Split local Codex config from dotfiles

2026-04-29 13:57:19 -07:00
parent a7769545f1
commit df0b7b6db4
5 changed files with 101 additions and 178 deletions
--- a/dotfiles/codex/.gitignore
+++ b/dotfiles/codex/.gitignore
@@ -3,3 +3,5 @@
 !AGENTS.md
 !config.toml
 !skills
 # Generated/local Codex state, including config.local.toml, stays ignored.
--- a/dotfiles/codex/config.toml
+++ b/dotfiles/codex/config.toml
@@ -2,147 +2,8 @@ model = "gpt-5.5"
 model_reasoning_effort = "high"
 personality = "pragmatic"
-
+# Portable Codex defaults. Machine-local additions are appended from
-notify = ["/Users/kat/dotfiles/dotfiles/codex/plugins/cache/openai-bundled/computer-use/1.0.755/Codex Computer Use.app/Contents/SharedSupport/SkyComputerUseClient.app/Contents/MacOS/SkyComputerUseClient", "turn-ended"]
+# dotfiles/codex/config.local.toml by Home Manager.
 [projects."/home/imalison/Projects/nixpkgs"]
 trust_level = "trusted"
 [projects."/home/imalison/dotfiles"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/railbird"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/subtr-actor"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/google-messages-api"]
 trust_level = "trusted"
 [projects."/home/imalison"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/scrobble-scrubber"]
 trust_level = "trusted"
 [projects."/home/imalison/temp"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/org-agenda-api"]
 trust_level = "untrusted"
 [projects."/home/imalison/org"]
 trust_level = "trusted"
 [projects."/home/imalison/dotfiles/.git/modules/dotfiles/config/taffybar"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/notifications-tray-icon"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/hyprland"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/git-sync-rs"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/keepbook"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/boxcars"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/rumno"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/git-blame-rank"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/hatchet"]
 trust_level = "trusted"
 [projects."/home/imalison/dotfiles/dotfiles/emacs.d/elpaca/sources/org-project-capture"]
 trust_level = "trusted"
 [projects."/home/imalison/dotfiles/dotfiles/config/taffybar/taffybar/packages"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/scrobble-tools"]
 trust_level = "trusted"
 [projects."/home/imalison/.password-store"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/subtr-actor-mechanics"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/lastfm-edit"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/mova"]
 trust_level = "trusted"
 [projects."/home/imalison/dotfiles/dotfiles/config/taffybar/taffybar"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/rofi-systemd"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/map-quiz"]
 trust_level = "trusted"
 [projects."/run/media/imalison/NETDEBUGUSB"]
 trust_level = "trusted"
 [projects."/home/imalison/Projects/coqui-tts-streamer"]
 trust_level = "trusted"
 [projects."/home/imalison/Downloads"]
 trust_level = "trusted"
 [projects."/home/imalison/keysmith_generated"]
 trust_level = "trusted"
 [projects."/run/media/imalison/NIXOS_SD"]
 trust_level = "trusted"
 [projects."/Users/kat/dotfiles"]
 trust_level = "trusted"
 [projects."/Users/kat"]
 trust_level = "trusted"
 [projects."/Users/kat/org"]
 trust_level = "trusted"
 [projects."/Users/kat/Documents/Codex/2026-04-25/do-you-see-the-sandisk-external"]
 trust_level = "trusted"
 [projects."/Volumes/Extreme SSD/Projects/keepbook"]
 trust_level = "trusted"
 [projects."/Users/kat/Documents/Codex/2026-04-25/it-seems-like-maybe-we-dont"]
 trust_level = "trusted"
 [projects."/Users/kat/Documents/Codex/2026-04-25/what-is-the-state-of-tiling"]
 trust_level = "trusted"
 [projects."/home/imalison/Pictures/ai/2026/celeb"]
 trust_level = "trusted"
 [projects."/home/imalison/.local/share/keepbook"]
 trust_level = "trusted"
 [notice]
 hide_gpt5_1_migration_prompt = true
 "hide_gpt-5.1-codex-max_migration_prompt" = true
 [notice.model_migrations]
 "gpt-5.2" = "gpt-5.2-codex"
 [mcp_servers.chrome-devtools]
 command = "npx"
@@ -160,16 +21,6 @@ unified_exec = true
 apps = true
 steer = true
 [marketplaces.openai-bundled]
 last_updated = "2026-04-21T17:43:57Z"
 source_type = "local"
 source = "/Users/kat/.codex/.tmp/bundled-marketplaces/openai-bundled"
 [marketplaces.openai-primary-runtime]
 last_updated = "2026-04-25T23:49:36Z"
 source_type = "local"
 source = "/Users/kat/.cache/codex-runtimes/codex-primary-runtime/plugins/openai-primary-runtime"
 [plugins."google-calendar@openai-curated"]
 enabled = true
@@ -196,6 +47,3 @@ enabled = true
 [plugins."browser-use@openai-bundled"]
 enabled = true
 [tui.model_availability_nux]
 "gpt-5.5" = 4
--- a/nix-darwin/home/common.nix
+++ b/nix-darwin/home/common.nix
@@ -69,6 +69,7 @@
  multiplexerAliases = import ../../shared/multiplexer-aliases.nix;
  excludedTopLevelEntries = [
    "codex"
    "config"
  ];
--- a/nix-shared/home-manager/codex-generated-skills.nix
+++ b/nix-shared/home-manager/codex-generated-skills.nix
@@ -5,9 +5,10 @@
  ...
 }: let
  cfg = config.myModules.codexGeneratedSkills;
  oos = config.lib.file.mkOutOfStoreSymlink;
 in {
  options.myModules.codexGeneratedSkills = {
-    enable = lib.mkEnableOption "generated Codex skill setup";
+    enable = lib.mkEnableOption "Codex home setup";
    codexHome = lib.mkOption {
      type = lib.types.str;
@@ -15,6 +16,12 @@ in {
      description = "Codex home directory.";
    };
    worktreeCodexDir = lib.mkOption {
      type = lib.types.str;
      default = "${config.home.homeDirectory}/dotfiles/dotfiles/codex";
      description = "Codex dotfiles directory in the live worktree.";
    };
    skillsDir = lib.mkOption {
      type = lib.types.str;
      default = "${cfg.codexHome}/skills";
@@ -29,6 +36,67 @@ in {
  };
  config = lib.mkIf cfg.enable {
    home.file = {
      ".codex/.gitignore" = {
        force = true;
        source = oos "${cfg.worktreeCodexDir}/.gitignore";
      };
      ".codex/AGENTS.md" = {
        force = true;
        source = oos "${cfg.worktreeCodexDir}/AGENTS.md";
      };
      ".codex/skills" = {
        force = true;
        source = oos "${cfg.worktreeCodexDir}/skills";
      };
    };
    home.activation.prepareCodexDirectory = lib.hm.dag.entryBefore ["checkLinkTargets"] ''
      codex_home=${lib.escapeShellArg cfg.codexHome}
      worktree_codex=${lib.escapeShellArg cfg.worktreeCodexDir}
      if [ -L "$codex_home" ] && [ "$(readlink "$codex_home")" = "$worktree_codex" ]; then
        rm -f "$codex_home"
        mkdir -p "$codex_home"
      elif [ ! -e "$codex_home" ]; then
        mkdir -p "$codex_home"
      elif [ ! -d "$codex_home" ]; then
        echo "Skipping Codex setup because $codex_home is not a directory" >&2
        exit 1
      fi
    '';
    home.activation.generateCodexConfig = lib.hm.dag.entryAfter ["writeBoundary"] ''
      codex_home=${lib.escapeShellArg cfg.codexHome}
      base=${lib.escapeShellArg "${cfg.worktreeCodexDir}/config.toml"}
      local_config=${lib.escapeShellArg "${cfg.worktreeCodexDir}/config.local.toml"}
      target="$codex_home/config.toml"
      if [ ! -r "$base" ]; then
        echo "Missing shared Codex config at $base" >&2
        exit 1
      fi
      mkdir -p "$codex_home"
      tmp="$(mktemp "$codex_home/config.toml.XXXXXX")"
      trap 'rm -f "$tmp"' EXIT
      chmod 600 "$tmp"
      cat "$base" > "$tmp"
      if [ -r "$local_config" ]; then
        printf '\n' >> "$tmp"
        cat "$local_config" >> "$tmp"
      fi
      if [ -e "$target" ] && cmp -s "$tmp" "$target"; then
        rm -f "$tmp"
      else
        mv -f "$tmp" "$target"
      fi
    '';
    home.activation.setupCodexGeneratedSkills = lib.hm.dag.entryAfter ["writeBoundary"] ''
      codex_home=${lib.escapeShellArg cfg.codexHome}
      skills_dir=${lib.escapeShellArg cfg.skillsDir}
--- a/nixos/dotfiles-links.nix
+++ b/nixos/dotfiles-links.nix
@@ -1,5 +1,8 @@
-{ config, lib, ... }:
+{
-let
+  config,
  lib,
  ...
 }: let
  # Replicate the useful part of rcm/rcup:
  # - dotfiles live in ~/dotfiles/dotfiles (no leading dots in the repo)
  # - links in $HOME add a leading '.' to the first path component
@@ -16,6 +19,9 @@ let
  srcDotfiles = ../dotfiles;
  excludedTop = [
    # Managed by nix-shared/home-manager/codex-generated-skills.nix so
    # config.toml can be generated from shared and machine-local fragments.
    "codex"
    # Managed by Nix directly (PATH/fpath), not meant to appear as ~/.lib.
    "lib"
    # Avoid colliding with HM-generated xdg.configFile entries for now.
@@ -24,25 +30,23 @@ let
    "emacs.d"
  ];
-  firstComponent = rel:
+  firstComponent = rel: let
-    let parts = lib.splitString "/" rel;
+    parts = lib.splitString "/" rel;
-    in lib.elemAt parts 0;
+  in
    lib.elemAt parts 0;
  isExcluded = rel: lib.elem (firstComponent rel) excludedTop;
-  listFilesRec = dir:
+  listFilesRec = dir: let
    let
    entries = builtins.readDir dir;
    names = builtins.attrNames entries;
-      go = name:
+    go = name: let
        let
      ty = entries.${name};
      path = dir + "/${name}";
    in
-          if ty == "directory" then
+      if ty == "directory"
-            map (p: "${name}/${p}") (listFilesRec path)
+      then map (p: "${name}/${p}") (listFilesRec path)
-          else
+      else [name];
            [ name ];
  in
    lib.concatLists (map go names);
@@ -53,9 +57,10 @@ let
    lib.nameValuePair ".${rel}" {
      source = oos "${worktreeDotfiles}/${rel}";
    };
-in
+in {
-{
+  imports = [
-  imports = [ ../nix-shared/home-manager/codex-generated-skills.nix ];
+    ../nix-shared/home-manager/codex-generated-skills.nix
  ];
  home.file =
    builtins.listToAttrs (map mkManaged managedRelFiles);
@@ -74,5 +79,4 @@ in
      echo "Skipping ~/.emacs.d relink because it is not a symlink" >&2
    fi
  '';
 }