phase-1

home/bat.nix

@@ -1,10 +1,13 @@
-{ ... }:
+{ config, ... }:
+let
+  theme = import ../lib/theme.nix { inherit config; };
+in
 {
   programs.bat = {
     enable = true;
 
     config = {
-      theme = "gruvbox-dark";
+      theme = theme.batTheme theme.defaultMode;
     };
   };
 }

home/claude.nix

@@ -7,17 +7,16 @@ let
   claudePackage = inputs.claudeCode.packages.${pkgs.stdenv.hostPlatform.system}.default;
 in
 {
-  # Keep the managed Claude binary on the same path the live machine was using
-  # so the Nix package cleanly replaces the prior manual install.
   home.file.".local/bin/claude".source = "${claudePackage}/bin/claude";
-  home.file.".claude/CLAUDE.md".source = ../config/claude/CLAUDE.md;
-  home.file.".claude/commands" = {
+
+  xdg.configFile."claude/CLAUDE.md".source = ../config/claude/CLAUDE.md;
+  xdg.configFile."claude/commands" = {
     source = ../config/claude/commands;
     recursive = true;
   };
-  home.file.".claude/settings.json".source = ../config/claude/settings.json;
-  home.file.".claude/settings.local.json".source = ../config/claude/settings.local.json;
-  home.file.".claude/statusline.sh" = {
+  xdg.configFile."claude/settings.json".source = ../config/claude/settings.json;
+  xdg.configFile."claude/settings.local.json".source = ../config/claude/settings.local.json;
+  xdg.configFile."claude/statusline.sh" = {
     source = ../config/claude/statusline.sh;
     executable = true;
   };

home/common.nix

@@ -4,6 +4,8 @@
     ./bat.nix
     ./eza.nix
     ./claude.nix
+    ./xdg.nix
+    ./security.nix
     ./codex.nix
     ./fzf.nix
     ./gcloud.nix
@@ -25,4 +27,9 @@
   home.stateVersion = "24.11";
   programs.home-manager.enable = true;
   xdg.enable = true;
+
+  programs.zoxide = {
+    enable = true;
+    enableZshIntegration = true;
+  };
 }

home/default.nix

@@ -1,8 +1,19 @@
-{ ... }:
 {
-  imports = [
-    ./common.nix
-    ./colima.nix
-    ./rectangle.nix
-  ];
+  lib,
+  hostConfig,
+  ...
+}:
+{
+  imports =
+    [
+      ./common.nix
+    ]
+    ++ lib.optionals hostConfig.isDarwin [
+      ./colima.nix
+      ./rectangle.nix
+      ./karabiner.nix
+    ]
+    ++ lib.optionals hostConfig.isLinux [
+      ./netty-worktree.nix
+    ];
 }

home/ghostty.nix

@@ -2,6 +2,7 @@
   config,
   lib,
   pkgs,
+  hostConfig,
   ...
 }:
 let
@@ -40,7 +41,7 @@ let
     keybind = vim/i=deactivate_key_table
     keybind = vim/catch_all=ignore
     mouse-hide-while-typing = true
-    ${lib.optionalString pkgs.stdenv.isDarwin ''
+    ${lib.optionalString hostConfig.isDarwin ''
       macos-titlebar-style = hidden
       macos-option-as-alt = true
     ''}
@@ -57,7 +58,7 @@ in
 {
   programs.ghostty = {
     enable = true;
-    package = if pkgs.stdenv.isDarwin then pkgs.ghostty-bin else pkgs.ghostty;
+    package = if hostConfig.isDarwin then pkgs.ghostty-bin else pkgs.ghostty;
     installBatSyntax = true;
   };
 
@@ -69,7 +70,7 @@ in
   xdg.configFile."ghostty/themes/cozybox-dark".text = theme.renderGhostty "dark";
   xdg.configFile."ghostty/themes/cozybox-light".text = theme.renderGhostty "light";
 
-  home.file = lib.mkIf pkgs.stdenv.isDarwin {
+  home.file = lib.mkIf hostConfig.isDarwin {
     "Library/Application Support/com.mitchellh.ghostty/config.ghostty" = {
       text = ghosttyConfig;
       force = true;

home/git.nix

@@ -1,10 +1,40 @@
-{ ... }:
+{ config, ... }:
+let
+  theme = import ../lib/theme.nix { inherit config; };
+in
 {
   programs.git = {
     enable = true;
     lfs.enable = true;
     signing.format = "openpgp";
 
+    ignores = [
+      "*.swp"
+      "*.swo"
+      "*~"
+      ".DS_Store"
+      "Thumbs.db"
+      ".env"
+      ".env.local"
+      ".env.*.local"
+      ".vscode/"
+      ".idea/"
+      ".claude/"
+      "CLAUDE.md"
+      "node_modules/"
+      "__pycache__/"
+      "*.pyc"
+      "venv/"
+      ".venv/"
+      "build/"
+      "dist/"
+      "out/"
+      "target/"
+      "result"
+      "result-*"
+      ".direnv/"
+    ];
+
     settings = {
       user = {
         name = "Harivansh Rathi";
@@ -40,7 +70,7 @@
       };
 
       delta = {
-        "syntax-theme" = "gruvbox-dark";
+        "syntax-theme" = theme.deltaTheme theme.defaultMode;
         "hunk-header-style" = "omit";
         "minus-style" = ''syntax "#3c1f1e"'';
         "minus-emph-style" = ''syntax "#72261d"'';

home/lazygit.nix

@@ -1,12 +1,12 @@
 {
   lib,
-  pkgs,
+  hostConfig,
   ...
 }:
 {
   xdg.configFile."lazygit/config.yml".source = ../config/lazygit/config.yml;
 
-  home.file = lib.mkIf pkgs.stdenv.isDarwin {
+  home.file = lib.mkIf hostConfig.isDarwin {
     "Library/Application Support/lazygit/config.yml".source = ../config/lazygit/config.yml;
   };
 }

home/scripts.nix

@@ -2,6 +2,7 @@
   config,
   lib,
   pkgs,
+  hostConfig,
   ...
 }:
 let
@@ -10,7 +11,7 @@ in
 {
   home.packages =
     builtins.attrValues customScripts.commonPackages
-    ++ lib.optionals pkgs.stdenv.isDarwin (builtins.attrValues customScripts.darwinPackages);
+    ++ lib.optionals hostConfig.isDarwin (builtins.attrValues customScripts.darwinPackages);
 
   home.activation.initializeThemeState = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
     mkdir -p "${customScripts.theme.paths.stateDir}" "${customScripts.theme.paths.fzfDir}" "${customScripts.theme.paths.ghosttyDir}" "${customScripts.theme.paths.tmuxDir}"

home/security.nix

@@ -0,0 +1,26 @@
+{
+  config,
+  lib,
+  ...
+}:
+{
+  home.activation.secretPermissions = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
+    if [ -d "${config.home.homeDirectory}/.ssh" ]; then
+      $DRY_RUN_CMD chmod 700 "${config.home.homeDirectory}/.ssh"
+      for f in "${config.home.homeDirectory}/.ssh/"*; do
+        [ -f "$f" ] || continue
+        [ -L "$f" ] && continue
+        case "$f" in
+          *.pub|*/known_hosts|*/known_hosts.old)
+            $DRY_RUN_CMD chmod 644 "$f" ;;
+          *)
+            $DRY_RUN_CMD chmod 600 "$f" ;;
+        esac
+      done
+    fi
+    if [ -d "${config.home.homeDirectory}/.gnupg" ]; then
+      $DRY_RUN_CMD find "${config.home.homeDirectory}/.gnupg" -type d -exec chmod 700 {} +
+      $DRY_RUN_CMD find "${config.home.homeDirectory}/.gnupg" -type f -exec chmod 600 {} +
+    fi
+  '';
+}

home/xdg.nix

@@ -0,0 +1,93 @@
+{
+  config,
+  lib,
+  hostConfig,
+  ...
+}:
+let
+  f = hostConfig.features;
+in
+{
+  home.sessionVariables = lib.mkMerge [
+    {
+      LESSHISTFILE = "-";
+      WGETRC = "${config.xdg.configHome}/wgetrc";
+    }
+    (lib.mkIf (f.rust or false) {
+      CARGO_HOME = "${config.xdg.dataHome}/cargo";
+      RUSTUP_HOME = "${config.xdg.dataHome}/rustup";
+    })
+    (lib.mkIf (f.go or false) {
+      GOPATH = "${config.xdg.dataHome}/go";
+      GOMODCACHE = "${config.xdg.cacheHome}/go/mod";
+    })
+    (lib.mkIf (f.node or false) {
+      NPM_CONFIG_USERCONFIG = "${config.xdg.configHome}/npm/npmrc";
+      NODE_REPL_HISTORY = "${config.xdg.stateHome}/node_repl_history";
+      PNPM_HOME = "${config.xdg.dataHome}/pnpm";
+      PNPM_NO_UPDATE_NOTIFIER = "true";
+    })
+    (lib.mkIf (f.python or false) {
+      PYTHONSTARTUP = "${config.xdg.configHome}/python/pythonrc";
+      PYTHON_HISTORY = "${config.xdg.stateHome}/python_history";
+      PYTHONPYCACHEPREFIX = "${config.xdg.cacheHome}/python";
+      PYTHONUSERBASE = "${config.xdg.dataHome}/python";
+    })
+    (lib.mkIf (f.docker or false) {
+      DOCKER_CONFIG = "${config.xdg.configHome}/docker";
+    })
+    (lib.mkIf (f.aws or false) {
+      AWS_SHARED_CREDENTIALS_FILE = "${config.xdg.configHome}/aws/credentials";
+      AWS_CONFIG_FILE = "${config.xdg.configHome}/aws/config";
+    })
+    (lib.mkIf (f.claude or false) {
+      CLAUDE_CONFIG_DIR = "${config.xdg.configHome}/claude";
+    })
+    {
+      PSQL_HISTORY = "${config.xdg.stateHome}/psql_history";
+      SQLITE_HISTORY = "${config.xdg.stateHome}/sqlite_history";
+    }
+  ];
+
+  home.sessionPath = lib.mkMerge [
+    [ "${config.home.homeDirectory}/.local/bin" ]
+    (lib.mkIf (f.rust or false) [ "${config.xdg.dataHome}/cargo/bin" ])
+    (lib.mkIf (f.go or false) [ "${config.xdg.dataHome}/go/bin" ])
+    (lib.mkIf (f.node or false) [ "${config.xdg.dataHome}/pnpm" ])
+  ];
+
+  xdg.configFile."npm/npmrc" = lib.mkIf (f.node or false) {
+    text = ''
+      prefix=''${XDG_DATA_HOME}/npm
+      cache=''${XDG_CACHE_HOME}/npm
+      init-module=''${XDG_CONFIG_HOME}/npm/config/npm-init.js
+    '';
+  };
+
+  xdg.configFile."python/pythonrc" = lib.mkIf (f.python or false) {
+    text = ''
+      import atexit
+      import os
+      import readline
+
+      history = os.path.join(os.environ.get('XDG_STATE_HOME', os.path.expanduser('~/.local/state')), 'python_history')
+
+      try:
+          readline.read_history_file(history)
+      except OSError:
+          pass
+
+      def write_history():
+          try:
+              readline.write_history_file(history)
+          except OSError:
+              pass
+
+      atexit.register(write_history)
+    '';
+  };
+
+  xdg.configFile."wgetrc".text = ''
+    hsts_file = ${config.xdg.stateHome}/wget-hsts
+  '';
+}

home/zsh.nix

@@ -2,8 +2,12 @@
   config,
   lib,
   pkgs,
+  hostConfig,
   ...
 }:
+let
+  theme = import ../lib/theme.nix { inherit config; };
+in
 {
   home.file.".oh-my-zsh/custom/themes/agnoster.zsh-theme".source = ../config/agnoster.zsh-theme;
 
@@ -22,6 +26,17 @@
     autosuggestion.enable = true;
     syntaxHighlighting.enable = true;
 
+    history = {
+      size = 50000;
+      save = 50000;
+      ignoreDups = true;
+      ignoreAllDups = true;
+      ignoreSpace = true;
+      extended = true;
+      append = true;
+      path = "${config.xdg.stateHome}/zsh_history";
+    };
+
     shellAliases = {
       co = "codex --dangerously-bypass-approvals-and-sandbox";
       ca = "cursor-agent";
@@ -38,7 +53,7 @@
       lg = "lazygit";
       nim = "nvim .";
     }
-    // lib.optionalAttrs pkgs.stdenv.isDarwin {
+    // lib.optionalAttrs hostConfig.isDarwin {
       tailscale = "/Applications/Tailscale.app/Contents/MacOS/Tailscale";
     };
 
@@ -48,7 +63,7 @@
       fi
       export NODE_NO_WARNINGS=1
     ''
-    + lib.optionalString pkgs.stdenv.isDarwin ''
+    + lib.optionalString hostConfig.isDarwin ''
       # Ghostty shell integration expects a resource directory; the Nix app
       # bundle lives in the store instead of /Applications.
       export GHOSTTY_RESOURCES_DIR="${pkgs.ghostty-bin}/Applications/Ghostty.app/Contents/Resources/ghostty"
@@ -80,29 +95,21 @@
           source ~/.secrets
         fi
 
-        eval "$(zoxide init zsh)"
-
         [ -s "$HOME/.bun/_bun" ] && source "$HOME/.bun/_bun"
 
         export BUN_INSTALL="$HOME/.bun"
-        export PNPM_HOME="${
-          if pkgs.stdenv.isDarwin then "$HOME/Library/pnpm" else "${config.xdg.dataHome}/pnpm"
-        }"
-        bindkey -v
         typeset -U path PATH
         path=(
           "$HOME/.amp/bin"
-          "$PNPM_HOME"
           "$BUN_INSTALL/bin"
           "$HOME/.antigravity/antigravity/bin"
           "$HOME/.opencode/bin"
           "${pkgs.postgresql_17}/bin"
-          "$HOME/.local/bin"
           "$HOME/.nix-profile/bin"
           "/etc/profiles/per-user/${config.home.username}/bin"
           "/run/current-system/sw/bin"
           "/nix/var/nix/profiles/default/bin"
-          ${lib.optionalString pkgs.stdenv.isDarwin ''
+          ${lib.optionalString hostConfig.isDarwin ''
             "/opt/homebrew/bin"
             "/opt/homebrew/sbin"
           ''}
@@ -132,63 +139,9 @@
           typeset -gA ZSH_HIGHLIGHT_STYLES
 
           if [[ "$mode" == light ]]; then
-            ZSH_HIGHLIGHT_STYLES[arg0]='fg=#427b58'
-            ZSH_HIGHLIGHT_STYLES[autodirectory]='fg=#427b58,underline'
-            ZSH_HIGHLIGHT_STYLES[back-dollar-quoted-argument]='fg=#076678'
-            ZSH_HIGHLIGHT_STYLES[back-double-quoted-argument]='fg=#076678'
-            ZSH_HIGHLIGHT_STYLES[back-quoted-argument-delimiter]='fg=#8f3f71'
-            ZSH_HIGHLIGHT_STYLES[bracket-error]='fg=#ea6962,bold'
-            ZSH_HIGHLIGHT_STYLES[bracket-level-1]='fg=#076678,bold'
-            ZSH_HIGHLIGHT_STYLES[bracket-level-2]='fg=#427b58,bold'
-            ZSH_HIGHLIGHT_STYLES[bracket-level-3]='fg=#8f3f71,bold'
-            ZSH_HIGHLIGHT_STYLES[bracket-level-4]='fg=#b57614,bold'
-            ZSH_HIGHLIGHT_STYLES[bracket-level-5]='fg=#076678,bold'
-            ZSH_HIGHLIGHT_STYLES[comment]='fg=#928374'
-            ZSH_HIGHLIGHT_STYLES[command-substitution-delimiter]='fg=#8f3f71'
-            ZSH_HIGHLIGHT_STYLES[dollar-double-quoted-argument]='fg=#076678'
-            ZSH_HIGHLIGHT_STYLES[dollar-quoted-argument]='fg=#b57614'
-            ZSH_HIGHLIGHT_STYLES[double-quoted-argument]='fg=#b57614'
-            ZSH_HIGHLIGHT_STYLES[global-alias]='fg=#076678'
-            ZSH_HIGHLIGHT_STYLES[globbing]='fg=#076678'
-            ZSH_HIGHLIGHT_STYLES[history-expansion]='fg=#076678'
-            ZSH_HIGHLIGHT_STYLES[path]='fg=#3c3836,underline'
-            ZSH_HIGHLIGHT_STYLES[precommand]='fg=#427b58,underline'
-            ZSH_HIGHLIGHT_STYLES[process-substitution-delimiter]='fg=#8f3f71'
-            ZSH_HIGHLIGHT_STYLES[rc-quote]='fg=#076678'
-            ZSH_HIGHLIGHT_STYLES[redirection]='fg=#b57614'
-            ZSH_HIGHLIGHT_STYLES[reserved-word]='fg=#b57614'
-            ZSH_HIGHLIGHT_STYLES[single-quoted-argument]='fg=#b57614'
-            ZSH_HIGHLIGHT_STYLES[suffix-alias]='fg=#427b58,underline'
-            ZSH_HIGHLIGHT_STYLES[unknown-token]='fg=#ea6962,bold'
+            ${theme.renderZshHighlights "light"}
           else
-            ZSH_HIGHLIGHT_STYLES[arg0]='fg=#8ec97c'
-            ZSH_HIGHLIGHT_STYLES[autodirectory]='fg=#8ec97c,underline'
-            ZSH_HIGHLIGHT_STYLES[back-dollar-quoted-argument]='fg=#8ec07c'
-            ZSH_HIGHLIGHT_STYLES[back-double-quoted-argument]='fg=#8ec07c'
-            ZSH_HIGHLIGHT_STYLES[back-quoted-argument-delimiter]='fg=#d3869b'
-            ZSH_HIGHLIGHT_STYLES[bracket-error]='fg=#ea6962,bold'
-            ZSH_HIGHLIGHT_STYLES[bracket-level-1]='fg=#5b84de,bold'
-            ZSH_HIGHLIGHT_STYLES[bracket-level-2]='fg=#8ec97c,bold'
-            ZSH_HIGHLIGHT_STYLES[bracket-level-3]='fg=#d3869b,bold'
-            ZSH_HIGHLIGHT_STYLES[bracket-level-4]='fg=#d8a657,bold'
-            ZSH_HIGHLIGHT_STYLES[bracket-level-5]='fg=#8ec07c,bold'
-            ZSH_HIGHLIGHT_STYLES[comment]='fg=#7c6f64'
-            ZSH_HIGHLIGHT_STYLES[command-substitution-delimiter]='fg=#d3869b'
-            ZSH_HIGHLIGHT_STYLES[dollar-double-quoted-argument]='fg=#8ec07c'
-            ZSH_HIGHLIGHT_STYLES[dollar-quoted-argument]='fg=#d8a657'
-            ZSH_HIGHLIGHT_STYLES[double-quoted-argument]='fg=#d8a657'
-            ZSH_HIGHLIGHT_STYLES[global-alias]='fg=#8ec07c'
-            ZSH_HIGHLIGHT_STYLES[globbing]='fg=#5b84de'
-            ZSH_HIGHLIGHT_STYLES[history-expansion]='fg=#5b84de'
-            ZSH_HIGHLIGHT_STYLES[path]='fg=#d4be98,underline'
-            ZSH_HIGHLIGHT_STYLES[precommand]='fg=#8ec97c,underline'
-            ZSH_HIGHLIGHT_STYLES[process-substitution-delimiter]='fg=#d3869b'
-            ZSH_HIGHLIGHT_STYLES[rc-quote]='fg=#8ec07c'
-            ZSH_HIGHLIGHT_STYLES[redirection]='fg=#d8a657'
-            ZSH_HIGHLIGHT_STYLES[reserved-word]='fg=#d8a657'
-            ZSH_HIGHLIGHT_STYLES[single-quoted-argument]='fg=#d8a657'
-            ZSH_HIGHLIGHT_STYLES[suffix-alias]='fg=#8ec97c,underline'
-            ZSH_HIGHLIGHT_STYLES[unknown-token]='fg=#ea6962,bold'
+            ${theme.renderZshHighlights "dark"}
           fi
 
           typeset -g _CODEX_LAST_HIGHLIGHT_THEME="$mode"
@@ -249,7 +202,7 @@
 
         _codex_apply_highlight_styles
 
-        ${lib.optionalString pkgs.stdenv.isDarwin ''
+        ${lib.optionalString hostConfig.isDarwin ''
           if command -v wt >/dev/null 2>&1; then
             eval "$(command wt config shell init zsh)"