chore: get nix flake check evaluation green

Three blockers off the path so the skeleton evaluates cleanly: 1. flake.lock generated (no inputs were pinned before). 2. hardware-configuration.nix shipped as a placeholder — unbootable /dev/null root + grub on nodev — so `system.build.toplevel` resolves without complaining about missing fileSystems / boot.loader. The file carries a big "overwrite with nixos-generate-config" warning; the consumer regenerates it before any real switch. 3. Primary user + group declared in configuration.nix (was tripping the assertion about implicit nogroup defaults and isNormalUser missing). Also: `home.homeDirectory` now uses `lib.mkForce` to override home-manager's nixos-module default of /var/empty, and the deprecated `programs.git.user{Name,Email}` options migrated to the new `programs.git.settings.user.{name,email}` shape. `nix flake check --no-build` now finishes with `all checks passed!` and no warnings, giving every subsequent change a cheap signal. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 15:12:11 +02:00 · 2026-05-25 15:12:11 +02:00 · 45c44f550e
commit 45c44f550e
parent 6cabca3113
4 changed files with 123 additions and 7 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -13,10 +13,10 @@

 {
  imports = [
-    # Generated by `nixos-generate-config`. Drop your real
-    # hardware-configuration.nix in alongside this file before the
-    # first build.
-    # ./hardware-configuration.nix
+    # Ships as a placeholder (unbootable values) so `nix flake check`
+    # evaluates cleanly. Overwrite with `nixos-generate-config` output
+    # before the first real `nixos-rebuild switch`.
+    ./hardware-configuration.nix

    # Shared helpers (config.lnbits-sensei.lib).
    ./modules/lib.nix
@ -42,6 +42,15 @@
  networking.hostName = settings.hostName;
  time.timeZone = settings.timeZone;

+  # Primary user. Group declared explicitly per NixOS warning about
+  # implicit `nogroup` defaults. Consumer extends extraGroups as needed.
+  users.users.${settings.user} = {
+    isNormalUser = true;
+    group = settings.user;
+    extraGroups = [ "wheel" ];
+  };
+  users.groups.${settings.user} = { };
+
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,65 @@
+{
+  "nodes": {
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1779678629,
+        "narHash": "sha256-gHcIFg0mm+KFsg7iZQt67kni3+qR5U3PhEC9P7vKlZ4=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "612bbe3b405ad5f71d7bf9edecc04b678a061652",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "lnbits-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1779693880,
+        "narHash": "sha256-Gp+Dwj+zxMS7HaNksazfygMIFrAwW1nyWlNvKnaUta8=",
+        "owner": "lnbits",
+        "repo": "lnbits",
+        "rev": "88672501d8dbb3a77e2ebb5dfc7878dc43adadbd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnbits",
+        "repo": "lnbits",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1779508470,
+        "narHash": "sha256-Ap9KJX+5xHIn3bPIpfNgT6MEXdAECECwo4/rmlQD74M=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "29916453413845e54a65b8a1cf996842300cd299",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "home-manager": "home-manager",
+        "lnbits-src": "lnbits-src",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@ -0,0 +1,38 @@
+# PLACEHOLDER — do not boot from this.
+#
+# This file ships with the scaffold purely so `nix flake check` and
+# `nixos-rebuild build` evaluate without screaming about missing
+# `fileSystems."/"` and `boot.loader.*`. The values are syntactically
+# valid but intentionally unusable — `/dev/null` is not a real root.
+#
+# Before the first real `nixos-rebuild switch`, overwrite this file:
+#
+#   sudo nixos-generate-config --root / --dir /etc/nixos
+#
+# or, if your repo lives elsewhere, copy the generated file in by hand.
+# The autogenerated version pins your actual disks, kernel modules,
+# and bootloader to the running machine.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  fileSystems."/" = {
+    device = "/dev/null";
+    fsType = "ext4";
+  };
+
+  boot.loader.grub = {
+    enable = true;
+    devices = [ "nodev" ];
+  };
+
+  # Required for evaluation. The consumer's real configuration will
+  # almost always overwrite this with `nixos-generate-config` output.
+  boot.initrd.availableKernelModules = [ ];
+  boot.kernelModules = [ ];
+}
--- a/home.nix
+++ b/home.nix
@ -14,7 +14,9 @@

 {
  home.username = settings.user;
-  home.homeDirectory = "/home/${settings.user}";
+  # `lib.mkForce` because home-manager's nixos module sets a default
+  # homeDirectory of /var/empty that we always want to override.
+  home.homeDirectory = lib.mkForce "/home/${settings.user}";

  # State version pins the schema of files this generation produces.
  # Match the NixOS stateVersion in configuration.nix.
@ -24,8 +26,10 @@
  # for the whole host.
  programs.git = {
    enable = true;
-    userName = settings.gitName;
-    userEmail = settings.gitEmail;
+    settings.user = {
+      name = settings.gitName;
+      email = settings.gitEmail;
+    };
  };

  # Future passes: shell prompt, editor, lnbits dev shell aliases,