tapyu · December 5, 2025 13:57
diff --git a/.unix_setup.md b/.unix_setup.md
diff --git a/_autoinstall_LTS.yaml b/_autoinstall_LTS.yaml
 autoinstall:
  version: 1

  packages:
    - vim
    - stow # a symlink farm manager
    - pass # uses GPG keys to encrypt passwords, which are stored in `$PASSWORD_STORE_DIR` or ~/.password-store by default
    - htop
    - git
    - zsh
    - fzf # fuzzy finder CAVEAT: check if fzf version is greater than or equal to `0.48.0`, otherwise the `--zsh` option in this line https://github.com/tapyu/dotfiles/blob/4a3a599a8848a757ef6b972b65224b9678052612/zsh/.config/zsh/zshrc.sh#L73 will break. SEE: https://github.com/junegunn/fzf/issues/3703
    - apt-transport-https
    - curl        # deb-get dependencies
    - lsb-release #
    - wget        #
    - apt-file # search for a package that provides a specific file
    - ttf-mscorefonts-installer # Microsoft True Type Core Fonts for the Web including: Andale Mono, Arial Black, Arial (Bold, Italic, Bold Italic), Comic Sans MS (Bold), Courier New (Bold, Italic, Bold Italic), Georgia (Bold, Italic, Bold Italic), Impact, Times New Roman (Bold, Italic, Bold Italic), Trebuchet (Bold, Italic, Bold Italic), Verdana (Bold, Italic, Bold Italic), Webdings
    - libyaml-tiny-perl    # HACK: fix latexindent error (see https://stackoverflow.com/a/77425816/23333162)
    - libfile-homedir-perl #
    - moreutils # This is a growing collection of the Unix tools that nobody thought to write long ago, when Unix was young -> `combine`, `pee`, `sponge`, ...
    - gawk # Full-featured GNU implementation of `awk`. The default `awk` implementation is `mawk`, which is a lightweight and fast implementation of `awk` focused on speed and minimalism. CAVEAT: `awk` should symlink to `gawk` as soon as it is installed. If it is not, run `sudo update-alternatives --config awk`
    - gh # github-cli # CAVEAT: you should run `gh auth login` before
    - hackrf # HackRF utilities
    - rar
    - unrar
    - tree
    - kdenlive
    - tesseract-ocr     # required for `ocrmypdf` % SEE: https://ocrmypdf.readthedocs.io/en/latest/languages.html#installing-additional-language-packs
    - tesseract-ocr-por # to OCR in pt-br, run `ocrmypdf -l por in.pdf -o out.pdf`
    - ripgrep
    - pdfgrep
    - screenkey
    - nodejs # node.js: JavaScript runtime environment. When you install a npm package, that requires Node.js to run as it is a JavaScript-based program.
    - npm # npm: stands for "Node Package Manager." It is the default package manager for Node.js;npx: a package runner tool that comes with npm. It allows you to execute Node.js packages directly without having to install them globally or locally.
    - lua5.4   # install the Lua programming language and its package manager (LuaRocks). CAVEAT: This approach doesn't seem too consistent, 1: `lua5.4` pkg version will become absolete and there is no apprent way to install the latest lua version as there is no `lua` pkg in the `apt` command; 2- the `luarocks` pkg is compatible with `lua` of versions from 5.1 to 5.4, you must assure that `luarocks` you are using is compatible with the your `lua` version. See: https://www.reddit.com/r/lua/comments/1agh999/is_there_rustuplike_for_installing_and_managing/ https://luarocks.org/#quick-start https://www.lua.org/download.html
    - luarocks #
    - python-is-python3 # a mere symlink to /usr/bin/python
    - python3-pip # a mere symlink from `python3 -m pip` to `/usr/bin/pip`
    - rename # rename 's/search/replace/g' CLI command
    - xtrlock # keyboard locker (unlock it with the computer password)
    - cmake # C/C++: CMake
    - clang-format # C/C++: formatter
    - valgrind # C/C++: A memory profiler that can detect memory leaks, memory corruption, and other memory-related issues.
    - rclone # NOTE: for the first try, you must run `rclone config reconnect books:; rclone sync --verbose books:/books ~/books`
    - zoxide
    - cloc # count line of code (cloc): git utils to analyze the number lines in a repo (also see the online version: https://codetabs.com/count-loc/count-loc-online.html)
    - hdf5-tools # HDF5 tool suite (h5ls, h5dump, h5copy) to work with HDF5 files
    - pkg-config # HACK: fix "failed to compile cargo-update" SEE: https://github.com/sfackler/rust-openssl/issues/855
    - libssl-dev #
    # GUI
    - gnome-tweaks
    - gnuradio
    - gnome-clocks # timer, alarms, and stopwatch
    - gnome-shell-extensions
    - usb-creator-gtk # create bootable Linux USBs
    - thunderbird # an email client
    - obs-studio
    - diodon # GTK+ clipboad manager
    - nnn
  
  snaps: # TODO: avoid using snaps
    - name: helix # NOTE: at the moment, helix has no way to be installed on Ubuntu but via snap
      classic: true
    - name: telegram-desktop
    - name: thunderbird # NOTE: running thunderbird from the apt install prompts "Command '/usr/bin/thunderbird' requires the thunderbird snap to be installed."
    - name: zoom-client # TODO: change to deb-get. Currently, there is an issue with it. # SEE: https://github.com/wimpysworld/deb-get/issues/1542

  interactive-sections:
    - storage
    - identity

  storage:
    layout:
      name: direct

  identity:
    hostname: ${HOSTNAME}
    password: "${ADMIN_PASSWORD}"
    username: ${ADMIN_USER}
    realname: Rubem Vasconcelos Pacelli
    
  keyboard:
    layout: us
    toggle: null # lwin_toggle # TODO: add keyboard layout
    variant: '' # alt-intl # (?)
  
  locale: en_US.UTF-8 # broader configuration that defines various aspects of the system's behavior based on regional and linguistic preferences, such as language preferences, date/time formats, currency formats, and character encoding
  timezone: America/Recife

  source:
    search_drivers: true
  codecs:
    install: true
  drivers:
    install: true

 #   late-commands:
 #     - curtin in-target -- apt-get autoremove -y
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/initial_settings.sh)
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/no_pkg_manager.sh)
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/python_packages_install.sh)
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/deb_get_install.sh)
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/cargo_install_crates.sh)
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/npm_install.sh)
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/gnome_setup.sh)
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/gcm.sh)
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/cuda.sh)
    

  error-commands:
    - tail -200 /var/log/syslog
    
diff --git a/_autoinstall_missing.yaml b/_autoinstall_missing.yaml
 # This is a missing part that should be added to `autoinstall.yaml`
 autoinstall:
  
  early-commands:
    ### add non-official APT packages ###
    # helix SEE: https://docs.helix-editor.com/install.html#ubuntu
    - sudo add-apt-repository ppa:maveonair/helix-editor
  
  # Storage configuration
  storage:
    config:
      ## Define the main disk to partition
      - type: disk
        id: disk0 # label to identify and manage the disk, within the YAML configuration file, i.e., during the automated installation process
        ptable: gpt #  GUID Partition Table, the modern standard for partition tables. An alternative partitioning scheme is `mbr` (Master Boot Record), the older standard.
        wipe: superblock-recursive # Determines how the disk is wiped (erased) before new partitions are created. `superblock-recursive` wipes all partition tables and filesystem superblocks on the disk to ensure it’s completely clean.
        preserve: false # Deletes all existing partitions and data on the disk.
        grub_device: true # Installs GRUB on this disk, enabling it to boot the installed operating system.
        match:
          size: largest
      ## Partition
      # Boot EFI System partition
      - id: boot
        type: partition
        device: disk0
        size: 300MB
        flag: boot # `flag`'s value defines a disk-level attribute that defines how the partition should behave or be treated by the system.
      # swap partition
      - id: swap
        type: partition
        device: disk0
        size: 24GB
        flag: swap
      # root filesystem
      - id: root
        type: partition
        device: disk0
        size: 150GB
      # home directory
      - id: home
        type: partition
        device: disk0
        size: 200GB
      # leave leftover space as free
      - id: free-space
        type: partition
        device: disk0
        size: -1  # -1 uses remaining space, leaving it free
      
      ## Format
      # swap
      - id: swap-fs
        type: format
        volume: swap
        fstype: swap
        label: SWAP
      # /boot
      - id: boot-fs
        type: format
        volume: boot
        fstype: fat32 # FAT32 (File Allocation Table 32) is a legacy file system introduced by Microsoft in 1996. It’s simple and widely supported file system primarily used for compatibility purposes across different operating systems and devices, such as: USB drives, SD cards, System boot partitions (e.g., EFI System Partition). Characteristics of FAT32: Compatibility: Works across virtually all operating systems (Windows, macOS, Linux, etc.); Simple Structure: Based on a file allocation table (FAT) that maps file locations on the disk; No Journaling: FAT32 lacks any mechanism to log changes, making it less resilient to data corruption compared to modern file systems like EXT4 or NTFS; File Size Limitation: Individual files cannot exceed 4 GB; Partition Size Limitation: Maximum partition size is 32 GB (on Windows) or larger with third-party tools.
        label: BOOT
      # root /
      - id: root-fs
        type: format
        volume: root
        fstype: ext4 # a common journaling filesystem on Linux systems due to its reliability
        label: ROOT
      # /home
      - id: home-fs
        type: format
        volume: home
        fstype: ext4
        label: HOME
        
      ## Mount
      # /boot
      - id: boot-mnt
        type: mount
        device: boot-fs
        path: /boot
      # root /
      - id: root-mnt
        type: mount
        device: root-fs
        path: /
      # /home
      - id: home-mnt
        type: mount
        device: home-fs
        path: /home
diff --git a/_autoinstall_nightly.yaml b/_autoinstall_nightly.yaml
 autoinstall:
  version: 1

  packages:
    - vim
    - stow # a symlink farm manager
    - pass # uses GPG keys to encrypt passwords, which are stored in `$PASSWORD_STORE_DIR` or ~/.password-store by default
    - htop
    - git
    - zsh
    - fzf # fuzzy finder CAVEAT: check if fzf version is greater than or equal to `0.48.0`, otherwise the `--zsh` option in this line https://github.com/tapyu/dotfiles/blob/4a3a599a8848a757ef6b972b65224b9678052612/zsh/.config/zsh/zshrc.sh#L73 will break. SEE: https://github.com/junegunn/fzf/issues/3703
    - curl        # deb-get dependencies
    - wget        #
    - apt-file # search for a package that provides a specific file
    - moreutils # This is a growing collection of the Unix tools that nobody thought to write long ago, when Unix was young -> `combine`, `pee`, `sponge`, ...
    - gawk # Full-featured GNU implementation of `awk`. The default `awk` implementation is `mawk`, which is a lightweight and fast implementation of `awk` focused on speed and minimalism. CAVEAT: `awk` should symlink to `gawk` as soon as it is installed. If it is not, run `sudo update-alternatives --config awk`
    - gh # github-cli # CAVEAT: you should run `gh auth login` before
    - hackrf # HackRF utilities
    - rar
    - unrar
    - tree
    - ripgrep
    - pdfgrep
    - screenkey
    - nodejs # node.js: JavaScript runtime environment. When you install a npm package, that requires Node.js to run as it is a JavaScript-based program.
    - npm # npm: stands for "Node Package Manager." It is the default package manager for Node.js;npx: a package runner tool that comes with npm. It allows you to execute Node.js packages directly without having to install them globally or locally.
    - lua5.4   # install the Lua programming language and its package manager (LuaRocks). CAVEAT: This approach doesn't seem too consistent, 1: `lua5.4` pkg version will become absolete and there is no apprent way to install the latest lua version as there is no `lua` pkg in the `apt` command; 2- the `luarocks` pkg is compatible with `lua` of versions from 5.1 to 5.4, you must assure that `luarocks` you are using is compatible with the your `lua` version. See: https://www.reddit.com/r/lua/comments/1agh999/is_there_rustuplike_for_installing_and_managing/ https://luarocks.org/#quick-start https://www.lua.org/download.html
    - luarocks #
    - python-is-python3 # a mere symlink to /usr/bin/python
    - python3-pip # a mere symlink from `python3 -m pip` to `/usr/bin/pip`
    - rename # rename 's/search/replace/g' CLI command
    - xtrlock # keyboard locker (unlock it with the computer password)
    - cmake # C/C++: CMake
    - clang-format # C/C++: formatter
    - valgrind # C/C++: A memory profiler that can detect memory leaks, memory corruption, and other memory-related issues.
    - rclone # NOTE: for the first try, you must run `rclone config reconnect books:; rclone sync --verbose books:/books ~/books`
    - zoxide
    - hdf5-tools # HDF5 tool suite (h5ls, h5dump, h5copy) to work with HDF5 files
    - cloc # count line of code (cloc): git utils to analyze the number lines in a repo (also see the online version: https://codetabs.com/count-loc/count-loc-online.html)
    # GUI
    - gnome-tweaks
    - gnuradio
    - gnome-clocks # timer, alarms, and stopwatch
    - gnome-shell-extensions
    - usb-creator-gtk # create bootable Linux USBs
    - thunderbird # an email client
    - obs-studio
    - diodon # GTK+ clipboad manager
    - kdenlive
    - nnn
 #    ALREADY INSTALLED ON MODERN UBUNTU
 #     - apt-transport-https
 #     - lsb-release
 #    DEPRECATED/NOT NECESSARY ANYMORE
 #    - ttf-mscorefonts-installer # Microsoft True Type Core Fonts for the Web including: Andale Mono, Arial Black, Arial (Bold, Italic, Bold Italic), Comic Sans MS (Bold), Courier New (Bold, Italic, Bold Italic), Georgia (Bold, Italic, Bold Italic), Impact, Times New Roman (Bold, Italic, Bold Italic), Trebuchet (Bold, Italic, Bold Italic), Verdana (Bold, Italic, Bold Italic), Webdings
 #    - libyaml-tiny-perl    # HACK: fix latexindent error (see https://stackoverflow.com/a/77425816/23333162)
 #    - libfile-homedir-perl #
 #    - tesseract-ocr     # HACK: required for `ocrmypdf` % SEE: https://ocrmypdf.readthedocs.io/en/latest/languages.html#installing-additional-language-packs
 #    - tesseract-ocr-por # HACK: to OCR in pt-br, run `ocrmypdf -l por in.pdf -o out.pdf`
 #    SOLVED BUGS (?)
 #    - pkg-config # HACK: fix "failed to compile cargo-update" SEE: https://github.com/sfackler/rust-openssl/issues/855
 #    - libssl-dev #
  
  snaps: # TODO: avoid using snaps
    - name: helix # NOTE: at the moment, helix has no way to be installed on Ubuntu but via snap
      classic: true
    - name: telegram-desktop
    - name: thunderbird # NOTE: running thunderbird from the apt install prompts "Command '/usr/bin/thunderbird' requires the thunderbird snap to be installed."
    - name: zoom-client # TODO: change to deb-get. Currently, there is an issue with it. # SEE: https://github.com/wimpysworld/deb-get/issues/1542

  interactive-sections:
    - storage
    - identity

  storage:
    layout:
      name: direct

  identity:
    hostname: ${HOSTNAME}
    password: "${ADMIN_PASSWORD}"
    username: ${ADMIN_USER}
    realname: Rubem Vasconcelos Pacelli
    
  keyboard:
    layout: us
    toggle: null # lwin_toggle # TODO: add keyboard layout
    variant: '' # alt-intl # (?)
  
  locale: en_US.UTF-8 # broader configuration that defines various aspects of the system's behavior based on regional and linguistic preferences, such as language preferences, date/time formats, currency formats, and character encoding
  timezone: America/Recife

  source:
    search_drivers: true
  codecs:
    install: true
  drivers:
    install: true

 #   late-commands:
 #     - curtin in-target -- apt-get autoremove -y
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/initial_settings.sh)
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/no_pkg_manager.sh)
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/python_packages_install.sh)
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/deb_get_install.sh)
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/cargo_install_crates.sh)
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/npm_install.sh)
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/gnome_setup.sh)
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/gcm.sh)
 #     - |
 #       curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/cuda.sh)
    

  error-commands:
    - tail -200 /var/log/syslog
diff --git a/cargo_install_crates.sh b/cargo_install_crates.sh
 #!/usr/bin/env bash
 # intall Rust and its crates

 # install crates
 cargo install cargo-update # a 3th party crate to upgrade all crates (see https://stackoverflow.com/questions/34484361/does-cargo-install-have-an-equivalent-update-command)
 cargo install lsd # the next gen ls command
 cargo install bat # a cat clone with wings
 cargo install --locked typst-cli # the next LaTeX replacement (latest release)
 cargo install just # # the next Makefile replacement
 cargo install git-delta # a syntax-highlighting pager for git, diff, and grep output
 cargo install --locked navi
 cargo install juliaup # Julia installer and version multiplexer
diff --git a/cuda.sh b/cuda.sh
 #!/usr/bin/env bash

 # SEE: https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html#environment-setup

 ### GENERAL WORKFLOW ###
 # Nvidia GPU model -> compatible Nvidia driver version -> compatible CUDA version(s) -> supported cuDNN lib

 ### about the GPU model and Nvidia driver ###

 # Your Nvidia GPU model dictates the maximum available driver version. The latest
 # version is usually the most suitable. You can install it through your operating
 # system or install it [manually](https://www.nvidia.com/en-us/drivers/). After
 # installing, make sure your Nvidia GPU is enabled and is being used by you system
 # On Linux, for example, Nouveau might be enabled and being used instead of you
 # Nvidia graphic card unit.

 ### instal CUDA ###

 # The Nvidia driver version sets a range of
 # [compatible CUDA versions](https://docs.nvidia.com/deploy/cuda-compatibility/minor-version-compatibility.html#id1).
 # You should choose the CUDA version that matches with the minimum version
 # requirements in the first table, but is compatible with you installed Nvidia Driver.

 # download the latest CUDA version from https://developer.nvidia.com/cuda-downloads
 # or get a specific CUDA version in the archive: https://developer.nvidia.com/cuda-toolkit-archive
 # prefer to use the runfile install option
 # For Tensorflow, you can check the minimum (they are backward compatible)
 # CUDA version in https://www.tensorflow.org/install/source#gpu
 wget https://developer.download.nvidia.com/compute/cuda/12.5.0/local_installers/cuda_12.5.0_555.42.02_linux.run
 # NOTE: every CUDA installation file bundles a specific NVIDIA driver version. 
 # You may want to install that driver or keep with your already installed driver.
 # In the last case, you should continue and uncheck the bundled NVIDIA driver install.
 # NOTE: don't check the `nvidia-fs` kernel objects. It is not necessary unless for
 # server stuffs and requires DKMS and MOFED. The last one is very dangerous as it may
 # replaces several kernel networking components and can break Wi-Fi, Ethernet, Docker,
 # and your whole networking stack if installed on an unsupported system.
 # NOTE: Once CUDA is installed, you should able to run `nvcc --version`
 # NOTE: if installed via runfile, to uninstall the CUDA Toolkit, run `cuda-uninstaller`,
 # located in /usr/local/cuda-12.5/bin
 sudo sh cuda_12.5.0_555.42.02_linux.run

 # CAVEAT: you should add the environment variables `PATH` and `LD` in `.profile` to the same CUDA version you are installing. E,g.:
 #export PATH=/usr/local/cuda-12.5/bin${PATH:+:${PATH}}
 #export LD_LIBRARY_PATH=/usr/local/cuda-12.5/targets/x86_64-linux/lib:/usr/local/cuda-12.5/lib64${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}

 ### install cuDNN ###

 # Your installed CUDA version dictates the
 # [compatible versions for the cuDNN library](https://docs.nvidia.com/deeplearning/cudnn/backend/latest/reference/support-matrix.html#gpu-cuda-toolkit-and-cuda-driver-requirements)

 # download the latest cuDNN from https://developer.nvidia.com/cudnn-downloads
 # or get a specific cuDNN version in the archive: https://developer.nvidia.com/cudnn-archive
 # CAVEAT: For cuDNN installation, prefer tarball as the debfiles presented an incorrect version.
 wget https://developer.download.nvidia.com/compute/cudnn/redist/cudnn/linux-x86_64/cudnn-linux-x86_64-9.3.0.75_cuda12-archive.tar.xz
 tar xvf cudnn-linux-x86_64-9.3.0.75_cuda12-archive.tar.xz
 sudo rsync -av --progress cudnn-linux-x86_64-9.3.0.75_cuda12-archive/include/* /usr/local/cuda-12.5/include/
 sudo rsync -av --progress cudnn-linux-x86_64-9.3.0.75_cuda12-archive/lib/* /usr/local/cuda-12.5/lib64/

 sudo chmod a+r /usr/local/cuda-12.5/include/cudnn*.h
 sudo chmod a+r /usr/local/cuda-12.5/lib64/libcudnn*

 sudo ldconfig
diff --git a/deb_get_install.sh b/deb_get_install.sh
 #!/usr/bin/env bash
 # install deb-get packages

 # deb-get packages
 deb-get install docker-ce
 deb-get install code
 deb-get install sublime-text
 deb-get install master-pdf-editor-5
 deb-get install discord
 deb-get install zotero
 deb-get install gcm # git-credential-manager: authenticates remote repos (e.g., GitHub) using a private GPG key + `pass` to automatically interact with them (via git clone, git push, etc.) without requesting password. This approach diregards tokens or similar.
 deb-get install protonvpn # NOTE: if it fails, see https://github.com/wimpysworld/deb-get/issues/975
diff --git a/gcm.sh b/gcm.sh
 #!/usr/bin/env bash
 # setup remote authentications via git-credential-manager
 # it expects that `pass` and `git-credential-manager`, and `curl` are installed

 # get the private GPG key (a private key inherently contains the public key inside it)
 curl --proto '=https' --tlsv1.2 --fail --location --silent --show-error https://gist.githubusercontent.com/tapyu/c97a537285cdd3171dbaf1f79b3d1862/raw/git_credential_manager.asc | gpg --import

 # set the trust level to ultimate trust (`gpg --list-keys --with-colons D10457955454C163 | grep ^pub` should prompt `pub:u:4096:1:D10457955454C163:...`, where u means ultimate trust)
 echo -e "5\ny\n" | gpg --command-fd 0 --edit-key D10457955454C163 trust

 # set `pass` to use that GPG key
 pass init git-credential-manager # CAVEAT: it expects that `pass` is installed

 # says to git this it should use `pass`+GPG keys (it is redundant if `$GCM_CREDENTIAL_STORE` is set to `gpg`)
 git config --global credential.credentialStore gpg

 # set git to use git-credential-manager to authenticate the login
 git config --global credential.helper manager

 # NOTE: now, a pop-up window should appear in the first login

 # set username
 git config --global user.name tapyu

 # set email
 git config --global user.email [email protected]
diff --git a/gnome_setup.sh b/gnome_setup.sh
 #!/usr/bin/env bash
 # set up Gnome Desktop Environment

 ### GNOME default applications ###
 gsettings set org.gnome.desktop.default-applications.terminal exec '/usr/bin/wezterm start --always-new-process'
 xdg-mime default net.code-industry.masterpdfeditor5.desktop application/pdf # pdf
 xdg-settings set default-web-browser brave-browser.desktop # browser

 ### GNOME extensions ###
 # List of extension URLs (replace with more URLs as needed)
 urls=(
  'https://extensions.gnome.org/extension/28/gtile/'
  'https://extensions.gnome.org/extension/517/caffeine/'
  'https://extensions.gnome.org/extension/545/hide-top-bar/'
 )

 # Loop through each URL
 for url in "${urls[@]}"; do
  echo "url = ${url}"
  # get package metadata
  id=$(echo "${url}" | cut --delimiter=/ --fields=5)
  url_pkg_metadata="https://extensions.gnome.org/extension-info/?pk=${id}"
  # Extract data for each extension
  uuid=$(curl -s "$url_pkg_metadata" | jq -r '.uuid' | tr -d '@')
  latest_extension_version=$(curl -s "$url_pkg_metadata" | jq -r '.shell_version_map | to_entries | max_by(.value.version) | .value.version')
  latest_shell_version=$(curl -s "$url_pkg_metadata" | jq -r '.shell_version_map | to_entries | max_by(.value.version) | .key')

  # get  package
  filename="${uuid}.v${latest_extension_version}.shell-extension.zip"
  url_pkg="https://extensions.gnome.org/extension-data/${filename}"
  wget -P /tmp "${url_pkg}"
  # install package
  gnome-extensions install "/tmp/${filename}"

  # Print the results
 #   echo "For URL: $url"
 #   echo "UUID: $uuid"
 #   echo "Latest extension version: $latest_extension_version"
 #   echo "Latest shell version: $latest_shell_version"
 #   echo "--------------------------------------"
 done

 ### GNOME gsettings shortcuts ###
 # get more ideas here: https://blog.programster.org/using-the-cli-to-set-custom-keyboard-shortcuts
 # write your solution here: https://askubuntu.com/questions/597395/how-to-set-custom-keyboard-shortcuts-from-terminal
 # TODO: befere binding a shortcut to a command, you should remove this binding from other commands if there exists a link
 KEY_PATH="/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings"
 gsettings set org.gnome.settings-daemon.plugins.media-keys custom-keybindings \
  "['$KEY_PATH/custom0/', '$KEY_PATH/custom1/', '$KEY_PATH/custom2/']" # add more into this list for more shortcuts
 # xtrlock
 gsettings set org.gnome.settings-daemon.plugins.media-keys.custom-keybinding:$KEY_PATH/custom0/ name "Lock keyboard"
 gsettings set org.gnome.settings-daemon.plugins.media-keys.custom-keybinding:$KEY_PATH/custom0/ command "'/usr/bin/xtrlock'"
 gsettings set org.gnome.settings-daemon.plugins.media-keys.custom-keybinding:$KEY_PATH/custom0/  binding "<Super><Control>l"
 # diodon
 gsettings set org.gnome.shell.keybindings toggle-message-tray "[]" # unset the default keybind to "<Super>V"
 gsettings set org.gnome.settings-daemon.plugins.media-keys.custom-keybinding:$KEY_PATH/custom1/ name "diodon"
 gsettings set org.gnome.settings-daemon.plugins.media-keys.custom-keybinding:$KEY_PATH/custom1/ command "diodon"
 gsettings set org.gnome.settings-daemon.plugins.media-keys.custom-keybinding:$KEY_PATH/custom1/  binding "<Super>V"

 ### GNOME settings###
 # isolate workspaces
 gsettings set org.gnome.shell.app-switcher current-workspace-only true
 gsettings set org.gnome.shell.extensions.dash-to-dock isolate-workspaces true
 # TODO: mute alert sounds (`gsettings set org.gnome.desktop.sound event-sounds false` is not working anymore)

 # enable overamplification https://www.reddit.com/r/gnome/comments/exfhc4/overamplification_extension/fgbf9j2/?utm_source=share&utm_medium=web2x&context=3 
 gsettings set org.gnome.desktop.sound allow-volume-above-100-percent 'true'
 # mute system sounds (like the screenshot sound)
 gsettings set org.gnome.desktop.sound event-sounds false
 # disable animations
 gsettings set org.gnome.desktop.interface enable-animations false
 # unset the anoying IBus emoji insert (see https://superuser.com/questions/1687342/what-is-my-x11-doing-with-ctrl-period-and-how-can-i-disable-it)
 gsettings set org.freedesktop.ibus.panel.emoji hotkey "@as []" # @as indicates that the value is of "array of strings" type (GSettings and dconf are strongly-typed, but usually guess the type from the value itself – but an empty [] only tells them that it's an array-of-something)
 # dark theme
 gsettings set org.gnome.desktop.interface color-scheme 'prefer-dark'
 # autohide docker
 gsettings set org.gnome.shell.extensions.dash-to-dock dock-fixed false
 gsettings set org.gnome.shell.extensions.dash-to-dock autohide true
diff --git a/initial_settings.sh b/initial_settings.sh
 #!/usr/bin/env bash
 # initial_settings.sh — robust & idempotent

 # Exit immediately on errors (-e), treat unset vars as errors (-u),
 # propagate errors in pipelines (-o pipefail), and make ERR traps inherit (-E)
 set -Eeuo pipefail

 log() { printf "\n\033[1m%s\033[0m\n" "$*"; }
 need() { command -v "$1" >/dev/null 2>&1 || { sudo apt-get update -y; sudo apt-get install -y "$1"; }; }
 try_or_warn() { # run a command; never abort script on failure
  set +e
  "$@"
  local rc=$?
  set -e
  if [ $rc -ne 0 ]; then
    echo "WARN: '$*' failed with code $rc — continuing."
  fi
  return 0
 }

 # -----------------------------
 # 0) Ensure prerequisites
 # -----------------------------
 need wget
 need git
 need stow
 need curl
 need unzip
 need fontconfig

 # -----------------------------
 # 1) Ensure zsh and set as login shell
 # -----------------------------
 if ! command -v zsh >/dev/null 2>&1; then
  log "Installing zsh…"
  sudo apt-get install -y zsh
 fi

 if [ "${SHELL##*/}" != "zsh" ]; then
  log "Changing login shell to zsh…"
  # First try without sudo (PAM)
  if ! try_or_warn chsh -s "$(command -v zsh)" "$USER"; then :; fi
  # Fallback with usermod (bypasses PAM)
  try_or_warn sudo usermod --shell "$(command -v zsh)" "$USER"
 fi

 mkdir -p "$HOME/.local/state/zsh"  # zsh history dir

 # -----------------------------
 # 2) Install Meslo Nerd Fonts (user-local)
 # -----------------------------
 log "Installing Meslo patched Nerd Fonts into ~/.local/share/fonts…"
 fonts_dir="$HOME/.local/share/fonts"
 mkdir -p "$fonts_dir"

 for name in Regular Italic Bold "Bold Italic"; do
  file="MesloLGMDZNerdFont-${name// /}.ttf"
  url="https://github.com/ryanoasis/nerd-fonts/raw/master/patched-fonts/Meslo/M-DZ/${name// /-}/MesloLGMDZNerdFont-${name// /}.ttf"
  if [[ ! -f "$fonts_dir/$file" ]]; then
    try_or_warn wget -q -O "$fonts_dir/$file" "$url"
  fi
 done

 try_or_warn fc-cache -f
 log "Meslo fonts step done."

 # -----------------------------
 # 3) Configure symlinks with GNU Stow (ALWAYS runs)
 # -----------------------------
 log "Configuring dotfiles with stow…"
 mkdir -p "$HOME/git"

 if [[ ! -d "$HOME/git/dotfiles" ]]; then
  try_or_warn bash -c 'cd "$HOME/git" && git clone --recurse-submodules https://github.com/tapyu/dotfiles'
 else
  try_or_warn bash -c 'cd "$HOME/git/dotfiles" && git pull --rebase && git submodule update --init --recursive'
 fi

 # Stow each top-level directory (ignore failures, continue)
 if [[ -d "$HOME/git/dotfiles" ]]; then
  (
    cd "$HOME/git/dotfiles"
    # shellcheck disable=SC2045
    for d in $(ls -1d */ 2>/dev/null | sed 's#/##'); do
      log "Preparing to stow package '$d'…"

      # Remove any conflicting regular files in $HOME that this package would overwrite
      # (existing non-symlink, non-directory targets like ~/.profile, ~/.bashrc, etc.)
      while IFS= read -r relpath; do
        # relpath is relative path inside the package (e.g. ".profile", ".config/zsh/.zshrc")
        target="$HOME/$relpath"
        if [[ -f "$target" && ! -L "$target" ]]; then
          echo "Removing existing regular file '$target' (conflicts with package '$d')…"
          try_or_warn rm -f "$target"
        fi
      done < <(cd "$d" && find . -type f -printf '%P\n')

      # Now actually stow the package
      try_or_warn stow --verbose=1 --target="$HOME" "$d"
    done
  )
 fi

 log "Symlinks configured."

 # -----------------------------
 # 4) OPTIONAL: WPS Office symbol fonts fix (non-fatal)
 # -----------------------------
 log "Optional: installing WPS symbol fonts (will skip on error)…"
 tmp_zip="/tmp/wps_symbol_fonts.zip"
 dest_dir="/usr/share/fonts/kingsoft"
 try_or_warn sudo mkdir -p "$dest_dir"

 # You may replace this URL with your own vetted bundle
 try_or_warn wget -q -O "$tmp_zip" "https://github.com/iamdh4/ttf-wps-fonts/archive/refs/heads/master.zip"
 try_or_warn sudo unzip -o -q "$tmp_zip" -d "$dest_dir"
 try_or_warn sudo fc-cache -f

 # -----------------------------
 # 5) Remove default/unused dirs (safe)
 # -----------------------------
 log "Removing default/unused files and directories…"
 try_or_warn rm -rf \
  "$HOME/Music" \
  "$HOME/Public" \
  "$HOME/Templates" \
  "$HOME/.bash_history" \
  "$HOME/.bash_logout" \
  "$HOME/.bashrc" \
  "$HOME/.lesshst" \
  "$HOME/.wget-hsts"

 log "All done. Start zsh now with:  exec zsh"
diff --git a/no_pkg_manager.sh b/no_pkg_manager.sh
 #!/usr/bin/env bash
 # packages that aren't in any package manages. They are either
 # added to `apt` or installed manually

 ### APT-added packages ###

 # Wez's Terminal emulator
 # SEE: https://wezfurlong.org/wezterm/install/linux.html#installing-on-ubuntu
 curl -fsSL https://apt.fury.io/wez/gpg.key | sudo gpg --yes --dearmor -o /usr/share/keyrings/wezterm-fury.gpg
 echo 'deb [signed-by=/usr/share/keyrings/wezterm-fury.gpg] https://apt.fury.io/wez/ * *' | sudo tee /etc/apt/sources.list.d/wezterm.list

 # Brave browser
 # SEE: https://brave.com/linux/#debian-ubuntu-mint
 sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
 echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main"|sudo tee /etc/apt/sources.list.d/brave-browser-release.list

 # fastfetch, a neofetch and screenfetch drop-in replacement
 sudo add-apt-repository -y ppa:zhangsongcui3371/fastfetch

 # install
 sudo apt update
 sudo apt install -y wezterm-nightly brave-browser fastfetch

 ### Others ###

 # deb-get
 # SEE: https://github.com/wimpysworld/deb-get#install
 curl -sL https://raw.githubusercontent.com/wimpysworld/deb-get/main/deb-get | sudo -E bash -s install deb-get

 # LaTeX
 # TeX Live is available for Ubuntu and is in the Universe repository. This will install a basic subset of TeX Live's functionality. To install the complete TeX Live distribution, install texlive-full. Installing TeX Live directly does not interfere with Ubuntu, and ensures that you have the latest releases of all TeX and LaTeX packages. The downside is that you periodically have to update your installation manually, using the TeX Live Package Manager.
 #apt install -y texlive-full # latex from ubuntu
 # NOTE: https://www.tug.org/texlive/quickinstall.html
 (cd /tmp ; \
  wget https://mirror.ctan.org/systems/texlive/tlnet/install-tl-unx.tar.gz ; \
  zcat < install-tl-unx.tar.gz | tar xf - ; \
  cd install-tl-*/ ; \
  sudo perl ./install-tl --no-interaction)
 sudo chown -R $USER:$USER /usr/local/texlive/ # change ownership to user
 # TODO: if the some packages fail, it prompts a message suggesting you to run
 # `tlmgr update --all --reinstall-forcibly-removed` to try to resintall them
 # you should create a return value handling to run it in case any package fails

 # jq: Command-line JSON processor
 # TODO: change to `install-from-gh`
 # SEE: https://github.com/tapyu/dotfiles/blob/main/scripts/.local/bin/install-from-gh
 curl --fail --location https://github.com/jqlang/jq/releases/latest/download/jq-linux-amd64 --output $HOME/.local/bin/jq
 chmod u+x $HOME/.local/bin/jq

 # xml2json
 (
  git clone https://github.com/Cheedoong/xml2json /tmp/xml2json
  cd /tmp/xml2json
  make
  mv xml2json $HOME/.local/bin
 )

 # rust
 # SEE: https://www.rust-lang.org/tools/install
 curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
 source "${XDG_DATA_HOME}/cargo/env"

 # tgpt
 curl -sSL https://raw.githubusercontent.com/aandrew-me/tgpt/main/install | bash -s /usr/local/bin # AI Chatbots in terminal without needing API keys # CAVEAT: you need a chat GPT API key from a paid account. Otherwise, you cannot make requests via the API

 # uv
 # SEE: https://docs.astral.sh/uv/#installation
 curl -LsSf https://astral.sh/uv/install.sh | sh

 # pet
 # SEE: https://github.com/knqyf263/pet
 # SEE: https://github.com/tapyu/dotfiles/blob/main/scripts/.local/bin/install-from-gh
 install-from-gh knqyf263/pet

 # aws
 # SEE: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
 curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
 unzip awscliv2.zip
 sudo ./aws/install
diff --git a/npm_install.sh b/npm_install.sh
 #!/usr/bin/env bash
 # install npm packages

 sudo npm install -g tldr
 sudo npm install -g bash-language-server
 sudo npm install -g safe-rm
diff --git a/python_packages_install.sh b/python_packages_install.sh
 #!/usr/bin/env bash
 # install Python packages

 uv tool install gprof2dot # C/C++: converts profiling output to a dot graph
 uv tool install ruff # extremely fast Python linter and code formatter, written in Rust. Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort, pydocstyle, pyupgrade, autoflake, and more, all while executing tens or hundreds of times faster than any individual tool
 uv tool install cookiecutter # Structure a Data Science Project for Maintainability
 uv tool install ocrmypdf
 uv tool install dvc # Manage and version images, audio, video, and text files in storage and organize your ML modeling process into a reproducible workflow.
	autoinstall:
	version: 1

	packages:
	- vim
	- stow # a symlink farm manager
	- pass # uses GPG keys to encrypt passwords, which are stored in `$PASSWORD_STORE_DIR` or ~/.password-store by default
	- htop
	- git
	- zsh
	- fzf # fuzzy finder CAVEAT: check if fzf version is greater than or equal to `0.48.0`, otherwise the `--zsh` option in this line https://github.com/tapyu/dotfiles/blob/4a3a599a8848a757ef6b972b65224b9678052612/zsh/.config/zsh/zshrc.sh#L73 will break. SEE: https://github.com/junegunn/fzf/issues/3703
	- apt-transport-https
	- curl # deb-get dependencies
	- lsb-release #
	- wget #
	- apt-file # search for a package that provides a specific file
	- ttf-mscorefonts-installer # Microsoft True Type Core Fonts for the Web including: Andale Mono, Arial Black, Arial (Bold, Italic, Bold Italic), Comic Sans MS (Bold), Courier New (Bold, Italic, Bold Italic), Georgia (Bold, Italic, Bold Italic), Impact, Times New Roman (Bold, Italic, Bold Italic), Trebuchet (Bold, Italic, Bold Italic), Verdana (Bold, Italic, Bold Italic), Webdings
	- libyaml-tiny-perl # HACK: fix latexindent error (see https://stackoverflow.com/a/77425816/23333162)
	- libfile-homedir-perl #
	- moreutils # This is a growing collection of the Unix tools that nobody thought to write long ago, when Unix was young -> `combine`, `pee`, `sponge`, ...
	- gawk # Full-featured GNU implementation of `awk`. The default `awk` implementation is `mawk`, which is a lightweight and fast implementation of `awk` focused on speed and minimalism. CAVEAT: `awk` should symlink to `gawk` as soon as it is installed. If it is not, run `sudo update-alternatives --config awk`
	- gh # github-cli # CAVEAT: you should run `gh auth login` before
	- hackrf # HackRF utilities
	- rar
	- unrar
	- tree
	- kdenlive
	- tesseract-ocr # required for `ocrmypdf` % SEE: https://ocrmypdf.readthedocs.io/en/latest/languages.html#installing-additional-language-packs
	- tesseract-ocr-por # to OCR in pt-br, run `ocrmypdf -l por in.pdf -o out.pdf`
	- ripgrep
	- pdfgrep
	- screenkey
	- nodejs # node.js: JavaScript runtime environment. When you install a npm package, that requires Node.js to run as it is a JavaScript-based program.
	- npm # npm: stands for "Node Package Manager." It is the default package manager for Node.js;npx: a package runner tool that comes with npm. It allows you to execute Node.js packages directly without having to install them globally or locally.
	- lua5.4 # install the Lua programming language and its package manager (LuaRocks). CAVEAT: This approach doesn't seem too consistent, 1: `lua5.4` pkg version will become absolete and there is no apprent way to install the latest lua version as there is no `lua` pkg in the `apt` command; 2- the `luarocks` pkg is compatible with `lua` of versions from 5.1 to 5.4, you must assure that `luarocks` you are using is compatible with the your `lua` version. See: https://www.reddit.com/r/lua/comments/1agh999/is_there_rustuplike_for_installing_and_managing/ https://luarocks.org/#quick-start https://www.lua.org/download.html
	- luarocks #
	- python-is-python3 # a mere symlink to /usr/bin/python
	- python3-pip # a mere symlink from `python3 -m pip` to `/usr/bin/pip`
	- rename # rename 's/search/replace/g' CLI command
	- xtrlock # keyboard locker (unlock it with the computer password)
	- cmake # C/C++: CMake
	- clang-format # C/C++: formatter
	- valgrind # C/C++: A memory profiler that can detect memory leaks, memory corruption, and other memory-related issues.
	- rclone # NOTE: for the first try, you must run `rclone config reconnect books:; rclone sync --verbose books:/books ~/books`
	- zoxide
	- cloc # count line of code (cloc): git utils to analyze the number lines in a repo (also see the online version: https://codetabs.com/count-loc/count-loc-online.html)
	- hdf5-tools # HDF5 tool suite (h5ls, h5dump, h5copy) to work with HDF5 files
	- pkg-config # HACK: fix "failed to compile cargo-update" SEE: https://github.com/sfackler/rust-openssl/issues/855
	- libssl-dev #
	# GUI
	- gnome-tweaks
	- gnuradio
	- gnome-clocks # timer, alarms, and stopwatch
	- gnome-shell-extensions
	- usb-creator-gtk # create bootable Linux USBs
	- thunderbird # an email client
	- obs-studio
	- diodon # GTK+ clipboad manager
	- nnn

	snaps: # TODO: avoid using snaps
	- name: helix # NOTE: at the moment, helix has no way to be installed on Ubuntu but via snap
	classic: true
	- name: telegram-desktop
	- name: thunderbird # NOTE: running thunderbird from the apt install prompts "Command '/usr/bin/thunderbird' requires the thunderbird snap to be installed."
	- name: zoom-client # TODO: change to deb-get. Currently, there is an issue with it. # SEE: https://github.com/wimpysworld/deb-get/issues/1542

	interactive-sections:
	- storage
	- identity

	storage:
	layout:
	name: direct

	identity:
	hostname: ${HOSTNAME}
	password: "${ADMIN_PASSWORD}"
	username: ${ADMIN_USER}
	realname: Rubem Vasconcelos Pacelli

	keyboard:
	layout: us
	toggle: null # lwin_toggle # TODO: add keyboard layout
	variant: '' # alt-intl # (?)

	locale: en_US.UTF-8 # broader configuration that defines various aspects of the system's behavior based on regional and linguistic preferences, such as language preferences, date/time formats, currency formats, and character encoding
	timezone: America/Recife

	source:
	search_drivers: true
	codecs:
	install: true
	drivers:
	install: true

	# late-commands:
	# - curtin in-target -- apt-get autoremove -y
	# - \|
	# curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/initial_settings.sh)
	# - \|
	# curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/no_pkg_manager.sh)
	# - \|
	# curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/python_packages_install.sh)
	# - \|
	# curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/deb_get_install.sh)
	# - \|
	# curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/cargo_install_crates.sh)
	# - \|
	# curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/npm_install.sh)
	# - \|
	# curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/gnome_setup.sh)
	# - \|
	# curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/gcm.sh)
	# - \|
	# curtin in-target -- bash <(curl -sSL https://gist.githubusercontent.com/tapyu/3cbf2ed896c7cdd2a675bbe1a5e4c2e8/raw/cuda.sh)


	error-commands:
	- tail -200 /var/log/syslog
	# This is a missing part that should be added to `autoinstall.yaml`
	autoinstall:

	early-commands:
	### add non-official APT packages ###
	# helix SEE: https://docs.helix-editor.com/install.html#ubuntu
	- sudo add-apt-repository ppa:maveonair/helix-editor

	# Storage configuration
	storage:
	config:
	## Define the main disk to partition
	- type: disk
	id: disk0 # label to identify and manage the disk, within the YAML configuration file, i.e., during the automated installation process
	ptable: gpt # GUID Partition Table, the modern standard for partition tables. An alternative partitioning scheme is `mbr` (Master Boot Record), the older standard.
	wipe: superblock-recursive # Determines how the disk is wiped (erased) before new partitions are created. `superblock-recursive` wipes all partition tables and filesystem superblocks on the disk to ensure it’s completely clean.
	preserve: false # Deletes all existing partitions and data on the disk.
	grub_device: true # Installs GRUB on this disk, enabling it to boot the installed operating system.
	match:
	size: largest
	## Partition
	# Boot EFI System partition
	- id: boot
	type: partition
	device: disk0
	size: 300MB
	flag: boot # `flag`'s value defines a disk-level attribute that defines how the partition should behave or be treated by the system.
	# swap partition
	- id: swap
	type: partition
	device: disk0
	size: 24GB
	flag: swap
	# root filesystem
	- id: root
	type: partition
	device: disk0
	size: 150GB
	# home directory
	- id: home
	type: partition
	device: disk0
	size: 200GB
	# leave leftover space as free
	- id: free-space
	type: partition
	device: disk0
	size: -1 # -1 uses remaining space, leaving it free

	## Format
	# swap
	- id: swap-fs
	type: format
	volume: swap
	fstype: swap
	label: SWAP
	# /boot
	- id: boot-fs
	type: format
	volume: boot
	fstype: fat32 # FAT32 (File Allocation Table 32) is a legacy file system introduced by Microsoft in 1996. It’s simple and widely supported file system primarily used for compatibility purposes across different operating systems and devices, such as: USB drives, SD cards, System boot partitions (e.g., EFI System Partition). Characteristics of FAT32: Compatibility: Works across virtually all operating systems (Windows, macOS, Linux, etc.); Simple Structure: Based on a file allocation table (FAT) that maps file locations on the disk; No Journaling: FAT32 lacks any mechanism to log changes, making it less resilient to data corruption compared to modern file systems like EXT4 or NTFS; File Size Limitation: Individual files cannot exceed 4 GB; Partition Size Limitation: Maximum partition size is 32 GB (on Windows) or larger with third-party tools.
	label: BOOT
	# root /
	- id: root-fs
	type: format
	volume: root
	fstype: ext4 # a common journaling filesystem on Linux systems due to its reliability
	label: ROOT
	# /home
	- id: home-fs
	type: format
	volume: home
	fstype: ext4
	label: HOME

	## Mount
	# /boot
	- id: boot-mnt
	type: mount
	device: boot-fs
	path: /boot
	# root /
	- id: root-mnt
	type: mount
	device: root-fs
	path: /
	# /home
	- id: home-mnt
	type: mount
	device: home-fs
	path: /home
	#!/usr/bin/env bash
	# intall Rust and its crates

	# install crates
	cargo install cargo-update # a 3th party crate to upgrade all crates (see https://stackoverflow.com/questions/34484361/does-cargo-install-have-an-equivalent-update-command)
	cargo install lsd # the next gen ls command
	cargo install bat # a cat clone with wings
	cargo install --locked typst-cli # the next LaTeX replacement (latest release)
	cargo install just # # the next Makefile replacement
	cargo install git-delta # a syntax-highlighting pager for git, diff, and grep output
	cargo install --locked navi
	cargo install juliaup # Julia installer and version multiplexer
	#!/usr/bin/env bash

	# SEE: https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html#environment-setup

	### GENERAL WORKFLOW ###
	# Nvidia GPU model -> compatible Nvidia driver version -> compatible CUDA version(s) -> supported cuDNN lib

	### about the GPU model and Nvidia driver ###

	# Your Nvidia GPU model dictates the maximum available driver version. The latest
	# version is usually the most suitable. You can install it through your operating
	# system or install it [manually](https://www.nvidia.com/en-us/drivers/). After
	# installing, make sure your Nvidia GPU is enabled and is being used by you system
	# On Linux, for example, Nouveau might be enabled and being used instead of you
	# Nvidia graphic card unit.

	### instal CUDA ###

	# The Nvidia driver version sets a range of
	# [compatible CUDA versions](https://docs.nvidia.com/deploy/cuda-compatibility/minor-version-compatibility.html#id1).
	# You should choose the CUDA version that matches with the minimum version
	# requirements in the first table, but is compatible with you installed Nvidia Driver.

	# download the latest CUDA version from https://developer.nvidia.com/cuda-downloads
	# or get a specific CUDA version in the archive: https://developer.nvidia.com/cuda-toolkit-archive
	# prefer to use the runfile install option
	# For Tensorflow, you can check the minimum (they are backward compatible)
	# CUDA version in https://www.tensorflow.org/install/source#gpu
	wget https://developer.download.nvidia.com/compute/cuda/12.5.0/local_installers/cuda_12.5.0_555.42.02_linux.run
	# NOTE: every CUDA installation file bundles a specific NVIDIA driver version.
	# You may want to install that driver or keep with your already installed driver.
	# In the last case, you should continue and uncheck the bundled NVIDIA driver install.
	# NOTE: don't check the `nvidia-fs` kernel objects. It is not necessary unless for
	# server stuffs and requires DKMS and MOFED. The last one is very dangerous as it may
	# replaces several kernel networking components and can break Wi-Fi, Ethernet, Docker,
	# and your whole networking stack if installed on an unsupported system.
	# NOTE: Once CUDA is installed, you should able to run `nvcc --version`
	# NOTE: if installed via runfile, to uninstall the CUDA Toolkit, run `cuda-uninstaller`,
	# located in /usr/local/cuda-12.5/bin
	sudo sh cuda_12.5.0_555.42.02_linux.run

	# CAVEAT: you should add the environment variables `PATH` and `LD` in `.profile` to the same CUDA version you are installing. E,g.:
	#export PATH=/usr/local/cuda-12.5/bin${PATH:+:${PATH}}
	#export LD_LIBRARY_PATH=/usr/local/cuda-12.5/targets/x86_64-linux/lib:/usr/local/cuda-12.5/lib64${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}

	### install cuDNN ###

	# Your installed CUDA version dictates the
	# [compatible versions for the cuDNN library](https://docs.nvidia.com/deeplearning/cudnn/backend/latest/reference/support-matrix.html#gpu-cuda-toolkit-and-cuda-driver-requirements)

	# download the latest cuDNN from https://developer.nvidia.com/cudnn-downloads
	# or get a specific cuDNN version in the archive: https://developer.nvidia.com/cudnn-archive
	# CAVEAT: For cuDNN installation, prefer tarball as the debfiles presented an incorrect version.
	wget https://developer.download.nvidia.com/compute/cudnn/redist/cudnn/linux-x86_64/cudnn-linux-x86_64-9.3.0.75_cuda12-archive.tar.xz
	tar xvf cudnn-linux-x86_64-9.3.0.75_cuda12-archive.tar.xz
	sudo rsync -av --progress cudnn-linux-x86_64-9.3.0.75_cuda12-archive/include/* /usr/local/cuda-12.5/include/
	sudo rsync -av --progress cudnn-linux-x86_64-9.3.0.75_cuda12-archive/lib/* /usr/local/cuda-12.5/lib64/

	sudo chmod a+r /usr/local/cuda-12.5/include/cudnn*.h
	sudo chmod a+r /usr/local/cuda-12.5/lib64/libcudnn*

	sudo ldconfig
	#!/usr/bin/env bash
	# install deb-get packages

	# deb-get packages
	deb-get install docker-ce
	deb-get install code
	deb-get install sublime-text
	deb-get install master-pdf-editor-5
	deb-get install discord
	deb-get install zotero
	deb-get install gcm # git-credential-manager: authenticates remote repos (e.g., GitHub) using a private GPG key + `pass` to automatically interact with them (via git clone, git push, etc.) without requesting password. This approach diregards tokens or similar.
	deb-get install protonvpn # NOTE: if it fails, see https://github.com/wimpysworld/deb-get/issues/975
	#!/usr/bin/env bash
	# setup remote authentications via git-credential-manager
	# it expects that `pass` and `git-credential-manager`, and `curl` are installed

	# get the private GPG key (a private key inherently contains the public key inside it)
	curl --proto '=https' --tlsv1.2 --fail --location --silent --show-error https://gist.githubusercontent.com/tapyu/c97a537285cdd3171dbaf1f79b3d1862/raw/git_credential_manager.asc \| gpg --import

	# set the trust level to ultimate trust (`gpg --list-keys --with-colons D10457955454C163 \| grep ^pub` should prompt `pub:u:4096:1:D10457955454C163:...`, where u means ultimate trust)
	echo -e "5\ny\n" \| gpg --command-fd 0 --edit-key D10457955454C163 trust

	# set `pass` to use that GPG key
	pass init git-credential-manager # CAVEAT: it expects that `pass` is installed

	# says to git this it should use `pass`+GPG keys (it is redundant if `$GCM_CREDENTIAL_STORE` is set to `gpg`)
	git config --global credential.credentialStore gpg

	# set git to use git-credential-manager to authenticate the login
	git config --global credential.helper manager

	# NOTE: now, a pop-up window should appear in the first login

	# set username
	git config --global user.name tapyu

	# set email
	git config --global user.email [email protected]
	#!/usr/bin/env bash
	# set up Gnome Desktop Environment

	### GNOME default applications ###
	gsettings set org.gnome.desktop.default-applications.terminal exec '/usr/bin/wezterm start --always-new-process'
	xdg-mime default net.code-industry.masterpdfeditor5.desktop application/pdf # pdf
	xdg-settings set default-web-browser brave-browser.desktop # browser

	### GNOME extensions ###
	# List of extension URLs (replace with more URLs as needed)
	urls=(
	'https://extensions.gnome.org/extension/28/gtile/'
	'https://extensions.gnome.org/extension/517/caffeine/'
	'https://extensions.gnome.org/extension/545/hide-top-bar/'
	)

	# Loop through each URL
	for url in "${urls[@]}"; do
	echo "url = ${url}"
	# get package metadata
	id=$(echo "${url}" \| cut --delimiter=/ --fields=5)
	url_pkg_metadata="https://extensions.gnome.org/extension-info/?pk=${id}"
	# Extract data for each extension
	uuid=$(curl -s "$url_pkg_metadata" \| jq -r '.uuid' \| tr -d '@')
	latest_extension_version=$(curl -s "$url_pkg_metadata" \| jq -r '.shell_version_map \| to_entries \| max_by(.value.version) \| .value.version')
	latest_shell_version=$(curl -s "$url_pkg_metadata" \| jq -r '.shell_version_map \| to_entries \| max_by(.value.version) \| .key')

	# get package
	filename="${uuid}.v${latest_extension_version}.shell-extension.zip"
	url_pkg="https://extensions.gnome.org/extension-data/${filename}"
	wget -P /tmp "${url_pkg}"
	# install package
	gnome-extensions install "/tmp/${filename}"

	# Print the results
	# echo "For URL: $url"
	# echo "UUID: $uuid"
	# echo "Latest extension version: $latest_extension_version"
	# echo "Latest shell version: $latest_shell_version"
	# echo "--------------------------------------"
	done

	### GNOME gsettings shortcuts ###
	# get more ideas here: https://blog.programster.org/using-the-cli-to-set-custom-keyboard-shortcuts
	# write your solution here: https://askubuntu.com/questions/597395/how-to-set-custom-keyboard-shortcuts-from-terminal
	# TODO: befere binding a shortcut to a command, you should remove this binding from other commands if there exists a link
	KEY_PATH="/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings"
	gsettings set org.gnome.settings-daemon.plugins.media-keys custom-keybindings \
	"['$KEY_PATH/custom0/', '$KEY_PATH/custom1/', '$KEY_PATH/custom2/']" # add more into this list for more shortcuts
	# xtrlock
	gsettings set org.gnome.settings-daemon.plugins.media-keys.custom-keybinding:$KEY_PATH/custom0/ name "Lock keyboard"
	gsettings set org.gnome.settings-daemon.plugins.media-keys.custom-keybinding:$KEY_PATH/custom0/ command "'/usr/bin/xtrlock'"
	gsettings set org.gnome.settings-daemon.plugins.media-keys.custom-keybinding:$KEY_PATH/custom0/ binding "<Super><Control>l"
	# diodon
	gsettings set org.gnome.shell.keybindings toggle-message-tray "[]" # unset the default keybind to "<Super>V"
	gsettings set org.gnome.settings-daemon.plugins.media-keys.custom-keybinding:$KEY_PATH/custom1/ name "diodon"
	gsettings set org.gnome.settings-daemon.plugins.media-keys.custom-keybinding:$KEY_PATH/custom1/ command "diodon"
	gsettings set org.gnome.settings-daemon.plugins.media-keys.custom-keybinding:$KEY_PATH/custom1/ binding "<Super>V"

	### GNOME settings###
	# isolate workspaces
	gsettings set org.gnome.shell.app-switcher current-workspace-only true
	gsettings set org.gnome.shell.extensions.dash-to-dock isolate-workspaces true
	# TODO: mute alert sounds (`gsettings set org.gnome.desktop.sound event-sounds false` is not working anymore)

	# enable overamplification https://www.reddit.com/r/gnome/comments/exfhc4/overamplification_extension/fgbf9j2/?utm_source=share&utm_medium=web2x&context=3
	gsettings set org.gnome.desktop.sound allow-volume-above-100-percent 'true'
	# mute system sounds (like the screenshot sound)
	gsettings set org.gnome.desktop.sound event-sounds false
	# disable animations
	gsettings set org.gnome.desktop.interface enable-animations false
	# unset the anoying IBus emoji insert (see https://superuser.com/questions/1687342/what-is-my-x11-doing-with-ctrl-period-and-how-can-i-disable-it)
	gsettings set org.freedesktop.ibus.panel.emoji hotkey "@as []" # @as indicates that the value is of "array of strings" type (GSettings and dconf are strongly-typed, but usually guess the type from the value itself – but an empty [] only tells them that it's an array-of-something)
	# dark theme
	gsettings set org.gnome.desktop.interface color-scheme 'prefer-dark'
	# autohide docker
	gsettings set org.gnome.shell.extensions.dash-to-dock dock-fixed false
	gsettings set org.gnome.shell.extensions.dash-to-dock autohide true
	#!/usr/bin/env bash
	# initial_settings.sh — robust & idempotent

	# Exit immediately on errors (-e), treat unset vars as errors (-u),
	# propagate errors in pipelines (-o pipefail), and make ERR traps inherit (-E)
	set -Eeuo pipefail

	log() { printf "\n\033[1m%s\033[0m\n" "$*"; }
	need() { command -v "$1" >/dev/null 2>&1 \|\| { sudo apt-get update -y; sudo apt-get install -y "$1"; }; }
	try_or_warn() { # run a command; never abort script on failure
	set +e
	"$@"
	local rc=$?
	set -e
	if [ $rc -ne 0 ]; then
	echo "WARN: '$*' failed with code $rc — continuing."
	fi
	return 0
	}

	# -----------------------------
	# 0) Ensure prerequisites
	# -----------------------------
	need wget
	need git
	need stow
	need curl
	need unzip
	need fontconfig

	# -----------------------------
	# 1) Ensure zsh and set as login shell
	# -----------------------------
	if ! command -v zsh >/dev/null 2>&1; then
	log "Installing zsh…"
	sudo apt-get install -y zsh
	fi

	if [ "${SHELL##*/}" != "zsh" ]; then
	log "Changing login shell to zsh…"
	# First try without sudo (PAM)
	if ! try_or_warn chsh -s "$(command -v zsh)" "$USER"; then :; fi
	# Fallback with usermod (bypasses PAM)
	try_or_warn sudo usermod --shell "$(command -v zsh)" "$USER"
	fi

	mkdir -p "$HOME/.local/state/zsh" # zsh history dir

	# -----------------------------
	# 2) Install Meslo Nerd Fonts (user-local)
	# -----------------------------
	log "Installing Meslo patched Nerd Fonts into ~/.local/share/fonts…"
	fonts_dir="$HOME/.local/share/fonts"
	mkdir -p "$fonts_dir"

	for name in Regular Italic Bold "Bold Italic"; do
	file="MesloLGMDZNerdFont-${name// /}.ttf"
	url="https://github.com/ryanoasis/nerd-fonts/raw/master/patched-fonts/Meslo/M-DZ/${name// /-}/MesloLGMDZNerdFont-${name// /}.ttf"
	if [[ ! -f "$fonts_dir/$file" ]]; then
	try_or_warn wget -q -O "$fonts_dir/$file" "$url"
	fi
	done

	try_or_warn fc-cache -f
	log "Meslo fonts step done."

	# -----------------------------
	# 3) Configure symlinks with GNU Stow (ALWAYS runs)
	# -----------------------------
	log "Configuring dotfiles with stow…"
	mkdir -p "$HOME/git"

	if [[ ! -d "$HOME/git/dotfiles" ]]; then
	try_or_warn bash -c 'cd "$HOME/git" && git clone --recurse-submodules https://github.com/tapyu/dotfiles'
	else
	try_or_warn bash -c 'cd "$HOME/git/dotfiles" && git pull --rebase && git submodule update --init --recursive'
	fi

	# Stow each top-level directory (ignore failures, continue)
	if [[ -d "$HOME/git/dotfiles" ]]; then
	(
	cd "$HOME/git/dotfiles"
	# shellcheck disable=SC2045
	for d in $(ls -1d */ 2>/dev/null \| sed 's#/##'); do
	log "Preparing to stow package '$d'…"

	# Remove any conflicting regular files in $HOME that this package would overwrite
	# (existing non-symlink, non-directory targets like ~/.profile, ~/.bashrc, etc.)
	while IFS= read -r relpath; do
	# relpath is relative path inside the package (e.g. ".profile", ".config/zsh/.zshrc")
	target="$HOME/$relpath"
	if [[ -f "$target" && ! -L "$target" ]]; then
	echo "Removing existing regular file '$target' (conflicts with package '$d')…"
	try_or_warn rm -f "$target"
	fi
	done < <(cd "$d" && find . -type f -printf '%P\n')

	# Now actually stow the package
	try_or_warn stow --verbose=1 --target="$HOME" "$d"
	done
	)
	fi

	log "Symlinks configured."

	# -----------------------------
	# 4) OPTIONAL: WPS Office symbol fonts fix (non-fatal)
	# -----------------------------
	log "Optional: installing WPS symbol fonts (will skip on error)…"
	tmp_zip="/tmp/wps_symbol_fonts.zip"
	dest_dir="/usr/share/fonts/kingsoft"
	try_or_warn sudo mkdir -p "$dest_dir"

	# You may replace this URL with your own vetted bundle
	try_or_warn wget -q -O "$tmp_zip" "https://github.com/iamdh4/ttf-wps-fonts/archive/refs/heads/master.zip"
	try_or_warn sudo unzip -o -q "$tmp_zip" -d "$dest_dir"
	try_or_warn sudo fc-cache -f

	# -----------------------------
	# 5) Remove default/unused dirs (safe)
	# -----------------------------
	log "Removing default/unused files and directories…"
	try_or_warn rm -rf \
	"$HOME/Music" \
	"$HOME/Public" \
	"$HOME/Templates" \
	"$HOME/.bash_history" \
	"$HOME/.bash_logout" \
	"$HOME/.bashrc" \
	"$HOME/.lesshst" \
	"$HOME/.wget-hsts"

	log "All done. Start zsh now with: exec zsh"
	#!/usr/bin/env bash
	# packages that aren't in any package manages. They are either
	# added to `apt` or installed manually

	### APT-added packages ###

	# Wez's Terminal emulator
	# SEE: https://wezfurlong.org/wezterm/install/linux.html#installing-on-ubuntu
	curl -fsSL https://apt.fury.io/wez/gpg.key \| sudo gpg --yes --dearmor -o /usr/share/keyrings/wezterm-fury.gpg
	echo 'deb [signed-by=/usr/share/keyrings/wezterm-fury.gpg] https://apt.fury.io/wez/ * *' \| sudo tee /etc/apt/sources.list.d/wezterm.list

	# Brave browser
	# SEE: https://brave.com/linux/#debian-ubuntu-mint
	sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
	echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main"\|sudo tee /etc/apt/sources.list.d/brave-browser-release.list

	# fastfetch, a neofetch and screenfetch drop-in replacement
	sudo add-apt-repository -y ppa:zhangsongcui3371/fastfetch

	# install
	sudo apt update
	sudo apt install -y wezterm-nightly brave-browser fastfetch

	### Others ###

	# deb-get
	# SEE: https://github.com/wimpysworld/deb-get#install
	curl -sL https://raw.githubusercontent.com/wimpysworld/deb-get/main/deb-get \| sudo -E bash -s install deb-get

	# LaTeX
	# TeX Live is available for Ubuntu and is in the Universe repository. This will install a basic subset of TeX Live's functionality. To install the complete TeX Live distribution, install texlive-full. Installing TeX Live directly does not interfere with Ubuntu, and ensures that you have the latest releases of all TeX and LaTeX packages. The downside is that you periodically have to update your installation manually, using the TeX Live Package Manager.
	#apt install -y texlive-full # latex from ubuntu
	# NOTE: https://www.tug.org/texlive/quickinstall.html
	(cd /tmp ; \
	wget https://mirror.ctan.org/systems/texlive/tlnet/install-tl-unx.tar.gz ; \
	zcat < install-tl-unx.tar.gz \| tar xf - ; \
	cd install-tl-*/ ; \
	sudo perl ./install-tl --no-interaction)
	sudo chown -R $USER:$USER /usr/local/texlive/ # change ownership to user
	# TODO: if the some packages fail, it prompts a message suggesting you to run
	# `tlmgr update --all --reinstall-forcibly-removed` to try to resintall them
	# you should create a return value handling to run it in case any package fails

	# jq: Command-line JSON processor
	# TODO: change to `install-from-gh`
	# SEE: https://github.com/tapyu/dotfiles/blob/main/scripts/.local/bin/install-from-gh
	curl --fail --location https://github.com/jqlang/jq/releases/latest/download/jq-linux-amd64 --output $HOME/.local/bin/jq
	chmod u+x $HOME/.local/bin/jq

	# xml2json
	(
	git clone https://github.com/Cheedoong/xml2json /tmp/xml2json
	cd /tmp/xml2json
	make
	mv xml2json $HOME/.local/bin
	)

	# rust
	# SEE: https://www.rust-lang.org/tools/install
	curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \| sh -s -- -y
	source "${XDG_DATA_HOME}/cargo/env"

	# tgpt
	curl -sSL https://raw.githubusercontent.com/aandrew-me/tgpt/main/install \| bash -s /usr/local/bin # AI Chatbots in terminal without needing API keys # CAVEAT: you need a chat GPT API key from a paid account. Otherwise, you cannot make requests via the API

	# uv
	# SEE: https://docs.astral.sh/uv/#installation
	curl -LsSf https://astral.sh/uv/install.sh \| sh

	# pet
	# SEE: https://github.com/knqyf263/pet
	# SEE: https://github.com/tapyu/dotfiles/blob/main/scripts/.local/bin/install-from-gh
	install-from-gh knqyf263/pet

	# aws
	# SEE: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
	curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
	unzip awscliv2.zip
	sudo ./aws/install
	#!/usr/bin/env bash
	# install npm packages

	sudo npm install -g tldr
	sudo npm install -g bash-language-server
	sudo npm install -g safe-rm