暂存

devices.xmupc1: add tunnel guide
users.zqq: add ssh key
2026-01-12 20:59:23 +08:00 · 2024-08-22 09:59:14 +08:00 · 2024-08-21 20:04:40 +08:00 · 2024-08-21 19:09:24 +08:00 · 2024-08-21 19:03:04 +08:00 · 2024-08-21 18:31:59 +08:00
318 changed files with 6859 additions and 3811 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -2,3 +2,4 @@
 *.icm filter=lfs diff=lfs merge=lfs -text
 *.jpg filter=lfs diff=lfs merge=lfs -text
 *.webp filter=lfs diff=lfs merge=lfs -text
+*.efi filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,5 @@
 result
-result-man
+result-*
 outputs
 .direnv
 build
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,6 +1,7 @@
 keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
  - &chn age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
  - &pc age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
+  - &vps4 age1nnd6u8l20julg4jz4l6kw5gmj6h2tsngpm7n8dx59umgw2s66y4shq6jv4
  - &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
  - &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
  - &surface age1ck5vzs0xqx0jplmuksrkh45xwmkm2t05m2wyq5k2w2mnkmn79fxs6tvl3l
@@ -8,12 +9,18 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
  - &xmupc1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
  - &xmupc2 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
  - &pi3b age1yjgswvexp0x0de0sw4u6hamruzeluxccmx2enxazl6pwhhsr2s9qlxdemq
+  - &pcvm age1jmu4jym0e0xkq5shx2g7ef4xzre94vaxy2n4fcn0kp94dtlupdxqkzyyp7
 creation_rules:
  - path_regex: devices/pc/.*$
    key_groups:
    - age:
      - *chn
      - *pc
+  - path_regex: devices/vps4/.*$
+    key_groups:
+    - age:
+      - *chn
+      - *vps4
  - path_regex: devices/vps6/.*$
    key_groups:
    - age:
@@ -49,3 +56,8 @@ creation_rules:
    - age:
      - *chn
      - *pi3b
+  - path_regex: devices/pcvm/.*$
+    key_groups:
+    - age:
+      - *chn
+      - *pcvm
--- a/bugs.md
+++ b/bugs.md
@@ -1,6 +0,0 @@
-* pc: 使用 cachyos 内核时，一些外接显示器无法使用。
-* pc: 使用 amd 显卡时，原神明显卡顿。
-* 桌面壁纸无法保存
-* 桌面任务栏设置无法保存
-* xray 没有放行防火墙指定的端口
-* gtk 没有主题
--- a/devices/jykang.xmuhpc/.bashrc
+++ b/devices/jykang.xmuhpc/.bashrc
@@ -22,6 +22,7 @@ if [ -z "${BASHRC_SOURCED-}" ]; then
 	export HPCSTAT_DATADIR=$HOME/linwei/chn/software/hpcstat/var/lib/hpcstat
 	export HPCSTAT_SHAREDIR=$HOME/linwei/chn/software/hpcstat/share/hpcstat
 	export HPCSTAT_SSH_BINDIR=$HOME/linwei/chn/software/hpcstat/bin
+	export HPCSTAT_DUC_BINDIR=$HOME/linwei/chn/software/hpcstat/bin
 	export HPCSTAT_BSUB=/opt/ibm/lsfsuite/lsf/10.1/linux2.6-glibc2.3-x86_64/bin/bsub
 	${HPCSTAT_SSH_BINDIR}/hpcstat login
 	if [ "$?" -ne 0 ]; then
--- a/devices/jykang.xmuhpc/.ssh/authorized_keys
+++ b/devices/jykang.xmuhpc/.ssh/authorized_keys
@@ -3,12 +3,13 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDWAfyfDFctbzJTiuK9IPw3yFLqt7vqd/T0/HoZfH/b
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJ/jzUQ6QuAjnAryvpWk7TReS6pnHxhEXY9RonojKkurhfYSQO/IlxDMDq23TFXcgu8iZG4cS6MADgx/KNZD/MjuN9YNCIEGvMwzWvB0oM25BC6Vf3iKDmhH06rZKH6/g5GN+HWoCN4yE/+MhIpegFO3+YMpveXwEESlyoIjPvcW+RwmlNJevrHd83ETYDQ4AybWyJo6en5tz2ngr22HaK4MtxgrqnIN/KorY+nrzTNa7VBC7BaZc1tA5FLwUeCXtuzp2ibfrxoGUAiDig4FW09ijCk3Y77y7aNVI2nw5y28nCV5rgVMh5fejtNVqIqku7p+8qgjxvY6veATG0lYgZgw2ldnDGDNbEGxcCnKKmCgZMxok8zTRsniZ91KuHkcl2L7xUo7kdQYzBRwZyQ53eW+yPoqUya4yn272rscBEUMyZzmegfr1SXMqw/8zn+MZdr1KXEvrbfjX+2QL52GY3bfYUf3KFje+Sp88k688bRH0vrxj9BCOS7ovbyfe9BEU= xll@xmupc1
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtnVhZQsJfbs2w9hFZkx4qDhIs++7no+6r5TifP3Dq7epJYd2QYx4dI66XxTNhKxZjN6a4Xn5nFlYLtQJXOvzBLC8IBf1W5GCH0k/jqzzskS0/Ix/70HzcBwJk8ihWDkyON5Ki1BRCx34RNxth1BIxWyc5QT+lou+D92x8iAu/uOvmcAL3Ua0OlZwxw03hLp/PpS4ZnUqFjc2JVtarY7eQu/i3RwOZUaK6nT2EL8RObzk4xnieqsU5PWwA3voVjetqZaDQ+P7dimQXz/FaucroKxCNyTiy1oG4fdQpm2UDrH6ZfPvdQLYrtet6FQabXOxhV7MuR3jYtxZjs1kDVZIseIZ6IwjetaUoMxvIouRfYjOSIEo9Ek9o0+Yhku4r0uWmPDrymWugU1raMmlRxSUwdlzW+C7mQwtGbs/MG4MN4GWkM6id5DKlY2vYKUfrTzmhY1swCtzKq20fjvyX8qhJdcytgVlOrBZnPje6Qd55sI0RjdgJrBsxT2SYquez7U8= yjq@xmupc1
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDn1pfGen7kjPTHsbb8AgrUJWOeFPHK5S4M97Lcj3tvdcjZi2SXN6PwHQfh8/xGhZbTLPz/40S9O9/Dn30xkUTfnONirKt790jp7VEbOtPnjQPOd/KRNWlS3VV0BELuq5p633Mi13rP6JZtdKmU2uSkvvaUBfCppy3JaWv/B7HLJ48f8IzkdiT1px3dN1eQ4SFoHOiVG0ci5TGG6wfMdoAAnM9R1aXI4gDxnYjLYujpaNZ4hBOta/6ZK/PV0JufoXdIAZjubgk1Hv04XHXLR2Z0UhRM6x7UrZIOdM/LlnKmcVk408ZKEj/9m1xRyDsNoZ24CF++cmnwfBHrp9I5nvDI7xOTdZlOhzkiiPM3f4i6s2Qjdv4vpZ6AeE3Qt1LVQyAr67b4UMjHuYqSi2KgyCO6My2Ov2eRoS74EKcb8ejJv3O+XInmYUgDgTgDFT3CgQgK2DG45HiV6nOkaE/6iKx2JSOiYZTFc7TRcePfXF9JQD7dXFde6qm3EbIVyJIpCJ8= zem@xmupc1
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCW2fx1Sim7X2i/e/RBPEl1q/XbV7wa9pmZfnRINHIv24MCUgtNZ5GHEEW7dvzrQBeRj3I7CAyK8fbuhv/l8HuDtjxJJ1fmcBp9UG5vfpb/UTxayJxHBRrwokp2JL7HKVviI6d8FcNa/T0CMoUNYXnel6dE3B78k9Q0dDxlOGS1MzgsP3Pn66lm0ww9FRAVHe+KkhFmwyQ1VHUxHgK4QjCIt7+9+PJE7fK0aVWBsR309pui7Pbm6mgd4d6mwiBeVvxsNGnI4DsO1hz4N2GapuQy19PDiG7A4H41Z5RYQnv/3XTy4TBXOFQm77v6pyGkCmG6BGnRdvMB6C0hWPJvudbsA/BNp4ApL7/CrwTdLp1z6ToAOLvKrUQAM+hcbJimnFVMXqz7iSYg99XTnzue7ncecp19XiaDJbM47bGXcT4nTO5XaiMYi2xGAHIrij5GIuFF5ymKYSp5ejb1VucMdKlaaAmS10+wdUcuT7tzX/IuVr5aqg2dsxT5aJCRhZ1k2V0= xly@xmuhpc

 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmJoiGO5YD3lbbIOJ99Al2xxm6QS9q+dTCTtlALjYI5f9ICGZJT8PEGlV9BBNCRQdgb3i2LBzQi90Tq1oG6/PcTV3Mto2TawLz5+2+ym29eIq1QIhVTLmZskK815FpawWqxY6+xpGU3vP1WjrFBbhGtl+CCaN+P2TWNkrR8FjG2144hdAlFfEEqfQC+TXbsyJCYoExuxGDJo8ae0JGbz9w1A1UbjnHwKnoxvirTFEbw9IHJIcTdUwuQKOrwydboCOqeaHt74+BnnCOZhpYqMDacrknHITN4GfFFzbs6FsE8NAwFk6yvkNXXzoe60iveNXtCIYuWjG517LQgHAC5BdaPgqzYNg+eqSul72e+jjRs+KDioNqvprw+TcBBO1lXZ2VQFyWyAdV2Foyaz3Wk5qYlOpX/9JLEp6H3cU0XCFR25FdXmjQ4oXN1QEe+2akV8MQ9cWhFhDcbY8Q1EiMWpBVC1xbt4FwE8VCTByZOZsQ0wPVe/vkjANOo+brS3tsR18= 00@xmuhpc
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxcIWDQxVyIRqCGR4uWtrh4tLc025+q6du2GVsox8IzmBFkjNY8Au5GIMP5BKRstxFdg3f/wam8krckUN9rv5+OHB9U8HGz77Xs0FktqRVNMaDPdptePZQJ9A9eW3kkFDfQnORJtiVcEWfUBS3pi0QFOHylnG27YyC/Vjx9tjvtJWKsQEVTFJbFHPdi+G7lHTpqIGx+/a2JN9O6uVujXXYvjSVXsd+CWB9VMZMvYCIz2Ecb6RqR3brj4FhRRl8zyCj+J4ACYFdGWL98fTab2uPHbpVeKrefFFA43JOD/4zwBx/uw7MAQAq0GunTV3FpBfIAQHWgftf2fSlbz20oPjCwdYn9ZuGJOBUroryex7AKZmnSYM3biLHcctQfZtxqVPEU3W/62MUsI/kZb9RcF24JRksMoS2XWTiv2HFf5ijQGLXXOjqiTlGncwiKf65DwkDBsSxzgbXk5Uo86viq6UITFXPx/RytU+SUiN4Wb7wcBTjt/+tyQd1uqc7+3DCDXk= 01@xmuhpc
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkT/P4MnzxBh8sRi0oQ88duNpY/ejFtptGqUQJVobj23vbu7ju6x/yuXqnHFOLi/IOZgNl5oBhRlJekRL+FWMIwpPBA6MnbVNkHXvwu5kLXVTt0O9dhJfDiPPbYcNjOhw4o8aZMc0oEyz8xZgkPoIehHQda+K5vRhFnYCRgn2X92VY/dW1QqPJKEfN47Tsp00w8wyKixEvuJe8OBEoKDpiZYzbXJKuoKhCdMp0uMHMCojYuYP9rGZO6bHl7Q6cYotGx1jH2pe30Ujtm3Xbm44H1mhXr1K/lhcHfojSge8POqii+eaXSCzqRlXaWyvrL9JLaaRD7GfWDaRWSKDfN8Ha4mnUvRtObRMSLOnr2QOTLJw9QPnlDDxCd1q7yluKraccYnTQQP5JuBwkRqjuJTatd9b18Z14HffmXZNR7asT1sJXK1rWKeLTrZwqxpkuwLAnbr60PVwfMHZeZ6FVPXGZ4wQb22lFHvaZZCEJf+9QDXpDn5L59FlaBYO2Xwojj3s= 02@xmuhpc
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOF3LfnQiI8wpsXGn87bt7rbUZcgsdaOSOswk4Vf4dBautEdQZc0q+UDB2TlR2K8L7SPyywpl5z67euN5QRJLEwg8flTybiJp3EKDctYEM22sa36ONcSIJ/iHSdCkwtPXkBYreh9e+MAHfTroIKK5zM/P1QIN3NrknIXpWjLDF73ejrxE+EXRK6jbuWfo+5dnLnDoUFt1e+pYLZos5KRRB94Qt5I79D/cAg3hG+Zl2FCCOpn1hIdLo/kWJTKUPe61oUaIxriV6nCXp/pU1BHlM43hGowiHa4bVZIs8Eo4r7OI9thhSuS2BKSifibBKIicZtntSlS/I3xa5am28YLmrOiEXRsjPom7trO8qIhPfYOc/yFDg1gcpLxyNroCPooPBzPxUqrTT96Q4fDDTaqfyuVxQFxbYoFAqQs8/lw6WcGJ4fGC5JPsPiwoSdQy/B7gCfQcFjPXp1NH8Sx+xMLCmxRqdKSyeiEwoyB0tZ6ngaI73HFhCPX1/rLx3xv0zd/8= 03@xmuhpc
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC96jp6qFrWt4651Arg+Ua6AU3CjftZuounKLlZ8s268Lo9Cba+nmoOGRNzefqr+f6/7KmFKd9+jqS3ZnKFQbzRFVzzHHIT7tSlgxFRw+yb553/vgm7z6d0HGd3B7XjpIpR7DrM/unnXtiT/WuX+UIKKQ1S4kHp4fTJxZuwzYgNWDsT7O/5H7nBoRVuUSG/achCzTq5V5WfNjvrGZypCmcCw5MTH3Iab4qQ7fhRK46e/OpgSMmsY1ZuEynIwVtimW4G10MUWZdawN4LHBNsCDBmBu0H1DYBb9AUW5IuifAyFPPlTOPtuzpEganaMwotcXiAwhfPQg1c0TfbB4ZJPow612dzxcflHAJyFy2LXbiG0rF48h0GpW5gY92QkeMQcbybKOS5yVlXynNNg0nL1bx+reu7Fy4jurc0facTaqzpSiyXsBLSOva+DZrxl2MBDLEdykkQMNIY69GeeC2XIN4tbfGDYU8VVtwnXJUkmeHAge5ypI1kkPhYRDxPDspym9M= 04@xmuhpc
-
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9FmT0i2j9JsnyeVrEZP8gaWHnc5NnhJgb1sP8MP/pjx/GMEkms2LQvZYNw8MQvGA6HH/O2acy5NIdD69QkRlALXZlWpUQco8JDuJe7+2xkTMGPOAqB5YLMHRpFGHUmDMuSFGSg2YyLXaWXoWmib5xAvTL95xAcdNgp5xqWvO2N55edDeVOY5cTmIE2vC0nm5JSjMEMcIuqL8yJ3AweN4JkD8CVVy3po8f+krKsaYB+f21MqqSnCQ/cpKlWHuMN9k85hP/FB1E7gBXW/MuZ1uOm4IzjBhj8tYVN0UY7Mo2/9PhFqoBKGr6vs7Nx1mXBJ/A1lIKvW+ROvQ9ADpOfww6kPuHbX16gQ55JG7zneWeiP5pVaI4YZ4O1vAvARw/SaSFhRdpymPs5r+wdIDV9gGoqORrYqoPBz7Q02V71W+EV7WFAgxiJozO0vZwD9JJ2zivyIJfcVtIOMIvEhfsha7Hviut4JIOyoaEHjIZYsmvYHEeEBA4pTUHIUZlZj/St7U= 05@xmuhpc

 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJRWge2+B1Et03n/B4ALBcAnjvtWPPmcFAoIlLP8oFkB hpcstat
--- a/devices/nas/default.nix
+++ b/devices/nas/default.nix
@@ -10,12 +10,11 @@ inputs:
        {
          mount =
          {
-            vfat."/dev/disk/by-uuid/13BC-F0C9" = "/boot/efi";
+            vfat."/dev/disk/by-uuid/627D-1FAA" = "/boot";
            btrfs =
            {
-              "/dev/disk/by-uuid/0e184f3b-af6c-4f5d-926a-2559f2dc3063"."/boot" = "/boot";
              "/dev/mapper/nix"."/nix" = "/nix";
-              "/dev/mapper/root1" =
+              "/dev/mapper/root3" =
              {
                "/nix/rootfs" = "/nix/rootfs";
                "/nix/persistent" = "/nix/persistent";
@@ -30,8 +29,6 @@ inputs:
            enable = true;
            devices =
            {
-              "/dev/disk/by-uuid/5cf1d19d-b4a5-4e67-8e10-f63f0d5bb649".mapper = "root1";
-              "/dev/disk/by-uuid/aa684baf-fd8a-459c-99ba-11eb7636cb0d".mapper = "root2";
              "/dev/disk/by-uuid/a47f06e1-dc90-40a4-89ea-7c74226a5449".mapper = "root3";
              "/dev/disk/by-uuid/b3408fb5-68de-405b-9587-5e6fbd459ea2".mapper = "root4";
              "/dev/disk/by-uuid/a779198f-cce9-4c3d-a64a-9ec45f6f5495" = { mapper = "nix"; ssd = true; };
@@ -39,30 +36,25 @@ inputs:
            delayedMount = [ "/" "/nix" ];
          };
          swap = [ "/nix/swap/swap" ];
-          rollingRootfs.waitDevices = [ "/dev/mapper/root2" "/dev/mapper/root3" "/dev/mapper/root4" ];
+          rollingRootfs.waitDevices = [ "/dev/mapper/root4" ];
        };
        initrd.sshd.enable = true;
-        grub.installDevice = "efi";
        nixpkgs.march = "silvermont";
        nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
        networking = { hostname = "nas"; networkd = {}; };
-        kernel.variant = "xanmod-latest";
      };
      hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
      services =
      {
        snapper.enable = true;
-        samba = { enable = true; hostsAllowed = "192.168. 127."; shares = { home.path = "/home"; root.path = "/"; }; };
        sshd = {};
-        xray.client.dnsmasq.hosts."git.nas.chn.moe" = "127.0.0.1";
-        groupshare = {};
+        xray.client = { enable = true; dnsmasq.hosts."git.nas.chn.moe" = "127.0.0.1"; };
        smartd.enable = true;
        beesd.instances =
        {
          root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
          nix = { device = "/nix"; hashTableSizeMB = 128; };
        };
-        nginx = { enable = true; applications.webdav.instances."local.webdav.chn.moe" = {}; };
        wireguard =
        {
          enable = true;
@@ -70,10 +62,7 @@ inputs:
          publicKey = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
          wireguardIp = "192.168.83.4";
        };
-        hpcstat = {};
-        gitea = { enable = true; hostname = "git.nas.chn.moe"; ssh = { hostname = "office.chn.moe"; port = 5440; }; };
      };
-      user.users = [ "chn" "xll" "zem" "yjq" "gb" ];
    };
  };
 }
--- a/devices/nas/secrets.yaml
+++ b/devices/nas/secrets.yaml
@@ -2,26 +2,8 @@ xray-client:
    uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
 acme:
    token: ENC[AES256_GCM,data:OrYgBRU1VPpkpDzYMFHINfPSHsXEKABdZOcgiAiBJKcreBoaSVHUvg==,iv:XIeZPJhzmUi5ZHKBCYN5UA9HWH1K+26SvcIWVrHAYDA=,tag:3F93syLBZjcHwnRRkUEjlw==,type:str]
-users:
-    xll: ENC[AES256_GCM,data:XLSsz6fZ23PPaJS1Y5C3FAOks3wzb2f+Pv8TgyKrDBfMeoLk1M37A00OGJ2wsYxkuR0JV6Uoh+hhRpTUjOQnmLfQrBxPxxP8DA==,iv:jxEZX/flxxduM1sdrYfGHfMtFMYduMg0Lr6hY1pkAPg=,tag:CYy0y1e2S2Txz1OSh+XDHA==,type:str]
-    zem: ENC[AES256_GCM,data:VCVLfGO9a06XhAOBciFf1u7A5jaQikAt2wZf+dCAi1BglXpM6Hof1yAunadYOwLOBFgGlP19kX53CBBlZtaqZFL2GRDzXP0woQ==,iv:AFYtHCCkzNrllN/fjQ8GKYs2TyV3uj3BsU5n1tBQAmM=,tag:5dP7c5N4yG2NS4T+Vg0Zpg==,type:str]
-    yjq: ENC[AES256_GCM,data:yn6eGrySCxlRsFioaE2p1qlTHkIGC9l64+edjuDvt232xc+iFeD03EYfuulyr0GxYFwnlAwtaJnyMi5eOrSd1W6HeV3Canzdbw==,iv:qTc6vA8uQza8CB+BvffEN9GqHkiwNM4h9RkqQR14ylk=,tag:UZ2GYCJLjcWLuVXlscLviw==,type:str]
-    gb: ENC[AES256_GCM,data:jIR3EVdATYUgWmW4J8RdURJRmDBC84t0S/c2EzWwtFMtjgKlqg52fIfQ66i7RnIYRAoF+s4Ex0aLSejWgzQ69NA/AF0AIS7Y/Q==,iv:mvTCTP0E74QlvM8TcY4o49G5kNGs5HFx3YUrj6mCrwM=,tag:LXfIOyAB10XuHA6Cg7LBeQ==,type:str]
-nginx:
-    detectAuth:
-        chn: ENC[AES256_GCM,data:44vsExbVhO3gnD4Gme92eQ==,iv:LyDvZebs1sDL1/hZQiZdHoPBm4hXtBy56jR73zSH6Aw=,tag:w5xPHnK9XOSS0+97q8b5gQ==,type:str]
-    maxmind-license: ENC[AES256_GCM,data:JbAnFQiDcJGwvb89sG2ro77nwwOWcDnqVcA902jwb2zzZci7PpXROw==,iv:eifkWK0oN73Ekn3oWzy6XbYK2GU+4tlnLPJ+96WOWJY=,tag:35ulsshxtUfOsSQOLgAt0g==,type:str]
 wireguard:
    privateKey: ENC[AES256_GCM,data:VPlB4wSbWqSYw3rYRwfAMa39xrPcPZfz7sV2Cq3rmOhifnUPwggxnA+51do=,iv:utnyrB6Yfe5O94Oq4HDVFm/lQ9ZBoyvUT68r2G2PdwA=,tag:snm01vA+z2yKK8d2i5i2ig==,type:str]
-telegram:
-    token: ENC[AES256_GCM,data:NK9Eq3jUaMVNyPyqiXEkrc4m81c2CBg3p9TjpD8TQgKRYs2uxT9lsSrLMi02Rw==,iv:N2mjY9n7QuLD2PG4gNl79c933GTCCfw35XxluiLSuOA=,tag:ZLreEQoV+O0yhHw0CM00aQ==,type:str]
-    chat: ENC[AES256_GCM,data:XJi6HftAygFH,iv:ea2m41/YXp0VyxR9U84xMCHdknZBhP2QUiX6zsipaFc=,tag:+/Y2bvUwrQsLVGUZp0Imwg==,type:str]
-hpcstat:
-    key: ENC[AES256_GCM,data:3bMieouWGMEw8eu6z55TX66NAGiF/O5dRtnDTjDtNC3fmR4PTn+FreMZuA9+AjTPUm2GsS9esC6tULIzh+qTflnSrxqtTdKAbfqY6o8pPPpDJ9WWm4f/g3x8PnvlsyQDYCZ0MYKYg3cc6n60moCzv1WWlVsT8QUMTXQL3yb36vVzo4ELea4Gf2UkpfYKX89gFDtJK78srh7rj8rwoDiBs1qVUUnIBABUDLxoyC3Rym5yevrCJeFD+8AlIAIaMc62Kslw0lCCKKSaXGsFpppFYFwUTedi595eISEr4tIuPXVd4EECQchsYg+tInphIXebp/5rzXQM37yQEymImNRiMcxDWGR0B8Nq9XO+I5T8VOIb6xXCtvEeY2Z8nPfmUn9UHfvYzqFv3it5TCcd9J4SeBa2LVW8+YCIO/KitznL49O5SGAJUONIkcwMUhUuXQUFe/vnc+g8+yqB5ltCZtHWCOY2pCdmQpBRaZq55fcde5FNhxt3J8zCbu++oIn+ERSHadMIGMuGgGqzG6XDQJZN,iv:cbPCnNi2gX1gZIdcQd7HR3c/JEsWj3nv+x+OQ0bDs40=,tag:olrGr6t2Si39wl/1rR81ig==,type:str]
-postgresql:
-    gitea: ENC[AES256_GCM,data:qssnsnlaEKwEnLbnpX+XDs7JK/2DdK1cxD6U2NddpCPnwfOinP2cuc1HLnteWQfYZXTuYM3VOXDEXQB9CexILA==,iv:+TVoTuqmxIsTlNPngMBBWgIvP5EQD5ROHZI4u0mSJGE=,tag:6X8hewc5a6C6nbuD5WozCQ==,type:str]
-mail:
-    bot: ENC[AES256_GCM,data:ugfBeRM4Ks7j+V4lLOqHrA==,iv:QwXeSrfw+TTN5N42DaaA7YgpaIJX/E+kTv9p6eWSxEk=,tag:fLUDBhsvCbOiYqhq9TCzmw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -46,8 +28,8 @@ sops:
            by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
            kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-10T08:52:02Z"
-    mac: ENC[AES256_GCM,data:gKEZ0bxn+xCu7wPRCRpacErzqdajw4zNalUwZvldUP+Ygdq6KOMgjxvm3hy7GIBlhK2MLgps3X3sjdrUW1A7Tx5wiPtrqddVo5qiubZcuWqNO4SSoM2x/VxtHbKcZQMaNdIHXx3TUFjQ0tcsMuDBNNUZ192JJUDE/DaDyxTklq4=,iv:sZ98srsM68h59R9HHeh7gXdUBN2JtoWx+PhU1nsHgk0=,tag:N7211a4Jrp6AdPKhQCz65g==,type:str]
+    lastmodified: "2024-07-24T05:14:57Z"
+    mac: ENC[AES256_GCM,data:9xKBuoVeotcZfiqsKg+iXxOc5BV9kGVvR5f9Anu6DauBceYIBxgeVCDU3dRUPz67MkOK/n2w9+gLchQxUyK8G4ECRTESL+GKpZslNVThb2j6vswLXNBHqsQCoQBlYOiKw5ZM1gpdYJPni8qpsdGvTwc5JkW+FH6v1BdZWaUhc3U=,iv:SyLiMXsQhS+8FFlSMXiD9ETD+mIsz6mePXnJzBODK5g=,tag:YpiU58lJ5Nb78EMyEmJdbw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/devices/pc/bios/Bootx64.efi
+++ b/devices/pc/bios/Bootx64.efi
--- a/devices/pc/bios/DisplayEngine.efi
+++ b/devices/pc/bios/DisplayEngine.efi
--- a/devices/pc/bios/SetupBrowser.efi
+++ b/devices/pc/bios/SetupBrowser.efi
--- a/devices/pc/bios/UiApp.efi
+++ b/devices/pc/bios/UiApp.efi
--- a/devices/pc/default.nix
+++ b/devices/pc/default.nix
@@ -10,29 +10,20 @@ inputs:
        {
          mount =
          {
-            vfat."/dev/disk/by-uuid/E58F-416A" = "/boot/efi";
-            btrfs =
-            {
-              "/dev/disk/by-uuid/066be4fd-8617-4fe1-9654-c133c2996d33"."/" = "/boot";
-              "/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
-            };
+            vfat."/dev/disk/by-uuid/7A60-4232" = "/boot";
+            btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
          };
          decrypt.auto =
          {
-            "/dev/disk/by-uuid/4c73288c-bcd8-4a7e-b683-693f9eed2d81" = { mapper = "root"; ssd = true; };
+            "/dev/disk/by-uuid/4c73288c-bcd8-4a7e-b683-693f9eed2d81" = { mapper = "root1"; ssd = true; };
            "/dev/disk/by-uuid/4be45329-a054-4c20-8965-8c5b7ee6b35d" =
-              { mapper = "swap"; ssd = true; before = [ "root" ]; };
+              { mapper = "swap"; ssd = true; before = [ "root1" ]; };
          };
          swap = [ "/dev/mapper/swap" ];
          resume = "/dev/mapper/swap";
          rollingRootfs = {};
        };
-        grub =
-        {
-          # TODO: install windows
-          # windowsEntries = { "7317-1DB6" = "Windows"; "7321-FA9C" = "Windows for malware"; };
-          installDevice = "efi";
-        };
+        grub.windowsEntries."7AF0-D2F2" = "Windows";
        nix =
        {
          marches =
@@ -55,18 +46,32 @@ inputs:
        };
        nixpkgs =
          { march = "znver4"; cuda = { enable = true; capabilities = [ "8.9" ]; forwardCompat = false; }; };
-        kernel.patches = [ "cjktty" "hibernate-progress" ];
+        kernel =
+        {
+          variant = "xanmod-latest";
+          patches = [ "hibernate-progress" "amdgpu" ];
+          modules.modprobeConfig =
+            [ "options iwlwifi power_save=0" "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
+        };
        networking.hostname = "pc";
        sysctl.laptop-mode = 5;
        gui.enable = true;
      };
-      hardware = { cpus = [ "amd" ]; gpu = { type = "nvidia"; dynamicBoost = true; }; legion = {}; };
-      packages.packageSet = "workstation";
+      hardware =
+      {
+        cpus = [ "amd" ];
+        gpu =
+        {
+          type = "amd+nvidia";
+          nvidia = { prime.busId = { amd = "5:0:0"; nvidia = "1:0:0"; }; dynamicBoost = true; driver = "latest"; };
+        };
+        legion = {};
+      };
      virtualization =
      {
        waydroid.enable = true;
        docker.enable = true;
-        kvmHost = { enable = true; gui = true; autoSuspend = [ "win10" "hardconnect" ]; };
+        kvmHost = { enable = true; gui = true; };
        nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
      };
      services =
@@ -88,6 +93,7 @@ inputs:
        sshd = {};
        xray.client =
        {
+          enable = true;
          dnsmasq.hosts = builtins.listToAttrs
          (
            (builtins.map
@@ -121,31 +127,66 @@ inputs:
          publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
          wireguardIp = "192.168.83.3";
        };
-        gamemode = { enable = true; drmDevice = 0; };
-        slurm = { enable = true; cpu = { cores = 16; threads = 2; }; memoryMB = 90112; gpus."4060" = 1; };
-        xrdp = { enable = true; hostname = [ "pc.chn.moe" ]; };
+        gamemode = { enable = true; drmDevice = 1; };
+        slurm =
+        {
+          enable = true;
+          cpu = { cores = 16; threads = 2; mpiThreads = 2; openmpThreads = 4; };
+          memoryMB = 90112;
+          gpus."4060" = 1;
+        };
+        ollama = {};
      };
-      bugs = [ "xmunet" "backlight" "amdpstate" "suspend-hibernate-no-platform" ];
+      bugs = [ "xmunet" "backlight" "amdpstate" ];
    };
-    system.nixos.tags = [ "next" ];
+    boot =
+    {
+      kernelParams = [ "acpi_osi=!" ''acpi_osi="Windows 2015"'' ];
+      loader.grub =
+      {
+        extraFiles =
+        {
+          "DisplayEngine.efi" = ./bios/DisplayEngine.efi;
+          "SetupBrowser.efi" = ./bios/SetupBrowser.efi;
+          "UiApp.efi" = ./bios/UiApp.efi;
+          "EFI/Boot/Bootx64.efi" = ./bios/Bootx64.efi;
+        };
+        extraEntries = 
+        ''
+          menuentry 'Advanced UEFI Firmware Settings' {
+            insmod fat
+            insmod chain
+            chainloader @bootRoot@/EFI/Boot/Bootx64.efi
+          }
+        '';
+      };
+    };
+    # 禁止鼠标等在睡眠时唤醒
+    services.udev.extraRules = ''ACTION=="add", ATTR{power/wakeup}="disabled"'';
    networking.extraHosts = "74.211.99.69 mirism.one beta.mirism.one ng01.mirism.one";
    services.colord.enable = true;
+    environment.persistence."/nix/archive" =
+    {
+      hideMounts = true;
+      users.chn.directories = builtins.map
+        (dir: { directory = "repo/${dir}"; user = "chn"; group = "chn"; mode = "0755"; })
+        [ "BPD-paper" "kurumi-asmr" "BPD-paper-old" "SiC-20240705" ];
+    };
    specialisation =
    {
-      hybrid.configuration =
+      nvidia.configuration =
      {
        nixos =
        {
-          hardware.gpu = 
-            { type = inputs.lib.mkForce "amd+nvidia"; prime.busId = { amd = "6:0:0"; nvidia = "1:0:0"; }; };
-          services.gamemode.drmDevice = inputs.lib.mkForce 1;
+          hardware.gpu.type = inputs.lib.mkForce "nvidia";
+          services.gamemode.drmDevice = inputs.lib.mkForce 0;
        };
-        system.nixos.tags = [ "hybrid" ];
+        system.nixos.tags = [ "nvidia" ];
      };
-      xanmod.configuration =
+      zen.configuration =
      {
-        nixos.system.kernel.variant = "xanmod-latest";
-        system.nixos.tags = [ "xanmod" ];
+        nixos.system.kernel = { variant = inputs.lib.mkForce "zen"; patches = inputs.lib.mkForce []; };
+        system.nixos.tags = [ "zen" ];
      };
    };
  };
--- a/devices/pcarm/default.nix
+++ b/devices/pcarm/default.nix
@@ -10,16 +10,17 @@ inputs:
        {
          mount =
          {
-            vfat."/dev/disk/by-uuid/CE84-E0D8" = "/boot/efi";
+            # TODO: reparition
+            vfat."/dev/disk/by-uuid/CE84-E0D8" = "/boot";
            btrfs."/dev/disk/by-uuid/61f51d93-d3e5-4028-a903-332fafbfd365" =
-              { "/nix/rootfs/current" = "/"; "/nix" = "/nix"; "/nix/boot" = "/boot"; };
+              { "/nix/rootfs/current" = "/"; "/nix" = "/nix"; };
          };
          rollingRootfs = {};
        };
-        grub.installDevice = "efi";
        networking = { hostname = "pcarm"; networkd = {}; };
        nixpkgs.arch = "aarch64";
        kernel.variant = "nixos";
+        sops.enable = false;
      };
      services.sshd = {};
    };
--- a/devices/pcvm/default.nix
+++ b/devices/pcvm/default.nix
@@ -0,0 +1,28 @@
+inputs:
+{
+  config =
+  {
+    nixos =
+    {
+      system =
+      {
+        fileSystems =
+        {
+          mount =
+          {
+            # TODO: reparition
+            vfat."/dev/disk/by-uuid/AE90-1DD1" = "/boot";
+            btrfs."/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
+          };
+          decrypt.auto."/dev/disk/by-uuid/a9e4a508-3f0b-492e-b932-e2019be28615" = { mapper = "root"; ssd = true; };
+          rollingRootfs = {};
+        };
+        kernel.variant = "xanmod-latest";
+        networking.hostname = "pcvm";
+        initrd.sshd.enable = true;
+      };
+      hardware.cpus = [ "amd" ];
+      services.sshd = {};
+    };
+  };
+}
--- a/devices/pcvm/secrets.yaml
+++ b/devices/pcvm/secrets.yaml
@@ -0,0 +1,39 @@
+hello: ENC[AES256_GCM,data:7xCy5PqPVdUNIdzqaGQLsPA88mAfRt6T57LjFDwOaTlhdejLPrBdyN4=,iv:dM0QWDpylPjnbtdNrjV8LHISNi/U718+xooFm0qTcbI=,tag:d5HbLG7yF3QRz7nP+4aeiA==,type:str]
+example_key: ENC[AES256_GCM,data:K5SD4k9jL5r4ZSUwNQ==,iv:mJrZshT0PKmT7OJE/ZBUWzq1Gc6xXymFbypxwQtQJq8=,tag:I4+AyMh+AVpmWa1fdIJpyA==,type:str]
+#ENC[AES256_GCM,data:vHj6+kNand8d1AzgXTaOMQ==,iv:j6b3SDqzVgY8U/puEm9UcpJYGK84gF/YIXzRbG0radQ=,tag:yzfXKHReJ0++3fhk2ztbBA==,type:comment]
+example_array:
+    - ENC[AES256_GCM,data:vRjjfVSy8g5mBZVM/oU=,iv:C+HE4Q157eNhEmcDJSMJINfMgztf6XfELCjotg8q3XU=,tag:JSQDItdYbCCs65tmbeR6tg==,type:str]
+    - ENC[AES256_GCM,data:xzfN6WiT8r8YcWtS+H4=,iv:btlOvqrn0pITT3rCTIjgS2b5TrfNKym0yPEnE7bJDqg=,tag:Wf40b8zBhrv452OKodkU+w==,type:str]
+example_number: ENC[AES256_GCM,data:akqZ12u1wl4Zww==,iv:hS3NBWI7o6dZLtsIsoVHYdtyqpUmbQrpMHPhRRzEd18=,tag:1voFm4LuupWJMGP3xd0k4A==,type:float]
+example_booleans:
+    - ENC[AES256_GCM,data:wWEU8w==,iv:rf8uwo+sP9YFyPmoxROVVmrx+q6Yr0PIOWznM96w9XY=,tag:nVJdD1Z7U8zVRBxs8gLvQQ==,type:bool]
+    - ENC[AES256_GCM,data:gVe51tg=,iv:eOJ2TOWStHpckNyYx2UdLcipshFpjcWtEids5c+Q8bs=,tag:0iSjlC/TgNfl7ZtXmttgaQ==,type:bool]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyTGliaUlvOVlxejZhSDZi
+            YU96S0VPOE5Ldk56WlJjTzBSRm9oYnBoQ0NBCnhJWmg3KzUrT1VyemRiSWtQeklS
+            UFFFTjdod0g1d1EvYWJoOElJSjIrWTgKLS0tIDlaQnJOMTZRUms4am1mQjV5MzFJ
+            QlhKL1ltY2lGZGU0clhIRTRsSW5BOTgK4gKbhvF1bV/YdKOxzqrecHPDAKPOd81V
+            YnWgLpP6h+zycx80iqwsfqiQJdPyDrfhB43ksn2oxsX0qXtLI9j9TQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1jmu4jym0e0xkq5shx2g7ef4xzre94vaxy2n4fcn0kp94dtlupdxqkzyyp7
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzRU1IRXZkbFQ4elgydTlv
+            VlRVKzJIWDVCZk5xaTd0Y2JXS2l0Mi85Zm1jCnNkS0NETm5SaG9WUE9Mb3RtbE5B
+            YTRmWHNXTk9hZHNBT0FxT1RNNnFMNEkKLS0tIGRWNWpLcDVtOEdGZHFPT3paeVo2
+            QWsreTlaVW5Bd2lZb3JZeTdjcG9WQlEKy3p4QnjPrJtfaueLKBzMz7VZ9QfrTer1
+            lEP8mInFprR65LtpoKabsTWQwkzURzB/OdbKSYG2o6Rlqy9L3d5eBw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-07-02T23:46:35Z"
+    mac: ENC[AES256_GCM,data:OncqYSgPSoge5Nw6eh0A4cm0KXSQhmSpGIu5WSv38LdMto5fNLIK2VRIwaXfq9nyf10bxNN7xSADj2GPhMiwlHM8nIQXtxdlWsZfEOc/qOWM8nz+9DPKtKGD6RZcDLDRhNTDxzPXGWIuY1tDKQpUlt/iDlymSskcqSrdTfBqCGk=,iv:NesxRr6FXXApE8aafnAV3x6hwCoAxoEly/QkcyAQ8Pw=,tag:3o37dr4vKLqEENIdj8RHXw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/devices/pi3b/default.nix
+++ b/devices/pi3b/default.nix
@@ -10,14 +10,14 @@ inputs:
        {
          mount =
          {
-            vfat."/dev/disk/by-uuid/ABC6-6B3E" = "/boot/efi";
+            # TODO: reparition
+            vfat."/dev/disk/by-uuid/ABC6-6B3E" = "/boot";
            btrfs."/dev/disk/by-uuid/c459c6c0-23a6-4ef2-945a-0bfafa9a45b6" =
-              { "/nix/rootfs/current" = "/"; "/nix" = "/nix"; "/nix/boot" = "/boot"; };
+              { "/nix/rootfs/current" = "/"; "/nix" = "/nix"; };
          };
          swap = [ "/nix/swap/swap" ];
          rollingRootfs = {};
        };
-        grub.installDevice = "efi";
        networking = { hostname = "pi3b"; networkd = {}; };
        nixpkgs.arch = "aarch64";
        kernel.variant = "nixos";
@@ -26,7 +26,7 @@ inputs:
      {
        # snapper.enable = true;
        sshd = {};
-        xray.client = {};
+        xray.client.enable = true;
        fail2ban = {};
        wireguard =
        {
--- a/devices/surface/default.nix
+++ b/devices/surface/default.nix
@@ -11,38 +11,41 @@ inputs:
        {
          mount =
          {
-            vfat."/dev/disk/by-uuid/7179-9C69" = "/boot/efi";
-            btrfs =
-            {
-              "/dev/disk/by-uuid/c6d35075-85fe-4129-aaa8-f436ab85ce43"."/boot" = "/boot";
-              "/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
-            };
+            vfat."/dev/disk/by-uuid/4596-D670" = "/boot";
+            btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
          };
          decrypt.auto =
          {
-            "/dev/disk/by-uuid/4f7420f9-ea19-4713-b084-2ac8f0a963ac" = { mapper = "root"; ssd = true; };
-            "/dev/disk/by-uuid/88bd9d44-928b-40a2-8f3d-6dcd257c4601" =
-              { mapper = "swap"; ssd = true; before = [ "root" ]; };
+            "/dev/disk/by-uuid/eda0042b-ffd5-47d1-b828-4cf99d744c9f" = { mapper = "root1"; ssd = true; };
+            "/dev/disk/by-uuid/41d83848-f3dd-4b2f-946f-de1d2ae1cbd4" = { mapper = "swap"; ssd = true; };
          };
          swap = [ "/dev/mapper/swap" ];
          resume = "/dev/mapper/swap";
          rollingRootfs = {};
        };
        nixpkgs.march = "skylake";
-        grub.installDevice = "efi";
        nix = { substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ]; githubToken.enable = true; };
-        kernel = { variant = "xanmod-lts"; patches = [ "cjktty" "lantian" "surface" "hibernate-progress" ]; };
+        kernel = { variant = "xanmod-lts"; patches = [ "surface" "hibernate-progress" ]; };
        networking.hostname = "surface";
-        gui.enable = true;
+        gui = { enable = true; touchscreen = true; };
+        initrd.unl0kr = {};
      };
      hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
-      packages.packageSet = "desktop-extra";
      virtualization = { docker.enable = true; waydroid.enable = true; };
      services =
      {
        snapper.enable = true;
        sshd = {};
-        xray.client = {};
+        xray.client =
+        {
+          enable = true;
+          dnsmasq.hosts = builtins.listToAttrs (builtins.map
+            (name: { inherit name; value = "0.0.0.0"; })
+            [
+              "log-upload.mihoyo.com" "uspider.yuanshen.com" "ys-log-upload.mihoyo.com"
+              "dispatchcnglobal.yuanshen.com"
+            ]);
+        };
        firewall.trustedInterfaces = [ "virbr0" ];
        wireguard =
        {
@@ -54,14 +57,13 @@ inputs:
        beesd.instances.root = { device = "/"; hashTableSizeMB = 512; };
      };
      bugs = [ "xmunet" "suspend-hibernate-no-platform" ];
+      packages.vasp = null;
    };
-    boot.kernelParams = [ "intel_iommu=off" ];
-    environment.systemPackages = with inputs.pkgs; [ maliit-keyboard maliit-framework ];
    powerManagement.resumeCommands = ''${inputs.pkgs.systemd}/bin/systemctl restart iptsd'';
    services.iptsd.config =
    {
      Touch = { DisableOnPalm = true; DisableOnStylus = true; Overshoot = 0.5; };
-      Contacts = { Neutral = "Average"; NeutralValue = 100; };
+      Contacts = { Neutral = "Average"; NeutralValue = 10; };
    };
  };
 }
--- a/devices/vps4/default.nix
+++ b/devices/vps4/default.nix
@@ -12,18 +12,25 @@ inputs:
          {
            btrfs =
            {
-              "/dev/disk/by-uuid/24577c0e-d56b-45ba-8b36-95a848228600"."/boot" = "/boot";
+              "/dev/disk/by-uuid/403fe853-8648-4c16-b2b5-3dfa88aee351"."/boot" = "/boot";
              "/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
            };
          };
+          decrypt.manual =
+          {
+            enable = true;
+            devices."/dev/disk/by-uuid/bf7646f9-496c-484e-ada0-30335da57068" = { mapper = "root"; ssd = true; };
+            delayedMount = [ "/" ];
+          };
          swap = [ "/nix/swap/swap" ];
          rollingRootfs = {};
        };
-        grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
+        grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
        nixpkgs.march = "znver2";
        nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
        initrd.sshd.enable = true;
        networking = { hostname = "vps4"; networkd = {}; };
+        kernel.variant = "xanmod-latest";
      };
      services =
      {
--- a/devices/vps4/secrets.yaml
+++ b/devices/vps4/secrets.yaml
@@ -1,58 +1,13 @@
-acme:
-    cloudflare.ini: ENC[AES256_GCM,data:X1v1QuOZemIuxldd1bzIvbUsq+8HMGLh91zUB+fnrxaW40z0OQh9L1rF/0Nj3gmUmgT4KEV7nkHFYYpZBp4/Kyc=,iv:fQmbhx9wV3l+DVPaBrAyJbTCsS3q3s5F9Go1F7pZ2pQ=,tag:P4vuruX460YSOUsx6zGHXQ==,type:str]
-frp:
-    token: ENC[AES256_GCM,data:T8b1ku4HNCNSJ+33QgIt1GILFA4wTu3Qd0rDqHPVgdqsGo0R90k0u8z+dElSO7q9PapTqUbZ,iv:hwnMu6JxfYLgw4TyhujX5dI2IAytgZh+Bexhgta6ATQ=,tag:lqgwvXlS/jGPxasmk5Vh3w==,type:str]
-xray-server:
-    clients:
-        #ENC[AES256_GCM,data:DXEC,iv:SZ1AhmK6fWQ/HGDk97kDUcRN84zQMp99eiz4SpRhig8=,tag:Fkdf28ZvB8XKCxSYdjuuHw==,type:comment]
-        user0: ENC[AES256_GCM,data:rJ00sfe/oJSry6Ixn4Bn+p41syqsOrdWv6fRGVCwPvn/unMY,iv:htTvFMvhIRkORA/gIU8J7CgA+tOncYQWh7sUh+F6XDs=,tag:VrSJBD7ti9WtSLHoWjMClw==,type:str]
-        #ENC[AES256_GCM,data:OVgDU+zqcQ==,iv:8KuEqBuL5Ca6pUOFFA+vySJx/h3BhGAAC0CgnxiW46o=,tag:TY1MajSSy2RjKVI2SSAAFw==,type:comment]
-        user1: ENC[AES256_GCM,data:S3IHO9FcVHTJOsRxjSohM9MgnrEwLdDpFU+efLkQaXT2jNJG,iv:KOesvPzjDfm1EDLFiegbk0wgjp7di5mUwUuuY2hwvOQ=,tag:ZsYyUyyEhO5S3weCw/gPMw==,type:str]
-        #ENC[AES256_GCM,data:OQOPobpbbhajgA==,iv:4jG3bHKzWcR+JnvSlJsc0Qlv5kywqVN5UE96J31CP7Q=,tag:P+jJkRxPu99tLXyO5k6dRA==,type:comment]
-        user2: ENC[AES256_GCM,data:e7ITe2ZouKr8dXT7SYATyzbzHaVeu6AKt1OcQKk3U0nsQgoa,iv:UbOOuojy6OAFEH8lGhKe5Hs+2K6FX5MZ8Br9AB007gs=,tag:5XeB4YngzTcHZvCpXe/ZXA==,type:str]
-        #ENC[AES256_GCM,data:93BxR0AEdQ==,iv:rf69GWpuxYt7fu1Fyv55pynuQDhi+TA5CwZK3cc3yBo=,tag:/hLy6atNMxLw6G3/qgMM4g==,type:comment]
-        user3: ENC[AES256_GCM,data:r+6jXaIj4HJoYLnJcnjJB+WEZlGaoSy/ktc1Aw77hFtNrrGp,iv:P+YUKns1yaOZokH5WkDB0jssGyHg3ncc54tF1PyA7Oc=,tag:/pxMEr7l4ye5EDAOsllxJA==,type:str]
-        #ENC[AES256_GCM,data:4gqZh391hg==,iv:No22DrD6EBs2FA4/qH8msWEjs20fc+ZpEeZep+HIv+c=,tag:aHrYNbI83POI4PRj1nd+Yw==,type:comment]
-        user4: ENC[AES256_GCM,data:ujiml/r4aFiKOkSJkaD/KE8rKuBtLSnpZREBH3vRJUzDT0QM,iv:a3VFlXpMLNFihvFa7gloANtHmBLg4szTL5LTm8E2kNs=,tag:W9KZ1GAVx9IBKfda7Zedng==,type:str]
-        #ENC[AES256_GCM,data:PTYBkBHs16U=,iv:qr3u7OveM1CmTBIf9gZK4fTRuLCpcZCwf8jmnd1L3Co=,tag:w3O41NG7yCwCVqPGh/6SXA==,type:comment]
-        user5: ENC[AES256_GCM,data:iDuLRb4dhLUOjpamioMwoTYrn7Cy+Ln4SaedVXkwVD05rjJ0,iv:AqzBBvLpJuIJCUJq0IyDcHrlqb0e84nQC0c94Rj85uw=,tag:0xou1i/iwAxGngO74OIMXg==,type:str]
-        #ENC[AES256_GCM,data:D5xiJW0Oyg==,iv:9a/6myiT9Crf/fff6ZkXj/obW2k95cABUNqQdPmcwcc=,tag:chs8BA8YtVkM9m3Ey9ETlA==,type:comment]
-        user6: ENC[AES256_GCM,data:YzLlf37SxKmU1/QA7gUIJsGid3KZNoAGOew8xR7cmw5l8ZmX,iv:SfKubo2jfjtxKn9odDiokMEZyPFfYZ/wwyYtBrgvgmM=,tag:+hxwIU5uBhzQyrKX4r3oiw==,type:str]
-        #ENC[AES256_GCM,data:8FxApg==,iv:vPa5p3QVHAvw+ECusWGqx1ugTcHh42CVFDQcMhG59wM=,tag:lHiZtydcYFBQiXnWh8pCrw==,type:comment]
-        user7: ENC[AES256_GCM,data:H/jje9ONEY6XuBXTZmTVGIcWUgGSMf5OB1NNRPtqGCgRP1ei,iv:xew+0BkRqz3nfOoBXTPbBv5hRczy/3tgYSKq432q4iw=,tag:da2ljcffiCVJCsMZaNPZyQ==,type:str]
-        #ENC[AES256_GCM,data:QdaYYH3RGJ4qIg==,iv:79NBTEKCPtgVVv3G7wg+vdoLOWxc+bdqT1lF4HJpTC8=,tag:8mRFGjy7lBrdyGyX9vaSOQ==,type:comment]
-        user8: ENC[AES256_GCM,data:H1gPtqF8vryD0rVH7HYzpMuZ3lufOBYczKwaTr4PidQtTyQK,iv:wh7NwFc/1ogNrnTTpm5L9dBqDVkvWiIsJZelR2mtR4Q=,tag:oEFdMFZJ9UYhsSVdefJ4rg==,type:str]
-        #ENC[AES256_GCM,data:aYWIiLxs1UvupQ==,iv:AisokHuAzD5B6fEF6ak8WfAe151CM3a8MsaWC4uJPnw=,tag:cdk5S4n9ulyWrqsD+jcqYg==,type:comment]
-        user9: ENC[AES256_GCM,data:HVK9KvGfOcwn1joc3VrkjBjE6hrxQPOBD5RTtQUgBPepToh6,iv:VK9aQ64L/GajpledBxC8PNB1BdNYEqwcdL3GKttgxvs=,tag:O/piztCYBARtAFxTMNXGaA==,type:str]
-        #ENC[AES256_GCM,data:b839t/OihMOmz0gIcTo43r2MIw==,iv:8kaAFG7DhFOoitcvbFaAvE1NUSLFrFhy1KiMrqs4r/c=,tag:G4vSADa52ZfN5y5ytoFJoQ==,type:comment]
-        user10: ENC[AES256_GCM,data:xjVkr/wy7OxRuNZKfQagfNxdVxTEyQP1ZhnR6jHy2gjBQ0RD,iv:G6iOBCHOqlvfEENY/ega/TUm81wgT2OOdZKZ6bPfg9o=,tag:p8AMa3bGsIl0hWQ09lSzgA==,type:str]
-        #ENC[AES256_GCM,data:+s3MMeNU5Q==,iv:CUrg+nNxCpJFbHQmMNXmSE+JcZK6Dfu8cGwtznx3CFY=,tag:G5CYMtao+hz3hs0fPVPmcw==,type:comment]
-        user11: ENC[AES256_GCM,data:BIZ2zRgGv5/9AexiZZvu+m4A62YUWtAkjWWMu89GteqpWMBq,iv:13IJcDf18LjoxJk7uoKnuFZT6Ihxrxsy7DBaAaiFqus=,tag:RN7wj+uPneCkqNlMRyYrXw==,type:str]
-        #ENC[AES256_GCM,data:spyQkQIHwg==,iv:7+0DUK95MPH7lpr+GMbbLu4/5yA11/4gTuLhQKlStfE=,tag:G/gIXML8UhYoCi9FfoTvSA==,type:comment]
-        user12: ENC[AES256_GCM,data:FAF9lXOzXW9CrZgnQ1a2+E8snZj2+JHqP5Gny92k09o/Wzga,iv:/qZuAtFmUQE7A9lMzJUoCvGx+3Sv9Ioh2ahch3puaC4=,tag:urwbLwGkSX3e85NCjyPhhg==,type:str]
-        #ENC[AES256_GCM,data:HueqiREBet2bxQ==,iv:WCjTAGg2gXgBSvY3zc/YyB/1X0XjvphPduVXLsjOwH8=,tag:wC+On6lyyYQ1Dt/BHDvONw==,type:comment]
-        user13: ENC[AES256_GCM,data:ExbnvWDIBqga5+k2mpoT8AKBOXAvUNMjBTPXUKrmtWzz4l+L,iv:UI7CvSx2FHYGf6BEHS4e3iwHZZWkl2Zt5xg2WdKbLvY=,tag:ad0c7YW2Bxo+Dn+BoSZ0Ng==,type:str]
-        #ENC[AES256_GCM,data:R8lN5T0=,iv:FXLf8Vtjg+PkwNhxXWDViMKqwn7tFMaPhio9zhnudZw=,tag:34gxRH+P9lmkUxlOPKcYMg==,type:comment]
-        user14: ENC[AES256_GCM,data:dgNPPlJD5JOFPbKhlvlRHBLmUNKeDm/JAiawUVpBE7H07Box,iv:w+t9BkqYvlxVKr+x0MwtBz0/YSR/7z1OnZLIoPdW4gc=,tag:CR3GLbaO0jSQgA2HuwzRqg==,type:str]
-    telegram:
-        token: ENC[AES256_GCM,data:xsJoGgQ8pLeZqA2alGKkCyrvnjY6rVF5TlXn4GWDrStFBl65XXzwVY/9ZZthYQ==,iv:qTLfpRUyuIGFM668URfknhSRtx3WEHp/WTGzGUPuFd4=,tag:p8mF0tM+t02g7v2EQZN3Vg==,type:str]
-        chat: ENC[AES256_GCM,data:X1JxFQw0bPCu,iv:hf+TOSH2p9RdnXDFKxTpSRzxDLdJyzNHVV8MfOQuGWY=,tag:iiWw9IFiBGOOyOSl9Jj2wQ==,type:str]
-    private-key: ENC[AES256_GCM,data:ts/LRGFAsYqvGvkvlxUI42IW1a8cGsSkpZhMDd3QVceRKvhPb1SRDaXoSw==,iv:6xX9xFIFUNlLBZ6CPBOz9JbHpvC4+QG9ZaCZcWdl12c=,tag:DYIa+QTV8vyl1l7OKKykTw==,type:str]
-nginx:
-    #ENC[AES256_GCM,data:85LrqdTMIhSa,iv:mIQPYz8VPd5AxeMCQEdTGMD0Iqa5QEAa5+8JVFaj3JM=,tag:TcZd7S3WRPpEV9lHI1fzbw==,type:comment]
-    #ENC[AES256_GCM,data:rVTLpe3uIQ5LArPnEY8N8kjtHq8kZddbqR+nyUaia72Y7PWEfHzy6wgx3Q==,iv:AZEufH3zfVL0XbUh3CQZGYcx6zIMFV4tF+jHf73IplU=,tag:B/UbtQh5dGrctNih2uoO8w==,type:comment]
-    #ENC[AES256_GCM,data:InzwjKl3R4SJSXTz5u1Pt0kf2HYEtKfSkJO0cbPhhXADNp2/Tn0nwQJFy9EzpMvK9mw8+l5LadbY0tIwmTVvV5yxUQo78HcgXWInfp/zJ+GG1L/RQOHck74lEA==,iv:UBMRYPd0loOQBs3mNyndiKPu72aRA8HbOKWDfUWPQg8=,tag:t/ONqdwpWcbo/2vy5TOjlA==,type:comment]
-    #ENC[AES256_GCM,data:HTinhnsAbVujUOuLIVT/CkvdtTN9Nk7wZKZ5SyrPC+vZ/cB9E10FffMYLQ==,iv:Clby9A7MIUSknNFkzKuWEDL0yUW/ctd6KShCIEYrDZA=,tag:CJKORoXrspDjRmaSHUnlqw==,type:comment]
-    #ENC[AES256_GCM,data:cwAb68VgebTwCCeAFUbOG0CUAuggfRnLNv9NWldJN+E9NY4WKxs12Nz7yX/vtelcqqJ2TOUL78uAR88Nzavv7VtCTZRivWjRG6GvAUyRdv8lAZo=,iv:PScTSTCuVnsoZlvyTVL+ZgqqEm4m2/fUqWzPwE+PvuY=,tag:1jeRsHqgMheXbcnhRicsnw==,type:comment]
-    #ENC[AES256_GCM,data:V5XRrTvyeezkcJqw1/BhhZz5K/egpl+PtNwjAGELjWRp7IqDfRsInxBKEg==,iv:LdOTkL22HvaNbiUi6hG8o0ownfZ22OKFGxCuGPqG8xU=,tag:/06I/mLzBlgS489iuwFTuw==,type:comment]
-    #ENC[AES256_GCM,data:i9PXzaO1od7HimP/6vxYfh30SxFbdXRDcnXujH3VrvngFcWaVcXgigncp3cboi6RoERSZ6yakxviVyEBIS4v0qRfombj2UtJg8N3Kg==,iv:aohIMhAYfZhlGDrcEvi+Qc16nF8ZgrPUGhWj/7nl8Fs=,tag:o70qsk/2cAbZgbVBwfl3Ew==,type:comment]
-    maxmind-license: ENC[AES256_GCM,data:sESU6uK9EYLido9/0sXO2Zw1SjuKmxPh4r3giJcaG7068gn1kByjsA==,iv:htnFgnLrH35zSvmlRAdoRDLFIpKroKO5dW9TNK9soUc=,tag:6pJuc54SrKP5n0kJJ7fGyA==,type:str]
-send:
-    redis-password: ENC[AES256_GCM,data:6zVKw9AmKwSWvHUZhzy0F2KcJW96uFoZY/N1Zq8ilUJOLZeX,iv:viwLIgJz9v8oadr8784OgETbEsxzGsJvVoxmOwWEFxo=,tag:XEYFnoCGwlnrkqaUbgeH+Q==,type:str]
-coturn:
-    auth-secret: ENC[AES256_GCM,data:50KqO4GQ1ERbCnK4IjYu6aywT+IPMtVlTzh/TE4MwWApU4pO9yqz25ENGUAKRLi4p+Ecug+Rn3InRl1b+q6bAQ==,iv:SgHkHvHg/+yA1Z5E9effgCnZMVXv5amGNUsVKErai54=,tag:PoYLV9Xr0IXXsA39n7wiTQ==,type:str]
-wireguard:
-    privateKey: ENC[AES256_GCM,data:4DKPPqQkjb33rQzFIz863A2arDRQA9AivWFBaWTf0xXDX4hWvJFiIlJQfvE=,iv:0R2TH3CMxHgwVjojzjE2Gnp8SXonmBDLWF7hB33NiX0=,tag:vgtV8JkuCdspleN/SvgIqQ==,type:str]
+hello: ENC[AES256_GCM,data:mX0hKnLdaujfHSyIikkannf8DDo+r7R0,iv:my9nYiaburkWHQLsNetqD3dYVwsEkJhC7hoh0XagoOk=,tag:D7uhoFGMrTWT3K4LNMFcUA==,type:str]
+example_key: ENC[AES256_GCM,data:ezHOG8aSXYlosn7ymQ==,iv:NLm785UMihcL1K/M4u7k+P2XftyLlIxtQGPmMLc+rs8=,tag:h9xk+do8pYzxYzUaKKb1PQ==,type:str]
+#ENC[AES256_GCM,data:pgOf9IVK9ijocRr0uEO0ZA==,iv:aQ2dvfAVhkFWtcDM4VeJQa+NN6kw9IlvidL/usoP/lE=,tag:49iS4s1EfQK5VhlF9nqWRQ==,type:comment]
+example_array:
+    - ENC[AES256_GCM,data:W8QJiOY6ofqE+XRodK0=,iv:KQ/mYY4N/YA9LhZvJtPJPqRVQq4ob/xa8JSQY06Vm4M=,tag:7NQgidSCjER//ru3AXgLzQ==,type:str]
+    - ENC[AES256_GCM,data:nNML0iYEFdW4S5rJVHM=,iv:LQ1/E/7FExXB16Ur4b59XAUlWSFPub6LQBaFCY+a2lE=,tag:LqPymQ7k5ZsS8d9Z09xJuA==,type:str]
+example_number: ENC[AES256_GCM,data:UiALks+CeKFusw==,iv:8gQ0aB+9YHXKVDX7moqdQmNJLGDNGfo+glezE39xXgQ=,tag:sJG+DJNzCtx+l4bBgQTtCQ==,type:float]
+example_booleans:
+    - ENC[AES256_GCM,data:n3cV5g==,iv:z2p5oh8BhEMvwwIDaO8aM8VfxmsR6Z7473pd348tsmU=,tag:oSYsNuk6vY21Nepy8Hkb7g==,type:bool]
+    - ENC[AES256_GCM,data:ns3chHI=,iv:db8M/qF03VKaT/8Q4NqfCdI1zAU9H8JWZFqnzwI7QvI=,tag:FdgUanhezouVdv+9a9/gxQ==,type:bool]
 sops:
    kms: []
    gcp_kms: []
@@ -62,23 +17,23 @@ sops:
        - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1QXc4NzREZHlhMDV2WXlM
-            a2I4d1pjWm9Xd2gzUDUwZ1ZSTkFGR1ZQNDJzCmJwcWFxRWNNVGxTNno2b1NxNktO
-            aHhINXBjdmE3alFGYk9kUHZ1UzdJUk0KLS0tIFdKMDlvb1Z2Qi8xRjl0MXpKMDMz
-            cVVNdDRDNmtHZlJEcVRXR1FLVkZrMWcKn2iTHH7/52fJNXcbDFbzOxNAaiQRA0nO
-            we74EeNzcaaQwuEmBQPKxd/g7/kjhnHzTkoX3OneXMd/gBZMn2knXw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaE9nWEZFaE51alYyTUgr
+            RVBKZ1MvNitBdGpMWURIUkhCTlF6Y1hueVFjCnp2Q0JVL0t2UEZrSmxMbFVwZ0k5
+            QVZDdXNjWmg0S3BIaXF0NDBHOThiMDAKLS0tIDBpenAyTE51MWVkaHFvTFhzNmVV
+            WnlKUFZWNWtaYUpPZkplSm04Q3RFb00Kghj7jLLcLpc8njNyxPj6JWZbBRn2Ou9j
+            FJLfCGLePuJPmdBBN4AGHmtrkfw/SMZJ50DXhKSJSxM91zuJSqFV1g==
            -----END AGE ENCRYPTED FILE-----
-        - recipient: age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
+        - recipient: age1nnd6u8l20julg4jz4l6kw5gmj6h2tsngpm7n8dx59umgw2s66y4shq6jv4
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBycEw1bXA4QUZkUzJ0Z3pM
-            Z0xHam5SLzRGV21XYUtxTFh1VnhQUk1NbzAwCkU1Z3VTR1FtZ05GOWNDOENlZTgz
-            SitzYXo2Q2VEaGtLTGE2UGRoUDkxN28KLS0tIHhRS2Y1cnQreC9Fc2FLdGR1ZXdJ
-            ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
-            ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzYkJ1NllUR1pMaUdmZ3Z6
+            OEVLWC9nZHNxNWJSZ3VZUVZ3eWlLNWN5V24wClZ3dTh3SVNRS0Z4TFJrNDJBVnJj
+            aDhYNTdSV2JmUVNXR1ZkN1BOdzZzRHcKLS0tIFNhUGIxRVM5MFdvUWZWOG5kYlFM
+            RjZtLzY5b00vMExFSU1xZEl0NFJQQlEK4yUe3V0u6A3niES0Nq28rRYZ1fTEL0Fh
+            RBGZNCute1SShrLZPgNr/lFAc6d8DH6N0IuDKcjguuWtyHY/LFYuYw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-03-28T10:31:05Z"
-    mac: ENC[AES256_GCM,data:6Z+ltjbvQaYhDPoiCN7ajQeWcp6vj3TIcUXUm/r/tZU4mIOvfxA7hxW971b76bYPTeVwgp7ZB9qQy9emDHV9i+aSyJpTPKQHRRz5J+T+NJhTP/IL3R3VmG89ssC6NH8FSk0S487JkPd8tNz+G6bvwFCPRxRLNj1pXX0Dp6tgwIw=,iv:xLw2iX1ODAbJCTJ8fEvG7SdZ1GnGwADIckH8DibVM2Y=,tag:TTzlHdcyIQr/92ZHmViRXQ==,type:str]
+    lastmodified: "2024-06-27T09:40:19Z"
+    mac: ENC[AES256_GCM,data:ZdocsIbkzcWsTia7s98T5hjM5HDyBc1a0pwAb3IEFAom9Q0LjOs02BjsBKQT9Z+eMU+Ugkaz+kgP4hwYbcUuAbiVChU6sLMxUPwQDE8E7sJINZvJzth4Kl5SF4qz9fEuY8ZTP1hHc/HC6fSfWm+zH8n755aBjrzdIUvPV0Qv3xI=,iv:SSjyvgMSgZsoKHspRrNJpkmRTDdFqQlJGLUybyMcXbg=,tag:EBLpGZLNwDZxsWwh7Eva7w==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/devices/vps6/default.nix
+++ b/devices/vps6/default.nix
@@ -30,12 +30,13 @@ inputs:
        nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
        initrd.sshd.enable = true;
        networking = { hostname = "vps6"; networkd = {}; };
+        # do not use cachyos kernel, beesd + cachyos kernel + heavy io = system freeze, not sure why
      };
      services =
      {
        snapper.enable = true;
        sshd = {};
-        xray.server = { serverName = "vps6.xserver.chn.moe"; userNumber = 18; };
+        xray.server = { serverName = "vps6.xserver.chn.moe"; userNumber = 20; };
        frpServer = { enable = true; serverName = "frp.chn.moe"; };
        nginx =
        {
@@ -52,16 +53,16 @@ inputs:
            (site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; })
            [
              "xn--s8w913fdga" "misskey" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix"
-              "send" "kkmeeting" "api" "git" "grafana" "vikunja"
+              "send" "kkmeeting" "api" "git" "grafana" "vikunja" "write"
            ]));
          applications =
          {
            element.instances."element.chn.moe" = {};
            synapse-admin.instances."synapse-admin.chn.moe" = {};
            catalog.enable = true;
-            blog.enable = true;
            main.enable = true;
            nekomia.enable = true;
+            blog.enable = true;
          };
        };
        coturn = {};
@@ -79,6 +80,12 @@ inputs:
        };
        beesd.instances.root = { device = "/"; hashTableSizeMB = 64; };
      };
+      user.users = [ "chn" "zqq" ];
+    };
+    specialisation.generic.configuration =
+    {
+      nixos.system.nixpkgs.march = inputs.lib.mkForce null;
+      system.nixos.tags = [ "generic" ];
    };
  };
 }
--- a/devices/vps6/secrets.yaml
+++ b/devices/vps6/secrets.yaml
@@ -40,6 +40,10 @@ xray-server:
        user16: ENC[AES256_GCM,data:fo6KJXlPDn7+FmxjEJQo9d79rDYemLFx6LanYZcJpKJR7Gxq,iv:yEUKPNZ9idrSqyVO9fhksP/7bjPMT/LzNK2VSq503/c=,tag:M87D44SIo9JzDB3ZyKu7fA==,type:str]
        #ENC[AES256_GCM,data:/Kec+CdtnT11EA==,iv:DnmbWfgriaE6XAnMqq2UXhHhN+Rd/3YRodKVUCJo6p4=,tag:NimqZpbslKxwzoljaZqEdw==,type:comment]
        user17: ENC[AES256_GCM,data:gQInIcNFxJuCSsMDGq4yTp5JdMMmJRy1tY3PGLoLuuIXWV0a,iv:ya4n9Z7T9/bxeHqi5QqwJprEzDMsT6X0BuEXRS67wWk=,tag:RcjQfAHv8uc3PgN5c4bySA==,type:str]
+        #ENC[AES256_GCM,data:h7E4P6BiGjktYg==,iv:DhkK3NNppBqo3sXt9U7kbgfaBPYcSEX2hu6VOAesDiE=,tag:XoVbZklwCmU1EBhv0ujcSw==,type:comment]
+        user18: ENC[AES256_GCM,data:dssxPEv8srXydunolaaDAYYo+BOXhp2PoqidOWH3z6NYBpyB,iv:WCLcMMwQJiHZBwreQpaOZp2saXvjBwgYUqSf7HQhMgA=,tag:5jsAVcgAgO+7JhBINz6tzQ==,type:str]
+        #ENC[AES256_GCM,data:qGsMmWrUIzVdHw==,iv:DXayEA5zquwOzm+TqECYNHM98r0WSzcP3gA8zkzdPy4=,tag:OKTx12RqP9VxJQOnrBLkmw==,type:comment]
+        user19: ENC[AES256_GCM,data:+Mh15DR9xvFAwks86iuHEA9FpObKWTSuVOEzUDpBUS/h0hOz,iv:zYIkic2bibvwCBpomnJ9465mda1rbm3RERBZY9twXuc=,tag:bwdL6DAGgkGYhYFI2C4A+A==,type:str]
    private-key: ENC[AES256_GCM,data:ts/LRGFAsYqvGvkvlxUI42IW1a8cGsSkpZhMDd3QVceRKvhPb1SRDaXoSw==,iv:6xX9xFIFUNlLBZ6CPBOz9JbHpvC4+QG9ZaCZcWdl12c=,tag:DYIa+QTV8vyl1l7OKKykTw==,type:str]
 nginx:
    #ENC[AES256_GCM,data:85LrqdTMIhSa,iv:mIQPYz8VPd5AxeMCQEdTGMD0Iqa5QEAa5+8JVFaj3JM=,tag:TcZd7S3WRPpEV9lHI1fzbw==,type:comment]
@@ -83,8 +87,8 @@ sops:
            ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
            ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-25T09:01:19Z"
-    mac: ENC[AES256_GCM,data:xYK5VTYHwryDcH0fhnezn5aYQ+XAPAJ7PIrL1ygKw3F/rAwRQlWk0/zmqypmpqbPX4mAJKzDfgoTNh8iUtF8ehmfOS+7OPUTuKVRvPI39HfcJbRN3/oOdN40AXSa5cZjgKrAGdhWvwyw0WdDMkRfwJztAR5Jj0dKzZ5THW+5zSs=,iv:Y5UUe1I95ltiVcUPBUcmIpnKHFfAlQmcF8ZlxZht1i4=,tag:3mA/epV254+P7WkkuhDOqg==,type:str]
+    lastmodified: "2024-06-30T10:43:57Z"
+    mac: ENC[AES256_GCM,data:Mg/DZghIkaWM5KEjk5zg3S0L5qPa8/rkc2ooSjA1ewzbDhTKls2tzv7fQqLx2WQtcJiKkoVx22UkiL0AzBwJdCr3473vx93ajTVK9HNu3jqXmuzSiv2iVS21EX9tyBNiL6uWlVAtlVfMMs69PEUF+EJIYY5TkVVPaQjzEebwo5w=,iv:tFON7RVSnNNHo5U4dRuMGDhH5iPGShW9uoda+apiIjI=,tag:3nG/u7vaChFBHoDsLLb23w==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/devices/vps7/default.nix
+++ b/devices/vps7/default.nix
@@ -26,7 +26,7 @@ inputs:
          rollingRootfs = {};
        };
        grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
-        nixpkgs.march = "broadwell";
+        nixpkgs.march = "znver2";
        nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
        initrd.sshd.enable = true;
        networking = { hostname = "vps7"; networkd = {}; };
@@ -45,9 +45,9 @@ inputs:
          matrix = { port = 8009; redisPort = 6380; slidingSyncPort = 9001; };
        };
        vaultwarden.enable = true;
-        beesd.instances.root = { device = "/"; hashTableSizeMB = 1024; };
+        beesd.instances.root = { device = "/"; hashTableSizeMB = 1024; loadAverage = 4; };
        photoprism.enable = true;
-        nextcloud.enable = true;
+        nextcloud = {};
        freshrss.enable = true;
        send.enable = true;
        huginn.enable = true;
@@ -67,7 +67,14 @@ inputs:
        };
        vikunja.enable = true;
        chatgpt = {};
+        xray.server = { serverName = "xserver.vps7.chn.moe"; userNumber = 4; };
+        writefreely = {};
      };
    };
+    specialisation.generic.configuration =
+    {
+      nixos.system.nixpkgs.march = inputs.lib.mkForce null;
+      system.nixos.tags = [ "generic" ];
+    };
  };
 }
--- a/devices/vps7/secrets.yaml
+++ b/devices/vps7/secrets.yaml
@@ -54,11 +54,13 @@ synapse:
        signing-key: ENC[AES256_GCM,data:hzxxDbGp1L09O7+ueUSa5lJOY/QvF2zvHdpueEHjaPQEToQt9mr2loeTQHC7ObTegfLb9UHrI1jn4A==,iv:KngfahwYZZmDQ5LeOUPWptTMGAC8TZm1G0FWcrwCwsw=,tag:U9pW6/boBIpiswn67Ezrfw==,type:str]
        sliding-sync: ENC[AES256_GCM,data:BeA6g98IWDP6hnLFI77QqG6esDwB6j3OPzAv3eJxWoTajAsByHSgSYP1vHN5Iok6IgvSSmkf0/HiOJy1Ca8IIA==,iv:ca+t/rYwc/fAVUcz0JTmrRQCOcbDNscbnE8BpHkx/OE=,tag:eEfhUChUt4kRnO82XqRY4g==,type:str]
 vaultwarden:
-    admin_token: ENC[AES256_GCM,data:muavuOY88Lm4rSEoCp4IIPp7Z+sqf36VwpnPgf+K6IwwFkUgYM1GO80ogReYWqqUM6ij1Yzl5D9ncUbq+aGTKQ==,iv:jA4MRJlz71CMmPnWjb2tGbbIoMkEsESUowhXDckKKMI=,tag:l0HaJmnU29YeFUxjOgN3Kg==,type:str]
+    #ENC[AES256_GCM,data:yFDD8GHjZWHN/Yh53DseevKAhDVwrHX60e8sGZnF4BUsUuPA/4S2PRzj7CtlpFzUH3kb0i+HkLKRvbchg93U3as=,iv:JGG7daEKs0oMKTNVi9GS7PrXn/8rFtVkHknACsEQR+g=,tag:RSN6fojLsI4dcuPu2eTiWA==,type:comment]
+    admin_token: ENC[AES256_GCM,data:OpjREmxJSRj+aGVoP8KKRE7ClNqRtaV8va4WLVmpl1AO6D0q/GapJvhORHQb5s5ZjIAgvWTz1w+fh050Q9sPwRsNUke3FIcyeNy7k0PHgnnVIdxnU1Vn9KMz/SovjQ0/qEQ7tArvW/EXtKfwnP9lsz9m94VBvA==,iv:9AvDqMa2PeQOSrP2th3YBgA2RxPl3oKZTyUzi/yjRTM=,tag:HYFTQDgWvBsHQk8IZxWkfw==,type:str]
 mariadb:
    photoprism: ENC[AES256_GCM,data:TF1SZVFnvzyE+7vrHYYUS4Juqhbiw9QcJx7p3Xj88xyBFcTqS1YjzAKs/9GQ1PuzdBrt6hXm/XtJILHiuktnSg==,iv:sd9sQEuIePL6LzUYbFtmdecJ57sMrkF0coalBf8KFqQ=,tag:P/knaKYTJ+aXu4l6IixISA==,type:str]
    freshrss: ENC[AES256_GCM,data:ydqCbj3UbsLC1e++p5ixb5Kpmk2BsYd0urcfw8T51Is5N1/gQ7P0zgR33AOteAxw2oj85WQZhxu3eAN7BCXV5A==,iv:1oiMo1wwFNXiTZLsf4UPZSJfKFIWLI3h947TC06CVy4=,tag:Otq1oeKBnWXhqNilfsywPQ==,type:str]
    huginn: ENC[AES256_GCM,data:1Tdg1WDwGgFSXdChgif8knWS24BIFYnmaiSjJXxs5uj/v/5fJ1alb4K4XHW/kFRjQbuAOFfJiJ9ogJ1KAyk17A==,iv:qLMaQpVaKrjP7g2lWzhaNLghxwiV4YJmyYY1hrpu5I8=,tag:566JCENvOxgwD7tM3aQBiw==,type:str]
+    writefreely: ENC[AES256_GCM,data:+5jsON4SpeWKWZWlbn233XuQ/6HDzaS3XxUxDbUqAp8S/XGmn/QuFK2f375QJEiyZsnrIYkbN/CiOjdTw+nNzg==,iv:8mKqWegyxrT6908P5G0olVZzpP+BwpE7SYODEry7F3A=,tag:HeYoT0RFJGzX6DWcBQy7Jg==,type:str]
 photoprism:
    adminPassword: ENC[AES256_GCM,data:gB81joOfS8h05BNy2YmD/N0cpLPa/vAduDcQBeHiY/WkcnvqSXnXsOfnvbP74KQfoP4W35oFkfyGVPUBSB83tg==,iv:AkN2NoqMXVHQA9fHTTR7xbEapEqy/D61mHn7O23hyYk=,tag:WV+siDA3VnRkOYnP4Z9Qhw==,type:str]
 nextcloud:
@@ -68,21 +70,18 @@ freshrss:
 huginn:
    invitationCode: ENC[AES256_GCM,data:+m2AabRzUiCFy3MAKTB8d1IE05WHTcmZ,iv:ccdIPHl9N+bvPR/QCwZUwZOfWTeW6gWhhBjOpL85JRg=,tag:Ir2085K04XUGkAuoCG+7VQ==,type:str]
 fz-new-order:
-    manager: ENC[AES256_GCM,data:qZc5U3SZQPWzcKVjN2+A2qWNae4GItcjvEQFgkThvIQ=,iv:fJpiUlViiUg1ea/zGhgedQG7TeTbeb9dPviYoiUBLqI=,tag:6T7rgJflsjgK++28SgsLtg==,type:str]
    token: ENC[AES256_GCM,data:qhwWRflJbW1QMOhiPfbTIrEdQJyVtfZ1QycCgstdKD1Nh40=,iv:GvZ8MJig64l34jkvuJbMMjyNaPT5yz0/pFCc6KEPTvA=,tag:cMXo/6F9thl8k2iAhT507Q==,type:str]
    uids:
-        #ENC[AES256_GCM,data:WJszzA==,iv:KvyEnUu69+L5ZxNbRmjtP2R+8lHKgdlMN0WuvDbYgE4=,tag:LP2FJ2HXWZJmTdvXpHflVQ==,type:comment]
-        user0: ENC[AES256_GCM,data:Qw18Ht6qXo3n7DD9NgNB+3IRbCmKuvJQiK5UBsg/FC8=,iv:TeeTcR0tnRrniySqKrsKfOfr2JO7+kqS3iETdCFX5ZA=,tag:rRo2yNku9JWxmILWBS/Wyw==,type:str]
        #ENC[AES256_GCM,data:O3DOE3jFCg==,iv:9shUoHCLXsJPKHELlyWdreouEcyOqhsfVI2KaqwC4CU=,tag:tYKVv+/DuesSijZwWGdrig==,type:comment]
-        user1: ENC[AES256_GCM,data:vY4qTPNqdFp2H348jAgvwKktywdVVvQK/lR2NgRE4Ho=,iv:DrweeSEJ5ETomIkRtkcVboiQindzBoxvxjlSmrQIfI8=,tag:sMz1ITHkDclBc4OY91dMGg==,type:str]
+        user0: ENC[AES256_GCM,data:2sieulGmi7mCYrJH24djrrmHArrFbOHZ9wUuKvY4f2k=,iv:lb5ODFOeQQ+D9HZnMw48n/DGRB7L51U4frBVcPx1mvk=,tag:MwZua6u+G478uGOwtGu4fQ==,type:str]
        #ENC[AES256_GCM,data:yeA9zF8Tug==,iv:VZuWLZnt1RBmkBWudKVvgJkYfqxIj/umEHVCfR6IG3k=,tag:1kj7HyjVT59n05VYJ1uP+w==,type:comment]
-        user2: ENC[AES256_GCM,data:7hlq1FEauGcKkStREDbxA3tOA5NmFo9AbXiOPUt+kZ4=,iv:urOP3ENSviWRKDIWGc1P5PkEtkoBSCSYlgGqJQznp8s=,tag:NNKCW5bFPY7t/PC7dsSJwg==,type:str]
+        user1: ENC[AES256_GCM,data:Aw0ydspmf+PXKU27Pdzn4q/nY4sxXCADL1WGB7vm3eo=,iv:uTmVvGlW1HfdvoNbupSw3GyShsWTGVCoNrvVJ5BPUy0=,tag:k9KIoCWM6bSprwR8dmN+Hg==,type:str]
        #ENC[AES256_GCM,data:4G7DyLVVgQ==,iv:Ht/exln1QtL2BxjCaOTIXHRPDiSFYP4zIa7VaeMCuhE=,tag:btVLXf+WS/YgzRFbVFoAfQ==,type:comment]
-        user3: ENC[AES256_GCM,data:nBTbmp9OP14ayVBz1UGC5g76txfUwxL2NPQCKGxsQyw=,iv:2B8ISdT+8WpfeiU9peKoMlpwcRoGZVh11VyAnS9IKP4=,tag:uBMxqrPlb6TaftnAMqodKw==,type:str]
+        user2: ENC[AES256_GCM,data:P5gmhaQ+VOWVOjTrsx34zUS8dsqIkzCwOImIE8TIfUc=,iv:IoJIUcNJmaBTyr0Ut6R7BN/UqyK8p4HtiwbXUl171pE=,tag:k99PGSL1cEALTmFVWH1uSg==,type:str]
        #ENC[AES256_GCM,data:TGrZBuCRgQ==,iv:9IOJ3Bkw9udS/y93TTtZ9o79aDq3Bb+DMEogJG77iqA=,tag:S/XcPX1f89IyfZnMoR9s/A==,type:comment]
-        user4: ENC[AES256_GCM,data:LVendDEBlPUCkXPfgbYf2X0EgJsAdLKjAudXeAgy2Is=,iv:bR0emkQa6OHUP1ucgAvJU0eEop0gp+3rwDB5XJhh4+s=,tag:YZsW9Yyr+ey9AbTO3ucWDg==,type:str]
+        user3: ENC[AES256_GCM,data:cAzf2X20rtQYyz1rLK6b4jo8utuUOdUHVYfCWdfPTDY=,iv:L5cg7aNdfnLTH2dKl4bWCqaujJ9tIvBJrJIoDIaBLwk=,tag:9Al6Wig4lz1my6hgozSsIA==,type:str]
        #ENC[AES256_GCM,data:b4iJ73sUoQ==,iv:A2hmi7lCR15E5jVR8E71GQuHgF4TdjDuQadXOtBon6k=,tag:eopTJdjN16u7PtpZdhKymQ==,type:comment]
-        user5: ENC[AES256_GCM,data:wG4awLnfB4B0qLWG6Aj+OslLMnViPjIzicfB4ZzkZPA=,iv:b9C1IDmZTMV0RYXqkM/Y3khZeSQEOISrQyPjhQe3WKM=,tag:cRMtLNU6TCwTQG4UVhvTng==,type:str]
+        user4: ENC[AES256_GCM,data:nUJ0lPuFOUVGCtq0IRSh5dAkAna7hoow1YOtFEgSoZc=,iv:D8phoZxdbQ2/Zaeq8498eRb0a7SZD5WnVdKv+u2pBak=,tag:Obu01n34JjyAVnF0f3uKzg==,type:str]
    config0:
        username: ENC[AES256_GCM,data:p8+q8u1A,iv:9s52kS5yLB4vQuGVXNtA4amZqT3eHTTybsbsQZRiFnk=,tag:7SA4SEzMHpP9H/rwoE+UJQ==,type:str]
        password: ENC[AES256_GCM,data:58+gFodT,iv:ohZlT1BwnzCYv84xHgFsLRkiPMpE8lB8QVHwr0QtDWc=,tag:XF047RnXs6IbKsTnsm0D6g==,type:str]
@@ -108,6 +107,19 @@ chatgpt:
 telegram:
    token: ENC[AES256_GCM,data:Mr6KrAzYoDXA+dPT3oXqK2wm9ahTjZ5GVE/iRPsmcM+S2MABT+8ramyHz9oIFw==,iv:nIZ8rpSxz2GwMbDQFfG3xauMQjiriZ1oxFMrEQeH7sQ=,tag:y5U1T1vV/mmdE/CeaeTR8g==,type:str]
    chat: ENC[AES256_GCM,data:8w/0EI64a1dC,iv:dHu9JHcUY7QPd9YBKXnrRXQB2K6jpnLrSFs+1IJmkio=,tag:3ucN3uNnBxxRF+cbLsa1nQ==,type:str]
+xray-server:
+    clients:
+        #ENC[AES256_GCM,data:aAZS,iv:Z+iJG7yC6HJeNdKCCpsZSc9Ny7kAt6GYfXUtZozMb4A=,tag:iMfwjqqmLvu5a8YpF7a0zQ==,type:comment]
+        user0: ENC[AES256_GCM,data:Q8MFrN/3SRgzSlwTx2GmpP/gvG1vpYiVgjsESzUoomsJaigP,iv:oLsf7AX3FE0tFOkJAbqrZVrCa6UxKjp450Sl1rs2Vs0=,tag:5w+AX0p4Or1GAQsEU3NxOQ==,type:str]
+        #ENC[AES256_GCM,data:j3zVwqHmag==,iv:8+ol60wNlbV2RzMBe47VxIrZuec8aXDUNcQvHcxKuiA=,tag:1AgCMfZf9vzWiWDS6hkw2Q==,type:comment]
+        user1: ENC[AES256_GCM,data:ucCiL7uoSafFUP9IiwKOjJqgwNxNLmuHxYXsLYl0fBgbCT3F,iv:RbNPwvSWibODQqySRc+YW65nUvRwaeXT0eDh02sfrwM=,tag:iE7GGrkBxljBT9HdPzDOfA==,type:str]
+        #ENC[AES256_GCM,data:x7dwVDe22M8=,iv:+fT7VUxZGd8SgS0PnEBqHLPLDuywu4s01iWB6TA/BKQ=,tag:CxfP7xSd4L9RBulSfViHaQ==,type:comment]
+        user2: ENC[AES256_GCM,data:e6PbRg30dzOJSXNmU6TML4AaFsSWEvZwN7MHAEX6fEW2p3hW,iv:Y+YYAO6hY9e/T8LSCr34M7riGmSzFIocmWwAwWjnZQs=,tag:LTkdGcRyrx7HqvbSYSsv4A==,type:str]
+        #ENC[AES256_GCM,data:j83rYg==,iv:3oEdAoVz7aMcezcy2chTO0LQTtKpTrJJoQZx3PC03BU=,tag:ABteEIyr2Y6MbGQhmrQySQ==,type:comment]
+        user3: ENC[AES256_GCM,data:Uk0Ax9FVzmmYs+ggWy7z6FEkuj2tppGlvnQdoW6PDI1VA9oI,iv:wSxigXleRUalQR1/TzKfdUVrdyEUuq+Wg42gSv1QMAI=,tag:qn6nBWv6MlGhMarCfI13BA==,type:str]
+    private-key: ENC[AES256_GCM,data:TarrinCFzWkB5zCc7i7f3B3tFfxrF+cGnrg4bw9CAGKWBazSJHCviY8Imw==,iv:azHdrc6AlgS9RPwGVsYRb8bBeC/askCdut1rnv9TA3I=,tag:AT2lLraKVgbp9GmlLJiI+w==,type:str]
+writefreely:
+    chn: ENC[AES256_GCM,data:YvhPa69sVdiljm9Ix6yQh6YCEpFvC9iw5Yx72MBcGr7+swdbvWDAfMmGFY066mAPvhpwZX/IEivKvrS0t/OSnw==,iv:7s2yEb30YaCAtNeevbur0HL28nXHVIqmCx6Bngh+HWk=,tag:yx0JK8RNQMVcYLBSxNj+uw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -132,8 +144,8 @@ sops:
            SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
            HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-10T08:51:41Z"
-    mac: ENC[AES256_GCM,data:JQGv8hKLp0XFj5se+dKGs8r+qjEnlxXNMBlMk3Cv/c/b96nyreKva95DyR9JdY4ND8emY00IAIefnzT+uMvpmxXO/ttM8Vf2xPus6jBKp5omSjr0mbwBcUz9+oXWElua6LJKL/3v1NZ7t/usH9KCWeAnjtaNi/6T4U0z3IY6a9U=,iv:SadPtZGKqHS+ZTp09kR9gs8OyIr2lcywRxyPTfsqL6A=,tag:itZBK6Dde5212d+OBTKb9A==,type:str]
+    lastmodified: "2024-08-20T15:48:48Z"
+    mac: ENC[AES256_GCM,data:buEby7ZmmEFARmRp3r7JwYdMck87u4c3TGkeF2pkc5ORnqIgwSH1XVSjlbK8vTBWz2FKXeQh9wkX3BMaam9dU873/yPBe54BnbZNggZ7jDDEpSTeddfTsM8mrka0xDO3CUHbwCsqYWFm4NLAbCfRPKhrjvSJVyEC85K3eO45Z6M=,iv:/7cOdSi6oiaaFRkSnR+1/XXapjlQdMgom31xrpIGXHk=,tag:XW4WX93bw45zPweblW4Dtg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.0
--- a/devices/xmupc1/README.md
+++ b/devices/xmupc1/README.md
@@ -16,10 +16,25 @@ SLURM 是一个用来对任务排队的系统，轮到某个任务时，再调

 ## 常用命令

+我做了一个 TUI 界面，用起来比较简单，大多情况下可以满足需求。命令为：
+
+```bash
+sbatch-tui
+```
+
+或
+
+```bash
+sbatch
+```
+
+如果需要在提交任务时指定更详细的细节，或者要编写脚本批量提交任务，则在 `sbatch` 后面加上参数，这时是直接调用来自 SLURM 的 `sbatch` 命令。
+常用的参数见下文。更详细的内容见 SLURM 的官方文档。
+
 提交一个 VASP GPU 任务的例子：

 ```bash
-sbatch --gpus=1 --ntasks-per-gpu=1 --job-name="my great job" vasp-nvidia-640
+sbatch --gpus=1 --ntasks-per-gpu=1 --job-name="my great job" vasp-nvidia
 ```

 * `--gpus` 指定使用GPU 的情况：
@@ -30,12 +45,12 @@ sbatch --gpus=1 --ntasks-per-gpu=1 --job-name="my great job" vasp-nvidia-640
 * `--ntasks-per-gpu=1` 对于 VASP 来说一定要写。
 * `--job-name=xxx` 指定任务的名字。可以简写为 `-J`。也可以不指定。
 * 默认情况下，一个 task 会搭配分配一个 CPU 核（一个线程），一般已经够用。如果一定要修改，用 `--cpus-per-task`。
-* `vasp-nvidia-640` 指调用 std 版本，要使用 gam 或 ncl 版本时，写为例如 `vasp-nvidia-640-gam`。
+* `vasp-nvidia` 指调用 std 版本，要使用 gam 或 ncl 版本时，写为例如 `vasp-nvidia-gam`。

 提交一个 VASP CPU 任务的例子：

 ```bash
-sbatch --ntasks=4 --cpus-per-task=4 --hint=nomultithread --job-name="my great job" vasp-intel-640
+sbatch --ntasks=4 --cpus-per-task=4 --hint=nomultithread --job-name="my great job" vasp-intel
 ```

 * `--ntasks=4 --cpus-per-task=4` 指定使用占用多少核。
@@ -45,7 +60,7 @@ sbatch --ntasks=4 --cpus-per-task=4 --hint=nomultithread --job-name="my great jo
    * 对于 xmupc2：`--ntasks=4 --cpus-per-task=10`。
 * `--hint=nomultithread` 记得写。
 * `--job-name=xxx` 指定任务的名字。可以简写为 `-J`。也可以不指定。
-* `vasp-intel-640` 指调用 std 版本，要使用 gam 或 ncl 版本时，写为例如 `vasp-intel-640-gam`。
+* `vasp-intel` 指调用 std 版本，要使用 gam 或 ncl 版本时，写为例如 `vasp-intel-gam`。

 要把其它程序提交到队列里，也是类似的写法。请自行举一反三。

@@ -186,7 +201,6 @@ samba 就是 windows 共享文件夹的那个协议。

 VASP 有很多很多个版本，具体来说：

-* VASP 多个版本可以共存，但为了简单只安装了 6.4.0 版本。
 * VASP 可以用不同的编译器编译。目前安装的有：nvidia、intel。nvidia 使用 GPU 计算，intel 能用 CPU 计算。其它版本性能不佳，没有安装。
 * VASP 的 std/gam/ncl 版本有一点区别，一般用 std，只有一个 gamma 点的时候用 gam 会快一点，系统中存在方向不平行的磁矩时必须用 ncl。
 * 无论哪个版本，都集成了下面这些补丁：
@@ -199,14 +213,14 @@ VASP 有很多很多个版本，具体来说：
 如何提交 VASP 到队列系统已经在上面介绍过了。下面的例子是，如果要直接运行一个任务的写法：

 ```bash
-vasp-nvidia-640-env mpirun -np 1 -x CUDA_DEVICE_ORDER=PCI_BUS_ID -x CUDA_VISIBLE_DEVICES=0 -x OMP_NUM_THREADS=4 vasp-std
-vasp-intel-640-env mpirun -n 2 -genv OMP_NUM_THREADS=4 vasp-std
+vasp-nvidia-env mpirun -np 1 -x CUDA_DEVICE_ORDER=PCI_BUS_ID -x CUDA_VISIBLE_DEVICES=0 -x OMP_NUM_THREADS=4 vasp-std
+vasp-intel-env mpirun -n 2 -genv OMP_NUM_THREADS=4 vasp-std
 ```

 其中 `CUDA_VISIBLE_DEVICES` 用于指定用哪几个显卡计算（多个显卡用逗号分隔）。
-要查看显卡的编号，可以用 `CUDA_DEVICE_ORDER=PCI_BUS_ID vasp-nvidia-640-env nvaccelinfo` 命令。
+要查看显卡的编号，可以用 `CUDA_DEVICE_ORDER=PCI_BUS_ID vasp-nvidia-env nvaccelinfo` 命令。

-这里 `vasp-xxx-6.4.0` 命令的作用是，进入一个安装了对应版本的 VASP 的环境，实际上和 VASP 关系不大；
+这里 `vasp-xxx-env` 命令的作用是，进入一个安装了对应版本的 VASP 的环境，实际上和 VASP 关系不大；
  后面的 `mpirun xxx` 才是真的调用 VASP。
 所以实际上你也可以在这个环境里做别的事情，例如执行上面的 `nvaccelinfo` 命令。

--- a/devices/xmupc1/default.nix
+++ b/devices/xmupc1/default.nix
@@ -10,10 +10,11 @@ inputs:
        {
          mount =
          {
-            vfat."/dev/disk/by-uuid/467C-02E3" = "/boot/efi";
+            # TODO: reparition
+            vfat."/dev/disk/by-uuid/467C-02E3" = "/boot";
            btrfs =
            {
-              "/dev/disk/by-uuid/2f9060bc-09b5-4348-ad0f-3a43a91d158b" = { "/nix" = "/nix"; "/nix/boot" = "/boot"; };
+              "/dev/disk/by-uuid/2f9060bc-09b5-4348-ad0f-3a43a91d158b"."/nix" = "/nix";
              "/dev/disk/by-uuid/a04a1fb0-e4ed-4c91-9846-2f9e716f6e12" =
              {
                "/nix/rootfs" = "/nix/rootfs";
@@ -26,7 +27,6 @@ inputs:
          swap = [ "/nix/swap/swap" ];
          rollingRootfs = {};
        };
-        grub.installDevice = "efi";
        nixpkgs =
        {
          march = "znver3";
@@ -52,13 +52,12 @@ inputs:
        nix.remote.slave.enable = true;
      };
      hardware = { cpus = [ "amd" ]; gpu.type = "nvidia"; };
-      packages.packageSet = "workstation";
      virtualization = { waydroid.enable = true; docker.enable = true; kvmHost = { enable = true; gui = true; }; };
      services =
      {
        snapper.enable = true;
        sshd = { passwordAuthentication = true; groupBanner = true; };
-        xray.client = {};
+        xray.client.enable = true;
        firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
        smartd.enable = true;
        beesd.instances =
@@ -76,7 +75,7 @@ inputs:
        slurm =
        {
          enable = true;
-          cpu = { cores = 16; threads = 2; };
+          cpu = { cores = 16; threads = 2; mpiThreads = 3; openmpThreads = 4; };
          memoryMB = 94208;
          gpus = { "2080_ti" = 1; "3090" = 1; "4090" = 1; };
        };
@@ -88,9 +87,10 @@ inputs:
          shares = { home.path = "/home"; root.path = "/"; };
        };
        groupshare = {};
+        hpcstat = {};
      };
      bugs = [ "xmunet" "amdpstate" ];
-      user.users = [ "chn" "xll" "zem" "yjq" "gb" ];
+      user.users = [ "chn" "xll" "zem" "yjq" "gb" "zqq" ];
    };
    services.hardware.bolt.enable = true;
  };
--- a/devices/xmupc1/secrets/default.yaml
+++ b/devices/xmupc1/secrets/default.yaml
@@ -15,8 +15,15 @@ users:
    yjq: ENC[AES256_GCM,data:ua0DINHutjt2Pk+SfHRQRV99mT3Cnw6rRKO8VRIAlP0dY6QhK9wkNdyRYWYRBKVrWgyFQMGNFYAxIpymjF/X7mBOVI2sOHLgkw==,iv:PUZ6S0KICuqoSA2sDLxdL4gtAOQnQXOUY+5f3qDZgpc=,tag:f39P34vAUOrV23BsKkRarA==,type:str]
    #ENC[AES256_GCM,data:6qNjSdjck4Vz,iv:c/GNqCNgRgwgL+2f6Vumtjb/ub9WCBSy8R02NRCDqk8=,tag:b/tucJsHTjSfcK0vgHtE8A==,type:comment]
    gb: ENC[AES256_GCM,data:3eAKBiJoC1owCHTFd3Xq8vI8VK980evePc92xCXJJ21M9D1MdbwN8ySZ3Ovjk7VfQmEo8oRv1Ll1sftyrXYoeTHmJsNDxCpR6A==,iv:Ju/ERNuGrgO5kYlbvmkbLJkgiW3Elou34AsJTFITCUg=,tag:POVlxYh9kZ1BMSbt97IVOQ==,type:str]
+    #ENC[AES256_GCM,data:oniighfvCNGWUwdhqg==,iv:RVUuZBqCd111QJ7MpgYBuP4fDCzm4NZAtbua9kXkrJM=,tag:21zF8E/3lBTDr54I9NKPVg==,type:comment]
+    zqq: ENC[AES256_GCM,data:Vjbbs8xIlH3+of7+kLGFVp4bIizU8D5R1qRbCqP5FhzTadXA8KD9/uiYxtrV3oxYGwZ/RlLvriHMClob4ihyDF4U2t8Dc4eVqA==,iv:FjCftpfKPZYThiNOyNkhx9uNyWIsjC5sK5WWcaEBtiY=,tag:MTL490c2SeFGx3EhxEdvkA==,type:str]
 mariadb:
    slurm: ENC[AES256_GCM,data:qQMD8SKNmxb3PdScXNqppF9zkX7dV5i7rvljvZuhiI5zLnu77qYCHBW6ymh0mrY14N9NjxmQZhZWX/H8TvBlcg==,iv:J5N3LjCYW3QmuEkMBpl7qvPFW1Z9ZoPLkj45jKcIW9U=,tag:Tl+ld07+lVkmzt7f/f2MqQ==,type:str]
+hpcstat:
+    key: ENC[AES256_GCM,data:POK329h/joF7WdSBwSE1EkYH/pZ9X+wiTKcVWLZjmh7gM9d7HONbN/PqsYNFTHJVR0GgysqpLEcPN2OFGs/SSeH86o04cAdjAVznKZgt1Q34QGYy6b+io15P3lbmK0kTKmeGt5qEhGkBh6BVBoSyqbKAknvUqJ17ZkL17kyRaKffm3Zais7keEJCFdyRF6oSz2kl2CvEmKNWPWDdO9EpgqgYlm9mwu95/k9Hx5eyUjiFpxc3fdFTESGbe0ZYAqKQ0eLFfLLorQp0pAzxCbbxIzZEgyxjzkICXKa1n7Zz6h1ON2Rsqq0Q4hEYJdWGLtvOH/VLVxvNWjW4Er6i3lWGhZRiDDrxLErQGONI+X7QqbneFCnMCZGln3pAfNtOr+KX58ij/egyzmb7bKZrARqnm+X+/I/L0+VS1PfDdLP53GaX7mfKYpcH6z7O2F/zjpuXQTV8njs64YlvgyYXsCaghEUBzehsruwRsBEkTIb4R2AlqItpbesMnNNUJ4Cr/B7Bw6O+gHeJ+oK4ZPBYbgso,iv:B2eWjydl8m8nbcPw2fZfxCnj57utWM9ABj2eJ1pRKWQ=,tag:5W9ZwVSJvm1KvZnf/E5Tug==,type:str]
+telegram:
+    token: ENC[AES256_GCM,data:Mu7guAFUu+UoHvo/h1blcI6Kg3mvng6zNc/HKXuCdf73ujziK0mXwPcf7t7d/w==,iv:BkA4d0OJ4lTD7csZJQHcDnYe7SYcFbwRVYOQAWOQ2lQ=,tag:GuJ4z5pe2znTY3xNT2WF+w==,type:str]
+    chat: ENC[AES256_GCM,data:OC8ElUPmfsVL,iv:WgZMJP2ugZbqZyihdNtL1xMH8u9VpLNzO8DGpDL4w4k=,tag:u4cKABikuMUbCIm5zCnk6A==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -41,8 +48,8 @@ sops:
            ZDNHUjE2QVlCV3p0NHdKYW5IMHVBZzQKkZtfyvfroOntg3yRjMw4jQHiQj8eaB2h
            IeIHfW4y01mmVT2ofbtB0xYpjcl4gtUlQ8X3tn5iJ9P8gcVo0G598A==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-10T08:53:57Z"
-    mac: ENC[AES256_GCM,data:ImxIE0d7cEpudUKGs9zHCMFKlHYwFfztLWe5ZMWOrQxr7/uRxfCsiIvuU1nRri0jx2x8J6EFAG1BdrF4KRSeW5sIB9Tlk7X1TJ69zSdLhhnIuPl+rSyovoIkMQAJ0Wvyvlgimh1VQyaBkPsjnGk/dga1N0+gIlmiwFKY5uTpaaA=,iv:fo6S9fIDxnp7VWYYWH613U6bxIlDBZaNObkRR3AdgEc=,tag:ZRIMHkWRsf75K3Tg3Xv5xw==,type:str]
+    lastmodified: "2024-08-21T09:56:03Z"
+    mac: ENC[AES256_GCM,data:9+AR9Y6ik+BH1Spk62LSTU1NFQ8ID0YROF+yf8ss2RqhfP6/5+lsrNjGC7gnEEMYF8UWVtChUuljIK3Q4MtT64JhDWgp8tenbpkJnRFGylzEe37MYajdDY7nrPP7iPUPNvS1ndo6vp/yuEigBXVhCtpjMObj7zIdGnLbtz0sczA=,iv:gNb8gVp9adnlZsMM2afOlFe46Vy15ELmC9vGaaeaInY=,tag:rltLL3WSZytjEemgjCy6Ng==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.0
--- a/devices/xmupc1/tunnel.md
+++ b/devices/xmupc1/tunnel.md
@@ -0,0 +1,39 @@
+# 使用 SSH 隧道连接
+
+在学校外且不使用厦大 VPN 时，无法直接连接到学校的服务器，可以通过下面的方法连接到：
+  首先连接到 vps6.chn.moe。这个服务器在校外（洛杉矶），因此可以直接连接到。
+  同时，它通过别的方式与学校的服务器保持着连接，利用这个保持着的连接，跳回到学校的服务器。
+
+这个跳转的过程不需要手动操作，只需要将软件设置好即可。
+
+## PuTTY
+
+1. 首先设置一个名为 `vps6` 的会话。
+   1. 在 Session 页，填入 `vps6.chn.moe` 作为 Host Name。
+   2. 在 Connection -> SSH -> Auth -> Credentials 页，在 “Private key file for authentication“ 选择密钥文件。
+   3. 在 Connection -> Data 页，在 “Auto-login username” 填写用户名。
+   4. 回到 Session 页，在 “Saved Sessions” 填入 `vps6` 并点击 “Save” 保存配置。
+2. 再设置一个名为 `wireguard.xmupc1` 的会话。
+   1. 在 Session 页，填入 `wireguard.xmupc1.chn.moe` 作为 Host Name。
+   2. 在 Connection -> SSH -> Auth -> Credentials 页和 Connection -> Data 页，需要修改的设置与在 `vps6` 会话中相同。
+   3. 在 Connection -> Proxy 页，设置 Proxy type 为 `SSH to proxy and use port forwarding`，Proxy hostname 为 `vps6`。
+   4. 回到 Session 页，在 “Saved Sessions” 填入 `wireguard.xmupc1` 并点击 “Save” 保存配置。
+
+之后双击双击 `wireguard.xmupc1` 会话即可连接到学校的服务器。
+
+## WinSCP
+
+1. 在登陆界面，点击 “新建站点”。
+   1. 设置 “文件协议” 为 `SCP`，“主机名” 为 `wireguard.xmupc1.chn.moe`，并输入用户名。
+   2. 然后点击右下角 “高级” 继续修改设置。
+   3. 在 连接 -> 隧道 页，勾选 “通过 SSH 隧道进行连接”，主机名填写 `vps6.chn.moe`，选择密钥文件，并填写用户名。
+   4. 在 SSH -> 验证 页，选择密钥文件。
+   5. 点击 “确定”，再点击 “保存”。
+
+## OpenSSH
+
+下面是一个命令的示例：
+
+```bash
+ssh -J username@vps6.chn.moe username@wireguard.xmupc1.chn.moe
+```
--- a/devices/xmupc2/default.nix
+++ b/devices/xmupc2/default.nix
@@ -10,17 +10,16 @@ inputs:
        {
          mount =
          {
-            vfat."/dev/disk/by-uuid/23CA-F4C4" = "/boot/efi";
+            vfat."/dev/disk/by-uuid/23CA-F4C4" = "/boot";
            btrfs =
            {
              "/dev/disk/by-uuid/d187e03c-a2b6-455b-931a-8d35b529edac" =
-                { "/nix/rootfs/current" = "/"; "/nix" = "/nix"; "/nix/boot" = "/boot"; };
+                { "/nix/rootfs/current" = "/"; "/nix" = "/nix"; };
            };
          };
          swap = [ "/nix/swap/swap" ];
          rollingRootfs = {};
        };
-        grub.installDevice = "efi";
        nixpkgs =
        {
          march = "skylake";
@@ -46,13 +45,12 @@ inputs:
        nix.remote.slave.enable = true;
      };
      hardware = { cpus = [ "intel" ]; gpu.type = "nvidia"; };
-      packages.packageSet = "workstation";
      virtualization = { waydroid.enable = true; docker.enable = true; kvmHost = { enable = true; gui = true; }; };
      services =
      {
        snapper.enable = true;
        sshd = { passwordAuthentication = true; groupBanner = true; };
-        xray.client = {};
+        xray.client.enable = true;
        firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
        smartd.enable = true;
        beesd.instances.root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
@@ -66,7 +64,7 @@ inputs:
        slurm =
        {
          enable = true;
-          cpu = { sockets = 2; cores = 22; threads = 2; };
+          cpu = { sockets = 2; cores = 22; threads = 2; mpiThreads = 4; openmpThreads = 10; };
          memoryMB = 253952;
          gpus = { "4090" = 1; "p5000" = 1; };
        };
@@ -75,7 +73,7 @@ inputs:
        groupshare = {};
      };
      bugs = [ "xmunet" ];
-      user.users = [ "chn" "xll" "zem" "yjq" "gb" ];
+      user.users = [ "chn" "xll" "zem" "yjq" "gb" "zqq" ];
    };
  };
 }
--- a/devices/xmupc2/secrets/default.yaml
+++ b/devices/xmupc2/secrets/default.yaml
@@ -15,6 +15,8 @@ users:
    yjq: ENC[AES256_GCM,data:sGPQ0xALULREnhzl9g/V91M5osMglsSps6R4gYn5OZc/4xVC1phF3qajVN3YMOr7kKgkHbF2Rjm6/2vuK0k1iYZnFswUAmFlmw==,iv:5vG1hn7SlX6HCpas2BgxBSwWqLby8OCxcH3EKNvceIc=,tag:TVwFBAuosKnEOZecq1phXw==,type:str]
    #ENC[AES256_GCM,data:ALHxkRABA+ll,iv:r1IDiHLFcTdLID3q16zrLTavAwQfddC7bXMKcFZFveI=,tag:4Pd0/Q1BmH4gJjaM4hbqqQ==,type:comment]
    gb: ENC[AES256_GCM,data:z4CrtdmdLJJ0qZzr7qvihnluJQgjtciX56KdEmtemiRu0llEJk9qz6a23aJ7m40Sfc38elF1/LsvjOuBOC87+BVkKDCj76phag==,iv:WrFVxkr3snmqDXZx5kAYCLp7ixEIzxoT7El3rV7Ovqg=,tag:iExf2Y/HObHQrKMTRvqn7A==,type:str]
+    #ENC[AES256_GCM,data:UoNCXbGIHDNsmyCJxw==,iv:uTNvqg4xm7E+yn8vFaaihbEGEhLTZ2FNFNCYzdgiDlU=,tag:4bRSZbx6FFzA6MiBYVu0qw==,type:comment]
+    zqq: ENC[AES256_GCM,data:sfgufV++PfTrdeUBXZhmF1JoSpD8Nj+m0QKFrUMJG/pHb0AUagJEWEJwPsI+m91tZE0qxM271ks+WKqLElmyD4Ftw7ywWzTE0Q==,iv:R05QFUF+fvIHidWpHIR/D/e+UeciS5ehnx1kx+saCgM=,tag:3Awnd+pUQRxjjQ58SUX7Mg==,type:str]
 mariadb:
    slurm: ENC[AES256_GCM,data:9wLQ1zF/kDaiw0s3UaRpiHgmngU7u6hwyqpddSjev0+Z0v58Q2oiJtK8vn+2VlSxx5ACfqEFbzp0PZYAxd575w==,iv:q9JTkgDymOwkbZ/PaxRAAQrtO96QmGgZcQuLTFCMoS4=,tag:dwOHlOTgZqT/1jQ+oGf7UQ==,type:str]
 sops:
@@ -41,8 +43,8 @@ sops:
            M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU
            LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-10T08:54:10Z"
-    mac: ENC[AES256_GCM,data:4n7bAGzORwd6vHl/Cs5YT8VZaSdfvxUm6e+fw7PYC2ov8XoRlJKU/Bci8Sbwcy2H6OjbkdRYA61cB2wAjtEY1x9N/c6qvUAOjTvOtcXoQQex8d+aMnJsFfJQ70GHCZE+KRTmy1SAMn+N00Oy0FDisdQe/jIZuWyav5j62CKqLqc=,iv:YEhiXU2IgXy4A0ZLsNY7kFqXJM5RBHE4IZwlRoF8XMA=,tag:aVc0r2g1QkY42NP59p4m2w==,type:str]
+    lastmodified: "2024-08-21T09:56:44Z"
+    mac: ENC[AES256_GCM,data:COodLhpL5EA5g15lgimsuxs1vmqJrLDVgtjw+0FLKTq6E1pcQ+zJl+dD0b9u5fYy9BBf56TI8TLJahVPR0eGxbDFlHmx8M9GStlTqaOE3jRsDT8GsihdlvLokyVt8jEfAnaWESTIgfehVL2TrLlsMnIsoVHrzdlEhX5ATXA3QOg=,iv:U/EwFmYWOcxi7ItkR/+MT8gTu7UobH5pxS00qrH/yyU=,tag:RVMcx4X0IS9yvpHrF0owpg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.0
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@@ -3,31 +3,28 @@

  inputs =
  {
-    nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-24.05";
-    nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-unstable";
    "nixpkgs-23.11".url = "github:CHN-beta/nixpkgs/nixos-23.11";
    "nixpkgs-23.05".url = "github:CHN-beta/nixpkgs/nixos-23.05";
    "nixpkgs-22.11".url = "github:NixOS/nixpkgs/nixos-22.11";
    "nixpkgs-22.05".url = "github:NixOS/nixpkgs/nixos-22.05";
-    home-manager = { url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; };
+    home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; };
    sops-nix =
    {
      url = "github:Mic92/sops-nix";
      inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs"; };
    };
-    aagl = { url = "github:ezKEa/aagl-gtk-on-nix/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; };
-    nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs-unstable"; };
+    aagl = { url = "github:ezKEa/aagl-gtk-on-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
+    nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; };
    nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
    nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; };
    impermanence.url = "github:nix-community/impermanence";
    qchem = { url = "github:Nix-QChem/NixOS-QChem/master"; inputs.nixpkgs.follows = "nixpkgs"; };
-    deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; };
    plasma-manager =
    {
      url = "github:pjones/plasma-manager";
      inputs = { nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager"; };
    };
-    nix-doom-emacs = { url = "github:nix-community/nix-doom-emacs"; inputs.nixpkgs.follows = "nixpkgs"; };
    nur-linyinfeng = { url = "github:linyinfeng/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
    nixos-hardware.url = "github:CHN-beta/nixos-hardware";
    envfs = { url = "github:Mic92/envfs"; inputs.nixpkgs.follows = "nixpkgs"; };
@@ -54,8 +51,6 @@
    nodesoup = { url = "github:olvb/nodesoup"; flake = false; };
    tgbot-cpp = { url = "github:reo7sp/tgbot-cpp"; flake = false; };
    v-sim = { url = "gitlab:l_sim/v_sim"; flake = false; };
-    win11os-kde = { url = "github:yeyushengfan258/Win11OS-kde"; flake = false; };
-    fluent-kde = { url = "github:vinceliuice/Fluent-kde"; flake = false; };
    rycee = { url = "gitlab:rycee/nur-expressions"; flake = false; };
    blurred-wallpaper = { url = "github:bouteillerAlan/blurredwallpaper"; flake = false; };
    slate = { url = "github:TheBigWazz/Slate"; flake = false; };
@@ -68,6 +63,10 @@
    zxorm = { url = "github:CHN-beta/zxorm"; flake = false; };
    openxlsx = { url = "github:troldal/OpenXLSX"; flake = false; };
    sqlite-orm = { url = "github:fnc12/sqlite_orm"; flake = false; };
+    sockpp = { url = "github:fpagliughi/sockpp"; flake = false; };
+    git-lfs-transfer = { url = "github:charmbracelet/git-lfs-transfer"; flake = false; };
+    nc4nix = { url = "github:helsinki-systems/nc4nix"; flake = false; };
+    fcitx5-virtualkeyboard-ui = { url = "github:CHN-beta/fcitx5-virtualkeyboard-ui"; flake = false; };

    # does not support lfs yet
    # nixos-wallpaper = { url = "git+https://git.chn.moe/chn/nixos-wallpaper.git"; flake = false; };
@@ -75,39 +74,53 @@

  outputs = inputs:
    let
-      localLib = import ./local/lib inputs.nixpkgs.lib;
+      localLib = import ./lib.nix inputs.nixpkgs.lib;
      devices = builtins.filter (dir: (builtins.readDir ./devices/${dir})."default.nix" or null == "regular" )
        (builtins.attrNames (builtins.readDir ./devices));
    in
    {
-      packages.x86_64-linux =
-        let pkgs = (import inputs.nixpkgs
+      packages.x86_64-linux = rec
+      {
+        pkgs = (import inputs.nixpkgs
        {
          system = "x86_64-linux";
          config.allowUnfree = true;
          overlays = [ inputs.self.overlays.default ];
        });
-        in
-        {
-          default = inputs.nixpkgs.legacyPackages.x86_64-linux.writeText "systems"
-            (builtins.concatStringsSep "\n" (builtins.map
-              (system: builtins.toString inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel)
-              devices));
-          hpcstat =
-            let openssh = (pkgs.pkgsStatic.openssh.override { withLdns = false; etcDir = null; }).overrideAttrs
-              (prev: { doCheck = false; patches = prev.patches ++ [ ./local/pkgs/hpcstat/openssh.patch ];});
-            in pkgs.pkgsStatic.localPackages.hpcstat.override
-              { inherit openssh; standalone = true; version = inputs.self.rev or "dirty"; };
-        }
-        // (
-          builtins.listToAttrs (builtins.map
-            (system:
+        default = inputs.nixpkgs.legacyPackages.x86_64-linux.writeText "systems"
+          (builtins.concatStringsSep "\n" (builtins.map
+            (system: builtins.toString inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel)
+            devices));
+        hpcstat =
+          let
+            openssh = (pkgs.pkgsStatic.openssh.override { withLdns = false; etcDir = null; }).overrideAttrs
+              (prev: { doCheck = false; patches = prev.patches ++ [ ./packages/hpcstat/openssh.patch ];});
+            duc = pkgs.pkgsStatic.duc.override { enableCairo = false; cairo = null; pango = null; };
+          in pkgs.pkgsStatic.localPackages.hpcstat.override
+            { inherit openssh duc; standalone = true; version = inputs.self.rev or "dirty"; };
+        ufo =
+          let
+            range-v3 = pkgs.pkgsStatic.range-v3.overrideAttrs (prev:
            {
-              name = system;
-              value = inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel;
-            })
-            devices)
-        );
+              cmakeFlags = prev.cmakeFlags or []
+                ++ [ "-DRANGE_V3_DOCS=OFF" "-DRANGE_V3_TESTS=OFF" "-DRANGE_V3_EXAMPLES=OFF" ];
+              doCheck = false;
+            });
+            tbb = pkgs.pkgsStatic.tbb_2021_11.overrideAttrs (prev: { cmakeFlags = prev.cmakeFlags or [] ++
+              [ "-DTBB_TEST=OFF" ]; });
+            biu = pkgs.pkgsStatic.localPackages.biu.override { inherit range-v3; };
+            matplotplusplus = pkgs.pkgsStatic.localPackages.matplotplusplus.override { libtiff = null; };
+          in pkgs.pkgsStatic.localPackages.ufo.override { inherit biu tbb matplotplusplus; };
+        chn-bsub = pkgs.pkgsStatic.localPackages.chn-bsub;
+      }
+      // (builtins.listToAttrs (builtins.map
+        (system:
+        {
+          name = system;
+          value = inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel;
+        })
+        devices)
+      );
      nixosConfigurations =
      (
        (builtins.listToAttrs (builtins.map
@@ -122,7 +135,7 @@
              [
                (moduleInputs: { config.nixpkgs.overlays = [(prev: final:
                  # replace pkgs with final to avoid infinite recursion
-                  { localPackages = import ./local/pkgs (moduleInputs // { pkgs = final; }); })]; })
+                  { localPackages = import ./packages (moduleInputs // { pkgs = final; }); })]; })
                ./modules
                ./devices/${system}
              ];
@@ -138,62 +151,56 @@
            [
              (moduleInputs: { config.nixpkgs.overlays = [(prev: final:
                # replace pkgs with final to avoid infinite recursion
-                { localPackages = import ./local/pkgs (moduleInputs // { pkgs = final; }); })]; })
+                { localPackages = import ./packages (moduleInputs // { pkgs = final; }); })]; })
              ./modules
              ./devices/pi3b
            ];
          };
        }
      );
-      deploy =
-      {
-        sshUser = "root";
-        user = "root";
-        fastConnection = true;
-        autoRollback = false;
-        magicRollback = false;
-        nodes = builtins.listToAttrs (builtins.map
-          (node:
-          {
-            name = node;
-            value =
-            {
-              hostname = node;
-              profiles.system.path = inputs.self.nixosConfigurations.${node}.pkgs.deploy-rs.lib.activate.nixos
-                inputs.self.nixosConfigurations.${node};
-            };
-          })
-          [ "vps6" "vps7" "nas" "surface" "xmupc1" "xmupc2" "pi3b" ]
-        );
-      };
-      checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib;
      overlays.default = final: prev:
-        { localPackages = (import ./local/pkgs { inherit (inputs) lib; pkgs = final; topInputs = inputs; }); };
-      config.archive = false;
-      devShells.x86_64-linux =
-        let pkgs = (import inputs.nixpkgs
+        { localPackages = (import ./packages { inherit (inputs) lib; pkgs = final; topInputs = inputs; }); };
+      config = { archive = false; branch = "production"; };
+      devShells.x86_64-linux = let inherit (inputs.self.packages.x86_64-linux) pkgs; in
+      {
+        biu = pkgs.mkShell
        {
-          system = "x86_64-linux";
-          config.allowUnfree = true;
-          overlays = [ inputs.self.overlays.default ];
-        });
-        in
+          inputsFrom = [ pkgs.localPackages.biu ];
+          packages = [ pkgs.clang-tools_18 ];
+          CMAKE_EXPORT_COMPILE_COMMANDS = "1";
+        };
+        hpcstat = pkgs.mkShell.override { stdenv = pkgs.gcc14Stdenv; }
        {
-          biu = pkgs.mkShell
+          inputsFrom = [ (inputs.self.packages.x86_64-linux.hpcstat.override { version = null; }) ];
+          packages = [ pkgs.clang-tools_18 ];
+          CMAKE_EXPORT_COMPILE_COMMANDS = "1";
+        };
+        sbatch-tui = pkgs.mkShell
+        {
+          inputsFrom = [ pkgs.localPackages.sbatch-tui ];
+          packages = [ pkgs.clang-tools_18 ];
+          CMAKE_EXPORT_COMPILE_COMMANDS = "1";
+        };
+        ufo = pkgs.mkShell
+        {
+          inputsFrom = [ (inputs.self.packages.x86_64-linux.ufo.override { version = null; }) ];
+          packages = [ pkgs.clang-tools_18 ];
+          CMAKE_EXPORT_COMPILE_COMMANDS = "1";
+        };
+        chn-bsub = pkgs.mkShell
+        {
+          inputsFrom = [ pkgs.localPackages.chn-bsub ];
+          packages = [ pkgs.clang-tools_18 ];
+          CMAKE_EXPORT_COMPILE_COMMANDS = "1";
+        };
+        winjob =
+          let inherit (pkgs) clang-tools_18; in let inherit (inputs.self.packages.x86_64-w64-mingw32) pkgs winjob;
+          in pkgs.mkShell.override { stdenv = pkgs.gcc14Stdenv; }
          {
-            packages = with pkgs; [ pkg-config cmake ninja clang-tools_17 ];
-            buildInputs =
-              (with pkgs; [ fmt boost magic-enum libbacktrace eigen range-v3 ])
-              ++ (with pkgs.localPackages; [ concurrencpp tgbot-cpp nameof ]);
-            # hardeningDisable = [ "all" ];
-            # NIX_DEBUG = "1";
-          };
-          hpcstat = pkgs.mkShell
-          {
-            inputsFrom = [ (inputs.self.packages.x86_64-linux.hpcstat.override { version = null; }) ];
-            packages = [ pkgs.clang-tools_17 ];
+            inputsFrom = [ winjob ];
+            packages = [ clang-tools_18 ];
            CMAKE_EXPORT_COMPILE_COMMANDS = "1";
          };
-        };
+      };
    };
 }
--- a/local/lib/default.nix
+++ b/local/lib/default.nix
--- a/local/pkgs/biu/CMakeLists.txt
+++ b/local/pkgs/biu/CMakeLists.txt
@@ -1,45 +0,0 @@
-cmake_minimum_required(VERSION 3.14)
-project(biu LANGUAGES CXX)
-enable_testing()
-include(GNUInstallDirs)
-
-if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
-  message("Setting build type to 'Release' as none was specified.")
-  set(CMAKE_BUILD_TYPE Release CACHE STRING "Choose the type of build." FORCE)
-  set_property(CACHE CMAKE_BUILD_TYPE PROPERTY STRINGS "Debug" "Release" "MinSizeRel" "RelWithDebInfo")
-endif()
-
-find_package(magic_enum REQUIRED)
-find_package(fmt REQUIRED)
-find_package(Boost REQUIRED COMPONENTS headers iostreams)
-# find_package(concurrencpp REQUIRED)
-find_package(Eigen3 REQUIRED)
-find_package(range-v3 REQUIRED)
-find_path(NAMEOF_INCLUDE_DIR nameof.hpp REQUIRED)
-# find_path(TGBOTCPP_INCLUDE_DIR tgbot/tgbot.h REQUIRED)
-# find_library(TGBOTCPP_LIB libTgBot.a REQUIRED)
-# find_path(BACKTRACE_INCLUDE_DIR backtrace.h REQUIRED)
-# find_library(BACKTRACE_LIB backtrace REQUIRED)
-
-# add_library(biu SHARED src/common.cpp src/logger.cpp src/string.cpp)
-add_library(biu SHARED src/common.cpp)
-target_include_directories(biu PUBLIC
-  $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
-  $<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>
-  ${NAMEOF_INCLUDE_DIR} ${TGBOTCPP_INCLUDE_DIR})
-target_link_libraries(biu PUBLIC
-  magic_enum::magic_enum
-  fmt::fmt
-  Boost::headers Boost::iostreams
-#   concurrencpp::concurrencpp
-  Eigen3::Eigen
-  range-v3::range-v3)
-# ${TGBOTCPP_LIB} ${BACKTRACE_LIB})
-set_property(TARGET biu PROPERTY CXX_STANDARD 23 CXX_STANDARD_REQUIRED ON CXX_EXTENSIONS OFF)
-install(TARGETS biu EXPORT biuConfig)
-install(EXPORT biuConfig NAMESPACE ${PROJECT_NAME}:: DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/biu)
-install(DIRECTORY include/ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
-
-get_property(ImportedTargets DIRECTORY "${CMAKE_SOURCE_DIR}" PROPERTY IMPORTED_TARGETS)
-message("Imported targets: ${ImportedTargets}")
-message("List of compile features: ${CMAKE_CXX_COMPILE_FEATURES}")
--- a/local/pkgs/biu/default.nix
+++ b/local/pkgs/biu/default.nix
@@ -1,10 +0,0 @@
-{
-  stdenv, cmake,
-  magic-enum, fmt, boost, eigen, range-v3, nameof
-}: stdenv.mkDerivation
-{
-  name = "biu";
-  src = ./.;
-  buildInputs = [ magic-enum fmt boost eigen range-v3 nameof ];
-  nativeBuildInputs = [ cmake ];
-}
--- a/local/pkgs/biu/include/biu/common.hpp
+++ b/local/pkgs/biu/include/biu/common.hpp
@@ -1,66 +0,0 @@
-# pragma once
-# include <regex>
-# include <fmt/format.h>
-# include <magic_enum.hpp>
-
-namespace biu
-{
-	std::size_t hash(auto&&... objs);
-	[[gnu::always_inline]] void unused(auto&&...);
-
-	using uint128_t = __uint128_t;
-
-	inline namespace literals
-	{
-		using namespace std::literals;
-		using namespace fmt::literals;
-		std::regex operator""_re(const char* str, std::size_t len);
-	}
-
-	inline namespace stream_operators { using namespace magic_enum::iostream_operators; }
-
-	struct CaseInsensitiveStringLessComparator
-	{
-		template <typename String> constexpr bool operator()(const String& s1, const String& s2) const;
-	};
-
-	namespace detail_
-	{
-		template <typename T> struct RemoveMemberPointerHelper { using Type = T; };
-		template <typename Class, typename Member> struct RemoveMemberPointerHelper<Member Class::*>
-			{ using Type = Member; };
-	}
-	template <typename MemberPointer> using RemoveMemberPointer
-		= typename detail_::RemoveMemberPointerHelper<MemberPointer>::Type;
-
-	[[noreturn]] void block_forever();
-
-	namespace detail_
-	{
-		template <typename From, typename To> struct MoveQualifiersHelper
-		{
-			protected: static constexpr bool Const_ = std::is_const_v<From>;
-			protected: static constexpr bool Volatile_ = std::is_volatile_v<From>;
-			protected: static constexpr bool Reference_ = std::is_reference_v<From>;
-			protected: static constexpr bool Lvalue_ = std::is_lvalue_reference_v<From>;
-			protected: using NoCvrefType_ = std::remove_cvref_t<To>;
-			protected: using NoCvType_
-				= std::conditional_t<Reference_, std::conditional_t<Lvalue_, NoCvrefType_&, NoCvrefType_&&>, NoCvrefType_>;
-			protected: using NoConstType_ = std::conditional_t<Volatile_, volatile NoCvType_, NoCvType_>;
-			public: using Type = std::conditional_t<Const_, const NoConstType_, NoConstType_>;
-		};
-	}
-	template <typename From, typename To> using MoveQualifiers
-		= typename detail_::MoveQualifiersHelper<From, To>::Type;
-
-	namespace detail_
-	{
-		template <typename T, typename Fallback = void> struct FallbackIfNoTypeDeclaredHelper { using Type = Fallback; };
-		template <typename T, typename Fallback> requires requires { typename T::Type; }
-			struct FallbackIfNoTypeDeclaredHelper<T, Fallback> { using Type = typename T::Type; };
-		template <typename T, typename Fallback> requires requires {typename T::type;}
-			struct FallbackIfNoTypeDeclaredHelper<T, Fallback> { using Type = typename T::type; };
-	}
-	template <typename T, typename Fallback = void> using FallbackIfNoTypeDeclared
-		= typename detail_::FallbackIfNoTypeDeclaredHelper<T, Fallback>::Type;
-}
--- a/local/pkgs/biu/include/biu/common.tpp
+++ b/local/pkgs/biu/include/biu/common.tpp
@@ -1,24 +0,0 @@
-# pragma once
-# include <boost/functional/hash.hpp>
-# include <biu/common.hpp>
-
-namespace biu
-{
-	inline void unused(auto&&...) {}
-	inline std::size_t hash(auto&&... objs)
-	{
-		std::size_t result = 0;
-		(boost::hash_combine(result, objs), ...);
-		return result;
-	}
-
-	template <typename String> inline constexpr bool CaseInsensitiveStringLessComparator::operator()
-		(const String& s1, const String& s2) const
-	{
-		return std::lexicographical_compare
-		(
-			s1.begin(), s1.end(), s2.begin(), s2.end(),
-			[](char c1, char c2){return std::tolower(c1) < std::tolower(c2);}
-		);
-	}
-}
--- a/local/pkgs/biu/include/biu/concepts.hpp
+++ b/local/pkgs/biu/include/biu/concepts.hpp
@@ -1,47 +0,0 @@
-# pragma once
-# include <concepts>
-# include <tuple>
-# include <type_traits>
-# include <complex>
-
-namespace biu
-{
-	template <typename T> concept DecayedType = std::same_as<std::decay_t<T>, T>;
-
-	namespace detail_::specialization_of_detail_
-	{
-		template <typename Tuple> struct DropFirstMemberOfTupleHelper;
-		template <typename First, typename... Others> struct DropFirstMemberOfTupleHelper<std::tuple<First, Others...>>
-			{using Type = std::tuple<Others...>;};
-		template <typename ProvidedArgs, typename ActualArgs> consteval bool check_provided_args();
-		template <typename Class, template <typename...> typename Template> struct SpecializationOfHelper
-			{template <typename... ProvidedArgs> consteval static bool check_provided_args();};
-		template <template <typename...> typename Template, typename... ActualArgs>
-			struct SpecializationOfHelper<Template<ActualArgs...>, Template>
-			{template <typename... ProvidedArgs> consteval static bool check_provided_args();};
-	}
-	template <typename Class, template <typename...> typename Template, typename... ProvidedArgs>
-		concept SpecializationOf
-		= detail_::specialization_of_detail_::SpecializationOfHelper<std::decay_t<Class>, Template>
-			::template check_provided_args<ProvidedArgs...>();
-
-	template <typename T> concept CompletedType = sizeof(T) == sizeof(T);
-
-	template <typename From, typename To> concept ImplicitlyConvertibleTo = std::is_convertible<From, To>::value;
-	template <typename To, typename From> concept ImplicitlyConvertibleFrom = std::is_convertible<From, To>::value;
-	template <typename From, typename To> concept ExplicitlyConvertibleTo = std::is_constructible<To, From>::value;
-	template <typename To, typename From> concept ExplicitlyConvertibleFrom = std::is_constructible<To, From>::value;
-	template <typename From, typename To> concept ConvertibleTo
-		= ImplicitlyConvertibleTo<From, To> || ExplicitlyConvertibleTo<From, To>;
-	template <typename From, typename To> concept ConvertibleFrom = ConvertibleTo<From, To>;
-
-	template <typename Function, auto... Args> concept ConstevalInvokable
-		= requires() {typename std::type_identity_t<int[(Function()(Args...), 1)]>;};
-
-	template <typename T> concept Enumerable = std::is_enum_v<T>;
-
-	template <typename Function, typename Result, typename... Args> concept InvocableWithResult
-		= std::is_invocable_r_v<Result, Function, Args...>;
-	
-	template <typename T> concept Arithmetic = std::is_arithmetic<T>::value || SpecializationOf<T, std::complex>;
-}
--- a/local/pkgs/biu/include/biu/concepts.tpp
+++ b/local/pkgs/biu/include/biu/concepts.tpp
@@ -1,34 +0,0 @@
-# pragma once
-# include <tuple>
-# include <biu/concepts.hpp>
-
-namespace biu
-{
-	template <typename ProvidedArgs, typename ActualArgs> consteval bool
-		detail_::specialization_of_detail_::check_provided_args()
-	{
-		if constexpr (std::tuple_size_v<ProvidedArgs> == 0)
-			return true;
-		else if constexpr (std::tuple_size_v<ActualArgs> == 0)
-			return false;
-		else if constexpr
-			(std::same_as<std::tuple_element_t<0, ProvidedArgs>, std::tuple_element_t<0, ActualArgs>>)
-			return check_provided_args 
-			<
-				typename DropFirstMemberOfTupleHelper<ProvidedArgs>::Type,
-				typename DropFirstMemberOfTupleHelper<ActualArgs>::Type
-			>();
-		else
-			return false;
-	}
-	template <typename Class, template <typename...> typename Template> template <typename... ProvidedArgs> consteval
-		bool detail_::specialization_of_detail_::SpecializationOfHelper<Class, Template>::check_provided_args()
-		{ return false; }
-	template <template <typename...> typename Template, typename... ActualArgs> template <typename... ProvidedArgs>
-		consteval bool detail_::specialization_of_detail_::SpecializationOfHelper
-			<Template<ActualArgs...>, Template>::check_provided_args()
-		{
-			return specialization_of_detail_::check_provided_args
-				<std::tuple<ProvidedArgs...>, std::tuple<ActualArgs...>>();
-		}
-}
--- a/local/pkgs/biu/include/biu/eigen.hpp
+++ b/local/pkgs/biu/include/biu/eigen.hpp
@@ -1,54 +0,0 @@
-# pragma once
-# include <vector>
-# include <span>
-# include <Eigen/Dense>
-# include <biu/concepts.hpp>
-
-namespace biu
-{
-  namespace detail_::eigen
-  {
-    // user-specified size of destination container: dynamic, unspecified(use default), or fixed
-    constexpr std::size_t dynamicSize = std::dynamic_extent, unspecifiedSize = std::dynamic_extent - 1;
-    static_assert(std::dynamic_extent == std::numeric_limits<std::size_t>::max());
-
-    // supported types of standard containers
-		template <typename T, typename Scalar> struct SpecializationOfArrayHelper : std::false_type {};
-		template <typename Scalar, std::size_t N>
-      struct SpecializationOfArrayHelper<std::array<Scalar, N>, Scalar> : std::true_type {};
-		template <typename Scalar, std::size_t N>
-      struct SpecializationOfArrayHelper<std::array<Scalar, N>, void> : std::true_type {};
-    template <typename T, typename Scalar = void> concept SpecializationOfArray =
-      SpecializationOfArrayHelper<T, Scalar>::value;
-    template <typename T, typename Scalar> concept StandardContainer =
-      SpecializationOf<T, std::vector, Scalar> || SpecializationOfArray<T, Scalar>;
-
-    // helper operator| to specify the size of the destination container
-    // usage: some_value | toEigen<Row, Col>
-    template <std::size_t Row, std::size_t Col> struct ToEigenHelper {};
-    template <std::size_t Row = unspecifiedSize, std::size_t Col = unspecifiedSize>
-      inline constexpr ToEigenHelper<Row, Col> toEigen;
-    // convert 1D standard container to Eigen::Vector
-    // if no size is specified, convert std::vector to dynamic-size Eigen::Vector,
-    //  std::array to fixed-size Eigen::Vector;
-    // if size is std::dynamic_extent, always convert to dynamic-size Eigen::Vector
-    // if size is specified as a number, convert to fixed-size Eigen::Vector if specified size equals the size of the
-    //  input, otherwise throw an error
-    template <template <int N> typename Callback, std::size_t ToSize> auto deduce_eigen_size(auto&& container);
-    template <Arithmetic T, StandardContainer<T> From, std::size_t ToSize> auto operator|
-      (const From&, const ToEigenHelper<ToSize, unspecifiedSize>&);
-    // convert 2D standard container to Eigen::Matrix
-    // the same rules as above apply
-    // besides, all rows must have the same size, otherwise throw an error
-    template
-    <
-      Arithmetic T, StandardContainer<T> FromPerRow, StandardContainer<FromPerRow> From,
-      std::size_t ToRow, std::size_t ToCol
-    >
-      auto operator|(const From&, const ToEigenHelper<ToRow, ToCol>&);
-
-    // TODO: implement fromEigen
-  }
-
-  inline namespace eigen { using detail_::eigen::toEigen; using detail_::eigen::operator|; }
-}
--- a/local/pkgs/biu/include/biu/eigen.tpp
+++ b/local/pkgs/biu/include/biu/eigen.tpp
@@ -1,29 +0,0 @@
-# pragma once
-# include <biu/eigen.hpp>
-// TODO: fix biu::logger
-// # include <biu/logger.hpp>
-# include <range/v3/view.hpp>
-
-namespace biu
-{
-  namespace detail_::eigen
-  {
-    template <template <int N> typename Callback, std::size_t ToSize> auto deduce_eigen_size(auto&& from)
-    {
-      if constexpr (ToSize == dynamicSize)
-        return Callback<Eigen::Dynamic>()(from.data(), from.size());
-      else if constexpr (ToSize == unspecifiedSize)
-        if constexpr (SpecializationOfArray<decltype(from)>)
-          return Callback<from.size()>()(from.data());
-        else
-          return Callback<Eigen::Dynamic>()(from.data(), from.size());
-      else
-        if (from.size() != ToSize)
-          // TODO: use biu::logger
-          throw std::invalid_argument("biu::toEigen: size mismatch");
-        else
-          return Callback<ToSize>()(from.data());
-    }
-    // TODO: implement 2D case
-  }
-}
--- a/local/pkgs/biu/include/biu/format.hpp
+++ b/local/pkgs/biu/include/biu/format.hpp
@@ -1,72 +0,0 @@
-# pragma once
-# include <variant>
-# include <experimental/memory>
-# include <fmt/ostream.h>
-# include <biu/string.hpp>
-# include <biu/concepts.hpp>
-
-namespace biu
-{
-	template <typename T, typename Char = char> concept Formattable = fmt::is_formattable<T, Char>::value;
-
-	namespace detail_
-	{
-		template <typename Char, Char... c> struct FormatLiteralHelper : protected BasicStaticString<Char, c...>
-			{template <typename... Param> std::basic_string<Char> operator()(Param&&... param) const;};
-	}
-	namespace literals
-		{template <typename Char, Char... c> consteval detail_::FormatLiteralHelper<Char, c...> operator""_f();}
-
-	namespace detail_
-	{
-		template <typename T> concept OptionalWrap
-			= SpecializationOf<T, std::optional> || SpecializationOf<T, std::shared_ptr>
-				|| SpecializationOf<T, std::weak_ptr> || SpecializationOf<T, std::unique_ptr>
-				|| SpecializationOf<T, std::experimental::observer_ptr>;
-		template <typename Wrap> struct UnderlyingTypeOfOptionalWrap;
-		template <typename Wrap> requires requires() {typename Wrap::value_type;}
-			struct UnderlyingTypeOfOptionalWrap<Wrap>
-			{using Type = std::remove_cvref_t<typename Wrap::value_type>;};
-		template <typename Wrap> requires requires() {typename Wrap::element_type;}
-			struct UnderlyingTypeOfOptionalWrap<Wrap>
-			{using Type = std::remove_cvref_t<typename Wrap::element_type>;};
-		template <typename T> struct FormatterReuseProxy
-		{
-			constexpr auto parse(fmt::format_parse_context& ctx)
-				-> std::invoke_result_t<decltype(&fmt::format_parse_context::begin), fmt::format_parse_context>;
-		};
-		template <typename T>
-			requires (!SpecializationOf<T, std::weak_ptr> && std::default_initializable<fmt::formatter<T>>)
-			struct FormatterReuseProxy<T> : fmt::formatter<T> {};
-	}
-}
-
-namespace std
-{
-	template <typename Char, typename... Ts> requires (sizeof...(Ts) > 0) basic_ostream<Char>& operator<<
-		(basic_ostream<Char>& os, const variant<Ts...>& value);
-}
-
-namespace fmt
-{
-	using namespace biu::stream_operators;
-
-	template <typename Char, biu::detail_::OptionalWrap Wrap> struct formatter<Wrap, Char>
-		: biu::detail_::FormatterReuseProxy<typename biu::detail_::UnderlyingTypeOfOptionalWrap<Wrap>::Type>
-	{
-		template <typename FormatContext> auto format(const Wrap& wrap, FormatContext& ctx)
-			-> std::invoke_result_t<decltype(&FormatContext::out), FormatContext>;
-	};
-
-	template <typename Char, biu::Enumerable T> struct formatter<T, Char>
-	{
-		bool full = false;
-		constexpr auto parse(fmt::format_parse_context& ctx)
-			-> std::invoke_result_t<decltype(&fmt::format_parse_context::begin), fmt::format_parse_context>;
-		template <typename FormatContext> auto format(const T& value, FormatContext& ctx)
-			-> std::invoke_result_t<decltype(&FormatContext::out), FormatContext>;
-	};
-
-	template <typename Char, typename... Ts> struct formatter<std::variant<Ts...>, Char>
-		: basic_ostream_formatter<Char> {};
-}
--- a/local/pkgs/biu/include/biu/format.tpp
+++ b/local/pkgs/biu/include/biu/format.tpp
@@ -1,122 +0,0 @@
-# pragma once
-# include <nameof.hpp>
-# include <biu/format.hpp>
-
-namespace biu
-{
-	template <typename Char, Char... c> template <typename... Param>
-		std::basic_string<Char> detail_::FormatLiteralHelper<Char, c...>::operator() (Param&&... param) const
-		{return fmt::format(BasicStaticString<Char, c...>::StringView, std::forward<Param>(param)...);}
-	template <typename Char, Char... c> consteval
-		detail_::FormatLiteralHelper<Char, c...> literals::operator""_f()
-		{return {};}
-
-	template <typename T> constexpr
-		auto detail_::FormatterReuseProxy<T>::parse(fmt::format_parse_context& ctx)
-		-> std::invoke_result_t<decltype(&fmt::format_parse_context::begin), fmt::format_parse_context>
-	{
-		if (ctx.begin() != ctx.end() && *ctx.begin() != '}')
-			throw fmt::format_error
-			(
-				"{} do not support to be format, so the wrapper should not have any format syntax."_f
-					(nameof::nameof_full_type<T>())
-			);
-		return ctx.begin();
-	}
-}
-
-namespace std
-{
-	template <typename Char, typename... Ts> requires (sizeof...(Ts) > 0)
-		basic_ostream<Char>& operator<<(basic_ostream<Char>& os, const variant<Ts...>& value)
-	{
-		using namespace biu::literals;
-		auto try_print = [&]<typename T>
-		{
-			if (holds_alternative<T>(value))
-			{
-				if constexpr (biu::Formattable<T, Char>)
-					os << "({}: {})"_f(nameof::nameof_full_type<T>(), get<T>(value));
-				else
-					os << "({}: {})"_f(nameof::nameof_full_type<T>(), "non-null unformattable value");
-			}
-		};
-		(try_print.template operator()<Ts>(), ...);
-		return os;
-	}
-}
-
-namespace fmt
-{
-	template <typename Char, biu::detail_::OptionalWrap Wrap> template <typename FormatContext>
-		auto formatter<Wrap, Char>::format(const Wrap& wrap, FormatContext& ctx)
-		-> std::invoke_result_t<decltype(&FormatContext::out), FormatContext>
-	{
-		using namespace biu::literals;
-		using namespace biu::stream_operators;
-		using value_t = biu::detail_::UnderlyingTypeOfOptionalWrap<Wrap>::Type;
-		auto format_value_type = [&, this](const value_t& value)
-		{
-			if constexpr (!biu::Formattable<value_t, Char>)
-				return format_to(ctx.out(), "non-null unformattable value");
-			else if constexpr (std::default_initializable<formatter<value_t>>)
-				biu::detail_::FormatterReuseProxy<value_t>::format(value, ctx);
-			else
-				format_to(ctx.out(), "{}", value);
-		};
-		format_to(ctx.out(), "(");
-		if constexpr (biu::SpecializationOf<Wrap, std::optional>)
-		{
-			if (wrap)
-				format_value_type(*wrap);
-			else
-				format_to(ctx.out(), "null");
-		}
-		else if constexpr (biu::SpecializationOf<Wrap, std::weak_ptr>)
-		{
-			if (auto shared = wrap.lock())
-			{
-				format_to(ctx.out(), "{} ", ptr(shared.get()));
-				format_value_type(*shared);
-			}
-			else
-				format_to(ctx.out(), "null");
-		}
-		else
-		{
-			if (wrap)
-			{
-				format_to(ctx.out(), "{} ", ptr(wrap.get()));
-				format_value_type(*wrap);
-			}
-			else
-				format_to(ctx.out(), "null");
-		}
-		return format_to(ctx.out(), ")");
-	}
-
-	template <typename Char, biu::Enumerable T> constexpr
-		auto formatter<T, Char>::parse(format_parse_context& ctx)
-		-> std::invoke_result_t<decltype(&format_parse_context::begin), format_parse_context>
-	{
-		auto it = ctx.begin();
-		if (it != ctx.end() && *it == 'f')
-		{
-			full = true;
-			it++;
-		}
-		if (it != ctx.end() && *it != '}')
-			throw format_error{"syntax error."};
-		return it;
-	}
-
-	template <typename Char, biu::Enumerable T> template <typename FormatContext>
-		auto formatter<T, Char>::format(const T& value, FormatContext& ctx)
-		-> std::invoke_result_t<decltype(&FormatContext::out), FormatContext>
-	{
-		if (full)
-			return format_to(ctx.out(), "{}::{}", nameof::nameof_type<T>(), nameof::nameof_enum(value));
-		else
-			return format_to(ctx.out(), "{}", nameof::nameof_enum(value));
-	}
-}
--- a/local/pkgs/biu/include/biu/string.hpp
+++ b/local/pkgs/biu/include/biu/string.hpp
@@ -1,111 +0,0 @@
-# pragma once
-# include <regex>
-# include <array>
-# include <string>
-# include <string_view>
-# include <iostream>
-# include <concurrencpp/concurrencpp.h>
-# include <biu/concepts.hpp>
-# include <biu/smartref.hpp>
-
-namespace biu
-{
-	// Store a string in a static member of a class; or, use a class to represent a string.
-	template <DecayedType Char, Char... c> struct BasicStaticString
-	{
-		static constexpr std::array<Char, sizeof...(c)> Array{c...};
-		static constexpr std::basic_string_view<Char> StringView{Array.data(), sizeof...(c)};
-	};
-	template <char... c> using StaticString = BasicStaticString<char, c...>;
-	inline namespace stream_operators
-	{
-		template <typename Char, Char... c>
-			std::basic_ostream<Char>& operator<<(std::basic_ostream<Char>& os, BasicStaticString<Char, c...>);
-	}
-	inline namespace literals
-		{ template <typename Char, Char... c> consteval BasicStaticString<Char, c...> operator""_ss(); }
-	namespace detail_
-	{
-		template <typename C, typename T> struct SpecializationOfBasicStaticStringHelper : std::false_type {};
-		template <typename C, C... c>
-			struct SpecializationOfBasicStaticStringHelper<C, BasicStaticString<C, c...>> : std::true_type {};
-		template <typename C, C... c>
-			struct SpecializationOfBasicStaticStringHelper<void, BasicStaticString<C, c...>> : std::true_type {};
-		template <typename T, typename C> concept SpecializationOfBasicStaticString
-			= SpecializationOfBasicStaticStringHelper<std::decay_t<C>, std::decay_t<T>>::value;
-	}
-	template <typename T, typename C = void> concept SpecializationOfBasicStaticString
-		= detail_::SpecializationOfBasicStaticString<T, C>
-			&& detail_::SpecializationOfBasicStaticString<T, void>;
-	template <typename T> concept SpecializationOfStaticString = SpecializationOfBasicStaticString<T, char>;
-
-	// Store a string in a fixed-size array
-	template <DecayedType Char, std::size_t N> struct BasicFixedString
-	{
-		Char Data[N];
-		constexpr static const std::size_t Size = N - 1;
-		constexpr BasicFixedString(const Char (&str)[N]);
-	};
-	template <std::size_t N> using FixedString = BasicFixedString<char, N>;
-	inline namespace stream_operators
-	{
-		template <typename Char, std::size_t N> std::basic_ostream<Char>& operator<<
-			(std::basic_ostream<Char>& os, const BasicFixedString<Char, N>& str);
-	}
-	inline namespace literals { template <BasicFixedString FS> constexpr decltype(FS) operator""_fs(); }
-	namespace detail_
-	{
-		template <typename C, typename T> struct SpecializationOfBasicFixedStringHelper : std::false_type {};
-		template <typename C, std::size_t N>
-			struct SpecializationOfBasicFixedStringHelper<C, BasicFixedString<C, N>> : std::true_type {};
-		template <typename C, std::size_t N>
-			struct SpecializationOfBasicFixedStringHelper<void, BasicFixedString<C, N>> : std::true_type {};
-		template <typename T, typename C> concept SpecializationOfBasicFixedString
-			= SpecializationOfBasicFixedStringHelper<std::decay_t<C>, std::decay_t<T>>::value;
-	}
-	template <typename T, typename C = void> concept SpecializationOfBasicFixedString
-		= detail_::SpecializationOfBasicFixedString<T, C>
-			&& detail_::SpecializationOfBasicFixedString<T, void>;
-	template <typename T> concept SpecializationOfFixedString = SpecializationOfBasicFixedString<T, char>;
-
-	// Store a string with at most N characters
-	template <DecayedType Char, std::size_t N> struct BasicVariableString
-	{
-		Char Data[N];
-		std::size_t Size;
-		constexpr static const std::size_t MaxSize = N - 1;
-		template <std::size_t M> requires (M<=N) constexpr BasicVariableString(const Char (&str)[M]);
-	};
-	template <std::size_t N> using VariableString = BasicVariableString<char, N>;
-	inline namespace stream_operators
-	{
-		template <typename Char, std::size_t N> std::basic_ostream<Char>& operator<<
-			(std::basic_ostream<Char>& os, const BasicVariableString<Char, N>& str);
-	}
-
-	namespace detail_
-	{
-		template <typename C, typename T> struct SpecializationOfBasicVariableStringHelper : std::false_type {};
-		template <typename C, std::size_t N>
-			struct SpecializationOfBasicVariableStringHelper<C, BasicVariableString<C, N>> : std::true_type {};
-		template <typename C, std::size_t N>
-			struct SpecializationOfBasicVariableStringHelper<void, BasicVariableString<C, N>> : std::true_type {};
-		template <typename T, typename C> concept SpecializationOfBasicVariableString
-			= SpecializationOfBasicVariableStringHelper<std::decay_t<C>, std::decay_t<T>>::value;
-	}
-	template <typename T, typename C = void> concept SpecializationOfBasicVariableString
-		= detail_::SpecializationOfBasicVariableString<T, C>
-			&& detail_::SpecializationOfBasicVariableString<T, void>;
-	template <typename T> concept SpecializationOfVariableString = SpecializationOfBasicVariableString<T, char>;
-
-	namespace string
-	{
-		// Find specific content in a string. Return unmatched content before the match and the match result every
-		// time. If match reached the end, the second returned value will be std::sregex_iterator().
-		concurrencpp::generator<std::pair<std::string_view, std::sregex_iterator>> find
-			(SmartRef<const std::string> data, SmartRef<const std::regex> regex);
-		// Use a regex to find all matches and replace them with a callback function
-		std::string replace
-			(const std::string& data, const std::regex& regex, std::function<std::string(const std::smatch&)> function);
-	}
-}
--- a/local/pkgs/biu/include/biu/string.tpp
+++ b/local/pkgs/biu/include/biu/string.tpp
@@ -1,30 +0,0 @@
-# pragma once
-# include <biu/string.hpp>
-
-namespace biu
-{
-	template <typename Char, Char... c> inline std::basic_ostream<Char>& stream_operators::operator<<
-		(std::basic_ostream<Char>& os, BasicStaticString<Char, c...>)
-		{ return os << std::basic_string_view{c...}; }
-	template <typename Char, Char... c> consteval BasicStaticString<Char, c...> literals::operator""_ss()
-		{ return {}; }
-
-	template <DecayedType Char, std::size_t N> constexpr
-		BasicFixedString<Char, N>::BasicFixedString(const Char (&str)[N])
-		{ std::copy_n(str, N, Data); }
-	template <typename Char, std::size_t N> std::basic_ostream<Char>& stream_operators::operator<<
-		(std::basic_ostream<Char>& os, const BasicFixedString<Char, N>& str)
-		{ return os << std::basic_string_view<Char>(str.Data, str.Size); }
-	template <BasicFixedString FS> constexpr decltype(FS) literals::operator""_fs()
-		{ return FS; }
-
-	template <DecayedType Char, std::size_t N> template <std::size_t M> requires (M<=N) constexpr
-		BasicVariableString<Char, N>::BasicVariableString(const Char (&str)[M]) : Size(M)
-	{
-		std::fill(Data, Data + N, '\0');
-		std::copy_n(str, M, Data);
-	}
-	template <typename Char, std::size_t N> std::basic_ostream<Char>& stream_operators::operator<<
-		(std::basic_ostream<Char>& os, const BasicVariableString<Char, N>& str)
-		{ return os << std::basic_string_view<Char>(str.Data, str.Size); }
-}
--- a/local/pkgs/biu/src/common.cpp
+++ b/local/pkgs/biu/src/common.cpp
@@ -1,14 +0,0 @@
-# include <future>
-# include <utility>
-# include <biu.hpp>
-
-namespace biu
-{
-	std::regex literals::operator""_re(const char* str, std::size_t len)
-		{ return std::regex{str, len}; }
-	void block_forever()
-	{
-		std::promise<void>().get_future().wait();
-		std::unreachable();
-	}
-}
--- a/local/pkgs/biu/src/string.cpp
+++ b/local/pkgs/biu/src/string.cpp
@@ -1,53 +0,0 @@
-# include <fmt/chrono.h>
-# include <biu.hpp>
-
-namespace biu
-{
-	concurrencpp::generator<std::pair<std::string_view, std::sregex_iterator>> string::find
-		(SmartRef<const std::string> data, SmartRef<const std::regex> regex)
-	{
-		Logger::Guard log;
-		std::string::const_iterator unmatched_prefix_begin = data->cbegin(), unmatched_prefix_end;
-		std::sregex_iterator regit;
-		while (true)
-		{
-			if (regit == std::sregex_iterator{})
-				regit = std::sregex_iterator{data->begin(), data->end(), *regex};
-			else
-				regit++;
-			if (regit == std::sregex_iterator{})
-			{
-				unmatched_prefix_end = data->cend();
-				log.log<Logger::Level::Debug>("distance: {}"_f(std::distance(unmatched_prefix_begin, unmatched_prefix_end)));
-			}
-			else
-				unmatched_prefix_end = (*regit)[0].first;
-			co_yield
-			{
-				std::string_view
-				{
-					&*unmatched_prefix_begin,
-					static_cast<std::size_t>(std::distance(unmatched_prefix_begin, unmatched_prefix_end))
-				},
-				regit
-			};
-			if (regit == std::sregex_iterator{})
-				break;
-			unmatched_prefix_begin = (*regit)[0].second;
-		}
-	}
-
-	std::string string::replace
-		(const std::string& data, const std::regex& regex, std::function<std::string(const std::smatch&)> function)
-	{
-		Logger::Guard log;
-		std::string result;
-		for (auto matched : find(data, regex))
-		{
-			result.append(matched.first);
-			if (matched.second != std::sregex_iterator{})
-				result.append(function(*matched.second));
-		}
-		return result;
-	}
-}
--- a/local/pkgs/default.nix
+++ b/local/pkgs/default.nix
@@ -1,77 +0,0 @@
-inputs: rec
-{
-  typora = inputs.pkgs.callPackage ./typora {};
-  vesta = inputs.pkgs.callPackage ./vesta {};
-  rsshub = inputs.pkgs.callPackage ./rsshub.nix { inherit mkPnpmPackage; src = inputs.topInputs.rsshub; };
-  misskey = inputs.pkgs.callPackage ./misskey.nix { inherit mkPnpmPackage; src = inputs.topInputs.misskey; };
-  mk-meili-mgn = inputs.pkgs.callPackage ./mk-meili-mgn {};
-  vaspkit = inputs.pkgs.callPackage ./vaspkit { inherit (inputs.localLib) attrsToList; };
-  v-sim = inputs.pkgs.callPackage ./v-sim { src = inputs.topInputs.v-sim; };
-  concurrencpp = inputs.pkgs.callPackage ./concurrencpp { src = inputs.topInputs.concurrencpp; };
-  eigengdb = inputs.pkgs.python3Packages.callPackage ./eigengdb {};
-  nodesoup = inputs.pkgs.callPackage ./nodesoup { src = inputs.topInputs.nodesoup; };
-  matplotplusplus = inputs.pkgs.callPackage ./matplotplusplus
-    { inherit nodesoup glad; src = inputs.topInputs.matplotplusplus; };
-  zpp-bits = inputs.pkgs.callPackage ./zpp-bits { src = inputs.topInputs.zpp-bits; };
-  eigen = inputs.pkgs.callPackage ./eigen { src = inputs.topInputs.eigen; };
-  nameof = inputs.pkgs.callPackage ./nameof { src = inputs.topInputs.nameof; };
-  pslist = inputs.pkgs.callPackage ./pslist {};
-  glad = inputs.pkgs.callPackage ./glad {};
-  chromiumos-touch-keyboard = inputs.pkgs.callPackage ./chromiumos-touch-keyboard {};
-  yoga-support = inputs.pkgs.callPackage ./yoga-support {};
-  tgbot-cpp = inputs.pkgs.callPackage ./tgbot-cpp { src = inputs.topInputs.tgbot-cpp; };
-  mirism = inputs.pkgs.callPackage ./mirism
-  {
-    inherit cppcoro nameof tgbot-cpp date;
-    nghttp2 = inputs.pkgs.callPackage "${inputs.topInputs."nixpkgs-23.05"}/pkgs/development/libraries/nghttp2"
-      { enableAsioLib = true; };
-  };
-  cppcoro = inputs.pkgs.callPackage ./cppcoro { src = inputs.topInputs.cppcoro; };
-  date = inputs.pkgs.callPackage ./date { src = inputs.topInputs.date; };
-  esbonio = inputs.pkgs.python3Packages.callPackage ./esbonio {};
-  pix2tex = inputs.pkgs.python3Packages.callPackage ./pix2tex {};
-  pyreadline3 = inputs.pkgs.python3Packages.callPackage ./pyreadline3 {};
-  torchdata = inputs.pkgs.python3Packages.callPackage ./torchdata {};
-  torchtext = inputs.pkgs.python3Packages.callPackage ./torchtext { inherit torchdata; };
-  win11os-kde = inputs.pkgs.callPackage ./win11os-kde { src = inputs.topInputs.win11os-kde; };
-  fluent-kde = inputs.pkgs.callPackage ./fluent-kde { src = inputs.topInputs.fluent-kde; };
-  blurred-wallpaper = inputs.pkgs.callPackage ./blurred-wallpaper { src = inputs.topInputs.blurred-wallpaper; };
-  slate = inputs.pkgs.callPackage ./slate { src = inputs.topInputs.slate; };
-  nvhpc = inputs.pkgs.callPackage ./nvhpc {};
-  lmod = inputs.pkgs.callPackage ./lmod { src = inputs.topInputs.lmod; };
-  vasp = rec
-  {
-    src = inputs.pkgs.callPackage ./vasp/source.nix {};
-    gnu = inputs.pkgs.callPackage ./vasp/gnu
-    {
-      inherit (inputs.pkgs.llvmPackages) openmp;
-      inherit wannier90 src;
-      hdf5 = inputs.pkgs.hdf5.override { mpiSupport = true; fortranSupport = true; cppSupport = false; };
-    };
-    nvidia = inputs.pkgs.callPackage ./vasp/nvidia
-      { inherit lmod nvhpc wannier90 vtst src; hdf5 = hdf5-nvhpc; };
-    intel = inputs.pkgs.callPackage ./vasp/intel
-      { inherit lmod oneapi wannier90 vtst src; hdf5 = hdf5-oneapi; };
-    wannier90 = inputs.pkgs.callPackage
-      "${inputs.topInputs.nixpkgs-unstable}/pkgs/by-name/wa/wannier90/package.nix" {};
-    hdf5-nvhpc = inputs.pkgs.callPackage ./vasp/hdf5-nvhpc { inherit lmod nvhpc; inherit (inputs.pkgs.hdf5) src; };
-    hdf5-oneapi = inputs.pkgs.callPackage ./vasp/hdf5-oneapi { inherit lmod oneapi; inherit (inputs.pkgs.hdf5) src; };
-    vtst = (inputs.pkgs.callPackage ./vasp/vtst.nix {});
-    vtstscripts = inputs.pkgs.callPackage ./vasp/vtstscripts.nix {};
-  };
-  # TODO: use other people packaged hpc version
-  oneapi = inputs.pkgs.callPackage ./oneapi {};
-  mumax = inputs.pkgs.callPackage ./mumax { src = inputs.topInputs.mumax; };
-  kylin-virtual-keyboard = inputs.pkgs.libsForQt5.callPackage ./kylin-virtual-keyboard
-    { src = inputs.topInputs.kylin-virtual-keyboard; };
-  biu = inputs.pkgs.callPackage ./biu { inherit nameof; };
-  zxorm = inputs.pkgs.callPackage ./zxorm { src = inputs.topInputs.zxorm; };
-  hpcstat = inputs.pkgs.callPackage ./hpcstat { inherit nameof sqlite-orm zpp-bits date openxlsx; };
-  openxlsx = inputs.pkgs.callPackage ./openxlsx { src = inputs.topInputs.openxlsx; };
-  sqlite-orm = inputs.pkgs.callPackage ./sqlite-orm { src = inputs.topInputs.sqlite-orm; };
-  mkPnpmPackage = inputs.pkgs.callPackage ./mkPnpmPackage.nix {};
-
-  fromYaml = content: builtins.fromJSON (builtins.readFile
-    (inputs.pkgs.runCommand "toJSON" {}
-      "${inputs.pkgs.remarshal}/bin/yaml2json ${builtins.toFile "content.yaml" content} $out"));
-}
--- a/local/pkgs/fluent-kde/default.nix
+++ b/local/pkgs/fluent-kde/default.nix
@@ -1,22 +0,0 @@
-{ lib, stdenv, src }: stdenv.mkDerivation
-{
-  name = "fluent-kde";
-  inherit src;
-  installPhase =
-  ''
-    mkdir -p $out/share/aurorae/themes
-    cp -r $src/aurorae/* $out/share/aurorae/themes
-    mkdir -p $out/share/color-schemes
-    cp -r $src/color-schemes/*.colors $out/share/color-schemes
-    mkdir -p $out/share/Kvantum
-    cp -r $src/Kvantum/Fluent* $out/share/Kvantum
-    mkdir -p $out/share/plasma/desktoptheme
-    cp -r $src/plasma/desktoptheme/* $out/share/plasma/desktoptheme
-    mkdir -p $out/share/plasma/layout-templates
-    cp -r $src/plasma/layout-templates/* $out/share/plasma/layout-templates
-    mkdir -p $out/share/plasma/look-and-feel
-    cp -r $src/plasma/look-and-feel/com.github.vinceliuice.Fluent* $out/share/plasma/look-and-feel
-    mkdir -p $out/share/wallpapers
-    cp -r $src/wallpaper/* $out/share/wallpapers
-  '';
-}
--- a/local/pkgs/hpcstat/doc/setup.md
+++ b/local/pkgs/hpcstat/doc/setup.md
@@ -1,214 +1 @@
-# 设置 SSH agent forwarding
-
-为了区分登陆 jykang@hpc.xmu.edu.cn 时使用的密钥，并分密钥统计使用情况，需要启用一项名为“SSH agent forwarding”的功能。
-接下来的内容将带领您在 Windows 系统上配置 SSH agent forwarding。
-
-> [!NOTE]
-> 在 Linux 上的配置方法放在了文章末尾。大多数用户不需要阅读。
-
-要启用“SSH agent forwarding”，需要下面三个步骤：
-1. 启动 Pageant 并添加密钥。 **这一步骤每次登陆前都需要执行。**
-2. 配置 PuTTY，使 PuTTY 在每次登陆时不直接使用密钥，而是利用 Pageant 完成认证。这一步骤只需要执行一次。
-3. 配置 WinSCP，使 WinSCP 在每次登陆时不直接使用密钥，而是利用 Pageant 完成认证。这一步骤只需要执行一次。
-
-接下来将分别说明这三个步骤。
-
-## Pageant:
-
-1. 找到 Pageant 程序。Pageant 会随着 PuTTY 一起安装，一般来说您可以直接在开始菜单中搜索 “pageant” 找到它，也可以在 PuTTY 的安装目录中找到它。
-2. 启动 Pageant。启动后可能没有任何反应，也可能有一个黑框闪过，这是正常的。只要右下角的系统托盘中出现了 pageant 的图标就可以了。
-   
-   ![](pageant1.png)
-
-3. 双击 Pageant 图标，打开 Pageant 窗口。选择 “Add Key”，然后选择您的密钥文件。
-   
-   ![](pageant2.png)
-
-4. 在使用服务器期间保持 Pageant 启动（可以关闭 Pageant 的窗口，但不要在系统托盘中右键退出）。
-5. 使用完毕后，在系统托盘中右键退出 Pageant。
-
-> [!NOTE]
-> 无论是使用 WinSCP 还是 PuTTY，每次使用前，都需要如此启动 Pageant 并添加密钥。
-
-> [!TIP]
-> 如果您觉得每次打开 Pageant 都要手动添加密钥很麻烦，并且熟悉 Windows 命令行的使用，
->   可以编写一个批处理文件（将下方代码用记事本保存，然后将扩展名从 `.txt` 改为 `.bat`），每次双击该文件即可启动 Pageant 并自动添加密钥：
-> 
-> `"C:\ProgramData\chocolatey\bin\PAGEANT.EXE" "Z:\.ssh\id_rsa.ppk"`
-> 
-> 其中第一个引号内为 Pageant 的路径，第二个引号内为您的密钥文件的路径。也可以将该批处理文件放入开机启动项中，使得 Pageant 在开机时自动启动。
-> 
-> 因为每个人的密钥文件以及 Pageant 的路径都可能不同，所以这里无法提供通用的批处理文件。
-
-## PuTTY:
-
-1. 在 Connection -> SSH -> Auth，勾选“Attempt authentication using Pageant”和“Allow agent forwarding”。
-   
-   ![](putty1.png)
-
-2. 在 Connection -> SSH -> Auth -> Credentials，清空 “Private key file for authentication”，然后保存。
-   
-   ![](putty2.png)
-
-3. （选做但推荐）在 Connection -> Data 中，将 “Auto-login username” 设置为 `jykang`，这样每次登陆时就不需要手动输入用户名了。
-
-## WinSCP:
-
-1. 在 SSH -> Authentication，勾选 “使用 Pageant 进行认证”，勾选 “允许代理转发”，清空 “密钥文件”，然后保存。
-   
-   ![](winscp1.png)
-
-2. (选做)如果您需要通过 WinSCP 打开 PuTTY 的话，需要在 WinSCP 主界面 -> 工具 -> 选项 -> 集成 -> 应用程序路径中，
-    在原来的基础上增加 `-A` 参数。
-   
-   ![](winscp2.png)
-
-> [!TIP]
-> 如果 WinSCP 不让你直接修改那个字符串，就把它复制到记事本里修改，然后再复制回去。
-
-至此，您已经成功配置了 SSH agent forwarding。
-之后使用 PuTTY 登陆 `jykang@hpc.xmu.edu.cn` 时，会收到包含了您的名字的提示（如图所示），表明您已经成功启用了 SSH agent forwarding。
-
-   ![](putty3.png)
-
-> [!NOTE]
-> 无论是 PuTTY 还是 WinSCP，改完设置后都记得保存。
-
-> [!IMPORTANT]
-> 如果您确认已经按照教程设置好了却仍然不能连接，可以尝试将 WinSCP 和 PuTTY 都更新到最新。
->
-> 我测试使用的版本是：PuTTY 0.78 和 WinSCP 6.3.3。
-
---
-
-# 其它内容
-
-接下来的内容不是使用 jykang@hpc.xmu.edu.cn 的必需内容，不须要阅读。
-如果您按照上面的步骤配置 SSH agent forwarding 失败，那么请再次仔细阅读上面的内容，**接下来的内容对您没有帮助**。
-
-接下来的内容包括：
-* 解释为什么不转发 agent 就无法区分不同密钥。
-* 介绍一些可能有用的附加功能，例如区分使用同一个密钥的不同用户，以及如何设置任务进度微信通知。
-
-## 为什么不转发 agent 就无法区分不同密钥？
-
-如果你好奇为什么不使用 Pageant 就无法区分使用不同密钥的登陆：
-
-SSH 连接并不是直接由 jykang 用户处理的，
-   而是由一个名为 `sshd` 的程序处理，它通常以 `root` 用户的身份运行。
-在完成认证后，`sshd` 会将 Windows 电脑发来的信息解密后转发给以 `jykang` 用户运行的进程，
-   并将以 `jykang` 用户运行的进程的输出加密后发回给 Windows 电脑。
-我们只能控制 `jykang` 用户运行的进程，但这里拿不到任何关于密钥的信息。
-
-```mermaid
-flowchart TB
-   subgraph "Run on windows"
-      A[(密钥文件)] -.->|从硬盘读取| B["SSH client (putty, WinSCP, etc.)"]
-   end
-   subgraph "Run on hpc by root"
-      C["SSH server (sshd)"]
-   end
-   B <--> |"认证信息 & 加密的数据"| C
-   subgraph "Run on hpc by <b>jykang</b>"
-      D["Other programs (bash, VASP, etc.)"] 
-   end
-   C <--> |"解密后的数据(不包含密钥信息)"| D
-```
-
-Pageant 程序就是所谓的“SSH agent”。“SSH agent forwarding” 就是将到 Pageant 的连接通过已经建立的 SSH 连接转发给远程服务器，
-   使得远程服务器可以与 Pageant 通信，进而读取密钥信息。
-“SSH agent forwarding” 典型的用途是在远程服务器上使用本地的密钥再次登陆其他服务器，而不是为了区分使用不同密钥的登陆。
-
-```mermaid
-flowchart TB
-   subgraph "Run on windows"
-      A[(密钥文件)] -.->|从硬盘读取| E["SSH agent (pageant)"]
-      E <-->|认证信息| B["SSH client (putty, WinSCP, etc.)"]
-   end
-   subgraph "Run on hpc by root"
-      C["SSH server (sshd)"]
-   end
-   B <--> |"认证信息 & 加密的数据"| C
-   subgraph "Run on hpc by <b>jykang</b>"
-      D["Other programs (bash, VASP, etc.)"] 
-   end
-   C <--> |"解密后的数据(不包含密钥信息)"| D
-   E <-...-> |"通过已经建立的 SSH 连接转发密钥信息"| D
-```
-
-事实上，linux 的管理（统计用户使用的资源，等）非常依赖于不同的用户，即用高权限的用户去管理低权限的用户。
-大家都使用同一个账户的情况下，很多管理的功能没有现成的解决方案（要自己手写代码、思考如何设计），甚至完全无法实现。
-整这个东西真的挺麻烦的。我也嫌麻烦（而且我要做的事情比大多数用户多得多）。要不是康老师一定要我做，我才不会做。
-如果你嫌这些麻烦，与其埋怨我，不如去建议自己的导师去自己申请一个账号用。
-
-## 设置子账户:
-
-一个老师拿到密钥后，可能会将它分发给多个不同的学生。
-如果希望区分不同学生的使用情况，可以修改 `TERM` 变量，加上 `hpcstat_subaccount:your_name:` 前缀，
-   以此来进一步区分使用同一个密钥的不同用户。
-
-对于 PuTTY 来说，`TERM` 变量在 Connection -> Data -> Ternimal-type string 中修改。
-例如，如果原本的 `TERM` 变量是 `xterm`，那么修改后的 `TERM` 变量可以是 `hpcstat_subaccount:chn:xterm`。
-`TERM` 变量只在交互式登陆时有效，因此无法在 WinSCP 中使用。
-
-如果设置了这个参数，那么会额外统计不同子账户的使用情况（登陆次数、投递的任务、占用的核时，等）。
-是否设置这个参数都不影响按密钥统计的功能（即，按照密钥统计的核时，是所有使用这个密钥的用户的总和，无论是否设置了这个参数）。
-
-同时，子账户的统计结果也仅供参考，事实上这个统计结果很容易造假
-   （如果 A 和 B 都使用同一个密钥登陆，那么显然 B 可以在 TERM 中填入 A 的名字以假装自己是 A，把自己用的核时都算到 A 头上）。
-
-> [!CAUTION]
-> 如果 `TERM` 变量的格式设置得不正确，PuTTY 登陆后一些程序会无法正常工作，因此尝试时应该仔细且小心。
-
-## PuTTY 登陆时自动跳转:
-
-如果您希望在登陆时自动跳转到自己的目录下，可以在 `TERM` 中再增加以下前缀：`chn_cd:your_path:`。
-
-例如，将 `TERM` 变量修改为 `chn_cd:linwei/chn:xterm`，那么使用 PuTTY 登陆后会自动跳转到 `linwei/chn` 目录下。
-
-如果同时使用了 `hpcstat_subaccount` 和 `chn_cd`，那么 `hpcstat_subaccount` 必须在 `chn_cd` 之后，
-   例如 `chn_cd:linwei/chn:hpcstat_subaccount:chn:xterm`。
-
-## 任务进度微信通知:
-
-用微信打开下面的链接：
-
-```
-https://wxpusher.zjiecode.com/wxuser/?type=1&id=75864#/follow
-```
-
-您应该会被引导去关注一个公众号（WxPusher 消息推送平台）。关注这个公众号之后会收到一条包含 UID 的消息。
-然后把下面的信息发给我：
-* 您的 UID
-* 您使用的密钥的指纹（用 PuTTY 登陆时会提示）
-* 如果使用了子账户（在 `TERM` 中设置了 `hpcstat_subaccount`），还需要告诉我您设置的子账户名
-
-之后您投递的任务有新进度（例如，开始运行、运行结束）时就会通过这个公众号收到通知。
-
-需要注意的是，这个 UID 会被明文写到 jykang 上的文件里。
-也就是说存在这样的风险：有权限登陆 jykang 的人都有权限通过这个公众号给您发消息。
-
-## 在 Linux 上配置 SSH agent forwarding
-
-1. 使用以下命令将 `.ppk` 的私钥部分拆分出来：
-
-   ```bash
-   puttygen id_rsa.ppk -O private-openssh -o ./id_rsa
-   ```
-
-   确保 `id_rsa` 的权限为 `600`。
-
-2. 在 `~/.ssh/config` 中添加以下内容：
-
-   ```
-   Host jykang
-      AddKeysToAgent yes
-      ForwardAgent yes
-      IdentityFile ~/path/to/id_rsa
-   ```
-
-然后就可以正常使用了，例如：
-
-```bash
-ssh jykang
-```
+Moved to [../../../../packages/hpcstat/doc/setup.md](../../../../packages/hpcstat/doc/setup.md)
--- a/local/pkgs/hpcstat/doc/winscp1.png
+++ b/local/pkgs/hpcstat/doc/winscp1.png
--- a/local/pkgs/hpcstat/src/common.cpp
+++ b/local/pkgs/hpcstat/src/common.cpp
@@ -1,38 +0,0 @@
-# include <hpcstat/common.hpp>
-# include <boost/process.hpp>
-
-namespace hpcstat
-{
-  std::optional<std::string> exec
-  (
-    std::filesystem::path program, std::vector<std::string> args, std::optional<std::string> stdin,
-    std::map<std::string, std::string> extra_env
-  )
-  {
-    namespace bp = boost::process;
-    bp::ipstream output;
-    bp::opstream input;
-    std::unique_ptr<bp::child> process;
-    bp::environment env = boost::this_process::environment();
-    for (const auto& [key, value] : extra_env) env[key] = value;
-    if (stdin)
-    {
-      process = std::make_unique<bp::child>
-        (program.string(), bp::args(args), bp::std_out > output, bp::std_err > stderr, bp::std_in < input, env);
-      input << *stdin;
-      input.pipe().close();
-    }
-    else process = std::make_unique<bp::child>
-      (program.string(), bp::args(args), bp::std_out > output, bp::std_err > stderr, bp::std_in < bp::null, env);
-    process->wait();
-    if (process->exit_code() != 0) return std::nullopt;
-    std::stringstream ss;
-    ss << output.rdbuf();
-    return ss.str();
-  }
-  long now()
-  {
-    return std::chrono::duration_cast<std::chrono::seconds>
-      (std::chrono::system_clock::now().time_since_epoch()).count();
-  }
-}
--- a/local/pkgs/matplotplusplus/default.nix
+++ b/local/pkgs/matplotplusplus/default.nix
@@ -1,18 +0,0 @@
-{
-  stdenv, src, cmake, pkg-config, substituteAll,
-  gnuplot, libjpeg, libtiff, zlib, libpng, lapack, blas, fftw, opencv, nodesoup, cimg, glfw, libGL, python3, glad
-}: stdenv.mkDerivation
-{
-  name = "matplotplusplus";
-  inherit src;
-  cmakeFlags =
-  [
-    "-DBUILD_SHARED_LIBS=ON" "-DMATPLOTPP_BUILD_SHARED_LIBS=ON" "-DMATPLOTPP_BUILD_EXAMPLES=OFF"
-    "-DMATPLOTPP_WITH_SYSTEM_NODESOUP=ON" "-DMATPLOTPP_WITH_SYSTEM_CIMG=ON"
-    "-DMATPLOTPP_BUILD_EXPERIMENTAL_OPENGL_BACKEND=ON" "-DGLAD_REPRODUCIBLE=ON"
-  ];
-  buildInputs = [ gnuplot libjpeg libtiff zlib libpng lapack blas fftw opencv nodesoup cimg glfw libGL glad ];
-  nativeBuildInputs = [ cmake pkg-config python3 ];
-  propagatedBuildInputs = [ libGL glad glfw ];
-  propagatedNativeBuildInputs = [ python3 ];
-}
--- a/local/pkgs/win11os-kde/default.nix
+++ b/local/pkgs/win11os-kde/default.nix
@@ -1,20 +0,0 @@
-{ lib, stdenv, src }: stdenv.mkDerivation
-{
-  name = "win11os-kde";
-  inherit src;
-  installPhase =
-  ''
-    mkdir -p $out/share/aurorae/themes
-    cp -r $src/aurorae/* $out/share/aurorae/themes
-    mkdir -p $out/share/color-schemes
-    cp -r $src/color-schemes/*.colors $out/share/color-schemes
-    mkdir -p $out/share/Kvantum
-    cp -r $src/Kvantum/* $out/share/Kvantum
-    mkdir -p $out/share/plasma/desktoptheme
-    cp -r $src/plasma/desktoptheme/* $out/share/plasma/desktoptheme
-    mkdir -p $out/share/plasma/look-and-feel
-    cp -r $src/plasma/look-and-feel/* $out/share/plasma/look-and-feel
-    mkdir -p $out/share/wallpapers
-    cp -r $src/wallpaper/* $out/share/wallpapers
-  '';
-}
--- a/modules/bugs/default.nix
+++ b/modules/bugs/default.nix
@@ -11,47 +11,6 @@ inputs:
        SuspendState=freeze
        HibernateMode=shutdown
      '';
-      # reload iwlwifi after resume from hibernate
-      hibernate-iwlwifi =
-      {
-        systemd.services.reload-iwlwifi-after-hibernate =
-        {
-          description = "reload iwlwifi after resume from hibernate";
-          after = [ "systemd-hibernate.service" ];
-          serviceConfig.Type = "oneshot";
-          script = let modprobe = "${inputs.pkgs.kmod}/bin/modprobe"; in
-          ''
-            ${modprobe} -r iwlwifi
-            ${modprobe} iwlwifi
-            echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo
-          '';
-          wantedBy = [ "systemd-hibernate.service" ];
-        };
-        nixos.system.kernel.modules.modprobeConfig =
-          [ "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
-      };
-      # disable wakeup on lid open
-      suspend-lid-no-wakeup.systemd.services.lid-no-wakeup =
-      {
-        description = "lid no wake up";
-        serviceConfig.Type = "oneshot";
-        script =
-          let
-            cat = "${inputs.pkgs.coreutils}/bin/cat";
-            grep = "${inputs.pkgs.gnugrep}/bin/grep";
-          in
-          ''
-            if ${cat} /proc/acpi/wakeup | ${grep} LID0 | ${grep} -q enabled
-            then
-              echo LID0 > /proc/acpi/wakeup
-            fi
-            if ${cat} /proc/acpi/wakeup | ${grep} XHCI | ${grep} -q enabled
-            then
-              echo XHCI > /proc/acpi/wakeup
-            fi
-          '';
-        wantedBy = [ "multi-user.target" ];
-      };
      # xmunet use old encryption
      xmunet.nixpkgs.config.packageOverrides = pkgs: { wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs
        (attrs: { patches = attrs.patches ++ [ ./xmunet.patch ];}); };
@@ -77,21 +36,10 @@ inputs:
            script = "${systemctl} start waydroid-container";
          };
        };
-      firefox.programs.firefox.enable = inputs.lib.mkForce false;
-      power.boot.kernelParams = [ "cpufreq.default_governor=powersave" ];
      backlight.boot.kernelParams = [ "nvidia.NVreg_RegistryDwords=EnableBrightnessControl=1" ];
      amdpstate.boot.kernelParams = [ "amd_pstate=active" ];
-      wireplumber.environment.etc."wireplumber/main.lua.d/50-alsa-config.lua".text =
-        let
-          content = builtins.readFile
-            (inputs.pkgs.wireplumber + "/share/wireplumber/main.lua.d/50-alsa-config.lua");
-          matched = builtins.match
-            ".*\n([[:space:]]*)(--\\[\"session\\.suspend-timeout-seconds\"][^\n]*)[\n].*" content;
-          spaces = builtins.elemAt matched 0;
-          comment = builtins.elemAt matched 1;
-          config = ''["session.suspend-timeout-seconds"] = 0'';
-        in
-          builtins.replaceStrings [(spaces + comment)] [(spaces + config)] content;
+      hibernate-mt7921e.powerManagement.resumeCommands =
+        let modprobe = "${inputs.pkgs.kmod}/bin/modprobe"; in "${modprobe} -r -w 3000 mt7921e && ${modprobe} mt7921e";
    };
  in
    {
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -14,6 +14,7 @@ inputs:
      topInputs.impermanence.nixosModules.impermanence
      topInputs.nix-flatpak.nixosModules.nix-flatpak
      topInputs.chaotic.nixosModules.default
+      { config.chaotic.nyx.overlay.onTopOf = "user-pkgs"; }
      topInputs.catppuccin.nixosModules.catppuccin
      (inputs:
      {
@@ -29,8 +30,6 @@ inputs:
              nix-vscode-extensions = topInputs.nix-vscode-extensions.extensions."${prev.system}";
              nur-xddxdd = topInputs.nur-xddxdd.overlays.default final prev;
              nur-linyinfeng = (topInputs.nur-linyinfeng.overlays.default final prev).linyinfeng;
-              deploy-rs =
-                { inherit (prev) deploy-rs; inherit ((topInputs.deploy-rs.overlay final prev).deploy-rs) lib; };
              firefox-addons = (import "${topInputs.rycee}" { inherit (prev) pkgs; }).firefox-addons;
              inherit (import topInputs.gricad { pkgs = final; }) intel-oneapi intel-oneapi-2022;
            })
@@ -38,7 +37,6 @@ inputs:
          home-manager.sharedModules =
          [
            topInputs.plasma-manager.homeManagerModules.plasma-manager
-            topInputs.nix-doom-emacs.hmModule
            topInputs.catppuccin.homeManagerModules.catppuccin
          ];
        };
--- a/modules/hardware/cpus.nix
+++ b/modules/hardware/cpus.nix
@@ -0,0 +1,26 @@
+inputs:
+{
+  options.nixos.hardware.cpus = let inherit (inputs.lib) mkOption types; in mkOption
+    { type = types.listOf (types.enum [ "intel" "amd" ]); default = []; };
+  config = let inherit (inputs.config.nixos.hardware) cpus; in inputs.lib.mkIf (cpus != [])
+  {
+    hardware.cpu = builtins.listToAttrs
+      (builtins.map (name: { inherit name; value = { updateMicrocode = true; }; }) cpus);
+    boot =
+    {
+      initrd.availableKernelModules =
+        let modules =
+        {
+          intel =
+          [
+            "intel_cstate" "aesni_intel" "intel_cstate" "intel_uncore" "intel_uncore_frequency" "intel_powerclamp"
+          ];
+          amd = [];
+        };
+        in builtins.concatLists (builtins.map (cpu: modules.${cpu}) cpus);
+    };
+    environment.systemPackages =
+      let packages = with inputs.pkgs; { intel = []; amd = [ zenmonitor ]; };
+      in builtins.concatLists (builtins.map (cpu: packages.${cpu}) cpus);
+  };
+}
--- a/modules/hardware/default.nix
+++ b/modules/hardware/default.nix
@@ -11,7 +11,6 @@ inputs:
      joystick = mkOption { type = types.nullOr (types.submodule {}); inherit default; };
      printer = mkOption { type = types.nullOr (types.submodule {}); inherit default; };
      sound = mkOption { type = types.nullOr (types.submodule {}); inherit default; };
-      cpus = mkOption { type = types.listOf (types.enum [ "intel" "amd" ]); default = []; };
    };
  config = let inherit (inputs.config.nixos) hardware; in inputs.lib.mkMerge
  [
@@ -40,29 +39,8 @@ inputs:
      {
        hardware.pulseaudio.enable = false;
        services.pipewire = { enable = true; alsa = { enable = true; support32Bit = true; }; pulse.enable = true; };
-        sound.enable = true;
        security.rtkit.enable = true;
      }
    )
-    # cpus
-    (
-      inputs.lib.mkIf (hardware.cpus != [])
-      {
-        hardware.cpu = builtins.listToAttrs
-          (map (name: { inherit name; value = { updateMicrocode = true; }; }) hardware.cpus);
-        boot.initrd.availableKernelModules =
-          let
-            modules =
-            {
-              intel =
-              [
-                "intel_cstate" "aesni_intel" "intel_cstate" "intel_uncore" "intel_uncore_frequency" "intel_powerclamp"
-              ];
-              amd = [];
-            };
-          in
-            builtins.concatLists (map (cpu: modules.${cpu}) hardware.cpus);
-      }
-    )
  ];
 }
--- a/modules/hardware/gpu.nix
+++ b/modules/hardware/gpu.nix
@@ -13,11 +13,15 @@ inputs:
      ]);
      default = null;
    };
-    dynamicBoost = mkOption { type = types.bool; default = false; };
-    prime =
+    nvidia =
    {
-      mode = mkOption { type = types.enum [ "offload" "sync" ]; default = "offload"; };
-      busId = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
+      dynamicBoost = mkOption { type = types.bool; default = false; };
+      prime =
+      {
+        mode = mkOption { type = types.enum [ "offload" "sync" ]; default = "offload"; };
+        busId = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
+      };
+      driver = mkOption { type = types.enum [ "production" "latest" "beta" ]; default = "production"; };
    };
  };
  config = let inherit (inputs.config.nixos.hardware) gpu; in inputs.lib.mkIf (gpu.type != null) (inputs.lib.mkMerge
@@ -30,50 +34,51 @@ inputs:
          let modules =
          {
            intel = [ "i915" ];
-            nvidia = [ "nvidia" "nvidia_drm" "nvidia_modeset" ]; # nvidia-uvm should not be loaded
-            amd = [ "amdgpu" ];
+            nvidia = []; # early loading breaks resume from hibernation
+            amd = [];
          };
          in builtins.concatLists (builtins.map (gpu: modules.${gpu}) gpus);
        hardware =
        {
-          opengl =
+          graphics =
          {
            enable = true;
-            driSupport = true;
-            driSupport32Bit = true;
            extraPackages =
              let packages = with inputs.pkgs;
              {
                intel = [ intel-vaapi-driver libvdpau-va-gl intel-media-driver ];
                nvidia = [ vaapiVdpau ];
-                amd = [ amdvlk rocmPackages.clr rocmPackages.clr.icd ];
+                amd = [];
              };
              in builtins.concatLists (builtins.map (gpu: packages.${gpu}) gpus);
-            extraPackages32 =
-              let packages = { intel = []; nvidia = []; amd = [ inputs.pkgs.driversi686Linux.amdvlk ]; };
-              in builtins.concatLists (builtins.map (gpu: packages.${gpu}) gpus);
          };
          nvidia = inputs.lib.mkIf (builtins.elem "nvidia" gpus)
          {
            modesetting.enable = true;
            powerManagement.enable = true;
-            dynamicBoost.enable = inputs.lib.mkIf gpu.dynamicBoost true;
+            dynamicBoost.enable = inputs.lib.mkIf gpu.nvidia.dynamicBoost true;
            nvidiaSettings = true;
-            forceFullCompositionPipeline = true;
-            # package = inputs.config.boot.kernelPackages.nvidiaPackages.production;
+            package = inputs.config.boot.kernelPackages.nvidiaPackages.${gpu.nvidia.driver};
+            open = true; # TODO: remove when 560 is stable
            prime.allowExternalGpu = true;
          };
        };
-        boot =
-        {
-          kernelParams = inputs.lib.mkIf (builtins.elem "amd" gpus)
-            [ "radeon.cik_support=0" "amdgpu.cik_support=1" "radeon.si_support=0" "amdgpu.si_support=1" "iommu=pt" ];
-          blacklistedKernelModules = [ "nouveau" ];
-        };
-        environment.variables.VDPAU_DRIVER = inputs.lib.mkIf (builtins.elem "intel" gpus) "va_gl";
+        boot.blacklistedKernelModules = [ "nouveau" ];
+        environment.variables =
+          if builtins.elem "nvidia" gpus then { VDPAU_DRIVER = "nvidia"; }
+          else if builtins.elem "intel" gpus then { VDPAU_DRIVER = "va_gl"; }
+          else {};
        services.xserver.videoDrivers =
          let driver = { intel = "modesetting"; amd = "amdgpu"; nvidia = "nvidia"; };
          in builtins.map (gpu: driver.${gpu}) gpus;
+        nixos.packages.packages._packages =
+          let packages = with inputs.pkgs;
+          {
+            intel = [ intel-gpu-tools ];
+            nvidia = [ nvtopPackages.full ];
+            amd = [];
+          };
+          in builtins.concatLists (builtins.map (gpu: packages.${gpu}) gpus);
      }
    )
    # nvidia prime offload
@@ -82,13 +87,23 @@ inputs:
      {
        prime =
        {
-          offload = inputs.lib.mkIf (gpu.prime.mode == "offload") { enable = true; enableOffloadCmd = true; };
-          sync = inputs.lib.mkIf (gpu.prime.mode == "sync") { enable = true; };
+          offload = inputs.lib.mkIf (gpu.nvidia.prime.mode == "offload") { enable = true; enableOffloadCmd = true; };
+          sync = inputs.lib.mkIf (gpu.nvidia.prime.mode == "sync") { enable = true; };
        }
        // builtins.listToAttrs (builtins.map
          (gpu: { name = "${if gpu.name == "amd" then "amdgpu" else gpu.name}BusId"; value = "PCI:${gpu.value}"; })
-          (inputs.localLib.attrsToList gpu.prime.busId));
-        powerManagement.finegrained = inputs.lib.mkIf (gpu.prime.mode == "offload") true;
+          (inputs.localLib.attrsToList gpu.nvidia.prime.busId));
+        powerManagement.finegrained = inputs.lib.mkIf (gpu.nvidia.prime.mode == "offload") true;
+      };}
+    )
+    # amdgpu
+    (
+      inputs.lib.mkIf (inputs.lib.strings.hasPrefix "amd" gpu.type) { hardware.amdgpu =
+      {
+        opencl.enable = true;
+        legacySupport.enable = true;
+        initrd.enable = true;
+        amdvlk = { enable = true; support32Bit.enable = true; supportExperimental.enable = true; };
      };}
    )
  ]);
--- a/modules/packages/chromium.nix
+++ b/modules/packages/chromium.nix
@@ -1,6 +1,11 @@
 inputs:
 {
-  config = inputs.lib.mkIf (builtins.elem "desktop-extra" inputs.config.nixos.packages._packageSets)
+  options.nixos.packages.chromium = let inherit (inputs.lib) mkOption types; in mkOption
+  {
+    type = types.nullOr (types.submodule {});
+    default = if inputs.config.nixos.system.gui.enable then {} else null;
+  };
+  config = let inherit (inputs.config.nixos.packages) chromium; in inputs.lib.mkIf (chromium != null)
  {
    programs.chromium = { enable = true; extraOpts.PasswordManagerEnabled = false; };
  };
--- a/modules/packages/default.nix
+++ b/modules/packages/default.nix
@@ -1,47 +1,21 @@
 inputs:
 {
  imports = inputs.localLib.findModules ./.;
-  options.nixos.packages =
-    let
-      inherit (inputs.lib) mkOption types;
-      packageSets =
-      [
-        # no gui, only used for specific purpose
-        "server"
-        "server-extra"
-        # gui, for daily use, but not install large programs such as matlab
-        "desktop"
-        "desktop-extra"
-        # nearly everything
-        "workstation"
-      ];
-    in
-    {
-      packageSet = mkOption
-      {
-        type = types.enum packageSets;
-        default = if inputs.config.nixos.system.gui.enable then "desktop" else "server";
-      };
-      extraPackages = mkOption { type = types.listOf types.unspecified; default = []; };
-      excludePackages = mkOption { type = types.listOf types.unspecified; default = []; };
-      extraPythonPackages = mkOption { type = types.listOf types.unspecified; default = []; };
-      excludePythonPackages = mkOption { type = types.listOf types.unspecified; default = []; };
-      extraPrebuildPackages = mkOption { type = types.listOf types.unspecified; default = []; };
-      excludePrebuildPackages = mkOption { type = types.listOf types.unspecified; default = []; };
-      _packageSets = mkOption
-      {
-        type = types.listOf types.nonEmptyStr;
-        readOnly = true;
-        default = builtins.genList (i: builtins.elemAt packageSets i)
-          ((inputs.localLib.findIndex inputs.config.nixos.packages.packageSet packageSets) + 1);
-      };
-      _packages = mkOption { type = types.listOf types.unspecified; default = []; };
-      _pythonPackages = mkOption { type = types.listOf types.unspecified; default = []; };
-      _prebuildPackages = mkOption { type = types.listOf types.unspecified; default = []; };
-    };
+  options.nixos.packages.packages = let inherit (inputs.lib) mkOption types; in
+  {
+    extraPackages = mkOption { type = types.listOf types.unspecified; default = []; };
+    excludePackages = mkOption { type = types.listOf types.unspecified; default = []; };
+    extraPythonPackages = mkOption { type = types.listOf types.unspecified; default = []; };
+    excludePythonPackages = mkOption { type = types.listOf types.unspecified; default = []; };
+    extraPrebuildPackages = mkOption { type = types.listOf types.unspecified; default = []; };
+    excludePrebuildPackages = mkOption { type = types.listOf types.unspecified; default = []; };
+    _packages = mkOption { type = types.listOf types.unspecified; default = []; };
+    _pythonPackages = mkOption { type = types.listOf types.unspecified; default = []; };
+    _prebuildPackages = mkOption { type = types.listOf types.unspecified; default = []; };
+  };
  config =
  {
-    environment.systemPackages = let inherit (inputs.lib.lists) subtractLists; in with inputs.config.nixos.packages;
+    environment.systemPackages = with inputs.config.nixos.packages.packages;
      (inputs.lib.lists.subtractLists excludePackages (_packages ++ extraPackages))
      ++ [
        (inputs.pkgs.python3.withPackages (pythonPackages:
--- a/modules/packages/desktop-extra.nix
+++ b/modules/packages/desktop-extra.nix
@@ -1,45 +0,0 @@
-inputs:
-{
-  config = inputs.lib.mkIf (builtins.elem "desktop-extra" inputs.config.nixos.packages._packageSets)
-  {
-    nixos =
-    {
-      packages = with inputs.pkgs;
-      {
-        _packages =
-        [
-          # system management
-          btrfs-assistant snapper-gui kdePackages.qtstyleplugin-kvantum ventoy-full cpu-x # etcher
-          # password and key management
-          yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui bitwarden
-          # download
-          qbittorrent nur-xddxdd.baidupcs-go wgetpaste
-          # development
-          scrcpy weston cage openbox krita
-          # media
-          spotify yesplaymusic simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc obs-studio
-          waifu2x-converter-cpp inkscape blender
-          # editor
-          typora
-          # news
-          fluent-reader
-          # nix tools
-          deploy-rs.deploy-rs nixpkgs-fmt appimage-run nixd nix-serve node2nix nix-prefetch-github prefetch-npm-deps
-          nix-prefetch-docker
-          # instant messager
-          element-desktop telegram-desktop discord fluffychat zoom-us signal-desktop slack nur-linyinfeng.wemeet
-          # browser
-          google-chrome
-          # office
-          crow-translate zotero pandoc ydict libreoffice-qt texstudio poppler_utils pdftk gnuplot pdfchain hdfview
-          texliveFull
-          # math, physics and chemistry
-          octaveFull root ovito localPackages.vesta localPackages.vaspkit localPackages.v-sim
-        ]
-        ++ (builtins.filter (p: !((p.meta.broken or false) || (builtins.elem p.pname or null [ "falkon" ])))
-          (builtins.filter inputs.lib.isDerivation (builtins.attrValues kdePackages.kdeGear)));
-      };
-    };
-    programs.kdeconnect.enable = true;
-  };
-}
--- a/modules/packages/desktop/default.nix
+++ b/modules/packages/desktop/default.nix
@@ -1,55 +1,132 @@
 inputs:
 {
-  config = inputs.lib.mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
+  options.nixos.packages.desktop = let inherit (inputs.lib) mkOption types; in mkOption
+  {
+    type = types.nullOr (types.submodule {});
+    default = if inputs.config.nixos.system.gui.enable then {} else null;
+  };
+  config = let inherit (inputs.config.nixos.packages) desktop; in inputs.lib.mkIf (desktop != null)
  {
    nixos =
    {
-      packages._packages = with inputs.pkgs;
-      [
-        # system management
-        gparted wayland-utils clinfo glxinfo vulkan-tools dracut
-        (
-          writeShellScriptBin "xclip"
-          ''
-            #!${bash}/bin/bash
-            if [ "$XDG_SESSION_TYPE" = "x11" ]; then
-              exec ${xclip}/bin/xclip -sel clip "$@"
-            else
-              exec ${wl-clipboard-x11}/bin/xclip "$@"
-            fi
-          ''
-        )
-        # color management
-        argyllcms xcalib
-        # networking
-        remmina putty mtr-gui
-        # media
-        mpv nomacs
-        # themes
-        tela-circle-icon-theme localPackages.win11os-kde localPackages.fluent-kde localPackages.blurred-wallpaper
-        localPackages.slate utterly-nord-plasma
-        # terminal
-        warp-terminal
-        # development
-        adb-sync
-        # virtual keyboard
-        # localPackages.kylin-virtual-keyboard
-      ];
+      packages.packages =
+      {
+        _packages = with inputs.pkgs;
+        [
+          # system management
+          # TODO: module should add yubikey-touch-detector into path
+          gparted wayland-utils clinfo glxinfo vulkan-tools dracut yubikey-touch-detector btrfs-assistant snapper-gui
+          kdePackages.qtstyleplugin-kvantum ventoy-full cpu-x inputs.pkgs."pkgs-23.11".etcher wl-mirror
+          (
+            writeShellScriptBin "xclip"
+            ''
+              #!${bash}/bin/bash
+              if [ "$XDG_SESSION_TYPE" = "x11" ]; then
+                exec ${xclip}/bin/xclip -sel clip "$@"
+              else
+                exec ${wl-clipboard-x11}/bin/xclip "$@"
+              fi
+            ''
+          )
+          # color management
+          argyllcms xcalib
+          # networking
+          remmina putty mtr-gui
+          # media
+          mpv nomacs spotify yesplaymusic simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc obs-studio
+          waifu2x-converter-cpp inkscape blender whalebird paraview
+          # themes
+          catppuccin catppuccin-sddm catppuccin-cursors catppuccinifier-gui catppuccinifier-cli catppuccin-plymouth
+          (catppuccin-kde.override { flavour = [ "latte" ]; }) (catppuccin-kvantum.override { variant = "latte"; })
+          localPackages.slate localPackages.blurred-wallpaper tela-circle-icon-theme
+          # terminal
+          warp-terminal
+          # development
+          adb-sync scrcpy weston cage openbox krita jetbrains.clion android-studio dbeaver-bin cling fprettify
+          aircrack-ng
+          # desktop sharing
+          rustdesk-flutter
+          # password and key management
+          yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui bitwarden electrum
+          jabref
+          john crunch hashcat
+          # download
+          qbittorrent nur-xddxdd.baidupcs-go wgetpaste onedrive onedrivegui rclone
+          # editor
+          typora appflowy notion-app-enhanced joplin-desktop standardnotes logseq
+          # news
+          fluent-reader rssguard newsflash newsboat
+          # nix tools
+          nixpkgs-fmt appimage-run nixd nix-serve node2nix nix-prefetch-github prefetch-npm-deps nix-prefetch-docker
+          nix-template nil pnpm-lock-export bundix
+          # instant messager
+          element-desktop telegram-desktop discord fluffychat zoom-us signal-desktop slack nur-linyinfeng.wemeet
+          cinny-desktop nheko # qq nur-xddxdd.wechat-uos
+          # browser
+          google-chrome tor-browser microsoft-edge
+          # office
+          crow-translate zotero pandoc ydict libreoffice-qt texstudio poppler_utils pdftk gnuplot pdfchain hdfview
+          davinci-resolve
+          texliveFull
+          # math, physics and chemistry
+          octaveFull root ovito localPackages.vesta localPackages.vaspkit localPackages.v-sim
+          (mathematica.overrideAttrs (prev: { postInstall = prev.postInstall or "" + "ln -s ${src} $out/src"; }))
+          (quantum-espresso.override { stdenv = gcc14Stdenv; gfortran = gfortran14; }) jmol mpi
+          # virtualization
+          # TODO: broken on python 3.12: playonlinux
+          wineWowPackages.stagingFull virt-viewer bottles genymotion
+          # media
+          nur-xddxdd.svp
+        ]
+          ++ (builtins.filter (p: !((p.meta.broken or false) || (builtins.elem p.pname or null [ "falkon" "kalzium" ])))
+            (builtins.filter inputs.lib.isDerivation (builtins.attrValues kdePackages.kdeGear)));
+          # TODO: fix it
+          # ++ inputs.lib.optional (inputs.config.nixos.system.nixpkgs.march != null) localPackages.mumax;
+        _pythonPackages = [(pythonPackages: with pythonPackages;
+        [
+          phonopy scipy scikit-learn jupyterlab autograd # localPackages.pix2tex
+          # TODO: broken on python 3.12: tensorflow keras
+        ])];
+      };
+      user.sharedModules =
+      [{
+        config.programs =
+        {
+          plasma = 
+          {
+            enable = true;
+            configFile =
+            {
+              plasma-localerc = { Formats.LANG.value = "en_US.UTF-8"; Translations.LANGUAGE.value = "zh_CN"; };
+              baloofilerc."Basic Settings".Indexing-Enabled.value = false;
+            };
+            powerdevil = { AC.autoSuspend.action = "nothing"; battery.autoSuspend.action = "nothing"; };
+          };
+          obs-studio =
+          {
+            enable = true;
+            plugins = with inputs.pkgs.obs-studio-plugins; [ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
+          };
+        };
+      }];
    };
    programs =
    {
      adb.enable = true;
      wireshark = { enable = true; package = inputs.pkgs.wireshark; };
      yubikey-touch-detector.enable = true;
+      kdeconnect.enable = true;
+      anime-game-launcher = { enable = true; package = inputs.pkgs.anime-game-launcher; };
+      honkers-railway-launcher = { enable = true; package = inputs.pkgs.honkers-railway-launcher; };
+      sleepy-launcher = { enable = true; package = inputs.pkgs.sleepy-launcher; };
    };
-    nixpkgs.config.packageOverrides = pkgs: 
+    nixpkgs.overlays = [(final: prev:
    {
-      telegram-desktop = pkgs.telegram-desktop.overrideAttrs (attrs:
+      telegram-desktop = prev.telegram-desktop.overrideAttrs (attrs:
      {
        patches = (if (attrs ? patches) then attrs.patches else []) ++ [ ./telegram.patch ];
      });
-    };
+    })];
    services.pcscd.enable = true;
  };
 }
-
--- a/modules/packages/firefox.nix
+++ b/modules/packages/firefox.nix
@@ -1,6 +1,11 @@
 inputs:
 {
-  config = inputs.lib.mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
+  options.nixos.packages.firefox = let inherit (inputs.lib) mkOption types; in mkOption
+  {
+    type = types.nullOr (types.submodule {});
+    default = if inputs.config.nixos.system.gui.enable then {} else null;
+  };
+  config = let inherit (inputs.config.nixos.packages) firefox; in inputs.lib.mkIf (firefox != null)
  {
    # still enable global firefox, to install language packs
    programs.firefox =
--- a/modules/packages/flatpak.nix
+++ b/modules/packages/flatpak.nix
@@ -1,11 +1,12 @@
 inputs:
 {
-  config = inputs.lib.mkIf (builtins.elem "desktop-extra" inputs.config.nixos.packages._packageSets)
+  options.nixos.packages.flatpak = let inherit (inputs.lib) mkOption types; in mkOption
  {
-    services.flatpak =
-    {
-      enable = true;
-      uninstallUnmanaged = true;
-    };
+    type = types.nullOr (types.submodule {});
+    default = if inputs.config.nixos.system.gui.enable then {} else null;
+  };
+  config = let inherit (inputs.config.nixos.packages) flatpak; in inputs.lib.mkIf (flatpak != null)
+  {
+    services.flatpak = { enable = true; uninstallUnmanaged = true; };
  };
 }
--- a/modules/packages/git.nix
+++ b/modules/packages/git.nix
@@ -1,6 +1,8 @@
 inputs:
 {
-  config = inputs.lib.mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
+  options.nixos.packages.git = let inherit (inputs.lib) mkOption types; in mkOption
+    { type = types.nullOr (types.submodule {}); default = {}; };
+  config = let inherit (inputs.config.nixos.packages) git; in inputs.lib.mkIf (git != null)
  {
    programs.git =
    {
@@ -11,7 +13,10 @@ inputs:
      {
        init.defaultBranch = "main";
        core.quotepath = false;
+        lfs.ssh.automultiplex = false; # 避免 lfs 一直要求触摸 yubikey
+        receive.denyCurrentBranch = "warn"; # 允许 push 到非 bare 的仓库
      };
    };
+    nixos.packages.packages._packages = [ inputs.pkgs.localPackages.git-lfs-transfer ]; # make pure ssh lfs work
  };
 }
--- a/modules/packages/gpg.nix
+++ b/modules/packages/gpg.nix
@@ -1,6 +1,8 @@
 inputs:
 {
-  config = inputs.lib.mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
+  options.nixos.packages.gpg = let inherit (inputs.lib) mkOption types; in mkOption
+    { type = types.nullOr (types.submodule {}); default = {}; };
+  config = let inherit (inputs.config.nixos.packages) gpg; in inputs.lib.mkIf (gpg != null)
  {
    programs.gnupg.agent.enable = true;
  };
--- a/modules/packages/plasma.nix
+++ b/modules/packages/plasma.nix
@@ -1,18 +0,0 @@
-inputs:
-{
-  config = inputs.lib.mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
-  {
-    nixos.user.sharedModules =
-    [{
-      config.programs.plasma = 
-      {
-        enable = true;
-        configFile =
-        {
-          plasma-localerc = { Formats.LANG.value = "en_US.UTF-8"; Translations.LANGUAGE.value = "zh_CN"; };
-          baloofilerc."Basic Settings".Indexing-Enabled.value = false;
-        };
-      };
-    }];
-  };
-}
--- a/modules/packages/server-extra.nix
+++ b/modules/packages/server-extra.nix
@@ -1,36 +0,0 @@
-inputs:
-{
-  config = inputs.lib.mkIf (builtins.elem "server-extra" inputs.config.nixos.packages._packageSets)
-  {
-    nixos =
-    {
-      packages = with inputs.pkgs;
-      {
-        _packages =
-        [
-          # shell
-          ksh
-          # basic tools
-          neofetch
-          # office
-          todo-txt-cli pdfgrep ffmpeg-full
-          # development
-          hexo-cli gh nix-init
-        ]
-        ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ])
-        ++ (inputs.lib.optional (inputs.config.nixos.system.nixpkgs.arch == "x86_64") rar);
-        _pythonPackages = [(pythonPackages: with pythonPackages;
-        [
-          openai python-telegram-bot fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
-          certifi charset-normalizer idna orjson psycopg2 inquirerpy requests tqdm pydbus
-        ])];
-      };
-    };
-    programs =
-    {
-      yazi.enable = true;
-      mosh.enable = true;
-    };
-    services.fwupd.enable = true;
-  };
-}
--- a/modules/packages/server.nix
+++ b/modules/packages/server.nix
@@ -1,41 +1,53 @@
 inputs:
 {
-  config = inputs.lib.mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
+  options.nixos.packages.server = let inherit (inputs.lib) mkOption types; in mkOption
+    { type = types.nullOr (types.submodule {}); default = {}; };
+  config = let inherit (inputs.config.nixos.packages) server; in inputs.lib.mkIf (server != null)
  {
-    nixos.packages._packages = with inputs.pkgs;
-    [
-      # basic tools
-      beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij ipfetch localPackages.pslist
-      fastfetch reptyr
-      # lsxx
-      pciutils usbutils lshw util-linux lsof dmidecode
-      # top
-      iotop iftop htop btop powertop s-tui
-      # editor
-      nano bat
-      # downloader
-      wget aria2 curl yt-dlp
-      # file manager
-      tree eza trash-cli lsd broot file xdg-ninja mlocate
-      # compress
-      pigz upx unzip zip lzip p7zip
-      # file system management
-      sshfs e2fsprogs duperemove compsize exfatprogs
-      # disk management
-      smartmontools hdparm
-      # encryption and authentication
-      apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
-      # networking
-      ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils wireguard-tools
-      # nix tools
-      nix-output-monitor nix-tree ssh-to-age (callPackage "${inputs.topInputs.nix-fast-build}" {}) nix-inspect
-      # development
-      gdb try inputs.topInputs.plasma-manager.packages.${inputs.pkgs.system}.rc2nix
-      # stupid things
-      toilet lolcat
-    ]
-    ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ])
-    ++ (inputs.lib.optional (inputs.config.nixos.system.nixpkgs.arch == "x86_64") rar);
+    nixos.packages.packages =
+    {
+      _packages = with inputs.pkgs;
+      [
+        # basic tools
+        beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij ipfetch localPackages.pslist
+        fastfetch reptyr nushell duc ncdu progress libva-utils ksh neofetch
+        # lsxx
+        pciutils usbutils lshw util-linux lsof dmidecode lm_sensors
+        # top
+        iotop iftop htop btop powertop s-tui
+        # editor
+        nano bat
+        # downloader
+        wget aria2 curl yt-dlp ffsend
+        # file manager
+        tree eza trash-cli lsd broot file xdg-ninja mlocate
+        # compress
+        pigz upx unzip zip lzip p7zip
+        # file system management
+        sshfs e2fsprogs duperemove compsize exfatprogs
+        # disk management
+        smartmontools hdparm
+        # encryption and authentication
+        apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
+        # networking
+        ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils wireguard-tools
+        # nix tools
+        nix-output-monitor nix-tree ssh-to-age (callPackage "${inputs.topInputs.nix-fast-build}" {}) nix-inspect
+        # development
+        gdb try inputs.topInputs.plasma-manager.packages.${inputs.pkgs.system}.rc2nix rr hexo-cli gh nix-init
+        # stupid things
+        toilet lolcat
+        # office
+        todo-txt-cli pdfgrep ffmpeg-full
+      ]
+        ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ])
+        ++ (inputs.lib.optional (inputs.config.nixos.system.nixpkgs.arch == "x86_64") rar);
+      _pythonPackages = [(pythonPackages: with pythonPackages;
+      [
+        openai python-telegram-bot fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
+        certifi charset-normalizer idna orjson psycopg2 inquirerpy requests tqdm pydbus
+      ])];
+    };
    programs =
    {
      nix-index-database.comma.enable = true;
@@ -43,8 +55,14 @@ inputs:
      command-not-found.enable = false;
      autojump.enable = true;
      direnv = { enable = true; nix-direnv.enable = true; };
+      mosh.enable = true;
+      yazi.enable = true;
+    };
+    services =
+    {
+      udev.packages = with inputs.pkgs; [ yubikey-personalization libfido2 ];
+      fwupd.enable = true;
    };
-    services.udev.packages = with inputs.pkgs; [ yubikey-personalization libfido2 ];
    home-manager = { useGlobalPkgs = true; useUserPackages = true; };
  };
 }
--- a/modules/packages/ssh.nix
+++ b/modules/packages/ssh.nix
@@ -0,0 +1,150 @@
+inputs:
+{
+  options.nixos.packages.ssh = let inherit (inputs.lib) mkOption types; in mkOption
+    { type = types.nullOr (types.submodule {}); default = {}; };
+  config = let inherit (inputs.config.nixos.packages) ssh; in inputs.lib.mkIf (ssh != null)
+  {
+    services.openssh.knownHosts =
+      let servers =
+      {
+        vps4 =
+        {
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIF7Y0tjt1XLPjqJ8HEB26W9jVfJafRQ3pv5AbPaxEc/Z";
+          hostnames = [ "vps4.chn.moe" "104.234.37.61" ];
+        };
+        "initrd.vps4" =
+        {
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIJkOPTFvX9f+Fn/KHOIvUgoRiJfq02T42lVGQhpMUGJq";
+          hostnames = [ "initrd.vps4.chn.moe" "104.234.37.61" ];
+        };
+        vps6 =
+        {
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIO5ZcvyRyOnUCuRtqrM/Qf+AdUe3a5bhbnfyhw2FSLDZ";
+          hostnames = [ "vps6.chn.moe" "wireguard.vps6.chn.moe" "74.211.99.69" "192.168.83.1" ];
+        };
+        "initrd.vps6" =
+        {
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIB4DKB/zzUYco5ap6k9+UxeO04LL12eGvkmQstnYxgnS";
+          hostnames = [ "initrd.vps6.chn.moe" "74.211.99.69" ];
+        };
+        vps7 =
+        {
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIF5XkdilejDAlg5hZZD0oq69k8fQpe9hIJylTo/aLRgY";
+          hostnames = [ "vps7.chn.moe" "wireguard.vps7.chn.moe" "ssh.git.chn.moe" "95.111.228.40" "192.168.83.2" ];
+        };
+        "initrd.vps7" =
+        {
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIGZyQpdQmEZw3nLERFmk2tS1gpSvXwW0Eish9UfhrRxC";
+          hostnames = [ "initrd.vps7.chn.moe" "95.111.228.40" ];
+        };
+        nas =
+        {
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIIktNbEcDMKlibXg54u7QOLt0755qB/P4vfjwca8xY6V";
+          hostnames = [ "wireguard.nas.chn.moe" "192.168.1.2" "192.168.83.4" ];
+        };
+        "initrd.nas" =
+        {
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIAoMu0HEaFQsnlJL0L6isnkNZdRq0OiDXyaX3+fl3NjT";
+          hostnames = [ "initrd.nas.chn.moe" "192.168.1.2" ];
+        };
+        surface =
+        {
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIFdm3DcfHdcLP0oSpVrWwIZ/b9lZuakBSPwCFz2BdTJ7";
+          hostnames = [ "192.168.1.4" "wireguard.surface.chn.moe" "192.168.83.5" ];
+        };
+        pc =
+        {
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIMSfREi19OSwQnhdsE8wiNwGSFFJwNGN0M5gN+sdrrLJ";
+          hostnames = [ "wireguard.pc.chn.moe" "[office.chn.moe]:3673" "192.168.1.105" "192.168.83.3" ];
+        };
+        hpc =
+        {
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIDVpsQW3kZt5alHC6mZhay3ZEe2fRGziG4YJWCv2nn/O";
+          hostnames = [ "hpc.xmu.edu.cn" ];
+        };
+        github =
+        {
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
+          hostnames = [ "github.com" ];
+        };
+        xmupc1 =
+        {
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp";
+          hostnames = [ "[office.chn.moe]:6007" "[xmupc1.chn.moe]:6007" "wireguard.xmupc1.chn.moe" "192.168.83.6" ];
+        };
+        xmupc2 =
+        {
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIJZ/+divGnDr0x+UlknA84Tfu6TPD+zBGmxWZY4Z38P6";
+          hostnames = [ "[xmupc2.chn.moe]:6394" "wireguard.xmupc2.chn.moe" "192.168.83.7" ];
+        };
+      };
+      in builtins.listToAttrs (builtins.map
+        (server:
+        {
+          inherit (server) name;
+          value =
+          {
+            publicKey = "ssh-ed25519 ${server.value.ed25519}";
+            hostNames = server.value.hostnames;
+          };
+        })
+        (inputs.localLib.attrsToList servers));
+    programs.ssh =
+    {
+      startAgent = true;
+      enableAskPassword = true;
+      askPassword = "${inputs.pkgs.systemd}/bin/systemd-ask-password";
+      extraConfig = "AddKeysToAgent yes";
+    };
+    environment.sessionVariables.SSH_ASKPASS_REQUIRE = "prefer";
+    nixos.user.sharedModules =
+    [(hmInputs: {
+      config.programs.ssh =
+      {
+        enable = true;
+        controlMaster = "auto";
+        controlPersist = "1m";
+        compression = true;
+        matchBlocks = builtins.listToAttrs
+        (
+          (builtins.map
+            (host: { name = host; value = { inherit host; hostname = "${host}.chn.moe"; }; })
+            [ "vps4" "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.nas" ])
+          ++ (builtins.map
+            (host: { name = host; value = { inherit host; hostname = "${host}.chn.moe"; forwardX11 = true; }; })
+            [ "wireguard.pc" "wireguard.surface" "wireguard.xmupc1" "wireguard.xmupc2" ])
+          ++ (builtins.map
+            (host:
+            {
+              name = host;
+              value =
+              {
+                host = host;
+                hostname = "hpc.xmu.edu.cn";
+                user = host;
+                setEnv.TERM = "chn_unset_ls_colors:xterm-256color";
+              };
+            })
+            [ "wlin" "hwang" ])
+        )
+        // rec {
+          xmupc1 = { host = "xmupc1"; hostname = "xmupc1.chn.moe"; port = 6007; forwardX11 = true; };
+          xmupc2 = { host = "xmupc2"; hostname = "xmupc2.chn.moe"; port = 6394; forwardX11 = true; };
+          nas = { host = "nas"; hostname = "192.168.1.2"; forwardX11 = true; };
+          pc = { host = "pc"; hostname = "192.168.1.3"; forwardX11 = true; };
+          surface = { host = "surface"; hostname = "192.168.1.4"; forwardX11 = true; };
+          gitea = { host = "gitea"; hostname = "ssh.git.chn.moe"; };
+          jykang =
+          {
+            host = "jykang";
+            hostname = "hpc.xmu.edu.cn";
+            user = "jykang";
+            forwardAgent = true;
+            extraOptions.AddKeysToAgent = "yes";
+          };
+          "wireguard.jykang" = jykang // { host = "internal.jykang"; proxyJump = "wireguard.xmupc1"; };
+        };
+      };
+    })];
+  };
+}
--- a/modules/packages/ssh/default.nix
+++ b/modules/packages/ssh/default.nix
@@ -1,191 +0,0 @@
-inputs:
-{
-  config = inputs.lib.mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
-  {
-    services.openssh.knownHosts =
-      let
-        servers =
-        {
-          vps6 =
-          {
-            ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5ZcvyRyOnUCuRtqrM/Qf+AdUe3a5bhbnfyhw2FSLDZ";
-            hostnames = [ "vps6.chn.moe" "wireguard.vps6.chn.moe" "74.211.99.69" "192.168.83.1" ];
-          };
-          "initrd.vps6" =
-          {
-            ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB4DKB/zzUYco5ap6k9+UxeO04LL12eGvkmQstnYxgnS";
-            hostnames = [ "initrd.vps6.chn.moe" "74.211.99.69" ];
-          };
-          vps7 =
-          {
-            ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5XkdilejDAlg5hZZD0oq69k8fQpe9hIJylTo/aLRgY";
-            hostnames = [ "vps7.chn.moe" "wireguard.vps7.chn.moe" "ssh.git.chn.moe" "95.111.228.40" "192.168.83.2" ];
-          };
-          "initrd.vps7" =
-          {
-            ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGZyQpdQmEZw3nLERFmk2tS1gpSvXwW0Eish9UfhrRxC";
-            hostnames = [ "initrd.vps7.chn.moe" "95.111.228.40" ];
-          };
-          nas =
-          {
-            ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIktNbEcDMKlibXg54u7QOLt0755qB/P4vfjwca8xY6V";
-            hostnames = [ "wireguard.nas.chn.moe" "[office.chn.moe]:5440" "192.168.1.185" "192.168.83.4" ];
-          };
-          "initrd.nas" =
-          {
-            ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAoMu0HEaFQsnlJL0L6isnkNZdRq0OiDXyaX3+fl3NjT";
-            hostnames = [ "initrd.nas.chn.moe" "[office.chn.moe]:5440" "192.168.1.185" ];
-          };
-          surface =
-          {
-            ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdm3DcfHdcLP0oSpVrWwIZ/b9lZuakBSPwCFz2BdTJ7";
-            hostnames = [ "192.168.1.166" "wireguard.surface.chn.moe" "192.168.83.5" ];
-          };
-          pc =
-          {
-            ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSfREi19OSwQnhdsE8wiNwGSFFJwNGN0M5gN+sdrrLJ";
-            hostnames = [ "wireguard.pc.chn.moe" "[office.chn.moe]:3673" "192.168.1.105" "192.168.83.3" ];
-          };
-          hpc =
-          {
-            ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDVpsQW3kZt5alHC6mZhay3ZEe2fRGziG4YJWCv2nn/O";
-            hostnames = [ "hpc.xmu.edu.cn" ];
-          };
-          github =
-          {
-            ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
-            hostnames = [ "github.com" ];
-          };
-          xmupc1 =
-          {
-            ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp";
-            hostnames = [ "[office.chn.moe]:6007" "[xmupc1.chn.moe]:6007" "wireguard.xmupc1.chn.moe" "192.168.83.6" ];
-          };
-          xmupc2 =
-          {
-            ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZ/+divGnDr0x+UlknA84Tfu6TPD+zBGmxWZY4Z38P6";
-            hostnames = [ "[xmupc2.chn.moe]:6394" "wireguard.xmupc2.chn.moe" "192.168.83.7" ];
-          };
-        };
-      in builtins.listToAttrs (builtins.concatLists (builtins.map
-        (server:
-        (
-          if builtins.pathExists ./ssh/${server.name}_rsa.pub then
-          [{
-            name = "${server.name}-rsa";
-            value =
-            {
-              publicKey = builtins.readFile ./ssh/${server.name}_rsa.pub;
-              hostNames = server.value.hostnames;
-            };
-          }]
-          else []
-        )
-        ++ (
-          if builtins.pathExists ./ssh/${server.name}_ecdsa.pub then
-          [{
-            name = "${server.name}-ecdsa";
-            value =
-            {
-              publicKey = builtins.readFile ./ssh/${server.name}_ecdsa.pub;
-              hostNames = server.value.hostnames;
-            };
-          }]
-          else []
-        )
-        ++ (
-          if server.value ? ed25519 then
-          [{
-            name = "${server.name}-ed25519";
-            value =
-            {
-              publicKey = server.value.ed25519;
-              hostNames = server.value.hostnames;
-            };
-          }]
-          else []
-        ))
-        (inputs.localLib.attrsToList servers)));
-    programs.ssh =
-    {
-      startAgent = true;
-      enableAskPassword = true;
-      askPassword = "${inputs.pkgs.systemd}/bin/systemd-ask-password";
-      extraConfig = "AddKeysToAgent yes";
-    };
-    environment.sessionVariables.SSH_ASKPASS_REQUIRE = "prefer";
-    nixos.user.sharedModules =
-    [(hmInputs: {
-      config.programs.ssh =
-      {
-        enable = true;
-        controlMaster = "auto";
-        controlPersist = "1m";
-        compression = true;
-        matchBlocks = builtins.listToAttrs
-        (
-          (builtins.map
-            (host: { name = host; value = { inherit host; hostname = "${host}.chn.moe"; }; })
-            [
-              "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.pc" "wireguard.nas" "wireguard.surface"
-              "wireguard.xmupc1" "wireguard.xmupc2"
-            ])
-          ++ (builtins.map
-            (host:
-            {
-              name = host;
-              value =
-              {
-                host = host;
-                hostname = "hpc.xmu.edu.cn";
-                user = host;
-                extraOptions.SetEnv = "TERM=chn_unset_ls_colors:xterm-256color";
-              };
-            })
-            [ "wlin" "hwang" ])
-        )
-        // {
-          xmupc1 = { host = "xmupc1"; hostname = "xmupc1.chn.moe"; port = 6007; };
-          xmupc2 = { host = "xmupc2"; hostname = "xmupc2.chn.moe"; port = 6394; };
-          nas = { host = "nas"; hostname = "office.chn.moe"; port = 5440; };
-          pc = { host = "pc"; hostname = "office.chn.moe"; port = 3673; };
-          surface = { host = "surface"; hostname = "192.168.1.166"; };
-          gitea = { host = "gitea"; hostname = "ssh.git.chn.moe"; };
-          jykang =
-          {
-            host = "jykang";
-            hostname = "hpc.xmu.edu.cn";
-            user = "jykang";
-            forwardAgent = true;
-            extraOptions.SetEnv =
-              # in .bash_profile:
-              # if [[ $TERM == chn_unset_ls_colors* ]]; then
-              #   export TERM=${TERM#*:}
-              #   export CHN_LS_USE_COLOR=1
-              # fi
-              # if [[ $TERM == chn_cd* ]]; then
-              #   export TERM=${TERM#*:}
-              #   cd ~/${TERM%%:*}
-              #   export TERM=${TERM#*:}
-              # fi
-              # in .bashrc
-              # [ -n "$CHN_LS_USE_COLOR" ] && alias ls="ls --color=auto"
-              let
-                usernameMap =
-                {
-                  chn = "linwei/chn";
-                  xll = "linwei/Xll";
-                  yjq = "linwei/yjq";
-                  gb = "kangjunyong/gongbin";
-                };
-                cdString =
-                  if usernameMap ? ${hmInputs.config.home.username} then
-                    ":chn_cd:${usernameMap.${hmInputs.config.home.username}}"
-                  else "";
-              in "TERM=chn_unset_ls_colors${cdString}:xterm-256color";
-          };
-        };
-      };
-    })];
-  };
-}
--- a/modules/packages/ssh/github_ecdsa.pub
+++ b/modules/packages/ssh/github_ecdsa.pub
@@ -1 +0,0 @@
-ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
--- a/modules/packages/ssh/github_rsa.pub
+++ b/modules/packages/ssh/github_rsa.pub
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
--- a/modules/packages/ssh/hpc_ecdsa.pub
+++ b/modules/packages/ssh/hpc_ecdsa.pub
@@ -1 +0,0 @@
-ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDkkl7A9kWWBoi4b5g6Vus70ja1KhPfcZZjeU1/QbYdN8PRRw/hsGklrhefslKRbym/TMFS0ko0g5WUi9G5vbGw=
--- a/modules/packages/ssh/hpc_rsa.pub
+++ b/modules/packages/ssh/hpc_rsa.pub
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgs8MvV2nczjGMZ548tuAhgvCEd4uHu0VhLDSwQG7Nh/UR4Pgc5T9Nf7Vfwg96Lah/pwD5my4RaWis6bLMmlkYyDBKFBOsGYQUe5J5XfZdxk8pz+7L0Hq6gPfAZAdNlUiuFVKsvkE+NF42NgJyXSYQicPbu5LQiFwZGXlW20+LO8uBQ1y1xabKVpg8XGwordduL99VepwEzeLK/st+UVfW+mKgxkf9TuxvD2fuYIDZM7y2rXqcjf4/6OXA5kACsYK1MgZSFxgO/m6+1uCC1qBDseMTA3D+Tsjf9VtcqUE9dMd/dJ/uuILHJ0+oIqkykTCecPLgJY3Vh8rAtln/lbId
--- a/modules/packages/ssh/nas_rsa.pub
+++ b/modules/packages/ssh/nas_rsa.pub
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0+xafJMnOGCHv6OLljaq8iJ3ZBaIezv7AJ9rVWJXFg/QJRYBwct35c4zaVom7If8F+Ss+BTLMp33HZ8gLpoat6LkjARjy65Ycog3NOnEposX2JjZEYXDbovxEmcJkDXAIVmnaBUi3r22z4UI8OqsHPeRXj017O0yQrQQYEAw/IO/tSNQZt2k8JHxAX50UTqGFdgkriO1fYHBocq48m0nn3sXrMuM3yBe5zy3NngOHxMn7UxjECmAElsuu/nu1x083pRnv5NSa+JxDGJ+S6Zhj3nGGNwZesa51I4cJjsYLxgmO/NxL1J86bDp6HhK9C9799ruG60pGTw6HcvbKTgx7klUgn4936wsy7qukWqp53MvqrLSJkRb/HHU9zZqvzcjbwet+Iv1OAAok5QC88j7Jgenk3nbZw4BNFd2r/8rOZuXheDnMKOa61dXxnvoAO3Euk0RPdZqW1slT/DDyD/kB6TPY7yOywNURNnrwzfSsmravKi6bGA5t2Ehhpf2LETM=
--- a/modules/packages/ssh/pc_rsa.pub
+++ b/modules/packages/ssh/pc_rsa.pub
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOyU7VvusseL2tDp7JkIXKGxRGQNHpYWVAPraUj17Xls7Z9e7HO6+GBiGP+bB9tZbzsoTNGHdXg8VaJmf98QAhhg0FcUb6IvWmfmPWzQ0MC8L+USqdDpaH7s9SOZF/yveNYCR5GOMmFdSW4OPVYIOrjPltDIe5S1SN2nOXvjxbLmuoMjg+5U4F0ii0ZaCRuMVDskeift+Amxe7iRnSzeDbECd0rJhaUb8gf3shz0Hp9lRUMej7cJH8LLP3m0s3Vk+kasKntz18MpJ6/3n+fR2aK75qkcq9FZaFA4tSIabh9eKoxlRCy7g8Qj6nNStW+ys/a1UYBFgAoTyE7e47o3dpcxR5oMLbeDwhOstWL0YOjEH1K5Wyj3eEOT71C6kuQBPcCJQ9q9hknRpW0mWe9Q6qaAzTgE9LLssijr/yTfYQk7zKEyo0i4f6buOfmyYZfnzfnCB3LiJKa98TVEEzrKYHIO44LwIkNf/YHOMDknzjYpav6HfDy+AebRHZFYhGax1YP/tP0Ve/FSq5rh6Vwuqa/zyfFUPZmZVf+EYXK7DdyuBhEZhBEu6QrjY60NRMTMLpnUZMcZXRAz9byMpAGcCYQv6gjU99ps8AkRjZNkn+FpAtDGT+oJxixQwyZMSxZ+ZuzkZGyBMeMplZXMMLICGZ2LRAgT0bxXLZUxHJBLwwnw==
--- a/modules/packages/ssh/surface_rsa.pub
+++ b/modules/packages/ssh/surface_rsa.pub
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJAyDl52UVGFPTV/rXFERrXAMY5qZ3g+tpg9HOGdw86G4Nr8Xp/cTxZjF4kSfIkSrGblAV9Lm4US0fW3pGOQu5qQrSAENxqHxdlEyzt7izyF2CklDUeTjs3KHOIZMvSli4z014NPcswBbjwB9Lyrw0fCQ9P1vYkrUHEzL2SMxdack1EQPcMF4MxblDqc+eQhdMCkKE8T1Cb1ZqxeLVMPn9CwjG18JoxL+/xs+MjcsSXYWcoqYTfgfhguMbh0D4Eo32MHS/IzRSxnOHJxhG5xYePcyBlb/CxQuYA+RTqKNE85j7GcL2oEmeZ1b++/9qFT9grwVh+UOBRO2xiMzKDF24nXPJ+eLyd6Z/3swGT4rTVDnrXV5eZUkWLHN093IdLJCTtPVrKV9OxEKr5sU2W0edpirNrlGq7/MYkJX9EbQctDFA69XfQkZlGK9xGutqSgEaVlY54fS0Due+NDrNBPfMKJ9MTmFDOY+NYn05El2rMD39OKbGbCR5ASwSSBlcQeE=
--- a/modules/packages/ssh/vps6_rsa.pub
+++ b/modules/packages/ssh/vps6_rsa.pub
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDYiP+ELuG5KTmafVjBkY0ZSggJg+mDkvZpF8d7NljMst0YwKWV3IgHnkAGXdTd7jlRgm9HH6oc8rP2R6Q8EJmfr+xcL1IQIWKuYAoddHlpe2Ds4EE74xbgm5Elf7FpdYNHUH9XyVmMmIhVSpLw2N10jUhvYqw+h+xC2nObEKZuBOt/lqrTGbC/EMv3+sDv0ApBh8lKt2yfjt88pnAj1LKPANDgIYSyQOllHQWeUY/eD/5Qc9XWR3uWclslVaxriRmEA0sNZlOFCeRIyDbYpSzQBdcnojkwt7Z5kjhaqGlT9g00fdiqO0OMaeY/G8ki3QxqjONqTEDqK+DpEZFO6jyZARcY6ki0ANc0AO4qosEC3gEbAvVwyPwDFtyDggMTHlTzaw8iakMGSDEk10zKaUOgZYLzC2yCWYYQS5mae9wC1gkXIGD51/laeq2E7NpM+nha6kp9weLVyvwf0DLfwsiP+0qlCLrxBLTSRa0HQ+BnQMi4r16Ss7YJwLf/oXrbOVk=
--- a/modules/packages/ssh/vps7_rsa.pub
+++ b/modules/packages/ssh/vps7_rsa.pub
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDFwb7qi9/DvhpMvu43LRlTEC+3kPAA0KNeyk4FT4HlpRE/yxMxN6tgrP9vcx2c6TMfkRwIJKDcBuVVtKOVx+SDZo+nQBxpSz73v1qSmqlsy8D4gCk0a7cLgStb3Cvh0UZjJ5nVnxjzqY2CFnpnKYGmxL+a3qTj1KYPuA2wSsxkYVcHUfDj/uTtEDdRPaNTACsUxe1a57T/Tsjp+321+zKldYreozaABEBsexf9Z34+3vZvyQcfDB3QuxlBRPJBLik80QllpNpE1bqol8swoGEPbl/Ac7tNy+GtlwTG9SH1povmoT9K+8tjJaG2pD+z+vvgZQtJQh+aczYmEBJRZp3ksw1JH4eGqTWG/SDat9Isnx2NDhJe12b9izniDciuBScNySAazIDPidsCMUYjc9kgWdSOiODOtodj5IB+KazFVJgfpmzPv97LHVdjvR74usrgbFw2mYCw2YEiL3xjDYpQGmXSNklsQLwJiBe59oyS4QNpNYQzYD9StjgRIdvtmiM=
--- a/modules/packages/ssh/xmupc1_rsa.pub
+++ b/modules/packages/ssh/xmupc1_rsa.pub
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVbOvoFVaGkqYzIWsmMFlpkE+TDAONOWWaJBQ0K4fiOLy7uh02b/jYNZrbllPDP+Gq+ikYEJnJX2ceDsh9mLtJTznBQXgJOMUZDYy0enu7hYLKMmRTgJntzHjMbZENMhP+I3N9JnQ1PQz7lICg1xkEBQm2CESYCCjo0rJKYplPH1bo02myEazKlKTn6tu40ysrYOoJO8+jwbUDqtWATjSZtgYojuh6dbIoK3O+Ntgwl4W0NqXEqXYXTWpU0qKOqAsP/9F9WJ5d1wVNNbvmcAJ26dkYaiPCNgW4MGTucAgoxM6IPVVj9U+OEZLoCPsqAGCT02vH5MoDNTmGaSv0DjuYOzz5C+jAhMCznXFXCI4bfawvuda/WwGIniB5iKNSBZt3XxYyUw4YBcVCNiWUt9bIgEvnR4E8HYHdjNrbQ0Z58L6DcPSySLQer7C658Vo/nRUlBq6lIWYhcdjxHHkP9iFtuFW1HmoUKkuaLl+uiflrSppX9wt8eaPwGgGIHkLwgc=
--- a/modules/packages/ssh/xmupc2_rsa.pub
+++ b/modules/packages/ssh/xmupc2_rsa.pub
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCa7ZRmIAtuGd58MQXnJnPqmad+6u8JiBKb7+xEfMmVdeVtJ5lEfXCkZ0vbSMxnGZCLL3eVxdejaGToLw+ArEJ1cl6KzZdsdGy1wATFtJj4oYHtZ/MXg+qulNR4nQ6DGWfGR7FEXjZNaJfVuLBFBmUlsbotBdhaAJzw5+nnIxY5d86nfqzsYstMqB/1ZHLRTV9h/jp8XNgnUu1BR/oVk4eMvzTUbr42LedeB1anLnI0+ycAzol/XMpsUNuRLVhYhMbg9rpyoZF1WMBTjG2Jnv9JtCpJlnZaOjzh3eD8PBuyZtGyya7QxVkhH4ULUMNnuyi8E0IOJwdN4cQi61fa7rLtsYfUrN2w0nI/WRLiBxiuPbvq4tKeHi8DpM/MrUbZONY2eFo4CaX9sxYN6U65jDfsbK3x6Za0HhVt8zcPLGgESm4Y6O8YTQrdbpL1ifNFX2Y9B++FQw2iRoqa6U0Wrs6SfVQFp1RqnqSl6fLOCixl16PpHWqRilweKbg3uIMEqEc=
--- a/modules/packages/steam.nix
+++ b/modules/packages/steam.nix
@@ -1,6 +1,11 @@
 inputs:
 {
-  config = inputs.lib.mkIf (builtins.elem "desktop-extra" inputs.config.nixos.packages._packageSets)
+  options.nixos.packages.steam = let inherit (inputs.lib) mkOption types; in mkOption
+  {
+    type = types.nullOr (types.submodule {});
+    default = if inputs.config.nixos.system.gui.enable then {} else null;
+  };
+  config = let inherit (inputs.config.nixos.packages) steam; in inputs.lib.mkIf (steam != null)
  {
    programs.steam =
    {
@@ -15,6 +20,12 @@ inputs:
          '';
        });
      });
+      extraPackages = [ inputs.pkgs.openssl_1_1 ];
+      extraCompatPackages = [ inputs.pkgs.proton-ge-bin ];
+      remotePlay.openFirewall = true;
+      protontricks.enable = true;
+      localNetworkGameTransfers.openFirewall = true;
+      dedicatedServer.openFirewall = true;
    };
  };
 }
--- a/modules/packages/vasp.nix
+++ b/modules/packages/vasp.nix
@@ -1,7 +1,14 @@
 inputs:
 {
-  config = inputs.lib.mkIf (builtins.elem "workstation" inputs.config.nixos.packages._packageSets)
+  options.nixos.packages.vasp = let inherit (inputs.lib) mkOption types; in mkOption
  {
-    nixos.packages._packages = with inputs.pkgs.localPackages.vasp; [ intel nvidia vtstscripts ];
+    type = types.nullOr (types.submodule {});
+    default = if inputs.config.nixos.system.gui.enable then {} else null;
+  };
+  # TODO: add more options to correctly configure VASP
+  config = let inherit (inputs.config.nixos.packages) vasp; in inputs.lib.mkIf (vasp != null)
+  {
+    nixos.packages.packages._packages = inputs.lib.optionals (inputs.config.nixos.system.nixpkgs.march != null)
+      (with inputs.pkgs.localPackages.vasp; [ intel nvidia vtstscripts ]);
  };
 }
--- a/modules/packages/vim.nix
+++ b/modules/packages/vim.nix
@@ -1,6 +1,8 @@
 inputs:
 {
-  config = inputs.lib.mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
+  options.nixos.packages.vim = let inherit (inputs.lib) mkOption types; in mkOption
+    { type = types.nullOr (types.submodule {}); default = {}; };
+  config = let inherit (inputs.config.nixos.packages) vim; in inputs.lib.mkIf (vim != null)
  {
    nixos.user.sharedModules =
    [{
--- a/modules/packages/vscode.nix
+++ b/modules/packages/vscode.nix
@@ -1,8 +1,13 @@
 inputs:
 {
-  config = inputs.lib.mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
+  options.nixos.packages.vscode = let inherit (inputs.lib) mkOption types; in mkOption
  {
-    nixos.packages = with inputs.pkgs;
+    type = types.nullOr (types.submodule {});
+    default = if inputs.config.nixos.system.gui.enable then {} else null;
+  };
+  config = let inherit (inputs.config.nixos.packages) vscode; in inputs.lib.mkIf (vscode != null)
+  {
+    nixos.packages.packages = with inputs.pkgs;
    {
      _packages =
      [(
@@ -21,7 +26,7 @@ inputs:
                ++ (builtins.attrNames vscode-extensions)
              )));
            in with extensions;
-              (with equinusocio; [ vsc-community-material-theme vsc-material-theme-icons ])
+              (with equinusocio; [ vsc-material-theme vsc-material-theme-icons ])
              ++ (with github; [ copilot copilot-chat github-vscode-theme ])
              ++ (with intellsmi; [ comment-translate deepl-translate ])
              ++ (with ms-python; [ isort python vscode-pylance ])
@@ -58,6 +63,8 @@ inputs:
                yutengjing.open-in-external-app
                # ChatGPT-like plugin
                codeium.codeium
+                # git graph
+                mhutchie.git-graph
              ];
        }
      )];
--- a/modules/packages/workstation.nix
+++ b/modules/packages/workstation.nix
@@ -1,60 +0,0 @@
-inputs:
-{
-  config = inputs.lib.mkIf (builtins.elem "workstation" inputs.config.nixos.packages._packageSets)
-  {
-    nixos =
-    {
-      packages = with inputs.pkgs;
-      {
-        _packages =
-        [
-          # password and key management
-          electrum jabref
-          # system management
-          wl-mirror nvtopPackages.full
-          # nix tools
-          nix-template nil pnpm-lock-export bundix
-          # instant messager
-          cinny-desktop nheko # qq nur-xddxdd.wechat-uos 
-          # development
-          jetbrains.clion android-studio dbeaver-bin cling fprettify aircrack-ng
-          # install per project
-          # clang-tools_16 ccls 
-          # media
-          nur-xddxdd.svp
-          # virtualization
-          wineWowPackages.stagingFull virt-viewer bottles # wine64
-          # text editor
-          appflowy notion-app-enhanced joplin-desktop standardnotes logseq
-          # math, physics and chemistry
-          mathematica paraview jmol mpi # quantum-espresso # localPackages.mumax
-          # encryption and password management
-          john crunch hashcat
-          # container and vm
-          genymotion davinci-resolve playonlinux
-          # browser
-          microsoft-edge tor-browser
-          # news
-          rssguard newsflash newsboat
-        ];
-        _pythonPackages = [(pythonPackages: with pythonPackages;
-        [
-          phonopy tensorflow keras scipy scikit-learn jupyterlab autograd # localPackages.pix2tex
-        ])];
-      };
-      user.sharedModules =
-      [{
-        config.programs.obs-studio =
-        {
-          enable = true;
-          plugins = with inputs.pkgs.obs-studio-plugins; [ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
-        };
-      }];
-    };
-    programs =
-    {
-      anime-game-launcher = { enable = true; package = inputs.pkgs.anime-game-launcher; };
-      honkers-railway-launcher = { enable = true; package = inputs.pkgs.honkers-railway-launcher; };
-    };
-  };
-}
--- a/modules/packages/zsh/default.nix
+++ b/modules/packages/zsh/default.nix
@@ -1,6 +1,8 @@
 inputs:
 {
-  config = inputs.lib.mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
+  options.nixos.packages.zsh = let inherit (inputs.lib) mkOption types; in mkOption
+    { type = types.nullOr (types.submodule {}); default = {}; };
+  config = let inherit (inputs.config.nixos.packages) zsh; in inputs.lib.mkIf (zsh != null)
  {
    nixos.user.sharedModules = [(home-inputs: { config.programs =
    {
@@ -37,11 +39,7 @@ inputs:
            name = "powerlevel10k";
            src = "${inputs.pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
          }
-          {
-            file = "p10k.zsh";
-            name = "powerlevel10k-config";
-            src = ./p10k-config;
-          }
+          { file = "p10k.zsh"; name = "powerlevel10k-config"; src = ./p10k-config; }
          {
            name = "zsh-lsd";
            src = inputs.pkgs.fetchFromGitHub
@@ -71,10 +69,7 @@ inputs:
      autosuggestions.enable = true;
      enableCompletion = true;
      ohMyZsh =
-      {
-        enable = true;
-        plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ];
-      };
+        { enable = true; plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ]; };
    };
  };
 }
--- a/modules/services/beesd.nix
+++ b/modules/services/beesd.nix
@@ -9,14 +9,16 @@ inputs:
        type = types.attrsOf (types.oneOf
        [
          types.nonEmptyStr
-          (types.submodule
+          (types.submodule (submoduleInputs:
          {
            options =
            {
              device = mkOption { type = types.nonEmptyStr; };
              hashTableSizeMB = mkOption { type = types.ints.unsigned; default = 1024; };
              threads = mkOption { type = types.ints.unsigned; default = 1; };
-            };})
+              loadAverage = mkOption { type = types.ints.unsigned; default = submoduleInputs.config.threads; };
+            };
+          }))
        ]);
        default = {};
      };
@@ -37,7 +39,9 @@ inputs:
          [
            "--workaround-btrfs-send"
            "--thread-count" "${builtins.toString instance.value.threads or 1}"
+            "--loadavg-target" "${builtins.toString instance.value.loadAverage or 1}"
            "--scan-mode" "3"
+            "--verbose" "6"
          ];
        };
      })
--- a/modules/services/fz-new-order/default.nix
+++ b/modules/services/fz-new-order/default.nix
@@ -1,10 +1,7 @@
 inputs:
 {
  options.nixos.services.fz-new-order = let inherit (inputs.lib) mkOption types; in mkOption
-  {
-    type = types.nullOr (types.submodule {});
-    default = null;
-  };
+    { type = types.nullOr (types.submodule {}); default = null; };
  config = let inherit (inputs.config.nixos.services) fz-new-order; in inputs.lib.mkIf (fz-new-order != null)
  {
    users =
@@ -72,7 +69,7 @@ inputs:
        "Z /var/lib/fz-new-order - fz-new-order fz-new-order"
      ];
    };
-    sops = let userNum = 6; configNum = 2; in
+    sops = let userNum = 5; configNum = 2; in
    {
      templates."fz-new-order/config.json" =
      {
@@ -80,7 +77,6 @@ inputs:
        group = inputs.config.users.users."fz-new-order".group;
        content = let placeholder = inputs.config.sops.placeholder; in builtins.toJSON
        {
-          manager = placeholder."fz-new-order/manager";
          token = placeholder."fz-new-order/token";
          uids = builtins.map (j: placeholder."fz-new-order/uids/user${builtins.toString j}")
            (builtins.genList (n: n) userNum);
@@ -92,7 +88,7 @@ inputs:
        };
      };
      secrets =
-        { "fz-new-order/manager" = {}; "fz-new-order/token" = {}; }
+        { "fz-new-order/token" = {}; }
        // (builtins.listToAttrs (builtins.map
          (i: { name = "fz-new-order/uids/user${toString i}"; value = {}; })
          (builtins.genList (n: n) userNum)))
--- a/modules/services/fz-new-order/main.cpp
+++ b/modules/services/fz-new-order/main.cpp
@@ -48,7 +48,7 @@ std::string urlencode(std::string s)
 void oneshot
 (
  const std::string& username, const std::string& password, const std::string& comment,
-  const std::set<std::string>& wxuser, const std::set<std::string>& manager, const std::string& token
+  const std::set<std::string>& wxuser, const std::string& token
 )
 {
  httplib::Client fzclient("http://scmv9.fengzhansy.com:8882");
@@ -152,16 +152,6 @@ void oneshot
    for (const auto& order : order_list)
      if (!order_old.contains(order.first))
      {
-        for (const auto& user : manager)
-        {
-          auto path = fmt::format
-          (
-            "/api/send/message/?appToken={}&content={}&uid={}",
-            token, urlencode(fmt::format("push {}", order.first)), user
-          );
-          auto wxresult = wxclient.Get(path.c_str());
-        }
-
        auto body = fmt::format
        (
          "method=dgate&rand=1234&op=scmmgr_pcggl&nv%5B%5D=opmode&nv%5B%5D=ddsp_qry&nv%5B%5D=bill&nv%5B%5D={}",
@@ -248,7 +238,7 @@ int main(int argc, char** argv)
    oneshot
    (
      config["username"].asString(), config["password"].asString(), config["comment"].asString(),
-      uids, { configs["manager"].asString() }, configs["token"].asString()
+      uids, configs["token"].asString()
    );
 }

--- a/modules/services/gitea.nix
+++ b/modules/services/gitea.nix
@@ -19,11 +19,6 @@ inputs:
    services.gitea =
    {
      enable = true;
-      package = inputs.pkgs.gitea.overrideAttrs { src = builtins.fetchurl
-      {
-        url = "https://dl.gitea.com/gitea/1.22.0-rc1/gitea-src-1.22.0-rc1.tar.gz";
-        sha256 = "1h7kjzk7zck7j2advcxc0gsmv3qkwmhcnqi9zl7ypiffy40p6l9y";
-      };};
      lfs.enable = true;
      mailerPasswordFile = inputs.config.sops.secrets."gitea/mail".path;
      database =
--- a/modules/services/hpcstat.nix
+++ b/modules/services/hpcstat.nix
@@ -8,10 +8,8 @@ inputs:
  config = let inherit (inputs.config.nixos.services) hpcstat; in inputs.lib.mkIf (hpcstat != null)
  {
    systemd =
-    {
-      services.hpcstat =
-      {
-        script =
+      let
+        scripts =
          let
            rsync = "${inputs.pkgs.rsync}/bin/rsync";
            grep = "${inputs.pkgs.gnugrep}/bin/grep";
@@ -27,51 +25,86 @@ inputs:
            jykang = "${inputs.topInputs.self}/devices/jykang.xmuhpc";
            ssh-agent = "${inputs.pkgs.openssh}/bin/ssh-agent";
          in
-          ''
-            eval $(${ssh-agent})
-            # check if the file content differ
-            if ${rsync} -e "${ssh}" -acnri ${jykang}/ jykang@hpc.xmu.edu.cn:~/ | ${grep} -E '^[<>]' -q; then
-              ${curl} -X POST -H 'Content-Type: application/json' \
-                -d "{\"chat_id\": \"$(${cat} ${chat})\", \"text\": \"File content differ!\"}" \
-                https://api.telegram.org/bot$(${cat} ${token})/sendMessage
-              exit 1
-            fi
-            # check finishjob
-            ${ssh} jykang@hpc.xmu.edu.cn hpcstat finishjob
-            ${ssh} jykang@hpc.xmu.edu.cn hpcstat push
-            # download database
-            now=$(${date} '+%Y%m%d%H%M%S')
-            ${rsync} -e "${ssh}" \
-              jykang@hpc.xmu.edu.cn:~/linwei/chn/software/hpcstat/var/lib/hpcstat/hpcstat.db \
-              /var/lib/hpcstat/hpcstat.db.$now
-            if [ $? -ne 0 ]; then
-              ${curl} -X POST -H 'Content-Type: application/json' \
-                -d "{\"chat_id\": \"$(${cat} ${chat})\", \"text\": \"Download database failed!\"}" \
-                https://api.telegram.org/bot$(${cat} ${token})/sendMessage
-              exit 1
-            fi
-            # diff database
-            if [ -f /var/lib/hpcstat/hpcstat.db.last ]; then
-              ${hpcstat} verify /var/lib/hpcstat/hpcstat.db.last /var/lib/hpcstat/hpcstat.db.$now
-            fi
-            if [ $? -ne 0 ]; then
-              ${curl} -X POST -H 'Content-Type: application/json' \
-                -d "{\"chat_id\": \"$(${cat} ${chat})\", \"text\": \"Database verification failed!\"}" \
-                https://api.telegram.org/bot$(${cat} ${token})/sendMessage
-              exit 1
-            fi
-            # update database
-            ln -sf hpcstat.db.$now /var/lib/hpcstat/hpcstat.db.last
-          '';
-        serviceConfig = { Type = "oneshot"; User = "hpcstat"; Group = "hpcstat"; };
-      };
-      timers.hpcstat =
+          {
+            finishjob =
+            ''
+              eval $(${ssh-agent})
+              # check if the file content differ
+              if ${rsync} -e "${ssh}" -acnri ${jykang}/ jykang@hpc.xmu.edu.cn:~/ | ${grep} -E '^[<>]' -q; then
+                ${curl} -X POST -H 'Content-Type: application/json' \
+                  -d "{\"chat_id\": \"$(${cat} ${chat})\", \"text\": \"File content differ!\"}" \
+                  https://api.telegram.org/bot$(${cat} ${token})/sendMessage
+                exit 1
+              fi
+              # check finishjob
+              ${ssh} jykang@hpc.xmu.edu.cn hpcstat finishjob
+              ${ssh} jykang@hpc.xmu.edu.cn hpcstat push
+            '';
+            backupdb =
+            ''
+              eval $(${ssh-agent})
+              # download database
+              now=$(${date} '+%Y%m%d%H%M%S')
+              ${rsync} -e "${ssh}" \
+                jykang@hpc.xmu.edu.cn:~/linwei/chn/software/hpcstat/var/lib/hpcstat/hpcstat.db \
+                /var/lib/hpcstat/hpcstat.db.$now
+              if [ $? -ne 0 ]; then
+                ${curl} -X POST -H 'Content-Type: application/json' \
+                  -d "{\"chat_id\": \"$(${cat} ${chat})\", \"text\": \"Download database failed!\"}" \
+                  https://api.telegram.org/bot$(${cat} ${token})/sendMessage
+                exit 1
+              fi
+              # diff database
+              if [ -f /var/lib/hpcstat/hpcstat.db.last ]; then
+                ${hpcstat} verify /var/lib/hpcstat/hpcstat.db.last /var/lib/hpcstat/hpcstat.db.$now
+              fi
+              if [ $? -ne 0 ]; then
+                ${curl} -X POST -H 'Content-Type: application/json' \
+                  -d "{\"chat_id\": \"$(${cat} ${chat})\", \"text\": \"Database verification failed!\"}" \
+                  https://api.telegram.org/bot$(${cat} ${token})/sendMessage
+                exit 1
+              fi
+              # update database
+              ln -sf hpcstat.db.$now /var/lib/hpcstat/hpcstat.db.last
+            '';
+            diskstat =
+            ''
+              eval $(${ssh-agent})
+              ${ssh} jykang@hpc.xmu.edu.cn hpcstat diskstat
+            '';
+          };
+        calenders =
+        {
+          finishjob = "*-*-* *:*:00";
+          backupdb = "*-*-* *:00/10:00";
+          diskstat = "*-*-* 03/12:00:00";
+        };
+      in
      {
-        wantedBy = [ "timers.target" ];
-        timerConfig = { OnCalendar = "*-*-* *:00/5:00"; Unit = "hpcstat.service"; };
+        services = builtins.listToAttrs (builtins.map
+          (script:
+          {
+            name = "hpcstat-${script.name}";
+            value =
+            {
+              script = script.value;
+              serviceConfig = { Type = "oneshot"; User = "hpcstat"; Group = "hpcstat"; };
+            };
+          })
+          (inputs.localLib.attrsToList scripts));
+        timers = builtins.listToAttrs (builtins.map
+          (calender:
+          {
+            name = "hpcstat-${calender.name}";
+            value =
+            {
+              wantedBy = [ "timers.target" ];
+              timerConfig = { OnCalendar = calender.value; Unit = "hpcstat-${calender.name}.service"; };
+            };
+          })
+          (inputs.localLib.attrsToList calenders));
+        tmpfiles.rules = [ "d /var/lib/hpcstat 0700 hpcstat hpcstat" ];
      };
-      tmpfiles.rules = [ "d /var/lib/hpcstat 0700 hpcstat hpcstat" ];
-    };
    sops.secrets =
    {
      "telegram/token" = { group = "telegram"; mode = "0440"; };
--- a/modules/services/huginn.nix
+++ b/modules/services/huginn.nix
@@ -13,14 +13,14 @@ inputs:
    {
      virtualisation.oci-containers.containers.huginn =
      {
-        image = "huginn/huginn:2d5fcafc507da3e8c115c3479e9116a0758c5375";
+        image = "huginn/huginn:5a1509b51188e0d16868be893c983d6fcfd232a5";
        imageFile = inputs.pkgs.dockerTools.pullImage
        {
          imageName = "ghcr.io/huginn/huginn";
-          imageDigest = "sha256:aa694519b196485c6c31582dde007859fc8b8bbe9b1d4d94c6db8558843d0458";
-          sha256 = "0471v20d7ilwx81kyrxjcb90nnmqyyi9mwazbpy3z4rhnzv7pz76";
+          imageDigest = "sha256:6f7a5b41457b94490210221a8bd3aae32d4ebfc2652f97c14919aa8036d7294e";
+          sha256 = "1ha6c6bwdpdl98cwwxw5fan0j77ylgaziidqhnyh6anpzq35f540";
          finalImageName = "huginn/huginn";
-          finalImageTag = "2d5fcafc507da3e8c115c3479e9116a0758c5375";
+          finalImageTag = "5a1509b51188e0d16868be893c983d6fcfd232a5";
        };
        ports = [ "127.0.0.1:3000:3000/tcp" ];
        extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
--- a/modules/services/mariadb.nix
+++ b/modules/services/mariadb.nix
@@ -2,7 +2,7 @@ inputs:
 {
  options.nixos.services.mariadb = let inherit (inputs.lib) mkOption types; in
  {
-    enable = mkOption { type = types.bool; default = inputs.nixos.services.mariadb.instances != {}; };
+    enable = mkOption { type = types.bool; default = inputs.config.nixos.services.mariadb.instances != {}; };
    instances = mkOption
    {
      type = types.attrsOf (types.submodule (submoduleInputs: { options =
--- a/modules/services/meilisearch.nix
+++ b/modules/services/meilisearch.nix
@@ -106,7 +106,8 @@ inputs:
        (inputs.localLib.attrsToList meilisearch.instances));
    };
    environment.persistence =
-      let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
+      let inherit (inputs.config.nixos.system) impermanence;
+      in inputs.lib.mkIf (impermanence.enable && meilisearch.instances != {})
        { "${impermanence.nodatacow}".directories = [ "/var/lib/meilisearch" ]; };
  };
 }
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -1,104 +1,87 @@
 inputs:
 {
-  options.nixos.services.nextcloud = let inherit (inputs.lib) mkOption types; in
+  options.nixos.services.nextcloud = let inherit (inputs.lib) mkOption types; in mkOption
  {
-    enable = mkOption { type = types.bool; default = false; };
-    hostname = mkOption { type = types.nonEmptyStr; default = "nextcloud.chn.moe"; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) nextcloud;
-      inherit (inputs.localLib) attrsToList;
-      inherit (inputs.lib) mkIf mkMerge;
-      inherit (builtins) map listToAttrs toString replaceStrings filter toJSON;
-    in mkIf nextcloud.enable
+    type = types.nullOr (types.submodule { options =
    {
-      services.nextcloud =
+      hostname = mkOption { type = types.nonEmptyStr; default = "nextcloud.chn.moe"; };
+    };});
+    default = null;
+  };
+  config = let inherit (inputs.config.nixos.services) nextcloud; in inputs.lib.mkIf (nextcloud != null)
+  {
+    services.nextcloud =
+    {
+      enable = true;
+      hostName = nextcloud.hostname;
+      appstoreEnable = false;
+      https = true;
+      package = inputs.pkgs.nextcloud29;
+      maxUploadSize = "10G";
+      config =
      {
-        enable = true;
-        hostName = nextcloud.hostname;
-        appstoreEnable = false;
-        https = true;
-        package = inputs.pkgs.nextcloud27;
-        maxUploadSize = "10G";
-        config =
-        {
-          dbtype = "pgsql";
-          dbpassFile = inputs.config.sops.secrets."nextcloud/postgresql".path;
-          dbport = 5432;
-          adminuser = "admin";
-          adminpassFile = inputs.config.sops.secrets."nextcloud/admin".path;
-          overwriteProtocol = "https";
-          defaultPhoneRegion = "CN";
-        };
-        configureRedis = true;
-        extraOptions =
-        {
-          mail_domain = "chn.moe";
-          mail_from_address = "bot";
-          mail_smtphost = "mail.chn.moe";
-          mail_smtpport = 465;
-          mail_smtpsecure = "ssl";
-          mail_smtpauth = true;
-          mail_smtpname = "bot@chn.moe";
-          updatechecker = false;
-        };
-        secretFile = inputs.config.sops.templates."nextcloud/secret".path;
-        extraApps =
-          let
-            githubRelease = repo: file: "https://github.com/${repo}/releases/download/${file}";
-          in
-          {
-            # nix-prefetch-url --unpack
-            maps = inputs.pkgs.fetchNextcloudApp
-            {
-              url = githubRelease "nextcloud/maps" "v1.3.1/maps-1.3.1.tar.gz";
-              sha256 = "1rcmqnm5364h5gaq1yy6b6d7k17napgn0yc9ymrnn75bps9s71v9";
-              license = "agpl3";
-            };
-            phonetrack = inputs.pkgs.fetchNextcloudApp
-            {
-              url = githubRelease "julien-nc/phonetrack" "v0.7.7/phonetrack-0.7.7.tar.gz";
-              sha256 = "1xvdmb2wlcldv8lk4jb8akhi80w26m2jpazfcz641frjm333kxch";
-              license = "agpl3";
-            };
-            twofactor_webauthn = inputs.pkgs.fetchNextcloudApp
-            {
-              url = githubRelease "nextcloud-releases/twofactor_webauthn" "v1.3.2/twofactor_webauthn-v1.3.2.tar.gz";
-              sha256 = "1p4ng7nprlcgw7sdfd7wqx5az86a856f1v470lahg2nfbx3fg296";
-              license = "agpl3";
-            };
-            calendar = inputs.pkgs.fetchNextcloudApp
-            {
-              url = githubRelease "nextcloud-releases/calendar" "v4.6.5/calendar-v4.6.5.tar.gz";
-              sha256 = "18mi6ccq640jq21hmir35v2967h07bjv226072d9qz5qkzkmrhss";
-              license = "agpl3";
-            };
-          };
-        };
-      nixos.services =
-      {
-        postgresql.instances.nextcloud = {};
-        redis.instances.nextcloud.port = 3499;
-        nginx = { enable = true; https.${nextcloud.hostname}.global.configName = nextcloud.hostname; };
+        dbtype = "pgsql";
+        dbpassFile = inputs.config.sops.secrets."nextcloud/postgresql".path;
+        adminuser = "admin";
+        adminpassFile = inputs.config.sops.secrets."nextcloud/admin".path;
      };
-      sops =
+      configureRedis = true;
+      settings =
      {
-        templates."nextcloud/secret" =
-        {
-          content = toJSON
-          {
-            redis.password = inputs.config.sops.placeholder."redis/nextcloud";
-            mail_smtppassword = inputs.config.sops.placeholder."mail/bot";
-          };
-          owner = inputs.config.users.users.nextcloud.name;
-        };
-        secrets =
-        {
-          "nextcloud/postgresql" = { key = "postgresql/nextcloud"; owner = inputs.config.users.users.nextcloud.name; };
-          "nextcloud/admin".owner = inputs.config.users.users.nextcloud.name;
-        };
+        mail_domain = "chn.moe";
+        mail_from_address = "bot";
+        mail_smtphost = "mail.chn.moe";
+        mail_smtpport = 465;
+        mail_smtpsecure = "ssl";
+        mail_smtpauth = true;
+        mail_smtpname = "bot@chn.moe";
+        updatechecker = false;
+        overwriteprotocol = "https";
+        default_phone_region = "CN";
      };
-      systemd.services.nextcloud-setup = rec { requires = [ "postgresql.service" ]; after = requires; };
+      secretFile = inputs.config.sops.templates."nextcloud/secret".path;
+      extraApps =
+        let
+          version = inputs.lib.versions.major inputs.config.services.nextcloud.package.version;
+          info = builtins.fromJSON (builtins.readFile "${inputs.topInputs.nc4nix}/${version}.json");
+          getInfo = package:
+          {
+            inherit (info.${package}) hash url description homepage;
+            appName = package;
+            appVersion = info.${package}.version;
+            license =
+              let
+                licenses = { agpl = "agpl3Only"; };
+                originalLincense = builtins.head info.${package}.licenses;
+              in licenses.${originalLincense} or originalLincense;
+          };
+        in builtins.listToAttrs (builtins.map
+          (package: { name = package; value = inputs.pkgs.fetchNextcloudApp (getInfo package); })
+          [ "maps" "phonetrack" "twofactor_webauthn" "calendar" ]);
    };
+    nixos.services =
+    {
+      postgresql.instances.nextcloud = {};
+      redis.instances.nextcloud.port = 3499;
+      nginx = { enable = true; https.${nextcloud.hostname}.global.configName = nextcloud.hostname; };
+    };
+    sops =
+    {
+      templates."nextcloud/secret" =
+      {
+        content = builtins.toJSON
+        {
+          redis.password = inputs.config.sops.placeholder."redis/nextcloud";
+          mail_smtppassword = inputs.config.sops.placeholder."mail/bot";
+        };
+        owner = inputs.config.users.users.nextcloud.name;
+      };
+      secrets =
+      {
+        "nextcloud/postgresql" = { key = "postgresql/nextcloud"; owner = inputs.config.users.users.nextcloud.name; };
+        "nextcloud/admin".owner = inputs.config.users.users.nextcloud.name;
+      };
+    };
+    systemd.services.nextcloud-setup = rec { requires = [ "postgresql.service" ]; after = requires; };
+  };
 }
--- a/modules/services/nginx/default.nix
+++ b/modules/services/nginx/default.nix
@@ -295,6 +295,7 @@ inputs:
          };
        };
        networking.firewall.allowedTCPPorts = [ 80 443 ];
+        nixos.services.xray.client.v2ray-forwarder.noproxyTcpPorts = [ 80 443 ];
        sops.secrets = { "nginx/maxmind-license".owner = inputs.config.users.users.nginx.name; };
        systemd.services.nginx.serviceConfig =
        {
--- a/modules/services/nix-serve.nix
+++ b/modules/services/nix-serve.nix
@@ -20,7 +20,10 @@ inputs:
        secretKeyFile = inputs.config.sops.secrets."store/signingKey".path;
      };
      sops.secrets."store/signingKey" = {};
-      nixos.services.nginx =
-        { enable = true; https.${nix-serve.hostname}.location."/".proxy.upstream = "http://127.0.0.1:5000"; };
+      nixos.services =
+      {
+        nginx = { enable = true; https.${nix-serve.hostname}.location."/".proxy.upstream = "http://127.0.0.1:5000"; };
+        xray.client.v2ray-forwarder.noproxyTcpPorts = [ 5000 ];
+      };
    };
 }
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				`ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=`
				`@@ -1 +0,0 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
				`@@ -1 +0,0 @@`
				`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgs8MvV2nczjGMZ548tuAhgvCEd4uHu0VhLDSwQG7Nh/UR4Pgc5T9Nf7Vfwg96Lah/pwD5my4RaWis6bLMmlkYyDBKFBOsGYQUe5J5XfZdxk8pz+7L0Hq6gPfAZAdNlUiuFVKsvkE+NF42NgJyXSYQicPbu5LQiFwZGXlW20+LO8uBQ1y1xabKVpg8XGwordduL99VepwEzeLK/st+UVfW+mKgxkf9TuxvD2fuYIDZM7y2rXqcjf4/6OXA5kACsYK1MgZSFxgO/m6+1uCC1qBDseMTA3D+Tsjf9VtcqUE9dMd/dJ/uuILHJ0+oIqkykTCecPLgJY3Vh8rAtln/lbId`
				`@@ -1 +0,0 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0+xafJMnOGCHv6OLljaq8iJ3ZBaIezv7AJ9rVWJXFg/QJRYBwct35c4zaVom7If8F+Ss+BTLMp33HZ8gLpoat6LkjARjy65Ycog3NOnEposX2JjZEYXDbovxEmcJkDXAIVmnaBUi3r22z4UI8OqsHPeRXj017O0yQrQQYEAw/IO/tSNQZt2k8JHxAX50UTqGFdgkriO1fYHBocq48m0nn3sXrMuM3yBe5zy3NngOHxMn7UxjECmAElsuu/nu1x083pRnv5NSa+JxDGJ+S6Zhj3nGGNwZesa51I4cJjsYLxgmO/NxL1J86bDp6HhK9C9799ruG60pGTw6HcvbKTgx7klUgn4936wsy7qukWqp53MvqrLSJkRb/HHU9zZqvzcjbwet+Iv1OAAok5QC88j7Jgenk3nbZw4BNFd2r/8rOZuXheDnMKOa61dXxnvoAO3Euk0RPdZqW1slT/DDyD/kB6TPY7yOywNURNnrwzfSsmravKi6bGA5t2Ehhpf2LETM=
				`@@ -1 +0,0 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOyU7VvusseL2tDp7JkIXKGxRGQNHpYWVAPraUj17Xls7Z9e7HO6+GBiGP+bB9tZbzsoTNGHdXg8VaJmf98QAhhg0FcUb6IvWmfmPWzQ0MC8L+USqdDpaH7s9SOZF/yveNYCR5GOMmFdSW4OPVYIOrjPltDIe5S1SN2nOXvjxbLmuoMjg+5U4F0ii0ZaCRuMVDskeift+Amxe7iRnSzeDbECd0rJhaUb8gf3shz0Hp9lRUMej7cJH8LLP3m0s3Vk+kasKntz18MpJ6/3n+fR2aK75qkcq9FZaFA4tSIabh9eKoxlRCy7g8Qj6nNStW+ys/a1UYBFgAoTyE7e47o3dpcxR5oMLbeDwhOstWL0YOjEH1K5Wyj3eEOT71C6kuQBPcCJQ9q9hknRpW0mWe9Q6qaAzTgE9LLssijr/yTfYQk7zKEyo0i4f6buOfmyYZfnzfnCB3LiJKa98TVEEzrKYHIO44LwIkNf/YHOMDknzjYpav6HfDy+AebRHZFYhGax1YP/tP0Ve/FSq5rh6Vwuqa/zyfFUPZmZVf+EYXK7DdyuBhEZhBEu6QrjY60NRMTMLpnUZMcZXRAz9byMpAGcCYQv6gjU99ps8AkRjZNkn+FpAtDGT+oJxixQwyZMSxZ+ZuzkZGyBMeMplZXMMLICGZ2LRAgT0bxXLZUxHJBLwwnw==
				`@@ -1 +0,0 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJAyDl52UVGFPTV/rXFERrXAMY5qZ3g+tpg9HOGdw86G4Nr8Xp/cTxZjF4kSfIkSrGblAV9Lm4US0fW3pGOQu5qQrSAENxqHxdlEyzt7izyF2CklDUeTjs3KHOIZMvSli4z014NPcswBbjwB9Lyrw0fCQ9P1vYkrUHEzL2SMxdack1EQPcMF4MxblDqc+eQhdMCkKE8T1Cb1ZqxeLVMPn9CwjG18JoxL+/xs+MjcsSXYWcoqYTfgfhguMbh0D4Eo32MHS/IzRSxnOHJxhG5xYePcyBlb/CxQuYA+RTqKNE85j7GcL2oEmeZ1b++/9qFT9grwVh+UOBRO2xiMzKDF24nXPJ+eLyd6Z/3swGT4rTVDnrXV5eZUkWLHN093IdLJCTtPVrKV9OxEKr5sU2W0edpirNrlGq7/MYkJX9EbQctDFA69XfQkZlGK9xGutqSgEaVlY54fS0Due+NDrNBPfMKJ9MTmFDOY+NYn05El2rMD39OKbGbCR5ASwSSBlcQeE=
				`@@ -1 +0,0 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDYiP+ELuG5KTmafVjBkY0ZSggJg+mDkvZpF8d7NljMst0YwKWV3IgHnkAGXdTd7jlRgm9HH6oc8rP2R6Q8EJmfr+xcL1IQIWKuYAoddHlpe2Ds4EE74xbgm5Elf7FpdYNHUH9XyVmMmIhVSpLw2N10jUhvYqw+h+xC2nObEKZuBOt/lqrTGbC/EMv3+sDv0ApBh8lKt2yfjt88pnAj1LKPANDgIYSyQOllHQWeUY/eD/5Qc9XWR3uWclslVaxriRmEA0sNZlOFCeRIyDbYpSzQBdcnojkwt7Z5kjhaqGlT9g00fdiqO0OMaeY/G8ki3QxqjONqTEDqK+DpEZFO6jyZARcY6ki0ANc0AO4qosEC3gEbAvVwyPwDFtyDggMTHlTzaw8iakMGSDEk10zKaUOgZYLzC2yCWYYQS5mae9wC1gkXIGD51/laeq2E7NpM+nha6kp9weLVyvwf0DLfwsiP+0qlCLrxBLTSRa0HQ+BnQMi4r16Ss7YJwLf/oXrbOVk=
				`@@ -1 +0,0 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDFwb7qi9/DvhpMvu43LRlTEC+3kPAA0KNeyk4FT4HlpRE/yxMxN6tgrP9vcx2c6TMfkRwIJKDcBuVVtKOVx+SDZo+nQBxpSz73v1qSmqlsy8D4gCk0a7cLgStb3Cvh0UZjJ5nVnxjzqY2CFnpnKYGmxL+a3qTj1KYPuA2wSsxkYVcHUfDj/uTtEDdRPaNTACsUxe1a57T/Tsjp+321+zKldYreozaABEBsexf9Z34+3vZvyQcfDB3QuxlBRPJBLik80QllpNpE1bqol8swoGEPbl/Ac7tNy+GtlwTG9SH1povmoT9K+8tjJaG2pD+z+vvgZQtJQh+aczYmEBJRZp3ksw1JH4eGqTWG/SDat9Isnx2NDhJe12b9izniDciuBScNySAazIDPidsCMUYjc9kgWdSOiODOtodj5IB+KazFVJgfpmzPv97LHVdjvR74usrgbFw2mYCw2YEiL3xjDYpQGmXSNklsQLwJiBe59oyS4QNpNYQzYD9StjgRIdvtmiM=
				`@@ -1 +0,0 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVbOvoFVaGkqYzIWsmMFlpkE+TDAONOWWaJBQ0K4fiOLy7uh02b/jYNZrbllPDP+Gq+ikYEJnJX2ceDsh9mLtJTznBQXgJOMUZDYy0enu7hYLKMmRTgJntzHjMbZENMhP+I3N9JnQ1PQz7lICg1xkEBQm2CESYCCjo0rJKYplPH1bo02myEazKlKTn6tu40ysrYOoJO8+jwbUDqtWATjSZtgYojuh6dbIoK3O+Ntgwl4W0NqXEqXYXTWpU0qKOqAsP/9F9WJ5d1wVNNbvmcAJ26dkYaiPCNgW4MGTucAgoxM6IPVVj9U+OEZLoCPsqAGCT02vH5MoDNTmGaSv0DjuYOzz5C+jAhMCznXFXCI4bfawvuda/WwGIniB5iKNSBZt3XxYyUw4YBcVCNiWUt9bIgEvnR4E8HYHdjNrbQ0Z58L6DcPSySLQer7C658Vo/nRUlBq6lIWYhcdjxHHkP9iFtuFW1HmoUKkuaLl+uiflrSppX9wt8eaPwGgGIHkLwgc=
				`@@ -1 +0,0 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCa7ZRmIAtuGd58MQXnJnPqmad+6u8JiBKb7+xEfMmVdeVtJ5lEfXCkZ0vbSMxnGZCLL3eVxdejaGToLw+ArEJ1cl6KzZdsdGy1wATFtJj4oYHtZ/MXg+qulNR4nQ6DGWfGR7FEXjZNaJfVuLBFBmUlsbotBdhaAJzw5+nnIxY5d86nfqzsYstMqB/1ZHLRTV9h/jp8XNgnUu1BR/oVk4eMvzTUbr42LedeB1anLnI0+ycAzol/XMpsUNuRLVhYhMbg9rpyoZF1WMBTjG2Jnv9JtCpJlnZaOjzh3eD8PBuyZtGyya7QxVkhH4ULUMNnuyi8E0IOJwdN4cQi61fa7rLtsYfUrN2w0nI/WRLiBxiuPbvq4tKeHi8DpM/MrUbZONY2eFo4CaX9sxYN6U65jDfsbK3x6Za0HhVt8zcPLGgESm4Y6O8YTQrdbpL1ifNFX2Y9B++FQw2iRoqa6U0Wrs6SfVQFp1RqnqSl6fLOCixl16PpHWqRilweKbg3uIMEqEc=