# Machine Audit This is the baseline inventory used to seed the first pass of this Nix config. ## Host Summary - Machine: `hari-macbook-pro` - Hostname: `hari-macbook-pro.local` - Platform: `arm64-darwin` - OS: macOS `26.3` (`25D5112c`) - Nix: `2.34.1` - `darwin-rebuild`: not installed yet ## Filesystem Roots Checked Top-level roots on `/`: - `Applications` - `Library` - `System` - `Users` - `nix` - `opt` - `private` - `usr` Large user-owned roots spotted during audit: - `/Users/rathi` - `/Users/rathi/Documents` - `/Users/rathi/Library` - `/Users/rathi/.config` - `/Users/rathi/.local` - `/opt/homebrew` ## Live Dotfiles Source Of Truth The live machine is wired to `~/dots`, not `~/Documents/GitHub/dots`. Confirmed symlinks: - `~/.gitconfig -> ~/dots/git/.gitconfig` - `~/.zshrc -> ~/dots/zsh/.zshrc` There is also a duplicate clone at `~/Documents/GitHub/dots`. Content matched during the audit, but the active machine points at `~/dots`. ## Homebrew Inventory This repo currently mirrors the top-level Homebrew inventory rather than every transitive dependency. ### Taps - `daytonaio/tap` - `getcompanion-ai/tap` - `hashicorp/tap` - `homebrew/services` - `humanlayer/humanlayer` - `jnsahaj/lumen` - `nicosuave/tap` - `nikitabobko/tap` - `opencode-ai/tap` - `pantsbuild/tap` - `pipedreamhq/pd-cli` - `steipete/tap` - `stripe/stripe-cli` - `supabase/tap` - `tallesborges/zdx` - `withgraphite/tap` ### Brew Leaves The current leaves were captured into [`modules/homebrew.nix`](../modules/homebrew.nix). A few noteworthy details: - `python@3.13` was installed but `link: false` in the generated Brewfile - `withgraphite/tap/graphite` was also `link: false` - Go tools and one cargo tool were present in the Brewfile but are not yet expressed in the Nix module - VS Code extension `anthropic.claude-code` was also present in the Brewfile and is not yet managed here ### Casks Current casks were also captured into [`modules/homebrew.nix`](../modules/homebrew.nix), including: - `aerospace` - `codex` - `companion` - `gcloud-cli` - `ghostty@tip` - `warp` - `virtualbox` ### Brew Services Installed but not currently running: - `cloudflared` - `postgresql@14` - `postgresql@16` - `postgresql@17` - `redis` - `tailscale` - `unbound` ## Apps Outside Current Brew Casks The following apps were present in `/Applications` but did not match the current cask inventory during a rough audit, so they should be reviewed separately: - `Amphetamine.app` - `Cap.app` - `ChatGPT.app` - `Claude.app` - `Cluely.app` - `Conductor.app` - `Dia.app` - `Docker.app` - `Granola.app` - `Helium.app` - `Karabiner-Elements.app` - `Karabiner-EventViewer.app` - `Klack.app` - `Numbers.app` - `PastePal.app` - `Raycast.app` - `Readout.app` - `Rectangle.app` - `Safari.app` - `Screen Studio.app` - `Signal.app` - `Tailscale.app` - `Telegram.app` - `Typora.app` - `Wispr Flow.app` - `Zen.app` - `kitty.app` - `logioptionsplus.app` Some of these may belong in: - Mac App Store - direct DMG installers - manual vendor installers - future Homebrew casks that were not part of the current audit ## Launch Agents Found These are current launch agents worth deciding on explicitly: - `com.nanoclaw.plist` - `com.thread-view.collector.plist` - `com.thread-view.ngrok.plist` - `pi.plist` - `homebrew.mxcl.postgresql@16.plist` - `org.virtualbox.vboxwebsrv.plist` - Google updater agents - iMazing mini agent These are not yet represented in Nix. ## Config Directories Found Notable user config roots under `~/.config`: - `agents` - `amp` - `gcloud` - `gh` - `gh-dash` - `ghostty` - `git` - `graphite` - `k9s` - `karabiner` - `kitty` - `nanoclaw` - `opencode` - `raycast` - `rpi` - `stripe` - `tmux` - `worktrunk` - `zed` Notable app state under `~/Library/Application Support`: - `Claude` - `Codex` - `Code` - `Cursor` - `Docker Desktop` - `Ghostty` - `Google` - `LogiOptionsPlus` - `OpenAI` - `Raycast` - `Screen Studio` - `Signal` - `Slack` - `Telegram Desktop` - `Warp` - `Zed` These paths are exactly why the first config keeps Homebrew and dotfile migration conservative. ## Codebase Summary Code roots found: - `~/Documents/GitHub` with `108` repos - `~/code/symphony-workspaces` - `~/dev/diffs.nvim` Repo manifest counts under `~/Documents/GitHub`: - `package.json`: `56` - `pnpm-workspace.yaml`: `7` - `turbo.json`: `5` - `pyproject.toml`: `6` - `requirements.txt`: `7` - `go.mod`: `3` - `Cargo.toml`: `4` - `flake.nix`: `4` - `Dockerfile`: `10` - `docker-compose.yml`: `7` Practical implication: - JavaScript/TypeScript is the dominant toolchain - Python is the second major toolchain - Go and Rust are both active enough to be first-class system runtimes - Docker and local infra tooling belong in the baseline machine config ## Migration Boundaries Safe to move into Nix now: - core CLI packages - current Homebrew taps, brews, and casks - dotfiles already living in `~/dots` - basic macOS defaults Should stay manual or secret-managed for now: - `~/.secrets` - `~/.npmrc` - `~/.yarnrc` - cloud credentials and tokens under `~/.config` - app-internal state in `~/Library/Application Support` - custom launch agents until they are rewritten declaratively Recommended next steps: 1. Switch this host once with cleanup disabled. 2. Translate `git`, `zsh`, and `ghostty` from raw symlinks into pure Home Manager modules. 3. Decide whether `~/dots` should remain the source of truth or be folded into this repo. 4. Capture secrets explicitly instead of relying on ad hoc local files. 5. Review the unmanaged `/Applications` set and choose Homebrew cask, App Store, or manual buckets for each.