feat: pi-agent wrapper

2026-04-14 18:36:55 +02:00
parent e289698960
commit 7e0d60c95b
7 changed files with 91 additions and 25 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -268,11 +268,11 @@
        "uv2nix": "uv2nix_2"
      },
      "locked": {
-        "lastModified": 1775818389,
-        "narHash": "sha256-Ex2WE+apD96FZt8e/uRgbTUxSWslxv37zd2Ovbd4LYA=",
+        "lastModified": 1776145260,
+        "narHash": "sha256-jyxv5PCRMOA8mU+ng3EDXGLAw0Xq0dDQLgiYgEZudLA=",
        "owner": "NousResearch",
        "repo": "hermes-agent",
-        "rev": "0b143f2ea3ddef4e0bf725bdd931541f8af27882",
+        "rev": "d6314318721cc8f3eba6e1a6138ccc03355764bc",
        "type": "github"
      },
      "original": {
@@ -410,11 +410,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1775818866,
-        "narHash": "sha256-zkjkwAGYNxRsXm3TBSqTwqbQbJpTEqwBC6KPGnh7Wxw=",
+        "lastModified": 1776137484,
+        "narHash": "sha256-3gUwNO4y8ZmTyQBb3fCrLNRnqzAuuwNNSlPjmhrGnMo=",
        "owner": "numtide",
        "repo": "llm-agents.nix",
-        "rev": "290a25e026fa42bb74ae49a3a9a74904eb68be34",
+        "rev": "e70ca11dc1a327e99c58dcd580ed209056a61130",
        "type": "github"
      },
      "original": {
@@ -432,8 +432,8 @@
        "openspec": "openspec"
      },
      "locked": {
-        "lastModified": 1776108132,
-        "narHash": "sha256-XViouXku09/lGDN4xpfUTejo+i9W09ecVEDYXqJdrwY=",
+        "lastModified": 1776184481,
+        "narHash": "sha256-X4b1SRiUUhlp1ciL1pwHI5KvXmrM3A9zxb4GaeNkJ9I=",
        "path": "/home/m3tam3re/p/NIX/nixpkgs",
        "type": "path"
      },
@@ -672,11 +672,11 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1775763530,
-        "narHash": "sha256-BuTK9z1QEwWPOIakQ1gCN4pa4VwVJpfptYCviy2uOGc=",
+        "lastModified": 1775888245,
+        "narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b0188973b4b2a5b6bdba8b65381d6cd09a533da0",
+        "rev": "13043924aaa7375ce482ebe2494338e058282925",
        "type": "github"
      },
      "original": {
--- a/home/features/coding/pi.nix
+++ b/home/features/coding/pi.nix
@@ -3,18 +3,19 @@
    enable = true;
    agentsInput = inputs.agents;

-    container = {
-      enable = true;
-      name = "pi-agent";
-      projectRoots = ["/home/m3tam3re/p"];
-      autoStart = true;
-      autoNixDevelop = true;
-      extraRunArgs = [];
-      extraEnv = {
-        NIX_CONFIG = "experimental-features = nix-command flakes";
-      };
+    externalSkills = [
+      {
+        src = inputs.skills-anthropic;
+        selectSkills = ["pdf" "docx" "frontend-design"];
+      }
+      {src = inputs.skills-vercel;}
+      {src = inputs.skills-basecamp;}
+      {src = inputs.skills-kestra;}
+    ];

-    };
+    # Source materialized for m3ta.pi-agent wrapper sync into /var/lib/pi-agent/.pi/agent
+    # Use .pi/agents to match Pi's native directory layout.
+    path = ".pi/agents";

    modelOverrides = {
      chiron = "zai-coding-plan/glm-5.1";
--- a/hosts/m3-hermes/configuration.nix
+++ b/hosts/m3-hermes/configuration.nix
@@ -30,6 +30,18 @@
    };
  };

+  security.sudo.extraRules = [
+    {
+      users = ["hermes"];
+      commands = [
+        {
+          command = "/run/current-system/sw/bin/podman";
+          options = ["NOPASSWD"];
+        }
+      ];
+    }
+  ];
+
  services.fstrim = {
    enable = true;
    interval = "weekly";
--- a/hosts/m3-kratos/configuration.nix
+++ b/hosts/m3-kratos/configuration.nix
@@ -68,7 +68,7 @@

  # List packages installed in system profile. To search, run:
  # $ nix search wget
-  environment.systemPackages = with pkgs; [neovim git n8n];
+  environment.systemPackages = with pkgs; [neovim git];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
--- a/hosts/m3-kratos/services/default.nix
+++ b/hosts/m3-kratos/services/default.nix
@@ -3,8 +3,9 @@
    ./containers
    ./hermes-agent.nix
    ./mem0.nix
-    ./n8n.nix
+    # ./n8n.nix
    ./netbird.nix
+    ./pi-agent.nix
    ./postgres.nix
    ./sound.nix
    ./udev.nix
--- a/hosts/m3-kratos/services/n8n.nix
+++ b/hosts/m3-kratos/services/n8n.nix
@@ -1,6 +1,6 @@
 {lib, ...}: {
  services.n8n = {
-    enable = true;
+    enable = false;
    openFirewall = true;
    environment = {
      N8N_SECURE_COOKIE = "false";
--- a/hosts/m3-kratos/services/pi-agent.nix
+++ b/hosts/m3-kratos/services/pi-agent.nix
@@ -0,0 +1,52 @@
+{config, ...}: let
+  cfg = config.m3ta.pi-agent;
+in {
+  m3ta.pi-agent = {
+    enable = true;
+    binaryName = "pi";
+
+    # Per-user policy map: authorized host users + their allowed project roots.
+    hostUsers = {
+      m3tam3re = {
+        projectRoots = ["~/p"];
+        # Optional (default comes from wrapper.hostConfigPath)
+        configPath = ".pi/agents";
+      };
+    };
+
+    wrapper = {
+      enable = true;
+      commandName = "pi";
+      hideDirectBinary = true;
+
+      # Sync Home Manager rendered Pi config from invoking user home.
+      hostConfigPath = ".pi/agents";
+    };
+  };
+
+  # Manage isolated pi-agent git identity via Home Manager (declarative + reusable pattern).
+  home-manager.users.${cfg.user} = {
+    home.username = cfg.user;
+    home.homeDirectory = cfg.stateDir;
+    home.stateVersion = "26.05";
+
+    programs.git = {
+      enable = true;
+      signing.format = null;
+      settings = {
+        user = {
+          name = "m3ta-chiron";
+          email = "m3ta-chiron@agentmail.to";
+        };
+        core.excludesfile = "~/.gitignore_global";
+        init.defaultBranch = "master";
+        alias = {
+          st = "status";
+          logd = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
+        };
+      };
+    };
+
+    home.file.".gitignore_global".text = "";
+  };
+}