nixfiles
NixOS / nix-darwin / home-manager configuration for all hosts, built from a single flake.
Hosts
Defined in the host table in flake.nix:
| Configuration | System | Machine |
|---|---|---|
lyrathorpe-mbp |
aarch64-linux |
MacBook Pro (Apple Silicon, Asahi) |
lyrathorpe-t400 |
x86_64-linux |
ThinkPad T400 — install notes |
lyrathorpe-macpro31 |
x86_64-linux |
Mac Pro 3,1, desktop — install notes |
emmathorpe-edaas |
x86_64-linux |
Work WSL box (NixOS-WSL) |
lyrathorpe-rpi5 |
aarch64-linux |
Raspberry Pi 5 headless server: Docker host + nginx reverse proxy — install notes |
lyrathorpe-mac |
aarch64-darwin |
macOS (nix-darwin) |
Shared layers: lyrathorpe/home (home-manager: shell, git, editor),
system/modules/common-nixos.nix (all NixOS hosts: fonts, nix-ld, caches),
system/modules/workstation.nix (physical graphical hosts: audio, thermald,
earlyoom, fwupd), system/modules/laptop.nix (laptops: Wi-Fi, Bluetooth, power,
lid), and system/modules/ssh.nix (key-only sshd). The x86 hosts also pull
nixos-hardware profiles.
Applying
# NixOS
sudo nixos-rebuild switch --flake .#<configuration>
# Darwin
darwin-rebuild switch --flake .#lyrathorpe-mac
Shell environment & keybindings
- Interactive shell features (zsh, tmux, git, ssh, CLI tools, auto-tmux):
lyrathorpe/home/README.md. - All Sway / tmux / foot / zsh keyboard shortcuts:
lyrathorpe/home/KEYBINDINGS.md.
Login / greeter
Graphical (Sway) hosts log in through a Wayland greeter — greetd running
ReGreet inside the cage kiosk compositor — implemented in
lyrathorpe/swaywm.nix, gated on
features.swayDesktop.enable (the option is declared in
system/modules/features.nix, so headless hosts
can leave it off without importing swaywm.nix). The greeter is forced to Dvorak
to match the console and Sway session. Headless hosts (the WSL work box and the
Raspberry Pi server) keep plain TTY login. The target account needs a password
(passwd <user>) before it can log in.
MacBook (Asahi) firmware
The MBP host references system/modules/firmware/ for Apple peripheral
firmware (Wi-Fi/Bluetooth). These blobs are committed (tracked) even though
.gitignore lists the directory: the flake is git+file, so it only sees
tracked files — untracking them breaks lyrathorpe-mbp evaluation (and the CI
host-eval) because the config can't find the firmware. They are not
redistributable; the repo is private.
To refresh them, copy the firmware extracted during the Asahi install (from
/etc/nixos/firmware, or re-extract per the
Asahi NixOS docs) into
system/modules/firmware/ and commit with git add -f.
Development
A dev shell and a formatting/lint gate are wired through the flake:
nix develop— shell withdeadnix,statix,treefmt, and the gitpre-commithooks (installed automatically on first entry).nix fmt— formats the tree viatreefmt(nixfmt + shfmt + prettier; generated files andflake.lockare excluded).nix flake check— runs formatting,deadnix,statix, the pre-commit hooks, and evaluates every host..editorconfigcarries the base style;statix.tomldisables the two house-style lints (repeated_keys,empty_pattern).
CI
.gitea/workflows/ci.yaml runs nix flake check
(formatting, deadnix, statix, the pre-commit hooks) and evaluates every
NixOS and Darwin host configuration on push/PR.