colonelpanic/dotfiles
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

changes from mac-demarco-mini on Sat Apr 18 19:05:32 PDT 2026

Browse Source
This commit is contained in:
Kat Huang
2026-04-18 19:05:32 -07:00
parent 34ecc09def
commit 7daad01eb8
16 changed files with 605 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
dotfiles/codex/config.toml
View File

@@ -1,6 +1,8 @@
model = "gpt-5.4"
model_reasoning_effort = "high"
personality = "pragmatic"
notify = ["/Users/kat/.codex/plugins/cache/openai-bundled/computer-use/1.0.750/Codex Computer Use.app/Contents/SharedSupport/SkyComputerUseClient.app/Contents/MacOS/SkyComputerUseClient", "turn-ended"]
[projects."/home/imalison/Projects/nixpkgs"]
trust_level = "trusted"
@@ -102,6 +104,13 @@ trust_level = "trusted"
[projects."/home/imalison/keysmith_generated"]
trust_level = "trusted"
[projects."/Users/kat/dotfiles"]
trust_level = "trusted"
[projects."/Users/kat"]
trust_level = "trusted"
[notice]
hide_gpt5_1_migration_prompt = true
"hide_gpt-5.1-codex-max_migration_prompt" = true
@@ -117,6 +126,10 @@ args = ["-y", "chrome-devtools-mcp@latest", "--auto-connect"]
command = "npx"
args = ["-y", "@google-cloud/observability-mcp"]
[mcp_servers.gmail]
command = "nix"
args = ["run", "/home/imalison/Projects/gmail-mcp#gmail-mcp-server"]
[mcp_servers.openaiDeveloperDocs]
url = "https://developers.openai.com/mcp"
@@ -125,5 +138,22 @@ unified_exec = true
apps = true
steer = true
[marketplaces.openai-bundled]
last_updated = "2026-04-19T01:07:40Z"
source_type = "local"
source = "/Users/kat/.codex/.tmp/bundled-marketplaces/openai-bundled"
[plugins."google-calendar@openai-curated"]
enabled = true
[plugins."gmail@openai-curated"]
enabled = true
[plugins."google-drive@openai-curated"]
enabled = true
[plugins."computer-use@openai-bundled"]
enabled = true
[plugins."github@openai-curated"]
enabled = true

2
dotfiles/config/taffybar/taffybar

Submodule dotfiles/config/taffybar/taffybar updated: 3c70142178...220cb5a34d

2
dotfiles/config/xmonad/xmonad

Submodule dotfiles/config/xmonad/xmonad updated: bb33042d40...8113e0fe55

10
nix-darwin/.claude/settings.local.json Normal file
View File

@@ -0,0 +1,10 @@
{
"permissions": {
"allow": [
"Bash(sudo darwin-rebuild switch:*)",
"Bash(darwin-rebuild switch:*)"
],
"deny": [],
"ask": []
}
}

0
nix-darwin/aaa Normal file
View File

40
nix-darwin/create-user.sh Executable file
View File

@@ -0,0 +1,40 @@
#!/bin/bash
#!/bin/bash
# Exit on any error
set -e
# Define variables
USERNAME="gitearunner"
# Function to check if script is run as root
check_root() {
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root" 1>&2
exit 1
fi
}
# Function to create system user
create_system_user() {
# Generate a unique ID (you may need to adjust this logic)
UNIQUE_ID=$(dscl . -list /Users UniqueID | awk '{print $2}' | sort -n | tail -1)
UNIQUE_ID=$((UNIQUE_ID+1))
dscl . -create /Users/$USERNAME
dscl . -create /Users/$USERNAME RealName "Gitea Runner"
dscl . -create /Users/$USERNAME UniqueID $UNIQUE_ID
dscl . -create /Users/$USERNAME PrimaryGroupID 20 # 20 is the 'staff' group
dscl . -create /Users/$USERNAME NFSHomeDirectory /var/lib/gitea-runner/nix
dscl . -create /Users/$USERNAME IsHidden 1
/usr/bin/dscl . -create /Users/$USERNAME Password "*"
echo "System user $USERNAME created with UID $UNIQUE_ID."
}
# Main execution
check_root
create_system_user
echo "Setup complete. The $USERNAME system user has been created."

2
nix-darwin/flake.nix
View File

@@ -87,7 +87,7 @@
url = "https://dev.railbird.ai";
tokenFile = config.age.secrets.gitea-runner-token.path;
labels = [
"nix-darwin-${pkgs.system}:host"
"nix-darwin-${pkgs.stdenv.hostPlatform.system}:host"
"macos-aarch64-darwin"
"nix:host"
];

209
nix-darwin/flake.nix.save Normal file
View File

@@ -0,0 +1,209 @@
{
description = "Example Darwin system flake";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nix-darwin.url = "github:LnL7/nix-darwin";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
railbird-secrets = {
url = "git+ssh://gitea@dev.railbird.ai:1123/railbird/secrets-flake.git";
};
nix-homebrew.url = "github:zhaofengli-wip/nix-homebrew";
# Optional: Declarative tap management
homebrew-core = {
url = "github:homebrew/homebrew-core";
flake = false;
};
homebrew-cask = {
url = "github:homebrew/homebrew-cask";
flake = false;
};
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = inputs@{ self, nix-darwin, nixpkgs, home-manager, ... }:
let
libDir = ../dotfiles/lib;
configuration = { pkgs, config, ... }: {
networking.hostName = "mac-demarco-mini";
imports = [ (import ./gitea-actions-runner.nix) ];
services.gitea-actions-runner = {
user = "gitea-runner";
instances.nix = {
enable = true;
name = config.networking.hostName;
url = "https://dev.railbird.ai";
token = "H0A7YXAWsKSp9QzvMymfJI12hbxwR7UerEHpCJUe";
labels = [
"nix-darwin-${pkgs.system}:host"
"macos-aarch64-darwin"
"nix:host"
];
settings = {
cache = {
enabled = true;
};
host = {
workdir_parent = "/var/lib/gitea-runner/action-cache-dir";
};
};
hostPackages = with pkgs; [
bash
coreutils
curl
direnv
gawk
just
git-lfs
isort
gitFull
gnused
ncdu
nixFlakes
nodejs
openssh
wget
];
};
};
launchd.daemons.gitea-runner-nix.serviceConfig.EnvironmentVariables = {
XDG_CONFIG_HOME = "/var/lib/gitea-runner";
XDG_CACHE_HOME = "/var/lib/gitea-runner/.cache";
XDG_RUNTIME_DIR = "/var/lib/gitea-runner/tmp";
};
system.primaryUser = "kat";
# launchd.daemons.gitea-runner-restarter = {
# serviceConfig = {
# ProgramArguments = [
# "/usr/bin/env"
# "bash"
# "-c"
# ''
# SERVICE_NAME="org.nixos.gitea-runner-nix"
# while true; do
# # Check the second column of launchctl list output for our service
# EXIT_CODE=$(sudo launchctl list | grep "$SERVICE_NAME" | awk '{print $2}')
# if [ -z "$EXIT_CODE" ]; then
# echo "$(date): $SERVICE_NAME is running correctly. Terminating the restarter."
# exit 0
# else
# echo "$(date): $SERVICE_NAME is not running or in error state. Attempting to restart..."
# sudo launchctl bootout system/$SERVICE_NAME 2>/dev/null || true
# sudo launchctl load /Library/LaunchDaemons/$SERVICE_NAME.plist
# sleep 2 # Give the service some time to start
# fi
# done
# ''
# ];
# RunAtLoad = true;
# ThrottleInterval = 300;
# };
# };
launchd.daemons.does-anything-work = {
serviceConfig = {
ProgramArguments = ["/usr/bin/env" "bash" "-c" "date > /var/log/does-anything-work"];
RunAtLoad = true;
};
};
nixpkgs.overlays = [(import ../nixos/overlay.nix)];
environment.systemPackages = with pkgs; [
#python-with-my-packages
emacs
alejandra
cocoapods
gitFull
just
tmux
htop
nodePackages.prettier
nodejs
ripgrep
slack
typescript
vim
yarn
];
nixpkgs.config.allowUnfree = true;
# Auto upgrade nix package and the daemon service.
launchd.user.envVariables.PATH = config.environment.systemPath;
programs.direnv.enable = true;
# Necessary for using flakes on this system.
nix.settings.experimental-features = "nix-command flakes";
# Set Git commit hash for darwin-version.
system.configurationRevision = self.rev or self.dirtyRev or null;
# Used for backwards compatibility, please read the changelog before changing
system.stateVersion = 4;
# The platform the configuration will be used on.
nixpkgs.hostPlatform = "aarch64-darwin";
users.users.kat.openssh.authorizedKeys.keys = inputs.railbird-secrets.keys.kanivanKeys;
users.users.gitea-runner = {
name = "gitea-runner";
isHidden = false;
home = "/Users/gitea-runner";
createHome = false;
};
home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true;
users.users.kat = {
name = "kat";
home = "/Users/kat";
};
programs.zsh = {
enable = true;
shellInit = ''
fpath+="${libDir}/functions"
for file in "${libDir}/functions/"*
do
autoload "''${file##*/}"
done
'';
interactiveShellInit = ''
# eval "$(register-python-argcomplete prb)"
# eval "$(register-python-argcomplete prod-prb)"
# eval "$(register-python-argcomplete railbird)"
# [ -n "$EAT_SHELL_INTEGRATION_DIR" ] && source "$EAT_SHELL_INTEGRATION_DIR/zsh"
autoload -Uz bracketed-paste-magic
zle -N bracketed-paste bracketed-paste-magic
'';
};
home-manager.users.kat = {
programs.starship = {
enable = true;
};
programs.zsh.enable = true;
home.stateVersion = "24.05";
};
};
in
{
darwinConfigurations."mac-demarco-mini" = nix-darwin.lib.darwinSystem {
modules = [
home-manager.darwinModules.home-manager
configuration
];
};
# Expose the package set, including overlays, for convenience.
darwinPackages = self.darwinConfigurations."mac-demarco-mini".pkgs;
};
}

0
nix-darwin/gitea-log.log Normal file
View File

0
nix-darwin/gitea-log.stderr Normal file
View File

2
nix-darwin/home/kat.nix
View File

@@ -22,7 +22,7 @@
repositories = {
org = {
path = "/Users/kat/org";
uri = "ssh://gitea@1896Folsom.duckdns.org:1123/kkathuang/org.git";
uri = "git@github.com:colonelpanic8/org.git";
interval = 180;
};
password-store = {

1
nix-darwin/result Symbolic link
View File

@@ -0,0 +1 @@
/nix/store/n2y9x01zld5simp7y6vnblddq8bnykmm-darwin-system-26.05.06648f4

8
nix-darwin/switch-gitea-runner.sh Executable file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
mkdir -p /var/log/gitea-runner/
chown -R $1 /var/log/gitea-runner
chmod 755 /var/log/gitea-runner
mkdir -p /var/lib/gitea-runner/nix
chown -R $1 /var/lib/gitea-runner
chmod 755 /var/lib/gitea-runner

103
nixos/#users.nix# Normal file
View File

@@ -0,0 +1,103 @@
{ pkgs, keys, inputs, system, ... }:
let
extraGroups = [
"audio"
"adbusers"
"disk"
"docker"
"networkmanager"
"openrazer"
"plugdev"
"syncthing"
"systemd-journal"
"video"
];
extraGroupsWithWheel = extraGroups ++ ["wheel"];
userDefaults = {
group = "users";
isNormalUser = true;
createHome = true;
shell = pkgs.zsh;
};
in
{
security.sudo.wheelNeedsPassword = false;
users.users = with keys; {
syncthing = {
extraGroups = [ "syncthing" "wheel" ];
home = "/var/lib/syncthing";
createHome = true;
openssh.authorizedKeys.keys = [giteaSecret] ++ kanivanKeys;
};
ivanm = userDefaults // {
extraGroups = extraGroupsWithWheel;
name = "ivanm";
openssh.authorizedKeys.keys = kanivanKeys;
};
imalison = userDefaults // {
extraGroups = extraGroupsWithWheel;
name = "imalison";
openssh.authorizedKeys.keys = kanivanKeys;
};
kat = userDefaults // {
extraGroups = extraGroupsWithWheel;
name = "kat";
openssh.authorizedKeys.keys = kanivanKeys;
};
dean = userDefaults // {
extraGroups = extraGroupsWithWheel;
name = "dean";
openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys;
};
will = userDefaults // {
extraGroups = extraGroupsWithWheel;
name = "will";
openssh.authorizedKeys.keys = kanivanKeys ++ willKeys;
};
alex = userDefaults // {
extraGroups = extraGroupsWithWheel;
name = "alex";
openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys;
};
loewy = userDefaults // {
inherit extraGroups;
name = "loewy";
openssh.authorizedKeys.keys = kanivanKeys ++ loewyKeys;
};
mike = userDefaults // {
inherit extraGroups;
name = "mike";
openssh.authorizedKeys.keys = kanivanKeys ++ mikeKeys;
};
andy = userDefaults // {
inherit extraGroups;
name = "andy";
openssh.authorizedKeys.keys = kanivanKeys ++ andyKeys;
};
micah = userDefaults // {
inherit extraGroups;
name = "micah";
openssh.authorizedKeys.keys = kanivanKeys ++ micahKeys;
};
unprivileged = userDefaults // {
extraGroups = ["syncthing"];
name = "unprivileged";
openssh.authorizedKeys.keys = [giteaSecret] ++ kanivanKeys;
};
ben = userDefaults // {
inherit extraGroups;
name = "ben";
openssh.authorizedKeys.keys = benKeys ++ kanivanKeys;
};
railbird = userDefaults // {
inherit extraGroups;
name = "railbird";
openssh.authorizedKeys.keys = inputs.railbird-secrets.keys.railbirdDevKeys;
};
};
nix.sshServe = {
enable = true;
keys = keys.allKeys;
};
}

19
nixos/dotfiles-links.nix
View File

@@ -56,9 +56,18 @@ let
in
{
home.file =
(builtins.listToAttrs (map mkManaged managedRelFiles))
// {
# Keep ~/.emacs.d as a directory symlink (matches current setup).
".emacs.d".source = oos "${worktreeDotfiles}/emacs.d";
};
builtins.listToAttrs (map mkManaged managedRelFiles);
# Home Manager directory links for .emacs.d resolve through the store on this
# machine, which breaks Elpaca's writable state under ~/.emacs.d/elpaca.
# Manage placement here instead so ~/.emacs.d always points at the live
# worktree checkout.
home.activation.linkEmacsDotdir = lib.hm.dag.entryAfter ["writeBoundary"] ''
if [ -L "$HOME/.emacs.d" ] || [ ! -e "$HOME/.emacs.d" ]; then
rm -f "$HOME/.emacs.d"
ln -s "${worktreeDotfiles}/emacs.d" "$HOME/.emacs.d"
else
echo "Skipping ~/.emacs.d relink because it is not a symlink" >&2
fi
'';
}

186
nixos/overlay.nix.bak Normal file
View File

@@ -0,0 +1,186 @@
final: prev:
{
# nvidia-container-toolkit = prev.nvidia-container-toolkit.overrideAttrs(old: {
# postInstall = ''
# ${old.postInstall or ""}
# mv $tools/bin/nvidia-cdi-hook $tools/bin/.nvidia-cdi-hook-wrapped
# cat > $tools/bin/nvidia-cdi-hook <<EOF
# #!${final.bash}/bin/bash
# # Trap any errors, including crashes
# trap 'exit 0' ERR
# set +e
# $tools/bin/.nvidia-cdi-hook-wrapped "\$@" || true
# EOF
# chmod +x $tools/bin/nvidia-cdi-hook
# '';
# });
runc = final.stdenv.mkDerivation {
pname = "runc-with-logging";
version = builtins.getAttr "version" prev.runc or "unknown";
# No sources; we're only wrapping
src = null;
dontUnpack = true;
dontPatchShell = true;
dontBuild = true;
dontConfigure = true;
nativeBuildInputs = [final.installShellFiles];
buildInputs = [];
outputs = ["out" "man"];
installPhase = ''
mkdir -p "$out/bin"
cat > "$out/bin/runc" <<EOF
#!${final.stdenv.shell}
# If we're running as root, ensure the /var/log/debug/runc directory exists
# with the desired permissions.
if [ "\$(id -u)" -eq 0 ]; then
mkdir -p /var/log/debug/runc
chown root:users /var/log/debug/runc
chmod 2777 /var/log/debug/runc
fi
# Log this invocation to /var/log/debug/runc/invocations.log
echo "\$(date) - runc invoked with: \$@" >> /var/log/debug/runc/invocations.log
# Hand off control to the original runc from prev.runc.
${prev.runc}/bin/runc --debug "\$@" > \
>(tee -a /var/log/debug/runc/stdout.log) \
2> >(tee -a /var/log/debug/runc/stderr.log >&2)
EOF
chmod +x "$out/bin/runc"
installManPage ${prev.runc.man}/*/*.[1-9]
mkdir -p $man
touch $man/afile
'';
# Optionally inherit original metadata
meta = prev.runc.meta // {};
};
rofi-systemd = prev.rofi-systemd.overrideAttrs (_: {
src = prev.fetchFromGitHub {
repo = "rofi-systemd";
owner = "IvanMalison";
rev = "078bdb833a32cc84538d329085fbfe00c7d4d1b6";
sha256 = "sha256-ikwIc8vR2VV3bHXEtLrGgKklpz1NSRUJoJny0iRNViQ=";
};
});
wyoming-satellite = prev.wyoming-satellite.overridePythonAttrs (oldAttrs: {
src = prev.fetchFromGitHub {
owner = "colonelpanic8";
repo = "wyoming-satellite";
rev = "509628a9be2cf61116b6d0475e19c0b92a855e0b";
hash = "sha256-ewSxVv+8r2VGYNOoj8jiMogXtp1GPApcRc2BH3Q+8W8=";
};
build-system = with final.python3.pkgs; [ poetry-core setuptools ];
pythonImportsCheck = [
"wyoming_satellite"
];
propagatedBuildInputs = [];
});
git-sync = prev.git-sync.overrideAttrs (_: {
src = prev.fetchFromGitHub {
repo = "git-sync";
owner = "IvanMalison";
rev = "92544e76553c25da2d40d06a230ecd0a6e13c114";
sha256 = "sha256-hBtdvxAtFUMtLqGmy1wbDk796LQcYCth29fv8L0WQyQ=";
};
});
picom = prev.picom.overrideAttrs (old: {
src = prev.fetchFromGitHub {
repo = "picom";
owner = "dccsillag";
rev = "51b21355696add83f39ccdb8dd82ff5009ba0ae5";
sha256 = "sha256-crCwRJd859DCIC0pEerpDqdX2j8ZrNAzVaSSB3mTPN8==";
};
nativeBuildInputs = old.nativeBuildInputs ++ [final.pcre final.gnugrep.pcre2 final.asciidoc];
buildInputs = old.buildInputs ++ [final.pcre];
nativeInstallCheckInputs = [];
doCheck = false;
dontCheck = true;
});
expressvpn = prev.expressvpn.overrideAttrs (_: {
src = prev.fetchurl {
url = "https://www.expressvpn.works/clients/linux/expressvpn_3.46.0.7-1_amd64.deb";
hash = "sha256-v0rr1s32jj79A8IGfJgSGJVlz7rSnZYn4ealOpqee0w=";
};
});
gnupg_2_4_0 = prev.gnupg.overrideAttrs (_: rec {
pname = "gnupg";
# 2.4.1 breaks emacs
version = "2.4.0";
src = prev.fetchurl {
url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2";
hash = "sha256-HXkVjdAdmSQx3S4/rLif2slxJ/iXhOosthDGAPsMFIM=";
};
});
emacs = prev.emacs30.override {
withNativeCompilation = true;
withTreeSitter = true;
};
python-with-my-packages = let
my-python-packages = python-packages:
with python-packages; [
universal-silabs-flasher
argcomplete
appdirs
ipdb
ipython
numpy
openpyxl
pip
requests
tox
];
in
final.python311.withPackages my-python-packages;
claude-code = prev.claude-code.overrideAttrs (oldAttrs: rec {
version = "1.0.86";
src = prev.fetchzip {
url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${version}.tgz";
hash = "sha256-mVXS75KgeKgD7EI5t9X6+TkwjBFyBLOo4/m50sS9XdA=";
};
npmDepsHash = "";
});
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(
python-final: python-prev: {
pysilero-vad = python-prev.pysilero-vad.overridePythonAttrs (_: {
src = final.fetchFromGitHub {
owner = "colonelpanic8";
repo = "pysilero-vad";
rev = "846caf4aa6c5f5319b87d3127dfe0aa9e88b338e";
hash = "sha256-SjoyiHm2RiLDFbwduKsoPK4/AvQiwZ39ZsPj2etXRV0=";
};
});
home-assistant-chip-wheels = python-prev.home-assistant-chip-wheels.overrideAttrs
(oldAttrs: rec {
bypassAttestationVerificationPatch = final.fetchpatch {
url = "https://raw.githubusercontent.com/tronikos/chip-wheels/8a5ec21d114010723cf428ffe79e244da7562390/8766-Bypass-attestation-verification.patch";
sha256 = "sha256-RgmlPRSfw1PPMdHBzpoK2Drrb8nEagATY8Y5ngi7x0k=";
};
postPatch = ''
pushd connectedhomeip
patch -p1 < ${bypassAttestationVerificationPatch}
popd
'' + oldAttrs.postPatch;
});
}
)
];
}