fix isServer

The SSH_TTY guard was too broad — it broke local terminal sessions on
macOS. Use platform-specific conditions: Darwin omits the SSH_TTY check
(always exec nu unless IDE/skip), Linux keeps it (only exec nu for
interactive SSH, leaving non-interactive sessions like Codex in zsh).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

hosts/thegeneralist-central/configuration.nix

@@ -40,6 +40,7 @@
   age.secrets.openclawGatewayEnv.owner = "thegeneralist";
   age.secrets.openclawGatewayEnv.group = "users";
   age.secrets.openclawGatewayEnv.mode = "0400";
+
   users.users = {
     thegeneralist = {
       isNormalUser = true;
@@ -52,7 +53,7 @@
         "scanner"
         "docker"
       ];
-      shell = pkgs.nushell;
+      shell = pkgs.zsh;
       home = "/home/thegeneralist";
       homeMode = "0750";
       linger = true;
@@ -91,25 +92,31 @@
         ...
       }:
       let
+        # openclaw's packages require fetchPnpmDeps and other tooling that is
+        # only present in its own pinned nixpkgs input, so we must build from
+        # there rather than from the host nixpkgs.
         openclawPkgs =
           let
             pkgsAarch64 = import inputs.nix-openclaw.inputs.nixpkgs { system = "aarch64-linux"; };
-            steipetePkgs =
-              if inputs.nix-openclaw.inputs.nix-steipete-tools ? packages
-                && builtins.hasAttr
-                  "aarch64-linux"
-                  inputs.nix-openclaw.inputs.nix-steipete-tools.packages
-              then
-                inputs.nix-openclaw.inputs.nix-steipete-tools.packages.aarch64-linux
-              else
-                { };
           in
           import "${inputs.nix-openclaw}/nix/packages" {
             pkgs = pkgsAarch64;
             sourceInfo = import "${inputs.nix-openclaw}/nix/sources/openclaw-source.nix";
-            inherit steipetePkgs;
           };
-        openclawPackage = openclawPkgs.openclaw;
+
+        # openclaw bundles common CLI tools (rg, goplaces, …) directly in its
+        # /bin, which causes pkgs.buildEnv to abort with a "conflicting
+        # subpath" error when those tools are also in home.packages.
+        #
+        # Setting meta.priority = 10 (higher number = lower priority) tells
+        # buildEnv to silently prefer any other package that provides the same
+        # binary, instead of erroring out.  Priority 5 is the nixpkgs default,
+        # so any explicitly installed package will win over openclaw's bundled
+        # copies while openclaw's own binaries (openclaw, openclaw-gateway, …)
+        # are still linked if nothing else claims them.
+        openclawPackage = openclawPkgs.openclaw.overrideAttrs (old: {
+          meta = (old.meta or { }) // { priority = 10; };
+        });
       in
       {
         home = {
@@ -119,8 +126,12 @@
         };
 
         programs.openclaw = {
-          documents = ./openclaw-documents;
+          instances.default = {
+            enable = true;
             package = openclawPackage;
+
+            systemd.enable = true;
+
             config = {
               gateway = {
                 mode = "local";
@@ -129,24 +140,25 @@
 
               channels.telegram = {
                 tokenFile = osConfig.age.secrets.openclawTelegramToken.path;
-              # Replace with your Telegram user ID from @userinfobot.
+                # Placeholder overwritten at activation time by the script
+                # below, which reads the real ID from the age secret.
                 allowFrom = [ 0 ];
                 groups."*" = {
                   requireMention = true;
                 };
               };
             };
-
-          instances.default = {
-            enable = true;
-            package = openclawPackage;
           };
         };
 
+        # Inject gateway credentials (ANTHROPIC_API_KEY, gateway token, …)
+        # from the age-encrypted env file into the systemd unit at runtime.
         systemd.user.services.openclaw-gateway.Service.EnvironmentFile = [
           osConfig.age.secrets.openclawGatewayEnv.path
         ];
 
+        # Patch the generated openclaw.json to replace the placeholder 0 above
+        # with the real Telegram user ID stored in the age secret.
         home.activation.openclawTelegramAllowFrom =
           lib.hm.dag.entryAfter [ "openclawConfigFiles" ] ''
             set -euo pipefail

hosts/thegeneralist-central/hardware-configuration.nix

@@ -10,6 +10,7 @@
     "sd_mod"
   ];
   boot.initrd.kernelModules = [ ];
+  boot.loader.systemd-boot.graceful = true;
 
   # Wi-Fi stuff
   nixpkgs.config.allowUnfree = true;

modules/common/custom-options.nix

@@ -16,7 +16,7 @@ in {
 
     isServer = mkOption {
       type = types.bool;
-      default = config.nixpkgs.hostPlatform.isAarch64;
+      default = config.nixpkgs.hostPlatform.isAarch64 && config.nixpkgs.hostPlatform.system == "aarch64-linux";
       description = "Whether the system is a server. Determined by the processor architecture.";
     };
 

modules/common/ghostty.nix

@@ -25,6 +25,7 @@
 
         gtk-titlebar = false;
         mouse-hide-while-typing = true;
+        custom-shader = "~/.config/ghostty-shaders/shader.glsl";
       };
     };
   }];

modules/common/shell/0_nushell.nix

@@ -20,7 +20,7 @@ let
 
   unstable = import (builtins.fetchTarball {
     url = "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";
-    sha256 = if (config.onLinux) then "sha256:0fgmdh1j6qrx64wq8wk2hry2rjh3rkvz9pch29l8zn49nlndvxy2" else "sha256:16xi1yijq2ccbp8254zc0b5fgz0igxvyf4yn349wj2ggk4cl6dgn";
+    sha256 = if (config.isServer) then "sha256:0fgmdh1j6qrx64wq8wk2hry2rjh3rkvz9pch29l8zn49nlndvxy2" else (if (config.onLinux) then "sha256:0fgmdh1j6qrx64wq8wk2hry2rjh3rkvz9pch29l8zn49nlndvxy2" else "sha256:16xi1yijq2ccbp8254zc0b5fgz0igxvyf4yn349wj2ggk4cl6dgn");
   }) { system = pkgs.system; };
   package = unstable.nushell;
 in

modules/common/shell/default.nix

@@ -11,7 +11,6 @@ let
     flatten
     getAttr
     mapAttrsToList
-    mkIf
     mkOption
     sortOn
     toInt
@@ -64,23 +63,28 @@ in
       }
     )
 
-    (mkIf config.isDarwin (
+    (
       homeArgs:
       let
         config' = homeArgs.config;
+        nuExecCondition =
+          if config.isDarwin then
+            ''[ -z "$INTELLIJ_ENVIRONMENT_READER" ] && [ -z "$skip" ]''
+          else
+            ''[ -z "$INTELLIJ_ENVIRONMENT_READER" ] && [ -z "$skip" ] && [ -n "$SSH_TTY" ]'';
       in
       {
         home.file.".zshrc".text = # zsh
           ''
-            export PATH="/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/etc/profiles/per-user/$USER/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin''${PATH:+:}''${PATH}"
+            export PATH="$HOME/.local/bin:/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/etc/profiles/per-user/$USER/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin''${PATH:+:}''${PATH}"
             source ${config'.home.sessionVariablesPackage}/etc/profile.d/hm-session-vars.sh
 
-            if [ -z "$INTELLIJ_ENVIRONMENT_READER" ] && [ -z "$skip" ]; then
+            if ${nuExecCondition}; then
               SHELL='${lib.getExe <| lib.head config'.shellsByPriority}' exec "$SHELL"
             fi
           '';
       }
-    ))
+    )
 
   ];
 }