diff --git a/dotfiles/codex/.gitignore b/dotfiles/codex/.gitignore index 88eda80a..dcb67b74 100644 --- a/dotfiles/codex/.gitignore +++ b/dotfiles/codex/.gitignore @@ -3,3 +3,5 @@ !AGENTS.md !config.toml !skills + +# Generated/local Codex state, including config.local.toml, stays ignored. diff --git a/dotfiles/codex/config.toml b/dotfiles/codex/config.toml index 02de54b2..59414797 100644 --- a/dotfiles/codex/config.toml +++ b/dotfiles/codex/config.toml @@ -2,147 +2,8 @@ model = "gpt-5.5" model_reasoning_effort = "high" personality = "pragmatic" - -notify = ["/Users/kat/dotfiles/dotfiles/codex/plugins/cache/openai-bundled/computer-use/1.0.755/Codex Computer Use.app/Contents/SharedSupport/SkyComputerUseClient.app/Contents/MacOS/SkyComputerUseClient", "turn-ended"] - -[projects."/home/imalison/Projects/nixpkgs"] -trust_level = "trusted" - -[projects."/home/imalison/dotfiles"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/railbird"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/subtr-actor"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/google-messages-api"] -trust_level = "trusted" - -[projects."/home/imalison"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/scrobble-scrubber"] -trust_level = "trusted" - -[projects."/home/imalison/temp"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/org-agenda-api"] -trust_level = "untrusted" - -[projects."/home/imalison/org"] -trust_level = "trusted" - -[projects."/home/imalison/dotfiles/.git/modules/dotfiles/config/taffybar"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/notifications-tray-icon"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/hyprland"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/git-sync-rs"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/keepbook"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/boxcars"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/rumno"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/git-blame-rank"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/hatchet"] -trust_level = "trusted" - -[projects."/home/imalison/dotfiles/dotfiles/emacs.d/elpaca/sources/org-project-capture"] -trust_level = "trusted" - -[projects."/home/imalison/dotfiles/dotfiles/config/taffybar/taffybar/packages"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/scrobble-tools"] -trust_level = "trusted" - -[projects."/home/imalison/.password-store"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/subtr-actor-mechanics"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/lastfm-edit"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/mova"] -trust_level = "trusted" - -[projects."/home/imalison/dotfiles/dotfiles/config/taffybar/taffybar"] -trust_level = "trusted" - -[projects."/home/imalison/Projects"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/rofi-systemd"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/map-quiz"] -trust_level = "trusted" - -[projects."/run/media/imalison/NETDEBUGUSB"] -trust_level = "trusted" - -[projects."/home/imalison/Projects/coqui-tts-streamer"] -trust_level = "trusted" - -[projects."/home/imalison/Downloads"] -trust_level = "trusted" - -[projects."/home/imalison/keysmith_generated"] -trust_level = "trusted" - -[projects."/run/media/imalison/NIXOS_SD"] -trust_level = "trusted" - -[projects."/Users/kat/dotfiles"] -trust_level = "trusted" - -[projects."/Users/kat"] -trust_level = "trusted" - -[projects."/Users/kat/org"] -trust_level = "trusted" - -[projects."/Users/kat/Documents/Codex/2026-04-25/do-you-see-the-sandisk-external"] -trust_level = "trusted" - -[projects."/Volumes/Extreme SSD/Projects/keepbook"] -trust_level = "trusted" - -[projects."/Users/kat/Documents/Codex/2026-04-25/it-seems-like-maybe-we-dont"] -trust_level = "trusted" - -[projects."/Users/kat/Documents/Codex/2026-04-25/what-is-the-state-of-tiling"] -trust_level = "trusted" - -[projects."/home/imalison/Pictures/ai/2026/celeb"] -trust_level = "trusted" - -[projects."/home/imalison/.local/share/keepbook"] -trust_level = "trusted" - -[notice] -hide_gpt5_1_migration_prompt = true -"hide_gpt-5.1-codex-max_migration_prompt" = true - -[notice.model_migrations] -"gpt-5.2" = "gpt-5.2-codex" +# Portable Codex defaults. Machine-local additions are appended from +# dotfiles/codex/config.local.toml by Home Manager. [mcp_servers.chrome-devtools] command = "npx" @@ -160,16 +21,6 @@ unified_exec = true apps = true steer = true -[marketplaces.openai-bundled] -last_updated = "2026-04-21T17:43:57Z" -source_type = "local" -source = "/Users/kat/.codex/.tmp/bundled-marketplaces/openai-bundled" - -[marketplaces.openai-primary-runtime] -last_updated = "2026-04-25T23:49:36Z" -source_type = "local" -source = "/Users/kat/.cache/codex-runtimes/codex-primary-runtime/plugins/openai-primary-runtime" - [plugins."google-calendar@openai-curated"] enabled = true @@ -196,6 +47,3 @@ enabled = true [plugins."browser-use@openai-bundled"] enabled = true - -[tui.model_availability_nux] -"gpt-5.5" = 4 diff --git a/nix-darwin/home/common.nix b/nix-darwin/home/common.nix index da39b679..73c346e4 100644 --- a/nix-darwin/home/common.nix +++ b/nix-darwin/home/common.nix @@ -69,6 +69,7 @@ multiplexerAliases = import ../../shared/multiplexer-aliases.nix; excludedTopLevelEntries = [ + "codex" "config" ]; diff --git a/nix-shared/home-manager/codex-generated-skills.nix b/nix-shared/home-manager/codex-generated-skills.nix index d6a3d445..9e8f7001 100644 --- a/nix-shared/home-manager/codex-generated-skills.nix +++ b/nix-shared/home-manager/codex-generated-skills.nix @@ -5,9 +5,10 @@ ... }: let cfg = config.myModules.codexGeneratedSkills; + oos = config.lib.file.mkOutOfStoreSymlink; in { options.myModules.codexGeneratedSkills = { - enable = lib.mkEnableOption "generated Codex skill setup"; + enable = lib.mkEnableOption "Codex home setup"; codexHome = lib.mkOption { type = lib.types.str; @@ -15,6 +16,12 @@ in { description = "Codex home directory."; }; + worktreeCodexDir = lib.mkOption { + type = lib.types.str; + default = "${config.home.homeDirectory}/dotfiles/dotfiles/codex"; + description = "Codex dotfiles directory in the live worktree."; + }; + skillsDir = lib.mkOption { type = lib.types.str; default = "${cfg.codexHome}/skills"; @@ -29,6 +36,67 @@ in { }; config = lib.mkIf cfg.enable { + home.file = { + ".codex/.gitignore" = { + force = true; + source = oos "${cfg.worktreeCodexDir}/.gitignore"; + }; + + ".codex/AGENTS.md" = { + force = true; + source = oos "${cfg.worktreeCodexDir}/AGENTS.md"; + }; + + ".codex/skills" = { + force = true; + source = oos "${cfg.worktreeCodexDir}/skills"; + }; + }; + + home.activation.prepareCodexDirectory = lib.hm.dag.entryBefore ["checkLinkTargets"] '' + codex_home=${lib.escapeShellArg cfg.codexHome} + worktree_codex=${lib.escapeShellArg cfg.worktreeCodexDir} + + if [ -L "$codex_home" ] && [ "$(readlink "$codex_home")" = "$worktree_codex" ]; then + rm -f "$codex_home" + mkdir -p "$codex_home" + elif [ ! -e "$codex_home" ]; then + mkdir -p "$codex_home" + elif [ ! -d "$codex_home" ]; then + echo "Skipping Codex setup because $codex_home is not a directory" >&2 + exit 1 + fi + ''; + + home.activation.generateCodexConfig = lib.hm.dag.entryAfter ["writeBoundary"] '' + codex_home=${lib.escapeShellArg cfg.codexHome} + base=${lib.escapeShellArg "${cfg.worktreeCodexDir}/config.toml"} + local_config=${lib.escapeShellArg "${cfg.worktreeCodexDir}/config.local.toml"} + target="$codex_home/config.toml" + + if [ ! -r "$base" ]; then + echo "Missing shared Codex config at $base" >&2 + exit 1 + fi + + mkdir -p "$codex_home" + tmp="$(mktemp "$codex_home/config.toml.XXXXXX")" + trap 'rm -f "$tmp"' EXIT + chmod 600 "$tmp" + + cat "$base" > "$tmp" + if [ -r "$local_config" ]; then + printf '\n' >> "$tmp" + cat "$local_config" >> "$tmp" + fi + + if [ -e "$target" ] && cmp -s "$tmp" "$target"; then + rm -f "$tmp" + else + mv -f "$tmp" "$target" + fi + ''; + home.activation.setupCodexGeneratedSkills = lib.hm.dag.entryAfter ["writeBoundary"] '' codex_home=${lib.escapeShellArg cfg.codexHome} skills_dir=${lib.escapeShellArg cfg.skillsDir} diff --git a/nixos/dotfiles-links.nix b/nixos/dotfiles-links.nix index 82b08b98..4d58d78c 100644 --- a/nixos/dotfiles-links.nix +++ b/nixos/dotfiles-links.nix @@ -1,5 +1,8 @@ -{ config, lib, ... }: -let +{ + config, + lib, + ... +}: let # Replicate the useful part of rcm/rcup: # - dotfiles live in ~/dotfiles/dotfiles (no leading dots in the repo) # - links in $HOME add a leading '.' to the first path component @@ -16,6 +19,9 @@ let srcDotfiles = ../dotfiles; excludedTop = [ + # Managed by nix-shared/home-manager/codex-generated-skills.nix so + # config.toml can be generated from shared and machine-local fragments. + "codex" # Managed by Nix directly (PATH/fpath), not meant to appear as ~/.lib. "lib" # Avoid colliding with HM-generated xdg.configFile entries for now. @@ -24,27 +30,25 @@ let "emacs.d" ]; - firstComponent = rel: - let parts = lib.splitString "/" rel; - in lib.elemAt parts 0; + firstComponent = rel: let + parts = lib.splitString "/" rel; + in + lib.elemAt parts 0; isExcluded = rel: lib.elem (firstComponent rel) excludedTop; - listFilesRec = dir: - let - entries = builtins.readDir dir; - names = builtins.attrNames entries; - go = name: - let - ty = entries.${name}; - path = dir + "/${name}"; - in - if ty == "directory" then - map (p: "${name}/${p}") (listFilesRec path) - else - [ name ]; + listFilesRec = dir: let + entries = builtins.readDir dir; + names = builtins.attrNames entries; + go = name: let + ty = entries.${name}; + path = dir + "/${name}"; in - lib.concatLists (map go names); + if ty == "directory" + then map (p: "${name}/${p}") (listFilesRec path) + else [name]; + in + lib.concatLists (map go names); managedRelFiles = lib.filter (rel: !(isExcluded rel)) (listFilesRec srcDotfiles); @@ -53,9 +57,10 @@ let lib.nameValuePair ".${rel}" { source = oos "${worktreeDotfiles}/${rel}"; }; -in -{ - imports = [ ../nix-shared/home-manager/codex-generated-skills.nix ]; +in { + imports = [ + ../nix-shared/home-manager/codex-generated-skills.nix + ]; home.file = builtins.listToAttrs (map mkManaged managedRelFiles); @@ -74,5 +79,4 @@ in echo "Skipping ~/.emacs.d relink because it is not a symlink" >&2 fi ''; - }