Emma Thorpe
8c3b101a14
This job is a required status check on main. The workflow was path-filtered to **.nix/flake.lock/ci.yaml, so a PR touching none of those (e.g. a .renovaterc.json-only change) skipped the workflow entirely, leaving the required check pending forever and making the PR unmergeable. Run the workflow on every PR so the check is always reported, but keep a 'detect' step that diffs the PR against its base and runs nix flake check and the per-host evals only when a .nix file, flake.lock, or this workflow changed. When nothing Nix-relevant changed the heavy steps skip and the job still passes, so the required check stays green-reportable without burning a full evaluation on unrelated changes. Checkout uses fetch-depth: 0 so the diff has the base history.
nixfiles
NixOS / nix-darwin / home-manager configuration for all hosts, built from a single flake.
Hosts
Defined in the host table in flake.nix:
| Configuration | System | Machine |
|---|---|---|
lyrathorpe-mbp |
aarch64-linux |
MacBook Pro (Apple Silicon, Asahi) |
lyrathorpe-t400 |
x86_64-linux |
ThinkPad T400 — install notes |
lyrathorpe-macpro31 |
x86_64-linux |
Mac Pro 3,1, desktop — install notes |
emmathorpe-edaas |
x86_64-linux |
Work WSL box (NixOS-WSL) |
lyrathorpe-mac |
aarch64-darwin |
macOS (nix-darwin) |
Shared layers: lyrathorpe/home (home-manager: shell, git, editor),
system/modules/common-nixos.nix (all NixOS hosts: fonts, nix-ld, caches),
system/modules/workstation.nix (physical graphical hosts: audio, thermald,
earlyoom, fwupd), system/modules/laptop.nix (laptops: Wi-Fi, Bluetooth, power,
lid), and system/modules/ssh.nix (key-only sshd). The x86 hosts also pull
nixos-hardware profiles.
Applying
# NixOS
sudo nixos-rebuild switch --flake .#<configuration>
# Darwin
darwin-rebuild switch --flake .#lyrathorpe-mac
Shell environment & keybindings
- Interactive shell features (zsh, tmux, git, ssh, CLI tools, auto-tmux):
lyrathorpe/home/README.md. - All Sway / tmux / foot / zsh keyboard shortcuts:
lyrathorpe/home/KEYBINDINGS.md.
Login / greeter
Graphical (Sway) hosts log in through a Wayland greeter — greetd running
ReGreet inside the cage kiosk compositor — configured centrally in
lyrathorpe/swaywm.nix, gated on
features.swayDesktop.enable. The greeter is forced to Dvorak to match the
console and Sway session. Hosts with features.swayDesktop.enable = false (the
WSL work box) keep plain TTY login. The target account needs a password
(passwd <user>) before it can log in.
MacBook (Asahi) firmware
The MBP host references system/modules/firmware/ for Apple peripheral
firmware (Wi-Fi/Bluetooth). These blobs are committed (tracked) even though
.gitignore lists the directory: the flake is git+file, so it only sees
tracked files — untracking them breaks lyrathorpe-mbp evaluation (and the CI
host-eval) because the config can't find the firmware. They are not
redistributable; the repo is private.
To refresh them, copy the firmware extracted during the Asahi install (from
/etc/nixos/firmware, or re-extract per the
Asahi NixOS docs) into
system/modules/firmware/ and commit with git add -f.
Development
A dev shell and a formatting/lint gate are wired through the flake:
nix develop— shell withdeadnix,statix,treefmt, and the gitpre-commithooks (installed automatically on first entry).nix fmt— formats the tree viatreefmt(nixfmt + shfmt + prettier; generated files andflake.lockare excluded).nix flake check— runs formatting,deadnix,statix, the pre-commit hooks, and evaluates every host..editorconfigcarries the base style;statix.tomldisables the two house-style lints (repeated_keys,empty_pattern).
CI
.gitea/workflows/ci.yaml runs nix flake check
(formatting, deadnix, statix, the pre-commit hooks) and evaluates every
NixOS and Darwin host configuration on push/PR.