From e0b3eb2393ac3bda031d7a0b8f10cab33b3f8ffa Mon Sep 17 00:00:00 2001 From: Lyra Thorpe Date: Tue, 16 Jun 2026 10:50:49 +0100 Subject: [PATCH 1/8] feat(git.nix): add GitHub and Gitea CLI --- lyrathorpe/home/git.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lyrathorpe/home/git.nix b/lyrathorpe/home/git.nix index ae11c7f..18a4de4 100644 --- a/lyrathorpe/home/git.nix +++ b/lyrathorpe/home/git.nix @@ -12,6 +12,8 @@ in { home.packages = [ pkgs.commitizen + pkgs.gh + pkgs.tea ]; programs.git = { @@ -82,7 +84,7 @@ in # can override to false -- otherwise commits there would fail. Reuses the # existing ssh key; a dedicated personal key can be swapped in later. gpg.format = "ssh"; - user.signingkey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJMVgeRKnfX1G8coU3nAobI485aeUpGTMqH7+zbKI8o emma.thorpe@cloud.com"; + user.signingkey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDxHvdMTOzpFWUFMtCP7C/4tIOUO3GIO2QPvaifSnWH lyrathorpe@Lyra-MBA"; commit.gpgsign = lib.mkDefault true; tag.gpgsign = lib.mkDefault true; }; -- 2.52.0 From e125296015a7e61eff5c0f77c7d1cad541de47e6 Mon Sep 17 00:00:00 2001 From: Lyra Thorpe Date: Tue, 16 Jun 2026 10:55:57 +0100 Subject: [PATCH 2/8] feat(shell.nix): add htop installation --- lyrathorpe/home/shell.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lyrathorpe/home/shell.nix b/lyrathorpe/home/shell.nix index 72a66f5..633e0b6 100644 --- a/lyrathorpe/home/shell.nix +++ b/lyrathorpe/home/shell.nix @@ -26,6 +26,7 @@ in pkgs.tea pkgs.hyperfine # command-line benchmarking pkgs.sd # saner find-and-replace than sed + pkgs.htop # ensure there's a system monitor ]; # Resource monitor, themed Catppuccin Mocha to match the rest of the desktop. @@ -345,13 +346,17 @@ in # enables this in the work module; both being true merges cleanly. services.ssh-agent.enable = lib.mkIf pkgs.stdenv.hostPlatform.isLinux true; + programs.htop = { + enable = true; + }; + # Drop the zsh completion dump on every activation. A stale .zcompdump caches # /nix/store paths to completion functions; once a rebuild or a manual GC # removes them, compinit fails with "_git: function definition file not found" # for every completion. Deleting it forces a fresh rebuild from the current # fpath on the next shell. compinit dumps to $ZDOTDIR (~/.config/zsh now); the # $HOME and cache paths are also swept to clear any legacy leftovers. - home.activation.resetZcompdump = lib.hm.dag.entryAfter [ "writeBoundary" ] '' + home.actiVation.resetZcompdump = lib.hm.dag.entryAfter [ "writeBoundary" ] '' $DRY_RUN_CMD rm -f \ "${config.xdg.configHome}"/zsh/.zcompdump* \ "$HOME"/.zcompdump* \ -- 2.52.0 From a753355c0fb88d1eec578e9c09ce96601a0fce26 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Tue, 16 Jun 2026 11:12:38 +0100 Subject: [PATCH 3/8] fix(shell.nix): correct home.activation typo The zcompdump reset was declared under home.actiVation (stray capital V), an unknown option that fails module evaluation, so the activation script never ran. Restore the correct home.activation attribute. --- lyrathorpe/home/shell.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lyrathorpe/home/shell.nix b/lyrathorpe/home/shell.nix index 633e0b6..a00770f 100644 --- a/lyrathorpe/home/shell.nix +++ b/lyrathorpe/home/shell.nix @@ -356,7 +356,7 @@ in # for every completion. Deleting it forces a fresh rebuild from the current # fpath on the next shell. compinit dumps to $ZDOTDIR (~/.config/zsh now); the # $HOME and cache paths are also swept to clear any legacy leftovers. - home.actiVation.resetZcompdump = lib.hm.dag.entryAfter [ "writeBoundary" ] '' + home.activation.resetZcompdump = lib.hm.dag.entryAfter [ "writeBoundary" ] '' $DRY_RUN_CMD rm -f \ "${config.xdg.configHome}"/zsh/.zcompdump* \ "$HOME"/.zcompdump* \ -- 2.52.0 From e9952833638a4e86c76053732dc28f561e1315bf Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Tue, 16 Jun 2026 11:12:44 +0100 Subject: [PATCH 4/8] feat(shell.nix): configure htop settings and meters Flesh out programs.htop: tree view, sensible highlights, hidden kernel threads, left CPU/Memory/Swap bar meters and right Tasks/LoadAverage/Uptime text meters. color_scheme = 0 inherits the terminal's Catppuccin Mocha palette, as htop has no custom-theme support of its own. Drop the explicit pkgs.htop: programs.htop.enable already installs it. --- lyrathorpe/home/shell.nix | 51 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/lyrathorpe/home/shell.nix b/lyrathorpe/home/shell.nix index a00770f..cfb2d32 100644 --- a/lyrathorpe/home/shell.nix +++ b/lyrathorpe/home/shell.nix @@ -26,7 +26,6 @@ in pkgs.tea pkgs.hyperfine # command-line benchmarking pkgs.sd # saner find-and-replace than sed - pkgs.htop # ensure there's a system monitor ]; # Resource monitor, themed Catppuccin Mocha to match the rest of the desktop. @@ -346,8 +345,58 @@ in # enables this in the work module; both being true merges cleanly. services.ssh-agent.enable = lib.mkIf pkgs.stdenv.hostPlatform.isLinux true; + # Classic process viewer (complements btop). htop has no custom-theme support + # -- only a handful of built-in color schemes -- so it can't be hex-themed like + # btop/bat/fzf. color_scheme = 0 (Default) draws from the terminal's ANSI + # palette, which is Catppuccin Mocha (foot/iTerm2), so it matches by deferring + # to the terminal rather than vendoring a theme. programs.htop = { enable = true; + settings = { + color_scheme = 0; # Default -> uses the terminal's Catppuccin palette + delay = 15; # refresh every 1.5s + cpu_count_from_one = 1; + show_cpu_frequency = 1; + show_cpu_usage = 1; # per-core usage shown in the CPU bars + highlight_base_name = 1; # highlight the program name within the path + highlight_megabytes = 1; + highlight_threads = 1; + hide_kernel_threads = 1; + show_program_path = 0; # show just the command, not the full path + tree_view = 1; # start in process-tree mode + tree_view_always_by_pid = 0; + account_guest_in_cpu_meter = 0; + fields = with config.lib.htop.fields; [ + PID + USER + PRIORITY + NICE + M_SIZE + M_RESIDENT + M_SHARE + STATE + PERCENT_CPU + PERCENT_MEM + TIME + COMM + ]; + } + // ( + with config.lib.htop; + leftMeters [ + (bar "AllCPUs2") + (bar "Memory") + (bar "Swap") + ] + ) + // ( + with config.lib.htop; + rightMeters [ + (text "Tasks") + (text "LoadAverage") + (text "Uptime") + ] + ); }; # Drop the zsh completion dump on every activation. A stale .zcompdump caches -- 2.52.0 From eec713e8869aa01ce75a0653f5f3c0590ec7b764 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Tue, 16 Jun 2026 11:12:48 +0100 Subject: [PATCH 5/8] refactor(git.nix): drop redundant gh and duplicate tea packages programs.gh.enable (in shell.nix) already installs gh, so the explicit pkgs.gh was redundant. pkgs.tea was also declared in shell.nix; keep the single declaration there and remove the duplicate here. --- lyrathorpe/home/git.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lyrathorpe/home/git.nix b/lyrathorpe/home/git.nix index 18a4de4..7300559 100644 --- a/lyrathorpe/home/git.nix +++ b/lyrathorpe/home/git.nix @@ -12,8 +12,6 @@ in { home.packages = [ pkgs.commitizen - pkgs.gh - pkgs.tea ]; programs.git = { -- 2.52.0 From ffedf769a0f31a9bb2f52c8b3270e37da5c088b6 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Tue, 16 Jun 2026 11:21:51 +0100 Subject: [PATCH 6/8] fix(shell.nix): let gh own its config.yml so auth login works home-manager renders ~/.config/gh/config.yml as a read-only /nix/store symlink whenever programs.gh is enabled (unconditionally, not gated on settings). gh rewrites that file on 'gh auth login' and 'gh config set', which then fail with a permission error. Suppress the managed config.yml via xdg.configFile and drop the settings.git_protocol declaration that created it; gh now owns the file. The token lives in hosts.yml, which home-manager never manages. Set the SSH protocol at runtime with 'gh config set git_protocol ssh'. --- lyrathorpe/home/shell.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/lyrathorpe/home/shell.nix b/lyrathorpe/home/shell.nix index cfb2d32..6d363b6 100644 --- a/lyrathorpe/home/shell.nix +++ b/lyrathorpe/home/shell.nix @@ -203,12 +203,15 @@ in flake = "$HOME/code/nixfiles"; }; - # GitHub CLI. Prefer SSH for any git operations it drives, matching the - # ssh-based remotes used elsewhere. - programs.gh = { - enable = true; - settings.git_protocol = "ssh"; - }; + # GitHub CLI. `programs.gh.settings` is deliberately unset: home-manager renders + # ~/.config/gh/config.yml as a read-only /nix/store symlink whenever the module + # is enabled, but gh must rewrite that file on `gh auth login` and `gh config + # set`, which then fail with a permission error. Suppress the managed config.yml + # (below) and let gh own it. The token lives in hosts.yml, which is never + # Nix-managed. Set the SSH protocol once at runtime: `gh config set git_protocol + # ssh` (it can't be declarative here without recreating the immutable file). + programs.gh.enable = true; + xdg.configFile."gh/config.yml".enable = lib.mkForce false; programs.tmux = { enable = true; -- 2.52.0 From 886ac4eb36314d1be2cfdaf6549725aeb5a8b0fe Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Tue, 16 Jun 2026 11:27:17 +0100 Subject: [PATCH 7/8] fix(git.nix): make personal signingkey a mkDefault git.nix and work.nix both define user.signingkey. They used to hold the same value, which types.str tolerates, but git.nix now sets the personal key while work.nix sets the work key, so the two plain definitions conflict on the EDaaS host. Mark git.nix's signingkey as mkDefault, mirroring user.email: personal hosts get the personal key, and work.nix's plain work-key definition wins on the work host. --- lyrathorpe/home/git.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/lyrathorpe/home/git.nix b/lyrathorpe/home/git.nix index 7300559..9300ecf 100644 --- a/lyrathorpe/home/git.nix +++ b/lyrathorpe/home/git.nix @@ -77,12 +77,14 @@ in cc = "!cz commit"; }; - # SSH commit signing on personal hosts too (the work module sets the same - # on the work host). mkDefault so a host without the key in its ssh-agent - # can override to false -- otherwise commits there would fail. Reuses the - # existing ssh key; a dedicated personal key can be swapped in later. + # SSH commit signing. This personal key is the default; the work module + # (work.nix) overrides it with the work key on the EDaaS host, the same way + # user.email is overridden -- so mkDefault here lets that plain definition + # win instead of conflicting. gpgsign is mkDefault too, so a host without + # the key in its ssh-agent can override it to false rather than fail every + # commit. gpg.format = "ssh"; - user.signingkey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDxHvdMTOzpFWUFMtCP7C/4tIOUO3GIO2QPvaifSnWH lyrathorpe@Lyra-MBA"; + user.signingkey = lib.mkDefault "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDxHvdMTOzpFWUFMtCP7C/4tIOUO3GIO2QPvaifSnWH lyrathorpe@Lyra-MBA"; commit.gpgsign = lib.mkDefault true; tag.gpgsign = lib.mkDefault true; }; -- 2.52.0 From 2b69485107f937e32cbd7abe8e8aeec8944d1460 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Tue, 16 Jun 2026 11:30:22 +0100 Subject: [PATCH 8/8] feat(edaas): set hostName to emmathorpe-edaas The host inherited the stock NixOS default hostname 'nixos', which does not match the flake's nixosConfigurations attribute 'emmathorpe-edaas'. nh selects the configuration by the local hostname, so bare 'nh os switch' failed to resolve. Pin the hostname to the attribute name so it resolves without an explicit -H/--hostname flag. --- system/machine/EDaaS/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/system/machine/EDaaS/configuration.nix b/system/machine/EDaaS/configuration.nix index 600d786..32ba7f9 100644 --- a/system/machine/EDaaS/configuration.nix +++ b/system/machine/EDaaS/configuration.nix @@ -43,6 +43,11 @@ autoPrune.enable = true; }; + # Match the flake's nixosConfigurations attribute name so `nh os switch` + # (which selects by the local hostname) resolves without an explicit + # -H/--hostname flag. The default would otherwise be the stock NixOS "nixos". + networking.hostName = "emmathorpe-edaas"; + networking.resolvconf.enable = false; # Drop the systemd-ssh-proxy Include from the generated /etc/ssh/ssh_config. -- 2.52.0