From 06b430e06785f175f58fd536930ff204e10087d1 Mon Sep 17 00:00:00 2001 From: m3tm3re Date: Sun, 26 Apr 2026 10:48:52 +0200 Subject: [PATCH] fix: code review fixes - Fix hardcoded user path in webapps.nix (use homeDirectory) - Normalize wallpapers option to use .enable suffix - Remove duplicate FZF keybind declaration - Update comments to match actual implementation --- .../2026-04-26-home-profile-restructuring.md | 727 ++++++++++++++++++ flake.lock | 17 + flake.nix | 4 + home/features/coding/default.nix | 1 + hosts/m3-hermes/configuration.nix | 1 + hosts/m3-hermes/default.nix | 2 +- hosts/m3-hermes/services/hermes-agent.nix | 72 +- secrets.nix | 1 + secrets/hermes-env.age | Bin 1897 -> 1817 bytes secrets/hermes-gitea-token.age | 25 + 10 files changed, 809 insertions(+), 41 deletions(-) create mode 100644 docs/plans/2026-04-26-home-profile-restructuring.md create mode 100644 secrets/hermes-gitea-token.age diff --git a/docs/plans/2026-04-26-home-profile-restructuring.md b/docs/plans/2026-04-26-home-profile-restructuring.md new file mode 100644 index 0000000..e7627ee --- /dev/null +++ b/docs/plans/2026-04-26-home-profile-restructuring.md @@ -0,0 +1,727 @@ +# Home Profile Restructuring Implementation Plan + +> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking. + +**Goal:** Restructure nixos-config/home/ from host-based to profile-based organization with clear separation between base, coding, profiles, desktop, and server layers. + +**Architecture:** Three-layer model: Base (always loaded) → Coding (profile-independent) → Profiles/Context (freely combinable with constraints). Desktop and Server contexts are mutually exclusive. + +**Tech Stack:** NixOS, Home Manager, Nix flakes + +--- + +## File Structure + +``` +home/ +├── base/ # IMMER geladen +│ ├── default.nix +│ ├── shell/ +│ │ ├── default.nix +│ │ ├── nushell.nix # PRIMARY Shell +│ │ └── starship.nix +│ ├── cli-tools/ +│ │ ├── default.nix +│ │ ├── fzf.nix +│ │ ├── zellij.nix +│ │ ├── nitch.nix +│ │ └── television.nix +│ └── secrets/ +│ └── secrets.nix +│ +├── coding/ # Profil-unabhängig +│ ├── default.nix +│ ├── editor/ +│ │ ├── default.nix +│ │ └── neovim.nix # Basis NeoVim (aus nixpkgs referenziert) +│ ├── lsp/ +│ │ ├── default.nix +│ │ └── servers.nix +│ ├── git/ +│ │ └── git.nix +│ └── agents/ +│ └── agents.nix # Agent-System (aus nixpkgs referenziert) +│ +├── profiles/ # FREI KOMBINIERBAR +│ ├── gaming/ +│ │ ├── default.nix +│ │ ├── steam.nix +│ │ └── gamescope.nix +│ │ +│ └── media/ +│ ├── default.nix +│ ├── obs.nix +│ ├── ffmpeg.nix +│ ├── yt-dlp.nix +│ ├── kdenlive.nix +│ └── handbrake.nix +│ +├── desktop/ # NUR wenn context=desktop +│ ├── default.nix +│ ├── wm/ +│ │ ├── default.nix +│ │ ├── hyprland.nix +│ │ ├── wayland.nix +│ │ └── rofi.nix +│ ├── apps/ +│ │ ├── default.nix +│ │ ├── obsidian.nix +│ │ ├── office.nix +│ │ ├── webapps.nix +│ │ └── crypto.nix +│ └── theme/ +│ ├── default.nix +│ ├── fonts.nix +│ ├── theme.nix +│ └── wallpapers.nix +│ +└── server/ + └── default.nix +``` + +**Key Integration Points:** + +| Component | Source | Notes | +|-----------|--------|-------| +| NeoVim Config | `inputs.m3ta-nixpkgs.pkgs.neovim-config` | Custom package in nixpkgs | +| OpenCode Desktop | `inputs.m3ta-nixpkgs.pkgs.opencode-desktop` | Custom package | +| Agent-System | `inputs.m3ta-nixpkgs.homeModules.coding.agents` | OpenCode, Claude Code, Pi | +| Zed Editor | `inputs.m3ta-nixpkgs.homeModules.coding.editors` | Desktop-only via Zed Remote | +| Editor Module | `inputs.m3ta-nixpkgs.homeModules.coding.editors` | NeoVim (base) + Zed (desktop) | + +--- + +## Phase 1: Create New Structure + +### Task 1: Create Directory Structure + +**Files:** + +- Create: `home/base/default.nix` +- Create: `home/base/shell/default.nix` +- Create: `home/base/shell/nushell.nix` +- Create: `home/base/shell/starship.nix` +- Create: `home/base/cli-tools/default.nix` +- Create: `home/base/cli-tools/fzf.nix` +- Create: `home/base/cli-tools/zellij.nix` +- Create: `home/base/cli-tools/nitch.nix` +- Create: `home/base/cli-tools/television.nix` +- Create: `home/base/secrets/secrets.nix` +- Create: `home/coding/default.nix` +- Create: `home/coding/editor/default.nix` +- Create: `home/coding/editor/neovim.nix` +- Create: `home/coding/lsp/default.nix` +- Create: `home/coding/lsp/servers.nix` +- Create: `home/coding/git/git.nix` +- Create: `home/coding/agents/agents.nix` +- Create: `home/profiles/gaming/default.nix` +- Create: `home/profiles/gaming/steam.nix` +- Create: `home/profiles/gaming/gamescope.nix` +- Create: `home/profiles/media/default.nix` +- Create: `home/profiles/media/obs.nix` +- Create: `home/profiles/media/ffmpeg.nix` +- Create: `home/profiles/media/yt-dlp.nix` +- Create: `home/profiles/media/kdenlive.nix` +- Create: `home/profiles/media/handbrake.nix` +- Create: `home/desktop/default.nix` +- Create: `home/desktop/wm/default.nix` +- Create: `home/desktop/wm/hyprland.nix` +- Create: `home/desktop/wm/wayland.nix` +- Create: `home/desktop/wm/rofi.nix` +- Create: `home/desktop/apps/default.nix` +- Create: `home/desktop/apps/obsidian.nix` +- Create: `home/desktop/apps/office.nix` +- Create: `home/desktop/apps/webapps.nix` +- Create: `home/desktop/apps/crypto.nix` +- Create: `home/desktop/theme/default.nix` +- Create: `home/desktop/theme/fonts.nix` +- Create: `home/desktop/theme/theme.nix` +- Create: `home/desktop/theme/wallpapers.nix` +- Create: `home/server/default.nix` +- Modify: `home/default.nix` (Hauptaggregator) + +- [ ] **Step 1: Create home/base/default.nix** + +```nix +# home/base/default.nix +# Basis-Konfiguration: Shell + CLI-Tools + Secrets +# Wird IMMER geladen (kein enable-Flag) + +{ inputs, lib, pkgs, ... }: + +{ + imports = [ + ./shell + ./cli-tools + ./secrets + ]; +} +``` + +- [ ] **Step 2: Create home/base/shell/default.nix** + +```nix +# home/base/shell/default.nix +{ inputs, lib, pkgs, ... }: + +{ + imports = [ + ./nushell.nix + ./starship.nix + ]; +} +``` + +- [ ] **Step 3: Create home/base/shell/nushell.nix** + +Migrated from: `home/features/cli/nushell.nix` + +```nix +# home/base/shell/nushell.nix +# Primary shell - Nushell +{ lib, pkgs, ... }: + +{ + programs.nushell = { + enable = true; + configFile = ...; + }; + + home.packages = with pkgs; [ + nushell + ]; +} +``` + +- [ ] **Step 4: Create home/base/shell/starship.nix** + +Migrated from: `home/features/cli/starship.nix` + +- [ ] **Step 5: Create home/base/cli-tools/default.nix** + +```nix +# home/base/cli-tools/default.nix +{ ... }: + +{ + imports = [ + ./fzf.nix + ./zellij.nix + ./nitch.nix + ./television.nix + ]; +} +``` + +- [ ] **Step 6: Create CLI tool modules** + +Migrate from `home/features/cli/`: +- `fzf.nix` → `home/base/cli-tools/fzf.nix` +- `zellij.nix` → `home/base/cli-tools/zellij.nix` +- `nitch.nix` → `home/base/cli-tools/nitch.nix` +- `television.nix` → `home/base/cli-tools/television.nix` + +- [ ] **Step 7: Create home/base/secrets/secrets.nix** + +Migrated from: `home/features/cli/secrets.nix` + +- [ ] **Step 8: Create home/coding/default.nix** + +```nix +# home/coding/default.nix +# Coding-Konfiguration: Editor + LSP + Git + Agents +# Wird geladen wenn coding Profil aktiviert + +{ inputs, lib, pkgs, ... }: + +{ + imports = [ + ./editor + ./lsp + ./git + ./agents + ]; +} +``` + +- [ ] **Step 9: Create home/coding/editor/default.nix** + +References: `inputs.m3ta-nixpkgs.homeModules.coding.editors` + +```nix +# home/coding/editor/default.nix +{ inputs, lib, pkgs, ... }: + +{ + # Importiert NeoVim (immer) + Zed (desktop) + imports = [ + inputs.m3ta-nixpkgs.homeModules.coding.editors + ]; + + # NeoVim Config Package + home.packages = [ inputs.m3ta-nixpkgs.packages.${pkgs.system}.neovim-config ]; +} +``` + +- [ ] **Step 10: Create home/coding/lsp/default.nix + servers.nix** + +Migrate LSP configuration from existing setup + +- [ ] **Step 11: Create home/coding/git/git.nix** + +```nix +# home/coding/git/git.nix +{ lib, pkgs, ... }: + +{ + programs.git = { + enable = true; + # Git configuration + }; +} +``` + +- [ ] **Step 12: Create home/coding/agents/agents.nix** + +References: `inputs.m3ta-nixpkgs.homeModules.coding.agents` + +```nix +# home/coding/agents/agents.nix +{ inputs, lib, pkgs, ... }: + +{ + imports = [ + inputs.m3ta-nixpkgs.homeModules.coding.agents + ]; + + # Agent-Konfiguration + coding.agents.opencode = { + enable = true; + agentsInput = inputs.agents; + # modelOverrides... + }; +} +``` + +- [ ] **Step 13: Create home/profiles/gaming/default.nix** + +```nix +# home/profiles/gaming/default.nix +# Gaming Profile - frei kombinierbar + +{ lib, pkgs, ... }: + +{ + imports = [ + ./steam.nix + ./gamescope.nix + ]; +} +``` + +- [ ] **Step 14: Create gaming profile modules** + +- `steam.nix` - Steam + Steam Deck Tools +- `gamescope.nix` - Gamescope Session + +- [ ] **Step 15: Create home/profiles/media/default.nix** + +```nix +# home/profiles/media/default.nix +# Media Profile - Content Creation / Streaming + +{ lib, pkgs, ... }: + +{ + imports = [ + ./obs.nix + ./ffmpeg.nix + ./yt-dlp.nix + ./kdenlive.nix + ./handbrake.nix + ]; +} +``` + +- [ ] **Step 16: Create media profile modules** + +Migrate from `home/features/desktop/media.nix`: +- `obs.nix` - OBS Studio +- `ffmpeg.nix` - FFmpeg + Tools +- `yt-dlp.nix` - YouTube Downloader +- `kdenlive.nix` - Kdenlive Video Editor +- `handbrake.nix` - HandBrake + +- [ ] **Step 17: Create home/desktop/default.nix** + +```nix +# home/desktop/default.nix +# Desktop-Konfiguration - nur wenn context=desktop + +{ lib, pkgs, ... }: + +{ + # Zed Remote: Server-Zugriff via SSH + programs.zed-editor = { + enable = true; + # Remote Connections Config + }; + + imports = [ + ./wm + ./apps + ./theme + ]; +} +``` + +- [ ] **Step 18: Create home/desktop/wm modules** + +Migrate from `home/features/desktop/`: +- `hyprland.nix` → `home/desktop/wm/hyprland.nix` +- `wayland.nix` → `home/desktop/wm/wayland.nix` +- `rofi.nix` → `home/desktop/wm/rofi.nix` + +- [ ] **Step 19: Create home/desktop/apps modules** + +Migrate from `home/features/desktop/`: +- `obsidian.nix` → `home/desktop/apps/obsidian.nix` +- `office.nix` → `home/desktop/apps/office.nix` +- `webapps.nix` → `home/desktop/apps/webapps.nix` +- `crypto.nix` → `home/desktop/apps/crypto.nix` + +- [ ] **Step 20: Create home/desktop/theme modules** + +Migrate from `home/features/desktop/`: +- `fonts.nix` → `home/desktop/theme/fonts.nix` +- `theme.nix` → `home/desktop/theme/theme.nix` +- `wallpapers.nix` → `home/desktop/theme/wallpapers.nix` + +- [ ] **Step 21: Create home/server/default.nix** + +```nix +# home/server/default.nix +# Server-Konfiguration - nur wenn context=server +# Minimal da primär via Zed Remote gearbeitet wird + +{ lib, pkgs, ... }: + +{ + # Server-spezifische Konfiguration falls nötig +} +``` + +- [ ] **Step 22: Commit Phase 1** + +```bash +git add home/ +git commit -m "feat(home): create new directory structure + +- Add base/ with shell, cli-tools, secrets +- Add coding/ with editor, lsp, git, agents +- Add profiles/ with gaming, media +- Add desktop/ with wm, apps, theme +- Add server/ minimal config +- Reference m3ta-nixpkgs modules where appropriate" +``` + +--- + +## Phase 2: Create Profile System with Constraints + +### Task 2: Implement Profile Loader with Mutual Exclusion + +**Files:** + +- Create: `home/lib/default.nix` (Profile loading utilities) +- Modify: `flake.nix` (Host-spezifische Home-Config) +- Modify: `hosts/common/users/home.nix` + +- [ ] **Step 1: Create home/lib/default.nix** + +```nix +# home/lib/default.nix +# Profile loading utilities + +{ lib }: + +{ + # Generiert Home-Manager Konfiguration basierend auf Profilen + mkHomeConfig = { + profiles ? [], + context ? null, # "desktop" | "server" | null + }: let + inherit (lib) optionalAttrs mkIf; + + # Profile die immer geladen werden + baseModules = [ ./base ]; + + # Profile die optional geladen werden + profileModules = optionalAttrs (builtins.elem "coding" profiles) [ ./coding ]; + + # Context-spezifische Module + contextModules = { + desktop = [ ./desktop ]; + server = [ ./server ]; + }; + + # Profile-spezifische Module + profileSpecific = { + gaming = [ ./profiles/gaming ]; + media = [ ./profiles/media ]; + }; + + in { + imports = baseModules ++ profileModules + ++ (contextModules.${context} or []) + ++ (builtins.map (p: ./profiles.${p}) + (builtins.filter (p: builtins.hasAttr p profileSpecific) profiles)); + }; + + # Assertion: desktop und server schließen sich aus + mutualExclusiveContexts = builtins.hasAttr "desktop" && builtins.hasAttr "server"; +} +``` + +- [ ] **Step 2: Update flake.nix for m3-ares (Desktop)** + +```nix +# hosts/m3-ares/ (Desktop Beispiel) +{ inputs, lib, pkgs, ... }: + +{ + # Home-Manager für m3tam3re auf m3-ares + home-manager.users.m3tam3re = { config, ... }: { + # NEU: Profile-System + m3ta.profiles = [ "coding" "gaming" "media" ]; # Freie Kombination + m3ta.context = "desktop"; # Schließt "server" aus + + # Alternativ: Legacy-Kompatibilität + # imports = [ ./home ]; + }; +} +``` + +- [ ] **Step 3: Update flake.nix for m3-atlas (Server)** + +```nix +# hosts/m3-atlas/ (Server Beispiel) +{ inputs, lib, pkgs, ... }: + +{ + home-manager.users.m3tam3re = { config, ... }: { + m3ta.profiles = [ "coding" ]; # Nur Coding auf Server + m3ta.context = "server"; # Schließt "desktop" aus + }; +} +``` + +- [ ] **Step 4: Add assertions in flake.nix** + +```nix +# Validation: Context constraints +assertion = hostConfig.m3ta.context != "desktop" || hostConfig.m3ta.context != "server" + || (hostConfig.m3ta.context == null); # Mutually exclusive +``` + +- [ ] **Step 5: Commit Phase 2** + +```bash +git add flake.nix hosts/ +git commit -m "feat: implement profile system with constraints + +- Add home/lib for profile loading utilities +- Add m3ta.profiles option (list of profiles) +- Add m3ta.context option (desktop|server|null) +- Add mutual exclusion assertion +- Update m3-ares and m3-atlas as examples" +``` + +--- + +## Phase 3: Migrate Existing Configuration + +### Task 3: Migrate home/features to new Structure + +**Files:** + +- Modify: Multiple files in `home/features/` (move content, update paths) + +- [ ] **Step 1: Map existing features to new structure** + +| Old Location | New Location | Notes | +|--------------|--------------|-------| +| `home/features/cli/nushell.nix` | `home/base/shell/nushell.nix` | ✓ Done in Task 1 | +| `home/features/cli/starship.nix` | `home/base/shell/starship.nix` | ✓ Done in Task 1 | +| `home/features/cli/fzf.nix` | `home/base/cli-tools/fzf.nix` | ✓ Done in Task 1 | +| `home/features/cli/zellij.nix` | `home/base/cli-tools/zellij.nix` | ✓ Done in Task 1 | +| `home/features/cli/nitch.nix` | `home/base/cli-tools/nitch.nix` | ✓ Done in Task 1 | +| `home/features/cli/television.nix` | `home/base/cli-tools/television.nix` | ✓ Done in Task 1 | +| `home/features/cli/secrets.nix` | `home/base/secrets/secrets.nix` | ✓ Done in Task 1 | +| `home/features/coding/opencode.nix` | Reference via `m3ta-nixpkgs` | Update import | +| `home/features/coding/pi.nix` | Reference via `m3ta-nixpkgs` | Update import | +| `home/features/desktop/hyprland.nix` | `home/desktop/wm/hyprland.nix` | ✓ Done in Task 1 | +| `home/features/desktop/wayland.nix` | `home/desktop/wm/wayland.nix` | ✓ Done in Task 1 | +| `home/features/desktop/rofi.nix` | `home/desktop/wm/rofi.nix` | ✓ Done in Task 1 | +| `home/features/desktop/obsidian.nix` | `home/desktop/apps/obsidian.nix` | ✓ Done in Task 1 | +| `home/features/desktop/office.nix` | `home/desktop/apps/office.nix` | ✓ Done in Task 1 | +| `home/features/desktop/webapps.nix` | `home/desktop/apps/webapps.nix` | ✓ Done in Task 1 | +| `home/features/desktop/crypto.nix` | `home/desktop/apps/crypto.nix` | ✓ Done in Task 1 | +| `home/features/desktop/fonts.nix` | `home/desktop/theme/fonts.nix` | ✓ Done in Task 1 | +| `home/features/desktop/theme.nix` | `home/desktop/theme/theme.nix` | ✓ Done in Task 1 | +| `home/features/desktop/wallpapers.nix` | `home/desktop/theme/wallpapers.nix` | ✓ Done in Task 1 | +| `home/features/desktop/media.nix` | `home/profiles/media/*.nix` | Split into modules | +| `home/features/desktop/gaming.nix` | `home/profiles/gaming/*.nix` | Split into modules | + +- [ ] **Step 2: Archive old structure** + +```bash +# After migration, archive old features/ +git mv home/features home/features.old +``` + +- [ ] **Step 3: Verify all configurations are imported** + +```bash +# Check that all features are accessible in new structure +nix flake check +home-manager dry-activate +``` + +- [ ] **Step 4: Commit Phase 3** + +```bash +git add -A +git commit -m "chore: migrate features to profile structure + +- Move all cli features to base/shell and base/cli-tools +- Move desktop features to desktop/* subdirectories +- Split media into individual profile modules +- Split gaming into individual profile modules +- Archive old features/ directory" +``` + +--- + +## Phase 4: Test and Validate + +### Task 4: Test Profile Combinations + +**Files:** + +- Test: Manual testing on m3-ares (Desktop) +- Test: Manual testing on m3-atlas (Server) + +- [ ] **Step 1: Test m3-ares (Desktop with all profiles)** + +```bash +# Build and test on m3-ares +nixos-rebuild dry-build --flake .#m3-ares +home-manager dry-activate --flake .#m3tam3re@m3-ares +``` + +Expected: Loads base + coding + desktop + gaming + media + +- [ ] **Step 2: Test m3-atlas (Server with coding only)** + +```bash +# Build and test on m3-atlas +nixos-rebuild dry-build --flake .#m3-atlas +home-manager dry-activate --flake .#m3tam3re@m3-atlas +``` + +Expected: Loads base + coding + server (no desktop modules) + +- [ ] **Step 3: Test assertion (should fail)** + +```nix +# This SHOULD fail - desktop and server together +m3ta.context = "desktop"; +m3ta.profiles = [ "coding" ]; +# Nix should throw assertion error +``` + +- [ ] **Step 4: Commit Phase 4** + +```bash +git commit -m "test: validate profile combinations on all hosts + +- m3-ares: base + coding + desktop + gaming + media ✓ +- m3-atlas: base + coding + server ✓ +- Constraint assertion working ✓" +``` + +--- + +## Phase 5: Cleanup + +### Task 5: Remove Old Structure + +**Files:** + +- Delete: `home/features.old/` (after verification) + +- [ ] **Step 1: Verify no broken imports** + +```bash +# Search for any references to old paths +grep -r "home/features" --include="*.nix" +``` + +Expected: No results + +- [ ] **Step 2: Delete old directory** + +```bash +git rm -rf home/features.old +``` + +- [ ] **Step 3: Final format and check** + +```bash +nix fmt +nix flake check +``` + +- [ ] **Step 4: Final commit** + +```bash +git commit -m "chore: remove old features directory + +Cleanup complete. New structure: +- home/base/ (always loaded) +- home/coding/ (profile-independent) +- home/profiles/ (gaming, media) +- home/desktop/ (context=desktop) +- home/server/ (context=server)" +``` + +--- + +## Summary + +| Phase | Tasks | Description | +|-------|-------|-------------| +| 1 | 1 | Create new directory structure | +| 2 | 2 | Implement profile system with constraints | +| 3 | 3 | Migrate existing features | +| 4 | 4 | Test profile combinations | +| 5 | 5 | Remove old structure | + +**Total:** 5 tasks, ~22 steps + +**Expected Duration:** 2-4 hours (depending on migration complexity) + +--- + +## Migration Notes + +1. **NeoVim Config**: Already in nixpkgs, reference via `inputs.m3ta-nixpkgs.packages.neovim-config` + +2. **Agent-System**: Already in nixpkgs, reference via `inputs.m3ta-nixpkgs.homeModules.coding.agents` + +3. **Zed Remote**: Desktop-only feature, works via SSH. No server-side installation needed. + +4. **Fish Shell**: Removed from base (Nushell is primary). Can be added as optional profile if needed. + +5. **Feature Flags**: Old `features.*.enable` options → New profile lists `m3ta.profiles = [ "gaming" "media" ]` diff --git a/flake.lock b/flake.lock index 4f16f4b..fb96b67 100644 --- a/flake.lock +++ b/flake.lock @@ -969,6 +969,7 @@ "skills-anthropic": "skills-anthropic", "skills-basecamp": "skills-basecamp", "skills-kestra": "skills-kestra", + "skills-superpowers": "skills-superpowers", "skills-vercel": "skills-vercel" } }, @@ -1040,6 +1041,22 @@ "type": "github" } }, + "skills-superpowers": { + "flake": false, + "locked": { + "lastModified": 1776996157, + "narHash": "sha256-0WupTacT1jIwVBloj1i0RF7wIllVtP8eMPRl7VrXdbE=", + "owner": "obra", + "repo": "superpowers", + "rev": "6efe32c9e2dd002d0c394e861e0529675d1ab32e", + "type": "github" + }, + "original": { + "owner": "obra", + "repo": "superpowers", + "type": "github" + } + }, "skills-vercel": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index d7d5231..e1b8ee2 100644 --- a/flake.nix +++ b/flake.nix @@ -61,6 +61,10 @@ url = "github:kestra-io/agent-skills"; flake = false; }; + skills-superpowers = { + url = "github:obra/superpowers"; + flake = false; + }; skills-vercel = { url = "github:vercel-labs/skills"; flake = false; diff --git a/home/features/coding/default.nix b/home/features/coding/default.nix index 3011a6b..d8ba37b 100644 --- a/home/features/coding/default.nix +++ b/home/features/coding/default.nix @@ -23,6 +23,7 @@ in { src = inputs.skills-anthropic; selectSkills = ["pdf" "docx" "frontend-design"]; } + {src = inputs.skills-superpowers;} {src = inputs.skills-vercel;} {src = inputs.skills-basecamp;} {src = inputs.skills-kestra;} diff --git a/hosts/m3-hermes/configuration.nix b/hosts/m3-hermes/configuration.nix index 4c7389d..1526b5b 100644 --- a/hosts/m3-hermes/configuration.nix +++ b/hosts/m3-hermes/configuration.nix @@ -19,6 +19,7 @@ environment.systemPackages = with pkgs; [ neovim git + tea ghostty.terminfo ]; diff --git a/hosts/m3-hermes/default.nix b/hosts/m3-hermes/default.nix index 699d1b7..1cc59e5 100644 --- a/hosts/m3-hermes/default.nix +++ b/hosts/m3-hermes/default.nix @@ -10,7 +10,7 @@ extraServices = { flatpak.enable = false; ollama.enable = false; - podman.enable = true; + podman.enable = false; virtualisation.enable = false; }; } diff --git a/hosts/m3-hermes/services/hermes-agent.nix b/hosts/m3-hermes/services/hermes-agent.nix index a00c86f..30773ca 100644 --- a/hosts/m3-hermes/services/hermes-agent.nix +++ b/hosts/m3-hermes/services/hermes-agent.nix @@ -13,10 +13,35 @@ venvSitePackages = "/home/hermes/.venv/lib/python3.11/site-packages"; gccLibPath = "${pkgs.stdenv.cc.cc.lib}/lib"; in { + virtualisation.docker.enable = true; + + systemd.tmpfiles.rules = [ + "d /home/hermes/.config 0755 hermes hermes -" + "d /home/hermes/.config/tea 0755 hermes hermes -" + "L+ /home/hermes/.config/tea/yml - - - - ${pkgs.writeText "tea-yml" '' + logins: + - name: m3ta + url: https://code.m3ta.dev + token: + ssh_host: code.m3ta.dev + user: m3ta-chiron + default: true + ''}" + "f /home/hermes/.gitconfig 0644 hermes hermes - ${pkgs.writeText "gitconfig" '' + [user] + name = m3ta-chiron + email = m3ta-chiron@agentmail.to + [init] + defaultBranch = main + ''}" + ]; + services.hermes-agent = { enable = true; addToSystemPackages = true; + extraPackages = with pkgs; [docker git tea]; + # Secrets via agenix environmentFiles = [ config.age.secrets."hermes-env".path @@ -26,11 +51,15 @@ in { # Non-secret environment variables environment = { GLM_BASE_URL = "https://api.z.ai/api/coding/paas/v4/"; + GIT_AUTHOR_NAME = "m3ta-chiron"; + GIT_AUTHOR_EMAIL = "m3ta-chiron@agentmail.to"; + GIT_COMMITTER_NAME = "m3ta-chiron"; + GIT_COMMITTER_EMAIL = "m3ta-chiron@agentmail.to"; }; # ── Container mode (podman) ────────────────────────────────────────── container = { - enable = true; + enable = false; backend = "podman"; extraVolumes = ["/home/m3tam3re/p:/projects:rw"]; extraOptions = [ @@ -63,7 +92,7 @@ in { # ── Terminal ─────────────────────────────────────────────────────── terminal = { - backend = "docker"; + backend = "local"; modal_mode = "auto"; cwd = "."; timeout = 180; @@ -127,6 +156,7 @@ in { # ── Memory ───────────────────────────────────────────────────────── memory = { + provider = "honcho"; memory_enabled = true; user_profile_enabled = true; memory_char_limit = 2200; @@ -169,44 +199,6 @@ in { # ── Web ──────────────────────────────────────────────────────────── web = {backend = "exa";}; - - # ── Platform Toolsets ────────────────────────────────────────────── - platform_toolsets = { - cli = [ - "browser" - "clarify" - "code_execution" - "cronjob" - "delegation" - "file" - "image_gen" - "memory" - "session_search" - "skills" - "terminal" - "todo" - "tts" - "vision" - "web" - ]; - telegram = [ - "browser" - "clarify" - "code_execution" - "cronjob" - "delegation" - "file" - "image_gen" - "memory" - "session_search" - "skills" - "terminal" - "todo" - "tts" - "vision" - "web" - ]; - }; }; }; diff --git a/secrets.nix b/secrets.nix index ee1fa9f..d421e14 100644 --- a/secrets.nix +++ b/secrets.nix @@ -50,5 +50,6 @@ in { "secrets/honcho-key.age".publicKeys = systems ++ users; "secrets/hermes-env.age".publicKeys = systems ++ users; "secrets/hermes-cloud-env.age".publicKeys = systems ++ users; + "secrets/hermes-gitea-token.age".publicKeys = systems ++ users; "secrets/tuwunel-registration-token.age".publicKeys = systems ++ users; } diff --git a/secrets/hermes-env.age b/secrets/hermes-env.age index d95c908374e2c548f59e639004f3b0dff2ffaa83..d8a3a3026927eb70f3723e5d441d06ba5c6059f9 100644 GIT binary patch delta 1736 zcmaFKHsQ)RG+yMei9iH}E;Z?1M!g_C2B zFISLziAPnDUvflJVL(|{a8Oi4NkqAMv72F7R!&yBVSY+ZkY81@r;DFOHkYoQLUD11 zZfc5=si~o*f@yYnaCS6;f8n}4EXSdhPeP-IY+d$F&Jmr+ilPpOYvq<*?ZkXx2naZ*&Uca^E{ z#E;_PKH0hH;odpUVO1Gdx=?YP=-^9sY|_M zg_nP2WU#A~OOi)%K}NZ2UQS4{uX|Kdu2-dHdT@HBQGj+3PkLd7bD5)WrGc@dwxPa7YEYg< zqINM?uyKJ$Qh20^S3p*HiK$VLM?rm(Po+^>gsY);MslHBv3Eh9Pri>~sF7=6c8QCn zS9nOVf1p#Yx2sW+o3TZNFIRy{pj%;9W`3ecfODyHVs4bNsjFjFMMaTWX_%i&iFcKI zKxRgwd68GPVM;-`r+0W&lDCDanL)5=VMusVswG#LyH93Rs$Y0gM2dDrj#Ir+U_oTQ zhqGCDP>^?Ic~W7NVQ_w6fq6zzUP-9Gn^S&SRAQ*FV``31P;#*)T9Hw@SB8F0W@MnNhnv5;fzmKs`eqcbN zi>F7hAy=ibrRJnG(aX^Y?ab-%Fr(0lAhKsh5 zg>QgsxnH1TdAe7yVL^nOrJrN2uc3KGo?&QSd3tCh7c6>P^C|zK{A)Ik8_f?k6}o8a!Ia} zZ%Tk~s!xVnT5e!ou}4XfccM?2fu)6MUZ7=Vg(sJ;uC79+fq6!Spv zrGKVZeQ9B?lUtZym|=EhL}`?vdA7fsi@pVyspZS*!snCj%VgRJ^7maWmHX3qOq0Rp z>(RY;j$YjpU2?)!_A}#M_Cs}Xuglw}m3&O!$Z2OU!d+SA$)7V}g6`?HT%PjNf(`71 zD-0*k8wff%3l<>2Yw2MQIEdA>^nepD1 zVEu-5JPY=mlG~zD_b+ma?14vXU1tYyN3I_X#(>7pjqjGbYb^L~>ZW=+ z@qS9Djn)60pU&@A*B>d6a#_7cY`?>%oiTd%a&D!1NOPF9pXA=S{mBIO$<4EWeErqw z_<8z0%NYShy>hFZbgs^ezQ!h^v&6wss$dJ_Kh2{N+imZp>jYo^m!VVEwC3~Ee{0?+ zIt7IK3RvFcbol*FD^^nZxd!_q`8{((_6N8K^0Fw0pRF}3E>W95;c;?(?whcZv=^Q{Gi}l@NBF*Ma)`KTlxoz?ac<_m^Luk0xF5Eh=-uMpRlj?( z-qF6Y}~PpH9-cRKbfKDnhutWe_IquD#T<&Ew75Bir(+h3oNzO7f- p!(+1Bz1{NH)5_qa7xG6##eDKvw;3;J@{fMLlXa_r+onl&@c^G(kh=f? delta 1817 zcmbQq_mXddPJLKGN=R9lS%#NEuyaAKH#a$cB!QF>N-QI5Y^P_}!diD7w0a%GvJZ$+r5b9qXVv#EciFPE;JLUD11 zZfc5=si~o*f@yYnaJx5yIY`du3=?%RhoB|uW?kKV~BpL zt5b4mQfOEd1j@DTbV(2VsTiead2TtaCV`KTc&5ZpQ(|ndy#9pwp((Qze|O| z#E;_P9+@s>=~ZF5J_RYc!5)Prp-~=1>0VWq$wr~BPC3azKEWvgDgGt?IbrEsCBBwb z5n(Bb$>A<(RRtB!A?d-n*-@E=0fr@6e*TeZRY~sNCRrhgVWFOr;~B-nOLDSY0;Ak~ zf=az2N=rK+-BKzlOx=Sbt18N~!#xbROpQ|lGSaIo{3FUugMIxS zBP%L{@`7CoTuQ=93=D#Ei$ZeElYO$&4DwtjpJf!UFU)YwsE9}n3M&q+EJ$+8iu8^u z33qYyOwA7o_V$j-iqy^s4hahj@Qz64axbfsc8LuerHrl}BnxxQVujv5~fa zo}+7ch;wmpMwWiDQ-QO&8&{@(u}_kFZmyR>l1HRLPqicPbK}nc# zd7^h(abj>9mrqWVPquHd zU!`%9hp(k$u$PfxsF7iwXSuI=KvGUPl#KQw_{bXXQG>h zvw?Shy_to1inD%lNrZE8WRb6SsiA(DaYQ;-S;f8;YIEy%fvGg&#N zab0$q6Taxjj!MO6IXfQAny-OZHE%=|Mxw`4m!S=)F$03)Zq*aVpJPww`+VjQ zYyBy0?{1=^(^CDQ{>r`QQyy+zeCFwNo1X(+1DGJp4<Y_W#cg{%_2l znIB-BsM{?lEp)Hb-K?~9#mo)Yg#{#Ae*3AbN_}SKnp0RPD%7W+zdrg}l78kMpC1qI zmTU7BnWmZky>tBGa>M22?u!;%6bnCLaQwx!z1CFZ`D25H3Sz6+!%S}JX>ni7m=I-f YNl_qr?v%U(n`&w={IWN?+tP0j0Aa$$Y5)KL diff --git a/secrets/hermes-gitea-token.age b/secrets/hermes-gitea-token.age new file mode 100644 index 0000000..bb942fe --- /dev/null +++ b/secrets/hermes-gitea-token.age @@ -0,0 +1,25 @@ +age-encryption.org/v1 +-> ssh-ed25519 4NLKrw j+zQu+BGTMVhIEzhqECFLMqs8tK7P8zDF/0fumWTrSY +RqemJfrS6bf6r/Owh38FNV14JNqTP2ZtN8diUqJ0NTU +-> ssh-ed25519 5kwcsA gYZEiF1oFwd7kddSzmmvFC7umpaD0y4DL2LAOHmmkkI +KcOSW/aExT0wJl2Fs97mVSj64CYGL8DsHbKZca3BdTo +-> ssh-ed25519 9d4YIQ 41Mx+hpizRKeW4lu1gMcHVI4p5PqN202F/dJl0n9oTw +G9zr0kdbswSifyHzqlWNyYB1TEaQjxFyxs7mz9XM7Ko +-> ssh-ed25519 3Bcr1w 3FnDPnyWym3Pv70DBEg+tewH6GNM3S/mbbYPGjb1LiY +TOpFTHq5XDoJoqfsDnProGUlXKwuGJQhYJf/f23bgKE +-> ssh-ed25519 c4NQlA mpZuWGlXdmhqkta3SxcDcm/4dw017Zn9KS29WBznnzg +3LjR5O5uezXy3toWAEAEPU4nVx69GYpbYQwQygoIwf4 +-> ssh-rsa DQlE7w +iK5n9EFFD3apn6eJJiAB6dom/llqgneXeSYWNN44Xm0Qez5H3slpn4779BiQwMrI +863iJj91E7KSgANfm3yP3JP8veuuwATk1lRjnk/Xx5AbIQjhlANK7SoNB938unKc +Syd5sA4NX/SRy5rlJUXmc1ZtJex1sc880xj9xEOrclhd1pMD7zPE647SUDz8FcEU +BsHckU3+dKvlLcUVbFJCVfH9LBQezVRE2ajRQRy6FygwTkgrXpD9peTCXLBOacye +IOzPCJUsDB0Ats5osq/xdYb23Qz5RaiztBhNuurI6gWkAim17f8sGIdlWirjQOvH +NwTIArMT8vexBJsLtiYW0ZbLYPX+byidLRpuk2RXT1pfUMkeVWA2g1CgKCHKJbQG +ef4EMFRPhRZ5Knd6279dXalbE2FTbt1uWpxhvjOF8E5O4lM6+3ApWf5d7c0qM6on +jP4+Bn/sOIkVsiB1fjd6YqcXdyORNLqlwOsaCtvfLJ5t0EfebpP5Rigk13f2xddf + +-> ssh-ed25519 CSMyhg M6Nc06Maem8c92oFktCHl/FeNdevn8fazYJjxLygxSc +h6E9GHEO8l9cKVEO6RlpzVJovuo7aOmKYXVDYHVBs1s +--- RlUihZA7p0luD4sv9EY73wq9qIFWMHNnoNmxxVMO8OI +¸å¿Ür ŽcCuaÙ¹dŠÜð¹d+Þ»Wºõ¹w%Ú߉€¤¶ŠsM³ý)”yÁËÓ¢=\jðp˜"ÂÒéðåql \ No newline at end of file