clean wt rm etc

2026-04-15 05:02:10 +00:00 · 2026-03-30 22:59:49 -04:00 · 2026-03-30 22:59:49 -04:00 · 23f876dc7c
commit 23f876dc7c
parent 4b436bdbfa
12 changed files with 16 additions and 202 deletions
--- a/ci/agentcomputer-cli-stub/flake.nix
+++ b/ci/agentcomputer-cli-stub/flake.nix
@ -1,30 +0,0 @@
 {
  description = "CI stub for the local agentcomputer-cli flake input";
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
  outputs =
    { nixpkgs, ... }:
    let
      systems = [
        "aarch64-darwin"
        "x86_64-darwin"
        "aarch64-linux"
        "x86_64-linux"
      ];
      forAllSystems = nixpkgs.lib.genAttrs systems;
    in
    {
      packages = forAllSystems (
        system:
        let
          pkgs = import nixpkgs { inherit system; };
        in
        {
          default = pkgs.writeShellScriptBin "aicomputer" ''
            echo "agentcomputer-cli CI stub"
          '';
        }
      );
    };
 }
--- a/docs/secrets.md
+++ b/docs/secrets.md
@ -1,80 +0,0 @@
 # Secrets
 ## Current Model
 This repo does not store secret values in Nix.
 Instead:
 - Bitwarden vault items are the current source of truth for imported machine
  secrets
 - Nix/Home Manager owns the integration points
 - generated runtime files live outside the repo under `~/.config/secrets`
 That boundary matters because the Nix store is not the right place for real
 secret values.
 ## What Is Already Wired
 - [home/zsh.nix](/Users/rathi/Documents/GitHub/nix/home/zsh.nix) sources
  `~/.config/secrets/shell.zsh` when present
 - [scripts/render-bw-shell-secrets.sh](/Users/rathi/Documents/GitHub/nix/scripts/render-bw-shell-secrets.sh)
  renders that file from Bitwarden vault items
 - [scripts/restore-bw-files.sh](/Users/rathi/Documents/GitHub/nix/scripts/restore-bw-files.sh)
  restores file-based credentials and SSH material from Bitwarden vault items
 - [justfile](/Users/rathi/Documents/GitHub/nix/justfile) exposes this as
  `just secrets-sync` and `just secrets-restore-files`
 ## Daily Shell Flow
 ```bash
 export BW_SESSION="$(bw unlock --raw)"
 just secrets-sync
 exec zsh -l
 ```
 That flow currently materializes:
 - `OPENAI_API_KEY`
 - `GREPTILE_API_KEY`
 - `CONTEXT7_API_KEY`
 - `MISTRAL_API_KEY`
 ## Machine Secret Coverage
 The Bitwarden vault now holds:
 - API keys and CLI tokens
 - AWS default credentials
 - GCloud ADC
 - Stripe CLI config
 - Codex auth
 - Vercel auth
 - SSH configs
 - SSH private keys
 The vault is currently the backup/recovery source of truth for those values.
 ## Sandbox Strategy
 For a fresh sandbox or new machine, the clean bootstrap is:
 1. `darwin-rebuild switch` or Home Manager activation
 2. authenticate `bw`
 3. `just secrets-sync`
 4. `just secrets-restore-files`
 That gives you a usable dev shell quickly without committing any secret values
 into the repo.
 ## Future Upgrade
 If you want fully non-interactive sandbox secret injection, the next step is to
 move the env-style secrets from normal Bitwarden vault items into Bitwarden
 Secrets Manager (`bws`) and keep file-based credentials and SSH material in the
 normal vault.
 That would give you:
 - `bws` for machine/app secrets
 - `bw` for human-managed vault items, SSH material, and recovery data
--- a/flake.nix
+++ b/flake.nix
@ -1,5 +1,5 @@
 {
-  description = "Rathi's macOS nix-darwin + NixOS + Home Manager config";
+  description = "Hari's nix config";
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
@ -25,11 +25,6 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    agentcomputer-cli = {
      url = "path:/Users/rathi/Documents/GitHub/companion/agentcomputer/apps/cli";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    openspec = {
      url = "github:Fission-AI/OpenSpec";
    };
--- a/home/bat.nix
+++ b/home/bat.nix
@ -1,7 +1,4 @@
-{ config, ... }:
+{ theme, ... }:
 let
  theme = import ../lib/theme.nix { inherit config; };
 in
 {
  programs.bat = {
    enable = true;
--- a/home/common.nix
+++ b/home/common.nix
@ -1,5 +1,7 @@
-{ ... }:
+{ config, ... }:
 {
  _module.args.theme = import ../lib/theme.nix { inherit config; };
  imports = [
    ./bat.nix
    ./eza.nix
--- a/home/fzf.nix
+++ b/home/fzf.nix
@ -1,7 +1,4 @@
-{ config, ... }:
+{ theme, ... }:
 let
  theme = import ../lib/theme.nix { inherit config; };
 in
 {
  home.sessionVariables = {
    FZF_DEFAULT_OPTS_FILE = theme.paths.fzfCurrentFile;
--- a/home/ghostty.nix
+++ b/home/ghostty.nix
@ -1,12 +1,11 @@
 {
  config,
  lib,
  pkgs,
  hostConfig,
  theme,
  ...
 }:
 let
  theme = import ../lib/theme.nix { inherit config; };
  ghosttyConfig = ''
    theme = "cozybox-current"
    font-family = Berkeley Mono
--- a/home/git.nix
+++ b/home/git.nix
@ -1,7 +1,4 @@
-{ config, ... }:
+{ theme, ... }:
 let
  theme = import ../lib/theme.nix { inherit config; };
 in
 {
  programs.git = {
    enable = true;
--- a/home/prompt.nix
+++ b/home/prompt.nix
@ -1,12 +1,9 @@
 {
  config,
  lib,
  pkgs,
  theme,
  ...
 }:
 let
  theme = import ../lib/theme.nix { inherit config; };
 in
 {
  home.packages = [ pkgs.pure-prompt ];
@ -38,12 +35,14 @@ in
        typeset -g prompt_pure_git_branch_color=$prompt_pure_colors[git:branch]
        [[ -n ''${prompt_pure_git_last_dirty_check_timestamp+x} ]] && prompt_pure_git_branch_color=$prompt_pure_colors[git:branch:cached]
-        # Branch + arrows turn yellow when dirty
+        # Branch, arrows, and prompt symbol turn yellow when dirty
        if [[ -n $prompt_pure_git_dirty ]]; then
          prompt_pure_git_branch_color=$prompt_pure_colors[git:dirty]
          prompt_pure_colors[git:arrow]=$prompt_pure_colors[git:dirty]
          prompt_pure_colors[prompt:success]=$prompt_pure_colors[git:dirty]
        else
          prompt_pure_colors[git:arrow]=$_codex_pure_default_arrow
          prompt_pure_colors[prompt:success]=$_codex_pure_default_success
        fi
        psvar[12]=; ((''${(M)#jobstates:#suspended:*} != 0)) && psvar[12]=''${PURE_SUSPENDED_JOBS_SYMBOL:-✦}
@ -66,6 +65,7 @@ in
      }
      typeset -g _codex_pure_default_arrow=$prompt_pure_colors[git:arrow]
      typeset -g _codex_pure_default_success=$prompt_pure_colors[prompt:success]
      _codex_apply_prompt_theme() {
        local mode="$(_codex_read_theme_mode)"
@ -78,6 +78,7 @@ in
        fi
        typeset -g _codex_pure_default_arrow=$prompt_pure_colors[git:arrow]
        typeset -g _codex_pure_default_success=$prompt_pure_colors[prompt:success]
        typeset -g _CODEX_LAST_PROMPT_THEME="$mode"
      }
    '')
--- a/home/tmux.nix
+++ b/home/tmux.nix
@ -1,12 +1,9 @@
 {
  config,
  lib,
  pkgs,
  theme,
  ...
 }:
 let
  theme = import ../lib/theme.nix { inherit config; };
 in
 {
  programs.tmux = {
    enable = true;
--- a/home/zsh.nix
+++ b/home/zsh.nix
@ -3,11 +3,9 @@
  lib,
  pkgs,
  hostConfig,
  theme,
  ...
 }:
 let
  theme = import ../lib/theme.nix { inherit config; };
 in
 {
  programs.zsh = {
    enable = true;
@ -156,12 +154,6 @@ in
        _codex_apply_prompt_theme
        _codex_apply_highlight_styles
        ${lib.optionalString hostConfig.isDarwin ''
          if command -v wt >/dev/null 2>&1; then
            eval "$(command wt config shell init zsh)"
            wtc() { wt switch --create --base @ "$@"; }
          fi
        ''}
      '')
      (lib.mkAfter ''
--- a/lib/package-sets.nix
+++ b/lib/package-sets.nix
@ -6,56 +6,8 @@
 let
  gwsPackage = inputs.googleworkspace-cli.packages.${pkgs.stdenv.hostPlatform.system}.default;
  claudePackage = inputs.claudeCode.packages.${pkgs.stdenv.hostPlatform.system}.default;
  agentcomputerPackage = inputs.agentcomputer-cli.packages.${pkgs.stdenv.hostPlatform.system}.default;
  openspecPackage = inputs.openspec.packages.${pkgs.stdenv.hostPlatform.system}.default;
  graphite = pkgs.stdenvNoCC.mkDerivation rec {
    pname = "graphite";
    version = "1.7.20";
    src = pkgs.fetchurl {
      url = "https://github.com/withgraphite/homebrew-tap/releases/download/v${version}/gt-macos-arm64";
      hash = "sha256-ho9VQw1ic3jhG3yxNwUL0W1WvNFku9zw6DQnGehs7+8=";
    };
    dontUnpack = true;
    installPhase = ''
      install -Dm755 "$src" "$out/bin/gt"
    '';
    meta = {
      description = "Manage stacked Git changes and submit them for review";
      homepage = "https://graphite.dev/";
      license = lib.licenses.agpl3Only;
      mainProgram = "gt";
      platforms = lib.platforms.darwin;
    };
  };
  worktrunk = pkgs.rustPlatform.buildRustPackage rec {
    pname = "worktrunk";
    version = "0.23.1";
    src = pkgs.fetchurl {
      url = "https://github.com/max-sixty/worktrunk/archive/refs/tags/v${version}.tar.gz";
      hash = "sha256-cdQDUz7to3JkriWE9i5iJ2RftJFZivw7CTwGxDZPAqw=";
    };
    cargoHash = "sha256-DHjwNqMiVkWqL3CuOCITvyqkdKe+GOZ2nlMSstDIcTg=";
    doCheck = false;
    meta = {
      description = "CLI for Git worktree management";
      homepage = "https://worktrunk.dev";
      license = with lib.licenses; [
        asl20
        mit
      ];
      mainProgram = "wt";
      platforms = lib.platforms.darwin;
    };
  };
 in
 {
  core = with pkgs; [
@ -107,15 +59,10 @@ in
      yt-dlp
    ])
    ++ lib.optionals pkgs.stdenv.isDarwin [
      agentcomputerPackage
      pkgs.texliveFull
    ]
    ++ [
      openspecPackage
    ]
    ++ lib.optionals pkgs.stdenv.isDarwin [
      graphite
      worktrunk
    ];
  fonts = with pkgs; [