refactor(nix): promote remote-dev/ to nix/ with common/vm/host split

Restructures the Home-Manager profile to support both the Arch host and
the Ubuntu remote-dev VM from the same flake.

  - remote-dev/ → nix/ (hard rename; .chezmoiignore updated)
  - home.nix split into common.nix (shared), vm.nix (Mason runtime
    carve-outs + podman stack), host.nix (gpg scdaemon delegation to
    system pcscd)
  - flake.nix exposes homeConfigurations.{vm,host} via a mkProfile
    helper
  - rj alias in dot_zshrc updated to ~/.local/share/dotfiles/nix
  - bootstrap.sh / justfile updated to use #vm against the new path

The split is behaviour-preserving for the VM: vm.nix + common.nix
together carry the same package set as the previous home.nix.
host.nix is provisioned but not yet wired into bootstrap (phase p8).

Phase 1 of the nix-on-host migration plan.

1 files changed, 21 insertions, 0 deletions

diff --git a/nix/host.nix b/nix/host.nix
new file mode 100644
index 0000000..7d81ffe
--- /dev/null
+++ b/nix/host.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, lib, dotfilesRoot, ... }:
+
+# Arch host Home-Manager profile. Layered on top of `common.nix`; adds
+# only host-specific concerns that don't make sense on the VM.
+
+{
+  imports = [ ./common.nix ];
+
+  home.username = builtins.getEnv "USER";
+  home.homeDirectory = builtins.getEnv "HOME";
+
+  # ── Smartcard (Yubikey) ────────────────────────────────────────────────────
+  # Nix's gnupg ships its own scdaemon. Delegate to the system pcscd
+  # service instead of letting nix's scdaemon open the USB device
+  # directly (which would race with pcscd). `pcsclite` provides the
+  # shared library at the path below and stays in `meta/base.txt`.
+  home.file.".gnupg/scdaemon.conf".text = ''
+    disable-ccid
+    pcsc-driver /usr/lib/libpcsclite.so.1
+  '';
+}