Ask for permissions for webfetch.

Signed-off-by: jmug <u.g.a.mariano@gmail.com>

home-modules/lazygit.nix

@@ -2,7 +2,7 @@
   programs.lazygit = {
     enable = true;
     settings = {
-      git.commit.signOff = true;
+      # git.commit.signOff = true;
       git.autoFetch = false;
       git.autoRefresh = false;
       keybinding = {

home-modules/opencode-config.nix

@@ -5,12 +5,12 @@
       "$schema": "https://opencode.ai/config.json",
       "permission": {
         "edit": "ask",
+        "webfetch": "ask",
         "bash": {
           "git status": "allow",
           "git diff": "allow",
           "ls": "allow",
-          "pwd": "allow",
+          "pwd": "allow"
-          "*": "ask"
         }
       }
     }

hosts/macbook/configuration.nix

@@ -11,6 +11,8 @@
   sudo -u ${config.user.name} /System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u
   '';
 
+  power.sleep.display = 10;
+
   # Popups for special characters for some keys.
   system.defaults.NSGlobalDomain.ApplePressAndHoldEnabled = false;
 
@@ -37,9 +39,9 @@
       no_quarantine = true;
     };
 
-    taps = [];
     brews = [
       "raylib"
+      "watchman"
     ];
     casks = [
       "ghostty"
@@ -55,6 +57,7 @@
       "nrf-connect"
       "segger-jlink"
       "docker-desktop"
+      "whatsapp"
     ];
   };
 

hosts/macbook/home.nix

@@ -62,7 +62,12 @@ in {
       pkgs-unstable.vscode
 
       pkgs-unstable.go
+      pkgs-unstable.gopls
+      pkgs-unstable.gotools
       pkgs-unstable.bun
+      # Expo.
+      pkgs-unstable.nodejs_24
+      pkgs-unstable.eas-cli
     ];
 
     stateVersion = "24.11";
@@ -78,7 +83,12 @@ in {
 
       rshellconf = "source ${homeDirectory}/.zshrc";
       nrsw = "sudo darwin-rebuild switch --flake ${homeDirectory}/nixos#macbook";
-      opencode = "/Users/jmug/dev/opencode/dist-local/bin/opencode"; # Replace with the app.
+      opencode-local = "/Users/jmug/dev/opencode/dist-local/bin/opencode"; # Replace with the app.
     };
+
+    initContent = ''
+      export PATH=$PATH:$HOME/bin
+      export PATH=$PATH:$HOME/.opencode/bin
+    '';
   };
 }

modules/nixos/yubikey/default.nix

@@ -1,4 +1,48 @@
 # This module supports multiple YubiKey 4 and/or 5 devices as well as a single Yubico Security Key device. The limitation to a single Security Key is because they do not have serial numbers and therefore the scripts in this module cannot uniquely identify them. See options.yubikey.identifies.description below for information on how to add a 'mock' serial number for a single Security key. Additional context is available in Issue 14 https://github.com/EmergentMind/nix-config/issues/14
+#
+# LINUX ONLY: This module uses udev rules for hotplug detection which are not available on macOS.
+# For Darwin/macOS YubiKey support, consider these alternatives:
+#
+# 1. Launch Agents (Recommended):
+#    - Use nix-darwin's launchd.agents with StartInterval for polling
+#    - Monitor via `system_profiler SPUSBDataType | grep Yubico`
+#    - More reliable than manual scripts, integrates with macOS services
+#
+#    Example implementation:
+#    launchd.agents.yubikey-monitor = {
+#      enable = true;
+#      config = {
+#        ProgramArguments = [
+#          "${pkgs.bash}/bin/bash"
+#          "-c"
+#          "system_profiler SPUSBDataType | grep -q 'Yubico' && ${yubikey-up}/bin/yubikey-up || ${yubikey-down}/bin/yubikey-down"
+#        ];
+#        StartInterval = 5; # Check every 5 seconds
+#        RunAtLoad = true;
+#      };
+#    };
+#
+# 2. IOKit Notifications (Advanced):
+#    - Write daemon using IOKit's IOServiceAddMatchingNotification
+#    - Monitors USB device attach/detach events directly
+#    - Requires C/Swift code or Python with pyobjc
+#    - Most responsive but significantly more complex
+#
+# 3. Hybrid Approach:
+#    - Launch Agent for background monitoring
+#    - Manual shell aliases/functions for immediate response  
+#    - Login hooks via system.activationScripts.postUserActivation
+#
+#    Example login hook:
+#    system.activationScripts.postUserActivation.text = ''
+#      # Run yubikey detection on login
+#      if command -v ykman >/dev/null 2>&1; then
+#        ${yubikey-up}/bin/yubikey-up || true
+#      fi
+#    '';
+#
+# The Darwin configs currently only install yubico-authenticator via Homebrew
+# and lack the automatic SSH key management provided by this Linux module.
 {
   config,
   pkgs,