Merge pull request 'feat: pi-agent wrapper' (#5) from feature/pi-agent-wrapper into master

Reviewed-on: #5
2026-04-14 18:51:44 +02:00
parent e289698960 7e0d60c95b
commit 90fbdfe346
7 changed files with 91 additions and 25 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -268,11 +268,11 @@
        "uv2nix": "uv2nix_2"
      },
      "locked": {
-        "lastModified": 1775818389,
+        "lastModified": 1776145260,
-        "narHash": "sha256-Ex2WE+apD96FZt8e/uRgbTUxSWslxv37zd2Ovbd4LYA=",
+        "narHash": "sha256-jyxv5PCRMOA8mU+ng3EDXGLAw0Xq0dDQLgiYgEZudLA=",
        "owner": "NousResearch",
        "repo": "hermes-agent",
-        "rev": "0b143f2ea3ddef4e0bf725bdd931541f8af27882",
+        "rev": "d6314318721cc8f3eba6e1a6138ccc03355764bc",
        "type": "github"
      },
      "original": {
@@ -410,11 +410,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1775818866,
+        "lastModified": 1776137484,
-        "narHash": "sha256-zkjkwAGYNxRsXm3TBSqTwqbQbJpTEqwBC6KPGnh7Wxw=",
+        "narHash": "sha256-3gUwNO4y8ZmTyQBb3fCrLNRnqzAuuwNNSlPjmhrGnMo=",
        "owner": "numtide",
        "repo": "llm-agents.nix",
-        "rev": "290a25e026fa42bb74ae49a3a9a74904eb68be34",
+        "rev": "e70ca11dc1a327e99c58dcd580ed209056a61130",
        "type": "github"
      },
      "original": {
@@ -432,8 +432,8 @@
        "openspec": "openspec"
      },
      "locked": {
-        "lastModified": 1776108132,
+        "lastModified": 1776184481,
-        "narHash": "sha256-XViouXku09/lGDN4xpfUTejo+i9W09ecVEDYXqJdrwY=",
+        "narHash": "sha256-X4b1SRiUUhlp1ciL1pwHI5KvXmrM3A9zxb4GaeNkJ9I=",
        "path": "/home/m3tam3re/p/NIX/nixpkgs",
        "type": "path"
      },
@@ -672,11 +672,11 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1775763530,
+        "lastModified": 1775888245,
-        "narHash": "sha256-BuTK9z1QEwWPOIakQ1gCN4pa4VwVJpfptYCviy2uOGc=",
+        "narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b0188973b4b2a5b6bdba8b65381d6cd09a533da0",
+        "rev": "13043924aaa7375ce482ebe2494338e058282925",
        "type": "github"
      },
      "original": {
--- a/home/features/coding/pi.nix
+++ b/home/features/coding/pi.nix
@@ -3,18 +3,19 @@
    enable = true;
    agentsInput = inputs.agents;
-    container = {
+    externalSkills = [
-      enable = true;
+      {
-      name = "pi-agent";
+        src = inputs.skills-anthropic;
-      projectRoots = ["/home/m3tam3re/p"];
+        selectSkills = ["pdf" "docx" "frontend-design"];
-      autoStart = true;
+      }
-      autoNixDevelop = true;
+      {src = inputs.skills-vercel;}
-      extraRunArgs = [];
+      {src = inputs.skills-basecamp;}
-      extraEnv = {
+      {src = inputs.skills-kestra;}
-        NIX_CONFIG = "experimental-features = nix-command flakes";
+    ];
      };
-    };
+    # Source materialized for m3ta.pi-agent wrapper sync into /var/lib/pi-agent/.pi/agent
    # Use .pi/agents to match Pi's native directory layout.
    path = ".pi/agents";
    modelOverrides = {
      chiron = "zai-coding-plan/glm-5.1";
--- a/hosts/m3-hermes/configuration.nix
+++ b/hosts/m3-hermes/configuration.nix
@@ -30,6 +30,18 @@
    };
  };
  security.sudo.extraRules = [
    {
      users = ["hermes"];
      commands = [
        {
          command = "/run/current-system/sw/bin/podman";
          options = ["NOPASSWD"];
        }
      ];
    }
  ];
  services.fstrim = {
    enable = true;
    interval = "weekly";
--- a/hosts/m3-kratos/configuration.nix
+++ b/hosts/m3-kratos/configuration.nix
@@ -68,7 +68,7 @@
  # List packages installed in system profile. To search, run:
  # $ nix search wget
-  environment.systemPackages = with pkgs; [neovim git n8n];
+  environment.systemPackages = with pkgs; [neovim git];
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
--- a/hosts/m3-kratos/services/default.nix
+++ b/hosts/m3-kratos/services/default.nix
@@ -3,8 +3,9 @@
    ./containers
    ./hermes-agent.nix
    ./mem0.nix
-    ./n8n.nix
+    # ./n8n.nix
    ./netbird.nix
    ./pi-agent.nix
    ./postgres.nix
    ./sound.nix
    ./udev.nix
--- a/hosts/m3-kratos/services/n8n.nix
+++ b/hosts/m3-kratos/services/n8n.nix
@@ -1,6 +1,6 @@
 {lib, ...}: {
  services.n8n = {
-    enable = true;
+    enable = false;
    openFirewall = true;
    environment = {
      N8N_SECURE_COOKIE = "false";
--- a/hosts/m3-kratos/services/pi-agent.nix
+++ b/hosts/m3-kratos/services/pi-agent.nix
@@ -0,0 +1,52 @@
 {config, ...}: let
  cfg = config.m3ta.pi-agent;
 in {
  m3ta.pi-agent = {
    enable = true;
    binaryName = "pi";
    # Per-user policy map: authorized host users + their allowed project roots.
    hostUsers = {
      m3tam3re = {
        projectRoots = ["~/p"];
        # Optional (default comes from wrapper.hostConfigPath)
        configPath = ".pi/agents";
      };
    };
    wrapper = {
      enable = true;
      commandName = "pi";
      hideDirectBinary = true;
      # Sync Home Manager rendered Pi config from invoking user home.
      hostConfigPath = ".pi/agents";
    };
  };
  # Manage isolated pi-agent git identity via Home Manager (declarative + reusable pattern).
  home-manager.users.${cfg.user} = {
    home.username = cfg.user;
    home.homeDirectory = cfg.stateDir;
    home.stateVersion = "26.05";
    programs.git = {
      enable = true;
      signing.format = null;
      settings = {
        user = {
          name = "m3ta-chiron";
          email = "m3ta-chiron@agentmail.to";
        };
        core.excludesfile = "~/.gitignore_global";
        init.defaultBranch = "master";
        alias = {
          st = "status";
          logd = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
        };
      };
    };
    home.file.".gitignore_global".text = "";
  };
 }