lyrathorpe/nixfiles
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
efa9aa93da89bc49be531dd223ef15dfe7dd8159
nixfiles/README.md
T
Emma Thorpe efa9aa93da
CI / flake (pull_request) Successful in 3m47s
Details
docs(rpi5): add install notes and update host table 
Add system/machine/RPi5/README.md (flash/boot, regenerate hardware-config,
Docker-socket security caveat and remote-client usage, how to add a
reverse-proxy vhost). Add lyrathorpe-rpi5 to the README host table and note
that the swayDesktop flag now lives in system/modules/features.nix so headless
hosts keep TTY login.
2026-06-16 13:32:11 +01:00

86 lines
4.4 KiB
Markdown
Raw Blame History

# nixfiles
NixOS / nix-darwin / home-manager configuration for all hosts, built from a
single flake.
## Hosts
Defined in the host table in [`flake.nix`](./flake.nix):
| Configuration | System | Machine |
| --------------------- | ---------------- | -------------------------------------------------------------------------------------------------------------------- |
| `lyrathorpe-mbp` | `aarch64-linux` | MacBook Pro (Apple Silicon, Asahi) |
| `lyrathorpe-t400` | `x86_64-linux` | ThinkPad T400 — [install notes](./system/machine/T400/README.md) |
| `lyrathorpe-macpro31` | `x86_64-linux` | Mac Pro 3,1, desktop — [install notes](./system/machine/MacPro31/README.md) |
| `emmathorpe-edaas` | `x86_64-linux` | Work WSL box (NixOS-WSL) |
| `lyrathorpe-rpi5` | `aarch64-linux` | Raspberry Pi 5 headless server: Docker host + nginx reverse proxy — [install notes](./system/machine/RPi5/README.md) |
| `lyrathorpe-mac` | `aarch64-darwin` | macOS (nix-darwin) |
Shared layers: `lyrathorpe/home` (home-manager: shell, git, editor),
`system/modules/common-nixos.nix` (all NixOS hosts: fonts, nix-ld, caches),
`system/modules/workstation.nix` (physical graphical hosts: audio, thermald,
earlyoom, fwupd), `system/modules/laptop.nix` (laptops: Wi-Fi, Bluetooth, power,
lid), and `system/modules/ssh.nix` (key-only sshd). The x86 hosts also pull
`nixos-hardware` profiles.
## Applying
```sh
# NixOS
sudo nixos-rebuild switch --flake .#<configuration>
# Darwin
darwin-rebuild switch --flake .#lyrathorpe-mac
```
## Shell environment & keybindings
- Interactive shell features (zsh, tmux, git, ssh, CLI tools, auto-tmux):
[`lyrathorpe/home/README.md`](./lyrathorpe/home/README.md).
- All Sway / tmux / foot / zsh keyboard shortcuts:
[`lyrathorpe/home/KEYBINDINGS.md`](./lyrathorpe/home/KEYBINDINGS.md).
## Login / greeter
Graphical (Sway) hosts log in through a Wayland greeter — `greetd` running
ReGreet inside the `cage` kiosk compositor — implemented in
[`lyrathorpe/swaywm.nix`](./lyrathorpe/swaywm.nix), gated on
`features.swayDesktop.enable` (the option is declared in
[`system/modules/features.nix`](./system/modules/features.nix), so headless hosts
can leave it off without importing `swaywm.nix`). The greeter is forced to Dvorak
to match the console and Sway session. Headless hosts (the WSL work box and the
Raspberry Pi server) keep plain TTY login. The target account needs a password
(`passwd <user>`) before it can log in.
## MacBook (Asahi) firmware
The MBP host references `system/modules/firmware/` for Apple peripheral
firmware (Wi-Fi/Bluetooth). These blobs are **committed** (tracked) even though
`.gitignore` lists the directory: the flake is `git+file`, so it only sees
tracked files — untracking them breaks `lyrathorpe-mbp` evaluation (and the CI
host-eval) because the config can't find the firmware. They are not
redistributable; the repo is private.
To refresh them, copy the firmware extracted during the Asahi install (from
`/etc/nixos/firmware`, or re-extract per the
[Asahi NixOS docs](https://github.com/tpwrules/nixos-apple-silicon)) into
`system/modules/firmware/` and commit with `git add -f`.
## Development
A dev shell and a formatting/lint gate are wired through the flake:
- `nix develop` — shell with `deadnix`, `statix`, `treefmt`, and the git
`pre-commit` hooks (installed automatically on first entry).
- `nix fmt` — formats the tree via `treefmt` (nixfmt + shfmt + prettier;
generated files and `flake.lock` are excluded).
- `nix flake check` — runs formatting, `deadnix`, `statix`, the pre-commit
hooks, and evaluates every host. `.editorconfig` carries the base style;
`statix.toml` disables the two house-style lints (`repeated_keys`,
`empty_pattern`).
## CI
[`.gitea/workflows/ci.yaml`](./.gitea/workflows/ci.yaml) runs `nix flake check`
(formatting, `deadnix`, `statix`, the pre-commit hooks) and evaluates every
NixOS and Darwin host configuration on push/PR.
Reference in New Issue View Git Blame Copy Permalink