelBuilding = false;
-    buildInputs = [ hdf5 hdf5.dev wannier90 glibc glibc.dev ];
-    nativeBuildInputs = [ gfortran gfortran.cc gcc rsync which ];
-    HDF5_ROOT = hdf5.dev;
-    WANNIER90_ROOT = wannier90;
-    buildPhase = "${buildEnv}/bin/buildEnv ${buildScript}";
-    installPhase =
-    ''
-      mkdir -p $out/bin
-      for i in std gam ncl; do cp bin/vasp_$i $out/bin/vasp-$i; done
-    '';
-  };
-  startScript = version: writeScript "vasp-intel-${version}"
-  ''
-    . ${lmod}/share/lmod/lmod/init/bash
-    module use ${oneapi}/share/intel/modulefiles
-    module load tbb compiler-rt oclfpga # dependencies
-    module load mpi mkl compiler
-    exec "$@"
-  '';
-  runEnv = version: buildFHSEnv
-  {
-    name = "vasp-intel-${version}";
-    targetPkgs = pkgs: with pkgs; [ zlib (vasp version) (writeTextDir "etc/release" "") ];
-    runScript = startScript version;
-  };
-in builtins.mapAttrs (version: _: runEnv version) versions
--- a/local/pkgs/vasp/intel/makefile.include-6.3.1
+++ b/local/pkgs/vasp/intel/makefile.include-6.3.1
@@ -1,82 +0,0 @@
-# Default precompiler options
-CPP_OPTIONS = -DHOST=\"LinuxIFC\" \
-              -DMPI -DMPI_BLOCK=8000 -Duse_collective \
-              -DscaLAPACK \
-              -DCACHE_SIZE=4000 \
-              -Davoidalloc \
-              -Dvasp6 \
-              -Duse_bse_te \
-              -Dtbdyn \
-              -Dfock_dblbuf \
-              -D_OPENMP -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj
-
-CPP         = fpp -f_com=no -free -w0  $*$(FUFFIX) $*$(SUFFIX) $(CPP_OPTIONS)
-
-FC          = I_MPI_FC=ifort mpif90 -qopenmp
-FCL         = I_MPI_FC=ifort mpif90
-
-FREE        = -free -names lowercase
-
-FFLAGS      = -assume byterecl -w
-
-OFLAG       = -O2
-OFLAG_IN    = $(OFLAG)
-DEBUG       = -O0
-
-OBJECTS     = fftmpiw.o fftmpi_map.o fftw3d.o fft3dlib.o
-OBJECTS_O1 += fftw3d.o fftmpi.o fftmpiw.o
-OBJECTS_O2 += fft3dlib.o
-
-# For what used to be vasp.5.lib
-CPP_LIB     = $(CPP)
-FC_LIB      = $(FC)
-CC_LIB      = icc
-CFLAGS_LIB  = -O
-FFLAGS_LIB  = -O1
-FREE_LIB    = $(FREE)
-
-OBJECTS_LIB = linpack_double.o getshmem.o
-
-# For the parser library
-CXX_PARS    = icpc
-LLIBS       = -lstdc++
-
-##
-## Customize as of this point! Of course you may change the preceding
-## part of this file as well if you like, but it should rarely be
-## necessary ...
-##
-
-# When compiling on the target machine itself, change this to the
-# relevant target when cross-compiling for another architecture
-VASP_TARGET_CPU ?= -x@oneapiArch@
-FFLAGS     += $(VASP_TARGET_CPU)
- 
-# Intel MKL for FFTW, BLAS, LAPACK, and scaLAPACK
-# (Note: for Intel Parallel Studio's MKL use -mkl instead of -qmkl)
-FCL        += -qmkl
-MKLROOT    ?= /path/to/your/mkl/installation
-INCS        =-I$(MKLROOT)/include/fftw
-
-# Use a separate scaLAPACK installation (optional but recommended in combination with OpenMPI)
-# Comment out the two lines below if you want to use scaLAPACK from MKL instead
-#SCALAPACK_ROOT ?= /path/to/your/scalapack/installation
-#LLIBS      += -L${SCALAPACK_ROOT}/lib -lscalapack
-
-# HDF5-support (optional but strongly recommended)
-CPP_OPTIONS+= -DVASP_HDF5
-HDF5_ROOT  ?= /path/to/your/hdf5/installation
-LLIBS      += -L$(HDF5_ROOT)/lib -lhdf5_fortran
-INCS       += -I$(HDF5_ROOT)/include
-
-# For the VASP-2-Wannier90 interface (optional)
-CPP_OPTIONS    += -DVASP2WANNIER90
-WANNIER90_ROOT ?= /path/to/your/wannier90/installation
-LLIBS          += -L$(WANNIER90_ROOT)/lib -lwannier
-
-# For the fftlib library (hardly any benefit in combination with MKL's FFTs)
-#CPP_OPTION += -Dsysv
-#FCL         = mpif90 fftlib.o -qmkl
-#CXX_FFTLIB  = icpc -qopenmp -std=c++11 -DFFTLIB_USE_MKL -DFFTLIB_THREADSAFE
-#INCS_FFTLIB = -I./include -I$(MKLROOT)/include/fftw
-#LIBS       += fftlib
--- a/local/pkgs/vasp/intel/makefile.include-6.4.0
+++ b/local/pkgs/vasp/intel/makefile.include-6.4.0
@@ -1,82 +0,0 @@
-# Default precompiler options
-CPP_OPTIONS = -DHOST=\"LinuxIFC\" \
-              -DMPI -DMPI_BLOCK=8000 -Duse_collective \
-              -DscaLAPACK \
-              -DCACHE_SIZE=4000 \
-              -Davoidalloc \
-              -Dvasp6 \
-              -Duse_bse_te \
-              -Dtbdyn \
-              -Dfock_dblbuf \
-              -D_OPENMP -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj
-
-CPP         = fpp -f_com=no -free -w0  $*$(FUFFIX) $*$(SUFFIX) $(CPP_OPTIONS)
-
-FC          = I_MPI_F90=ifort mpif90 -qopenmp
-FCL         = I_MPI_F90=ifort mpif90
-
-FREE        = -free -names lowercase
-
-FFLAGS      = -assume byterecl -w
-
-OFLAG       = -O2
-OFLAG_IN    = $(OFLAG)
-DEBUG       = -O0
-
-OBJECTS     = fftmpiw.o fftmpi_map.o fftw3d.o fft3dlib.o
-OBJECTS_O1 += fftw3d.o fftmpi.o fftmpiw.o
-OBJECTS_O2 += fft3dlib.o
-
-# For what used to be vasp.5.lib
-CPP_LIB     = $(CPP)
-FC_LIB      = $(FC)
-CC_LIB      = icc
-CFLAGS_LIB  = -O
-FFLAGS_LIB  = -O1
-FREE_LIB    = $(FREE)
-
-OBJECTS_LIB = linpack_double.o getshmem.o
-
-# For the parser library
-CXX_PARS    = icpc
-LLIBS       = -lstdc++
-
-##
-## Customize as of this point! Of course you may change the preceding
-## part of this file as well if you like, but it should rarely be
-## necessary ...
-##
-
-# When compiling on the target machine itself, change this to the
-# relevant target when cross-compiling for another architecture
-VASP_TARGET_CPU ?= -x@oneapiArch@
-FFLAGS     += $(VASP_TARGET_CPU)
- 
-# Intel MKL for FFTW, BLAS, LAPACK, and scaLAPACK
-# (Note: for Intel Parallel Studio's MKL use -mkl instead of -qmkl)
-FCL        += -qmkl
-MKLROOT    ?= /path/to/your/mkl/installation
-INCS        =-I$(MKLROOT)/include/fftw
-
-# Use a separate scaLAPACK installation (optional but recommended in combination with OpenMPI)
-# Comment out the two lines below if you want to use scaLAPACK from MKL instead
-#SCALAPACK_ROOT ?= /path/to/your/scalapack/installation
-#LLIBS      += -L${SCALAPACK_ROOT}/lib -lscalapack
-
-# HDF5-support (optional but strongly recommended)
-CPP_OPTIONS+= -DVASP_HDF5
-HDF5_ROOT  ?= /path/to/your/hdf5/installation
-LLIBS      += -L$(HDF5_ROOT)/lib -lhdf5_fortran
-INCS       += -I$(HDF5_ROOT)/include
-
-# For the VASP-2-Wannier90 interface (optional)
-CPP_OPTIONS    += -DVASP2WANNIER90
-WANNIER90_ROOT ?= /path/to/your/wannier90/installation
-LLIBS          += -L$(WANNIER90_ROOT)/lib -lwannier
-
-# For the fftlib library (hardly any benefit in combination with MKL's FFTs)
-#CPP_OPTION += -Dsysv
-#FCL         = mpif90 fftlib.o -qmkl
-#CXX_FFTLIB  = icpc -qopenmp -std=c++11 -DFFTLIB_USE_MKL -DFFTLIB_THREADSAFE
-#INCS_FFTLIB = -I./include -I$(MKLROOT)/include/fftw
-#LIBS       += fftlib
--- a/local/pkgs/vasp/makefile.include/6.4.0-gnu
+++ b/local/pkgs/vasp/makefile.include/6.4.0-gnu
@@ -8,7 +8,7 @@ CPP_OPTIONS = -DHOST=\"LinuxGNU\" \
              -Duse_bse_te \
              -Dtbdyn \
              -Dfock_dblbuf \
-              -D_OPENMP -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj
+              -D_OPENMP

 CPP         = gcc -E -C -w $*$(FUFFIX) >$*$(SUFFIX) $(CPP_OPTIONS)

@@ -35,7 +35,7 @@ CFLAGS_LIB  = -O
 FFLAGS_LIB  = -O1
 FREE_LIB    = $(FREE)

-OBJECTS_LIB = linpack_double.o getshmem.o
+OBJECTS_LIB = linpack_double.o

 # For the parser library
 CXX_PARS    = g++
@@ -68,20 +68,21 @@ SCALAPACK = -lscalapack
 LLIBS      += $(SCALAPACK) $(BLASPACK)

 # FFTW (mandatory)
-FFTW_ROOT  ?= /path/to/your/fftw/installation
-LLIBS      += -L$(FFTW_ROOT)/lib -lfftw3 -lfftw3_omp
+# FFTW_ROOT  ?= /path/to/your/fftw/installation
+# LLIBS      += -L$(FFTW_ROOT)/lib -lfftw3 -lfftw3_omp
+LLIBS      += -lfftw3 -lfftw3_omp
 INCS       += -I$(FFTW_ROOT)/include

 # HDF5-support (optional but strongly recommended)
-CPP_OPTIONS+= -DVASP_HDF5
-HDF5_ROOT  ?= /path/to/your/hdf5/installation
-LLIBS      += -L$(HDF5_ROOT)/lib -lhdf5_fortran
-INCS       += -I$(HDF5_ROOT)/include
+#CPP_OPTIONS+= -DVASP_HDF5
+#HDF5_ROOT  ?= /path/to/your/hdf5/installation
+#LLIBS      += -L$(HDF5_ROOT)/lib -lhdf5_fortran
+#INCS       += -I$(HDF5_ROOT)/include

 # For the VASP-2-Wannier90 interface (optional)
-CPP_OPTIONS    += -DVASP2WANNIER90
-WANNIER90_ROOT ?= /path/to/your/wannier90/installation
-LLIBS          += -L$(WANNIER90_ROOT)/lib -lwannier
+#CPP_OPTIONS    += -DVASP2WANNIER90
+#WANNIER90_ROOT ?= /path/to/your/wannier90/installation
+#LLIBS          += -L$(WANNIER90_ROOT)/lib -lwannier

 # For the fftlib library (recommended)
 CPP_OPTIONS+= -Dsysv
--- a/local/pkgs/vasp/nvidia/default.nix
+++ b/local/pkgs/vasp/nvidia/default.nix
@@ -1,71 +0,0 @@
-{
-  buildFHSEnv, writeScript, stdenvNoCC, requireFile, substituteAll,
-  config, cudaCapabilities ? config.cudaCapabilities, nvhpcArch ? config.nvhpcArch or "px",
-  nvhpc, lmod, mkl, gfortran, rsync, which, hdf5, wannier90
-}:
-let
-  sources = import ../source.nix { inherit requireFile; };
-  buildEnv = buildFHSEnv
-  {
-    name = "buildEnv";
-    targetPkgs = pkgs: with pkgs; [ zlib ];
-  };
-  buildScript = writeScript "build"
-  ''
-    . ${lmod}/share/lmod/lmod/init/bash
-    module use ${nvhpc}/share/nvhpc/modulefiles
-    module load nvhpc
-    mkdir -p bin
-    make DEPS=1 -j$NIX_BUILD_CORES
-  '';
-  include = version: substituteAll
-  {
-    src = ./makefile.include-${version};
-    cudaCapabilities = builtins.concatStringsSep "," (builtins.map
-      (cap: "cc${builtins.replaceStrings ["."] [""] cap}")
-      cudaCapabilities);
-    inherit nvhpcArch;
-  };
-  vasp = version: stdenvNoCC.mkDerivation rec
-  {
-    pname = "vasp-nvidia";
-    inherit version;
-    src = sources.${version};
-    configurePhase =
-    ''
-      cp ${include version} makefile.include
-      cp ${../constr_cell_relax.F} src/constr_cell_relax.F
-    '';
-    enableParallelBuilding = true;
-    buildInputs = [ mkl hdf5 wannier90 ];
-    nativeBuildInputs = [ gfortran rsync which ];
-    MKLROOT = "${mkl}";
-    HDF5_ROOT = "${hdf5}";
-    WANNIER90_ROOT = wannier90;
-    buildPhase = "${buildEnv}/bin/buildEnv ${buildScript}";
-    installPhase =
-    ''
-      mkdir -p $out/bin
-      for i in std gam ncl; do cp bin/vasp_$i $out/bin/vasp-$i; done
-    '';
-    requiredSystemFeatures = [ "nvhpcarch-${nvhpcArch}" ];
-  };
-  startScript = version: writeScript "vasp-nvidia-${version}"
-  ''
-    . ${lmod}/share/lmod/lmod/init/bash
-    module use ${nvhpc}/share/nvhpc/modulefiles
-    module load nvhpc
-
-    # if SLURM_CPUS_PER_TASK and SLURM_THREADS_PER_CPU are set, use them to set OMP_NUM_THREADS
-    if [ -n "''${SLURM_CPUS_PER_TASK-}" ] && [ -n "''${SLURM_THREADS_PER_CPU-}" ]; then
-      export OMP_NUM_THREADS=$(( SLURM_CPUS_PER_TASK * SLURM_THREADS_PER_CPU ))
-    fi
-    exec "$@"
-  '';
-  runEnv = version: buildFHSEnv
-  {
-    name = "vasp-nvidia-${version}";
-    targetPkgs = pkgs: with pkgs; [ zlib (vasp version) ];
-    runScript = startScript version;
-  };
-in builtins.mapAttrs (version: _: runEnv version) sources
--- a/local/pkgs/vasp/nvidia/makefile.include-6.3.1
+++ b/local/pkgs/vasp/nvidia/makefile.include-6.3.1
@@ -1,109 +0,0 @@
-# Default precompiler options
-CPP_OPTIONS = -DHOST=\"LinuxNV\" \
-              -DMPI -DMPI_BLOCK=8000 -Duse_collective \
-              -DscaLAPACK \
-              -DCACHE_SIZE=4000 \
-              -Davoidalloc \
-              -Dvasp6 \
-              -Duse_bse_te \
-              -Dtbdyn \
-              -Dqd_emulate \
-              -Dfock_dblbuf \
-              -D_OPENMP \
-              -D_OPENACC \
-              -DUSENCCL -DUSENCCLP2P -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj
-
-CPP         = nvfortran -Mpreprocess -Mfree -Mextend -E $(CPP_OPTIONS) $*$(FUFFIX)  > $*$(SUFFIX)
-
-# N.B.: you might need to change the cuda-version here
-#       to one that comes with your NVIDIA-HPC SDK
-FC          = mpif90 -acc -gpu=@cudaCapabilities@ -mp
-FCL         = mpif90 -acc -gpu=@cudaCapabilities@ -mp -c++libs
-
-FREE        = -Mfree
-
-FFLAGS      = -Mbackslash -Mlarge_arrays
-
-OFLAG       = -fast
-
-DEBUG       = -Mfree -O0 -traceback
-
-OBJECTS     = fftmpiw.o fftmpi_map.o fftw3d.o fft3dlib.o
-
-LLIBS       = -cudalib=cublas,cusolver,cufft,nccl -cuda
-
-# Redefine the standard list of O1 and O2 objects
-SOURCE_O1  := pade_fit.o
-SOURCE_O2  := pead.o
-
-# For what used to be vasp.5.lib
-CPP_LIB     = $(CPP)
-FC_LIB      = nvfortran
-CC_LIB      = nvc -w
-CFLAGS_LIB  = -O
-FFLAGS_LIB  = -O1 -Mfixed
-FREE_LIB    = $(FREE)
-
-OBJECTS_LIB = linpack_double.o getshmem.o
-
-# For the parser library
-CXX_PARS    = nvc++ --no_warnings
-
-##
-## Customize as of this point! Of course you may change the preceding
-## part of this file as well if you like, but it should rarely be
-## necessary ...
-##
-# When compiling on the target machine itself , change this to the
-# relevant target when cross-compiling for another architecture
-VASP_TARGET_CPU ?= -tp=@nvhpcArch@
-FFLAGS     += $(VASP_TARGET_CPU)
-
-# Specify your NV HPC-SDK installation (mandatory)
-#... first try to set it automatically
-NVROOT      =$(shell which nvfortran | awk -F /compilers/bin/nvfortran '{ print $$1 }')
-
-# If the above fails, then NVROOT needs to be set manually
-#NVHPC      ?= /opt/nvidia/hpc_sdk
-#NVVERSION   = 21.11
-#NVROOT      = $(NVHPC)/Linux_x86_64/$(NVVERSION)
-
-## Improves performance when using NV HPC-SDK >=21.11 and CUDA >11.2
-OFLAG_IN   = -fast -Mwarperf
-SOURCE_IN  := nonlr.o
-
-# Software emulation of quadruple precsion (mandatory)
-QD         ?= $(NVROOT)/compilers/extras/qd
-LLIBS      += -L$(QD)/lib -lqdmod -lqd
-INCS       += -I$(QD)/include/qd
-
-# Intel MKL for FFTW, BLAS, LAPACK, and scaLAPACK
-MKLROOT    ?= /path/to/your/mkl/installation
-LLIBS_MKL   = -Mmkl -L$(MKLROOT)/lib -lmkl_scalapack_lp64 -lmkl_blacs_openmpi_lp64
-INCS       += -I$(MKLROOT)/include/fftw
-
-# Use a separate scaLAPACK installation (optional but recommended in combination with OpenMPI)
-# Comment out the two lines below if you want to use scaLAPACK from MKL instead
-# SCALAPACK_ROOT ?= /path/to/your/scalapack/installation
-# LLIBS_MKL   = -L$(SCALAPACK_ROOT)/lib -lscalapack -Mmkl
-
-LLIBS      += $(LLIBS_MKL)
-
-# HDF5-support (optional but strongly recommended)
-CPP_OPTIONS+= -DVASP_HDF5
-HDF5_ROOT  ?= /path/to/your/hdf5/installation
-LLIBS      += -L$(HDF5_ROOT)/lib -lhdf5_fortran
-INCS       += -I$(HDF5_ROOT)/include
-
-# For the VASP-2-Wannier90 interface (optional)
-CPP_OPTIONS    += -DVASP2WANNIER90
-WANNIER90_ROOT ?= /path/to/your/wannier90/installation
-LLIBS          += -L$(WANNIER90_ROOT)/lib -lwannier
-
-# For the fftlib library (hardly any benefit for the OpenACC GPU port, especially in combination with MKL's FFTs)
-#CPP_OPTIONS+= -Dsysv
-#FCL        += fftlib.o
-#CXX_FFTLIB  = nvc++ -mp --no_warnings -std=c++11 -DFFTLIB_USE_MKL -DFFTLIB_THREADSAFE
-#INCS_FFTLIB = -I./include -I$(MKLROOT)/include/fftw
-#LIBS       += fftlib
-#LLIBS      += -ldl
--- a/local/pkgs/vasp/nvidia/makefile.include-6.4.0
+++ b/local/pkgs/vasp/nvidia/makefile.include-6.4.0
@@ -1,109 +0,0 @@
-# Default precompiler options
-CPP_OPTIONS = -DHOST=\"LinuxNV\" \
-              -DMPI -DMPI_INPLACE -DMPI_BLOCK=8000 -Duse_collective \
-              -DscaLAPACK \
-              -DCACHE_SIZE=4000 \
-              -Davoidalloc \
-              -Dvasp6 \
-              -Duse_bse_te \
-              -Dtbdyn \
-              -Dqd_emulate \
-              -Dfock_dblbuf \
-              -D_OPENMP \
-              -D_OPENACC \
-              -DUSENCCL -DUSENCCLP2P -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj
-
-CPP         = nvfortran -Mpreprocess -Mfree -Mextend -E $(CPP_OPTIONS) $*$(FUFFIX)  > $*$(SUFFIX)
-
-# N.B.: you might need to change the cuda-version here
-#       to one that comes with your NVIDIA-HPC SDK
-FC          = mpif90 -acc -gpu=@cudaCapabilities@ -mp
-FCL         = mpif90 -acc -gpu=@cudaCapabilities@ -mp -c++libs
-
-FREE        = -Mfree
-
-FFLAGS      = -Mbackslash -Mlarge_arrays
-
-OFLAG       = -fast
-
-DEBUG       = -Mfree -O0 -traceback
-
-OBJECTS     = fftmpiw.o fftmpi_map.o fftw3d.o fft3dlib.o
-
-LLIBS       = -cudalib=cublas,cusolver,cufft,nccl -cuda
-
-# Redefine the standard list of O1 and O2 objects
-SOURCE_O1  := pade_fit.o minimax_dependence.o
-SOURCE_O2  := pead.o
-
-# For what used to be vasp.5.lib
-CPP_LIB     = $(CPP)
-FC_LIB      = nvfortran
-CC_LIB      = nvc -w
-CFLAGS_LIB  = -O
-FFLAGS_LIB  = -O1 -Mfixed
-FREE_LIB    = $(FREE)
-
-OBJECTS_LIB = linpack_double.o getshmem.o
-
-# For the parser library
-CXX_PARS    = nvc++ --no_warnings
-
-##
-## Customize as of this point! Of course you may change the preceding
-## part of this file as well if you like, but it should rarely be
-## necessary ...
-##
-# When compiling on the target machine itself , change this to the
-# relevant target when cross-compiling for another architecture
-VASP_TARGET_CPU ?= -tp=@nvhpcArch@
-FFLAGS     += $(VASP_TARGET_CPU)
-
-# Specify your NV HPC-SDK installation (mandatory)
-#... first try to set it automatically
-NVROOT      =$(shell which nvfortran | awk -F /compilers/bin/nvfortran '{ print $$1 }')
-
-# If the above fails, then NVROOT needs to be set manually
-#NVHPC      ?= /opt/nvidia/hpc_sdk
-#NVVERSION   = 21.11
-#NVROOT      = $(NVHPC)/Linux_x86_64/$(NVVERSION)
-
-## Improves performance when using NV HPC-SDK >=21.11 and CUDA >11.2
-OFLAG_IN   = -fast -Mwarperf
-SOURCE_IN  := nonlr.o
-
-# Software emulation of quadruple precsion (mandatory)
-QD         ?= $(NVROOT)/compilers/extras/qd
-LLIBS      += -L$(QD)/lib -lqdmod -lqd
-INCS       += -I$(QD)/include/qd
-
-# Intel MKL for FFTW, BLAS, LAPACK, and scaLAPACK
-MKLROOT    ?= /path/to/your/mkl/installation
-LLIBS_MKL   = -Mmkl -L$(MKLROOT)/lib -lmkl_scalapack_lp64 -lmkl_blacs_openmpi_lp64
-INCS       += -I$(MKLROOT)/include/fftw
-
-# Use a separate scaLAPACK installation (optional but recommended in combination with OpenMPI)
-# Comment out the two lines below if you want to use scaLAPACK from MKL instead
-# SCALAPACK_ROOT ?= /path/to/your/scalapack/installation
-# LLIBS_MKL   = -L$(SCALAPACK_ROOT)/lib -lscalapack -Mmkl
-
-LLIBS      += $(LLIBS_MKL)
-
-# HDF5-support (optional but strongly recommended)
-CPP_OPTIONS+= -DVASP_HDF5
-HDF5_ROOT  ?= /path/to/your/hdf5/installation
-LLIBS      += -L$(HDF5_ROOT)/lib -lhdf5_fortran
-INCS       += -I$(HDF5_ROOT)/include
-
-# For the VASP-2-Wannier90 interface (optional)
-CPP_OPTIONS    += -DVASP2WANNIER90
-WANNIER90_ROOT ?= /path/to/your/wannier90/installation
-LLIBS          += -L$(WANNIER90_ROOT)/lib -lwannier
-
-# For the fftlib library (hardly any benefit for the OpenACC GPU port, especially in combination with MKL's FFTs)
-#CPP_OPTIONS+= -Dsysv
-#FCL        += fftlib.o
-#CXX_FFTLIB  = nvc++ -mp --no_warnings -std=c++11 -DFFTLIB_USE_MKL -DFFTLIB_THREADSAFE
-#INCS_FFTLIB = -I./include -I$(MKLROOT)/include/fftw
-#LIBS       += fftlib
-#LLIBS      += -ldl
--- a/local/pkgs/vasp/source.nix
+++ b/local/pkgs/vasp/source.nix
@@ -1,16 +0,0 @@
-{ requireFile }:
-let
-  hashes =
-  {
-    # nix-store --query --hash $(nix store add-path ./vasp-6.4.0)
-    "6.3.1" = "1xdr5kjxz6v2li73cbx1ls5b1lnm6z16jaa4fpln7d3arnnr1mgx";
-    "6.4.0" = "189i1l5q33ynmps93p2mwqf5fx7p4l50sls1krqlv8ls14s3m71f";
-  };
-  sources = version: sha256: requireFile
-  {
-    name = "vasp-${version}";
-    inherit sha256;
-    hashMode = "recursive";
-    message = "Source file not found.";
-  };
-in builtins.mapAttrs sources hashes
--- a/local/pkgs/vaspkit/default.nix
+++ b/local/pkgs/vaspkit/default.nix
@@ -7,15 +7,15 @@ let
    hashMode = "recursive";
    message = "POTCAR not found.";
  };
-  unwrapped = stdenv.mkDerivation rec
+  unwrapped = stdenv.mkDerivation
  {
    pname = "vaspkit-unwrapped";
-    version = "1.5.1";
+    version = "1.4.1";
    buildInputs = [ autoPatchelfHook stdenv.cc.cc ];
    src = fetchurl
    {
-      url = "mirror://sourceforge/vaspkit/Binaries/vaspkit.${version}.linux.x64.tar.gz";
-      sha256 = "1cbj1mv7vx18icwlk9d2vfavsfd653943xg2ywzd8b7pb43xrfs1";
+      url = "mirror://sourceforge/vaspkit/Binaries/vaspkit.1.4.1.linux.x64.tar.gz";
+      sha256 = "0i5m7nbvqk7hzxisyydjvs2l8lnvj9vsxa170783kv9zmp51lnvs";
    };
    installPhase =
    ''
--- a/local/pkgs/win11os-kde/default.nix
+++ b/local/pkgs/win11os-kde/default.nix
@@ -1,20 +0,0 @@
-{ lib, stdenv, src }: stdenv.mkDerivation
-{
-  name = "win11os-kde";
-  inherit src;
-  installPhase =
-  ''
-    mkdir -p $out/share/aurorae/themes
-    cp -r $src/aurorae/* $out/share/aurorae/themes
-    mkdir -p $out/share/color-schemes
-    cp -r $src/color-schemes/*.colors $out/share/color-schemes
-    mkdir -p $out/share/Kvantum
-    cp -r $src/Kvantum/* $out/share/Kvantum
-    mkdir -p $out/share/plasma/desktoptheme
-    cp -r $src/plasma/desktoptheme/* $out/share/plasma/desktoptheme
-    mkdir -p $out/share/plasma/look-and-feel
-    cp -r $src/plasma/look-and-feel/* $out/share/plasma/look-and-feel
-    mkdir -p $out/share/wallpapers
-    cp -r $src/wallpaper/* $out/share/wallpapers
-  '';
-}
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -21,9 +21,12 @@ inputs:
          [
            topInputs.qchem.overlays.default
            topInputs.nixd.overlays.default
+            topInputs.nix-alien.overlays.default
            topInputs.napalm.overlays.default
            topInputs.pnpm2nix-nzbr.overlays.default
+            topInputs.lmix.overlays.default
            topInputs.aagl.overlays.default
+            (import "${topInputs.dguibert-nur-packages}/overlays/nvhpc-overlay")
            (final: prev:
            {
              nix-vscode-extensions = topInputs.nix-vscode-extensions.extensions."${prev.system}";
@@ -32,9 +35,8 @@ inputs:
              deploy-rs =
                { inherit (prev) deploy-rs; inherit ((topInputs.deploy-rs.overlay final prev).deploy-rs) lib; };
              # needed by mirism
-              "nghttp2-23.05" =
-                inputs.pkgs.callPackage "${inputs.topInputs."nixpkgs-23.05"}/pkgs/development/libraries/nghttp2" {};
-              firefox-addons = (import "${topInputs.rycee}" { inherit (prev) pkgs; }).firefox-addons;
+              nghttp2-2305 =
+                inputs.pkgs.callPackage "${inputs.topInputs.nixpkgs-2305}/pkgs/development/libraries/nghttp2" {};
            })
          ];
          home-manager.sharedModules =
--- a/modules/hardware/default.nix
+++ b/modules/hardware/default.nix
@@ -1,6 +1,6 @@
 inputs:
 {
-  imports = inputs.localLib.mkModules [ ./gpu.nix ./legion.nix ];
+  imports = inputs.localLib.mkModules [ ./legion.nix ];
  options.nixos.hardware = let inherit (inputs.lib) mkOption types; in
  {
    bluetooth.enable = mkOption { type = types.bool; default = false; };
@@ -8,6 +8,15 @@ inputs:
    printer.enable = mkOption { type = types.bool; default = false; };
    sound.enable = mkOption { type = types.bool; default = false; };
    cpus = mkOption { type = types.listOf (types.enum [ "intel" "amd" ]); default = []; };
+    gpus = mkOption { type = types.listOf (types.enum [ "intel" "nvidia" "amd" ]); default = []; };
+    prime =
+    {
+      enable = mkOption { type = types.bool; default = false; };
+      mode = mkOption { type = types.enum [ "offload" "sync" ]; default = "offload"; };
+      busId = mkOption { type = types.attrsOf types.str; default = {}; };
+    };
+    gamemode.drmDevice = mkOption { type = types.int; default = 0; };
+    halo-keyboard.enable = mkOption { type = types.bool; default = false; };
  };
  config =
    let
@@ -73,5 +82,147 @@ inputs:
              concatLists (map (cpu: modules.${cpu}) hardware.cpus);
        }
      )
+      # gpus
+      (
+        mkIf (hardware.gpus != [])
+        {
+          boot.initrd.availableKernelModules =
+            let
+              modules =
+              {
+                intel = [ "i915" ];
+                nvidia = [ "nvidia" "nvidia_drm" "nvidia_modeset" "nvidia_uvm" ];
+                amd = [ "amdgpu" ];
+              };
+            in
+              concatLists (map (gpu: modules.${gpu}) hardware.gpus);
+          hardware =
+          {
+            opengl =
+            {
+              enable = true;
+              driSupport = true;
+              extraPackages =
+                with inputs.pkgs;
+                let
+                  packages =
+                  {
+                    intel = [ intel-compute-runtime intel-media-driver libvdpau-va-gl ]; # intel-vaapi-driver
+                    nvidia = [ vaapiVdpau ];
+                    amd = [ amdvlk rocmPackages.clr rocmPackages.clr.icd ];
+                  };
+                in
+                  concatLists (map (gpu: packages.${gpu}) hardware.gpus);
+              driSupport32Bit = true;
+            };
+            nvidia = mkIf (builtins.elem "nvidia" hardware.gpus)
+            {
+              modesetting.enable = true;
+              powerManagement.enable = true;
+              dynamicBoost.enable = true;
+              nvidiaSettings = true;
+              package = inputs.config.boot.kernelPackages.nvidiaPackages.production;
+            };
+          };
+        }
+      )
+      (mkIf (builtins.elem "intel" hardware.gpus) { services.xserver.videoDrivers = [ "modesetting" ]; })
+      (mkIf (builtins.elem "amd" hardware.gpus) { services.xserver.videoDrivers = [ "modesetting" ]; })
+      # prime
+      (
+        mkIf hardware.prime.enable
+        {
+          hardware.nvidia = mkMerge
+          [
+            (
+              mkIf (hardware.prime.mode == "offload")
+              {
+                prime.offload = { enable = true; enableOffloadCmd = true; };
+                powerManagement = { finegrained = true; enable = true; };
+              }
+            )
+            (
+              mkIf (hardware.prime.mode == "sync")
+              {
+                prime = { sync.enable = true; };
+                # prime.forceFullCompositionPipeline = true;
+              }
+            )
+            {
+              prime = listToAttrs
+                (map (gpu: { inherit (gpu) value; name = "${gpu.name}BusId"; }) (attrsToList hardware.prime.busId));
+            }
+          ];
+        }
+      )
+      { programs.gamemode.settings.gpu.gpu_device = "${toString hardware.gamemode.drmDevice}"; }
+      # halo-keyboard
+      (mkIf hardware.halo-keyboard.enable
+      (
+        let
+          keyboard = inputs.pkgs.localPackages.chromiumos-touch-keyboard;
+          support = inputs.pkgs.localPackages.yoga-support;
+        in
+        {
+          services.udev.packages = [ keyboard support ];
+          systemd.services =
+          {
+            touch-keyboard-handler.serviceConfig =
+            {
+              Type = "simple";
+              WorkingDirectory = "/etc/touch_keyboard";
+              ExecStart = "${keyboard}/bin/touch_keyboard_handler";
+            };
+            yogabook-modes-handler.serviceConfig =
+            {
+              Type = "simple";
+              ExecStart = "${support}/bin/yogabook-modes-handler";
+              StandardOutput = "journal";
+            };
+            monitor-sensor =
+            {
+              wantedBy = [ "default.target" ];
+              serviceConfig =
+              {
+                Type = "simple";
+                ExecStart = "${inputs.pkgs.iio-sensor-proxy}/bin/monitor-sensor --hinge";
+              };
+            };
+          };
+          environment.etc."touch_keyboard".source = "${keyboard}/etc/touch_keyboard";
+          boot.initrd =
+          {
+            services.udev.packages = [ keyboard support ];
+            systemd =
+            {
+              extraBin =
+              {
+                touch_keyboard_handler = "${keyboard}/bin/touch_keyboard_handler";
+                yogabook-modes-handler = "${support}/bin/yogabook-modes-handler";
+              };
+              services =
+              {
+                touch-keyboard-handler =
+                {
+                  serviceConfig =
+                  {
+                    Type = "simple";
+                    WorkingDirectory = "/etc/touch_keyboard";
+                    ExecStart = "${keyboard}/bin/touch_keyboard_handler";
+                  };
+                };
+                yogabook-modes-handler.serviceConfig =
+                {
+                  Type = "simple";
+                  ExecStart = "${support}/bin/yogabook-modes-handler";
+                  StandardOutput = "journal";
+                };
+              };
+
+            };
+            extraFiles."/etc/touch_keyboard".source = "${keyboard}/etc/touch_keyboard";
+          };
+        }
+      ))
    ];
 }
--- a/modules/hardware/gpu.nix
+++ b/modules/hardware/gpu.nix
@@ -1,95 +0,0 @@
-inputs:
-{
-  options.nixos.hardware.gpu = let inherit (inputs.lib) mkOption types; in
-  {
-    type = mkOption
-    {
-      type = types.nullOr (types.enum
-      [
-        # single gpu
-        "intel" "nvidia" "amd"
-        # hibrid gpu: use nvidia prime offload mode
-        "intel+nvidia" "amd+nvidia"
-      ]);
-      default = null;
-    };
-    dynamicBoost = mkOption { type = types.bool; default = false; };
-    prime =
-    {
-      mode = mkOption { type = types.enum [ "offload" "sync" ]; default = "offload"; };
-      busId = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
-    };
-  };
-  config = let inherit (inputs.config.nixos.hardware) gpu; in inputs.lib.mkIf (gpu.type != null) (inputs.lib.mkMerge
-  [
-    # generic settings
-    (
-      let gpus = inputs.lib.strings.splitString "+" gpu.type; in
-      {
-        boot.initrd.availableKernelModules =
-          let modules =
-          {
-            intel = [ "i915" ];
-            nvidia = [ "nvidia" "nvidia_drm" "nvidia_modeset" ]; # nvidia-uvm should not be loaded
-            amd = [ "amdgpu" ];
-          };
-          in builtins.concatLists (builtins.map (gpu: modules.${gpu}) gpus);
-        hardware =
-        {
-          opengl =
-          {
-            enable = true;
-            driSupport = true;
-            driSupport32Bit = true;
-            extraPackages =
-              let packages = with inputs.pkgs;
-              {
-                intel = [ intel-vaapi-driver libvdpau-va-gl intel-media-driver ];
-                nvidia = [ vaapiVdpau ];
-                amd = [ amdvlk rocmPackages.clr rocmPackages.clr.icd ];
-              };
-              in builtins.concatLists (builtins.map (gpu: packages.${gpu}) gpus);
-            extraPackages32 =
-              let packages = { intel = []; nvidia = []; amd = [ inputs.pkgs.driversi686Linux.amdvlk ]; };
-              in builtins.concatLists (builtins.map (gpu: packages.${gpu}) gpus);
-          };
-          nvidia = inputs.lib.mkIf (builtins.elem "nvidia" gpus)
-          {
-            modesetting.enable = true;
-            powerManagement.enable = true;
-            dynamicBoost.enable = inputs.lib.mkIf gpu.dynamicBoost true;
-            nvidiaSettings = true;
-            forceFullCompositionPipeline = true;
-            # package = inputs.config.boot.kernelPackages.nvidiaPackages.production;
-            prime.allowExternalGpu = true;
-          };
-        };
-        boot =
-        {
-          kernelParams = inputs.lib.mkIf (builtins.elem "amd" gpus)
-            [ "radeon.cik_support=0" "amdgpu.cik_support=1" "radeon.si_support=0" "amdgpu.si_support=1" "iommu=pt" ];
-          blacklistedKernelModules = [ "nouveau" ];
-        };
-        environment.variables.VDPAU_DRIVER = inputs.lib.mkIf (builtins.elem "intel" gpus) "va_gl";
-        services.xserver.videoDrivers =
-          let driver = { intel = "modesetting"; amd = "amdgpu"; nvidia = "nvidia"; };
-          in builtins.map (gpu: driver.${gpu}) gpus;
-      }
-    )
-    # nvidia prime offload
-    (
-      inputs.lib.mkIf (inputs.lib.strings.hasSuffix "+nvidia" gpu.type) { hardware.nvidia =
-      {
-        prime =
-        {
-          offload = inputs.lib.mkIf (gpu.prime.mode == "offload") { enable = true; enableOffloadCmd = true; };
-          sync = inputs.lib.mkIf (gpu.prime.mode == "sync") { enable = true; };
-        }
-        // builtins.listToAttrs (builtins.map
-          (gpu: { name = "${if gpu.name == "amd" then "amdgpu" else gpu.name}BusId"; value = "PCI:${gpu.value}"; })
-          (inputs.localLib.attrsToList gpu.prime.busId));
-        powerManagement.finegrained = inputs.lib.mkIf (gpu.prime.mode == "offload") true;
-      };}
-    )
-  ]);
-}
--- a/modules/packages/desktop-fat/chromium.nix
+++ b/modules/packages/desktop-fat/chromium.nix
@@ -3,9 +3,8 @@ inputs:
  config =
    let
      inherit (inputs.lib) mkIf;
-    in mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
+    in mkIf (builtins.elem "desktop-fat" inputs.config.nixos.packages._packageSets)
    {
-      programs.chromium = { enable = true; extraOpts.PasswordManagerEnabled = false; };
      nixos.users.sharedModules =
      [{
        config.programs.chromium =
--- a/modules/packages/desktop-fat/default.nix
+++ b/modules/packages/desktop-fat/default.nix
@@ -1,6 +1,10 @@
 inputs:
 {
-  imports = inputs.localLib.mkModules [ ./steam.nix ];
+  imports = inputs.localLib.mkModules
+  [
+    ./chromium.nix
+    ./steam.nix
+  ];
  config =
    let
      inherit (inputs.lib) mkIf;
@@ -13,7 +17,7 @@ inputs:
          _packages =
          [
            # system management
-            etcher btrfs-assistant snapper-gui libsForQt5.qtstyleplugin-kvantum ventoy-full cpu-x
+            etcher btrfs-assistant snapper-gui libsForQt5.qtstyleplugin-kvantum ventoy-full
            # password and key management
            yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui bitwarden
            # download
@@ -24,7 +28,7 @@ inputs:
            spotify yesplaymusic simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc obs-studio
            waifu2x-converter-cpp inkscape blender
            # editor
-            unstablePackages.typora
+            localPackages.typora
            # themes
            orchis-theme plasma-overdose-kde-theme materia-kde-theme graphite-kde-theme arc-kde-theme materia-theme
            # news
@@ -39,7 +43,6 @@ inputs:
            # office
            crow-translate zotero pandoc ydict libreoffice-qt texstudio poppler_utils pdftk gnuplot pdfchain hdfview
            (texlive.combine { inherit (texlive) scheme-full; inherit (localPackages) citation-style-language; })
-            nextcloud-client
            # math, physics and chemistry
            octaveFull root ovito localPackages.vesta localPackages.vaspkit localPackages.v-sim
          ] ++ (with inputs.lib; filter isDerivation (attrValues plasma5Packages.kdeGear));
--- a/modules/packages/desktop/default.nix
+++ b/modules/packages/desktop/default.nix
@@ -1,6 +1,6 @@
 inputs:
 {
-  imports = inputs.localLib.mkModules [ ./vscode.nix ./firefox.nix ./chromium.nix ./plasma ];
+  imports = inputs.localLib.mkModules [ ./vscode.nix ];
  config =
    let
      inherit (inputs.lib) mkIf;
@@ -17,7 +17,7 @@ inputs:
            ''
              #!${bash}/bin/bash
              if [ "$XDG_SESSION_TYPE" = "x11" ]; then
-                exec ${xclip}/bin/xclip -sel clip "$@"
+                exec ${xclip}/bin/xclip "$@"
              else
                exec ${wl-clipboard-x11}/bin/xclip "$@"
              fi
@@ -30,16 +30,23 @@ inputs:
          # media
          mpv nomacs
          # themes
-          tela-circle-icon-theme localPackages.win11os-kde localPackages.fluent-kde localPackages.blurred-wallpaper
-          localPackages.slate utterly-nord-plasma
+          tela-circle-icon-theme
        ];
+        users.sharedModules =
+        [{
+          config.home.file.".config/baloofilerc".text =
+          ''
+            [Basic Settings]
+            Indexing-Enabled=false
+          '';
+        }];
      };
      programs =
      {
        adb.enable = true;
        wireshark = { enable = true; package = inputs.pkgs.wireshark; };
+        firefox = { enable = true; languagePacks = [ "zh-CN" "en-US" ]; };
        vim.package = inputs.pkgs.vim-full;
-        yubikey-touch-detector.enable = true;
      };
      nixpkgs.config.packageOverrides = pkgs: 
      {
--- a/modules/packages/desktop/firefox.nix
+++ b/modules/packages/desktop/firefox.nix
@@ -1,58 +0,0 @@
-inputs:
-{
-  config = inputs.lib.mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
-  {
-    nixos.users.sharedModules = [{ config =
-    {
-      programs.firefox =
-      {
-        enable = true;
-        # TODO: switch to 24.05
-        # nativeMessagingHosts = [ inputs.pkgs.plasma-browser-integration ];
-        package = inputs.pkgs.firefox.override { nativeMessagingHosts = [ inputs.pkgs.plasma-browser-integration ]; };
-        policies.DefaultDownloadDirectory = "\${home}/Downloads";
-        profiles.default =
-        {
-          extensions = with inputs.pkgs.firefox-addons;
-          [
-            immersive-translate tampermonkey bitwarden cookies-txt dualsub firefox-color i-dont-care-about-cookies
-            metamask pakkujs switchyomega rsshub-radar rsspreview tabliss tree-style-tab ublock-origin wallabagger
-            wappalyzer grammarly plasma-integration
-            (
-              buildFirefoxXpiAddon rec
-              {
-                pname = "zotero-connector";
-                version = "5.0.119";
-                addonId = "zotero@chnm.gmu.edu";
-                url = "https://download.zotero.org/connector/firefox/release/Zotero_Connector-${version}.xpi";
-                sha256 = "17yhkp5nrx325q3amlasb4nsw0bldm8i2i9fh8ql2hwj8fmy25mr";
-                meta = {};
-              }
-            )
-          ];
-          search = { default = "Google"; force = true; };
-          userChrome = builtins.readFile "${inputs.topInputs.lepton}/userChrome.css";
-          userContent = builtins.readFile "${inputs.topInputs.lepton}/userContent.css";
-          extraConfig = builtins.readFile "${inputs.topInputs.lepton}/user.js";
-          settings =
-          {
-            # general
-            "browser.search.region" = "CN";
-            "intl.locale.requested" = "zh-CN,en-US";
-            "browser.aboutConfig.showWarning" = false;
-            "browser.bookmarks.showMobileBookmarks" = true;
-            "browser.download.panel.shown" = true;
-            "browser.download.useDownloadDir" = true;
-            "browser.newtab.extensionControlled" = true;
-            "browser.toolbars.bookmarks.visibility" = "never";
-            # allow to apply userChrome.css
-            "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
-          };
-        };
-      };
-      home.file.".mozilla/firefox/profiles.ini".force = true;
-    };}];
-    # still enable global firefox, to install language packs
-    programs.firefox = { enable = true; languagePacks = [ "zh-CN" "en-US" ]; };
-  };
-}
--- a/modules/packages/desktop/plasma/default.nix
+++ b/modules/packages/desktop/plasma/default.nix
@@ -1,98 +0,0 @@
-inputs:
-{
-  imports = inputs.localLib.mkModules [ ./konsole.nix ];
-  config.nixos.users.sharedModules = inputs.lib.mkIf inputs.config.nixos.system.gui.enable
-  [{
-    config.programs.plasma = inputs.lib.mkMerge
-    [
-      # TODO: autostart, panel, discard user changed settings
-      # general
-      {
-        enable = true;
-        configFile.plasma-localerc = { Formats.LANG = "en_US.UTF-8"; Translations.LANGUAGE = "zh_CN"; };
-      }
-      # kwin
-      {
-        kwin.titlebarButtons =
-        {
-          right = [ "help" "keep-below-windows" "keep-above-windows" "minimize" "maximize" "close" ];
-          left = [ "more-window-actions" ];
-        };
-        windows.allowWindowsToRememberPositions = false;
-        configFile =
-        {
-          plasmanotifyrc.Notifications.PopupPosition = "BottomRight";
-          kwinrc =
-          {
-            Tiling.padding = 4;
-            Wayland."InputMethod[$e]" = "/run/current-system/sw/share/applications/org.fcitx.Fcitx5.desktop";
-            Windows.RollOverDesktops = true;
-            Compositing = { AllowTearing = false; WindowsBlockCompositing = false; };
-          };
-        };
-      }
-      # baloo
-      { configFile.baloofilerc."Basic Settings".Indexing-Enabled = false; }
-      # dolphin and file chooser
-      {
-        configFile =
-        {
-          dolphinrc =
-          {
-            General = { ShowFullPath = true; FilterBar = true; RememberOpenedTabs = false; };
-            PreviewSettings.Plugins = builtins.concatStringsSep ","
-            [
-              "blenderthumbnail"
-              "comicbookthumbnail"
-              "djvuthumbnail"
-              "ebookthumbnail"
-              "exrthumbnail"
-              "marble_thumbnail_geojson"
-              "marble_thumbnail_gpx"
-              "jpegthumbnail"
-              "marble_thumbnail_kmz"
-              "marble_thumbnail_kml"
-              "kraorathumbnail"
-              "windowsimagethumbnail"
-              "windowsexethumbnail"
-              "mltpreview"
-              "mobithumbnail"
-              "opendocumentthumbnail"
-              "marble_thumbnail_osm"
-              "palathumbcreator"
-              "gsthumbnail"
-              "rawthumbnail"
-              "svgthumbnail"
-              "imagethumbnail"
-              "fontthumbnail"
-              "directorythumbnail"
-              "textthumbnail"
-              "webarchivethumbnail"
-              "ffmpegthumbs"
-              "audiothumbnail"
-            ];
-          };
-          kdeglobals."KFileDialog Settings" =
-          {
-            "Allow Expansion" = true;
-            "Automatically select filename extension" = true;
-            "Show Bookmarks" = true;
-            "Show Full Path" = true;
-            "Show Inline Previews" = true;
-            "Show Preview" = true;
-            "Show Speedbar" = true;
-            "Show hidden files" = true;
-            "Sort by" = "Name";
-            "Sort directories first" = true;
-            "Sort hidden files last" = true;
-            "View Style" = "DetailTree";
-          };
-        };
-      }
-      # krunner
-      { configFile.krunnerrc = { General.FreeFloating = true; Plugins.baloosearchEnabled = false; }; }
-      # lock screen
-      { configFile.kscreenlockerrc.Daemon.Autolock = false; }
-    ];
-  }];
-}
--- a/modules/packages/desktop/plasma/konsole.nix
+++ b/modules/packages/desktop/plasma/konsole.nix
@@ -1,84 +0,0 @@
-inputs:
-{
-  config = inputs.lib.mkIf inputs.config.nixos.system.gui.enable
-  {
-    nixos.users.sharedModules =
-    [(hmInputs: {
-      config =
-      {
-        programs.plasma =
-        {
-          overrideConfig = true;
-          overrideConfigFiles = [ "konsolerc" "yakuakerc" ];
-          configFile =
-          {
-            yakuakerc =
-            {
-              Appearance =
-              {
-                HideSkinBorders = true;
-                Skin = "Slate";
-                Translucency = true;
-              };
-              "Desktop Entry".DefaultProfile = "plasma-manager.profile";
-              Dialogs.FirstRun = false;
-              Window =
-              {
-                KeepOpen = false;
-                KeepOpenAfterLastSessionCloses = true;
-                ShowSystrayIcon = false;
-              };
-            };
-            konsolerc =
-            {
-              "Desktop Entry".DefaultProfile = "plasma-manager.profile";
-              "MainWindow.Toolbar sessionToolbar".ToolButtonStyle = "IconOnly";
-            };
-          };
-          dataFile."konsole/plasma-manager.profile" =
-          {
-            Appearance =
-            {
-              AntiAliasFonts = true;
-              BoldIntense = true;
-              ColorScheme = "Breeze";
-              Font = "FiraCode Nerd Font Mono,10,-1,5,50,0,0,0,0,0";
-              UseFontLineChararacters = true;
-              WordModeAttr = false;
-            };
-            "Cursor Options".CursorShape = 1;
-            General =
-            {
-              Name = "plasma-manager";
-              Parent = "FALLBACK/";
-              TerminalCenter = true;
-              TerminalMargin = 1;
-            };
-            "Interaction Options" =
-            {
-              AutoCopySelectedText = true;
-              TrimLeadingSpacesInSelectedText = true;
-              TrimTrailingSpacesInSelectedText = true;
-              UnderlineFilesEnabled = true;
-            };
-            Scrolling =
-            {
-              HistoryMode = 2;
-              ReflowLines = false;
-            };
-            "Terminal Features".BlinkingCursorEnabled = true;
-          };
-        };
-        home.file.".local/share/konsole/Breeze.colorscheme".text = builtins.replaceStrings
-          [ "Opacity=1" ] [ "Opacity=0.9\nBlur=true" ]
-          (builtins.readFile "${inputs.pkgs.konsole}/share/konsole/Breeze.colorscheme");
-      };
-    })];
-    environment.persistence =
-      let impermanence = inputs.config.nixos.system.impermanence;
-      in inputs.lib.mkIf impermanence.enable (inputs.lib.mkMerge (builtins.map
-        (user:
-          { "${impermanence.root}".users.${user}.directories = [ ".local/share/konsole" ".local/share/yakuake" ]; })
-        inputs.config.nixos.users.users));
-  };
-}
--- a/modules/packages/desktop/vscode.nix
+++ b/modules/packages/desktop/vscode.nix
@@ -22,7 +22,7 @@ inputs:
              ])
              ++ (with ms-vscode;
              [
-                (cmake-tools.overrideAttrs { sourceRoot = "extension"; }) cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
+                cmake-tools cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
                test-adapter-converter
              ])
              ++ (with ms-vscode-remote; [ remote-ssh remote-containers remote-ssh-edit ])
@@ -46,7 +46,6 @@ inputs:
                shd101wyy.markdown-preview-enhanced
                # vasp
                mystery.vasp-support
-                yutengjing.open-in-external-app
              ];
          }
        )];
--- a/modules/packages/server/default.nix
+++ b/modules/packages/server/default.nix
@@ -17,7 +17,7 @@ inputs:
      {
        packages = with inputs.pkgs;
        {
-          _packages =
+          _packages = 
          [
            # shell
            ksh
@@ -45,17 +45,12 @@ inputs:
            # networking
            ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils wireguard-tools
            # nix tools
-            nix-output-monitor nix-tree ssh-to-age (callPackage "${inputs.topInputs.nix-fast-build}" {})
+            nix-output-monitor nix-tree ssh-to-age
            # office
-            todo-txt-cli pdfgrep
+            todo-txt-cli
            # development
            gdb try inputs.topInputs.plasma-manager.packages.x86_64-linux.rc2nix hexo-cli
          ] ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
-          _pythonPackages = [(pythonPackages: with pythonPackages;
-          [
-            openai python-telegram-bot fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
-            certifi charset-normalizer idna orjson psycopg2 inquirerpy requests tqdm pydbus
-          ])];
        };
        users.sharedModules = [(home-inputs:
        {
--- a/modules/packages/server/ssh/default.nix
+++ b/modules/packages/server/ssh/default.nix
@@ -44,7 +44,7 @@ inputs:
            surface =
            {
              ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdm3DcfHdcLP0oSpVrWwIZ/b9lZuakBSPwCFz2BdTJ7";
-              hostnames = [ "192.168.1.166" "wireguard.surface.chn.moe" "192.168.83.5" ];
+              hostnames = [ "192.168.1.166" ];
            };
            pc =
            {
@@ -61,16 +61,6 @@ inputs:
              ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
              hostnames = [ "github.com" ];
            };
-            xmupc1 =
-            {
-              ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp";
-              hostnames = [ "[office.chn.moe]:6007" "[xmupc1.chn.moe]:6007" "wireguard.xmupc1.chn.moe" "192.168.83.6" ];
-            };
-            xmupc2 =
-            {
-              ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZ/+divGnDr0x+UlknA84Tfu6TPD+zBGmxWZY4Z38P6";
-              hostnames = [ "[xmupc2.chn.moe]:6394" "wireguard.xmupc2.chn.moe" "192.168.83.7" ];
-            };
          };
        in listToAttrs (concatLists (map
          (server:
@@ -131,10 +121,7 @@ inputs:
          (
            (builtins.map
              (host: { name = host; value = { inherit host; hostname = "${host}.chn.moe"; }; })
-              [
-                "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.pc" "wireguard.nas" "wireguard.surface"
-                "wireguard.xmupc1" "wireguard.xmupc2"
-              ])
+              [ "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.pc" "wireguard.nas" ])
            ++ (builtins.map
              (host:
              {
@@ -153,9 +140,6 @@ inputs:
                        usernameMap =
                        {
                          chn = "linwei/chn";
-                          xll = "linwei/Xll";
-                          yjq = "linwei/yjq";
-                          gb = "kangjunyong/gongbin";
                        };
                        cdString =
                          if host == "jykang" && (usernameMap ? ${hmInputs.config.home.username}) then
@@ -180,8 +164,7 @@ inputs:
              [ "wlin" "jykang" "hwang" ])
          )
          // {
-            xmupc1 = { host = "xmupc1"; hostname = "xmupc1.chn.moe"; port = 6007; };
-            xmupc2 = { host = "xmupc2"; hostname = "xmupc2.chn.moe"; port = 6394; };
+            xmupc1 = { host = "xmupc1"; hostname = "office.chn.moe"; port = 6007; };
            nas = { host = "nas"; hostname = "office.chn.moe"; port = 5440; };
            surface = { host = "surface"; hostname = "192.168.1.166"; };
            gitea = { host = "gitea"; hostname = "ssh.git.chn.moe"; };
--- a/modules/packages/server/ssh/xmupc1_rsa.pub
+++ b/modules/packages/server/ssh/xmupc1_rsa.pub
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVbOvoFVaGkqYzIWsmMFlpkE+TDAONOWWaJBQ0K4fiOLy7uh02b/jYNZrbllPDP+Gq+ikYEJnJX2ceDsh9mLtJTznBQXgJOMUZDYy0enu7hYLKMmRTgJntzHjMbZENMhP+I3N9JnQ1PQz7lICg1xkEBQm2CESYCCjo0rJKYplPH1bo02myEazKlKTn6tu40ysrYOoJO8+jwbUDqtWATjSZtgYojuh6dbIoK3O+Ntgwl4W0NqXEqXYXTWpU0qKOqAsP/9F9WJ5d1wVNNbvmcAJ26dkYaiPCNgW4MGTucAgoxM6IPVVj9U+OEZLoCPsqAGCT02vH5MoDNTmGaSv0DjuYOzz5C+jAhMCznXFXCI4bfawvuda/WwGIniB5iKNSBZt3XxYyUw4YBcVCNiWUt9bIgEvnR4E8HYHdjNrbQ0Z58L6DcPSySLQer7C658Vo/nRUlBq6lIWYhcdjxHHkP9iFtuFW1HmoUKkuaLl+uiflrSppX9wt8eaPwGgGIHkLwgc=
--- a/modules/packages/server/ssh/xmupc2_rsa.pub
+++ b/modules/packages/server/ssh/xmupc2_rsa.pub
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCa7ZRmIAtuGd58MQXnJnPqmad+6u8JiBKb7+xEfMmVdeVtJ5lEfXCkZ0vbSMxnGZCLL3eVxdejaGToLw+ArEJ1cl6KzZdsdGy1wATFtJj4oYHtZ/MXg+qulNR4nQ6DGWfGR7FEXjZNaJfVuLBFBmUlsbotBdhaAJzw5+nnIxY5d86nfqzsYstMqB/1ZHLRTV9h/jp8XNgnUu1BR/oVk4eMvzTUbr42LedeB1anLnI0+ycAzol/XMpsUNuRLVhYhMbg9rpyoZF1WMBTjG2Jnv9JtCpJlnZaOjzh3eD8PBuyZtGyya7QxVkhH4ULUMNnuyi8E0IOJwdN4cQi61fa7rLtsYfUrN2w0nI/WRLiBxiuPbvq4tKeHi8DpM/MrUbZONY2eFo4CaX9sxYN6U65jDfsbK3x6Za0HhVt8zcPLGgESm4Y6O8YTQrdbpL1ifNFX2Y9B++FQw2iRoqa6U0Wrs6SfVQFp1RqnqSl6fLOCixl16PpHWqRilweKbg3uIMEqEc=
--- a/modules/packages/server/zsh/default.nix
+++ b/modules/packages/server/zsh/default.nix
@@ -5,67 +5,62 @@ inputs:
      inherit (inputs.lib) mkIf;
    in mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
    {
-      nixos.users.sharedModules = [(home-inputs: { config.programs =
+      nixos.users.sharedModules = [(home-inputs: { config.programs.zsh =
      {
-        zsh =
-        {
-          enable = true;
-          initExtraBeforeCompInit =
-          ''
-            # p10k instant prompt
-            P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
-            [[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
-            HYPHEN_INSENSITIVE="true"
-            export PATH=~/bin:$PATH
-            function br
-            {
-              local cmd cmd_file code
-              cmd_file=$(mktemp)
-              if broot --outcmd "$cmd_file" "$@"; then
-                cmd=$(<"$cmd_file")
-                command rm -f "$cmd_file"
-                eval "$cmd"
-              else
-                code=$?
-                command rm -f "$cmd_file"
-                return "$code"
-              fi
-            }
-            alias todo="todo.sh"
-          '';
-          plugins =
-          [
-            {
-              file = "powerlevel10k.zsh-theme";
-              name = "powerlevel10k";
-              src = "${inputs.pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
-            }
-            {
-              file = "p10k.zsh";
-              name = "powerlevel10k-config";
-              src = ./p10k-config;
-            }
-            {
-              name = "zsh-lsd";
-              src = inputs.pkgs.fetchFromGitHub
-              {
-                owner = "z-shell";
-                repo = "zsh-lsd";
-                rev = "65bb5ac49190beda263aae552a9369127961632d";
-                hash = "sha256-JSNsfpgiqWhtmGQkC3B0R1Y1QnDKp9n0Zaqzjhwt7Xk=";
-              };
-            }
-          ];
-          history =
+        enable = true;
+        initExtraBeforeCompInit =
+        ''
+          # p10k instant prompt
+          P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
+          [[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
+          HYPHEN_INSENSITIVE="true"
+          export PATH=~/bin:$PATH
+          function br
          {
-            path = "${home-inputs.config.xdg.dataHome}/zsh/zsh_history";
-            extended = true;
-            save = 100000000;
-            size = 100000000;
-          };
+            local cmd cmd_file code
+            cmd_file=$(mktemp)
+            if broot --outcmd "$cmd_file" "$@"; then
+              cmd=$(<"$cmd_file")
+              command rm -f "$cmd_file"
+              eval "$cmd"
+            else
+              code=$?
+              command rm -f "$cmd_file"
+              return "$code"
+            fi
+          }
+          alias todo="todo.sh"
+        '';
+        plugins =
+        [
+          {
+            file = "powerlevel10k.zsh-theme";
+            name = "powerlevel10k";
+            src = "${inputs.pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
+          }
+          {
+            file = "p10k.zsh";
+            name = "powerlevel10k-config";
+            src = ./p10k-config;
+          }
+          {
+            name = "zsh-lsd";
+            src = inputs.pkgs.fetchFromGitHub
+            {
+              owner = "z-shell";
+              repo = "zsh-lsd";
+              rev = "65bb5ac49190beda263aae552a9369127961632d";
+              hash = "sha256-JSNsfpgiqWhtmGQkC3B0R1Y1QnDKp9n0Zaqzjhwt7Xk=";
+            };
+          }
+        ];
+        history =
+        {
+          path = "${home-inputs.config.xdg.dataHome}/zsh/zsh_history";
+          extended = true;
+          save = 100000000;
+          size = 100000000;
        };
-        # set bash history file path, avoid overwriting zsh history
-        bash = { enable = true; historyFile =  "${home-inputs.config.xdg.dataHome}/bash/bash_history"; };
      };})];
      programs.zsh =
      {
--- a/modules/packages/workstation/default.nix
+++ b/modules/packages/workstation/default.nix
@@ -14,9 +14,9 @@ inputs:
            # password and key management
            electrum jabref
            # system management
-            wl-mirror nvtop
+            wl-mirror
            # nix tools
-            nix-template nil pnpm-lock-export bundix
+            nix-template nil nix-alien pnpm-lock-export bundix
            # instant messager
            qq nur-xddxdd.wechat-uos cinny-desktop nheko
            # development
@@ -28,23 +28,29 @@ inputs:
            # text editor
            appflowy notion-app-enhanced joplin-desktop standardnotes logseq
            # math, physics and chemistry
-            mathematica paraview jmol mpi localPackages.mumax quantum-espresso
+            mathematica paraview localPackages.vasp jmol # qchem.quantum-espresso
            # encryption and password management
            john crunch hashcat
            # container and vm
-            genymotion davinci-resolve playonlinux
+            genymotion # davinci-resolve playonlinux
            # browser
-            microsoft-edge tor-browser
+            microsoft-edge
            # news
            rssguard newsflash newsboat
-          ]
-          ++ (builtins.concatLists (builtins.map
-            (compiler: builtins.map (version: localPackages.vasp.${compiler}.${version}) [ "6.3.1" "6.4.0" ])
-            [ "gnu" "nvidia" ]));
+            yuzu-early-access
+          ];
          _pythonPackages = [(pythonPackages: with pythonPackages;
          [
-            phonopy tensorflow keras scipy scikit-learn jupyterlab autograd # localPackages.pix2tex
+            phonopy tensorflow keras openai scipy scikit-learn jupyterlab autograd
+            # localPackages.pix2tex
+            inquirerpy requests python-telegram-bot tqdm fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
+            certifi charset-normalizer idna orjson psycopg2
          ])];
+          _prebuildPackages =
+          [
+            httplib magic-enum xtensor boost cereal cxxopts ftxui yaml-cpp gfortran gcc10 python2
+            gcc13Stdenv
+          ];
        };
        users.sharedModules =
        [{
@@ -65,6 +71,29 @@ inputs:
        anime-game-launcher = { enable = true; package = inputs.pkgs.anime-game-launcher; };
        honkers-railway-launcher = { enable = true; package = inputs.pkgs.honkers-railway-launcher; };
        nix-ld.enable = true;
+        gamemode =
+        {
+          enable = true;
+          settings =
+          {
+            general.renice = 10;
+            gpu =
+            {
+              apply_gpu_optimisations = "accept-responsibility";
+              nv_powermizer_mode = 1;
+            };
+            custom = let notify-send = "${inputs.pkgs.libnotify}/bin/notify-send"; in
+            {
+              start = "${notify-send} 'GameMode started'";
+              end = "${notify-send} 'GameMode ended'";
+            };
+          };
+        };
+        chromium =
+        {
+          enable = true;
+          extraOpts.PasswordManagerEnabled = false;
+        };
      };
    };
 }
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -40,9 +40,6 @@ inputs:
    ./fail2ban.nix
    ./wireguard.nix
    ./akkoma.nix
-    ./gamemode.nix
-    ./vikunja.nix
-    ./slurm.nix
  ];
  options.nixos.services = let inherit (inputs.lib) mkOption types; in
  {
--- a/modules/services/fontconfig.nix
+++ b/modules/services/fontconfig.nix
@@ -14,18 +14,14 @@ inputs:
      {
        fontDir.enable = true;
        packages = with inputs.pkgs;
-        [
-          noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono nerdfonts hack-font inter
-          noto-fonts-color-emoji roboto sarasa-gothic source-han-mono wqy_microhei wqy_zenhei
-        ];
+          [ noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono nerdfonts ];
        fontconfig.defaultFonts =
        {
          emoji = [ "Noto Color Emoji" ];
-          monospace = [ "Hack" "Source Han Mono SC" ];
-          sansSerif = [ "Inter" "Liberation Sans" "Source Han Sans SC" ];
-          serif = [ "Liberation Serif" "Source Han Serif SC" ];
+          monospace = [ "Noto Sans Mono CJK SC" "Sarasa Mono SC" "DejaVu Sans Mono"];
+          sansSerif = [ "Noto Sans CJK SC" "Source Han Sans SC" "DejaVu Sans" ];
+          serif = [ "Noto Serif CJK SC" "Source Han Serif SC" "DejaVu Serif" ];
        };
      };
-      nixos.users.sharedModules = [{ config.xdg.configFile."fontconfig/conf.d/10-hm-fonts.conf".force = true; }];
    };
 }
--- a/modules/services/gamemode.nix
+++ b/modules/services/gamemode.nix
@@ -1,30 +0,0 @@
-inputs:
-{
-  options.nixos.services.gamemode = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    drmDevice = mkOption { type = types.int; };
-  };
-  config = let inherit (inputs.config.nixos.services) gamemode; in inputs.lib.mkIf gamemode.enable
-  {
-    programs.gamemode =
-    {
-      enable = true;
-      settings =
-      {
-        general.renice = 10;
-        gpu =
-        {
-          apply_gpu_optimisations = "accept-responsibility";
-          nv_powermizer_mode = 1;
-          gpu_device = builtins.toString gamemode.drmDevice;
-        };
-        custom = let notify-send = "${inputs.pkgs.libnotify}/bin/notify-send"; in
-        {
-          start = "${notify-send} 'GameMode started'";
-          end = "${notify-send} 'GameMode ended'";
-        };
-      };
-    };
-  };
-}
--- a/modules/services/misskey.nix
+++ b/modules/services/misskey.nix
@@ -114,7 +114,7 @@ inputs:
                  apiKey: ${placeholder."meilisearch/misskey-${instance.name}"}
                  ssl: false
                  index: misskey
-                  scope: global
+                  scope: globa
              '' else "");
            owner = inputs.config.users.users."misskey-${instance.name}".name;
          };
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -52,26 +52,20 @@ inputs:
            # nix-prefetch-url --unpack
            maps = inputs.pkgs.fetchNextcloudApp
            {
-              url = githubRelease "nextcloud/maps" "v1.3.1/maps-1.3.1.tar.gz";
+              url = githubRelease "nextcloud/maps" "v1.1.1/maps-1.1.1.tar.gz";
              sha256 = "1rcmqnm5364h5gaq1yy6b6d7k17napgn0yc9ymrnn75bps9s71v9";
              license = "agpl3";
            };
            phonetrack = inputs.pkgs.fetchNextcloudApp
            {
-              url = githubRelease "julien-nc/phonetrack" "v0.7.7/phonetrack-0.7.7.tar.gz";
-              sha256 = "1xvdmb2wlcldv8lk4jb8akhi80w26m2jpazfcz641frjm333kxch";
+              url = githubRelease "julien-nc/phonetrack" "v0.7.6/phonetrack-0.7.6.tar.gz";
+              sha256 = "1p15vw7c5c1h08czyxi1r6svjd5hjmnc0i6is4vl3xq2kfjmcyyx";
              license = "agpl3";
            };
            twofactor_webauthn = inputs.pkgs.fetchNextcloudApp
            {
-              url = githubRelease "nextcloud-releases/twofactor_webauthn" "v1.3.2/twofactor_webauthn-v1.3.2.tar.gz";
-              sha256 = "1p4ng7nprlcgw7sdfd7wqx5az86a856f1v470lahg2nfbx3fg296";
-              license = "agpl3";
-            };
-            calendar = inputs.pkgs.fetchNextcloudApp
-            {
-              url = githubRelease "nextcloud-releases/calendar" "v4.6.5/calendar-v4.6.5.tar.gz";
-              sha256 = "18mi6ccq640jq21hmir35v2967h07bjv226072d9qz5qkzkmrhss";
+              url = githubRelease "nextcloud-releases/twofactor_webauthn" "v1.3.0/twofactor_webauthn-v1.3.0.tar.gz";
+              sha256 = "0z6m2chq5kxc8f10g6n1lh51yi10svy2qp5gp0v8xs71apqcc2wx";
              license = "agpl3";
            };
          };
--- a/modules/services/slurm.nix
+++ b/modules/services/slurm.nix
@@ -1,115 +0,0 @@
-inputs:
-{
-  options.nixos.services.slurm = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    cpu =
-    {
-      sockets = mkOption { type = types.ints.unsigned; default = 1; };
-      cores = mkOption { type = types.ints.unsigned; };
-      threads = mkOption { type = types.ints.unsigned; default = 1; };
-    };
-    memoryMB = mkOption { type = types.ints.unsigned; };
-    gpus = mkOption { type = types.attrsOf types.ints.unsigned; };
-  };
-  config = let inherit (inputs.config.nixos.services) slurm; in inputs.lib.mkIf slurm.enable
-  {
-    services =
-    {
-      slurm =
-      {
-        server.enable = true;
-        package = (inputs.pkgs.slurm.override { enableGtk2 = true; }).overrideAttrs
-          (prev: let inherit (inputs.pkgs.cudaPackages) cuda_nvml_dev; in
-          {
-            buildInputs = prev.buildInputs ++ [ cuda_nvml_dev ];
-            LDFLAGS = [ "-L${cuda_nvml_dev}/lib/stubs" ];
-            nativeBuildInputs = prev.nativeBuildInputs ++ [ inputs.pkgs.wrapGAppsHook ];
-          });
-        clusterName = inputs.config.nixos.system.networking.hostname;
-        dbdserver =
-        {
-          enable = true;
-          dbdHost = "localhost";
-          storagePassFile = inputs.config.sops.secrets."slurm/db".path;
-          extraConfig =
-          ''
-            StorageHost=*
-            StorageLoc=slurm
-          '';
-        };
-        client.enable = true;
-        controlMachine = "localhost";
-        nodeName =
-          let gpuString = builtins.concatStringsSep "," (builtins.map
-            (gpu: "gpu:${gpu.name}:${builtins.toString gpu.value}")
-            (inputs.localLib.attrsToList slurm.gpus));
-          in inputs.lib.singleton (builtins.concatStringsSep " "
-          [
-            "localhost"
-            "RealMemory=${builtins.toString slurm.memoryMB}"
-            "Sockets=${builtins.toString slurm.cpu.sockets}"
-            "CoresPerSocket=${builtins.toString slurm.cpu.cores}"
-            "ThreadsPerCore=${builtins.toString slurm.cpu.threads}"
-            "Gres=${gpuString}"
-            "State=UNKNOWN"
-          ]);
-        partitionName = [ "localhost Nodes=localhost Default=YES MaxTime=INFINITE State=UP" ];
-        procTrackType = "proctrack/cgroup";
-        extraConfig =
-          let taskProlog =
-          ''
-            echo export CUDA_DEVICE_ORDER=PCI_BUS_ID
-            echo export SLURM_THREADS_PER_CPU=${builtins.toString slurm.cpu.threads}
-          '';
-          in
-          ''
-            SelectType=select/cons_tres
-            SelectTypeParameters=CR_Core
-            GresTypes=gpu
-            TaskProlog=${inputs.pkgs.writeShellScript "set_env" taskProlog}
-
-            AccountingStorageType=accounting_storage/slurmdbd
-            AccountingStorageHost=localhost
-            AccountingStoreFlags=job_comment,job_env,job_extra,job_script
-
-            JobCompType=jobcomp/filetxt
-            JobCompLoc=/var/log/slurmctld/jobcomp.log
-
-            SchedulerParameters=enable_user_top
-
-            SlurmdDebug=debug2
-          '';
-        extraConfigPaths =
-          let gpuString = builtins.concatStringsSep "\n" (builtins.map
-            (gpu: "Name=gpu Type=${gpu.name} Count=${builtins.toString gpu.value}")
-            (inputs.localLib.attrsToList slurm.gpus));
-          in [(inputs.pkgs.writeTextDir "gres.conf" "AutoDetect=nvml\n${gpuString}")];
-      };
-      munge = { enable = true; password = inputs.config.sops.secrets."munge.key".path; };
-    };
-    systemd =
-    {
-      services.slurmd.environment =
-      {
-        CUDA_PATH = "${inputs.pkgs.cudatoolkit}";
-        LD_LIBRARY_PATH = "${inputs.config.hardware.nvidia.package}/lib";
-      };
-      tmpfiles.rules = [ "d /var/log/slurmctld 700 slurm slurm" ];
-    };
-    sops =
-    {
-      secrets =
-      {
-        "munge.key" =
-        {
-          format = "binary";
-          sopsFile = "${builtins.dirOf inputs.config.sops.defaultSopsFile}/munge.key";
-          owner = inputs.config.systemd.services.munged.serviceConfig.User;
-        };
-        "slurm/db" = { owner = "slurm"; key = "mariadb/slurm"; };
-      };
-    };
-    nixos.services.mariadb = { enable = true; instances.slurm = {}; };
-  };
-}
--- a/modules/services/vikunja.nix
+++ b/modules/services/vikunja.nix
@@ -1,44 +0,0 @@
-inputs:
-{
-  options.nixos.services.vikunja = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    autoStart = mkOption { type = types.bool; default = true; };
-    port = mkOption { type = types.ints.unsigned; default = 3456; };
-    hostname = mkOption { type = types.nonEmptyStr; default = "vikunja.chn.moe"; };
-  };
-  config = let inherit (inputs.config.nixos.services) vikunja; in inputs.lib.mkIf vikunja.enable
-  {
-    services.vikunja =
-    {
-      enable = true;
-      environmentFiles = [ inputs.config.sops.templates."vikunja.env".path ];
-      settings =
-      {
-        service.timezone = "Asia/Shanghai";
-        mailer = { enable = true; host = "mail.chn.moe"; username = "bot@chn.moe"; fromemail = "bot@chn.moe"; };
-        defaultsettings.discoverable_by_email = true;
-      };
-      inherit (vikunja) port;
-      frontendScheme = "https";
-      frontendHostname = vikunja.hostname;
-      database.type = "postgres";
-    };
-    sops =
-    {
-      templates."vikunja.env".content = let placeholder = inputs.config.sops.placeholder; in
-      ''
-        VIKUNJA_SERVICE_JWTSECRET=${placeholder."vikunja/jwtsecret"}
-        VIKUNJA_DATABASE_PASSWORD=${placeholder."postgresql/vikunja"}
-        VIKUNJA_MAILER_PASSWORD=${placeholder."mail/bot"}
-      '';
-      secrets = { "vikunja/jwtsecret" = {}; "mail/bot" = {}; };
-    };
-    systemd.services.vikunja-api.enable = vikunja.autoStart;
-    nixos.services =
-    {
-      postgresql = { enable = true; instances.vikunja = {}; };
-      nginx = { enable = true; https.${vikunja.hostname}.global.configName = vikunja.hostname; };
-    };
-  };
-}
--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@@ -52,7 +52,7 @@ inputs:
                  publicKey = peer.publicKey;
                  allowedIPs = [ (if peer.lighthouse then "192.168.83.0/24" else "${peer.wireguardIp}/32") ];
                  endpoint = mkIf (!peer.behindNat) "${peer.listenIp}:${builtins.toString peer.listenPort}";
-                  persistentKeepalive = mkIf peer.lighthouse 5;
+                  persistentKeepalive = 3;
                })
                (map
                  (peer: inputs.topInputs.self.nixosConfigurations.${peer}.config.nixos.services.wireguard)
@@ -72,7 +72,7 @@ inputs:
                wantedBy = [ "multi-user.target" ];
                serviceConfig =
                {
-                  ExecStart = "${inputs.pkgs.iputils}/bin/ping -i 5 ${peer.value.wireguardIp}";
+                  ExecStart = "${inputs.pkgs.iputils}/bin/ping -i 3 ${peer.value.wireguardIp}";
                  Restart = "always";
                };
              };
--- a/modules/services/xray.nix
+++ b/modules/services/xray.nix
@@ -5,13 +5,13 @@ inputs:
    client =
    {
      enable = mkOption { type = types.bool; default = false; };
-      serverAddress = mkOption { type = types.nonEmptyStr; default = "74.211.99.69"; };
-      serverName = mkOption { type = types.nonEmptyStr; default = "vps6.xserver.chn.moe"; };
-      dae.lanInterfaces = mkOption
+      serverAddress = mkOption { type = types.nonEmptyStr; };
+      serverName = mkOption { type = types.nonEmptyStr; };
+      dns = mkOption { type = types.submodule { options =
      {
-        type = types.listOf types.nonEmptyStr;
-        default = inputs.lib.optionals inputs.config.nixos.virtualization.docker.enable [ "docker0" ];
-      };
+        hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
+        extraInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
+      }; }; };
    };
    server =
    {
@@ -19,369 +19,178 @@ inputs:
      serverName = mkOption { type = types.nonEmptyStr; };
    };
  };
-  config = let inherit (inputs.config.nixos.services) xray; in inputs.lib.mkMerge
-  [
-    {
-      assertions =
-      [{
-        assertion = !(xray.client.enable && xray.server.enable);
-        message = "Currenty xray.client and xray.server could not be simutaniusly enabled.";
-      }];
-    }
-    (
-      inputs.lib.mkIf xray.client.enable
+  config =
+    let
+      inherit (inputs.lib) mkMerge mkIf;
+      inherit (inputs.localLib) stripeTabs attrsToList;
+      inherit (inputs.config.nixos.services) xray;
+      inherit (builtins) map listToAttrs toString genList length concatStringsSep;
+    in mkMerge
+    [
      {
-        services =
-        {
-          xray = { enable = true; settingsFile = inputs.config.sops.templates."xray-client.json".path; };
-          dae =
-          {
-            enable = true;
-            config =
-            ''
-              global {
-                tproxy_port: 12345
-                tproxy_port_protect: true
-                so_mark_from_dae: 0
-                log_level: info
-                disable_waiting_network: false
-
-                lan_interface: ${builtins.concatStringsSep "," xray.client.dae.lanInterfaces}
-                wan_interface: auto
-                auto_config_kernel_parameter: true
-
-                dial_mode: ip
-                allow_insecure: false
-                tls_implementation: tls
-              }
-
-              node {
-                'socks5://localhost:10884'
-              }
-
-              dns {
-                upstream {
-                  alidns: 'udp://223.5.5.5:53'
-                  googledns: 'tcp+udp://8.8.8.8:53'
-                }
-                routing {
-                  request {
-                    qname(geosite:geolocation-cn) -> alidns
-                    qname(geosite:geolocation-!cn) -> googledns
-                    fallback: alidns
-                  }
-                  response {
-                    upstream(alidns) && !ip(geoip:cn) -> googledns
-                    fallback: accept
-                  }
-                }
-              }
-
-              group {
-                default_group {
-                  policy: fixed(0)
-                }
-              }
-
-              routing {
-                # TODO: more general rules to bypass the proxy
-                pname(xray) -> direct
-
-                dip(224.0.0.0/3, 'ff00::/8') -> direct
-                dip(geoip:private) -> direct
-                domain(geosite:geolocation-cn) -> direct
-                domain('geosite:geolocation-!cn') -> default_group
-                dip(8.8.8.8) -> default_group
-                dip(223.5.5.5) -> direct
-                dip(geoip:cn) -> direct
-                !dip(geoip:cn) -> default_group
-                fallback: default_group
-              }
-            '';
-          };
-        };
-        sops =
-        {
-          templates."xray-client.json" =
-          {
-            owner = inputs.config.users.users.v2ray.name;
-            group = inputs.config.users.users.v2ray.group;
-            content =
-              let
-                chinaDns = "223.5.5.5";
-                foreignDns = "8.8.8.8";
-              in
-              builtins.toJSON
-              {
-                log.loglevel = "info";
-                inbounds =
-                [
-                  {
-                    port = 10881;
-                    protocol = "dokodemo-door";
-                    settings = { network = "tcp,udp"; followRedirect = true; };
-                    streamSettings.sockopt.tproxy = "tproxy";
-                    tag = "xmu-in";
-                  }
-                  { port = 10884; protocol = "socks"; settings.udp = true; tag = "proxy-in"; }
-                  { port = 10882; protocol = "socks"; settings.udp = true; tag = "direct-in"; }
-                ];
-                outbounds =
-                [
-                  {
-                    protocol = "vless";
-                    settings.vnext =
-                    [{
-                      address = xray.client.serverAddress;
-                      port = 443;
-                      users =
-                      [{
-                        id = inputs.config.sops.placeholder."xray-client/uuid";
-                        encryption = "none";
-                        flow = "xtls-rprx-vision-udp443";
-                      }];
-                    }];
-                    streamSettings =
-                    {
-                      network = "tcp";
-                      security = "reality";
-                      realitySettings =
-                      {
-                        serverName = xray.client.serverName;
-                        publicKey = "Nl0eVZoDF9d71_3dVsZGJl3UWR9LCv3B14gu7G6vhjk";
-                        fingerprint = "firefox";
-                      };
-                    };
-                    tag = "proxy-vless";
-                  }
-                  { protocol = "freedom"; tag = "direct"; }
-                  { protocol = "dns"; tag = "dns-out"; }
-                  {
-                    protocol = "socks";
-                    settings.servers = [{ address = "127.0.0.1"; port = 10069; }];
-                    tag = "xmu-out";
-                  }
-                  { protocol = "blackhole"; tag = "block"; }
-                ];
-                routing =
-                {
-                  domainStrategy = "AsIs";
-                  rules = builtins.map (rule: rule // { type = "field"; })
-                  [
-                    { inboundTag = [ "xmu-in" ]; outboundTag = "xmu-out"; }
-                    { inboundTag = [ "direct-in" ]; outboundTag = "direct"; }
-                    { inboundTag = [ "proxy-in" ]; outboundTag = "proxy-vless"; }
-                  ];
-                };
-              };
-          };
-          secrets."xray-client/uuid" = {};
-        };
-        systemd.services =
-        {
-          xray =
-          {
-            serviceConfig =
-            {
-              DynamicUser = inputs.lib.mkForce false;
-              User = "v2ray";
-              Group = "v2ray";
-              CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
-              AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
-              LimitNPROC = 65536;
-              LimitNOFILE = 524288;
-            };
-            restartTriggers = [ inputs.config.sops.templates."xray-client.json".file ];
-          };
-          v2ray-forwarder =
-          {
-            description = "v2ray-forwarder Daemon";
-            after = [ "network.target" ];
-            wantedBy = [ "multi-user.target" ];
-            serviceConfig =
-              let
-                ipset = "${inputs.pkgs.ipset}/bin/ipset";
-                iptables = "${inputs.pkgs.iptables}/bin/iptables";
-                ip = "${inputs.pkgs.iproute}/bin/ip";
-                xmuPort = "10881";
-              in
-              {
-                Type = "simple";
-                RemainAfterExit = true;
-                ExecStart = inputs.pkgs.writeShellScript "v2ray-forwarder.start" (builtins.concatStringsSep "\n"
-                (
-                  [
-                    "${ipset} create xmu_net hash:net"
-                    "${iptables} -t mangle -N v2ray -w"
-                    "${iptables} -t mangle -A PREROUTING -j v2ray -w"
-                  ]
-                  ++ (map (action: "${iptables} -t mangle -A v2ray ${action} -w")
-                  [
-                    "-m set --match-set xmu_net dst -p tcp -j TPROXY --on-port ${xmuPort} --tproxy-mark 1/1"
-                    "-m set --match-set xmu_net dst -p udp -j TPROXY --on-port ${xmuPort} --tproxy-mark 1/1"
-                  ])
-                  ++ [
-                    "${iptables} -t mangle -N v2ray_mark -w"
-                    "${iptables} -t mangle -A OUTPUT -j v2ray_mark -w"
-                  ]
-                  ++ (map (action: "${iptables} -t mangle -A v2ray_mark ${action} -w")
-                  [
-                    "-m set --match-set xmu_net dst -p tcp -j MARK --set-mark 1/1"
-                    "-m set --match-set xmu_net dst -p udp -j MARK --set-mark 1/1"
-                  ])
-                  ++ [
-                    "${ip} rule add fwmark 1/1 table 100"
-                    "${ip} route add local 0.0.0.0/0 dev lo table 100"
-                  ]
-                ));
-                ExecStop = inputs.pkgs.writeShellScript "v2ray-forwarder.stop"
-                ''
-                  ${iptables} -t mangle -F v2ray -w
-                  ${iptables} -t mangle -D PREROUTING -j v2ray -w
-                  ${iptables} -t mangle -X v2ray -w
-                  ${iptables} -t mangle -F v2ray_mark -w
-                  ${iptables} -t mangle -D OUTPUT -j v2ray_mark -w
-                  ${iptables} -t mangle -X v2ray_mark -w
-                  ${ip} rule del fwmark 1/1 table 100
-                  ${ip} route del local 0.0.0.0/0 dev lo table 100
-                  ${ipset} destroy xmu_net
-                '';
-              };
-          };
-        };
-        users =
-        {
-          users.v2ray = { uid = inputs.config.nixos.system.user.user.v2ray; group = "v2ray"; isSystemUser = true; };
-          groups.v2ray.gid = inputs.config.nixos.system.user.group.v2ray;
-        };
+        assertions =
+        [{
+          assertion = !(xray.client.enable && xray.server.enable);
+          message = "Currenty xray.client and xray.server could not be simutaniusly enabled.";
+        }];
      }
-    )
-    (
-      inputs.lib.mkIf xray.server.enable (let userList = builtins.genList (n: n) 30; in
-      {
-        services.xray = { enable = true; settingsFile = inputs.config.sops.templates."xray-server.json".path; };
-        sops =
-        {
-          templates."xray-server.json" =
-          {
-            owner = inputs.config.users.users.v2ray.name;
-            group = inputs.config.users.users.v2ray.group;
-            content = builtins.toJSON
-            {
-              log.loglevel = "warning";
-              inbounds =
-              [
-                (
-                  let
-                    fallbackPort = toString
-                      (with inputs.config.nixos.services.nginx.global; httpsPort + httpsPortShift.http2);
-                  in
-                  {
-                    port = 4726;
-                    listen = "127.0.0.1";
-                    protocol = "vless";
-                    settings =
-                    {
-                      clients = map
-                        (n:
-                        {
-                          id = inputs.config.sops.placeholder."xray-server/clients/user${toString n}";
-                          flow = "xtls-rprx-vision";
-                          email = "${toString n}@xray.chn.moe";
-                        })
-                        userList;
-                      decryption = "none";
-                      fallbacks = [{ dest = "127.0.0.1:${fallbackPort}"; }];
-                    };
-                    streamSettings =
-                    {
-                      network = "tcp";
-                      security = "reality";
-                      realitySettings =
-                      {
-                        dest = "127.0.0.1:${fallbackPort}";
-                        serverNames = [ xray.server.serverName ];
-                        privateKey = inputs.config.sops.placeholder."xray-server/private-key";
-                        minClientVer = "1.8.0";
-                        shortIds = [ "" ];
-                      };
-                    };
-                    sniffing = { enabled = true; destOverride = [ "http" "tls" "quic" ]; routeOnly = true; };
-                    tag = "in";
-                  }
-                )
-                {
-                  port = 4638;
-                  listen = "127.0.0.1";
-                  protocol = "vless";
-                  settings = { clients = [{ id = "be01f0a0-9976-42f5-b9ab-866eba6ed393"; }]; decryption = "none"; };
-                  streamSettings.network = "tcp";
-                  sniffing = { enabled = true; destOverride = [ "http" "tls" "quic" ]; };
-                  tag = "in-localdns";
-                }
-                {
-                  listen = "127.0.0.1";
-                  port = 6149;
-                  protocol = "dokodemo-door";
-                  settings.address = "127.0.0.1";
-                  tag = "api";
-                }
-              ];
-              outbounds =
-              [
-                { protocol = "freedom"; tag = "freedom"; }
-                {
-                  protocol = "vless";
-                  settings.vnext =
-                  [{
-                    address = "127.0.0.1";
-                    port = 4638;
-                    users = [{ id = "be01f0a0-9976-42f5-b9ab-866eba6ed393"; encryption = "none"; }];
-                  }];
-                  streamSettings.network = "tcp";
-                  tag = "loopback-localdns";
-                }
-              ];
-              routing =
-              {
-                domainStrategy = "AsIs";
-                rules = builtins.map (rule: rule // { type = "field"; })
-                [
-                  { inboundTag = [ "in" ]; domain = [ "domain:openai.com" ]; outboundTag = "loopback-localdns"; }
-                  { inboundTag = [ "in" ]; outboundTag = "freedom"; }
-                  { inboundTag = [ "in-localdns" ]; outboundTag = "freedom"; }
-                  { inboundTag = [ "api" ]; outboundTag = "api"; }
-                ];
-              };
-              stats = {};
-              api = { tag = "api"; services = [ "StatsService" ]; };
-              policy =
-              {
-                levels."0" = { statsUserUplink = true; statsUserDownlink = true; };
-                system =
-                {
-                  statsInboundUplink = true;
-                  statsInboundDownlink = true;
-                  statsOutboundUplink = true;
-                  statsOutboundDownlink = true;
-                };
-              };
-            };
-          };
-          secrets = inputs.localLib.listToAttrs
-            (map (n: { name = "xray-server/clients/user${toString n}"; value = {}; }) userList)
-            // (inputs.localLib.listToAttrs (map
-              (name:
-              {
-                name = "xray-server/telegram/${name}";
-                value = (let user = inputs.config.users.users.v2ray; in { owner = user.name; inherit (user) group; });
-              })
-              [ "token" "chat" ]))
-            // { "xray-server/private-key" = {}; };
-        };
-        systemd =
+      (
+        mkIf xray.client.enable
        {
          services =
+          {
+            dnsmasq =
+            {
+              enable = true;
+              settings =
+              {
+                no-poll = true;
+                log-queries = true;
+                server = [ "127.0.0.1#10853" ];
+                interface = xray.client.dns.extraInterfaces ++ [ "lo" ];
+                bind-dynamic = true;
+                ipset = [ "/yuanshen.com/noproxy_net" ];
+                address = map (host: "/${host.name}/${host.value}") (attrsToList xray.client.dns.hosts);
+              };
+            };
+            xray = { enable = true; settingsFile = inputs.config.sops.templates."xray-client.json".path; };
+          };
+          sops =
+          {
+            templates."xray-client.json" =
+            {
+              owner = inputs.config.users.users.v2ray.name;
+              group = inputs.config.users.users.v2ray.group;
+              content =
+                let
+                  chinaDns = "223.5.5.5";
+                  foreignDns = "8.8.8.8";
+                in
+                builtins.toJSON
+                {
+                  log.loglevel = "info";
+                  dns =
+                  {
+                    servers =
+                    # 先尝试匹配域名列表进行查询，若匹配成功则使用前两个 dns 查询。
+                    # 若匹配域名列表失败，或者匹配成功但是查询到的 IP 不在期望的 IP 列表中，则回落到使用后两个 dns 依次查询。
+                    [
+                      {
+                        address = chinaDns;
+                        domains = [ "geosite:geolocation-cn" ];
+                        expectIPs = [ "geoip:cn" ];
+                        skipFallback = true;
+                      }
+                      {
+                        address = foreignDns;
+                        domains = [ "geosite:geolocation-!cn" ];
+                        expectIPs = [ "geoip:!cn" ];
+                        skipFallback = true;
+                      }
+                      { address = chinaDns; expectIPs = [ "geoip:cn" ]; }
+                      { address = foreignDns; }
+                    ];
+                    disableCache = true;
+                    queryStrategy = "UseIPv4";
+                    tag = "dns-internal";
+                  };
+                  inbounds =
+                  [
+                    {
+                      port = 10853;
+                      protocol = "dokodemo-door";
+                      settings = { address = "8.8.8.8"; network = "tcp,udp"; port = 53; };
+                      tag = "dns-in";
+                    }
+                    {
+                      port = 10880;
+                      protocol = "dokodemo-door";
+                      settings = { network = "tcp,udp"; followRedirect = true; };
+                      streamSettings.sockopt.tproxy = "tproxy";
+                      sniffing = { enabled = true; destOverride = [ "http" "tls" "quic" ]; routeOnly = true; };
+                      tag = "common-in";
+                    }
+                    {
+                      port = 10881;
+                      protocol = "dokodemo-door";
+                      settings = { network = "tcp,udp"; followRedirect = true; };
+                      streamSettings.sockopt.tproxy = "tproxy";
+                      tag = "xmu-in";
+                    }
+                    {
+                      port = 10883;
+                      protocol = "dokodemo-door";
+                      settings = { network = "tcp,udp"; followRedirect = true; };
+                      streamSettings.sockopt.tproxy = "tproxy";
+                      tag = "proxy-in";
+                    }
+                    { port = 10884; protocol = "socks"; tag = "proxy-socks-in"; }
+                    { port = 10882; protocol = "socks"; tag = "direct-in"; }
+                  ];
+                  outbounds =
+                  [
+                    {
+                      protocol = "vless";
+                      settings.vnext =
+                      [{
+                        address = xray.client.serverAddress;
+                        port = 443;
+                        users =
+                        [{
+                          id = inputs.config.sops.placeholder."xray-client/uuid";
+                          encryption = "none";
+                          flow = "xtls-rprx-vision-udp443";
+                        }];
+                      }];
+                      streamSettings =
+                      {
+                        network = "tcp";
+                        security = "reality";
+                        realitySettings =
+                        {
+                          serverName = xray.client.serverName;
+                          publicKey = "Nl0eVZoDF9d71_3dVsZGJl3UWR9LCv3B14gu7G6vhjk";
+                          fingerprint = "firefox";
+                        };
+                      };
+                      tag = "proxy-vless";
+                    }
+                    { protocol = "freedom"; tag = "direct"; }
+                    { protocol = "dns"; tag = "dns-out"; }
+                    {
+                      protocol = "socks";
+                      settings.servers = [{ address = "127.0.0.1"; port = 10069; }];
+                      tag = "xmu-out";
+                    }
+                    { protocol = "blackhole"; tag = "block"; }
+                  ];
+                  routing =
+                  {
+                    domainStrategy = "AsIs";
+                    rules = builtins.map (rule: rule // { type = "field"; })
+                    [
+                      { inboundTag = [ "dns-in" ]; outboundTag = "dns-out"; }
+                      { inboundTag = [ "dns-internal" ]; ip = [ chinaDns ]; outboundTag = "direct"; }
+                      { inboundTag = [ "dns-internal" ]; ip = [ foreignDns ]; outboundTag = "proxy-vless"; }
+                      { inboundTag = [ "dns-internal" ]; outboundTag = "block"; }
+                      { inboundTag = [ "xmu-in" ]; outboundTag = "xmu-out"; }
+                      { inboundTag = [ "direct-in" ]; outboundTag = "direct"; }
+                      { inboundTag = [ "proxy-in" "proxy-socks-in" ]; outboundTag = "proxy-vless"; }
+                      { inboundTag = [ "common-in" ]; domain = [ "geosite:geolocation-cn" ]; outboundTag = "direct"; }
+                      {
+                        inboundTag = [ "common-in" ];
+                        domain = [ "geosite:geolocation-!cn" ];
+                        outboundTag = "proxy-vless";
+                      }
+                      { inboundTag = [ "common-in" ]; ip = [ "geoip:cn" ]; outboundTag = "direct"; }
+                      { inboundTag = [ "common-in" ]; outboundTag = "proxy-vless"; }
+                    ];
+                  };
+                };
+            };
+            secrets."xray-client/uuid" = {};
+          };
+          systemd.services =
          {
            xray =
            {
@@ -395,67 +204,311 @@ inputs:
                LimitNPROC = 65536;
                LimitNOFILE = 524288;
              };
-              restartTriggers = [ inputs.config.sops.templates."xray-server.json".file ];
+              restartTriggers = [ inputs.config.sops.templates."xray-client.json".file ];
            };
-            xray-stat =
+            v2ray-forwarder =
            {
-              script =
+              description = "v2ray-forwarder Daemon";
+              after = [ "network.target" ];
+              wantedBy = [ "multi-user.target" ];
+              serviceConfig =
                let
-                  xray = "${inputs.pkgs.xray}/bin/xray";
-                  awk = "${inputs.pkgs.gawk}/bin/awk";
-                  curl = "${inputs.pkgs.curl}/bin/curl";
-                  jq = "${inputs.pkgs.jq}/bin/jq";
-                  sed = "${inputs.pkgs.gnused}/bin/sed";
-                  cat = "${inputs.pkgs.coreutils}/bin/cat";
-                  token = inputs.config.sops.secrets."xray-server/telegram/token".path;
-                  chat = inputs.config.sops.secrets."xray-server/telegram/chat".path;
+                  ipset = "${inputs.pkgs.ipset}/bin/ipset";
+                  iptables = "${inputs.pkgs.iptables}/bin/iptables";
+                  ip = "${inputs.pkgs.iproute}/bin/ip";
+                  autoPort = "10880";
+                  xmuPort = "10881";
+                  proxyPort = "10883";
                in
-                ''
-                  message='xray:\n'
-                  for i in {0..${toString ((builtins.length userList) - 1)}}
-                  do
-                    upload_bytes=$(${xray} api stats --server=127.0.0.1:6149 \
-                      -name "user>>>''${i}@xray.chn.moe>>>traffic>>>uplink" | ${jq} '.stat.value' | ${sed} 's/"//g')
-                    [ -z "$upload_bytes" ] && upload_bytes=0
-                    download_bytes=$(${xray} api stats --server=127.0.0.1:6149 \
-                      -name "user>>>''${i}@xray.chn.moe>>>traffic>>>downlink" | ${jq} '.stat.value' | ${sed} 's/"//g')
-                    [ -z "$download_bytes" ] && download_bytes=0
-                    traffic_gb=$(echo | ${awk} "{printf \"%.3f\",(''${upload_bytes}+''${download_bytes})/1073741824}")
-                    message="$message$i"'\t'"''${traffic_gb}"'G\n'
-                  done
-                  ${curl} -X POST -H 'Content-Type: application/json' \
-                    -d "{\"chat_id\": \"$(${cat} ${chat})\", \"text\": \"$message\"}" \
-                    https://api.telegram.org/bot$(${cat} ${token})/sendMessage
-                '';
-              serviceConfig = { Type = "oneshot"; User = "v2ray"; Group = "v2ray"; };
+                {
+                  Type = "simple";
+                  RemainAfterExit = true;
+                  ExecStart = inputs.pkgs.writeShellScript "v2ray-forwarder.start" (concatStringsSep "\n"
+                  (
+                    [ "${ipset} create lo_net hash:net" ]
+                    ++ (map (host: "${ipset} add lo_net ${host}")
+                      [
+                        "0.0.0.0/8" "10.0.0.0/8" "100.64.0.0/10" "127.0.0.0/8" "169.254.0.0/16" "172.16.0.0/12"
+                        "192.0.0.0/24" "192.88.99.0/24" "192.168.0.0/16" "59.77.0.143" "198.18.0.0/15"
+                        "198.51.100.0/24" "203.0.113.0/24" "224.0.0.0/4" "240.0.0.0/4" "255.255.255.255/32"
+                      ])
+                    ++ [
+                      "${ipset} create xmu_net hash:net"
+                      "${ipset} create noproxy_net hash:net"
+                      "${ipset} add noproxy_net 223.5.5.5"
+                      "${ipset} create noproxy_src_net hash:net"
+                      "${ipset} create proxy_net hash:net"
+                      "${ipset} add proxy_net 8.8.8.8"
+                    ]
+                    ++ [
+                      "${iptables} -t mangle -N v2ray -w"
+                      "${iptables} -t mangle -A PREROUTING -j v2ray -w"
+                    ]
+                    ++ (map (action: "${iptables} -t mangle -A v2ray ${action} -w")
+                      [
+                        "-m set --match-set noproxy_src_net src -j RETURN"
+                        "-m set --match-set xmu_net dst -p tcp -j TPROXY --on-port ${xmuPort} --tproxy-mark 1/1"
+                        "-m set --match-set xmu_net dst -p udp -j TPROXY --on-port ${xmuPort} --tproxy-mark 1/1"
+                        "-m set --match-set noproxy_net dst -j RETURN"
+                        "-m set --match-set proxy_net dst -p tcp -j TPROXY --on-port ${proxyPort} --tproxy-mark 1/1"
+                        "-m set --match-set proxy_net dst -p udp -j TPROXY --on-port ${proxyPort} --tproxy-mark 1/1"
+                        "-m set --match-set lo_net dst -j RETURN"
+                        "-p tcp -j TPROXY --on-port ${autoPort} --tproxy-mark 1/1"
+                        "-p udp -j TPROXY --on-port ${autoPort} --tproxy-mark 1/1"
+                      ])
+                    ++ [
+                      "${iptables} -t mangle -N v2ray_mark -w"
+                      "${iptables} -t mangle -A OUTPUT -j v2ray_mark -w"
+                    ]
+                    ++ (map (action: "${iptables} -t mangle -A v2ray_mark ${action} -w")
+                      (
+                        (if inputs.config.nixos.system.networking.nebula.enable then
+                          let user = inputs.config.systemd.services."nebula@nebula".serviceConfig.User;
+                          in [ "-m owner --uid-owner $(id -u ${user}) -j RETURN" ]
+                          else [])
+                        ++ [
+                          "-m owner --uid-owner $(id -u v2ray) -j RETURN"
+                          "-m set --match-set noproxy_src_net src -j RETURN"
+                          "-m set --match-set xmu_net dst -p tcp -j MARK --set-mark 1/1"
+                          "-m set --match-set xmu_net dst -p udp -j MARK --set-mark 1/1"
+                          "-m set --match-set noproxy_net dst -j RETURN"
+                          "-m set --match-set proxy_net dst -p tcp -j MARK --set-mark 1/1"
+                          "-m set --match-set proxy_net dst -p udp -j MARK --set-mark 1/1"
+                          "-m set --match-set lo_net dst -j RETURN"
+                          "-p tcp -j MARK --set-mark 1/1"
+                          "-p udp -j MARK --set-mark 1/1"
+                        ]
+                      ))
+                    ++ [
+                      "${ip} rule add fwmark 1/1 table 100"
+                      "${ip} route add local 0.0.0.0/0 dev lo table 100"
+                    ]
+                  ));
+                  ExecStop = inputs.pkgs.writeShellScript "v2ray-forwarder.stop" (concatStringsSep "\n"
+                  (
+                    [
+                      "${iptables} -t mangle -F v2ray -w"
+                      "${iptables} -t mangle -D PREROUTING -j v2ray -w"
+                      "${iptables} -t mangle -X v2ray -w"
+                      "${iptables} -t mangle -F v2ray_mark -w"
+                      "${iptables} -t mangle -D OUTPUT -j v2ray_mark -w"
+                      "${iptables} -t mangle -X v2ray_mark -w"
+                      "${ip} rule del fwmark 1/1 table 100"
+                      "${ip} route del local 0.0.0.0/0 dev lo table 100"
+                    ]
+                    ++ (map (set: "${ipset} destroy ${set}")
+                      [ "lo_net" "xmu_net" "noproxy_net" "noproxy_src_net" "proxy_net" ])
+                  ));
+                };
            };
          };
-          timers.xray-stat =
+          users =
          {
-            wantedBy = [ "timers.target" ];
-            timerConfig = { OnCalendar = "*-*-* 0:00:00"; Unit = "xray-stat.service"; };
+            users.v2ray = { uid = inputs.config.nixos.system.user.user.v2ray; group = "v2ray"; isSystemUser = true; };
+            groups.v2ray.gid = inputs.config.nixos.system.user.group.v2ray;
          };
-        };
-        users =
+          environment.etc."resolv.conf".text = "nameserver 127.0.0.1";
+        }
+      )
+      (
+        mkIf xray.server.enable (let userList = genList (n: n) 30; in
        {
-          users.v2ray = { uid = inputs.config.nixos.system.user.user.v2ray; group = "v2ray"; isSystemUser = true; };
-          groups.v2ray.gid = inputs.config.nixos.system.user.group.v2ray;
-        };
-        nixos.services =
-        {
-          acme = { enable = true; cert.${xray.server.serverName}.group = inputs.config.users.users.nginx.group; };
-          nginx =
+          services.xray = { enable = true; settingsFile = inputs.config.sops.templates."xray-server.json".path; };
+          sops =
          {
-            enable = true;
-            transparentProxy.map."${xray.server.serverName}" = 4726;
-            https."${xray.server.serverName}" =
+            templates."xray-server.json" =
            {
-              listen.main = { proxyProtocol = false; addToTransparentProxy = false; };
-              location."/".return.return = "400";
+              owner = inputs.config.users.users.v2ray.name;
+              group = inputs.config.users.users.v2ray.group;
+              content = builtins.toJSON
+              {
+                log.loglevel = "warning";
+                inbounds =
+                [
+                  (
+                    let
+                      fallbackPort = toString
+                        (with inputs.config.nixos.services.nginx.global; httpsPort + httpsPortShift.http2);
+                    in
+                    {
+                      port = 4726;
+                      listen = "127.0.0.1";
+                      protocol = "vless";
+                      settings =
+                      {
+                        clients = map
+                          (n:
+                          {
+                            id = inputs.config.sops.placeholder."xray-server/clients/user${toString n}";
+                            flow = "xtls-rprx-vision";
+                            email = "${toString n}@xray.chn.moe";
+                          })
+                          userList;
+                        decryption = "none";
+                        fallbacks = [{ dest = "127.0.0.1:${fallbackPort}"; }];
+                      };
+                      streamSettings =
+                      {
+                        network = "tcp";
+                        security = "reality";
+                        realitySettings =
+                        {
+                          dest = "127.0.0.1:${fallbackPort}";
+                          serverNames = [ xray.server.serverName ];
+                          privateKey = inputs.config.sops.placeholder."xray-server/private-key";
+                          minClientVer = "1.8.0";
+                          shortIds = [ "" ];
+                        };
+                      };
+                      sniffing = { enabled = true; destOverride = [ "http" "tls" "quic" ]; routeOnly = true; };
+                      tag = "in";
+                    }
+                  )
+                  {
+                    port = 4638;
+                    listen = "127.0.0.1";
+                    protocol = "vless";
+                    settings = { clients = [{ id = "be01f0a0-9976-42f5-b9ab-866eba6ed393"; }]; decryption = "none"; };
+                    streamSettings.network = "tcp";
+                    sniffing = { enabled = true; destOverride = [ "http" "tls" "quic" ]; };
+                    tag = "in-localdns";
+                  }
+                  {
+                    listen = "127.0.0.1";
+                    port = 6149;
+                    protocol = "dokodemo-door";
+                    settings.address = "127.0.0.1";
+                    tag = "api";
+                  }
+                ];
+                outbounds =
+                [
+                  { protocol = "freedom"; tag = "freedom"; }
+                  {
+                    protocol = "vless";
+                    settings.vnext =
+                    [{
+                      address = "127.0.0.1";
+                      port = 4638;
+                      users = [{ id = "be01f0a0-9976-42f5-b9ab-866eba6ed393"; encryption = "none"; }];
+                    }];
+                    streamSettings.network = "tcp";
+                    tag = "loopback-localdns";
+                  }
+                ];
+                routing =
+                {
+                  domainStrategy = "AsIs";
+                  rules = builtins.map (rule: rule // { type = "field"; })
+                  [
+                    { inboundTag = [ "in" ]; domain = [ "domain:openai.com" ]; outboundTag = "loopback-localdns"; }
+                    { inboundTag = [ "in" ]; outboundTag = "freedom"; }
+                    { inboundTag = [ "in-localdns" ]; outboundTag = "freedom"; }
+                    { inboundTag = [ "api" ]; outboundTag = "api"; }
+                  ];
+                };
+                stats = {};
+                api = { tag = "api"; services = [ "StatsService" ]; };
+                policy =
+                {
+                  levels."0" = { statsUserUplink = true; statsUserDownlink = true; };
+                  system =
+                  {
+                    statsInboundUplink = true;
+                    statsInboundDownlink = true;
+                    statsOutboundUplink = true;
+                    statsOutboundDownlink = true;
+                  };
+                };
+              };
+            };
+            secrets = listToAttrs (map (n: { name = "xray-server/clients/user${toString n}"; value = {}; }) userList)
+              // (listToAttrs (map
+                (name:
+                {
+                  name = "xray-server/telegram/${name}";
+                  value = (let user = inputs.config.users.users.v2ray; in { owner = user.name; inherit (user) group; });
+                })
+                [ "token" "chat" ]))
+              // { "xray-server/private-key" = {}; };
+          };
+          systemd =
+          {
+            services =
+            {
+              xray =
+              {
+                serviceConfig =
+                {
+                  DynamicUser = inputs.lib.mkForce false;
+                  User = "v2ray";
+                  Group = "v2ray";
+                  CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
+                  AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
+                  LimitNPROC = 65536;
+                  LimitNOFILE = 524288;
+                };
+                restartTriggers = [ inputs.config.sops.templates."xray-server.json".file ];
+              };
+              xray-stat =
+              {
+                script =
+                  let
+                    xray = "${inputs.pkgs.xray}/bin/xray";
+                    awk = "${inputs.pkgs.gawk}/bin/awk";
+                    curl = "${inputs.pkgs.curl}/bin/curl";
+                    jq = "${inputs.pkgs.jq}/bin/jq";
+                    sed = "${inputs.pkgs.gnused}/bin/sed";
+                    cat = "${inputs.pkgs.coreutils}/bin/cat";
+                    token = inputs.config.sops.secrets."xray-server/telegram/token".path;
+                    chat = inputs.config.sops.secrets."xray-server/telegram/chat".path;
+                  in
+                  ''
+                    message='xray:\n'
+                    for i in {0..${toString ((length userList) - 1)}}
+                    do
+                      upload_bytes=$(${xray} api stats --server=127.0.0.1:6149 \
+                        -name "user>>>''${i}@xray.chn.moe>>>traffic>>>uplink" | ${jq} '.stat.value' | ${sed} 's/"//g')
+                      [ -z "$upload_bytes" ] && upload_bytes=0
+                      download_bytes=$(${xray} api stats --server=127.0.0.1:6149 \
+                        -name "user>>>''${i}@xray.chn.moe>>>traffic>>>downlink" | ${jq} '.stat.value' | ${sed} 's/"//g')
+                      [ -z "$download_bytes" ] && download_bytes=0
+                      traffic_gb=$(echo | ${awk} "{printf \"%.3f\",(''${upload_bytes}+''${download_bytes})/1073741824}")
+                      message="$message$i"'\t'"''${traffic_gb}"'G\n'
+                    done
+                    ${curl} -X POST -H 'Content-Type: application/json' \
+                      -d "{\"chat_id\": \"$(${cat} ${chat})\", \"text\": \"$message\"}" \
+                      https://api.telegram.org/bot$(${cat} ${token})/sendMessage
+                  '';
+                serviceConfig = { Type = "oneshot"; User = "v2ray"; Group = "v2ray"; };
+              };
+            };
+            timers.xray-stat =
+            {
+              wantedBy = [ "timers.target" ];
+              timerConfig = { OnCalendar = "*-*-* 0:00:00"; Unit = "xray-stat.service"; };
            };
          };
-        };
-      }
-    ))
-  ];
+          users =
+          {
+            users.v2ray = { uid = inputs.config.nixos.system.user.user.v2ray; group = "v2ray"; isSystemUser = true; };
+            groups.v2ray.gid = inputs.config.nixos.system.user.group.v2ray;
+          };
+          nixos.services =
+          {
+            acme = { enable = true; cert.${xray.server.serverName}.group = inputs.config.users.users.nginx.group; };
+            nginx =
+            {
+              enable = true;
+              transparentProxy.map."${xray.server.serverName}" = 4726;
+              https."${xray.server.serverName}" =
+              {
+                listen.main = { proxyProtocol = false; addToTransparentProxy = false; };
+                location."/".return.return = "400";
+              };
+            };
+          };
+        }
+      ))
+    ];
 }
--- a/modules/services/xrdp.nix
+++ b/modules/services/xrdp.nix
@@ -5,11 +5,6 @@ inputs:
    enable = mkOption { type = types.bool; default = false; };
    port = mkOption { type = types.ints.unsigned; default = 3389; };
    hostname = mkOption { type = types.nullOr (types.nonEmptyListOf types.nonEmptyStr); default = null; };
-    optimise =
-    {
-      type = mkOption { type = types.nullOr (types.enum [ "nvidia" "glamor" ]); default = null; };
-      nvidiaBusId = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
-    };
  };
  config =
    let
@@ -17,29 +12,9 @@ inputs:
      inherit (inputs.config.nixos.services) xrdp;
    in mkIf xrdp.enable (mkMerge
    [
-      {
-        assertions =
-        [
-          {
-            assertion = !inputs.config.nixos.system.envfs.enable;
-            message = "Somehow xrdp could not start if envfs is enabled";
-          }
-          {
-            assertion = (xrdp.optimise.type == "nvidia") -> (xrdp.optimise.nvidiaBusId != null);
-            message = "nvidiaBusId must be set if optimise type is nvidia";
-          }
-        ];
-      }
      {
        services.xrdp =
-        {
-          enable = true;
-          package = mkIf (xrdp.optimise.type != null)
-            (inputs.pkgs.xrdp.override { variant = xrdp.optimise.type; inherit (xrdp.optimise) nvidiaBusId; });
-          port = xrdp.port;
-          openFirewall = true;
-          defaultWindowManager = "${inputs.pkgs.plasma-workspace}/bin/startplasma-x11";
-        };
+          { enable = true; port = xrdp.port; openFirewall = true; defaultWindowManager = "startplasma-x11"; };
      }
      (
        mkIf (xrdp.hostname != null)
--- a/modules/system/binfmt.nix
+++ b/modules/system/binfmt.nix
@@ -1,12 +0,0 @@
-inputs:
-{
-  options.nixos.system.binfmt = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = true; };
-  };
-  config = inputs.lib.mkIf inputs.config.nixos.system.binfmt.enable
-  {
-    programs.java = { enable = true; binfmt = true; };
-    boot.binfmt.emulatedSystems = [ "aarch64-linux" "x86_64-windows" ];
-  };
-}
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@@ -6,22 +6,21 @@ inputs:
    ./fileSystems
    ./grub.nix
    ./initrd.nix
-    ./kernel
+    ./kernel.nix
    ./impermanence.nix
    ./gui.nix
    ./nixpkgs.nix
-    ./networking.nix
+    ./networking
    ./systemd.nix
    ./security.nix
    ./sops.nix
    ./user.nix
    ./sysctl.nix
    ./envfs.nix
-    ./binfmt.nix
  ];
  config =
  {
-    services = { dbus.implementation = "broker"; fstrim.enable = true; acpid.enable = true; };
+    services = { dbus.implementation = "broker"; fstrim.enable = true; };
    time.timeZone = "Asia/Shanghai";
    boot =
    {
@@ -29,25 +28,21 @@ inputs:
      # consoleLogLevel = 7;
    };
    hardware.enableAllFirmware = true;
-    environment =
+    environment.sessionVariables = rec
    {
-      sessionVariables = rec
-      {
-        XDG_CACHE_HOME = "$HOME/.cache";
-        XDG_CONFIG_HOME = "$HOME/.config";
-        XDG_DATA_HOME = "$HOME/.local/share";
-        XDG_STATE_HOME = "$HOME/.local/state";
-        # ANDROID_HOME = "${XDG_DATA_HOME}/android";
-        HISTFILE= "${XDG_STATE_HOME}/bash/history";
-        CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
-        DOCKER_CONFIG = "${XDG_CONFIG_HOME}/docker";
-        GNUPGHOME = "${XDG_DATA_HOME}/gnupg";
-        GTK2_RC_FILES = "${XDG_CONFIG_HOME}/gtk-2.0/gtkrc";
-        XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
-        MATHEMATICA_USERBASE = "${XDG_CONFIG_HOME}/mathematica";
-        _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
-      };
-      variables.NIXOS_CONFIGURATION_REVISION = inputs.config.system.configurationRevision;
+      XDG_CACHE_HOME = "$HOME/.cache";
+      XDG_CONFIG_HOME = "$HOME/.config";
+      XDG_DATA_HOME = "$HOME/.local/share";
+      XDG_STATE_HOME = "$HOME/.local/state";
+      # ANDROID_HOME = "${XDG_DATA_HOME}/android";
+      HISTFILE= "${XDG_STATE_HOME}/bash/history";
+      CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
+      DOCKER_CONFIG = "${XDG_CONFIG_HOME}/docker";
+      GNUPGHOME = "${XDG_DATA_HOME}/gnupg";
+      GTK2_RC_FILES = "${XDG_CONFIG_HOME}/gtk-2.0/gtkrc";
+      XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
+      MATHEMATICA_USERBASE = "${XDG_CONFIG_HOME}/mathematica";
+      _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
    };
    i18n =
      { defaultLocale = "C.UTF-8"; supportedLocales = [ "zh_CN.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "C.UTF-8/UTF-8" ]; };
--- a/modules/system/envfs.nix
+++ b/modules/system/envfs.nix
@@ -2,11 +2,11 @@ inputs:
 {
  options.nixos.system.envfs = let inherit (inputs.lib) mkOption types; in
  {
-    enable = mkOption { type = types.bool; default = false; };
+    enable = mkOption { type = types.bool; default = true; };
  };
-  config = inputs.lib.mkIf inputs.config.nixos.system.envfs.enable (inputs.lib.mkMerge
+  config = inputs.lib.mkMerge
  [
    (builtins.elemAt inputs.topInputs.envfs.nixosModules.envfs.imports 0 inputs)
    { environment.variables.ENVFS_RESOLVE_ALWAYS = "1"; }
-  ]);
+  ];
 }
--- a/modules/system/fileSystems/default.nix
+++ b/modules/system/fileSystems/default.nix
@@ -60,11 +60,7 @@ inputs:
    rollingRootfs = mkOption
    {
      type = types.nullOr (types.submodule { options =
-      {
-        device = mkOption { type = types.nonEmptyStr; default = "/dev/mapper/root"; };
-        path = mkOption { type = types.nonEmptyStr; default = "/nix/rootfs"; };
-        waitDevices = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
-      };});
+        { device = mkOption { type = types.nonEmptyStr; }; path = mkOption { type = types.nonEmptyStr; }; }; });
      default = null;
    };
  };
@@ -231,7 +227,6 @@ inputs:
              grep = "${inputs.pkgs.gnugrep}/bin/grep";
              awk = "${inputs.pkgs.gawk}/bin/awk";
              chattr = "${inputs.pkgs.e2fsprogs}/bin/chattr";
-              lsmod = "${inputs.pkgs.kmod}/bin/lsmod";
            };
            services.roll-rootfs =
            {
@@ -240,28 +235,21 @@ inputs:
              before = [ "local-fs-pre.target" "sysroot.mount" ];
              unitConfig.DefaultDependencies = false;
              serviceConfig.Type = "oneshot";
-              script =
-                let
-                  inherit (fileSystems.rollingRootfs) device path waitDevices;
-                  waitDevice = concatStringsSep "\n" (builtins.map
-                    (device: "while ! [ -e ${device} ]; do sleep 1; done") (waitDevices ++ [ device ]));
-                in
-                ''
-                  while ! lsmod | grep -q btrfs; do sleep 1; done
-                  ${waitDevice}
-                  mount ${device} /mnt -m
-                  if [ -f /mnt${path}/current/.timestamp ]
-                  then
-                    timestamp=$(cat /mnt${path}/current/.timestamp)
-                    subvolid=$(btrfs subvolume show /mnt${path}/current | grep 'Subvolume ID:' | awk '{print $NF}')
-                    mv /mnt${path}/current /mnt${path}/$timestamp-$subvolid
-                    btrfs property set -ts /mnt${path}/$timestamp-$subvolid ro true
-                  fi
-                  btrfs subvolume create /mnt${path}/current
-                  chattr +C /mnt${path}/current
-                  echo $(date '+%Y%m%d%H%M%S') > /mnt${path}/current/.timestamp
-                  umount /mnt
-                '';
+              script = let inherit (fileSystems.rollingRootfs) device path; in
+              ''
+                mount ${device} /mnt -m
+                if [ -f /mnt${path}/current/.timestamp ]
+                then
+                  timestamp=$(cat /mnt${path}/current/.timestamp)
+                  subvolid=$(btrfs subvolume show /mnt${path}/current | grep 'Subvolume ID:' | awk '{print $NF}')
+                  mv /mnt${path}/current /mnt${path}/$timestamp-$subvolid
+                  btrfs property set -ts /mnt${path}/$timestamp-$subvolid ro true
+                fi
+                btrfs subvolume create /mnt${path}/current
+                chattr +C /mnt${path}/current
+                echo $(date '+%Y%m%d%H%M%S') > /mnt${path}/current/.timestamp
+                umount /mnt
+              '';
            };
          };
        }
--- a/modules/system/gui.nix
+++ b/modules/system/gui.nix
@@ -17,12 +17,9 @@ inputs:
      services.xserver =
      {
        enable = true;
-        displayManager =
-        {
-          sddm.enable = true;
-          defaultSession = "plasmawayland";
-        };
+        displayManager = { sddm.enable = true; defaultSession = "plasmawayland"; };
        desktopManager.plasma5.enable = true;
+        videoDrivers = inputs.config.nixos.hardware.gpus;
      };
      systemd.services.display-manager = { after = [ "network-online.target" ]; enable = gui.autoStart; };
      environment =
--- a/modules/system/impermanence.nix
+++ b/modules/system/impermanence.nix
@@ -56,7 +56,7 @@ inputs:
        {
          users.chn =
          {
-            directories = [ ".cache" ".config/fontconfig" ];
+            directories = [ ".cache" ];
          };
        } else {});
        "${impermanence.nodatacow}" =
--- a/modules/system/kernel/default.nix
+++ b/modules/system/kernel/default.nix
@@ -2,7 +2,6 @@ inputs:
 {
  options.nixos.system.kernel = let inherit (inputs.lib) mkOption types; in
  {
-    varient = mkOption { type = types.enum [ "lts" "latest" ]; default = "lts"; };
    patches = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
    modules =
    {
@@ -34,18 +33,13 @@ inputs:
      extraModulePackages = (with inputs.config.boot.kernelPackages; [ v4l2loopback ]) ++ kernel.modules.install;
      extraModprobeConfig = builtins.concatStringsSep "\n" kernel.modules.modprobeConfig;
      kernelParams = [ "delayacct" "acpi_osi=Linux" "acpi.ec_no_wakeup=1" ];
-      kernelPackages =
-      {
-        lts = inputs.pkgs.linuxPackages_xanmod;
-        latest = inputs.pkgs.linuxPackages_xanmod_latest;
-      }.${kernel.varient};
+      kernelPackages = inputs.pkgs.linuxPackages_xanmod_latest;
      kernelPatches =
        let
          patches =
          {
            cjktty =
-            [{
-              name = "cjktty";
+            {
              patch =
                let
                  version = builtins.splitVersion inputs.config.boot.kernelPackages.kernel.version;
@@ -61,16 +55,14 @@ inputs:
                      {
                        "6.1" = "11ddiammvjxx2m9v32p25l1ai759a1d6xhdpszgnihv7g2fzigf5";
                        "6.6" = "19ib0syj3207ifr315gdrnpv6nhh435fmgl05c7k715nng40i827";
-                        "6.7" = "1yfsmc0873xiwlirir0xfp9zyrpd09q1srgr3z4rl7i7lxzaqls8";
                      };
                    in hashes."${major}.${minor}";
                };
              extraStructuredConfig =
                { FONT_CJK_16x16 = inputs.lib.kernel.yes; FONT_CJK_32x32 = inputs.lib.kernel.yes; };
-            }];
+            };
            lantian =
-            [{
-              name = "lantian";
+            {
              patch = null;
              # pick from xddxdd/nur-packages dce93a
              extraStructuredConfig = with inputs.lib.kernel;
@@ -87,48 +79,9 @@ inputs:
                HZ_250 = inputs.lib.mkForce no;
                HZ = inputs.lib.mkForce (freeform "1000");
              };
-            }];
-            surface =
-              let
-                version =
-                  let versionArray = builtins.splitVersion inputs.config.boot.kernelPackages.kernel.version;
-                  in "${builtins.elemAt versionArray 0}.${builtins.elemAt versionArray 1}";
-                kernelPatches = builtins.map
-                  (file:
-                  {
-                    name = "surface-${file.name}";
-                    patch = "${inputs.topInputs.linux-surface}/patches/${version}/${file.name}";
-                  })
-                  (builtins.filter
-                    (file: file.value == "regular")
-                    (inputs.localLib.attrsToList (builtins.readDir
-                      "${inputs.topInputs.linux-surface}/patches/${version}")));
-                kernelConfig = builtins.removeAttrs
-                  (builtins.listToAttrs (builtins.concatLists (builtins.map
-                    (configString:
-                      if builtins.match "CONFIG_.*=." configString == [] then
-                      (
-                        let match = builtins.match "CONFIG_(.*)=(.)" configString; in with inputs.lib.kernel;
-                        [{
-                          name = builtins.elemAt match 0;
-                          value = { m = module; y = yes; }.${builtins.elemAt match 1};
-                        }]
-                      )
-                      else if builtins.match "# CONFIG_.* is not set" configString == [] then
-                      [{
-                        name = builtins.elemAt (builtins.match "# CONFIG_(.*) is not set" configString) 0;
-                        value = inputs.lib.kernel.unset;
-                      }]
-                      else if builtins.match "#.*" configString == [] then []
-                      else if configString == "" then []
-                      else throw "could not parse: ${configString}"
-                    )
-                    (inputs.lib.strings.splitString "\n"
-                      (builtins.readFile "${inputs.topInputs.linux-surface}/configs/surface-${version}.config")))))
-                  [ "VIDEO_IPU3_IMGU" ];
-              in kernelPatches ++ [{ name = "surface-config"; patch = null; extraStructuredConfig = kernelConfig; }];
-            hibernate-progress = [{ name = "hibernate-progress"; patch = ./hibernate-progress.patch; }];
+            };
          };
-        in builtins.concatLists (builtins.map (name: patches.${name}) kernel.patches);
+        in
+          builtins.map (name: { inherit name; } // patches.${name}) kernel.patches;
    };};
 }
--- a/modules/system/kernel/hibernate-progress.patch
+++ b/modules/system/kernel/hibernate-progress.patch
@@ -1,116 +0,0 @@
-diff --git a/kernel/power/swap.c b/kernel/power/swap.c
-index d44f5937f1e5..8905c0438b64 100644
--- a/kernel/power/swap.c
-+++ b/kernel/power/swap.c
-@@ -552,7 +552,7 @@ static int save_image(struct swap_map_handle *handle,
- 
- 	hib_init_batch(&hb);
- 
-	pr_info("Saving image data pages (%u pages)...\n",
-+	pr_err("Saving image data pages (%u pages)...\n",
- 		nr_to_write);
- 	m = nr_to_write / 10;
- 	if (!m)
-@@ -567,7 +567,7 @@ static int save_image(struct swap_map_handle *handle,
- 		if (ret)
- 			break;
- 		if (!(nr_pages % m))
-			pr_info("Image saving progress: %3d%%\n",
-+			pr_err("Image saving progress: %3d%%\n",
- 				nr_pages / m * 10);
- 		nr_pages++;
- 	}
-@@ -577,7 +577,7 @@ static int save_image(struct swap_map_handle *handle,
- 	if (!ret)
- 		ret = err2;
- 	if (!ret)
-		pr_info("Image saving done\n");
-+		pr_err("Image saving done\n");
- 	swsusp_show_speed(start, stop, nr_to_write, "Wrote");
- 	return ret;
- }
-@@ -767,8 +767,8 @@ static int save_image_lzo(struct swap_map_handle *handle,
- 	 */
- 	handle->reqd_free_pages = reqd_free_pages();
- 
-	pr_info("Using %u thread(s) for compression\n", nr_threads);
-	pr_info("Compressing and saving image data (%u pages)...\n",
-+	pr_err("Using %u thread(s) for compression\n", nr_threads);
-+	pr_err("Compressing and saving image data (%u pages)...\n",
- 		nr_to_write);
- 	m = nr_to_write / 10;
- 	if (!m)
-@@ -789,7 +789,7 @@ static int save_image_lzo(struct swap_map_handle *handle,
- 				       data_of(*snapshot), PAGE_SIZE);
- 
- 				if (!(nr_pages % m))
-					pr_info("Image saving progress: %3d%%\n",
-+					pr_err("Image saving progress: %3d%%\n",
- 						nr_pages / m * 10);
- 				nr_pages++;
- 			}
-@@ -860,7 +860,7 @@ static int save_image_lzo(struct swap_map_handle *handle,
- 	if (!ret)
- 		ret = err2;
- 	if (!ret)
-		pr_info("Image saving done\n");
-+		pr_err("Image saving done\n");
- 	swsusp_show_speed(start, stop, nr_to_write, "Wrote");
- out_clean:
- 	hib_finish_batch(&hb);
-@@ -1071,7 +1071,7 @@ static int load_image(struct swap_map_handle *handle,
- 	hib_init_batch(&hb);
- 
- 	clean_pages_on_read = true;
-	pr_info("Loading image data pages (%u pages)...\n", nr_to_read);
-+	pr_err("Loading image data pages (%u pages)...\n", nr_to_read);
- 	m = nr_to_read / 10;
- 	if (!m)
- 		m = 1;
-@@ -1089,7 +1089,7 @@ static int load_image(struct swap_map_handle *handle,
- 		if (ret)
- 			break;
- 		if (!(nr_pages % m))
-			pr_info("Image loading progress: %3d%%\n",
-+			pr_err("Image loading progress: %3d%%\n",
- 				nr_pages / m * 10);
- 		nr_pages++;
- 	}
-@@ -1099,7 +1099,7 @@ static int load_image(struct swap_map_handle *handle,
- 	if (!ret)
- 		ret = err2;
- 	if (!ret) {
-		pr_info("Image loading done\n");
-+		pr_err("Image loading done\n");
- 		snapshot_write_finalize(snapshot);
- 		if (!snapshot_image_loaded(snapshot))
- 			ret = -ENODATA;
-@@ -1283,8 +1283,8 @@ static int load_image_lzo(struct swap_map_handle *handle,
- 	}
- 	want = ring_size = i;
- 
-	pr_info("Using %u thread(s) for decompression\n", nr_threads);
-	pr_info("Loading and decompressing image data (%u pages)...\n",
-+	pr_err("Using %u thread(s) for decompression\n", nr_threads);
-+	pr_err("Loading and decompressing image data (%u pages)...\n",
- 		nr_to_read);
- 	m = nr_to_read / 10;
- 	if (!m)
-@@ -1414,7 +1414,7 @@ static int load_image_lzo(struct swap_map_handle *handle,
- 				       data[thr].unc + off, PAGE_SIZE);
- 
- 				if (!(nr_pages % m))
-					pr_info("Image loading progress: %3d%%\n",
-+					pr_err("Image loading progress: %3d%%\n",
- 						nr_pages / m * 10);
- 				nr_pages++;
- 
-@@ -1440,7 +1440,7 @@ static int load_image_lzo(struct swap_map_handle *handle,
- 	}
- 	stop = ktime_get();
- 	if (!ret) {
-		pr_info("Image loading done\n");
-+		pr_err("Image loading done\n");
- 		snapshot_write_finalize(snapshot);
- 		if (!snapshot_image_loaded(snapshot))
- 			ret = -ENODATA;
--- a/modules/system/networking/default.nix
+++ b/modules/system/networking/default.nix
@@ -1,5 +1,9 @@
 inputs:
 {
+  imports = inputs.localLib.mkModules
+  [
+    ./nebula
+  ];
  options.nixos.system.networking = let inherit (inputs.lib) mkOption types; in
  {
    hostname = mkOption { type = types.nonEmptyStr; };
--- a/modules/system/networking/nebula/ca.crt
+++ b/modules/system/networking/nebula/ca.crt
@@ -0,0 +1,5 @@
+-----BEGIN NEBULA CERTIFICATE-----
+CkAKDm5lYnVsYS5jaG4ubW9lKLCXwacGMLD+xbYGOiDwt/rshddhDhyoSVl52cJA
+LEgU1ea4Q4L28v/MVXOkUUABEkANATGg8DOPwHmwq6xN2DATxYDCibb5x3qSctHx
+RIr8UAr2TlvOQfzoBw3v4DWsqaEC1U5Hw6iQsQp5sQ8DGU4O
+-----END NEBULA CERTIFICATE-----
--- a/modules/system/networking/nebula/default.nix
+++ b/modules/system/networking/nebula/default.nix
@@ -0,0 +1,54 @@
+inputs:
+{
+  options.nixos.system.networking.nebula = let inherit (inputs.lib) mkOption types; in
+  {
+    enable = mkOption { type = types.bool; default = false; };
+    # null: is lighthouse; non-empty string: is not lighthouse, and use this string as lighthouse address.
+    lighthouse = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
+    useRelay = mkOption { type = types.bool; default = false; };
+  };
+  config =
+    let
+      inherit (inputs.lib) mkIf;
+      inherit (inputs.config.nixos.system.networking) nebula;
+      inherit (builtins) concatStringsSep;
+    in mkIf nebula.enable
+    {
+      services.nebula.networks.nebula =
+      {
+        enable = true;
+        ca = ./ca.crt;
+        # nebula-cert sign -name 1p9p -ip 192.168.82.4/24
+        cert = ./. + "/${inputs.config.nixos.system.networking.hostname}.crt";
+        key = inputs.config.sops.templates."nebula/key-template".path;
+        firewall.inbound = [ { host = "any"; port = "any"; proto = "any"; } ];
+        firewall.outbound = [ { host = "any"; port = "any"; proto = "any"; } ];
+      }
+      // (
+        if nebula.lighthouse == null then { isLighthouse = true; isRelay = true; }
+        else
+        {
+          lighthouses = [ "192.168.82.1" ];
+          relays = if nebula.useRelay then [ "192.168.82.1" ] else [];
+          staticHostMap."192.168.82.1" = [ "${nebula.lighthouse}:4242" ];
+        }
+      );
+      sops =
+      {
+        templates."nebula/key-template" =
+        {
+          content = concatStringsSep "\n"
+          [
+            "-----BEGIN NEBULA X25519 PRIVATE KEY-----"
+            inputs.config.sops.placeholder."nebula/key"
+            "-----END NEBULA X25519 PRIVATE KEY-----"
+          ];
+          owner = inputs.config.systemd.services."nebula@nebula".serviceConfig.User;
+          group = inputs.config.systemd.services."nebula@nebula".serviceConfig.Group;
+        };
+        secrets."nebula/key" = {};
+      };
+      networking.firewall.trustedInterfaces = [ "nebula.nebula" ];
+      systemd.services."nebula@nebula" = { after = [ "network-online.target" ]; serviceConfig.Restart = "always"; };
+    };
+}
--- a/modules/system/networking/nebula/nas.crt
+++ b/modules/system/networking/nebula/nas.crt
@@ -0,0 +1,6 @@
+-----BEGIN NEBULA CERTIFICATE-----
+CmEKA25hcxIKhKShhQyA/v//DyiRxoCoBjCv/sW2BjoghACiJywxa2n7Aki9/HEU
+q2KpxFE+1Eshcgiy09UagFxKICju+bVGfbNKKrhV7SCNXhazgyVZYigGrzfpvHza
+nafWEkDfhP5lh+/rFLPZslxaU+jy1swpr+oipToAnZ9Lw5Wlefpmxo/8mTBb4a8T
+0jhdUC8x4ETwta6LbtWfo7uPinAJ
+-----END NEBULA CERTIFICATE-----
--- a/modules/system/networking/nebula/pc.crt
+++ b/modules/system/networking/nebula/pc.crt
@@ -0,0 +1,6 @@
+-----BEGIN NEBULA CERTIFICATE-----
+CmAKAnBjEgqDpKGFDID+//8PKO2hwacGMK/+xbYGOiB7i4bfFMM0+9q52Dj4/Y8h
+0IaBkutBjmkeaLQ80a8FXEogKO75tUZ9s0oquFXtII1eFrODJVliKAavN+m8fNqd
+p9YSQD7vjiZOcMzKvz98diLoX8PudoxsovuOrU22EEBvNi80Lhoi41axLsFORzDu
+El34B/13QO0hi2tlviZvJbI91Ao=
+-----END NEBULA CERTIFICATE-----
--- a/modules/system/networking/nebula/vps6.crt
+++ b/modules/system/networking/nebula/vps6.crt
@@ -0,0 +1,6 @@
+-----BEGIN NEBULA CERTIFICATE-----
+CmIKBHZwczYSCoGkoYUMgP7//w8ohJnBpwYwr/7FtgY6IPKlZIGl2zkbjoEbmZho
+7mMfTWkx0XppzZup96IROdJYSiAo7vm1Rn2zSiq4Ve0gjV4Ws4MlWWIoBq836bx8
+2p2n1hJAOvcgC7UjiOGvq9oyv86vdrppIkjOxwz7znpDJAeNrxEURSTsmeCCB7BO
+6rEQZ6b4kXqgRXr08OpBnW6FeMvFCA==
+-----END NEBULA CERTIFICATE-----
--- a/modules/system/networking/nebula/vps7.crt
+++ b/modules/system/networking/nebula/vps7.crt
@@ -0,0 +1,6 @@
+-----BEGIN NEBULA CERTIFICATE-----
+CmIKBHZwczcSCoKkoYUMgP7//w8o0tLQpwYwr/7FtgY6IAfUVax3Lgpt4p9jI4XE
+kVkigGDyTo4jeMbTexago5oKSiAo7vm1Rn2zSiq4Ve0gjV4Ws4MlWWIoBq836bx8
+2p2n1hJAQ9rquY/z2yiw6fuOCmBF4tT+358MnMd0S6p6fv5fivDsdj7mRLIvmtRl
+NRQWKWoHePoivyLu89ZtvyQwFSNRAw==
+-----END NEBULA CERTIFICATE-----
--- a/modules/system/nix.nix
+++ b/modules/system/nix.nix
@@ -17,13 +17,12 @@ inputs:
        system-features = [ "big-parallel" "nixos-test" "benchmark" ];
        experimental-features = [ "nix-command" "flakes" ];
        keep-failed = true;
-        max-substitution-jobs = 4;
+        max-substitution-jobs = 1;
        trusted-public-keys = [ "chn:Cc+nowW1LIpe1kyXOZmNaznFDiH1glXmpb4A+WD/DTE=" ];
        show-trace = true;
-        max-jobs = 4;
+        max-jobs = 1;
        cores = 0;
        keep-going = true;
-        keep-outputs = true;
      };
      systemd.services.nix-daemon = { serviceConfig.CacheDirectory = "nix"; environment.TMPDIR = "/var/cache/nix"; };
    }
@@ -57,18 +56,17 @@ inputs:
    }
    # marches
    {
-      nix.settings.system-features =
-      (map
+      nix.settings.system-features = map
        (march: "gccarch-${march}")
        (
          if nix.marches == null then
            (with inputs.config.nixos.system.nixpkgs; if march == null then [] else [ march ])
          else nix.marches
-        ))
-      ++ (with inputs.config.nixos.system.nixpkgs; if march == null then [] else [ "nvhpcarch-${march}" ]);
+        );
    }
    # includeBuildDependencies
    {
+      nix.settings.keep-outputs = nix.includeBuildDependencies;
      system.includeBuildDependencies = nix.includeBuildDependencies;
    }
    # substituters
--- a/modules/system/nixpkgs.nix
+++ b/modules/system/nixpkgs.nix
@@ -9,6 +9,7 @@ inputs:
      capabilities = mkOption { type = types.nullOr (types.nonEmptyListOf types.nonEmptyStr); default = null; };
      forwardCompat = mkOption { type = types.nullOr types.bool; default = null; };
    };
+    replaceTensorflow = mkOption { type = types.bool; default = false; };
  };
  config =
    let
@@ -17,102 +18,141 @@ inputs:
      inherit (inputs.lib.strings) hasPrefix splitString;
      inherit (inputs.localLib) mkConditional attrsToList;
      inherit (inputs.config.nixos.system) nixpkgs;
-    in
-    {
-      nixpkgs =
-        let
-          permittedInsecurePackages =
-            [ "openssl_1_1" "electron_19" "python2" "electron_12" "electron_24" "zotero" "electron_25" ];
-          hostPlatform = if nixpkgs.march != null
-            then { system = "x86_64-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; }
-            else "x86_64-linux";
-          cudaConfig = inputs.lib.optionalAttrs nixpkgs.cuda.enable
-          (
-            { cudaSupport = true; }
-            // (inputs.lib.optionalAttrs (nixpkgs.cuda.capabilities != null)
-              { cudaCapabilities = nixpkgs.cuda.capabilities; })
-            // (inputs.lib.optionalAttrs (nixpkgs.cuda.forwardCompat != null)
-              { cudaForwardCompat = nixpkgs.cuda.forwardCompat; })
-            // (inputs.lib.optionalAttrs (nixpkgs.march != null) { nvhpcArch = nixpkgs.march; })
-          );
-        in
-        {
-          inherit hostPlatform;
-          config = cudaConfig //
+    in mkMerge
+    [
+      {
+        nixpkgs =
+          let
+            permittedInsecurePackages =
+              [ "openssl_1_1" "electron_19" "python2" "electron_12" "electron_24" "zotero" "electron_25" ];
+            hostPlatform = mkConditional (nixpkgs.march != null)
+              { system = "x86_64-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; }
+              "x86_64-linux";
+            noBuildPackages = [];
+            # noBuildPackages =
+            # [
+            #   # chromium
+            #   "chromium" "electron" "webkitgtk"
+            #   # old python release
+            #   "python310"
+            #   # nodejs
+            #   "nodejs"
+            #   # haskell
+            #   "haskell"
+            #   # libreoffice
+            #   "libreoffice" "libreoffice-qt" "libreoffice-fresh"
+            #   # java
+            #   "openjdk" "jetbrains"
+            # ];
+          in
          {
-            permittedInsecurePackages = map
-              (package: inputs.pkgs.${package}.name)
-              (filter (package: inputs.pkgs ? ${package}) permittedInsecurePackages);
-            allowUnfree = true;
-            qchem-config = { optArch = nixpkgs.march; useCuda = nixpkgs.cuda.enable; };
-            oneapiArch = mkIf (nixpkgs.march != null) nixpkgs.march;
-          };
-          overlays =
-          [(final: prev:
-            let
-              genericPackages = import inputs.topInputs.nixpkgs
-              {
-                system = "x86_64-linux";
-                config =
+            inherit hostPlatform;
+            config =
+            {
+              permittedInsecurePackages = map
+                (package: inputs.pkgs.${package}.name)
+                (filter (package: inputs.pkgs ? ${package}) permittedInsecurePackages);
+              allowUnfree = true;
+              qchem-config = { optArch = nixpkgs.march; useCuda = nixpkgs.cuda.enable; };
+              oneapiArch = mkIf (nixpkgs.march != null) nixpkgs.march;
+            };
+            overlays =
+            [(final: prev:
+              let
+                genericPackages = import inputs.topInputs.nixpkgs
                {
-                  allowUnfree = true;
-                  permittedInsecurePackages = let pkgs = inputs.topInputs.nixpkgs.legacyPackages.x86_64-linux; in map
-                    (package: pkgs.${package}.name)
-                    (filter (package: pkgs ? ${package}) permittedInsecurePackages);
-                };
-              };
-            in
-              { inherit genericPackages; }
-              // (
-                let
-                  source =
+                  system = "x86_64-linux";
+                  config =
                  {
-                    unstablePackages = "nixpkgs-unstable";
-                    "pkgs-23.05" = "nixpkgs-23.05";
-                    "pkgs-22.11" = "nixpkgs-22.11";
-                    "pkgs-22.05" = "nixpkgs-22.05";
+                    allowUnfree = true;
+                    permittedInsecurePackages = let pkgs = inputs.topInputs.nixpkgs.legacyPackages.x86_64-linux; in map
+                      (package: pkgs.${package}.name)
+                      (filter (package: pkgs ? ${package}) permittedInsecurePackages);
                  };
-                  packages = name: import inputs.topInputs.${source.${name}}
+                };
+                targetPythonVersion = inputs.lib.lists.take 2 (splitString "." genericPackages.python3.version);
+                targetPythonName = "python${concatStringsSep "" targetPythonVersion}";
+              in
+                { inherit genericPackages; }
+                // {
+                  unstablePackages = import inputs.topInputs.nixpkgs-unstable
                  {
                    localSystem = hostPlatform;
-                    config = cudaConfig //
+                    config =
                    {
                      allowUnfree = true;
                      permittedInsecurePackages =
-                        let pkgs = inputs.topInputs.${source.${name}}.legacyPackages.x86_64-linux;
+                        let pkgs = inputs.topInputs.nixpkgs-unstable.legacyPackages.x86_64-linux;
                        in map
                          (package: pkgs.${package}.name)
                          (filter (package: pkgs ? ${package}) permittedInsecurePackages);
                    };
                  };
-                in builtins.listToAttrs (map
-                  (name: { inherit name; value = packages name; }) (builtins.attrNames source))
-              )
-              // (inputs.lib.optionalAttrs (nixpkgs.march != null)
-                  { embree = prev.embree.override { stdenv = final.genericPackages.stdenv; }; })
-          )];
-        };
-      programs.ccache = { enable = true; cacheDir = "/var/lib/ccache"; };
-      nix.settings.extra-sandbox-paths = [ inputs.config.programs.ccache.cacheDir ];
-      boot.kernelPatches = mkIf (nixpkgs.march != null)
-      [{
-        name = "native kernel";
-        patch = null;
-        extraStructuredConfig =
-          let
-            kernelConfig =
-            {
-              alderlake = "MALDERLAKE";
-              sandybridge = "MSANDYBRIDGE";
-              silvermont = "MSILVERMONT";
-              broadwell = "MBROADWELL";
-              skylake = "MSKYLAKE";
-              znver2 = "MZEN2";
-              znver3 = "MZEN3";
-              znver4 = "MZEN4";
-            };
-          in { GENERIC_CPU = inputs.lib.kernel.no; ${kernelConfig.${nixpkgs.march}} = inputs.lib.kernel.yes; };
-      }];
-      environment.systemPackages = mkIf nixpkgs.cuda.enable [ inputs.pkgs.cudatoolkit ];
-    };
+                }
+                // (
+                  if nixpkgs.march != null then
+                    let replacedPackages = filter
+                      (package: let pname = tryEval genericPackages.${package}.pname or null;
+                        in (pname.success && (builtins.elem pname.value noBuildPackages)
+                          || builtins.elem package noBuildPackages))
+                      (filter
+                        (package: builtins.any (prefix: hasPrefix prefix package) noBuildPackages)
+                        (attrNames genericPackages));
+                    in listToAttrs (map
+                      (package: { name = package; value = genericPackages.${package}; })
+                      replacedPackages)
+                  else {}
+                )
+                // (
+                  if nixpkgs.march != null then
+                    { embree = prev.embree.override { stdenv = final.genericPackages.stdenv; }; }
+                  else {}
+                )
+                // (
+                  if nixpkgs.replaceTensorflow then
+                  {
+                    ${targetPythonName} = prev.${targetPythonName}.override { packageOverrides = final: prev:
+                    {
+                      tensorflow = prev.tensorflow.override
+                      {
+                        cudaSupport = false;
+                        customBazelBuild = genericPackages.${targetPythonName}.pkgs.tensorflow.passthru.bazel-build;
+                      };
+                    };};
+                  }
+                  else {}
+                )
+            )];
+          };
+        programs.ccache = { enable = true; cacheDir = "/var/lib/ccache"; };
+        nix.settings.extra-sandbox-paths = [ inputs.config.programs.ccache.cacheDir ];
+        boot.kernelPatches = mkIf (nixpkgs.march != null)
+        [{
+          name = "native kernel";
+          patch = null;
+          extraStructuredConfig =
+            let
+              kernelConfig =
+              {
+                alderlake = "MALDERLAKE";
+                sandybridge = "MSANDYBRIDGE";
+                silvermont = "MSILVERMONT";
+                broadwell = "MBROADWELL";
+                skylake = "MSKYLAKE";
+                znver2 = "MZEN2";
+                znver3 = "MZEN3";
+                znver4 = "MZEN4";
+              };
+            in { GENERIC_CPU = inputs.lib.kernel.no; ${kernelConfig.${nixpkgs.march}} = inputs.lib.kernel.yes; };
+        }];
+      }
+      {
+        nixpkgs.config = mkIf nixpkgs.cuda.enable
+        (
+          { cudaSupport = true; }
+            // (if nixpkgs.cuda.capabilities != null then { cudaCapabilities = nixpkgs.cuda.capabilities; } else {})
+            // (if nixpkgs.cuda.forwardCompat != null then { cudaForwardCompat = nixpkgs.cuda.forwardCompat; }
+              else {}));
+      }
+    ];
 }
--- a/modules/system/sops.nix
+++ b/modules/system/sops.nix
@@ -14,7 +14,7 @@ inputs:
      sops =
      {
        defaultSopsFile =
-          "${inputs.topInputs.self}/devices/${inputs.config.nixos.system.networking.hostname}/secrets/default.yaml";
+          "${inputs.topInputs.self}/secrets/${inputs.config.nixos.system.networking.hostname}/default.yaml";
        # sops start before impermanence, so we need to use the absolute path
        age.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_ed25519_key" ];
        gnupg.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_rsa_key" ];
--- a/modules/system/user.nix
+++ b/modules/system/user.nix
@@ -13,8 +13,6 @@ inputs:
        yjq = 1002;
        yxy = 1003;
        zem = 1004;
-        gb = 1005;
-        test = 1006;
        misskey-misskey = 2000;
        misskey-misskey-old = 2001;
        frp = 2002;
--- a/modules/users/chn/default.nix
+++ b/modules/users/chn/default.nix
@@ -1,6 +1,6 @@
 inputs:
 {
-  imports = inputs.localLib.mkModules [ ./plasma ];
+  # imports = inputs.localLib.mkModules [ ./plasma.nix ];
  config =
    let
      inherit (inputs.lib) mkIf;
@@ -11,7 +11,7 @@ inputs:
      users.users.chn =
      {
        extraGroups = inputs.lib.intersectLists
-          [ "users" "adbusers" "networkmanager" "wheel" "wireshark" "libvirtd" "video" "audio" "groupshare" ]
+          [ "adbusers" "networkmanager" "wheel" "wireshark" "libvirtd" "video" "audio" "groupshare" ]
          (builtins.attrNames inputs.config.users.groups);
        shell = inputs.pkgs.zsh;
        autoSubUidGidRange = true;
@@ -46,10 +46,7 @@ inputs:
            }
            // (listToAttrs (map
              (system: { name = system; value.forwardAgent = true; })
-              [
-                "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.pc" "nas" "wireguard.nas"
-                "wireguard.surface" "xmupc1" "wireguard.xmupc1" "xmupc2" "wireguard.xmupc2"
-              ]));
+              [ "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.pc" "nas" "wireguard.nas" ]));
          };
          home.packages =
          [
--- a/modules/users/chn/plasma.nix
+++ b/modules/users/chn/plasma.nix
@@ -0,0 +1,251 @@
+inputs:
+{
+  config.home-manager.users.chn.config.programs.plasma =
+  {
+    enable = true;
+    shortcuts = inputs.lib.mkMerge
+    [
+      # firefox
+      { "firefox.desktop"._launch = "Meta+B"; }
+      # crow translate
+      { "io.crow_translate.CrowTranslate.desktop".TranslateSelectedText = "Ctrl+Alt+E"; }
+      # display
+      {
+        kded5.display = [ "Display" "Meta+P" ];
+        kwin = { view_actual_size = "Meta+0"; view_zoom_in = [ "Meta++" "Meta+=" ]; view_zoom_out = "Meta+-"; };
+        org_kde_powerdevil =
+        {
+          "Decrease Screen Brightness" = "Monitor Brightness Down";
+          "Increase Screen Brightness" = "Monitor Brightness Up";
+        };
+      }
+      # volume
+      {
+        kmix =
+        {
+          decrease_volume = "Volume Down";
+          increase_volume = "Volume Up";
+          mic_mute = [ "Meta+Volume Mute" ];
+          mute = "Volume Mute";
+        };
+      }
+      # session
+      {
+        ksmserver = { "Lock Session" = [ "Meta+L" "Screensaver" ]; "Log Out" = "Ctrl+Alt+Del"; };
+        org_kde_powerdevil."Turn Off Screen" = "Meta+Ctrl+L";
+      }
+      # window
+      {
+        kwin =
+        {
+          Overview = "Meta+Tab";
+          "Show Desktop" = "Meta+D";
+          "Suspend Compositing" = "Alt+Shift+F12";
+          "Walk Through Windows" = "Alt+Tab";
+          "Walk Through Windows (Reverse)" = "Alt+Shift+Backtab";
+          "Window Above Other Windows" = "Meta+Shift+PgUp";
+          "Window Below Other Windows" = "Meta+Shift+PgDown";
+          "Window Close" = "Alt+F4";
+          "Window Maximize" = "Meta+PgUp";
+          "Window Minimize" = "Meta+PgDown";
+          "Window Operations Menu" = "Alt+F3";
+          "Window Quick Tile Bottom" = "Meta+Down";
+          "Window Quick Tile Left" = "Meta+Left";
+          "Window Quick Tile Right" = "Meta+Right";
+          "Window Quick Tile Top" = "Meta+Up";
+        };
+      }
+      # virtual desktop
+      {
+        kwin =
+        {
+          "Switch One Desktop Down" = "Meta+Ctrl+Down";
+          "Switch One Desktop Up" = "Meta+Ctrl+Up";
+          "Switch One Desktop to the Left" = "Meta+Ctrl+Left";
+          "Switch One Desktop to the Right" = "Meta+Ctrl+Right";
+          "Window One Desktop Down" = "Meta+Ctrl+Shift+Down";
+          "Window One Desktop Up" = "Meta+Ctrl+Shift+Up";
+          "Window One Desktop to the Left" = "Meta+Ctrl+Shift+Left";
+          "Window One Desktop to the Right" = "Meta+Ctrl+Shift+Right";
+        };
+      }
+      # media
+      {
+        mediacontrol =
+        {
+          nextmedia = "Media Next";
+          pausemedia = "Media Pause";
+          playpausemedia = [ "Pause" "Media Play" ];
+          previousmedia = "Media Previous";
+          stopmedia = "Media Stop";
+        };
+      }
+      # dolphin
+      { "org.kde.dolphin.desktop"._launch = "Meta+E"; }
+      # konsole
+      { "org.kde.konsole.desktop"._launch = "Ctrl+Alt+T"; }
+      # krunner
+      { "org.kde.krunner.desktop"._launch = "Alt+Space"; }
+      # screenshot
+      {
+        "org.kde.spectacle.desktop" =
+        {
+          OpenWithoutScreenshot = "Ctrl+Print";
+          RectangularRegionScreenShot = "Print";
+        };
+      }
+      # settings
+      { "systemsettings.desktop"._launch = "Meta+I"; }
+      # yakuake
+      { yakuake.toggle-window-state = "Meta+Space"; }
+      # virt-manager
+      { "virt-manager.desktop"._launch = "Meta+V"; }
+    ];
+    configFile = inputs.lib.mkMerge
+    [
+      # baloo
+      # "baloofilerc"."Basic Settings"."Indexing-Enabled" = false;
+      # dolphin
+      {
+        dolphinrc =
+        {
+          General = { ShowFullPath = true; FilterBar = true; RememberOpenedTabs = false; };
+          PreviewSettings.Plugins = builtins.concatStringsSep ","
+          [
+            "blenderthumbnail"
+            "comicbookthumbnail"
+            "djvuthumbnail"
+            "ebookthumbnail"
+            "exrthumbnail"
+            "marble_thumbnail_geojson"
+            "marble_thumbnail_gpx"
+            "jpegthumbnail"
+            "marble_thumbnail_kmz"
+            "marble_thumbnail_kml"
+            "kraorathumbnail"
+            "windowsimagethumbnail"
+            "windowsexethumbnail"
+            "mltpreview"
+            "mobithumbnail"
+            "opendocumentthumbnail"
+            "marble_thumbnail_osm"
+            "palathumbcreator"
+            "gsthumbnail"
+            "rawthumbnail"
+            "svgthumbnail"
+            "imagethumbnail"
+            "fontthumbnail"
+            "directorythumbnail"
+            "textthumbnail"
+            "webarchivethumbnail"
+            "ffmpegthumbs"
+            "audiothumbnail"
+          ];
+        };
+      }
+      # theme
+      {
+        kcminputrc.Mouse.cursorTheme = "breeze_cursors";
+      }
+
+    ]
+    {
+
+
+
+
+      "kcminputrc"."Mouse"."cursorTheme" = "breeze_cursors";
+      "kdeglobals"."KDE"."widgetStyle" = "kvantum";
+      "kdeglobals"."KFileDialog Settings"."Allow Expansion" = true;
+      "kdeglobals"."KFileDialog Settings"."Automatically select filename extension" = true;
+      "kdeglobals"."KFileDialog Settings"."Show Bookmarks" = true;
+      "kdeglobals"."KFileDialog Settings"."Show Full Path" = true;
+      "kdeglobals"."KFileDialog Settings"."Show Inline Previews" = true;
+      "kdeglobals"."KFileDialog Settings"."Show Preview" = true;
+      "kdeglobals"."KFileDialog Settings"."Show Speedbar" = true;
+      "kdeglobals"."KFileDialog Settings"."Show hidden files" = true;
+      "kdeglobals"."KFileDialog Settings"."Sort by" = "Name";
+      "kdeglobals"."KFileDialog Settings"."Sort directories first" = true;
+      "kdeglobals"."KFileDialog Settings"."Sort hidden files last" = true;
+      "kdeglobals"."KFileDialog Settings"."View Style" = "DetailTree";
+
+      "krunnerrc"."General"."FreeFloating" = true;
+      "krunnerrc"."Plugins"."baloosearchEnabled" = false;
+      "kscreenlockerrc"."Daemon"."Autolock" = false;
+
+      # https://www.fanbox.cc/@peas0125/posts/5405326
+      "kscreenlockerrc"."Greeter.Wallpaper.org.kde.image.General"."Image" = ./wallpaper/fanbox-5405326-x4-chop.png;
+      "kscreenlockerrc"."Greeter.Wallpaper.org.kde.image.General"."PreviewImage" =
+        ./wallpaper/fanbox-5405326-x4-chop.png;
+
+
+      "kwinrc"."Effect-blur"."BlurStrength" = 10;
+      "kwinrc"."Effect-kwin4_effect_translucency"."MoveResize" = 75;
+      "kwinrc"."Effect-wobblywindows"."AdvancedMode" = true;
+      "kwinrc"."Effect-wobblywindows"."Drag" = 85;
+      "kwinrc"."Effect-wobblywindows"."Stiffness" = 10;
+      "kwinrc"."Effect-wobblywindows"."WobblynessLevel" = 1;
+      "kwinrc"."Plugins"."blurEnabled" = true;
+      "kwinrc"."Plugins"."contrastEnabled" = false;
+      "kwinrc"."Plugins"."kwin4_effect_dimscreenEnabled" = true;
+      "kwinrc"."Plugins"."kwin4_effect_translucencyEnabled" = true;
+      "kwinrc"."Plugins"."padding" = 4;
+      "kwinrc"."Plugins"."wobblywindowsEnabled" = true;
+      "kwinrc"."SubSession: 3435a388-a8b3-4d1d-9794-b8c30162ce16"."active" = "-1";
+      "kwinrc"."SubSession: 3435a388-a8b3-4d1d-9794-b8c30162ce16"."count" = 0;
+      "kwinrc"."SubSession: 6a473a77-85df-4e49-8c74-bdb06d1f0efd"."active" = "-1";
+      "kwinrc"."SubSession: 6a473a77-85df-4e49-8c74-bdb06d1f0efd"."count" = 0;
+      "kwinrc"."Tiling"."padding" = 4;
+      "kwinrc"."Wayland"."InputMethod[$e]" = "/run/current-system/sw/share/applications/org.fcitx.Fcitx5.desktop";
+      "kwinrc"."Windows"."RollOverDesktops" = true;
+      "kwinrc"."Xwayland"."Scale" = 1;
+      "kwinrc"."Xwayland"."XwaylandEavesdrops" = "Combinations";
+      "kwinrc"."org.kde.kdecoration2"."ButtonsOnLeft" = "M";
+      "kwinrc"."org.kde.kdecoration2"."ButtonsOnRight" = "BFIAX";
+      "kwinrulesrc"."06734e18-08f2-47f9-a6dc-9085d95fe9b0"."Description" = "org.kde.kruler 的设置";
+      "kwinrulesrc"."06734e18-08f2-47f9-a6dc-9085d95fe9b0"."above" = true;
+      "kwinrulesrc"."06734e18-08f2-47f9-a6dc-9085d95fe9b0"."aboverule" = 2;
+      "kwinrulesrc"."06734e18-08f2-47f9-a6dc-9085d95fe9b0"."skipswitcher" = true;
+      "kwinrulesrc"."06734e18-08f2-47f9-a6dc-9085d95fe9b0"."skipswitcherrule" = 2;
+      "kwinrulesrc"."06734e18-08f2-47f9-a6dc-9085d95fe9b0"."wmclass" = "org.kde.kruler";
+      "kwinrulesrc"."06734e18-08f2-47f9-a6dc-9085d95fe9b0"."wmclassmatch" = 1;
+      "kwinrulesrc"."1"."Description" = "element 的设置";
+      "kwinrulesrc"."1"."activity" = "00000000-0000-0000-0000-000000000000";
+      "kwinrulesrc"."1"."activityrule" = 2;
+      "kwinrulesrc"."1"."wmclass" = "element";
+      "kwinrulesrc"."1"."wmclassmatch" = 1;
+      "kwinrulesrc"."2"."Description" = "org.telegram.desktop 的设置";
+      "kwinrulesrc"."2"."activity" = "00000000-0000-0000-0000-000000000000";
+      "kwinrulesrc"."2"."activityrule" = 2;
+      "kwinrulesrc"."2"."wmclass" = "org.telegram.desktop";
+      "kwinrulesrc"."2"."wmclassmatch" = 1;
+      "kwinrulesrc"."3"."Description" = "org.kde.kruler 的设置";
+      "kwinrulesrc"."3"."above" = true;
+      "kwinrulesrc"."3"."aboverule" = 2;
+      "kwinrulesrc"."3"."skipswitcher" = true;
+      "kwinrulesrc"."3"."skipswitcherrule" = 2;
+      "kwinrulesrc"."3"."wmclass" = "org.kde.kruler";
+      "kwinrulesrc"."3"."wmclassmatch" = 1;
+      "kwinrulesrc"."8c1ccf0b-abf4-4d24-a848-522a76a2440d"."Description" = "element 的设置";
+      "kwinrulesrc"."8c1ccf0b-abf4-4d24-a848-522a76a2440d"."activity" = "00000000-0000-0000-0000-000000000000";
+      "kwinrulesrc"."8c1ccf0b-abf4-4d24-a848-522a76a2440d"."activityrule" = 2;
+      "kwinrulesrc"."8c1ccf0b-abf4-4d24-a848-522a76a2440d"."wmclass" = "element";
+      "kwinrulesrc"."8c1ccf0b-abf4-4d24-a848-522a76a2440d"."wmclassmatch" = 1;
+      "kwinrulesrc"."General"."count" = 3;
+      "kwinrulesrc"."General"."rules" = "1,2,3";
+      "kwinrulesrc"."e75e010c-c094-4e6c-a98e-fe011e563466"."Description" = "org.telegram.desktop 的设置";
+      "kwinrulesrc"."e75e010c-c094-4e6c-a98e-fe011e563466"."activity" = "00000000-0000-0000-0000-000000000000";
+      "kwinrulesrc"."e75e010c-c094-4e6c-a98e-fe011e563466"."activityrule" = 2;
+      "kwinrulesrc"."e75e010c-c094-4e6c-a98e-fe011e563466"."wmclass" = "org.telegram.desktop";
+      "kwinrulesrc"."e75e010c-c094-4e6c-a98e-fe011e563466"."wmclassmatch" = 1;
+      "kxkbrc"."Layout"."DisplayNames" = "";
+      "kxkbrc"."Layout"."LayoutList" = "us";
+      "kxkbrc"."Layout"."Use" = true;
+      "kxkbrc"."Layout"."VariantList" = "";
+      "plasma-localerc"."Formats"."LANG" = "en_US.UTF-8";
+      "plasma-localerc"."Translations"."LANGUAGE" = "zh_CN";
+      "plasmanotifyrc"."Notifications"."PopupPosition" = "BottomRight";
+      "plasmarc"."Wallpapers"."usersWallpapers" = "/home/chn/Desktop/.桌面/twin_96734339_x2.png,/home/chn/Desktop/.桌面/E_yCTfDUUAgykjX_x8.jpeg,/home/chn/Desktop/.桌面/102692178_p0_[L1][x2.00].png,/home/chn/Desktop/.桌面/111392869_p0.png,/home/chn/Desktop/.桌面/HlszomyrfyxKLtpkVixEtikq_x4_chop.png";
+    };
+  };
+}
--- a/modules/users/chn/plasma/autostart.nix
+++ b/modules/users/chn/plasma/autostart.nix
@@ -1,77 +0,0 @@
-inputs:
-{
-  config = inputs.lib.mkIf inputs.config.nixos.system.gui.enable
-  {
-    home-manager.users.chn.config.home.file =
-      let
-        programs =
-        {
-          nheko = rec
-          {
-            fileName = "nheko.desktop";
-            path = inputs.pkgs.writeText fileName (builtins.replaceStrings
-                [ "Exec=nheko %u" ] [ "Exec=bash -c 'sleep 5 && nheko'" ]
-                (builtins.readFile "${inputs.pkgs.nheko}/share/applications/${fileName}"));
-          };
-          kclockd = rec
-          {
-            fileName = "org.kde.kclockd-autostart.desktop";
-            path = "${inputs.pkgs.plasma5Packages.kdeGear.kclock}/etc/xdg/autostart/${fileName}";
-          };
-          yakuake = rec
-          {
-            fileName = "org.kde.yakuake.desktop";
-            path = "${inputs.pkgs.yakuake}/share/applications/${fileName}";
-          };
-          telegram = rec
-          {
-            fileName = "org.telegram.desktop.desktop";
-            path = inputs.pkgs.writeText fileName (builtins.replaceStrings
-                [ "Exec=telegram-desktop -- %u" ] [ "Exec=bash -c 'sleep 5 && telegram-desktop -autostart'" ]
-                (builtins.readFile "${inputs.pkgs.telegram-desktop}/share/applications/${fileName}"));
-          };
-          element = rec
-          {
-            fileName = "element-desktop.desktop";
-            path = inputs.pkgs.writeText fileName (builtins.replaceStrings
-                [ "Exec=element-desktop %u" ] [ "Exec=element-desktop --hidden" ]
-                (builtins.readFile "${inputs.pkgs.element-desktop.desktopItem}/share/applications/${fileName}"));
-          };
-          kmail = rec
-          {
-            fileName = "org.kde.kmail2.desktop";
-            path = "${inputs.pkgs.kmail}/share/applications/${fileName}";
-          };
-          discord = rec
-          {
-            fileName = "discord.desktop";
-            path = inputs.pkgs.writeText fileName (builtins.replaceStrings
-                [ "Exec=Discord" ] [ "Exec=Discord --start-minimized" ]
-                (builtins.readFile "${inputs.pkgs.discord.desktopItem}/share/applications/${fileName}"));
-          };
-          crow-translate = rec
-          {
-            fileName = "io.crow_translate.CrowTranslate.desktop";
-            path = "${inputs.pkgs.crow-translate}/share/applications/${fileName}";
-          };
-        };
-        devices =
-        {
-          pc = [ "nheko" "kclockd" "yakuake" "telegram" "element" "kmail" "discord" "crow-translate" ];
-          surface = [ "kclockd" "yakuake" "telegram" "element" "crow-translate" ];
-        };
-      in builtins.listToAttrs (builtins.map
-        (file:
-        {
-          name = ".config/autostart/${programs.${file}.fileName}";
-          value.source = programs.${file}.path;
-        })
-        (devices.${inputs.config.nixos.system.networking.hostname} or []));
-    environment.persistence =
-      let impermanence = inputs.config.nixos.system.impermanence;
-      in inputs.lib.mkIf impermanence.enable
-      {
-        "${impermanence.root}".users.chn.directories = [ ".config/autostart" ];
-      };
-  };
-}
--- a/modules/users/chn/plasma/default.nix
+++ b/modules/users/chn/plasma/default.nix
@@ -1,4 +0,0 @@
-inputs:
-{
-  imports = inputs.localLib.mkModules [ ./autostart.nix ./wallpaper ./shortcuts.nix ./theme.nix ];
-}
--- a/modules/users/chn/plasma/shortcuts.nix
+++ b/modules/users/chn/plasma/shortcuts.nix
@@ -1,100 +0,0 @@
-inputs:
-{
-  config = inputs.lib.mkIf inputs.config.nixos.system.gui.enable
-  {
-    home-manager.users.chn.config.programs.plasma =
-    {
-      overrideConfig = true;
-      overrideConfigFiles = [ "kglobalshortcutsrc" "khotkeysrc" ];
-      spectacle.shortcuts.captureRectangularRegion = "Print";
-      shortcuts = inputs.lib.mkMerge
-      [
-        # firefox
-        { "firefox.desktop"._launch = "Meta+B"; }
-        # crow translate
-        { "io.crow_translate.CrowTranslate.desktop".TranslateSelectedText = "Ctrl+Alt+E"; }
-        # display
-        {
-          kded5.display = [ "Display" "Meta+P" ];
-          kwin = { view_actual_size = "Meta+0"; view_zoom_in = [ "Meta++" "Meta+=" ]; view_zoom_out = "Meta+-"; };
-          org_kde_powerdevil =
-          {
-            "Decrease Screen Brightness" = "Monitor Brightness Down";
-            "Increase Screen Brightness" = "Monitor Brightness Up";
-          };
-        }
-        # volume
-        {
-          kmix =
-          {
-            decrease_volume = "Volume Down";
-            increase_volume = "Volume Up";
-            mic_mute = [ "Meta+Volume Mute" ];
-            mute = "Volume Mute";
-          };
-        }
-        # session
-        {
-          ksmserver = { "Lock Session" = [ "Meta+L" "Screensaver" ]; "Log Out" = "Ctrl+Alt+Del"; };
-          org_kde_powerdevil."Turn Off Screen" = "Meta+Ctrl+L";
-        }
-        # window
-        {
-          kwin =
-          {
-            ExposeAll = "Meta+Tab";
-            "Show Desktop" = "Meta+D";
-            "Suspend Compositing" = "Alt+Shift+F12";
-            "Walk Through Windows" = "Alt+Tab";
-            "Walk Through Windows (Reverse)" = "Alt+Shift+Backtab";
-            "Window Above Other Windows" = "Meta+Shift+Up";
-            "Window Below Other Windows" = "Meta+Shift+Down";
-            "Window Close" = "Alt+F4";
-            "Window Maximize" = "Meta+Ctrl+Up";
-            "Window Minimize" = "Meta+Ctrl+Down";
-            "Window Operations Menu" = "Alt+F3";
-            "Window Quick Tile Bottom" = "Meta+Down";
-            "Window Quick Tile Left" = "Meta+Left";
-            "Window Quick Tile Right" = "Meta+Right";
-            "Window Quick Tile Top" = "Meta+Up";
-          };
-        }
-        # virtual desktop
-        {
-          kwin =
-          {
-            "Switch One Desktop to the Left" = [ "Ctrl+PgUp" "Ctrl+Num+PgUp" ];
-            "Switch One Desktop to the Right" = [ "Ctrl+PgDown" "Ctrl+Num+PgDown" ];
-            "Window One Desktop to the Left" = [ "Meta+Ctrl+PgUp" "Meta+Ctrl+Num+PgUp" ];
-            "Window One Desktop to the Right" = [ "Meta+Ctrl+PgDown" "Meta+Ctrl+Num+PgDown" ];
-          };
-        }
-        # media
-        {
-          mediacontrol =
-          {
-            nextmedia = "Media Next";
-            pausemedia = "Media Pause";
-            playpausemedia = [ "Pause" "Media Play" ];
-            previousmedia = "Media Previous";
-            stopmedia = "Media Stop";
-          };
-        }
-        # dolphin
-        { "org.kde.dolphin.desktop"._launch = "Meta+E"; }
-        # konsole
-        { "org.kde.konsole.desktop"._launch = "Ctrl+Alt+T"; }
-        # krunner
-        { "org.kde.krunner.desktop"._launch = "Alt+Space"; }
-        # settings
-        { "systemsettings.desktop"._launch = "Meta+I"; }
-        # yakuake
-        { yakuake.toggle-window-state = "Meta+Space"; }
-        # virt-manager
-        { "virt-manager.desktop"._launch = "Meta+V"; }
-        # system monitor
-        { "org.kde.plasma-systemmonitor.desktop"._launch = "Meta+Esc"; }
-      ];
-    };
-  };
-}
--- a/modules/users/chn/plasma/theme.nix
+++ b/modules/users/chn/plasma/theme.nix
@@ -1,36 +0,0 @@
-inputs:
-{
-  config = inputs.lib.mkIf inputs.config.nixos.system.gui.enable
-  {
-    home-manager.users.chn.config.programs.plasma =
-    {
-      workspace =
-      {
-        theme = "Fluent-round-light";
-        colorScheme = "FluentLight";
-        cursorTheme = "Breeze_Snow";
-        lookAndFeel = "com.github.vinceliuice.Fluent-round-light";
-        iconTheme = "Tela-circle";
-      };
-      configFile =
-      {
-        kdeglobals.KDE.widgetStyle = "kvantum";
-        "Kvantum/kvantum.kvconfig".General.theme = "Fluent-round";
-        kwinrc =
-        {
-          Effect-blur.BlurStrength = 10;
-          Effect-kwin4_effect_translucency.MoveResize = 75;
-          Effect-wobblywindows = { AdvancedMode = true; Drag = 85; Stiffness = 10; WobblynessLevel = 1; };
-          Plugins =
-          {
-            blurEnabled = true;
-            kwin4_effect_dimscreenEnabled = true;
-            kwin4_effect_translucencyEnabled = true;
-            padding = 4;
-            wobblywindowsEnabled = true;
-          };
-        };
-      };
-    };
-  };
-}
--- a/modules/users/chn/plasma/wallpaper/default.nix
+++ b/modules/users/chn/plasma/wallpaper/default.nix
@@ -1,13 +0,0 @@
-inputs:
-{
-  config.home-manager.users.chn.config.programs.plasma.configFile =
-    let wallpaper = "${./pixiv-96734339-x2.png}"; in
-    {
-      "plasma-org.kde.plasma.desktop-appletsrc" =
-      {
-        "Containments.1".wallpaperplugin = "a2n.blur";
-        "Containments.1.Wallpaper.a2n\\.blur.General".Image = wallpaper;
-      };
-      kscreenlockerrc."Greeter.Wallpaper.org\\.kde\\.image.General" = { Image = wallpaper; PreviewImage = wallpaper; };
-    };
-}
--- a/modules/users/chn/plasma/wallpaper/fanbox-5405326.png
+++ b/modules/users/chn/plasma/wallpaper/fanbox-5405326.png
--- a/modules/users/chn/plasma/wallpaper/fanbox-6682738.png
+++ b/modules/users/chn/plasma/wallpaper/fanbox-6682738.png
--- a/modules/users/chn/plasma/wallpaper/pixiv-111392869.png
+++ b/modules/users/chn/plasma/wallpaper/pixiv-111392869.png
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				`1k9anln9hmdjflrkq4iacrmhma7gfrfj6d0b8ywxys0wfpdvy12v`
				`@@ -1 +0,0 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVbOvoFVaGkqYzIWsmMFlpkE+TDAONOWWaJBQ0K4fiOLy7uh02b/jYNZrbllPDP+Gq+ikYEJnJX2ceDsh9mLtJTznBQXgJOMUZDYy0enu7hYLKMmRTgJntzHjMbZENMhP+I3N9JnQ1PQz7lICg1xkEBQm2CESYCCjo0rJKYplPH1bo02myEazKlKTn6tu40ysrYOoJO8+jwbUDqtWATjSZtgYojuh6dbIoK3O+Ntgwl4W0NqXEqXYXTWpU0qKOqAsP/9F9WJ5d1wVNNbvmcAJ26dkYaiPCNgW4MGTucAgoxM6IPVVj9U+OEZLoCPsqAGCT02vH5MoDNTmGaSv0DjuYOzz5C+jAhMCznXFXCI4bfawvuda/WwGIniB5iKNSBZt3XxYyUw4YBcVCNiWUt9bIgEvnR4E8HYHdjNrbQ0Z58L6DcPSySLQer7C658Vo/nRUlBq6lIWYhcdjxHHkP9iFtuFW1HmoUKkuaLl+uiflrSppX9wt8eaPwGgGIHkLwgc=
				`@@ -1 +0,0 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCa7ZRmIAtuGd58MQXnJnPqmad+6u8JiBKb7+xEfMmVdeVtJ5lEfXCkZ0vbSMxnGZCLL3eVxdejaGToLw+ArEJ1cl6KzZdsdGy1wATFtJj4oYHtZ/MXg+qulNR4nQ6DGWfGR7FEXjZNaJfVuLBFBmUlsbotBdhaAJzw5+nnIxY5d86nfqzsYstMqB/1ZHLRTV9h/jp8XNgnUu1BR/oVk4eMvzTUbr42LedeB1anLnI0+ycAzol/XMpsUNuRLVhYhMbg9rpyoZF1WMBTjG2Jnv9JtCpJlnZaOjzh3eD8PBuyZtGyya7QxVkhH4ULUMNnuyi8E0IOJwdN4cQi61fa7rLtsYfUrN2w0nI/WRLiBxiuPbvq4tKeHi8DpM/MrUbZONY2eFo4CaX9sxYN6U65jDfsbK3x6Za0HhVt8zcPLGgESm4Y6O8YTQrdbpL1ifNFX2Y9B++FQw2iRoqa6U0Wrs6SfVQFp1RqnqSl6fLOCixl16PpHWqRilweKbg3uIMEqEc=