Merge pull request #1 from smg1024/renewal-2026

Renew nix-darwin config via flake and home-manager
2026-05-22 20:32:59 +09:00 · 2026-03-15 02:51:12 +09:00 · 2026-03-15 02:51:12 +09:00 · c8fe444599
commit c8fe444599
parent 5e30ed38cd 357ef7f648
61 changed files with 1881 additions and 292 deletions
--- a/.DS_Store
+++ b/.DS_Store
--- a/.codex/skills/readme/SKILL.md
+++ b/.codex/skills/readme/SKILL.md
@ -0,0 +1,64 @@
 ---
 name: readme
 description: Write and update README.md and README-ko.md for the nix-darwin repository. Use when asked to create new repository documentation, refresh outdated setup/usage instructions, summarize the current project structure, or produce Korean README content.
 ---
 # README Writer
 ## Overview
 Generate high-quality README files for this repository based on current code and
 configuration. Create missing READMEs or update existing ones while preserving
 useful, project-specific content.
 ## Workflow
 1. Inspect repository facts before writing. Use targeted reads of `flake.nix`,
   `Justfile`, `home/`, `modules/`, and `secrets/` plus recent git history. Do
   not invent commands, tools, or directory names.
 2. Select target file and language. Default target is `README.md` in English. If
   user asks for Korean or explicitly requests `README-ko.md`, write Korean
   content to `README-ko.md`. If target is ambiguous, ask one concise
   clarification question.
 3. Draft content before mutating files. Always show a draft summary (or full
   draft when requested) and request explicit confirmation before writing. Use
   concise, actionable prose and include concrete commands that work in this
   repository.
 4. Create or update safely. If the target README does not exist, create it. If
   it exists, retain useful custom sections and update stale technical details.
   Avoid deleting user-authored content unless it is clearly obsolete and
   replaced by accurate content.
 5. Validate the result. Re-check that all commands and paths referenced in the
   README exist in the repository. Ensure headings are clear, markdown is valid,
   and tone is professional.
 ## Recommended README Structure
 - Title and short description
 - Prerequisites (Nix/macOS assumptions when relevant)
 - Repository layout (`home/`, `modules/`, `secrets/`, root files)
 - Key commands (`just darwin`, `just darwin-debug`, `just fmt`, update/cleanup
  commands)
 - Configuration and secrets notes (`.sops.yaml`, `secrets/*.yaml`)
 - Common workflows (apply config, update flake inputs, debug build issues)
 Adapt section names if user requests a different format, but keep the content
 repository-specific.
 ## Output Rules
 - Prefer concise explanations over long tutorials.
 - Keep examples runnable from repository root.
 - Use Markdown headings and fenced code blocks for commands.
 - Do not include placeholders like "TODO" in final README output.
 - For bilingual requests, keep language consistent per file (no mixed-language
  sections unless requested).
 ## Confirmation Requirement
 Never write or overwrite `README.md` or `README-ko.md` without explicit user
 confirmation in the current conversation.
--- a/.codex/skills/readme/agents/openai.yaml
+++ b/.codex/skills/readme/agents/openai.yaml
@ -0,0 +1,4 @@
 interface:
  display_name: "README Writer"
  short_description: "Draft and update repository README files"
  default_prompt: "Use $readme to create or update README.md for this repository after showing a draft and requesting confirmation."
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,6 @@
 # MacOS
 .DS_Store
 # Nix
 result
 .cache
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,7 @@
 keys:
  - &poby age1qeyrh6e40nek3da4mnj298cy2l3aswe7432us30d2p93akcvp9zqext63j
 creation_rules:
  - path_regex: secrets/.*\.yaml$
    key_groups:
      - age:
        - *poby
--- a/AGENTS.md
+++ b/AGENTS.md
@ -0,0 +1,69 @@
 # Repository Guidelines
 ## Project Structure & Module Organization
 This repository is a declarative macOS setup built with Nix flakes.
 - `flake.nix` and `flake.lock`: entrypoint and pinned inputs.
 - `modules/`: system-level nix-darwin modules (`nix-core.nix`, `system.nix`,
  `apps.nix`, `host-users.nix`).
 - `home/`: Home Manager user configuration, with feature modules such as
  `git.nix`, `zsh.nix`, and `nvf/`.
 - `secrets/`: encrypted SOPS files (for example `secrets/poby.yaml`).
 - `Justfile`: day-to-day contributor commands.
 Prefer adding new configuration as small focused modules, then importing them
 from `home/default.nix` or `flake.nix`.
 ## Build, Test, and Development Commands
 Use `just` as the primary interface:
 - `just darwin <hostname>`: build and switch to the current host (ex: `fenrir`).
 - `just darwin-debug <hostname>`: same as above with verbose trace output.
 - `just fmt`: format all Nix files via `nix fmt` (Alejandra).
 - `just up`: update all flake inputs.
 - `just upp <input>`: update one input (example: `just upp nixpkgs-darwin`).
 - `just history`, `just gc`, `just clean`: inspect and prune Nix
  generations/store.
 For validation without switching, run:
 `nix build .#darwinConfigurations.fenrir.system --extra-experimental-features 'nix-command flakes'`.
 ## Coding Style & Naming Conventions
 - Use 2-space indentation in `.nix` files and keep attribute sets readable.
 - Run `just fmt` before committing; formatter is defined in `flake.nix`
  (`alejandra`).
 - Name module files in lowercase kebab-case (example: `host-users.nix`).
 - Keep modules single-purpose and compose through `imports`.
 ## Testing Guidelines
 There is no dedicated unit-test suite in this repo. Treat evaluation/build as
 the test gate:
 - Run `just fmt`.
 - Run `nix build .#darwinConfigurations.fenrir.system`.
 - Use `just darwin-debug` when diagnosing evaluation/runtime issues.
 Document manual verification for user-facing changes (shell, terminal, window
 manager, app defaults).
 ## Commit & Pull Request Guidelines
 Commit history follows Conventional Commit style: `feat:`, `fix:`, `refactor:`,
 `style:`.
 - Keep subject lines imperative and concise.
 - Scope each commit to one logical change.
 - In PRs, include: summary, affected modules/paths, command output used for
  validation, and any relevant screenshots for UI changes (for example
  WezTerm/AeroSpace behavior).
 ## Security & Configuration Tips
 - Never commit plaintext secrets.
 - Store secrets only in `secrets/*.yaml` and manage keys/rules in `.sops.yaml`.
 - If adding new secret files, ensure `path_regex` coverage and encrypted content
  before pushing.
--- a/78
+++ b/78
@ -0,0 +1,78 @@
 # just is a command runner, Justfile is very similar to Makefile, but simpler.
 # List all the just commands
 default:
  @just --list
 ############################################################################
 #
 #  Darwin related commands
 #
 ############################################################################
 [group('desktop')]
 darwin hostname:
  nix build .#darwinConfigurations.{{hostname}}.system \
    --extra-experimental-features 'nix-command flakes'
  sudo -E ./result/sw/bin/darwin-rebuild switch --flake .#{{hostname}}
 [group('desktop')]
 darwin-debug hostname:
  nix build .#darwinConfigurations.{{hostname}}.system --show-trace --verbose \
    --extra-experimental-features 'nix-command flakes'
  sudo -E ./result/sw/bin/darwin-rebuild switch --flake .#{{hostname}} --show-trace --verbose
 ############################################################################
 #
 #  nix related commands
 #
 ############################################################################
 # Update all the flake inputs
 [group('nix')]
 up:
  nix flake update
 # Update specific input
 # Usage: just upp nixpkgs
 [group('nix')]
 upp input:
  nix flake update {{input}}
 # List all generations of the system profile
 [group('nix')]
 history:
  nix profile history --profile /nix/var/nix/profiles/system
 # Open a nix shell with the flake
 [group('nix')]
 repl:
  nix repl -f flake:nixpkgs
 # remove all generations older than 7 days
 # on darwin, you may need to switch to root user to run this command
 [group('nix')]
 clean:
  sudo nix profile wipe-history --profile /nix/var/nix/profiles/system  --older-than 7d
 # Garbage collect all unused nix store entries
 [group('nix')]
 gc:
  # garbage collect all unused nix store entries(system-wide)
  sudo nix-collect-garbage --delete-older-than 7d
  # garbage collect all unused nix store entries(for the user - home-manager)
  # https://github.com/NixOS/nix/issues/8508
  nix-collect-garbage --delete-older-than 7d
 [group('nix')]
 fmt range:
  # format the nix files in this repo
  nix fmt {{range}}
 # Show all the auto gc roots in the nix store
 [group('nix')]
 gcroot:
  ls -al /nix/var/nix/gcroots/auto/
--- a/README.md
+++ b/README.md
@ -0,0 +1,81 @@
 # nix-darwin
 Declarative macOS setup for host `fenrir` using `nix-darwin`, `home-manager`,
 `nix-homebrew`, and `sops-nix`.
 ## What This Repo Manages
 - System-level macOS configuration (`modules/`)
 - User-level tooling and shell/editor setup (`home/`)
 - Declarative Homebrew taps/apps/casks
 - Encrypted secrets via SOPS (`secrets/` + `.sops.yaml`)
 ## Prerequisites
 - macOS on Apple Silicon (`aarch64-darwin`)
 - Nix with flakes (`nix-command` + `flakes`)
 - `just` (command runner)
 - SOPS age key at:
 ```bash
 ~/.config/sops/age/keys.txt
 ```
 ## Repository Layout
 - `flake.nix`: flake inputs/outputs and `darwinConfigurations`
 - `Justfile`: daily commands (`darwin`, `darwin-debug`, `fmt`, `up`, `gc`, etc.)
 - `modules/`: system modules (`nix-core.nix`, `system.nix`, `apps.nix`,
  `host-users.nix`)
 - `home/`: Home Manager modules (shell, git, nvf, terminal, tools)
 - `secrets/`: encrypted secret files (`poby.yaml`)
 ## Common Commands
 ```bash
 # List available tasks
 just
 # Build and switch for a host
 just darwin $(hostname)
 # Build and switch with full trace
 just darwin-debug $(hostname)
 # Format Nix files (example: whole repo)
 just fmt .
 # Update all flake inputs
 just up
 # Update one input
 just upp nixpkgs-darwin
 # Inspect system profile history
 just history
 # Clean old generations / garbage collect
 just clean
 just gc
 ```
 ## Secrets
 - Secrets are encrypted in `secrets/*.yaml`.
 - `.sops.yaml` enforces age-based encryption rules.
 - Home Manager reads secrets from `secrets/poby.yaml` and exposes:
  - `github_ssh_key`
  - `github_cli_token`
 ## Customization Notes
 - Update `hostname`, `username`, and `useremail` in `flake.nix` for your
  machine.
 - Add new system behavior in `modules/*.nix`.
 - Add user tooling in `home/*.nix` and import it from `home/default.nix`.
 ## Troubleshooting
 - Use `just darwin-debug <hostname>` for verbose evaluation/build output.
 - If a build succeeds but behavior is stale, re-run switch and verify active
  host/config values.
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,22 @@
 {
  "nodes": {
    "brew-src": {
      "flake": false,
      "locked": {
        "lastModified": 1769363988,
        "narHash": "sha256-BiGPeulrDVetXP+tjxhMcGLUROZAtZIhU5m4MqawCfM=",
        "owner": "Homebrew",
        "repo": "brew",
        "rev": "d01011cac6d72032c75fd2cd9489909e95d9faf2",
        "type": "github"
      },
      "original": {
        "owner": "Homebrew",
        "ref": "5.0.12",
        "repo": "brew",
        "type": "github"
      }
    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
@ -7,26 +24,172 @@
        ]
      },
      "locked": {
-        "lastModified": 1758102940,
+        "lastModified": 1772129556,
-        "narHash": "sha256-wwqf3+A8EiqwWpcAaPN20QXJLlpGPpwtLTrzgnngI2o=",
+        "narHash": "sha256-Utk0zd8STPsUJPyjabhzPc5BpPodLTXrwkpXBHYnpeg=",
-        "owner": "lnl7",
+        "owner": "nix-darwin",
        "repo": "nix-darwin",
-        "rev": "ebd0bfc11fc2b5cff37401e9b3703881ad5fabbd",
+        "rev": "ebec37af18215214173c98cf6356d0aca24a2585",
        "type": "github"
      },
      "original": {
-        "owner": "lnl7",
+        "owner": "nix-darwin",
        "ref": "nix-darwin-25.11",
        "repo": "nix-darwin",
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
        "lastModified": 1751685974,
        "narHash": "sha256-NKw96t+BgHIYzHUjkTK95FqYRVKB8DHpVhefWSz/kTw=",
        "ref": "refs/heads/main",
        "rev": "549f2762aebeff29a2e5ece7a7dc0f955281a1d1",
        "revCount": 92,
        "type": "git",
        "url": "https://git.lix.systems/lix-project/flake-compat.git"
      },
      "original": {
        "type": "git",
        "url": "https://git.lix.systems/lix-project/flake-compat.git"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
          "nvf",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1769996383,
        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs-darwin"
        ]
      },
      "locked": {
        "lastModified": 1773264488,
        "narHash": "sha256-rK0507bDuWBrZo+0zts9bCs/+RRUEHuvFE5DHWPxX/Q=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "5c0f63f8d55040a7eed69df7e3fcdd15dfb5a04c",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-25.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "homebrew-cask": {
      "flake": false,
      "locked": {
        "lastModified": 1773410126,
        "narHash": "sha256-3a9X78TmrHH9eNhj87TBL5HWQaAzD5z8/YcF/5Hpf+8=",
        "owner": "homebrew",
        "repo": "homebrew-cask",
        "rev": "c94484c7d98b6442d80524eca84968bf8558075a",
        "type": "github"
      },
      "original": {
        "owner": "homebrew",
        "repo": "homebrew-cask",
        "type": "github"
      }
    },
    "homebrew-core": {
      "flake": false,
      "locked": {
        "lastModified": 1773409445,
        "narHash": "sha256-3/WrGHe9vdH98DXzD4ZYQkEEonKeCOKj0Bkq3WFKxbk=",
        "owner": "homebrew",
        "repo": "homebrew-core",
        "rev": "7a2962491e67edec68819e691817349558618d31",
        "type": "github"
      },
      "original": {
        "owner": "homebrew",
        "repo": "homebrew-core",
        "type": "github"
      }
    },
    "mnw": {
      "locked": {
        "lastModified": 1770419553,
        "narHash": "sha256-b1XqsH7AtVf2dXmq2iyRr2NC1yG7skY7Z6N2MpWHlK4=",
        "owner": "Gerg-L",
        "repo": "mnw",
        "rev": "2aaffa8030d0b262176146adbb6b0e6374ce2957",
        "type": "github"
      },
      "original": {
        "owner": "Gerg-L",
        "repo": "mnw",
        "type": "github"
      }
    },
    "ndg": {
      "inputs": {
        "nixpkgs": [
          "nvf",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1768214250,
        "narHash": "sha256-hnBZDQWUxJV3KbtvyGW5BKLO/fAwydrxm5WHCWMQTbw=",
        "owner": "feel-co",
        "repo": "ndg",
        "rev": "a6bd3c1ce2668d096e4fdaaa03ad7f03ba1fbca8",
        "type": "github"
      },
      "original": {
        "owner": "feel-co",
        "ref": "refs/tags/v2.6.0",
        "repo": "ndg",
        "type": "github"
      }
    },
    "nix-homebrew": {
      "inputs": {
        "brew-src": "brew-src"
      },
      "locked": {
        "lastModified": 1769437432,
        "narHash": "sha256-8d7KnCpT2LweRvSzZYEGd9IM3eFX+A78opcnDM0+ndk=",
        "owner": "zhaofengli",
        "repo": "nix-homebrew",
        "rev": "a5409abd0d5013d79775d3419bcac10eacb9d8c5",
        "type": "github"
      },
      "original": {
        "owner": "zhaofengli",
        "repo": "nix-homebrew",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1758262103,
+        "lastModified": 1773231277,
-        "narHash": "sha256-aBGl3XEOsjWw6W3AHiKibN7FeoG73dutQQEqnd/etR8=",
+        "narHash": "sha256-Xy3WEpUAbpsz8ydgvVAQAGGB/WB+8cNA5cshiL0McTI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "12bd230118a1901a4a5d393f9f56b6ad7e571d01",
+        "rev": "75690239f08f885ca9b0267580101f60d10fbe62",
        "type": "github"
      },
      "original": {
@ -36,25 +199,91 @@
    },
    "nixpkgs-darwin": {
      "locked": {
-        "lastModified": 1758262103,
+        "lastModified": 1773282714,
-        "narHash": "sha256-aBGl3XEOsjWw6W3AHiKibN7FeoG73dutQQEqnd/etR8=",
+        "narHash": "sha256-at2PNNVNoTfXBe3bA6pgff+CKOwdBWUZCUBIfXGrXsU=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "12bd230118a1901a4a5d393f9f56b6ad7e571d01",
+        "rev": "a8556879c286b4a40a717a416ae61818c26d1ac8",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixpkgs-unstable",
+        "ref": "nixpkgs-25.11-darwin",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nvf": {
      "inputs": {
        "flake-compat": "flake-compat",
        "flake-parts": "flake-parts",
        "mnw": "mnw",
        "ndg": "ndg",
        "nixpkgs": [
          "nixpkgs"
        ],
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1773343795,
        "narHash": "sha256-0+HEuOytpwyPt7i1jj6v2QJ+NXXisCYnL2XNwPBltvg=",
        "owner": "notashelf",
        "repo": "nvf",
        "rev": "83b44eaf50b96bd5d06b1a56a3a51f1b2362db52",
        "type": "github"
      },
      "original": {
        "owner": "notashelf",
        "repo": "nvf",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "darwin": "darwin",
        "home-manager": "home-manager",
        "homebrew-cask": "homebrew-cask",
        "homebrew-core": "homebrew-core",
        "nix-homebrew": "nix-homebrew",
        "nixpkgs": "nixpkgs",
-        "nixpkgs-darwin": "nixpkgs-darwin"
+        "nixpkgs-darwin": "nixpkgs-darwin",
        "nvf": "nvf",
        "sops-nix": "sops-nix"
      }
    },
    "sops-nix": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs-darwin"
        ]
      },
      "locked": {
        "lastModified": 1773096132,
        "narHash": "sha256-M3zEnq9OElB7zqc+mjgPlByPm1O5t2fbUrH3t/Hm5Ag=",
        "owner": "Mic92",
        "repo": "sops-nix",
        "rev": "d1ff3b1034d5bab5d7d8086a7803c5a5968cd784",
        "type": "github"
      },
      "original": {
        "owner": "Mic92",
        "repo": "sops-nix",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -1,43 +1,75 @@
 {
-  description = "Nix for macOS configuration";
+  description = "Nix for Poby's MacOS";
-  ##################################################################################################################
+  # TODO: is this necessary?
-  #
+  # nixConfig = {
-  # Want to know Nix in details? Looking for a beginner-friendly tutorial?
+  #   substituters = [
-  # Check out https://github.com/ryan4yin/nixos-and-flakes-book !
+  #     "https://nix-community.cachix.org"
-  #
+  #     "https://cache.nixos.org"
-  ##################################################################################################################
+  #   ];
  # };
  # This is the standard format for flake.nix. `inputs` are the dependencies of the flake,
  # Each item in `inputs` will be passed as a parameter to the `outputs` function after being pulled and built.
  inputs = {
-    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+    # nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-unstable"; # comment out for unstable version
-    # nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-24.05-darwin";
+    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-25.11-darwin";
    home-manager = {
      url = "github:nix-community/home-manager/release-25.11";
      inputs.nixpkgs.follows = "nixpkgs-darwin";
    };
    darwin = {
-      url = "github:lnl7/nix-darwin";
+      url = "github:nix-darwin/nix-darwin/nix-darwin-25.11";
      inputs.nixpkgs.follows = "nixpkgs-darwin";
    };
    # Homebrew
    nix-homebrew.url = "github:zhaofengli/nix-homebrew";
    # Optional: Declarative tap management
    homebrew-core = {
      url = "github:homebrew/homebrew-core";
      flake = false;
    };
    homebrew-cask = {
      url = "github:homebrew/homebrew-cask";
      flake = false;
    };
    # NVF for neovim
    nvf = {
      url = "github:notashelf/nvf";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # sops-nix for secrets
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs-darwin";
    };
  };
  # The `outputs` function will return all the build results of the flake.
  # A flake can have many use cases and different types of outputs,
  # parameters in `outputs` are defined in `inputs` and can be referenced by their names.
  # However, `self` is an exception, this special parameter points to the `outputs` itself (self-reference)
  # The `@` syntax here is used to alias the attribute set of the inputs's parameter, making it convenient to use inside the function.
  outputs = inputs @ {
    self,
    nixpkgs,
    darwin,
    home-manager,
    nvf,
    sops-nix,
    nix-homebrew,
    homebrew-core,
    homebrew-cask,
    ...
  }: let
    username = "poby";
    system = "aarch64-darwin";
-    hostname = "pobys-macbook-pro";
+    username = "poby";
    useremail = "smg981024@gmail.com";
    hostname = "fenrir"; # TODO break down to multiple hosts
    specialArgs =
      inputs
      // {
-        inherit username hostname;
+        inherit username useremail hostname;
      };
  in {
    darwinConfigurations."${hostname}" = darwin.lib.darwinSystem {
@ -47,9 +79,23 @@
        ./modules/system.nix
        ./modules/apps.nix
        ./modules/host-users.nix
        nix-homebrew.darwinModules.nix-homebrew
        home-manager.darwinModules.home-manager
        {
          home-manager = {
            useGlobalPkgs = true;
            useUserPackages = true;
            backupFileExtension = "backup";
            extraSpecialArgs = specialArgs;
            sharedModules = [
              nvf.homeManagerModules.nvf
              sops-nix.homeManagerModules.sops
            ];
            users.${username} = import ./home;
          };
        }
      ];
    };
    # nix code formatter
    formatter.${system} = nixpkgs.legacyPackages.${system}.alejandra;
  };
 }
--- a/home/aerospace.nix
+++ b/home/aerospace.nix
@ -0,0 +1,133 @@
 {
  programs.aerospace = {
    enable = true;
    userSettings = {
      start-at-login = true;
      accordion-padding = 10;
      default-root-container-layout = "tiles";
      default-root-container-orientation = "auto";
      on-focused-monitor-changed = ["move-mouse monitor-lazy-center"];
      automatically-unhide-macos-hidden-apps = false;
      # persistent-workspaces = [ "1" "2" "3" "4" "5" "6" "7" "8" "9" ];
      key-mapping = {
        preset = "qwerty";
      };
      gaps = {
        inner.horizontal = 3;
        inner.vertical = 3;
        outer.left = 3;
        outer.bottom = 3;
        outer.top = 3;
        outer.right = 3;
      };
      mode.main.binding = {
        alt-slash = "layout tiles horizontal vertical";
        alt-comma = "layout accordion horizontal vertical";
        alt-h = "focus left";
        alt-j = "focus down";
        alt-k = "focus up";
        alt-l = "focus right";
        alt-shift-h = "move left";
        alt-shift-j = "move down";
        alt-shift-k = "move up";
        alt-shift-l = "move right";
        alt-minus = "resize smart -50";
        alt-equal = "resize smart +50";
        alt-1 = "workspace 1";
        alt-2 = "workspace 2";
        alt-3 = "workspace 3";
        alt-4 = "workspace 4";
        alt-5 = "workspace 5";
        alt-6 = "workspace 6";
        alt-7 = "workspace 7";
        alt-8 = "workspace 8";
        alt-9 = "workspace 9";
        alt-shift-1 = [
          "move-node-to-workspace 1"
          "workspace 1"
        ];
        alt-shift-2 = [
          "move-node-to-workspace 2"
          "workspace 2"
        ];
        alt-shift-3 = [
          "move-node-to-workspace 3"
          "workspace 3"
        ];
        alt-shift-4 = [
          "move-node-to-workspace 4"
          "workspace 4"
        ];
        alt-shift-5 = [
          "move-node-to-workspace 5"
          "workspace 5"
        ];
        alt-shift-6 = [
          "move-node-to-workspace 6"
          "workspace 6"
        ];
        alt-shift-7 = [
          "move-node-to-workspace 7"
          "workspace 7"
        ];
        alt-shift-8 = [
          "move-node-to-workspace 8"
          "workspace 8"
        ];
        alt-shift-9 = [
          "move-node-to-workspace 9"
          "workspace 9"
        ];
        alt-tab = "workspace-back-and-forth";
        alt-shift-tab = "move-workspace-to-monitor --wrap-around next";
        alt-shift-semicolon = "mode service";
      };
      mode.service.binding = {
        esc = [
          "reload-config"
          "mode main"
        ];
        r = [
          "flatten-workspace-tree"
          "mode main"
        ];
        f = [
          "layout floating tiling"
          "mode main"
        ];
        backspace = [
          "close-all-windows-but-current"
          "mode main"
        ];
        alt-shift-h = [
          "join-with left"
          "mode main"
        ];
        alt-shift-j = [
          "join-with down"
          "mode main"
        ];
        alt-shift-k = [
          "join-with up"
          "mode main"
        ];
        alt-shift-l = [
          "join-with right"
          "mode main"
        ];
      };
    };
  };
 }
--- a/home/bat.nix
+++ b/home/bat.nix
@ -0,0 +1,5 @@
 {
  programs.bat = {
    enable = true;
  };
 }
--- a/home/default.nix
+++ b/home/default.nix
@ -0,0 +1,43 @@
 {
  pkgs,
  username,
  ...
 }: {
  imports = [
    ./fd.nix
    ./fzf.nix
    ./gh.nix
    ./git.nix
    ./nvf
    ./ripgrep.nix
    ./starship.nix
    ./zoxide.nix
    ./zsh.nix
    ./eza.nix
    ./jq.nix
    ./lazygit.nix
    ./mise.nix
    ./terminal.nix
    ./bat.nix
    ./aerospace.nix
    ./sops.nix
    ./ssh.nix
  ];
  home = {
    inherit username;
    homeDirectory = "/Users/${username}";
    stateVersion = "25.11";
    # packages that are not available via programs
    packages = with pkgs; [
      raycast
      ice-bar
      keka
      stats
      iina
    ];
  };
  programs.home-manager.enable = true;
 }
--- a/home/eza.nix
+++ b/home/eza.nix
@ -0,0 +1,10 @@
 {
  programs.eza = {
    enable = true;
    colors = "auto";
    git = true;
    icons = "auto";
    enableZshIntegration = true;
    enableBashIntegration = true;
  };
 }
--- a/home/fd.nix
+++ b/home/fd.nix
@ -0,0 +1,7 @@
 {
  programs.fd = {
    enable = true;
    ignores = [".git/"];
    hidden = true;
  };
 }
--- a/home/fzf.nix
+++ b/home/fzf.nix
@ -0,0 +1,7 @@
 {
  programs.fzf = {
    enable = true;
    enableZshIntegration = true;
    enableBashIntegration = true;
  };
 }
--- a/home/gh.nix
+++ b/home/gh.nix
@ -0,0 +1,8 @@
 {
  programs.gh = {
    enable = true;
    settings = {
      git_protocol = "ssh";
    };
  };
 }
--- a/home/git.nix
+++ b/home/git.nix
@ -0,0 +1,35 @@
 {config, ...}: let
  signingPrincipal = "87608318+smg1024@users.noreply.github.com";
  signingPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuQ4STNnixjNDo38AyI0yABKAVfF3hupo66613IgfC7";
  signingKeyPath = "${config.home.homeDirectory}/.config/sops-nix/secrets/github_ssh_key";
  allowedSignersPath = "${config.home.homeDirectory}/.config/git/allowed_signers";
 in {
  home.file.".config/git/allowed_signers".text = ''
    ${signingPrincipal} ${signingPublicKey}
  '';
  programs.git = {
    enable = true;
    signing = {
      format = "ssh";
      key = signingKeyPath;
      signByDefault = true;
      signer = "ssh-keygen";
    };
    settings = {
      user = {
        name = "Poby";
        email = signingPrincipal;
      };
      gpg = {
        ssh = {
          allowedSignersFile = allowedSignersPath;
        };
      };
      init.defaultBranch = "master";
      push = {
        autoSetupRemote = true;
      };
    };
  };
 }
--- a/home/jq.nix
+++ b/home/jq.nix
@ -0,0 +1,3 @@
 {
  programs.jq.enable = true;
 }
--- a/home/lazygit.nix
+++ b/home/lazygit.nix
@ -0,0 +1,7 @@
 {
  programs.lazygit = {
    enable = true;
    enableZshIntegration = true;
    enableBashIntegration = true;
  };
 }
--- a/home/mise.nix
+++ b/home/mise.nix
@ -0,0 +1,17 @@
 {
  programs.mise = {
    enable = true;
    globalConfig = {
      tools = {
        node = "lts";
        uv = "latest";
        python = "3.13";
      };
      settings = {
        experimental = true;
        env_file = ".env";
      };
    };
  };
 }
--- a/home/nvf/appearance/theme.nix
+++ b/home/nvf/appearance/theme.nix
@ -0,0 +1,6 @@
 {
  # theme
  enable = true;
  name = "tokyonight";
  style = "night";
 }
--- a/home/nvf/core/augroups.nix
+++ b/home/nvf/core/augroups.nix
@ -0,0 +1,11 @@
 [
  # augroups
  {
    enable = true;
    name = "LastCursorGroup";
  }
  {
    enable = true;
    name = "HighlightYank";
  }
 ]
--- a/home/nvf/core/autocmds.nix
+++ b/home/nvf/core/autocmds.nix
@ -0,0 +1,33 @@
 {lib, ...}: [
  # autocmds
  {
    enable = true;
    event = ["BufReadPost"];
    desc = "Return to last cursor position";
    group = "LastCursorGroup";
    callback = lib.generators.mkLuaInline ''
      function()
        local mark = vim.api.nvim_buf_get_mark(0, '"')
        local line_count = vim.api.nvim_buf_line_count(0)
        if mark[1] > 0 and mark[1] <= line_count then
          pcall(vim.api.nvim_win_set_cursor, 0, mark)
        end
      end
    '';
  }
  {
    enable = true;
    event = ["TextYankPost"];
    desc = "Highlight yanks on copy";
    group = "HighlightYank";
    pattern = ["*"];
    callback = lib.generators.mkLuaInline ''
      function()
        vim.hl.on_yank({
          higroup = "IncSearch",
          timeout = 250,
        })
      end
    '';
  }
 ]
--- a/home/nvf/core/clipboard.nix
+++ b/home/nvf/core/clipboard.nix
@ -0,0 +1,8 @@
 {
  # clipboard
  enable = true;
  registers = "unnamedplus";
  providers = {
    wl-copy.enable = true;
  };
 }
--- a/home/nvf/core/keymaps.nix
+++ b/home/nvf/core/keymaps.nix
@ -0,0 +1,81 @@
 [
  # Keymaps
  {
    key = "<leader>ff";
    mode = "n";
    action = "<Cmd>FzfLua files<CR>";
    desc = "[F]ind files";
  }
  {
    key = "<leader>fg";
    mode = "n";
    action = "<Cmd>FzfLua live_grep_native<CR>";
    desc = "Live [G]rep";
  }
  {
    key = "<leader><leader>";
    mode = "n";
    action = "<Cmd>FzfLua buffers<CR>";
    desc = "Buffers";
  }
  {
    key = "<leader>fh";
    mode = "n";
    action = "<Cmd>FzfLua help_tags<CR>";
    desc = "[H]elp Tags";
  }
  {
    key = "<leader>fx";
    mode = "n";
    action = "<Cmd>FzfLua diagnostics_document<CR>";
    desc = "Diagnostics Document";
  }
  {
    key = "<leader>fX";
    mode = "n";
    action = "<Cmd>FzfLua diagnostics_workspace<CR>";
    desc = "Diagnostics Workspace";
  }
  {
    key = "<leader>fs";
    mode = "n";
    action = "<Cmd>FzfLua lsp_document_symbols<CR>";
    desc = "Document [S]ymbols";
  }
  {
    key = "<leader>fS";
    mode = "n";
    action = "<Cmd>FzfLua lsp_workspace_symbols<CR>";
    desc = "Workspace [S]ymbols";
  }
  {
    key = "<leader>fk";
    mode = "n";
    action = "<Cmd>FzfLua keymaps<CR>";
    desc = "[K]eymaps";
  }
  {
    key = "<leader>fb";
    mode = "n";
    action = "<Cmd>FzfLua builtin<CR>";
    desc = "[B]uiltin FZF";
  }
  {
    key = "<leader>fr";
    mode = "n";
    action = "<Cmd>FzfLua resume<CR>";
    desc = "[R]esume";
  }
  {
    key = "<leader>fo";
    mode = "n";
    action = "<Cmd>FzfLua oldfiles<CR>";
    desc = "[O]ld Files";
  }
  {
    key = "<leader>-";
    mode = "n";
    action = "<Cmd>Oil --float<CR>";
    desc = "Open Current Directory";
  }
 ]
--- a/home/nvf/core/options.nix
+++ b/home/nvf/core/options.nix
@ -0,0 +1,12 @@
 {
  # options
  cursorlineopt = "line";
  wrap = false;
  cmdheight = 1;
  tabstop = 2;
  shiftwidth = 2;
  autoindent = true;
  termguicolors = true;
  splitbelow = true;
  splitright = true;
 }
--- a/home/nvf/core/spellcheck.nix
+++ b/home/nvf/core/spellcheck.nix
@ -0,0 +1,5 @@
 {
  # spellcheck
  enable = true;
  languages = ["en"];
 }
--- a/home/nvf/core/undoFile.nix
+++ b/home/nvf/core/undoFile.nix
@ -0,0 +1,4 @@
 {
  # undoFile
  enable = true;
 }
--- a/home/nvf/default.nix
+++ b/home/nvf/default.nix
@ -0,0 +1,47 @@
 {
  lib,
  pkgs,
  ...
 }: let
  options = import ./core/options.nix;
  autocmds = import ./core/autocmds.nix {inherit lib;};
  augroups = import ./core/augroups.nix;
  keymaps = import ./core/keymaps.nix;
  fzf-lua = import ./plugins/fzf-lua.nix;
  mini = import ./plugins/mini.nix;
  utility = import ./plugins/utility.nix;
  binds = import ./plugins/binds.nix;
  terminal = import ./plugins/terminal.nix;
  theme = import ./appearance/theme.nix;
  lsp = import ./lsp/lsp.nix;
  treesitter = import ./lsp/treesitter.nix {inherit pkgs;};
  autocomplete = import ./lsp/autocomplete.nix;
  languages = import ./lsp/languages;
 in {
  programs.nvf = {
    enable = true;
    settings = {
      vim = {
        inherit
          options
          autocmds
          augroups
          keymaps
          fzf-lua
          mini
          utility
          binds
          terminal
          theme
          lsp
          treesitter
          autocomplete
          languages
          ;
        searchCase = "smart";
        hideSearchHighlight = true;
      };
    };
  };
 }
--- a/home/nvf/lsp/autocomplete.nix
+++ b/home/nvf/lsp/autocomplete.nix
@ -0,0 +1,22 @@
 {
  # autocomplete
  blink-cmp = {
    enable = true;
    friendly-snippets.enable = true;
    setupOpts = {
      keymap.preset = "default";
      cmdline = {
        keymap.preset = "default";
      };
      completion = {
        documentation = {
          auto_show = true;
          auto_show_delay_ms = 1000;
        };
      };
    };
    sourcePlugins = {
      emoji.enable = true;
    };
  };
 }
--- a/home/nvf/lsp/languages/bash.nix
+++ b/home/nvf/lsp/languages/bash.nix
@ -0,0 +1,17 @@
 {
  # bash
  enable = true;
  extraDiagnostics = {
    enable = true;
    types = ["shellcheck"];
  };
  format = {
    enable = true;
    type = ["shfmt"];
  };
  lsp = {
    enable = true;
    servers = ["bash-ls"];
  };
  treesitter.enable = true;
 }
--- a/home/nvf/lsp/languages/default.nix
+++ b/home/nvf/lsp/languages/default.nix
@ -0,0 +1,19 @@
 let
  nix = import ./nix.nix;
  python = import ./python.nix;
  lua = import ./lua.nix;
  bash = import ./bash.nix;
  markdown = import ./markdown.nix;
  html = import ./html.nix;
  yaml = import ./yaml.nix;
 in {
  inherit
    nix
    python
    lua
    bash
    markdown
    html
    yaml
    ;
 }
--- a/home/nvf/lsp/languages/html.nix
+++ b/home/nvf/lsp/languages/html.nix
@ -0,0 +1,23 @@
 {
  # html
  enable = true;
  extraDiagnostics = {
    enable = true;
    types = ["htmlhint"];
  };
  format = {
    enable = true;
    type = [
      "superhtml"
      "prettierd"
    ];
  };
  lsp = {
    enable = true;
    servers = ["superhtml"];
  };
  treesitter = {
    enable = true;
    autotagHtml = true;
  };
 }
--- a/home/nvf/lsp/languages/lua.nix
+++ b/home/nvf/lsp/languages/lua.nix
@ -0,0 +1,17 @@
 {
  # lua
  enable = true;
  extraDiagnostics = {
    enable = true;
    types = ["luacheck"];
  };
  format = {
    enable = true;
    type = ["stylua"];
  };
  lsp = {
    enable = true;
    servers = ["lua-language-server"];
  };
  treesitter.enable = true;
 }
--- a/home/nvf/lsp/languages/markdown.nix
+++ b/home/nvf/lsp/languages/markdown.nix
@ -0,0 +1,30 @@
 {
  # markdown
  enable = true;
  extensions = {
    render-markdown-nvim = {
      enable = true;
      setupOpts = {
        checkbox = {
          checked.scope_highlight = "@markup.strikethrough";
        };
      };
    };
  };
  extraDiagnostics = {
    enable = true;
    types = ["markdownlint-cli2"];
  };
  format = {
    enable = true;
    type = [
      "prettierd"
      "deno_fmt"
    ];
  };
  lsp = {
    enable = true;
    servers = ["marksman"];
  };
  treesitter.enable = true;
 }
--- a/home/nvf/lsp/languages/nix.nix
+++ b/home/nvf/lsp/languages/nix.nix
@ -0,0 +1,20 @@
 {
  # nix
  enable = true;
  extraDiagnostics = {
    enable = true;
    types = [
      "deadnix"
      "statix"
    ];
  };
  format = {
    enable = true;
    type = ["alejandra"];
  };
  lsp = {
    enable = true;
    servers = ["nil"];
  };
  treesitter.enable = true;
 }
--- a/home/nvf/lsp/languages/python.nix
+++ b/home/nvf/lsp/languages/python.nix
@ -0,0 +1,13 @@
 {
  # python
  enable = true;
  format = {
    enable = true;
    type = ["ruff"];
  };
  lsp = {
    enable = true;
    servers = ["pyright"];
  };
  treesitter.enable = true;
 }
--- a/home/nvf/lsp/languages/yaml.nix
+++ b/home/nvf/lsp/languages/yaml.nix
@ -0,0 +1,9 @@
 {
  # yaml
  enable = true;
  lsp = {
    enable = true;
    servers = ["yaml-language-server"];
  };
  treesitter.enable = true;
 }
--- a/home/nvf/lsp/lsp.nix
+++ b/home/nvf/lsp/lsp.nix
@ -0,0 +1,7 @@
 {
  # lsp
  enable = true;
  inlayHints.enable = true;
  lspconfig.enable = true;
  formatOnSave = true;
 }
--- a/home/nvf/lsp/treesitter.nix
+++ b/home/nvf/lsp/treesitter.nix
@ -0,0 +1,15 @@
 {pkgs, ...}: {
  # treesitter
  enable = true;
  addDefaultGrammars = true;
  grammars = with pkgs.vimPlugins.nvim-treesitter.builtGrammars; [
    nix
    lua
    yaml
  ];
  fold = true;
  highlight = {
    enable = true;
  };
  indent.enable = true;
 }
--- a/home/nvf/plugins/binds.nix
+++ b/home/nvf/plugins/binds.nix
@ -0,0 +1,10 @@
 {
  # binds
  whichKey = {
    enable = true;
    register = {
      "<leader>f" = "+FZF";
      "<leader>l" = "+Language";
    };
  };
 }
--- a/home/nvf/plugins/fzf-lua.nix
+++ b/home/nvf/plugins/fzf-lua.nix
@ -0,0 +1,6 @@
 {
  # fzf-lua
  enable = true;
  profile = "default";
  setupOpts = {};
 }
--- a/home/nvf/plugins/mini.nix
+++ b/home/nvf/plugins/mini.nix
@ -0,0 +1,14 @@
 {
  # mini
  statusline.enable = true;
  ai.enable = true;
  bufremove.enable = true;
  comment.enable = true;
  pairs.enable = true;
  cursorword.enable = true;
  icons.enable = true;
  move.enable = true;
  surround.enable = true;
  indentscope.enable = true;
  trailspace.enable = true;
 }
--- a/home/nvf/plugins/terminal.nix
+++ b/home/nvf/plugins/terminal.nix
@ -0,0 +1,21 @@
 {
  # terminal
  toggleterm = {
    enable = true;
    setupOpts = {
      direction = "horizontal";
      size = 6;
    };
    mappings = {
      open = "<leader>tt";
    };
    # lazygit
    lazygit = {
      enable = true;
      mappings = {
        open = "<leader>gg";
      };
    };
  };
 }
--- a/home/nvf/plugins/utility.nix
+++ b/home/nvf/plugins/utility.nix
@ -0,0 +1,11 @@
 {
  # utility
  oil-nvim = {
    enable = true;
    gitStatus.enable = true;
    setupOpts = {
      view_options.show_hidden = true;
    };
  };
  sleuth.enable = true;
 }
--- a/home/ripgrep.nix
+++ b/home/ripgrep.nix
@ -0,0 +1,3 @@
 {
  programs.ripgrep.enable = true;
 }
--- a/home/sops.nix
+++ b/home/sops.nix
@ -0,0 +1,12 @@
 {config, ...}: {
  sops = {
    age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
    defaultSopsFile = ../secrets/poby.yaml;
    secrets = {
      "github_ssh_key" = {};
      "github_cli_token" = {};
    };
  };
 }
--- a/home/ssh.nix
+++ b/home/ssh.nix
@ -0,0 +1,15 @@
 {config, ...}: {
  programs.ssh = {
    enable = true;
    enableDefaultConfig = false;
    matchBlocks = {
      "*" = {};
      "github.com" = {
        host = "github.com";
        user = "git";
        identitiesOnly = true;
        identityFile = [config.sops.secrets."github_ssh_key".path];
      };
    };
  };
 }
--- a/home/starship.nix
+++ b/home/starship.nix
@ -0,0 +1,230 @@
 {lib, ...}: {
  programs.starship = {
    enable = true;
    enableZshIntegration = true;
    enableBashIntegration = true;
    settings = {
      add_newline = true;
      continuation_prompt = "[▸▹ ](dimmed white)";
      format = lib.concatStrings [
        "($nix_shell$container$fill\n)$cmd_duration"
        "$hostname"
        "$localip"
        "$shell"
        "$env_var"
        "$jobs"
        "$sudo"
        "$username"
        "$character"
      ];
      right_format = lib.concatStrings [
        "$directory"
        "$git_branch"
        "$git_commit"
        "$git_state"
        "$git_status"
        "$docker_context"
        "$c"
        "$cpp"
        "$deno"
        "$helm"
        "$java"
        "$kotlin"
        "$gradle"
        "$lua"
        "$nodejs"
        "$python"
        "$ruby"
        "$rust"
        "$terraform"
        "$conda"
        "$pixi"
      ];
      fill = {
        symbol = " ";
      };
      line_break = {
        disabled = false;
      };
      character = {
        format = "$symbol ";
        success_symbol = "[◎](bold italic bright-yellow)";
        error_symbol = "[○](italic purple)";
        vimcmd_symbol = "[■](italic dimmed green)";
      };
      env_var.VIMSHELL = {
        format = "[$env_value]($style)";
        style = "green italic";
      };
      sudo = {
        format = "[$symbol]($style)";
        style = "bold italic bright-purple";
        symbol = "⋈┈";
        disabled = false;
      };
      username = {
        style_user = "bright-yellow bold italic";
        style_root = "purple bold italic";
        format = "[⭘ $user]($style) ";
        disabled = false;
        show_always = false;
      };
      directory = {
        home_symbol = "⌂";
        truncation_length = 2;
        truncation_symbol = "□ ";
        read_only = " ◈";
        use_os_path_sep = true;
        style = "italic blue";
        format = "[$path]($style)[$read_only]($read_only_style)";
        repo_root_style = "bold blue";
        repo_root_format = "[$before_root_path]($before_repo_root_style)[$repo_root]($repo_root_style)[$path]($style)[$read_only]($read_only_style) [△](bold bright-blue)";
      };
      cmd_duration = {
        format = "[◄ $duration ](italic white)";
      };
      jobs = {
        format = "[$symbol$number]($style) ";
        style = "white";
        symbol = "[▶](blue italic)";
      };
      localip = {
        ssh_only = true;
        format = " ◯[$localipv4](bold magenta)";
        disabled = false;
      };
      git_branch = {
        format = " [$branch(:$remote_branch)]($style)";
        symbol = "[△](bold italic bright-blue)";
        style = "italic bright-blue";
        truncation_symbol = "⋯";
        truncation_length = 11;
        ignore_branches = [
          "main"
          "master"
        ];
        only_attached = true;
      };
      git_metrics = {
        format = "([▴$added]($added_style))([▿$deleted]($deleted_style))";
        added_style = "italic dimmed green";
        deleted_style = "italic dimmed red";
        ignore_submodules = true;
        disabled = false;
      };
      git_status = {
        style = "bold italic bright-blue";
        format = "([⎪$ahead_behind$staged$modified$untracked$renamed$deleted$conflicted$stashed⎥]($style))";
        conflicted = "[◪◦](italic bright-magenta)";
        ahead = "[▴│[\${count}](bold white)│](italic green)";
        behind = "[▿│[\${count}](bold white)│](italic red)";
        diverged = "[◇ ▴┤[\${ahead_count}](regular white)│▿┤[\${behind_count}](regular white)│](italic bright-magenta)";
        untracked = "[◌◦](italic bright-yellow)";
        stashed = "[◃◈](italic white)";
        modified = "[●◦](italic yellow)";
        staged = "[▪┤[$count](bold white)│](italic bright-cyan)";
        renamed = "[◎◦](italic bright-blue)";
        deleted = "[✕](italic red)";
      };
      deno = {
        format = " [deno](italic) [∫ $version](green bold)";
        version_format = "\${raw}";
      };
      lua = {
        format = " [lua](italic) [\${symbol}\${version}]($style)";
        version_format = "\${raw}";
        symbol = "⨀ ";
        style = "bold bright-yellow";
      };
      nodejs = {
        format = " [node](italic) [◫ ($version)](bold bright-green)";
        version_format = "\${raw}";
        detect_files = [
          "package-lock.json"
          "yarn.lock"
        ];
        detect_folders = ["node_modules"];
        detect_extensions = [];
      };
      python = {
        format = " [py](italic) [\${symbol}\${version}]($style)";
        symbol = "[⌉](bold bright-blue)⌊ ";
        version_format = "\${raw}";
        style = "bold bright-yellow";
      };
      ruby = {
        format = " [rb](italic) [\${symbol}\${version}]($style)";
        symbol = "◆ ";
        version_format = "\${raw}";
        style = "bold red";
      };
      rust = {
        format = " [rs](italic) [$symbol$version]($style)";
        symbol = "⊃ ";
        version_format = "\${raw}";
        style = "bold red";
      };
      c = {
        symbol = "ℂ ";
        format = " [$symbol($version(-$name))]($style)";
      };
      cpp = {
        symbol = "ℂ ";
        format = " [$symbol($version(-$name))]($style)";
      };
      conda = {
        symbol = "◯ ";
        format = " conda [$symbol$environment]($style)";
      };
      pixi = {
        symbol = "■ ";
        format = " pixi [$symbol$version ($environment )]($style)";
      };
      docker_context = {
        symbol = "◧ ";
        format = " docker [$symbol$context]($style)";
      };
      java = {
        symbol = "∪ ";
        format = " java [\${symbol}(\${version} )]($style)";
      };
      nix_shell = {
        style = "bold italic dimmed blue";
        symbol = "✶";
        format = "[$symbol nix⎪$state⎪]($style) [$name](italic dimmed white)";
        impure_msg = "[⌽](bold dimmed red)";
        pure_msg = "[⌾](bold dimmed green)";
        unknown_msg = "[◌](bold dimmed yellow)";
      };
    };
  };
 }
--- a/home/terminal.nix
+++ b/home/terminal.nix
@ -0,0 +1,9 @@
 {
  programs.wezterm = {
    enable = true;
    enableZshIntegration = true;
    enableBashIntegration = true;
    # TODO wezterm config
    extraConfig = builtins.readFile ./wezterm.lua;
  };
 }
--- a/home/wezterm.lua
+++ b/home/wezterm.lua
@ -0,0 +1,34 @@
 local wezterm = require("wezterm")
 config = wezterm.config_builder()
 config = {
 	-- Windows
 	automatically_reload_config = true,
 	use_fancy_tab_bar = true,
 	hide_tab_bar_if_only_one_tab = true,
 	window_close_confirmation = "NeverPrompt",
 	window_decorations = "RESIZE", -- disable title bar, enable resize
 	default_cursor_style = "BlinkingBar",
 	-- Appearance
 	color_scheme = "Tokyo Night",
 	font = wezterm.font("D2CodingLigature Nerd Font"),
 	font_size = 16,
 	background = {
 		{
 			source = { Color = "#282c35" },
 			width = "100%",
 			height = "100%",
 			opacity = 0.95,
 		},
 	},
 	window_padding = {
 		left = 0,
 		right = 0,
 		top = 0,
 		bottom = 0,
 	},
 }
 return config
--- a/home/zoxide.nix
+++ b/home/zoxide.nix
@ -0,0 +1,8 @@
 {
  programs.zoxide = {
    enable = true;
    enableZshIntegration = true;
    enableBashIntegration = true;
    options = ["--cmd j"];
  };
 }
--- a/home/zsh.nix
+++ b/home/zsh.nix
@ -0,0 +1,49 @@
 {config, ...}: {
  programs.zsh = {
    enable = true;
    enableCompletion = true;
    autosuggestion.enable = true;
    syntaxHighlighting.enable = true;
    defaultKeymap = "viins";
    history = {
      size = 10000;
      save = 10000;
      share = true;
      ignoreAllDups = true;
      ignoreDups = true;
      ignoreSpace = true;
    };
    shellAliases = {
      poby = "echo my name is poby";
      nixconfig = "cd ~/nix-darwin && vim flake.nix";
      just-darwin = "cd ~/nix-darwin && just darwin $(hostname)";
    };
    sessionVariables = {
      EDITOR = "nvim";
    };
    initContent = ''
      export GH_TOKEN="$(cat ${config.sops.secrets."github_cli_token".path})"
    '';
    oh-my-zsh = {
      enable = true;
      theme = "robbyrussell";
      plugins = [
        "git"
        "gitignore"
        "history"
        "sudo"
        "vi-mode"
        "zoxide"
        "eza"
        "mise"
      ];
    };
  };
 }
--- a/modules/.DS_Store
+++ b/modules/.DS_Store
--- a/modules/apps.nix
+++ b/modules/apps.nix
@ -1,126 +1,62 @@
-{ pkgs, ... }: {
+{
  pkgs,
  config,
  username,
  homebrew-core,
  homebrew-cask,
  ...
 }: {
  nixpkgs.config.allowUnfree = true;
  ##########################################################################
  # 
  #  Install all apps and packages here.
  #
  ##########################################################################
  # Install packages from nix's official package repository.
  #
  # The packages installed here are available to all users, and are reproducible across machines, and are rollbackable.
  # But on macOS, it's less stable than homebrew.
  #
  # Related Discussion: https://discourse.nixos.org/t/darwin-again/29331
  environment.systemPackages = with pkgs; [
    # CLI
    git
    neovim
    just # use Justfile to simplify nix-darwin's commands
    ffmpeg
    fzf
    bat
    fastfetch
    gh
    lsd
    mkalias
    python310
    tldr
    tmux
    tree
-    zoxide
+    fastfetchMinimal
    zsh-powerlevel10k
    zsh-fzf-tab
    commitizen
  ];
  environment.variables.EDITOR = "nvim";
-  # TODO To make this work, homebrew need to be installed manually, see https://brew.sh
+  nix-homebrew = {
-  # 
+    enable = true;
-  # The apps installed by homebrew are not managed by nix, and not reproducible!
+    enableRosetta = true;
-  # But on macOS, homebrew has a much larger selection of apps than nixpkgs, especially for GUI apps!
+    user = username;
    taps = {
      "homebrew/homebrew-core" = homebrew-core;
      "homebrew/homebrew-cask" = homebrew-cask;
    };
    mutableTaps = false;
  };
  homebrew = {
    enable = true;
    onActivation = {
-      autoUpdate = true; # Fetch the newest stable branch of Homebrew's git repo
+      autoUpdate = true;
      upgrade = true; # Upgrade outdated casks, formulae, and App Store apps
      # 'zap': uninstalls all formulae(and related files) not listed in the generated Brewfile
      cleanup = "zap";
    };
    # Applications to install from Mac App Store using mas.
    # You need to install all these Apps manually first so that your apple account have records for them.
    # otherwise Apple Store will refuse to install them.
    # For details, see https://github.com/mas-cli/mas 
    masApps = {
      KakaoTalk = 869223134;
      Across = 6444851827;
      Flighty = 1358823008;
      Numbers = 409203825;
      Pages = 409201541;
      Keynote = 409183694;
      Bitwarden = 1352778147;
    };
-    taps = [ ];
+    taps = builtins.attrNames config.nix-homebrew.taps;
-    # `brew install`
+    # WARNING only include those not in nixpkgs
    brews = [
-      "wget"
+      "gemini-cli"
      "curl" # do not install curl via nixpkgs, it's not working well on macOS!
      "nvm"
      "uv"
      "openjdk"
      "openjdk@21"
      "openjdk@17"
      "neovim"
      "ripgrep"
      "tree-sitter"
    ];
    # `brew install --cask`
    casks = [
      "alt-tab"
      "bruno"
      "discord"
      "google-chrome"
      "iina"
      "intellij-idea"
      "jordanbaird-ice"
      "keka"
      "raycast"
      "rectangle"
      "slack"
      "stats"
      "telegram"
      "visual-studio-code"
      "zoom"
      "claude"
      "batfi"
      "docker-desktop"
      "cursor"
      "daisydisk"
      "ghostty"
      "hammerspoon"
-      "hancom-docs"
+      "shottr" # stable version dmg link not found
      "logi-options+"
      "notion"
      "onyx"
      "shottr"
      "arc"
-      "obsidian"
+      "codex"
-      "antigravity"
+      "claude-code"
      "figma"
      # Fonts
      "font-fontawesome"
      "font-jetbrains-mono-nerd-font"
      "font-meslo-lg-nerd-font"
      "font-d2coding"
      "font-fira-code-nerd-font"
      "font-symbols-only-nerd-font"
      "font-material-design-icons-webfont"
      "font-pretendard"
    ];
  };
 }
--- a/modules/host-users.nix
+++ b/modules/host-users.nix
@ -2,18 +2,13 @@
  username,
  hostname,
  ...
-} @ args:
+}: {
-#############################################################
+  networking = {
-#
+    hostName = hostname;
-#  Host & Users configuration
+    computerName = hostname;
-#
+    localHostName = hostname;
-#############################################################
+  };
 {
  networking.hostName = hostname;
  networking.computerName = hostname;
  system.defaults.smb.NetBIOSName = hostname;
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users."${username}" = {
    home = "/Users/${username}";
    description = username;
--- a/modules/nix-core.nix
+++ b/modules/nix-core.nix
@ -1,20 +1,28 @@
 { pkgs, ... }:
 {
-  nix.settings = {
+  pkgs,
-    # enable flakes globally
+  lib,
-    experimental-features = ["nix-command" "flakes"];
+  ...
 }: {
  nix = {
    enable = true;
    package = pkgs.nix;
    settings = {
      experimental-features = [
        "nix-command"
        "flakes"
      ];
      substituters = ["https://nix-community.cachix.org"];
      trusted-public-keys = [
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      builders-use-substitutes = true;
      auto-optimise-store = false; # issue https://github.com/NixOS/nix/issues/7273
    };
-  # Allow unfree packages
+    gc = {
-  nixpkgs.config = {
+      automatic = lib.mkDefault true;
-    allowUnfree = true;
+      options = lib.mkDefault "--delete-older-than 7d";
-    allowBroken = true;
+    };
  };
  # Auto upgrade nix package and the daemon service.
  nix.package = pkgs.nix;
  # Enable Determinate
  nix.enable = false;
 }
--- a/modules/system.nix
+++ b/modules/system.nix
@ -1,21 +1,17 @@
 { pkgs, config, username, ... }:
  ###################################################################################
  #
  #  macOS's System configuration
  #
  #  All the configuration options are documented here:
  #    https://daiderd.com/nix-darwin/manual/index.html#sec-options
  #  Incomplete list of macOS `defaults` commands :
  #    https://github.com/yannbertrand/macos-defaults
  #
  ###################################################################################
 {
  pkgs,
  config,
  username,
  hostname,
  ...
 }: {
  time.timeZone = "Asia/Seoul";
  system = {
    primaryUser = username;
    stateVersion = 6;
-    # activationScripts are executed every time you boot the system or run `nixos-rebuild` / `darwin-rebuild`.
+    # symlink /Applications/Nix Apps to /Applications for Spotlight
    activationScripts.extraActivation.text = ''
      # activateSettings -u will reload the settings from the database and apply them to the current session,
      # so we do not need to logout and login again to make the changes take effect.
@ -26,7 +22,7 @@
      env = pkgs.buildEnv {
        name = "system-applications";
        paths = config.environment.systemPackages;
-        pathsToLink = "/Applications";
+        pathsToLink = ["/Applications"];
      };
    in
      pkgs.lib.mkForce ''
@ -43,29 +39,25 @@
      '';
    defaults = {
      # login window
      loginwindow = {
-        GuestEnabled = false;  # disable guest user
+        GuestEnabled = false;
        SHOWFULLNAME = true;  # show full name in login window
      };
      # control center
      controlcenter = {
        Sound = false;
        Bluetooth = false;
        AirDrop = false;
        BatteryShowPercentage = false;
        Bluetooth = false;
        Display = false;
        FocusModes = false;
        NowPlaying = false;
        Sound = false;
      };
      # clock
      menuExtraClock = {
        Show24Hour = true;
        ShowAMPM = false;
        ShowDayOfWeek = false;
      };
      # dock
      dock = {
        autohide = true;
        autohide-delay = 0.01;
@ -75,38 +67,69 @@
        tilesize = 50;
        magnification = true;
        largesize = 70;
-        wvous-bl-corner = 11;
+        showMissionControlGestureEnabled = true;
      };
      # finder
      finder = {
        AppleShowAllFiles = true;
        AppleShowAllExtensions = true;
        ShowStatusBar = true;
        ShowPathbar = true;
-        FXPreferredViewStyle = "Nlsv";
+        FXPreferredViewStyle = "clmv";
-        AppleShowAllExtensions = true;
+        FXRemoveOldTrashItems = true;
-        QuitMenuItem = true;
+        _FXEnableColumnAutoSizing = true;
        _FXShowPosixPathInTitle = true;
        _FXSortFoldersFirst = true;
        _FXSortFoldersFirstOnDesktop = true;
        FXEnableExtensionChangeWarning = false;
-        NewWindowTarget = "Home";
+        FXDefaultSearchScope = "SCcf";
        NewWindowTarget = "Other";
        NewWindowTargetPath = "/Users/${username}/Downloads";
        ShowExternalHardDrivesOnDesktop = true;
        ShowHardDrivesOnDesktop = true;
        ShowMountedServersOnDesktop = true;
        ShowRemovableMediaOnDesktop = true;
        QuitMenuItem = true;
      };
      # trackpad
      trackpad = {
        Clicking = true;
-        TrackpadRightClick = true;  # enable two finger right click
+        TrackpadRightClick = true; # two finger right click
-        TrackpadThreeFingerDrag = true;  # enable three finger drag
+        TrackpadThreeFingerDrag = true;
        TrackpadFourFingerHorizSwipeGesture = 2; # swipe between full-screen applications
        TrackpadFourFingerVertSwipeGesture = 2; # down for Mission Control, up for App Expose
        TrackpadPinch = true;
        TrackpadThreeFingerHorizSwipeGesture = 0; # disable for three finger drag
        TrackpadThreeFingerVertSwipeGesture = 0; # disable for three finger drag
        TrackpadTwoFingerDoubleTapGesture = true; # smart zoom
        TrackpadTwoFingerFromRightEdgeSwipeGesture = 0;
      };
-      # customize settings that not supported by nix-darwin directly
+      screensaver = {
-      # Incomplete list of macOS `defaults` commands :
+        askForPassword = true;
-      #   https://github.com/yannbertrand/macos-defaults
+        askForPasswordDelay = 0;
      };
      smb = {
        NetBIOSName = hostname;
        ServerDescription = hostname;
      };
      WindowManager = {
        AppWindowGroupingBehavior = true;
        EnableStandardClickToShowDesktop = false;
        EnableTilingByEdgeDrag = false;
        EnableTilingOptionAccelerator = false;
        EnableTopTilingByEdgeDrag = false;
        StandardHideDesktopIcons = true;
        StandardHideWidgets = true;
      };
      # Customize settings that not supported by nix-darwin directly
      # source: https://github.com/yannbertrand/macos-defaults
      NSGlobalDomain = {
        # `defaults read NSGlobalDomain "xxx"`
        "com.apple.swipescrolldirection" = true;
        AppleInterfaceStyle = "Dark";
-        AppleKeyboardUIMode = 3;
+        AppleKeyboardUIMode = 2;
        ApplePressAndHoldEnabled = false;
        InitialKeyRepeat = 15;
        KeyRepeat = 2;
@ -115,6 +138,7 @@
        AppleScrollerPagingBehavior = true;
        AppleEnableMouseSwipeNavigateWithScrolls = true;
        AppleEnableSwipeNavigateWithScrolls = true;
        AppleSpacesSwitchOnActivate = true;
        NSAutomaticCapitalizationEnabled = false;
        NSAutomaticDashSubstitutionEnabled = false;
@ -126,49 +150,15 @@
        NSTableViewDefaultSizeMode = 2;
        "com.apple.keyboard.fnState" = true;
        "com.apple.sound.beep.feedback" = 0;
      };
      # Customize settings that not supported by nix-darwin directly
-      # see the source code of this project to get more undocumented options:
+      CustomSystemPreferences = {
      #    https://github.com/rgcr/m-cli
      # 
      # All custom entries can be found by running `defaults read` command.
      # or `defaults read xxx` to read a specific domain.
      CustomUserPreferences = {
        ".GlobalPreferences" = {
          # automatically switch to a new space when switching to the application
          AppleSpacesSwitchOnActivate = true;
        };
        NSGlobalDomain = {
          # Add a context menu item for showing the Web Inspector in web views
          WebKitDeveloperExtras = true;
        };
        "com.apple.finder" = {
          ShowExternalHardDrivesOnDesktop = true;
          ShowHardDrivesOnDesktop = true;
          ShowMountedServersOnDesktop = true;
          ShowRemovableMediaOnDesktop = true;
          _FXSortFoldersFirst = true;
          # When performing a search, search the current folder by default
          FXDefaultSearchScope = "SCcf";
        };
        "com.apple.desktopservices" = {
          # Avoid creating .DS_Store files on network or USB volumes
          DSDontWriteNetworkStores = true;
          DSDontWriteUSBStores = true;
        };
        "com.apple.WindowManager" = {
          EnableStandardClickToShowDesktop = 0; # Click wallpaper to reveal desktop
          StandardHideDesktopIcons = 0; # Show items on desktop
          HideDesktop = 0; # Do not hide items on desktop & stage manager
          StageManagerHideWidgets = 0;
          StandardHideWidgets = 0;
        };
        "com.apple.screensaver" = {
          # Require password immediately after sleep or screen saver begins
          askForPassword = 1;
          askForPasswordDelay = 0;
        };
        "com.apple.AdLib" = {
          allowApplePersonalizedAdvertising = false;
        };
@ -182,70 +172,34 @@
      };
    };
    # keyboard settings is not very useful on macOS
    # the most important thing is to remap option key to alt key globally,
    # but it's not supported by macOS yet.
    keyboard = {
      enableKeyMapping = true; # enable key mapping so that we can use `option` as `control`
      # NOTE: do NOT support remap capslock to both control and escape at the same time
      remapCapsLockToControl = false;  # remap caps lock to control, useful for emac users
      remapCapsLockToEscape  = false;  # remap caps lock to escape, useful for vim users
    };
  };
  # Add ability to used TouchID for sudo authentication
  security.pam.services.sudo_local.touchIdAuth = true;
  # Create /etc/zshrc that loads the nix-darwin environment.
  # this is required if you want to use darwin's default shell - zsh
  programs.zsh = {
    enable = true;
    enableCompletion = true;
    enableAutosuggestions = true;
    enableFastSyntaxHighlighting = true;
    enableFzfCompletion = true;
    enableFzfGit = true;
    enableFzfHistory = true;
    promptInit = ''
    fastfetch
    source ${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k/powerlevel10k.zsh-theme
    source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh
    '';
  };
  environment = {
    shells = [
      pkgs.zsh
    ];
    shellAliases = {
      ls = "lsd --color=auto";
      l = "lsd -lhG";
      lt = "l --tree";
      ll = "lsd -alhG";
      lh = "lsd -dl .*";
      lsd = "lsd --group-directories-first";
      filecount="find . -type f | wc -l";
      cat = "bat --color=always";
      man = "tldr";
      nixrebuild = "sudo darwin-rebuild switch --flake ~/.config/nix-darwin";
      nixupgrade = "cd ~/.config/nix-darwin && nix flake update";
      nixconfig = "nvim ~/.config/nix-darwin";
      sshconfig = "nvim ~/.ssh/config";
      # git
      g = "git";
      gaa = "git add --all";
      gcm = "git commit -m";
      gca = "git commit --amend";
      gst = "git status";
      gco = "git checkout";
      gl = "git pull";
      gp = "git push";
      glg = "git log --graph --pretty='%Cred%h%Creset -%C(auto)%d%Creset %s %Cgreen(%ad) %C(bold blue)<%an>%Creset' --date=short";
    };
  };
-  # Set your time zone.
+  fonts = {
-  time.timeZone = "Asia/Seoul";
+    packages = with pkgs; [
      material-design-icons
      font-awesome
      pretendard
      nerd-fonts.symbols-only
      nerd-fonts.jetbrains-mono
      nerd-fonts.d2coding
      nerd-fonts.iosevka
      nerd-fonts.meslo-lg
    ];
  };
 }
--- a/1
+++ b/1
@ -1 +0,0 @@
 /nix/store/wqavdqq4f3j9gwymsj724hz9jkjwa3gf-darwin-system-25.05.73d5958
--- a/secrets/poby.yaml
+++ b/secrets/poby.yaml
@ -0,0 +1,17 @@
 github_ssh_key: ENC[AES256_GCM,data:nlZoOfyEMRj2U+P2ANao+ATS90zr8h4c+mVCu1JVoNpC50DBjyMl3eZDCDERISLHf0JWbg0wAZZbPI0Xp2KvZ9D4g+59Dd+F2csgAxUbTL0QPNkgFzSWQNINPR+pabf8phfWKFBJpBD66R8CGY0g8qM9oCJVGM2sGevdAKlhEHk5qsKZ48N0XdSzwXDxYpAeSt0Lz5mcuu8ndUZq+VJs744pLNd6Br6X6wgYJ8HpOXnzyequRer/Tp/EiX5Wel+Nu4JnlXa74ziv/AVqVdZS+mLylT1Cr+fnT3rASMHtA3KFokKlnoBzmJKlqKOcC9hCg7JApLn9s/iyWaC9AbFqZzEolwB0C9TkY3UHD6f5Eph0jaZemsI8DA1+CB39La48snLy0FraQ2yBdjQB/SwcO34OwqZaNHy6FaK5vNSMnDmlhC+FZkdHt6XkUMv8EZewLSA4WxkTuDE2fgF+NVoBNiSe4G9Fpmrl4h6Adp5pIxivthJPVEmudkTB1Q8TNp2yS2NLlWarUrgELNbGBgG0KocF3F6CXJKC8KNwI3x5cgW8GOB02h3EQGOmazTBUAOwjkZZ0V/8jzbEhRyEcou0LyhY6Ls/ltLaAAo6mtBaOB0=,iv:PNdvBAlSLsW2SxoiajXD6nCgl9EXFzR2SRfo6Ynj4iQ=,tag:qGMtoaigw1iEMET99PVSbw==,type:str]
 github_cli_token: ENC[AES256_GCM,data:yaJZb5MUeiyBu2LJIgfJ6nX0TL2XdPvZn0IuSMIaxdy5LMyg4NQZkg==,iv:Q+dGU0bPznY5cexiailAzPKgsm0YuOKpGXIAaPh3hNs=,tag:tZKAUVK3H04xD8FMZ2KBsA==,type:str]
 sops:
    age:
        - recipient: age1qeyrh6e40nek3da4mnj298cy2l3aswe7432us30d2p93akcvp9zqext63j
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQaUt1Y1hFS1N0djNEU3NQ
            QjFIMk9GZkxoeks2WUx0WlBNblR6dEpSZ2tBCkl3Wk1xaDlXWEFnYkIzZ2J3bUxw
            bTltMDJtWEMrZ0NsbzFtTEQyelJsODQKLS0tIHFCYlZGalp2UVpIWTBRdUVob3JM
            QXQ3YUkxWnk2U0hacjBMZDQ5WlNFQTAKzzzcoCZg7iNg5QoajxSpP1ka5qIIfaNE
            5VMXcX4qL0OszsO3j3ShYIT02m3XqkSeaOMSz+uty2BWtPCDZoLHrg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2026-03-14T12:35:18Z"
    mac: ENC[AES256_GCM,data:HUZRdHhmybKofm8xI44Q95b9oizFsvRO+SkJ742KO31rFfYhTp9/PYw3+7JxROY7mMyQKrEvRLYcWB97gv3zaDXhevIdBM+wEp9xvpLJ732G9jccarmYqHaAzPsyVUof/I6fyQMFLCcdCmniPR/UihOcmuQpMWjxJ5xr0rerRFA=,iv:o67tqpx4YfvwFNEuXK9ZWIp/b4GXuzWlRbbHw/kEQHQ=,tag:PZyk2G9reLy15yiw8LV/eA==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.12.1
		`@ -1 +0,0 @@`
			`/nix/store/wqavdqq4f3j9gwymsj724hz9jkjwa3gf-darwin-system-25.05.73d5958`