Refactor/flake dedup and wsl input (#3)

* fix: configure docker for EDaaS WSL VDI

Enable rootful docker with the Docker Desktop proxy patch, add emmathorpe to the docker group, disable resolvconf and enable nix-ld.

* feat: flesh out work module and pin claude-code to nixpkgs unstable

Migrate git config to the settings option, fix the signing key path and email, add argo-rollouts/google-cloud-sdk and other tooling, and enable go. claude-code is sourced from the nixpkgs-unstable overlay.

* chore: update personal git, delta and editor config

Move git config to the settings option, switch to the standalone programs.delta module with git integration, add commitizen, and treat Jenkinsfiles as groovy.

* refactor: dedupe flake with mkHost and add nixos-wsl flake input

Extract a shared mkHost helper to remove duplicated home-manager scaffolding, add nixos-wsl as a flake input so the EDaaS host builds without --impure, source claude-code via a nixpkgs-unstable overlay, and expose a nixfmt formatter output.

* style: format nix files with nixfmt

* refactor: migrate to stable nixpkgs 26.05 and track upstream asahi flake

Pin nixpkgs to nixos-26.05 and home-manager to release-26.05; claude-code stays bleeding-edge via the nixpkgs-unstable overlay.

Centralize allowUnfree and experimental-features in mkHost and pin nix.registry/nixPath to the flake nixpkgs.

Replace the vendored apple-silicon-support module with the nixos-apple-silicon flake input, dropping ~8.8k lines of vendored code.

Fix stable-induced package renames: neofetch -> fastfetch, noto-fonts-emoji -> noto-fonts-color-emoji.

* refactor: adopt flake-parts with host table and scoped unfree

Wrap outputs in flake-parts.lib.mkFlake, replacing forAllSystems boilerplate with systems + perSystem. Drop the unused self argument.

Collapse the three mkHost calls into a hosts attrset mapped with lib.mapAttrs; adding a machine is now a single table entry.

Replace blanket allowUnfree with an allowUnfreePredicate allowlist (claude-code, lens). Add devShells.default (nixfmt, nil, git) and a checks.formatting nixfmt --check gate.

* docs(flake): annotate inputs, mkHost, host table and perSystem

Explanatory comments only; no eval change (drvPath identical).

* refactor(home): split home-manager into focused modules; clarify desktop scope

Break the home.nix monolith into emmathorpe/home/{default,shell,git,editor,desktop}.nix. The host table now composes desktop.nix onto graphical hosts only, so element-desktop, the Sway session vars and cursor theme are no longer installed on the headless WSL host.

Consolidate chat apps: legcord moves from user.nix (system) into the home desktop module alongside element-desktop. The tty1 'exec sway' autostart moves into desktop.nix so it never runs on headless hosts.

Desktop functionality: add xdg.portal (wlr + gtk) in swaywm.nix to enable screen sharing and native file pickers for Element and Firefox under wlroots.

* feat(desktop): declarative Sway config with idle-lock, notifications and bar

Add emmathorpe/home/sway.nix managing wayland.windowManager.sway (package = null, reusing the system Sway wrapper) plus swaylock, swayidle, dunst and an i3status-rust bar. home-manager's systemd integration wires sway-session.target so the swayidle/dunst user services start with the session.

swayidle locks after 5 min, powers outputs off after 10, and locks before sleep. Media/brightness keys use wpctl (pipewire) and brightnessctl; the launcher is sway-launcher-desktop in a floating foot window; keyboard is set to dvorak to match the console.

Move swaylock/swayidle/dunst/i3status-rust out of the system programs.sway extraPackages (now home-managed). Add security.pam.services.swaylock on the MBP host so the lock screen can authenticate (X1 already had it with fingerprint auth).

---------

Co-authored-by: Emma Thorpe <emma.thorpe@citrix.com>

emmathorpe/home.nix

@@ -1,103 +0,0 @@
-{ config, pkgs, inputs, lib, ... }:
-
-{
-	programs.zsh = { 
-		enable = true;
-		enableCompletion = true;
-		enableVteIntegration = true;
-		autosuggestion.enable = true;
-		historySubstringSearch.enable = true;
-		history.append = true;
-		oh-my-zsh = {
-			enable = true;
-			plugins = [ "git" "man" "history-substring-search" ];
-			theme = "robbyrussell";
-		};
-		syntaxHighlighting.enable = true;
-		initContent = lib.mkOrder 1500 ''
-			if [ -z $DISPLAY ] && [ "$(tty)" = "/dev/tty1" ]; then
-				exec sway
-			fi
-			if [ "$SSH_CLIENT" ] || [ "$SSH_TTY" ]; then
-				export PS1=%M\ $PS1
-			fi
-		'';
-		envExtra = ''
-			alias cls=clear
-		'';
-	};
-	programs.tmux = {
-		enable = true;
-		reverseSplit = true;
-		terminal = "tmux-direct";
-		newSession = true;
-		keyMode = "vi";
-    historyLimit = 50000;
-    mouse = true;
-		extraConfig = ''
-			# Set pane navigation
-			bind -n M-Left select-pane -L
-			bind -n M-Right select-pane -R
-			bind -n M-Up select-pane -U
-			bind -n M-Down select-pane -D
-		'';
-	};
-	home.stateVersion = "25.05";
-	home.pointerCursor = {
-	  gtk.enable = true;
-	  x11 = {
-		  enable = true;
-		  defaultCursor = "Adwaita";
-	  };
-    package = pkgs.adwaita-icon-theme;
-    name = "Adwaita";
-    size = 24;
-	};
-	home.packages = [
-    pkgs.element-desktop
-    pkgs.commitizen
-	];
-	home.sessionVariables = {
-		MOZ_USE_XINPUT2 = "1";
-  	# only needed for Sway
-  	XDG_CURRENT_DESKTOP = "sway"; 
-	};
-	programs.vim = {
-		enable = true;
-    defaultEditor = true;
-    plugins = with pkgs.vimPlugins; [ nerdtree ale vim-fugitive vim-indent-guides ];
-    settings = {
-      expandtab = false;
-      tabstop = 2;
-      shiftwidth = 2;
-    };
-    extraConfig = ''
-      let g:indent_guides_enable_on_vim_startup = 1
-      if v:version < 802
-        packadd! peaksea
-      endif
-      syntax enable
-      colorscheme peaksea
-      set termguicolors
-      set background=dark
-      au BufNewFile,BufRead *Jenkinsfile setf groovy
-      '';
-  };
-  programs.git = {
-    enable = true;
-    package = pkgs.gitFull;
-    settings = {
-      user.name = "Emma Thorpe";
-      push = {
-        autoSetupRemote = true;
-      };
-      init = {
-        defaultBranch = "main";
-      };
-    };
-  };
-  programs.delta = {
-    enable = true;
-    enableGitIntegration = true;
-  };
-}

emmathorpe/home/default.nix

@@ -0,0 +1,13 @@
+# Base home-manager profile, shared by every host (graphical or headless).
+# Graphical hosts additionally import ./desktop.nix; the work host imports
+# ../../system/modules/work/default.nix. See the host table in flake.nix.
+{ ... }:
+{
+  imports = [
+    ./shell.nix
+    ./git.nix
+    ./editor.nix
+  ];
+
+  home.stateVersion = "25.05";
+}

emmathorpe/home/desktop.nix

@@ -0,0 +1,39 @@
+# Graphical desktop layer: GUI apps, Wayland session env, cursor theme, and the
+# tty1 Sway autostart. Imported only on hosts that run Sway (MBP, X1); never
+# pulled onto the headless WSL host.
+{ pkgs, lib, ... }:
+{
+  imports = [
+    ./sway.nix
+  ];
+
+  home.packages = [
+    pkgs.element-desktop
+    pkgs.legcord
+    #pkgs.plex-desktop
+    #pkgs.plexamp
+  ];
+
+  home.sessionVariables = {
+    MOZ_USE_XINPUT2 = "1";
+    XDG_CURRENT_DESKTOP = "sway";
+  };
+
+  home.pointerCursor = {
+    gtk.enable = true;
+    x11 = {
+      enable = true;
+      defaultCursor = "Adwaita";
+    };
+    package = pkgs.adwaita-icon-theme;
+    name = "Adwaita";
+    size = 24;
+  };
+
+  # Start Sway automatically on the first virtual terminal.
+  programs.zsh.initContent = lib.mkOrder 1500 ''
+    if [ -z "$DISPLAY" ] && [ "$(tty)" = "/dev/tty1" ]; then
+      exec sway
+    fi
+  '';
+}

emmathorpe/home/editor.nix

@@ -0,0 +1,30 @@
+# Editor: vim as the default $EDITOR. Wanted on every host.
+{ pkgs, ... }:
+{
+  programs.vim = {
+    enable = true;
+    defaultEditor = true;
+    plugins = with pkgs.vimPlugins; [
+      nerdtree
+      ale
+      vim-fugitive
+      vim-indent-guides
+    ];
+    settings = {
+      expandtab = false;
+      tabstop = 2;
+      shiftwidth = 2;
+    };
+    extraConfig = ''
+      let g:indent_guides_enable_on_vim_startup = 1
+      if v:version < 802
+        packadd! peaksea
+      endif
+      syntax enable
+      colorscheme peaksea
+      set termguicolors
+      set background=dark
+      au BufNewFile,BufRead *Jenkinsfile setf groovy
+    '';
+  };
+}

emmathorpe/home/git.nix

@@ -0,0 +1,27 @@
+# Version control: git + delta pager + commitizen. The work host layers
+# commit signing and an email override on top (see work/default.nix).
+{ pkgs, ... }:
+{
+  home.packages = [
+    pkgs.commitizen
+  ];
+
+  programs.git = {
+    enable = true;
+    package = pkgs.gitFull;
+    settings = {
+      user.name = "Emma Thorpe";
+      push = {
+        autoSetupRemote = true;
+      };
+      init = {
+        defaultBranch = "main";
+      };
+    };
+  };
+
+  programs.delta = {
+    enable = true;
+    enableGitIntegration = true;
+  };
+}

emmathorpe/home/shell.nix

@@ -0,0 +1,50 @@
+# Interactive shell: zsh + tmux. Wanted on every host.
+{ lib, ... }:
+{
+  programs.zsh = {
+    enable = true;
+    enableCompletion = true;
+    enableVteIntegration = true;
+    autosuggestion.enable = true;
+    historySubstringSearch.enable = true;
+    history.append = true;
+    oh-my-zsh = {
+      enable = true;
+      plugins = [
+        "git"
+        "man"
+        "history-substring-search"
+      ];
+      theme = "robbyrussell";
+    };
+    syntaxHighlighting.enable = true;
+    # Prefix the prompt with the hostname over SSH. The graphical autostart
+    # (exec sway on tty1) lives in ./desktop.nix so it never runs on headless
+    # hosts.
+    initContent = lib.mkOrder 1500 ''
+      if [ "$SSH_CLIENT" ] || [ "$SSH_TTY" ]; then
+        export PS1="%M $PS1"
+      fi
+    '';
+    envExtra = ''
+      alias cls=clear
+    '';
+  };
+
+  programs.tmux = {
+    enable = true;
+    reverseSplit = true;
+    terminal = "tmux-direct";
+    newSession = true;
+    keyMode = "vi";
+    historyLimit = 50000;
+    mouse = true;
+    extraConfig = ''
+      # Alt+Arrow pane navigation
+      bind -n M-Left select-pane -L
+      bind -n M-Right select-pane -R
+      bind -n M-Up select-pane -U
+      bind -n M-Down select-pane -D
+    '';
+  };
+}

emmathorpe/home/sway.nix

@@ -0,0 +1,133 @@
+# Declarative Sway window manager, status bar, lock, idle and notifications.
+# Imported via ./desktop.nix, so only graphical hosts get it.
+#
+# The compositor binary, PAM and polkit integration come from the system-level
+# programs.sway (see ../swaywm.nix); package = null below reuses it instead of
+# pulling a second Sway. home-manager owns the user config (~/.config/sway) and
+# wires the systemd user session (sway-session.target), which is what lets the
+# swayidle/dunst user services start with the desktop.
+{ pkgs, lib, ... }:
+{
+  wayland.windowManager.sway = {
+    enable = true;
+    package = null;
+    # `sway --validate` needs a real package; skip it since package = null.
+    checkConfig = false;
+    config = rec {
+      modifier = "Mod4";
+      terminal = "${pkgs.foot}/bin/foot";
+      # Launcher: sway-launcher-desktop running inside a floating foot window.
+      menu = "${pkgs.foot}/bin/foot --app-id=launcher ${pkgs.sway-launcher-desktop}/bin/sway-launcher-desktop";
+
+      input."type:keyboard".xkb_layout = "dvorak";
+
+      window.commands = [
+        {
+          criteria.app_id = "launcher";
+          command = "floating enable, resize set 800 500";
+        }
+      ];
+
+      bars = [
+        {
+          position = "top";
+          statusCommand = "${pkgs.i3status-rust}/bin/i3status-rs ~/.config/i3status-rust/config-default.toml";
+          fonts = {
+            names = [
+              "Noto Sans"
+              "Font Awesome 6 Free"
+            ];
+            size = 11.0;
+          };
+        }
+      ];
+
+      keybindings = lib.mkOptionDefault {
+        "${modifier}+l" = "exec ${pkgs.swaylock}/bin/swaylock -f";
+        "Print" = "exec ${pkgs.grim}/bin/grim ~/screenshot-$(date +%F-%H%M%S).png";
+        "XF86MonBrightnessUp" = "exec ${pkgs.brightnessctl}/bin/brightnessctl set 5%+";
+        "XF86MonBrightnessDown" = "exec ${pkgs.brightnessctl}/bin/brightnessctl set 5%-";
+        "XF86AudioRaiseVolume" = "exec ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+";
+        "XF86AudioLowerVolume" = "exec ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-";
+        "XF86AudioMute" = "exec ${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
+      };
+    };
+  };
+
+  programs.swaylock = {
+    enable = true;
+    settings = {
+      color = "1e1e2e";
+      indicator-radius = 100;
+      indicator-thickness = 7;
+      show-failed-attempts = true;
+    };
+  };
+
+  # Lock on idle, turn screens off shortly after, and lock before sleep.
+  services.swayidle = {
+    enable = true;
+    timeouts = [
+      {
+        timeout = 300;
+        command = "${pkgs.swaylock}/bin/swaylock -f";
+      }
+      {
+        timeout = 600;
+        command = "${pkgs.sway}/bin/swaymsg 'output * power off'";
+        resumeCommand = "${pkgs.sway}/bin/swaymsg 'output * power on'";
+      }
+    ];
+    events = {
+      before-sleep = "${pkgs.swaylock}/bin/swaylock -f";
+      lock = "${pkgs.swaylock}/bin/swaylock -f";
+    };
+  };
+
+  services.dunst = {
+    enable = true;
+    settings = {
+      global = {
+        font = "Noto Sans 11";
+        frame_color = "#89b4fa";
+        separator_color = "frame";
+        offset = "10x10";
+        corner_radius = 5;
+      };
+      urgency_critical = {
+        frame_color = "#fab387";
+        timeout = 0;
+      };
+    };
+  };
+
+  programs.i3status-rust = {
+    enable = true;
+    bars.default = {
+      theme = "gruvbox-dark";
+      icons = "awesome6";
+      blocks = [
+        {
+          block = "disk_space";
+          path = "/";
+          format = " $icon $available ";
+        }
+        {
+          block = "memory";
+          format = " $icon $mem_used_percents ";
+        }
+        {
+          block = "cpu";
+          interval = 2;
+        }
+        { block = "sound"; }
+        { block = "battery"; }
+        {
+          block = "time";
+          interval = 5;
+          format = " $timestamp.datetime(f:'%a %d/%m %R') ";
+        }
+      ];
+    };
+  };
+}

emmathorpe/swaywm.nix

@@ -1,35 +1,58 @@
-{ config, lib, options, pkgs, ... }:
+{
+  config,
+  lib,
+  options,
+  pkgs,
+  ...
+}:
 
-let 
-	cfg = config.features.swayDesktop;
+let
+  cfg = config.features.swayDesktop;
 in
 {
-	options = {
-		features.swayDesktop.enable = lib.mkEnableOption "Enable Sway Desktop";
-	};
-	config = lib.mkIf cfg.enable {
-		programs.sway = {
-			enable = true;
-			wrapperFeatures.gtk = true;
-			extraSessionCommands = ''
-				# QT
-        export QT_QPA_PLATFORM="wayland;xcb"
-        export QT_QPA_PLATFORMTHEME=qt5ct
-				# SDL
-        export SDL_VIDEODRIVER=wayland
-				# Java
-        export _JAVA_AWT_WM_NONREPARENTING=1
-				# Misc
-        export CLUTTER_BACKEND=wayland
-        export WINIT_UNIX_BACKEND=x11
-        export MOZ_ENABLE_WAYLAND=1
-			'';
-			extraPackages = with pkgs; [ brightnessctl foot grim swayidle swaylock i3status-rust sway-launcher-desktop dunst pavucontrol ];
-		};
-		fonts.packages = with pkgs; [
-			noto-fonts
-			noto-fonts-emoji
-			font-awesome
-		];
-	};
+  options = {
+    features.swayDesktop.enable = lib.mkEnableOption "Enable Sway Desktop";
+  };
+  config = lib.mkIf cfg.enable {
+    programs.sway = {
+      enable = true;
+      wrapperFeatures.gtk = true;
+      extraSessionCommands = ''
+        				# QT
+                export QT_QPA_PLATFORM="wayland;xcb"
+                export QT_QPA_PLATFORMTHEME=qt5ct
+        				# SDL
+                export SDL_VIDEODRIVER=wayland
+        				# Java
+                export _JAVA_AWT_WM_NONREPARENTING=1
+        				# Misc
+                export CLUTTER_BACKEND=wayland
+                export WINIT_UNIX_BACKEND=x11
+                export MOZ_ENABLE_WAYLAND=1
+        			'';
+      # Core Wayland utilities. The lock screen, idle daemon, status bar and
+      # notification daemon are configured per-user in home/sway.nix.
+      extraPackages = with pkgs; [
+        brightnessctl
+        foot
+        grim
+        sway-launcher-desktop
+        pavucontrol
+      ];
+    };
+    fonts.packages = with pkgs; [
+      noto-fonts
+      noto-fonts-color-emoji
+      font-awesome
+    ];
+
+    # Desktop portals: enables screen sharing (wlroots) and native file pickers
+    # for Wayland apps such as Element and Firefox.
+    xdg.portal = {
+      enable = true;
+      wlr.enable = true;
+      extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
+      config.common.default = "*";
+    };
+  };
 }

emmathorpe/user.nix

@@ -1,23 +1,27 @@
-{ config, pkgs, inputs, lib, ... }:
+{
+  config,
+  pkgs,
+  inputs,
+  lib,
+  ...
+}:
 
 {
-	programs.zsh.enable = true;
-	users.users.emmathorpe = {
-		isNormalUser = true;
-		home = "/home/emmathorpe";
-		description = "Emma Thorpe";
-		extraGroups = [ "wheel" "docker" ];
-		shell = pkgs.zsh;
-		packages =  lib.mkIf (config.features.swayDesktop.enable == true) [
-			pkgs.legcord
-			#pkgs.plex-desktop
-			#pkgs.plexamp
-		];
-	};
-	programs.firefox = lib.mkIf(config.features.swayDesktop.enable == true) {
-		enable = true;
-	};
-	programs.thunderbird = lib.mkIf(config.features.swayDesktop.enable == true) {
-		enable = true;
-	};
+  programs.zsh.enable = true;
+  users.users.emmathorpe = {
+    isNormalUser = true;
+    home = "/home/emmathorpe";
+    description = "Emma Thorpe";
+    extraGroups = [
+      "wheel"
+      "docker"
+    ];
+    shell = pkgs.zsh;
+  };
+  programs.firefox = lib.mkIf (config.features.swayDesktop.enable == true) {
+    enable = true;
+  };
+  programs.thunderbird = lib.mkIf (config.features.swayDesktop.enable == true) {
+    enable = true;
+  };
 }