chore: scaffold flake + settings + entry-point quartet

Single-source-of-truth pattern: settings.nix threads identity, host,
and remote topology into every module via specialArgs. configuration.nix
and home.nix stay thin import-lists so module composition is obvious.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

configuration.nix

@@ -0,0 +1,56 @@
+# lnbits-sensei — NixOS entry point.
+#
+# Thin by design. All real config lives in modules/. This file imports
+# the module set and wires per-host settings (hostname, timezone) from
+# the shared `settings` attrset.
+{
+  config,
+  pkgs,
+  lib,
+  settings,
+  ...
+}:
+
+{
+  imports = [
+    # Generated by `nixos-generate-config`. Drop your real
+    # hardware-configuration.nix in alongside this file before the
+    # first build.
+    # ./hardware-configuration.nix
+
+    # Shared helpers (config.lnbits-sensei.lib).
+    ./modules/lib.nix
+
+    # Option schema (lnbits-sensei.*).
+    ./modules/core.nix
+
+    # LNbits service wrapper.
+    ./modules/lnbits.nix
+
+    # Git remote topology — upstream / fork / extras.
+    ./modules/git/remotes.nix
+
+    # Dev environment (worktree mgmt, regtest, fakewallet, tmux).
+    ./modules/dev-env
+  ];
+
+  # --- Per-host settings ---
+
+  lnbits-sensei = {
+    enable = true;
+    user = settings.user;
+    hostName = settings.hostName;
+  };
+
+  networking.hostName = settings.hostName;
+  time.timeZone = settings.timeZone;
+
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  # Pin the state version that matches the nixpkgs input. Bump
+  # deliberately after reviewing release notes — never auto.
+  system.stateVersion = "24.11";
+}

flake.nix

@@ -0,0 +1,67 @@
+{
+  description = "lnbits-sensei — opinionated NixOS scaffold for an LNbits dev stack";
+
+  inputs = {
+    # Pinned to nixos-unstable for fresh LNbits / Lightning tooling.
+    # Bump intentionally; this template does not chase HEAD.
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    # Upstream LNbits source. Tracked as a flake input so the lnbits
+    # module can pin to a specific ref and the dev-env helpers can
+    # surface upstream-relative diffs without a separate clone step.
+    #
+    # Override locally with `--override-input lnbits-src path:/your/fork`
+    # when iterating on a feature destined for an upstream PR.
+    lnbits-src = {
+      url = "github:lnbits/lnbits";
+      flake = false;
+    };
+  };
+
+  outputs =
+    {
+      self,
+      nixpkgs,
+      home-manager,
+      ...
+    }@inputs:
+    let
+      system = "x86_64-linux";
+      settings = import ./settings.nix;
+
+      # specialArgs / extraSpecialArgs flow mirrors the omnixy pattern:
+      # `settings` (single source of truth — user, host, identity,
+      # remote topology) is threaded into every NixOS module and into
+      # the home-manager module set, so neither has to re-import it.
+    in
+    {
+      nixosConfigurations.${settings.hostName} = nixpkgs.lib.nixosSystem {
+        inherit system;
+
+        specialArgs = {
+          inherit inputs settings;
+        };
+
+        modules = [
+          ./configuration.nix
+
+          home-manager.nixosModules.home-manager
+          {
+            home-manager = {
+              useGlobalPkgs = true;
+              useUserPackages = true;
+              extraSpecialArgs = {
+                inherit inputs settings;
+              };
+              users.${settings.user} = import ./home.nix;
+            };
+          }
+        ];
+      };
+    };
+}

home.nix

@@ -0,0 +1,34 @@
+# lnbits-sensei — home-manager user config.
+#
+# Placeholder shell. Substantive home-manager wiring (shell, editor,
+# git identity, dev shell aliases) lands in follow-up passes once the
+# module skeleton settles.
+{
+  config,
+  pkgs,
+  lib,
+  settings,
+  osConfig,
+  ...
+}:
+
+{
+  home.username = settings.user;
+  home.homeDirectory = "/home/${settings.user}";
+
+  # State version pins the schema of files this generation produces.
+  # Match the NixOS stateVersion in configuration.nix.
+  home.stateVersion = "24.11";
+
+  # Git identity is sourced from settings.nix so it is set exactly once
+  # for the whole host.
+  programs.git = {
+    enable = true;
+    userName = settings.gitName;
+    userEmail = settings.gitEmail;
+  };
+
+  # Future passes: shell prompt, editor, lnbits dev shell aliases,
+  # direnv integration, tmux launcher, etc. Keep this file thin and
+  # delegate behaviour to modules/.
+}

settings.nix

@@ -0,0 +1,51 @@
+# lnbits-sensei — single source of truth.
+#
+# Fill in the placeholders below. These values are threaded into every
+# NixOS module and home-manager submodule via `specialArgs` /
+# `extraSpecialArgs` in flake.nix, so no module ever has to re-import
+# this file.
+#
+# Identity values (user / gitName / gitEmail) intentionally have
+# CHANGEME-style placeholders. The skeleton MUST evaluate to nothing
+# useful until you replace them — that's the safety release valve
+# against accidentally building someone else's identity into your fork.
+{
+  # Primary login user on the host. Also the home-manager target.
+  user = "CHANGEME";
+
+  # Git author identity used by the user account on this host.
+  # Wired into `programs.git.userName` / `programs.git.userEmail` in
+  # home.nix.
+  gitName = "Your Name";
+  gitEmail = "you@example.com";
+
+  # NixOS hostname. Also names the `nixosConfigurations.<hostName>`
+  # entry in flake.nix, so `nixos-rebuild --flake .#<hostName>` works
+  # without extra ceremony.
+  hostName = "lnbits-sensei";
+
+  # IANA tz database name. UTC is a safe default; override for any
+  # host with humans nearby.
+  timeZone = "UTC";
+
+  # Remote topology for the LNbits checkout managed by this host.
+  # See modules/git/remotes.nix for the option schema and
+  # docs/remotes.md for the three supported patterns
+  # (upstream-only / github-fork / multi-remote with private host).
+  git = {
+    remotes = {
+      # Canonical upstream. Almost always lnbits/lnbits unless you're
+      # tracking a long-lived divergent fork.
+      upstream = "https://github.com/lnbits/lnbits";
+
+      # Personal GitHub fork — set when you intend to send PRs upstream.
+      # Leave null to skip adding a `fork` remote.
+      fork = null;
+
+      # Extra remotes (private forgejo, gitea, codeberg, …). Each entry
+      # is { name = "<remote-name>"; url = "<url>"; }. Leave empty for
+      # the simple cases.
+      extras = [ ];
+    };
+  };
+}