Emma Thorpe
886ac4eb36
git.nix and work.nix both define user.signingkey. They used to hold the same value, which types.str tolerates, but git.nix now sets the personal key while work.nix sets the work key, so the two plain definitions conflict on the EDaaS host. Mark git.nix's signingkey as mkDefault, mirroring user.email: personal hosts get the personal key, and work.nix's plain work-key definition wins on the work host.
nixfiles
NixOS / nix-darwin / home-manager configuration for all hosts, built from a single flake.
Hosts
Defined in the host table in flake.nix:
| Configuration | System | Machine |
|---|---|---|
lyrathorpe-mbp |
aarch64-linux |
MacBook Pro (Apple Silicon, Asahi) |
lyrathorpe-t400 |
x86_64-linux |
ThinkPad T400 — install notes |
lyrathorpe-macpro31 |
x86_64-linux |
Mac Pro 3,1, desktop — install notes |
emmathorpe-edaas |
x86_64-linux |
Work WSL box (NixOS-WSL) |
lyrathorpe-mac |
aarch64-darwin |
macOS (nix-darwin) |
Shared layers: lyrathorpe/home (home-manager: shell, git, editor),
system/modules/common-nixos.nix (all NixOS hosts: fonts, nix-ld, caches),
system/modules/workstation.nix (physical graphical hosts: audio, thermald,
earlyoom, fwupd), system/modules/laptop.nix (laptops: Wi-Fi, Bluetooth, power,
lid), and system/modules/ssh.nix (key-only sshd). The x86 hosts also pull
nixos-hardware profiles.
Applying
# NixOS
sudo nixos-rebuild switch --flake .#<configuration>
# Darwin
darwin-rebuild switch --flake .#lyrathorpe-mac
Shell environment & keybindings
- Interactive shell features (zsh, tmux, git, ssh, CLI tools, auto-tmux):
lyrathorpe/home/README.md. - All Sway / tmux / foot / zsh keyboard shortcuts:
lyrathorpe/home/KEYBINDINGS.md.
Login / greeter
Graphical (Sway) hosts log in through a Wayland greeter — greetd running
ReGreet inside the cage kiosk compositor — configured centrally in
lyrathorpe/swaywm.nix, gated on
features.swayDesktop.enable. The greeter is forced to Dvorak to match the
console and Sway session. Hosts with features.swayDesktop.enable = false (the
WSL work box) keep plain TTY login. The target account needs a password
(passwd <user>) before it can log in.
MacBook (Asahi) firmware
The MBP host references system/modules/firmware/ for Apple peripheral
firmware (Wi-Fi/Bluetooth). These blobs are committed (tracked) even though
.gitignore lists the directory: the flake is git+file, so it only sees
tracked files — untracking them breaks lyrathorpe-mbp evaluation (and the CI
host-eval) because the config can't find the firmware. They are not
redistributable; the repo is private.
To refresh them, copy the firmware extracted during the Asahi install (from
/etc/nixos/firmware, or re-extract per the
Asahi NixOS docs) into
system/modules/firmware/ and commit with git add -f.
Development
A dev shell and a formatting/lint gate are wired through the flake:
nix develop— shell withdeadnix,statix,treefmt, and the gitpre-commithooks (installed automatically on first entry).nix fmt— formats the tree viatreefmt(nixfmt + shfmt + prettier; generated files andflake.lockare excluded).nix flake check— runs formatting,deadnix,statix, the pre-commit hooks, and evaluates every host..editorconfigcarries the base style;statix.tomldisables the two house-style lints (repeated_keys,empty_pattern).
CI
.gitea/workflows/ci.yaml runs nix flake check
(formatting, deadnix, statix, the pre-commit hooks) and evaluates every
NixOS and Darwin host configuration on push/PR.