Polish ringtail NixOS config and add documentation

Sway keybinding for wezterm, fish as default shell, remove
initialPassword, add 1Password/chezmoi/dev tool packages.
Add ringtail reference card and update host inventory.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docs/changelog.d/feature-ringtail-nixos.infra.md

@@ -0,0 +1 @@
+Polish ringtail NixOS config: sway keybinding, fish shell, 1Password, chezmoi, and dev tools. Add ringtail reference documentation.

docs/reference/infrastructure/hosts.md

@@ -1,6 +1,6 @@
 ---
 title: Hosts
-modified: 2026-02-10
+modified: 2026-02-18
 tags:
   - infrastructure
 ---
@@ -16,6 +16,7 @@ All devices connected via [Tailscale](https://login.tailscale.com/) tailnet `tai
 | **Indri** | Mac Mini M1, 2020 - Primary server | [[indri|Details]] |
 | **Gilbert** | MacBook Air M4, 2025 - Workstation | [[gilbert|Details]] |
 | **[[sifaka|Sifaka]]** | Synology NAS - Storage & backups | [[sifaka|Details]] |
+| **[[ringtail|Ringtail]]** | Custom PC, NixOS - Service host & gaming | [[ringtail|Details]] |
 | **Mouse** | MacBook Air M2 - Allison's laptop | - |
 | **UniFi** | UniFi Express 7 - Home WiFi | [[unifi|Details]] |
 | **Dwarf** | iPad Air - Employer-provided, off tailnet | - |

docs/reference/infrastructure/ringtail.md

@@ -0,0 +1,48 @@
+---
+title: Ringtail
+modified: 2026-02-18
+tags:
+  - infrastructure
+  - host
+---
+
+# Ringtail
+
+Service host and gaming PC. Custom-built PC running NixOS.
+
+## Specifications
+
+| Property | Value |
+|----------|-------|
+| **CPU** | AMD (desktop) |
+| **GPU** | NVIDIA RTX 4080 (16GB VRAM) |
+| **Storage** | NVMe (boot) + 3x SATA drives |
+| **OS** | NixOS 25.11 (Sway/Wayland) |
+| **Tailscale hostname** | `ringtail.tail8d86e.ts.net` |
+
+## Software
+
+Managed declaratively via `nixos/ringtail/configuration.nix`.
+
+- **Desktop:** Sway (Wayland compositor) with wezterm terminal
+- **Shell:** Fish (default login shell)
+- **Gaming:** Steam
+- **Dotfiles:** chezmoi (requires `.chezmoiignore` updates in dotfiles repo for Linux)
+- **Secrets:** 1Password CLI + GUI (CLI integration via desktop app biometric unlock)
+
+## Maintenance Notes
+
+**NixOS rebuild:** From the blumeops repo, run `mise run provision-ringtail` or on ringtail directly:
+
+```bash
+sudo nixos-rebuild switch --flake /etc/nixos#ringtail
+```
+
+**NVIDIA drivers:** Uses proprietary (closed-source) drivers. The `--unsupported-gpu` flag is passed to sway via greetd since sway officially only supports open-source drivers.
+
+**Chezmoi:** The dotfiles repo (`github.com/eblume/dotfiles`) is macOS-centric. A `.chezmoiignore` needs to be added to skip macOS-only files on Linux (Brewfile, macOS-specific PATH/SSH_AUTH_SOCK). This is tracked as a separate task outside blumeops.
+
+## Related
+
+- [[hosts]] - Device inventory
+- [[tailscale]] - Network configuration

docs/reference/reference.md

@@ -47,6 +47,7 @@ Host inventory and network configuration.
 
 - [[hosts|Hosts]] - Device inventory
 - [[indri]] - Primary server
+- [[ringtail]] - Service host & gaming PC
 - [[gilbert]] - Development workstation
 - [[tailscale]] - ACLs, groups, tags
 - [[gandi]] - DNS hosting for `eblu.me`

nixos/ringtail/configuration.nix

@@ -44,6 +44,10 @@
       grim # screenshots
       slurp # region selection
     ];
+    extraConfig = ''
+      set $term wezterm
+      bindsym $mod+Return exec $term
+    '';
   };
   security.polkit.enable = true;
   security.sudo.wheelNeedsPassword = false;
@@ -66,6 +70,9 @@
     pulse.enable = true;
   };
 
+  # Fish shell
+  programs.fish.enable = true;
+
   # Steam
   programs.steam = {
     enable = true;
@@ -90,7 +97,7 @@
   # User account
   users.users.eblume = {
     isNormalUser = true;
-    initialPassword = "changeme";
+    shell = pkgs.fish;
     extraGroups = [ "wheel" "networkmanager" "video" ];
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmh1SSCdDAyu3vkSQH7kAXEPDi8APyjo9JXDTjtha2j"
@@ -105,6 +112,18 @@
     htop
     curl
     wget
+    _1password-cli
+    _1password-gui
+    chezmoi
+    neovim
+    eza
+    fd
+    fzf
+    zoxide
+    starship
+    atuin
+    bat
+    ripgrep
   ];
 
   # Enable nix flakes