m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: m3tam3re:0d81b0e5e94f925e668640611a36b3608f0cbfb0
Branches Tags
m3tam3re:master
..
compare: m3tam3re:master
Branches Tags
m3tam3re:master

33 Commits
0d81b0e5e9 ... master

Author SHA1 Message Date
m3tam3re
1692a34f6e Merge pull request 'feat: enable orchestrator + switch TTS to Edge (Katja voice)' (#8) from feature/orchestrator-edge-tts into master 
Reviewed-on: #8
 2026-05-01 16:15:13 +02:00
m3ta-chiron
2403e54039 feat: enable orchestrator + switch TTS to Edge (Seraphina voice) 
- Enable delegation.orchestrator_enabled with max_spawn_depth=2
- Switch TTS from ElevenLabs (paid) to Edge TTS (free)
- Voice: de-DE-SeraphinaMultilingualNeural — friendly, multilingual German female
- No API key required
 2026-05-01 16:06:49 +02:00
m3tm3re
3e8c95944c chore: hermes update 2026-05-01 12:06:23 +02:00
m3ta-chiron
fbc555feeb feat: pi guardrails 2026-04-29 20:14:07 +02:00
m3ta-chiron
6a5d8f0011 feat(agents): add strict security hardening for Pi and OpenCode 
Pi Guardrails:
- Enables @aliou/pi-guardrails with strict default config
- Sets onboarding.completed = true to skip onboarding prompt
- Enables pathAccess in ask mode for /nix/store and /tmp
- Adds noAccess policies for: SSH keys, GPG keys, AWS config,
  Kubernetes config, cloud CLI configs (gh/gcloud/1password/sops),
  agenix secrets, Pi auth/sessions, env files, private keys/certs
- Adds auto-deny patterns for env leakage commands:
  env, printenv, /proc/*/environ, GPG secret exports,
  ssh-add -D, password manager reads

OpenCode permissions:
- Adds permission section with global security rules
- external_directory: ask by default, allow /nix/store and /tmp
- read/edit: allow by default, deny SSH/GPG/AWS/Kube/cloud configs,
  agenix secrets, Pi auth/sessions, env files, private keys/certs
- glob: restrict sensitive path patterns
- grep: deny SSH/GPG/agenix, ask for PASSWORD/SECRET/API_KEY/PRIVATE_KEY
- bash: ask by default, allow safe git/nix commands,
  deny env/printenv/proc/GPG secret/sudo/ssh-add deletion/curl|sh
- webfetch: ask by default, allow github/nixos search
- doom_loop: ask
 2026-04-29 19:48:29 +02:00
m3tam3re
9c3d10836f Merge pull request 'fix: add uv to hermes-agent service PATH' (#7) from fix/hermes-agent-uv-path into master 
Reviewed-on: #7
 2026-04-29 16:24:17 +02:00
m3ta-chiron
a615ab61e8 fix: add uv to hermes-agent service PATH 
Add pkgs.uv to systemd.services.hermes-agent.path so that CronJobs
and terminal sessions can execute PEP 723 scripts via 'uv run'
(e.g. garmin-daily.py for Garmin Connect health data).

Also adds uv to environment.systemPackages for general availability.
 2026-04-29 16:18:41 +02:00
m3ta-chiron
193b8c0115 fix(git-identity): use existing gitea SSH key for agent commits 
The m3ta-chiron SSH key was not accepted by Gitea.
Using the existing gitea key instead for push authentication.
 2026-04-27 19:52:11 +02:00
m3tm3re
f76c4dd5d4 chore: smlink pip to uv pip 2026-04-27 19:36:52 +02:00
m3tm3re
05dc6bf608 chore: smlink pip to uv pip 2026-04-27 19:07:26 +02:00
m3tam3re
d524864fc3 Merge pull request 'feature/agent-git-identity' (#6) from feature/agent-git-identity into master 
Reviewed-on: #6
 2026-04-27 17:55:06 +02:00
m3tm3re
09e2ba8538 chore: AGENTS + nixpkgs input urls 2026-04-27 17:53:08 +02:00
m3tm3re
a427f319d4 feat(agents): add gitIdentity config and git-identity rule 
- coding.agents.gitIdentity enabled with m3ta-chiron identity
- coding.agents.pi.codingRules.concerns includes 'git-identity'
- Uses feature/agent-git-identity branches for m3ta-nixpkgs and agents
 2026-04-27 13:24:34 +02:00
m3tm3re
936eb13794 feat: add global skills to hermes environment 2026-04-26 15:14:54 +02:00
m3tm3re
5b0e6cbd5d feat(hermes-agent): add copy-hermes-skills systemd service 2026-04-26 14:37:43 +02:00
m3tm3re
2302810d11 chore: update beads issue state and gitignore docs/plans 2026-04-26 14:35:38 +02:00
m3tm3re
25ac47a422 feat(hermes-agent): add mkOpencodeSkills integration for skills provisioning 
- Add inputs parameter to module signature for flake input access
- Define hermesSkills via inputs.agents.lib.mkOpencodeSkills
- Includes customSkills from agents flake and external skills:
  - skills-basecamp (basecamp/basecamp-cli)
  - skills-anthropic (anthropics/skills)
  - skills-kestra (kestra-io/agent-skills)
- Verified with nixos-rebuild dry-run --flake .#m3-hermes (no errors)
 2026-04-26 14:35:06 +02:00
m3tm3re
e6cfcc346b docs(agents): expand Beads workflow documentation 
- Add 6-step core workflow with examples
- Document slash commands for agent integration
- Add 'Why Beads?' section emphasizing persistence
- Note to avoid bd edit in agent contexts
- Include dependency linking examples
 2026-04-26 14:12:30 +02:00
m3tm3re
09bc9da6d9 chore: complete AGENTS.md documentation 
- Add comprehensive project documentation to AGENTS.md
- Remove stale docs from docs/ directory
- Update agent configs (agents.nix, pi.nix)
- Update python.nix language config
- Update .gitignore
 2026-04-26 14:10:54 +02:00
m3tm3re
eb06533174 Merge feature/home-profile-restructuring: home-manager profile refactoring 
Refactor home-manager configuration structure:
- Reorganize from features/ to base/coding/desktop/server/profiles/
- Add language runtime modules (go, js, python, rust, typescript)
- Add LSP server configuration
- Add gaming and media profiles
- Add shell modules (fish, nushell, starship)
- Consolidate editor and git configuration
 2026-04-26 13:53:00 +02:00
m3tm3re
30a9a23de2 refactor: add language runtimes module and cleanup agent config 
- Add home/coding/languages/ with Python, JavaScript, Rust, Go, TypeScript
- Move bun/nodejs from agents.nix to languages/javascript.nix
- Move python3 with packages to languages/python.nix
- Move npm config to javascript.nix (broader context)
- Add language options to m3-ares and m3-kratos host configs
- Move pyrefly from agents.nix to lsp/servers.nix
- Remove duplicate python3 reference (build conflict fix)
- Remove unused base/secrets/cli-tools/ duplicates
 2026-04-26 13:20:22 +02:00
m3tm3re
6d0149ee6e feat: add AMD GPU tools, media packages, and productivity module 
Task 3 - Gaming profile:
- Add gpu.nix with ROCm runtime/smi/info and vulkan-tools
- Import gpu.nix in gaming profile aggregator

Task 4 - Media profile:
- Add unimatrix to yt-dlp.nix packages
- (plexamp, webcord, mpv config were already present)

Task 5 - Desktop apps:
- Add productivity.nix with pomodoro-timer
- Import productivity.nix in desktop apps aggregator
 2026-04-26 12:32:47 +02:00
m3tm3re
d19b87f8cd feat: add coding packages module (bruno, insomnia) 2026-04-26 12:29:14 +02:00
m3tm3re
8f5d076d7b fix: make base modules enabled by default; document lazylib→lazygit 
- All base/* modules now use (mkEnableOption "...") // { default = true; }
  so they activate automatically when imported — no explicit .enable = true
  required in host configs
- packages.nix: add comment documenting that lazylib does not exist in
  nixpkgs; lazygit is the correct and intended package
- zellij-ps.nix: clarify that cli.zellij-ps namespace is intentional —
  it is the home-manager module convention from m3ta-nixpkgs
- nix flake check passes (warnings are pre-existing)
 2026-04-26 12:16:44 +02:00
m3tm3re
3c9a107608 feat: add missing packages and programs to base cli-tools 
- packages.nix: essential packages (jq, ripgrep, fd, htop, coreutils,
  lazygit, httpie, just, devenv, gcc, go, sqlite, sqlite-vec, nix-index,
  nix-update, progress, comma, fabric-ai, llm, basecamp, hyprpaper-random,
  libnotify, trash-cli, unzip, zip, yazi)
- bat.nix: bat with nix-colors derived syntax theme
- carapace.nix: multi-shell completion (fish, nushell, bash)
- direnv.nix: automatic env loading with nix-direnv
- eza.nix: modern ls with icons, git status, long format
- lf.nix: terminal file manager with bat preview
- zoxide.nix: smarter cd with fish and nushell integration
- zellij-ps.nix: project session manager wrapping cli.zellij-ps
 2026-04-26 12:06:36 +02:00
m3tm3re
cc01c1d0aa fix(agents): make videoDrivers optional with safe default 
For standalone Home Manager evaluation where videoDrivers may be absent
 2026-04-26 11:37:17 +02:00
m3tm3re
d59a6b82b6 chore: remove features.old archive and format all files 
- Delete home/features.old/ (archived old flat feature modules)
- All content migrated to new profile-based structure
- Run alejandra formatter over 13 changed files
- nix flake check passes cleanly
 2026-04-26 11:29:49 +02:00
m3tm3re
d44bdad73a refactor: archive old features directory to features.old 
The new profile-based structure (home/base, home/desktop, home/server,
home/profiles/, home/coding) is fully operational and imported via
home/lib/mkHomeConfig. The legacy home/features directory is no longer
referenced anywhere in the configuration.

Archived rather than deleted to preserve history for reference.
 2026-04-26 11:22:17 +02:00
m3tm3re
797ffb2b8a fix: assert unknown profiles in mkHomeConfig; move agent modules to coding/agents 
- home/lib/default.nix: add assertion for unknown profile names instead of
  silently filtering them out; remove unused 'inherit (lib) optional'
- home/coding/agents/{opencode,pi}.nix: moved from home/features/coding/
  to co-locate with agents.nix (eliminating cross-directory back-references)
- home/coding/agents/agents.nix: update imports to ./opencode.nix and ./pi.nix
- home/features/coding/: remove now-dead default.nix (nothing imported it)
 2026-04-26 11:17:03 +02:00
m3tm3re
73bd2b1f2e fix: spec review - add missing fish module to base/shell 
- Create home/base/shell/fish.nix
- Add to base/shell/default.nix imports
- Migrate remaining hosts from features.cli.fish to base.shell.fish
 2026-04-26 11:09:50 +02:00
m3tm3re
f3749c5679 feat: implement profile system with mkHomeConfig and context constraints 
- Add home/lib/default.nix with mkHomeConfig utility
  - Loads base + common modules always
  - Maps profiles (coding, gaming, media) to module imports
  - Enforces desktop/server mutual exclusion via assertion
  - Context must be 'desktop', 'server', or null

- Migrate all per-host home configs to new profile system
  - m3-ares: context=desktop, profiles=[coding, gaming, media]
  - m3-kratos: context=desktop, profiles=[coding, gaming, media]
  - m3-atlas: context=server, profiles=[coding]
  - m3-helios: context=server, profiles=[]
  - m3-hermes: context=server, profiles=[]
  - m3-aether: context=server, profiles=[]
  - m3-daedalus: context=desktop, profiles=[coding, media]

- Replace features.* options with new namespaces:
  - features.cli.* -> base.shell.* / base.cliTools.* / base.secrets
  - features.desktop.* -> desktop.wm.* / desktop.apps.* / desktop.theme.*
  - gaming/media moved to profiles.gaming.* / profiles.media.*

- Fix home/coding/editor/neovim.nix: remove duplicate option declaration
  (coding.editors.neovim.enable already declared by m3ta-nixpkgs)

- Fix home/coding/lsp/servers.nix: replace removed nodePackages.typescript-language-server
  with typescript-language-server

- Fix home/desktop/theme/wallpapers.nix: correct relative path
  (was ../../.. which resolved to project root, should be ../..)
 2026-04-26 11:03:43 +02:00
m3tm3re
9908b9e335 fix: code review fixes 
- Fix hardcoded user path in webapps.nix (use homeDirectory)
- Normalize wallpapers option to use .enable suffix
- Remove duplicate FZF keybind declaration
- Update comments to match actual implementation
 2026-04-26 10:49:01 +02:00
m3tm3re
1b5bcae686 feat: create new home/ directory structure for profile-based config 
New structure:
- home/base/        - Always loaded (shell, cli-tools, secrets)
- home/coding/      - Profile-independent dev tooling (editor, lsp, git, agents)
- home/profiles/    - Freely combinable profiles (gaming, media)
- home/desktop/     - Desktop-only (wm, apps, theme)
- home/server/      - Minimal server stub

Migration sources:
- home/features/cli/ → home/base/{shell,cli-tools,secrets}
- home/features/desktop/hyprland,wayland,rofi → home/desktop/wm/
- home/features/desktop/obsidian,office,webapps,crypto → home/desktop/apps/
- home/features/desktop/fonts,theme,wallpapers → home/desktop/theme/
- gaming.nix split → home/profiles/gaming/{steam,gamescope}
- media.nix split  → home/profiles/media/{obs,ffmpeg,yt-dlp,kdenlive,handbrake}

Option namespaces updated:
- features.cli.*  → base.shell.* / base.cliTools.* / base.secrets
- features.desktop.* → desktop.wm.* / desktop.apps.* / desktop.theme.*
- features.desktop.gaming → profiles.gaming.*
- features.desktop.media  → profiles.media.*

Verified: nix flake check passes (warnings only)
 2026-04-26 10:37:03 +02:00
98 changed files with 2279 additions and 2616 deletions
Expand all files Collapse all files

3
.beads/issues.jsonl Normal file
View File

@@ -0,0 +1,3 @@
{"id":"home-profile-restructuring-edz","title":"Create copy-hermes-skills systemd service","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:44:42Z","started_at":"2026-04-26T12:36:30Z","closed_at":"2026-04-26T12:44:42Z","close_reason":"Created systemd service in hosts/m3-hermes/services/hermes-agent.nix - copies skills to /var/lib/hermes/.agents/skills before hermes-agent starts","labels":["hermes-agent","nixos"],"dependencies":[{"issue_id":"home-profile-restructuring-edz","depends_on_id":"home-profile-restructuring-ycz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":1,"comment_count":0}
{"id":"home-profile-restructuring-ycz","title":"Build hermes-agent skills using mkOpencodeSkills","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":2,"created_at":"2026-04-26T12:30:09Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:35:15Z","started_at":"2026-04-26T12:31:35Z","closed_at":"2026-04-26T12:35:15Z","close_reason":"Added inputs to module signature and defined hermesSkills via inputs.agents.lib.mkOpencodeSkills with basecamp, anthropic, and kestra external skills. Verified with nixos-rebuild dry-run --flake .#m3-hermes (no errors).","labels":["hermes-agent","nixos"],"dependency_count":0,"dependent_count":1,"comment_count":0}
{"id":"home-profile-restructuring-cxa","title":"Verify skills available at /var/lib/hermes/.agents/skills","status":"closed","priority":2,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:50:58Z","started_at":"2026-04-26T12:38:15Z","closed_at":"2026-04-26T12:50:58Z","close_reason":"Manually verified - skills are present at /var/lib/hermes/.agents/skills on m3-hermes","labels":["hermes-agent","testing"],"dependencies":[{"issue_id":"home-profile-restructuring-cxa","depends_on_id":"home-profile-restructuring-edz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":0,"comment_count":0}

6
.gitignore vendored
View File

@@ -38,3 +38,9 @@ opencode.json
.cache
.pi*
.worktrees/
docs/plans/
# Beads / Dolt files (added by bd init)
.dolt/
*.db
.beads-credential-key

565
AGENTS.md
View File

@@ -1,274 +1,383 @@
# NIXOS CONFIGURATION KNOWLEDGE BASE
# Agent Instructions
**Generated:** 2025-12-31 16:13:40 UTC
**Commit:** ebc8291
**Branch:** HEAD
This project uses **bd** (beads) for issue tracking. Run `bd prime` for full workflow context.
## OVERVIEW
Personal NixOS configuration managing 6 hosts (4 servers, 2 desktops) using flakes, agenix secrets, and feature-based home-manager setup.
## Quick Reference
## STRUCTURE
```
./
├── flake.nix # Main entry: host definitions, inputs, outputs
├── secrets.nix # Agenix public key mappings
├── hosts/
│ ├── common/ # Shared: base config, users, extraServices, ports
│ ├── m3-atlas/ # Server: 20+ containerized services with Traefik
│ ├── m3-helios/ # Server: AdGuard, internal routing
│ ├── m3-ares/ # Desktop: NVIDIA GPU, Btrfs
│ ├── m3-kratos/ # Desktop: AMD GPU, ZFS
│ └── m3-aether/ # Cloud VM
├── home/
│ ├── common/ # Home-manager base config
│ ├── features/ # Modular feature toggles (cli, desktop, coding)
│ └── m3tam3re/ # Per-host user configs
├── modules/ # Custom NixOS/home-manager modules
├── overlays/ # Package overlays (stable, locked, pinned, master)
├── pkgs/ # Custom package definitions
└── secrets/ # Agenix encrypted .age files (19 secrets)
```bash
bd ready # Find available work
bd show <id> # View issue details
bd update <id> --claim # Claim work atomically
bd close <id> # Complete work
bd dolt push # Push beads data to remote
```
## WHERE TO LOOK
## Non-Interactive Shell Commands
| Task | Location | Notes |
|------|----------|-------|
| Add new host | `flake.nix` + `hosts/<name>/` | Copy template from m3-atlas (server) or m3-ares (desktop) |
| Add service to m3-atlas | `hosts/m3-atlas/services/` | See containers/ for Podman + Traefik pattern |
| Configure desktop features | `home/features/desktop/` | Feature toggles with mkEnableOption |
| Add CLI tool | `home/features/cli/` | Fish + Nushell integration expected |
| Manage secrets | `secrets.nix` + `agenix -e` | SSH keys defined in secrets.nix |
| Define ports | `hosts/common/ports.nix` | Centralized port registry |
| Add user | `hosts/common/users/` | Shared across all hosts |
| Custom packages | `pkgs/default.nix` | Exposed via flake outputs |
**ALWAYS use non-interactive flags** with file operations to avoid hanging on confirmation prompts.
## CONVENTIONS
Shell commands like `cp`, `mv`, and `rm` may be aliased to include `-i` (interactive) mode on some systems, causing the agent to hang indefinitely waiting for y/n input.
### Secrets (agenix)
- **Create**: `agenix -e secrets/<name>.age` after adding keys to `secrets.nix`
- **Reference**: `config.age.secrets.<name>.path` in service configs
- **Pattern**: Service env files use `environmentFiles = [config.age.secrets.<service>-env.path]`
**Use these forms instead:**
### Service Organization
- **Native services**: `hosts/<host>/services/<service>.nix`
- **Containers**: `hosts/<host>/services/containers/<service>.nix`
- **Traefik integration**: All m3-atlas services include dynamic config for SSL + routing
- **Networking**: Containers use dedicated `web` network (10.89.0.0/24) with static IPs
```bash
# Force overwrite without prompting
cp -f source dest # NOT: cp source dest
mv -f source dest # NOT: mv source dest
rm -f file # NOT: rm file
### Port Management
- **Registry**: All ports defined in `hosts/common/ports.nix`
- **Access**: `config.m3ta.ports.get "service-name"`
- **Convention**: Internal services use 3000-3020 range
# For recursive operations
rm -rf directory # NOT: rm -r directory
cp -rf source dest # NOT: cp -r source dest
```
### Home-Manager Features
- **Enable**: `features.<category>.<feature>.enable = true` in user config
- **Categories**: `cli`, `desktop`, `coding`
- **Pattern**: Features are opt-in modules with default.nix aggregators
**Other commands that may prompt:**
### Multiple nixpkgs Inputs
- **stable**: 25.11 release
- **locked/pinned**: Specific commits for compatibility
- **master**: Bleeding edge
- **m3ta-nixpkgs**: Custom local overlay at `path:/home/m3tam3re/p/nix/nixpkgs`
- `scp` - use `-o BatchMode=yes` for non-interactive
- `ssh` - use `-o BatchMode=yes` to fail instead of prompting
- `apt-get` - use `-y` flag
- `brew` - use `HOMEBREW_NO_AUTO_UPDATE=1` env var
## CODING RULES
<!-- BEGIN BEADS INTEGRATION v:1 profile:minimal hash:ca08a54f -->
This project uses coding rules from the AGENTS repository (`inputs.agents`) plus project-specific conventions.
## Beads Issue Tracker
### Standard Rules (AGENTS repo)
This project uses **bd (beads)** for persistent task tracking. Run `bd prime` for full workflow context.
| Rule | Source | Purpose |
|------|--------|---------|
| `languages/nix.md` | AGENTS/rules/ | Nix language conventions, flake patterns |
| `concerns/coding-style.md` | AGENTS/rules/ | General coding principles |
| `concerns/naming.md` | AGENTS/rules/ | Naming conventions per language |
| `concerns/documentation.md` | AGENTS/rules/ | Documentation standards |
| `concerns/testing.md` | AGENTS/rules/ | Testing guidelines |
| `concerns/git-workflow.md` | AGENTS/rules/ | Commit message format, branch naming |
| `concerns/project-structure.md` | AGENTS/rules/ | Project layout conventions |
### Why Beads?
### NixOS-Config Specific Rules
- **Prefer Beads over ad-hoc markdown TODO lists** — Beads provides structured, queryable, shareable issue tracking with dependency management
- **Never use `bd edit`** — it opens an interactive editor which blocks agent workflows
- **Use flags and stdin instead** — `bd update <id> --claim`, `bd create --title "..." --estimate 2`
#### Project Structure
### Slash Commands (Agent Workflow)
| Command | Purpose |
|---------|---------|
| `/beads:ready` | Find unblocked issues |
| `/beads:create` | Create a new issue |
| `/beads:update` | Update an issue (claim, status) |
| `/beads:close` | Close completed work |
| `/beads:stats` | Project-level snapshot |
### Core Workflow (6 Steps)
#### 1. Find Unblocked Work
```bash
bd ready --json
```
Lists issues with no blocking dependencies that are ready to work on.
#### 2. Claim Work
```bash
bd update <id> --claim
```
Atomically assigns the issue to you (sets status to "in-progress").
#### 3. Inspect Details
```bash
bd show <id>
```
View full issue details including:
- Description and acceptance criteria
- Blocking/blocked-by dependencies
- Time estimates
- Status history
#### 4. Create Newly Discovered Work
```bash
# Create a new issue
bd create \
--title "Fix audio on m3-helios" \
--estimate 2 \
--priority high \
--labels nixos,audio
# Link dependencies
bd dep <id> --blocks <blocked-id> # This issue blocks another
bd dep <id> --after <after-id> # This issue after another completes
bd dep <id> --requires <requires-id> # This issue requires another
```
#### 5. Complete Work
```bash
bd close <id> --reason "Added PulseAudio fallback to configuration.nix"
```
Provide a concise summary of what was done. The `--reason` is mandatory.
#### 6. Project Snapshot
```bash
bd status --json # Current state of all issues
bd stats # Metrics: velocity, cycle time, bottlenecks
```
### Example Complete Workflow
```bash
# Start session - find work
bd ready --json
# Claim available issue
bd update 42 --claim
# Do the work...
# Discover something else needed
bd create --title "Document hermes-agent setup" --estimate 1
# Link as related
bd dep 43 --after 42
# Complete original
bd close 42 --reason "Added Hyprland idle timeout config"
# Close related
bd close 43 --reason "Added setup docs to AGENTS.md"
# Push state to remote
bd dolt push
```
### Rules
- Use `bd` for ALL task tracking — do NOT use TodoWrite, TaskCreate, or markdown TODO lists
- Run `bd prime` for detailed command reference and session close protocol
- Use `bd remember` for persistent knowledge — do NOT use MEMORY.md files
## Session Completion
**When ending a work session**, you MUST complete ALL steps below. Work is NOT complete until `git push` succeeds.
**MANDATORY WORKFLOW:**
1. **File issues for remaining work** - Create issues for anything that needs follow-up
2. **Run quality gates** (if code changed) - Tests, linters, builds
3. **Update issue status** - Close finished work, update in-progress items
4. **PUSH TO REMOTE** - This is MANDATORY:
```bash
git pull --rebase
bd dolt push
git push
git status # MUST show "up to date with origin"
```
5. **Clean up** - Clear stashes, prune remote branches
6. **Verify** - All changes committed AND pushed
7. **Hand off** - Provide context for next session
**CRITICAL RULES:**
- Work is NOT complete until `git push` succeeds
- NEVER stop before pushing - that leaves work stranded locally
- NEVER say "ready to push when you are" - YOU must push
- If push fails, resolve and retry until it succeeds
<!-- END BEADS INTEGRATION -->
# Project Agent
**Workspace Path:** `/home/m3tam3re/p/NIX/nixos-config`
_(Note to Pi: Your file write/edit tools run in a different directory by default. You MUST use absolute paths starting with the Workspace Path above for ALL file operations!)_
**Generated:** 2026-04-26
---
## Stack
| Component | Version/Source |
| ---------------- | --------------------------------- |
| **Nixpkgs** | nixos-unstable + 25.05 stable |
| **Home Manager** | github:nix-community/home-manager |
| **Agenix** | github:ryantm/agenix |
| **Disko** | github:nix-community/disko |
| **NUR** | github:nix-community/NUR |
| **Formatter** | alejandra |
| **Linters** | statix, deadnix |
| **IDE** | nixd |
| **Hermes Agent** | NousResearch/hermes-agent |
| **LLM Agents** | numtide/llm-agents.nix |
---
## Structure
```
nixos-config/
├── flake.nix # Entry point
├── hosts/ # Host-specific NixOS configs
│ ├── common/ # Shared: ports, users, base config
│ ├── m3-atlas/ # Server with Traefik hub
│ ├── m3-helios/ # AdGuard DNS
│ ├── m3-ares/ # Desktop (NVIDIA)
└── m3-kratos/ # Desktop (AMD)
├── home/ # Home-manager configs
│ ├── common/ # Shared home config
│ ├── features/ # Feature modules (cli, desktop, coding)
── m3tam3re/ # User-specific configs
├── modules/ # Custom NixOS/HM modules
├── flake.nix # Entry point: hosts, overlays, dev shells
├── coding-rules.json # Opencode rules configuration
├── hosts/ # Per-host NixOS configurations
│ ├── common/ # Shared across all hosts
│ ├── users/ # User definitions
│ ├── ports.nix # Network ports config
└── extraServices/ # Common service toggles
│ ├── m3-ares/ # Main desktop
│ ├── m3-atlas/ # Desktop with disko
── m3-helios/ # Desktop with disko
│ ├── m3-hermes/ # Desktop with disko + hermes-agent
│ └── m3-kratos/ # Server with NUR
├── modules/ # Reusable NixOS/home-manager modules
│ ├── nixos/ # NixOS-specific modules
│ │ └── default.nix # Imports common + service configs
│ └── home-manager/ # Home-manager configurations
├── home/ # Per-user, per-host home configs
│ └── m3tam3re/
│ └── m3-daedalus.nix
├── overlays/ # Package overlays
│ ├── default.nix # Stable/locked/master branches
│ └── mods/ # Package modifications
├── pkgs/ # Custom packages
└── secrets/ # Agenix encrypted secrets
├── secrets/ # Encrypted secrets (agenix)
│ └── secrets.nix
├── .opencode-rules/ # Opencode AI rules
│ ├── concerns/ # Coding style rules
│ ├── languages/nix.md # Nix conventions
│ └── USAGE.md
└── .pi/ # Agent configuration
```
#### Naming Conventions
---
| Type | Convention | Example |
|------|------------|---------|
| Hosts | mythological-names | `m3-atlas`, `m3-helios` |
| Files | hyphen-case | `my-service.nix` |
| Variables | camelCase | `portHelpers`, `serviceConfig` |
| Options | m3ta.* | `config.m3ta.ports.get` |
| Packages | lowercase-hyphen | `hyprpaper-random` |
## Commands
#### Nix Module Pattern
| Action | Command | Notes |
| -------------------- | ---------------------------------------------------------------------- | ------------------------------------------------- |
| **Enter dev shell** | `nix develop` | Includes alejandra, nixd, agenix, statix, deadnix |
| **Build host** | `sudo nixos-rebuild switch --flake .#m3-ares` | Replace hostname as needed |
| **Dry run build** | `sudo nixos-rebuild dry-run --flake .#m3-ares` | Validate without applying |
| **List hosts** | `nix flake show` | Shows all NixOS configurations |
| **Update flake** | `sudo nixos-rebuild switch --flake .#m3-ares --update-input nixpkgs` | Update specific input |
| **Format code** | `alejandra .` | Run before committing |
| **Check lint** | `statix check .` | Run statix for antipatterns |
| **Remove dead code** | `deadnix -w .` | Clean up unused let bindings |
| **Build ISO** | `nix build .#nixosConfigurations.m3-ares.config.system.build.isoImage` | Generate install ISO |
---
## Conventions
### Formatting & Style
- **Formatter:** `alejandra` (mandatory, run before commits)
- **Indentation:** 2 spaces (alejandra default)
- **Variables:** camelCase (e.g., `maxRetryAttempts`)
- **Types/Modules:** PascalCase (e.g., `MyService`)
- **Constants:** UPPER_SNAKE_CASE (e.g., `MAX_RETRIES`)
- **Files:** hyphen-case (e.g., `my-file.nix`)
### Nix Module Patterns
```nix
{ config, lib, pkgs, ... }:
with lib; let
cfg = config.m3ta.myModule;
in {
options.m3ta.myModule = {
enable = mkEnableOption "my module";
};
config = mkIf cfg.enable {
# Configuration here
{
options.myService.enable = lib.mkEnableOption "my service";
config = lib.mkIf config.myService.enable {
services.myService.enable = true;
};
}
```
#### Anti-Patterns (Never Do)
### Conditionals
| Don't | Do Instead |
|-------|------------|
| Hardcode ports | `config.m3ta.ports.get "service"` |
| Skip secrets.nix update | Add keys first, then `agenix -e` |
| Containers outside web network | `--network=web --ip=10.89.0.N` |
| Skip Traefik for public services | Configure dynamic config |
| Bypass extraServices flags | Use feature flags properly |
| Use `fetchTarball` | Use flake inputs |
| Use `with pkgs;` in modules | Explicit `pkgs.package` |
### Formatting & Linting
```bash
# Format (alejandra)
nix fmt
# Lint (statix, deadnix - only in dev shell)
nix develop
statix check .
deadnix .
# Validate flake
nix flake check
```
### Commit Conventions
Format: `<type>: <brief description>`
Types: `feat`, `fix`, `docs`, `style`, `refactor`, `chore`
Examples:
- `feat: add new host m3-hermes`
- `fix: resolve port conflict in mem0 module`
- `docs: update AGENTS.md with new service`
- `style: format nix files`
- `refactor: simplify port management`
- `chore: update nixpkgs inputs`
### Tools in Dev Shell
| Tool | Purpose |
|------|---------|
| `alejandra` | Nix code formatter |
| `nixd` | Nix language server |
| `statix` | Nix linter |
| `deadnix` | Find dead code |
| `agenix` | Secret management |
## COMMANDS
```bash
# Build/deploy specific host
sudo nixos-rebuild switch --flake .#m3-ares
# Build/deploy current host
sudo nixos-rebuild switch --flake .#$(uname -n)
# Home-manager update
home-manager --flake . switch
# Update all flake inputs
nix flake update
# Add/edit secret
agenix -e secrets/<name>.age
# Infrastructure shell (OpenTofu)
nix develop .#infraShell
# Check configuration (no activation)
nixos-rebuild dry-build --flake .#<hostname>
```
## TRAEFIK PATTERNS (m3-atlas only)
### SSL Termination
- **Provider**: Godaddy DNS challenge
- **Cert storage**: `/var/lib/traefik/acme.json`
- **Config**: `hosts/m3-atlas/services/traefik.nix`
### Service Integration Template
```nix
services.traefik.dynamicConfigOptions.http = {
services.<name>.loadBalancer.servers = [{ url = "http://127.0.0.1:<port>"; }];
routers.<name> = {
rule = "Host(`<subdomain>.m3ta.dev`)";
service = "<name>";
tls.certResolver = "godaddy";
};
};
config = lib.mkMerge [
(lib.mkIf cfg.enable { ... })
(lib.mkIf cfg.extraConfig { ... })
];
```
### Container Pattern
- **Network**: `--network=web --ip=10.89.0.<sequential>`
- **Ports**: Bind localhost only (`127.0.0.1:<external>:<internal>`)
- **Database access**: `--add-host=mysql:10.89.0.1` (gateway IP)
### Anti-Patterns (AVOID)
## HOST ROLES
- **Never use `with pkgs;`** — always use explicit package references
- **Never use `builtins.fetchTarball`** — use flake inputs instead
- **Never use `import <nixpkgs>`** — always use inputs
- **Never use `builtins.getAttr/hasAttr`** — use `lib.attrByPath` or `lib.optionalAttrs`
- **Avoid anonymous functions in config** — extract to named lets
| Host | Type | Hardware | Purpose |
|------|------|----------|---------|
| m3-atlas | Server | x86_64, disko | 20+ services, Traefik hub, PostgreSQL, MySQL |
| m3-helios | Server | x86_64, disko | AdGuard DNS, internal routing |
| m3-ares | Desktop | NVIDIA, Btrfs | Personal workstation, n8n, PostgreSQL |
| m3-kratos | Desktop | AMD, ZFS | Workstation, mem0, PostgreSQL |
| m3-aether | Cloud | QEMU | General purpose VM |
| m3-daedalus | Laptop | home-only | Portable (no full NixOS config) |
### Imports
## ANTI-PATTERNS (THIS PROJECT)
- Use flake inputs for dependencies (e.g., `inputs.home-manager.nixosModules.home-manager`)
- Import relative paths with `./` or `../`
- Never use absolute paths in imports
- **DON'T** add secrets to `secrets/` without updating `secrets.nix` public keys
- **DON'T** hardcode ports - use `config.m3ta.ports.get` or add to registry
- **DON'T** create containers outside the `web` network on m3-atlas
- **DON'T** skip Traefik config for public-facing services on m3-atlas
- **DON'T** bypass extraServices flags - use `hosts/common/extraServices/` pattern
- **DON'T** commit unencrypted secrets or test with real credentials
### Secrets
## UNIQUE TO THIS CONFIG
- Secrets managed via **agenix** in `secrets/` directory
- Never commit plaintext secrets
- Use `.nix` extension for secret files
- **Custom m3ta-nixpkgs**: Local overlay for unreleased/patched packages
- **extraServices abstraction**: Boolean flags to toggle Podman, Ollama, virtualisation per host
- **Mythological naming**: All hosts named after Greek mythology
- **Dual domain strategy**: New services on `m3ta.dev`, legacy redirects from `m3tam3re.com`
- **Per-host nixpkgs versions**: Different hosts can use different nixpkgs commits via specialArgs
- **Container IP registry**: Static IP assignments in 10.89.0.0/24 subnet for predictable networking
---
## NOTES
## Key Files
- m3-atlas is the service hub - most complex configuration
- Secrets require host SSH keys defined in `secrets.nix` before `agenix -e` works
- Fish and Nushell both configured - choose per-user with shell aliases
- Color scheme (Dracula) applied via nix-colors across all visual tools
- See subdirectory AGENTS.md for deep dives on containers, desktop features, CLI tools
| File | Purpose |
| ---------------------------------- | ------------------------------------------------------------------------------------------ |
| `flake.nix` | Central entry point defining all hosts, overlays, packages, dev shells, and nixpkgs config |
| `hosts/common/default.nix` | Shared Nix settings, nixpkgs overlays, home-manager integration, user defaults |
| `hosts/m3-ares/default.nix` | Main desktop host configuration, imports common + service modules |
| `hosts/m3-ares/configuration.nix` | Desktop environment config (Hyprland, display, audio, etc.) |
| `hosts/m3-ares/programs.nix` | CLI tools, dev tools, shell configs |
| `hosts/m3-ares/services/` | Service-specific configs (firewall, printing, etc.) |
| `modules/nixos/default.nix` | Orchestrates common + configuration imports |
| `overlays/default.nix` | Package version overrides (stable/locked/master branches) |
| `.opencode-rules/languages/nix.md` | Nix-specific conventions and patterns |
---
## What to Avoid
1. **Don't modify `flake.lock`** directly — use `nix flake update`
2. **Don't use impure operations** — this is a pure flake-based config
3. **Don't commit without formatting** — always run `alejandra .` first
4. **Don't add packages to hosts directly** — prefer adding to overlays or using NUR
5. **Don't hardcode paths** — use `inputs` and relative imports
6. **Don't create monolithic modules** — keep functions under 20 lines
7. **Don't skip the dry-run** — always test with `--dry-run` before switching
8. **Don't use lib.mkDefault lightly** — understand the precedence implications
---
## Notes
### Adding a New Host
1. Add entry to `flake.nix` → `nixosConfigurations`
2. Create directory in `hosts/` with:
- `default.nix` — imports common + specific configs
- `configuration.nix` — host-specific system config
- `hardware-configuration.nix` — from `nixos-generate-config`
- `programs.nix`, `services/`, `secrets.nix` as needed
3. Run `sudo nixos-generate-config --dir ./hosts/new-host` first time
### Adding a New Package
1. For simple packages: add to appropriate overlay in `overlays/default.nix`
2. For complex packages: create in `pkgs/` directory
3. For upstream packages: use NUR or add as flake input
### Development Workflow
1. Edit config files
2. Run `alejandra .` to format
3. Run `statix check .` for linting
4. Run `sudo nixos-rebuild dry-run --flake .#m3-ares`
5. If successful: `sudo nixos-rebuild switch --flake .#m3-ares`
### Remote Building
```bash
# Build on remote machine
nix copy --to ssh://user@host .#nixosConfigurations.m3-ares.config.system.build.toplevel
ssh user@host 'sudo nixos-rebuild switch --flake /nix/store/...-closure'
```
### Home Manager
- Home configs live in `home/m3tam3re/`
- Use `home-manager.users.m3tam3re` in host config
- Access via `config.home-manager.users.m3tam3re`

191
docs/AGENIX-GUIDE.md
View File

@@ -1,191 +0,0 @@
# Agenix Secret Management Guide
A guide for creating and managing encrypted secrets using agenix in the nixos-config project.
## Prerequisites
- SSH key pair (ed25519 or rsa) in `~/.ssh/`
- Access to the nixos-config repository
- Secret added to `secrets.nix` with appropriate public keys
---
## Creating a New Secret
### Step 1: Add Secret to secrets.nix
Edit `secrets.nix` and add a new entry:
```nix
"secrets/<your-secret-name>.age".publicKeys = systems ++ users;
```
Where:
- `<your-secret-name>` is the desired filename (without `.age`)
- `systems` = hosts that can decrypt this secret
- `users` = users that can decrypt this secret
Example:
```nix
"secrets/my-service-api-key.age".publicKeys = systems ++ users;
```
### Step 2: Create the Encrypted Secret
Navigate to the nixos-config directory:
```bash
cd ~/p/NIX/nixos-config
```
Generate a secure random token (if needed):
```bash
head -c 32 /dev/urandom | base64 | tr -d '\n'
```
Or use a specific value:
```bash
echo -n "your-secret-value-here" > /tmp/token.txt
```
Encrypt and create the secret file:
```bash
cat /tmp/token.txt | RULES=./secrets.nix nix develop . --command sh -c 'agenix -e secrets/<your-secret-name>.age'
```
The `-e` flag encrypts stdin content into the age file. If no stdin is provided, agenix opens your editor.
### Step 3: Verify the Secret
Decrypt to verify:
```bash
RULES=./secrets.nix nix develop . --command agenix -d secrets/<your-secret-name>.age
```
You should see your secret value printed to stdout.
### Step 4: Use in NixOS Configuration
Reference the secret in your service config:
```nix
{ config, ... }:
{
# For environment files
environmentFiles = [ config.age.secrets."my-secret-name".path ];
# For file-based secrets
environmentFile = config.age.secrets."my-secret-name".path;
}
```
The secret will be available at `/run/agenix/<your-secret-name>` when the system builds.
---
## Common Patterns
### Token-Based Registration (e.g., Tuwunel)
```nix
# secrets.nix
"secrets/tuwunel-registration-token.age".publicKeys = systems ++ users;
```
```nix
# services/tuwunel.nix
settings.global = {
allow_registration = true;
registration_token_file = config.age.secrets."tuwunel-registration-token".path;
};
```
### API Keys via Environment Files
```nix
# secrets.nix
"secrets/my-service-env.age".publicKeys = systems ++ users;
```
Create `my-service-env.age` containing:
```
MY_SERVICE_API_KEY=your-key-here
DATABASE_URL=postgres://...
```
Reference in config:
```nix
environmentFiles = [ config.age.secrets."my-service-env".path ];
```
### File-Based Secrets
For binary files or specific file paths:
```nix
settings = {
tls.cert = config.age.secrets."tls-cert".path;
tls.key = config.age.secrets."tls-key".path;
};
```
---
## Agenix Command Reference
| Command | Description |
|---------|-------------|
| `agenix -e <file.age>` | Edit/create encrypted secret (opens editor or uses stdin) |
| `agenix -d <file.age>` | Decrypt and print to stdout |
| `agenix -r` | Re-encrypt all secrets (after changing public keys) |
| `agenix --validate-config` | Validate secrets.nix syntax |
### Environment Variables
| Variable | Default | Description |
|----------|---------|-------------|
| `RULES` | `./secrets.nix` | Path to secrets.nix file |
| `EDITOR` | `$EDITOR` | Editor for interactive editing |
---
## Troubleshooting
### "No identity found to decrypt"
**Cause**: No SSH private key available.
**Solution**: Ensure your private key is in `~/.ssh/`:
- `~/.ssh/id_rsa`
- `~/.ssh/id_ed25519`
- Or specify with `-i /path/to/private/key`
### "Failed to find config root"
**Cause**: Agenix can't find `secrets.nix`.
**Solution**: Use `RULES=./secrets.nix` or run from the nixos-config directory.
### Rekeying Secrets
After adding new public keys to `secrets.nix`, re-encrypt all secrets:
```bash
cd ~/p/NIX/nixos-config
RULES=./secrets.nix nix develop . --command agenix -r
```
---
## Security Notes
- Never commit plaintext secrets to git
- Always use `secrets.nix` for encryption keys
- Include only necessary hosts/users in public keys
- Rotate secrets periodically
- Use `agenix -r` after modifying public keys

727
docs/plans/2026-04-26-home-profile-restructuring.md
View File

@@ -1,727 +0,0 @@
# Home Profile Restructuring Implementation Plan
> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
**Goal:** Restructure nixos-config/home/ from host-based to profile-based organization with clear separation between base, coding, profiles, desktop, and server layers.
**Architecture:** Three-layer model: Base (always loaded) → Coding (profile-independent) → Profiles/Context (freely combinable with constraints). Desktop and Server contexts are mutually exclusive.
**Tech Stack:** NixOS, Home Manager, Nix flakes
---
## File Structure
```
home/
├── base/ # IMMER geladen
│ ├── default.nix
│ ├── shell/
│ │ ├── default.nix
│ │ ├── nushell.nix # PRIMARY Shell
│ │ └── starship.nix
│ ├── cli-tools/
│ │ ├── default.nix
│ │ ├── fzf.nix
│ │ ├── zellij.nix
│ │ ├── nitch.nix
│ │ └── television.nix
│ └── secrets/
│ └── secrets.nix
├── coding/ # Profil-unabhängig
│ ├── default.nix
│ ├── editor/
│ │ ├── default.nix
│ │ └── neovim.nix # Basis NeoVim (aus nixpkgs referenziert)
│ ├── lsp/
│ │ ├── default.nix
│ │ └── servers.nix
│ ├── git/
│ │ └── git.nix
│ └── agents/
│ └── agents.nix # Agent-System (aus nixpkgs referenziert)
├── profiles/ # FREI KOMBINIERBAR
│ ├── gaming/
│ │ ├── default.nix
│ │ ├── steam.nix
│ │ └── gamescope.nix
│ │
│ └── media/
│ ├── default.nix
│ ├── obs.nix
│ ├── ffmpeg.nix
│ ├── yt-dlp.nix
│ ├── kdenlive.nix
│ └── handbrake.nix
├── desktop/ # NUR wenn context=desktop
│ ├── default.nix
│ ├── wm/
│ │ ├── default.nix
│ │ ├── hyprland.nix
│ │ ├── wayland.nix
│ │ └── rofi.nix
│ ├── apps/
│ │ ├── default.nix
│ │ ├── obsidian.nix
│ │ ├── office.nix
│ │ ├── webapps.nix
│ │ └── crypto.nix
│ └── theme/
│ ├── default.nix
│ ├── fonts.nix
│ ├── theme.nix
│ └── wallpapers.nix
└── server/
└── default.nix
```
**Key Integration Points:**
| Component | Source | Notes |
|-----------|--------|-------|
| NeoVim Config | `inputs.m3ta-nixpkgs.pkgs.neovim-config` | Custom package in nixpkgs |
| OpenCode Desktop | `inputs.m3ta-nixpkgs.pkgs.opencode-desktop` | Custom package |
| Agent-System | `inputs.m3ta-nixpkgs.homeModules.coding.agents` | OpenCode, Claude Code, Pi |
| Zed Editor | `inputs.m3ta-nixpkgs.homeModules.coding.editors` | Desktop-only via Zed Remote |
| Editor Module | `inputs.m3ta-nixpkgs.homeModules.coding.editors` | NeoVim (base) + Zed (desktop) |
---
## Phase 1: Create New Structure
### Task 1: Create Directory Structure
**Files:**
- Create: `home/base/default.nix`
- Create: `home/base/shell/default.nix`
- Create: `home/base/shell/nushell.nix`
- Create: `home/base/shell/starship.nix`
- Create: `home/base/cli-tools/default.nix`
- Create: `home/base/cli-tools/fzf.nix`
- Create: `home/base/cli-tools/zellij.nix`
- Create: `home/base/cli-tools/nitch.nix`
- Create: `home/base/cli-tools/television.nix`
- Create: `home/base/secrets/secrets.nix`
- Create: `home/coding/default.nix`
- Create: `home/coding/editor/default.nix`
- Create: `home/coding/editor/neovim.nix`
- Create: `home/coding/lsp/default.nix`
- Create: `home/coding/lsp/servers.nix`
- Create: `home/coding/git/git.nix`
- Create: `home/coding/agents/agents.nix`
- Create: `home/profiles/gaming/default.nix`
- Create: `home/profiles/gaming/steam.nix`
- Create: `home/profiles/gaming/gamescope.nix`
- Create: `home/profiles/media/default.nix`
- Create: `home/profiles/media/obs.nix`
- Create: `home/profiles/media/ffmpeg.nix`
- Create: `home/profiles/media/yt-dlp.nix`
- Create: `home/profiles/media/kdenlive.nix`
- Create: `home/profiles/media/handbrake.nix`
- Create: `home/desktop/default.nix`
- Create: `home/desktop/wm/default.nix`
- Create: `home/desktop/wm/hyprland.nix`
- Create: `home/desktop/wm/wayland.nix`
- Create: `home/desktop/wm/rofi.nix`
- Create: `home/desktop/apps/default.nix`
- Create: `home/desktop/apps/obsidian.nix`
- Create: `home/desktop/apps/office.nix`
- Create: `home/desktop/apps/webapps.nix`
- Create: `home/desktop/apps/crypto.nix`
- Create: `home/desktop/theme/default.nix`
- Create: `home/desktop/theme/fonts.nix`
- Create: `home/desktop/theme/theme.nix`
- Create: `home/desktop/theme/wallpapers.nix`
- Create: `home/server/default.nix`
- Modify: `home/default.nix` (Hauptaggregator)
- [ ] **Step 1: Create home/base/default.nix**
```nix
# home/base/default.nix
# Basis-Konfiguration: Shell + CLI-Tools + Secrets
# Wird IMMER geladen (kein enable-Flag)
{ inputs, lib, pkgs, ... }:
{
imports = [
./shell
./cli-tools
./secrets
];
}
```
- [ ] **Step 2: Create home/base/shell/default.nix**
```nix
# home/base/shell/default.nix
{ inputs, lib, pkgs, ... }:
{
imports = [
./nushell.nix
./starship.nix
];
}
```
- [ ] **Step 3: Create home/base/shell/nushell.nix**
Migrated from: `home/features/cli/nushell.nix`
```nix
# home/base/shell/nushell.nix
# Primary shell - Nushell
{ lib, pkgs, ... }:
{
programs.nushell = {
enable = true;
configFile = ...;
};
home.packages = with pkgs; [
nushell
];
}
```
- [ ] **Step 4: Create home/base/shell/starship.nix**
Migrated from: `home/features/cli/starship.nix`
- [ ] **Step 5: Create home/base/cli-tools/default.nix**
```nix
# home/base/cli-tools/default.nix
{ ... }:
{
imports = [
./fzf.nix
./zellij.nix
./nitch.nix
./television.nix
];
}
```
- [ ] **Step 6: Create CLI tool modules**
Migrate from `home/features/cli/`:
- `fzf.nix``home/base/cli-tools/fzf.nix`
- `zellij.nix``home/base/cli-tools/zellij.nix`
- `nitch.nix``home/base/cli-tools/nitch.nix`
- `television.nix``home/base/cli-tools/television.nix`
- [ ] **Step 7: Create home/base/secrets/secrets.nix**
Migrated from: `home/features/cli/secrets.nix`
- [ ] **Step 8: Create home/coding/default.nix**
```nix
# home/coding/default.nix
# Coding-Konfiguration: Editor + LSP + Git + Agents
# Wird geladen wenn coding Profil aktiviert
{ inputs, lib, pkgs, ... }:
{
imports = [
./editor
./lsp
./git
./agents
];
}
```
- [ ] **Step 9: Create home/coding/editor/default.nix**
References: `inputs.m3ta-nixpkgs.homeModules.coding.editors`
```nix
# home/coding/editor/default.nix
{ inputs, lib, pkgs, ... }:
{
# Importiert NeoVim (immer) + Zed (desktop)
imports = [
inputs.m3ta-nixpkgs.homeModules.coding.editors
];
# NeoVim Config Package
home.packages = [ inputs.m3ta-nixpkgs.packages.${pkgs.system}.neovim-config ];
}
```
- [ ] **Step 10: Create home/coding/lsp/default.nix + servers.nix**
Migrate LSP configuration from existing setup
- [ ] **Step 11: Create home/coding/git/git.nix**
```nix
# home/coding/git/git.nix
{ lib, pkgs, ... }:
{
programs.git = {
enable = true;
# Git configuration
};
}
```
- [ ] **Step 12: Create home/coding/agents/agents.nix**
References: `inputs.m3ta-nixpkgs.homeModules.coding.agents`
```nix
# home/coding/agents/agents.nix
{ inputs, lib, pkgs, ... }:
{
imports = [
inputs.m3ta-nixpkgs.homeModules.coding.agents
];
# Agent-Konfiguration
coding.agents.opencode = {
enable = true;
agentsInput = inputs.agents;
# modelOverrides...
};
}
```
- [ ] **Step 13: Create home/profiles/gaming/default.nix**
```nix
# home/profiles/gaming/default.nix
# Gaming Profile - frei kombinierbar
{ lib, pkgs, ... }:
{
imports = [
./steam.nix
./gamescope.nix
];
}
```
- [ ] **Step 14: Create gaming profile modules**
- `steam.nix` - Steam + Steam Deck Tools
- `gamescope.nix` - Gamescope Session
- [ ] **Step 15: Create home/profiles/media/default.nix**
```nix
# home/profiles/media/default.nix
# Media Profile - Content Creation / Streaming
{ lib, pkgs, ... }:
{
imports = [
./obs.nix
./ffmpeg.nix
./yt-dlp.nix
./kdenlive.nix
./handbrake.nix
];
}
```
- [ ] **Step 16: Create media profile modules**
Migrate from `home/features/desktop/media.nix`:
- `obs.nix` - OBS Studio
- `ffmpeg.nix` - FFmpeg + Tools
- `yt-dlp.nix` - YouTube Downloader
- `kdenlive.nix` - Kdenlive Video Editor
- `handbrake.nix` - HandBrake
- [ ] **Step 17: Create home/desktop/default.nix**
```nix
# home/desktop/default.nix
# Desktop-Konfiguration - nur wenn context=desktop
{ lib, pkgs, ... }:
{
# Zed Remote: Server-Zugriff via SSH
programs.zed-editor = {
enable = true;
# Remote Connections Config
};
imports = [
./wm
./apps
./theme
];
}
```
- [ ] **Step 18: Create home/desktop/wm modules**
Migrate from `home/features/desktop/`:
- `hyprland.nix``home/desktop/wm/hyprland.nix`
- `wayland.nix``home/desktop/wm/wayland.nix`
- `rofi.nix``home/desktop/wm/rofi.nix`
- [ ] **Step 19: Create home/desktop/apps modules**
Migrate from `home/features/desktop/`:
- `obsidian.nix``home/desktop/apps/obsidian.nix`
- `office.nix``home/desktop/apps/office.nix`
- `webapps.nix``home/desktop/apps/webapps.nix`
- `crypto.nix``home/desktop/apps/crypto.nix`
- [ ] **Step 20: Create home/desktop/theme modules**
Migrate from `home/features/desktop/`:
- `fonts.nix``home/desktop/theme/fonts.nix`
- `theme.nix``home/desktop/theme/theme.nix`
- `wallpapers.nix``home/desktop/theme/wallpapers.nix`
- [ ] **Step 21: Create home/server/default.nix**
```nix
# home/server/default.nix
# Server-Konfiguration - nur wenn context=server
# Minimal da primär via Zed Remote gearbeitet wird
{ lib, pkgs, ... }:
{
# Server-spezifische Konfiguration falls nötig
}
```
- [ ] **Step 22: Commit Phase 1**
```bash
git add home/
git commit -m "feat(home): create new directory structure
- Add base/ with shell, cli-tools, secrets
- Add coding/ with editor, lsp, git, agents
- Add profiles/ with gaming, media
- Add desktop/ with wm, apps, theme
- Add server/ minimal config
- Reference m3ta-nixpkgs modules where appropriate"
```
---
## Phase 2: Create Profile System with Constraints
### Task 2: Implement Profile Loader with Mutual Exclusion
**Files:**
- Create: `home/lib/default.nix` (Profile loading utilities)
- Modify: `flake.nix` (Host-spezifische Home-Config)
- Modify: `hosts/common/users/home.nix`
- [ ] **Step 1: Create home/lib/default.nix**
```nix
# home/lib/default.nix
# Profile loading utilities
{ lib }:
{
# Generiert Home-Manager Konfiguration basierend auf Profilen
mkHomeConfig = {
profiles ? [],
context ? null, # "desktop" | "server" | null
}: let
inherit (lib) optionalAttrs mkIf;
# Profile die immer geladen werden
baseModules = [ ./base ];
# Profile die optional geladen werden
profileModules = optionalAttrs (builtins.elem "coding" profiles) [ ./coding ];
# Context-spezifische Module
contextModules = {
desktop = [ ./desktop ];
server = [ ./server ];
};
# Profile-spezifische Module
profileSpecific = {
gaming = [ ./profiles/gaming ];
media = [ ./profiles/media ];
};
in {
imports = baseModules ++ profileModules
++ (contextModules.${context} or [])
++ (builtins.map (p: ./profiles.${p})
(builtins.filter (p: builtins.hasAttr p profileSpecific) profiles));
};
# Assertion: desktop und server schließen sich aus
mutualExclusiveContexts = builtins.hasAttr "desktop" && builtins.hasAttr "server";
}
```
- [ ] **Step 2: Update flake.nix for m3-ares (Desktop)**
```nix
# hosts/m3-ares/ (Desktop Beispiel)
{ inputs, lib, pkgs, ... }:
{
# Home-Manager für m3tam3re auf m3-ares
home-manager.users.m3tam3re = { config, ... }: {
# NEU: Profile-System
m3ta.profiles = [ "coding" "gaming" "media" ]; # Freie Kombination
m3ta.context = "desktop"; # Schließt "server" aus
# Alternativ: Legacy-Kompatibilität
# imports = [ ./home ];
};
}
```
- [ ] **Step 3: Update flake.nix for m3-atlas (Server)**
```nix
# hosts/m3-atlas/ (Server Beispiel)
{ inputs, lib, pkgs, ... }:
{
home-manager.users.m3tam3re = { config, ... }: {
m3ta.profiles = [ "coding" ]; # Nur Coding auf Server
m3ta.context = "server"; # Schließt "desktop" aus
};
}
```
- [ ] **Step 4: Add assertions in flake.nix**
```nix
# Validation: Context constraints
assertion = hostConfig.m3ta.context != "desktop" || hostConfig.m3ta.context != "server"
|| (hostConfig.m3ta.context == null); # Mutually exclusive
```
- [ ] **Step 5: Commit Phase 2**
```bash
git add flake.nix hosts/
git commit -m "feat: implement profile system with constraints
- Add home/lib for profile loading utilities
- Add m3ta.profiles option (list of profiles)
- Add m3ta.context option (desktop|server|null)
- Add mutual exclusion assertion
- Update m3-ares and m3-atlas as examples"
```
---
## Phase 3: Migrate Existing Configuration
### Task 3: Migrate home/features to new Structure
**Files:**
- Modify: Multiple files in `home/features/` (move content, update paths)
- [ ] **Step 1: Map existing features to new structure**
| Old Location | New Location | Notes |
|--------------|--------------|-------|
| `home/features/cli/nushell.nix` | `home/base/shell/nushell.nix` | ✓ Done in Task 1 |
| `home/features/cli/starship.nix` | `home/base/shell/starship.nix` | ✓ Done in Task 1 |
| `home/features/cli/fzf.nix` | `home/base/cli-tools/fzf.nix` | ✓ Done in Task 1 |
| `home/features/cli/zellij.nix` | `home/base/cli-tools/zellij.nix` | ✓ Done in Task 1 |
| `home/features/cli/nitch.nix` | `home/base/cli-tools/nitch.nix` | ✓ Done in Task 1 |
| `home/features/cli/television.nix` | `home/base/cli-tools/television.nix` | ✓ Done in Task 1 |
| `home/features/cli/secrets.nix` | `home/base/secrets/secrets.nix` | ✓ Done in Task 1 |
| `home/features/coding/opencode.nix` | Reference via `m3ta-nixpkgs` | Update import |
| `home/features/coding/pi.nix` | Reference via `m3ta-nixpkgs` | Update import |
| `home/features/desktop/hyprland.nix` | `home/desktop/wm/hyprland.nix` | ✓ Done in Task 1 |
| `home/features/desktop/wayland.nix` | `home/desktop/wm/wayland.nix` | ✓ Done in Task 1 |
| `home/features/desktop/rofi.nix` | `home/desktop/wm/rofi.nix` | ✓ Done in Task 1 |
| `home/features/desktop/obsidian.nix` | `home/desktop/apps/obsidian.nix` | ✓ Done in Task 1 |
| `home/features/desktop/office.nix` | `home/desktop/apps/office.nix` | ✓ Done in Task 1 |
| `home/features/desktop/webapps.nix` | `home/desktop/apps/webapps.nix` | ✓ Done in Task 1 |
| `home/features/desktop/crypto.nix` | `home/desktop/apps/crypto.nix` | ✓ Done in Task 1 |
| `home/features/desktop/fonts.nix` | `home/desktop/theme/fonts.nix` | ✓ Done in Task 1 |
| `home/features/desktop/theme.nix` | `home/desktop/theme/theme.nix` | ✓ Done in Task 1 |
| `home/features/desktop/wallpapers.nix` | `home/desktop/theme/wallpapers.nix` | ✓ Done in Task 1 |
| `home/features/desktop/media.nix` | `home/profiles/media/*.nix` | Split into modules |
| `home/features/desktop/gaming.nix` | `home/profiles/gaming/*.nix` | Split into modules |
- [ ] **Step 2: Archive old structure**
```bash
# After migration, archive old features/
git mv home/features home/features.old
```
- [ ] **Step 3: Verify all configurations are imported**
```bash
# Check that all features are accessible in new structure
nix flake check
home-manager dry-activate
```
- [ ] **Step 4: Commit Phase 3**
```bash
git add -A
git commit -m "chore: migrate features to profile structure
- Move all cli features to base/shell and base/cli-tools
- Move desktop features to desktop/* subdirectories
- Split media into individual profile modules
- Split gaming into individual profile modules
- Archive old features/ directory"
```
---
## Phase 4: Test and Validate
### Task 4: Test Profile Combinations
**Files:**
- Test: Manual testing on m3-ares (Desktop)
- Test: Manual testing on m3-atlas (Server)
- [ ] **Step 1: Test m3-ares (Desktop with all profiles)**
```bash
# Build and test on m3-ares
nixos-rebuild dry-build --flake .#m3-ares
home-manager dry-activate --flake .#m3tam3re@m3-ares
```
Expected: Loads base + coding + desktop + gaming + media
- [ ] **Step 2: Test m3-atlas (Server with coding only)**
```bash
# Build and test on m3-atlas
nixos-rebuild dry-build --flake .#m3-atlas
home-manager dry-activate --flake .#m3tam3re@m3-atlas
```
Expected: Loads base + coding + server (no desktop modules)
- [ ] **Step 3: Test assertion (should fail)**
```nix
# This SHOULD fail - desktop and server together
m3ta.context = "desktop";
m3ta.profiles = [ "coding" ];
# Nix should throw assertion error
```
- [ ] **Step 4: Commit Phase 4**
```bash
git commit -m "test: validate profile combinations on all hosts
- m3-ares: base + coding + desktop + gaming + media ✓
- m3-atlas: base + coding + server ✓
- Constraint assertion working ✓"
```
---
## Phase 5: Cleanup
### Task 5: Remove Old Structure
**Files:**
- Delete: `home/features.old/` (after verification)
- [ ] **Step 1: Verify no broken imports**
```bash
# Search for any references to old paths
grep -r "home/features" --include="*.nix"
```
Expected: No results
- [ ] **Step 2: Delete old directory**
```bash
git rm -rf home/features.old
```
- [ ] **Step 3: Final format and check**
```bash
nix fmt
nix flake check
```
- [ ] **Step 4: Final commit**
```bash
git commit -m "chore: remove old features directory
Cleanup complete. New structure:
- home/base/ (always loaded)
- home/coding/ (profile-independent)
- home/profiles/ (gaming, media)
- home/desktop/ (context=desktop)
- home/server/ (context=server)"
```
---
## Summary
| Phase | Tasks | Description |
|-------|-------|-------------|
| 1 | 1 | Create new directory structure |
| 2 | 2 | Implement profile system with constraints |
| 3 | 3 | Migrate existing features |
| 4 | 4 | Test profile combinations |
| 5 | 5 | Remove old structure |
**Total:** 5 tasks, ~22 steps
**Expected Duration:** 2-4 hours (depending on migration complexity)
---
## Migration Notes
1. **NeoVim Config**: Already in nixpkgs, reference via `inputs.m3ta-nixpkgs.packages.neovim-config`
2. **Agent-System**: Already in nixpkgs, reference via `inputs.m3ta-nixpkgs.homeModules.coding.agents`
3. **Zed Remote**: Desktop-only feature, works via SSH. No server-side installation needed.
4. **Fish Shell**: Removed from base (Nushell is primary). Can be added as optional profile if needed.
5. **Feature Flags**: Old `features.*.enable` options → New profile lists `m3ta.profiles = [ "gaming" "media" ]`

167
flake.lock generated
View File

@@ -26,11 +26,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1777053633,
"narHash": "sha256-AtoguTQc8x4ysH5KSlRaFMx1elTOnTdk1u4YtqlttVU=",
"lastModified": 1777399938,
"narHash": "sha256-xXPqUQezDdDtF8MbpZnwD1HkybOYwF92evx8rJ6OXCU=",
"ref": "refs/heads/master",
"rev": "6e0e847299b81665ba594668fff208278bb3de3b",
"revCount": 73,
"rev": "9a91f1ee0cf011a7eaf1f16a9e17610b0457e055",
"revCount": 85,
"type": "git",
"url": "https://code.m3ta.dev/m3tam3re/AGENTS"
},
@@ -42,11 +42,11 @@
"agents_2": {
"flake": false,
"locked": {
"lastModified": 1776092721,
"narHash": "sha256-avV4Snqp0K57I9s8D61+GHlg9DYZFSIvjaS4d4RYpG8=",
"lastModified": 1777399938,
"narHash": "sha256-xXPqUQezDdDtF8MbpZnwD1HkybOYwF92evx8rJ6OXCU=",
"ref": "refs/heads/master",
"rev": "0ad41acb03eee0e22cba611b2171a3d3ee30cb10",
"revCount": 72,
"rev": "9a91f1ee0cf011a7eaf1f16a9e17610b0457e055",
"revCount": 85,
"type": "git",
"url": "https://code.m3ta.dev/m3tam3re/AGENTS"
},
@@ -124,7 +124,6 @@
"llm-agents",
"flake-parts"
],
"import-tree": "import-tree",
"nixpkgs": [
"llm-agents",
"nixpkgs"
@@ -139,11 +138,11 @@
]
},
"locked": {
"lastModified": 1776192490,
"narHash": "sha256-5gYQNEs0/vDkHhg63aHS5g0IwG/8HNvU1Vr00cElofk=",
"lastModified": 1777369708,
"narHash": "sha256-1xW7cRZNsFNPQD+cE0fwnLVStnDth0HSoASEIFeT7uI=",
"owner": "nix-community",
"repo": "bun2nix",
"rev": "6ef9f144616eedea90b364bb408ef2e1de7b310a",
"rev": "e659e1cc4b8e1b21d0aa85f1c481f9db61ecfa98",
"type": "github"
},
"original": {
@@ -182,11 +181,11 @@
]
},
"locked": {
"lastModified": 1773889306,
"narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=",
"lastModified": 1776613567,
"narHash": "sha256-gC9Cp5ibBmGD5awCA9z7xy6MW6iJufhazTYJOiGlCUI=",
"owner": "nix-community",
"repo": "disko",
"rev": "5ad85c82cc52264f4beddc934ba57f3789f28347",
"rev": "32f4236bfc141ae930b5ba2fb604f561fed5219d",
"type": "github"
},
"original": {
@@ -286,16 +285,16 @@
"uv2nix": "uv2nix_2"
},
"locked": {
"lastModified": 1776983519,
"narHash": "sha256-cJEYjf8xV4vDw9xRBh9SHMhamj5wNjEhmMO5O3s5lag=",
"lastModified": 1777573861,
"narHash": "sha256-whY/1WL2fQUhPqDp7CGm3MSwOOo7FB1eADhNVnHeCRU=",
"owner": "NousResearch",
"repo": "hermes-agent",
"rev": "bf196a3fc0fd1f79353369e8732051db275c6276",
"rev": "73bf3ab1b22314ed9dfecbb59242c03742fe72af",
"type": "github"
},
"original": {
"owner": "NousResearch",
"ref": "v2026.4.23",
"ref": "v2026.4.30",
"repo": "hermes-agent",
"type": "github"
}
@@ -328,11 +327,11 @@
]
},
"locked": {
"lastModified": 1775781825,
"narHash": "sha256-L5yKTpR+alrZU2XYYvIxCeCP4LBHU5jhwSj7H1VAavg=",
"lastModified": 1777476904,
"narHash": "sha256-EeLoE8n4+QCbteyAsYXxhfr97RFfWL1ga0xwfL6lpKw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e35c39fca04fee829cecdf839a50eb9b54d8a701",
"rev": "8c8e5389e75a36bee53920de8ee24f017b3ae03e",
"type": "github"
},
"original": {
@@ -391,11 +390,11 @@
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1774257081,
"narHash": "sha256-92ZbaBfsEXEE7VaWJjv9aRSk3l9nyoYYyMe2AwTqSZI=",
"lastModified": 1776923321,
"narHash": "sha256-QowlCOrE4jGOTDCUCEx/E8gHjqSx3r25y7v4dEBpBhk=",
"owner": "Jas-SinghFSU",
"repo": "HyprPanel",
"rev": "e919b4a8a8ab5f2a0752f68576ab3eed6993cefd",
"rev": "1961ba86ad5ab880beb639e5454054b2b5037e0d",
"type": "github"
},
"original": {
@@ -404,21 +403,6 @@
"type": "github"
}
},
"import-tree": {
"locked": {
"lastModified": 1763762820,
"narHash": "sha256-ZvYKbFib3AEwiNMLsejb/CWs/OL/srFQ8AogkebEPF0=",
"owner": "vic",
"repo": "import-tree",
"rev": "3c23749d8013ec6daa1d7255057590e9ca726646",
"type": "github"
},
"original": {
"owner": "vic",
"repo": "import-tree",
"type": "github"
}
},
"llm-agents": {
"inputs": {
"blueprint": "blueprint",
@@ -429,11 +413,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1777055188,
"narHash": "sha256-Cdo4+L4KTEBXCyJyZdXOjyXmnwl1m5VzHJ5uIwQTENE=",
"lastModified": 1777439951,
"narHash": "sha256-1Bs4ZbBayXWicrOrQQn3/BnnqhEy+tQjdFn40wHu1dw=",
"owner": "numtide",
"repo": "llm-agents.nix",
"rev": "bee1f681fda054c310cd25fbc944e02a7648a0ee",
"rev": "2641c18f5bb9d0b95e81beca1b0415e174d7e650",
"type": "github"
},
"original": {
@@ -448,15 +432,14 @@
"basecamp": "basecamp",
"nixpkgs": "nixpkgs_6",
"nixpkgs-master": "nixpkgs-master",
"opencode": "opencode",
"openspec": "openspec"
},
"locked": {
"lastModified": 1776876631,
"narHash": "sha256-YgTb6pugAvUiSm7xVMpejf6kJPodhq8fOYQDdELfwQg=",
"lastModified": 1777486032,
"narHash": "sha256-UStORUF67vzXQ1jtORzR2cTv8GCvrxweF7HFHJgPpqw=",
"ref": "refs/heads/master",
"rev": "03ad7451fcfafde94da937afb6cf96ca39cc8e2f",
"revCount": 244,
"rev": "1da8c96447eb74a316861f6242421ef0309c29a8",
"revCount": 267,
"type": "git",
"url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
},
@@ -599,11 +582,11 @@
},
"nixpkgs-master": {
"locked": {
"lastModified": 1775657231,
"narHash": "sha256-DP8FfybiZPp5WLB9eIk0TC2mdvuYzxLGgrBODDrwPEI=",
"lastModified": 1777470666,
"narHash": "sha256-uAi+pTjKLturTz3XqTwnsU0fJnqf8xx8orfPpRbdaKQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4e03baaa39b7746eac5704d623461422131cd03d",
"rev": "053b9fa5f0fbdac0bd9d248cea58a11223eb495d",
"type": "github"
},
"original": {
@@ -615,11 +598,11 @@
},
"nixpkgs-master_2": {
"locked": {
"lastModified": 1775820596,
"narHash": "sha256-DDZkqNCW97pb1WX6sDICPnDEYcnIhGMVNLyrDOA2RUQ=",
"lastModified": 1777483759,
"narHash": "sha256-luE+pNcTx3gz109lEC/xUxPHrx1aEZsp5X4OEBcnGaw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8ccce85bee20142e7d9eb7f3423c5f4fb69fa985",
"rev": "b540331d6f1e343b6812b5aa1d97c707a0de0da2",
"type": "github"
},
"original": {
@@ -631,11 +614,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1775595990,
"narHash": "sha256-OEf7YqhF9IjJFYZJyuhAypgU+VsRB5lD4DuiMws5Ltc=",
"lastModified": 1777077449,
"narHash": "sha256-AIiMJiqvGrN4HyLEbKAoCSRRYn0rnlW5VbKNIMIYqm4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4e92bbcdb030f3b4782be4751dc08e6b6cb6ccf2",
"rev": "a4bf06618f0b5ee50f14ed8f0da77d34ecc19160",
"type": "github"
},
"original": {
@@ -695,11 +678,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1776329215,
"narHash": "sha256-a8BYi3mzoJ/AcJP8UldOx8emoPRLeWqALZWu4ZvjPXw=",
"lastModified": 1776949667,
"narHash": "sha256-GMSVw35Q+294GlrTUKlx087E31z7KurReQ1YHSKp5iw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b86751bc4085f48661017fa226dee99fab6c651b",
"rev": "01fbdeef22b76df85ea168fbfe1bfd9e63681b30",
"type": "github"
},
"original": {
@@ -711,11 +694,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1775423009,
"narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
"lastModified": 1777268161,
"narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
"rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
"type": "github"
},
"original": {
@@ -743,11 +726,11 @@
},
"nixpkgs_8": {
"locked": {
"lastModified": 1775710090,
"narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=",
"lastModified": 1777268161,
"narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4c1018dae018162ec878d42fec712642d214fdfa",
"rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
"type": "github"
},
"original": {
@@ -802,11 +785,11 @@
]
},
"locked": {
"lastModified": 1775820600,
"narHash": "sha256-C2ffOYhqlKqKqc0KEkMQXIs6NHpM5ewEoO+o+XZCo8c=",
"lastModified": 1777486007,
"narHash": "sha256-5R0q8ESHux3Le76n4IuNUThkAo4o2M+Kj1Loj2J7ahI=",
"owner": "nix-community",
"repo": "NUR",
"rev": "38d9344bb5323e582090d0033428a8dd7e684fde",
"rev": "6f5d55cfd726ff4cd68d006bddbdf459d0dc471b",
"type": "github"
},
"original": {
@@ -815,28 +798,6 @@
"type": "github"
}
},
"opencode": {
"inputs": {
"nixpkgs": [
"m3ta-nixpkgs",
"nixpkgs-master"
]
},
"locked": {
"lastModified": 1775782812,
"narHash": "sha256-m+Ue7FWiTjKMAn1QefAwOMfOb2Vybk0mJPV9zcbkOmE=",
"owner": "anomalyco",
"repo": "opencode",
"rev": "877be7e8e04142cd8fbebcb5e6c4b9617bf28cce",
"type": "github"
},
"original": {
"owner": "anomalyco",
"ref": "v1.4.3",
"repo": "opencode",
"type": "github"
}
},
"openspec": {
"inputs": {
"nixpkgs": [
@@ -845,11 +806,11 @@
]
},
"locked": {
"lastModified": 1775372219,
"narHash": "sha256-MJakKC026Sarz7nMmiFrfONWc4xgaw8ApV0Hhp4ebhM=",
"lastModified": 1776788052,
"narHash": "sha256-L4LBHVVtgMhSJm+IzZSYOR0UXPbvIRg4xiEV5urYxdI=",
"owner": "Fission-AI",
"repo": "OpenSpec",
"rev": "64d476f8b924bb9b74b896ea0aa784970e37da69",
"rev": "3c7a05c5dc88b2397c478805890b55ed392b19e8",
"type": "github"
},
"original": {
@@ -996,11 +957,11 @@
"skills-anthropic": {
"flake": false,
"locked": {
"lastModified": 1775755206,
"narHash": "sha256-H/oorOl5cch7bnziDz7gHNBv5Q0OAwFbk9w1WLku2kk=",
"lastModified": 1776964038,
"narHash": "sha256-xFsg66TCtKzSgRIW6Ab771FWEIhei3jPgfE4byMiB44=",
"owner": "anthropics",
"repo": "skills",
"rev": "12ab35c2eb5668c95810e6a6066f40f4218adc39",
"rev": "5128e1865d670f5d6c9cef000e6dfc4e951fb5b9",
"type": "github"
},
"original": {
@@ -1012,11 +973,11 @@
"skills-basecamp": {
"flake": false,
"locked": {
"lastModified": 1775581454,
"narHash": "sha256-jDkRFNjxa+WIdpFBSPvHwGK4hbmF8bMZK5RM8ue2IGI=",
"lastModified": 1777481361,
"narHash": "sha256-GJ94Y1n+zR6zpOWjAGFYFWFIFpT1royFJOy2TaQXpzU=",
"owner": "basecamp",
"repo": "basecamp-cli",
"rev": "5fb837c7f0d6e04c0e6c308d8b79994a49b58b2d",
"rev": "59d59b66974d442190b0762129b4f1749adcedf0",
"type": "github"
},
"original": {
@@ -1060,11 +1021,11 @@
"skills-vercel": {
"flake": false,
"locked": {
"lastModified": 1775448549,
"narHash": "sha256-P7sHiKqeThQGIOfJ1nfjiECZnhQh+U2HuLex2sg8k5E=",
"lastModified": 1777394685,
"narHash": "sha256-YxCMuTl+pVJ7dXhaL7l9vDw9k2orlG31j7/0pgllMJk=",
"owner": "vercel-labs",
"repo": "skills",
"rev": "df0579f85cb8a360473c921e1343359006100d3c",
"rev": "7c0a9af3f8738965b71341712710ac7371089b34",
"type": "github"
},
"original": {

3
flake.nix
View File

@@ -23,7 +23,6 @@
nixpkgs-master.url = "github:nixos/nixpkgs/master";
m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs";
# m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs";
llm-agents.url = "github:numtide/llm-agents.nix";
#
@@ -69,7 +68,7 @@
url = "github:vercel-labs/skills";
flake = false;
};
hermes-agent.url = "github:NousResearch/hermes-agent/v2026.4.23";
hermes-agent.url = "github:NousResearch/hermes-agent/v2026.4.30";
};
outputs = {

3
home/base/cli-tools/bat.nix
View File

@@ -9,7 +9,8 @@ with lib; let
cfg = config.base.cliTools.bat;
palette = config.colorScheme.palette;
in {
options.base.cliTools.bat.enable = mkEnableOption "enable bat with nix-colors theme";
# Enabled by default — base modules are always-on.
options.base.cliTools.bat.enable = (mkEnableOption "enable bat with nix-colors theme") // {default = true;};
config = mkIf cfg.enable {
programs.bat = {

3
home/base/cli-tools/carapace.nix
View File

@@ -7,7 +7,8 @@
with lib; let
cfg = config.base.cliTools.carapace;
in {
options.base.cliTools.carapace.enable = mkEnableOption "enable carapace completion engine";
# Enabled by default — base modules are always-on.
options.base.cliTools.carapace.enable = (mkEnableOption "enable carapace completion engine") // {default = true;};
config = mkIf cfg.enable {
programs.carapace = {

3
home/base/cli-tools/direnv.nix
View File

@@ -7,7 +7,8 @@
with lib; let
cfg = config.base.cliTools.direnv;
in {
options.base.cliTools.direnv.enable = mkEnableOption "enable direnv with nix-direnv";
# Enabled by default — base modules are always-on.
options.base.cliTools.direnv.enable = (mkEnableOption "enable direnv with nix-direnv") // {default = true;};
config = mkIf cfg.enable {
programs.direnv = {

3
home/base/cli-tools/eza.nix
View File

@@ -7,7 +7,8 @@
with lib; let
cfg = config.base.cliTools.eza;
in {
options.base.cliTools.eza.enable = mkEnableOption "enable eza modern ls replacement";
# Enabled by default — base modules are always-on.
options.base.cliTools.eza.enable = (mkEnableOption "enable eza modern ls replacement") // {default = true;};
config = mkIf cfg.enable {
programs.eza = {

3
home/base/cli-tools/fzf.nix
View File

@@ -7,7 +7,8 @@
with lib; let
cfg = config.base.cliTools.fzf;
in {
options.base.cliTools.fzf.enable = mkEnableOption "enable fuzzy finder";
# Enabled by default — base modules are always-on.
options.base.cliTools.fzf.enable = (mkEnableOption "enable fuzzy finder") // {default = true;};
config = mkIf cfg.enable {
programs.fzf = {

3
home/base/cli-tools/lf.nix
View File

@@ -8,7 +8,8 @@
with lib; let
cfg = config.base.cliTools.lf;
in {
options.base.cliTools.lf.enable = mkEnableOption "enable lf terminal file manager";
# Enabled by default — base modules are always-on.
options.base.cliTools.lf.enable = (mkEnableOption "enable lf terminal file manager") // {default = true;};
config = mkIf cfg.enable {
home.packages = [pkgs.lf];

3
home/base/cli-tools/nitch.nix
View File

@@ -8,7 +8,8 @@
with lib; let
cfg = config.base.cliTools.nitch;
in {
options.base.cliTools.nitch.enable = mkEnableOption "enable nitch";
# Enabled by default — base modules are always-on.
options.base.cliTools.nitch.enable = (mkEnableOption "enable nitch") // {default = true;};
config = mkIf cfg.enable {
home.packages = [pkgs.nitch];

19
home/base/cli-tools/packages.nix
View File

@@ -1,4 +1,6 @@
# Essential CLI packages — core utilities always available on every host.
# NOTE: `lazylib` does not exist in nixpkgs. `lazygit` is the correct package
# (Git TUI) and is intentionally used here instead.
{
config,
lib,
@@ -8,7 +10,8 @@
with lib; let
cfg = config.base.cliTools.essentials;
in {
options.base.cliTools.essentials.enable = mkEnableOption "enable essential CLI packages";
# Enabled by default — base modules are always-on.
options.base.cliTools.essentials.enable = (mkEnableOption "enable essential CLI packages") // {default = true;};
config = mkIf cfg.enable {
home.packages = with pkgs; [
@@ -19,22 +22,30 @@ in {
jq
ripgrep
# Nix
alejandra
comma
nixd
nix-diff
nix-index
nix-update
# Dev tools
bc
cmake
devenv
gcc
gnumake
go
httpie
just
lazygit
nix-index
nix-update
progress
sqlite
sqlite-vec
tldr
# AI tools
comma
fabric-ai
llm

3
home/base/cli-tools/television.nix
View File

@@ -7,7 +7,8 @@
with lib; let
cfg = config.base.cliTools.television;
in {
options.base.cliTools.television.enable = mkEnableOption "enable television";
# Enabled by default — base modules are always-on.
options.base.cliTools.television.enable = (mkEnableOption "enable television") // {default = true;};
config = mkIf cfg.enable {
programs.television = {

7
home/base/cli-tools/zellij-ps.nix
View File

@@ -1,5 +1,7 @@
# Zellij-ps — project-aware Zellij session manager from m3ta-nixpkgs.
# Delegates to the cli.zellij-ps module provided by inputs.m3ta-nixpkgs.
# Delegates to `cli.zellij-ps` — the home-manager module namespace provided by
# m3ta-nixpkgs (inputs.m3ta-nixpkgs.nixosModules.default). This is intentional;
# `cli.*` is the convention used by m3ta-nixpkgs home-manager modules.
{
config,
lib,
@@ -9,7 +11,8 @@ with lib; let
cfg = config.base.cliTools.zellijPs;
in {
options.base.cliTools.zellijPs = {
enable = mkEnableOption "enable zellij-ps project session manager";
# Enabled by default — base modules are always-on.
enable = (mkEnableOption "enable zellij-ps project session manager") // {default = true;};
projectFolders = mkOption {
type = types.listOf types.path;

3
home/base/cli-tools/zellij.nix
View File

@@ -7,7 +7,8 @@
with lib; let
cfg = config.base.cliTools.zellij;
in {
options.base.cliTools.zellij.enable = mkEnableOption "enable zellij multiplexer";
# Enabled by default — base modules are always-on.
options.base.cliTools.zellij.enable = (mkEnableOption "enable zellij multiplexer") // {default = true;};
config = mkIf cfg.enable {
programs.zellij = {

3
home/base/cli-tools/zoxide.nix
View File

@@ -7,7 +7,8 @@
with lib; let
cfg = config.base.cliTools.zoxide;
in {
options.base.cliTools.zoxide.enable = mkEnableOption "enable zoxide smarter cd";
# Enabled by default — base modules are always-on.
options.base.cliTools.zoxide.enable = (mkEnableOption "enable zoxide smarter cd") // {default = true;};
config = mkIf cfg.enable {
programs.zoxide = {

9
home/base/default.nix Normal file
View File

@@ -0,0 +1,9 @@
# Base home-manager configuration — always loaded on every host.
# Includes shell, CLI tools, and secrets modules.
{...}: {
imports = [
./shell
./cli-tools
./secrets/secrets.nix
];
}

8
home/features/cli/secrets.nix → home/base/secrets/secrets.nix
View File

@@ -1,3 +1,4 @@
# Password store and secrets management via pass-wayland with OTP and import extensions.
{
config,
lib,
@@ -5,9 +6,10 @@
...
}:
with lib; let
cfg = config.features.cli.secrets;
cfg = config.base.secrets;
in {
options.features.cli.secrets.enable = mkEnableOption "enable secrets";
# Enabled by default — base modules are always-on.
options.base.secrets.enable = (mkEnableOption "enable secrets management") // {default = true;};
config = mkIf cfg.enable {
programs.password-store = {
@@ -17,6 +19,6 @@ in {
(exts: [exts.pass-otp exts.pass-import]);
settings = {PASSWORD_STORE_DIR = "$XDG_DATA_HOME/password-store";};
};
home.packages = with pkgs; [pinentry-gnome3];
home.packages = [pkgs.pinentry-gnome3];
};
}

8
home/base/shell/default.nix Normal file
View File

@@ -0,0 +1,8 @@
# Shell aggregator — imports Nushell (primary), Fish, and Starship prompt.
{...}: {
imports = [
./nushell.nix
./fish.nix
./starship.nix
];
}

6
home/features/cli/fish.nix → home/base/shell/fish.nix
View File

@@ -1,12 +1,14 @@
# Fish shell configuration exposed under the new base namespace.
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.fish;
cfg = config.base.shell.fish;
in {
options.features.cli.fish.enable = mkEnableOption "enable fish shell";
# Enabled by default — base modules are always-on.
options.base.shell.fish.enable = (mkEnableOption "enable fish shell") // {default = true;};
config = mkIf cfg.enable {
programs.fish = {

15
home/features/cli/nushell.nix → home/base/shell/nushell.nix
View File

@@ -1,12 +1,14 @@
# Primary shell configuration — Nushell with environment, aliases, and integrations.
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.nushell;
cfg = config.base.shell.nushell;
in {
options.features.cli.nushell.enable = mkEnableOption "enable nushell";
# Enabled by default — base modules are always-on.
options.base.shell.nushell.enable = (mkEnableOption "enable nushell") // {default = true;};
config = mkIf cfg.enable {
programs.nushell = {
@@ -20,9 +22,8 @@ in {
$env.EDITOR = "nvim"
$env.VISUAL = "zeditor"
$env.FZF_DEFAULT_COMMAND = "fd --type f --exclude .git --follow --hidden"
$env.FZF_DEFAULT_OPTS = "--preview='bat --color=always -n {}' --bind 'ctrl-/:toggle-preview' --header 'Press CTRL-Y to copy command into clipboard' --bind 'ctrl-/:toggle-preview' --bind 'ctrl-y:execute-silent(echo -n {2..} | wl-copy)+abort' --color bg:#282a36,bg+:#44475a,fg:#f8f8f2,fg+:#f8f8f2,header:#6272a4,hl:#bd93f9,hl+:#bd93f9,info:#ffb86c,marker:#ff79c6,pointer:#ff79c6,prompt:#50fa7b,spinner:#ffb86c"
$env.FZF_DEFAULT_OPTS = "--preview='bat --color=always -n {}' --bind 'ctrl-/:toggle-preview' --header 'Press CTRL-Y to copy command into clipboard' --bind 'ctrl-y:execute-silent(echo -n {2..} | wl-copy)+abort' --color bg:#282a36,bg+:#44475a,fg:#f8f8f2,fg+:#f8f8f2,header:#6272a4,hl:#bd93f9,hl+:#bd93f9,info:#ffb86c,marker:#ff79c6,pointer:#ff79c6,prompt:#50fa7b,spinner:#ffb86c"
$env.XDG_DATA_HOME = $"($env.HOME)/.local/share"
$env.FZF_DEFAULT_COMMAND = "fd --type f --exclude .git --follow --hidden"
$env.SSH_AUTH_SOCK = "/run/user/1000/gnupg/S.gpg-agent.ssh"
$env.PATH = ($env.PATH | split row (char esep) | append $"($env.HOME)/.cache/.bun/bin" | append $"($env.HOME)/.npm-global/bin" | uniq)
$env.NPM_CONFIG_PREFIX = $"($env.HOME)/.npm-global"
@@ -40,12 +41,6 @@ in {
}
'';
# if (tty) == "/dev/tty1" {
# exec uwsm start -S -F /run/current-system/sw/bin/Hyprland
# }
# if (tty) == "/dev/tty2" {
# exec gamescope -O HDMI-A-1 -W 1920 -H 1080 --adaptive-sync --hdr-enabled --rt --steam -- steam -pipewire-dmabuf -tenfoot
# }
configFile.text = ''
# Aliases
alias .. = cd ..

6
home/features/cli/starship.nix → home/base/shell/starship.nix
View File

@@ -1,12 +1,14 @@
# Starship cross-shell prompt with nix-colors theming.
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.starship;
cfg = config.base.shell.starship;
in {
options.features.cli.starship.enable = mkEnableOption "enable starship prompt";
# Enabled by default — base modules are always-on.
options.base.shell.starship.enable = (mkEnableOption "enable starship prompt") // {default = true;};
config = mkIf cfg.enable {
programs.starship = {

55
home/features/coding/default.nix → home/coding/agents/agents.nix
View File

@@ -1,17 +1,25 @@
# AI agent system — OpenCode, Pi, and MCP server configuration.
# Relies on coding.agents options provided by home/common/default.nix
# (inputs.m3ta-nixpkgs.homeManagerModules.default).
{
config,
inputs,
lib,
pkgs,
videoDrivers,
videoDrivers ? [],
...
}: let
npmGlobalPrefix = "${config.home.homeDirectory}/.npm-global";
in {
home.file.".npmrc".text = ''
prefix=${npmGlobalPrefix}
'';
home.sessionVariables.NPM_CONFIG_PREFIX = npmGlobalPrefix;
}: {
# Agent Git Identity configuration
# Note: Uses existing gitea SSH key (m3tam3re identity) for push auth
coding.agents.gitIdentity = {
enable = true;
name = "m3ta-chiron";
email = "m3ta-chiron@agentmail.to";
sshKey = "/home/m3tam3re/.ssh/gitea";
};
imports = [
# OpenCode and Pi agent configurations
./opencode.nix
./pi.nix
];
@@ -64,39 +72,14 @@ in {
home.packages = with pkgs; [
agenix-cli
agent-browser
alejandra
bc
bun
devpod
#devpod-desktop
gnumake
cmake
(python3.withPackages (ps:
with ps; [
pip
uv
# Scientific packages
numba
numpy
torch
srt
]))
pyrefly
nixd
nix-update
nodejs
# opencode-desktop
beads
pi
(qmd.override {
vulkanSupport = videoDrivers == ["amdgpu"];
cudaSupport = videoDrivers == ["nvidia"];
})
# opencode-desktop
openshell
openspec
pi-coding-agent
alejandra
sidecar
tailwindcss
tailwindcss-language-server
td
];
}

260
home/coding/agents/opencode.nix Normal file
View File

@@ -0,0 +1,260 @@
{
inputs,
lib,
...
}: {
coding.agents.opencode = {
enable = true;
agentsInput = inputs.agents;
};
coding.opencode = {
enable = true;
ohMyOpencodeSettings = {
agents = {
sisyphus.model = "litellm/claude-opus-4-6";
oracle.model = "litellm/claude-sonnet-4-6";
librarian.model = "litellm/claude-sonnet-4-6";
explore.model = "litellm/claude-haiku-4-5";
multimodal-looker.model = "litellm/gpt-5.3-codex";
prometheus.model = "litellm/claude-opus-4-6";
metis.model = "litellm/claude-opus-4-6";
momus.model = "litellm/claude-opus-4-6";
atlas.model = "litellm/claude-sonnet-4-6";
};
categories = {
visual-engineering.model = "zai-coding-plan/glm-5.1";
ultrabrain.model = "litellm/claude-opus-4-6";
deep.model = "litellm/claude-sonnet-4-6";
artistry.model = "zai-coding-plan/glm-5.1";
quick.model = "litellm/claude-haiku-4-5";
unspecified-low.model = "litellm/claude-sonnet-4-6";
unspecified-high.model = "litellm/claude-opus-4-6";
writing.model = "zai-coding-plan/glm-5.1";
};
};
};
# Keep TUI settings in programs.opencode.tui to satisfy OpenCode v1.2.15+.
programs.opencode.tui.theme = "opencode";
# Override legacy default settings to avoid deprecated TUI keys in settings.
programs.opencode.settings = lib.mkForce {
plugin = ["oh-my-openagent"];
formatter = {
alejandra = {
command = ["alejandra" "-q" "-"];
extensions = [".nix"];
};
};
# Security: permission hardening for OpenCode
# Last matching rule wins. Glob patterns: * = any chars, ? = single char.
# ~ and $HOME are expanded to the user's home directory.
# external_directory gates paths outside the working directory.
permission = {
# External directory access: ask by default, allow safe paths
"external_directory" = {
"*" = "ask";
"/nix/store/**" = "allow";
"/tmp/**" = "allow";
};
# Read access: allow by default, deny sensitive paths
"read" = {
"*" = "allow";
"~/.ssh/**" = "deny";
"~/.gnupg/**" = "deny";
"~/.aws/**" = "deny";
"~/.kube/**" = "deny";
"~/.config/gh/**" = "deny";
"~/.config/gcloud/**" = "deny";
"~/.config/op/**" = "deny";
"~/.config/sops/**" = "deny";
"/run/agenix/**" = "deny";
"~/.pi/agent/auth.json" = "deny";
"~/.pi/agent/sessions/**" = "deny";
"*.env" = "deny";
"*.env.*" = "deny";
"*.pem" = "deny";
"*.key" = "deny";
"*.p12" = "deny";
"*.pfx" = "deny";
"*id_rsa*" = "deny";
"*id_ed25519*" = "deny";
"*id_ecdsa*" = "deny";
"*.example.env" = "allow";
"*.sample.env" = "allow";
"*.test.env" = "allow";
".env.example" = "allow";
".env.sample" = "allow";
".env.test" = "allow";
"~/.ssh/*.pub" = "allow";
"*.pub" = "allow";
"*.csr" = "allow";
};
# Edit access: ask by default, deny sensitive paths
"edit" = {
"*" = "ask";
"~/.ssh/**" = "deny";
"~/.gnupg/**" = "deny";
"~/.aws/**" = "deny";
"~/.kube/**" = "deny";
"~/.config/gh/**" = "deny";
"~/.config/gcloud/**" = "deny";
"~/.config/op/**" = "deny";
"~/.config/sops/**" = "deny";
"/run/agenix/**" = "deny";
"~/.pi/agent/auth.json" = "deny";
"~/.pi/agent/sessions/**" = "deny";
"*.env" = "deny";
"*.env.*" = "deny";
"*.pem" = "deny";
"*.key" = "deny";
"*.p12" = "deny";
"*.pfx" = "deny";
"*id_rsa*" = "deny";
"*id_ed25519*" = "deny";
"*id_ecdsa*" = "deny";
"~/.ssh/*.pub" = "allow";
"*.pub" = "allow";
"*.csr" = "allow";
};
# Glob patterns: same rules as read for file matching
"glob" = {
"*" = "allow";
"~/.ssh/**" = "deny";
"~/.gnupg/**" = "deny";
"/run/agenix/**" = "deny";
"*.env" = "deny";
"*.env.*" = "deny";
"*.pem" = "deny";
"*.key" = "deny";
"*.p12" = "deny";
"*.pfx" = "deny";
};
# Grep: allow search, but deny searching for secrets
"grep" = {
"*" = "allow";
"~/.ssh/**" = "deny";
"~/.gnupg/**" = "deny";
"/run/agenix/**" = "deny";
"*PASSWORD*" = "ask";
"*SECRET*" = "ask";
"*API_KEY*" = "ask";
"*PRIVATE_KEY*" = "ask";
};
# Bash: ask by default, deny dangerous and env-leak commands
"bash" = {
"*" = "ask";
"git status*" = "allow";
"git diff*" = "allow";
"git log*" = "allow";
"git branch*" = "allow";
"git show*" = "allow";
"git remote*" = "allow";
"nix --version" = "allow";
"nix eval*" = "allow";
"nix build*" = "allow";
"nix develop*" = "allow";
"nix shell*" = "allow";
"nix search*" = "allow";
"alejandra*" = "allow";
"git add*" = "allow";
"git commit*" = "allow";
"git push*" = "ask";
"git pull*" = "allow";
"rm *" = "ask";
"rm -rf *" = "deny";
"sudo *" = "ask";
"env" = "deny";
"printenv" = "deny";
"cat /proc/*/environ" = "deny";
"gpg *--export-secret*" = "deny";
"ssh-add -D" = "deny";
"docker run --privileged*" = "deny";
"curl *| *sh" = "deny";
"wget *| *sh" = "deny";
};
# Web fetch: ask for sensitive URLs
"webfetch" = {
"*" = "ask";
"https://api.github.com*" = "allow";
"https://search.nixos.org*" = "allow";
};
# Doom loop guard
"doom_loop" = "ask";
};
# AZ-Gruppe LiteLLM endpoint + available models
provider = {
litellm = {
npm = "@ai-sdk/openai-compatible";
name = "LiteLLM (AZ-Gruppe)";
options.baseURL = "https://llm.az-gruppe.com/v1";
models = {
"gpt-5.2" = {
name = "GPT-5.2";
limit = {
context = 400000;
output = 128000;
};
};
"gpt-5.3-codex" = {
name = "GPT-5.3 Codex";
limit = {
context = 400000;
output = 128000;
};
};
"claude-haiku-4-5" = {
name = "Claude Haiku 4.5";
options = {
thinking = {
type = "enabled";
budget_tokens = 16000;
};
};
limit = {
context = 200000;
output = 64000;
};
};
"claude-sonnet-4-6" = {
name = "Claude Sonnet 4.6";
options = {
thinking = {
type = "enabled";
budget_tokens = 16000;
};
};
limit = {
context = 200000;
output = 64000;
};
};
"claude-opus-4-6" = {
name = "Claude Opus 4.6";
options = {
thinking = {
type = "enabled";
budget_tokens = 16000;
};
};
limit = {
context = 200000;
output = 128000;
};
};
};
};
};
};
}

269
home/coding/agents/pi.nix Normal file
View File

@@ -0,0 +1,269 @@
{inputs, ...}: {
coding.agents.pi = {
enable = true;
agentsInput = inputs.agents;
modelOverrides = {
chiron = "minimax/MiniMax-M2.7";
chiron-forge = "minimax/MiniMax-M2.7";
};
# Coding rules for Pi agent
# Rules sourced from AGENTS repo
codingRules = {
# Language-specific rules
languages = [
"nix" # Nix language conventions
];
# Standard concerns from AGENTS repo
concerns = [
"coding-style" # General coding principles
"naming" # Naming conventions (camelCase, snake_case, etc.)
"documentation" # Documentation standards
"testing" # Testing guidelines (Arrange-Act-Assert)
"git-workflow" # Conventional commits, branch naming
"git-identity" # Git identity configuration for agents
"project-structure" # Project layout conventions
];
# No framework-specific rules for NixOS config
frameworks = [];
};
settings = {
packages = [
"npm:@dreadedzombie/pi-init"
"npm:@plannotator/pi-extension"
"npm:@thesethrose/pi-zai-provider"
"npm:pi-agent-browser-native"
"npm:pi-beads-extension"
"npm:pi-lens"
"npm:pi-markdown-preview"
"npm:pi-mcp-adapter"
"npm:pi-powerline-footer"
"npm:pi-prompt-template-model"
"npm:pi-subagents"
"npm:pi-tool-display"
"npm:pi-web-access"
"git:github.com/hk-vk/pi-connect"
];
defaultProvider = "minimax";
defaultModel = "MiniMax-M2.7";
defaultThinkingLevel = "high";
};
# pi-guardrails: strict security config
# NOTE: Path access checks are lexical (not symlink-safe).
# NOTE: Local project .pi/extensions/guardrails.json can override same rule IDs.
# For immutable global policies, consider a wrapper or upstream patch.
guardrails = {
enable = true;
config = {
enabled = true;
applyBuiltinDefaults = true;
onboarding = {
completed = true;
};
features = {
policies = true;
permissionGate = true;
pathAccess = true;
};
pathAccess = {
mode = "ask";
allowedPaths = [
"/nix/store/"
"/tmp/"
];
};
policies = {
rules = [
# ── SSH keys ───────────────────────────────────────────
{
id = "home-ssh";
enabled = true;
protection = "noAccess";
onlyIfExists = false;
patterns = [
{pattern = "~/.ssh/**";}
{pattern = "~/.ssh/*_rsa";}
{pattern = "~/.ssh/*_ed25519";}
{pattern = "~/.ssh/*.pem";}
];
allowedPatterns = [
{pattern = "~/.ssh/*.pub";}
];
}
# ── GPG keys ─────────────────────────────────────────
{
id = "home-gpg";
enabled = true;
protection = "noAccess";
onlyIfExists = false;
patterns = [
{pattern = "~/.gnupg/**";}
{pattern = "~/*.gpg";}
{pattern = "~/.gpg-agent.conf";}
];
}
# ── AWS credentials ────────────────────────────────────
{
id = "home-aws";
enabled = true;
protection = "noAccess";
onlyIfExists = false;
patterns = [
{pattern = "~/.aws/**";}
{pattern = "~/.aws/credentials";}
{pattern = "~/.aws/config";}
];
}
# ── Kubernetes configs ────────────────────────────────
{
id = "home-kube";
enabled = true;
protection = "noAccess";
onlyIfExists = false;
patterns = [
{pattern = "~/.kube/**";}
{pattern = "*kubeconfig*";}
];
}
# ── Cloud CLI configs ────────────────────────────────
{
id = "home-config";
enabled = true;
protection = "noAccess";
onlyIfExists = false;
patterns = [
{pattern = "~/.config/gh/**";}
{pattern = "~/.config/gcloud/**";}
{pattern = "~/.config/op/**";}
{pattern = "~/.config/sops/**";}
];
}
# ── agenix secrets ───────────────────────────────────
{
id = "agenix-secrets";
enabled = true;
protection = "noAccess";
onlyIfExists = false;
patterns = [
{pattern = "/run/agenix/**";}
];
}
# ── Pi auth and sessions ────────────────────────────
{
id = "pi-auth-sessions";
enabled = true;
protection = "noAccess";
onlyIfExists = false;
patterns = [
{pattern = "~/.pi/agent/auth.json";}
{pattern = "~/.pi/agent/sessions/**";}
];
}
# ── Environment files ─────────────────────────────────
{
id = "secret-files";
enabled = true;
protection = "noAccess";
onlyIfExists = true;
patterns = [
{pattern = ".env";}
{pattern = ".env.*";}
{pattern = ".dev.vars";}
];
allowedPatterns = [
{pattern = "*.example.env";}
{pattern = "*.sample.env";}
{pattern = "*.test.env";}
{pattern = ".env.example";}
{pattern = ".env.sample";}
{pattern = ".env.test";}
];
}
# ── Private keys and certificates ───────────────────
{
id = "private-keys";
enabled = true;
protection = "noAccess";
onlyIfExists = false;
patterns = [
{pattern = "*.pem";}
{pattern = "*.key";}
{pattern = "*.p12";}
{pattern = "*.pfx";}
{pattern = "*id_rsa*";}
{pattern = "*id_ed25519*";}
{pattern = "*id_ecdsa*";}
];
allowedPatterns = [
{pattern = "*.pub";}
{pattern = "*.csr";}
];
}
];
};
permissionGate = {
explainCommands = false;
# Auto-deny patterns: env leakage and credential dumping
autoDenyPatterns = [
{
pattern = "\\benv\\b";
regex = true;
description = "env command (may dump environment)";
}
{
pattern = "\\bprintenv\\b";
regex = true;
description = "printenv command (dumps environment variables)";
}
{
pattern = "/proc/[0-9]+/environ";
regex = true;
description = "reading process environment files";
}
{
pattern = "gpg\\s+--export-secret-keys";
regex = true;
description = "GPG secret key export";
}
{
pattern = "gpg\\s+--export-secret-subkeys";
regex = true;
description = "GPG secret subkey export";
}
{
pattern = "ssh-add\\s+-D";
regex = true;
description = "delete all SSH identities";
}
{
pattern = "\\b(op|pass)\\s+(read|show|get)";
regex = true;
description = "password manager read operations";
}
];
};
};
};
# MCP servers auto-inherited from programs.mcp in default.nix
};
}

12
home/coding/default.nix Normal file
View File

@@ -0,0 +1,12 @@
# Coding environment aggregator — profile-independent development tooling.
# Imports editors, LSP servers, git configuration, the agent system, language runtimes, and optional packages.
{...}: {
imports = [
./editor
./lsp
./git/git.nix
./agents/agents.nix
./languages
./packages.nix
];
}

6
home/coding/editor/default.nix Normal file
View File

@@ -0,0 +1,6 @@
# Editor aggregator — delegates to m3ta-nixpkgs editor modules.
{...}: {
imports = [
./neovim.nix
];
}

7
home/coding/editor/neovim.nix Normal file
View File

@@ -0,0 +1,7 @@
# NeoVim base configuration via m3ta-nixpkgs coding.editors module.
# The option `coding.editors.neovim.enable` is declared by
# inputs.m3ta-nixpkgs.homeManagerModules.default — no re-declaration here.
{...}: {
# Placeholder for host-agnostic NeoVim overrides.
# Set coding.editors.neovim.enable = true in per-host files to activate.
}

41
home/coding/git/git.nix Normal file
View File

@@ -0,0 +1,41 @@
# Git configuration with signing, aliases, and global ignore.
# Identity and host-specific SSH keys are set per-host in home/m3tam3re/.
{
lib,
pkgs,
...
}:
with lib; {
programs.git = {
enable = true;
signing.format = null;
settings = {
user = {
name = lib.mkDefault "m3tam3re";
email = lib.mkDefault "p@m3ta.dev";
};
core.excludesfile = "~/.gitignore_global";
init.defaultBranch = "master";
alias = {
st = "status";
logd = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
};
};
};
programs.difftastic.enable = true;
programs.jujutsu = {
enable = true;
settings = {
user = {
email = "m@m3tam3re.com";
name = "Sascha Koenig";
};
};
};
home.packages = with pkgs; [
lazygit
];
}

10
home/coding/languages/default.nix Normal file
View File

@@ -0,0 +1,10 @@
# Language runtimes — Python, JavaScript, Rust, Go, TypeScript.
{...}: {
imports = [
./python.nix
./javascript.nix
./rust-toolchain.nix
./go.nix
./typescript.nix
];
}

19
home/coding/languages/go.nix Normal file
View File

@@ -0,0 +1,19 @@
# Go toolchain — compiler and language server.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.coding.languages.go;
in {
options.coding.languages.go.enable = mkEnableOption "Go toolchain";
config = mkIf cfg.enable {
home.packages = with pkgs; [
go
gopls
];
};
}

25
home/coding/languages/javascript.nix Normal file
View File

@@ -0,0 +1,25 @@
# JavaScript/TypeScript runtime — Node.js and Bun.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.coding.languages.javascript;
npmGlobalPrefix = "${config.home.homeDirectory}/.npm-global";
in {
options.coding.languages.javascript.enable = mkEnableOption "JavaScript runtime (Node.js + Bun)";
config = mkIf cfg.enable {
home.packages = with pkgs; [
nodejs
bun
];
home.file.".npmrc".text = ''
prefix=${npmGlobalPrefix}
'';
home.sessionVariables.NPM_CONFIG_PREFIX = npmGlobalPrefix;
};
}

35
home/coding/languages/python.nix Normal file
View File

@@ -0,0 +1,35 @@
# Python runtime with pip and uv.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.coding.languages.python;
in {
options.coding.languages.python = {
enable = mkEnableOption "Python runtime with pip and uv";
extraPackages = mkOption {
type = types.listOf types.package;
default = [];
example = literalExpression "[ pkgs.python3Packages.numpy ]";
description = "Additional Python packages to include";
};
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
(pkgs.python3.withPackages (ps:
with ps;
[
uv
]
++ cfg.extraPackages))
(writeShellScriptBin "pip" "exec uv pip $@")
(writeShellScriptBin "pip3" "exec uv pip $@")
pyrefly
ruff
];
};
}

20
home/coding/languages/rust-toolchain.nix Normal file
View File

@@ -0,0 +1,20 @@
# Rust toolchain — compiler, package manager, and language server.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.coding.languages.rustToolchain;
in {
options.coding.languages.rustToolchain.enable = mkEnableOption "Rust toolchain";
config = mkIf cfg.enable {
home.packages = with pkgs; [
rustc
cargo
rust-analyzer
];
};
}

19
home/coding/languages/typescript.nix Normal file
View File

@@ -0,0 +1,19 @@
# TypeScript support — language server and type checking tools.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.coding.languages.typescript;
in {
options.coding.languages.typescript.enable = mkEnableOption "TypeScript support";
config = mkIf cfg.enable {
home.packages = with pkgs; [
typescript
typescript-language-server
];
};
}

6
home/coding/lsp/default.nix Normal file
View File

@@ -0,0 +1,6 @@
# LSP aggregator — language server protocol tooling.
{...}: {
imports = [
./servers.nix
];
}

23
home/coding/lsp/servers.nix Normal file
View File

@@ -0,0 +1,23 @@
# LSP server configuration — language servers for the development environment.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.coding.lsp;
in {
options.coding.lsp.enable = mkEnableOption "enable LSP servers";
config = mkIf cfg.enable {
home.packages = with pkgs; [
# Nix
nixd
# General
typescript-language-server
tailwindcss-language-server
pyrefly
];
};
}

20
home/coding/packages.nix Normal file
View File

@@ -0,0 +1,20 @@
# Additional coding packages — API clients and GUI development tools.
# Opt-in since not all coding hosts need these desktop-oriented tools.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.coding.packages;
in {
options.coding.packages.enable = mkEnableOption "additional coding packages (bruno, insomnia)";
config = mkIf cfg.enable {
home.packages = [
pkgs.bruno
pkgs.insomnia
];
};
}

16
home/desktop/apps/crypto.nix Normal file
View File

@@ -0,0 +1,16 @@
# Cryptocurrency applications — Bisq, Monero GUI, and Trezor Suite.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.desktop.apps.crypto;
in {
options.desktop.apps.crypto.enable = mkEnableOption "enable crypto applications";
config = mkIf cfg.enable {
home.packages = with pkgs; [bisq2 monero-gui trezor-suite];
};
}

10
home/desktop/apps/default.nix Normal file
View File

@@ -0,0 +1,10 @@
# Desktop apps aggregator — Obsidian, Office, web apps, crypto tools, and productivity.
{...}: {
imports = [
./obsidian.nix
./office.nix
./webapps.nix
./crypto.nix
./productivity.nix
];
}

6
home/features/desktop/obsidian.nix → home/desktop/apps/obsidian.nix
View File

@@ -1,13 +1,13 @@
# Obsidian knowledge base with markdown MIME association.
{
config,
lib,
...
}:
with lib; let
cfg = config.features.desktop.obsidian;
cfg = config.desktop.apps.obsidian;
in {
options.features.desktop.obsidian.enable =
mkEnableOption "enable Obsidian knowledge base";
options.desktop.apps.obsidian.enable = mkEnableOption "enable Obsidian knowledge base";
config = mkIf cfg.enable {
programs.obsidian.enable = true;

16
home/desktop/apps/office.nix Normal file
View File

@@ -0,0 +1,16 @@
# Office and productivity applications — LibreOffice and document tools.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.desktop.apps.office;
in {
options.desktop.apps.office.enable = mkEnableOption "install office and paperwork apps";
config = mkIf cfg.enable {
home.packages = [pkgs.libreoffice-fresh];
};
}

18
home/desktop/apps/productivity.nix Normal file
View File

@@ -0,0 +1,18 @@
# Productivity tools — Pomodoro timer and focus utilities.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.desktop.apps.productivity;
in {
options.desktop.apps.productivity.enable = mkEnableOption "enable productivity tools";
config = mkIf cfg.enable {
home.packages = with pkgs; [
pomodoro-timer
];
};
}

5
home/features/desktop/webapps.nix → home/desktop/apps/webapps.nix
View File

@@ -1,6 +1,7 @@
# Web application desktop entries — Teams, Outlook, Basecamp, and OpenCode launchers.
{
config,
pkgs,
lib,
...
}: let
icons = {
@@ -41,7 +42,7 @@ in {
comment = "Open Basecamp as a Desktop App";
categories = ["Application" "Network"];
terminal = false;
icon = "/home/sascha.koenig/.local/share/icons/basecamp-logo.png";
icon = "${config.home.homeDirectory}/.local/share/icons/basecamp-logo.png";
};
opencode = {
name = "Opencode";

61
home/features/desktop/default.nix → home/desktop/default.nix
View File

@@ -1,22 +1,14 @@
# Desktop environment aggregator — only loaded when context=desktop.
# Includes window manager, applications, theming, and desktop session config.
{
config,
pkgs,
...
}: {
imports = [
./coding.nix
./crypto.nix
./fonts.nix
./gaming.nix
./hyprland.nix
./media.nix
./obsidian.nix
./office.nix
./rofi.nix
./theme.nix
./wallpapers.nix
./wayland.nix
./webapps.nix
./wm
./apps
./theme
];
xdg = {
@@ -55,7 +47,13 @@
XDG_SESSION_TYPE = "wayland";
XDG_SESSION_DESKTOP = "Hyprland";
};
home.sessionPath = ["\${XDG_BIN_HOME}" "\${HOME}/.cargo/bin" "$HOME/.npm-global/bin" "$HOME/.cache/.bun/bin"];
home.sessionPath = [
"\${XDG_BIN_HOME}"
"\${HOME}/.cargo/bin"
"$HOME/.npm-global/bin"
"$HOME/.cache/.bun/bin"
];
fonts.fontconfig.enable = true;
@@ -66,17 +64,11 @@
settings = {
font-family = "Fira Code";
copy-on-select = true;
# Base colors from nix-colors
foreground = "#${config.colorScheme.palette.base05}";
background = "#${config.colorScheme.palette.base00}";
selection-foreground = "#${config.colorScheme.palette.base07}";
selection-background = "#${config.colorScheme.palette.base02}";
# Cursor
cursor-color = "#${config.colorScheme.palette.base05}";
# Palette (16 colors)
palette = [
"0=#${config.colorScheme.palette.base01}"
"1=#${config.colorScheme.palette.base08}"
@@ -107,56 +99,27 @@
home.packages = with pkgs; [
appimage-run
# blueberry
bemoji
brave
# brightnessctl
# clipman
distrobox
eigent
(element-desktop.override {
commandLineArgs = "--password-store=gnome-libsecret";
})
launch-webapp
# eww
# firefox-devedition
file-roller
hyprpanel
seahorse
sushi
# glib
# google-chrome
# gsettings-desktop-schemas
# graphviz
ksnip
msty-studio
nwg-look
# opencode-desktop
# pamixer
# pavucontrol
# libsForQt5.qtstyleplugins
# stable.nyxt
# pcmanfm
rose-pine-hyprcursor
# qt5ct
# qt6.qtwayland
#rustdesk
# socat
# unrar
# unzip
# usbutils
# v4l-utils
remmina
slack
telegram-desktop
vivaldi
vivaldi-ffmpeg-codecs
vibetyper
# wl-clipboard
# wlogout
# wtype
# xdg-utils
# ydotool
# zip
];
}

8
home/desktop/theme/default.nix Normal file
View File

@@ -0,0 +1,8 @@
# Theme aggregator — fonts, GTK/Qt theming, and wallpapers.
{...}: {
imports = [
./fonts.nix
./theme.nix
./wallpapers.nix
];
}

6
home/features/desktop/fonts.nix → home/desktop/theme/fonts.nix
View File

@@ -1,3 +1,4 @@
# Font packages — Fira Code, JetBrains Mono Nerd Font, and supporting icon fonts.
{
config,
lib,
@@ -5,10 +6,9 @@
...
}:
with lib; let
cfg = config.features.desktop.fonts;
cfg = config.desktop.theme.fonts;
in {
options.features.desktop.fonts.enable =
mkEnableOption "install additional fonts for desktop apps";
options.desktop.theme.fonts.enable = mkEnableOption "install desktop fonts";
config = mkIf cfg.enable {
home.packages = with pkgs; [

4
home/features/desktop/theme.nix → home/desktop/theme/theme.nix
View File

@@ -1,12 +1,14 @@
# GTK and Qt theming — Dracula theme with matching icons and cursor.
{
config,
pkgs,
config,
...
}: {
qt = {
enable = true;
platformTheme.name = "gtk";
};
gtk = {
enable = true;
theme = {

19
home/desktop/theme/wallpapers.nix Normal file
View File

@@ -0,0 +1,19 @@
# Wallpaper collection — copies wallpapers to Hyprland config directory.
{
config,
lib,
...
}:
with lib; let
cfg = config.desktop.theme.wallpapers.enable;
in {
options.desktop.theme.wallpapers.enable = mkEnableOption "wallpapers for Hyprland";
config = mkIf cfg {
xdg.configFile."hypr/wallpapers" = {
# Wallpapers are stored relative to the home/m3tam3re directory.
source = ../../m3tam3re/wallpapers;
recursive = true;
};
};
}

8
home/desktop/wm/default.nix Normal file
View File

@@ -0,0 +1,8 @@
# Window manager aggregator — Hyprland, Wayland tools, and Rofi launcher.
{...}: {
imports = [
./hyprland.nix
./wayland.nix
./rofi.nix
];
}

29
home/features/desktop/hyprland.nix → home/desktop/wm/hyprland.nix
View File

@@ -1,13 +1,13 @@
# Hyprland window manager with keybindings, window rules, idle/lock, and hyprpaper.
{
config,
lib,
...
}:
with lib; let
cfg = config.features.desktop.hyprland;
cfg = config.desktop.wm.hyprland;
in {
options.features.desktop.hyprland.enable =
mkEnableOption "Hyprland related stuff";
options.desktop.wm.hyprland.enable = mkEnableOption "Hyprland window manager";
config = mkIf cfg.enable {
wayland.windowManager.hyprland = {
@@ -19,8 +19,8 @@ in {
exec-once = [
"hyprpanel"
"while ! hyprpaper-random; do sleep 0.5; done"
"wl-paste --type text --watch cliphist store" # Stores only text data
"wl-paste --type image --watch cliphist store" # Stores only image data "wl-paste -p -t text --watch clipman store -P --histpath=\"~/.local/share/clipman-primary.json\""
"wl-paste --type text --watch cliphist store"
"wl-paste --type image --watch cliphist store"
"vibetyper"
];
@@ -49,7 +49,6 @@ in {
gaps_in = 5;
gaps_out = 5;
border_size = 1;
# Keeping the existing active border as requested
"col.active_border" = "rgba(9742b5ee) rgba(9742b5ee) 45deg";
"col.inactive_border" = "rgba(${config.colorScheme.palette.base03}aa)";
layout = "dwindle";
@@ -110,8 +109,8 @@ in {
kb_layout = "us";
}
];
windowrule = [
# Floating dialogs
"match:class file_progress, float on"
"match:class confirm, float on"
"match:class dialog, float on"
@@ -125,24 +124,19 @@ in {
"match:class pavucontrol-qt, float on"
"match:class pavucontrol, float on"
"match:class class:^(espanso)$, float on"
# wlogout
"match:class wlogout, fullscreen on"
"match:title wlogout, float on"
"match:title wlogout, fullscreen on"
# mpv
"match:class mpv, float on"
"match:class mpv, idle_inhibit focus"
"match:class mpv, opacity 1.0 override"
# Media/Volume/PiP
"match:title ^(Media viewer)$, float on"
"match:title ^(Volume Control)$, float on"
"match:title ^(Picture-in-Picture)$, float on"
# Pomodoro timer
"match:title ^(floating-pomodoro)$, float on"
"match:title ^(floating-pomodoro)$, size 250 50"
"match:title ^(floating-pomodoro)$, move 12 (monitor_h-150)"
"match:title ^(floating-pomodoro)$, pin on"
# Streamlabs overlays
"match:initial_title .*streamlabs.com.*, float on"
"match:initial_title .*streamlabs.com.*, pin on"
"match:initial_title .*streamlabs.com.*, size 800 400"
@@ -154,16 +148,15 @@ in {
"match:initial_title .*streamlabs.com.*, decorate off"
"match:initial_title .*streamlabs.com.*, no_shadow on"
"match:initial_title .*streamlabs.com.*, no_blur on"
# Vibetyper recording indicator
"match:class ^vibe-typer$, match:title ^Recording Indicator$, no_blur on"
"border_color rgb(ffffff), match:xwayland 1"
];
"$mainMod" = "SUPER";
"$terminal" = "ghostty";
bind = [
"$mainMod, return, exec, $terminal nu -c zellij-ps"
# "$mainMod, t, exec, warp-terminal"
"$mainMod, t, exec, $terminal -e nu -c 'nitch; exec nu'"
"$mainMod SHIFT, t, exec, launch-timer"
"$mainMod, n, exec, $terminal -e nvim"
@@ -214,16 +207,19 @@ in {
"$mainMod, mouse_down, workspace, e+1"
"$mainMod, mouse_up, workspace, e-1"
];
bindr = [
"$mainMod, R, exec, stt-ptt stop"
"$mainMod, S, exec, stt-ptt format-stop"
];
bindm = [
"$mainMod, mouse:272, movewindow"
"$mainMod, mouse:273, resizewindow"
];
};
};
services.hypridle = {
enable = true;
settings = {
@@ -232,14 +228,13 @@ in {
after_sleep_cmd = "hyprctl dispatch dpms on";
inhibit_sleep = 3;
};
listener = [
{
timeout = 300; # 5 min
timeout = 300;
on-timeout = "hyprlock";
}
{
timeout = 420; # 5.5 min
timeout = 420;
on-timeout = "hyprctl dispatch dpms off";
on-resume = "hyprctl dispatch dpms on";
}

19
home/features/desktop/rofi.nix → home/desktop/wm/rofi.nix
View File

@@ -1,3 +1,4 @@
# Rofi application launcher with nix-colors theme, pass integration, and project opener.
{
config,
pkgs,
@@ -5,23 +6,23 @@
...
}:
with lib; let
cfg = config.features.desktop.rofi;
cfg = config.desktop.wm.rofi;
in {
options.features.desktop.rofi.enable = mkEnableOption "enable rofi";
options.desktop.wm.rofi.enable = mkEnableOption "enable rofi";
config = mkIf cfg.enable {
programs.rofi = with pkgs; {
programs.rofi = {
enable = true;
package = rofi.override {
package = pkgs.rofi.override {
plugins = [
rofi-calc
rofi-emoji
stable.rofi-file-browser
pkgs.rofi-calc
pkgs.rofi-emoji
pkgs.stable.rofi-file-browser
];
};
pass = {
enable = true;
package = rofi-pass-wayland;
package = pkgs.rofi-pass-wayland;
};
terminal = "${pkgs.ghostty}/bin/ghostty";
font = "Fira Code";
@@ -169,7 +170,6 @@ in {
text-color: @background;
}
/* Scrollbar */
scrollbar {
width: 4px;
border: 0;
@@ -179,6 +179,7 @@ in {
}
'');
};
cli.rofi-project-opener = {
enable = true;
projectDirs = {

5
home/features/desktop/wayland.nix → home/desktop/wm/wayland.nix
View File

@@ -1,3 +1,4 @@
# Wayland extra tooling — screenshot, clipboard, cursor, and display utilities.
{
config,
lib,
@@ -5,9 +6,9 @@
...
}:
with lib; let
cfg = config.features.desktop.wayland;
cfg = config.desktop.wm.wayland;
in {
options.features.desktop.wayland.enable = mkEnableOption "wayland extra tools and config";
options.desktop.wm.wayland.enable = mkEnableOption "wayland extra tools and config";
config = mkIf cfg.enable {
home.packages = with pkgs; [

65
home/features/cli/AGENTS.md
View File

@@ -1,65 +0,0 @@
# CLI FEATURES (home-manager)
**Shell and terminal tooling with Fish + Nushell dual configuration**
## OVERVIEW
8 CLI modules with integrated tooling across Fish and Nushell shells.
## STRUCTURE
```
cli/
├── default.nix # Imports + shared tools (bat, eza, direnv)
├── fish.nix # Fish shell + aliases
├── fzf.nix # Fuzzy finder
├── nitch.nix # System info tool
├── nushell.nix # Nushell + aliases
├── secrets.nix # Password-store integration
├── starship.nix # Shell prompt
└── zellij.nix # Terminal multiplexer
```
## WHERE TO LOOK
| Task | Location | Notes |
|------|----------|-------|
| Add CLI tool | default.nix home.packages | Check if shell integration needed |
| Shell aliases | fish.nix or nushell.nix | Kept in sync between shells |
| Prompt config | starship.nix | Uses nerd-fonts symbols |
| Secret access | secrets.nix | Agenix integration |
## CONVENTIONS
### Shell Integration Pattern
Tools with shell hooks enabled in both Fish and Nushell:
- **carapace**: Completions
- **zoxide**: Smart cd
- **eza**: ls replacement
- **direnv**: Directory environments
- **fzf**: Fuzzy finding
### NixOS Rebuild Aliases (both shells)
```
nr/nrs - nixos-rebuild [switch]
snr/snrs - sudo nixos-rebuild [switch]
hms - home-manager switch
```
### Bat Theme
Custom `universal` theme generated from nix-colors palette in default.nix (lines 34-157).
### Secrets Integration
Fish/Nushell source `$HOME/.secrets` if `secrets.enable = true` (CLI secrets feature).
## ANTI-PATTERNS
- **DON'T** add aliases to only one shell - keep Fish/Nushell in sync
- **DON'T** use `programs.bash` - Nushell is default shell
- **DON'T** bypass carapace for completions - integrated by default
## NOTES
- zellij-ps custom package for project session management
- Default shell set to Nushell in hosts/common/default.nix
- Bat theme dynamically generated (no external theme files)
- lf file manager uses bat for previews
- Agenix CLI (agenix-cli) included for secret management

230
home/features/cli/default.nix
View File

@@ -1,230 +0,0 @@
{
config,
pkgs,
videoDrivers,
...
}: {
imports = [
./fish.nix
./fzf.nix
./nitch.nix
./nushell.nix
./secrets.nix
./starship.nix
./television.nix
./zellij.nix
];
programs.carapace = {
enable = true;
enableFishIntegration = true;
enableNushellIntegration = true;
enableBashIntegration = true;
};
programs.zoxide = {
enable = true;
enableFishIntegration = true;
enableNushellIntegration = true;
};
programs.bat = {
enable = true;
config = {theme = "universal";};
themes = {
universal = {
src = pkgs.writeText "universal.tmTheme" ''
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>name</key>
<string>Universal (nix-colors)</string>
<key>settings</key>
<array>
<dict>
<key>settings</key>
<dict>
<key>background</key>
<string>#${config.colorScheme.palette.base00}</string>
<key>foreground</key>
<string>#${config.colorScheme.palette.base05}</string>
<key>caret</key>
<string>#${config.colorScheme.palette.base05}</string>
<key>selection</key>
<string>#${config.colorScheme.palette.base02}</string>
<key>selectionForeground</key>
<string>#${config.colorScheme.palette.base05}</string>
<key>lineHighlight</key>
<string>#${config.colorScheme.palette.base01}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Comment</string>
<key>scope</key>
<string>comment</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base03}</string>
<key>fontStyle</key>
<string>italic</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>String</string>
<key>scope</key>
<string>string</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base0A}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Number</string>
<key>scope</key>
<string>constant.numeric</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base0E}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Keyword</string>
<key>scope</key>
<string>keyword</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base08}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Function</string>
<key>scope</key>
<string>entity.name.function</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base0B}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Type</string>
<key>scope</key>
<string>entity.name.type, storage.type</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base0D}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Variable</string>
<key>scope</key>
<string>variable</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base05}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Constant</string>
<key>scope</key>
<string>constant</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base0E}</string>
</dict>
</dict>
</array>
</dict>
</plist>
'';
};
};
};
programs.direnv = {
enable = true;
enableNushellIntegration = true;
nix-direnv.enable = true;
};
programs.eza = {
enable = true;
enableFishIntegration = true;
enableBashIntegration = true;
extraOptions = ["-l" "--icons" "--git" "-a"];
};
programs.lf = {
enable = true;
settings = {
preview = true;
drawbox = true;
hidden = true;
icons = true;
theme = "Dracula";
previewer = "bat";
};
};
cli.zellij-ps = {
enable = true;
projectFolders = ["/home/m3tam3re/p"];
};
home.packages = with pkgs; [
basecamp
comma
coreutils
devenv
fabric-ai
fd
gcc
go
htop
httpie
hyprpaper-random
jq
just
lazygit
llm
lf
nix-index
nix-update
libnotify
nushellPlugins.skim
progress
ripgrep
rocmPackages.rocm-smi
rocmPackages.rocminfo
rocmPackages.rocm-runtime
sqlite
sqlite-vec
tldr
pomodoro-timer
trash-cli
unimatrix
unzip
vulkan-tools
wttrbar
wireguard-tools
yazi
zellij-ps
zip
];
}

40
home/features/cli/fzf.nix
View File

@@ -1,40 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.fzf;
in {
options.features.cli.fzf.enable = mkEnableOption "enable fuzzy finder";
config = mkIf cfg.enable {
programs.fzf = {
enable = true;
enableFishIntegration = true;
colors = {
"fg" = "#${config.colorScheme.palette.base05}";
"bg" = "#${config.colorScheme.palette.base00}";
"hl" = "#${config.colorScheme.palette.base0E}";
"fg+" = "#${config.colorScheme.palette.base05}";
"bg+" = "#${config.colorScheme.palette.base02}";
"hl+" = "#${config.colorScheme.palette.base0E}";
"info" = "#${config.colorScheme.palette.base09}";
"prompt" = "#${config.colorScheme.palette.base0B}";
"pointer" = "#${config.colorScheme.palette.base08}";
"marker" = "#${config.colorScheme.palette.base08}";
"spinner" = "#${config.colorScheme.palette.base09}";
"header" = "#${config.colorScheme.palette.base03}";
};
defaultOptions = [
"--preview='bat --color=always -n {}'"
"--bind 'ctrl-/:toggle-preview'"
"--header 'Press CTRL-Y to copy command into clipboard'"
"--bind 'ctrl-/:toggle-preview'"
"--bind 'ctrl-y:execute-silent(echo -n {2..} | wl-copy)+abort'"
];
defaultCommand = "fd --type f --exclude .git --follow --hidden";
changeDirWidgetCommand = "fd --type d --exclude .git --follow --hidden";
};
};
}

15
home/features/cli/nitch.nix
View File

@@ -1,15 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.cli.nitch;
in {
options.features.cli.nitch.enable = mkEnableOption "enable nitch";
config = mkIf cfg.enable {
home.packages = with pkgs; [nitch];
};
}

64
home/features/cli/television.nix
View File

@@ -1,64 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.television;
in {
options.features.cli.television.enable = mkEnableOption "enable nitch";
config = mkIf cfg.enable {
programs.television = {
enable = true;
channels = {
tldr = {
metadata = {
description = "Browse TLDR pages";
name = "tldr";
requirements = [
"tldr"
];
};
preview = {
command = "tldr '{}'";
};
source = {
command = "tldr --list";
};
};
git-diff = {
metadata = {
description = "A channel to select files from git diff commands";
name = "git-diff";
requirements = [
"git"
];
};
preview = {
command = "git diff HEAD --color=always -- '{}'";
};
source = {
command = "git diff --name-only HEAD";
};
};
git-log = {
metadata = {
description = "A channel to select from git log entries";
name = "git-log";
requirements = [
"git"
];
};
preview = {
command = "git show -p --stat --pretty=fuller --color=always '{0}'";
};
source = {
command = "git log --oneline --date=short --pretty=\"format:%h %s %an %cd\" \"$@\"";
output = "{split: :0}";
};
};
};
};
};
}

32
home/features/cli/zellij.nix
View File

@@ -1,32 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.zellij;
in {
options.features.cli.zellij.enable = mkEnableOption "enable tmux";
config = mkIf cfg.enable {
programs.zellij = {
enable = true;
settings = {
theme = "universal";
themes.universal = {
bg = "#${config.colorScheme.palette.base00}";
fg = "#${config.colorScheme.palette.base05}";
black = "#${config.colorScheme.palette.base01}";
red = "#${config.colorScheme.palette.base08}";
green = "#${config.colorScheme.palette.base0B}";
yellow = "#${config.colorScheme.palette.base0A}";
blue = "#${config.colorScheme.palette.base0D}";
magenta = "#${config.colorScheme.palette.base0E}";
cyan = "#${config.colorScheme.palette.base0C}";
white = "#${config.colorScheme.palette.base07}";
orange = "#${config.colorScheme.palette.base09}";
};
};
};
};
}

116
home/features/coding/opencode.nix
View File

@@ -1,116 +0,0 @@
{
inputs,
lib,
...
}: {
coding.agents.opencode = {
enable = true;
agentsInput = inputs.agents;
};
coding.opencode = {
enable = true;
ohMyOpencodeSettings = {
agents = {
sisyphus.model = "litellm/claude-opus-4-6";
oracle.model = "litellm/claude-sonnet-4-6";
librarian.model = "litellm/claude-sonnet-4-6";
explore.model = "litellm/claude-haiku-4-5";
multimodal-looker.model = "litellm/gpt-5.3-codex";
prometheus.model = "litellm/claude-opus-4-6";
metis.model = "litellm/claude-opus-4-6";
momus.model = "litellm/claude-opus-4-6";
atlas.model = "litellm/claude-sonnet-4-6";
};
categories = {
visual-engineering.model = "zai-coding-plan/glm-5.1";
ultrabrain.model = "litellm/claude-opus-4-6";
deep.model = "litellm/claude-sonnet-4-6";
artistry.model = "zai-coding-plan/glm-5.1";
quick.model = "litellm/claude-haiku-4-5";
unspecified-low.model = "litellm/claude-sonnet-4-6";
unspecified-high.model = "litellm/claude-opus-4-6";
writing.model = "zai-coding-plan/glm-5.1";
};
};
};
# Keep TUI settings in programs.opencode.tui to satisfy OpenCode v1.2.15+.
programs.opencode.tui.theme = "opencode";
# Override legacy default settings to avoid deprecated TUI keys in settings.
programs.opencode.settings = lib.mkForce {
plugin = ["oh-my-openagent"];
formatter = {
alejandra = {
command = ["alejandra" "-q" "-"];
extensions = [".nix"];
};
};
# AZ-Gruppe LiteLLM endpoint + available models
provider = {
litellm = {
npm = "@ai-sdk/openai-compatible";
name = "LiteLLM (AZ-Gruppe)";
options.baseURL = "https://llm.az-gruppe.com/v1";
models = {
"gpt-5.2" = {
name = "GPT-5.2";
limit = {
context = 400000;
output = 128000;
};
};
"gpt-5.3-codex" = {
name = "GPT-5.3 Codex";
limit = {
context = 400000;
output = 128000;
};
};
"claude-haiku-4-5" = {
name = "Claude Haiku 4.5";
options = {
thinking = {
type = "enabled";
budget_tokens = 16000;
};
};
limit = {
context = 200000;
output = 64000;
};
};
"claude-sonnet-4-6" = {
name = "Claude Sonnet 4.6";
options = {
thinking = {
type = "enabled";
budget_tokens = 16000;
};
};
limit = {
context = 200000;
output = 64000;
};
};
"claude-opus-4-6" = {
name = "Claude Opus 4.6";
options = {
thinking = {
type = "enabled";
budget_tokens = 16000;
};
};
limit = {
context = 200000;
output = 128000;
};
};
};
};
};
};
}

57
home/features/coding/pi.nix
View File

@@ -1,57 +0,0 @@
{inputs, ...}: {
coding.agents.pi = {
enable = true;
agentsInput = inputs.agents;
modelOverrides = {
chiron = "minimax/MiniMax-M2.7";
chiron-forge = "minimax/MiniMax-M2.7";
};
# Coding rules for Pi agent
# Rules sourced from AGENTS repo
codingRules = {
# Language-specific rules
languages = [
"nix" # Nix language conventions
];
# Standard concerns from AGENTS repo
concerns = [
"coding-style" # General coding principles
"naming" # Naming conventions (camelCase, snake_case, etc.)
"documentation" # Documentation standards
"testing" # Testing guidelines (Arrange-Act-Assert)
"git-workflow" # Conventional commits, branch naming
"project-structure" # Project layout conventions
];
# No framework-specific rules for NixOS config
frameworks = [];
};
settings = {
packages = [
"npm:@thesethrose/pi-zai-provider"
"npm:pi-mcp-adapter"
"npm:pi-subagents"
"npm:pi-lens"
"npm:pi-web-access"
"npm:pi-prompt-template-model"
"npm:@plannotator/pi-extension"
"npm:pi-powerline-footer"
"npm:pi-markdown-preview"
"npm:pi-gsd"
"npm:pi-tool-display"
"npm:pi-agent-browser-native"
"git:github.com/hk-vk/pi-connect"
];
defaultProvider = "minimax";
defaultModel = "MiniMax-M2.7";
defaultThinkingLevel = "high";
};
# MCP servers auto-inherited from programs.mcp in default.nix
};
}

79
home/features/desktop/AGENTS.md
View File

@@ -1,79 +0,0 @@
# DESKTOP FEATURES (home-manager)
**Wayland/Hyprland environment with color-coordinated tooling**
## OVERVIEW
12 modular desktop features with nix-colors (Dracula) integration across all components.
## STRUCTURE
```
desktop/
├── default.nix # Imports + XDG + Kitty config
├── coding.nix # Development tools (VSCode, etc.)
├── crypto.nix # Crypto wallets/tools
├── fonts.nix # Font packages
├── gaming.nix # Gaming tools/Steam
├── hyprland.nix # Hyprland WM configuration
├── media.nix # Media players/editors
├── office.nix # LibreOffice, document tools
├── rofi.nix # Application launcher
├── theme.nix # GTK/Qt theming
├── wayland.nix # Wayland utilities
└── webapps.nix # Browser-based apps
```
## WHERE TO LOOK
| Task | Location | Notes |
|------|----------|-------|
| Add desktop app | Relevant feature .nix | Update home.packages |
| Configure Hyprland | hyprland.nix | Window manager settings |
| Fix colors | Check colorScheme references | Uses config.colorScheme.palette.base* |
| Add font | fonts.nix | Increases system closure size |
## CONVENTIONS
### Color Scheme Integration
All color-aware tools reference `config.colorScheme.palette.base00` through `base0F`:
- **base00-07**: Grayscale (dark to light)
- **base08**: Red/errors
- **base09**: Orange
- **base0A**: Yellow/strings
- **base0B**: Green/functions
- **base0C**: Cyan
- **base0D**: Blue/types
- **base0E**: Purple/constants
- **base0F**: Brown
Template:
```nix
foreground = "#${config.colorScheme.palette.base05}";
background = "#${config.colorScheme.palette.base00}";
```
### Session Variables
Set in default.nix for Wayland/Hyprland:
```nix
NIXOS_OZONE_WL = "1";
QT_QPA_PLATFORM = "wayland";
XDG_CURRENT_DESKTOP = "Hyprland";
```
### XDG Defaults
- **PDF**: okular
- **Text**: nvim
- **Browser**: Zen (io.github.zen_browser.zen)
- **Archive**: file-roller
## ANTI-PATTERNS
- **DON'T** hardcode hex colors - use colorScheme palette
- **DON'T** install fonts globally - keep in user packages
- **DON'T** bypass XDG defaults - set in mimeApps
## NOTES
- Kitty terminal configured in default.nix (not separate file)
- Bibata-Modern-Ice cursor theme hardcoded
- Session path includes cargo, npm-global, bun
- Desktop features are always-enabled (no feature flags in this dir)

23
home/features/desktop/coding.nix
View File

@@ -1,23 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.coding;
in {
options.features.desktop.coding.enable =
mkEnableOption "install coding related stuff";
config = mkIf cfg.enable {
home.packages = with pkgs; [
bruno
insomnia
];
coding.editors = {
neovim.enable = true;
zed.enable = true;
};
};
}

15
home/features/desktop/crypto.nix
View File

@@ -1,15 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.crypto;
in {
options.features.desktop.crypto.enable = mkEnableOption "Enable Crypto";
config = mkIf cfg.enable {
home.packages = with pkgs; [bisq2 monero-gui trezor-suite];
};
}

22
home/features/desktop/gaming.nix
View File

@@ -1,22 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.gaming;
in {
options.features.desktop.gaming.enable =
mkEnableOption "install gaming related stuff";
config = mkIf cfg.enable {
home.packages = with pkgs; [
gamescope
gamemode
goverlay
mangohud
protonplus
];
};
}

55
home/features/desktop/media.nix
View File

@@ -1,55 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.media;
in {
options.features.desktop.media.enable =
mkEnableOption "enable media features";
config = mkIf cfg.enable {
home.packages = with pkgs; [
# handbrake
# kdePackages.kdenlive
# makemkv
# mediainfo
amf
ffmpeg_6-full
gimp
gst_all_1.gstreamer
gst_all_1.gst-vaapi
handbrake
inkscape
kdePackages.kdenlive
libation
#makemkv
pamixer
pavucontrol
qpwgraph
v4l-utils
plexamp
# uxplay
# vlc
webcord
# yt-dlp
unimatrix
];
programs = {
mpv = {
enable = true;
bindings = {
WHEEL_UP = "seek 10";
WHEEL_DOWN = "seek -10";
};
config = {
profile = "gpu-hq";
ytdl-format = "bestvideo+bestaudio";
};
};
};
};
}

18
home/features/desktop/office.nix
View File

@@ -1,18 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.office;
in {
options.features.desktop.office.enable =
mkEnableOption "install office and paperwork stuff";
config = mkIf cfg.enable {
home.packages = with pkgs; [
libreoffice-fresh
];
};
}

18
home/features/desktop/wallpapers.nix
View File

@@ -1,18 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.wallpapers;
in {
options.features.desktop.wallpapers = mkEnableOption "Wallpapers for Hyprland";
config = mkIf cfg {
xdg.configFile."hypr/wallpapers" = {
source = ../../m3tam3re/wallpapers;
recursive = true;
};
};
}

95
home/lib/default.nix Normal file
View File

@@ -0,0 +1,95 @@
# home/lib/default.nix
# Profile loading utilities for home-manager configurations.
#
# Usage:
# let homeLib = import ../lib { inherit lib; };
# in {
# imports = [
# (homeLib.mkHomeConfig { profiles = ["coding" "gaming"]; context = "desktop"; })
# ];
# }
{lib}: let
# Infrastructure layer — nixpkgs overlays, nix-colors, m3ta-nixpkgs modules.
# Always loaded on every host.
commonModule = ../common;
# Base user environment — shell (nushell, starship), CLI tools, secrets.
# Always loaded on every host.
baseModule = ../base;
# Context-specific modules — desktop and server are mutually exclusive.
contextModuleMap = {
desktop = ../desktop;
server = ../server;
};
# Profile modules — freely combinable additions on top of base + context.
profileModuleMap = {
coding = ../coding;
gaming = ../profiles/gaming;
media = ../profiles/media;
};
in {
# Generate a home-manager module with imports based on profiles and context.
#
# Args:
# profiles: list of profile names (e.g. ["coding" "gaming" "media"])
# context: host context, one of "desktop" | "server" | null
#
# Returns: a home-manager module attrset with imports and assertions.
# Desktop and server contexts are mutually exclusive by design — passing
# any value other than "desktop", "server", or null causes an assertion
# failure at evaluation time.
mkHomeConfig = {
profiles ? [],
context ? null,
}: let
contextImport =
if context == "desktop"
then [contextModuleMap.desktop]
else if context == "server"
then [contextModuleMap.server]
else [];
# Partition profiles into known and unknown for assertion + safe import.
unknownProfiles =
builtins.filter
(profileName: ! builtins.hasAttr profileName profileModuleMap)
profiles;
# Only import known profiles; the assertion below catches unknowns.
activeProfiles =
builtins.filter
(profileName: builtins.hasAttr profileName profileModuleMap)
profiles;
profileImports = map (profileName: profileModuleMap.${profileName}) activeProfiles;
contextStr =
if context == null
then "null"
else context;
in {
imports =
[commonModule baseModule]
++ contextImport
++ profileImports;
assertions = [
{
assertion = builtins.elem context ["desktop" "server" null];
message =
"m3ta home: context must be 'desktop', 'server', or null"
+ " (got: '${contextStr}')";
}
{
assertion = unknownProfiles == [];
message =
"m3ta home: unknown profiles requested:"
+ " [ ${builtins.concatStringsSep " " unknownProfiles} ]."
+ " Valid profiles are:"
+ " [ ${builtins.concatStringsSep " " (builtins.attrNames profileModuleMap)} ]";
}
];
};
}

22
home/m3tam3re/m3-aether.nix
View File

@@ -1,17 +1,25 @@
{
# m3-aether — cloud VM.
# Context: server | Profiles: (none)
{lib, ...}: let
homeLib = import ../lib {inherit lib;};
in {
imports = [
../common
../features/cli
(homeLib.mkHomeConfig {
profiles = [];
context = "server";
})
./home-server.nix
];
features = {
cli = {
# Base CLI tools (new namespace)
base = {
shell = {
fish.enable = true;
starship.enable = true;
};
cliTools = {
fzf.enable = true;
nitch.enable = true;
secrets.enable = false;
starship.enable = true;
};
};
}

106
home/m3tam3re/m3-ares.nix
View File

@@ -1,21 +1,88 @@
# m3-ares — TUXEDO laptop desktop workstation.
# Context: desktop | Profiles: coding, gaming, media
{
config,
lib,
...
}:
}: let
homeLib = import ../lib {inherit lib;};
in
with lib; {
imports = [
../common
(homeLib.mkHomeConfig {
profiles = ["coding" "gaming" "media"];
context = "desktop";
})
./home.nix
../features/cli
../features/coding
../features/desktop
];
config = mkMerge [
{
# Base CLI tools (new namespace)
base = {
shell = {
fish.enable = true;
nushell.enable = true;
starship.enable = true;
};
cliTools = {
fzf.enable = true;
nitch.enable = true;
television.enable = true;
};
secrets.enable = true;
};
# Desktop features (new namespace)
desktop = {
wm = {
hyprland.enable = true;
rofi.enable = true;
wayland.enable = true;
};
apps = {
crypto.enable = true;
obsidian.enable = true;
office.enable = true;
};
theme = {
fonts.enable = true;
wallpapers.enable = true;
};
};
# Coding environment
coding = {
editors = {
neovim.enable = true;
zed.enable = true;
};
lsp.enable = true;
packages.enable = true;
languages = {
python.enable = true;
javascript.enable = true;
rustToolchain.enable = true;
go.enable = true;
typescript.enable = true;
};
};
# Gaming profile features
profiles.gaming = {
steam.enable = true;
gamescope.enable = true;
};
# Media profile features
profiles.media = {
obs.enable = true;
ffmpeg.enable = true;
kdenlive.enable = true;
ytDlp.enable = true;
};
xdg = {
# TODO: better structure
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
@@ -38,33 +105,10 @@ with lib; {
};
};
};
features = {
cli = {
fish.enable = true;
nushell.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = true;
starship.enable = true;
television.enable = true;
};
desktop = {
coding.enable = true;
crypto.enable = true;
gaming.enable = true;
hyprland.enable = true;
media.enable = true;
obsidian.enable = true;
office.enable = true;
rofi.enable = true;
fonts.enable = true;
wayland.enable = true;
wallpapers = true;
};
};
}
(mkIf config.features.desktop.hyprland.enable {
# Host-specific Hyprland monitor and workspace layout
(mkIf config.desktop.wm.hyprland.enable {
wayland.windowManager.hyprland = {
enable = true;
settings = {

28
home/m3tam3re/m3-atlas.nix
View File

@@ -1,19 +1,29 @@
{
# m3-atlas — primary server, Traefik hub and container host.
# Context: server | Profiles: coding
{lib, ...}: let
homeLib = import ../lib {inherit lib;};
in {
imports = [
../common
../features/cli
../features/coding/opencode.nix
(homeLib.mkHomeConfig {
profiles = ["coding"];
context = "server";
})
./home-server.nix
];
coding.editors.neovim.enable = true;
features = {
cli = {
# Base CLI tools (new namespace)
base = {
shell = {
nushell.enable = true;
starship.enable = true;
};
cliTools = {
fzf.enable = true;
nitch.enable = true;
secrets.enable = false;
starship.enable = true;
zellij.enable = true;
};
};
# Coding environment
coding.editors.neovim.enable = true;
}

98
home/m3tam3re/m3-daedalus.nix
View File

@@ -1,28 +1,74 @@
# m3-daedalus — portable laptop (standalone home-manager).
# Context: desktop | Profiles: coding, media
{
config,
lib,
...
}:
with lib; let
cfg = config.features.desktop.hyprland;
in {
}: let
homeLib = import ../lib {inherit lib;};
in
with lib; {
imports = [
../common
(homeLib.mkHomeConfig {
profiles = ["coding" "media"];
context = "desktop";
})
./home.nix
../features/cli
../features/coding
../features/desktop
#./services/librechat.nix
];
options.features.desktop.hyprland.enable =
mkEnableOption "enable Hyprland";
config = mkMerge [
# Base configuration
{
# Base CLI tools (new namespace)
base = {
shell = {
fish.enable = true;
nushell.enable = true;
starship.enable = true;
};
cliTools = {
fzf.enable = true;
nitch.enable = true;
television.enable = true;
};
secrets.enable = true;
};
# Desktop features (new namespace)
desktop = {
wm = {
hyprland.enable = false;
rofi.enable = true;
wayland.enable = false;
};
apps = {
obsidian.enable = true;
office.enable = false;
crypto.enable = false;
};
theme = {
fonts.enable = true;
wallpapers.enable = false;
};
};
# Coding environment
coding = {
editors = {
neovim.enable = true;
zed.enable = true;
};
lsp.enable = true;
};
# Media profile features
profiles.media = {
obs.enable = false;
ffmpeg.enable = false;
kdenlive.enable = false;
ytDlp.enable = true;
};
xdg = {
# TODO: better structure
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
@@ -45,30 +91,10 @@ in {
};
};
};
features = {
cli = {
fish.enable = true;
nushell.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = true;
starship.enable = true;
};
desktop = {
coding.enable = true;
crypto.enable = false;
gaming.enable = false;
hyprland.enable = false;
media.enable = true;
office.enable = false;
rofi.enable = true;
fonts.enable = true;
wayland.enable = false;
};
};
}
(mkIf cfg.enable {
# Host-specific Hyprland layout — only applies when hyprland is enabled
(mkIf config.desktop.wm.hyprland.enable {
wayland.windowManager.hyprland = {
enable = true;
settings = {

22
home/m3tam3re/m3-helios.nix
View File

@@ -1,17 +1,25 @@
{
# m3-helios — AdGuard DNS and internal routing server.
# Context: server | Profiles: (none)
{lib, ...}: let
homeLib = import ../lib {inherit lib;};
in {
imports = [
../common
../features/cli
(homeLib.mkHomeConfig {
profiles = [];
context = "server";
})
./home-server.nix
];
features = {
cli = {
# Base CLI tools (new namespace)
base = {
shell = {
fish.enable = true;
starship.enable = true;
};
cliTools = {
fzf.enable = true;
nitch.enable = true;
secrets.enable = false;
starship.enable = true;
};
};
}

22
home/m3tam3re/m3-hermes.nix
View File

@@ -1,17 +1,25 @@
{
# m3-hermes — secondary server.
# Context: server | Profiles: (none)
{lib, ...}: let
homeLib = import ../lib {inherit lib;};
in {
imports = [
../common
../features/cli
(homeLib.mkHomeConfig {
profiles = [];
context = "server";
})
./home-server.nix
];
features = {
cli = {
# Base CLI tools (new namespace)
base = {
shell = {
fish.enable = true;
starship.enable = true;
};
cliTools = {
fzf.enable = true;
nitch.enable = true;
secrets.enable = false;
starship.enable = true;
};
};
}

104
home/m3tam3re/m3-kratos.nix
View File

@@ -1,21 +1,86 @@
# m3-kratos — AMD desktop workstation.
# Context: desktop | Profiles: coding, gaming, media
{
config,
lib,
...
}:
}: let
homeLib = import ../lib {inherit lib;};
in
with lib; {
imports = [
../common
(homeLib.mkHomeConfig {
profiles = ["coding" "gaming" "media"];
context = "desktop";
})
./home.nix
../features/cli
../features/coding
../features/desktop
];
config = mkMerge [
{
# Base CLI tools (new namespace)
base = {
shell = {
nushell.enable = true;
starship.enable = true;
};
cliTools = {
fzf.enable = true;
nitch.enable = true;
television.enable = true;
};
secrets.enable = true;
};
# Desktop features (new namespace)
desktop = {
wm = {
hyprland.enable = true;
rofi.enable = true;
wayland.enable = true;
};
apps = {
crypto.enable = true;
obsidian.enable = true;
office.enable = true;
};
theme = {
fonts.enable = true;
wallpapers.enable = true;
};
};
# Coding environment
coding = {
editors = {
neovim.enable = true;
zed.enable = true;
};
lsp.enable = true;
languages = {
python.enable = true;
javascript.enable = true;
rustToolchain.enable = true;
go.enable = true;
typescript.enable = true;
};
};
# Gaming profile features
profiles.gaming = {
steam.enable = true;
gamescope.enable = true;
};
# Media profile features
profiles.media = {
obs.enable = true;
ffmpeg.enable = true;
kdenlive.enable = true;
ytDlp.enable = true;
};
xdg = {
# TODO: better structure
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
@@ -38,32 +103,10 @@ with lib; {
};
};
};
features = {
cli = {
nushell.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = true;
starship.enable = true;
television.enable = true;
};
desktop = {
crypto.enable = true;
coding.enable = true;
gaming.enable = true;
hyprland.enable = true;
media.enable = true;
obsidian.enable = true;
office.enable = true;
rofi.enable = true;
fonts.enable = true;
wayland.enable = true;
wallpapers = true;
};
};
}
(mkIf config.features.desktop.hyprland.enable {
# Host-specific Hyprland monitor and workspace layout (dual 1440p monitors)
(mkIf config.desktop.wm.hyprland.enable {
wayland.windowManager.hyprland = {
enable = true;
settings = {
@@ -80,7 +123,6 @@ with lib; {
"6, monitor:DP-2"
"7, monitor:DP-2"
];
windowrule = [
"match:class dev.zed.Zed, workspace 1"
"match:class Msty, workspace 1"

8
home/profiles/gaming/default.nix Normal file
View File

@@ -0,0 +1,8 @@
# Gaming profile aggregator — Steam platform, Gamescope session, and AMD GPU tools.
{...}: {
imports = [
./steam.nix
./gamescope.nix
./gpu.nix
];
}

16
home/profiles/gaming/gamescope.nix Normal file
View File

@@ -0,0 +1,16 @@
# Gamescope — Valve's micro-compositor for Steam gaming sessions.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.profiles.gaming.gamescope;
in {
options.profiles.gaming.gamescope.enable = mkEnableOption "enable Gamescope session";
config = mkIf cfg.enable {
home.packages = [pkgs.gamescope];
};
}

21
home/profiles/gaming/gpu.nix Normal file
View File

@@ -0,0 +1,21 @@
# AMD GPU tools — ROCm runtime, monitoring, and Vulkan utilities for gaming.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.profiles.gaming.gpu;
in {
options.profiles.gaming.gpu.enable = mkEnableOption "enable AMD GPU tools";
config = mkIf cfg.enable {
home.packages = with pkgs; [
rocmPackages.rocm-runtime
rocmPackages.rocm-smi
rocmPackages.rocminfo
vulkan-tools
];
};
}

21
home/profiles/gaming/steam.nix Normal file
View File

@@ -0,0 +1,21 @@
# Steam gaming platform with Steam Deck compatibility tools and gaming utilities.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.profiles.gaming.steam;
in {
options.profiles.gaming.steam.enable = mkEnableOption "enable Steam gaming";
config = mkIf cfg.enable {
home.packages = with pkgs; [
gamemode
goverlay
mangohud
protonplus
];
};
}

10
home/profiles/media/default.nix Normal file
View File

@@ -0,0 +1,10 @@
# Media profile aggregator — OBS, FFmpeg, yt-dlp, Kdenlive, and HandBrake.
{...}: {
imports = [
./obs.nix
./ffmpeg.nix
./yt-dlp.nix
./kdenlive.nix
./handbrake.nix
];
}

24
home/profiles/media/ffmpeg.nix Normal file
View File

@@ -0,0 +1,24 @@
# FFmpeg — full-featured multimedia processing toolchain.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.profiles.media.ffmpeg;
in {
options.profiles.media.ffmpeg.enable = mkEnableOption "enable FFmpeg tools";
config = mkIf cfg.enable {
home.packages = with pkgs; [
amf
ffmpeg_6-full
gst_all_1.gstreamer
gst_all_1.gst-vaapi
pamixer
pavucontrol
qpwgraph
];
};
}

21
home/profiles/media/handbrake.nix Normal file
View File

@@ -0,0 +1,21 @@
# HandBrake — open-source video transcoder.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.profiles.media.handbrake;
in {
options.profiles.media.handbrake.enable = mkEnableOption "enable HandBrake transcoder";
config = mkIf cfg.enable {
home.packages = with pkgs; [
handbrake
gimp
inkscape
libation
];
};
}

16
home/profiles/media/kdenlive.nix Normal file
View File

@@ -0,0 +1,16 @@
# Kdenlive — KDE non-linear video editor.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.profiles.media.kdenlive;
in {
options.profiles.media.kdenlive.enable = mkEnableOption "enable Kdenlive video editor";
config = mkIf cfg.enable {
home.packages = [pkgs.kdePackages.kdenlive];
};
}

21
home/profiles/media/obs.nix Normal file
View File

@@ -0,0 +1,21 @@
# OBS Studio — open broadcaster software for streaming and recording.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.profiles.media.obs;
in {
options.profiles.media.obs.enable = mkEnableOption "enable OBS Studio";
config = mkIf cfg.enable {
home.packages = with pkgs; [
v4l-utils
];
# OBS is managed via NixOS programs.obs-studio at the system level.
# Home-manager only installs supporting tools.
};
}

32
home/profiles/media/yt-dlp.nix Normal file
View File

@@ -0,0 +1,32 @@
# yt-dlp and media playback — YouTube downloader with MPV integration.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.profiles.media.ytDlp;
in {
options.profiles.media.ytDlp.enable = mkEnableOption "enable yt-dlp and media playback";
config = mkIf cfg.enable {
home.packages = with pkgs; [
plexamp
unimatrix
webcord
];
programs.mpv = {
enable = true;
bindings = {
WHEEL_UP = "seek 10";
WHEEL_DOWN = "seek -10";
};
config = {
profile = "gpu-hq";
ytdl-format = "bestvideo+bestaudio";
};
};
};
}

6
home/server/default.nix Normal file
View File

@@ -0,0 +1,6 @@
# Server context home-manager configuration — minimal headless setup.
# Loaded on server hosts: m3-atlas, m3-helios, m3-aether.
{...}: {
# Server hosts use the base and coding modules directly.
# No desktop environment or GUI applications.
}

12
hosts/m3-aether/hardware-configuration.nix
View File

@@ -1,11 +1,15 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];

5
hosts/m3-ares/services/postgres.nix
View File

@@ -1,7 +1,4 @@
{
pkgs,
...
}: {
{pkgs, ...}: {
services.postgresql = {
enable = true;
package = pkgs.postgresql_17;

6
hosts/m3-atlas/services/containers/kestra.nix
View File

@@ -11,8 +11,7 @@
"kestra_data:/app/storage"
"/tmp/kestra-wd:/tmp/kestra-wd"
];
extraOptions =
[ "--add-host=postgres:10.89.0.1" "--ip=10.89.0.18" "--network=web" ];
extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.18" "--network=web"];
};
systemd.tmpfiles.rules = [
@@ -21,8 +20,7 @@
# Traefik configuration specific to littlelink
services.traefik.dynamicConfigOptions.http = {
services.kestra.loadBalancer.servers =
[{ url = "http://localhost:3018/"; }];
services.kestra.loadBalancer.servers = [{url = "http://localhost:3018/";}];
routers.kestra = {
rule = "Host(`k.m3ta.dev`)";

12
hosts/m3-helios/hardware-configuration.nix
View File

@@ -1,11 +1,15 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];

1
hosts/m3-hermes/configuration.nix
View File

@@ -21,6 +21,7 @@
git
tea
ghostty.terminfo
uv
];
services.openssh = {

8
hosts/m3-hermes/hardware-configuration.nix
View File

@@ -1,7 +1,13 @@
# Do not modify this file! It was generated by 'nixos-generate-config'
# and may be overwritten by future invocations. Please make changes
# to configuration.nix instead.
{config, lib, pkgs, modulesPath, ...}: {
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];

61
hosts/m3-hermes/services/hermes-agent.nix
View File

@@ -1,10 +1,11 @@
{
config,
pkgs,
inputs,
...
}: let
# Default ElevenLabs voice: Bella (German-capable female)
elevenlabsVoiceId = "hpp4J3VqNfWAUOO0d1Us";
# Edge TTS: Seraphina — friendly, multilingual German female voice (free, no API key)
edgeVoice = "de-DE-SeraphinaMultilingualNeural";
# Extra Python packages from the container's writable venv layer.
# matrix-nio is installed via pip in /home/hermes/.venv but the hermes
@@ -12,6 +13,26 @@
# site-packages via PYTHONPATH and provide libstdc++ for libolm (e2e).
venvSitePackages = "/home/hermes/.venv/lib/python3.11/site-packages";
gccLibPath = "${pkgs.stdenv.cc.cc.lib}/lib";
# Build skills using agents flake lib for hermes user
hermesSkills = inputs.agents.lib.mkOpencodeSkills {
inherit pkgs;
customSkills = "${inputs.agents}/skills";
externalSkills = [
{
src = inputs.skills-basecamp;
skillsDir = "skills";
}
{
src = inputs.skills-anthropic;
skillsDir = "skills";
}
{
src = inputs.skills-kestra;
skillsDir = "skills";
}
];
};
in {
virtualisation.docker.enable = true;
@@ -36,6 +57,23 @@ in {
''}"
];
systemd.services.copy-hermes-skills = {
description = "Copy agent skills to hermes home directory";
wantedBy = ["hermes-agent.service"];
before = ["hermes-agent.service"];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script = ''
mkdir -p /var/lib/hermes/.agents
cp -rT ${hermesSkills} /var/lib/hermes/.agents/skills
chown -R hermes:hermes /var/lib/hermes/.agents
'';
};
# Ensure 'uv' is in the hermes-agent service PATH so CronJobs and terminal
# sessions can use 'uv run' for PEP 723 scripts (e.g. garmin-daily.py).
systemd.services.hermes-agent.path = [pkgs.uv];
services.hermes-agent = {
enable = true;
addToSystemPackages = true;
@@ -90,6 +128,14 @@ in {
tool_use_enforcement = "auto";
};
# ── Skills ─────────────────────────────────────────────────────────
skills = {
external_dirs = [
"/var/lib/hermes/.agents/skills"
];
};
# ── Terminal ───────────────────────────────────────────────────────
terminal = {
backend = "local";
@@ -134,10 +180,9 @@ in {
# ── TTS / STT / Voice ──────────────────────────────────────────────
tts = {
provider = "elevenlabs";
elevenlabs = {
voice_id = elevenlabsVoiceId;
model_id = "eleven_multilingual_v2";
provider = "edge";
edge = {
voice = edgeVoice;
};
};
@@ -163,9 +208,11 @@ in {
user_char_limit = 1375;
};
# ── Delegation ─────────────────────────────────────────────────────
# ── Delegation / Orchestrator ────────────────────────────────────────
delegation = {
max_iterations = 50;
orchestrator_enabled = true;
max_spawn_depth = 2;
};
# ── Matrix ────────────────────────────────────────────────────────

3
issues.jsonl Normal file
View File

@@ -0,0 +1,3 @@
{"id":"home-profile-restructuring-edz","title":"Create copy-hermes-skills systemd service","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:44:42Z","started_at":"2026-04-26T12:36:30Z","closed_at":"2026-04-26T12:44:42Z","close_reason":"Created systemd service in hosts/m3-hermes/services/hermes-agent.nix - copies skills to /var/lib/hermes/.agents/skills before hermes-agent starts","labels":["hermes-agent","nixos"],"dependencies":[{"issue_id":"home-profile-restructuring-edz","depends_on_id":"home-profile-restructuring-ycz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":1,"comment_count":0}
{"id":"home-profile-restructuring-ycz","title":"Build hermes-agent skills using mkOpencodeSkills","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":2,"created_at":"2026-04-26T12:30:09Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:35:15Z","started_at":"2026-04-26T12:31:35Z","closed_at":"2026-04-26T12:35:15Z","close_reason":"Added inputs to module signature and defined hermesSkills via inputs.agents.lib.mkOpencodeSkills with basecamp, anthropic, and kestra external skills. Verified with nixos-rebuild dry-run --flake .#m3-hermes (no errors).","labels":["hermes-agent","nixos"],"dependency_count":0,"dependent_count":1,"comment_count":0}
{"id":"home-profile-restructuring-cxa","title":"Verify skills available at /var/lib/hermes/.agents/skills","status":"closed","priority":2,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:50:58Z","started_at":"2026-04-26T12:38:15Z","closed_at":"2026-04-26T12:50:58Z","close_reason":"Manually verified - skills are present at /var/lib/hermes/.agents/skills on m3-hermes","labels":["hermes-agent","testing"],"dependencies":[{"issue_id":"home-profile-restructuring-cxa","depends_on_id":"home-profile-restructuring-edz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":0,"comment_count":0}