feat: add flake-based NixOS and Home Manager config

Co-authored-by: aider (openrouter/openai/gpt-5.2) <aider@aider.chat>
2026-02-08 13:53:41 +11:00
parent 9744d08bb5
commit 45f457156a
8 changed files with 481 additions and 0 deletions
--- a/docs/software_inventory.md
+++ b/docs/software_inventory.md
@@ -0,0 +1,181 @@
+# Software Inventory (Source of Truth)
+
+This document is the canonical software list for the NixOS migration.
+It consolidates prior notes and recon logs into a deduplicated plan.
+
+Legend:
+- **NOW (Base boot / day-1)** = required for first successful NixOS boot and daily workflow basics
+- **SOON** = useful early, but not required to boot and log in
+- **LATER** = intentionally deferred until after a stable base system
+- **DEFER (Docker later)** = explicitly not installed on base system (will be deployed as containers later)
+
+---
+
+## 1) NOW (Base boot / day-1)
+
+### Desktop / session (Wayland)
+- **niri** (primary compositor)
+- **greetd + tuigreet** (display/login manager)
+- **xwayland** (X11 compatibility where needed)
+- **xdg-desktop-portal** + **xdg-desktop-portal-gtk** (portals for file pickers / screen share baseline)
+- Clipboard:
+  - **wl-clipboard**
+- Screenshots (Wayland):
+  - **grim**
+  - **slurp**
+
+### Core system services
+- **NetworkManager**
+  - Static IPv4 for wired: `enp0s31f6 = 192.168.20.27/24`
+  - Gateway: `192.168.20.1`
+  - DNS: `192.168.20.35`, `192.168.20.13`
+- **OpenSSH server** (sshd)
+- **PipeWire audio** (Pulse + ALSA) + **WirePlumber**
+- **Firewall** (NixOS default; open SSH port only)
+
+### Terminal / shell
+- **kitty**
+- **zsh**
+  - **oh-my-zsh**
+  - **powerlevel10k**
+  - Integrations enabled:
+    - **atuin**
+    - **fzf**
+    - **zoxide**
+
+### Core CLI tools (daily essentials)
+- **git**
+- **neovim**
+- Search/file tools:
+  - **ripgrep (rg)**
+  - **fd**
+- Modern replacements:
+  - **bat**
+  - **eza**
+- Convenience:
+  - **curl**
+  - **wget**
+
+---
+
+## 2) SOON (after base boot is stable)
+
+These are commonly used, easy wins, but not required for “first login”.
+
+### Dev tools
+- Compilers / build:
+  - **gcc**
+  - **gnumake**
+  - **pkg-config**
+- Language toolchains (pick pinned versions later):
+  - **nodejs**
+  - **python3** (+ `python3Packages.pip` as needed)
+  - **go**
+  - Rust strategy: prefer **rustup** if you need toolchain flexibility, otherwise `rustc`/`cargo` from nixpkgs.
+
+### CLI utilities commonly used in the previous setup
+- **jq**
+- **btop**
+- **lazygit**
+- **zellij**
+- **tealdeer (tldr)**
+- **navi**
+- **yazi**
+- **dua-cli (dua)**
+- **unzip / zip / p7zip**
+- Clipboard (X11 fallback / mixed):
+  - **xclip** (optional; Wayland-first systems typically rely on `wl-clipboard`)
+
+### Apps from Ubuntu recon (snap list) with Nix equivalents
+From `logs/04_nixos_recon.log` snap list:
+- `code` → **vscode** (unfree)
+- `firefox` → **firefox**
+- `thunderbird` → **thunderbird**
+- `telegram-desktop` → **telegram-desktop**
+- `spotify` → **spotify** (unfree)
+- `nushell` → **nushell**
+- `mqtt-explorer` → **mqtt-explorer** (verify availability in nixpkgs)
+- `notepad-plus-plus` → consider **notepadqq** or run via Wine (see “LATER”)
+
+---
+
+## 3) LATER (deliberately deferred until base is reliable)
+
+### Desktop apps / optional GUI
+- **Google Chrome** (unfree) (install once graphics/session is stable)
+- **LibreOffice**
+- **VLC**
+- **Flameshot**
+  - Note: Flameshot on Wayland can be quirky; ensure portals + permissions work first.
+- **Timeshift**
+  - Note: NixOS typically prefers rollback/snapshots via filesystem tooling (e.g., Btrfs snapshots). Use only if you explicitly want it.
+
+### Remote desktop / admin tools
+- **Tailscale** (client)
+- **RustDesk** (service/app)
+
+### Networking / diagnostics tools (as needed)
+- **nmap**
+- **arp-scan / arpwatch**
+- **minicom / screen / cu**
+- **ethtool**
+- **tcpdump**
+
+### Notepad++ situation
+- `notepad-plus-plus` snap existed on Ubuntu.
+  - NixOS options:
+    - **notepadqq** (native)
+    - **Wine** route (more moving parts)
+  - Keep this until the base system is stable.
+
+---
+
+## 4) DEFER (Docker later)
+
+These are explicitly postponed and should NOT be part of the base NixOS install.
+
+- **Apprise** — **DEFER (Docker later)**
+- **Obsidian** — **DEFER (Docker later)**
+
+---
+
+## 5) AI / Agentic stack (LATER; not part of base boot)
+
+From `ai_dev_plan.md` and `software_to_add.md`, intentionally excluded from day-1:
+
+- Orchestration / pipelines:
+  - **Airflow**
+  - **Windmill**
+  - **Activepieces**
+- Prototyping:
+  - **Flowise**
+- RAG / DB:
+  - **Chroma**
+- Crawling:
+  - **Selenium / Playwright**
+  - **Firecrawl**
+- Agent frameworks:
+  - **LangChain / LangGraph**
+- CLI AI tools:
+  - **Aider**
+  - **OpenCode**
+  - **Gemini CLI**
+  - **Goose / MCP tooling**
+- Model routing:
+  - **OpenRouter**
+
+Plan: bring these up later via Docker Compose on top of a stable NixOS base.
+
+---
+
+## 6) Notes / policies
+
+### Secrets policy (hard requirement)
+- Do **not** commit API keys, tokens, WiFi PSKs, certificates, or private keys into git.
+- Prefer:
+  - `~/.config/environment.d/*.conf` (local-only)
+  - a secrets manager (e.g. **sops-nix**) once the base system is stable
+
+### Graphics strategy note (pending confirmation)
+- Hardware includes Intel HD 630 + NVIDIA Quadro P620.
+- Final graphics configuration will depend on which GPU is actually driving the 4 monitors.