From 11cac1aeac85e20030576101c4d2a0f1905285a0 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Thu, 4 Jun 2026 13:34:44 +0000 Subject: [PATCH 1/8] fix(vim): replace unavailable peaksea colorscheme with catppuccin-mocha peaksea is neither in the plugin list nor packaged in nixpkgs vimPlugins, so `colorscheme peaksea` errored on startup and vim fell back to the default scheme. Add catppuccin-vim and select catppuccin_mocha (matching the swaylock/dunst palette); drop the dead peaksea packadd guard. Co-Authored-By: Claude Opus 4.8 (1M context) --- lyrathorpe/home/editor.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lyrathorpe/home/editor.nix b/lyrathorpe/home/editor.nix index c07aa95..de6216b 100644 --- a/lyrathorpe/home/editor.nix +++ b/lyrathorpe/home/editor.nix @@ -9,6 +9,7 @@ ale vim-fugitive vim-indent-guides + catppuccin-vim ]; settings = { expandtab = false; @@ -17,13 +18,10 @@ }; extraConfig = '' let g:indent_guides_enable_on_vim_startup = 1 - if v:version < 802 - packadd! peaksea - endif syntax enable - colorscheme peaksea set termguicolors set background=dark + colorscheme catppuccin_mocha au BufNewFile,BufRead *Jenkinsfile setf groovy ''; }; -- 2.52.0 From 1d79ba175af43989197445346568fcbb58a34023 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Thu, 4 Jun 2026 13:34:44 +0000 Subject: [PATCH 2/8] fix(zsh): drop duplicate history-substring-search plugin historySubstringSearch.enable already wires the home-manager module and keybindings; the oh-my-zsh plugin of the same name was redundant. Co-Authored-By: Claude Opus 4.8 (1M context) --- lyrathorpe/home/shell.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lyrathorpe/home/shell.nix b/lyrathorpe/home/shell.nix index 462ec9b..2eb0679 100644 --- a/lyrathorpe/home/shell.nix +++ b/lyrathorpe/home/shell.nix @@ -13,7 +13,6 @@ plugins = [ "git" "man" - "history-substring-search" ]; theme = "robbyrussell"; }; -- 2.52.0 From 9a17994c30abf353f769ba2d9b64870b84044b42 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Thu, 4 Jun 2026 13:34:44 +0000 Subject: [PATCH 3/8] fix(sway): use wayland WINIT backend in session env WINIT_UNIX_BACKEND was set to x11, forcing winit apps onto XWayland in a Wayland session, contradicting the rest of the block. Set it to wayland, normalise the heredoc indentation, and drop the unused `options` arg. Co-Authored-By: Claude Opus 4.8 (1M context) --- lyrathorpe/swaywm.nix | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/lyrathorpe/swaywm.nix b/lyrathorpe/swaywm.nix index 1517f32..eb14ab9 100644 --- a/lyrathorpe/swaywm.nix +++ b/lyrathorpe/swaywm.nix @@ -1,7 +1,6 @@ { config, lib, - options, pkgs, ... }: @@ -18,18 +17,18 @@ in enable = true; wrapperFeatures.gtk = true; extraSessionCommands = '' - # QT - export QT_QPA_PLATFORM="wayland;xcb" - export QT_QPA_PLATFORMTHEME=qt5ct - # SDL - export SDL_VIDEODRIVER=wayland - # Java - export _JAVA_AWT_WM_NONREPARENTING=1 - # Misc - export CLUTTER_BACKEND=wayland - export WINIT_UNIX_BACKEND=x11 - export MOZ_ENABLE_WAYLAND=1 - ''; + # QT + export QT_QPA_PLATFORM="wayland;xcb" + export QT_QPA_PLATFORMTHEME=qt5ct + # SDL + export SDL_VIDEODRIVER=wayland + # Java + export _JAVA_AWT_WM_NONREPARENTING=1 + # Misc + export CLUTTER_BACKEND=wayland + export WINIT_UNIX_BACKEND=wayland + export MOZ_ENABLE_WAYLAND=1 + ''; # Core Wayland utilities. The lock screen, idle daemon, status bar and # notification daemon are configured per-user in home/sway.nix. extraPackages = with pkgs; [ -- 2.52.0 From de702d5ceb6f896053cd5a291a938e6794fb7407 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Thu, 4 Jun 2026 13:34:44 +0000 Subject: [PATCH 4/8] ci: evaluate the darwin host configuration The eval loop covered only the NixOS hosts, so the nix-darwin host could break unnoticed. Add an eval step for darwinConfigurations.lyrathorpe-mac. Co-Authored-By: Claude Opus 4.8 (1M context) --- .gitea/workflows/ci.yaml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml index 638c8a3..e53b333 100644 --- a/.gitea/workflows/ci.yaml +++ b/.gitea/workflows/ci.yaml @@ -32,9 +32,9 @@ jobs: run: nix build --print-build-logs '.#checks.x86_64-linux.formatting' # Evaluate (not build) each host's toplevel so eval errors fail CI cheaply. - # aarch64 hosts evaluate fine on an x86_64 runner; only building would need - # emulation, which we deliberately avoid here. - - name: Evaluate host configurations + # aarch64 / darwin hosts evaluate fine on an x86_64 runner; only building + # would need emulation, which we deliberately avoid here. + - name: Evaluate NixOS host configurations run: | set -euo pipefail for host in lyrathorpe-mbp lyrathorpe-x1c emmathorpe-edaas; do @@ -43,3 +43,13 @@ jobs: echo echo "::endgroup::" done + + - name: Evaluate Darwin host configurations + run: | + set -euo pipefail + for host in lyrathorpe-mac; do + echo "::group::eval $host" + nix eval --raw ".#darwinConfigurations.$host.config.system.build.toplevel.drvPath" + echo + echo "::endgroup::" + done -- 2.52.0 From f42b134ab19b8bef406282701e269ff5ad3d0057 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Thu, 4 Jun 2026 13:34:44 +0000 Subject: [PATCH 5/8] docs: add README with hosts, apply steps, and firmware caveat Document the host table, rebuild commands, and that the MBP Asahi firmware dir is gitignored and must be populated out-of-band before that host builds. Co-Authored-By: Claude Opus 4.8 (1M context) --- README.md | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..33cc332 --- /dev/null +++ b/README.md @@ -0,0 +1,45 @@ +# nixfiles + +NixOS / nix-darwin / home-manager configuration for all hosts, built from a +single flake. + +## Hosts + +Defined in the host table in [`flake.nix`](./flake.nix): + +| Configuration | System | Machine | +| ------------------- | --------------- | ---------------------------------------- | +| `lyrathorpe-mbp` | `aarch64-linux` | MacBook Pro (Apple Silicon, Asahi) | +| `lyrathorpe-x1c` | `x86_64-linux` | ThinkPad X1 | +| `emmathorpe-edaas` | `x86_64-linux` | Work WSL box (NixOS-WSL) | +| `lyrathorpe-mac` | `aarch64-darwin`| macOS (nix-darwin) | + +Shared layers: `lyrathorpe/home` (home-manager: shell, git, editor), +`system/modules/common-nixos.nix` (all NixOS hosts), and +`system/modules/laptop.nix` (the physical laptops). + +## Applying + +```sh +# NixOS +sudo nixos-rebuild switch --flake .# +# Darwin +darwin-rebuild switch --flake .#lyrathorpe-mac +``` + +## MacBook (Asahi) firmware + +The MBP host references `system/modules/firmware/` for Apple peripheral +firmware (Wi-Fi/Bluetooth). Those blobs are **not** redistributable, so the +directory is gitignored and a clean checkout will not build `lyrathorpe-mbp` +until it is populated out-of-band. + +Copy the firmware extracted during the Asahi install (from +`/etc/nixos/firmware` on the freshly-installed machine, or re-extract per the +[Asahi NixOS docs](https://github.com/tpwrules/nixos-apple-silicon)) into +`system/modules/firmware/` before rebuilding that host. + +## CI + +[`.gitea/workflows/ci.yaml`](./.gitea/workflows/ci.yaml) gates `nixfmt` +formatting and evaluates every NixOS and Darwin host configuration on push/PR. -- 2.52.0 From 85139ddfb1040aa10631d069f5dc579654b3d936 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Thu, 4 Jun 2026 13:34:44 +0000 Subject: [PATCH 6/8] refactor(nixos): extract shared modules, enable firewall, pin nixpkgs url - Add common-nixos.nix (timezone, locale, git/fastfetch) imported by every NixOS host, and laptop.nix (systemd-boot, sway, dvorak, iwd, firewall) imported by X1 and MBP. Strip the nixos-generate-config boilerplate from both machine configs and reduce them to host-specific settings. - Enable the firewall on the laptops (was disabled); X1 opens 22 next to its sshd. - Pin nixpkgs input to github:nixos/nixpkgs/nixos-26.05 for consistency; lock rev unchanged (still b51242d). - Drop unused module arguments. Co-Authored-By: Claude Opus 4.8 (1M context) --- flake.lock | 7 +- flake.nix | 5 +- lyrathorpe/user.nix | 1 - system/machine/MBP-Asahi/configuration.nix | 131 ++------------------- system/machine/X1/configuration.nix | 125 ++------------------ system/modules/common-nixos.nix | 15 +++ system/modules/laptop.nix | 21 ++++ system/modules/work/default.nix | 8 +- 8 files changed, 68 insertions(+), 245 deletions(-) create mode 100644 system/modules/common-nixos.nix create mode 100644 system/modules/laptop.nix diff --git a/flake.lock b/flake.lock index 9fabdc6..a3ed534 100644 --- a/flake.lock +++ b/flake.lock @@ -174,15 +174,16 @@ "locked": { "lastModified": 1780203844, "narHash": "sha256-K5sT4jTpGs15ADhviMKNBH38REpPf5Q6mM1+N6cArVE=", - "owner": "NixOS", + "owner": "nixos", "repo": "nixpkgs", "rev": "b51242d7d43689db2f3be91bd05d5b24fbb469c4", "type": "github" }, "original": { - "id": "nixpkgs", + "owner": "nixos", "ref": "nixos-26.05", - "type": "indirect" + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs-unstable": { diff --git a/flake.nix b/flake.nix index fefc2b6..4823d75 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,7 @@ inputs = { # Pinned stable channel; the single source of truth for every host. - nixpkgs.url = "nixpkgs/nixos-26.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-26.05"; # Bleeding-edge channel, used only to pull individual packages via overlay. nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Home-manager release matched to the stable nixpkgs; `follows` keeps a single nixpkgs eval. @@ -74,6 +74,7 @@ # Shared scaffolding for every NixOS host: common user, settings, home-manager. baseModules = [ ./lyrathorpe/user.nix + ./system/modules/common-nixos.nix commonModule home-manager.nixosModules.home-manager { @@ -163,6 +164,7 @@ fullName = "Lyra Thorpe"; modules = [ ./system/machine/MBP-Asahi/configuration.nix + ./system/modules/laptop.nix nixos-apple-silicon.nixosModules.default ./lyrathorpe/swaywm.nix ]; @@ -178,6 +180,7 @@ fullName = "Lyra Thorpe"; modules = [ ./system/machine/X1/configuration.nix + ./system/modules/laptop.nix ./lyrathorpe/swaywm.nix ]; homeModules = [ diff --git a/lyrathorpe/user.nix b/lyrathorpe/user.nix index b8a677e..a0dbdc3 100644 --- a/lyrathorpe/user.nix +++ b/lyrathorpe/user.nix @@ -1,7 +1,6 @@ { config, pkgs, - inputs, lib, username, fullName, diff --git a/system/machine/MBP-Asahi/configuration.nix b/system/machine/MBP-Asahi/configuration.nix index 069696a..07bbb62 100644 --- a/system/machine/MBP-Asahi/configuration.nix +++ b/system/machine/MBP-Asahi/configuration.nix @@ -1,94 +1,26 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - -{ - config, - lib, - pkgs, - ... -}: +# MacBook Pro (Apple Silicon, Asahi NixOS). Shared laptop options live in +# ../../modules/laptop.nix; only host-specific settings are here. +{ pkgs, ... }: { imports = [ - # Include the results of the hardware scan. ./hardware-configuration.nix ]; - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; + # Asahi manages the EFI vars from macOS; do not touch them from NixOS. boot.loader.efi.canTouchEfiVariables = false; - networking.hostName = "Emma-Asahi"; # Define your hostname. - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + networking.hostName = "Emma-Asahi"; - networking.wireless.iwd = { - enable = true; - settings.General.EnableNetworkConfiguration = true; - }; - - # Set your time zone. - time.timeZone = "Europe/London"; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_GB.UTF-8"; - console = { - # font = "Lat2-Terminus16"; - keyMap = "dvorak"; - # useXkbConfig = true; # use xkb.options in tty. - }; - - # Enable the X11 windowing system. - # services.xserver.enable = true; - - features.swayDesktop.enable = true; - - # Allow swaylock to authenticate (no fingerprint reader on this machine). + # No fingerprint reader on this machine; empty service still lets swaylock + # authenticate via password. security.pam.services.swaylock = { }; - # Specify path to peripheral firmware files. + # Apple peripheral firmware (Wi-Fi/Bluetooth). The directory is gitignored and + # populated out-of-band -- see README. hardware.asahi.peripheralFirmwareDirectory = ../../modules/firmware; - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - # services.pulseaudio.enable = true; - # OR - # services.pipewire = { - # enable = true; - # pulse.enable = true; - # }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.alice = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # packages = with pkgs; [ - # tree - # ]; - # }; - - # programs.firefox.enable = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget environment.systemPackages = with pkgs; [ - # wget - git asahi-bless asahi-nvram asahi-btsync @@ -98,47 +30,6 @@ iptables ]; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - #system.copySystemConfiguration = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "25.05"; # Did you read the comment? - + # See `man configuration.nix` / the stateVersion docs before changing. + system.stateVersion = "25.05"; } diff --git a/system/machine/X1/configuration.nix b/system/machine/X1/configuration.nix index ef1c8ea..bb31107 100644 --- a/system/machine/X1/configuration.nix +++ b/system/machine/X1/configuration.nix @@ -1,134 +1,33 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - -{ - config, - lib, - pkgs, - ... -}: +# ThinkPad X1 (NixOS). Shared laptop options live in ../../modules/laptop.nix; +# only host-specific settings are here. +{ ... }: { imports = [ - # Include the results of the hardware scan. ./hardware-configuration.nix ]; - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "X1-NixOS"; # Define your hostname. + networking.hostName = "X1-NixOS"; networking.domain = "client.cbg.emmaisvery.gay"; - features.swayDesktop.enable = true; - # Pick only one of the below networking options. - networking.wireless.iwd = { - enable = true; - settings.General.EnableNetworkConfiguration = true; - }; - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - # Set your time zone. - time.timeZone = "Europe/London"; + console.font = "Lat2-Terminus16"; - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_GB.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "dvorak"; - # useXkbConfig = true; # use xkb.options in tty. - }; - - # Enable the X11 windowing system. - # services.xserver.enable = true; - - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - # hardware.pulseaudio.enable = true; - # OR services.pipewire = { enable = true; pulse.enable = true; }; - # Enable touchpad support (enabled default in most desktopManager). - # services.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.alice = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # packages = with pkgs; [ - # tree - # ]; - # }; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - git - fastfetch - # wget - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. + # This host accepts SSH, so open 22 (the firewall itself is enabled in + # laptop.nix with a default-deny policy). services.openssh.enable = true; + networking.firewall.allowedTCPPorts = [ 22 ]; - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - #system.copySystemConfiguration = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "24.11"; # Did you read the comment? - - # TODO: Move to fprint security module to import anywhere + # Fingerprint reader: allow swaylock to authenticate via fprintd. services.fprintd.enable = true; - security.pam.services.swaylock = { - fprintAuth = true; - }; + security.pam.services.swaylock.fprintAuth = true; + # See `man configuration.nix` / the stateVersion docs before changing. + system.stateVersion = "24.11"; } diff --git a/system/modules/common-nixos.nix b/system/modules/common-nixos.nix new file mode 100644 index 0000000..5c4a78d --- /dev/null +++ b/system/modules/common-nixos.nix @@ -0,0 +1,15 @@ +# Options shared by every NixOS host (laptops and the WSL box). Imported via +# baseModules in flake.nix. Host- and platform-specific settings stay in the +# per-machine configs; laptop-only settings live in ./laptop.nix. +{ pkgs, ... }: +{ + time.timeZone = "Europe/London"; + i18n.defaultLocale = "en_GB.UTF-8"; + + # Minimal system-level CLI available before the home-manager profile loads + # (e.g. early boot / rescue). User-level tooling lives in home-manager. + environment.systemPackages = with pkgs; [ + git + fastfetch + ]; +} diff --git a/system/modules/laptop.nix b/system/modules/laptop.nix new file mode 100644 index 0000000..38910c0 --- /dev/null +++ b/system/modules/laptop.nix @@ -0,0 +1,21 @@ +# Shared configuration for the physical NixOS laptops (X1, MBP-Asahi). Imported +# from the host table in flake.nix. Platform-specific bits (bootloader EFI var +# touching, firmware, audio, hostname, sshd) stay in the per-machine configs. +{ ... }: +{ + boot.loader.systemd-boot.enable = true; + + features.swayDesktop.enable = true; + + console.keyMap = "dvorak"; + + # Wi-Fi via iwd with its built-in DHCP/network configuration. + networking.wireless.iwd = { + enable = true; + settings.General.EnableNetworkConfiguration = true; + }; + + # Default-deny inbound. Hosts that run a listening service open their own + # ports next to where the service is enabled (e.g. sshd -> 22 on X1). + networking.firewall.enable = true; +} diff --git a/system/modules/work/default.nix b/system/modules/work/default.nix index cbefba8..936468e 100644 --- a/system/modules/work/default.nix +++ b/system/modules/work/default.nix @@ -1,10 +1,4 @@ -{ - config, - pkgs, - inputs, - lib, - ... -}: +{ pkgs, ... }: { programs.git = { -- 2.52.0 From 0227f9d3ef473719645ccd0f039309fd42339fc6 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Thu, 4 Jun 2026 13:57:44 +0000 Subject: [PATCH 7/8] refactor(nixos): extract workstation.nix base from laptop.nix Move the form-factor-agnostic settings (systemd-boot, swayDesktop, dvorak console, firewall) into a shared workstation.nix so laptop.nix and the new desktop.nix can both import them without drifting. laptop.nix keeps only the iwd Wi-Fi backend. Co-Authored-By: Claude Opus 4.8 (1M context) --- system/modules/laptop.nix | 18 ++++++------------ system/modules/workstation.nix | 15 +++++++++++++++ 2 files changed, 21 insertions(+), 12 deletions(-) create mode 100644 system/modules/workstation.nix diff --git a/system/modules/laptop.nix b/system/modules/laptop.nix index 38910c0..211beab 100644 --- a/system/modules/laptop.nix +++ b/system/modules/laptop.nix @@ -1,21 +1,15 @@ -# Shared configuration for the physical NixOS laptops (X1, MBP-Asahi). Imported -# from the host table in flake.nix. Platform-specific bits (bootloader EFI var -# touching, firmware, audio, hostname, sshd) stay in the per-machine configs. +# Portable NixOS hosts (X1, MBP-Asahi). Imported from the host table in +# flake.nix. Shared graphical-workstation settings live in ./workstation.nix; +# the only laptop-specific bit is the Wi-Fi backend. Mobile home-manager +# components (battery block, brightness keys) are gated by the `portable` flag +# threaded through mkHost -- see lyrathorpe/home/sway.nix. { ... }: { - boot.loader.systemd-boot.enable = true; - - features.swayDesktop.enable = true; - - console.keyMap = "dvorak"; + imports = [ ./workstation.nix ]; # Wi-Fi via iwd with its built-in DHCP/network configuration. networking.wireless.iwd = { enable = true; settings.General.EnableNetworkConfiguration = true; }; - - # Default-deny inbound. Hosts that run a listening service open their own - # ports next to where the service is enabled (e.g. sshd -> 22 on X1). - networking.firewall.enable = true; } diff --git a/system/modules/workstation.nix b/system/modules/workstation.nix new file mode 100644 index 0000000..dc7366f --- /dev/null +++ b/system/modules/workstation.nix @@ -0,0 +1,15 @@ +# Form-factor-agnostic base for the physical graphical NixOS machines. Imported +# by both ./laptop.nix and ./desktop.nix; those add only the bits that differ +# between portable and desktop hosts (chiefly the networking backend). +{ ... }: +{ + boot.loader.systemd-boot.enable = true; + + features.swayDesktop.enable = true; + + console.keyMap = "dvorak"; + + # Default-deny inbound. Hosts that run a listening service open their own + # ports next to where the service is enabled (e.g. sshd -> 22 on X1). + networking.firewall.enable = true; +} -- 2.52.0 From 333cb211521af7b11eabe9284f43fc9fe3345f1e Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Thu, 4 Jun 2026 13:57:44 +0000 Subject: [PATCH 8/8] feat(nixos): add desktop module with non-portable home-manager profile Add system/modules/desktop.nix (counterpart to laptop.nix): imports the workstation base and uses wired NetworkManager instead of iwd. Thread a `portable` flag (default true) through mkHost into specialArgs and home-manager.extraSpecialArgs, mirroring username/fullName. lyrathorpe/home/ sway.nix consumes it to drop mobile components on desktop hosts: - status bar swaps the battery block for CPU temperature + network throughput - screen-brightness keybindings are omitted (no internal backlight) No host uses desktop.nix yet; a future desktop host imports it and sets `portable = false`. Verified by evaluating sway.nix both ways: laptop -> [.. sound battery time] + brightness keys; desktop -> [.. temperature net sound time], no brightness keys. Co-Authored-By: Claude Opus 4.8 (1M context) --- flake.nix | 22 +++++++++++++++-- lyrathorpe/home/sway.nix | 48 ++++++++++++++++++++++++++++---------- system/modules/desktop.nix | 13 +++++++++++ 3 files changed, 69 insertions(+), 14 deletions(-) create mode 100644 system/modules/desktop.nix diff --git a/flake.nix b/flake.nix index 4823d75..fe4d937 100644 --- a/flake.nix +++ b/flake.nix @@ -98,16 +98,34 @@ fullName, modules, homeModules, + # Host form factor. Laptops inherit the default; a desktop host sets + # `portable = false` to drop mobile components (battery block, + # brightness keys) from the home-manager Sway config. + portable ? true, }: nixpkgs.lib.nixosSystem { inherit system; - specialArgs = { inherit inputs username fullName; }; + specialArgs = { + inherit + inputs + username + fullName + portable + ; + }; modules = baseModules ++ modules ++ [ { - home-manager.extraSpecialArgs = { inherit inputs username fullName; }; + home-manager.extraSpecialArgs = { + inherit + inputs + username + fullName + portable + ; + }; home-manager.users.${username}.imports = homeModules; } ]; diff --git a/lyrathorpe/home/sway.nix b/lyrathorpe/home/sway.nix index 9862652..0d0d709 100644 --- a/lyrathorpe/home/sway.nix +++ b/lyrathorpe/home/sway.nix @@ -6,7 +6,14 @@ # pulling a second Sway. home-manager owns the user config (~/.config/sway) and # wires the systemd user session (sway-session.target), which is what lets the # swayidle/dunst user services start with the desktop. -{ pkgs, lib, ... }: +{ + pkgs, + lib, + # Threaded from mkHost (flake.nix). Desktop hosts set this false to drop + # mobile components (battery block, screen-brightness keys). + portable ? true, + ... +}: { wayland.windowManager.sway = { enable = true; @@ -42,15 +49,20 @@ } ]; - keybindings = lib.mkOptionDefault { - "${modifier}+l" = "exec ${pkgs.swaylock}/bin/swaylock -f"; - "Print" = "exec ${pkgs.grim}/bin/grim ~/screenshot-$(date +%F-%H%M%S).png"; - "XF86MonBrightnessUp" = "exec ${pkgs.brightnessctl}/bin/brightnessctl set 5%+"; - "XF86MonBrightnessDown" = "exec ${pkgs.brightnessctl}/bin/brightnessctl set 5%-"; - "XF86AudioRaiseVolume" = "exec ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"; - "XF86AudioLowerVolume" = "exec ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"; - "XF86AudioMute" = "exec ${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; - }; + keybindings = lib.mkOptionDefault ( + { + "${modifier}+l" = "exec ${pkgs.swaylock}/bin/swaylock -f"; + "Print" = "exec ${pkgs.grim}/bin/grim ~/screenshot-$(date +%F-%H%M%S).png"; + "XF86AudioRaiseVolume" = "exec ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"; + "XF86AudioLowerVolume" = "exec ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"; + "XF86AudioMute" = "exec ${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; + } + # Screen backlight: laptops only (no internal backlight on a desktop). + // lib.optionalAttrs portable { + "XF86MonBrightnessUp" = "exec ${pkgs.brightnessctl}/bin/brightnessctl set 5%+"; + "XF86MonBrightnessDown" = "exec ${pkgs.brightnessctl}/bin/brightnessctl set 5%-"; + } + ); }; }; @@ -120,8 +132,20 @@ block = "cpu"; interval = 2; } - { block = "sound"; } - { block = "battery"; } + ] + # Desktop-only: CPU temperature and wired network throughput, in place + # of the laptop's battery readout. + ++ lib.optionals (!portable) [ + { + block = "temperature"; + interval = 5; + format = " $icon $average avg, $max max "; + } + { block = "net"; } + ] + ++ [ { block = "sound"; } ] + ++ lib.optional portable { block = "battery"; } + ++ [ { block = "time"; interval = 5; diff --git a/system/modules/desktop.nix b/system/modules/desktop.nix new file mode 100644 index 0000000..f103ca7 --- /dev/null +++ b/system/modules/desktop.nix @@ -0,0 +1,13 @@ +# Desktop (non-portable) NixOS hosts. Counterpart to ./laptop.nix: imports the +# shared ./workstation.nix base and swaps the mobile Wi-Fi backend for wired +# NetworkManager. A desktop host also sets `portable = false` in its host-table +# entry (flake.nix), which drops the battery block and brightness keybindings +# from the Sway bar -- see lyrathorpe/home/sway.nix. +{ ... }: +{ + imports = [ ./workstation.nix ]; + + # Wired networking. NetworkManager handles DHCP/connections itself; do not + # combine with networking.wireless.* (laptop.nix) -- the two backends conflict. + networking.networkmanager.enable = true; +} -- 2.52.0