Flake inputs updated (home-manager → 7519f615, nixpkgs → d2339023, etc.),
now configType = "lua" is supported.
Changes to Hyprland settings:
- monitor: replaced legacy comma-string format with Lua table syntax
using _args + {output, mode, position, scale} for hl.monitor({...})
calls. Home Manager now generates correct hl.monitor() calls instead
of passing raw comma strings.
- workspace: kept simple "id, monitor:X, default:true" string format
for basic monitor bindings (compatible with hl.workspace(...)).
- workspace_rule: added separate workspace_rule entries using
_args + {workspace, monitor, no_border, no_rounding} for special
cases (e.g. WS 5 border:false,rounding:false → no_border=true,
no_rounding=true as per current Hyprland Lua docs).
- window_rule: updated workspace values from int to string ("1",
"2", etc.), updated fullscreen from "on" to boolean true, kept
opacity as string "1.0" per Hyprland docs, kept idle_inhibit as
string "focus".
- on hook: kept as-is (hyprland.start + tuxedo-backlight).
Validate: nix-instantiate --parse passes for both host files.
- Switch from hyprlang (hyprland.conf) to lua (hyprland.lua) config format
- Use configType = "lua" explicitly for clarity
- Replace exec-once with on = { _args = [...] } hook for startup commands
- Convert windowrule strings to window_rule attribute-set syntax with
mkLuaInline match objects and option sets per Home Manager module
- Change mkIf guard from config.desktop.wm.hyprland.enable to
config.wayland.windowManager.hyprland.enable (correct option path)
- Preserve all existing host-specific monitor layouts and window rules
- Both configs: m3-ares (eDP-1 + HDMI) and m3-kratos (DP-1 + DP-2)
- Run alejandra after changes; parse validation passes (exit 0)
Refs:
- https://github.com/nix-community/home-manager/blob/master/modules/services/window-managers/hyprland.nix
- https://wiki.hypr.land/Configuring/Start/
Access control is handled at DNS level — dash.m3ta.dev resolves to
Netbird IP (100.81.142.56) which is unreachable from the public internet.
No need for IP whitelist middleware.
- New hermes-dashboard.service: runs 'hermes dashboard' on 0.0.0.0:9119
- Firewall restricts port 9119 to Netbird mesh VPN range (100.64.0.0/16)
- Runs as hermes user with NoNewPrivileges + ProtectSystem hardening
- Depends on hermes-agent.service (starts after gateway)
- Added placeholder hermes-api-server-key.age (needs real encryption on host)
All home-manager configuration is now centralized in the m3ta-home repo:
- profiles/base/ ← shell, CLI tools, secrets
- profiles/contexts/ ← desktop, server
- profiles/sets/ ← coding, gaming, media
- users/ ← identities, preferences
Per-host overrides (monitors, XDG/MIME) remain in hosts/<name>/home.nix.
Central user integration via hosts/common/users/m3tam3re.nix.
- Enable delegation.orchestrator_enabled with max_spawn_depth=2
- Switch TTS from ElevenLabs (paid) to Edge TTS (free)
- Voice: de-DE-SeraphinaMultilingualNeural — friendly, multilingual German female
- No API key required
Add pkgs.uv to systemd.services.hermes-agent.path so that CronJobs
and terminal sessions can execute PEP 723 scripts via 'uv run'
(e.g. garmin-daily.py for Garmin Connect health data).
Also adds uv to environment.systemPackages for general availability.
- coding.agents.gitIdentity enabled with m3ta-chiron identity
- coding.agents.pi.codingRules.concerns includes 'git-identity'
- Uses feature/agent-git-identity branches for m3ta-nixpkgs and agents
- All base/* modules now use (mkEnableOption "...") // { default = true; }
so they activate automatically when imported — no explicit .enable = true
required in host configs
- packages.nix: add comment documenting that lazylib does not exist in
nixpkgs; lazygit is the correct and intended package
- zellij-ps.nix: clarify that cli.zellij-ps namespace is intentional —
it is the home-manager module convention from m3ta-nixpkgs
- nix flake check passes (warnings are pre-existing)
m3tm3re
m3tam3re
m3ta-chiron