m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Opencode permissions + agent configs

Browse Source
This commit is contained in:
m3tm3re
2026-01-06 08:54:17 +01:00
parent 175f971809
commit c8752086a2
7 changed files with 203 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
flake.lock generated
View File

@@ -21,6 +21,19 @@
"type": "github"
}
},
"agents": {
"flake": false,
"locked": {
"lastModified": 1767685523,
"narHash": "sha256-shTEa+ekFgzB7G+V8ijvQx1N4OKXIEMjlCgtQxL+jqs=",
"path": "/home/m3tam3re/p/MISC/AGENTS",
"type": "path"
},
"original": {
"path": "/home/m3tam3re/p/MISC/AGENTS",
"type": "path"
}
},
"base16-schemes": {
"flake": false,
"locked": {
@@ -505,6 +518,7 @@
"root": {
"inputs": {
"agenix": "agenix",
"agents": "agents",
"disko": "disko",
"home-manager": "home-manager_2",
"hyprpanel": "hyprpanel",

10
flake.nix
View File

@@ -22,8 +22,8 @@
nixpkgs-9e58ed7.url = "github:nixos/nixpkgs/9e58ed7ba759d81c98f033b7f5eba21ca68f53b0";
nixpkgs-master.url = "github:nixos/nixpkgs/master";
# m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs";
m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs";
m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs";
# m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs";
#
nur = {
url = "github:nix-community/NUR";
@@ -43,6 +43,12 @@
hyprpanel.url = "github:Jas-SinghFSU/HyprPanel";
rose-pine-hyprcursor.url = "github:ndom91/rose-pine-hyprcursor";
nix-colors.url = "github:misterio77/nix-colors";
agents = {
# url = "path:/home/m3tam3re/p/MISC/AGENTS";
url = "git+https://code.m3ta.dev/m3tam3re/AGENTS";
flake = false;
};
};
outputs = {

181
home/features/coding/opencode.nix
View File

@@ -1,9 +1,29 @@
{
{inputs, ...}: {
xdg.configFile = {
"opencode/command" = {
source = "${inputs.agents}/command";
recursive = true;
};
"opencode/context" = {
source = "${inputs.agents}/context";
recursive = true;
};
"opencode/prompts" = {
source = "${inputs.agents}/prompts";
recursive = true;
};
"opencode/skill" = {
source = "${inputs.agents}/skill";
recursive = true;
};
};
programs.opencode = {
enable = true;
settings = {
theme = "opencode";
plugin = ["oh-my-opencode"];
agent = builtins.fromJSON (builtins.readFile "${inputs.agents}/agent/agents.json");
formatter = {
alejandra = {
command = ["alejandra" "-q" "-"];
@@ -28,37 +48,138 @@
"OPENAPI_MCP_HEADERS=$(cat /run/agenix/anytype-key) exec bunx @anyproto/anytype-mcp"
];
};
Exa = {
type = "local";
command = [
"sh"
"-c"
"EXA_API_KEY=$(cat /run/agenix/exa-key) exec bunx exa-mcp-server@latest tools=web_search_exa"
];
enabled = true;
};
};
};
};
home.file.".config/opencode/oh-my-opencode.json".text = ''
{
"$schema": "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json",
"agents": {
"Sisyphus": {
"model": "anthropic/claude-opus-4-5"
},
"librarian": {
"model": "anthropic/claude-sonnet-4-5"
},
"explore": {
"model": "opencode/big-pickle"
},
"oracle": {
"model": "anthropic/claude-sonnet-4-5"
},
"frontend-ui-ux-engineer": {
"model": "anthropic/claude-opus-4-5"
},
"document-writer": {
"model": "anthropic/claude-opus-4-5"
},
"multimodal-looker": {
"model": "anthropic/claude-opus-4-5"
}
},
"disabled_mcps": ["context7"]
}
'';
home.file.".config/opencode/oh-my-opencode.json".text = builtins.toJSON {
"$schema" = "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json";
agents = {
Sisyphus = {
model = "anthropic/claude-opus-4-5";
permission = {
edit = "allow";
bash = {
"*" = "allow";
"rm *" = "ask";
"rmdir *" = "ask";
"mv *" = "ask";
"chmod *" = "ask";
"chown *" = "ask";
"git *" = "ask";
"git status*" = "allow";
"git log*" = "allow";
"git diff*" = "allow";
"git branch*" = "allow";
"git show*" = "allow";
"git stash list*" = "allow";
"git remote -v" = "allow";
"git add *" = "allow";
"git commit *" = "allow";
"jj *" = "ask";
"jj status" = "allow";
"jj log*" = "allow";
"jj diff*" = "allow";
"jj show*" = "allow";
"npm *" = "ask";
"npx *" = "ask";
"bun *" = "ask";
"bunx *" = "ask";
"uv *" = "ask";
"pip *" = "ask";
"pip3 *" = "ask";
"yarn *" = "ask";
"pnpm *" = "ask";
"cargo *" = "ask";
"go *" = "ask";
"make *" = "ask";
"dd *" = "deny";
"mkfs*" = "deny";
"fdisk *" = "deny";
"parted *" = "deny";
"eval *" = "deny";
"source *" = "deny";
"curl *|*sh" = "deny";
"wget *|*sh" = "deny";
"sudo *" = "deny";
"su *" = "deny";
"systemctl *" = "deny";
"service *" = "deny";
"shutdown *" = "deny";
"reboot*" = "deny";
"init *" = "deny";
"> /dev/*" = "deny";
"cat * > /dev/*" = "deny";
};
external_directory = "ask";
doom_loop = "ask";
};
};
librarian = {
model = "anthropic/claude-sonnet-4-5";
permission = {
edit = "deny";
bash = "deny";
};
};
explore = {
model = "opencode/big-pickle";
permission = {
edit = "deny";
bash = "deny";
};
};
oracle = {
model = "anthropic/claude-sonnet-4-5";
permission = {
edit = "deny";
bash = "deny";
};
};
frontend-ui-ux-engineer = {
model = "anthropic/claude-opus-4-5";
permission = {
edit = "allow";
bash = {
"*" = "ask";
"npm *" = "ask";
"npx *" = "ask";
"bun *" = "ask";
"bunx *" = "ask";
"rm *" = "ask";
"mv *" = "ask";
"dd *" = "deny";
"mkfs*" = "deny";
"sudo *" = "deny";
"curl *|*sh" = "deny";
"wget *|*sh" = "deny";
};
};
};
document-writer = {
model = "anthropic/claude-opus-4-5";
permission = {
edit = "allow";
bash = "deny";
};
};
multimodal-looker = {
model = "anthropic/claude-opus-4-5";
permission = {
edit = "deny";
bash = "deny";
};
};
};
disabled_mcps = ["context7"];
};
}

4
hosts/m3-ares/secrets.nix
View File

@@ -25,6 +25,10 @@
file = ../../secrets/ref-key.age;
owner = "m3tam3re";
};
exa-key = {
file = ../../secrets/exa-key.age;
owner = "m3tam3re";
};
tailscale-key.file = ../../secrets/tailscale-key.age;
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;

4
hosts/m3-kratos/secrets.nix
View File

@@ -36,6 +36,10 @@
file = ../../secrets/ref-key.age;
owner = "m3tam3re";
};
exa-key = {
file = ../../secrets/exa-key.age;
owner = "m3tam3re";
};
};
};
}

1
secrets.nix
View File

@@ -29,6 +29,7 @@ in {
"secrets/n8n-env.age".publicKeys = systems ++ users;
"secrets/paperless-key.age".publicKeys = systems ++ users;
"secrets/ref-key.age".publicKeys = systems ++ users;
"secrets/exa-key.age".publicKeys = systems ++ users;
"secrets/restreamer-env.age".publicKeys = systems ++ users;
"secrets/searx.age".publicKeys = systems ++ users;
"secrets/tailscale-key.age".publicKeys = systems ++ users;

21
secrets/exa-key.age Normal file
View File

@@ -0,0 +1,21 @@
age-encryption.org/v1
-> ssh-ed25519 4NLKrw BJ2iDD2cLf/qP+VxEHz6Y+8GJ4s4I2wP92uBMG2ttQc
Nea+eK5CELL0eBq8+xuT+qDEbPyRzUgjnhDY+Mk8bjA
-> ssh-ed25519 5kwcsA kpzfRai9rtonBkKVpYkD5kSYTsxbpwAliLO6WnyAgx8
BXG4c2yGwkaXPCkKAiOqrNJknz/tN1jOXmTuj6mJvzA
-> ssh-ed25519 9d4YIQ fRuLFIYDaY7JdtZs9BP4xm7zwDdBYGrzuueuQgS+QWo
YM65b3HG43cP7EvcbX+WIn76a9I427MaeI0kJm0ZjHA
-> ssh-ed25519 3Bcr1w /zGBacmchTtDaaCykhuJkMatDzuo7Hi8iefvnqYDyEg
bK+aCK8cN7gDqLo15z6BC7WaWA+xXXSjP/eoe3ch71M
-> ssh-rsa DQlE7w
JRj461Gh8JYOykv4J2ce6W+q0y4imNfJgAF8r/1FvIy1VYSpDPtPqX6zIldKZ4Fs
dcTpL4AFyQHysrLlMeTuOf7+91vWxBAPqMUR4DtEqxrnYKDpDMy6Addonx7ZhmwZ
gl1dnfx7W9OxGrYZm3YsV5q4lvK1rwzDIswFduOky/kH65SUzdLl5nm8AcSQbKjy
k2jR57/0+z2wmHdxrjY4aEredqTXZNfWRbrX3RQc3xlzka4qajVKAuq4V6EsV3h0
SjQfRgMTnqMyTxqbURl2L5juZrLSj3UAFvYLi7nLCfKjBeRmezG5zZ58eJPnq3co
A5Dy884MXuciLhc8nDUcTCSJap50P9HlyETq6ptzBV8JAF9TSpxY/gzbMt77VZFb
MKf+3gtUIOaXzmzkFp6u90XLN+0n6kM+eJw6PMAPHxHfRDHTtPXE7ZMxRt/TKv1D
Pi/Aqmi5Q9t79TfcNsIT7DcspefCSf4NdTrggxOxo0jmKNw4mdN5SLVqnZ/Ij72R
--- gwpY8yhU+VJSvw2xbmfKHrp8lJpb/0LuGaFDRIA7ORI
¥.ÑÉ®Ÿ ùL,rðRjmÚê<ûo