m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: m3tam3re/nixos-config:eb06533174b600e2693b2b286b212d378a8a8b94
Branches Tags
m3tam3re/nixos-config:master m3tam3re/nixos-config:__dolt_remote_info__ m3tam3re/nixos-config:feature/agent-lib-m3-kratos m3tam3re/nixos-config:feat/hyprland-lua
..
compare: m3tam3re/nixos-config:feature/agent-lib-m3-kratos
Branches Tags
m3tam3re/nixos-config:master m3tam3re/nixos-config:__dolt_remote_info__ m3tam3re/nixos-config:feature/agent-lib-m3-kratos m3tam3re/nixos-config:feat/hyprland-lua

62 Commits
eb06533174 .. feature/agent-lib-m3-kratos

Author SHA1 Message Date
m3ta-chiron 0519de4f1d chore: m3-are to new ui 2026-06-06 07:54:30 +02:00
m3ta-chiron 9316aab5ca +nier wallpaper 2026-06-02 19:26:39 +02:00
m3ta-chiron a87234bd7f +dms 2026-06-02 18:20:43 +02:00
m3ta-chiron a9ffe3ed28 feat: agent-lib exlude agents 2026-05-31 14:10:15 +02:00
m3ta-chiron 7c5b92c377 Align nixpkgs with Home Manager 26.11 2026-05-31 13:14:24 +02:00
m3ta-chiron 6c4e16de3d feat(m3-kratos): enable agent-lib shared skills 2026-05-30 10:01:47 +02:00
m3ta-chiron f20dd18b5f +babysitter 2026-05-29 18:35:12 +02:00
m3ta-chiron 23b4e825b1 m3ta-home update 2026-05-29 17:38:20 +02:00
m3ta-chiron 2a37ea8fbc fix(kratos): launch Hyprland via wrapper from greetd 2026-05-25 09:51:06 +02:00
m3ta-chiron b1fb63c814 fix(kratos): simplify tuigreet login command 
Root cause: The complex concatStringsSep command with power commands
(--power-shutdown, --power-reboot) and multiple --remember flags was
causing tuigreet to display its usage/flags instead of the login UI.
The quoting in the systemd binary paths may have been problematic.

Changes:
- Use lib.getExe instead of manual bin path for tuigreet
- Use simple 'Hyprland' command (found via PATH) instead of
  the full start-hyprland path which may have issues
- Remove unverified options: --remember-session, --remember-user-session,
  --user-menu, --user-menu-min-uid, --power-shutdown, --power-reboot
- Keep only verified options: --time, --remember, --asterisks, --cmd
- Update tmpfiles comment to reflect actual requirement

This provides a minimal, stable login that works reliably.
User can reboot to test.
 2026-05-25 09:34:01 +02:00
m3ta-chiron 32677cfb40 fix(kratos): replace gdm with greetd/tuigreet login manager 2026-05-25 09:19:08 +02:00
m3tam3re 9f1e7fd568 Merge pull request 'fix: enable Hermes voice STT dependencies' (#21) from fix/hermes-voice-stt-deps into master 
Reviewed-on: #21
 2026-05-23 11:30:18 +02:00
m3ta-chiron 95aaddd8c0 fix: enable Hermes voice STT dependencies 2026-05-23 10:32:11 +02:00
m3tam3re 6588586a26 Merge pull request 'Set Hermes default model to GPT 5.5' (#20) from chore/hermes-gpt55-default-fallbacks into master 
Reviewed-on: #20
 2026-05-23 09:22:18 +02:00
m3ta-chiron 2c8d4da6ff Set Hermes default model to GPT 5.5 2026-05-23 09:19:38 +02:00
m3tam3re 06cc749b69 Merge pull request 'Optimize Hermes Nix service configuration' (#19) from fix/hermes-matrix-mautrix-deps into master 
Reviewed-on: #19
 2026-05-23 08:58:00 +02:00
m3ta-chiron b49d5c4f72 Optimize Hermes Nix service configuration 2026-05-23 08:55:05 +02:00
m3tam3re d90a20123e Merge pull request 'Fix Hermes Matrix deps for v2026.5.16' (#18) from fix/hermes-matrix-mautrix-deps into master 
Reviewed-on: #18
 2026-05-23 08:16:35 +02:00
m3ta-chiron 1bd78b5de8 Fix Hermes Matrix deps for v2026.5.16 2026-05-23 08:06:01 +02:00
m3ta-chiron 59ada8585f feat(atlas): deploy self-hosted honcho 2026-05-20 20:52:15 +02:00
m3tam3re 42acdbc98f flake update 2026-05-18 20:17:24 +02:00
m3tam3re af08084692 chore: fix git identity for m3-hermes 2026-05-11 19:27:11 +02:00
m3tam3re 4f9944101f chore: optimize hermes 2026-05-11 19:01:17 +02:00
m3tam3re 20d2548791 Merge pull request 'fix(m3-atlas): remove netbird-only middleware from dashboard router' (#16) from fix/remove-netbird-middleware into master 
Reviewed-on: #16
 2026-05-11 17:16:42 +02:00
m3ta-chiron a957fd1372 fix(m3-atlas): remove netbird-only middleware from dashboard router 
Access control is handled at DNS level — dash.m3ta.dev resolves to
Netbird IP (100.81.142.56) which is unreachable from the public internet.
No need for IP whitelist middleware.
 2026-05-11 17:15:16 +02:00
m3tam3re 354791f252 Merge pull request 'feat: Hermes Dashboard via m3-atlas Traefik (TLS + Netbird-only)' (#15) from feat/hermes-dashboard-traefik into master 
Reviewed-on: #15
 2026-05-11 16:09:53 +02:00
m3ta-chiron fc39e05beb feat: Hermes Dashboard via m3-atlas Traefik with TLS + Netbird-only access 
m3-hermes:
- Add --insecure flag (required for 0.0.0.0 bind, safe behind Netbird firewall)
- Update comments to document the Traefik proxy flow

m3-atlas Traefik:
- New service: hermes-dashboard → http://100.81.231.152:9119 (Netbird)
- New router: dash.m3ta.dev with GoDaddy TLS cert
- New middleware: netbird-only (IP whitelist 100.64.0.0/16)

Flow: Browser → dash.m3ta.dev (TLS) → Traefik → Netbird → m3-hermes:9119
 2026-05-11 15:53:04 +02:00
m3tam3re e6f184f24a chore: hermes dashboard over netbird 2026-05-11 11:36:49 +02:00
m3tam3re 72ef896297 Merge pull request 'feat(m3-hermes): Hermes Dashboard as systemd service with Netbird-only firewall' (#13) from feat/hermes-dashboard-service into master 
Reviewed-on: #13
 2026-05-11 11:26:51 +02:00
m3ta-chiron 20bd28d567 feat(m3-hermes): add Hermes Dashboard as systemd service with Netbird-only firewall 
- New hermes-dashboard.service: runs 'hermes dashboard' on 0.0.0.0:9119
- Firewall restricts port 9119 to Netbird mesh VPN range (100.64.0.0/16)
- Runs as hermes user with NoNewPrivileges + ProtectSystem hardening
- Depends on hermes-agent.service (starts after gateway)
- Added placeholder hermes-api-server-key.age (needs real encryption on host)
 2026-05-11 11:19:21 +02:00
m3tam3re e743808d2b Merge pull request 'feat(m3-hermes): Netbird mesh VPN + API server for Desktop App' (#12) from feat/hermes-netbird-api-server into master 
Reviewed-on: #12
 2026-05-11 09:15:48 +02:00
m3ta-chiron c6df5d3836 feat(m3-hermes): add Netbird mesh VPN + enable API server for Hermes Desktop 2026-05-10 11:46:21 +02:00
m3tam3re 1544764f37 chore: m3-atlas -coding 2026-05-09 10:46:47 +02:00
m3tam3re c4fefdd172 Merge pull request 'feat(m3-hermes): enable Kanban board + update for v0.13.0' (#11) from feat/hermes-v0.13-kanban into master 
Reviewed-on: #11
 2026-05-09 10:43:53 +02:00
m3ta-chiron ee94ebf660 feat(m3-hermes): enable kanban board + update for v0.13.0 
- Add kanban config block with gateway-embedded dispatcher
  (dispatch_in_gateway=true, 60s interval)
- Update venvSitePackages path from python3.11 to python3.12
  (v0.13.0 upgraded Python runtime)
- Update checkpoints section comment for v2
 2026-05-09 10:29:22 +02:00
m3tam3re 6128d0ae61 chore: udate m3-atlas 2026-05-09 10:17:14 +02:00
m3tam3re 22f15abd34 chore: flake update 2026-05-09 09:58:33 +02:00
m3tam3re 90e417525b Merge pull request 'feat: integrate m3ta-home for centralized user profiles' (#9) from feat/m3ta-home-integration into master 
Reviewed-on: #9
 2026-05-02 11:02:54 +02:00
m3ta-chiron a455789bee refactor: remove old home/ directory (77 files migrated to m3ta-home) 
All home-manager configuration is now centralized in the m3ta-home repo:
- profiles/base/     ← shell, CLI tools, secrets
- profiles/contexts/ ← desktop, server
- profiles/sets/     ← coding, gaming, media
- users/             ← identities, preferences

Per-host overrides (monitors, XDG/MIME) remain in hosts/<name>/home.nix.
Central user integration via hosts/common/users/m3tam3re.nix.
 2026-05-02 11:01:12 +02:00
m3ta-chiron 2078d6bccd docs: update AGENTS.md for m3ta-home integration, work identity, new structure 2026-05-02 10:54:42 +02:00
m3ta-chiron 5cbb975c78 feat: complete host home.nix files + add m3-daedalus, clean up m3tam3re.nix 
- hosts/m3-kratos/home.nix: XDG/MIME defaults + dual DP Hyprland monitors
- hosts/m3-ares/home.nix: XDG/MIME defaults + eDP+HDMI Hyprland monitors
- hosts/m3-daedalus/home.nix: XDG/MIME defaults (no Hyprland)
- hosts/common/users/m3tam3re.nix: refactored hostFlags into let binding,
  added m3-daedalus profile (desktop/coding+media, no gaming/Hyprland)
 2026-05-02 10:41:12 +02:00
m3ta-chiron f2ecd13780 fix: set home-manager.useGlobalPkgs=true for m3ta-nixpkgs overlays 2026-05-02 10:08:50 +02:00
m3ta-chiron ab1bdc9848 feat: integrate m3ta-home for centralized user profiles 2026-05-02 09:53:27 +02:00
m3tam3re 1692a34f6e Merge pull request 'feat: enable orchestrator + switch TTS to Edge (Katja voice)' (#8) from feature/orchestrator-edge-tts into master 
Reviewed-on: #8
 2026-05-01 16:15:13 +02:00
m3ta-chiron 2403e54039 feat: enable orchestrator + switch TTS to Edge (Seraphina voice) 
- Enable delegation.orchestrator_enabled with max_spawn_depth=2
- Switch TTS from ElevenLabs (paid) to Edge TTS (free)
- Voice: de-DE-SeraphinaMultilingualNeural — friendly, multilingual German female
- No API key required
 2026-05-01 16:06:49 +02:00
m3tm3re 3e8c95944c chore: hermes update 2026-05-01 12:06:23 +02:00
m3ta-chiron fbc555feeb feat: pi guardrails 2026-04-29 20:14:07 +02:00
m3ta-chiron 6a5d8f0011 feat(agents): add strict security hardening for Pi and OpenCode 
Pi Guardrails:
- Enables @aliou/pi-guardrails with strict default config
- Sets onboarding.completed = true to skip onboarding prompt
- Enables pathAccess in ask mode for /nix/store and /tmp
- Adds noAccess policies for: SSH keys, GPG keys, AWS config,
  Kubernetes config, cloud CLI configs (gh/gcloud/1password/sops),
  agenix secrets, Pi auth/sessions, env files, private keys/certs
- Adds auto-deny patterns for env leakage commands:
  env, printenv, /proc/*/environ, GPG secret exports,
  ssh-add -D, password manager reads

OpenCode permissions:
- Adds permission section with global security rules
- external_directory: ask by default, allow /nix/store and /tmp
- read/edit: allow by default, deny SSH/GPG/AWS/Kube/cloud configs,
  agenix secrets, Pi auth/sessions, env files, private keys/certs
- glob: restrict sensitive path patterns
- grep: deny SSH/GPG/agenix, ask for PASSWORD/SECRET/API_KEY/PRIVATE_KEY
- bash: ask by default, allow safe git/nix commands,
  deny env/printenv/proc/GPG secret/sudo/ssh-add deletion/curl|sh
- webfetch: ask by default, allow github/nixos search
- doom_loop: ask
 2026-04-29 19:48:29 +02:00
m3tam3re 9c3d10836f Merge pull request 'fix: add uv to hermes-agent service PATH' (#7) from fix/hermes-agent-uv-path into master 
Reviewed-on: #7
 2026-04-29 16:24:17 +02:00
m3ta-chiron a615ab61e8 fix: add uv to hermes-agent service PATH 
Add pkgs.uv to systemd.services.hermes-agent.path so that CronJobs
and terminal sessions can execute PEP 723 scripts via 'uv run'
(e.g. garmin-daily.py for Garmin Connect health data).

Also adds uv to environment.systemPackages for general availability.
 2026-04-29 16:18:41 +02:00
m3ta-chiron 193b8c0115 fix(git-identity): use existing gitea SSH key for agent commits 
The m3ta-chiron SSH key was not accepted by Gitea.
Using the existing gitea key instead for push authentication.
 2026-04-27 19:52:11 +02:00
m3tm3re f76c4dd5d4 chore: smlink pip to uv pip 2026-04-27 19:36:52 +02:00
m3tm3re 05dc6bf608 chore: smlink pip to uv pip 2026-04-27 19:07:26 +02:00
m3tam3re d524864fc3 Merge pull request 'feature/agent-git-identity' (#6) from feature/agent-git-identity into master 
Reviewed-on: #6
 2026-04-27 17:55:06 +02:00
m3tm3re 09e2ba8538 chore: AGENTS + nixpkgs input urls 2026-04-27 17:53:08 +02:00
m3tm3re a427f319d4 feat(agents): add gitIdentity config and git-identity rule 
- coding.agents.gitIdentity enabled with m3ta-chiron identity
- coding.agents.pi.codingRules.concerns includes 'git-identity'
- Uses feature/agent-git-identity branches for m3ta-nixpkgs and agents
 2026-04-27 13:24:34 +02:00
m3tm3re 936eb13794 feat: add global skills to hermes environment 2026-04-26 15:14:54 +02:00
m3tm3re 5b0e6cbd5d feat(hermes-agent): add copy-hermes-skills systemd service 2026-04-26 14:37:43 +02:00
m3tm3re 2302810d11 chore: update beads issue state and gitignore docs/plans 2026-04-26 14:35:38 +02:00
m3tm3re 25ac47a422 feat(hermes-agent): add mkOpencodeSkills integration for skills provisioning 
- Add inputs parameter to module signature for flake input access
- Define hermesSkills via inputs.agents.lib.mkOpencodeSkills
- Includes customSkills from agents flake and external skills:
  - skills-basecamp (basecamp/basecamp-cli)
  - skills-anthropic (anthropics/skills)
  - skills-kestra (kestra-io/agent-skills)
- Verified with nixos-rebuild dry-run --flake .#m3-hermes (no errors)
 2026-04-26 14:35:06 +02:00
m3tm3re e6cfcc346b docs(agents): expand Beads workflow documentation 
- Add 6-step core workflow with examples
- Document slash commands for agent integration
- Add 'Why Beads?' section emphasizing persistence
- Note to avoid bd edit in agent contexts
- Include dependency linking examples
 2026-04-26 14:12:30 +02:00
m3tm3re 09bc9da6d9 chore: complete AGENTS.md documentation 
- Add comprehensive project documentation to AGENTS.md
- Remove stale docs from docs/ directory
- Update agent configs (agents.nix, pi.nix)
- Update python.nix language config
- Update .gitignore
 2026-04-26 14:10:54 +02:00
136 changed files with 9065 additions and 5602 deletions
Expand all files Collapse all files
.a5c/.gitignore
+3
View File
@@ -0,0 +1,3 @@
node_modules/
runs/
*.log
.a5c/inputs/project-install.json
+5
View File
@@ -0,0 +1,5 @@
{
"projectRoot": "/home/m3tam3re/p/NIX/nixos-config",
"isNewProject": false,
"additionalContext": "Install and configure babysitter for this existing NixOS flake configuration repository. Respect AGENTS.md instructions, Beads workflow, Nix conventions, and avoid interactive/destructive operations unless explicitly approved."
}
.a5c/package-lock.json
Generated
+4570
View File
File diff suppressed because it is too large Load Diff
.a5c/package.json
+9
View File
@@ -0,0 +1,9 @@
{
"name": "nixos-config-a5c",
"version": "1.0.0",
"private": true,
"type": "module",
"dependencies": {
"@a5c-ai/babysitter-sdk": "latest"
}
}
.a5c/project-profile.json
+596
View File
@@ -0,0 +1,596 @@
{
"projectName": "nixos-config",
"description": "A reliable, elegant, multi-system NixOS flake configuration for personal desktop, server, cloud, Home Manager, package, overlay, and secret management.",
"goals": [
{
"id": "goal-reliability-1",
"description": "Keep all managed NixOS systems reproducible, reliable, and easy to validate before deployment.",
"category": "reliability",
"priority": "high",
"status": "active"
},
{
"id": "goal-architecture-1",
"description": "Maintain an elegant multi-system architecture with clear host boundaries and reusable common modules.",
"category": "architecture",
"priority": "high",
"status": "active"
},
{
"id": "goal-modularization-1",
"description": "Continue breaking up the former monorepo by keeping Home Manager profiles in m3ta-home and custom packages/modules in m3ta-nixpkgs where appropriate.",
"category": "modularization",
"priority": "high",
"status": "active"
},
{
"id": "goal-cicd-1",
"description": "CI/CD is not currently configured; add useful Gitea Actions validation later for formatting, linting, flake evaluation, and safe host checks.",
"category": "automation",
"priority": "medium",
"status": "deferred"
}
],
"techStack": {
"languages": [
{
"name": "Nix",
"role": "primary system, module, overlay, and package configuration language"
},
{
"name": "Markdown",
"role": "project, agent, and workflow documentation"
},
{
"name": "JSON/YAML",
"role": "tool configuration and metadata"
}
],
"frameworks": [
{
"name": "Nix flakes",
"category": "reproducible dependency and output model"
},
{
"name": "NixOS modules",
"category": "host and service configuration"
},
{
"name": "Home Manager",
"category": "user environment management"
},
{
"name": "Agenix",
"category": "encrypted secret management"
},
{
"name": "Disko",
"category": "server disk provisioning"
},
{
"name": "NUR",
"category": "community package access"
},
{
"name": "llm-agents.nix",
"category": "LLM agent packages overlay"
},
{
"name": "m3ta-home",
"category": "external reusable Home Manager profiles"
},
{
"name": "m3ta-nixpkgs",
"category": "external custom packages/modules/overlays"
}
],
"databases": [],
"infrastructure": [
{
"name": "m3-ares",
"category": "desktop NixOS host"
},
{
"name": "m3-kratos",
"category": "desktop NixOS host"
},
{
"name": "m3-daedalus",
"category": "portable laptop/Home Manager configuration"
},
{
"name": "m3-atlas",
"category": "primary server NixOS host"
},
{
"name": "m3-helios",
"category": "minimal server/AdGuard host"
},
{
"name": "m3-hermes",
"category": "secondary server/Hermes host"
},
{
"name": "m3-aether",
"category": "cloud VM/minimal server host"
}
],
"buildTools": [
"nix",
"nixos-rebuild",
"nix build",
"nix flake show",
"alejandra",
"statix",
"deadnix"
],
"packageManagers": [
"nix flakes"
]
},
"architecture": {
"pattern": "Pure Nix flake-based NixOS configuration repository with host-specific modules, common shared modules, overlays, custom packages, agenix secrets, and externalized Home Manager/package inputs.",
"modules": [
{
"name": "flake.nix",
"path": "flake.nix",
"description": "Top-level entry point defining inputs, packages, overlays, Home Manager modules, NixOS configurations, and dev shells."
},
{
"name": "hosts/common",
"path": "hosts/common",
"description": "Shared NixOS configuration, nix settings, overlays, Home Manager setup, ports, extra services, and users."
},
{
"name": "hosts",
"path": "hosts",
"description": "Per-host NixOS/Home Manager configurations for desktops, servers, and cloud VM."
},
{
"name": "modules/nixos",
"path": "modules/nixos",
"description": "Reusable NixOS modules."
},
{
"name": "modules/home-manager",
"path": "modules/home-manager",
"description": "Reusable Home Manager module exports."
},
{
"name": "overlays",
"path": "overlays",
"description": "Nixpkgs overlays for stable, locked, pinned, master, temporary, and agent packages."
},
{
"name": "pkgs",
"path": "pkgs",
"description": "Custom package export set."
},
{
"name": "secrets",
"path": "secrets",
"description": "Encrypted agenix secret files and registry."
}
],
"entryPoints": [
"flake.nix",
"hosts/<host>/default.nix",
"hosts/<host>/configuration.nix",
"hosts/common/default.nix",
"hosts/common/users/m3tam3re.nix",
"overlays/default.nix",
"pkgs/default.nix",
"secrets.nix"
],
"dataFlow": "flake.nix wires inputs, overlays, packages, NixOS modules, and Home Manager. Host modules import common configuration and host-specific hardware/programs/services/secrets. Host profile flags in hosts/common/users/m3tam3re.nix feed the external m3ta-home mkHome integration. Secrets flow through agenix registry and host secret modules."
},
"team": [
{
"name": "m3tam3re",
"role": "solo developer and operator",
"responsibilities": [
"architecture",
"implementation",
"host maintenance",
"deployments",
"review"
]
},
{
"name": "m3ta-chiron",
"role": "agent contributor",
"responsibilities": [
"semi-autonomous implementation",
"validation",
"documentation updates",
"conventional commits"
]
}
],
"workflows": [
{
"name": "development",
"description": "Default feature-branch workflow for solo development with conventional commits and validation before push.",
"steps": [
"review Beads issues with bd ready --json",
"claim work with bd update <id> --claim when applicable",
"edit Nix modules or project files",
"run alejandra .",
"run statix check .",
"run targeted nix flake or host dry-run checks",
"commit with conventional commit format",
"pull --rebase and push"
],
"triggers": [
"new feature",
"bug fix",
"refactor",
"agent task"
]
},
{
"name": "nix validation",
"description": "Quality gate for Nix configuration changes.",
"steps": [
"alejandra .",
"statix check .",
"deadnix check or deadnix -w when appropriate",
"nix flake show",
"sudo nixos-rebuild dry-run --flake .#<host> for affected hosts"
],
"triggers": [
"Nix code changes",
"before deployment",
"before commit"
]
},
{
"name": "host deployment",
"description": "Manual deployment after successful dry-run validation.",
"steps": [
"sudo nixos-rebuild dry-run --flake .#<host>",
"sudo nixos-rebuild switch --flake .#<host>"
],
"triggers": [
"manual host update"
]
},
{
"name": "dependency/input update",
"description": "Controlled flake input updates without manually editing flake.lock.",
"steps": [
"use nix flake update or nixos-rebuild --update-input <input>",
"validate affected outputs",
"commit flake.nix/flake.lock changes"
],
"triggers": [
"planned dependency update",
"security update"
]
},
{
"name": "beads issue tracking",
"description": "Persistent issue tracking and session handoff workflow.",
"steps": [
"bd ready --json",
"bd show <id>",
"bd update <id> --claim",
"bd close <id> --reason <summary>",
"bd dolt push"
],
"triggers": [
"start of tracked work",
"completion of tracked work"
]
}
],
"processes": [
{
"id": "cradle/project-install",
"name": "Babysitter project install",
"status": "installing",
"purpose": "Create and save a Babysitter project profile and setup recommendations."
}
],
"tools": {
"formatting": [
{
"name": "alejandra",
"purpose": "Nix formatting",
"configPaths": [
"flake.nix devShells.default"
]
}
],
"linting": [
{
"name": "statix",
"purpose": "Nix anti-pattern linting",
"configPaths": [
"flake.nix devShells.default"
]
},
{
"name": "deadnix",
"purpose": "Detect unused Nix code",
"configPaths": [
"flake.nix devShells.default"
]
}
],
"testing": [
{
"name": "nix flake show",
"purpose": "Evaluate flake outputs",
"configPaths": [
"flake.nix"
]
},
{
"name": "nixos-rebuild dry-run",
"purpose": "Validate host configurations without applying changes",
"configPaths": [
"flake.nix",
"hosts/*"
]
},
{
"name": "nix build",
"purpose": "Build selected outputs such as host toplevels or ISOs",
"configPaths": [
"flake.nix"
]
}
],
"issueTracking": [
{
"name": "Beads",
"command": "bd",
"purpose": "Persistent task tracking"
}
]
},
"services": [
{
"name": "code.m3ta.dev",
"type": "git hosting",
"url": "git+ssh://gitea@code.m3ta.dev"
},
{
"name": "GitHub",
"type": "flake input hosting",
"url": "github:* flake inputs"
},
{
"name": "Agenix",
"type": "secret encryption",
"url": "github:ryantm/agenix"
},
{
"name": "Hermes Agent",
"type": "NixOS module/agent service",
"url": "github:NousResearch/hermes-agent"
},
{
"name": "RustFS",
"type": "NixOS server service flake",
"url": "github:rustfs/rustfs-flake"
}
],
"externalIntegrations": [
{
"service": "Beads",
"category": "issue tracking",
"enabled": true
},
{
"service": "Dolt",
"category": "Beads storage/sync",
"enabled": true
},
{
"service": "Agenix",
"category": "secrets",
"enabled": true
},
{
"service": "Home Manager",
"category": "user environment",
"enabled": true
},
{
"service": "m3ta-home",
"category": "external home profiles",
"enabled": true
},
{
"service": "m3ta-nixpkgs",
"category": "external Nix modules/packages",
"enabled": true
},
{
"service": "NUR",
"category": "Nix packages",
"enabled": true
},
{
"service": "Disko",
"category": "disk provisioning",
"enabled": true
},
{
"service": "Hermes Agent",
"category": "LLM/agent service",
"enabled": true
}
],
"cicd": {
"provider": null,
"enabled": false,
"configPaths": [],
"pipelines": [],
"notes": "CI/CD is intentionally disabled for now. If re-enabled later, prefer Gitea Actions because this repository is hosted on code.m3ta.dev.",
"babysitterIntegration": {
"enabled": false,
"triggerOn": [],
"processIds": []
}
},
"painPoints": [
{
"id": "pp-architecture-1",
"description": "The repository is transitioning away from a monorepo; boundaries with m3ta-home and m3ta-nixpkgs must remain clear.",
"severity": "high",
"category": "architecture",
"discoveredVia": "user interview",
"suggestedRemediation": "Keep host-specific decisions local while moving reusable Home Manager profiles and package/module abstractions to their dedicated inputs."
},
{
"id": "pp-validation-1",
"description": "A single shared Nix change can require validating several hosts to be confident.",
"severity": "medium",
"category": "validation",
"discoveredVia": "repo structure and AGENTS workflow",
"suggestedRemediation": "Use targeted affected-host validation locally for now; add a Gitea Actions validation matrix later if CI/CD is re-enabled."
},
{
"id": "pp-dependency-1",
"description": "Multiple pinned, locked, stable, master, and external SSH flake inputs increase update complexity.",
"severity": "medium",
"category": "dependency management",
"discoveredVia": "flake and history analysis",
"suggestedRemediation": "Update inputs intentionally, group related updates, and validate affected host outputs."
},
{
"id": "pp-operations-1",
"description": "Service additions often need synchronized module, secret, and network/TLS changes.",
"severity": "medium",
"category": "operations",
"discoveredVia": "git history and tree structure",
"suggestedRemediation": "Use checklist-style issue templates or Babysitter processes for service changes."
}
],
"bottlenecks": [
{
"id": "bn-flake-1",
"description": "flake.nix and flake.lock are high-churn files whose changes can affect many hosts at once.",
"impact": "High; evaluation failures can block all hosts.",
"location": "flake.nix, flake.lock",
"frequency": "very frequent"
},
{
"id": "bn-secrets-1",
"description": "Secret registry and host secret modules must stay aligned with encrypted .age files.",
"impact": "Medium to high; missing or mismatched secrets break host deployment.",
"location": "secrets.nix, hosts/*/secrets.nix, secrets/*.age",
"frequency": "recurring"
},
{
"id": "bn-services-1",
"description": "Server service changes can span service modules, secrets, Traefik/networking, and flake inputs.",
"impact": "High for m3-atlas and m3-hermes changes; requires host-specific dry-runs.",
"location": "hosts/m3-atlas/services, hosts/m3-hermes/services, hosts/common",
"frequency": "frequent"
},
{
"id": "bn-home-1",
"description": "Home Manager behavior depends on both the external m3ta-home input and local host flags.",
"impact": "Medium; may require coordinated updates across repositories.",
"location": "flake.nix, hosts/common/users/m3tam3re.nix, m3ta-home input",
"frequency": "frequent after migration"
}
],
"conventions": {
"naming": {
"files": "hyphen-case for Nix/docs where practical; host directories use m3-* names",
"hosts": "m3-<greek-name>",
"modules": "one module per file/directory where possible",
"nixVariables": "camelCase"
},
"git": {
"branchStrategy": "default feature branches for non-trivial work; master as integration branch",
"commits": "conventional commits for agent work",
"reviews": "optional for solo development",
"releaseCadence": "continuous/manual as needed",
"remote": "code.m3ta.dev over SSH for private inputs and repo access"
},
"codeStyle": {
"formatter": "alejandra",
"indentation": "2 spaces",
"nixStyle": "explicit pkgs references preferred; avoid with pkgs, builtins.fetchTarball, import <nixpkgs>, builtins.getAttr/hasAttr"
},
"importOrder": [
"module function arguments",
"imports",
"let bindings",
"options/config"
],
"errorHandling": "Nix configuration should fail explicitly during evaluation/build; avoid hiding errors or impure paths.",
"testingConventions": "Run alejandra, statix, deadnix as appropriate, nix flake show, and host-specific nixos-rebuild dry-run before switching.",
"additionalRules": [
"Use Beads for persistent task tracking.",
"Use non-interactive flags for shell file operations.",
"Do not modify flake.lock directly; use nix flake update.",
"Do not commit plaintext secrets.",
"Use SSH URLs for code.m3ta.dev flake inputs.",
"Operate Babysitter semi-autonomously with breakpoints for destructive, deployment, or architecture-changing decisions."
]
},
"repositories": [
{
"name": "nixos-config",
"path": "/home/m3tam3re/p/NIX/nixos-config",
"role": "primary multi-host NixOS configuration"
},
{
"name": "m3ta-home",
"url": "git+ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home",
"role": "external Home Manager profiles"
},
{
"name": "m3ta-nixpkgs",
"url": "git+ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs",
"role": "external custom packages/modules/overlays"
}
],
"claudeMdInstructions": [
"Respect AGENTS.md as the source of project workflow rules.",
"Resolve the active Babysitter process library before using library processes.",
"Use cradle/project-install for project setup or profile refresh.",
"Use evolutionary GSD: map affected Nix modules/hosts, make focused changes, verify, and iterate.",
"Prefer alejandra, statix, deadnix, nix flake show, and targeted host dry-runs for Nix changes.",
"Preserve boundaries between nixos-config, m3ta-home, and m3ta-nixpkgs.",
"Use breakpoints for destructive operations, deployments, architecture changes, and secret-handling decisions.",
"Babysitter CI/CD is not currently enabled; if re-added later, use Gitea Actions rather than GitHub Actions."
],
"installedSkills": [
"project-install",
"babysit",
"specializations/devops-sre-platform/skills/cicd-pipelines/SKILL.md",
"specializations/devops-sre-platform/skills/gitops/SKILL.md",
"specializations/devops-sre-platform/skills/secrets-management/SKILL.md"
],
"installedAgents": [
"general-purpose",
"specializations/devops-sre-platform/agents/platform-engineer/AGENT.md",
"specializations/devops-sre-platform/agents/cicd-specialist/AGENT.md"
],
"installedProcesses": [
"cradle/project-install",
"methodologies/gsd/quick.js",
"methodologies/gsd/verify-work.js",
"methodologies/gsd/iterative-convergence.js",
"methodologies/evolutionary.js",
"specializations/devops-sre-platform/iac-testing.js"
],
"preferences": {
"babysitterAutonomy": "semi-autonomous",
"breakpointTolerance": "moderate",
"externalIntegrationsRequested": false,
"cicdDesired": false,
"cicdNote": "Deferred for now; Gitea Actions is the preferred provider if CI/CD is added later."
},
"createdAt": "2026-05-29T15:50:48.754Z",
"updatedAt": "2026-05-29T16:07:19.245463Z",
"version": 1
}
.a5c/project-profile.md
+238
View File
@@ -0,0 +1,238 @@
# Project Profile: nixos-config
A reliable, elegant, multi-system NixOS flake configuration for personal desktop, server, cloud, Home Manager, package, overlay, and secret management.
> Last updated: 2026-05-29T16:02:11.092188Z | Version: 1
## Goals
- **reliability** [high]: Keep all managed NixOS systems reproducible, reliable, and easy to validate before deployment. (active)
- **architecture** [high]: Maintain an elegant multi-system architecture with clear host boundaries and reusable common modules. (active)
- **modularization** [high]: Continue breaking up the former monorepo by keeping Home Manager profiles in m3ta-home and custom packages/modules in m3ta-nixpkgs where appropriate. (active)
- **automation** [medium]: CI/CD is not currently configured; add useful Gitea Actions validation later for formatting, linting, flake evaluation, and safe host checks. (deferred)
## Tech Stack
### Languages
- Nix (primary system, module, overlay, and package configuration language)
- Markdown (project, agent, and workflow documentation)
- JSON/YAML (tool configuration and metadata)
### Frameworks
- Nix flakes [reproducible dependency and output model]
- NixOS modules [host and service configuration]
- Home Manager [user environment management]
- Agenix [encrypted secret management]
- Disko [server disk provisioning]
- NUR [community package access]
- llm-agents.nix [LLM agent packages overlay]
- m3ta-home [external reusable Home Manager profiles]
- m3ta-nixpkgs [external custom packages/modules/overlays]
### Infrastructure
- m3-ares [desktop NixOS host]
- m3-kratos [desktop NixOS host]
- m3-daedalus [portable laptop/Home Manager configuration]
- m3-atlas [primary server NixOS host]
- m3-helios [minimal server/AdGuard host]
- m3-hermes [secondary server/Hermes host]
- m3-aether [cloud VM/minimal server host]
**Build tools:** nix, nixos-rebuild, nix build, nix flake show, alejandra, statix, deadnix
**Package managers:** nix flakes
## Architecture
**Pattern:** Pure Nix flake-based NixOS configuration repository with host-specific modules, common shared modules, overlays, custom packages, agenix secrets, and externalized Home Manager/package inputs.
**Data flow:** flake.nix wires inputs, overlays, packages, NixOS modules, and Home Manager. Host modules import common configuration and host-specific hardware/programs/services/secrets. Host profile flags in hosts/common/users/m3tam3re.nix feed the external m3ta-home mkHome integration. Secrets flow through agenix registry and host secret modules.
### Modules
| Module | Path | Description |
|--------|------|-------------|
| flake.nix | `flake.nix` | Top-level entry point defining inputs, packages, overlays, Home Manager modules, NixOS configurations, and dev shells. |
| hosts/common | `hosts/common` | Shared NixOS configuration, nix settings, overlays, Home Manager setup, ports, extra services, and users. |
| hosts | `hosts` | Per-host NixOS/Home Manager configurations for desktops, servers, and cloud VM. |
| modules/nixos | `modules/nixos` | Reusable NixOS modules. |
| modules/home-manager | `modules/home-manager` | Reusable Home Manager module exports. |
| overlays | `overlays` | Nixpkgs overlays for stable, locked, pinned, master, temporary, and agent packages. |
| pkgs | `pkgs` | Custom package export set. |
| secrets | `secrets` | Encrypted agenix secret files and registry. |
**Entry points:** `flake.nix`, `hosts/<host>/default.nix`, `hosts/<host>/configuration.nix`, `hosts/common/default.nix`, `hosts/common/users/m3tam3re.nix`, `overlays/default.nix`, `pkgs/default.nix`, `secrets.nix`
## Team
- **m3tam3re** (solo developer and operator): architecture, implementation, host maintenance, deployments, review
- **m3ta-chiron** (agent contributor): semi-autonomous implementation, validation, documentation updates, conventional commits
## Workflows
### development
Default feature-branch workflow for solo development with conventional commits and validation before push.
**Triggers:** new feature, bug fix, refactor, agent task
1. review Beads issues with bd ready --json
2. claim work with bd update <id> --claim when applicable
3. edit Nix modules or project files
4. run alejandra .
5. run statix check .
6. run targeted nix flake or host dry-run checks
7. commit with conventional commit format
8. pull --rebase and push
### nix validation
Quality gate for Nix configuration changes.
**Triggers:** Nix code changes, before deployment, before commit
1. alejandra .
2. statix check .
3. deadnix check or deadnix -w when appropriate
4. nix flake show
5. sudo nixos-rebuild dry-run --flake .#<host> for affected hosts
### host deployment
Manual deployment after successful dry-run validation.
**Triggers:** manual host update
1. sudo nixos-rebuild dry-run --flake .#<host>
2. sudo nixos-rebuild switch --flake .#<host>
### dependency/input update
Controlled flake input updates without manually editing flake.lock.
**Triggers:** planned dependency update, security update
1. use nix flake update or nixos-rebuild --update-input <input>
2. validate affected outputs
3. commit flake.nix/flake.lock changes
### beads issue tracking
Persistent issue tracking and session handoff workflow.
**Triggers:** start of tracked work, completion of tracked work
1. bd ready --json
2. bd show <id>
3. bd update <id> --claim
4. bd close <id> --reason <summary>
5. bd dolt push
## Processes
- **Babysitter project install** (`cradle/project-install`, undefined)
## Tools
### Linting
- statix
- deadnix
### Testing
- nix flake show
- nixos-rebuild dry-run
- nix build
### Formatting
- alejandra
## Services
- **code.m3ta.dev** (git hosting) - git+ssh://gitea@code.m3ta.dev
- **GitHub** (flake input hosting) - github:* flake inputs
- **Agenix** (secret encryption) - github:ryantm/agenix
- **Hermes Agent** (NixOS module/agent service) - github:NousResearch/hermes-agent
- **RustFS** (NixOS server service flake) - github:rustfs/rustfs-flake
## CI/CD
**Status:** Not configured/enabled for now.
No Babysitter CI/CD workflow is currently installed. If CI/CD is added later, prefer Gitea Actions because this repository is hosted on code.m3ta.dev.
## Pain Points
- **high** [architecture]: The repository is transitioning away from a monorepo; boundaries with m3ta-home and m3ta-nixpkgs must remain clear.
- Remediation: Keep host-specific decisions local while moving reusable Home Manager profiles and package/module abstractions to their dedicated inputs.
- **medium** [validation]: A single shared Nix change can require validating several hosts to be confident.
- Remediation: Use targeted affected-host validation locally for now; add a Gitea Actions validation matrix later if CI/CD is re-enabled.
- **medium** [dependency management]: Multiple pinned, locked, stable, master, and external SSH flake inputs increase update complexity.
- Remediation: Update inputs intentionally, group related updates, and validate affected host outputs.
- **medium** [operations]: Service additions often need synchronized module, secret, and network/TLS changes.
- Remediation: Use checklist-style issue templates or Babysitter processes for service changes.
## Bottlenecks
- flake.nix and flake.lock are high-churn files whose changes can affect many hosts at once. at flake.nix, flake.lock (very frequent)
Impact: High; evaluation failures can block all hosts.
- Secret registry and host secret modules must stay aligned with encrypted .age files. at secrets.nix, hosts/*/secrets.nix, secrets/*.age (recurring)
Impact: Medium to high; missing or mismatched secrets break host deployment.
- Server service changes can span service modules, secrets, Traefik/networking, and flake inputs. at hosts/m3-atlas/services, hosts/m3-hermes/services, hosts/common (frequent)
Impact: High for m3-atlas and m3-hermes changes; requires host-specific dry-runs.
- Home Manager behavior depends on both the external m3ta-home input and local host flags. at flake.nix, hosts/common/users/m3tam3re.nix, m3ta-home input (frequent after migration)
Impact: Medium; may require coordinated updates across repositories.
## Conventions
### Naming
- **files:** hyphen-case for Nix/docs where practical; host directories use m3-* names
- **hosts:** m3-<greek-name>
- **modules:** one module per file/directory where possible
- **nixVariables:** camelCase
### Git
- **branchStrategy:** default feature branches for non-trivial work; master as integration branch
- **commits:** conventional commits for agent work
- **reviews:** optional for solo development
- **releaseCadence:** continuous/manual as needed
- **remote:** code.m3ta.dev over SSH for private inputs and repo access
**Import order:** module function arguments > imports > let bindings > options/config
**Error handling:** Nix configuration should fail explicitly during evaluation/build; avoid hiding errors or impure paths.
**Testing:** Run alejandra, statix, deadnix as appropriate, nix flake show, and host-specific nixos-rebuild dry-run before switching.
### Additional Rules
- Use Beads for persistent task tracking.
- Use non-interactive flags for shell file operations.
- Do not modify flake.lock directly; use nix flake update.
- Do not commit plaintext secrets.
- Use SSH URLs for code.m3ta.dev flake inputs.
- Operate Babysitter semi-autonomously with breakpoints for destructive, deployment, or architecture-changing decisions.
## Repositories
- **nixos-config** [`/home/m3tam3re/p/NIX/nixos-config`]
- **m3ta-home** - git+ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home
- **m3ta-nixpkgs** - git+ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs
## CLAUDE.md Instructions
- Respect AGENTS.md as the source of project workflow rules.
- Resolve the active Babysitter process library before using library processes.
- Use cradle/project-install for project setup or profile refresh.
- Use evolutionary GSD: map affected Nix modules/hosts, make focused changes, verify, and iterate.
- Prefer alejandra, statix, deadnix, nix flake show, and targeted host dry-runs for Nix changes.
- Preserve boundaries between nixos-config, m3ta-home, and m3ta-nixpkgs.
- Use breakpoints for destructive operations, deployments, architecture changes, and secret-handling decisions.
- Babysitter CI/CD is not currently enabled; if re-added later, use Gitea Actions rather than GitHub Actions.
## Installed Extensions
- Skills: project-install, babysit, specializations/devops-sre-platform/skills/cicd-pipelines/SKILL.md, specializations/devops-sre-platform/skills/gitops/SKILL.md, specializations/devops-sre-platform/skills/secrets-management/SKILL.md
- Agents: general-purpose, specializations/devops-sre-platform/agents/platform-engineer/AGENT.md, specializations/devops-sre-platform/agents/cicd-specialist/AGENT.md
- Processes: cradle/project-install, methodologies/gsd/quick.js, methodologies/gsd/verify-work.js, methodologies/gsd/iterative-convergence.js, methodologies/evolutionary.js, specializations/devops-sre-platform/iac-testing.js
.a5c/quality-gates.json
+53
View File
@@ -0,0 +1,53 @@
{
"qualityThreshold": 80,
"testCoverage": {
"minimum": 0,
"rationale": "NixOS configuration repository without a coverage-producing test suite."
},
"formatting": [
{
"name": "alejandra",
"command": "alejandra .",
"ciCommand": "alejandra --check ."
}
],
"linting": [
{
"name": "statix",
"command": "statix check ."
},
{
"name": "deadnix",
"command": "deadnix . --fail"
}
],
"evaluation": [
{
"name": "flake outputs",
"command": "nix flake show"
},
{
"name": "affected host dry-run",
"command": "sudo nixos-rebuild dry-run --flake .#<host>",
"when": "Run for affected hosts when practical and safe."
}
],
"commitChecks": [
"alejandra .",
"statix check .",
"deadnix . --fail",
"nix flake show"
],
"deployGates": [
"formatting passes",
"linting passes",
"flake outputs evaluate",
"affected host dry-run succeeds",
"secrets are encrypted and host secret modules remain aligned"
],
"cicdIntegrationPoints": [],
"cicd": {
"enabled": false,
"notes": "No CI/CD integration is currently configured. Add Gitea Actions later if automated Babysitter or Nix validation is desired."
}
}
.beads/hooks/post-checkout
+2 -2
View File
@@ -1,5 +1,5 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# --- BEGIN BEADS INTEGRATION v1.0.2 --- # --- BEGIN BEADS INTEGRATION v1.0.3 ---
# This section is managed by beads. Do not remove these markers. # This section is managed by beads. Do not remove these markers.
if command -v bd >/dev/null 2>&1; then if command -v bd >/dev/null 2>&1; then
export BD_GIT_HOOK=1 export BD_GIT_HOOK=1
@@ -21,4 +21,4 @@ if command -v bd >/dev/null 2>&1; then
fi fi
if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi
fi fi
# --- END BEADS INTEGRATION v1.0.2 --- # --- END BEADS INTEGRATION v1.0.3 ---
.beads/hooks/post-merge
+2 -2
View File
@@ -1,5 +1,5 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# --- BEGIN BEADS INTEGRATION v1.0.2 --- # --- BEGIN BEADS INTEGRATION v1.0.3 ---
# This section is managed by beads. Do not remove these markers. # This section is managed by beads. Do not remove these markers.
if command -v bd >/dev/null 2>&1; then if command -v bd >/dev/null 2>&1; then
export BD_GIT_HOOK=1 export BD_GIT_HOOK=1
@@ -21,4 +21,4 @@ if command -v bd >/dev/null 2>&1; then
fi fi
if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi
fi fi
# --- END BEADS INTEGRATION v1.0.2 --- # --- END BEADS INTEGRATION v1.0.3 ---
.beads/hooks/pre-commit
+2 -2
View File
@@ -1,5 +1,5 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# --- BEGIN BEADS INTEGRATION v1.0.2 --- # --- BEGIN BEADS INTEGRATION v1.0.3 ---
# This section is managed by beads. Do not remove these markers. # This section is managed by beads. Do not remove these markers.
if command -v bd >/dev/null 2>&1; then if command -v bd >/dev/null 2>&1; then
export BD_GIT_HOOK=1 export BD_GIT_HOOK=1
@@ -21,4 +21,4 @@ if command -v bd >/dev/null 2>&1; then
fi fi
if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi
fi fi
# --- END BEADS INTEGRATION v1.0.2 --- # --- END BEADS INTEGRATION v1.0.3 ---
.beads/hooks/pre-push
+2 -2
View File
@@ -1,5 +1,5 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# --- BEGIN BEADS INTEGRATION v1.0.2 --- # --- BEGIN BEADS INTEGRATION v1.0.3 ---
# This section is managed by beads. Do not remove these markers. # This section is managed by beads. Do not remove these markers.
if command -v bd >/dev/null 2>&1; then if command -v bd >/dev/null 2>&1; then
export BD_GIT_HOOK=1 export BD_GIT_HOOK=1
@@ -21,4 +21,4 @@ if command -v bd >/dev/null 2>&1; then
fi fi
if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi
fi fi
# --- END BEADS INTEGRATION v1.0.2 --- # --- END BEADS INTEGRATION v1.0.3 ---
.beads/hooks/prepare-commit-msg
+2 -2
View File
@@ -1,5 +1,5 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# --- BEGIN BEADS INTEGRATION v1.0.2 --- # --- BEGIN BEADS INTEGRATION v1.0.3 ---
# This section is managed by beads. Do not remove these markers. # This section is managed by beads. Do not remove these markers.
if command -v bd >/dev/null 2>&1; then if command -v bd >/dev/null 2>&1; then
export BD_GIT_HOOK=1 export BD_GIT_HOOK=1
@@ -21,4 +21,4 @@ if command -v bd >/dev/null 2>&1; then
fi fi
if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi
fi fi
# --- END BEADS INTEGRATION v1.0.2 --- # --- END BEADS INTEGRATION v1.0.3 ---
.beads/issues.jsonl
+3
View File
@@ -0,0 +1,3 @@
{"_type":"issue","id":"home-profile-restructuring-edz","title":"Create copy-hermes-skills systemd service","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:44:42Z","started_at":"2026-04-26T12:36:30Z","closed_at":"2026-04-26T12:44:42Z","close_reason":"Created systemd service in hosts/m3-hermes/services/hermes-agent.nix - copies skills to /var/lib/hermes/.agents/skills before hermes-agent starts","labels":["hermes-agent","nixos"],"dependencies":[{"issue_id":"home-profile-restructuring-edz","depends_on_id":"home-profile-restructuring-ycz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":1,"comment_count":0}
{"_type":"issue","id":"home-profile-restructuring-ycz","title":"Build hermes-agent skills using mkOpencodeSkills","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":2,"created_at":"2026-04-26T12:30:09Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:35:15Z","started_at":"2026-04-26T12:31:35Z","closed_at":"2026-04-26T12:35:15Z","close_reason":"Added inputs to module signature and defined hermesSkills via inputs.agents.lib.mkOpencodeSkills with basecamp, anthropic, and kestra external skills. Verified with nixos-rebuild dry-run --flake .#m3-hermes (no errors).","labels":["hermes-agent","nixos"],"dependency_count":0,"dependent_count":1,"comment_count":0}
{"_type":"issue","id":"home-profile-restructuring-cxa","title":"Verify skills available at /var/lib/hermes/.agents/skills","status":"closed","priority":2,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:50:58Z","started_at":"2026-04-26T12:38:15Z","closed_at":"2026-04-26T12:50:58Z","close_reason":"Manually verified - skills are present at /var/lib/hermes/.agents/skills on m3-hermes","labels":["hermes-agent","testing"],"dependencies":[{"issue_id":"home-profile-restructuring-cxa","depends_on_id":"home-profile-restructuring-edz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":0,"comment_count":0}
.gitignore
+15
View File
@@ -26,6 +26,7 @@ Thumbs.db
opencode.json opencode.json
# AI agent state # AI agent state
.claude/
.sidecar/ .sidecar/
.sidecar-* .sidecar-*
.sisyphus/ .sisyphus/
@@ -38,3 +39,17 @@ opencode.json
.cache .cache
.pi* .pi*
.worktrees/ .worktrees/
docs/plans/
CLAUDE.md
# Beads / Dolt files (added by bd init)
.dolt/
*.db
.beads-credential-key
# --- babysitter managed ---
.a5c/creds.env
.a5c/creds.env.tmp.*
.a5c/logs/
.a5c/runs/
# --- end babysitter managed ---
AGENTS.md
+401 -230
View File
@@ -1,274 +1,445 @@
# NIXOS CONFIGURATION KNOWLEDGE BASE # Agent Instructions
**Generated:** 2025-12-31 16:13:40 UTC This project uses **bd** (beads) for issue tracking. Run `bd prime` for full workflow context.
**Commit:** ebc8291
**Branch:** HEAD
## OVERVIEW ## Quick Reference
Personal NixOS configuration managing 6 hosts (4 servers, 2 desktops) using flakes, agenix secrets, and feature-based home-manager setup.
## STRUCTURE ```bash
``` bd ready # Find available work
./ bd show <id> # View issue details
├── flake.nix # Main entry: host definitions, inputs, outputs bd update <id> --claim # Claim work atomically
├── secrets.nix # Agenix public key mappings bd close <id> # Complete work
├── hosts/ bd dolt push # Push beads data to remote
│ ├── common/ # Shared: base config, users, extraServices, ports
│ ├── m3-atlas/ # Server: 20+ containerized services with Traefik
│ ├── m3-helios/ # Server: AdGuard, internal routing
│ ├── m3-ares/ # Desktop: NVIDIA GPU, Btrfs
│ ├── m3-kratos/ # Desktop: AMD GPU, ZFS
│ └── m3-aether/ # Cloud VM
├── home/
│ ├── common/ # Home-manager base config
│ ├── features/ # Modular feature toggles (cli, desktop, coding)
│ └── m3tam3re/ # Per-host user configs
├── modules/ # Custom NixOS/home-manager modules
├── overlays/ # Package overlays (stable, locked, pinned, master)
├── pkgs/ # Custom package definitions
└── secrets/ # Agenix encrypted .age files (19 secrets)
``` ```
## WHERE TO LOOK ## Non-Interactive Shell Commands
| Task | Location | Notes | **ALWAYS use non-interactive flags** with file operations to avoid hanging on confirmation prompts.
|------|----------|-------|
| Add new host | `flake.nix` + `hosts/<name>/` | Copy template from m3-atlas (server) or m3-ares (desktop) |
| Add service to m3-atlas | `hosts/m3-atlas/services/` | See containers/ for Podman + Traefik pattern |
| Configure desktop features | `home/features/desktop/` | Feature toggles with mkEnableOption |
| Add CLI tool | `home/features/cli/` | Fish + Nushell integration expected |
| Manage secrets | `secrets.nix` + `agenix -e` | SSH keys defined in secrets.nix |
| Define ports | `hosts/common/ports.nix` | Centralized port registry |
| Add user | `hosts/common/users/` | Shared across all hosts |
| Custom packages | `pkgs/default.nix` | Exposed via flake outputs |
## CONVENTIONS Shell commands like `cp`, `mv`, and `rm` may be aliased to include `-i` (interactive) mode on some systems, causing the agent to hang indefinitely waiting for y/n input.
### Secrets (agenix) **Use these forms instead:**
- **Create**: `agenix -e secrets/<name>.age` after adding keys to `secrets.nix`
- **Reference**: `config.age.secrets.<name>.path` in service configs
- **Pattern**: Service env files use `environmentFiles = [config.age.secrets.<service>-env.path]`
### Service Organization ```bash
- **Native services**: `hosts/<host>/services/<service>.nix` # Force overwrite without prompting
- **Containers**: `hosts/<host>/services/containers/<service>.nix` cp -f source dest # NOT: cp source dest
- **Traefik integration**: All m3-atlas services include dynamic config for SSL + routing mv -f source dest # NOT: mv source dest
- **Networking**: Containers use dedicated `web` network (10.89.0.0/24) with static IPs rm -f file # NOT: rm file
### Port Management # For recursive operations
- **Registry**: All ports defined in `hosts/common/ports.nix` rm -rf directory # NOT: rm -r directory
- **Access**: `config.m3ta.ports.get "service-name"` cp -rf source dest # NOT: cp -r source dest
- **Convention**: Internal services use 3000-3020 range ```
### Home-Manager Features **Other commands that may prompt:**
- **Enable**: `features.<category>.<feature>.enable = true` in user config
- **Categories**: `cli`, `desktop`, `coding`
- **Pattern**: Features are opt-in modules with default.nix aggregators
### Multiple nixpkgs Inputs - `scp` - use `-o BatchMode=yes` for non-interactive
- **stable**: 25.11 release - `ssh` - use `-o BatchMode=yes` to fail instead of prompting
- **locked/pinned**: Specific commits for compatibility - `apt-get` - use `-y` flag
- **master**: Bleeding edge - `brew` - use `HOMEBREW_NO_AUTO_UPDATE=1` env var
- **m3ta-nixpkgs**: Custom local overlay at `path:/home/m3tam3re/p/nix/nixpkgs`
## CODING RULES <!-- BEGIN BEADS INTEGRATION v:1 profile:minimal hash:ca08a54f -->
This project uses coding rules from the AGENTS repository (`inputs.agents`) plus project-specific conventions. ## Beads Issue Tracker
### Standard Rules (AGENTS repo) This project uses **bd (beads)** for persistent task tracking. Run `bd prime` for full workflow context.
| Rule | Source | Purpose | ### Why Beads?
|------|--------|---------|
| `languages/nix.md` | AGENTS/rules/ | Nix language conventions, flake patterns |
| `concerns/coding-style.md` | AGENTS/rules/ | General coding principles |
| `concerns/naming.md` | AGENTS/rules/ | Naming conventions per language |
| `concerns/documentation.md` | AGENTS/rules/ | Documentation standards |
| `concerns/testing.md` | AGENTS/rules/ | Testing guidelines |
| `concerns/git-workflow.md` | AGENTS/rules/ | Commit message format, branch naming |
| `concerns/project-structure.md` | AGENTS/rules/ | Project layout conventions |
### NixOS-Config Specific Rules - **Prefer Beads over ad-hoc markdown TODO lists** — Beads provides structured, queryable, shareable issue tracking with dependency management
- **Never use `bd edit`** — it opens an interactive editor which blocks agent workflows
- **Use flags and stdin instead** — `bd update <id> --claim`, `bd create --title "..." --estimate 2`
#### Project Structure ### Slash Commands (Agent Workflow)
| Command | Purpose |
|---------|---------|
| `/beads:ready` | Find unblocked issues |
| `/beads:create` | Create a new issue |
| `/beads:update` | Update an issue (claim, status) |
| `/beads:close` | Close completed work |
| `/beads:stats` | Project-level snapshot |
### Core Workflow (6 Steps)
#### 1. Find Unblocked Work
```bash
bd ready --json
```
Lists issues with no blocking dependencies that are ready to work on.
#### 2. Claim Work
```bash
bd update <id> --claim
```
Atomically assigns the issue to you (sets status to "in-progress").
#### 3. Inspect Details
```bash
bd show <id>
```
View full issue details including:
- Description and acceptance criteria
- Blocking/blocked-by dependencies
- Time estimates
- Status history
#### 4. Create Newly Discovered Work
```bash
# Create a new issue
bd create \
--title "Fix audio on m3-helios" \
--estimate 2 \
--priority high \
--labels nixos,audio
# Link dependencies
bd dep <id> --blocks <blocked-id> # This issue blocks another
bd dep <id> --after <after-id> # This issue after another completes
bd dep <id> --requires <requires-id> # This issue requires another
```
#### 5. Complete Work
```bash
bd close <id> --reason "Added PulseAudio fallback to configuration.nix"
```
Provide a concise summary of what was done. The `--reason` is mandatory.
#### 6. Project Snapshot
```bash
bd status --json # Current state of all issues
bd stats # Metrics: velocity, cycle time, bottlenecks
```
### Example Complete Workflow
```bash
# Start session - find work
bd ready --json
# Claim available issue
bd update 42 --claim
# Do the work...
# Discover something else needed
bd create --title "Document hermes-agent setup" --estimate 1
# Link as related
bd dep 43 --after 42
# Complete original
bd close 42 --reason "Added Hyprland idle timeout config"
# Close related
bd close 43 --reason "Added setup docs to AGENTS.md"
# Push state to remote
bd dolt push
```
### Rules
- Use `bd` for ALL task tracking — do NOT use TodoWrite, TaskCreate, or markdown TODO lists
- Run `bd prime` for detailed command reference and session close protocol
- Use `bd remember` for persistent knowledge — do NOT use MEMORY.md files
## Session Completion
**When ending a work session**, you MUST complete ALL steps below. Work is NOT complete until `git push` succeeds.
**MANDATORY WORKFLOW:**
1. **File issues for remaining work** - Create issues for anything that needs follow-up
2. **Run quality gates** (if code changed) - Tests, linters, builds
3. **Update issue status** - Close finished work, update in-progress items
4. **PUSH TO REMOTE** - This is MANDATORY:
```bash
git pull --rebase
bd dolt push
git push
git status # MUST show "up to date with origin"
```
5. **Clean up** - Clear stashes, prune remote branches
6. **Verify** - All changes committed AND pushed
7. **Hand off** - Provide context for next session
**CRITICAL RULES:**
- Work is NOT complete until `git push` succeeds
- NEVER stop before pushing - that leaves work stranded locally
- NEVER say "ready to push when you are" - YOU must push
- If push fails, resolve and retry until it succeeds
<!-- END BEADS INTEGRATION -->
# Project Agent
**Workspace Path:** `/home/m3tam3re/p/NIX/nixos-config`
_(Note to Pi: Your file write/edit tools run in a different directory by default. You MUST use absolute paths starting with the Workspace Path above for ALL file operations!)_
**Generated:** 2026-04-26
---
## Stack
| Component | Version/Source |
| ---------------- | --------------------------------- |
| **Nixpkgs** | nixos-unstable + 25.05 stable |
| **Home Manager** | github:nix-community/home-manager |
| **m3ta-home** | code.m3ta.dev/m3tam3re/m3ta-home |
| **m3ta-nixpkgs** | code.m3ta.dev/m3tam3re/nixpkgs |
| **Agenix** | github:ryantm/agenix |
| **Disko** | github:nix-community/disko |
| **NUR** | github:nix-community/NUR |
| **Formatter** | alejandra |
| **Linters** | statix, deadnix |
| **IDE** | nixd |
| **Hermes Agent** | NousResearch/hermes-agent |
| **LLM Agents** | numtide/llm-agents.nix |
---
## Structure
``` ```
nixos-config/ nixos-config/
├── flake.nix # Entry point ├── flake.nix # Entry point: hosts, overlays, dev shells, m3ta-home input
├── hosts/ # Host-specific NixOS configs ├── coding-rules.json # Opencode rules configuration
│ ├── common/ # Shared: ports, users, base config
│ ├── m3-atlas/ # Server with Traefik hub ├── hosts/ # Per-host NixOS configurations
│ ├── m3-helios/ # AdGuard DNS │ ├── common/ # Shared across all hosts
│ ├── m3-ares/ # Desktop (NVIDIA) │ ├── users/
│ └── m3-kratos/ # Desktop (AMD) │ │ │ └── m3tam3re.nix # ← Central user + m3ta-home integration
├── home/ # Home-manager configs ├── default.nix # Shared NixOS settings, overlays, home-manager setup
│ ├── common/ # Shared home config │ ├── ports.nix # Network ports config
── features/ # Feature modules (cli, desktop, coding) ── extraServices/ # Common service toggles
── m3tam3re/ # User-specific configs ── m3-ares/ # TUXEDO laptop (desktop)
├── modules/ # Custom NixOS/HM modules │ │ └── home.nix # Hyprland: eDP-1 + HDMI, XDG/MIME
├── overlays/ # Package overlays │ ├── m3-kratos/ # AMD desktop (desktop)
├── pkgs/ # Custom packages └── home.nix # Hyprland: dual DP, XDG/MIME
└── secrets/ # Agenix encrypted secrets │ ├── m3-daedalus/ # Portable laptop (desktop, no Hyprland)
│ │ └── home.nix # XDG/MIME only
│ ├── m3-atlas/ # Primary server (server + coding)
│ ├── m3-helios/ # AdGuard DNS server (minimal server)
│ ├── m3-hermes/ # Secondary server (minimal server)
│ └── m3-aether/ # Cloud VM (minimal server)
├── modules/ # Reusable NixOS modules
│ └── nixos/ # NixOS-specific modules
├── overlays/ # Package overlays (stable/locked/master/pinned)
│ ├── default.nix
│ └── mods/
├── pkgs/ # Custom packages
├── secrets/ # Encrypted secrets (agenix)
│ └── secrets.nix
├── .opencode-rules/ # Opencode AI rules
│ ├── concerns/
│ ├── languages/nix.md
│ └── USAGE.md
└── .pi/ # Agent configuration
``` ```
#### Naming Conventions ### Home-Manager Integration
| Type | Convention | Example | Home-Manager configs are managed centrally in the **`m3ta-home`** repository:
|------|------------|---------| - **Repo**: `code.m3ta.dev/m3tam3re/m3ta-home`
| Hosts | mythological-names | `m3-atlas`, `m3-helios` | - **Docs**: See m3ta-home README for full documentation
| Files | hyphen-case | `my-service.nix` |
| Variables | camelCase | `portHelpers`, `serviceConfig` |
| Options | m3ta.* | `config.m3ta.ports.get` |
| Packages | lowercase-hyphen | `hyprpaper-random` |
#### Nix Module Pattern What lives where:
| Concern | Location | Why |
|---------|----------|-----|
| Shell, CLI tools, editors, apps | `m3ta-home/profiles/` | Portable across all hosts |
| User identity (git, SSH, JJ) | `m3ta-home/users/` | Switchable: private vs work |
| Feature flags (enable/disable) | `nixos-config/hosts/common/users/m3tam3re.nix` | Per-host decisions |
| Monitor layouts, window rules | `nixos-config/hosts/<name>/home.nix` | Hardware-specific |
| XDG/MIME defaults | `nixos-config/hosts/<name>/home.nix` | Host-specific preferences |
| NixOS overlays | `nixos-config/overlays/` | System-level package management |
#### Host → Profile Mapping
Defined in `hosts/common/users/m3tam3re.nix`:
```nix
hostProfiles = {
# Desktop hosts
m3-ares = { context = "desktop"; sets = ["coding" "gaming" "media"]; };
m3-kratos = { context = "desktop"; sets = ["coding" "gaming" "media"]; };
m3-daedalus = { context = "desktop"; sets = ["coding" "media"]; };
# Server hosts
m3-atlas = { context = "server"; sets = ["coding"]; };
m3-helios = { context = "server"; sets = []; };
m3-hermes = { context = "server"; sets = []; };
m3-aether = { context = "server"; sets = []; };
};
```
#### Work Identity Use Case
The same `m3ta-home` repo supports a **work identity** for company machines:
```nix
# On a work NixOS machine:
(m3ta-lib.mkHome {
user = "m3tam3re";
identity = "work"; # ← switches git to sascha.koenig, SSH to AZ hosts
context = "desktop";
sets = ["coding"];
})
```
This provides the familiar shell/editor/CLI setup but with work git credentials and SSH configuration.
---
## Commands
| Action | Command | Notes |
| -------------------- | ---------------------------------------------------------------------- | ------------------------------------------------- |
| **Enter dev shell** | `nix develop` | Includes alejandra, nixd, agenix, statix, deadnix |
| **Build host** | `sudo nixos-rebuild switch --flake .#m3-ares` | Replace hostname as needed |
| **Dry run build** | `sudo nixos-rebuild dry-run --flake .#m3-ares` | Validate without applying |
| **List hosts** | `nix flake show` | Shows all NixOS configurations |
| **Update flake** | `sudo nixos-rebuild switch --flake .#m3-ares --update-input nixpkgs` | Update specific input |
| **Format code** | `alejandra .` | Run before committing |
| **Check lint** | `statix check .` | Run statix for antipatterns |
| **Remove dead code** | `deadnix -w .` | Clean up unused let bindings |
| **Build ISO** | `nix build .#nixosConfigurations.m3-ares.config.system.build.isoImage` | Generate install ISO |
---
## Conventions
### Formatting & Style
- **Formatter:** `alejandra` (mandatory, run before commits)
- **Indentation:** 2 spaces (alejandra default)
- **Variables:** camelCase (e.g., `maxRetryAttempts`)
- **Types/Modules:** PascalCase (e.g., `MyService`)
- **Constants:** UPPER_SNAKE_CASE (e.g., `MAX_RETRIES`)
- **Files:** hyphen-case (e.g., `my-file.nix`)
### Nix Module Patterns
```nix ```nix
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; let {
cfg = config.m3ta.myModule; options.myService.enable = lib.mkEnableOption "my service";
in { config = lib.mkIf config.myService.enable {
options.m3ta.myModule = { services.myService.enable = true;
enable = mkEnableOption "my module";
};
config = mkIf cfg.enable {
# Configuration here
}; };
} }
``` ```
#### Anti-Patterns (Never Do) ### Conditionals
| Don't | Do Instead |
|-------|------------|
| Hardcode ports | `config.m3ta.ports.get "service"` |
| Skip secrets.nix update | Add keys first, then `agenix -e` |
| Containers outside web network | `--network=web --ip=10.89.0.N` |
| Skip Traefik for public services | Configure dynamic config |
| Bypass extraServices flags | Use feature flags properly |
| Use `fetchTarball` | Use flake inputs |
| Use `with pkgs;` in modules | Explicit `pkgs.package` |
### Formatting & Linting
```bash
# Format (alejandra)
nix fmt
# Lint (statix, deadnix - only in dev shell)
nix develop
statix check .
deadnix .
# Validate flake
nix flake check
```
### Commit Conventions
Format: `<type>: <brief description>`
Types: `feat`, `fix`, `docs`, `style`, `refactor`, `chore`
Examples:
- `feat: add new host m3-hermes`
- `fix: resolve port conflict in mem0 module`
- `docs: update AGENTS.md with new service`
- `style: format nix files`
- `refactor: simplify port management`
- `chore: update nixpkgs inputs`
### Tools in Dev Shell
| Tool | Purpose |
|------|---------|
| `alejandra` | Nix code formatter |
| `nixd` | Nix language server |
| `statix` | Nix linter |
| `deadnix` | Find dead code |
| `agenix` | Secret management |
## COMMANDS
```bash
# Build/deploy specific host
sudo nixos-rebuild switch --flake .#m3-ares
# Build/deploy current host
sudo nixos-rebuild switch --flake .#$(uname -n)
# Home-manager update
home-manager --flake . switch
# Update all flake inputs
nix flake update
# Add/edit secret
agenix -e secrets/<name>.age
# Infrastructure shell (OpenTofu)
nix develop .#infraShell
# Check configuration (no activation)
nixos-rebuild dry-build --flake .#<hostname>
```
## TRAEFIK PATTERNS (m3-atlas only)
### SSL Termination
- **Provider**: Godaddy DNS challenge
- **Cert storage**: `/var/lib/traefik/acme.json`
- **Config**: `hosts/m3-atlas/services/traefik.nix`
### Service Integration Template
```nix ```nix
services.traefik.dynamicConfigOptions.http = { config = lib.mkMerge [
services.<name>.loadBalancer.servers = [{ url = "http://127.0.0.1:<port>"; }]; (lib.mkIf cfg.enable { ... })
routers.<name> = { (lib.mkIf cfg.extraConfig { ... })
rule = "Host(`<subdomain>.m3ta.dev`)"; ];
service = "<name>";
tls.certResolver = "godaddy";
};
};
``` ```
### Container Pattern ### Anti-Patterns (AVOID)
- **Network**: `--network=web --ip=10.89.0.<sequential>`
- **Ports**: Bind localhost only (`127.0.0.1:<external>:<internal>`)
- **Database access**: `--add-host=mysql:10.89.0.1` (gateway IP)
## HOST ROLES - **Never use `with pkgs;`** — always use explicit package references
- **Never use `builtins.fetchTarball`** — use flake inputs instead
- **Never use `import <nixpkgs>`** — always use inputs
- **Never use `builtins.getAttr/hasAttr`** — use `lib.attrByPath` or `lib.optionalAttrs`
- **Avoid anonymous functions in config** — extract to named lets
| Host | Type | Hardware | Purpose | ### Imports
|------|------|----------|---------|
| m3-atlas | Server | x86_64, disko | 20+ services, Traefik hub, PostgreSQL, MySQL |
| m3-helios | Server | x86_64, disko | AdGuard DNS, internal routing |
| m3-ares | Desktop | NVIDIA, Btrfs | Personal workstation, n8n, PostgreSQL |
| m3-kratos | Desktop | AMD, ZFS | Workstation, mem0, PostgreSQL |
| m3-aether | Cloud | QEMU | General purpose VM |
| m3-daedalus | Laptop | home-only | Portable (no full NixOS config) |
## ANTI-PATTERNS (THIS PROJECT) - Use flake inputs for dependencies (e.g., `inputs.home-manager.nixosModules.home-manager`)
- Import relative paths with `./` or `../`
- Never use absolute paths in imports
- **DON'T** add secrets to `secrets/` without updating `secrets.nix` public keys ### Secrets
- **DON'T** hardcode ports - use `config.m3ta.ports.get` or add to registry
- **DON'T** create containers outside the `web` network on m3-atlas
- **DON'T** skip Traefik config for public-facing services on m3-atlas
- **DON'T** bypass extraServices flags - use `hosts/common/extraServices/` pattern
- **DON'T** commit unencrypted secrets or test with real credentials
## UNIQUE TO THIS CONFIG - Secrets managed via **agenix** in `secrets/` directory
- Never commit plaintext secrets
- Use `.nix` extension for secret files
- **Custom m3ta-nixpkgs**: Local overlay for unreleased/patched packages ### Flake Input URLs
- **extraServices abstraction**: Boolean flags to toggle Podman, Ollama, virtualisation per host
- **Mythological naming**: All hosts named after Greek mythology
- **Dual domain strategy**: New services on `m3ta.dev`, legacy redirects from `m3tam3re.com`
- **Per-host nixpkgs versions**: Different hosts can use different nixpkgs commits via specialArgs
- **Container IP registry**: Static IP assignments in 10.89.0.0/24 subnet for predictable networking
## NOTES All `code.m3ta.dev` inputs use **SSH** URLs:
```nix
url = "git+ssh://gitea@code.m3ta.dev/m3tam3re/<repo>";
```
Anonymous HTTPS git on Gitea is unreliable and prompts for auth. SSH works with configured keys.
- m3-atlas is the service hub - most complex configuration ---
- Secrets require host SSH keys defined in `secrets.nix` before `agenix -e` works
- Fish and Nushell both configured - choose per-user with shell aliases ## Key Files
- Color scheme (Dracula) applied via nix-colors across all visual tools
- See subdirectory AGENTS.md for deep dives on containers, desktop features, CLI tools | File | Purpose |
| ---------------------------------- | ------------------------------------------------------------------------------------------ |
| `flake.nix` | Central entry point defining all hosts, overlays, packages, dev shells, and nixpkgs config |
| `hosts/common/default.nix` | Shared Nix settings, nixpkgs overlays, home-manager setup (`useGlobalPkgs = true`) |
| `hosts/common/users/m3tam3re.nix` | User definition + m3ta-home mkHome integration + per-host feature flags |
| `hosts/<name>/home.nix` | Host-specific overrides: monitors, workspaces, window rules, XDG/MIME |
| `overlays/default.nix` | Package version overrides (stable/locked/master branches) |
| `.opencode-rules/languages/nix.md` | Nix-specific conventions and patterns |
---
## What to Avoid
1. **Don't modify `flake.lock`** directly — use `nix flake update`
2. **Don't use impure operations** — this is a pure flake-based config
3. **Don't commit without formatting** — always run `alejandra .` first
4. **Don't add packages to hosts directly** — prefer adding to overlays or using NUR
5. **Don't hardcode paths** — use `inputs` and relative imports
6. **Don't create monolithic modules** — keep functions under 20 lines
7. **Don't skip the dry-run** — always test with `--dry-run` before switching
8. **Don't use lib.mkDefault lightly** — understand the precedence implications
---
## Notes
### Adding a New Host
1. Add entry to `flake.nix` → `nixosConfigurations`
2. Create directory in `hosts/` with:
- `default.nix` — imports common + specific configs
- `configuration.nix` — host-specific system config
- `hardware-configuration.nix` — from `nixos-generate-config`
- `programs.nix`, `services/`, `secrets.nix` as needed
3. Add entry to `hostProfiles` in `hosts/common/users/m3tam3re.nix`
4. Add feature flags in the `hostFlags` section
5. Create `hosts/<name>/home.nix` if the host needs monitor/XDG overrides
6. Run `sudo nixos-generate-config --dir ./hosts/new-host` first time
### Adding a New Package
1. For simple packages: add to appropriate overlay in `overlays/default.nix`
2. For complex packages: create in `pkgs/` directory
3. For upstream packages: use NUR or add as flake input
### Adding a New Home-Manager Feature
1. Create the module in `m3ta-home` under the appropriate profile directory
2. Add the import to the parent `default.nix` in m3ta-home
3. Enable it per-host via feature flags in `hosts/common/users/m3tam3re.nix`
### Development Workflow
1. Edit config files
2. Run `alejandra .` to format
3. Run `statix check .` for linting
4. Run `sudo nixos-rebuild dry-run --flake .#m3-ares`
5. If successful: `sudo nixos-rebuild switch --flake .#m3-ares`
### Remote Building
```bash
# Build on remote machine
nix copy --to ssh://user@host .#nixosConfigurations.m3-ares.config.system.build.toplevel
ssh user@host 'sudo nixos-rebuild switch --flake /nix/store/...-closure'
```
agent-sources.lock.json
+1411
View File
File diff suppressed because it is too large Load Diff
docs/AGENIX-GUIDE.md
-191
View File
@@ -1,191 +0,0 @@
# Agenix Secret Management Guide
A guide for creating and managing encrypted secrets using agenix in the nixos-config project.
## Prerequisites
- SSH key pair (ed25519 or rsa) in `~/.ssh/`
- Access to the nixos-config repository
- Secret added to `secrets.nix` with appropriate public keys
---
## Creating a New Secret
### Step 1: Add Secret to secrets.nix
Edit `secrets.nix` and add a new entry:
```nix
"secrets/<your-secret-name>.age".publicKeys = systems ++ users;
```
Where:
- `<your-secret-name>` is the desired filename (without `.age`)
- `systems` = hosts that can decrypt this secret
- `users` = users that can decrypt this secret
Example:
```nix
"secrets/my-service-api-key.age".publicKeys = systems ++ users;
```
### Step 2: Create the Encrypted Secret
Navigate to the nixos-config directory:
```bash
cd ~/p/NIX/nixos-config
```
Generate a secure random token (if needed):
```bash
head -c 32 /dev/urandom | base64 | tr -d '\n'
```
Or use a specific value:
```bash
echo -n "your-secret-value-here" > /tmp/token.txt
```
Encrypt and create the secret file:
```bash
cat /tmp/token.txt | RULES=./secrets.nix nix develop . --command sh -c 'agenix -e secrets/<your-secret-name>.age'
```
The `-e` flag encrypts stdin content into the age file. If no stdin is provided, agenix opens your editor.
### Step 3: Verify the Secret
Decrypt to verify:
```bash
RULES=./secrets.nix nix develop . --command agenix -d secrets/<your-secret-name>.age
```
You should see your secret value printed to stdout.
### Step 4: Use in NixOS Configuration
Reference the secret in your service config:
```nix
{ config, ... }:
{
# For environment files
environmentFiles = [ config.age.secrets."my-secret-name".path ];
# For file-based secrets
environmentFile = config.age.secrets."my-secret-name".path;
}
```
The secret will be available at `/run/agenix/<your-secret-name>` when the system builds.
---
## Common Patterns
### Token-Based Registration (e.g., Tuwunel)
```nix
# secrets.nix
"secrets/tuwunel-registration-token.age".publicKeys = systems ++ users;
```
```nix
# services/tuwunel.nix
settings.global = {
allow_registration = true;
registration_token_file = config.age.secrets."tuwunel-registration-token".path;
};
```
### API Keys via Environment Files
```nix
# secrets.nix
"secrets/my-service-env.age".publicKeys = systems ++ users;
```
Create `my-service-env.age` containing:
```
MY_SERVICE_API_KEY=your-key-here
DATABASE_URL=postgres://...
```
Reference in config:
```nix
environmentFiles = [ config.age.secrets."my-service-env".path ];
```
### File-Based Secrets
For binary files or specific file paths:
```nix
settings = {
tls.cert = config.age.secrets."tls-cert".path;
tls.key = config.age.secrets."tls-key".path;
};
```
---
## Agenix Command Reference
| Command | Description |
|---------|-------------|
| `agenix -e <file.age>` | Edit/create encrypted secret (opens editor or uses stdin) |
| `agenix -d <file.age>` | Decrypt and print to stdout |
| `agenix -r` | Re-encrypt all secrets (after changing public keys) |
| `agenix --validate-config` | Validate secrets.nix syntax |
### Environment Variables
| Variable | Default | Description |
|----------|---------|-------------|
| `RULES` | `./secrets.nix` | Path to secrets.nix file |
| `EDITOR` | `$EDITOR` | Editor for interactive editing |
---
## Troubleshooting
### "No identity found to decrypt"
**Cause**: No SSH private key available.
**Solution**: Ensure your private key is in `~/.ssh/`:
- `~/.ssh/id_rsa`
- `~/.ssh/id_ed25519`
- Or specify with `-i /path/to/private/key`
### "Failed to find config root"
**Cause**: Agenix can't find `secrets.nix`.
**Solution**: Use `RULES=./secrets.nix` or run from the nixos-config directory.
### Rekeying Secrets
After adding new public keys to `secrets.nix`, re-encrypt all secrets:
```bash
cd ~/p/NIX/nixos-config
RULES=./secrets.nix nix develop . --command agenix -r
```
---
## Security Notes
- Never commit plaintext secrets to git
- Always use `secrets.nix` for encryption keys
- Include only necessary hosts/users in public keys
- Rotate secrets periodically
- Use `agenix -r` after modifying public keys
docs/plans/2026-04-26-home-profile-restructuring.md
-727
View File
@@ -1,727 +0,0 @@
# Home Profile Restructuring Implementation Plan
> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
**Goal:** Restructure nixos-config/home/ from host-based to profile-based organization with clear separation between base, coding, profiles, desktop, and server layers.
**Architecture:** Three-layer model: Base (always loaded) → Coding (profile-independent) → Profiles/Context (freely combinable with constraints). Desktop and Server contexts are mutually exclusive.
**Tech Stack:** NixOS, Home Manager, Nix flakes
---
## File Structure
```
home/
├── base/ # IMMER geladen
│ ├── default.nix
│ ├── shell/
│ │ ├── default.nix
│ │ ├── nushell.nix # PRIMARY Shell
│ │ └── starship.nix
│ ├── cli-tools/
│ │ ├── default.nix
│ │ ├── fzf.nix
│ │ ├── zellij.nix
│ │ ├── nitch.nix
│ │ └── television.nix
│ └── secrets/
│ └── secrets.nix
├── coding/ # Profil-unabhängig
│ ├── default.nix
│ ├── editor/
│ │ ├── default.nix
│ │ └── neovim.nix # Basis NeoVim (aus nixpkgs referenziert)
│ ├── lsp/
│ │ ├── default.nix
│ │ └── servers.nix
│ ├── git/
│ │ └── git.nix
│ └── agents/
│ └── agents.nix # Agent-System (aus nixpkgs referenziert)
├── profiles/ # FREI KOMBINIERBAR
│ ├── gaming/
│ │ ├── default.nix
│ │ ├── steam.nix
│ │ └── gamescope.nix
│ │
│ └── media/
│ ├── default.nix
│ ├── obs.nix
│ ├── ffmpeg.nix
│ ├── yt-dlp.nix
│ ├── kdenlive.nix
│ └── handbrake.nix
├── desktop/ # NUR wenn context=desktop
│ ├── default.nix
│ ├── wm/
│ │ ├── default.nix
│ │ ├── hyprland.nix
│ │ ├── wayland.nix
│ │ └── rofi.nix
│ ├── apps/
│ │ ├── default.nix
│ │ ├── obsidian.nix
│ │ ├── office.nix
│ │ ├── webapps.nix
│ │ └── crypto.nix
│ └── theme/
│ ├── default.nix
│ ├── fonts.nix
│ ├── theme.nix
│ └── wallpapers.nix
└── server/
└── default.nix
```
**Key Integration Points:**
| Component | Source | Notes |
|-----------|--------|-------|
| NeoVim Config | `inputs.m3ta-nixpkgs.pkgs.neovim-config` | Custom package in nixpkgs |
| OpenCode Desktop | `inputs.m3ta-nixpkgs.pkgs.opencode-desktop` | Custom package |
| Agent-System | `inputs.m3ta-nixpkgs.homeModules.coding.agents` | OpenCode, Claude Code, Pi |
| Zed Editor | `inputs.m3ta-nixpkgs.homeModules.coding.editors` | Desktop-only via Zed Remote |
| Editor Module | `inputs.m3ta-nixpkgs.homeModules.coding.editors` | NeoVim (base) + Zed (desktop) |
---
## Phase 1: Create New Structure
### Task 1: Create Directory Structure
**Files:**
- Create: `home/base/default.nix`
- Create: `home/base/shell/default.nix`
- Create: `home/base/shell/nushell.nix`
- Create: `home/base/shell/starship.nix`
- Create: `home/base/cli-tools/default.nix`
- Create: `home/base/cli-tools/fzf.nix`
- Create: `home/base/cli-tools/zellij.nix`
- Create: `home/base/cli-tools/nitch.nix`
- Create: `home/base/cli-tools/television.nix`
- Create: `home/base/secrets/secrets.nix`
- Create: `home/coding/default.nix`
- Create: `home/coding/editor/default.nix`
- Create: `home/coding/editor/neovim.nix`
- Create: `home/coding/lsp/default.nix`
- Create: `home/coding/lsp/servers.nix`
- Create: `home/coding/git/git.nix`
- Create: `home/coding/agents/agents.nix`
- Create: `home/profiles/gaming/default.nix`
- Create: `home/profiles/gaming/steam.nix`
- Create: `home/profiles/gaming/gamescope.nix`
- Create: `home/profiles/media/default.nix`
- Create: `home/profiles/media/obs.nix`
- Create: `home/profiles/media/ffmpeg.nix`
- Create: `home/profiles/media/yt-dlp.nix`
- Create: `home/profiles/media/kdenlive.nix`
- Create: `home/profiles/media/handbrake.nix`
- Create: `home/desktop/default.nix`
- Create: `home/desktop/wm/default.nix`
- Create: `home/desktop/wm/hyprland.nix`
- Create: `home/desktop/wm/wayland.nix`
- Create: `home/desktop/wm/rofi.nix`
- Create: `home/desktop/apps/default.nix`
- Create: `home/desktop/apps/obsidian.nix`
- Create: `home/desktop/apps/office.nix`
- Create: `home/desktop/apps/webapps.nix`
- Create: `home/desktop/apps/crypto.nix`
- Create: `home/desktop/theme/default.nix`
- Create: `home/desktop/theme/fonts.nix`
- Create: `home/desktop/theme/theme.nix`
- Create: `home/desktop/theme/wallpapers.nix`
- Create: `home/server/default.nix`
- Modify: `home/default.nix` (Hauptaggregator)
- [ ] **Step 1: Create home/base/default.nix**
```nix
# home/base/default.nix
# Basis-Konfiguration: Shell + CLI-Tools + Secrets
# Wird IMMER geladen (kein enable-Flag)
{ inputs, lib, pkgs, ... }:
{
imports = [
./shell
./cli-tools
./secrets
];
}
```
- [ ] **Step 2: Create home/base/shell/default.nix**
```nix
# home/base/shell/default.nix
{ inputs, lib, pkgs, ... }:
{
imports = [
./nushell.nix
./starship.nix
];
}
```
- [ ] **Step 3: Create home/base/shell/nushell.nix**
Migrated from: `home/features/cli/nushell.nix`
```nix
# home/base/shell/nushell.nix
# Primary shell - Nushell
{ lib, pkgs, ... }:
{
programs.nushell = {
enable = true;
configFile = ...;
};
home.packages = with pkgs; [
nushell
];
}
```
- [ ] **Step 4: Create home/base/shell/starship.nix**
Migrated from: `home/features/cli/starship.nix`
- [ ] **Step 5: Create home/base/cli-tools/default.nix**
```nix
# home/base/cli-tools/default.nix
{ ... }:
{
imports = [
./fzf.nix
./zellij.nix
./nitch.nix
./television.nix
];
}
```
- [ ] **Step 6: Create CLI tool modules**
Migrate from `home/features/cli/`:
- `fzf.nix``home/base/cli-tools/fzf.nix`
- `zellij.nix``home/base/cli-tools/zellij.nix`
- `nitch.nix``home/base/cli-tools/nitch.nix`
- `television.nix``home/base/cli-tools/television.nix`
- [ ] **Step 7: Create home/base/secrets/secrets.nix**
Migrated from: `home/features/cli/secrets.nix`
- [ ] **Step 8: Create home/coding/default.nix**
```nix
# home/coding/default.nix
# Coding-Konfiguration: Editor + LSP + Git + Agents
# Wird geladen wenn coding Profil aktiviert
{ inputs, lib, pkgs, ... }:
{
imports = [
./editor
./lsp
./git
./agents
];
}
```
- [ ] **Step 9: Create home/coding/editor/default.nix**
References: `inputs.m3ta-nixpkgs.homeModules.coding.editors`
```nix
# home/coding/editor/default.nix
{ inputs, lib, pkgs, ... }:
{
# Importiert NeoVim (immer) + Zed (desktop)
imports = [
inputs.m3ta-nixpkgs.homeModules.coding.editors
];
# NeoVim Config Package
home.packages = [ inputs.m3ta-nixpkgs.packages.${pkgs.system}.neovim-config ];
}
```
- [ ] **Step 10: Create home/coding/lsp/default.nix + servers.nix**
Migrate LSP configuration from existing setup
- [ ] **Step 11: Create home/coding/git/git.nix**
```nix
# home/coding/git/git.nix
{ lib, pkgs, ... }:
{
programs.git = {
enable = true;
# Git configuration
};
}
```
- [ ] **Step 12: Create home/coding/agents/agents.nix**
References: `inputs.m3ta-nixpkgs.homeModules.coding.agents`
```nix
# home/coding/agents/agents.nix
{ inputs, lib, pkgs, ... }:
{
imports = [
inputs.m3ta-nixpkgs.homeModules.coding.agents
];
# Agent-Konfiguration
coding.agents.opencode = {
enable = true;
agentsInput = inputs.agents;
# modelOverrides...
};
}
```
- [ ] **Step 13: Create home/profiles/gaming/default.nix**
```nix
# home/profiles/gaming/default.nix
# Gaming Profile - frei kombinierbar
{ lib, pkgs, ... }:
{
imports = [
./steam.nix
./gamescope.nix
];
}
```
- [ ] **Step 14: Create gaming profile modules**
- `steam.nix` - Steam + Steam Deck Tools
- `gamescope.nix` - Gamescope Session
- [ ] **Step 15: Create home/profiles/media/default.nix**
```nix
# home/profiles/media/default.nix
# Media Profile - Content Creation / Streaming
{ lib, pkgs, ... }:
{
imports = [
./obs.nix
./ffmpeg.nix
./yt-dlp.nix
./kdenlive.nix
./handbrake.nix
];
}
```
- [ ] **Step 16: Create media profile modules**
Migrate from `home/features/desktop/media.nix`:
- `obs.nix` - OBS Studio
- `ffmpeg.nix` - FFmpeg + Tools
- `yt-dlp.nix` - YouTube Downloader
- `kdenlive.nix` - Kdenlive Video Editor
- `handbrake.nix` - HandBrake
- [ ] **Step 17: Create home/desktop/default.nix**
```nix
# home/desktop/default.nix
# Desktop-Konfiguration - nur wenn context=desktop
{ lib, pkgs, ... }:
{
# Zed Remote: Server-Zugriff via SSH
programs.zed-editor = {
enable = true;
# Remote Connections Config
};
imports = [
./wm
./apps
./theme
];
}
```
- [ ] **Step 18: Create home/desktop/wm modules**
Migrate from `home/features/desktop/`:
- `hyprland.nix``home/desktop/wm/hyprland.nix`
- `wayland.nix``home/desktop/wm/wayland.nix`
- `rofi.nix``home/desktop/wm/rofi.nix`
- [ ] **Step 19: Create home/desktop/apps modules**
Migrate from `home/features/desktop/`:
- `obsidian.nix``home/desktop/apps/obsidian.nix`
- `office.nix``home/desktop/apps/office.nix`
- `webapps.nix``home/desktop/apps/webapps.nix`
- `crypto.nix``home/desktop/apps/crypto.nix`
- [ ] **Step 20: Create home/desktop/theme modules**
Migrate from `home/features/desktop/`:
- `fonts.nix``home/desktop/theme/fonts.nix`
- `theme.nix``home/desktop/theme/theme.nix`
- `wallpapers.nix``home/desktop/theme/wallpapers.nix`
- [ ] **Step 21: Create home/server/default.nix**
```nix
# home/server/default.nix
# Server-Konfiguration - nur wenn context=server
# Minimal da primär via Zed Remote gearbeitet wird
{ lib, pkgs, ... }:
{
# Server-spezifische Konfiguration falls nötig
}
```
- [ ] **Step 22: Commit Phase 1**
```bash
git add home/
git commit -m "feat(home): create new directory structure
- Add base/ with shell, cli-tools, secrets
- Add coding/ with editor, lsp, git, agents
- Add profiles/ with gaming, media
- Add desktop/ with wm, apps, theme
- Add server/ minimal config
- Reference m3ta-nixpkgs modules where appropriate"
```
---
## Phase 2: Create Profile System with Constraints
### Task 2: Implement Profile Loader with Mutual Exclusion
**Files:**
- Create: `home/lib/default.nix` (Profile loading utilities)
- Modify: `flake.nix` (Host-spezifische Home-Config)
- Modify: `hosts/common/users/home.nix`
- [ ] **Step 1: Create home/lib/default.nix**
```nix
# home/lib/default.nix
# Profile loading utilities
{ lib }:
{
# Generiert Home-Manager Konfiguration basierend auf Profilen
mkHomeConfig = {
profiles ? [],
context ? null, # "desktop" | "server" | null
}: let
inherit (lib) optionalAttrs mkIf;
# Profile die immer geladen werden
baseModules = [ ./base ];
# Profile die optional geladen werden
profileModules = optionalAttrs (builtins.elem "coding" profiles) [ ./coding ];
# Context-spezifische Module
contextModules = {
desktop = [ ./desktop ];
server = [ ./server ];
};
# Profile-spezifische Module
profileSpecific = {
gaming = [ ./profiles/gaming ];
media = [ ./profiles/media ];
};
in {
imports = baseModules ++ profileModules
++ (contextModules.${context} or [])
++ (builtins.map (p: ./profiles.${p})
(builtins.filter (p: builtins.hasAttr p profileSpecific) profiles));
};
# Assertion: desktop und server schließen sich aus
mutualExclusiveContexts = builtins.hasAttr "desktop" && builtins.hasAttr "server";
}
```
- [ ] **Step 2: Update flake.nix for m3-ares (Desktop)**
```nix
# hosts/m3-ares/ (Desktop Beispiel)
{ inputs, lib, pkgs, ... }:
{
# Home-Manager für m3tam3re auf m3-ares
home-manager.users.m3tam3re = { config, ... }: {
# NEU: Profile-System
m3ta.profiles = [ "coding" "gaming" "media" ]; # Freie Kombination
m3ta.context = "desktop"; # Schließt "server" aus
# Alternativ: Legacy-Kompatibilität
# imports = [ ./home ];
};
}
```
- [ ] **Step 3: Update flake.nix for m3-atlas (Server)**
```nix
# hosts/m3-atlas/ (Server Beispiel)
{ inputs, lib, pkgs, ... }:
{
home-manager.users.m3tam3re = { config, ... }: {
m3ta.profiles = [ "coding" ]; # Nur Coding auf Server
m3ta.context = "server"; # Schließt "desktop" aus
};
}
```
- [ ] **Step 4: Add assertions in flake.nix**
```nix
# Validation: Context constraints
assertion = hostConfig.m3ta.context != "desktop" || hostConfig.m3ta.context != "server"
|| (hostConfig.m3ta.context == null); # Mutually exclusive
```
- [ ] **Step 5: Commit Phase 2**
```bash
git add flake.nix hosts/
git commit -m "feat: implement profile system with constraints
- Add home/lib for profile loading utilities
- Add m3ta.profiles option (list of profiles)
- Add m3ta.context option (desktop|server|null)
- Add mutual exclusion assertion
- Update m3-ares and m3-atlas as examples"
```
---
## Phase 3: Migrate Existing Configuration
### Task 3: Migrate home/features to new Structure
**Files:**
- Modify: Multiple files in `home/features/` (move content, update paths)
- [ ] **Step 1: Map existing features to new structure**
| Old Location | New Location | Notes |
|--------------|--------------|-------|
| `home/features/cli/nushell.nix` | `home/base/shell/nushell.nix` | ✓ Done in Task 1 |
| `home/features/cli/starship.nix` | `home/base/shell/starship.nix` | ✓ Done in Task 1 |
| `home/features/cli/fzf.nix` | `home/base/cli-tools/fzf.nix` | ✓ Done in Task 1 |
| `home/features/cli/zellij.nix` | `home/base/cli-tools/zellij.nix` | ✓ Done in Task 1 |
| `home/features/cli/nitch.nix` | `home/base/cli-tools/nitch.nix` | ✓ Done in Task 1 |
| `home/features/cli/television.nix` | `home/base/cli-tools/television.nix` | ✓ Done in Task 1 |
| `home/features/cli/secrets.nix` | `home/base/secrets/secrets.nix` | ✓ Done in Task 1 |
| `home/features/coding/opencode.nix` | Reference via `m3ta-nixpkgs` | Update import |
| `home/features/coding/pi.nix` | Reference via `m3ta-nixpkgs` | Update import |
| `home/features/desktop/hyprland.nix` | `home/desktop/wm/hyprland.nix` | ✓ Done in Task 1 |
| `home/features/desktop/wayland.nix` | `home/desktop/wm/wayland.nix` | ✓ Done in Task 1 |
| `home/features/desktop/rofi.nix` | `home/desktop/wm/rofi.nix` | ✓ Done in Task 1 |
| `home/features/desktop/obsidian.nix` | `home/desktop/apps/obsidian.nix` | ✓ Done in Task 1 |
| `home/features/desktop/office.nix` | `home/desktop/apps/office.nix` | ✓ Done in Task 1 |
| `home/features/desktop/webapps.nix` | `home/desktop/apps/webapps.nix` | ✓ Done in Task 1 |
| `home/features/desktop/crypto.nix` | `home/desktop/apps/crypto.nix` | ✓ Done in Task 1 |
| `home/features/desktop/fonts.nix` | `home/desktop/theme/fonts.nix` | ✓ Done in Task 1 |
| `home/features/desktop/theme.nix` | `home/desktop/theme/theme.nix` | ✓ Done in Task 1 |
| `home/features/desktop/wallpapers.nix` | `home/desktop/theme/wallpapers.nix` | ✓ Done in Task 1 |
| `home/features/desktop/media.nix` | `home/profiles/media/*.nix` | Split into modules |
| `home/features/desktop/gaming.nix` | `home/profiles/gaming/*.nix` | Split into modules |
- [ ] **Step 2: Archive old structure**
```bash
# After migration, archive old features/
git mv home/features home/features.old
```
- [ ] **Step 3: Verify all configurations are imported**
```bash
# Check that all features are accessible in new structure
nix flake check
home-manager dry-activate
```
- [ ] **Step 4: Commit Phase 3**
```bash
git add -A
git commit -m "chore: migrate features to profile structure
- Move all cli features to base/shell and base/cli-tools
- Move desktop features to desktop/* subdirectories
- Split media into individual profile modules
- Split gaming into individual profile modules
- Archive old features/ directory"
```
---
## Phase 4: Test and Validate
### Task 4: Test Profile Combinations
**Files:**
- Test: Manual testing on m3-ares (Desktop)
- Test: Manual testing on m3-atlas (Server)
- [ ] **Step 1: Test m3-ares (Desktop with all profiles)**
```bash
# Build and test on m3-ares
nixos-rebuild dry-build --flake .#m3-ares
home-manager dry-activate --flake .#m3tam3re@m3-ares
```
Expected: Loads base + coding + desktop + gaming + media
- [ ] **Step 2: Test m3-atlas (Server with coding only)**
```bash
# Build and test on m3-atlas
nixos-rebuild dry-build --flake .#m3-atlas
home-manager dry-activate --flake .#m3tam3re@m3-atlas
```
Expected: Loads base + coding + server (no desktop modules)
- [ ] **Step 3: Test assertion (should fail)**
```nix
# This SHOULD fail - desktop and server together
m3ta.context = "desktop";
m3ta.profiles = [ "coding" ];
# Nix should throw assertion error
```
- [ ] **Step 4: Commit Phase 4**
```bash
git commit -m "test: validate profile combinations on all hosts
- m3-ares: base + coding + desktop + gaming + media ✓
- m3-atlas: base + coding + server ✓
- Constraint assertion working ✓"
```
---
## Phase 5: Cleanup
### Task 5: Remove Old Structure
**Files:**
- Delete: `home/features.old/` (after verification)
- [ ] **Step 1: Verify no broken imports**
```bash
# Search for any references to old paths
grep -r "home/features" --include="*.nix"
```
Expected: No results
- [ ] **Step 2: Delete old directory**
```bash
git rm -rf home/features.old
```
- [ ] **Step 3: Final format and check**
```bash
nix fmt
nix flake check
```
- [ ] **Step 4: Final commit**
```bash
git commit -m "chore: remove old features directory
Cleanup complete. New structure:
- home/base/ (always loaded)
- home/coding/ (profile-independent)
- home/profiles/ (gaming, media)
- home/desktop/ (context=desktop)
- home/server/ (context=server)"
```
---
## Summary
| Phase | Tasks | Description |
|-------|-------|-------------|
| 1 | 1 | Create new directory structure |
| 2 | 2 | Implement profile system with constraints |
| 3 | 3 | Migrate existing features |
| 4 | 4 | Test profile combinations |
| 5 | 5 | Remove old structure |
**Total:** 5 tasks, ~22 steps
**Expected Duration:** 2-4 hours (depending on migration complexity)
---
## Migration Notes
1. **NeoVim Config**: Already in nixpkgs, reference via `inputs.m3ta-nixpkgs.packages.neovim-config`
2. **Agent-System**: Already in nixpkgs, reference via `inputs.m3ta-nixpkgs.homeModules.coding.agents`
3. **Zed Remote**: Desktop-only feature, works via SSH. No server-side installation needed.
4. **Fish Shell**: Removed from base (Nushell is primary). Can be added as optional profile if needed.
5. **Feature Flags**: Old `features.*.enable` options → New profile lists `m3ta.profiles = [ "gaming" "media" ]`
docs/plans/2026-04-27-missing-packages.md
-259
View File
@@ -1,259 +0,0 @@
# Missing Packages Implementation Plan
> **Goal:** Restore missing packages from old configuration to new profile-based structure
**Context:** The home profile restructuring (Task 1-5) moved files but left many packages unaccounted for. This plan categorizes and assigns each package to the appropriate location.
---
## Package Categorization
### Base Layer (`home/base/`) — Always Available
These are CLI tools that work on any system (server or desktop):
| Package | Source | Module | Option |
|---------|--------|--------|--------|
| `jq` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `ripgrep` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `fd` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `coreutils` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `htop` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `httpie` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `just` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `lazygit` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `lf` | old cli | `home/base/cli-tools/default.nix` | `home/packages` |
| `tldr` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `trash-cli` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `unzip` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `zip` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `yazi` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `gcc` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `go` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `sqlite` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `sqlite-vec` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `nix-index` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `nix-update` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `progress` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `devenv` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `libnotify` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `basecamp` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `comma` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `fabric-ai` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `llm` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
| `hyprpaper-random` | old cli | `home/base/cli-tools/default.nix` | `home.packages` |
**Note:** `hyprpaper-random` is in base despite being Hyprland-specific. Alternative: move to `desktop/wm/` if it causes issues on non-Hyprland systems.
### Base Programs (CLI Integration)
These are programs with shell integration, placed in `home/base/cli-tools/`:
| Program | Source | Module | Option |
|---------|--------|--------|--------|
| `carapace` | old cli | `home/base/cli-tools/default.nix` | `programs.carapace` |
| `zoxide` | old cli | `home/base/cli-tools/default.nix` | `programs.zoxide` |
| `bat` | old cli | `home/base/cli-tools/default.nix` | `programs.bat` |
| `direnv` | old cli | `home/base/cli-tools/default.nix` | `programs.direnv` |
| `eza` | old cli | `home/base/cli-tools/default.nix` | `programs.eza` |
| `lf` | old cli | `home/base/cli-tools/default.nix` | `programs.lf` |
| `zellij-ps` | old cli | `home/base/cli-tools/default.nix` | `cli.zellij-ps` |
### Coding Layer (`home/coding/`) — Developer Tools
| Package | Source | Module | Option |
|---------|--------|--------|--------|
| `bruno` | old desktop/coding | `home/coding/packages.nix` | `home.packages` |
| `insomnia` | old desktop/coding | `home/coding/packages.nix` | `home.packages` |
| `vim` | - | `home/coding/packages.nix` | `home.packages` |
**New module:** `home/coding/packages.nix` (or inline into `coding/default.nix`)
### Desktop Layer (`home/desktop/`) — Desktop-Specific
| Package | Source | Module | Option |
|---------|--------|--------|--------|
| `vibetyper` | old desktop | `home/desktop/apps/default.nix` | `home.packages` |
| `pomodoro-timer` | old cli | `home/desktop/apps/default.nix` | `home.packages` |
| `launch-timer` | - | `home/desktop/apps/default.nix` | `home.packages` |
**Note:** `launch-timer` needs investigation - is it a custom script or nixpkgs package?
### Gaming Profile (`home/profiles/gaming/`) — Gaming Only
| Package | Source | Module | Option |
|---------|--------|--------|--------|
| `rocmPackages.rocm-smi` | old cli | `home/profiles/gaming/default.nix` | `home.packages` |
| `rocmPackages.rocminfo` | old cli | `home/profiles/gaming/default.nix` | `home.packages` |
| `rocmPackages.rocm-runtime` | old cli | `home/profiles/gaming/default.nix` | `home.packages` |
| `vulkan-tools` | old cli | `home/profiles/gaming/default.nix` | `home.packages` |
**Rationale:** ROCm is for AMD GPUs used in gaming (e.g., ROG Ally, gaming laptops with AMD dGPUs). This keeps server configs clean.
### Media Profile (`home/profiles/media/`) — Media Creation
| Package | Source | Module | Option |
|---------|--------|--------|--------|
| `plexamp` | old desktop/media | `home/profiles/media/default.nix` | `home.packages` |
| `webcord` | old desktop/media | `home/profiles/media/default.nix` | `home.packages` |
| `unimatrix` | old cli | `home/profiles/media/default.nix` | `home.packages` |
| `mpv` (config) | old desktop/media | `home/profiles/media/default.nix` | `programs.mpv` |
**Note:** `unimatrix` is a terminal screensaver - fits well with media profile.
---
## NOT Needed (Explicitly Removed)
These packages should NOT be added:
| Package | Reason |
|---------|--------|
| `wireguard-tools` | No longer needed |
| `wttrbar` | No longer needed |
| `nushellPlugins.skim` | No longer needed |
---
## Tasks
### Task 1: Update `home/base/cli-tools/default.nix`
Add missing packages to the CLI tools aggregator:
```nix
home.packages = with pkgs; [
# Core utilities
jq ripgrep fd coreutils htop
# Dev tools
just lazylib lf tldr devenv
gcc go sqlite sqlite-vec
nix-index nix-update progress
# AI tools
comma fabric-ai llm
# Misc
libnotify basecamp hyprpaper-random
trash-cli unzip zip yazi
];
```
Also add programs: carapace, zoxide, bat, direnv, eza, lf, zellij-ps
### Task 2: Create `home/coding/packages.nix`
New module for coding-specific packages:
```nix
{ lib, pkgs, ... }:
{
options.coding.packages = {
enable = mkEnableOption "additional coding packages";
};
config = mkIf config.coding.packages.enable {
home.packages = with pkgs; [
bruno
insomnia
];
};
}
```
### Task 3: Update `home/profiles/gaming/default.nix`
Add GPU monitoring tools:
```nix
home.packages = with pkgs; [
# Gaming utilities
gamescope gamemode goverlay mangohud protonplus
# AMD GPU monitoring (ROCm)
rocmPackages.rocm-smi
rocmPackages.rocminfo
rocmPackages.rocm-runtime
vulkan-tools
];
```
### Task 4: Update `home/profiles/media/default.nix`
Add missing media packages:
```nix
home.packages = with pkgs; [
# Already present: ffmpeg_6-full, gimp, handbrake, etc.
# Add missing:
plexamp
webcord
unimatrix
];
programs.mpv = {
enable = true;
bindings = {
WHEEL_UP = "seek 10";
WHEEL_DOWN = "seek -10";
};
config = {
profile = "gpu-hq";
ytdl-format = "bestvideo+bestaudio";
};
};
```
### Task 5: Update Desktop Apps
Add desktop-specific packages to `home/desktop/apps/default.nix`:
```nix
home.packages = with pkgs; [
# Already present
# Add missing:
pomodoro-timer
# launch-timer - needs investigation
];
```
### Task 6: Update Host Configs
Ensure all desktop hosts import the new modules:
- `home/m3tam3re/m3-ares.nix` - Should have `coding.packages.enable = true`
- `home/m3tam3re/m3-kratos.nix` - Should have `coding.packages.enable = true`
---
## Implementation Order
1. **Task 1** - Base CLI tools (largest impact, affects all hosts)
2. **Task 2** - Coding packages (small, new module)
3. **Task 3** - Gaming profile (ROCm)
4. **Task 4** - Media profile (plexamp, webcord, unimatrix, mpv)
5. **Task 5** - Desktop apps (vibetyper already present, add pomodoro-timer)
6. **Task 6** - Host config updates (if needed)
---
## Verification
```bash
nix flake check
# Should pass with no new errors
```
---
## Summary
| Layer | New Files | Modified Files |
|-------|-----------|----------------|
| base/cli-tools | - | `default.nix` |
| coding | `packages.nix` | `default.nix` |
| profiles/gaming | - | `default.nix` |
| profiles/media | - | `default.nix` |
| desktop/apps | - | `default.nix` |
**Total packages to restore:** ~30
**Programs to restore:** 7
**Packages excluded:** 3 (wireguard, wttrbar, nushellPlugins.skim)
flake.lock
Generated
+531 -261
View File
File diff suppressed because it is too large Load Diff
flake.nix
+18 -35
View File
@@ -15,15 +15,14 @@
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs-45570c2.url = "github:nixos/nixpkgs/45570c299dc2b63c8c574c4cd77f0b92f7e2766e"; nixpkgs-45570c2.url = "github:nixos/nixpkgs/45570c299dc2b63c8c574c4cd77f0b92f7e2766e";
nixpkgs-locked.url = "github:nixos/nixpkgs/2744d988fa116fc6d46cdfa3d1c936d0abd7d121"; nixpkgs-locked.url = "github:nixos/nixpkgs/2744d988fa116fc6d46cdfa3d1c936d0abd7d121";
nixpkgs-9e58ed7.url = "github:nixos/nixpkgs/9e58ed7ba759d81c98f033b7f5eba21ca68f53b0"; nixpkgs-9e58ed7.url = "github:nixos/nixpkgs/9e58ed7ba759d81c98f033b7f5eba21ca68f53b0";
nixpkgs-master.url = "github:nixos/nixpkgs/master"; nixpkgs-master.url = "github:nixos/nixpkgs/master";
m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs"; m3ta-nixpkgs.url = "git+ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs";
# m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs";
llm-agents.url = "github:numtide/llm-agents.nix"; llm-agents.url = "github:numtide/llm-agents.nix";
# #
@@ -40,36 +39,26 @@
nixos-generators = {url = "github:nix-community/nixos-generators";}; nixos-generators = {url = "github:nix-community/nixos-generators";};
hyprpanel.url = "github:Jas-SinghFSU/HyprPanel";
rose-pine-hyprcursor.url = "github:ndom91/rose-pine-hyprcursor"; rose-pine-hyprcursor.url = "github:ndom91/rose-pine-hyprcursor";
nix-colors.url = "github:misterio77/nix-colors"; nix-colors.url = "github:misterio77/nix-colors";
agents = { m3ta-home = {
# url = "path:/home/m3tam3re/p/AI/AGENTS"; url = "git+ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home";
url = "git+https://code.m3ta.dev/m3tam3re/AGENTS"; # url = "path:/home/m3tam3re/p/NIX/m3ta-home";
inputs.nixpkgs.follows = "nixpkgs";
}; };
## Skills
skills-basecamp = { agent-lib = {
url = "github:basecamp/basecamp-cli"; url = "git+ssh://gitea@code.m3ta.dev/m3tam3re/agent-lib";
flake = false; inputs.nixpkgs.follows = "nixpkgs";
}; };
skills-anthropic = {
url = "github:anthropics/skills"; hermes-agent.url = "github:NousResearch/hermes-agent/v2026.5.29.2";
flake = false;
rustfs = {
url = "github:rustfs/rustfs-flake";
inputs.nixpkgs.follows = "nixpkgs";
}; };
skills-kestra = {
url = "github:kestra-io/agent-skills";
flake = false;
};
skills-superpowers = {
url = "github:obra/superpowers";
flake = false;
};
skills-vercel = {
url = "github:vercel-labs/skills";
flake = false;
};
hermes-agent.url = "github:NousResearch/hermes-agent/v2026.4.23";
}; };
outputs = { outputs = {
@@ -79,7 +68,6 @@
nixpkgs, nixpkgs,
m3ta-nixpkgs, m3ta-nixpkgs,
nur, nur,
agents,
... ...
} @ inputs: let } @ inputs: let
inherit (self) outputs; inherit (self) outputs;
@@ -95,7 +83,7 @@
in { in {
packages = packages =
forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
overlays = builtins.removeAttrs allOverlays ["mkLlmAgentsOverlay"]; overlays = removeAttrs allOverlays ["mkLlmAgentsOverlay"];
lib.mkLlmAgentsOverlay = allOverlays.mkLlmAgentsOverlay; lib.mkLlmAgentsOverlay = allOverlays.mkLlmAgentsOverlay;
homeManagerModules = import ./modules/home-manager; homeManagerModules = import ./modules/home-manager;
@@ -123,6 +111,7 @@
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
agenix.nixosModules.default agenix.nixosModules.default
m3ta-nixpkgs.nixosModules.default m3ta-nixpkgs.nixosModules.default
inputs.rustfs.nixosModules.rustfs
]; ];
}; };
m3-kratos = nixpkgs.lib.nixosSystem { m3-kratos = nixpkgs.lib.nixosSystem {
@@ -181,11 +170,6 @@
inherit system; inherit system;
config.allowUnfree = true; # Allow unfree packages in devShell config.allowUnfree = true; # Allow unfree packages in devShell
}; };
m3taLib = m3ta-nixpkgs.lib.x86_64-linux;
rules = m3taLib.coding-rules.mkCodingRules {
inherit agents;
languages = ["nix"];
};
in { in {
default = pkgs.mkShell { default = pkgs.mkShell {
buildInputs = with pkgs; [ buildInputs = with pkgs; [
@@ -196,7 +180,6 @@
statix statix
deadnix deadnix
]; ];
inherit (rules) instructions shellHook;
}; };
}); });
}; };
home/base/cli-tools/bat.nix
-145
View File
@@ -1,145 +0,0 @@
# Bat — cat replacement with nix-colors syntax highlighting theme.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.base.cliTools.bat;
palette = config.colorScheme.palette;
in {
# Enabled by default — base modules are always-on.
options.base.cliTools.bat.enable = (mkEnableOption "enable bat with nix-colors theme") // {default = true;};
config = mkIf cfg.enable {
programs.bat = {
enable = true;
config = {theme = "universal";};
themes = {
universal = {
src = pkgs.writeText "universal.tmTheme" ''
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>name</key>
<string>Universal (nix-colors)</string>
<key>settings</key>
<array>
<dict>
<key>settings</key>
<dict>
<key>background</key>
<string>#${palette.base00}</string>
<key>foreground</key>
<string>#${palette.base05}</string>
<key>caret</key>
<string>#${palette.base05}</string>
<key>selection</key>
<string>#${palette.base02}</string>
<key>selectionForeground</key>
<string>#${palette.base05}</string>
<key>lineHighlight</key>
<string>#${palette.base01}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Comment</string>
<key>scope</key>
<string>comment</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${palette.base03}</string>
<key>fontStyle</key>
<string>italic</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>String</string>
<key>scope</key>
<string>string</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${palette.base0A}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Number</string>
<key>scope</key>
<string>constant.numeric</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${palette.base0E}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Keyword</string>
<key>scope</key>
<string>keyword</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${palette.base08}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Function</string>
<key>scope</key>
<string>entity.name.function</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${palette.base0B}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Type</string>
<key>scope</key>
<string>entity.name.type, storage.type</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${palette.base0D}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Variable</string>
<key>scope</key>
<string>variable</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${palette.base05}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Constant</string>
<key>scope</key>
<string>constant</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${palette.base0E}</string>
</dict>
</dict>
</array>
</dict>
</plist>
'';
};
};
};
};
}
home/base/cli-tools/carapace.nix
-21
View File
@@ -1,21 +0,0 @@
# Carapace — multi-shell completion engine with Fish, Nushell, and Bash integration.
{
config,
lib,
...
}:
with lib; let
cfg = config.base.cliTools.carapace;
in {
# Enabled by default — base modules are always-on.
options.base.cliTools.carapace.enable = (mkEnableOption "enable carapace completion engine") // {default = true;};
config = mkIf cfg.enable {
programs.carapace = {
enable = true;
enableFishIntegration = true;
enableNushellIntegration = true;
enableBashIntegration = true;
};
};
}
home/base/cli-tools/default.nix
-17
View File
@@ -1,17 +0,0 @@
# CLI tools aggregator — imports all base command-line utilities.
{...}: {
imports = [
./bat.nix
./carapace.nix
./direnv.nix
./eza.nix
./fzf.nix
./lf.nix
./nitch.nix
./packages.nix
./television.nix
./zellij.nix
./zellij-ps.nix
./zoxide.nix
];
}
home/base/cli-tools/direnv.nix
-20
View File
@@ -1,20 +0,0 @@
# Direnv — automatic environment loading with nix-direnv integration.
{
config,
lib,
...
}:
with lib; let
cfg = config.base.cliTools.direnv;
in {
# Enabled by default — base modules are always-on.
options.base.cliTools.direnv.enable = (mkEnableOption "enable direnv with nix-direnv") // {default = true;};
config = mkIf cfg.enable {
programs.direnv = {
enable = true;
enableNushellIntegration = true;
nix-direnv.enable = true;
};
};
}
home/base/cli-tools/eza.nix
-21
View File
@@ -1,21 +0,0 @@
# Eza — modern ls replacement with icons, git status, and long format by default.
{
config,
lib,
...
}:
with lib; let
cfg = config.base.cliTools.eza;
in {
# Enabled by default — base modules are always-on.
options.base.cliTools.eza.enable = (mkEnableOption "enable eza modern ls replacement") // {default = true;};
config = mkIf cfg.enable {
programs.eza = {
enable = true;
enableFishIntegration = true;
enableBashIntegration = true;
extraOptions = ["-l" "--icons" "--git" "-a"];
};
};
}
home/base/cli-tools/fzf.nix
-41
View File
@@ -1,41 +0,0 @@
# Fuzzy finder with nix-colors palette and Wayland clipboard integration.
{
config,
lib,
...
}:
with lib; let
cfg = config.base.cliTools.fzf;
in {
# Enabled by default — base modules are always-on.
options.base.cliTools.fzf.enable = (mkEnableOption "enable fuzzy finder") // {default = true;};
config = mkIf cfg.enable {
programs.fzf = {
enable = true;
enableFishIntegration = true;
colors = {
"fg" = "#${config.colorScheme.palette.base05}";
"bg" = "#${config.colorScheme.palette.base00}";
"hl" = "#${config.colorScheme.palette.base0E}";
"fg+" = "#${config.colorScheme.palette.base05}";
"bg+" = "#${config.colorScheme.palette.base02}";
"hl+" = "#${config.colorScheme.palette.base0E}";
"info" = "#${config.colorScheme.palette.base09}";
"prompt" = "#${config.colorScheme.palette.base0B}";
"pointer" = "#${config.colorScheme.palette.base08}";
"marker" = "#${config.colorScheme.palette.base08}";
"spinner" = "#${config.colorScheme.palette.base09}";
"header" = "#${config.colorScheme.palette.base03}";
};
defaultOptions = [
"--preview='bat --color=always -n {}'"
"--bind 'ctrl-/:toggle-preview'"
"--header 'Press CTRL-Y to copy command into clipboard'"
"--bind 'ctrl-y:execute-silent(echo -n {2..} | wl-copy)+abort'"
];
defaultCommand = "fd --type f --exclude .git --follow --hidden";
changeDirWidgetCommand = "fd --type d --exclude .git --follow --hidden";
};
};
}
home/base/cli-tools/lf.nix
-28
View File
@@ -1,28 +0,0 @@
# Lf — terminal file manager with bat preview and Dracula theme.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.base.cliTools.lf;
in {
# Enabled by default — base modules are always-on.
options.base.cliTools.lf.enable = (mkEnableOption "enable lf terminal file manager") // {default = true;};
config = mkIf cfg.enable {
home.packages = [pkgs.lf];
programs.lf = {
enable = true;
settings = {
preview = true;
drawbox = true;
hidden = true;
icons = true;
previewer = "bat";
};
};
};
}
home/base/cli-tools/nitch.nix
-17
View File
@@ -1,17 +0,0 @@
# Nitch — minimal system information display tool.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.base.cliTools.nitch;
in {
# Enabled by default — base modules are always-on.
options.base.cliTools.nitch.enable = (mkEnableOption "enable nitch") // {default = true;};
config = mkIf cfg.enable {
home.packages = [pkgs.nitch];
};
}
home/base/cli-tools/packages.nix
-62
View File
@@ -1,62 +0,0 @@
# Essential CLI packages — core utilities always available on every host.
# NOTE: `lazylib` does not exist in nixpkgs. `lazygit` is the correct package
# (Git TUI) and is intentionally used here instead.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.base.cliTools.essentials;
in {
# Enabled by default — base modules are always-on.
options.base.cliTools.essentials.enable = (mkEnableOption "enable essential CLI packages") // {default = true;};
config = mkIf cfg.enable {
home.packages = with pkgs; [
# Core utilities
coreutils
fd
htop
jq
ripgrep
# Nix
alejandra
comma
nixd
nix-diff
nix-index
nix-update
# Dev tools
bc
cmake
devenv
gcc
gnumake
go
httpie
just
lazygit
progress
sqlite
sqlite-vec
tldr
# AI tools
fabric-ai
llm
# Misc
basecamp
hyprpaper-random
libnotify
trash-cli
unzip
yazi
zip
];
};
}
home/base/cli-tools/television.nix
-60
View File
@@ -1,60 +0,0 @@
# Television — fuzzy finder with custom channels for tldr, git-diff, and git-log.
{
config,
lib,
...
}:
with lib; let
cfg = config.base.cliTools.television;
in {
# Enabled by default — base modules are always-on.
options.base.cliTools.television.enable = (mkEnableOption "enable television") // {default = true;};
config = mkIf cfg.enable {
programs.television = {
enable = true;
channels = {
tldr = {
metadata = {
description = "Browse TLDR pages";
name = "tldr";
requirements = ["tldr"];
};
preview = {
command = "tldr '{}'";
};
source = {
command = "tldr --list";
};
};
git-diff = {
metadata = {
description = "A channel to select files from git diff commands";
name = "git-diff";
requirements = ["git"];
};
preview = {
command = "git diff HEAD --color=always -- '{}'";
};
source = {
command = "git diff --name-only HEAD";
};
};
git-log = {
metadata = {
description = "A channel to select from git log entries";
name = "git-log";
requirements = ["git"];
};
preview = {
command = "git show -p --stat --pretty=fuller --color=always '{0}'";
};
source = {
command = "git log --oneline --date=short --pretty=\"format:%h %s %an %cd\" \"$@\"";
output = "{split: :0}";
};
};
};
};
};
}
home/base/cli-tools/zellij-ps.nix
-30
View File
@@ -1,30 +0,0 @@
# Zellij-ps — project-aware Zellij session manager from m3ta-nixpkgs.
# Delegates to `cli.zellij-ps` — the home-manager module namespace provided by
# m3ta-nixpkgs (inputs.m3ta-nixpkgs.nixosModules.default). This is intentional;
# `cli.*` is the convention used by m3ta-nixpkgs home-manager modules.
{
config,
lib,
...
}:
with lib; let
cfg = config.base.cliTools.zellijPs;
in {
options.base.cliTools.zellijPs = {
# Enabled by default — base modules are always-on.
enable = (mkEnableOption "enable zellij-ps project session manager") // {default = true;};
projectFolders = mkOption {
type = types.listOf types.path;
description = "Project root folders scanned by zellij-ps.";
default = ["${config.home.homeDirectory}/p"];
};
};
config = mkIf cfg.enable {
cli.zellij-ps = {
enable = true;
projectFolders = cfg.projectFolders;
};
};
}
home/base/cli-tools/zellij.nix
-34
View File
@@ -1,34 +0,0 @@
# Zellij terminal multiplexer with nix-colors theming.
{
config,
lib,
...
}:
with lib; let
cfg = config.base.cliTools.zellij;
in {
# Enabled by default — base modules are always-on.
options.base.cliTools.zellij.enable = (mkEnableOption "enable zellij multiplexer") // {default = true;};
config = mkIf cfg.enable {
programs.zellij = {
enable = true;
settings = {
theme = "universal";
themes.universal = {
bg = "#${config.colorScheme.palette.base00}";
fg = "#${config.colorScheme.palette.base05}";
black = "#${config.colorScheme.palette.base01}";
red = "#${config.colorScheme.palette.base08}";
green = "#${config.colorScheme.palette.base0B}";
yellow = "#${config.colorScheme.palette.base0A}";
blue = "#${config.colorScheme.palette.base0D}";
magenta = "#${config.colorScheme.palette.base0E}";
cyan = "#${config.colorScheme.palette.base0C}";
white = "#${config.colorScheme.palette.base07}";
orange = "#${config.colorScheme.palette.base09}";
};
};
};
};
}
home/base/cli-tools/zoxide.nix
-20
View File
@@ -1,20 +0,0 @@
# Zoxide — smarter cd with Fish and Nushell integration.
{
config,
lib,
...
}:
with lib; let
cfg = config.base.cliTools.zoxide;
in {
# Enabled by default — base modules are always-on.
options.base.cliTools.zoxide.enable = (mkEnableOption "enable zoxide smarter cd") // {default = true;};
config = mkIf cfg.enable {
programs.zoxide = {
enable = true;
enableFishIntegration = true;
enableNushellIntegration = true;
};
};
}
home/base/default.nix
-9
View File
@@ -1,9 +0,0 @@
# Base home-manager configuration — always loaded on every host.
# Includes shell, CLI tools, and secrets modules.
{...}: {
imports = [
./shell
./cli-tools
./secrets/secrets.nix
];
}
home/base/secrets/secrets.nix
-24
View File
@@ -1,24 +0,0 @@
# Password store and secrets management via pass-wayland with OTP and import extensions.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.base.secrets;
in {
# Enabled by default — base modules are always-on.
options.base.secrets.enable = (mkEnableOption "enable secrets management") // {default = true;};
config = mkIf cfg.enable {
programs.password-store = {
enable = true;
package =
pkgs.pass-wayland.withExtensions
(exts: [exts.pass-otp exts.pass-import]);
settings = {PASSWORD_STORE_DIR = "$XDG_DATA_HOME/password-store";};
};
home.packages = [pkgs.pinentry-gnome3];
};
}
home/base/shell/default.nix
-8
View File
@@ -1,8 +0,0 @@
# Shell aggregator — imports Nushell (primary), Fish, and Starship prompt.
{...}: {
imports = [
./nushell.nix
./fish.nix
./starship.nix
];
}
home/base/shell/fish.nix
-118
View File
@@ -1,118 +0,0 @@
# Fish shell configuration exposed under the new base namespace.
{
config,
lib,
...
}:
with lib; let
cfg = config.base.shell.fish;
in {
# Enabled by default — base modules are always-on.
options.base.shell.fish.enable = (mkEnableOption "enable fish shell") // {default = true;};
config = mkIf cfg.enable {
programs.fish = {
enable = true;
interactiveShellInit = ''
# Fish colors using universal nix-colors palette
# Text colors
set -g fish_color_normal ${config.colorScheme.palette.base05} # text
set -g fish_color_param ${config.colorScheme.palette.base05} # text
set -g fish_color_comment ${config.colorScheme.palette.base03} # muted
set -g fish_color_autosuggestion ${config.colorScheme.palette.base03} # muted
# Command colors
set -g fish_color_command ${config.colorScheme.palette.base0D} # accent6 (blue)
set -g fish_color_quote ${config.colorScheme.palette.base0A} # accent3 (yellow)
set -g fish_color_redirection ${config.colorScheme.palette.base0E} # accent7 (purple)
set -g fish_color_end ${config.colorScheme.palette.base08} # accent1 (red)
set -g fish_color_error ${config.colorScheme.palette.base08} # accent1 (red)
set -g fish_color_operator ${config.colorScheme.palette.base0C} # accent5 (cyan)
set -g fish_color_escape ${config.colorScheme.palette.base09} # accent2 (orange)
# Path colors
set -g fish_color_cwd ${config.colorScheme.palette.base0B} # accent4 (green)
set -g fish_color_cwd_root ${config.colorScheme.palette.base08} # accent1 (red)
set -g fish_color_valid_path --underline
# Interactive colors
set -g fish_color_match ${config.colorScheme.palette.base0B} # accent4 (green)
set -g fish_color_selection --background=${config.colorScheme.palette.base02} # overlay
set -g fish_color_search_match --background=${config.colorScheme.palette.base02} # overlay
set -g fish_color_history_current --bold
set -g fish_color_user ${config.colorScheme.palette.base0B} # accent4 (green)
set -g fish_color_host ${config.colorScheme.palette.base0D} # accent6 (blue)
set -g fish_color_cancel -r
# Pager colors
set -g fish_pager_color_completion normal
set -g fish_pager_color_description ${config.colorScheme.palette.base03} # muted
set -g fish_pager_color_prefix ${config.colorScheme.palette.base0E} # accent7 (purple)
set -g fish_pager_color_progress ${config.colorScheme.palette.base0B} # accent4 (green)
'';
loginShellInit = ''
set -x NIX_PATH nixpkgs=channel:nixos-unstable
set -x NIX_LOG info
set -x WEBKIT_DISABLE_COMPOSITING_MODE 1
set -x TERMINAL ghostty
set -x EDITOR nvim
set -x VISUAL zed
set -x XDG_DATA_HOME $HOME/.local/share
set -x FZF_CTRL_R_OPTS "
--preview='bat --color=always -n {}'
--preview-window up:3:hidden:wrap
--bind 'ctrl-/:toggle-preview'
--bind 'ctrl-y:execute-silent(echo -n {2..} | wl-copy)+abort'
--color header:bold
--header 'Press CTRL-Y to copy command into clipboard'"
set -x FZF_DEFAULT_COMMAND fd --type f --exclude .git --follow --hidden
set -x FZF_CTRL_T_COMMAND "$FZF_DEFAULT_COMMAND"
set -x FLAKE $HOME/p/nixos/nixos-config
source /run/agenix/${config.home.username}-secrets
if test (tty) = "/dev/tty1"
exec uwsm start -F /run/current-system/sw/bin/Hyprland
end
if test (tty) = "/dev/tty2"
exec gamescope -O HDMI-A-1 -W 1920 -H 1080 --adaptive-sync --hdr-enabled --rt --steam -- steam -pipewire-dmabuf -tenfoot
end
'';
shellAbbrs = {
".." = "cd ..";
"..." = "cd ../..";
b = "yazi";
ls = "eza";
l = "eza -l --icons --git -a";
lt = "eza --tree --level=2 --long --icons --git";
grep = "rg";
ps = "procs";
just = "just --unstable";
node = "bun";
npx = "bunx";
fs = "du -ah . | sort -hr | head -n 10";
n = "nix";
nd = "nix develop -c $SHELL";
ns = "nix shell";
nsn = "nix shell nixpkgs#";
nb = "nix build";
nbn = "nix build nixpkgs#";
nf = "nix flake";
nr = "sudo nixos-rebuild --flake .";
nrs = "sudo nixos-rebuild switch --flake .#(uname -n)";
snr = "sudo nixos-rebuild --flake .";
snrs = "sudo nixos-rebuild --flake . switch";
hm = "home-manager --flake .";
hms = "home-manager --flake . switch";
hmr = "cd ~/projects/nix-configurations; nix flake lock --update-input dotfiles; home-manager --flake .#(whoami)@(hostname) switch";
tsu = "sudo tailscale up";
tsd = "sudo tailscale down";
vi = "nvim";
vim = "nvim";
};
};
};
}
home/base/shell/nushell.nix
-86
View File
@@ -1,86 +0,0 @@
# Primary shell configuration — Nushell with environment, aliases, and integrations.
{
config,
lib,
...
}:
with lib; let
cfg = config.base.shell.nushell;
in {
# Enabled by default — base modules are always-on.
options.base.shell.nushell.enable = (mkEnableOption "enable nushell") // {default = true;};
config = mkIf cfg.enable {
programs.nushell = {
enable = true;
envFile.text = ''
$env.config.show_banner = false
$env.NIX_PATH = "nixpkgs=channel:nixos-unstable"
$env.NIX_LOG = "iunfo"
$env.WEBKIT_DISABLE_COMPOSITING_MODE = "1"
$env.TERMINAL = "ghostty"
$env.EDITOR = "nvim"
$env.VISUAL = "zeditor"
$env.FZF_DEFAULT_COMMAND = "fd --type f --exclude .git --follow --hidden"
$env.FZF_DEFAULT_OPTS = "--preview='bat --color=always -n {}' --bind 'ctrl-/:toggle-preview' --header 'Press CTRL-Y to copy command into clipboard' --bind 'ctrl-y:execute-silent(echo -n {2..} | wl-copy)+abort' --color bg:#282a36,bg+:#44475a,fg:#f8f8f2,fg+:#f8f8f2,header:#6272a4,hl:#bd93f9,hl+:#bd93f9,info:#ffb86c,marker:#ff79c6,pointer:#ff79c6,prompt:#50fa7b,spinner:#ffb86c"
$env.XDG_DATA_HOME = $"($env.HOME)/.local/share"
$env.SSH_AUTH_SOCK = "/run/user/1000/gnupg/S.gpg-agent.ssh"
$env.PATH = ($env.PATH | split row (char esep) | append $"($env.HOME)/.cache/.bun/bin" | append $"($env.HOME)/.npm-global/bin" | uniq)
$env.NPM_CONFIG_PREFIX = $"($env.HOME)/.npm-global"
$env.FLAKE = $"($env.HOME)/p/NIX/nixos-config"
# Load kestractl-env from agenix
if ("/run/agenix/kestractl-env" | path exists) {
open /run/agenix/kestractl-env
| lines
| where {($in | str trim | str length) > 0}
| parse "{key}={value}"
| update value {str trim -c '"'}
| transpose -r -d
| load-env
}
'';
configFile.text = ''
# Aliases
alias .. = cd ..
alias ... = cd ...
alias h = cd $env.HOME
alias b = yazi
alias lt = eza --tree --level=2 --long --icons --git
alias grep = rg
alias just = just --unstable
alias node = bun
alias npx = bunx
alias n = nix
alias nd = nix develop -c $nu.current-shell
alias ns = nix shell
alias nsn = nix shell nixpkgs#
alias nb = nix build
alias nbn = nix build nixpkgs#
alias nf = nix flake
alias nr = sudo nixos-rebuild --flake .
alias nrs = sudo nixos-rebuild switch --flake .#(sys host | get hostname)
alias snr = sudo nixos-rebuild --flake .
alias snrs = sudo nixos-rebuild --flake . switch
alias hm = home-manager --flake .
alias hms = home-manager --flake . switch
alias hmr = do { cd ~/projects/nix-configurations; nix flake lock --update-input dotfiles; home-manager --flake .#(whoami)@(hostname) switch }
alias tsu = sudo tailscale up
alias tsd = sudo tailscale down
alias vi = nvim
alias vim = nvim
if (which tv | is-not-empty) {
mkdir ($nu.data-dir | path join "vendor/autoload")
tv init nu | save -f ($nu.data-dir | path join "vendor/autoload/tv.nu")
}
'';
};
};
}
home/base/shell/starship.nix
-70
View File
@@ -1,70 +0,0 @@
# Starship cross-shell prompt with nix-colors theming.
{
config,
lib,
...
}:
with lib; let
cfg = config.base.shell.starship;
in {
# Enabled by default — base modules are always-on.
options.base.shell.starship.enable = (mkEnableOption "enable starship prompt") // {default = true;};
config = mkIf cfg.enable {
programs.starship = {
enable = true;
enableFishIntegration = true;
enableNushellIntegration = true;
settings = {
format = "$all$character";
palette = "universal";
palettes.universal = {
background = "#${config.colorScheme.palette.base00}";
surface = "#${config.colorScheme.palette.base01}";
muted = "#${config.colorScheme.palette.base03}";
text = "#${config.colorScheme.palette.base05}";
bright = "#${config.colorScheme.palette.base07}";
accent1 = "#${config.colorScheme.palette.base08}";
accent2 = "#${config.colorScheme.palette.base09}";
accent3 = "#${config.colorScheme.palette.base0A}";
accent4 = "#${config.colorScheme.palette.base0B}";
accent5 = "#${config.colorScheme.palette.base0C}";
accent6 = "#${config.colorScheme.palette.base0D}";
accent7 = "#${config.colorScheme.palette.base0E}";
};
character = {
success_symbol = "[](accent7)";
error_symbol = "[](accent1)";
};
directory = {
style = "accent6";
truncation_length = 3;
truncate_to_repo = false;
};
git_branch = {
style = "accent7";
};
git_status = {
style = "accent5";
};
cmd_duration = {
style = "accent3";
};
hostname = {
style = "accent4";
};
username = {
style_user = "accent2";
};
};
};
};
}
home/coding/agents/agents.nix
-74
View File
@@ -1,74 +0,0 @@
# AI agent system — OpenCode, Pi, and MCP server configuration.
# Relies on coding.agents options provided by home/common/default.nix
# (inputs.m3ta-nixpkgs.homeManagerModules.default).
{
config,
inputs,
lib,
pkgs,
videoDrivers ? [],
...
}: {
imports = [
# OpenCode and Pi agent configurations
./opencode.nix
./pi.nix
];
coding.agents.skills = {
agentsInput = inputs.agents;
externalSkills = [
{
src = inputs.skills-anthropic;
selectSkills = ["pdf" "docx" "frontend-design"];
}
{src = inputs.skills-superpowers;}
{src = inputs.skills-vercel;}
{src = inputs.skills-basecamp;}
{src = inputs.skills-kestra;}
];
};
programs.mcp = {
enable = true;
servers = {
DeepWiki = {
url = "https://mcp.deepwiki.com/mcp";
};
Ref = {
command = "bash";
args = ["-c" "REF_API_KEY=$(cat /run/agenix/ref-key) exec bunx ref-tools-mcp@latest"];
};
Exa = {
command = "bash";
args = ["-c" "EXA_API_KEY=$(cat /run/agenix/exa-key) exec bunx exa-mcp-server@latest tools=web_search_exa"];
};
Outline = {
url = "https://wiki.az-gruppe.com/mcp";
};
ContextMode = {
command = "bash";
args = ["-c" "exec bunx context-mode@latest"];
};
Honcho = {
command = "bash";
args = [
"-c"
''exec bunx mcp-remote@latest https://mcp.honcho.dev --header "Authorization:Bearer $(cat /run/agenix/honcho-key)" --header "X-Honcho-User-Name:m3tam3re"''
];
};
};
};
home.packages = with pkgs; [
agenix-cli
agent-browser
pyrefly
(qmd.override {
vulkanSupport = videoDrivers == ["amdgpu"];
cudaSupport = videoDrivers == ["nvidia"];
})
openshell
openspec
];
}
home/coding/agents/opencode.nix
-116
View File
@@ -1,116 +0,0 @@
{
inputs,
lib,
...
}: {
coding.agents.opencode = {
enable = true;
agentsInput = inputs.agents;
};
coding.opencode = {
enable = true;
ohMyOpencodeSettings = {
agents = {
sisyphus.model = "litellm/claude-opus-4-6";
oracle.model = "litellm/claude-sonnet-4-6";
librarian.model = "litellm/claude-sonnet-4-6";
explore.model = "litellm/claude-haiku-4-5";
multimodal-looker.model = "litellm/gpt-5.3-codex";
prometheus.model = "litellm/claude-opus-4-6";
metis.model = "litellm/claude-opus-4-6";
momus.model = "litellm/claude-opus-4-6";
atlas.model = "litellm/claude-sonnet-4-6";
};
categories = {
visual-engineering.model = "zai-coding-plan/glm-5.1";
ultrabrain.model = "litellm/claude-opus-4-6";
deep.model = "litellm/claude-sonnet-4-6";
artistry.model = "zai-coding-plan/glm-5.1";
quick.model = "litellm/claude-haiku-4-5";
unspecified-low.model = "litellm/claude-sonnet-4-6";
unspecified-high.model = "litellm/claude-opus-4-6";
writing.model = "zai-coding-plan/glm-5.1";
};
};
};
# Keep TUI settings in programs.opencode.tui to satisfy OpenCode v1.2.15+.
programs.opencode.tui.theme = "opencode";
# Override legacy default settings to avoid deprecated TUI keys in settings.
programs.opencode.settings = lib.mkForce {
plugin = ["oh-my-openagent"];
formatter = {
alejandra = {
command = ["alejandra" "-q" "-"];
extensions = [".nix"];
};
};
# AZ-Gruppe LiteLLM endpoint + available models
provider = {
litellm = {
npm = "@ai-sdk/openai-compatible";
name = "LiteLLM (AZ-Gruppe)";
options.baseURL = "https://llm.az-gruppe.com/v1";
models = {
"gpt-5.2" = {
name = "GPT-5.2";
limit = {
context = 400000;
output = 128000;
};
};
"gpt-5.3-codex" = {
name = "GPT-5.3 Codex";
limit = {
context = 400000;
output = 128000;
};
};
"claude-haiku-4-5" = {
name = "Claude Haiku 4.5";
options = {
thinking = {
type = "enabled";
budget_tokens = 16000;
};
};
limit = {
context = 200000;
output = 64000;
};
};
"claude-sonnet-4-6" = {
name = "Claude Sonnet 4.6";
options = {
thinking = {
type = "enabled";
budget_tokens = 16000;
};
};
limit = {
context = 200000;
output = 64000;
};
};
"claude-opus-4-6" = {
name = "Claude Opus 4.6";
options = {
thinking = {
type = "enabled";
budget_tokens = 16000;
};
};
limit = {
context = 200000;
output = 128000;
};
};
};
};
};
};
}
home/coding/agents/pi.nix
-56
View File
@@ -1,56 +0,0 @@
{inputs, ...}: {
coding.agents.pi = {
enable = true;
agentsInput = inputs.agents;
modelOverrides = {
chiron = "minimax/MiniMax-M2.7";
chiron-forge = "minimax/MiniMax-M2.7";
};
# Coding rules for Pi agent
# Rules sourced from AGENTS repo
codingRules = {
# Language-specific rules
languages = [
"nix" # Nix language conventions
];
# Standard concerns from AGENTS repo
concerns = [
"coding-style" # General coding principles
"naming" # Naming conventions (camelCase, snake_case, etc.)
"documentation" # Documentation standards
"testing" # Testing guidelines (Arrange-Act-Assert)
"git-workflow" # Conventional commits, branch naming
"project-structure" # Project layout conventions
];
# No framework-specific rules for NixOS config
frameworks = [];
};
settings = {
packages = [
"npm:@thesethrose/pi-zai-provider"
"npm:pi-mcp-adapter"
"npm:pi-subagents"
"npm:pi-lens"
"npm:pi-web-access"
"npm:pi-prompt-template-model"
"npm:@plannotator/pi-extension"
"npm:pi-powerline-footer"
"npm:pi-markdown-preview"
"npm:pi-tool-display"
"npm:pi-agent-browser-native"
"git:github.com/hk-vk/pi-connect"
];
defaultProvider = "minimax";
defaultModel = "MiniMax-M2.7";
defaultThinkingLevel = "high";
};
# MCP servers auto-inherited from programs.mcp in default.nix
};
}
home/coding/default.nix
-12
View File
@@ -1,12 +0,0 @@
# Coding environment aggregator — profile-independent development tooling.
# Imports editors, LSP servers, git configuration, the agent system, language runtimes, and optional packages.
{...}: {
imports = [
./editor
./lsp
./git/git.nix
./agents/agents.nix
./languages
./packages.nix
];
}
home/coding/editor/default.nix
-6
View File
@@ -1,6 +0,0 @@
# Editor aggregator — delegates to m3ta-nixpkgs editor modules.
{...}: {
imports = [
./neovim.nix
];
}
home/coding/editor/neovim.nix
-7
View File
@@ -1,7 +0,0 @@
# NeoVim base configuration via m3ta-nixpkgs coding.editors module.
# The option `coding.editors.neovim.enable` is declared by
# inputs.m3ta-nixpkgs.homeManagerModules.default — no re-declaration here.
{...}: {
# Placeholder for host-agnostic NeoVim overrides.
# Set coding.editors.neovim.enable = true in per-host files to activate.
}
home/coding/git/git.nix
-41
View File
@@ -1,41 +0,0 @@
# Git configuration with signing, aliases, and global ignore.
# Identity and host-specific SSH keys are set per-host in home/m3tam3re/.
{
lib,
pkgs,
...
}:
with lib; {
programs.git = {
enable = true;
signing.format = null;
settings = {
user = {
name = lib.mkDefault "m3tam3re";
email = lib.mkDefault "p@m3ta.dev";
};
core.excludesfile = "~/.gitignore_global";
init.defaultBranch = "master";
alias = {
st = "status";
logd = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
};
};
};
programs.difftastic.enable = true;
programs.jujutsu = {
enable = true;
settings = {
user = {
email = "m@m3tam3re.com";
name = "Sascha Koenig";
};
};
};
home.packages = with pkgs; [
lazygit
];
}
home/coding/languages/default.nix
-10
View File
@@ -1,10 +0,0 @@
# Language runtimes — Python, JavaScript, Rust, Go, TypeScript.
{...}: {
imports = [
./python.nix
./javascript.nix
./rust-toolchain.nix
./go.nix
./typescript.nix
];
}
home/coding/languages/go.nix
-19
View File
@@ -1,19 +0,0 @@
# Go toolchain — compiler and language server.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.coding.languages.go;
in {
options.coding.languages.go.enable = mkEnableOption "Go toolchain";
config = mkIf cfg.enable {
home.packages = with pkgs; [
go
gopls
];
};
}
home/coding/languages/javascript.nix
-25
View File
@@ -1,25 +0,0 @@
# JavaScript/TypeScript runtime — Node.js and Bun.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.coding.languages.javascript;
npmGlobalPrefix = "${config.home.homeDirectory}/.npm-global";
in {
options.coding.languages.javascript.enable = mkEnableOption "JavaScript runtime (Node.js + Bun)";
config = mkIf cfg.enable {
home.packages = with pkgs; [
nodejs
bun
];
home.file.".npmrc".text = ''
prefix=${npmGlobalPrefix}
'';
home.sessionVariables.NPM_CONFIG_PREFIX = npmGlobalPrefix;
};
}
home/coding/languages/python.nix
-30
View File
@@ -1,30 +0,0 @@
# Python runtime with pip and uv.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.coding.languages.python;
in {
options.coding.languages.python = {
enable = mkEnableOption "Python runtime with pip and uv";
extraPackages = mkOption {
type = types.listOf types.package;
default = [];
example = literalExpression "[ pkgs.python3Packages.numpy ]";
description = "Additional Python packages to include";
};
};
config = mkIf cfg.enable {
home.packages = [
(pkgs.python3.withPackages (ps:
with ps; [
pip
uv
] ++ cfg.extraPackages))
];
};
}
home/coding/languages/rust-toolchain.nix
-20
View File
@@ -1,20 +0,0 @@
# Rust toolchain — compiler, package manager, and language server.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.coding.languages.rustToolchain;
in {
options.coding.languages.rustToolchain.enable = mkEnableOption "Rust toolchain";
config = mkIf cfg.enable {
home.packages = with pkgs; [
rustc
cargo
rust-analyzer
];
};
}
home/coding/languages/typescript.nix
-19
View File
@@ -1,19 +0,0 @@
# TypeScript support — language server and type checking tools.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.coding.languages.typescript;
in {
options.coding.languages.typescript.enable = mkEnableOption "TypeScript support";
config = mkIf cfg.enable {
home.packages = with pkgs; [
typescript
typescript-language-server
];
};
}
home/coding/lsp/default.nix
-6
View File
@@ -1,6 +0,0 @@
# LSP aggregator — language server protocol tooling.
{...}: {
imports = [
./servers.nix
];
}
home/coding/lsp/servers.nix
-23
View File
@@ -1,23 +0,0 @@
# LSP server configuration — language servers for the development environment.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.coding.lsp;
in {
options.coding.lsp.enable = mkEnableOption "enable LSP servers";
config = mkIf cfg.enable {
home.packages = with pkgs; [
# Nix
nixd
# General
typescript-language-server
tailwindcss-language-server
pyrefly
];
};
}
home/coding/packages.nix
-20
View File
@@ -1,20 +0,0 @@
# Additional coding packages — API clients and GUI development tools.
# Opt-in since not all coding hosts need these desktop-oriented tools.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.coding.packages;
in {
options.coding.packages.enable = mkEnableOption "additional coding packages (bruno, insomnia)";
config = mkIf cfg.enable {
home.packages = [
pkgs.bruno
pkgs.insomnia
];
};
}
home/common/default.nix
-56
View File
@@ -1,56 +0,0 @@
{
inputs,
lib,
outputs,
pkgs,
system,
...
}: {
imports = [
inputs.nix-colors.homeManagerModules.default
inputs.m3ta-nixpkgs.homeManagerModules.default
]; #imports = builtins.attrValues outputs.homeManagerModules;
nixpkgs = {
# You can add overlays here
overlays = [
# Add overlays your own flake exports (from overlays and pkgs dir):
#outputs.overlays.additions
#outputs.overlays.modifications
outputs.overlays.temp-packages
outputs.overlays.stable-packages
outputs.overlays.locked-packages
outputs.overlays.pinned-packages
outputs.overlays.master-packages
inputs.nur.overlays.default
inputs.m3ta-nixpkgs.overlays.default
inputs.m3ta-nixpkgs.overlays.modifications
(outputs.lib.mkLlmAgentsOverlay system)
# You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default
# Or define it inline, for example:
# (final: prev: {
# hi = final.hello.overrideAttrs (oldAttrs: {
# patches = [ ./change-hello-to-hi.patch ];
# });
# })
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
# Workaround for https://github.com/nix-community/home-manager/issues/2942
allowUnfreePredicate = _: true;
};
};
nix = {
package = lib.mkDefault pkgs.nix;
settings = {
experimental-features = ["nix-command" "flakes"];
warn-dirty = false;
};
};
colorScheme = inputs.nix-colors.colorSchemes.dracula;
}
home/desktop/apps/crypto.nix
-16
View File
@@ -1,16 +0,0 @@
# Cryptocurrency applications — Bisq, Monero GUI, and Trezor Suite.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.desktop.apps.crypto;
in {
options.desktop.apps.crypto.enable = mkEnableOption "enable crypto applications";
config = mkIf cfg.enable {
home.packages = with pkgs; [bisq2 monero-gui trezor-suite];
};
}
home/desktop/apps/default.nix
-10
View File
@@ -1,10 +0,0 @@
# Desktop apps aggregator — Obsidian, Office, web apps, crypto tools, and productivity.
{...}: {
imports = [
./obsidian.nix
./office.nix
./webapps.nix
./crypto.nix
./productivity.nix
];
}
home/desktop/apps/obsidian.nix
-25
View File
@@ -1,25 +0,0 @@
# Obsidian knowledge base with markdown MIME association.
{
config,
lib,
...
}:
with lib; let
cfg = config.desktop.apps.obsidian;
in {
options.desktop.apps.obsidian.enable = mkEnableOption "enable Obsidian knowledge base";
config = mkIf cfg.enable {
programs.obsidian.enable = true;
xdg.mimeApps = {
enable = true;
associations.added = {
"text/markdown" = ["obsidian.desktop"];
};
defaultApplications = {
"text/markdown" = ["obsidian.desktop"];
};
};
};
}
home/desktop/apps/office.nix
-16
View File
@@ -1,16 +0,0 @@
# Office and productivity applications — LibreOffice and document tools.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.desktop.apps.office;
in {
options.desktop.apps.office.enable = mkEnableOption "install office and paperwork apps";
config = mkIf cfg.enable {
home.packages = [pkgs.libreoffice-fresh];
};
}
home/desktop/apps/productivity.nix
-18
View File
@@ -1,18 +0,0 @@
# Productivity tools — Pomodoro timer and focus utilities.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.desktop.apps.productivity;
in {
options.desktop.apps.productivity.enable = mkEnableOption "enable productivity tools";
config = mkIf cfg.enable {
home.packages = with pkgs; [
pomodoro-timer
];
};
}
home/desktop/apps/webapps.nix
-56
View File
@@ -1,56 +0,0 @@
# Web application desktop entries — Teams, Outlook, Basecamp, and OpenCode launchers.
{
config,
pkgs,
...
}: let
icons = {
teams = pkgs.fetchurl {
url = "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/microsoft-teams.svg";
sha256 = "sha256-Pr9QS8nnXJq97r4/G3c6JXi34zxHl0ps9gcyI8cN/s8=";
};
outlook = pkgs.fetchurl {
url = "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/microsoft-outlook.svg";
sha256 = "sha256-3u8t5QNHFZvrAegxBiGicO4PjtMWhEaQSCv7MSSfLLc=";
};
opencode = pkgs.fetchurl {
url = "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/opencode-dark.svg";
sha256 = "1lms4f8habamvdh2qqqz9psx4py9wx23mmlkkds44pvrbq3bkj3n";
};
};
in {
xdg.desktopEntries = {
teams = {
name = "Microsoft Teams";
exec = "launch-webapp https://teams.microsoft.com";
comment = "Open Microsoft Teams as a Desktop App";
categories = ["Application" "Network" "Chat"];
terminal = false;
icon = icons.teams;
};
outlook = {
name = "Microsoft Outlook";
exec = "launch-webapp https://outlook.office.com/mail/";
comment = "Open Microsoft Outlook as a Desktop App";
categories = ["Application" "Network"];
terminal = false;
icon = icons.outlook;
};
basecamp = {
name = "Basecamp";
exec = "launch-webapp https://3.basecamp.com/5996442/";
comment = "Open Basecamp as a Desktop App";
categories = ["Application" "Network"];
terminal = false;
icon = "${config.home.homeDirectory}/.local/share/icons/basecamp-logo.png";
};
opencode = {
name = "Opencode";
exec = "rofi-project-opener";
comment = "Open Opencode Terminal App";
categories = ["Application" "Development"];
terminal = false;
icon = icons.opencode;
};
};
}
home/desktop/default.nix
-125
View File
@@ -1,125 +0,0 @@
# Desktop environment aggregator — only loaded when context=desktop.
# Includes window manager, applications, theming, and desktop session config.
{
config,
pkgs,
...
}: {
imports = [
./wm
./apps
./theme
];
xdg = {
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["okularApplication_pdf.desktop"];
};
defaultApplications = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["okularApplication_pdf.desktop"];
"application/md" = ["nvim.desktop"];
"application/text" = ["nvim.desktop"];
"x-scheme-handler/http" = ["io.github.zen_browser.zen"];
"x-scheme-handler/https" = ["io.github.zen_browser.zen"];
};
};
userDirs = {
enable = true;
createDirectories = true;
setSessionVariables = true;
};
};
home.sessionVariables = {
WEBKIT_DISABLE_COMPOSITING_MODE = "1";
NIXOS_OZONE_WL = "1";
TERMINAL = "ghostty";
QT_QPA_PLATFORM = "wayland";
XDG_CURRENT_DESKTOP = "Hyprland";
XDG_SESSION_TYPE = "wayland";
XDG_SESSION_DESKTOP = "Hyprland";
};
home.sessionPath = [
"\${XDG_BIN_HOME}"
"\${HOME}/.cargo/bin"
"$HOME/.npm-global/bin"
"$HOME/.cache/.bun/bin"
];
fonts.fontconfig.enable = true;
programs.ghostty = {
enable = true;
enableFishIntegration = true;
enableBashIntegration = true;
settings = {
font-family = "Fira Code";
copy-on-select = true;
foreground = "#${config.colorScheme.palette.base05}";
background = "#${config.colorScheme.palette.base00}";
selection-foreground = "#${config.colorScheme.palette.base07}";
selection-background = "#${config.colorScheme.palette.base02}";
cursor-color = "#${config.colorScheme.palette.base05}";
palette = [
"0=#${config.colorScheme.palette.base01}"
"1=#${config.colorScheme.palette.base08}"
"2=#${config.colorScheme.palette.base0B}"
"3=#${config.colorScheme.palette.base0A}"
"4=#${config.colorScheme.palette.base0D}"
"5=#${config.colorScheme.palette.base0E}"
"6=#${config.colorScheme.palette.base0C}"
"7=#${config.colorScheme.palette.base05}"
"8=#${config.colorScheme.palette.base03}"
"9=#${config.colorScheme.palette.base08}"
"10=#${config.colorScheme.palette.base0B}"
"11=#${config.colorScheme.palette.base0A}"
"12=#${config.colorScheme.palette.base0D}"
"13=#${config.colorScheme.palette.base0E}"
"14=#${config.colorScheme.palette.base0C}"
"15=#${config.colorScheme.palette.base07}"
];
};
};
home.pointerCursor = {
gtk.enable = true;
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 20;
};
home.packages = with pkgs; [
appimage-run
bemoji
brave
distrobox
eigent
(element-desktop.override {
commandLineArgs = "--password-store=gnome-libsecret";
})
launch-webapp
file-roller
hyprpanel
seahorse
sushi
ksnip
msty-studio
nwg-look
rose-pine-hyprcursor
remmina
slack
telegram-desktop
vivaldi
vivaldi-ffmpeg-codecs
vibetyper
];
}
home/desktop/theme/default.nix
-8
View File
@@ -1,8 +0,0 @@
# Theme aggregator — fonts, GTK/Qt theming, and wallpapers.
{...}: {
imports = [
./fonts.nix
./theme.nix
./wallpapers.nix
];
}
home/desktop/theme/fonts.nix
-24
View File
@@ -1,24 +0,0 @@
# Font packages — Fira Code, JetBrains Mono Nerd Font, and supporting icon fonts.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.desktop.theme.fonts;
in {
options.desktop.theme.fonts.enable = mkEnableOption "install desktop fonts";
config = mkIf cfg.enable {
home.packages = with pkgs; [
fira-code
fira-code-symbols
nerd-fonts.fira-code
nerd-fonts.jetbrains-mono
font-manager
font-awesome_5
noto-fonts
];
};
}
home/desktop/theme/theme.nix
-24
View File
@@ -1,24 +0,0 @@
# GTK and Qt theming — Dracula theme with matching icons and cursor.
{
pkgs,
config,
...
}: {
qt = {
enable = true;
platformTheme.name = "gtk";
};
gtk = {
enable = true;
theme = {
name = "Dracula";
package = pkgs.dracula-theme;
};
iconTheme = {
name = "Dracula";
package = pkgs.dracula-icon-theme;
};
gtk4.theme = config.gtk.theme;
};
}
home/desktop/theme/wallpapers.nix
-19
View File
@@ -1,19 +0,0 @@
# Wallpaper collection — copies wallpapers to Hyprland config directory.
{
config,
lib,
...
}:
with lib; let
cfg = config.desktop.theme.wallpapers.enable;
in {
options.desktop.theme.wallpapers.enable = mkEnableOption "wallpapers for Hyprland";
config = mkIf cfg {
xdg.configFile."hypr/wallpapers" = {
# Wallpapers are stored relative to the home/m3tam3re directory.
source = ../../m3tam3re/wallpapers;
recursive = true;
};
};
}
home/desktop/wm/default.nix
-8
View File
@@ -1,8 +0,0 @@
# Window manager aggregator — Hyprland, Wayland tools, and Rofi launcher.
{...}: {
imports = [
./hyprland.nix
./wayland.nix
./rofi.nix
];
}
home/desktop/wm/hyprland.nix
-318
View File
@@ -1,318 +0,0 @@
# Hyprland window manager with keybindings, window rules, idle/lock, and hyprpaper.
{
config,
lib,
...
}:
with lib; let
cfg = config.desktop.wm.hyprland;
in {
options.desktop.wm.hyprland.enable = mkEnableOption "Hyprland window manager";
config = mkIf cfg.enable {
wayland.windowManager.hyprland = {
settings = {
xwayland = {
force_zero_scaling = true;
};
exec-once = [
"hyprpanel"
"while ! hyprpaper-random; do sleep 0.5; done"
"wl-paste --type text --watch cliphist store"
"wl-paste --type image --watch cliphist store"
"vibetyper"
];
env = [
"XCURSOR_SIZE,32"
"HYPRCURSOR_THEME,Bibata-Modern-Ice"
"WLR_NO_HARDWARE_CURSORS,1"
"GTK_THEME,Dracula"
"XDG_CURRENT_DESKTOP,Hyprland"
"XDG_SESSION_TYPE,wayland"
"XDG_SESSION_DESKTOP,Hyprland"
"XKB_DEFAULT_LAYOUT,de"
"NIXOS_OZONE_WL,1"
];
input = {
kb_layout = "de,us";
kb_variant = "";
kb_model = "";
kb_rules = "";
kb_options = "ctrl:nocaps";
follow_mouse = 1;
};
general = {
gaps_in = 5;
gaps_out = 5;
border_size = 1;
"col.active_border" = "rgba(9742b5ee) rgba(9742b5ee) 45deg";
"col.inactive_border" = "rgba(${config.colorScheme.palette.base03}aa)";
layout = "dwindle";
};
decoration = {
shadow = {
enabled = true;
range = 60;
render_power = 3;
color = "rgba(${config.colorScheme.palette.base00}66)";
offset = "1 2";
scale = 0.97;
};
rounding = 8;
blur = {
enabled = true;
size = 3;
passes = 3;
};
active_opacity = 0.9;
inactive_opacity = 0.5;
};
animations = {
enabled = true;
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
];
};
dwindle = {
pseudotile = true;
preserve_split = true;
};
master = {
new_status = "master";
};
device = [
{
name = "epic-mouse-v1";
sensitivity = -0.5;
}
{
name = "zsa-technology-labs-moonlander-mark-i";
kb_layout = "us";
}
{
name = "keychron-keychron-k7";
kb_layout = "us";
}
];
windowrule = [
"match:class file_progress, float on"
"match:class confirm, float on"
"match:class dialog, float on"
"match:class download, float on"
"match:class notification, float on"
"match:class error, float on"
"match:class splash, float on"
"match:class confirmreset, float on"
"match:title Open File, float on"
"match:title branchdialog, float on"
"match:class pavucontrol-qt, float on"
"match:class pavucontrol, float on"
"match:class class:^(espanso)$, float on"
"match:class wlogout, fullscreen on"
"match:title wlogout, float on"
"match:title wlogout, fullscreen on"
"match:class mpv, float on"
"match:class mpv, idle_inhibit focus"
"match:class mpv, opacity 1.0 override"
"match:title ^(Media viewer)$, float on"
"match:title ^(Volume Control)$, float on"
"match:title ^(Picture-in-Picture)$, float on"
"match:title ^(floating-pomodoro)$, float on"
"match:title ^(floating-pomodoro)$, size 250 50"
"match:title ^(floating-pomodoro)$, move 12 (monitor_h-150)"
"match:title ^(floating-pomodoro)$, pin on"
"match:initial_title .*streamlabs.com.*, float on"
"match:initial_title .*streamlabs.com.*, pin on"
"match:initial_title .*streamlabs.com.*, size 800 400"
"match:initial_title .*alert-box.*, move 100%-820 102"
"match:initial_title .*chat-box.*, move 100%-820 512"
"match:initial_title .*streamlabs.com.*, opacity 0.5 override"
"match:initial_title .*streamlabs.com.*, idle_inhibit focus"
"match:initial_title .*streamlabs.com.*, no_anim on"
"match:initial_title .*streamlabs.com.*, decorate off"
"match:initial_title .*streamlabs.com.*, no_shadow on"
"match:initial_title .*streamlabs.com.*, no_blur on"
"match:class ^vibe-typer$, match:title ^Recording Indicator$, no_blur on"
"border_color rgb(ffffff), match:xwayland 1"
];
"$mainMod" = "SUPER";
"$terminal" = "ghostty";
bind = [
"$mainMod, return, exec, $terminal nu -c zellij-ps"
"$mainMod, t, exec, $terminal -e nu -c 'nitch; exec nu'"
"$mainMod SHIFT, t, exec, launch-timer"
"$mainMod, n, exec, $terminal -e nvim"
"$mainMod, z, exec, uwsm app -- zeditor"
"$mainMod, o, exec, hyprctl dispatch setprop activewindow opaque toggle"
"$mainMod, r, exec, hyprctl dispatch focuswindow \"initialtitle:.*alert-box.*\" && hyprctl dispatch moveactive exact 4300 102 && hyprctl dispatch focuswindow \"initialtitle:.*chat-box.*\" && hyprctl dispatch moveactive exact 4300 512"
"$mainMod, b, exec, uwsm app -- thunar"
"$mainMod SHIFT, B, exec, uwsm app -- vivaldi"
"$mainMod, Escape, exec, uwsm app -- wlogout -p layer-shell"
"$mainMod, Space, togglefloating"
"$mainMod, q, killactive"
"$mainMod, M, exit"
"$mainMod, F, fullscreen"
"$mainMod SHIFT, V, togglefloating"
"$mainMod, D, exec, uwsm app -- rofi -show drun -run-command \"uwsm app -- {cmd}\""
"$mainMod, V, exec, uwsm app -- cliphist list | rofi -dmenu | cliphist decode | wl-copy"
"$mainMod, C, exec, bash -c 'FILE=/tmp/screenshot_$(date +%s).png; grim -g \"$(slurp)\" \"$FILE\" && ksnip \"$FILE\"'"
"$mainMod SHIFT, S, exec, uwsm app -- rofi -show emoji"
"$mainMod, P, exec, uwsm app -- rofi-pass"
"$mainMod SHIFT, P, pseudo"
"$mainMod, R, exec, stt-ptt start"
"$mainMod, S, exec, stt-ptt start"
"$mainMod, J, togglesplit"
"$mainMod, h, movefocus, l"
"$mainMod, l, movefocus, r"
"$mainMod, k, movefocus, u"
"$mainMod, j, movefocus, d"
"$mainMod, 1, workspace, 1"
"$mainMod, 2, workspace, 2"
"$mainMod, 3, workspace, 3"
"$mainMod, 4, workspace, 4"
"$mainMod, 5, workspace, 5"
"$mainMod, 6, workspace, 6"
"$mainMod, 7, workspace, 7"
"$mainMod, 8, workspace, 8"
"$mainMod, 9, workspace, 9"
"$mainMod, 0, workspace, 10"
"$mainMod SHIFT, 1, movetoworkspace, 1"
"$mainMod SHIFT, 2, movetoworkspace, 2"
"$mainMod SHIFT, 3, movetoworkspace, 3"
"$mainMod SHIFT, 4, movetoworkspace, 4"
"$mainMod SHIFT, 5, movetoworkspace, 5"
"$mainMod SHIFT, 6, movetoworkspace, 6"
"$mainMod SHIFT, 7, movetoworkspace, 7"
"$mainMod SHIFT, 8, movetoworkspace, 8"
"$mainMod SHIFT, 9, movetoworkspace, 9"
"$mainMod SHIFT, 0, movetoworkspace, 10"
"$mainMod, mouse_down, workspace, e+1"
"$mainMod, mouse_up, workspace, e-1"
];
bindr = [
"$mainMod, R, exec, stt-ptt stop"
"$mainMod, S, exec, stt-ptt format-stop"
];
bindm = [
"$mainMod, mouse:272, movewindow"
"$mainMod, mouse:273, resizewindow"
];
};
};
services.hypridle = {
enable = true;
settings = {
general = {
before_sleep_cmd = "hyprlock";
after_sleep_cmd = "hyprctl dispatch dpms on";
inhibit_sleep = 3;
};
listener = [
{
timeout = 300;
on-timeout = "hyprlock";
}
{
timeout = 420;
on-timeout = "hyprctl dispatch dpms off";
on-resume = "hyprctl dispatch dpms on";
}
];
};
};
services.hyprpaper.enable = true;
programs.hyprlock = {
enable = true;
settings = {
"$font" = "JetBrainsMono Nerd Font";
"$base" = "rgb(${config.colorScheme.palette.base00})";
"$text" = "rgb(${config.colorScheme.palette.base05})";
"$textAlpha" = "${config.colorScheme.palette.base05}";
"$accentAlpha" = "${config.colorScheme.palette.base0D}";
"$red" = "rgb(${config.colorScheme.palette.base08})";
"$yellow" = "rgb(${config.colorScheme.palette.base0A})";
general = {
hide_cursor = true;
};
background = {
monitor = "";
path = "${config.home.homeDirectory}/.config/hypr/wallpapers/wallhaven-lmmo8r.jpg";
blur_passes = 0;
color = "rgb(${config.colorScheme.palette.base00})";
};
label = [
{
monitor = "";
text = "$TIME";
color = "$text";
font_size = 90;
font_family = "$font";
position = "30, 0";
halign = "left";
valign = "top";
}
{
monitor = "";
text = ''cmd[update:43200000] echo "$(date +"%A, %d %B %Y")"'';
color = "$text";
font_size = 25;
font_family = "$font";
position = "30, -150";
halign = "left";
valign = "top";
}
];
input-field = [
{
monitor = "";
size = "300, 60";
outline_thickness = 4;
dots_size = 0.2;
dots_spacing = 0.2;
dots_center = true;
outer_color = "rgb(${config.colorScheme.palette.base0D})";
inner_color = "rgb(${config.colorScheme.palette.base00})";
font_color = "rgb(${config.colorScheme.palette.base05})";
fade_on_empty = false;
placeholder_text = ''<span foreground="##${config.colorScheme.palette.base05}">󰌾 Logged in as <span foreground="##${config.colorScheme.palette.base0D}">$USER</span></span>'';
hide_input = false;
check_color = "rgb(${config.colorScheme.palette.base0D})";
fail_color = "rgb(${config.colorScheme.palette.base08})";
fail_text = ''<i>$FAIL <b>($ATTEMPTS)</b></i>'';
capslock_color = "rgb(${config.colorScheme.palette.base0A})";
position = "0, -35";
halign = "center";
valign = "center";
}
];
};
};
};
}
home/desktop/wm/rofi.nix
-207
View File
@@ -1,207 +0,0 @@
# Rofi application launcher with nix-colors theme, pass integration, and project opener.
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.desktop.wm.rofi;
in {
options.desktop.wm.rofi.enable = mkEnableOption "enable rofi";
config = mkIf cfg.enable {
programs.rofi = {
enable = true;
package = pkgs.rofi.override {
plugins = [
pkgs.rofi-calc
pkgs.rofi-emoji
pkgs.stable.rofi-file-browser
];
};
pass = {
enable = true;
package = pkgs.rofi-pass-wayland;
};
terminal = "${pkgs.ghostty}/bin/ghostty";
font = "Fira Code";
extraConfig = {
show-icons = true;
disable-history = false;
modi = "drun,calc,emoji,filebrowser";
kb-primary-paste = "Control+V,Shift+Insert";
kb-secondary-paste = "Control+v,Insert";
};
theme = let
inherit (config.colorScheme) palette;
in
builtins.toString (pkgs.writeText "rofi-universal-theme.rasi" ''
* {
/* Universal theme colors from nix-colors */
background: #${palette.base00};
surface: #${palette.base01};
overlay: #${palette.base02};
muted: #${palette.base03};
subtle: #${palette.base04};
text: #${palette.base05};
bright-text: #${palette.base06};
highlight: #${palette.base07};
accent1: #${palette.base08};
accent2: #${palette.base09};
accent3: #${palette.base0A};
accent4: #${palette.base0B};
accent5: #${palette.base0C};
accent6: #${palette.base0D};
accent7: #${palette.base0E};
accent8: #${palette.base0F};
/* Global properties */
background-color: @background;
text-color: @text;
font: "Fira Code 12";
border: 0;
margin: 0;
padding: 0;
spacing: 0;
}
window {
background-color: @background;
border: 1px;
border-color: @accent7;
border-radius: 6px;
width: 40%;
padding: 16px;
}
inputbar {
children: [ prompt, entry ];
spacing: 12px;
padding: 8px;
border-radius: 4px;
background-color: @surface;
}
prompt {
text-color: @accent7;
background-color: transparent;
}
entry {
placeholder: "Search...";
placeholder-color: @subtle;
text-color: @text;
background-color: transparent;
cursor-color: @accent7;
}
message {
background-color: @surface;
border-radius: 4px;
padding: 8px;
margin: 8px 0;
}
textbox {
text-color: @text;
background-color: transparent;
}
listview {
background-color: transparent;
margin: 8px 0 0;
lines: 10;
columns: 1;
fixed-height: true;
scrollbar: false;
}
element {
background-color: transparent;
text-color: @text;
padding: 8px;
border-radius: 4px;
spacing: 8px;
}
element normal.normal {
background-color: transparent;
text-color: @text;
}
element selected.normal {
background-color: @accent7;
text-color: @background;
}
element alternate.normal {
background-color: transparent;
text-color: @text;
}
element-icon {
background-color: transparent;
size: 24px;
}
element-text {
background-color: transparent;
text-color: inherit;
vertical-align: 0.5;
}
mode-switcher {
spacing: 0;
background-color: @surface;
border-radius: 4px;
margin: 8px 0 0;
}
button {
padding: 8px 16px;
background-color: transparent;
text-color: @text;
border-radius: 4px;
}
button selected {
background-color: @accent7;
text-color: @background;
}
scrollbar {
width: 4px;
border: 0;
handle-color: @accent7;
handle-width: 4px;
padding: 0;
}
'');
};
cli.rofi-project-opener = {
enable = true;
projectDirs = {
AI = {
path = "~/p/AI";
args = "";
};
CHAT = {
path = "~/p/CHAT";
args = "--agent chiron";
};
MISC = {
path = "~/p/MISC";
args = "--agent chiron-forge";
};
NIX = {
path = "~/p/NIX";
args = "";
};
};
terminal = pkgs.ghostty;
terminalCommand = "opencode %a";
};
};
}
home/desktop/wm/wayland.nix
-30
View File
@@ -1,30 +0,0 @@
# Wayland extra tooling — screenshot, clipboard, cursor, and display utilities.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.desktop.wm.wayland;
in {
options.desktop.wm.wayland.enable = mkEnableOption "wayland extra tools and config";
config = mkIf cfg.enable {
home.packages = with pkgs; [
grim
hyprcursor
hyprlock
hyprpaper
qt6.qtwayland
slurp
waypipe
wl-clipboard
wf-recorder
wl-mirror
wlogout
wtype
ydotool
];
};
}
home/lib/default.nix
-95
View File
@@ -1,95 +0,0 @@
# home/lib/default.nix
# Profile loading utilities for home-manager configurations.
#
# Usage:
# let homeLib = import ../lib { inherit lib; };
# in {
# imports = [
# (homeLib.mkHomeConfig { profiles = ["coding" "gaming"]; context = "desktop"; })
# ];
# }
{lib}: let
# Infrastructure layer — nixpkgs overlays, nix-colors, m3ta-nixpkgs modules.
# Always loaded on every host.
commonModule = ../common;
# Base user environment — shell (nushell, starship), CLI tools, secrets.
# Always loaded on every host.
baseModule = ../base;
# Context-specific modules — desktop and server are mutually exclusive.
contextModuleMap = {
desktop = ../desktop;
server = ../server;
};
# Profile modules — freely combinable additions on top of base + context.
profileModuleMap = {
coding = ../coding;
gaming = ../profiles/gaming;
media = ../profiles/media;
};
in {
# Generate a home-manager module with imports based on profiles and context.
#
# Args:
# profiles: list of profile names (e.g. ["coding" "gaming" "media"])
# context: host context, one of "desktop" | "server" | null
#
# Returns: a home-manager module attrset with imports and assertions.
# Desktop and server contexts are mutually exclusive by design — passing
# any value other than "desktop", "server", or null causes an assertion
# failure at evaluation time.
mkHomeConfig = {
profiles ? [],
context ? null,
}: let
contextImport =
if context == "desktop"
then [contextModuleMap.desktop]
else if context == "server"
then [contextModuleMap.server]
else [];
# Partition profiles into known and unknown for assertion + safe import.
unknownProfiles =
builtins.filter
(profileName: ! builtins.hasAttr profileName profileModuleMap)
profiles;
# Only import known profiles; the assertion below catches unknowns.
activeProfiles =
builtins.filter
(profileName: builtins.hasAttr profileName profileModuleMap)
profiles;
profileImports = map (profileName: profileModuleMap.${profileName}) activeProfiles;
contextStr =
if context == null
then "null"
else context;
in {
imports =
[commonModule baseModule]
++ contextImport
++ profileImports;
assertions = [
{
assertion = builtins.elem context ["desktop" "server" null];
message =
"m3ta home: context must be 'desktop', 'server', or null"
+ " (got: '${contextStr}')";
}
{
assertion = unknownProfiles == [];
message =
"m3ta home: unknown profiles requested:"
+ " [ ${builtins.concatStringsSep " " unknownProfiles} ]."
+ " Valid profiles are:"
+ " [ ${builtins.concatStringsSep " " (builtins.attrNames profileModuleMap)} ]";
}
];
};
}
home/m3tam3re/home-server.nix
-121
View File
@@ -1,121 +0,0 @@
# This is a default home.nix generated by the follwing hone-manager command
#
# home-manager init ./
{
config,
lib,
pkgs,
...
}: {
# Home Manager needs a bit of information about you and the paths it should
# manage.
home.username = lib.mkDefault "your-name";
home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
# This value determines the Home Manager release that your configuration is
# compatible with. This helps avoid breakage when a new Home Manager release
# introduces backwards incompatible changes.
#
# You should not change this value, even if you update Home Manager. If you do
# want to update the value, then make sure to first check the Home Manager
# release notes.
home.stateVersion = "26.05"; # Updated to adopt HM 26.05 defaults.
# The home.packages option allows you to install Nix packages into your
# environment.
home.packages = with pkgs; [
# # Adds the 'hello' command to your environment. It prints a friendly
# # "Hello, world!" when run.
# pkgs.hello
# # It is sometimes useful to fine-tune packages, for example, by applying
# # overrides. You can do that directly here, just don't forget the
# # parentheses. Maybe you want to install Nerd Fonts with a limited number of
# # fonts?
# (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
# # You can also create simple shell scripts directly inside your
# # configuration. For example, this adds a command 'my-hello' to your
# # environment:
# (pkgs.writeShellScriptBin "my-hello" ''
# echo "Hello, ${config.home.username}!"
# '')
];
# Home Manager is pretty good at managing dotfiles. The primary way to manage
# plain files is through 'home.file'.
home.file = {
# # Building this configuration will create a copy of 'dotfiles/screenrc' in
# # the Nix store. Activating the configuration will then make '~/.screenrc' a
# # symlink to the Nix store copy.
# ".screenrc".source = dotfiles/screenrc;
# # You can also set the file content immediately.
# ".gradle/gradle.properties".text = ''
# org.gradle.console=verbose
# org.gradle.daemon.idletimeout=3600000
# '';
};
# Home Manager can also manage your environment variables through
# 'home.sessionVariables'. If you don't want to manage your shell through Home
# Manager then you have to manually source 'hm-session-vars.sh' located at
# either
#
# ~/.nix-profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# /etc/profiles/per-user/m3tam3re/etc/profile.d/hm-session-vars.sh
#
home.sessionVariables = {
# EDITOR = "emacs";
};
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
programs.git = {
enable = true;
signing.format = null;
settings = {
user = {
name = "m3tm3re";
email = "p@m3ta.dev";
};
core.excludesfile = "~/.gitignore_global";
init.defaultBranch = "master";
alias = {
st = "status";
logd = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
};
};
};
# programs.zellij-ps = {
# enable = true;
# projectFolders = [
# "${config.home.homeDirectory}/p/c"
# "${config.home.homeDirectory}/p"
# "${config.home.homeDirectory}/.config"
# ];
# layout = ''
# layout {
# pane size=1 borderless=true {
# plugin location="zellij:tab-bar"
# }
# pane size="70%" command="nvim"
# pane split_direction="vertical" {
# pane
# pane command="unimatrix"
# }
# pane size=1 borderless=true {
# plugin location="zellij:status-bar"
# }
# }
# '';
# };
}
home/m3tam3re/home.nix
-262
View File
@@ -1,262 +0,0 @@
# This is a default home.nix generated by the follwing hone-manager command
#
# home-manager init ./
{
config,
lib,
pkgs,
...
}: {
# Home Manager needs a bit of information about you and the paths it should
# manage.
home.username = lib.mkDefault "your-name";
home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
# This value determines the Home Manager release that your configuration is
# compatible with. This helps avoid breakage when a new Home Manager release
# introduces backwards incompatible changes.
#
# You should not change this value, even if you update Home Manager. If you do
# want to update the value, then make sure to first check the Home Manager
# release notes.
home.stateVersion = "26.05"; # Updated to adopt HM 26.05 defaults.
# The home.packages option allows you to install Nix packages into your
# environment.
home.packages = with pkgs; [
libgtop
# # Adds the 'hello' command to your environment. It prints a friendly
# # "Hello, world!" when run.
# pkgs.hello
# # It is sometimes useful to fine-tune packages, for example, by applying
# # overrides. You can do that directly here, just don't forget the
# # parentheses. Maybe you want to install Nerd Fonts with a limited number of
# # fonts?
# (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
# # You can also create simple shell scripts directly inside your
# # configuration. For example, this adds a command 'my-hello' to your
# # environment:
# (pkgs.writeShellScriptBin "my-hello" ''
# echo "Hello, ${config.home.username}!"
# '')
];
# Home Manager is pretty good at managing dotfiles. The primary way to manage
# plain files is through 'home.file'.
home.file = {
# # Building this configuration will create a copy of 'dotfiles/screenrc' in
# # the Nix store. Activating the configuration will then make '~/.screenrc' a
# # symlink to the Nix store copy.
# ".screenrc".source = dotfiles/screenrc;
# # You can also set the file content immediately.
# ".gradle/gradle.properties".text = ''
# org.gradle.console=verbose
# org.gradle.daemon.idletimeout=3600000
# '';
};
# Home Manager can also manage your environment variables through
# 'home.sessionVariables'. If you don't want to manage your shell through Home
# Manager then you have to manually source 'hm-session-vars.sh' located at
# either
#
# ~/.nix-profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# /etc/profiles/per-user/m3tam3re/etc/profile.d/hm-session-vars.sh
#
home.sessionVariables = {
# EDITOR = "emacs";
};
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
services.cliphist = {
enable = true;
allowImages = true;
};
programs.git = {
enable = true;
signing.format = null;
settings = {
user = {
name = "m3tm3re";
email = "p@m3ta.dev";
};
core.excludesfile = "~/.gitignore_global";
init.defaultBranch = "master";
alias = {
st = "status";
logd = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
};
};
};
programs.difftastic.enable = true;
programs.jujutsu = {
enable = true;
settings = {
user = {
email = "m@m3tam3re.com";
name = "Sascha Koenig";
};
};
};
programs.ssh = {
enable = true;
enableDefaultConfig = false;
matchBlocks = {
"AZ-CLD-1" = {
hostname = "152.53.186.119";
user = "sascha.koenig";
port = 2022;
identityFile = "~/.ssh/sascha.koenig";
};
"AZ-PRM-1" = {
hostname = "192.168.152.76";
user = "sascha.koenig";
port = 2022;
identityFile = "~/.ssh/sascha.koenig";
};
"github.com" = {
hostname = "github.com";
user = "m3tam3re";
port = 22;
identityFile = "~/.ssh/github";
};
"nikhil" = {
hostname = "91.99.176.80";
user = "nikhilmaddirala";
identityFile = "~/.ssh/m3tam3re";
};
"code.m3ta.dev" = {
hostname = "code.m3ta.dev";
user = "m3tam3re";
identityFile = "~/.ssh/gitea";
};
"git.az-gruppe.com" = {
hostname = "git.az-gruppe.com";
port = 2022;
user = "sascha.koenig";
identityFile = "~/.ssh/sascha.koenig";
};
"lkk-nix-1" = {
hostname = "89.58.10.189";
user = "lkk-admin";
identityFile = "~/.ssh/lkk-admin";
};
"m3-r1" = {
hostname = "202.61.226.110";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"lkk-prod-test" = {
hostname = "192.168.122.215";
user = "root";
identityFile = "~/.ssh/m3tam3re";
};
"lkk-prod-1" = {
hostname = "192.168.0.24";
user = "root";
identityFile = "~/.ssh/m3tam3re";
};
"lkk-prod-2" = {
hostname = "192.168.0.20";
user = "root";
identityFile = "~/.ssh/m3tam3re";
};
"m3-deck" = {
hostname = "192.168.178.193";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-kratos-vm" = {
hostname = "192.168.122.43";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-helios" = {
hostname = "192.168.178.210";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-ares" = {
hostname = "192.168.1.30";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-atlas" = {
hostname = "152.53.85.162";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-hermes" = {
hostname = "204.168.229.93";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-zelda" = {
hostname = "95.217.189.186";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-skynet" = {
hostname = "m3-skynet";
user = "admin";
identityFile = "~/.ssh/m3tam3re";
};
"m3-prox-1" = {
hostname = "192.168.1.110";
user = "root";
identityFile = "~/.ssh/m3tam3re";
};
"shp-old" = {
hostname = "95.217.3.250";
port = 2222;
user = "m3tam3re";
identityFile = "~/.ssh/self-host-playbook";
};
"shp-1" = {
hostname = "95.217.189.186";
port = 2222;
user = "m3tam3re";
identityFile = "~/.ssh/self-host-playbook";
};
};
};
# programs.zellij-ps = {
# enable = true;
# projectFolders = [
# "${config.home.homeDirectory}/p/c"
# "${config.home.homeDirectory}/p"
# "${config.home.homeDirectory}/.config"
# ];
# layout = ''
# layout {
# pane size=1 borderless=true {
# plugin location="zellij:tab-bar"
# }
# pane size="70%" command="nvim"
# pane split_direction="vertical" {
# pane
# pane command="unimatrix"
# }
# pane size=1 borderless=true {
# plugin location="zellij:status-bar"
# }
# }
# '';
# };
}
home/m3tam3re/m3-aether.nix
-25
View File
@@ -1,25 +0,0 @@
# m3-aether — cloud VM.
# Context: server | Profiles: (none)
{lib, ...}: let
homeLib = import ../lib {inherit lib;};
in {
imports = [
(homeLib.mkHomeConfig {
profiles = [];
context = "server";
})
./home-server.nix
];
# Base CLI tools (new namespace)
base = {
shell = {
fish.enable = true;
starship.enable = true;
};
cliTools = {
fzf.enable = true;
nitch.enable = true;
};
};
}
home/m3tam3re/m3-ares.nix
-142
View File
@@ -1,142 +0,0 @@
# m3-ares — TUXEDO laptop desktop workstation.
# Context: desktop | Profiles: coding, gaming, media
{
config,
lib,
...
}: let
homeLib = import ../lib {inherit lib;};
in
with lib; {
imports = [
(homeLib.mkHomeConfig {
profiles = ["coding" "gaming" "media"];
context = "desktop";
})
./home.nix
];
config = mkMerge [
{
# Base CLI tools (new namespace)
base = {
shell = {
fish.enable = true;
nushell.enable = true;
starship.enable = true;
};
cliTools = {
fzf.enable = true;
nitch.enable = true;
television.enable = true;
};
secrets.enable = true;
};
# Desktop features (new namespace)
desktop = {
wm = {
hyprland.enable = true;
rofi.enable = true;
wayland.enable = true;
};
apps = {
crypto.enable = true;
obsidian.enable = true;
office.enable = true;
};
theme = {
fonts.enable = true;
wallpapers.enable = true;
};
};
# Coding environment
coding = {
editors = {
neovim.enable = true;
zed.enable = true;
};
lsp.enable = true;
packages.enable = true;
languages = {
python.enable = true;
javascript.enable = true;
rustToolchain.enable = true;
go.enable = true;
typescript.enable = true;
};
};
# Gaming profile features
profiles.gaming = {
steam.enable = true;
gamescope.enable = true;
};
# Media profile features
profiles.media = {
obs.enable = true;
ffmpeg.enable = true;
kdenlive.enable = true;
ytDlp.enable = true;
};
xdg = {
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
defaultApplications = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"application/md" = ["dev.zed.Zed.desktop"];
"application/text" = ["dev.zed.Zed.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
};
};
}
# Host-specific Hyprland monitor and workspace layout
(mkIf config.desktop.wm.hyprland.enable {
wayland.windowManager.hyprland = {
enable = true;
settings = {
exec-once = ["tuxedo-backlight"];
monitor = [
"eDP-1,preferred,0x0,1.25"
"HDMI-A-1,1920x1080@120,2560x0,1"
];
workspace = [
"1, monitor:eDP-1, default:true"
"2, monitor:eDP-1"
"3, monitor:eDP-1"
"4, monitor:HDMI-A-1,"
"5, monitor:HDMI-A-1,border:false,rounding:false"
"6, monitor:HDMI-A-1"
];
windowrule = [
"match:class dev.zed.Zed, workspace 1"
"match:class Msty, workspace 1"
"match:class ^(com.obsproject.Studio)$, workspace 2"
"match:class ^(brave-browser)$, workspace 4, opacity 1.0"
"match:class ^(vivaldi-stable)$, workspace 4, opacity 1.0"
"match:class ^steam_app_\\d+$, fullscreen on"
"match:class ^steam_app_\\d+$, workspace 5"
"match:class ^steam_app_\\d+$, idle_inhibit focus"
];
};
};
})
];
}
home/m3tam3re/m3-atlas.nix
-29
View File
@@ -1,29 +0,0 @@
# m3-atlas — primary server, Traefik hub and container host.
# Context: server | Profiles: coding
{lib, ...}: let
homeLib = import ../lib {inherit lib;};
in {
imports = [
(homeLib.mkHomeConfig {
profiles = ["coding"];
context = "server";
})
./home-server.nix
];
# Base CLI tools (new namespace)
base = {
shell = {
nushell.enable = true;
starship.enable = true;
};
cliTools = {
fzf.enable = true;
nitch.enable = true;
zellij.enable = true;
};
};
# Coding environment
coding.editors.neovim.enable = true;
}
home/m3tam3re/m3-daedalus.nix
-127
View File
@@ -1,127 +0,0 @@
# m3-daedalus — portable laptop (standalone home-manager).
# Context: desktop | Profiles: coding, media
{
config,
lib,
...
}: let
homeLib = import ../lib {inherit lib;};
in
with lib; {
imports = [
(homeLib.mkHomeConfig {
profiles = ["coding" "media"];
context = "desktop";
})
./home.nix
];
config = mkMerge [
{
# Base CLI tools (new namespace)
base = {
shell = {
fish.enable = true;
nushell.enable = true;
starship.enable = true;
};
cliTools = {
fzf.enable = true;
nitch.enable = true;
television.enable = true;
};
secrets.enable = true;
};
# Desktop features (new namespace)
desktop = {
wm = {
hyprland.enable = false;
rofi.enable = true;
wayland.enable = false;
};
apps = {
obsidian.enable = true;
office.enable = false;
crypto.enable = false;
};
theme = {
fonts.enable = true;
wallpapers.enable = false;
};
};
# Coding environment
coding = {
editors = {
neovim.enable = true;
zed.enable = true;
};
lsp.enable = true;
};
# Media profile features
profiles.media = {
obs.enable = false;
ffmpeg.enable = false;
kdenlive.enable = false;
ytDlp.enable = true;
};
xdg = {
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
defaultApplications = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"application/md" = ["dev.zed.Zed.desktop"];
"application/text" = ["dev.zed.Zed.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
};
};
}
# Host-specific Hyprland layout — only applies when hyprland is enabled
(mkIf config.desktop.wm.hyprland.enable {
wayland.windowManager.hyprland = {
enable = true;
settings = {
monitor = [
"eDP-1,preferred,0x0,1.25"
"HDMI-A-1,preferred,2560x0,1"
];
workspace = [
"1, monitor:eDP-1, default:true"
"2, monitor:eDP-1"
"3, monitor:eDP-1"
"4, monitor:HDMI-A-1"
"5, monitor:HDMI-A-1,border:false,rounding:false"
"6, monitor:HDMI-A-1"
];
windowrule = [
"match:class dev.zed.Zed, workspace 1"
"match:class Msty, workspace 1"
"match:class ^(com.obsproject.Studio)$, workspace 2"
"match:class ^(brave-browser)$, workspace 4, opacity 1.0"
"match:class ^(vivaldi-stable)$, workspace 4, opacity 1.0"
"match:class ^steam_app_\\d+$, fullscreen on"
"match:class ^steam_app_\\d+$, workspace 5"
"match:class ^steam_app_\\d+$, idle_inhibit focus"
];
};
};
})
];
}
home/m3tam3re/m3-helios.nix
-25
View File
@@ -1,25 +0,0 @@
# m3-helios — AdGuard DNS and internal routing server.
# Context: server | Profiles: (none)
{lib, ...}: let
homeLib = import ../lib {inherit lib;};
in {
imports = [
(homeLib.mkHomeConfig {
profiles = [];
context = "server";
})
./home-server.nix
];
# Base CLI tools (new namespace)
base = {
shell = {
fish.enable = true;
starship.enable = true;
};
cliTools = {
fzf.enable = true;
nitch.enable = true;
};
};
}
home/m3tam3re/m3-hermes.nix
-25
View File
@@ -1,25 +0,0 @@
# m3-hermes — secondary server.
# Context: server | Profiles: (none)
{lib, ...}: let
homeLib = import ../lib {inherit lib;};
in {
imports = [
(homeLib.mkHomeConfig {
profiles = [];
context = "server";
})
./home-server.nix
];
# Base CLI tools (new namespace)
base = {
shell = {
fish.enable = true;
starship.enable = true;
};
cliTools = {
fzf.enable = true;
nitch.enable = true;
};
};
}
home/m3tam3re/m3-kratos.nix
-138
View File
@@ -1,138 +0,0 @@
# m3-kratos — AMD desktop workstation.
# Context: desktop | Profiles: coding, gaming, media
{
config,
lib,
...
}: let
homeLib = import ../lib {inherit lib;};
in
with lib; {
imports = [
(homeLib.mkHomeConfig {
profiles = ["coding" "gaming" "media"];
context = "desktop";
})
./home.nix
];
config = mkMerge [
{
# Base CLI tools (new namespace)
base = {
shell = {
nushell.enable = true;
starship.enable = true;
};
cliTools = {
fzf.enable = true;
nitch.enable = true;
television.enable = true;
};
secrets.enable = true;
};
# Desktop features (new namespace)
desktop = {
wm = {
hyprland.enable = true;
rofi.enable = true;
wayland.enable = true;
};
apps = {
crypto.enable = true;
obsidian.enable = true;
office.enable = true;
};
theme = {
fonts.enable = true;
wallpapers.enable = true;
};
};
# Coding environment
coding = {
editors = {
neovim.enable = true;
zed.enable = true;
};
lsp.enable = true;
languages = {
python.enable = true;
javascript.enable = true;
rustToolchain.enable = true;
go.enable = true;
typescript.enable = true;
};
};
# Gaming profile features
profiles.gaming = {
steam.enable = true;
gamescope.enable = true;
};
# Media profile features
profiles.media = {
obs.enable = true;
ffmpeg.enable = true;
kdenlive.enable = true;
ytDlp.enable = true;
};
xdg = {
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
defaultApplications = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"application/md" = ["dev.zed.Zed.desktop"];
"application/text" = ["dev.zed.Zed.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
};
};
}
# Host-specific Hyprland monitor and workspace layout (dual 1440p monitors)
(mkIf config.desktop.wm.hyprland.enable {
wayland.windowManager.hyprland = {
enable = true;
settings = {
monitor = [
"DP-1,2560x1440@144,0x0,1"
"DP-2,2560x1440@144,2560x0,1"
];
workspace = [
"1, monitor:DP-1, default:true"
"2, monitor:DP-1"
"3, monitor:DP-1"
"4, monitor:DP-2"
"5, monitor:DP-2"
"6, monitor:DP-2"
"7, monitor:DP-2"
];
windowrule = [
"match:class dev.zed.Zed, workspace 1"
"match:class Msty, workspace 1"
"match:class ^(com.obsproject.Studio)$, workspace 2"
"match:class ^(brave-browser)$, workspace 4, opacity 1.0"
"match:class ^(vivaldi-stable)$, workspace 4, opacity 1.0"
"match:class ^steam_app_\\d+$, idle_inhibit focus"
];
};
};
})
];
}
home/m3tam3re/wallpapers/wallhaven-28kdom_2560x1440.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.3 MiB

home/m3tam3re/wallpapers/wallhaven-8o8y5o_2560x1440.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 5.4 MiB

home/m3tam3re/wallpapers/wallhaven-k72v6q_2560x1440.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 6.7 MiB

home/m3tam3re/wallpapers/wallhaven-l3o7j2_2560x1440.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.5 MiB

home/m3tam3re/wallpapers/wallhaven-lmmo8r.jpg
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.3 MiB

home/profiles/gaming/default.nix
-8
View File
@@ -1,8 +0,0 @@
# Gaming profile aggregator — Steam platform, Gamescope session, and AMD GPU tools.
{...}: {
imports = [
./steam.nix
./gamescope.nix
./gpu.nix
];
}
home/profiles/gaming/gamescope.nix
-16
View File
@@ -1,16 +0,0 @@
# Gamescope — Valve's micro-compositor for Steam gaming sessions.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.profiles.gaming.gamescope;
in {
options.profiles.gaming.gamescope.enable = mkEnableOption "enable Gamescope session";
config = mkIf cfg.enable {
home.packages = [pkgs.gamescope];
};
}
home/profiles/gaming/gpu.nix
-21
View File
@@ -1,21 +0,0 @@
# AMD GPU tools — ROCm runtime, monitoring, and Vulkan utilities for gaming.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.profiles.gaming.gpu;
in {
options.profiles.gaming.gpu.enable = mkEnableOption "enable AMD GPU tools";
config = mkIf cfg.enable {
home.packages = with pkgs; [
rocmPackages.rocm-runtime
rocmPackages.rocm-smi
rocmPackages.rocminfo
vulkan-tools
];
};
}
home/profiles/gaming/steam.nix
-21
View File
@@ -1,21 +0,0 @@
# Steam gaming platform with Steam Deck compatibility tools and gaming utilities.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.profiles.gaming.steam;
in {
options.profiles.gaming.steam.enable = mkEnableOption "enable Steam gaming";
config = mkIf cfg.enable {
home.packages = with pkgs; [
gamemode
goverlay
mangohud
protonplus
];
};
}
home/profiles/media/default.nix
-10
View File
@@ -1,10 +0,0 @@
# Media profile aggregator — OBS, FFmpeg, yt-dlp, Kdenlive, and HandBrake.
{...}: {
imports = [
./obs.nix
./ffmpeg.nix
./yt-dlp.nix
./kdenlive.nix
./handbrake.nix
];
}
home/profiles/media/ffmpeg.nix
-24
View File
@@ -1,24 +0,0 @@
# FFmpeg — full-featured multimedia processing toolchain.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.profiles.media.ffmpeg;
in {
options.profiles.media.ffmpeg.enable = mkEnableOption "enable FFmpeg tools";
config = mkIf cfg.enable {
home.packages = with pkgs; [
amf
ffmpeg_6-full
gst_all_1.gstreamer
gst_all_1.gst-vaapi
pamixer
pavucontrol
qpwgraph
];
};
}
home/profiles/media/handbrake.nix
-21
View File
@@ -1,21 +0,0 @@
# HandBrake — open-source video transcoder.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.profiles.media.handbrake;
in {
options.profiles.media.handbrake.enable = mkEnableOption "enable HandBrake transcoder";
config = mkIf cfg.enable {
home.packages = with pkgs; [
handbrake
gimp
inkscape
libation
];
};
}
home/profiles/media/kdenlive.nix
-16
View File
@@ -1,16 +0,0 @@
# Kdenlive — KDE non-linear video editor.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.profiles.media.kdenlive;
in {
options.profiles.media.kdenlive.enable = mkEnableOption "enable Kdenlive video editor";
config = mkIf cfg.enable {
home.packages = [pkgs.kdePackages.kdenlive];
};
}
home/profiles/media/obs.nix
-21
View File
@@ -1,21 +0,0 @@
# OBS Studio — open broadcaster software for streaming and recording.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.profiles.media.obs;
in {
options.profiles.media.obs.enable = mkEnableOption "enable OBS Studio";
config = mkIf cfg.enable {
home.packages = with pkgs; [
v4l-utils
];
# OBS is managed via NixOS programs.obs-studio at the system level.
# Home-manager only installs supporting tools.
};
}
home/profiles/media/yt-dlp.nix
-32
View File
@@ -1,32 +0,0 @@
# yt-dlp and media playback — YouTube downloader with MPV integration.
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.profiles.media.ytDlp;
in {
options.profiles.media.ytDlp.enable = mkEnableOption "enable yt-dlp and media playback";
config = mkIf cfg.enable {
home.packages = with pkgs; [
plexamp
unimatrix
webcord
];
programs.mpv = {
enable = true;
bindings = {
WHEEL_UP = "seek 10";
WHEEL_DOWN = "seek -10";
};
config = {
profile = "gpu-hq";
ytdl-format = "bestvideo+bestaudio";
};
};
};
}
home/server/default.nix
-6
View File
@@ -1,6 +0,0 @@
# Server context home-manager configuration — minimal headless setup.
# Loaded on server hosts: m3-atlas, m3-helios, m3-aether.
{...}: {
# Server hosts use the base and coding modules directly.
# No desktop environment or GUI applications.
}
hosts/common/default.nix
+3 -1
View File
@@ -18,9 +18,11 @@
environment.pathsToLink = ["/share/xdg-desktop-portal" "/share/applications"]; environment.pathsToLink = ["/share/xdg-desktop-portal" "/share/applications"];
home-manager = { home-manager = {
useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
extraSpecialArgs = { extraSpecialArgs = {
inherit inputs outputs system; inputs = inputs // {agents = null;};
inherit outputs system;
videoDrivers = config.services.xserver.videoDrivers or []; videoDrivers = config.services.xserver.videoDrivers or [];
}; };
}; };
hosts/common/ports.nix
+5
View File
@@ -39,6 +39,11 @@
outline = 3019; outline = 3019;
authentik = 3023; authentik = 3023;
tuwunel = 3024; tuwunel = 3024;
honcho = 3025;
# Agent infrastructure
hermes-api = 8642;
hermes-dashboard = 9119;
# Home automation # Home automation
homarr = 7575; homarr = 7575;

Some files were not shown because too many files have changed in this diff Show More