splitting things out for vade

CLAUDE.md

@@ -0,0 +1,56 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## What This Is
+
+A flake-based NixOS configuration managing 6 hosts (all x86_64-linux). Pinned to nixpkgs `nixos-25.11`.
+
+## Common Commands
+
+- **Build/deploy locally**: `rebuild-nixos` (installed to `~/.local/bin` via `make`)
+  - This runs on the target machine: pulls from local git remote, then `doas nixos-rebuild switch --flake .`
+- **Build a specific host** (dry run): `nixos-rebuild build --flake .#<hostname>`
+- **Flash a remote machine**: `./script/flash.sh <config-name> <ssh-address>` (uses nixos-anywhere)
+- **Check if reboot needed**: `./script/check-restart.sh`
+- **Install the rebuild script**: `make`
+
+## Architecture
+
+### Flake Structure
+
+All hosts are generated via `lib.genAttrs` in `flake.nix`. Each host gets:
+- `disko` module (declarative disk management)
+- `nix-index-database` with comma
+- Host-specific config from `./hw/<hostname>/`
+- Shared base from `./configuration.nix`
+
+Custom packages `ke` and `kte` are flake inputs from `git.wntrmute.dev/kyle/`.
+
+### Host Layout
+
+Each host has a directory under `hw/<hostname>/` containing:
+- `default.nix` — imports hardware-config and (for desktops) desktop/qemu modules
+- `hardware-configuration.nix` — auto-generated hardware config
+- `disk-config.nix` — disko disk layout (where applicable)
+
+Desktop hosts (imladris, orion, vade, ono-sendai) import `configs/desktop.nix` and `configs/qemu.nix`.
+Server hosts (rift, sk) are minimal — hardware config + disk config only.
+
+### Shared Modules (`configs/`)
+
+- `pkgs.nix` — system-wide packages
+- `desktop.nix` — GDM + i3, PipeWire audio, Bluetooth, CUPS
+- `desktop-packages.nix` — GUI applications (imported by desktop.nix)
+- `git.nix` — git identity config
+- `qemu.nix` — QEMU/KVM virtualization
+
+### Key Design Decisions
+
+- **No home-manager** — all config is system-level NixOS modules
+- **No overlays** — packages are used directly; `allowUnfree = true`
+- **No secrets manager** — SSH keys via gpg-agent, `doas` (not sudo) for privilege escalation
+- **Podman** with Docker compatibility enabled on all hosts
+- **Tailscale** and **Syncthing** enabled on all hosts
+- **LUKS encryption** on some hosts (rift, ono-sendai)
+- `inputs` are passed to modules via `specialArgs`

README.org

@@ -16,6 +16,14 @@
    The primary things I want to use it for are writing, lisping, and working on
    uLisp or other portable computing projects.
 
+** ono-sendai
+
+   ono-sendai is a Nitropad X230.
+
+   + CPU: i3
+   + RAM: 8GB
+   + Storage:1T SSD
+
 ** orion
 
    orion is an Intel NUC desktop.
@@ -24,6 +32,31 @@
    + 16GB RAM
    + 1TB SSD
 
+** rift
+
+   rift is the homelab Intel NUC.
+
+   + CPU: i7
+   + RAM: 32GB RAM
+   + Storage: 512GB SSD
+
+** sk
+
+   sk is a VPS devserver.
+
+   + CPU: unk
+   + RAM: 1G
+   + Storage: 25G
+
+** vade
+
+   vade is a Framework 12 whose primary purpose is emacs/obsidian and
+   claude coding.
+
+   + CPU: i3-1315U
+   + RAM: 16G
+   + Storage: 512G SSD
+
 * Set up
 
 #+begin_example

configs/desktop-light.nix

@@ -0,0 +1,91 @@
+# Baseline configuration for lightweight desktop systems.
+# Full desktops should import desktop.nix instead, which builds on this.
+
+{ pkgs, ... }: {
+  imports = [
+    ./desktop-packages-light.nix
+    # ./ghostty.nix # doesn't work yet
+  ];
+
+  services.displayManager.gdm.enable = true;
+  services.displayManager.gdm.wayland = false;
+  services.displayManager.gdm.debug = true;
+  services.xserver.windowManager.i3.enable = true;
+  services.xserver.xkb = {
+      layout = "us";
+      options = "ctrl:swapcaps,compose:ralt";
+  };
+
+  services.displayManager.autoLogin.enable = false;
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  services.libinput = {
+    enable = true;
+    mouse.naturalScrolling = true;
+    touchpad.naturalScrolling = true;
+  };
+
+  console.useXkbConfig = true;
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable sound with pipewire.
+  services.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+
+
+  # Enable Bluetooth.
+  hardware.bluetooth = {
+    powerOnBoot = true;
+    settings = {
+      General = {
+        # Shows battery charge of connected devices on supported
+        # Bluetooth adapters. Defaults to 'false'.
+        Experimental = true;
+        # When enabled other devices can connect faster to us, however
+        # the tradeoff is increased power consumption. Defaults to
+        # 'false'.
+        FastConnectable = true;
+      };
+      Policy = {
+        # Enable all controllers when they are found. This includes
+        # adapters present on start as well as adapters that are plugged
+        # in later on. Defaults to 'true'.
+        AutoEnable = true;
+      };
+    };
+  };
+  services.blueman.enable = true;
+
+
+  services.udev.extraRules = ''
+ACTION=="add", SUBSYSTEM=="backlight", GROUP="video", MODE="0660"
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="3434", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
+'';
+
+  services.avahi = {
+    enable = true;
+    publish = {
+      enable = true;
+    };
+  };
+
+  systemd.services."systemd-suspend" = {
+    description = "System Suspend with pm-suspend";
+    serviceConfig = {
+      Type = "oneshot";
+      Environment = "PATH=${pkgs.pmutils}/bin";
+      ExecStart = [
+        ""
+        "${pkgs.pmutils}/bin/pm-suspend"
+      ];
+    };
+  };
+}

configs/desktop-packages-full.nix

@@ -1,79 +1,40 @@
-# Desktop-specific packages.
+# Additional packages for full desktop systems.
+# Imported on top of desktop-packages-light.nix.
 
 { pkgs, inputs, ... }:
 
 {
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
   environment.systemPackages = with pkgs; [
-    acpitool
     # adafruit-nrfutil
-    alire
     arduino
     arduino-cli
     arduino-ide
     arduino-mk
-    asciinema
-    bibclean
-    bitwarden-cli
-    bitwarden-desktop
-    bluez
     brave
-    cmus
-    direnv
-    dmenu
     elinks
-    erlang
-    emacs
-    feh
     ffmpeg
-    fira-code
-    firefox
     freeglut
-    ghostty
     glfw
     glm
-    gnat15
-    gnome-disk-utility
-    go-font
-    gnat15Packages.gpr2
-    gnat15Packages.gprbuild
-    graphviz
-    i3
-    i3lock
     inkscape
-    python312Packages.ipython
     kdePackages.ksshaskpass
     inputs.kte.packages.x86_64-linux.kge
-    inputs.kte.packages.x86_64-linux.qt
     lagrange
     libGL
     libGL.dev
     mesa
-    networkmanagerapplet
     nyxt
-    obsidian
-    pavucontrol
-    pmutils
     qmk
     qmk-udev-rules
     rbw
-    rebar3
-    rofi
-    scrot
     SDL2
     SDL2.dev
     signal-desktop
     stumpwm
-    syncthing
     veracrypt
     via
     vlc
-    xfce.thunar
-    xfce.thunar-volman
-    xfce.xfce4-power-manager
     xorg.libX11
-    xss-lock
 
     # jetbrains
     # jetbrains-toolbox

configs/desktop-packages-light.nix

@@ -0,0 +1,45 @@
+# Core desktop packages for lightweight desktop systems.
+
+{ pkgs, inputs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    acpitool
+    alire
+    asciinema
+    bibclean
+    bitwarden-cli
+    bitwarden-desktop
+    bluez
+    cmus
+    direnv
+    dmenu
+    emacs
+    erlang
+    feh
+    fira-code
+    firefox
+    ghostty
+    gnat15
+    gnat15Packages.gpr2
+    gnat15Packages.gprbuild
+    gnome-disk-utility
+    go-font
+    graphviz
+    i3
+    i3lock
+    python312Packages.ipython
+    networkmanagerapplet
+    obsidian
+    pavucontrol
+    pmutils
+    rebar3
+    rofi
+    scrot
+    syncthing
+    xfce.thunar
+    xfce.thunar-volman
+    xfce.xfce4-power-manager
+    xss-lock
+  ];
+}

configs/desktop.nix

@@ -1,91 +1,9 @@
-# Baseline configuration for all desktop-class systems (including
+# Full desktop configuration. Builds on desktop-light.nix with
-# laptops).
+# additional packages for development, multimedia, and embedded work.
 
 { pkgs, ... }: {
   imports = [
-    ./desktop-packages.nix
+    ./desktop-light.nix
-    # ./ghostty.nix # doesn't work yet
+    ./desktop-packages-full.nix
   ];
-
-  services.displayManager.gdm.enable = true;
-  services.displayManager.gdm.wayland = false;
-  services.displayManager.gdm.debug = true;
-  services.xserver.windowManager.i3.enable = true;
-  services.xserver.xkb = {
-      layout = "us";
-      options = "ctrl:swapcaps,compose:ralt";
-  };
-
-  services.displayManager.autoLogin.enable = false;
-
-  # Enable touchpad support (enabled default in most desktopManager).
-  services.libinput = {
-    enable = true;
-    mouse.naturalScrolling = true;
-    touchpad.naturalScrolling = true;
-  };
-
-  console.useXkbConfig = true;
-
-  # Enable CUPS to print documents.
-  services.printing.enable = true;
-
-  # Enable sound with pipewire.
-  services.pulseaudio.enable = false;
-  security.rtkit.enable = true;
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-  };
-
-
-  # Enable Bluetooth.
-  hardware.bluetooth = {
-    powerOnBoot = true;
-    settings = {
-      General = {
-        # Shows battery charge of connected devices on supported
-        # Bluetooth adapters. Defaults to 'false'.
-        Experimental = true;
-        # When enabled other devices can connect faster to us, however
-        # the tradeoff is increased power consumption. Defaults to
-        # 'false'.
-        FastConnectable = true;
-      };
-      Policy = {
-        # Enable all controllers when they are found. This includes
-        # adapters present on start as well as adapters that are plugged
-        # in later on. Defaults to 'true'.
-        AutoEnable = true;
-      };
-    };
-  };
-  services.blueman.enable = true;
-
-
-  services.udev.extraRules = ''
-ACTION=="add", SUBSYSTEM=="backlight", GROUP="video", MODE="0660"
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="3434", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
-'';
-
-  services.avahi = {
-    enable = true;
-    publish = {
-      enable = true;
-    };
-  };
-
-  systemd.services."systemd-suspend" = {
-    description = "System Suspend with pm-suspend";
-    serviceConfig = {
-      Type = "oneshot";
-      Environment = "PATH=${pkgs.pmutils}/bin";
-      ExecStart = [
-        ""
-        "${pkgs.pmutils}/bin/pm-suspend"
-      ];
-    };
-  };
 }

hw/vade/default.nix

@@ -3,7 +3,7 @@
 {
   imports = [
     ./hardware-configuration.nix
-    ../../configs/desktop.nix
+    ../../configs/desktop-light.nix
     ../../configs/qemu.nix
   ];
 }