feat(home-manager): Add platform compatibility guards to cross-platform roles

Add lib.optionals pkgs.stdenv.isLinux guards to roles that contain
Linux-only packages or services to prevent build failures on Darwin:

- communication: Guard Electron apps (element-desktop, fluffychat,
  nextcloud-talk-desktop) that don't build on Darwin due to electron
  build-from-source limitations
- kdeconnect: Guard entire config block since services.kdeconnect
  requires D-Bus and systemd (Linux-only)
- sync: Guard syncthingtray package (requires Linux system tray)
- email: Guard systemd.user.services/timers (Darwin uses launchd)
- desktop: Guard Linux-only packages, services, and KDE-specific
  configurations including gnome-keyring, systemd services, and
  XDG mime associations

Implements bead: nixos-configs-tcu

home/roles/communication/default.nix

@@ -4,6 +4,7 @@ with lib;
 
 let
   cfg = config.home.roles.communication;
+  isLinux = pkgs.stdenv.isLinux;
 in
 {
   options.home.roles.communication = {
@@ -12,14 +13,14 @@ in
 
   config = mkIf cfg.enable {
     home.packages = [
-      # Communication apps
+      # For logging back into google chat (cross-platform)
+      globalInputs.google-cookie-retrieval.packages.${system}.default
+    ] ++ optionals isLinux [
+      # Linux-only communication apps (Electron apps don't build on Darwin)
       pkgs.element-desktop
       # Re-enabled in 25.11 after security issues were resolved
       pkgs.fluffychat
       pkgs.nextcloud-talk-desktop
-      
-      # For logging back into google chat
-      globalInputs.google-cookie-retrieval.packages.${system}.default
     ];
   };
 }

home/roles/desktop/default.nix

@@ -4,6 +4,7 @@ with lib;
 
 let
   cfg = config.home.roles.desktop;
+  isLinux = pkgs.stdenv.isLinux;
 in
 {
   options.home.roles.desktop = {
@@ -12,61 +13,63 @@ in
 
   config = mkIf cfg.enable {
     home.packages = with pkgs; [
-      # Desktop applications
+      # Cross-platform desktop applications
       bitwarden-desktop
-      dunst
       keepassxc
+      xdg-utils # XDG utilities for opening files/URLs with default applications
+    ] ++ optionals isLinux [
+      # Linux-only desktop applications
+      dunst
       unstable.ghostty
-      
-      # Desktop utilities
+
+      # Linux-only desktop utilities
       feh # Image viewer and wallpaper setter for X11
       rofi # Application launcher for X11
       solaar # Logitech management software
       waybar
       wofi # Application launcher for Wayland
-      xdg-utils # XDG utilities for opening files/URLs with default applications
-      
-      # System utilities with GUI components
+
+      # Linux-only system utilities with GUI components
       (snapcast.override { pulseaudioSupport = true; })
-      
-      # KDE tiling window management
+
+      # KDE tiling window management (Linux-only)
       kdePackages.krohnkite  # Dynamic tiling extension for KWin 6
-      
-      # KDE PIM applications for email, calendar, and contacts
+
+      # KDE PIM applications for email, calendar, and contacts (Linux-only)
       kdePackages.kmail
       kdePackages.kmail-account-wizard
       kdePackages.kmailtransport
       kdePackages.korganizer
       kdePackages.kaddressbook
       kdePackages.kontact
-      
-      # KDE System components needed for proper integration
+
+      # KDE System components needed for proper integration (Linux-only)
       kdePackages.kded
       kdePackages.systemsettings
       kdePackages.kmenuedit
-      
-      # Desktop menu support
+
+      # Desktop menu support (Linux-only)
       kdePackages.plasma-desktop # Contains applications.menu
-      
-      # KDE Online Accounts support
+
+      # KDE Online Accounts support (Linux-only)
       kdePackages.kaccounts-integration
       kdePackages.kaccounts-providers
       kdePackages.signond
-      
-      # KDE Mapping
+
+      # KDE Mapping (Linux-only)
       kdePackages.marble  # Virtual globe and world atlas
-      
-      # KDE Productivity
+
+      # KDE Productivity (Linux-only)
       kdePackages.kate        # Advanced text editor with syntax highlighting
       kdePackages.okular      # Universal document viewer (PDF, ePub, etc.)
       kdePackages.spectacle   # Screenshot capture utility
       kdePackages.filelight   # Visual disk usage analyzer
-      
-      # KDE Multimedia
+
+      # KDE Multimedia (Linux-only)
       kdePackages.gwenview    # Image viewer and basic editor
       kdePackages.elisa       # Music player
-      
-      # KDE System Utilities  
+
+      # KDE System Utilities (Linux-only)
       kdePackages.ark         # Archive manager (zip, tar, 7z, etc.)
       kdePackages.yakuake     # Drop-down terminal emulator
     ];
@@ -77,61 +80,66 @@ in
 
     programs.spotify-player.enable = true;
 
-    services.gnome-keyring = {
+    # Linux-only: GNOME keyring service
+    services.gnome-keyring = mkIf isLinux {
       enable = true;
     };
 
-    # rbw vault unlock on login and resume from suspend
-    systemd.user.services.rbw-unlock-on-login = {
-      Unit = {
-        Description = "Unlock rbw vault at login";
-        After = [ "graphical-session.target" ];
+    # Linux-only: systemd user services for rbw vault unlock
+    systemd.user.services = mkIf isLinux {
+      # rbw vault unlock on login
+      rbw-unlock-on-login = {
+        Unit = {
+          Description = "Unlock rbw vault at login";
+          After = [ "graphical-session.target" ];
+        };
+        Service = {
+          Type = "oneshot";
+          ExecStart = "${pkgs.rbw}/bin/rbw unlock";
+          Environment = "RBW_AGENT=${pkgs.rbw}/bin/rbw-agent";
+          # KillMode = "process" prevents systemd from killing the rbw-agent daemon
+          # when this oneshot service completes. The agent is spawned by rbw unlock
+          # and needs to persist after the service exits.
+          KillMode = "process";
+        };
+        Install = {
+          WantedBy = [ "graphical-session.target" ];
+        };
       };
-      Service = {
-        Type = "oneshot";
-        ExecStart = "${pkgs.rbw}/bin/rbw unlock";
-        Environment = "RBW_AGENT=${pkgs.rbw}/bin/rbw-agent";
-        # KillMode = "process" prevents systemd from killing the rbw-agent daemon
-        # when this oneshot service completes. The agent is spawned by rbw unlock
-        # and needs to persist after the service exits.
-        KillMode = "process";
-      };
-      Install = {
-        WantedBy = [ "graphical-session.target" ];
+
+      # rbw vault unlock on resume from suspend
+      rbw-unlock-on-resume = {
+        Unit = {
+          Description = "Unlock rbw vault after resume from suspend";
+          After = [ "suspend.target" ];
+        };
+        Service = {
+          Type = "oneshot";
+          ExecStart = "${pkgs.rbw}/bin/rbw unlock";
+          Environment = "RBW_AGENT=${pkgs.rbw}/bin/rbw-agent";
+          # KillMode = "process" prevents systemd from killing the rbw-agent daemon
+          # when this oneshot service completes. The agent is spawned by rbw unlock
+          # and needs to persist after the service exits.
+          KillMode = "process";
+        };
+        Install = {
+          WantedBy = [ "suspend.target" ];
+        };
       };
     };
 
-    systemd.user.services.rbw-unlock-on-resume = {
-      Unit = {
-        Description = "Unlock rbw vault after resume from suspend";
-        After = [ "suspend.target" ];
-      };
-      Service = {
-        Type = "oneshot";
-        ExecStart = "${pkgs.rbw}/bin/rbw unlock";
-        Environment = "RBW_AGENT=${pkgs.rbw}/bin/rbw-agent";
-        # KillMode = "process" prevents systemd from killing the rbw-agent daemon
-        # when this oneshot service completes. The agent is spawned by rbw unlock
-        # and needs to persist after the service exits.
-        KillMode = "process";
-      };
-      Install = {
-        WantedBy = [ "suspend.target" ];
-      };
-    };
-
-    # KDE environment variables for proper integration
-    home.sessionVariables = {
+    # Linux-only: KDE environment variables for proper integration
+    home.sessionVariables = mkIf isLinux {
       QT_QPA_PLATFORMTHEME = "kde";
       KDE_SESSION_VERSION = "6";
     };
 
     xdg = {
       enable = true;
-      
+
       # Ensure desktop files are made available for discovery
       desktopEntries = {};  # This creates the desktop files directory structure
-      
+
       mimeApps = {
         enable = true;
         associations.added = {
@@ -141,13 +149,14 @@ in
           "x-scheme-handler/https" = "firefox.desktop";
         };
         defaultApplications = {
-          # Web browsers
+          # Web browsers (cross-platform)
           "text/html" = "firefox.desktop";
           "x-scheme-handler/http" = "firefox.desktop";
           "x-scheme-handler/https" = "firefox.desktop";
           "x-scheme-handler/about" = "firefox.desktop";
           "x-scheme-handler/unknown" = "firefox.desktop";
-          
+        } // optionalAttrs isLinux {
+          # Linux-only: KDE application associations
           # Documents
           "application/pdf" = "okular.desktop";
           "text/plain" = "kate.desktop";
@@ -155,7 +164,7 @@ in
           "text/x-c" = "kate.desktop";
           "text/x-python" = "kate.desktop";
           "application/x-shellscript" = "kate.desktop";
-          
+
           # Images
           "image/png" = "gwenview.desktop";
           "image/jpeg" = "gwenview.desktop";
@@ -164,25 +173,25 @@ in
           "image/bmp" = "gwenview.desktop";
           "image/tiff" = "gwenview.desktop";
           "image/webp" = "gwenview.desktop";
-          
+
           # Archives
           "application/zip" = "ark.desktop";
           "application/x-tar" = "ark.desktop";
           "application/x-compressed-tar" = "ark.desktop";
           "application/x-7z-compressed" = "ark.desktop";
           "application/x-rar" = "ark.desktop";
-          
+
           # Audio
           "audio/mpeg" = "elisa.desktop";
           "audio/mp4" = "elisa.desktop";
           "audio/flac" = "elisa.desktop";
           "audio/ogg" = "elisa.desktop";
           "audio/wav" = "elisa.desktop";
-          
+
           # Email
           "message/rfc822" = "kmail.desktop";
           "x-scheme-handler/mailto" = "kmail.desktop";
-          
+
           # Calendar
           "text/calendar" = "korganizer.desktop";
           "application/x-vnd.akonadi.calendar.event" = "korganizer.desktop";
@@ -190,9 +199,11 @@ in
       };
     };
 
-    # Fix for KDE applications.menu file issue on Plasma 6
+    # Linux-only: Fix for KDE applications.menu file issue on Plasma 6
     # KDE still looks for applications.menu but Plasma 6 renamed it to plasma-applications.menu
-    xdg.configFile."menus/applications.menu".source = "${pkgs.kdePackages.plasma-workspace}/etc/xdg/menus/plasma-applications.menu";
+    xdg.configFile."menus/applications.menu" = mkIf isLinux {
+      source = "${pkgs.kdePackages.plasma-workspace}/etc/xdg/menus/plasma-applications.menu";
+    };
 
     # Note: modules must be imported at top-level home config
   };

home/roles/development/skills/gitea_pr_review.md

@@ -1,244 +0,0 @@
----
-description: Manage and respond to Gitea/Forgejo PR review comments
----
-
-# Gitea PR Review Comments
-
-This skill enables reading PR review comments and posting inline thread replies on Gitea/Forgejo instances.
-
-## Prerequisites
-
-- `tea` CLI configured with a Gitea/Forgejo instance
-- Access token from tea config: `~/.config/tea/config.yml`
-- Repository must be a Gitea/Forgejo remote (not GitHub)
-
-## Configuration
-
-Get the Gitea instance URL and token from tea config:
-
-```bash
-# Get the default login URL and token
-yq -r '.logins[] | select(.name == "default") | .url' ~/.config/tea/config.yml
-yq -r '.logins[] | select(.name == "default") | .token' ~/.config/tea/config.yml
-```
-
-Or if you have a specific login name:
-```bash
-yq -r '.logins[] | select(.name == "YOUR_LOGIN") | .url' ~/.config/tea/config.yml
-yq -r '.logins[] | select(.name == "YOUR_LOGIN") | .token' ~/.config/tea/config.yml
-```
-
-## Commands
-
-### 1. List PR Review Comments
-
-Fetch all reviews and their comments for a PR:
-
-```bash
-# Set environment variables
-GITEA_URL="https://git.johnogle.info"
-TOKEN="<your-token>"
-OWNER="<repo-owner>"
-REPO="<repo-name>"
-PR_NUMBER="<pr-number>"
-
-# Get all reviews for the PR
-curl -s -H "Authorization: token $TOKEN" \
-  "$GITEA_URL/api/v1/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews" | jq
-
-# Get comments for a specific review
-REVIEW_ID="<review-id>"
-curl -s -H "Authorization: token $TOKEN" \
-  "$GITEA_URL/api/v1/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews/$REVIEW_ID/comments" | jq
-```
-
-### 2. View All Review Comments (Combined)
-
-```bash
-# Get all reviews and their comments in one view
-curl -s -H "Authorization: token $TOKEN" \
-  "$GITEA_URL/api/v1/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews" | \
-  jq -r '.[] | "Review \(.id) by \(.user.login): \(.state)\n  Body: \(.body)"'
-
-# For each review, show inline comments
-for REVIEW_ID in $(curl -s -H "Authorization: token $TOKEN" \
-  "$GITEA_URL/api/v1/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews" | jq -r '.[].id'); do
-  echo "=== Review $REVIEW_ID comments ==="
-  curl -s -H "Authorization: token $TOKEN" \
-    "$GITEA_URL/api/v1/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews/$REVIEW_ID/comments" | \
-    jq -r '.[] | "[\(.path):\(.line)] \(.body)"'
-done
-```
-
-### 3. Reply to Review Comments (Web Endpoint Method)
-
-The Gitea REST API does not support replying to review comment threads. The web UI uses a different endpoint:
-
-```
-POST /{owner}/{repo}/pulls/{pr_number}/files/reviews/comments
-Content-Type: multipart/form-data
-```
-
-**Required form fields:**
-- `reply`: Review ID to reply to
-- `content`: The reply message
-- `path`: File path
-- `line`: Line number
-- `side`: `proposed` or `original`
-- `single_review`: `true`
-- `origin`: `timeline`
-- `_csrf`: CSRF token (required for web endpoint)
-
-**Authentication Challenge:**
-This endpoint requires session-based authentication, not API tokens. Options:
-
-#### Option A: Use Browser Session (Recommended)
-
-1. Log in to Gitea in your browser
-2. Open browser developer tools and copy cookies
-3. Use the session cookies with curl
-
-```bash
-# First, get CSRF token from the PR page
-CSRF=$(curl -s -c cookies.txt -b cookies.txt \
-  "$GITEA_URL/$OWNER/$REPO/pulls/$PR_NUMBER/files" | \
-  grep -oP 'name="_csrf" value="\K[^"]+')
-
-# Post the reply
-curl -s -b cookies.txt \
-  -F "reply=$REVIEW_ID" \
-  -F "content=Your reply message here" \
-  -F "path=$FILE_PATH" \
-  -F "line=$LINE_NUMBER" \
-  -F "side=proposed" \
-  -F "single_review=true" \
-  -F "origin=timeline" \
-  -F "_csrf=$CSRF" \
-  "$GITEA_URL/$OWNER/$REPO/pulls/$PR_NUMBER/files/reviews/comments"
-```
-
-#### Option B: Create Top-Level Comment (Fallback)
-
-If thread replies are not critical, use the API to create a top-level comment:
-
-```bash
-# Create a top-level comment mentioning the review context
-curl -s -X POST \
-  -H "Authorization: token $TOKEN" \
-  -H "Content-Type: application/json" \
-  -d "{\"body\": \"Re: @reviewer's comment on $FILE_PATH:$LINE_NUMBER\n\nYour reply here\"}" \
-  "$GITEA_URL/api/v1/repos/$OWNER/$REPO/issues/$PR_NUMBER/comments"
-```
-
-Or use tea CLI:
-```bash
-tea comment $PR_NUMBER "Re: @reviewer's comment on $FILE_PATH:$LINE_NUMBER
-
-Your reply here"
-```
-
-### 4. Submit a New Review
-
-Create a new review with inline comments:
-
-```bash
-curl -s -X POST \
-  -H "Authorization: token $TOKEN" \
-  -H "Content-Type: application/json" \
-  -d '{
-    "body": "Overall review comments",
-    "event": "COMMENT",
-    "comments": [
-      {
-        "path": "path/to/file.py",
-        "body": "Comment on this line",
-        "new_position": 10
-      }
-    ]
-  }' \
-  "$GITEA_URL/api/v1/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews"
-```
-
-Event types: `COMMENT`, `APPROVE`, `REQUEST_CHANGES`
-
-## Workflow Example
-
-### Reading and Responding to Reviews
-
-1. **Set up environment**:
-   ```bash
-   export GITEA_URL=$(yq -r '.logins[] | select(.name == "default") | .url' ~/.config/tea/config.yml)
-   export TOKEN=$(yq -r '.logins[] | select(.name == "default") | .token' ~/.config/tea/config.yml)
-   export OWNER="johno"
-   export REPO="nixos-configs"
-   export PR_NUMBER="5"
-   ```
-
-2. **List all pending review comments**:
-   ```bash
-   # Get reviews
-   curl -s -H "Authorization: token $TOKEN" \
-     "$GITEA_URL/api/v1/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews" | \
-     jq -r '.[] | select(.state == "REQUEST_CHANGES" or .state == "COMMENT") |
-       "Review \(.id) by \(.user.login) (\(.state)):\n\(.body)\n"'
-   ```
-
-3. **Get detailed comments for a review**:
-   ```bash
-   REVIEW_ID="2"
-   curl -s -H "Authorization: token $TOKEN" \
-     "$GITEA_URL/api/v1/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews/$REVIEW_ID/comments" | \
-     jq -r '.[] | "File: \(.path):\(.line)\nComment: \(.body)\nID: \(.id)\n---"'
-   ```
-
-4. **Respond using top-level comment** (most reliable):
-   ```bash
-   tea comment $PR_NUMBER "Addressing review feedback:
-
-   - File \`path/to/file.py\` line 10: Fixed the issue by...
-   - File \`other/file.py\` line 25: Updated as suggested..."
-   ```
-
-## API Reference
-
-### Endpoints
-
-| Action | Method | Endpoint |
-|--------|--------|----------|
-| List reviews | GET | `/api/v1/repos/{owner}/{repo}/pulls/{index}/reviews` |
-| Get review | GET | `/api/v1/repos/{owner}/{repo}/pulls/{index}/reviews/{id}` |
-| Get review comments | GET | `/api/v1/repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments` |
-| Create review | POST | `/api/v1/repos/{owner}/{repo}/pulls/{index}/reviews` |
-| Submit review | POST | `/api/v1/repos/{owner}/{repo}/pulls/{index}/reviews/{id}` |
-| Delete review | DELETE | `/api/v1/repos/{owner}/{repo}/pulls/{index}/reviews/{id}` |
-| Create issue comment | POST | `/api/v1/repos/{owner}/{repo}/issues/{index}/comments` |
-
-### Review States
-
-- `PENDING` - Draft review not yet submitted
-- `COMMENT` - General comment without approval/rejection
-- `APPROVE` - Approving the changes
-- `REQUEST_CHANGES` - Requesting changes before merge
-
-## Limitations
-
-1. **Thread replies**: The Gitea REST API does not support replying directly to review comment threads. This is a known limitation. Workarounds:
-   - Use top-level comments with context
-   - Use the web UI manually for thread replies
-   - Implement session-based authentication to use the web endpoint
-
-2. **CSRF tokens**: The web endpoint for thread replies requires CSRF tokens, which expire and need to be fetched from the page.
-
-3. **Session auth**: API tokens work for REST API but not for web endpoints that require session cookies.
-
-## Tips
-
-- Always quote file paths and line numbers when responding via top-level comments
-- Use `tea pr view $PR_NUMBER --comments` to see all comments
-- Use `tea open pulls/$PR_NUMBER` to open the PR in browser for manual thread replies
-- Consider using `tea pr approve $PR_NUMBER` after addressing all comments
-
-## See Also
-
-- Gitea API Documentation: https://docs.gitea.com/api/1.20/
-- `tea` CLI: https://gitea.com/gitea/tea

home/roles/email/default.nix

@@ -4,6 +4,7 @@ with lib;
 
 let
   cfg = config.home.roles.email;
+  isLinux = pkgs.stdenv.isLinux;
 in
 {
   options.home.roles.email = {
@@ -89,34 +90,38 @@ in
       account default : proton
     '';
 
-    # Systemd service for mail sync
-    systemd.user.services.mbsync = {
-      Unit = {
-        Description = "Mailbox synchronization service";
-        After = [ "network-online.target" ];
-        Wants = [ "network-online.target" ];
-      };
-      Service = {
-        Type = "oneshot";
-        ExecStart = "${pkgs.bash}/bin/bash -c 'mkdir -p ~/Mail && ${pkgs.isync}/bin/mbsync -a && (${pkgs.mu}/bin/mu info >/dev/null 2>&1 || ${pkgs.mu}/bin/mu init --maildir ~/Mail --personal-address=john@ogle.fyi) && ${pkgs.mu}/bin/mu index'";
-        Environment = "PATH=${pkgs.rbw}/bin:${pkgs.coreutils}/bin";
-        StandardOutput = "journal";
-        StandardError = "journal";
+    # Linux-only: Systemd service for mail sync (Darwin uses launchd instead)
+    systemd.user.services = mkIf isLinux {
+      mbsync = {
+        Unit = {
+          Description = "Mailbox synchronization service";
+          After = [ "network-online.target" ];
+          Wants = [ "network-online.target" ];
+        };
+        Service = {
+          Type = "oneshot";
+          ExecStart = "${pkgs.bash}/bin/bash -c 'mkdir -p ~/Mail && ${pkgs.isync}/bin/mbsync -a && (${pkgs.mu}/bin/mu info >/dev/null 2>&1 || ${pkgs.mu}/bin/mu init --maildir ~/Mail --personal-address=john@ogle.fyi) && ${pkgs.mu}/bin/mu index'";
+          Environment = "PATH=${pkgs.rbw}/bin:${pkgs.coreutils}/bin";
+          StandardOutput = "journal";
+          StandardError = "journal";
+        };
       };
     };
 
-    # Systemd timer for automatic sync
-    systemd.user.timers.mbsync = {
-      Unit = {
-        Description = "Mailbox synchronization timer";
-      };
-      Timer = {
-        OnBootSec = "2min";
-        OnUnitActiveSec = "5min";
-        Unit = "mbsync.service";
-      };
-      Install = {
-        WantedBy = [ "timers.target" ];
+    # Linux-only: Systemd timer for automatic sync
+    systemd.user.timers = mkIf isLinux {
+      mbsync = {
+        Unit = {
+          Description = "Mailbox synchronization timer";
+        };
+        Timer = {
+          OnBootSec = "2min";
+          OnUnitActiveSec = "5min";
+          Unit = "mbsync.service";
+        };
+        Install = {
+          WantedBy = [ "timers.target" ];
+        };
       };
     };
   };

home/roles/kdeconnect/default.nix

@@ -4,13 +4,15 @@ with lib;
 
 let
   cfg = config.home.roles.kdeconnect;
+  isLinux = pkgs.stdenv.isLinux;
 in
 {
   options.home.roles.kdeconnect = {
     enable = mkEnableOption "Enable KDE Connect for device integration";
   };
 
-  config = mkIf cfg.enable {
+  # KDE Connect services are Linux-only (requires D-Bus and systemd)
+  config = mkIf (cfg.enable && isLinux) {
     services.kdeconnect = {
       enable = true;
       indicator = true;

home/roles/sync/default.nix

@@ -4,6 +4,7 @@ with lib;
 
 let
   cfg = config.home.roles.sync;
+  isLinux = pkgs.stdenv.isLinux;
 in
 {
   options.home.roles.sync = {
@@ -11,9 +12,10 @@ in
   };
 
   config = mkIf cfg.enable {
-    home.packages = with pkgs; [
+    # Linux-only: syncthingtray requires system tray support
+    home.packages = optionals isLinux (with pkgs; [
       syncthingtray
-    ];
+    ]);
 
     services.syncthing = {
       enable = true;