Refactor/flake dedup and wsl input (#3)

* fix: configure docker for EDaaS WSL VDI

Enable rootful docker with the Docker Desktop proxy patch, add emmathorpe to the docker group, disable resolvconf and enable nix-ld.

* feat: flesh out work module and pin claude-code to nixpkgs unstable

Migrate git config to the settings option, fix the signing key path and email, add argo-rollouts/google-cloud-sdk and other tooling, and enable go. claude-code is sourced from the nixpkgs-unstable overlay.

* chore: update personal git, delta and editor config

Move git config to the settings option, switch to the standalone programs.delta module with git integration, add commitizen, and treat Jenkinsfiles as groovy.

* refactor: dedupe flake with mkHost and add nixos-wsl flake input

Extract a shared mkHost helper to remove duplicated home-manager scaffolding, add nixos-wsl as a flake input so the EDaaS host builds without --impure, source claude-code via a nixpkgs-unstable overlay, and expose a nixfmt formatter output.

* style: format nix files with nixfmt

* refactor: migrate to stable nixpkgs 26.05 and track upstream asahi flake

Pin nixpkgs to nixos-26.05 and home-manager to release-26.05; claude-code stays bleeding-edge via the nixpkgs-unstable overlay.

Centralize allowUnfree and experimental-features in mkHost and pin nix.registry/nixPath to the flake nixpkgs.

Replace the vendored apple-silicon-support module with the nixos-apple-silicon flake input, dropping ~8.8k lines of vendored code.

Fix stable-induced package renames: neofetch -> fastfetch, noto-fonts-emoji -> noto-fonts-color-emoji.

* refactor: adopt flake-parts with host table and scoped unfree

Wrap outputs in flake-parts.lib.mkFlake, replacing forAllSystems boilerplate with systems + perSystem. Drop the unused self argument.

Collapse the three mkHost calls into a hosts attrset mapped with lib.mapAttrs; adding a machine is now a single table entry.

Replace blanket allowUnfree with an allowUnfreePredicate allowlist (claude-code, lens). Add devShells.default (nixfmt, nil, git) and a checks.formatting nixfmt --check gate.

* docs(flake): annotate inputs, mkHost, host table and perSystem

Explanatory comments only; no eval change (drvPath identical).

* refactor(home): split home-manager into focused modules; clarify desktop scope

Break the home.nix monolith into emmathorpe/home/{default,shell,git,editor,desktop}.nix. The host table now composes desktop.nix onto graphical hosts only, so element-desktop, the Sway session vars and cursor theme are no longer installed on the headless WSL host.

Consolidate chat apps: legcord moves from user.nix (system) into the home desktop module alongside element-desktop. The tty1 'exec sway' autostart moves into desktop.nix so it never runs on headless hosts.

Desktop functionality: add xdg.portal (wlr + gtk) in swaywm.nix to enable screen sharing and native file pickers for Element and Firefox under wlroots.

* feat(desktop): declarative Sway config with idle-lock, notifications and bar

Add emmathorpe/home/sway.nix managing wayland.windowManager.sway (package = null, reusing the system Sway wrapper) plus swaylock, swayidle, dunst and an i3status-rust bar. home-manager's systemd integration wires sway-session.target so the swayidle/dunst user services start with the session.

swayidle locks after 5 min, powers outputs off after 10, and locks before sleep. Media/brightness keys use wpctl (pipewire) and brightnessctl; the launcher is sway-launcher-desktop in a floating foot window; keyboard is set to dvorak to match the console.

Move swaylock/swayidle/dunst/i3status-rust out of the system programs.sway extraPackages (now home-managed). Add security.pam.services.swaylock on the MBP host so the lock screen can authenticate (X1 already had it with fingerprint auth).

---------

Co-authored-by: Emma Thorpe <emma.thorpe@citrix.com>

system/machine/MBP-Asahi/configuration.nix

@@ -2,21 +2,23 @@
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 
 {
-  imports =
-    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-      ../../modules/apple-silicon-support
-    ];
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+  ];
 
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = false;
 
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-
   networking.hostName = "Emma-Asahi"; # Define your hostname.
   # Pick only one of the below networking options.
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
@@ -36,20 +38,22 @@
 
   # Select internationalisation properties.
   i18n.defaultLocale = "en_GB.UTF-8";
-   console = {
-#     font = "Lat2-Terminus16";
-     keyMap = "dvorak";
-  #   useXkbConfig = true; # use xkb.options in tty.
-   };
+  console = {
+    #     font = "Lat2-Terminus16";
+    keyMap = "dvorak";
+    #   useXkbConfig = true; # use xkb.options in tty.
+  };
 
   # Enable the X11 windowing system.
   # services.xserver.enable = true;
 
   features.swayDesktop.enable = true;
-  nixpkgs.config.allowUnfree = true;
+
+  # Allow swaylock to authenticate (no fingerprint reader on this machine).
+  security.pam.services.swaylock = { };
 
   # Specify path to peripheral firmware files.
-  hardware.asahi.peripheralFirmwareDirectory = ../../modules/firmware; 
+  hardware.asahi.peripheralFirmwareDirectory = ../../modules/firmware;
 
   # Configure keymap in X11
   # services.xserver.xkb.layout = "us";
@@ -83,7 +87,7 @@
   # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [
-  #   wget
+    #   wget
     git
     asahi-bless
     asahi-nvram
@@ -94,8 +98,6 @@
     iptables
   ];
 
-
-
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.
   # programs.mtr.enable = true;
@@ -140,4 +142,3 @@
   system.stateVersion = "25.05"; # Did you read the comment?
 
 }
-