feat(home-manager): Add platform compatibility guards to cross-platform roles

Add lib.optionals pkgs.stdenv.isLinux guards to roles that contain
Linux-only packages or services to prevent build failures on Darwin:

- communication: Guard Electron apps (element-desktop, fluffychat,
  nextcloud-talk-desktop) that don't build on Darwin due to electron
  build-from-source limitations
- kdeconnect: Guard entire config block since services.kdeconnect
  requires D-Bus and systemd (Linux-only)
- sync: Guard syncthingtray package (requires Linux system tray)
- email: Guard systemd.user.services/timers (Darwin uses launchd)
- desktop: Guard Linux-only packages, services, and KDE-specific
  configurations including gnome-keyring, systemd services, and
  XDG mime associations

Implements bead: nixos-configs-tcu

bootstrap.sh

@@ -1,7 +1,6 @@
 #!/usr/bin/env bash
 # bootstrap.sh
-# Usage: nix run .#bootstrap -- <hostname>
+# Usage: sudo ./bootstrap.sh <hostname>
-# Or: sudo ./scripts/bootstrap.sh <hostname>
 set -euo pipefail
 
 NEW_HOSTNAME="${1:?missing hostname}"
@@ -9,3 +8,4 @@ FLAKE_URI="git+https://git.johnogle.info/johno/nixos-configs.git#${NEW_HOSTNAME}
 
 export NIX_CONFIG="experimental-features = nix-command flakes"
 nixos-rebuild switch --flake "$FLAKE_URI"
+

build-liveusb.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+# Build Live USB ISO from flake configuration
+# Creates an uncompressed ISO suitable for Ventoy and other USB boot tools
+
+set -e
+
+echo "Building Live USB ISO..."
+nix build .#nixosConfigurations.live-usb.config.system.build.isoImage --show-trace
+
+if [ -f "./result/iso/"*.iso ]; then
+    iso_file=$(ls ./result/iso/*.iso)
+    echo "✅ Build complete!"
+    echo "📁 ISO location: $iso_file"
+    echo "💾 Ready for Ventoy or dd to USB"
+else
+    echo "❌ Build failed - no ISO file found"
+    exit 1
+fi

flake.nix

@@ -275,16 +275,6 @@
           export PATH="${pkgs.lib.makeBinPath commonDeps}:$PATH"
           ${builtins.readFile ./scripts/upgrade.sh}
         '';
-
-        bootstrap = pkgs.writeShellScriptBin "bootstrap" ''
-          export PATH="${pkgs.lib.makeBinPath commonDeps}:$PATH"
-          ${builtins.readFile ./scripts/bootstrap.sh}
-        '';
-
-        build-liveusb = pkgs.writeShellScriptBin "build-liveusb" ''
-          export PATH="${pkgs.lib.makeBinPath commonDeps}:$PATH"
-          ${builtins.readFile ./scripts/build-liveusb.sh}
-        '';
       in {
         update-doomemacs = {
           type = "app";
@@ -302,14 +292,6 @@
           type = "app";
           program = "${upgrade}/bin/upgrade";
         };
-        bootstrap = {
-          type = "app";
-          program = "${bootstrap}/bin/bootstrap";
-        };
-        build-liveusb = {
-          type = "app";
-          program = "${build-liveusb}/bin/build-liveusb";
-        };
       }
     );
   };

home/roles/communication/default.nix

@@ -4,6 +4,7 @@ with lib;
 
 let
   cfg = config.home.roles.communication;
+  isLinux = pkgs.stdenv.isLinux;
 in
 {
   options.home.roles.communication = {
@@ -12,14 +13,14 @@ in
 
   config = mkIf cfg.enable {
     home.packages = [
-      # Communication apps
+      # For logging back into google chat (cross-platform)
+      globalInputs.google-cookie-retrieval.packages.${system}.default
+    ] ++ optionals isLinux [
+      # Linux-only communication apps (Electron apps don't build on Darwin)
       pkgs.element-desktop
       # Re-enabled in 25.11 after security issues were resolved
       pkgs.fluffychat
       pkgs.nextcloud-talk-desktop
-      
-      # For logging back into google chat
-      globalInputs.google-cookie-retrieval.packages.${system}.default
     ];
   };
 }

home/roles/desktop/default.nix

@@ -4,6 +4,7 @@ with lib;
 
 let
   cfg = config.home.roles.desktop;
+  isLinux = pkgs.stdenv.isLinux;
 in
 {
   options.home.roles.desktop = {
@@ -12,27 +13,29 @@ in
 
   config = mkIf cfg.enable {
     home.packages = with pkgs; [
-      # Desktop applications
+      # Cross-platform desktop applications
       bitwarden-desktop
-      dunst
       keepassxc
+      xdg-utils # XDG utilities for opening files/URLs with default applications
+    ] ++ optionals isLinux [
+      # Linux-only desktop applications
+      dunst
       unstable.ghostty
 
-      # Desktop utilities
+      # Linux-only desktop utilities
       feh # Image viewer and wallpaper setter for X11
       rofi # Application launcher for X11
       solaar # Logitech management software
       waybar
       wofi # Application launcher for Wayland
-      xdg-utils # XDG utilities for opening files/URLs with default applications
 
-      # System utilities with GUI components
+      # Linux-only system utilities with GUI components
       (snapcast.override { pulseaudioSupport = true; })
 
-      # KDE tiling window management
+      # KDE tiling window management (Linux-only)
       kdePackages.krohnkite  # Dynamic tiling extension for KWin 6
 
-      # KDE PIM applications for email, calendar, and contacts
+      # KDE PIM applications for email, calendar, and contacts (Linux-only)
       kdePackages.kmail
       kdePackages.kmail-account-wizard
       kdePackages.kmailtransport
@@ -40,33 +43,33 @@ in
       kdePackages.kaddressbook
       kdePackages.kontact
 
-      # KDE System components needed for proper integration
+      # KDE System components needed for proper integration (Linux-only)
       kdePackages.kded
       kdePackages.systemsettings
       kdePackages.kmenuedit
 
-      # Desktop menu support
+      # Desktop menu support (Linux-only)
       kdePackages.plasma-desktop # Contains applications.menu
 
-      # KDE Online Accounts support
+      # KDE Online Accounts support (Linux-only)
       kdePackages.kaccounts-integration
       kdePackages.kaccounts-providers
       kdePackages.signond
 
-      # KDE Mapping
+      # KDE Mapping (Linux-only)
       kdePackages.marble  # Virtual globe and world atlas
 
-      # KDE Productivity
+      # KDE Productivity (Linux-only)
       kdePackages.kate        # Advanced text editor with syntax highlighting
       kdePackages.okular      # Universal document viewer (PDF, ePub, etc.)
       kdePackages.spectacle   # Screenshot capture utility
       kdePackages.filelight   # Visual disk usage analyzer
 
-      # KDE Multimedia
+      # KDE Multimedia (Linux-only)
       kdePackages.gwenview    # Image viewer and basic editor
       kdePackages.elisa       # Music player
 
-      # KDE System Utilities  
+      # KDE System Utilities (Linux-only)
       kdePackages.ark         # Archive manager (zip, tar, 7z, etc.)
       kdePackages.yakuake     # Drop-down terminal emulator
     ];
@@ -77,12 +80,15 @@ in
 
     programs.spotify-player.enable = true;
 
-    services.gnome-keyring = {
+    # Linux-only: GNOME keyring service
+    services.gnome-keyring = mkIf isLinux {
       enable = true;
     };
 
-    # rbw vault unlock on login and resume from suspend
+    # Linux-only: systemd user services for rbw vault unlock
-    systemd.user.services.rbw-unlock-on-login = {
+    systemd.user.services = mkIf isLinux {
+      # rbw vault unlock on login
+      rbw-unlock-on-login = {
         Unit = {
           Description = "Unlock rbw vault at login";
           After = [ "graphical-session.target" ];
@@ -101,7 +107,8 @@ in
         };
       };
 
-    systemd.user.services.rbw-unlock-on-resume = {
+      # rbw vault unlock on resume from suspend
+      rbw-unlock-on-resume = {
         Unit = {
           Description = "Unlock rbw vault after resume from suspend";
           After = [ "suspend.target" ];
@@ -119,9 +126,10 @@ in
           WantedBy = [ "suspend.target" ];
         };
       };
+    };
 
-    # KDE environment variables for proper integration
+    # Linux-only: KDE environment variables for proper integration
-    home.sessionVariables = {
+    home.sessionVariables = mkIf isLinux {
       QT_QPA_PLATFORMTHEME = "kde";
       KDE_SESSION_VERSION = "6";
     };
@@ -141,13 +149,14 @@ in
           "x-scheme-handler/https" = "firefox.desktop";
         };
         defaultApplications = {
-          # Web browsers
+          # Web browsers (cross-platform)
           "text/html" = "firefox.desktop";
           "x-scheme-handler/http" = "firefox.desktop";
           "x-scheme-handler/https" = "firefox.desktop";
           "x-scheme-handler/about" = "firefox.desktop";
           "x-scheme-handler/unknown" = "firefox.desktop";
-          
+        } // optionalAttrs isLinux {
+          # Linux-only: KDE application associations
           # Documents
           "application/pdf" = "okular.desktop";
           "text/plain" = "kate.desktop";
@@ -190,9 +199,11 @@ in
       };
     };
 
-    # Fix for KDE applications.menu file issue on Plasma 6
+    # Linux-only: Fix for KDE applications.menu file issue on Plasma 6
     # KDE still looks for applications.menu but Plasma 6 renamed it to plasma-applications.menu
-    xdg.configFile."menus/applications.menu".source = "${pkgs.kdePackages.plasma-workspace}/etc/xdg/menus/plasma-applications.menu";
+    xdg.configFile."menus/applications.menu" = mkIf isLinux {
+      source = "${pkgs.kdePackages.plasma-workspace}/etc/xdg/menus/plasma-applications.menu";
+    };
 
     # Note: modules must be imported at top-level home config
   };

home/roles/email/default.nix

@@ -4,6 +4,7 @@ with lib;
 
 let
   cfg = config.home.roles.email;
+  isLinux = pkgs.stdenv.isLinux;
 in
 {
   options.home.roles.email = {
@@ -89,8 +90,9 @@ in
       account default : proton
     '';
 
-    # Systemd service for mail sync
+    # Linux-only: Systemd service for mail sync (Darwin uses launchd instead)
-    systemd.user.services.mbsync = {
+    systemd.user.services = mkIf isLinux {
+      mbsync = {
         Unit = {
           Description = "Mailbox synchronization service";
           After = [ "network-online.target" ];
@@ -104,9 +106,11 @@ in
           StandardError = "journal";
         };
       };
+    };
 
-    # Systemd timer for automatic sync
+    # Linux-only: Systemd timer for automatic sync
-    systemd.user.timers.mbsync = {
+    systemd.user.timers = mkIf isLinux {
+      mbsync = {
         Unit = {
           Description = "Mailbox synchronization timer";
         };
@@ -120,4 +124,5 @@ in
         };
       };
     };
+  };
 }

home/roles/kdeconnect/default.nix

@@ -4,13 +4,15 @@ with lib;
 
 let
   cfg = config.home.roles.kdeconnect;
+  isLinux = pkgs.stdenv.isLinux;
 in
 {
   options.home.roles.kdeconnect = {
     enable = mkEnableOption "Enable KDE Connect for device integration";
   };
 
-  config = mkIf cfg.enable {
+  # KDE Connect services are Linux-only (requires D-Bus and systemd)
+  config = mkIf (cfg.enable && isLinux) {
     services.kdeconnect = {
       enable = true;
       indicator = true;

home/roles/sync/default.nix

@@ -4,6 +4,7 @@ with lib;
 
 let
   cfg = config.home.roles.sync;
+  isLinux = pkgs.stdenv.isLinux;
 in
 {
   options.home.roles.sync = {
@@ -11,9 +12,10 @@ in
   };
 
   config = mkIf cfg.enable {
-    home.packages = with pkgs; [
+    # Linux-only: syncthingtray requires system tray support
+    home.packages = optionals isLinux (with pkgs; [
       syncthingtray
-    ];
+    ]);
 
     services.syncthing = {
       enable = true;

scripts/build-liveusb.sh

@@ -1,22 +0,0 @@
-#!/usr/bin/env bash
-# Build Live USB ISO from flake configuration
-# Creates an uncompressed ISO suitable for Ventoy and other USB boot tools
-# Usage: nix run .#build-liveusb
-# Or: ./scripts/build-liveusb.sh
-
-set -euo pipefail
-
-REPO_ROOT="${REPO_ROOT:-$(git rev-parse --show-toplevel 2>/dev/null || pwd)}"
-
-echo "Building Live USB ISO..."
-nix build "${REPO_ROOT}#nixosConfigurations.live-usb.config.system.build.isoImage" --show-trace
-
-if ls "${REPO_ROOT}/result/iso/"*.iso 1> /dev/null 2>&1; then
-    iso_file=$(ls "${REPO_ROOT}/result/iso/"*.iso)
-    echo "Build complete!"
-    echo "ISO location: $iso_file"
-    echo "Ready for Ventoy or dd to USB"
-else
-    echo "Build failed - no ISO file found"
-    exit 1
-fi