• macOS: home-manager only (I don't employ nix-darwin).
• Linux: NixOS with embeded home-manager.
• linux distribution like ubuntu: home-manager only.

• Update sops keys: make update-sops
• Edit encrypted information(files, ..): make edit-backup
• Make global flake registry consistent with this flake repo: make pin-registry

Clone this directory and place it in the home directory (for neovim and chezmoi).

Firstly, put the following content in the file /etc/nix/nix.conf:

build-users-group = nixbld
experimental-features = nix-command flakes
trusted-users = root penglei

Then, do initialize:

❯ nix --extra-experimental-features nix-command --extra-experimental-features flakes run nixpkgs#home-manager switch -- --flake .#penglei.aarch64-darwin

In a flake directory, we can employ direnv to initialize the shell using use flake automatically. However, subsequently adding packages temporarily by nix shell ... does not take effect in this shell. The reason is that the path priority in its PATH variable is incorrect, and the fundamental cause is that subshells reinitialize by reading configurations (such as zshrc) are not reentrant. The following configuration can solve this problem:

XDG_DATA_DIRS=${XDG_DATA_DIRS:-/usr/local/share:/usr/share}
export NIX_PROFILES="/nix/var/nix/profiles/default $HOME/.nix-profile"

setopt local_options shwordsplit
export NIX_SSL_CERT_FILE=/etc/ssl/cert.pem
for i in $NIX_PROFILES; do
  if [ ! -e "$NIX_SSL_CERT_FILE" ]; then
    if [ -e "$i/etc/ssl/certs/ca-bundle.crt" ]; then
      export NIX_SSL_CERT_FILE=$i/etc/ssl/certs/ca-bundle.crt
    fi
  fi

  #if ! (($path[(I)$i/bin])); #zsh style
  if [ -e "$i/bin" ]; then
    if ! [[ :$PATH: == *:"$i/bin":* ]]; then
      export PATH="$i/bin:$PATH"
    fi
  fi
  if [ -e "$i/share" ]; then
    if ! [[ :$XDG_DATA_DIRS == *:"$i/share"* ]]; then
      export XDG_DATA_DIRS="$XDG_DATA_DIRS:$i/share"
    fi
  fi
done
unset i

The nix installer initialize shell env by:

# Nix
if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
 . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
fi
# End Nix

If ssl has been broken (e.g. run nix profile remove cacert ), set env explicitly:

if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
 . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
fi
if [ ! -e "$NIX_SSL_CERT_FILE" ]; then
  export NIX_SSL_CERT_FILE=/etc/ssl/cert.pem
fi

Add the following content to /etc/sudoers.d/user

penglei ALL=(root) NOPASSWD: /usr/bin/su -

pam_smartcard module has enabled by default, we needn't do anything more.

1. Disable most default keyboard shortcuts.

   Launchpad & Dock, Mission Control, Keyboard, Services, Spotlight,

   In Mission Control, modify keyboard shortcuts like this:

   1. Option + Up: Mission Control
   2. Option + Down: Application window

2. Modifer Keys: Caps Lock -> Control

3. Disable "Automatically rearrange Spaces based on most recent use" in Desktop & Dock > Mission Control

1. restore passage and gpg keys: make restore

   After placing the private key in the directory ~/.gnupg/private-keys-v1.d , manually restart the agent:

   ❯ gpgconf --kill gpg-agent
   ❯ gpgconf --launch gpg-agent
   

2. copy zsh command history

To quit app followed by mouse cursor, recommend enabling all additional control configurations:

$ sudo nixos-rebuild switch --flake .

• rollback nixos

  /nix/var/nix/profiles/system-*-link/bin/switch-to-configuration switch
  

• Clean home-manager news

  home-manager news --flake .
  

• Using vim on a freshly installed Linux (NixOS)

  Why: The newly installed NixOS does not come with vim by default(but carrying nano..), Use the following command to temporarily use vim:

  $ nix --extra-experimental-features nix-command --extra-experimental-features flakes shell nixpkgs#vim
  

• Clean journald logs one hour ago

  # journalctl --rotate
  # journalctl --vacuum-time=1h
  

• yabai

  • Installing yabai

    1. Switching between spaces requires disabling sip.

       csrutil enable --without fs --without debug --without nvram
       

    2. configure sudo

       Append the following content to /etc/sudoers.d/user

       penglei ALL=(root) NOPASSWD: /Users/penglei/.nix-profile/bin/yabai --load-sa
       penglei ALL=(root) NOPASSWD: /Users/penglei/.nix-profile/bin/yabai --uninstall-sa
       

       After completing the sudo configuration, we can manually run `sudo yabai --load-sa`` once without waiting for the next reboot.

  • restart yabai daemon

    # launchctl load -F ~/Library/LaunchAgents/org.nix-community.home.yabai.plist
    # launchctl unload -F ~/Library/LaunchAgents/org.nix-community.home.yabai.plist
    # launchctl kickstart -k gui/$(id -u)/org.nix-community.home.yabai
    

• rime/squirrel

  log location:

  • $TMPDIR/rime.squirrel/Squirrel.INFO
  • $TMPDIR/rime.squirrel/Squirrel.WARNING

  Force deployment after updating configuration

  1. Run home-manager switch to link rime configuration again

  2. Clean cache

     rm -rf ~/Library/Rime/build
     

  3. Do squirrel Deploy (click in menu)

  installation.yaml should be writable after upgrading squirrel.

• upgrade nix

  run in root:

  # nix profile install nixpkgs#nix_git
  

• shell expansion

  • https://www.gnu.org/software/bash/manual/html_node/Shell-Parameter-Expansion.html
  • https://zsh.sourceforge.io/Doc/Release/Expansion.html
  • https://zsh.sourceforge.io/Doc/Release/Expansion.html#Modifiers
  • https://zsh.sourceforge.io/Doc/Release/Expansion.html#Parameter-Expansion
  • https://stackoverflow.com/questions/3435355/remove-entry-from-array
  • https://unix.stackexchange.com/questions/411304/how-do-i-check-whether-a-zsh-array-contains-a-given-value

• macOS

  • NSUserDefaults

  • Awesome macOS apps

  • Rime Input Method

    • rime-ice framework
    • Grammer model
    • Shift+space as switcher key

  • Font

    • LaTeX "Kaiti SC" cannot be found
    • Linux fontconfig matching mechanism
    • nerd icon font

• Inject username while employ home-manager alone.