- Polkit authentication agent (lxqt-policykit) as a sway-session user
service — programs.sway only enables the daemon, so GUI auth dialogs
(nemo mount, NM/blueman) previously failed silently. Corrected the
header comment that wrongly claimed the agent was handled system-side.
- kanshi for output/display management (safe internal-panel default; a
documented template for docked/Cinema-Display profiles).
- gammastep night-light (manual location; adjust coordinates).
- inhibit_idle on fullscreen so video doesn't get blanked/locked.
- logind lid policy on the laptops: suspend on battery, lock on AC.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- thermald on the x86 hosts (guarded; the Asahi MBP self-governs).
- T400 battery charge thresholds (75/80) via tp_smapi; tlp itself comes
from the nixos-hardware profile.
- Bluetooth (bluez + powerOnBoot) and blueman on the laptops — the MBP
already loads Apple BT firmware but bluez was never running.
- earlyoom + fwupd on the physical graphical hosts; zram on the Mac Pro.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Move the form-factor-agnostic settings (systemd-boot, swayDesktop, dvorak
console, firewall) into a shared workstation.nix so laptop.nix and the new
desktop.nix can both import them without drifting. laptop.nix keeps only the
iwd Wi-Fi backend.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Add common-nixos.nix (timezone, locale, git/fastfetch) imported by every
NixOS host, and laptop.nix (systemd-boot, sway, dvorak, iwd, firewall)
imported by X1 and MBP. Strip the nixos-generate-config boilerplate from
both machine configs and reduce them to host-specific settings.
- Enable the firewall on the laptops (was disabled); X1 opens 22 next to
its sshd.
- Pin nixpkgs input to github:nixos/nixpkgs/nixos-26.05 for consistency;
lock rev unchanged (still b51242d).
- Drop unused module arguments.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Emma Thorpe