diff --git a/dotfiles/claude/.gitignore b/dotfiles/claude/.gitignore new file mode 100644 index 00000000..a08d446f --- /dev/null +++ b/dotfiles/claude/.gitignore @@ -0,0 +1,6 @@ +* +!.gitignore +!CLAUDE.md +!settings.json +!settings.local.json +!settings.local.json.example diff --git a/dotfiles/codex/config.toml b/dotfiles/codex/config.toml index d8d959a0..0705d4c6 100644 --- a/dotfiles/codex/config.toml +++ b/dotfiles/codex/config.toml @@ -1,7 +1,9 @@ model = "gpt-5.5" model_reasoning_effort = "high" personality = "pragmatic" -notify = ["/Users/kat/.codex/plugins/cache/openai-bundled/computer-use/1.0.750/Codex Computer Use.app/Contents/SharedSupport/SkyComputerUseClient.app/Contents/MacOS/SkyComputerUseClient", "turn-ended"] + + +notify = ["/Users/kat/dotfiles/dotfiles/codex/plugins/cache/openai-bundled/computer-use/1.0.755/Codex Computer Use.app/Contents/SharedSupport/SkyComputerUseClient.app/Contents/MacOS/SkyComputerUseClient", "turn-ended"] [projects."/home/imalison/Projects/nixpkgs"] trust_level = "trusted" @@ -114,6 +116,12 @@ trust_level = "trusted" [projects."/Users/kat"] trust_level = "trusted" +[projects."/Users/kat/org"] +trust_level = "trusted" + +[projects."/Users/kat/Documents/Codex/2026-04-25/do-you-see-the-sandisk-external"] +trust_level = "trusted" + [notice] hide_gpt5_1_migration_prompt = true "hide_gpt-5.1-codex-max_migration_prompt" = true @@ -138,7 +146,7 @@ apps = true steer = true [marketplaces.openai-bundled] -last_updated = "2026-04-19T01:07:40Z" +last_updated = "2026-04-21T17:43:57Z" source_type = "local" source = "/Users/kat/.codex/.tmp/bundled-marketplaces/openai-bundled" @@ -151,10 +159,10 @@ enabled = true [plugins."google-drive@openai-curated"] enabled = true -[plugins."computer-use@openai-bundled"] +[plugins."github@openai-curated"] enabled = true -[plugins."github@openai-curated"] +[plugins."computer-use@openai-bundled"] enabled = true [tui.model_availability_nux] diff --git a/dotfiles/gitconfig b/dotfiles/gitconfig index 1e980486..e96102f7 100644 --- a/dotfiles/gitconfig +++ b/dotfiles/gitconfig @@ -102,10 +102,10 @@ required = true [credential "https://github.com"] helper = - helper = !/etc/profiles/per-user/imalison/bin/gh auth git-credential + helper = !/run/current-system/sw/bin/gh auth git-credential [credential "https://gist.github.com"] helper = - helper = !/etc/profiles/per-user/imalison/bin/gh auth git-credential + helper = !/run/current-system/sw/bin/gh auth git-credential [includeIf "gitdir:~/Projects/org-agenda-api/"] path = ~/.gitconfig.org-agenda-api [includeIf "gitdir:~/Projects/dotfiles/org-agenda-api/"] diff --git a/nix-darwin/flake.lock b/nix-darwin/flake.lock index 5990f462..da5c382f 100644 --- a/nix-darwin/flake.lock +++ b/nix-darwin/flake.lock @@ -31,7 +31,7 @@ "railbird-secrets", "nixpkgs" ], - "systems": "systems_5" + "systems": "systems_6" }, "locked": { "lastModified": 1770165109, @@ -72,11 +72,11 @@ ] }, "locked": { - "lastModified": 1776370363, - "narHash": "sha256-Ul2mJIH6irPdJLiVFDUcSbc7rv7ULWutGjIv7IHOvyI=", + "lastModified": 1777126457, + "narHash": "sha256-jE5KMGZc9p2H86gCi38o2H3loV/OwICJVa8YbDmpDyg=", "owner": "sadjow", "repo": "claude-code-nix", - "rev": "9e198808ce7466eceb5bbd341936d6c410f9c664", + "rev": "002de6e1b2d10f4646c68af360d9dc92b89a6be9", "type": "github" }, "original": { @@ -93,11 +93,11 @@ ] }, "locked": { - "lastModified": 1776288174, - "narHash": "sha256-kCvsC6JxJtcpLLPrrjptgmBlV7Zmz0NWdLfoP15+jOc=", + "lastModified": 1777054843, + "narHash": "sha256-aiuiKK6xJu5inj/RTmSl9S3jDC6RzNsKfNJ700MRPNY=", "owner": "sadjow", "repo": "codex-cli-nix", - "rev": "7c050fa951b5ca20a4754b42ec5242231edda35f", + "rev": "fc382bef14dcb9873769bdcb4d3b943ef2606489", "type": "github" }, "original": { @@ -252,7 +252,25 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_6" + "systems": "systems_5" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "inputs": { + "systems": "systems_7" }, "locked": { "lastModified": 1709126324, @@ -292,6 +310,28 @@ "type": "github" } }, + "git-sync-rs": { + "inputs": { + "flake-utils": "flake-utils_4", + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1777159280, + "narHash": "sha256-Ee14+tYJi5uKL912+99acc/ouWVhpHzrOjZuBQOGTmY=", + "owner": "colonelpanic8", + "repo": "git-sync-rs", + "rev": "45ffa4301f740fa0193ecd5bc493ef1ffb4feb05", + "type": "github" + }, + "original": { + "owner": "colonelpanic8", + "repo": "git-sync-rs", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -320,11 +360,11 @@ ] }, "locked": { - "lastModified": 1776454077, - "narHash": "sha256-7zSUFWsU0+jlD7WB3YAxQ84Z/iJurA5hKPm8EfEyGJk=", + "lastModified": 1777151655, + "narHash": "sha256-Th3a5OZyEy4kCoyLfefnt+2dwRIrFQqYgMsayF9qzFw=", "owner": "nix-community", "repo": "home-manager", - "rev": "565e5349208fe7d0831ef959103c9bafbeac0681", + "rev": "6f59831b23d03bbf4fbd13ad167ae25da294cc14", "type": "github" }, "original": { @@ -358,11 +398,11 @@ "homebrew-cask": { "flake": false, "locked": { - "lastModified": 1776455667, - "narHash": "sha256-OKDV1G6pwELUesgrywURqPIROI6F1lm0mWCVY2ytd9Q=", + "lastModified": 1777159046, + "narHash": "sha256-/3NNjeudK+0vc4ZyCIyIf80gbhDyXWjJzLUuMaPilMI=", "owner": "homebrew", "repo": "homebrew-cask", - "rev": "4bcd1598f14109e9edd27f4dc9d81fde8caa7174", + "rev": "191adc33f03f399c8d97c438c8a1a9acea173f0b", "type": "github" }, "original": { @@ -374,11 +414,11 @@ "homebrew-core": { "flake": false, "locked": { - "lastModified": 1776452660, - "narHash": "sha256-4my3q2B6l0/m6UlyrKHGpdtZi+2FO7gVbDzUPQVbtGg=", + "lastModified": 1777157463, + "narHash": "sha256-SM5CtkgezWUgd2zmIQVBcRtWpSE3VVgj5dP6nnQ5sBo=", "owner": "homebrew", "repo": "homebrew-core", - "rev": "8f3e1320b037c2d774334de9d9afe75e043916b5", + "rev": "8a0c7637b90ce943cd9f4520c8a1d13df81ee276", "type": "github" }, "original": { @@ -398,11 +438,11 @@ ] }, "locked": { - "lastModified": 1776369368, - "narHash": "sha256-5jnqHK2pOCr6Tp8FSyDIizWhiwdfhjQwwYjiKCzfdI0=", + "lastModified": 1777109987, + "narHash": "sha256-8obD0vLqaPIhu5q6guZ3XN70+9OGzA2GWKQC4/PNcVo=", "owner": "colonelpanic8", "repo": "keepbook", - "rev": "4c573ac7343b588d0fff8e3cf83c100fbf272544", + "rev": "a130c6592f215e8e5727e9fd6eafd234f09f9341", "type": "github" }, "original": { @@ -451,11 +491,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1776255774, - "narHash": "sha256-psVTpH6PK3q1htMJpmdz1hLF5pQgEshu7gQWgKO6t6Y=", + "lastModified": 1744536153, + "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "566acc07c54dc807f91625bb286cb9b321b5f42a", + "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11", "type": "github" }, "original": { @@ -466,6 +506,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1776949667, + "narHash": "sha256-GMSVw35Q+294GlrTUKlx087E31z7KurReQ1YHSKp5iw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "01fbdeef22b76df85ea168fbfe1bfd9e63681b30", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1774709303, "narHash": "sha256-D3Q07BbIA2KnTcSXIqqu9P586uWxN74zNoCH3h2ESHg=", @@ -484,8 +540,8 @@ "railbird-secrets": { "inputs": { "agenix": "agenix_2", - "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_2" + "flake-utils": "flake-utils_5", + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1775003480, @@ -508,13 +564,14 @@ "codex-cli-nix": "codex-cli-nix", "flake-utils": "flake-utils_3", "git-blame-rank": "git-blame-rank", + "git-sync-rs": "git-sync-rs", "home-manager": "home-manager_2", "homebrew-cask": "homebrew-cask", "homebrew-core": "homebrew-core", "keepbook": "keepbook", "nix-darwin": "nix-darwin", "nix-homebrew": "nix-homebrew", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "railbird-secrets": "railbird-secrets" } }, @@ -552,6 +609,24 @@ "type": "github" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1755311859, + "narHash": "sha256-NspGtm0ZpihxlFD628pvh5ZEhL/Q6/Z9XBpe3n6ZtEw=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "07619500e5937cc4669f24fec355d18a8fec0165", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -641,6 +716,21 @@ "repo": "default", "type": "github" } + }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/nix-darwin/flake.nix b/nix-darwin/flake.nix index 3ce5e751..1de8ddce 100644 --- a/nix-darwin/flake.nix +++ b/nix-darwin/flake.nix @@ -27,6 +27,11 @@ home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; + git-sync-rs = { + url = "github:colonelpanic8/git-sync-rs"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + codex-cli-nix = { # Default branch is `main` on GitHub (not `master`). url = "github:sadjow/codex-cli-nix/main"; @@ -54,6 +59,7 @@ outputs = inputs @ { self, agenix, + git-sync-rs, nix-darwin, nixpkgs, home-manager, @@ -179,9 +185,15 @@ (final: prev: { codex = inputs.codex-cli-nix.packages.${prev.stdenv.hostPlatform.system}.default; claude-code = inputs.claude-code-nix.packages.${prev.stdenv.hostPlatform.system}.default; + git-sync-rs = git-sync-rs.packages.${prev.stdenv.hostPlatform.system}.default; }) ]; - environment.systemPackages = essentialPkgs ++ [pkgs.spotify]; + environment.systemPackages = + essentialPkgs + ++ [ + pkgs.gnupg + pkgs.spotify + ]; nixpkgs.config.allowUnfree = true; @@ -196,6 +208,7 @@ casks = [ "codex-app" "ghostty" + "raycast" ]; masApps = { Xcode = 497799835; diff --git a/nix-darwin/home/common.nix b/nix-darwin/home/common.nix index 37f2c848..918c19c5 100644 --- a/nix-darwin/home/common.nix +++ b/nix-darwin/home/common.nix @@ -11,6 +11,16 @@ replaceRuntimeDir = builtins.replaceStrings ["$XDG_RUNTIME_DIR"] ["\${XDG_RUNTIME_DIR}"]; gpgKeyPath = replaceRuntimeDir config.age.secrets.gpg-keys.path; gpgPassphrasePath = replaceRuntimeDir config.age.secrets.gpg-passphrase.path; + raycastPath = lib.concatStringsSep ":" [ + "${config.home.homeDirectory}/.nix-profile/bin" + "/run/current-system/sw/bin" + "/opt/homebrew/bin" + "/usr/local/bin" + "/usr/bin" + "/bin" + "/usr/sbin" + "/sbin" + ]; importGpgKeyScript = pkgs.writeShellScript "import-gpg-key" '' set -eu @@ -57,13 +67,7 @@ ''; excludedTopLevelEntries = [ - "agents" - "claude" - "codex" "config" - "emacs.d" - "zshenv" - "zshrc" ]; excludedConfigEntries = [ @@ -86,31 +90,52 @@ }; }) (lib.subtractLists excludedConfigEntries (builtins.attrNames (builtins.readDir "${dotfilesDir}/config")))); in { - programs.home-manager.enable = true; - imports = [ inputs.agenix.homeManagerModules.default ../../home-manager/codex-generated-skills.nix ]; + programs.home-manager.enable = true; + age.identityPaths = ["${config.home.homeDirectory}/.ssh/id_ed25519"]; age.secrets.gpg-keys.file = ../../nixos/secrets/gpg-keys.age; age.secrets.gpg-passphrase.file = ../../nixos/secrets/gpg-passphrase.age; + home.file = dotfilesLinks; myModules.codexGeneratedSkills.enable = true; - home.activation.linkEmacsDotdir = lib.hm.dag.entryAfter ["writeBoundary"] '' - live_emacs_dir="$HOME/dotfiles/dotfiles/emacs.d" - target_emacs_dir="${dotfilesDir}/emacs.d" - if [ -d "$live_emacs_dir" ]; then - target_emacs_dir="$live_emacs_dir" - fi - if [ -L "$HOME/.emacs.d" ] || [ ! -e "$HOME/.emacs.d" ]; then - rm -f "$HOME/.emacs.d" - ln -s "$target_emacs_dir" "$HOME/.emacs.d" - else - echo "Skipping ~/.emacs.d relink because it is not a symlink" >&2 + home.packages = [ + pkgs.gnupg + (pkgs.pass.withExtensions (ext: [ext.pass-otp])) + ]; + + home.activation.repairGpgHomeAndImportKey = lib.hm.dag.entryAfter ["writeBoundary"] '' + gnupg_dir="$HOME/.gnupg" + password_store_gpg_id="$HOME/.password-store/.gpg-id" + + /bin/mkdir -p "$gnupg_dir" + /bin/chmod 700 "$gnupg_dir" + + if [ -r "$password_store_gpg_id" ]; then + needs_import=0 + + while IFS= read -r recipient; do + case "$recipient" in + ""|\#*) + continue + ;; + esac + + if ! ${pkgs.gnupg}/bin/gpg --batch --list-secret-keys --with-colons "$recipient" 2>/dev/null | /usr/bin/grep -q '^sec:'; then + needs_import=1 + break + fi + done < "$password_store_gpg_id" + + if [ "$needs_import" -eq 1 ]; then + ${importGpgKeyScript} + fi fi ''; @@ -148,6 +173,7 @@ in { defaultCacheTtl = 8 * 60 * 60; maxCacheTtl = 8 * 60 * 60; enableSshSupport = true; + pinentry.package = lib.mkIf pkgs.stdenv.isDarwin pkgs.pinentry_mac; extraConfig = '' allow-emacs-pinentry allow-loopback-pinentry @@ -169,6 +195,25 @@ in { }; }; + launchd.agents.raycast = lib.mkIf pkgs.stdenv.isDarwin { + enable = true; + config = { + EnvironmentVariables = { + PATH = raycastPath; + }; + ProgramArguments = [ + "/usr/bin/open" + "-a" + "Raycast" + ]; + KeepAlive = false; + ProcessType = "Interactive"; + RunAtLoad = true; + StandardOutPath = "${config.home.homeDirectory}/Library/Logs/raycast-launchd.log"; + StandardErrorPath = "${config.home.homeDirectory}/Library/Logs/raycast-launchd.err.log"; + }; + }; + programs.starship = { enable = true; };