Code snapshot

This is safe enough for a commit, though it doesn't work yet.

TODO: update home-manager module references

.editorconfig

@@ -12,3 +12,6 @@ indent_style = space
 [*.md]
 max_line_length = 80
 trim_trailing_whitespace = false
+
+[*.json]
+indent_style = tab

.sops.yaml

@@ -0,0 +1,8 @@
+---
+keys:
+- &follie age1qjdsw949yvhlkttldda5ar4t0mma9vwey8gal425qckh67h7taws96vsey
+creation_rules:
+- path_regex: secrets\.json$
+  key_groups:
+  - age:
+    - *follie

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 Hoang Nguyen <folliekazetani@protonmail.com>
+Copyright (c) 2023-2024 Hoang Nguyen <folliekazetani@protonmail.com>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

NOTES.md

@@ -0,0 +1,50 @@
+# Notes for making stuff work
+
+NOTE: move this file's content to <https://docs.folliehiyuki.com> when the site is set up properly.
+
+## Darwin
+
+- Start `minikube` with **qemu2** driver:
+```bash
+minikube start \
+  --driver qemu \
+  --network socket_vmnet \
+  --qemu-firmware-path /etc/profiles/per-user/${USER}/share/qemu/edk2-aarch64-code.fd
+```
+
+- `podman-machine` might not be able to find qemu's UEFI firmware files. Specify it in the machine configuration:
+
+***~/.config/containers/podman/machine/qemu/podman-machine-${PODMAN_MACHINE_INSTANCE}.json***
+```json
+{
+...
+  "CmdLine": [
+    ...
+    "file=/etc/profiles/per-user/${USER}/share/qemu/edk2-aarch64-code.fd,if=pflash,format=raw,readonly=on",
+    ...
+  ],
+...
+}
+```
+
+- Set up Docker host:
+
+```bash
+# Start a lima VM hosting remote dockerd daemon
+# (all lima templates are available at https://github.com/lima-vm/lima/tree/master/examples)
+limactl create --name=docker template://docker
+
+# Start the created VM
+limactl start docker
+
+# Add a separated Docker context pointing to the VM
+docker context create lima-docker --docker "host=unix:///Users/${USER}/.lima/docker/sock/docker.sock"
+
+# Switch to the new context
+docker context use lima-docker
+
+# docker works now \(^-^)/
+docker images -a
+```
+
+## NixOS

README.md

@@ -1,10 +1,10 @@
-# FollieHiyuki's Nix configuration
+# folliehiyuki's Nix configuration
 
 This Nix flake is used to manage:
-- my work laptop (an Apple Silicon M2 Macbook Air)
+- my work laptop (an Apple M2 Macbook Air)
 - my NixOS desktop
 
-For the configuration of my other desktop hosts (mostly AlpineLinux), look at [dotfiles-ansible](/FollieHiyuki/dotfiles-ansible) and [sysconfig](/FollieHiyuki/sysconfig) repositories.
+For the configuration of my other desktop hosts running either [AlpineLinux](https://alpinelinux.org) or [ChimeraLinux](https://chimera-linux.org/), see [dotfiles-ansible](/folliehiyuki/dotfiles-ansible) and [sysconfig](/folliehiyuki/sysconfig) repositories.
 
 <!--toc:start-->
 ## Table of Content
@@ -17,7 +17,7 @@ For the configuration of my other desktop hosts (mostly AlpineLinux), look at [d
 
 ### Darwin
 
-`nix` and `homebrew` need to be installed separatedly:
+`nix` and `homebrew` need to be installed separately:
 - **nix**: `sh <(curl -L https://nixos.org/nix/install)`
 - **homebrew**: `bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"`
 
@@ -25,33 +25,13 @@ Currently, there is only 1 Darwin host, to configure it:
 
 ```bash
 nix build .#darwinConfigurations.hoangnguyenhuy.system
-
-darwin-rebuild switch --flake .#hoangnguyenhuy
-```
-
-**Caveats**:
-- `podman-machine` can't load `edk2-aarch64-code.fd` file: explicitly set the exposed path in
-
-*~/.config/containers/podman/machine/qemu/podman-machine-default.json*
-```json
-{
-...
-  "CmdLine": [
-    ...
-    "file=/etc/profiles/per-user/<username>/share/qemu/edk2-aarch64-code.fd,if=pflash,format=raw,readonly=on",
-    ...
-  ],
-...
-}
-```
-
-- `minikube` needs to be started like this with qemu2 driver:
-```bash
-# `socket_vmnet` is available via HomeBrew
-minikube start \
-  --driver qemu \
-  --network socket_vmnet \
-  --qemu-firmware-path /etc/profiles/per-user/<username>/share/qemu/edk2-aarch64-code.fd
+./result/sw/bin/darwin-rebuild switch --flake .#hoangnguyenhuy
 ```
 
 ### NixOS
+
+## Credits
+
+- [NotAShelf/nyx](https://github.com/notashelf/nyx)
+- [hlissner/dotfiles](https://github.com/hlissner/dotfiles)
+- [Mic92/dotfiles](https://github.com/Mic92/dotfiles)

TODO.md

@@ -3,6 +3,7 @@
 ## Darwin
 
 - [ ] amethyst -> yabai
+- [ ] dnscrypt-proxy
 
 ## NixOS
 

darwin/amethyst.nix

@@ -0,0 +1,9 @@
+{ config, lib, ... }: {
+  options.programs.amethyst.enable = lib.mkEnableOption "amethyst";
+
+  # NOTE: allow the app to control the computer in Privacy & Security > Accessibility
+  config = lib.mkIf config.programs.amethyst.enable {
+    homebrew.casks = [ "amethyst" ];
+    system.defaults.dock.mru-spaces = false;
+  };
+}

darwin/default.nix

@@ -1,18 +1,15 @@
-{ config, lib, myLib, ... }:
-let
-  username = config.personal.user.name;
-in
-{
-  imports = myLib.listModules ./.;
+{ inputs, config, lib, ... }: {
+  imports = with inputs; [
+    home-manager.darwinModules.home-manager
+    ../nixos/common.nix
+  ] ++ (self.lib.listModules ./.);
 
   config = {
-    users.users.${username}.home = "/Users/${username}";
-
     environment.variables = {
       HOMEBREW_NO_ANALYTICS = "1";
     };
 
-    # Make `nix doctor` happy
+    # Make `nix config check` happy
     environment.profiles = lib.mkForce [
       "$HOME/.nix-profile"
 
@@ -30,10 +27,7 @@ in
       global.autoUpdate = false;
     };
 
-    services.nix-daemon = {
-      enable = true;
-      enableSocketListener = true;
-    };
+    services.nix-daemon.enable = true;
 
     system.defaults = {
       NSGlobalDomain = {

flake.lock

@@ -8,11 +8,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1699218802,
-        "narHash": "sha256-5l0W4Q7z7A4BCstaF5JuBqXOVrZ3Vqst5+hUnP7EdUc=",
+        "lastModified": 1707075082,
+        "narHash": "sha256-PUplk5F5jlIyofxqn/xEDN9pbjrd0tnkd0pDsZ52db0=",
         "owner": "ipetkov",
         "repo": "crane",
-        "rev": "2d6c2aaff5a05e443eb15efddc21f9c73720340c",
+        "rev": "7d5b46c17d857ee9ddb2e8d88185729a3e5637b6",
         "type": "github"
       },
       "original": {
@@ -28,11 +28,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1704277720,
-        "narHash": "sha256-meAKNgmh3goankLGWqqpw73pm9IvXjEENJloF0coskE=",
+        "lastModified": 1706833576,
+        "narHash": "sha256-w7BL0EWRts+nD1lbLECIuz6fRzmmV+z8oWwoY7womR0=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "0dd382b70c351f528561f71a0a7df82c9d2be9a4",
+        "rev": "bdbae6ecff8fcc322bf6b9053c0b984912378af7",
         "type": "github"
       },
       "original": {
@@ -48,11 +48,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1704318910,
-        "narHash": "sha256-wOIJwAsnZhM0NlFRwYJRgO4Lldh8j9viyzwQXtrbNtM=",
+        "lastModified": 1707385478,
+        "narHash": "sha256-xwKXoBeiwfp+jqQxt3O0mUxrBXsNfdBn15teMMWbw0U=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "aef9a509db64a081186af2dc185654d78dc8e344",
+        "rev": "15b52c3c8a718253e66f1b92f595dc47873fdfea",
         "type": "github"
       },
       "original": {
@@ -84,11 +84,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1704152458,
-        "narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=",
+        "lastModified": 1706830856,
+        "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "88a2cd8166694ba0b6cb374700799cec53aef527",
+        "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f",
         "type": "github"
       },
       "original": {
@@ -102,11 +102,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1694529238,
-        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
+        "lastModified": 1705309234,
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
         "type": "github"
       },
       "original": {
@@ -124,11 +124,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1660459072,
-        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "lastModified": 1703887061,
+        "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=",
         "owner": "hercules-ci",
         "repo": "gitignore.nix",
-        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5",
         "type": "github"
       },
       "original": {
@@ -144,11 +144,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1704498488,
-        "narHash": "sha256-yINKdShHrtjdiJhov+q0s3Y3B830ujRoSbHduUNyKag=",
+        "lastModified": 1707175763,
+        "narHash": "sha256-0MKHC6tQ4KEuM5rui6DjKZ/VNiSANB4E+DJ/+wPS1PU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "51e44a13acea71b36245e8bd8c7db53e0a3e61ee",
+        "rev": "f99eace7c167b8a6a0871849493b1c613d0f1b80",
         "type": "github"
       },
       "original": {
@@ -159,11 +159,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1703656108,
-        "narHash": "sha256-hCSUqdFJKHHbER8Cenf5JRzjMlBjIdwdftGQsO0xoJs=",
+        "lastModified": 1706639736,
+        "narHash": "sha256-CaG4j9+UwBDfinxxvJMo6yOonSmSo0ZgnbD7aj2Put0=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "033643a45a4a920660ef91caa391fbffb14da466",
+        "rev": "cd13c2917eaa68e4c49fea0ff9cada45440d7045",
         "type": "github"
       },
       "original": {
@@ -175,11 +175,15 @@
     "lanzaboote": {
       "inputs": {
         "crane": "crane",
-        "flake-compat": "flake-compat",
+        "flake-compat": [
+          "flake-compat"
+        ],
         "flake-parts": [
           "flake-parts"
         ],
-        "flake-utils": "flake-utils",
+        "flake-utils": [
+          "flake-utils"
+        ],
         "nixpkgs": [
           "nixpkgs"
         ],
@@ -187,11 +191,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1704497899,
-        "narHash": "sha256-eyImNjgTHaF+be2fnNFY+Lv73rWVj7yOGxrafZNB/gI=",
+        "lastModified": 1707121196,
+        "narHash": "sha256-drevc7MfnMD0Ya811UPDCY5hkCOYXgDYr+oKwWLvF+E=",
         "owner": "nix-community",
         "repo": "lanzaboote",
-        "rev": "a454a5894700db8b85d0e08ae1bb870c4b88ef77",
+        "rev": "f2bc0af580f0bb6e6a2d0bcf0cfb237b357ffbbf",
         "type": "github"
       },
       "original": {
@@ -207,11 +211,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1704596958,
-        "narHash": "sha256-BK3Ohsz7m8X6qVKFxDtr8KVcHipfr5hYE9PDIJevHbQ=",
+        "lastModified": 1707016097,
+        "narHash": "sha256-V4lHr6hFQ3rK650dh64Xffxsf4kse9vUYWsM+ldjkco=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "f46800ac5a6e9f892fe36e50821c5d85794ecc62",
+        "rev": "3e3dad2808379c522138e2e8b0eb73500721a237",
         "type": "github"
       },
       "original": {
@@ -222,11 +226,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1704194953,
-        "narHash": "sha256-RtDKd8Mynhe5CFnVT8s0/0yqtWFMM9LmCzXv/YKxnq4=",
+        "lastModified": 1707268954,
+        "narHash": "sha256-2en1kvde3cJVc3ZnTy8QeD2oKcseLFjYPLKhIGDanQ0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "bd645e8668ec6612439a9ee7e71f7eac4099d4f6",
+        "rev": "f8e2ebd66d097614d51a56a755450d4ae1632df1",
         "type": "github"
       },
       "original": {
@@ -238,36 +242,59 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1685801374,
-        "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
+        "lastModified": 1704874635,
+        "narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
+        "rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-23.05",
+        "ref": "nixos-23.11",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "nixpkgs-stable_2": {
       "locked": {
-        "lastModified": 1704290814,
-        "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
+        "lastModified": 1707391491,
+        "narHash": "sha256-TyDXcq8Z3slMNeyeF+ke0BzISWuM6NrBklr7XyiRbZA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
+        "rev": "bc6cb3d59b7aab88e967264254f8c1aa4c0284e9",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "release-23.05",
+        "ref": "release-23.11",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
+    "plasma-manager": {
+      "inputs": {
+        "home-manager": [
+          "home-manager"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1707045317,
+        "narHash": "sha256-o2NZJcNu2/M3qycZ2Z9sgIESQEBFmihbbA7//sp7yVA=",
+        "owner": "pjones",
+        "repo": "plasma-manager",
+        "rev": "290cd65b65e2da11ca9fda69781ea9beb8a6f6ac",
+        "type": "github"
+      },
+      "original": {
+        "owner": "pjones",
+        "repo": "plasma-manager",
+        "type": "github"
+      }
+    },
     "pre-commit-hooks-nix": {
       "inputs": {
         "flake-compat": [
@@ -286,11 +313,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1699271226,
-        "narHash": "sha256-8Jt1KW3xTjolD6c6OjJm9USx/jmL+VVmbooADCkdDfU=",
+        "lastModified": 1706424699,
+        "narHash": "sha256-Q3RBuOpZNH2eFA1e+IHgZLAOqDD9SKhJ/sszrL8bQD4=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "ea758da1a6dcde6dc36db348ed690d09b9864128",
+        "rev": "7c54e08a689b53c8a1e5d70169f2ec9e2a68ffaf",
         "type": "github"
       },
       "original": {
@@ -303,14 +330,18 @@
       "inputs": {
         "darwin": "darwin",
         "disko": "disko",
+        "flake-compat": "flake-compat",
         "flake-parts": "flake-parts",
+        "flake-utils": "flake-utils",
         "home-manager": "home-manager",
         "impermanence": "impermanence",
         "lanzaboote": "lanzaboote",
         "nix-index-database": "nix-index-database",
         "nixpkgs": "nixpkgs",
+        "plasma-manager": "plasma-manager",
         "sops-nix": "sops-nix",
-        "treefmt-nix": "treefmt-nix"
+        "treefmt-nix": "treefmt-nix",
+        "vscode-extensions": "vscode-extensions"
       }
     },
     "rust-overlay": {
@@ -325,11 +356,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1699409596,
-        "narHash": "sha256-L3g1smIol3dGTxkUQOlNShJtZLvjLzvtbaeTRizwZBU=",
+        "lastModified": 1707099356,
+        "narHash": "sha256-ph483MDKLi9I/gndYOieVP41es633DOOmPjEI50x5KU=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "58240e1ac627cef3ea30c7732fedfb4f51afd8e7",
+        "rev": "61dfa5a8129f7edbe9150253c68f673f87b16fb1",
         "type": "github"
       },
       "original": {
@@ -346,11 +377,11 @@
         "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
-        "lastModified": 1704596510,
-        "narHash": "sha256-tupdwwg1WeX2hNMOQrvtyafTaTVty0QC/gQp7yaYJic=",
+        "lastModified": 1707397511,
+        "narHash": "sha256-pYqXcTjcPC/go3FzT1dYtYsbmzAjO1MHhT/xgiI6J7o=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "f5fbcc0f50e7fc60c4f806fa7a09abccf0826d8a",
+        "rev": "2168851d58595431ee11ebfc3a49d60d318b7312",
         "type": "github"
       },
       "original": {
@@ -381,11 +412,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1704233915,
-        "narHash": "sha256-GYDC4HjyVizxnyKRbkrh1GugGp8PP3+fJuh40RPCN7k=",
+        "lastModified": 1707300477,
+        "narHash": "sha256-qQF0fEkHlnxHcrKIMRzOETnRBksUK048MXkX0SOmxvA=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "e434da615ef74187ba003b529cc72f425f5d941e",
+        "rev": "ac599dab59a66304eb511af07b3883114f061b9d",
         "type": "github"
       },
       "original": {
@@ -393,6 +424,32 @@
         "repo": "treefmt-nix",
         "type": "github"
       }
+    },
+    "vscode-extensions": {
+      "inputs": {
+        "flake-compat": [
+          "flake-compat"
+        ],
+        "flake-utils": [
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1707441271,
+        "narHash": "sha256-VbhPwJ6JDLklCClM1T14pzKrgsnIvWOg/2YUmYBmLFk=",
+        "owner": "nix-community",
+        "repo": "nix-vscode-extensions",
+        "rev": "a008981410d7da870988b5415ebd33165d98084d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-vscode-extensions",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -1,5 +1,5 @@
 {
-  description = "FollieHiyuki's Nix Configuration";
+  description = "folliehiyuki's Nix Configuration";
 
   nixConfig = {
     extra-substituters = [
@@ -46,44 +46,73 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    plasma-manager = {
+      url = "github:pjones/plasma-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.home-manager.follows = "home-manager";
+    };
+
+    vscode-extensions = {
+      url = "github:nix-community/nix-vscode-extensions";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.flake-compat.follows = "flake-compat";
+      inputs.flake-utils.follows = "flake-utils";
+    };
+
     lanzaboote = {
       url = "github:nix-community/lanzaboote";
       inputs.nixpkgs.follows = "nixpkgs";
+      inputs.flake-compat.follows = "flake-compat";
       inputs.flake-parts.follows = "flake-parts";
+      inputs.flake-utils.follows = "flake-utils";
     };
 
     sops-nix = {
       url = "github:Mic92/sops-nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    # These are used only for common dependencies lock
+    flake-utils.url = "github:numtide/flake-utils";
+    flake-compat = {
+      url = "github:edolstra/flake-compat";
+      flake = false;
+    };
   };
 
   outputs = inputs @ { flake-parts, nixpkgs, ... }:
     let
       myLib = import ./lib { inherit (nixpkgs) lib; };
     in
-    flake-parts.lib.mkFlake { inherit inputs; specialArgs = { inherit myLib; }; } {
+    flake-parts.lib.mkFlake { inherit inputs; } {
       systems = [ "x86_64-linux" "aarch64-darwin" ];
 
-      imports = (myLib.listModules ./flake) ++ [ ./hosts ];
+      imports = myLib.listModules ./flake;
 
       perSystem = { system, ... }: {
         _module.args = {
-          inherit myLib;
           inherit (nixpkgs) lib;
 
-          # Allow installing unfree packages like terraform, vault, ...
           pkgs = import nixpkgs {
             inherit system;
+
+            overlays = [ inputs.vscode-extensions.overlays.default ];
+
+            # Allow installing unfree packages like terraform, vault, ...
             config.allowUnfree = true;
           };
         };
       };
 
-      # Make sure my custom functions don't do anything stupid
-      flake.tests = import ./tests {
-        inherit myLib;
-        inherit (nixpkgs) lib;
+      flake = {
+        # exposed for other submodules to use
+        lib = myLib;
+
+        # Make sure my custom functions don't do anything stupid
+        tests = import ./tests {
+          inherit myLib;
+          inherit (nixpkgs) lib;
+        };
       };
     };
 }

flake/hosts.nix

@@ -0,0 +1,36 @@
+{ inputs, lib, ... }:
+let
+  darwinHosts = [
+    "hoangnguyenhuy"
+  ];
+  nixosHosts = [
+    "artoria"
+  ];
+in
+{
+  flake = {
+    darwinConfigurations = lib.genAttrs darwinHosts
+      (name: inputs.darwin.lib.darwinSystem {
+        specialArgs = { inherit inputs; };
+        modules = [
+          ../darwin
+          ../home-manager
+          {
+            system.stateVersion = 4;
+            networking.computerName = name;
+            networking.hostName = name;
+          }
+        ] ++ (inputs.self.lib.listModules ../hosts/${name});
+      });
+
+    nixosConfigurations = lib.genAttrs nixosHosts
+      (name: lib.nixosSystem {
+        specialArgs = { inherit inputs; };
+        modules = [
+          ../nixos
+          ../home-manager
+          { networking.hostName = name; }
+        ] ++ (inputs.self.lib.listModules ../hosts/${name});
+      });
+  };
+}

flake/shell.nix

@@ -1,7 +1,7 @@
 _: {
   perSystem = { pkgs, config, ... }: {
     devShells.default = pkgs.mkShellNoCC {
-      name = "dotfiles-nix";
+      name = "nixconfig";
       meta.description = "Development shell for the Nix dotfiles";
       inputsFrom = [ config.treefmt.build.devShell ];
       packages = with pkgs; [
@@ -12,9 +12,6 @@ _: {
         sops
         vim
       ];
-      shellHook = ''
-        export NIX_CONFIG="experimental-features = nix-command flakes"
-      '';
     };
 
     checks = {

flake/treefmt.nix

@@ -3,7 +3,7 @@
 
   perSystem = _: {
     treefmt = {
-      projectRootFile = "flake.nix";
+      projectRootFile = "flake.lock";
 
       programs = {
         statix.enable = true;

home-manager/default.nix

@@ -0,0 +1,19 @@
+{ inputs, ... }: {
+  home-manager = {
+    verbose = true;
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    extraSpecialArgs = { inherit inputs; };
+    backupFileExtension = "old";
+
+    sharedModules = with inputs; [
+      nix-index-database.hmModules.nix-index
+      sops-nix.homeManagerModules.sops
+      {
+        home.stateVersion = "24.05";
+        programs.home-manager.enable = true;
+      }
+    ]
+    ++ (self.lib.listModuleDirsRecursive ./.);
+  };
+}

home-manager/programs/apps/amethyst/default.nix

@@ -1,5 +1,5 @@
 { osConfig, pkgs, lib, ... }: {
-  config = lib.mkIf (osConfig.personal.dotfiles.amethyst.enable && pkgs.stdenv.isDarwin) {
+  config = lib.mkIf (osConfig.programs.amethyst.enable && pkgs.stdenv.isDarwin) {
     xdg.configFile."amethyst/amethyst.yml" = {
       source = ./amethyst.yml;
     };

home-manager/programs/editors/neovim/default.nix

@@ -23,7 +23,7 @@
         cd "$nvim_confdir"
         git pull origin main
       else
-        git clone --depth=1 --branch=main https://gitlab.com/FollieHiyuki/nvim.git "$nvim_confdir"
+        git clone --depth=1 --branch=main https://gitlab.com/folliehiyuki/nvim.git "$nvim_confdir"
       fi
     '';
   };

home-manager/programs/editors/vscode/default.nix

@@ -0,0 +1,15 @@
+{ osConfig, lib, pkgs, ... }: {
+  config = lib.mkIf osConfig.personal.dotfiles.vscode.enable {
+    programs.vscode = {
+      enable = true;
+      package = pkgs.vscodium;
+      enableUpdateCheck = false;
+      enableExtensionUpdateCheck = false;
+    };
+
+    home.activation.enableVscodeKeyRepeating = lib.mkIf pkgs.stdenv.isDarwin ''
+      /usr/bin/defaults write com.vscodium ApplePressAndHoldEnabled -bool false
+      /usr/bin/defaults write com.microsoft.VSCode ApplePressAndHoldEnabled -bool false
+    '';
+  };
+}

hosts/darwin/hoangnguyenhuy/configuration.nix

@@ -1,104 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  username = config.personal.user.name;
-in
-{
-  personal.dotfiles = import ./home.nix { inherit lib; };
-
-  personal.user = {
-    name = "hoang.nguyenhuy";
-    description = "Hoang Nguyen Huy";
-    email = "hoang.nguyenhuy@optimizely.com";
-    gpgPubKey = "4DDE6212A7FDB0E1";
-
-    # Ref: https://github.com/LnL7/nix-darwin/issues/122
-    # so no fish-shell then
-    shell = "zsh";
-
-    packages = with pkgs; [
-      age
-      aws-sso-cli
-      awscli2
-      cargo
-      chafa
-      croc
-      cue
-      dbeaver
-      delve
-      fd
-      ghq
-      gnumake
-      go
-      go-tools
-      gojq
-      golangci-lint
-      gopls
-      gvproxy # used for podman-machine's host network
-      (hunspellWithDicts (with hunspellDicts; [ en_US-large ]))
-      iterm2
-      kubectl
-      kubectx
-      kubernetes-helm
-      lima
-      mage
-      minikube
-      nil
-      packer
-      podman
-      qemu_kvm
-      s5cmd
-      shellcheck
-      sops
-      ssm-session-manager-plugin
-      stern
-      terraform
-      terraform-ls
-      vault
-      youtube-music
-    ];
-  };
-
-  environment.pathsToLink = [
-    "/share/qemu" # expose edk2-aarch64-code.fd in a stable path for podman/minikube
-  ];
-
-  fonts.fonts = with pkgs; [
-    sarasa-gothic
-    iosevka-bin
-    (iosevka-bin.override { variant = "aile"; })
-    (iosevka-bin.override { variant = "etoile"; })
-    (nerdfonts.override { fonts = [ "IosevkaTerm" ]; })
-  ];
-
-  homebrew = {
-    casks = [
-      "aws-vpn-client"
-      "displaylink"
-      "keepassxc" # the brew formulae comes with keepassxc-cli, while the package from nixpkgs only has .app file
-      "maccy"
-      "openlens"
-    ];
-
-    # NOTE: these are used for pkgs.minikube
-    # Ref: https://minikube.sigs.k8s.io/docs/drivers/qemu/
-    brews = [
-      "socket_vmnet" # remember to run `brew services start socket_vmnet` as root afterward
-      "pulumi" # pulumi packages in NixOS repository are pretty outdated (and no pulumi-language-yaml)
-    ];
-    taps = [
-      "homebrew/services"
-    ];
-  };
-
-  nix.settings.allowed-users = [ "@admin" "@nixbld" "${username}" ];
-
-  # NOTE: re-apply this configuration whenever MacOS does a system upgrade
-  security.pam.enableSudoTouchIdAuth = true;
-
-  system.activationScripts.postActivation.text = ''
-    sudo chsh -s ${pkgs.zsh}/bin/zsh ${username}
-    sudo -u ${username} /opt/homebrew/bin/brew analytics off
-  '';
-
-  nixpkgs.hostPlatform = "aarch64-darwin";
-}

hosts/darwin/hoangnguyenhuy/home.nix

@@ -1,25 +0,0 @@
-{ lib, ... }: lib.recursiveUpdate
-  (builtins.listToAttrs (builtins.map
-    (elem: {
-      name = elem;
-      value.enable = true;
-    })
-    [
-      "amethyst"
-      "bat"
-      "direnv"
-      "emacs"
-      "fzf"
-      "gh"
-      "git"
-      "gpg"
-      "k9s"
-      "lsd"
-      "neovim"
-      "pnpm"
-      "ripgrep"
-      "starship"
-      "vscode"
-      "zoxide"
-    ]))
-{ neovim.defaultEditor = true; }

hosts/default.nix

@@ -1,55 +0,0 @@
-{ inputs, lib, myLib, ... }:
-let
-  machines = lib.mapAttrs
-    (x: _: builtins.attrNames (myLib.filterDirs ./${x}))
-    (myLib.filterDirs ./.);
-
-  osConfigurations = os: builtins.listToAttrs (builtins.map
-    (host:
-      let
-        hostModules = with inputs; {
-          nixos = [
-            disko.nixosModules.disko
-            home-manager.nixosModules.home-manager
-            impermanence.nixosModules.impermanence
-            sops-nix.nixosModules.sops
-            ../modules/nixos
-          ];
-
-          darwin = [
-            home-manager.darwinModules.home-manager
-            {
-              system.stateVersion = 4;
-              networking.computerName = host;
-            }
-            ../modules/darwin
-          ];
-        };
-
-        commonModules = [
-          { networking.hostName = host; }
-          ../modules/common
-          ../modules/home-manager
-          ./${os}/${host}/configuration.nix
-        ];
-
-        osSystem = {
-          nixos = inputs.nixpkgs.lib.nixosSystem;
-          darwin = inputs.darwin.lib.darwinSystem;
-        };
-      in
-      {
-        name = host;
-        value = osSystem.${os} {
-          specialArgs = { inherit inputs lib myLib; };
-          modules = commonModules ++ hostModules.${os};
-        };
-      })
-    machines.${os});
-in
-{
-  flake = {
-    darwinConfigurations = osConfigurations "darwin";
-    nixosConfigurations = osConfigurations "nixos";
-  };
-}

hosts/hoangnguyenhuy/configuration.nix

@@ -0,0 +1,47 @@
+{ pkgs, ... }: {
+  environment.pathsToLink = [
+    "/share/qemu" # expose edk2-aarch64-code.fd in a stable path for podman/minikube
+  ];
+
+  environment.shells = [ pkgs.zsh ];
+
+  programs = {
+    amethyst.enable = true;
+    zsh.enable = true;
+  };
+
+  fonts.fonts = with pkgs; [
+    sarasa-gothic
+    iosevka-bin
+    (iosevka-bin.override { variant = "aile"; })
+    (iosevka-bin.override { variant = "etoile"; })
+    (nerdfonts.override { fonts = [ "IosevkaTerm" ]; })
+  ];
+
+  homebrew = {
+    casks = [
+      "aws-vpn-client"
+      "displaylink"
+      "keepassxc" # the brew formulae comes with keepassxc-cli, while the package from nixpkgs only has .app file
+      "maccy"
+      "openlens"
+    ];
+
+    # NOTE: these are used for pkgs.minikube
+    # Ref: https://minikube.sigs.k8s.io/docs/drivers/qemu/
+    brews = [
+      "socket_vmnet" # remember to run `brew services start socket_vmnet` as root afterward
+      "pulumi" # pulumi packages in NixOS repository are pretty outdated (and no pulumi-language-yaml)
+    ];
+    taps = [
+      "homebrew/services"
+    ];
+  };
+
+  # NOTE: re-apply this configuration whenever MacOS does a system upgrade
+  security.pam.enableSudoTouchIdAuth = true;
+
+  nix.settings.allowed-users = [ "@admin" ];
+
+  nixpkgs.hostPlatform = "aarch64-darwin";
+}

hosts/hoangnguyenhuy/user.nix

@@ -0,0 +1,134 @@
+{ pkgs, ... }:
+let
+  username = "hoang.nguyenhuy";
+in
+{
+  nix.settings.allowed-users = [ username ];
+
+  users.users.${username} = {
+    home = "/Users/${username}";
+    description = "Hoang Nguyen Huy";
+
+    # Ref: https://github.com/LnL7/nix-darwin/issues/122
+    # so no fish-shell then
+    shell = pkgs.zsh;
+
+    packages = with pkgs; [
+      age
+      aws-sso-cli
+      awscli2
+      cargo
+      chafa
+      croc
+      cue
+      dbeaver
+      docker-buildx
+      docker-client
+      docker-compose
+      fd
+      ghq
+      gnumake
+      go
+      gojq
+      golangci-lint
+      (hunspellWithDicts (with hunspellDicts; [ en_US-large ]))
+      iterm2
+      kubectl
+      kubectx
+      kubernetes-helm
+      lima
+      minikube
+      packer
+      qemu_kvm
+      s5cmd
+      shellcheck
+      sops
+      (ssm-session-manager-plugin.overrideAttrs { doCheck = false; })
+      stern
+      (terraform.overrideAttrs { doCheck = false; })
+      (vault.overrideAttrs { doCheck = false; })
+      youtube-music
+    ];
+  };
+
+  system.activationScripts.postActivation.text = ''
+    sudo chsh -s ${pkgs.zsh}/bin/zsh ${username}
+    sudo -u ${username} /opt/homebrew/bin/brew analytics off
+  '';
+
+  home-manager.users.${username}.programs = {
+    bat.enable = true;
+    direnv.enable = true;
+    emacs.enable = true;
+    fzf.enable = true;
+    gh.enable = true;
+    git = {
+      enable = true;
+      signing.key = "4DDE6212A7FDB0E1";
+      userEmail = "hoang.nguyenhuy@optimizely.com";
+    };
+    gpg.enable = true;
+    k9s.enable = true;
+    lsd.enable = true;
+    neovim = {
+      enable = true;
+      defaultEditor = true;
+    };
+    pnpm.enable = true;
+    ripgrep.enable = true;
+    starship.enable = true;
+    vscode = {
+      enable = true;
+
+      # These extensions come from `nix-vscode-extensions` overlay (set via nixpkgs.overlays)
+      extensions = with pkgs; [
+        open-vsx-release.arcticicestudio.nord-visual-studio-code
+        open-vsx-release.asciidoctor.asciidoctor-vscode
+        open-vsx-release.brody715.vscode-cuelang
+        open-vsx-release.coenraads.bracket-pair-colorizer-2
+        open-vsx-release.editorconfig.editorconfig
+        open-vsx-release.golang.go
+        open-vsx-release.grafana.vscode-jsonnet
+        open-vsx-release.hashicorp.terraform
+        open-vsx-release.jnoortheen.nix-ide
+        open-vsx-release.mads-hartmann.bash-ide-vscode
+        open-vsx-release.ms-kubernetes-tools.vscode-kubernetes-tools
+        open-vsx-release.pkief.material-icon-theme
+        # open-vsx-release.tabbyml.vscode-tabby
+        vscode-marketplace.tsandall.opa
+        open-vsx-release.vscodevim.vim
+      ];
+
+      userSettings = {
+        "workbench.colorTheme" = "Nord";
+        "workbench.iconTheme" = "material-icon-theme";
+        "asciidoc.preview.fontSize" = 16;
+        "markdown.preview.fontSize" = 16;
+        "terminal.integrated.fontFamily" = "'IosevkaTerm Nerd Font', Iosevka, monospace";
+        "terminal.integrated.fontSize" = 16;
+        "chat.editor.fontSize" = 16;
+        "debug.console.fontSize" = 16;
+        "scm.inputFontSize" = 16;
+        "editor.fontSize" = 16;
+        "editor.fontFamily" = "Iosevka, Menlo, Monaco, 'Courier New', monospace";
+        "telemetry.telemetryLevel" = "off";
+        "terraform.codelens.referenceCount" = true;
+        "nix.enableLanguageServer" = true;
+        "nix.serverPath" = "nil";
+        "bracket-pair-colorizer-2.showHorizontalScopeLine" = false;
+        "bracket-pair-colorizer-2.forceUniqueOpeningColor" = true;
+        "bracket-pair-colorizer-2.colors" = [ "#d08770" "#ebcb8b" "#a3be8c" "#88c0d0" "#81a1c1" "#b48ead" ];
+        "bracket-pair-colorizer-2.unmatchedScopeColor" = "#bf616a";
+        "redhat.telemetry.enabled" = false;
+        "yaml.format.printWidth" = 120;
+        "jsonnet.languageServer.enableAutoUpdate" = false;
+
+        # To start tabby local API service: `tabby serve --port 10069 --device metal --model TabbyML/StarCoder-3B`
+        "tabby.api.endpoint" = "http://127.0.0.1:10069";
+        "tabby.inlineCompletion.triggerMode" = "manual";
+        "tabby.usage.anonymousUsageTracking" = true; # this settings actually disables telemetry (pretty weird naming)
+      };
+    };
+    zoxide.enable = true;
+  };
+}

modules/common/default.nix

@@ -1,68 +0,0 @@
-{ inputs, config, options, lib, pkgs, ... }: {
-  options.personal.user =
-    let
-      inherit (lib) types;
-    in
-    with lib; {
-      packages = mkOption {
-        type = with types; listOf package;
-        default = [ ];
-        description = "Mirror of users.users.<name>.packages and home.packages";
-      };
-      name = mkOption {
-        type = types.str;
-        default = "follie";
-        description = "Username of the configured user";
-      };
-      description = mkOption {
-        type = types.str;
-        default = "Hoang Nguyen";
-        description = "The full name of the configured user";
-      };
-      shell = mkOption {
-        type = types.enum [ "zsh" "fish" ];
-        default = "fish";
-        description = "The name of user's login shell";
-      };
-      email = mkOption {
-        type = types.str;
-        default = "folliekazetani@protonmail.com";
-        description = "Email address of the configured user";
-      };
-      gpgPubKey = mkOption {
-        type = types.str;
-        default = "B0567C20730E9B11";
-      };
-    };
-
-  config =
-    let
-      inherit (config.personal) user;
-    in
-    {
-      users.users.${config.personal.user.name} = {
-        inherit (config.personal.user) name description;
-
-        shell = pkgs.${user.shell};
-        packages = lib.mkAliasDefinitions options.personal.user.packages;
-      };
-
-      # I don't use GNU's info
-      documentation.info.enable = false;
-
-      programs.${user.shell}.enable = true;
-      environment.shells = [ pkgs.${user.shell} ];
-
-      # Just expose everything possible so shell completion works
-      environment.pathsToLink = [
-        "/share/fish"
-        "/share/zsh"
-        "/share/bash-completion"
-      ];
-
-      fonts.fontDir.enable = true;
-
-      nix = import ./nix-conf.nix { inherit inputs lib pkgs; };
-      nixpkgs.config.allowUnfree = true;
-    };
-}

modules/common/nix-conf.nix

@@ -1,47 +0,0 @@
-{ inputs, lib, ... }:
-let
-  registryInputs =
-    lib.mapAttrs (_: val: { flake = val; })
-      (lib.filterAttrs (name: _: name != "self") inputs);
-in
-{
-  nixPath = [
-    "nixpkgs=${inputs.nixpkgs}"
-    "/nix/var/nix/profiles/per-user/root/channels"
-  ];
-
-  registry = registryInputs // { dotfiles.flake = inputs.self; };
-
-  settings = {
-    auto-allocate-uids = false;
-    auto-optimise-store = true;
-    sandbox = true;
-    keep-outputs = true;
-    use-xdg-base-directories = true;
-    http-connections = 0;
-    max-jobs = "auto";
-    trusted-users = [ "root" ];
-
-    # Flakes are used explicitly, so don't imply any URLs
-    flake-registry = builtins.toFile "empty-registry.json" (builtins.toJSON {
-      flakes = [ ];
-      version = 2;
-    });
-
-    experimental-features = [
-      "auto-allocate-uids"
-      "ca-derivations"
-      "flakes"
-      "nix-command"
-    ];
-
-    trusted-substituters = [
-      "https://cache.nixos.org"
-      "https://nix-community.cachix.org"
-    ];
-    trusted-public-keys = [
-      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-    ];
-  };
-}

modules/darwin/amethyst.nix

@@ -1,7 +0,0 @@
-{ config, lib, ... }:
-lib.mkIf config.personal.dotfiles.amethyst.enable
-{
-  # Allow the app to control the computer in Privacy & Security > Accessibility
-  homebrew.casks = [ "amethyst" ];
-  system.defaults.dock.mru-spaces = false;
-}

modules/home-manager/default.nix

@@ -1,75 +0,0 @@
-{ inputs, config, lib, myLib, pkgs, ... }: {
-  options.personal.dotfiles =
-    let
-      inherit (lib) types;
-    in
-    with lib; {
-      amethyst.enable = mkEnableOption "amethyst";
-
-      bat.enable = mkEnableOption "bat";
-
-      direnv.enable = mkEnableOption "direnv";
-
-      emacs = {
-        enable = mkEnableOption "emacs";
-        defaultEditor = mkOption {
-          type = types.bool;
-          default = false;
-          description = "Whether to set Emacs client as the default EDITOR";
-        };
-      };
-
-      fzf.enable = mkEnableOption "fzf";
-
-      gh.enable = mkEnableOption "gh";
-
-      git.enable = mkEnableOption "git";
-
-      gpg = {
-        enable = mkEnableOption "gpg";
-        pinentryFlavor = mkOption {
-          type = types.nullOr (types.enum pkgs.pinentry.flavors);
-          default = "qt";
-          description = "The pinentry interface to use";
-        };
-      };
-
-      k9s.enable = mkEnableOption "k9s";
-
-      lsd.enable = mkEnableOption "lsd";
-
-      neovim = {
-        enable = mkEnableOption "neovim";
-        defaultEditor = mkOption {
-          type = types.bool;
-          default = false;
-          description = "Whether to set Neovim as the default EDITOR";
-        };
-      };
-
-      pnpm.enable = mkEnableOption "pnpm";
-
-      ripgrep.enable = mkEnableOption "ripgrep";
-
-      starship.enable = mkEnableOption "starship";
-
-      vscode.enable = mkEnableOption "vscode";
-
-      zoxide.enable = mkEnableOption "zoxide";
-    };
-
-  config.home-manager = {
-    verbose = true;
-    useGlobalPkgs = true;
-    useUserPackages = true;
-    extraSpecialArgs = { inherit inputs myLib; };
-    backupFileExtension = "old";
-
-    sharedModules = with inputs; [
-      nix-index-database.hmModules.nix-index
-      sops-nix.homeManagerModules.sops
-    ];
-
-    users.${config.personal.user.name} = import ./home.nix;
-  };
-}

modules/home-manager/home.nix

@@ -1,18 +0,0 @@
-{ osConfig, myLib, ... }: {
-  imports = myLib.listModuleDirsRecursive ./.;
-
-  config =
-    let
-      inherit (osConfig.personal.user) name;
-    in
-    {
-      home = {
-        stateVersion = "23.11";
-
-        username = name;
-        homeDirectory = osConfig.users.users.${name}.home;
-      };
-
-      programs.home-manager.enable = true;
-    };
-}

modules/home-manager/programs/editors/vscode/default.nix

@@ -1,64 +0,0 @@
-# NOTE: don't install extensions via `programs.vscode.extensions`, since the packages from Nix repo might be outdated
-# List of extensions to install:
-# - arcticicestudio.nord-visual-studio-code
-# - asciidoctor.asciidoctor-vscode
-# - brody715.vscode-cuelang
-# - coenraads.bracket-pair-colorizer-2
-# - editorconfig.editorconfig
-# - golang.go
-# - grafana.vscode-jsonnet
-# - hashicorp.hcl
-# - hashicorp.terraform
-# - jnoortheen.nix-ide
-# - mads-hartmann.bash-ide-vscode
-# - ms-kubernetes-tools.vscode-kubernetes-tools
-# - pkief.material-icon-theme
-# - tabbyml.vscode-tabby
-# - tsandall.opa
-# - vscodevim.vim
-
-{ osConfig, lib, pkgs, ... }: {
-  config = lib.mkIf osConfig.personal.dotfiles.vscode.enable {
-    programs.vscode = {
-      enable = true;
-      package = pkgs.vscodium;
-      enableUpdateCheck = false;
-      enableExtensionUpdateCheck = false;
-      userSettings = {
-        "workbench.colorTheme" = "Nord";
-        "workbench.iconTheme" = "material-icon-theme";
-        "asciidoc.preview.fontSize" = 16;
-        "markdown.preview.fontSize" = 16;
-        "terminal.integrated.fontFamily" = "'IosevkaTerm Nerd Font', Iosevka, monospace";
-        "terminal.integrated.fontSize" = 16;
-        "chat.editor.fontSize" = 16;
-        "debug.console.fontSize" = 16;
-        "scm.inputFontSize" = 16;
-        "editor.fontSize" = 16;
-        "editor.fontFamily" = "Iosevka, Menlo, Monaco, 'Courier New', monospace";
-        "telemetry.telemetryLevel" = "off";
-        "terraform.codelens.referenceCount" = true;
-        "nix.enableLanguageServer" = true;
-        "nix.serverPath" = "nil";
-        "bracket-pair-colorizer-2.showHorizontalScopeLine" = false;
-        "bracket-pair-colorizer-2.forceUniqueOpeningColor" = true;
-        "bracket-pair-colorizer-2.colors" = [ "#d08770" "#ebcb8b" "#a3be8c" "#88c0d0" "#81a1c1" "#b48ead" ];
-        "bracket-pair-colorizer-2.unmatchedScopeColor" = "#bf616a";
-        "redhat.telemetry.enabled" = false;
-        "yaml.format.printWidth" = 120;
-        "jsonnet.languageServer.enableAutoUpdate" = false;
-
-        # To start tabby local API service: `tabby serve --port 10069 --device metal --model TabbyML/StarCoder-3B`
-        "tabby.api.endpoint" = "http://127.0.0.1:10069";
-        "tabby.inlineCompletion.triggerMode" = "manual";
-        "tabby.usage.anonymousUsageTracking" = true; # this settings actually disables telemetry (pretty weird naming)
-      };
-    };
-
-    home.activation.enableVscodeKeyRepeating = lib.mkIf pkgs.stdenv.isDarwin ''
-      /usr/bin/defaults write com.vscodium ApplePressAndHoldEnabled -bool false
-      /usr/bin/defaults write com.microsoft.VSCode ApplePressAndHoldEnabled -bool false
-    '';
-  };
-
-}

modules/nixos/default.nix

@@ -1,24 +0,0 @@
-{ config, ... }:
-let
-  username = config.personal.user.name;
-in
-{
-  config = {
-    users.users.${username} = {
-      home = "/home/${username}";
-      group = "users";
-      isNormalUser = true;
-    };
-
-    documentation.man.generateCaches = true;
-
-    nix.gc = {
-      automatic = true;
-      options = "--delete-older-than 7d";
-      dates = "weekly";
-      persistent = true;
-    };
-
-    nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ];
-  };
-}

nixos/common.nix

@@ -0,0 +1,78 @@
+# INFO: this module is also sourced by Darwin hosts
+{ inputs, lib, ... }:
+let
+  registryInputs =
+    lib.mapAttrs (_: val: { flake = val; })
+      (lib.filterAttrs (name: value: name != "self" && value.flake) inputs);
+in
+{
+  # I don't use GNU's info
+  documentation.info.enable = false;
+
+  # Just expose everything possible so shell completion works
+  environment.pathsToLink = [
+    "/share/fish"
+    "/share/zsh"
+    "/share/bash-completion"
+  ];
+
+  fonts.fontDir.enable = true;
+
+  nix.nixPath = [
+    "nixpkgs=${inputs.nixpkgs}"
+    "/nix/var/nix/profiles/per-user/root/channels"
+  ];
+
+  nix.registry = registryInputs // { dotfiles.flake = inputs.self; };
+
+  nix.settings = {
+    auto-allocate-uids = true;
+    auto-optimise-store = true;
+    sandbox = true;
+    keep-outputs = true;
+    use-xdg-base-directories = true;
+    http-connections = 0;
+    max-jobs = "auto";
+    trusted-users = [ "root" ];
+
+    # Fallback quickly if substituters are not available.
+    connect-timeout = 5;
+
+    # Avoid copying unnecessary stuff over SSH
+    builders-use-substitutes = true;
+
+    # Avoid disk full issues
+    max-free = 3000 * 1024 * 1024;
+    min-free = 512 * 1024 * 1024;
+
+    # The default at 10 is rarely enough.
+    log-lines = 25;
+
+    # Flakes are set explicitly via nix.registry, so don't imply any URLs here
+    flake-registry = builtins.toFile "empty-registry.json" (builtins.toJSON {
+      flakes = [ ];
+      version = 2;
+    });
+
+    experimental-features = [
+      "auto-allocate-uids"
+      "ca-derivations"
+      "flakes"
+      "nix-command"
+    ];
+
+    trusted-substituters = [
+      "https://cache.nixos.org"
+      "https://nix-community.cachix.org"
+      # "https://numtide.cachix.org"
+    ];
+    trusted-public-keys = [
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      # "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
+    ];
+  };
+
+  nixpkgs.config.allowUnfree = true;
+  nixpkgs.overlays = [ inputs.vscode-extensions.overlays.default ];
+}

nixos/default.nix

@@ -0,0 +1,25 @@
+{ inputs, ... }: {
+  imports = with inputs; [
+    disko.nixosModules.disko
+    home-manager.nixosModules.home-manager
+    impermanence.nixosModules.impermanence
+    sops-nix.nixosModules.sops
+  ] ++ (self.lib.listModules ./.);
+
+  config = {
+    documentation.man.generateCaches = true;
+
+    # cgroups isn't available on MacOS
+    nix.use-cgroups = true;
+    nix.settings.experimental-features = [ "cgroups" ];
+
+    nix.gc = {
+      automatic = true;
+      options = "--delete-older-than 7d";
+      dates = "weekly";
+      persistent = true;
+    };
+
+    nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ];
+  };
+}

secrets.json

@@ -0,0 +1,27 @@
+{
+	"home-manager": {
+		"gallery-dl": {
+			"pixiv_refresh_token": "ENC[AES256_GCM,data:Th15zT4X079p/SDHGIuMISyRndgx0mmhBLKOSG/LIbY0eSqhGHV4egSoCg==,iv:17kRRV7mYpelaa2DALnn6vpfUHZz1/mSayr31i8sJAE=,tag:JhFBJhU9EreRUpOrCkADDw==,type:str]"
+		}
+	},
+	"hosts": {
+		"artoria": {}
+	},
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age1qjdsw949yvhlkttldda5ar4t0mma9vwey8gal425qckh67h7taws96vsey",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1WEhYenJXeUJZWHhoZ2x6\nblBqR1VwM2JieFExMkpGYm5BTm55RjI1QW1BCjJ2bVVrQUhrVUJIWGVnM0ZLWkRK\nZk56L2Q4Nk5tQWswQ3B2cHVDeVIzZWsKLS0tIFFLbW5vY1hNaENjKzVFMmViOC9Q\nV0FyQlNlWUw2QThjK0ZOdWpadER3eUUK6b2u46sgIq3wkTgwKN0iZCR2TaFeJF7X\nbkyMjhTvGFOzh/KSMQDFoZMGaP/Tna04PLvXIYj3HOMnU3q3VV6IjQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-01-25T16:35:08Z",
+		"mac": "ENC[AES256_GCM,data:XAtK4hHr5IMg1Mbo/MUf9wBBocbDmMv0iN9+R5rkRw/6D2vUo9GtTe6YNkJuDVeDIQO5z2nwkbMob0rDa7za4eDv4QckuD2nbIE1WLBP+Fn9lpRlluFuZBks2SxWmwk36je1b6cw0lvmjqi/6uaKtkGJ8nTT9K4JdZNxirsA+mg=,iv:vPh6bydN2yO7qLHqDVwOmWdkZvTEaDf87ErQZEwbQWk=,tag:ibPyyVa0iWiQx+cHZlL4XA==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}