use nix to manage dependencies across OS

.github/actions/setup-nix/action.yml

@@ -0,0 +1,20 @@
+name: Setup Nix with Flakes
+description: Installs Nix, enables flakes, and installs Home Manager
+
+runs:
+  using: composite
+  steps:
+    - name: Install Nix
+      uses: DeterminateSystems/nix-installer-action@main
+
+    - name: Enable Flakes
+      shell: bash
+      run: |
+        mkdir -p ~/.config/nix
+        echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
+
+    - name: Install Home Manager
+      shell: bash
+      run: |
+        nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz home-manager
+        nix-channel --update

.github/workflows/nix.yml

@@ -0,0 +1,55 @@
+name: Nix CI
+
+on:
+  push:
+    branches: [main, nix-migration]
+  pull_request:
+    branches: [main]
+
+jobs:
+  flake-check:
+    name: Flake Check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Nix
+        uses: ./.github/actions/setup-nix
+
+      - name: Check Flake
+        run: nix flake check
+
+  home-manager:
+    name: Home Manager (${{ matrix.system }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - system: linux
+            attr: .#linux
+          - system: pi
+            attr: .#pi
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Nix
+        uses: ./.github/actions/setup-nix
+
+      - name: Build Home Manager (${{ matrix.system }})
+        run: home-manager build ${{ matrix.attr }} --show-trace
+
+  nixos:
+    name: NixOS Config Check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Nix
+        uses: ./.github/actions/setup-nix
+
+      - name: Evaluate NixOS Config
+        run: nix eval .#nixosConfigurations.nixos.pkgs.system

.github/workflows/stow.yml

@@ -0,0 +1,59 @@
+name: Stow CI
+
+on:
+  push:
+    branches: [main, nix-migration]
+  pull_request:
+    branches: [main]
+
+jobs:
+  stow-check:
+    name: Stow Structure Check
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Stow
+        run: sudo apt-get update && sudo apt-get install -y stow
+
+      - name: Verify Stow Packages
+        run: |
+          # Check that common packages exist and have content
+          for pkg in stow/common/*; do
+            if [ -d "$pkg" ]; then
+              count=$(find "$pkg" -type f | wc -l)
+              if [ "$count" -eq 0 ]; then
+                echo "Warning: $pkg is empty"
+              fi
+            fi
+          done
+
+      - name: Verify OS-specific packages
+        run: |
+          # Check macOS packages
+          for pkg in stow/macos/*; do
+            if [ -d "$pkg" ]; then
+              count=$(find "$pkg" -type f | wc -l)
+              echo "macOS package: $(basename $pkg) - $count files"
+            fi
+          done
+
+          # Check Linux packages
+          for pkg in stow/linux/*; do
+            if [ -d "$pkg" ]; then
+              count=$(find "$pkg" -type f | wc -l)
+              echo "Linux package: $(basename $pkg) - $count files"
+            fi
+          done
+
+          # Check Pi packages
+          for pkg in stow/pi/*; do
+            if [ -d "$pkg" ]; then
+              count=$(find "$pkg" -type f | wc -l)
+              echo "Pi package: $(basename $pkg) - $count files"
+            fi
+          done

.gitignore

@@ -1,56 +1,118 @@
+# =====================================================================
+# OS/Editor Generated Files
+# =====================================================================
 .DS_Store
 \.DS_Store
-node_modules/**
-Makefile
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+Thumbs.db
+ehthumbs.db
+Desktop.ini
+
+# =====================================================================
+# Secrets & Credentials
+# =====================================================================
 *.pem
 *.key
 *.pub
 id_rsa*
-cache/**
-extensions/**
-**/extensions/**
+*id_ed25519*
+*id_rsa
+.env
+.env.*
+.env.secret
+.env.local
+.env.d.ts
+oauth_creds.json
+htpasswd
+verdaccio/htpasswd
+known_hosts*
+
+# =====================================================================
+# Build & Dependency Outputs
+# =====================================================================
+node_modules/**
+vendor/**
+target/**
+dist/**
+build/**
+*.o
+*.so
+*.a
+*.lib
+**/.docker/cli-plugins/**
+# =====================================================================
+# Temporary Files
+# =====================================================================
 tmp/**
-**/tmp/**
 temp/**
 .zsh_history
-cache/**
-.vscode/**
-.netrwhist
 .zsh_sessions/**
+cache/**
 (.config|config)/**/(temp|tmp)/**
-.config/configstore/**
-verdaccio/htpasswd
-.config/yarn/**
-.*history
-known_hosts*
-(.gemini|gemini)/oauth_creds.json
-(.gemini|gemini)/tmp/**
-htpasswd
-oauth_creds.json
+*.bak*
+*~
+*.swp
+*.swo
+*#
+
+# =====================================================================
+# Development Tools
+# =====================================================================
+.vscode/**
 *.vscode
-.devbox
-devbox.d
-docker/.docker/**
-!docker/.docker/config.json
-!docker/.docker/daemon.json
-.env*
-.env.d.ts
-.env.secret
-cursor/.cursor/*
-.cursor/*
-orbstack/.orbstack/*
-.yarnrc
-./npm/.npmrc
-.npmrc*
-test/bats.diff*
+.idea/
+*.iml
+Makefile
+
+# =====================================================================
+# Test & Coverage
+# =====================================================================
 tests/**/bats.log
-argv.json
-bats.diff
+test/**
 tests/bats.diff*
-test/**/bats.diff*
-zsh/custom/plugins/**
-*id_ed25519*
-*id_rsa
-*.bak*
-goose/**/*/githubcopilot/**
-ollama/**/*
+test/bats.diff*
+
+# =====================================================================
+# Package Managers
+# =====================================================================
+.npmrc*
+.yarnrc
+./npm/.npmrc
+yarn-error.log
+
+# =====================================================================
+# Nix (keep flake.nix and *.nix configs, but not results)
+# =====================================================================
+result
+result-*
+*.lock
+
+# =====================================================================
+# Stow temporary
+# =====================================================================
+.stow*
+.stow-local-ignore
+
+# =====================================================================
+# Stow Package-Specific Ignores
+# =====================================================================
+# Cursor (macOS) - cache and plugin directories
+stow/macos/cursor/.cursor/
+cursor/.cursor/
+
+# 1Password (if contains sensitive data)
+stow/common/1Password/.op/
+stow/common/1Password/config**
+
+# Orbstack (macOS)
+orbstack/.orbstack/*
+
+# Gemini
+.gemini/**
+gemini/**
+
+# Ollama
+ollama/**

.stow-local-ignore

@@ -1,25 +1,65 @@
-Makefile
-/node_modules/
-\.DS_Store
-.DS_Store
+# =====================================================================
+# General Ignores (don't stow these)
+# =====================================================================
 .git
 .gitignore
-.vscode
-\.git
-\.gitignore
 README.*
 LICENSE
 .env
-test/*
-devbox.*
-package.*
-README.md
-.cursor/*
-.claude/*
-scripts/*
-setup/*
-test/*
-bats
-husky
-nix/
+.env.*
 *.lock
+
+# Build outputs
+node_modules/
+target/
+dist/
+build/
+vendor/
+
+# IDE/Editor
+.vscode/
+.idea/
+*.vscode
+
+# Test files
+test/
+tests/
+bats/
+
+# Scripts (run separately, not stowed)
+scripts/
+setup*.sh
+*.md
+
+# =====================================================================
+# Stow Directory-Specific
+# =====================================================================
+# Nix/Flake files (managed separately)
+flake.nix
+hosts/
+linux/
+nix/
+
+# Package managers
+package.json
+package-lock.json
+pnpm-lock.yaml
+yarn.lock
+
+# Dev tools
+.devbox/
+devbox.d/
+.devbox
+
+# Temporary/Cache
+cache/
+tmp/
+temp/
+*.swp
+*.swo
+*~
+
+# macOS-specific cache
+.DS_Store
+.Spotlight-V100
+.Trashes