create demo

.sops.yaml

@@ -1,15 +0,0 @@
-keys:
-  - &chn age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
-  - &chn-PC age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
-  - &chn-nixos-test age1thf94z6z4835nxsx56upa3s32vfqq2s6d67rpg7weawj2lrk25asw8smhh
-creation_rules:
-  - path_regex: secrets/chn-PC\.yaml$
-    key_groups:
-    - age:
-      - *chn
-      - *chn-PC
-  - path_regex: secrets/chn-nixos-test\.yaml$
-    key_groups:
-    - age:
-      - *chn
-      - *chn-nixos-test

flake.lock

@@ -1,427 +1,24 @@
 {
   "nodes": {
-    "aagl": {
-      "inputs": {
-        "flake-compat": [
-          "flake-compat"
-        ],
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1689026468,
-        "narHash": "sha256-WRCDX7XjPHJjc7V3EST+fBh8tdE9nbjDnO8bgOeYp90=",
-        "owner": "ezKEa",
-        "repo": "aagl-gtk-on-nix",
-        "rev": "b1fbfb677d402ed1223995ba07980d98a0e8b1c9",
-        "type": "github"
-      },
-      "original": {
-        "owner": "ezKEa",
-        "repo": "aagl-gtk-on-nix",
-        "type": "github"
-      }
-    },
-    "flake-compat": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1673956053,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1687709756,
-        "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils-plus": {
-      "inputs": {
-        "flake-utils": [
-          "flake-utils"
-        ]
-      },
-      "locked": {
-        "lastModified": 1657226504,
-        "narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=",
-        "owner": "gytis-ivaskevicius",
-        "repo": "flake-utils-plus",
-        "rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "gytis-ivaskevicius",
-        "repo": "flake-utils-plus",
-        "type": "github"
-      }
-    },
-    "home-manager": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1688999869,
-        "narHash": "sha256-gLD2UI6+Nb9JV5Wh4FnLHAZwLMiY11RHYBKmBZCxLXc=",
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "rev": "a6d1d954b81caf4c9291b8ac35452fef842f289b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "ref": "master",
-        "repo": "home-manager",
-        "type": "github"
-      }
-    },
-    "impermanence": {
-      "locked": {
-        "lastModified": 1684264534,
-        "narHash": "sha256-K0zr+ry3FwIo3rN2U/VWAkCJSgBslBisvfRIPwMbuCQ=",
-        "owner": "nix-community",
-        "repo": "impermanence",
-        "rev": "89253fb1518063556edd5e54509c30ac3089d5e6",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "impermanence",
-        "type": "github"
-      }
-    },
-    "nix-alien": {
-      "inputs": {
-        "flake-compat": [
-          "flake-compat"
-        ],
-        "flake-utils": [
-          "flake-utils"
-        ],
-        "nix-index-database": [
-          "nix-index-database"
-        ],
-        "nixpkgs": "nixpkgs"
-      },
-      "locked": {
-        "lastModified": 1688594900,
-        "narHash": "sha256-ipCs61DPHfmsaTN7LD/LMgqrsL4Tj/LswbkSc2X5Qtg=",
-        "owner": "thiagokokada",
-        "repo": "nix-alien",
-        "rev": "29b969f5a22d29dddd4da0917e9f18a8aacd85de",
-        "type": "github"
-      },
-      "original": {
-        "owner": "thiagokokada",
-        "repo": "nix-alien",
-        "type": "github"
-      }
-    },
-    "nix-index-database": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1688874465,
-        "narHash": "sha256-BUwl+tq40EjkufTZkqf3lWFzxOA/mYBTHz+p5uJtjaY=",
-        "owner": "Mic92",
-        "repo": "nix-index-database",
-        "rev": "757114749d4613cf71f3748e780a1be8a67a5d3c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "Mic92",
-        "repo": "nix-index-database",
-        "type": "github"
-      }
-    },
-    "nix-vscode-extensions": {
-      "inputs": {
-        "flake-compat": [
-          "flake-compat"
-        ],
-        "flake-utils": [
-          "flake-utils"
-        ],
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1689040077,
-        "narHash": "sha256-wjoCkXdnlUyzxJp7+lUlv/OIPUQGACnvcoIhc4Qrnfw=",
-        "owner": "nix-community",
-        "repo": "nix-vscode-extensions",
-        "rev": "4b46dd34c683a6d212e64bbcea6b8512f613c3f2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nix-vscode-extensions",
-        "type": "github"
-      }
-    },
-    "nixos-cn": {
-      "inputs": {
-        "flake-utils": [
-          "flake-utils"
-        ],
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1682818384,
-        "narHash": "sha256-l8jh9BQj6nfjPDYGyrZkZwX1GaOqBX+pBHU+7fFZU3w=",
-        "owner": "nixos-cn",
-        "repo": "flakes",
-        "rev": "2d475ec68cca251ef6c6c69a9224db5c264c5e5b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos-cn",
-        "repo": "flakes",
-        "type": "github"
-      }
-    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1688403656,
-        "narHash": "sha256-zmNai3dKWUCKpKubPWsEJ1Q7od96KebWVDJNCnk+fr0=",
+        "lastModified": 1689192006,
+        "narHash": "sha256-QM0f0d8oPphOTYJebsHioR9+FzJcy1QNIzREyubB91U=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "453da3c28f7a95374b73d1f3fd665dd40e6049e9",
+        "rev": "2de8efefb6ce7f5e4e75bdf57376a96555986841",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
-    "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1688939073,
-        "narHash": "sha256-jYhYjeK5s6k8QS3i+ovq9VZqBJaWbxm7awTKNhHL9d0=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "8df7a67abaf8aefc8a2839e0b48f92fdcf69a38b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-23.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1689237360,
-        "narHash": "sha256-3mv2hXri9X3zEagLDaTWzfiHyd5mmstdSACgm+tt+gE=",
-        "owner": "CHN-beta",
-        "repo": "nixpkgs",
-        "rev": "8e22575b0c3288e7d76eec4aa6537925d0f006b8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "CHN-beta",
-        "ref": "next",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nur": {
-      "locked": {
-        "lastModified": 1689040992,
-        "narHash": "sha256-BbDqoza/8boSMc9BXfac9v5YYhmzqnHSMkhslOCWxas=",
-        "owner": "nix-community",
-        "repo": "NUR",
-        "rev": "4449587b5a1a8418ebe70c742ff78b0f6092148f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "NUR",
-        "type": "github"
-      }
-    },
-    "nur-xddxdd": {
-      "inputs": {
-        "flake-utils": [
-          "flake-utils"
-        ],
-        "flake-utils-plus": [
-          "flake-utils-plus"
-        ],
-        "nixpkgs": [
-          "nixpkgs-stable"
-        ]
-      },
-      "locked": {
-        "lastModified": 1688969029,
-        "narHash": "sha256-mnAhmE/iN1/NJo3slG3xvDuuaoidqPESIcfAeLUyBuE=",
-        "owner": "xddxdd",
-        "repo": "nur-packages",
-        "rev": "6a2a4dd0d470e33cfdc87faf887af9c3b2359fa1",
-        "type": "github"
-      },
-      "original": {
-        "owner": "xddxdd",
-        "repo": "nur-packages",
-        "type": "github"
-      }
-    },
-    "nvfetcher": {
-      "inputs": {
-        "flake-compat": [
-          "flake-compat"
-        ],
-        "flake-utils": [
-          "flake-utils"
-        ],
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1687440270,
-        "narHash": "sha256-aOAXvfVn+MBSkU+xlQEiyoGpRaF6NvQdpWIhw5OH/Dc=",
-        "owner": "berberman",
-        "repo": "nvfetcher",
-        "rev": "44196458acc2c28c32e456c50277d6148e71e708",
-        "type": "github"
-      },
-      "original": {
-        "owner": "berberman",
-        "repo": "nvfetcher",
-        "type": "github"
-      }
-    },
-    "qchem": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1686741526,
-        "narHash": "sha256-1w8o+HXU9ubz1kRYR56g8jHz/dbJuckJGvXIDK4aw1M=",
-        "owner": "Nix-QChem",
-        "repo": "NixOS-QChem",
-        "rev": "2959232611d40f836daa79522c6fb5e96caea295",
-        "type": "github"
-      },
-      "original": {
-        "owner": "Nix-QChem",
-        "repo": "NixOS-QChem",
-        "type": "github"
-      }
-    },
     "root": {
       "inputs": {
-        "aagl": "aagl",
-        "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils",
-        "flake-utils-plus": "flake-utils-plus",
-        "home-manager": "home-manager",
-        "impermanence": "impermanence",
-        "nix-alien": "nix-alien",
-        "nix-index-database": "nix-index-database",
-        "nix-vscode-extensions": "nix-vscode-extensions",
-        "nixos-cn": "nixos-cn",
-        "nixpkgs": "nixpkgs_2",
-        "nixpkgs-stable": "nixpkgs-stable",
-        "nur": "nur",
-        "nur-xddxdd": "nur-xddxdd",
-        "nvfetcher": "nvfetcher",
-        "qchem": "qchem",
-        "sops-nix": "sops-nix",
-        "touchix": "touchix"
-      }
-    },
-    "sops-nix": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "nixpkgs-stable": [
-          "nixpkgs-stable"
-        ]
-      },
-      "locked": {
-        "lastModified": 1688873469,
-        "narHash": "sha256-9TMSXvXmrr7bDYi+WeskWe/yho9UP01dGbV9vW5bRVc=",
-        "owner": "Mic92",
-        "repo": "sops-nix",
-        "rev": "b2047c8fc963407916ad3834165309007dc5a1f7",
-        "type": "github"
-      },
-      "original": {
-        "owner": "Mic92",
-        "repo": "sops-nix",
-        "type": "github"
-      }
-    },
-    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "touchix": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1685202181,
-        "narHash": "sha256-yRj9Vh3T1pL+cNxhiQCFyH67Ys1h7pcrOfSZM10Xb+g=",
-        "owner": "CHN-beta",
-        "repo": "touchix",
-        "rev": "9cedc2f3dc007875525af480976d91b2990847de",
-        "type": "github"
-      },
-      "original": {
-        "owner": "CHN-beta",
-        "repo": "touchix",
-        "type": "github"
+        "nixpkgs": "nixpkgs"
       }
     }
   },

flake.nix

@@ -1,191 +1,48 @@
 {
 	description = "CNH's NixOS Flake";
 
-	inputs =
-	{
-		nixpkgs.url = "github:CHN-beta/nixpkgs/next";
-		nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.05";
-		flake-utils.url = "github:numtide/flake-utils";
-		flake-utils-plus =
-		{
-			url = "github:gytis-ivaskevicius/flake-utils-plus";
-			inputs.flake-utils.follows = "flake-utils";
-		};
-		flake-compat = { url = "github:edolstra/flake-compat"; flake = false; };
-		nvfetcher =
-		{
-			url = "github:berberman/nvfetcher";
-			inputs =
-			{
-				nixpkgs.follows = "nixpkgs";
-				flake-utils.follows = "flake-utils";
-				flake-compat.follows = "flake-compat";
-			};
-		};
-		home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; };
-		sops-nix =
-		{
-			url = "github:Mic92/sops-nix";
-			inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs-stable"; };
-		};
-		touchix = { url = "github:CHN-beta/touchix"; inputs.nixpkgs.follows = "nixpkgs"; };
-		aagl =
-		{
-			url = "github:ezKEa/aagl-gtk-on-nix";
-			inputs = { nixpkgs.follows = "nixpkgs"; flake-compat.follows = "flake-compat"; };
-		};
-		nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; };
-		nur.url = "github:nix-community/NUR";
-		nixos-cn =
-		{
-			url = "github:nixos-cn/flakes";
-			inputs = { nixpkgs.follows = "nixpkgs"; flake-utils.follows = "flake-utils"; };
-		};
-		nur-xddxdd =
-		{
-			url = "github:xddxdd/nur-packages";
-			inputs =
-			{
-				flake-utils.follows = "flake-utils";
-				nixpkgs.follows = "nixpkgs-stable";
-				flake-utils-plus.follows = "flake-utils-plus";
-			};
-		};
-		nix-vscode-extensions =
-		{
-			url = "github:nix-community/nix-vscode-extensions";
-			inputs =
-			{
-				nixpkgs.follows = "nixpkgs";
-				flake-utils.follows = "flake-utils";
-				flake-compat.follows = "flake-compat";
-			};
-		};
-		nix-alien =
-		{
-			url = "github:thiagokokada/nix-alien";
-			inputs =
-			{
-				flake-compat.follows = "flake-compat";
-				flake-utils.follows = "flake-utils";
-				nix-index-database.follows = "nix-index-database";
-			};
-		};
-		impermanence.url = "github:nix-community/impermanence";
-		qchem =
-		{
-			url = "github:Nix-QChem/NixOS-QChem";
-			inputs.nixpkgs.follows = "nixpkgs";
-		};
-	};
+	inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
 
 	outputs = inputs:
-		let
-			local = import ./local;
-		in
+	{
+		nixosConfigurations =
 		{
-			nixosConfigurations =
+			"good-config" = inputs.nixpkgs.lib.nixosSystem
 			{
-				"chn-PC" = inputs.nixpkgs.lib.nixosSystem
-				{
-					system = "x86_64-linux";
-					specialArgs = { topInputs = inputs; localLib = local.lib; };
-					modules =
-					[
-						inputs.home-manager.nixosModules.home-manager
-						inputs.sops-nix.nixosModules.sops
-						inputs.touchix.nixosModules.v2ray-forwarder
-						inputs.aagl.nixosModules.default
-						inputs.nix-index-database.nixosModules.nix-index
-						inputs.nur.nixosModules.nur
-						inputs.nur-xddxdd.nixosModules.setupOverlay
-						inputs.impermanence.nixosModules.impermanence
-						(args: {
-							config.nixpkgs =
-							{
-								overlays =
-								[
-									(
-										final: prev:
-										{
-											touchix = inputs.touchix.packages."${prev.system}";
-											nix-vscode-extensions = inputs.nix-vscode-extensions.extensions."${prev.system}";
-											localPackages = local.pkgs { pkgs = prev; };
-										}
-									)
-									inputs.qchem.overlays.default
-									(
-										final: prev: { nur-xddxdd =
-											(inputs.nur-xddxdd.overlays.custom args.config.boot.kernelPackages.nvidia_x11) final prev; }
-									)
-								];
-								config.allowUnfree = true;
-							};
-						})
-						(
-							local.lib.mkModules
-							[
-								./modules/boot/fileSystems.nix
-								(inputs: { config.nixos =
-									{
-										fileSystems =
-										{
-											mount =
-											{
-												vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
-												btrfs =
-												{
-													"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
-													"/dev/mapper/root"."/nix" = "/nix";
-												};
-											};
-											decrypt.auto =
-											{
-												"/dev/disk/by-uuid/55fdd19f-0f1d-4c37-bd4e-6df44fc31f26" = { mapper = "root"; ssd = true; };
-												"/dev/md/swap" = { mapper = "swap"; ssd = true; };
-											};
-											mdadm =
-												"ARRAY /dev/md/swap metadata=1.2 name=chn-PC:swap UUID=2b546b8d:e38007c8:02990dd1:df9e23a4";
-											swap = [ "/dev/mapper/swap" ];
-											resume = "/dev/mapper/swap";
-										};
-									};}
-								)
-
-								[ ./modules/basic.nix { hostName = "chn-PC"; } ]
-								./modules/fonts.nix
-								[ ./modules/i18n.nix { fcitx = true; } ]
-								./modules/kde.nix
-								./modules/sops.nix
-								./modules/boot/chn-PC.nix
-								./modules/hardware/bluetooth.nix
-								./modules/hardware/joystick.nix
-								[ ./modules/hardware/nvidia-prime.nix { intelBusId = "PCI:0:2:0"; nvidiaBusId = "PCI:1:0:0"; } ]
-								./modules/hardware/printer.nix
-								./modules/hardware/sound.nix
-								./modules/hardware/chn-PC.nix
-								./modules/networking/basic.nix
-								./modules/networking/samba.nix
-								./modules/networking/ssh.nix
-								./modules/networking/wall_client.nix
-								./modules/networking/xmunet.nix
-								./modules/networking/chn-PC.nix
-								./modules/packages/terminal.nix
-								./modules/packages/gui.nix
-								./modules/packages/gaming.nix
-								./modules/packages/hpc.nix
-								[ ./modules/users/root.nix {} ]
-								[ ./modules/users/chn.nix {} ]
-								./modules/virtualisation/docker.nix
-								./modules/virtualisation/kvm_guest.nix
-								./modules/virtualisation/kvm_host.nix
-								./modules/virtualisation/waydroid.nix
-								./modules/home/root.nix
-								./modules/home/chn.nix
-							]
-						)
-					];
-				};
+				system = "x86_64-linux";
+				modules =
+				[({
+					nixpkgs.overlays = [(final: prev:
+					{
+						clang-hello = final.callPackage ({ llvmPackages }: llvmPackages.stdenv.mkDerivation
+						{
+							pname = "clang-hello";
+							version = "0";
+							phases = [ "installPhase" ];
+							installPhase = "clang --version > $out";
+						}) {};
+					})];
+				})];
+			};
+			"bad-config" = inputs.nixpkgs.lib.nixosSystem
+			{
+				system = "x86_64-linux";
+				modules =
+				[({
+					nixpkgs.overlays = [(final: prev:
+					{
+						clang-hello = final.callPackage ({ llvmPackages }: llvmPackages.stdenv.mkDerivation
+						{
+							pname = "clang-hello";
+							version = "0";
+							phases = [ "installPhase" ];
+							installPhase = "clang --version > $out";
+						}) {};
+					})];
+					programs.ccache.enable = true;
+					nixpkgs.config.replaceStdenv = { pkgs }: pkgs.ccacheStdenv;
+				})];
 			};
 		};
+	};
 }

local/default.nix

@@ -1,4 +0,0 @@
-{
-	lib = import ./lib;
-	pkgs = import ./pkgs;
-}

local/lib/attrsToList.nix

@@ -1 +0,0 @@
-Attrs: builtins.map ( name: { inherit name; value = Attrs.${name}; } ) ( builtins.attrNames Attrs )

local/lib/default.nix

@@ -1,6 +0,0 @@
-{
-	mkModules = import ./mkModules.nix;
-	mkSystem = import ./mkSystems.nix;
-	mkInputs = import ./mkInputs.nix;
-	attrsToList = import ./attrsToList.nix;
-}

local/lib/mkModules.nix

@@ -1,45 +0,0 @@
-# Behaviors of these two NixOS modules would be different:
-# { pkgs, ... }@inputs: { environment.systemPackages = [ pkgs.hello ]; }
-# inputs: { environment.systemPackages = [ pkgs.hello ]; }
-# The second one would failed to evaluate because nixpkgs would not pass pkgs to it.
-# So that we wrote a wrapper to make it always works like the first one.
-# Input a list of modules, allowed types are:
-#	* attribute set
-#	* file containing attribute set
-#	* file containing lambda, which takes inputs as argument
-#	* lambda, which takes inputs as argument
-#	* list, first member is a lambda, 
-moduleList: { pkgs, ... }@inputs:
-{
-	imports = builtins.map
-	(
-		let
-			handle = { module, customArgs }:
-				if ( builtins.typeOf module ) == "list"
-					then handle { module = builtins.elemAt module 0; customArgs = builtins.elemAt module 1; }
-				else if ( builtins.typeOf module ) == "path"
-					then handle { module = import module; inherit customArgs; }
-				else if ( builtins.typeOf module ) == "lambda" && customArgs != null # deprecated
-					then handle { module = module customArgs; customArgs = null; }
-				else if ( builtins.typeOf module ) == "lambda" then module inputs # deprecated
-				else module;
-			caller = module: handle { inherit module; customArgs = null; };
-		in caller
-	) moduleList;
-}
-
-# Behaviors of these two NixOS modules would be different:
-# { pkgs, ... }@inputs: { environment.systemPackages = [ pkgs.hello ]; }
-# inputs: { environment.systemPackages = [ pkgs.hello ]; }
-# The second one would failed to evaluate because nixpkgs would not pass pkgs to it.
-# So that we wrote a wrapper to make it always works like the first one.
-# moduleList: { pkgs, ... }@inputs:
-# {
-# 	imports = builtins.map
-# 	(
-# 		handle = module:
-# 			if ( builtins.typeOf module ) == "path" then handle import module
-# 			else if ( builtins.typeOf module ) == "lambda" then module inputs
-# 			else module;
-# 	) moduleList;
-# }

local/pkgs/default.nix

@@ -1,7 +0,0 @@
-{ pkgs }: with pkgs;
-{
-	typora = callPackage ./typora {};
-	upho = python3Packages.callPackage ./upho {};
-	spectral = python3Packages.callPackage ./spectral {};
-	vesta = callPackage ./vesta {};
-}

local/pkgs/spectral/default.nix

@@ -1,15 +0,0 @@
-{
-	lib, fetchPypi, buildPythonPackage,
-	numpy, pillow, wxPython_4_2, matplotlib, ipython, pyopengl
-}: buildPythonPackage rec
-{
-	pname = "spectral";
-	version = "0.23.1";
-	src = fetchPypi
-	{
-		inherit pname version;
-		sha256 = "sha256-4YIic1Je81g7J6lmIm1Vr+CefSmnI2z82LwN+x+Wj8I=";
-	};
-	doCheck = false;
-	propagatedBuildInputs = [ numpy pillow wxPython_4_2 matplotlib ipython pyopengl ];
-}

local/pkgs/typora/default.nix

@@ -1,42 +0,0 @@
-{ lib, stdenv, steam-run, fetchurl, writeShellScript }:
-let
-	typora-dist = stdenv.mkDerivation rec
-	{
-		pname = "typora-dist";
-		version = "1.6.6";
-		src = fetchurl
-		{
-			url = "https://download.typora.io/linux/typora_${version}_amd64.deb";
-			sha256 = "sha256-77mCgmsROLhfuOmOOyl2C5Ug2NfqEvcD+kMA3aiAQtA=";
-		};
-
-		dontFixup = true;
-
-		unpackPhase =
-		''
-			ar x ${src}
-			tar xf data.tar.xz
-		'';
-		installPhase =
-		''
-			mkdir -p $out
-			mv usr/share $out
-		'';
-	};
-in stdenv.mkDerivation rec
-{
-	pname = "typora";
-	inherit (typora-dist) version;
-	BuildInputs = [ typora-dist steam-run ];
-	startScript = writeShellScript "typora" "${steam-run}/bin/steam-run ${typora-dist}/share/typora/Typora $@";
-	phases = [ "installPhase" ];
-  installPhase =
-	''
-    mkdir -p $out/bin $out/share/applications
-    ln -s ${startScript} $out/bin/typora
-    cp ${typora-dist}/share/applications/typora.desktop $out/share/applications
-		sed -i "s|Exec=.*|Exec=${startScript} %U|g" $out/share/applications/typora.desktop
-		sed -i "s|Icon=.*|Icon=${typora-dist}/share/icons/hicolor/256x256/apps/typora.png|g" \
-			$out/share/applications/typora.desktop
-  '';
-}

local/pkgs/upho/default.nix

@@ -1,14 +0,0 @@
-{ lib, fetchFromGitHub, buildPythonPackage, numpy, h5py, phonopy }: buildPythonPackage rec
-{
-	pname = "upho";
-	version = "0.6.6";
-	src = fetchFromGitHub
-	{
-		owner = "CHN-beta";
-		repo = "upho";
-		rev = "0f27ac6918e8972c70692816438e4ac37ec6b348";
-		sha256 = "sha256-NvoV+AUH9MmGT4ohrLAAvpLs8APP2DOKYlZVliHrVRM=";
-	};
-	doCheck = false;
-	propagatedBuildInputs = [ numpy h5py phonopy ];
-}

local/pkgs/vesta/default.nix

@@ -1,49 +0,0 @@
-{
-	lib, stdenv, fetchurl, autoPatchelfHook, wrapGAppsHook,
-	glib, gtk2, xorg, libGLU, gtk3, writeShellScript, gsettings-desktop-schemas, xdg-utils
-}:
-
-stdenv.mkDerivation rec
-{
-	pname = "vesta";
-	version = "3.5.5";
-	src = fetchurl
-	{
-		url = "https://jp-minerals.org/vesta/archives/${version}/VESTA-gtk3.tar.bz2";
-		sha256 = "sRzQNJA7+hsjLWmykqe6bH0p1/aGEB8hCuxCyPzxYHs=";
-	};
-	desktopFile = fetchurl
-	{
-		url = "https://aur.archlinux.org/cgit/aur.git/plain/VESTA.desktop?h=vesta&id=4fae08afc37ee0fd88d14328cf0d6b308fea04d1";
-		sha256 = "Tq4AzQgde2KIWKA1k6JlxvdphGG9JluHMZjVw0fBUeQ=";
-	};
-
-	nativeBuildInputs = [ glib autoPatchelfHook gtk2 xorg.libXxf86vm libGLU gtk3 xorg.libXtst wrapGAppsHook ];
-	# buildInputs = [ makeWrapper ];
-
-	unpackPhase = "tar -xf ${src}";
-
-  installPhase =
-	# Note '<<-' here, it strips tabs before EOF. It doesn't work with spaces
-	''
-		echo $out
-		mkdir -p $out/share/applications
-		cp ${desktopFile} $out/share/applications/vesta.desktop
-		sed -i "s|Exec=.*|Exec=$out/bin/vesta|" $out/share/applications/vesta.desktop
-		sed -i "s|Icon=.*|Icon=$out/opt/VESTA-gtk3/img/logo.png|" $out/share/applications/vesta.desktop
-
-		mkdir -p $out/opt
-		cp -r VESTA-gtk3 $out/opt/VESTA-gtk3
-
-		mkdir -p $out/bin
-		tee $out/bin/vesta <<- EOF
-			#!${stdenv.shell}
-			export XDG_DATA_DIRS=$GSETTINGS_SCHEMAS_PATH\''${XDG_DATA_DIRS:+:}\$XDG_DATA_DIRS
-			export PATH="\$PATH\''${PATH:+:}${xdg-utils}/bin"
-			$out/opt/VESTA-gtk3/VESTA "\$@"
-		EOF
-		chmod +x $out/bin/vesta
-
-		patchelf --remove-needed libjawt.so $out/opt/VESTA-gtk3/PowderPlot/libswt-awt-gtk-3346.so
-	'';
-}

modules/basic.nix

@@ -1,72 +0,0 @@
-{ hostName }: inputs:
-{
-	config =
-	{
-		nixpkgs.hostPlatform = inputs.lib.mkDefault "x86_64-linux";
-		nix =
-		{
-			settings =
-			{
-				experimental-features = [ "nix-command" "flakes" ];
-				keep-outputs = true;
-				system-features = [ "big-parallel" ];
-				keep-failed = true;
-				auto-optimise-store = true;
-			};
-			daemonIOSchedClass = "idle";
-			daemonCPUSchedPolicy = "idle";
-			registry =
-			{
-				nixpkgs.flake = inputs.topInputs.nixpkgs;
-				nixos-config.flake = inputs.topInputs.self;
-			};
-			# nixPath =
-			# [
-			# 	"nixpkgs=/etc/channels/nixpkgs"
-			# 	"nixos-config=/etc/nixos/configuration.nix"
-			# 	"/nix/var/nix/profiles/per-user/root/channels"
-			# ];
-		};
-		networking.hostName = hostName;
-		time.timeZone = "Asia/Shanghai";
-		system =
-		{
-			stateVersion = "22.11";
-			configurationRevision = inputs.topInputs.self.rev or "dirty";
-		};
-		nixpkgs.config.allowUnfree = true;
-		systemd =
-		{
-			extraConfig =
-			"
-				DefaultTimeoutStopSec=10s
-				DefaultLimitNOFILE=1048576:1048576
-			";
-			user.extraConfig = "DefaultTimeoutStopSec=10s";
-			sleep.extraConfig =
-			"
-				SuspendState=freeze
-				HibernateMode=shutdown
-			";
-			services.nix-daemon.serviceConfig = { Slice = "-.slice"; Nice = "19"; };
-		};
-		programs.nix-ld.enable = true;
-		boot = { supportedFilesystems = [ "ntfs" ]; consoleLogLevel = 7; };
-		hardware.enableAllFirmware = true;
-		security.pam =
-		{
-			u2f = { enable = true; cue = true; authFile = ./u2f_keys; };
-			services = builtins.listToAttrs (builtins.map (name: { inherit name; value = { u2fAuth = true; }; })
-				[ "login" "sudo" "su" "kde" "polkit-1" ]);
-		};
-		systemd.nspawn.arch =
-		{
-			execConfig.PrivateUsers = false;
-			networkConfig.VirtualEthernet = false;
-		};
-		environment.etc."channels/nixpkgs".source = inputs.topInputs.nixpkgs.outPath;
-		# environment.pathsToLink = [ "/include" ];
-		# environment.variables.CPATH = "/run/current-system/sw/include";
-		# environment.variables.LIBRARY_PATH = "/run/current-system/sw/lib";
-	};
-}

modules/boot/chn-PC.nix

@@ -1,184 +0,0 @@
-inputs:
-{
-	config =
-	{
-		# filesystem mount
-		fileSystems."/" =
-		{
-			device = "/dev/mapper/root";
-			fsType = "btrfs";
-			options = [ "subvol=nix/rootfs/current" "compress-force=zstd" ];
-		};
-		# sudo btrfs fi mkswapfile --size 64g --uuid clear swap
-		# sudo btrfs inspect-internal map-swapfile -r swap
-		# sudo mdadm --create /dev/md/swap --level 0 --raid-devices 2 /dev/nvme1n1p5 /dev/nvme0n1p5
-		# sudo mkswap --uuid clear /dev/md/swap
-		# sudo cryptsetup luksFormat /dev/md/swap
-		# sudo systemd-cryptenroll --fido2-device=auto /dev/md/swap
-		# sudo systemd-cryptenroll --wipe-slot=0 /dev/md/swap
-		# sudo $(dirname $(realpath $(which systemctl)))/../lib/systemd/systemd-cryptsetup \
-		#		attach swap /dev/md/swap - fido2-device=auto
-		# sudo mkswap --uuid clear /dev/mapper/swap
-
-		# kernel, modules, ucode
-		boot.kernelPackages = inputs.pkgs.linuxPackages_xanmod_latest;
-		hardware.cpu.intel.updateMicrocode = true;
-		# modules auto loaded in stage2
-		boot.kernelModules = [ "kvm-intel" "br_netfilter" ];
-		# modules install but not auto loaded
-		# boot.extraModulePackages = [ yourmodulename ];
-		boot.extraModprobeConfig =
-		''
-			options kvm_intel nested=1
-			options iwlmvm power_scheme=1
-			options iwlwifi uapsd_disable=1
-		'';
-		boot.kernelParams = [ "delayacct" "acpi_osi=Linux" ];
-		boot.kernelPatches =
-		[
-			{ name = "hdmi"; patch = ./hdmi.patch; }
-			{
-				name = "cjktty";
-				patch = inputs.pkgs.fetchurl
-				{
-					url = "https://raw.githubusercontent.com/zhmars/cjktty-patches/master/v6.x/cjktty-6.3.patch";
-					sha256 = "sha256-QnsWruzhtiZnqzTUXkPk9Hb19Iddr4VTWXyV4r+iLvE=";
-				};
-				extraStructuredConfig = { FONT_CJK_16x16 = inputs.lib.kernel.yes; FONT_CJK_32x32 = inputs.lib.kernel.yes; };
-			}
-			{
-				name = "custom config";
-				patch = null;
-				extraStructuredConfig =
-				{
-					GENERIC_CPU = inputs.lib.kernel.no;
-					MALDERLAKE = inputs.lib.kernel.yes;
-					PREEMPT_VOLUNTARY = inputs.lib.mkForce inputs.lib.kernel.no;
-					PREEMPT = inputs.lib.mkForce inputs.lib.kernel.yes;
-					HZ_500 = inputs.lib.mkForce inputs.lib.kernel.no;
-					HZ_1000 = inputs.lib.mkForce inputs.lib.kernel.yes;
-					HZ = inputs.lib.mkForce (inputs.lib.kernel.freeform "1000");
-				};
-			}
-		];
-
-		# grub
-		boot.loader =
-		{
-			timeout = 5;
-			efi = { canTouchEfiVariables = true; efiSysMountPoint = "/boot/efi"; };
-			grub =
-			{
-				enable = true;
-				# for BIOS, set disk to install; for EFI, set nodev
-				device = "nodev";
-				efiSupport = true;
-				useOSProber = false;
-				extraEntries =
-				''
-					menuentry "Windows" {
-						insmod part_gpt
-						insmod fat
-						insmod search_fs_uuid
-						insmod chain
-						search --fs-uuid --set=root 7317-1DB6
-						chainloader /EFI/Microsoft/Boot/bootmgfw.efi
-					}
-					menuentry "Windows for malware" {
-						insmod part_gpt
-						insmod fat
-						insmod search_fs_uuid
-						insmod chain
-						search --fs-uuid --set=root 7321-FA9C
-						chainloader /EFI/Microsoft/Boot/bootmgfw.efi
-					}
-				'';
-			};
-		};
-
-		# initrd, luks
-		boot.initrd =
-		{
-			systemd =
-			{
-				enable = true;
-				services.create-current-rootfs =
-				{
-					wantedBy = [ "local-fs-pre.target" ];
-					after = [ "cryptsetup.target" ];
-					before = [ "local-fs-pre.target" ];
-					unitConfig.DefaultDependencies = false;
-					serviceConfig.Type = "oneshot";
-					script =
-					''
-						mount /dev/mapper/root /mnt -m
-						if [ -f /mnt/nix/rootfs/current/.timestamp ]
-						then
-							mv /mnt/nix/rootfs/current /mnt/nix/rootfs/$(cat /mnt/nix/rootfs/current/.timestamp)
-						fi
-						btrfs subvolume create /mnt/nix/rootfs/current
-						echo $(date '+%Y%m%d%H%M%S') > /mnt/nix/rootfs/current/.timestamp
-						umount /mnt
-					'';
-				};
-			};
-			# modules in initrd
-			# modprobe --show-depends
-			availableKernelModules =
-			[
-				"ahci" "bfq" "i915" "intel_cstate" "nls_cp437" "nls_iso8859-1" "nvidia" "nvidia_drm" "nvidia_modeset"
-				"nvidia_uvm" "nvme" "sr_mod" "usbhid" "usb_storage" "virtio_blk" "virtio_pci" "xhci_pci"
-			]
-			# speed up luks decryption
-			++ [ "aesni_intel" "cryptd" "crypto_simd" "libaes" ];
-		};
-
-		# impermanence
-		environment.persistence."/nix/persistent" =
-		{
-			hideMounts = true;
-			directories =
-			[
-				"/etc/NetworkManager/system-connections"
-				"/home"
-				"/root"
-				"/var"
-			];
-			files =
-			[
-				"/etc/machine-id"
-				"/etc/ssh/ssh_host_ed25519_key.pub"
-				"/etc/ssh/ssh_host_ed25519_key"
-				"/etc/ssh/ssh_host_rsa_key.pub"
-				"/etc/ssh/ssh_host_rsa_key"
-			];
-		};
-
-		# services
-		systemd.services =
-		{
-			nix-daemon = { environment = { TMPDIR = "/var/cache/nix"; }; serviceConfig = { CacheDirectory = "nix"; }; };
-			systemd-tmpfiles-setup = { environment = { SYSTEMD_TMPFILES_FORCE_SUBVOL = "0"; }; };
-		};
-		services =
-		{
-			snapper.configs.persistent =
-			{
-				SUBVOLUME = "/nix/persistent";	
-				TIMELINE_CREATE = true;
-				TIMELINE_CLEANUP = true;
-				TIMELINE_MIN_AGE = 1800;
-				TIMELINE_LIMIT_HOURLY = "10";
-				TIMELINE_LIMIT_DAILY = "7";
-				TIMELINE_LIMIT_WEEKLY = "1";
-				TIMELINE_LIMIT_MONTHLY = "0";
-				TIMELINE_LIMIT_YEARLY = "0";
-			};
-			udev.extraRules =
-			''
-				ACTION=="add|change", KERNEL=="[sv]d[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="bfq"
-				ACTION=="add|change", KERNEL=="nvme[0-9]n[0-9]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="bfq"
-			'';
-		};
-	};
-}

modules/boot/fileSystems.nix

@@ -1,119 +0,0 @@
-inputs:
-{
-	options.nixos.fileSystems = let inherit (inputs.lib) mkOption types; in
-	{
-		mount =
-		{
-			# device = mountPoint;
-			vfat = mkOption { type = types.attrsOf types.nonEmptyStr; };
-			# device.subvol = mountPoint;
-			btrfs = mkOption { type = types.attrsOf (types.attrsOf types.nonEmptyStr); };
-		};
-		decrypt.auto = mkOption { type = types.attrsOf (types.submodule { options =
-		{
-			mapper = mkOption { type = types.nonEmptyStr; };
-			ssd = mkOption { type = types.bool; default = false; };
-		}; }); };
-		mdadm = mkOption { type = types.nullOr types.str; };
-		swap = mkOption { type = types.listOf types.nonEmptyStr; };
-		resume = mkOption { type = types.nullOr (types.str or (types.submodule { options =
-			{ device = mkOption { type = types.nonEmptyStr; }; offset = mkOption { type = types.ints.unsigned; }; }; })); };
-		# cleanRootfs = mkOption { type = types.nullOr
-
-		# swap and resume
-		# swap != resume.device if swap is a file
-		# swap = mkOption { type = types.nullOr types.str; };
-		# resume =
-		# {
-		# 	device = mkOption { type = types.nullOr types.str; };
-		# 	# sudo btrfs fi mkswapfile --size 64g --uuid clear swap
-		# 	# sudo btrfs inspect-internal map-swapfile -r swap
-		# 	offset = mkOption { type = types.nullOr types.ints.unsigned; };
-		# };
-	};
-	config =
-	{
-		fileSystems =
-		(
-			builtins.listToAttrs (builtins.map
-				(device: { name = device.value; value = { device = device.name; fsType = "vfat"; }; })
-				(inputs.localLib.attrsToList inputs.config.nixos.fileSystems.mount.vfat))
-		)
-		// (
-			builtins.listToAttrs (builtins.concatLists (builtins.map
-				(
-					device: builtins.map
-						(
-							subvol:
-							{
-								name = subvol.value;
-								value =
-								{
-									device = device.name;
-									fsType = "btrfs";
-									options = [ "compress-force=zstd:8" "subvol=${subvol.name}" ];
-								};
-							}
-						)
-						(inputs.localLib.attrsToList device.value)
-				)
-				(inputs.localLib.attrsToList inputs.config.nixos.fileSystems.mount.btrfs)))
-		);
-		swapDevices = builtins.map (device: { device = device; }) inputs.config.nixos.fileSystems.swap;
-		boot =
-		{
-			initrd = {}
-			// (
-				if inputs.config.nixos.fileSystems.decrypt.auto != null then
-				{
-					luks.devices =
-					(
-						builtins.listToAttrs (builtins.map
-							(
-								device:
-								{
-									name = device.value.mapper;
-									value =
-									{
-										device = device.name;
-										allowDiscards = device.value.ssd;
-										bypassWorkqueues = device.value.ssd;
-										crypttabExtraOpts = [ "fido2-device=auto" ];
-									};
-								}
-							)
-							(inputs.localLib.attrsToList inputs.config.nixos.fileSystems.decrypt.auto))
-					);
-				}
-				else {}
-			)
-			// (
-				if inputs.config.nixos.fileSystems.mdadm != null then
-					{ services.swraid = { enable = true; mdadmConf = inputs.config.nixos.fileSystems.mdadm; }; }
-				else {}
-			);
-		}
-		// (
-			if inputs.config.nixos.fileSystems.resume != null then
-				if builtins.typeOf inputs.config.nixos.fileSystems.resume == "string" then
-					{ resumeDevice = inputs.config.nixos.fileSystems.resume; }
-				else
-				{
-					resumeDevice = inputs.config.nixos.fileSystems.resume.device;
-					kernelModules = [ "resume_offset=${inputs.config.nixos.fileSystems.resume.offset}" ];
-				}
-			else {}
-		);
-	};
-}
-
-# Disable CoW for VM image and database:
-# sudo chattr +C images
-# zstd:15 cause sound stuttering
-# From btrfs wiki: 1-3 are real-time, 4-8 slower with improved compression,
-#	 9-15 try even harder though the resulting size may not be significantly improved.
-# https://btrfs.readthedocs.io/en/latest/Compression.html
-# sudo btrfs filesystem resize -50G /nix
-# sudo cryptsetup status root
-# sudo cryptsetup -b 3787456512 resize root
-# sudo cfdisk /dev/nvme1n1p3

modules/boot/hdmi.patch

@@ -1,14 +0,0 @@
-diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c
-index 55544d484318..d6f257f8fd14 100644
---- a/drivers/gpu/drm/i915/display/intel_bios.c
-+++ b/drivers/gpu/drm/i915/display/intel_bios.c
-@@ -2708,7 +2708,7 @@ static void parse_ddi_port(struct intel_bios_encoder_data *devdata)
- 	if (i915->display.vbt.ports[port]) {
- 		drm_dbg_kms(&i915->drm,
- 			    "More than one child device for port %c in VBT, using the first.\n",
- 			    port_name(port));
--		return;
-+		// return;
- 	}
- 
- 	sanitize_device_type(devdata, port);

modules/fonts.nix

@@ -1,16 +0,0 @@
-inputs:
-{
-	config.fonts =
-	{
-		fontDir.enable = true;
-		fonts = with inputs.pkgs;
-			[ noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono nerdfonts ];
-		fontconfig.defaultFonts =
-		{
-			emoji = [ "Noto Color Emoji" ];
-			monospace = [ "Noto Sans Mono CJK SC" "Sarasa Mono SC" "DejaVu Sans Mono"];
-			sansSerif = [ "Noto Sans CJK SC" "Source Han Sans SC" "DejaVu Sans" ];
-			serif = [ "Noto Serif CJK SC" "Source Han Serif SC" "DejaVu Serif" ];
-		};
-	};
-}

modules/hardware/bluetooth.nix

@@ -1 +0,0 @@
-{ config.hardware.bluetooth.enable = true; }

modules/hardware/chn-PC.nix

@@ -1,79 +0,0 @@
-{ pkgs, ... }@inputs:
-{
-	config =
-	{
-		nix.settings.system-features = [ "nixos-test" "benchmark" "kvm" "gccarch-alderlake" ];
-		nixpkgs =
-		{
-			hostPlatform = { system = "x86_64-linux"; gcc = { arch = "alderlake"; tune = "alderlake"; }; };
-			config.allowUnfree = true;
-			overlays =
-			[(
-				final: prev:
-					let
-						generic-pkgs = (inputs.topInputs.nixpkgs.lib.nixosSystem
-						{
-							system = "x86_64-linux";
-							modules = [{ config.nixpkgs.config.allowUnfree = true; }];
-						}).pkgs;
-					in
-						{
-							pandoc = generic-pkgs.pandoc;
-							fwupd = generic-pkgs.fwupd;
-						}
-			)];
-			config.qchem-config.optArch = "alderlake";
-		};
-		services.dbus.implementation = "broker";
-		programs.dconf.enable = true;
-		hardware.opengl.extraPackages = with inputs.pkgs; [ intel-media-driver intel-ocl ];
-		systemd.services =
-		{
-			reload-iwlwifi-after-hibernate =
-			{
-				description = "reload iwlwifi after resume from hibernate";
-				after = [ "systemd-hibernate.service" ];
-				serviceConfig =
-				{
-					Type = "oneshot";
-					ExecStart = let inherit (inputs.pkgs) kmod bash; in
-					[
-						"${kmod}/bin/modprobe -r iwlwifi" "${kmod}/bin/modprobe iwlwifi"
-						"${bash}/bin/bash -c 'echo 0 /sys/devices/system/cpu/intel_pstate/no_turbo'"
-					];
-				};
-				wantedBy = [ "systemd-hibernate.service" ];
-			};
-			lid-no-wakeup =
-			{
-				description = "lid no wake up";
-				serviceConfig.ExecStart = let inherit (inputs.pkgs) bash coreutils gnugrep; in
-					"${bash}/bin/bash -c '"
-						+ "if ${coreutils}/bin/cat /proc/acpi/wakeup | "
-						+ "${gnugrep}/bin/grep LID0 | "
-						+ "${gnugrep}/bin/grep -q enabled; then "
-							+ "echo LID0 > /proc/acpi/wakeup; "
-						+ "fi"
-					+ "'";
-				wantedBy = [ "multi-user.target" ];
-			};
-		};
-		boot.kernel.sysctl =
-		{
-			"net.core.rmem_max" = 67108864;
-			"net.core.wmem_max" = 67108864;
-			"net.ipv4.tcp_rmem" = "4096 87380 67108864";
-			"net.ipv4.tcp_wmem" = "4096 65536 67108864";
-			"net.ipv4.tcp_mtu_probing" = true;
-			"net.ipv4.tcp_tw_reuse" = true;
-			"vm.swappiness" = 10;
-			"net.ipv4.tcp_max_syn_backlog" = 8388608;
-			"net.core.netdev_max_backlog" = 8388608;
-			"net.core.somaxconn" = 8388608;
-			"vm.oom_kill_allocating_task" = true;
-			"vm.oom_dump_tasks" = false;
-			"vm.overcommit_kbytes" = 22020096;
-			"dev.i915.perf_stream_paranoid" = false;
-		};
-	};
-}

modules/hardware/joystick.nix

@@ -1 +0,0 @@
-{ config.hardware = { xone.enable = true; xpadneo.enable = true; }; }

modules/hardware/nvidia-prime.nix

@@ -1,24 +0,0 @@
-{ intelBusId, nvidiaBusId }: inputs:
-{
-	config =
-	{
-		services.xserver.videoDrivers = inputs.lib.mkBefore [ "intel" "nvidia" ];
-		hardware.nvidia.prime =
-		{
-			offload.enable = true;
-			intelBusId = intelBusId;
-			nvidiaBusId = nvidiaBusId;
-		};
-		environment.systemPackages =
-		[(
-			inputs.pkgs.writeShellScriptBin "nvidia-offload"
-			''
-				export __NV_PRIME_RENDER_OFFLOAD=1
-				export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
-				export __GLX_VENDOR_LIBRARY_NAME=nvidia
-				export __VK_LAYER_NV_optimus=NVIDIA_only
-				exec "$@"
-			''
-		)];
-	};
-}

modules/hardware/printer.nix

@@ -1,8 +0,0 @@
-inputs:
-{
-	config.services =
-	{
-		printing = { enable = true; drivers = [ inputs.pkgs.cnijfilter2 ]; };
-		avahi = { enable = true; nssmdns = true; openFirewall = true; };
-	};
-}

modules/hardware/sound.nix

@@ -1,19 +0,0 @@
-inputs:
-{
-	config =
-	{
-		sound =
-		{
-			enable = true;
-			extraConfig = "session.suspend-timeout-seconds 0";
-		};
-		hardware.pulseaudio.enable = false;
-		security.rtkit.enable = true;
-		services.pipewire =
-		{
-			enable = true;
-			alsa = { enable = true; support32Bit = true; };
-			pulse.enable = true;
-		};
-	};
-}

modules/home/chn.nix

@@ -1,13 +0,0 @@
-inputs:
-{
-	config =
-	{
-		home-manager.users.chn = { pkgs, ... }:
-		{
-			home.stateVersion = "22.11";
-			programs.zsh = import ./zsh.nix { inherit pkgs; };
-			programs.direnv.enable = true;
-			programs.direnv.nix-direnv.enable = true;
-		};
-	};
-}

modules/home/root.nix

@@ -1,14 +0,0 @@
-{
-	config.home-manager =
-	{
-		useGlobalPkgs = true;
-		useUserPackages = true;
-		users.root = { pkgs, ... }:
-		{
-			home.stateVersion = "22.11";
-			programs.zsh = import ./zsh.nix { inherit pkgs; };
-			programs.direnv.enable = true;
-			programs.direnv.nix-direnv.enable = true;
-		};
-	};
-}

modules/home/zsh.nix

@@ -1,62 +0,0 @@
-{ pkgs }:
-{
-	enable = true;
-	initExtraBeforeCompInit =
-	''
-		# p10k instant prompt
-		P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
-		[[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
-
-		HYPHEN_INSENSITIVE="true"
-
-		export PATH=~/bin:$PATH
-
-		function br
-		{
-			local cmd cmd_file code
-			cmd_file=$(mktemp)
-			if broot --outcmd "$cmd_file" "$@"; then
-				cmd=$(<"$cmd_file")
-				command rm -f "$cmd_file"
-				eval "$cmd"
-			else
-				code=$?
-				command rm -f "$cmd_file"
-				return "$code"
-			fi
-		}
-	'';
-	plugins =
-	[
-		{
-			file = "powerlevel10k.zsh-theme";
-			name = "powerlevel10k";
-			src = "${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
-		}
-		{
-			file = "p10k.zsh";
-			name = "powerlevel10k-config";
-			src = ./p10k-config;
-		}
-		{
-			name = "zsh-lsd";
-			src = pkgs.fetchFromGitHub
-			{
-        owner = "z-shell";
-        repo = "zsh-lsd";
-        rev = "029a9cb0a9b39c9eb6c5b5100dd9182813332250";
-				sha256 = "sha256-oWjWnhiimlGBMaZlZB+OM47jd9hporKlPNwCx6524Rk=";
-      };
-		}
-		# {
-		# 	name = "zsh-exa";
-		# 	src = pkgs.fetchFromGitHub
-		# 	{
-		# 		owner = "ptavares";
-		# 		repo = "zsh-exa";
-		# 		rev = "0.2.3";
-		# 		sha256 = "0vn3iv9d3c1a4rigq2xm52x8zjaxlza1pd90bw9mbbkl9iq8766r";
-		# 	};
-		# }
-	];
-}

modules/i18n.nix

@@ -1,20 +0,0 @@
-{ fcitx }: inputs:
-{
-	config.i18n =
-	{
-		defaultLocale = "zh_CN.UTF-8";
-		supportedLocales = ["zh_CN.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "C.UTF-8/UTF-8"];
-	}
-	//
-	(
-		if fcitx then
-		{
-			inputMethod =
-			{
-				enabled = "fcitx5";
-				fcitx5.addons = with inputs.pkgs; [ fcitx5-rime fcitx5-chinese-addons fcitx5-mozc ];
-			};
-		}
-		else {}
-	);
-}

modules/kde.nix

@@ -1,20 +0,0 @@
-inputs:
-{
-	config =
-	{
-		services.xserver =
-		{
-			enable = true;
-			displayManager.sddm.enable = true;
-			desktopManager.plasma5.enable = true;
-		};
-		environment =
-		{
-			sessionVariables."GTK_USE_PORTAL" = "1";
-			systemPackages = [ inputs.pkgs.libsForQt5.qtstyleplugin-kvantum ];
-		};
-		xdg.portal.extraPortals = with inputs.pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ];
-		programs.xwayland.enable = true;
-		programs.kdeconnect.enable = true;
-	};
-}

modules/networking/basic.nix

@@ -1 +0,0 @@
-{ config.networking.networkmanager.enable = true; }

modules/networking/chn-PC.nix

@@ -1,9 +0,0 @@
-{
-	config.services.dnsmasq.settings.address =
-	[
-		"/mirism.one/216.24.188.24"
-		"/beta.mirism.one/216.24.188.24"
-		"/ng01.mirism.one/216.24.188.24"
-		"/debug.mirism.one/127.0.0.1"
-	];
-}

modules/networking/samba.nix

@@ -1,45 +0,0 @@
-inputs:
-{
-	config =
-	{
-		# make shares visible for windows 10 clients
-		services.samba-wsdd.enable = true;
-		# networking.firewall = { allowedTCPPorts = [ 5357 ]; allowedUDPPorts = [ 3702 ]; };
-		
-		services.samba =
-		{
-			enable = true;
-			securityType = "user";
-			extraConfig =
-			''
-				workgroup = WORKGROUP
-				server string = Samba Server
-				server role = standalone server
-				hosts allow = 192.168. 127.
-				dns proxy = no
-			'';
-			shares = builtins.listToAttrs (builtins.map
-				(config: { name = config.name; value =
-				{
-					comment = config.comment;
-					path = config.path;
-					browseable = true;
-					writeable = true;
-					"create mask" = "664";
-					"force create mode" = "644";
-					"security mask" = "644";
-					"force security mode" = "644";
-					"directory mask" = "2755";
-					"force directory mode" = "2755";
-					"directory security mask" = "2755";
-					"force directory security mode" = "2755";
-				}; })
-				[
-					{ name = "media"; comment = "chn media"; path = "/run/media/chn"; }
-					{ name = "home"; comment = "chn home"; path = "/home/chn"; }
-					{ name = "mnt"; comment = "mnt"; path = "/mnt"; }
-					{ name = "share"; comment = "chn share"; path = "/home/chn/share"; }
-				]);
-		};
-	};
-}

modules/networking/ssh.nix

@@ -1 +0,0 @@
-{ config.services.openssh.enable = true; }

modules/networking/wall_client.nix

@@ -1,55 +0,0 @@
-inputs:
-{
-	config =
-	{
-		services =
-		{
-			dnsmasq =
-			{
-				enable = true;
-				settings =
-				{
-					no-poll = true;
-					server = [ "127.0.0.1#10853" ];
-					listen-address = "127.0.0.1";
-					bind-interfaces = true;
-					ipset =
-					[
-						"/developer.download.nvidia.com/noproxy_net"
-						"/yuanshen.com/noproxy_net"
-						"/zoom.us/noproxy_net"
-					];	
-				};
-			};
-			xray = { enable = true; settingsFile = inputs.config.sops.secrets."xray.json".path; };
-			v2ray-forwarder = { enable = true; proxyPort = 10880; xmuPort = 10881; };
-		};
-		sops.secrets."xray.json" =
-			{ mode = "0440"; owner = "v2ray"; group = "v2ray"; restartUnits = [ "xray.service" ]; };
-		systemd.services.xray.serviceConfig =
-		{
-			DynamicUser = inputs.lib.mkForce false;
-			User = "v2ray";
-			Group = "v2ray";
-			CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
-			AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
-			LimitNPROC = 10000;
-			LimitNOFILE = 1000000;
-		};
-		users = { users.v2ray = { isSystemUser = true; group = "v2ray"; }; groups.v2ray = {}; };
-		boot.kernel.sysctl =
-		{
-			"net.ipv4.conf.all.route_localnet" = true;
-			"net.ipv4.conf.default.route_localnet" = true;
-			"net.ipv4.conf.all.accept_local" = true;
-			"net.ipv4.conf.default.accept_local" = true;
-			"net.ipv4.ip_forward" = true;
-			"net.ipv4.ip_nonlocal_bind" = true;
-			"net.bridge.bridge-nf-call-iptables" = false;
-			"net.bridge.bridge-nf-call-ip6tables" = false;
-			"net.bridge.bridge-nf-call-arptables" = false;
-		};
-		environment.etc."resolv.conf".text = "nameserver 127.0.0.1";
-		networking.firewall.trustedInterfaces = [ "docker0" "virbr0" ];
-	};
-}

modules/networking/xmunet.nix

@@ -1,7 +0,0 @@
-{
-	config.nixpkgs.config.packageOverrides = pkgs: 
-	{
-		wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs ( attrs:
-			{ patches = attrs.patches ++ [ ./xmunet.patch ]; });
-	};
-}

modules/networking/xmunet.patch

@@ -1,11 +0,0 @@
---- wpa_supplicant-2.10/src/crypto/tls_openssl.c	2022-01-16 15:51:29.000000000 -0500
-+++ src/crypto/tls_openssl.c.legacy	2022-09-29 10:10:02.999974141 -0400
-@@ -1048,7 +1048,7 @@
- 
- 	SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
- 	SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
--
-+        SSL_CTX_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
- 	SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);
- 
- #ifdef SSL_MODE_NO_AUTO_CHAIN

modules/packages/gaming.nix

@@ -1,13 +0,0 @@
-inputs:
-{
-	config =
-	{
-		environment.systemPackages = [ inputs.config.nur.repos.ataraxiasjel.proton-ge inputs.pkgs.wine ];
-		programs =
-		{
-			anime-game-launcher.enable = true;
-			honkers-railway-launcher.enable = true;
-			steam.enable = true;
-		};
-	};
-}

modules/packages/gui.nix

@@ -1,112 +0,0 @@
-inputs:
-{
-	config =
-	{
-		environment.systemPackages = with inputs.pkgs;
-		[
-			( vscode-with-extensions.override
-			{
-				vscodeExtensions = (with vscode-extensions;
-				[
-					ms-vscode.cpptools
-					genieai.chatgpt-vscode
-					ms-ceintl.vscode-language-pack-zh-hans
-					llvm-vs-code-extensions.vscode-clangd
-					twxs.cmake
-					ms-vscode.cmake-tools
-					donjayamanne.githistory
-					github.copilot
-					github.github-vscode-theme
-					ms-vscode.hexeditor
-					oderwat.indent-rainbow
-					ms-toolsai.jupyter
-					ms-toolsai.vscode-jupyter-cell-tags
-					ms-toolsai.jupyter-keymap
-					ms-toolsai.jupyter-renderers
-					ms-toolsai.vscode-jupyter-slideshow
-					james-yu.latex-workshop
-					yzhang.markdown-all-in-one
-					pkief.material-icon-theme
-					equinusocio.vsc-material-theme
-					bbenoist.nix
-					ms-python.vscode-pylance
-					ms-python.python
-					ms-vscode-remote.remote-ssh
-					redhat.vscode-xml
-					dotjoshjohnson.xml
-					jnoortheen.nix-ide
-				])
-				++ (with nix-vscode-extensions.vscode-marketplace;
-				[
-					jeff-hykin.better-cpp-syntax
-					ms-vscode.cpptools-extension-pack
-					ms-vscode.cpptools-themes
-					josetr.cmake-language-support-vscode
-					fredericbonnet.cmake-test-adapter
-					equinusocio.vsc-community-material-theme
-					guyutongxue.cpp-reference
-					intellsmi.comment-translate
-					intellsmi.deepl-translate
-					ms-vscode-remote.remote-containers
-					fabiospampinato.vscode-diff
-					cschlosser.doxdocgen
-					znck.grammarly
-					ms-python.isort
-					thfriedrich.lammps
-					leetcode.vscode-leetcode
-					equinusocio.vsc-material-theme-icons
-					gimly81.matlab
-					affenwiesel.matlab-formatter
-					xdebug.php-debug
-					ckolkman.vscode-postgres
-					ms-ossdata.vscode-postgresql
-					ms-vscode-remote.remote-ssh-edit
-					ms-vscode.remote-explorer
-					ms-vscode.test-adapter-converter
-					hbenl.vscode-test-explorer
-					hirse.vscode-ungit
-					fortran-lang.linter-gfortran
-				]);
-			} )
-			qbittorrent # tunder
-			gparted snapper-gui
-			firefox google-chrome
-			zotero texlive.combined.scheme-full libreoffice-qt
-			element-desktop tdesktop discord
-			# jail
-			qq nur-xddxdd.wechat-uos inputs.config.nur.repos.linyinfeng.wemeet
-			# nur-xddxdd.wine-wechat
-			nur-xddxdd.baidupcs-go
-			remmina
-			bitwarden
-			spotify yesplaymusic
-			crow-translate
-			scrcpy
-			mpv nur-xddxdd.svp
-			jetbrains.clion android-studio
-			localPackages.typora
-			yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui
-			appflowy
-			nomacs
-			putty virt-viewer
-			wl-clipboard-x11 parallel lsof duperemove mlocate kmscon hdparm bat gnuplot whois zoom traceroute tcping-go
-			tcpdump nmap mtr-gui simplescreenrecorder obs-studio 
-			signal-desktop dbeaver ftxui yaml-cpp wl-mirror poppler_utils imagemagick
-		]
-		++ (with inputs.lib; filter isDerivation (attrValues inputs.pkgs.plasma5Packages.kdeGear));
-		programs.wireshark = { enable = true; package = inputs.pkgs.wireshark; };
-		nixpkgs.config = { permittedInsecurePackages = [ "openssl-1.1.1u" "electron-19.0.7" ]; allowUnfree = true; };
-		# programs.firejail =
-		# {
-		# 	enable = true;
-		# 	wrappedBinaries =
-		# 	{
-		# 		qq =
-		# 		{
-		# 			executable = "${inputs.pkgs.qq}/bin/qq";
-		# 			profile = "${inputs.pkgs.firejail}/etc/firejail/linuxqq.profile";
-		# 		};
-		# 	};
-		# };
-	};
-}

modules/packages/hpc.nix

@@ -1,80 +0,0 @@
-inputs:
-{
-	config.environment.systemPackages =
-	(
-		with inputs.pkgs;
-		[
-			ovito paraview localPackages.vesta # vsim
-			(python3.withPackages (ps: with ps;
-			[
-				phonopy inquirerpy requests tqdm tensorflow keras python-telegram-bot
-				localPackages.upho localPackages.spectral
-			]))
-			mathematica octave root cling gfortran
-			qchem.quantum-espresso
-			waifu2x-converter-cpp
-		]
-	)
-	++ ( with inputs.pkgs.pkgsCross.mingwW64.buildPackages; [ gcc ] );
-	config.programs.ccache.enable = true;
-	config.nix.settings.extra-sandbox-paths = [ inputs.config.programs.ccache.cacheDir ];
-	config.nixpkgs.config.replaceStdenv = { pkgs }: pkgs.ccacheStdenv;
-	# only replace stdenv for large and tested packages
-	# config.programs.ccache.packageNames = [ "webkitgtk" "libreoffice" "tensorflow" "linux" "chromium" ];
-}
-
-# cross-x86_64-pc-linux-musl/gcc
-# dev-cpp/cpp-httplib ? how to use
-# dev-cpp/cppcoro
-# dev-cpp/date
-# dev-cpp/nameof
-# dev-cpp/scnlib
-# dev-cpp/tgbot-cpp
-# dev-libs/pocketfft
-# dev-util/intel-hpckit
-# dev-util/nvhpc
-# kde-misc/wallpaper-engine-kde-plugin
-# media-fonts/arphicfonts
-# media-fonts/sarasa-gothic
-# media-gfx/flameshot
-# media-libs/libva-intel-driver
-# media-libs/libva-intel-media-driver
-# media-sound/netease-cloud-music
-# net-vpn/frp
-# net-wireless/bluez-tools
-# sci-libs/mkl
-# sci-libs/openblas
-# sci-libs/pfft
-# sci-libs/scalapack
-# sci-libs/wannier90
-# sci-mathematics/ginac
-# sci-mathematics/mathematica
-# sci-mathematics/octave
-# sci-physics/lammps::touchfish-os
-# sci-physics/vsim
-# sci-visualization/scidavis
-# sys-apps/flatpak
-# sys-cluster/modules
-# sys-devel/distcc
-# sys-fs/btrfs-progs
-# sys-fs/compsize
-# sys-fs/dosfstools
-# sys-fs/duperemove
-# sys-fs/exfatprogs
-# sys-fs/mdadm
-# sys-fs/ntfs3g
-# sys-kernel/dracut
-# sys-kernel/linux-firmware
-# sys-kernel/xanmod-sources
-# sys-kernel/xanmod-sources:6.1.12
-# sys-kernel/xanmod-sources::touchfish-os
-# sys-libs/libbacktrace
-# sys-libs/libselinux
-# x11-apps/xinput
-# x11-base/xorg-apps
-# x11-base/xorg-fonts
-# x11-base/xorg-server
-# x11-misc/imwheel
-# x11-misc/optimus-manager
-# x11-misc/unclutter-xfixes
-

modules/packages/terminal.nix

@@ -1,61 +0,0 @@
-inputs:
-{
-	config =
-	{
-		environment.systemPackages = with inputs.pkgs;
-		[
-			beep neofetch screen dos2unix tldr gnugrep pv
-			pciutils usbutils lshw powertop compsize iotop iftop smartmontools htop intel-gpu-tools btop wayland-utils clinfo
-			glxinfo vulkan-tools
-			ksh
-			vim nano
-			wget aria2 curl yt-dlp
-			tree git autojump exa
-			nix-output-monitor inputs.topInputs.nix-alien.packages.x86_64-linux.nix-alien nix-template
-			apacheHttpd certbot-full
-			pigz rar unrar upx unzip zip lzip
-			util-linux snapper
-			ocrmypdf pdfgrep
-			openssl ssh-to-age gnupg age sops
-			ipset iptables iproute2 dig nettools
-			gcc clang-tools
-			sshfs kio-fuse
-			pam_u2f
-			e2fsprogs
-			trash-cli tmux adb-sync pdfchain wgetpaste httplib clang magic-enum xtensor
-			go rustc boost cereal cxxopts valgrind
-			lsd zellij broot
-			nil
-		];
-		programs =
-		{
-			nix-index-database.comma.enable = true;
-			nix-index.enable = true;
-			command-not-found.enable = false;
-			zsh =
-			{
-				enable = true;
-				syntaxHighlighting.enable = true;
-				autosuggestions.enable = true;
-				enableCompletion = true;
-				ohMyZsh =
-				{
-					enable = true;
-					plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ];
-					customPkgs = with inputs.pkgs; [ zsh-nix-shell ];
-				};
-			};
-			adb.enable = true;
-			gnupg.agent =
-			{
-				enable = true;
-				enableSSHSupport = true;
-			};
-		};
-		services =
-		{
-			fwupd.enable = true;
-			udev.packages = [ inputs.pkgs.yubikey-personalization ];
-		};
-	};
-}

modules/sops.nix

@@ -1,11 +0,0 @@
-inputs:
-{
-	config.sops =
-	{
-		defaultSopsFile = ../secrets/${inputs.config.networking.hostName}.yaml;
-
-		# sops start before impermanence, so we need to use the absolute path
-		age.sshKeyPaths = [ "/nix/persistent/etc/ssh/ssh_host_ed25519_key" ];
-		gnupg.sshKeyPaths = [ "/nix/persistent/etc/ssh/ssh_host_rsa_key" ];
-	};
-}

modules/u2f_keys

@@ -1 +0,0 @@
-chn:l0VI03ILuKvkEKm9/8nZWQGyijGDmxcX8910QFqc1f2nt9z5A8ipfvT7eAu6DuBvGSLfdRvvjOMMYdLym6aIKQ==,l+5T3iiU30/GT1T+nOirHycke8ZsENSN+nyGGukPD28yZfE4Z+lkzytg9O5qyxWMGFbCgBQWEw3pNpzjStkUEA==,es256,+presence:xUctDZKOuBMOtRE2y4b0BzVqaLdgQydCcoaDJQ3fur4y9cMrAOrvNuyaGSm6y0JsAGtBTufMF9GnK513GSEs4g==,l8Z5+9qp5z9u4eXl4nkV/0QKKvIbeD+6BAPOjTawDwZgiUKC5ltgT3pC262wrxiDLOAXUylDVRgsRLEaM7YiYg==,es256,+presence

modules/users/chn.nix

@@ -1,58 +0,0 @@
-{ bootstrape ? false }: inputs:
-{
-	config =
-	{
-		users.users.chn =
-		{
-			isNormalUser = true;
-			extraGroups = inputs.lib.intersectLists
-				[ "adbusers" "networkmanager" "wheel" "wireshark" "libvirtd" "video" "audio" ]
-				(builtins.attrNames inputs.config.users.groups);
-			shell = inputs.pkgs.zsh;
-			autoSubUidGidRange = true;
-		} // (if bootstrape then { password = "0"; }
-			else { passwordFile = inputs.config.sops.secrets."password/chn".path; });
-		# environment.persistence."/impermanence".users.chn =
-		# {
-		# 	directories =
-		# 	[
-		# 		"Desktop"
-		# 		"Documents"
-		# 		"Downloads"
-		# 		"Music"
-		# 		"repo"
-		# 		"Pictures"
-		# 		"Videos"
-
-		# 		".cache"
-		# 		".config"
-		# 		".gnupg"
-		# 		".local"
-		# 		".ssh"
-		# 		".android"
-		# 		".exa"
-		# 		".gnome"
-		# 		".Mathematica"
-		# 		".mozilla"
-		# 		".pki"
-		# 		".steam"
-		# 		".tcc"
-		# 		".vim"
-		# 		".vscode"
-		# 		".Wolfram"
-		# 		".zotero"
-
-		# 	];
-		# 	files =
-		# 	[
-		# 		".bash_history"
-		# 		".cling_history"
-		# 		".gitconfig"
-		# 		".gtkrc-2.0"
-		# 		".root_hist"
-		# 		".viminfo"
-		# 		".zsh_history"
-		# 	];
-		# };
-	} // (if !bootstrape then { sops.secrets."password/chn".neededForUsers = true; } else {});
-}

modules/users/root.nix

@@ -1,17 +0,0 @@
-{ bootstrape ? false }: { pkgs, ... }@inputs:
-{
-	config =
-	{
-		users =
-		{
-			users.root = { shell = inputs.pkgs.zsh; }
-				// (if bootstrape then { password = "0"; }
-					else { passwordFile = inputs.config.sops.secrets."password/root".path; });
-			mutableUsers = false;
-		};
-		# root password in initrd: 0000
-		# currently not working, might work in the future
-		# boot.initrd.secrets.${builtins.toString inputs.config.sops.secrets."password/root".path}
-		# 	= builtins.toFile "root-password" "$y$j9T$EHgd1EmvM54fIkuDnrAM41$WNhog3VSAdrQXljA4I7Coy8W6iRQFQ3CLOKEH6IZzJ/";
-	} // (if !bootstrape then { sops.secrets."password/root".neededForUsers = true; } else {});
-}

modules/virtualisation/docker.nix

@@ -1,9 +0,0 @@
-{
-	config.virtualisation.docker =
-	{
-		enable = true;
-		rootless = { enable = true; setSocketVariable = true; };
-		enableNvidia = true;
-		storageDriver = "overlay2";
-	};
-}

modules/virtualisation/kvm_guest.nix

@@ -1 +0,0 @@
-{ config.services = { qemuGuest.enable = true; spice-vdagentd.enable = true; xserver.videoDrivers = [ "qxl" ]; }; }

modules/virtualisation/kvm_host.nix

@@ -1,87 +0,0 @@
-# TODO: disable auto usb redirection
-inputs:
-{
-	config =
-	{
-		virtualisation =
-		{
-			libvirtd = { enable = true; qemu.runAsRoot = false; onBoot = "ignore"; onShutdown = "shutdown"; };
-			spiceUSBRedirection.enable = true;
-		};
-		environment.systemPackages = with inputs.pkgs; [ qemu_full virt-manager win-spice ];
-		systemd.services =
-			let
-				virsh = "${inputs.pkgs.libvirt}/bin/virsh";
-				hibernate = inputs.pkgs.writeShellScript "libvirt-hibernate"
-				''
-					if [ "$(LANG=C ${virsh} domstate "$1")" = 'running' ]
-					then
-						if ${virsh} dompmsuspend "$1" disk
-						then
-							echo "Waiting for $1 to suspend"
-							while ! [ "$(LANG=C ${virsh} domstate "$1")" = 'shut off' ]
-							do
-								sleep 1
-							done
-							echo "$1 suspended"
-							touch "/tmp/libvirt.$1.suspended"
-						else
-							echo "Failed to suspend $1"
-						fi
-					fi
-				'';
-				resume = inputs.pkgs.writeShellScript "libvirt-resume"
-				''
-					if [ "$(LANG=C ${virsh} domstate "$1")" = 'shut off' ] && [ -f "/tmp/libvirt.$1.suspended" ]
-					then
-						if virsh start "$1"
-						then
-							echo "Waiting for $1 to resume"
-							while ! [ "$(LANG=C ${virsh} domstate "$1")" = 'running' ]
-							do
-								sleep 1
-							done
-							echo "$1 resumed"
-							rm "/tmp/libvirt.$1.suspended"
-						else
-							echo "Failed to resume $1"
-						fi
-					fi
-				'';
-			in
-			{
-				"libvirt-hibernate@" =
-				{
-					description = "libvirt hibernate";
-					before = [ "systemd-hibernate.service" "systemd-suspend.service" ];
-					serviceConfig = { Type = "oneshot"; ExecStart = "${hibernate} %i"; };
-				};
-				"libvirt-resume@" =
-				{
-					description = "libvirt resume";
-					after = [ "systemd-hibernate.service" "systemd-suspend.service" ];
-					serviceConfig = { Type = "oneshot"; ExecStart = "${resume} %i"; };
-				};
-				"libvirt-hibernate@win10" =
-				{
-					wantedBy = [ "systemd-hibernate.service" "systemd-suspend.service" ];
-					overrideStrategy = "asDropin";
-				};
-				"libvirt-resume@win10" =
-				{
-					wantedBy = [ "systemd-hibernate.service" "systemd-suspend.service" ];
-					overrideStrategy = "asDropin";
-				};
-				"libvirt-hibernate@hardconnect" =
-				{
-					wantedBy = [ "systemd-hibernate.service" "systemd-suspend.service" ];
-					overrideStrategy = "asDropin";
-				};
-				"libvirt-resume@hardconnect" =
-				{
-					wantedBy = [ "systemd-hibernate.service" "systemd-suspend.service" ];
-					overrideStrategy = "asDropin";
-				};
-			};
-	};
-}

modules/virtualisation/waydroid.nix

@@ -1,2 +0,0 @@
-# sudo waydroid shell wm set-fix-to-user-rotation enabled
-{ config.virtualisation = { waydroid.enable = true; }; }

secrets/chn-PC.yaml

@@ -1,33 +0,0 @@
-password:
-    root: ENC[AES256_GCM,data:WlD/i0GDlzeVsc4uJXVK+cRLvjATZGSbVCRedenTBayPeMebC6jrGPhsK4SSZIv3uw9RKztGGkziBTe61CCKwg/Rm0oFuF661A==,iv:YBPmukuz2tiVmIEBMClYjgzPf33NjmdqihcydD1gdhg=,tag:uURlnbNmEgo1qfoU0gPwEg==,type:str]
-    chn: ENC[AES256_GCM,data:NMTdEfxBMqJP5bnLqinzQ1NP/4eCM3zzH5aR2HOoeu/p8BNp3JDspyuE+DkjVlb/uuVugnFPTOSASRZeEliG0B6NvpZ8gP1O/g==,iv:SNVxJ/xfdfAiVljlRMd5maIhxH0RBs90bqrypBubM6w=,tag:A7Wemy4eLcIUfV/sZ6//VA==,type:str]
-xray.json: ENC[AES256_GCM,data:eog9U3zt+Lx4QOlr0F4PGP73uUXrZcxa8NDVq13hmVpfu2T/CoF+Lwf8saJN9IdAOcECfgkrI2DiUZdAUO5LGQDDEyJywiJ/CnL6u+kwmkO9doidvG9ctB1VR2CG4M5wqXnybJp8b6osG6iL83q4prjo3YjFfGQFA/X05ssuzLneugK1pQrr9yaF7PvXvFBRwOKDbsmqDqSurTkU3QZMx3is2f0OeLYZEYk9XVNE7xeL1/33gObsP4KF5O2h466+7ezI7kP2vC2rl1VPQFtYAssoxK6qxWKErPhMCu+cDDYDMxqkeYmkgGBJEefpuk6IMNXctuwWwjojX5SEMN73kOHzJxykE/NhCbRDeNQjWz9qTpDaMZ36IFTc+U7nThYD85h9ppaedsXsQtLxhG29KM45h0CByBwJPY8Q1TNkV+jYsJWk6+DqSnWwMPsAKXnj/bhtpbslWlqk7uHn/6jzexu95y89ObjNtiR6YViufCAHlAGovijXv9lEjsZk+1xMNnD418a58jrUXoBGQjr+FT+i01zDnJga61KqAkhjgblG6j5pNVzsopITs1f90cxJjoNFvqh01EgPma3OlD6x5RmY3g/Mzc4yXreWS0KhICSvZwNT27DKCTVpSWRwz20yNU0OYy4MIo1CbZtvv9uQ6pO9m681IjHLZSP5pX19rqG0hfTkP3Wvya/G8hkHhmRDHUeptzKuZII1GVU3g9JfL4KbEeLZXeZRqKJ5N5kFwyUXytWEZpmj4XYdZF65BsGnC251EI0+LJdJy6vDcGTelbMHoyW8tZ50pQysy5gukf+hERuzgw0l81P5iRZoz9Mt/dNy2sA/EFxElZayDrIRlBilKvlTUr8qgswjj2kdR0sPgfM0aaD1mZFQ65MHVcJSua2gO/B5yXNmoLtZxFSYOuqHqHXN84T1rj8DxU5XXlatvK00U6nb73Xkwdjfe14bUTR05E3DvXwYLJ/LZL+nRgHgASnS2ECDn/DAw7UigwmXSaEPz6eQbOucNvtoq6xceJgeWuNM7ZSIq5JRufL6QnLXjoHmd8OgSG6xaR7wvQkg+YwnbhhpDbi+3AB+RlJkYSVoUUdPTi8sSxYZi4x+gRys20tRCWxUuvrIKhoimFi/lNDZn4fW93EEZT1KpoHxOzD424hdVWZ/9dV2O57ZArOVvnG8WQPGsFqVQ55dzpA4QI34GNDHkeQGNJb6JF1f+8x5AJGJPbRWqDBNRmjewr8xKZwRSpYl+OH9ijU4qk9dxpiynFXY6t2cJIzhMIgRBnvgD+zFAgbOX0t1jvguLeTDxq+5ZJLc9g15gKtQKOLyBx0XAV8xtpmqQX8KuPj+CKmKUJQ1WNWUkd9THXwsYjskb3L6frOubYo0M0pnXaF+hlyHpsJoz4pdUmsFRnByAr+QQAYUUnx2oxZ3gybpIkFHUOekuXVwx4ox87buJA3YsgDYUE6QP7AUgUdpUo4pssZw4Ym8IpqCuam6F04uC9RMdTfeJ0URTaP/fY91zlvU7zJjeG97N30uLiVx60rGeJXfwK5PxcjUH6DNSZL9utX9F25+D2tbHXgP+zYPQFRThIfF5FZtcMaEA1jBFByc5YifrD+UveMwcZhJvoLy+LG635GrhuJodX0f+UB5FqxiW5+jxseXxVXhnN76UvTa1gc2sUC0/wKHeNEkO0HSoTsI5vFDldD+Vl8NFCEe90hlmBDDS89C4RBYB38tSnGicngiki089N1D8jVl5zF+Ssek6pLk/IjIhPC3F7TEshnkJpakHa009B5b50HizuJofbe5+c37BSgiCSzo3iGXQDVC/0dB8uEzKXFbeo9sGT1ESUFSwFGHLeNNC1UkMRfam6KyRqC5/PtRA+kQzk2+vJ0gk4ghGzgzFAXMgH1FovYBIc0JnwxmTyZssXdYkv8kn1fM7I+VcdEAqMMwuzZk1Q1cV2lcAFH3agodLKkMNrur0r14kdLYhoOghcedJtzQVm288exYoMxyXNm70VKcA3IiMW9GXoGY4BAFCWLKbrTQWqGzr5+MY7lyQOK6umcDeH0+R1yDmuNIrv7oog0KYQeHl++upEAyDzbjxtvlsWlB0fXRM0chvh0NZ0dPHK+qPaYlCXXucTSnNu9QKnMr34xOGY1CazPAXV4Bvyf9BxLKVxnNd9E/NPA43XCrJhKwspM4GzAGss5k1icb4za7GocMIqFfMO4y93Ug8nbZkHKJ1kzbqnx0JjfQfEH2QBznRAkhCQN0crs1Zvewcx46oOPZNzoFZLpKrP2yVnQTl93gcsmS1iw/F62BscRtW7kwSvQ+GInUoF2PWlicX90ZvkoImtzcyNLmUJ219cBxdghng12vKwgj2qMXilGWfIdHSh6UF96DjGlhWbURXUlGT2aQL7qQtC6M/sLewjs3SVT1g2xj/5SrsxCs3Id6mIcKRZTX+OiKKTY1xAvL/Ga7I/M+nN+BBSqurWMHIDbnA4jJEQcWZKPcskVve4WHJlo9qUbHznWJQl1aA6ypUJQNk2+ztLbn2TJlXPj8MN5ET2ZAtzZ1E7BUKFfxQafB0MqRygpK8d+Vtz3AP1eyn8/J6lQ9iS5JSWZ7kokFZ2362klit+ogiDGfLAAgVd4vSSDyObEZLGA+bMAxDqEb0Uc9q69I7Phf3IZN9TD9uZFJjr/H6QdS8UEF5510GilqQAanzBRLGCKO74t+Dv7qLrk3wqXZihAYevalJ5BVak8dxXQd3xDLGst+qSUiyFWxIgIBA5GX1YdPXQN4R+WhARV9v1VFaOIUtLMJfRJHni3ZjVX0yjN8R3xFSKmKgKaOc+LuO8mY3gdXBkEc0dzfhhRFMaaLb8rLNwPnp/7pL6fkltxY7e7GxwCOXQXERDQqb0e8ocYb+Mfv/ua/xc7fkxYt9bksrhqmPUxz+XdfLb86QzSs/X2rrxkZWCiFdnRHOkrgRiymbJTPAeQX+ERA39YTZJkiRlEROK3kDm15oAT4iJ+WQQpExthNtUAbPtkptQt+iG1IK6cEFiNI/RQuaqRhSjViZ0RkFraZYCBxBfQZG5WAecItvuS4awGbTM/cd1N5aNU43DbuMNlkoaX81K7w6WKkaTOcQkGtwdEBsXKbeO9KRZmO8QauUjV+g5jH2ctz+PgYUg9gGIcHsdnA0dyp6ie4HNxqa2vLMln4nj7aJzyzE0lYDB6FHrC18TOZ3UNl6Pk5u0vJB+BZdp7MMCScLo/boxloKY0IRspCsRPDmJg0W/JlQ4ezmYHUYq/wplw8V6bI07bIr4TgTFXIWK61mH1Lz/fflu4/6hj3aCklY7KKESU7uf0JGrAmGTa8y3WHtlc9/ETXq1hJv0ulUzNcBe2fxn9FiNKOMRWtfhatMuWrtaSQIk0tYWW1xJ0ZvsJeGOfM1Edf56QhSW37SJin1gvbZE6mW1IjGW1tSUn1K6vebsKpLNXYDIZ4Pbi0ZZ4njhY90GgSiw2hSvUsdrklIabRP0/s4aVdPXSHmPVNGnxQHfjiMUDaXqqGJDRS7kLgOFq5ipmNQ3bP1J2U+PYgkAxL4TA5fXu9q1H5OTgrMzemAlvp5jI7MXOPlUaD+PBn0oBVM+l7KfqEOWFyX5XIZyrJCg1+PtIMy1/V3B45PVC4yuzkWNU3m+wzaYn/UDX7XpvgxywXXSq5AO63/nn7lnbl21e48BReXlDJ7aDjAPR97qOUEEvJoVuiWk4JONEdJVt9j5ad/Z1n,iv:KROMY3fOYmtbYVdtVnN1SJyRZEhU2tzJXxFvt3yitn4=,tag:7fAjJ3ARKZpOh2InLZihBg==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcDBqZldlajB1RURQVW03
-            TWJTaDlvVEYvZDd5dXBJV0c2V3FGY0laMUZ3CkxjQUtLRHBOZkQ4Mk5JTGd5V0M4
-            VUJ5aHJGSDl0MWpDSTNnQ2RSRnpPQ0kKLS0tIFA2em42NXNmZkJZWCs1Tmxia1VV
-            RnRPQ05LTDZTOEY3OWVMdmhHTTRKT1EKyBnGiEpkJ9TUGMSne5RUX5U4Nc49gXOn
-            8q6IeBWnI3mkVA0PElAThSpXLMMzq01uDrcZEeE9BocyU7Y/JRbUMA==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWeEw5YWpQNXM2dWpVY3Uw
-            bjBFQmVKeDlqYUFPNGhwVlVwdTdDaDY2bUNNCmJncHhrbHplU2ZvTHROcU1LNzBE
-            dnRlOFF2eXhHKzZ5VzQvS3RPb3FsWTAKLS0tIHNDcmdGTWl1VTREaVJXR1VzSUs0
-            OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
-            +K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-06-29T14:16:12Z"
-    mac: ENC[AES256_GCM,data:CgQOGEuv7SRdwpVNdFnM5MbrlJX9UvXOXNtenkAbrCH/hv3GrCc/2+R7pt7KA2teeHd1BuobTCP086guaxuzokyZZhj2W8jnsHvp15LiBc75zC1El2Vjz0QvRxBgbSAStNGuNHWeLzulRaiMYhP5Guna0c+91PPQgIn6BS26xiY=,iv:R2p8cvadHP9Mmrajpj1qhUgsai1D7D+QYE34j74INAs=,tag:8TnF0urFYlG0jKZijxuulQ==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.7.3