diff --git a/config/nvim/after/plugin/lsp.lua b/config/nvim/after/plugin/lsp.lua index 76ce7cb..80e54e9 100644 --- a/config/nvim/after/plugin/lsp.lua +++ b/config/nvim/after/plugin/lsp.lua @@ -1,3 +1,5 @@ +pcall(vim.cmd.packadd, "blink.cmp") + local lsp = require "config.lsp" vim.lsp.config("*", { diff --git a/config/nvim/lua/config/lsp.lua b/config/nvim/lua/config/lsp.lua index 62fc24f..43661c2 100644 --- a/config/nvim/lua/config/lsp.lua +++ b/config/nvim/lua/config/lsp.lua @@ -2,15 +2,17 @@ local M = {} local cached_capabilities local function load_blink() - local ok_lz, lz = pcall(require, "lz.n") - if ok_lz then pcall(lz.trigger_load, "saghen/blink.cmp") end + pcall(vim.cmd.packadd, "blink.cmp") local ok_blink, blink = pcall(require, "blink.cmp") if ok_blink then return blink end - pcall(vim.cmd.packadd, "blink.cmp") - ok_blink, blink = pcall(require, "blink.cmp") - if ok_blink then return blink end + local ok_lz, lz = pcall(require, "lz.n") + if ok_lz then + pcall(lz.trigger_load, "saghen/blink.cmp") + ok_blink, blink = pcall(require, "blink.cmp") + if ok_blink then return blink end + end end function M.on_attach(_, bufnr) @@ -33,7 +35,7 @@ function M.capabilities() local capabilities = vim.lsp.protocol.make_client_capabilities() local blink = load_blink() if blink and blink.get_lsp_capabilities then - capabilities = blink.get_lsp_capabilities(capabilities) + capabilities = vim.tbl_deep_extend("force", capabilities, blink.get_lsp_capabilities({}, false)) end cached_capabilities = capabilities diff --git a/home/nvim.nix b/home/nvim.nix index a611728..9f46fe2 100644 --- a/home/nvim.nix +++ b/home/nvim.nix @@ -64,8 +64,7 @@ in recursive = true; }; - xdg.configFile."nvim/nvim-pack-lock.json".source = - config.lib.file.mkOutOfStoreSymlink packLockPath; + xdg.configFile."nvim/nvim-pack-lock.json".source = config.lib.file.mkOutOfStoreSymlink packLockPath; home.activation.seedNvimPackLock = lib.hm.dag.entryAfter [ "writeBoundary" ] '' state_dir="${config.xdg.stateHome}/nvim" diff --git a/leverage.txt b/leverage.txt new file mode 100644 index 0000000..d8cd50e --- /dev/null +++ b/leverage.txt @@ -0,0 +1,15 @@ +[flake.nix](./flake.nix) is the root lever: one flake, one lockfile, one graph for both macOS and Linux. [modules/hosts/darwin.nix](./modules/hosts/darwin.nix) composes `nix-darwin`, `home-manager`, and `nix-homebrew`; [modules/hosts/netty.nix](./modules/hosts/netty.nix) composes `nixosSystem`, `disko`, and `home-manager`. The point is not “using Nix”; it is collapsing laptop state and VPS state into one reproducible interface. + +[modules/nixpkgs.nix](./modules/nixpkgs.nix) and [lib/hosts.nix](./lib/hosts.nix) are the next leverage layer. They define the global `username`, per-host metadata, feature flags, and the `specialArgs` boundary. That removes random `isDarwin` checks from leaf modules and turns host differences into data. + +[lib/package-sets.nix](./lib/package-sets.nix), [modules/base.nix](./modules/base.nix), [modules/packages.nix](./modules/packages.nix), and [modules/homebrew.nix](./modules/homebrew.nix) are the package policy. `core`, `extras`, and `fonts` give one place to reason about the machine surface; custom inputs like `googleworkspace-cli`, `claude-code-nix`, `OpenSpec`, `neovim-nightly`, `nix-homebrew`, and `disko` are pinned in [flake.nix](./flake.nix) instead of installed ad hoc. + +[home/default.nix](./home/default.nix) and [home/common.nix](./home/common.nix) turn Home Manager into the userland control plane. [home/xdg.nix](./home/xdg.nix) pushes Rust, Go, Node, Python, AWS, Claude, npm, wget, psql, and sqlite into XDG paths; [home/security.nix](./home/security.nix) fixes SSH and GPG permissions on activation; [home/migration.nix](./home/migration.nix) cleans legacy `~/dots` links during the cutover instead of relying on manual cleanup. + +[lib/theme.nix](./lib/theme.nix), [home/ghostty.nix](./home/ghostty.nix), [home/tmux.nix](./home/tmux.nix), [home/zsh.nix](./home/zsh.nix), and [home/scripts.nix](./home/scripts.nix) are the ergonomic leverage. One palette renders Ghostty, tmux, fzf, zsh highlights, bat, and delta. The generated `theme` script hot-swaps light/dark across those surfaces. tmux gets session restore, directory-based window names, and a generated session list; zsh gets vi mode, cursor-shape switching, XDG history, prompt theming, and deterministic PATH assembly. + +[home/nvim.nix](./home/nvim.nix), [home/codex.nix](./home/codex.nix), [home/claude.nix](./home/claude.nix), and [home/skills.nix](./home/skills.nix) are the agent/editor layer. Neovim is pinned with the nightly overlay and seeded lockfile state; Codex and Claude configs are repo-owned; global skills are installed declaratively via `npx skills add -g` and hash-stamped so the activation only resyncs when the manifest changes. + +[scripts/default.nix](./scripts/default.nix), [justfile](./justfile), [scripts/render-bw-shell-secrets.sh](./scripts/render-bw-shell-secrets.sh), and [scripts/restore-bw-files.sh](./scripts/restore-bw-files.sh) are the operational leverage. `writeShellApplication` turns local scripts into managed tools (`ga`, `ghpr`, `gpr`, `ni`, `theme`, `wt`, `wtc`); Bitwarden stays the secret source of truth; `just switch`, `just switch-netty`, and `nixos-anywhere` keep deployment small. + +Finally, [hosts/netty/configuration.nix](./hosts/netty/configuration.nix) turns the VPS into a declarative service bundle: static networking, nginx + ACME, Forgejo with GitHub mirror sync, sandbox-agent plus its CORS proxy, bounded GC/journald retention, and a machine that can be rebuilt instead of repaired. diff --git a/nix-maxxing.txt b/nix-maxxing.txt deleted file mode 100644 index 79c8244..0000000 --- a/nix-maxxing.txt +++ /dev/null @@ -1,173 +0,0 @@ -Nix Config - Architecture and Operations Guide -================================================ - -1. STATIC IP ----------------------------- -DHCP on a VPS is dangerous. If the DHCP lease expires or the server -reboots while the DHCP server is unreachable, the machine loses its IP -and becomes inaccessible via SSH. - -Static config in hosts/netty/configuration.nix: - - IP: 152.53.195.59/22 - - Gateway: 152.53.192.1 - - Interface: ens3 - - DNS: 1.1.1.1, 8.8.8.8 - -Always verify the interface name with `ip link show` before changing -network config. Keep VNC console access available as a fallback. - - -2. HOST ABSTRACTION (hostConfig) ---------------------------------- -lib/hosts.nix defines each machine with: - - isDarwin / isLinux / isNixOS booleans - - features map (rust, go, node, python, aws, claude, docker, tex) - -modules/nixpkgs.nix passes hostConfig via specialArgs so all home-manager -modules can use it. This replaces scattered `pkgs.stdenv.isDarwin` checks. - -To add a new host: - 1. Add entry to lib/hosts.nix with all fields - 2. Create hosts//configuration.nix (NixOS) or add darwin case - 3. Add host output in modules/hosts/.nix - 4. home/default.nix auto-selects modules based on hostConfig flags - -home/default.nix is the unified entry point - no separate per-host home -modules needed. - - -3. XDG COMPLIANCE ------------------- -home/xdg.nix sets environment variables so tools respect XDG dirs: - - CARGO_HOME -> $XDG_DATA_HOME/cargo - RUSTUP_HOME -> $XDG_DATA_HOME/rustup - GOPATH -> $XDG_DATA_HOME/go - GOMODCACHE -> $XDG_CACHE_HOME/go/mod - NPM_CONFIG_USERCONFIG -> $XDG_CONFIG_HOME/npm/npmrc - NODE_REPL_HISTORY -> $XDG_STATE_HOME/node_repl_history - PYTHON_HISTORY -> $XDG_STATE_HOME/python_history - AWS_CONFIG_FILE -> $XDG_CONFIG_HOME/aws/config - DOCKER_CONFIG -> $XDG_CONFIG_HOME/docker - CLAUDE_CONFIG_DIR -> $XDG_CONFIG_HOME/claude - PSQL_HISTORY -> $XDG_STATE_HOME/psql_history - SQLITE_HISTORY -> $XDG_STATE_HOME/sqlite_history - LESSHISTFILE -> "-" (disabled) - -All gated by hostConfig.features so tools only get configured when -the feature flag is set for that host. - - -4. SECURITY MODULE -------------------- -home/security.nix runs activation scripts on every `home-manager switch`: - - ~/.ssh/ dir: 700, private keys: 600, pub/known_hosts/config: 644 - - ~/.gnupg/ dirs: 700, files: 600 - -No manual chmod needed after restoring keys from Bitwarden. - - -5. THEME SYSTEM ----------------- -lib/theme.nix is the single source of truth for colors. - -Shared palette (gruvbox-inspired) used across: - - Ghostty terminal (renderGhostty) - - Tmux status bar (renderTmux) - - fzf color scheme (renderFzf) - - Zsh syntax highlighting (renderZshHighlights) - - Bat (batTheme) - - Git delta (deltaTheme) - -Runtime toggle: `theme toggle` writes "light" or "dark" to -$XDG_STATE_HOME/theme/current, then updates Ghostty, tmux, fzf, -and Neovim (via RPC) live. Bat and delta are static at build time. - - -6. SHELL SETUP ---------------- -Pure prompt with gruvbox-colored git integration. Async git status -(no blocking on large repos). Colors defined in lib/theme.nix via -renderPurePrompt - adapts to light/dark mode at runtime. -Vim mode via defaultKeymap = "viins" with cursor shape switching -(beam for insert, block for normal). - -History: 50k entries, dedup, ignoreSpace, extended format, stored at -$XDG_STATE_HOME/zsh_history. - -zoxide: declarative via programs.zoxide (no manual eval). - -PATH: managed via home.sessionPath in xdg.nix + initContent block -in zsh.nix for entries that need conditional logic. - - -7. SERVER SERVICES (netty) ---------------------------- -All in hosts/netty/configuration.nix: - -Nginx reverse proxy with ACME SSL: - - netty.harivan.sh -> 127.0.0.1:2470 (sandbox agent) - - git.harivan.sh -> 127.0.0.1:3000 (forgejo) - -Forgejo: - - Self-hosted git, registration disabled - - Runs as git user on port 3000 - - GitHub mirror sync via hourly systemd timer - - Requires /etc/forgejo-mirror.env with GITHUB_TOKEN, FORGEJO_TOKEN, - FORGEJO_OWNER - -Sandbox Agent: - - System-level systemd services (not user units) - - sandbox-agent on :2470, env from ~/.config/sandbox-agent/agent.env - - sandbox-cors-proxy on :2468 (Node.js) - - No cloudflared - nginx handles SSL termination - -Garbage collection: 3-day retention (vs 14-day on darwin). -Disk guards: min-free 100MB, max-free 1GB. -Journald: 1-week retention. - - -8. DEPLOY COMMANDS -------------------- -Darwin (local): - just switch - -Netty (from mac): - just switch-netty - -First-time netty install: - nix run github:nix-community/nixos-anywhere -- \ - --flake .#netty --target-host netty --build-on-remote - - -9. ROLLBACK -------------- -Each phase is a separate git commit. - -NixOS rollback: - ssh netty "nixos-rebuild switch --rollback" - -Or boot previous generation from GRUB (3 kept). - -Darwin rollback: - git revert && just switch - -Home Manager rollback: - home-manager generations # list - home-manager switch --flake .# # after git revert - - -10. FEATURE FLAGS REFERENCE ------------------------------ -| Feature | darwin | netty | -|---------|--------|-------| -| rust | yes | yes | -| go | yes | yes | -| node | yes | yes | -| python | yes | yes | -| aws | yes | yes | -| claude | yes | yes | -| docker | yes | no | -| tex | yes | no | - -Set in lib/hosts.nix, consumed by home/xdg.nix and lib/package-sets.nix.