Factor the Catppuccin Mocha palette into lyrathorpe/catppuccin-mocha.nix
so the desktop (home/sway.nix) and the system greeter (swaywm.nix) share
one source of truth, then theme ReGreet from it: GTK CSS (libadwaita
named colours + plain node selectors for window/entry/button/combobox)
plus Noto Sans to match the bar and notifications.
Verified the rendered /etc/greetd/regreet.css and regreet.toml
(font_name = "Noto Sans 16"), and that foot still resolves its colours
through the shared import.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the mismatched theming (gruvbox i3status-rust, unthemed foot,
default Sway borders) with a single Catppuccin Mocha palette so the
desktop matches the Vim colorscheme. A `ctp` let-binding holds the raw
hex once; consumers add "#" as needed.
Themed: foot (16-colour + selection/cursor), i3status-rust ("plain" base
+ overrides, idle blocks on mantle, loud bg only for warning/critical),
Sway window borders and the bar/workspace buttons, swaylock (full
ring/inside/text set) and dunst (base/text bg, blue/peach frames).
Lives in the shared home/sway.nix, so every Sway host is themed
consistently. Vim already uses catppuccin_mocha, so the editor is
unchanged.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Only `menu` was set, which the module's default keybindings run on Mod+d;
Mod+Space defaulted to `focus mode_toggle`, so sway-launcher-desktop was
never reachable from Mod+Space. Add an explicit Mod+Space -> exec ${menu}
binding at normal priority (via mkMerge) so it overrides the default.
Mod+d still launches it as well.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Dvorak is a variant of the "us" XKB layout, not a layout of its own:
there is no symbols/dvorak file, so "dvorak" fails to compile.
In the greetd/cage greeter the keymap comes solely from XKB_DEFAULT_*, so
the failure left the greeter with no keymap and therefore no keyboard
input at all (mouse unaffected). Split it into
XKB_DEFAULT_LAYOUT=us + XKB_DEFAULT_VARIANT=dvorak.
The same mistake in the Sway session (home/sway.nix) was masked: the
default us keymap compiled and the failing override was silently dropped,
so the session ran QWERTY despite the dvorak setting. Use xkb_variant
there too so it is actually Dvorak.
console.keyMap = "dvorak" (workstation.nix) is unaffected -- that is a
kbd console map, a separate subsystem where "dvorak" is valid.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Document the greetd/ReGreet greeter in the top-level README and the T400
and Mac Pro install notes, including that the user account needs a
password set before the greeter can authenticate.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace TTY/getty login with a graphical Wayland greeter on every host
with features.swayDesktop enabled (MBP, T400, Mac Pro; not the WSL box).
greetd launches ReGreet inside the cage kiosk compositor; the Sway
session is listed automatically via services.displayManager.sessionPackages.
Override regreet's mkDefault greetd command to export
XKB_DEFAULT_LAYOUT=dvorak so the greeter password field matches the
console (workstation.nix) and Sway session (home/sway.nix) layout.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add system/machine/{T400,MacPro31}/README.md covering the placeholder
hardware-configuration regeneration, partition labels, bootloader selection
(T400 boot variants; Mac Pro EFI quirks), and GPU notes. Link each from its
configuration.nix header, and refresh the top-level README host table (T400
replaces X1, Mac Pro 3,1 added) with links to both.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Split the T400 bootloader into self-contained, importable modules so the host
can match whatever firmware is flashed (switch by changing one import):
- boot-bios.nix stock BIOS / coreboot+SeaBIOS -> GRUB on the MBR (default)
- boot-coreboot-grub.nix coreboot GRUB payload -> config-only GRUB (device=nodev)
- boot-coreboot-uefi.nix coreboot Tianocore/UEFI payload -> systemd-boot; carries
its own ESP (/boot vfat) so it travels with the mode
Cover the optional discrete ATI Mobility Radeon HD 3470 (RV620): load the open
`radeon` KMS driver in the initrd for early modesetting (firmware via
enableRedistributableFirmware), with a note on the T400's switchable graphics.
All three boot variants evaluate; nixfmt clean.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- lyrathorpe-t400 replaces lyrathorpe-x1c: ThinkPad T400 (legacy BIOS -> GRUB,
Intel microcode + redistributable firmware for iwlwifi, pipewire, sshd).
- lyrathorpe-macpro31: new desktop host (portable = false) importing
desktop.nix. Mac Pro 3,1 has 64-bit EFI -> systemd-boot; wired NetworkManager
via desktop.nix; desktop status bar (temperature + net, no battery).
Both ship hand-written placeholder hardware-configuration.nix (root/swap/ESP by
label, GRUB device /dev/sda) to be regenerated with nixos-generate-config and
committed at install time. All five host configs evaluate; nixfmt clean.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The bootloader is firmware-specific, not form-factor: UEFI hosts use
systemd-boot, BIOS hosts use GRUB. Drop boot.loader.systemd-boot.enable from
workstation.nix and declare it on the MBP instead, so the incoming BIOS-only
T400 (GRUB) doesn't have to force it off.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add system/modules/desktop.nix (counterpart to laptop.nix): imports the
workstation base and uses wired NetworkManager instead of iwd.
Thread a `portable` flag (default true) through mkHost into specialArgs and
home-manager.extraSpecialArgs, mirroring username/fullName. lyrathorpe/home/
sway.nix consumes it to drop mobile components on desktop hosts:
- status bar swaps the battery block for CPU temperature + network throughput
- screen-brightness keybindings are omitted (no internal backlight)
No host uses desktop.nix yet; a future desktop host imports it and sets
`portable = false`. Verified by evaluating sway.nix both ways:
laptop -> [.. sound battery time] + brightness keys;
desktop -> [.. temperature net sound time], no brightness keys.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Move the form-factor-agnostic settings (systemd-boot, swayDesktop, dvorak
console, firewall) into a shared workstation.nix so laptop.nix and the new
desktop.nix can both import them without drifting. laptop.nix keeps only the
iwd Wi-Fi backend.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Add common-nixos.nix (timezone, locale, git/fastfetch) imported by every
NixOS host, and laptop.nix (systemd-boot, sway, dvorak, iwd, firewall)
imported by X1 and MBP. Strip the nixos-generate-config boilerplate from
both machine configs and reduce them to host-specific settings.
- Enable the firewall on the laptops (was disabled); X1 opens 22 next to
its sshd.
- Pin nixpkgs input to github:nixos/nixpkgs/nixos-26.05 for consistency;
lock rev unchanged (still b51242d).
- Drop unused module arguments.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Document the host table, rebuild commands, and that the MBP Asahi firmware
dir is gitignored and must be populated out-of-band before that host builds.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The eval loop covered only the NixOS hosts, so the nix-darwin host could
break unnoticed. Add an eval step for darwinConfigurations.lyrathorpe-mac.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
WINIT_UNIX_BACKEND was set to x11, forcing winit apps onto XWayland in a
Wayland session, contradicting the rest of the block. Set it to wayland,
normalise the heredoc indentation, and drop the unused `options` arg.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
historySubstringSearch.enable already wires the home-manager module and
keybindings; the oh-my-zsh plugin of the same name was redundant.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
peaksea is neither in the plugin list nor packaged in nixpkgs vimPlugins,
so `colorscheme peaksea` errored on startup and vim fell back to the
default scheme. Add catppuccin-vim and select catppuccin_mocha (matching
the swaylock/dunst palette); drop the dead peaksea packadd guard.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The NixOS-WSL store is a read-only VHD whose files are owned by nobody
(65534), not root. programs.ssh.systemd-ssh-proxy.enable (default true)
adds `Include <systemd>/lib/systemd/ssh_config.d/20-systemd-ssh-proxy.conf`
to /etc/ssh/ssh_config. OpenSSH permission-checks Include'd config files
and rejects any not owned by root or the caller, so the nobody-owned
include fails with "Bad owner or permissions" and breaks ssh/git for
every command.
Disable it on the WSL host: the proxy plugin only serves `ssh unix/…` /
`vsock` connections to local machined VMs, which WSL does not use. Other
hosts keep the default (root-owned store, include works).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add the installed App Store apps to homebrew.masApps so mas manages them declaratively: Amphetamine, Apple Configurator, Game Controller Tester, Keynote, Numbers, Pages, PDFgear, PL2303Serial, WireGuard.
Set home-manager.backupFileExtension = "backup" on the NixOS and Darwin base modules. Existing machines carry hand-written ~/.zshrc and ~/.zshenv that home-manager would refuse to overwrite, aborting activation. With a backup extension, the originals are saved as .backup and activation proceeds. The oh-my-zsh setup is already declared in lyrathorpe/home/shell.nix, so the generated files supersede the old ones.
Migrate the prior Homebrew package set onto the nix-darwin host. Leaf CLI formulae move to nixpkgs (environment.systemPackages); pure library deps are dropped since nix resolves them transitively. firefoxpwa and version-pinned llvm@21/lld@21/python@3.14 stay on brew. All GUI apps remain brew casks, since nixpkgs darwin GUI support is unreliable.
Add the nix-homebrew input and darwin module so the Homebrew prefix is installed and owned declaratively (no manual bootstrap), with enableRosetta for x86_64 formulae on Apple Silicon and user = host username.
Set homebrew.onActivation.cleanup = zap so the taps/brews/casks/masApps lists are authoritative: anything not declared is removed on activation.
Turn on nix-darwin's homebrew module with empty taps/brews/casks/masApps lists to fill in, onActivation autoUpdate+upgrade, and cleanup=none (manual formulae left intact; flip to zap for fully authoritative lists). Set system.primaryUser so brew activation runs as the host user.
Add the nix-darwin input (nix-darwin-26.05, follows nixpkgs) and a mkDarwinHost mirroring mkHost: shared commonModule (nixpkgs/nix settings) is factored out and reused, home-manager is wired via darwinModules, and identity is threaded through specialArgs.
New darwinConfigurations.lyrathorpe-mac (aarch64-darwin) reuses the cross-platform ./lyrathorpe/home modules (shell, git, editor); Linux-only sway/desktop modules are excluded. Build with: darwin-rebuild switch --flake .#lyrathorpe-mac.
Add path filters so the workflow triggers only when *.nix files, flake.lock, or the workflow itself change, skipping CI for docs/markdown/unrelated edits.
CI workflow gates on nixfmt formatting and evaluates all three host toplevels (aarch64 evaluates without emulation; no full builds in CI).
renovate.json enables the nix manager and weekly lockFileMaintenance for flake.lock, plus grouped github-actions updates (Renovate matches .gitea/workflows). A self-hosted Renovate workflow runs it on Gitea, since Gitea has no built-in Renovate; it needs a RENOVATE_TOKEN secret.
Emma Thorpe
lyrathorpe
renovate-bot