refactor: KISS cleanup — deduplicate shared config, merge thin files

- Extract fonts, fish.enable, openssh.enable to modules/shared/
- Centralize sshKeys in lib/ via specialArgs
- Merge nixos/base.nix + locale.nix into nixos/default.nix
- Merge home/theme.nix into home/default.nix
- Simplify homeManagerConfig, flake packages output
- Remove redundant vim/wget from NixOS system packages
- Update AGENTS.md to reflect new structure

AGENTS.md

@@ -13,11 +13,11 @@ flake.nix
 └── nixosConfigurations.wsl          (x86_64-linux)
 ```
 
-- `lib/default.nix` — builders: `mkDarwin`, `mkNixos`. All hosts get shared modules + home-manager + lazyvim-nix (as HM sharedModule). NixOS also gets `catppuccin.nixosModules.catppuccin`; home-manager imports `catppuccin.homeModules.catppuccin` directly in `home/default.nix`.
-- `modules/shared/` — both platforms: nixpkgs config, overlays, nix settings, Lix
-- `modules/darwin/` — macOS: system preferences, homebrew (casks/brews/masApps), fonts, fish shell, user
-- `modules/nixos/` — NixOS: base packages, docker, locale, user
-- `home/` — home-manager (shared across all hosts via `useGlobalPkgs`)
+- `lib/default.nix` — builders `mkDarwin`/`mkNixos`, shared `sshKeys` constant (passed via `specialArgs`), `homeManagerConfig` helper. NixOS also gets `catppuccin.nixosModules.catppuccin`.
+- `modules/shared/` — both platforms: nix/nixpkgs settings (Lix, overlays), fonts, `programs.fish.enable`, `services.openssh.enable`
+- `modules/darwin/` — macOS: system preferences, homebrew (casks/brews/masApps), 1Password CLI, user
+- `modules/nixos/` — NixOS: system packages, locale/timezone, docker, user
+- `home/` — home-manager (shared across all hosts via `useGlobalPkgs`), catppuccin theme
 - `hosts/*/` — per-host overrides (mac-mini: 24/7 server with sleep disabled; macbook-air: portable)
 - `overlays/` + `pkgs/` — custom packages (comment-checker)
 
@@ -59,7 +59,9 @@ cd ~/nix-config && sudo nixos-rebuild switch --flake .#wsl
 
 ## Critical gotchas
 
-- **Neovim uses lazyvim-nix**: `programs.lazyvim` in `home/dev/neovim.nix` manages neovim via the `lazyvim-nix` flake input. Catppuccin nvim integration is explicitly disabled (`catppuccin.nvim.enable = false`) because LazyVim manages its own colorscheme. Don't try to use `catppuccin.enable` for nvim or the old `programs.neovim.plugins` approach.
+- **Shared settings live in `modules/shared/`**: Fish, openssh, fonts, nix settings are enabled once in shared — don't re-declare in platform modules.
+- **SSH keys are centralized**: Defined as `sshKeys` in `lib/default.nix`, passed via `specialArgs`. Don't hardcode keys in platform modules.
+- **Neovim uses lazyvim-nix**: `programs.lazyvim` in `home/dev/neovim.nix` manages neovim via the `lazyvim-nix` flake input. Catppuccin nvim integration is explicitly disabled (`catppuccin.nvim.enable = false`) because LazyVim manages its own colorscheme. Don't use `catppuccin.enable` for nvim or the old `programs.neovim.plugins` approach.
 - **catppuccin module name**: Home-manager uses `catppuccin.homeModules.catppuccin` (imported in `home/default.nix`). NixOS uses `catppuccin.nixosModules.catppuccin` (in `lib/default.nix`). Don't use the old `homeManagerModules` name.
 - **Homebrew tap casks**: Casks from taps need full path (e.g. `"goooler/repo/fl-clash"`), not just the short name.
 - **`onActivation.cleanup = "zap"`**: Any brew formula/cask NOT declared in `modules/darwin/default.nix` WILL be removed on rebuild. Be comprehensive.

flake.nix

@@ -68,13 +68,18 @@
       };
 
       # ── Packages ────────────────────────────────────────
-      packages = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-linux" ] (system: {
-        comment-checker =
-          (import nixpkgs {
+      packages = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-linux" ] (
+        system:
+        let
+          pkgs = import nixpkgs {
             inherit system;
             overlays = [ self.overlays.default ];
-          }).comment-checker;
-      });
+          };
+        in
+        {
+          inherit (pkgs) comment-checker;
+        }
+      );
 
       # ── Overlays ───────────────────────────────────────
       overlays.default = import ./overlays;

home/default.nix

@@ -10,9 +10,13 @@
     inputs.catppuccin.homeModules.catppuccin
     ./shell
     ./dev
-    ./theme.nix
   ];
 
+  catppuccin = {
+    enable = true;
+    flavor = "mocha";
+  };
+
   home = {
     username = username;
     homeDirectory = if pkgs.stdenv.isDarwin then "/Users/${username}" else "/home/${username}";
@@ -20,42 +24,37 @@
   };
 
   # ── User-level packages ────────────────────────────
-  home.packages =
-    with pkgs;
-    [
-      # Modern CLI replacements
-      dust # du
-      duf # df
-      procs # ps
-      sd # sed
-      jq # JSON
-      yq # YAML
-      wget
+  home.packages = with pkgs; [
+    # Modern CLI replacements
+    dust # du
+    duf # df
+    procs # ps
+    sd # sed
+    jq # JSON
+    yq # YAML
+    wget
 
-      # System info
-      fastfetch
-      tealdeer # tldr
+    # System info
+    fastfetch
+    tealdeer # tldr
 
-      # File management
-      gomi
+    # File management
+    gomi
 
-      # Nix tools
-      nix-output-monitor # nom
-      nvd # nix version diff
-      nh # nix helper
-      just
+    # Nix tools
+    nix-output-monitor # nom
+    nvd # nix version diff
+    nh # nix helper
+    just
 
-      # Secrets management (WSL uses Windows op.exe via interop)
-    ]
-    ++ (with pkgs; [
-      # AI coding agent
-      opencode
-      comment-checker
+    # AI coding agent
+    opencode
+    comment-checker
 
-      # Misc
-      ffmpeg
-      pandoc
-    ]);
+    # Misc
+    ffmpeg
+    pandoc
+  ];
 
   # XDG directories
   xdg.enable = true;

home/theme.nix

@@ -1,8 +0,0 @@
-{ ... }:
-
-{
-  catppuccin = {
-    enable = true;
-    flavor = "mocha";
-  };
-}

lib/default.nix

@@ -3,27 +3,25 @@
 let
   inherit (inputs.nixpkgs) lib;
 
+  sshKeys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDRTOo48gzzRGT+bF9dzJCFJu61YgsQVONFtxU9kTPIg"
+  ];
+
   # Shared home-manager configuration block
-  homeManagerConfig =
-    {
-      username,
-      sharedModules ? [ ],
-    }:
-    {
-      home-manager = {
-        useGlobalPkgs = true;
-        useUserPackages = true;
-        backupFileExtension = "bak";
-        sharedModules = [
-          inputs.lazyvim.homeManagerModules.default
-        ]
-        ++ sharedModules;
-        extraSpecialArgs = {
-          inherit inputs username;
-        };
-        users.${username} = import ../home;
+  homeManagerConfig = username: {
+    home-manager = {
+      useGlobalPkgs = true;
+      useUserPackages = true;
+      backupFileExtension = "bak";
+      sharedModules = [
+        inputs.lazyvim.homeManagerModules.default
+      ];
+      extraSpecialArgs = {
+        inherit inputs username;
       };
+      users.${username} = import ../home;
     };
+  };
 in
 {
   # ── NixOS host builder ──────────────────────────────
@@ -37,14 +35,19 @@ in
     lib.nixosSystem {
       inherit system;
       specialArgs = {
-        inherit inputs hostname username;
+        inherit
+          inputs
+          hostname
+          username
+          sshKeys
+          ;
       };
       modules = [
         ../modules/shared
         ../modules/nixos
         inputs.home-manager.nixosModules.home-manager
         inputs.catppuccin.nixosModules.catppuccin
-        (homeManagerConfig { inherit username; })
+        (homeManagerConfig username)
         { networking.hostName = hostname; }
       ]
       ++ extraModules;
@@ -61,13 +64,18 @@ in
     inputs.nix-darwin.lib.darwinSystem {
       inherit system;
       specialArgs = {
-        inherit inputs hostname username;
+        inherit
+          inputs
+          hostname
+          username
+          sshKeys
+          ;
       };
       modules = [
         ../modules/shared
         ../modules/darwin
         inputs.home-manager.darwinModules.home-manager
-        (homeManagerConfig { inherit username; })
+        (homeManagerConfig username)
         { networking.hostName = hostname; }
       ]
       ++ extraModules;

modules/darwin/default.nix

@@ -1,35 +1,26 @@
-{ pkgs, username, ... }:
+{
+  pkgs,
+  username,
+  sshKeys,
+  ...
+}:
 
 {
   # ── Primary user (required by nix-darwin) ──────────
   system.primaryUser = username;
 
-  # ── Shell ──────────────────────────────────────────
-  programs.fish.enable = true;
-
   # ── 1Password CLI ───────────────────────────────────
   programs._1password.enable = true;
 
-  # ── SSH ───────────────────────────────────────────
-  services.openssh.enable = true;
-
   # ── User ───────────────────────────────────────────
   users.knownUsers = [ username ];
   users.users.${username} = {
     home = "/Users/${username}";
     shell = pkgs.fish;
     uid = 501;
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDRTOo48gzzRGT+bF9dzJCFJu61YgsQVONFtxU9kTPIg"
-    ];
+    openssh.authorizedKeys.keys = sshKeys;
   };
 
-  # ── Fonts ──────────────────────────────────────────
-  fonts.packages = with pkgs; [
-    maple-mono.NF-CN-unhinted
-    nerd-fonts.symbols-only
-  ];
-
   # ── macOS system preferences ───────────────────────
   system.defaults = {
     LaunchServices.LSQuarantine = false;
@@ -65,7 +56,7 @@
     ];
 
     brews = [
-      "mole" # broken in nixpkgs
+      "mole"
     ];
 
     # GUI apps

modules/nixos/base.nix

@@ -1,19 +0,0 @@
-{ pkgs, ... }:
-
-{
-  # ── System-essential packages ──────────────────────
-  # User-level tools live in home-manager (home/)
-  environment.systemPackages = with pkgs; [
-    curl
-    git
-    ghostty.terminfo
-    vim
-    wget
-  ];
-
-  # ── Fonts ──────────────────────────────────────────
-  fonts.packages = with pkgs; [
-    maple-mono.NF-CN-unhinted
-    nerd-fonts.symbols-only
-  ];
-}

modules/nixos/default.nix

@@ -1,26 +1,35 @@
-{ pkgs, username, ... }:
+{
+  pkgs,
+  username,
+  sshKeys,
+  ...
+}:
 
 {
   imports = [
-    ./base.nix
     ./docker.nix
-    ./locale.nix
   ];
 
-  # ── Default shell ──────────────────────────────────
-  programs.fish.enable = true;
+  # ── System-essential packages ──────────────────────
+  environment.systemPackages = with pkgs; [
+    curl
+    git
+    ghostty.terminfo
+  ];
 
-  # ── SSH ──────────────────────────────────────────
-  services.openssh.enable = true;
+  # ── Locale / Timezone ──────────────────────────────
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+    supportedLocales = [ "en_US.UTF-8/UTF-8" ];
+  };
+  time.timeZone = "Asia/Shanghai";
 
   # ── Default user ───────────────────────────────────
   users.users.${username} = {
     isNormalUser = true;
     shell = pkgs.fish;
     extraGroups = [ "wheel" ];
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDRTOo48gzzRGT+bF9dzJCFJu61YgsQVONFtxU9kTPIg"
-    ];
+    openssh.authorizedKeys.keys = sshKeys;
   };
 
   # ── sudo ───────────────────────────────────────────

modules/nixos/docker.nix

@@ -8,8 +8,4 @@
   environment.systemPackages = with pkgs; [
     docker-compose
   ];
-
-  # WSL 环境下如使用 Docker Desktop，可改为：
-  #   wsl.docker-desktop.enable = true;
-  # 并将上面的 virtualisation.docker.enable 设为 false
 }

modules/nixos/locale.nix

@@ -1,10 +0,0 @@
-{ ... }:
-
-{
-  i18n = {
-    defaultLocale = "en_US.UTF-8";
-    supportedLocales = [ "en_US.UTF-8/UTF-8" ];
-  };
-
-  time.timeZone = "Asia/Shanghai";
-}

modules/shared/default.nix

@@ -1,3 +1,9 @@
 {
-  imports = [ ./nix.nix ];
+  imports = [
+    ./fonts.nix
+    ./nix.nix
+  ];
+
+  programs.fish.enable = true;
+  services.openssh.enable = true;
 }

modules/shared/fonts.nix

@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+
+{
+  fonts.packages = with pkgs; [
+    maple-mono.NF-CN-unhinted
+    nerd-fonts.symbols-only
+  ];
+}